This fixes the samba4.ldap.password_lockout.python test.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
NULL, /* check_transited_realms */
kdb_samba_db_check_policy_as, /* check_policy_as */
NULL, /* check_policy_tgs */
- NULL, /* audit_as_req */
+ kdb_samba_db_audit_as_req, /* audit_as_req */
NULL, /* refresh_config */
kdb_samba_db_check_allowed_to_delegate
};
krb5_const_principal client,
const krb5_db_entry *server,
krb5_const_principal proxy);
+
+void kdb_samba_db_audit_as_req(krb5_context kcontext,
+ krb5_kdc_req *request,
+ krb5_db_entry *client,
+ krb5_db_entry *server,
+ krb5_timestamp authtime,
+ krb5_error_code error_code);
+
/* from kdb_samba_change_pwd.c */
krb5_error_code kdb_samba_change_pwd(krb5_context context,
free(target_name);
return code;
}
+
+void kdb_samba_db_audit_as_req(krb5_context context,
+ krb5_kdc_req *request,
+ krb5_db_entry *client,
+ krb5_db_entry *server,
+ krb5_timestamp authtime,
+ krb5_error_code error_code)
+{
+ struct mit_samba_context *mit_ctx;
+
+ mit_ctx = ks_get_context(context);
+ if (mit_ctx == NULL) {
+ return;
+ }
+
+ switch (error_code) {
+ case 0:
+ mit_samba_zero_bad_password_count(client);
+ break;
+ case KRB5KDC_ERR_PREAUTH_FAILED:
+ case KRB5KRB_AP_ERR_BAD_INTEGRITY:
+ mit_samba_update_bad_password_count(client);
+ break;
+ }
+}