Add calls to password lockout functions. Should now work against tdbsam only.

diff --git a/source/auth/auth_sam.c b/source/auth/auth_sam.c
index ebb1e3d8614196a969ce1d6581d4f1f7636befb7..b35cc78d6b282ac21f4e180f8e0e2e2e4b1275f3 100644 (file)
--- a/source/auth/auth_sam.c
+++ b/source/auth/auth_sam.c
@@ -179,6 +179,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
        NTSTATUS nt_status;
        DATA_BLOB user_sess_key = data_blob(NULL, 0);
        DATA_BLOB lm_sess_key = data_blob(NULL, 0);
+       BOOL updated_autolock = False, updated_badpw = False;
 
        if (!user_info || !auth_context) {
                return NT_STATUS_UNSUCCESSFUL;
@@ -202,14 +203,51 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
                return NT_STATUS_NO_SUCH_USER;
        }
 
+       /* see if autolock flag needs to be updated */
+       if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL)
+               pdb_update_autolock_flag(sampass, &updated_autolock);
+       /* Quit if the account was locked out. */
+       if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) {
+               DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", pdb_get_username(sampass)));
+               return NT_STATUS_ACCOUNT_LOCKED_OUT;
+       }
+
        nt_status = sam_password_ok(auth_context, mem_ctx, sampass, 
                                    user_info, &user_sess_key, &lm_sess_key);
        
        if (!NT_STATUS_IS_OK(nt_status)) {
+               if (NT_STATUS_EQUAL(nt_status,NT_STATUS_WRONG_PASSWORD) && 
+                   pdb_get_acct_ctrl(sampass) &ACB_NORMAL) {  
+                       pdb_increment_bad_password_count(sampass);
+                       updated_badpw = True;
+               } else {
+                       pdb_update_bad_password_count(sampass, 
+                                                     &updated_badpw);
+               }
+               if (updated_autolock || updated_badpw){
+                       become_root();
+                       if(!pdb_update_sam_account(sampass))
+                               DEBUG(1, ("Failed to modify entry.\n"));
+                       unbecome_root();
+               }
                pdb_free_sam(&sampass);
                return nt_status;
        }
 
+       if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) && 
+           (pdb_get_bad_password_count(sampass) > 0)){
+               pdb_set_bad_password_count(sampass, 0, PDB_CHANGED);
+               pdb_set_bad_password_time(sampass, 0, PDB_CHANGED);
+               updated_badpw = True;
+       }
+
+       if (updated_autolock || updated_badpw){
+               become_root();
+               if(!pdb_update_sam_account(sampass))
+                       DEBUG(1, ("Failed to modify entry.\n"));
+               unbecome_root();
+       }
+
        nt_status = sam_account_ok(mem_ctx, sampass, user_info);
 
        if (!NT_STATUS_IS_OK(nt_status)) {