s3-winbind: BUG 8166 - Don't lockout users when offline.

Windows does not track bad password attempts when offline.  We were locking users out but not honoring the lockout duration.

Autobuild-User: Jim McDonough <jmcd@samba.org>
Autobuild-Date: Wed May 25 18:11:10 CEST 2011 on sn-devel-104

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index e1422e5cced124d0496ec375815b74e9e1e20f81..e5ad2e00b0023b334502e5e3819c0368bb06a3a8 100644 (file)
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -993,7 +993,10 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
 
        }
 
-       /* User does *NOT* know the correct password, modify info3 accordingly */
+       /* User does *NOT* know the correct password, modify info3 accordingly, but only if online */
+       if (domain->online == false) {
+               goto failed;
+       }
 
        /* failure of this is not critical */
        result = get_max_bad_attempts_from_lockout_policy(domain, state->mem_ctx, &max_allowed_bad_attempts);