From e507a836179080cc9efded6afb883996042a6445 Mon Sep 17 00:00:00 2001
From: Jim McDonough <jmcd@samba.org>
Date: Thu, 19 Feb 2004 18:35:43 +0000
Subject: [PATCH] Add bad pw count and autolock flag update fn()s (This used to
 be commit 600fcd534b6e101b6a12774946b0e9814c6f54a8)

---
 source3/passdb/passdb.c | 129 +++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 127 insertions(+), 2 deletions(-)

diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index ddba4c68978..86e3af4a2a1 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -1395,7 +1395,7 @@ BOOL init_sam_from_buffer_v0(SAM_ACCOUNT *sampass, uint8 *buf, uint32 buflen)
 		&logon_count,
 		&unknown_6);
 		
-	if (len == -1)  {
+	if (len == (uint32) -1)  {
 		ret = False;
 		goto done;
 	}
@@ -1811,7 +1811,7 @@ BOOL init_sam_from_buffer_v1(SAM_ACCOUNT *sampass, uint8 *buf, uint32 buflen)
 		&logon_count,
 		&unknown_6);
 		
-	if (len == -1)  {
+	if (len == (uint32) -1)  {
 		ret = False;
 		goto done;
 	}
@@ -2198,3 +2198,128 @@ BOOL get_free_rid_range(uint32 *low, uint32 *high)
 
 	return True;
 }
+
+/*********************************************************************
+ Update the bad password count checking the AP_RESET_COUNT_TIME 
+*********************************************************************/
+
+BOOL pdb_update_bad_password_count(SAM_ACCOUNT *sampass, BOOL *updated)
+{
+	time_t LastBadPassword;
+	uint16 BadPasswordCount;
+	uint32 resettime; 
+
+	BadPasswordCount = pdb_get_bad_password_count(sampass);
+	if(BadPasswordCount > 0){
+		if (!account_policy_get(AP_RESET_COUNT_TIME, &resettime)) {
+			DEBUG(0, ("account_policy_get failed.\n"));
+			return False;
+		} else {
+			LastBadPassword = pdb_get_bad_password_time(sampass);
+			DEBUG(10, ("LastBadPassword=%d, resettime=%d.\n", 
+				   (uint32) LastBadPassword, resettime));
+			if (resettime && 
+			    (time(NULL) > (LastBadPassword + 
+					   (time_t)resettime*60))){
+				pdb_set_bad_password_count(sampass, 
+							   0, PDB_CHANGED);
+				pdb_set_bad_password_time(sampass, 0, 
+							  PDB_CHANGED);
+				*updated =True;
+			}		 		 
+		}
+	}
+	return True;
+}
+
+/*********************************************************************
+ Update the ACB_AUTOLOCK flag checking the AP_LOCK_ACCOUNT_DURATION 
+*********************************************************************/
+
+BOOL pdb_update_autolock_flag(SAM_ACCOUNT *sampass, BOOL *updated)
+{
+	uint32 duration;
+	time_t LastBadPassword;
+
+	if (!sampass)
+		return False;
+ 
+	if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) {
+		if (!account_policy_get(AP_LOCK_ACCOUNT_DURATION, 
+					&duration)) {
+			DEBUG(0, ("pdb_update_autolock_flag: account_policy_get failed.\n"));
+			return False;
+		} else {
+			LastBadPassword = pdb_get_bad_password_time(sampass);
+			DEBUG(10, ("LastBadPassword=%d, duration=%d.\n",
+				   (uint32) LastBadPassword, duration*60 ));
+			if (duration && 
+			    (time(NULL) > 
+			     (LastBadPassword + (time_t)duration*60))){
+				DEBUG(10, ("LastBadPassword=%d, duration=%d.\n",
+					   (uint32) LastBadPassword,
+					   duration*60 ));
+				pdb_set_acct_ctrl(sampass,
+						  pdb_get_acct_ctrl(sampass) & ~ACB_AUTOLOCK,
+						  PDB_CHANGED);
+				pdb_set_bad_password_count(sampass, 
+							   0, PDB_CHANGED);
+				pdb_set_bad_password_time(sampass, 0, 
+							  PDB_CHANGED);
+				*updated =True;
+			}		 		 
+		}
+	}
+
+	return True;
+}
+
+/*********************************************************************
+ Increment the bad_password_count 
+*********************************************************************/
+
+BOOL pdb_increment_bad_password_count(SAM_ACCOUNT *sampass)
+{
+	uint32 resettime;
+	uint32 account_policy_lockout;
+	time_t LastBadPassword;
+
+	if (!sampass)
+		return False;
+		 
+	if (!account_policy_get(AP_RESET_COUNT_TIME, &resettime)) {
+		DEBUG(0, ("account_policy_get failed.\n"));
+		return False;
+	} else {
+		LastBadPassword = pdb_get_bad_password_time(sampass);
+		DEBUG(10, ("LastBadPassword=%d, resettime=%d.\n", 
+			   (uint32) LastBadPassword, resettime));
+		DEBUG(10, ("time(null) = %d\n", (uint32) time(NULL)));
+		if ((resettime) && (LastBadPassword) &&
+		    (time(NULL) > (LastBadPassword + (time_t)resettime*60))){
+			pdb_set_bad_password_count(sampass, 1, PDB_CHANGED);
+		} else {
+			pdb_set_bad_password_count(sampass, 
+						   pdb_get_bad_password_count(sampass)+1,
+						   PDB_CHANGED);
+		}
+		pdb_set_bad_password_time(sampass, time(NULL), PDB_CHANGED);
+
+		if (!account_policy_get(AP_BAD_ATTEMPT_LOCKOUT,
+					&account_policy_lockout)) {
+			DEBUG(0, ("account_policy_get failed.\n"));
+			return False;
+		} else {
+			if (account_policy_lockout && 
+			    (pdb_get_bad_password_count(sampass) >= account_policy_lockout)) {
+				if (!pdb_set_acct_ctrl (sampass,
+							pdb_get_acct_ctrl(sampass) |ACB_AUTOLOCK,
+							PDB_CHANGED)) {
+					DEBUG(1, ("pdb_increment_bad_password_count:failed to set 'autolock' flag. \n")); 
+					return False;
+				}
+			}
+		}		 		 
+		return True;
+	}
+}
-- 
2.11.4.GIT