s3-passdb: Try to unlock the account if it is locked out

Andrew Bartlett abartlet at samba.org
Tue Aug 31 15:03:38 MDT 2010

On Tue, 2010-08-31 at 11:16 -0400, Jim McDonough wrote:
> On Mon, Aug 30, 2010 at 10:44 AM, Simo Sorce <idra at samba.org> wrote:
> > The branch, master has been updated
> >       via  20e7b4e s3-auth: The unlock of the account is now done by the get_sampwnam call.
> >       via  c5cfad1 s3-passdb: Try to unlock the account if it is locked out.
> >       via  2ab0b63 s3-passdb: Added a pdb_try_account_unlock function.
> >       via  9dd7e7f s3-auth: Use SamInfo3_for_guest to create guest server_info.
> >      from  5f419ea packaging: Build with -O3
> >
> The account locking code is hereby yours!!!
> /me runs and hides from bmarsh

I'm a little worried by these changes, because we only just finished
removing the magic from passdb that did unexpected things behind
ordinary-looking interfaces.  (That is, the calls out to sid_to_gid() in
the set_primary_group_id() wrapper.)

Is it really the best idea for a read operation 'get_smbpwnam()' to make
write calls to the database?

Andrew Bartlett
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100901/5cab0b2a/attachment.pgp>

More information about the samba-technical mailing list