lm_pw, nt_pw, user_sess_key, lm_sess_key);
}
+/****************************************************************************
+ Check if a user is allowed to logon at this time. Note this is the
+ servers local time, as logon hours are just specified as a weekly
+ bitmask.
+****************************************************************************/
+
+static BOOL logon_hours_ok(SAM_ACCOUNT *sampass)
+{
+ /* In logon hours first bit is Sunday from 12AM to 1AM */
+ extern struct timeval smb_last_time;
+ const uint8 *hours;
+ struct tm *utctime;
+ uint8 bitmask, bitpos;
+
+ hours = pdb_get_hours(sampass);
+ if (!hours) {
+ DEBUG(5,("logon_hours_ok: No hours restrictions for user %s\n",pdb_get_username(sampass)));
+ return True;
+ }
+
+ utctime = localtime(&smb_last_time.tv_sec);
+
+ /* find the corresponding byte and bit */
+ bitpos = (utctime->tm_wday * 24 + utctime->tm_hour) % 168;
+ bitmask = 1 << (bitpos % 8);
+
+ if (! (hours[bitpos/8] & bitmask)) {
+ DEBUG(1,("logon_hours_ok: Account for user %s not allowed to logon at this time (UTC %s).\n",
+ pdb_get_username(sampass), asctime(utctime) ));
+ return False;
+ }
+
+ DEBUG(5,("logon_hours_ok: user %s allowed to logon at this time (UTC %s)\n",
+ pdb_get_username(sampass), asctime(utctime) ));
+
+ return True;
+}
/****************************************************************************
Do a specific test for a SAM_ACCOUNT being vaild for this connection
return NT_STATUS_ACCOUNT_LOCKED_OUT;
}
+ /* Quit if the account is not allowed to logon at this time. */
+ if (! logon_hours_ok(sampass)) {
+ return NT_STATUS_INVALID_LOGON_HOURS;
+ }
+
/* Test account expire time */
kickoff_time = pdb_get_kickoff_time(sampass);
projects / thirdparty / samba.git / commitdiff
