From: Jeremy Allison <jra@samba.org>
Date: Thu, 12 Aug 2004 18:20:02 +0000 (+0000)
Subject: r1778: Fix based on code from Richard Renard <rrenard@idealx.com> to
X-Git-Tag: samba-misc-tags/initial-v3-0-unstable~5925
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9ce273ed662bd34987eaeedeeeb7cb1c99cd50a4;p=thirdparty%2Fsamba.git

r1778: Fix based on code from Richard Renard <rrenard@idealx.com> to
enforce logon hours. ldap fixes to follow.
Jeremy.
---

diff --git a/source/auth/auth_sam.c b/source/auth/auth_sam.c
index 44e0a1810fe..0c59dbe049a 100644
--- a/source/auth/auth_sam.c
+++ b/source/auth/auth_sam.c
@@ -65,6 +65,43 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
 				   lm_pw, nt_pw, user_sess_key, lm_sess_key);
 }
 
+/****************************************************************************
+ Check if a user is allowed to logon at this time. Note this is the
+ servers local time, as logon hours are just specified as a weekly
+ bitmask.
+****************************************************************************/
+                                                                                                              
+static BOOL logon_hours_ok(SAM_ACCOUNT *sampass)
+{
+	/* In logon hours first bit is Sunday from 12AM to 1AM */
+	extern struct timeval smb_last_time;
+	const uint8 *hours;
+	struct tm *utctime;
+	uint8 bitmask, bitpos;
+
+	hours = pdb_get_hours(sampass);
+	if (!hours) {
+		DEBUG(5,("logon_hours_ok: No hours restrictions for user %s\n",pdb_get_username(sampass)));
+		return True;
+	}
+
+	utctime = localtime(&smb_last_time.tv_sec);
+
+	/* find the corresponding byte and bit */
+	bitpos = (utctime->tm_wday * 24 + utctime->tm_hour) % 168;
+	bitmask = 1 << (bitpos % 8);
+
+	if (! (hours[bitpos/8] & bitmask)) {
+		DEBUG(1,("logon_hours_ok: Account for user %s not allowed to logon at this time (UTC %s).\n",
+			pdb_get_username(sampass), asctime(utctime) ));
+		return False;
+	}
+
+	DEBUG(5,("logon_hours_ok: user %s allowed to logon at this time (UTC %s)\n",
+		pdb_get_username(sampass), asctime(utctime) ));
+
+	return True;
+}
 
 /****************************************************************************
  Do a specific test for a SAM_ACCOUNT being vaild for this connection 
@@ -93,6 +130,11 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
 		return NT_STATUS_ACCOUNT_LOCKED_OUT;
 	}
 
+	/* Quit if the account is not allowed to logon at this time. */
+	if (! logon_hours_ok(sampass)) {
+		return NT_STATUS_INVALID_LOGON_HOURS;
+	}
+
 	/* Test account expire time */
 	
 	kickoff_time = pdb_get_kickoff_time(sampass);