Fix edge case in LDAP last_admin_unlock processing
authorGreg Hudson <ghudson@mit.edu>
Fri, 21 Jan 2011 05:00:53 +0000 (05:00 +0000)
committerGreg Hudson <ghudson@mit.edu>
Fri, 21 Jan 2011 05:00:53 +0000 (05:00 +0000)
In the LDAP KDB module, set appropriate flags when zeroing
entry->fail_auth_count due to an administrative unlock.

ticket: 6849
target_version: 1.9.1
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24601 dc483132-0cff-0310-8789-dd5450dbe970

src/plugins/kdb/ldap/libkdb_ldap/lockout.c

index 509c692e67c6edd172878597c391e482822d0b8a..a218dc7e024aa9a56647701ec1c32a409e11b7e5 100644 (file)
@@ -196,6 +196,7 @@ krb5_ldap_lockout_audit(krb5_context context,
             entry->last_failed <= unlock_time) {
             /* Reset fail_auth_count after administrative unlock. */
             entry->fail_auth_count = 0;
+            entry->mask |= KADM5_FAIL_AUTH_COUNT;
         }
 
         if (failcnt_interval != 0 &&