r19980: Implement pam account stack checks when obey pam restrictions is true.

It was missing for security=server/domain/ads Simo.
author: Simo Sorce <idra@samba.org> 2006-12-01 15:06:34 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 12:16:17 -0500
commit: 550f651499c22c3c11594a0a39061a8a9b438d82 (patch)
tree: 80b2e37edb6586368ed1f474ce84196e1ad6f6bd /source/auth/auth_domain.c
parent: defa0a352b32469984126ec5d47aab9ef8d6b61c (diff)
download: samba-550f651499c22c3c11594a0a39061a8a9b438d82.tar.gz
samba-550f651499c22c3c11594a0a39061a8a9b438d82.tar.xz
samba-550f651499c22c3c11594a0a39061a8a9b438d82.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/source/auth/auth_domain.c b/source/auth/auth_domain.c
index 8ad6329da98..6468c18cb0e 100644
--- a/source/auth/auth_domain.c
+++ b/source/auth/auth_domain.c
@@ -269,6 +269,17 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
 
 		if (NT_STATUS_IS_OK(nt_status)) {
 			(*server_info)->was_mapped |= user_info->was_mapped;
+
+			if ( ! (*server_info)->guest) {
+				/* if a real user check pam account restrictions */
+				/* only really perfomed if "obey pam restriction" is true */
+				nt_status = smb_pam_accountcheck((*server_info)->unix_name);
+				if (  !NT_STATUS_IS_OK(nt_status)) {
+					DEBUG(1, ("PAM account restriction prevents user login\n"));
+					cli_shutdown(cli);
+					return nt_status;
+				}
+			}
 		}
 
 		netsamlogon_cache_store( user_info->smb_name, &info3 );
author	Simo Sorce <idra@samba.org>	2006-12-01 15:06:34 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 12:16:17 -0500
commit	550f651499c22c3c11594a0a39061a8a9b438d82 (patch)
tree	80b2e37edb6586368ed1f474ce84196e1ad6f6bd /source/auth/auth_domain.c
parent	defa0a352b32469984126ec5d47aab9ef8d6b61c (diff)
download	samba-550f651499c22c3c11594a0a39061a8a9b438d82.tar.gz samba-550f651499c22c3c11594a0a39061a8a9b438d82.tar.xz samba-550f651499c22c3c11594a0a39061a8a9b438d82.zip