diff options
author | Simo Sorce <idra@samba.org> | 2006-12-01 15:06:34 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:16:17 -0500 |
commit | 550f651499c22c3c11594a0a39061a8a9b438d82 (patch) | |
tree | 80b2e37edb6586368ed1f474ce84196e1ad6f6bd /source/auth/auth_domain.c | |
parent | defa0a352b32469984126ec5d47aab9ef8d6b61c (diff) | |
download | samba-550f651499c22c3c11594a0a39061a8a9b438d82.tar.gz samba-550f651499c22c3c11594a0a39061a8a9b438d82.tar.xz samba-550f651499c22c3c11594a0a39061a8a9b438d82.zip |
r19980: Implement pam account stack checks when obey pam restrictions is true.
It was missing for security=server/domain/ads
Simo.
Diffstat (limited to 'source/auth/auth_domain.c')
-rw-r--r-- | source/auth/auth_domain.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/source/auth/auth_domain.c b/source/auth/auth_domain.c index 8ad6329da98..6468c18cb0e 100644 --- a/source/auth/auth_domain.c +++ b/source/auth/auth_domain.c @@ -269,6 +269,17 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, if (NT_STATUS_IS_OK(nt_status)) { (*server_info)->was_mapped |= user_info->was_mapped; + + if ( ! (*server_info)->guest) { + /* if a real user check pam account restrictions */ + /* only really perfomed if "obey pam restriction" is true */ + nt_status = smb_pam_accountcheck((*server_info)->unix_name); + if ( !NT_STATUS_IS_OK(nt_status)) { + DEBUG(1, ("PAM account restriction prevents user login\n")); + cli_shutdown(cli); + return nt_status; + } + } } netsamlogon_cache_store( user_info->smb_name, &info3 ); |