summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2010-08-18 18:16:24 +0200
committerVolker Lendecke <vl@samba.org>2010-08-19 11:54:36 +0200
commitba706d696b8fb14b8d449cd198d982eef18e4320 (patch)
tree1763bbe11f5345a9998946e25f67b5998167b8b2
parent89899f55dc1fb137a0adfd734c87b65039f598a4 (diff)
downloadsamba-ba706d696b8fb14b8d449cd198d982eef18e4320.tar.gz
samba-ba706d696b8fb14b8d449cd198d982eef18e4320.tar.bz2
samba-ba706d696b8fb14b8d449cd198d982eef18e4320.zip
s3: Remove smb_pam_accountcheck from the auth modules
We go through the same check in auth/auth.c line 287 after the module has done its job. So we don't have to do that check twice.
-rw-r--r--source3/auth/auth_domain.c17
-rw-r--r--source3/auth/auth_server.c10
-rw-r--r--source3/auth/auth_unix.c9
3 files changed, 4 insertions, 32 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index 445aff51bb..cac482c3d0 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -342,22 +342,9 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
if (NT_STATUS_IS_OK(nt_status)) {
(*server_info)->nss_token |= user_info->was_mapped;
-
- if ( ! (*server_info)->guest) {
- /* if a real user check pam account restrictions */
- /* only really perfomed if "obey pam restriction" is true */
- nt_status = smb_pam_accountcheck((*server_info)->unix_name);
- if ( !NT_STATUS_IS_OK(nt_status)) {
- DEBUG(1, ("PAM account restriction prevents user login\n"));
- cli_shutdown(cli);
- TALLOC_FREE(info3);
- return nt_status;
- }
- }
+ netsamlogon_cache_store(user_info->client.account_name, info3);
+ TALLOC_FREE(info3);
}
-
- netsamlogon_cache_store(user_info->client.account_name, info3);
- TALLOC_FREE(info3);
}
/* Note - once the cli stream is shutdown the mem_ctx used
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c
index b5954e6a4d..4ce0336ccc 100644
--- a/source3/auth/auth_server.c
+++ b/source3/auth/auth_server.c
@@ -435,15 +435,7 @@ use this machine as the password server.\n"));
if ( (pass = smb_getpwnam( NULL, user_info->mapped.account_name,
real_username, True )) != NULL )
{
- /* if a real user check pam account restrictions */
- /* only really perfomed if "obey pam restriction" is true */
- nt_status = smb_pam_accountcheck(pass->pw_name);
- if ( !NT_STATUS_IS_OK(nt_status)) {
- DEBUG(1, ("PAM account restriction prevents user login\n"));
- } else {
-
- nt_status = make_server_info_pw(server_info, pass->pw_name, pass);
- }
+ nt_status = make_server_info_pw(server_info, pass->pw_name, pass);
TALLOC_FREE(pass);
}
else
diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c
index 8668a2f579..c50ac78ee4 100644
--- a/source3/auth/auth_unix.c
+++ b/source3/auth/auth_unix.c
@@ -54,14 +54,7 @@ static NTSTATUS check_unix_security(const struct auth_context *auth_context,
if (NT_STATUS_IS_OK(nt_status)) {
if (pass) {
- /* if a real user check pam account restrictions */
- /* only really perfomed if "obey pam restriction" is true */
- nt_status = smb_pam_accountcheck(pass->pw_name);
- if ( !NT_STATUS_IS_OK(nt_status)) {
- DEBUG(1, ("PAM account restriction prevents user login\n"));
- } else {
- make_server_info_pw(server_info, pass->pw_name, pass);
- }
+ make_server_info_pw(server_info, pass->pw_name, pass);
} else {
/* we need to do somthing more useful here */
nt_status = NT_STATUS_NO_SUCH_USER;