diff options
author | Andrew Bartlett <abartlet@samba.org> | 2001-09-26 13:11:22 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2001-09-26 13:11:22 +0000 |
commit | 865467c82f39a98afa3c65f25b7e24137f904e93 (patch) | |
tree | 5fced35667af0b41077d75047c834b6b0abba902 | |
parent | 71850be47edf5e1c3d36eec45c006a9f94c7f6ce (diff) | |
download | samba-865467c82f39a98afa3c65f25b7e24137f904e93.tar.gz samba-865467c82f39a98afa3c65f25b7e24137f904e93.tar.bz2 samba-865467c82f39a98afa3c65f25b7e24137f904e93.zip |
Process the workstation trust account code INSIDE the authenticaion subsystem,
just like any other logon. Matching code removal in reply.c to follow.
Andrew Bartlett
(This used to be commit da4873d889928e9bd88e736e26e4e77e87bcd931)
-rw-r--r-- | source3/auth/auth_sam.c | 25 | ||||
-rw-r--r-- | source3/smbd/auth_smbpasswd.c | 25 |
2 files changed, 40 insertions, 10 deletions
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 7a21c3111b..567414d1a2 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -215,15 +215,15 @@ NTSTATUS sam_account_ok(SAM_ACCOUNT *sampass, const auth_usersupplied_info *user if (kickoff_time != (time_t)-1) { if (time(NULL) > kickoff_time) { DEBUG(1,("Account for user '%s' has expried.\n", sampass->username)); - DEBUG(3,("Account expired at '%d' unix time.\n", kickoff_time)); + DEBUG(3,("Account expired at '%ld' unix time.\n", (long)kickoff_time)); return NT_STATUS_ACCOUNT_EXPIRED; } } - + /* Test workstation. Workstation list is comma separated. */ - + workstation_list = strdup(pdb_get_workstations(sampass)); - + if (workstation_list) { if (*workstation_list) { BOOL invalid_ws = True; @@ -259,10 +259,25 @@ NTSTATUS sam_account_ok(SAM_ACCOUNT *sampass, const auth_usersupplied_info *user if (must_change_time != (time_t)-1 && must_change_time < time(NULL)) { DEBUG(1,("Account for user '%s' password expired!.\n", sampass->username)); - DEBUG(1,("Password expired at '%d' unix time.\n", must_change_time)); + DEBUG(1,("Password expired at '%ld' unix time.\n", (long)must_change_time)); return NT_STATUS_PASSWORD_EXPIRED; } } + + if (acct_ctrl & ACB_DOMTRUST) { + DEBUG(0,("session_trust_account: Domain trust account %s denied by server\n", sampass->username)); + return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT; + } + + if (acct_ctrl & ACB_SVRTRUST) { + DEBUG(0,("session_trust_account: Server trust account %s denied by server\n", sampass->username)); + return NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT; + } + + if (acct_ctrl & ACB_WSTRUST) { + DEBUG(4,("session_trust_account: Wksta trust account %s denied by server\n", sampass->username)); + return NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT; + } return NT_STATUS_OK; } diff --git a/source3/smbd/auth_smbpasswd.c b/source3/smbd/auth_smbpasswd.c index 7a21c3111b..567414d1a2 100644 --- a/source3/smbd/auth_smbpasswd.c +++ b/source3/smbd/auth_smbpasswd.c @@ -215,15 +215,15 @@ NTSTATUS sam_account_ok(SAM_ACCOUNT *sampass, const auth_usersupplied_info *user if (kickoff_time != (time_t)-1) { if (time(NULL) > kickoff_time) { DEBUG(1,("Account for user '%s' has expried.\n", sampass->username)); - DEBUG(3,("Account expired at '%d' unix time.\n", kickoff_time)); + DEBUG(3,("Account expired at '%ld' unix time.\n", (long)kickoff_time)); return NT_STATUS_ACCOUNT_EXPIRED; } } - + /* Test workstation. Workstation list is comma separated. */ - + workstation_list = strdup(pdb_get_workstations(sampass)); - + if (workstation_list) { if (*workstation_list) { BOOL invalid_ws = True; @@ -259,10 +259,25 @@ NTSTATUS sam_account_ok(SAM_ACCOUNT *sampass, const auth_usersupplied_info *user if (must_change_time != (time_t)-1 && must_change_time < time(NULL)) { DEBUG(1,("Account for user '%s' password expired!.\n", sampass->username)); - DEBUG(1,("Password expired at '%d' unix time.\n", must_change_time)); + DEBUG(1,("Password expired at '%ld' unix time.\n", (long)must_change_time)); return NT_STATUS_PASSWORD_EXPIRED; } } + + if (acct_ctrl & ACB_DOMTRUST) { + DEBUG(0,("session_trust_account: Domain trust account %s denied by server\n", sampass->username)); + return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT; + } + + if (acct_ctrl & ACB_SVRTRUST) { + DEBUG(0,("session_trust_account: Server trust account %s denied by server\n", sampass->username)); + return NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT; + } + + if (acct_ctrl & ACB_WSTRUST) { + DEBUG(4,("session_trust_account: Wksta trust account %s denied by server\n", sampass->username)); + return NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT; + } return NT_STATUS_OK; } |