summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2001-09-26 13:11:22 +0000
committerAndrew Bartlett <abartlet@samba.org>2001-09-26 13:11:22 +0000
commit865467c82f39a98afa3c65f25b7e24137f904e93 (patch)
tree5fced35667af0b41077d75047c834b6b0abba902
parent71850be47edf5e1c3d36eec45c006a9f94c7f6ce (diff)
downloadsamba-865467c82f39a98afa3c65f25b7e24137f904e93.tar.gz
samba-865467c82f39a98afa3c65f25b7e24137f904e93.tar.bz2
samba-865467c82f39a98afa3c65f25b7e24137f904e93.zip
Process the workstation trust account code INSIDE the authenticaion subsystem,
just like any other logon. Matching code removal in reply.c to follow. Andrew Bartlett (This used to be commit da4873d889928e9bd88e736e26e4e77e87bcd931)
-rw-r--r--source3/auth/auth_sam.c25
-rw-r--r--source3/smbd/auth_smbpasswd.c25
2 files changed, 40 insertions, 10 deletions
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index 7a21c3111b..567414d1a2 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -215,15 +215,15 @@ NTSTATUS sam_account_ok(SAM_ACCOUNT *sampass, const auth_usersupplied_info *user
if (kickoff_time != (time_t)-1) {
if (time(NULL) > kickoff_time) {
DEBUG(1,("Account for user '%s' has expried.\n", sampass->username));
- DEBUG(3,("Account expired at '%d' unix time.\n", kickoff_time));
+ DEBUG(3,("Account expired at '%ld' unix time.\n", (long)kickoff_time));
return NT_STATUS_ACCOUNT_EXPIRED;
}
}
-
+
/* Test workstation. Workstation list is comma separated. */
-
+
workstation_list = strdup(pdb_get_workstations(sampass));
-
+
if (workstation_list) {
if (*workstation_list) {
BOOL invalid_ws = True;
@@ -259,10 +259,25 @@ NTSTATUS sam_account_ok(SAM_ACCOUNT *sampass, const auth_usersupplied_info *user
if (must_change_time != (time_t)-1 && must_change_time < time(NULL)) {
DEBUG(1,("Account for user '%s' password expired!.\n", sampass->username));
- DEBUG(1,("Password expired at '%d' unix time.\n", must_change_time));
+ DEBUG(1,("Password expired at '%ld' unix time.\n", (long)must_change_time));
return NT_STATUS_PASSWORD_EXPIRED;
}
}
+
+ if (acct_ctrl & ACB_DOMTRUST) {
+ DEBUG(0,("session_trust_account: Domain trust account %s denied by server\n", sampass->username));
+ return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT;
+ }
+
+ if (acct_ctrl & ACB_SVRTRUST) {
+ DEBUG(0,("session_trust_account: Server trust account %s denied by server\n", sampass->username));
+ return NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT;
+ }
+
+ if (acct_ctrl & ACB_WSTRUST) {
+ DEBUG(4,("session_trust_account: Wksta trust account %s denied by server\n", sampass->username));
+ return NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT;
+ }
return NT_STATUS_OK;
}
diff --git a/source3/smbd/auth_smbpasswd.c b/source3/smbd/auth_smbpasswd.c
index 7a21c3111b..567414d1a2 100644
--- a/source3/smbd/auth_smbpasswd.c
+++ b/source3/smbd/auth_smbpasswd.c
@@ -215,15 +215,15 @@ NTSTATUS sam_account_ok(SAM_ACCOUNT *sampass, const auth_usersupplied_info *user
if (kickoff_time != (time_t)-1) {
if (time(NULL) > kickoff_time) {
DEBUG(1,("Account for user '%s' has expried.\n", sampass->username));
- DEBUG(3,("Account expired at '%d' unix time.\n", kickoff_time));
+ DEBUG(3,("Account expired at '%ld' unix time.\n", (long)kickoff_time));
return NT_STATUS_ACCOUNT_EXPIRED;
}
}
-
+
/* Test workstation. Workstation list is comma separated. */
-
+
workstation_list = strdup(pdb_get_workstations(sampass));
-
+
if (workstation_list) {
if (*workstation_list) {
BOOL invalid_ws = True;
@@ -259,10 +259,25 @@ NTSTATUS sam_account_ok(SAM_ACCOUNT *sampass, const auth_usersupplied_info *user
if (must_change_time != (time_t)-1 && must_change_time < time(NULL)) {
DEBUG(1,("Account for user '%s' password expired!.\n", sampass->username));
- DEBUG(1,("Password expired at '%d' unix time.\n", must_change_time));
+ DEBUG(1,("Password expired at '%ld' unix time.\n", (long)must_change_time));
return NT_STATUS_PASSWORD_EXPIRED;
}
}
+
+ if (acct_ctrl & ACB_DOMTRUST) {
+ DEBUG(0,("session_trust_account: Domain trust account %s denied by server\n", sampass->username));
+ return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT;
+ }
+
+ if (acct_ctrl & ACB_SVRTRUST) {
+ DEBUG(0,("session_trust_account: Server trust account %s denied by server\n", sampass->username));
+ return NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT;
+ }
+
+ if (acct_ctrl & ACB_WSTRUST) {
+ DEBUG(4,("session_trust_account: Wksta trust account %s denied by server\n", sampass->username));
+ return NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT;
+ }
return NT_STATUS_OK;
}