diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2001-09-16 06:35:35 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2001-09-16 06:35:35 +0000 |
| commit | dec3cbcaf097a3d6fab9359e001279447a5f4def (patch) | |
| tree | 6bfdbdcf71359c9126cc9c2d934e90a3d35106d9 /source3/auth/auth_sam.c | |
| parent | 9bae3609ac791b7cccdddc2cba4431d78eff60ef (diff) | |
| download | samba-dec3cbcaf097a3d6fab9359e001279447a5f4def.tar.gz samba-dec3cbcaf097a3d6fab9359e001279447a5f4def.tar.bz2 samba-dec3cbcaf097a3d6fab9359e001279447a5f4def.zip | |
Fix up workstaion and kickoff time checks, moved to auth_smbpasswd.c where
they can have general effect.
Fixed up workstaion support in the rest of samba, so that we can do these
checks.
Pass through the workstation for cli_net_logon(), if supplied.
(This used to be commit 7f04a139b2ee34b4c282590509cdf21395815a7a)
Diffstat (limited to 'source3/auth/auth_sam.c')
| -rw-r--r-- | source3/auth/auth_sam.c | 45 |
1 files changed, 42 insertions, 3 deletions
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 111a35e068..b61fde4206 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -112,9 +112,9 @@ static BOOL smb_pwd_check_ntlmv2(const uchar *password, size_t pwd_len, NTSTATUS smb_password_ok(SAM_ACCOUNT *sampass, const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info) { uint8 *nt_pw, *lm_pw; - uint16 acct_ctrl; - - acct_ctrl = pdb_get_acct_ctrl(sampass); + uint16 acct_ctrl = pdb_get_acct_ctrl(sampass); + char *workstation_list; + time_t kickoff_time; /* Quit if the account was disabled. */ if(acct_ctrl & ACB_DISABLED) { @@ -122,6 +122,45 @@ NTSTATUS smb_password_ok(SAM_ACCOUNT *sampass, const auth_usersupplied_info *use return(NT_STATUS_ACCOUNT_DISABLED); } + /* Test account expire time */ + + kickoff_time = pdb_get_kickoff_time(sampass); + if (kickoff_time != (time_t)-1) { + if (time(NULL) > kickoff_time) { + return NT_STATUS_ACCOUNT_EXPIRED; + } + } + + /* Test workstation. Workstation list is comma separated. */ + + workstation_list = strdup(pdb_get_workstations(sampass)); + + if (workstation_list) { + if (*workstation_list) { + BOOL invalid_ws = True; + char *s = workstation_list; + + fstring tok; + + while (next_token(&s, tok, ",", sizeof(tok))) { + DEBUG(10,("checking for workstation match %s and %s (len=%d)\n", + tok, user_info->wksta_name.str, user_info->wksta_name.len)); + if(strequal(tok, user_info->wksta_name.str)) { + invalid_ws = False; + break; + } + } + + free(workstation_list); + if (invalid_ws) + return NT_STATUS_INVALID_WORKSTATION; + } else { + free(workstation_list); + } + } else { + return NT_STATUS_NO_MEMORY; + } + if (acct_ctrl & ACB_PWNOTREQ) { if (lp_null_passwords()) |