diff options
| author | Simo Sorce <idra@samba.org> | 2006-12-01 15:06:34 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:16:17 -0500 |
| commit | cb0402c2d3941a813e33b2b5e07c54b9ff644ca4 (patch) | |
| tree | 799a448568dc233247089b8068bd119d9c3f65b7 /source3/auth/auth_unix.c | |
| parent | ef8d6bf5f700dcfeec7919203da9c357c4f21e3f (diff) | |
| download | samba-cb0402c2d3941a813e33b2b5e07c54b9ff644ca4.tar.gz samba-cb0402c2d3941a813e33b2b5e07c54b9ff644ca4.tar.bz2 samba-cb0402c2d3941a813e33b2b5e07c54b9ff644ca4.zip | |
r19980: Implement pam account stack checks when obey pam restrictions is true.
It was missing for security=server/domain/ads
Simo.
(This used to be commit 550f651499c22c3c11594a0a39061a8a9b438d82)
Diffstat (limited to 'source3/auth/auth_unix.c')
| -rw-r--r-- | source3/auth/auth_unix.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c index efe5203b23..837c932365 100644 --- a/source3/auth/auth_unix.c +++ b/source3/auth/auth_unix.c @@ -110,7 +110,14 @@ static NTSTATUS check_unix_security(const struct auth_context *auth_context, if (NT_STATUS_IS_OK(nt_status)) { if (pass) { - make_server_info_pw(server_info, pass->pw_name, pass); + /* if a real user check pam account restrictions */ + /* only really perfomed if "obey pam restriction" is true */ + nt_status = smb_pam_accountcheck(pass->pw_name); + if ( !NT_STATUS_IS_OK(nt_status)) { + DEBUG(1, ("PAM account restriction prevents user login\n")); + } else { + make_server_info_pw(server_info, pass->pw_name, pass); + } } else { /* we need to do somthing more useful here */ nt_status = NT_STATUS_NO_SUCH_USER; |