diff options
author | Tim Potter <tpot@samba.org> | 2001-09-06 05:24:37 +0000 |
---|---|---|
committer | Tim Potter <tpot@samba.org> | 2001-09-06 05:24:37 +0000 |
commit | b31055fa74571b9dadd209633ac4547f4ac8368d (patch) | |
tree | b8d1d750aaf8f596f0309bcfb0c7668da8218047 /source3/rpc_server | |
parent | e3d79bb0c8c35c309125b0886399b31c6407a099 (diff) | |
download | samba-b31055fa74571b9dadd209633ac4547f4ac8368d.tar.gz samba-b31055fa74571b9dadd209633ac4547f4ac8368d.tar.bz2 samba-b31055fa74571b9dadd209633ac4547f4ac8368d.zip |
Logon workstation checks from Toomas Soome <tsoome@ut.ee>
Fixed compile warning.
(This used to be commit 3eee66516596835c70c8d652ca633d2e1158fbb7)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r-- | source3/rpc_server/srv_netlog_nt.c | 51 |
1 files changed, 42 insertions, 9 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 1a2ef02f2c..455f8d8be5 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -79,7 +79,7 @@ NTSTATUS _net_logon_ctrl(pipes_struct *p, NET_Q_LOGON_CTRL *q_u, /**************************************************************************** Send a message to smbd to do a sam synchronisation **************************************************************************/ -static void send_sync_message() +static void send_sync_message(void) { TDB_CONTEXT *tdb; @@ -599,8 +599,9 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * SAM_ACCOUNT *sampass = NULL; UNISTR2 *uni_samlogon_user = NULL; UNISTR2 *uni_samlogon_domain = NULL; - fstring nt_username; - fstring nt_domain; + UNISTR2 *uni_samlogon_workstation = NULL; + fstring nt_username, nt_domain, nt_workstation; + BOOL ret; usr_info = (NET_USER_INFO_3 *)talloc(p->mem_ctx, sizeof(NET_USER_INFO_3)); @@ -633,12 +634,14 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * case INTERACTIVE_LOGON_TYPE: uni_samlogon_user = &q_u->sam_id.ctr->auth.id1.uni_user_name; uni_samlogon_domain = &q_u->sam_id.ctr->auth.id1.uni_domain_name; + uni_samlogon_workstation = &q_u->sam_id.ctr->auth.id1.uni_wksta_name; DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup())); break; case NET_LOGON_TYPE: uni_samlogon_user = &q_u->sam_id.ctr->auth.id2.uni_user_name; uni_samlogon_domain = &q_u->sam_id.ctr->auth.id2.uni_domain_name; + uni_samlogon_workstation = &q_u->sam_id.ctr->auth.id2.uni_wksta_name; DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", lp_workgroup())); break; @@ -651,8 +654,10 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * rpcstr_pull(nt_username,uni_samlogon_user->buffer,sizeof(nt_username),uni_samlogon_user->uni_str_len*2,0); rpcstr_pull(nt_domain,uni_samlogon_domain->buffer,sizeof(nt_domain),uni_samlogon_domain->uni_str_len*2,0); + rpcstr_pull(nt_workstation,uni_samlogon_workstation->buffer,sizeof(nt_workstation),uni_samlogon_workstation->uni_str_len*2,0); - DEBUG(3,("User:[%s] Requested Domain:[%s]\n", nt_username, nt_domain)); + DEBUG(3,("User:[%s@%s] Requested Domain:[%s]\n", nt_username, + nt_workstation, nt_domain)); /* * Convert to a UNIX username. @@ -676,15 +681,43 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * ret = pdb_getsampwnam(sampass, nt_username); unbecome_root(); - if (ret == False){ + if (ret == False) { pdb_free_sam(sampass); return NT_STATUS_NO_SUCH_USER; } + + /* Test account expire time */ + + if (time(NULL) > sampass->kickoff_time) + return NT_STATUS_ACCOUNT_EXPIRED; + + /* Test workstation. Workstation list is comma separated. */ + + if (sampass->workstations && *sampass->workstations) { + char *s = strdup(sampass->workstations); + BOOL invalid_ws = True; + fstring tok; + + while(next_token(&s, tok, ",", sizeof(tok))) { + if(strequal(tok, nt_workstation)) { + invalid_ws = False; + break; + } + } + + free(s); + + if (invalid_ws) + return NT_STATUS_INVALID_WORKSTATION; + } + + /* Test logon hours. */ + + /* Test must change password. */ - /* lkclXXXX this is the point at which, if the login was - successful, that the SAM Local Security Authority should - record that the user is logged in to the domain. - */ + /* This is the point at which, if the login was successful, that + the SAM Local Security Authority should record that the user is + logged in to the domain. */ { DOM_GID *gids = NULL; |