r11370: Samba4 now passes it's own RPC-SAMLOGON test again.

This avoids the nasty user@DOMAIN test for now, as it has very odd semantics with NTLMv2. Allow only user accounts to do an interactive login. Andrew Bartlett (This used to be commit 690cad8083e176b2e58fc243a11a003a78ce4074)
author: Andrew Bartlett <abartlet@samba.org> 2005-10-28 11:20:48 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 13:45:27 -0500
commit: 546f63df5b214a1419069887ecfd9118aae8030a (patch)
tree: 62e68bfa8708780546ccc28ac16f8f4ff1448c98 /source4/auth/auth_sam.c
parent: 134b2488c82ae13392121f71e4960178a38f3e01 (diff)
download: samba-546f63df5b214a1419069887ecfd9118aae8030a.tar.gz
samba-546f63df5b214a1419069887ecfd9118aae8030a.tar.bz2
samba-546f63df5b214a1419069887ecfd9118aae8030a.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c
index e17eea8087..44609bb7f8 100644
--- a/source4/auth/auth_sam.c
+++ b/source4/auth/auth_sam.c
@@ -370,6 +370,13 @@ static NTSTATUS authsam_authenticate(struct auth_context *auth_context,
 		return NT_STATUS_ACCOUNT_LOCKED_OUT;
 	}
 
+	/* You can only do an interactive login to normal accounts */
+	if (user_info->flags & USER_INFO_INTERACTIVE_LOGON) {
+		if (!(acct_flags & ACB_NORMAL)) {
+			return NT_STATUS_NO_SUCH_USER;
+		}
+	}
+
 	nt_status = samdb_result_passwords(mem_ctx, msgs[0], &lm_pwd, &nt_pwd);
 	NT_STATUS_NOT_OK_RETURN(nt_status);
author	Andrew Bartlett <abartlet@samba.org>	2005-10-28 11:20:48 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 13:45:27 -0500
commit	546f63df5b214a1419069887ecfd9118aae8030a (patch)
tree	62e68bfa8708780546ccc28ac16f8f4ff1448c98 /source4/auth/auth_sam.c
parent	134b2488c82ae13392121f71e4960178a38f3e01 (diff)
download	samba-546f63df5b214a1419069887ecfd9118aae8030a.tar.gz samba-546f63df5b214a1419069887ecfd9118aae8030a.tar.bz2 samba-546f63df5b214a1419069887ecfd9118aae8030a.zip