diff options
| author | Jelmer Vernooij <jelmer@samba.org> | 2008-03-07 18:03:54 +0100 |
|---|---|---|
| committer | Jelmer Vernooij <jelmer@samba.org> | 2008-03-07 18:03:54 +0100 |
| commit | fc2cd5ed638b7b3b0ab2cef21ba032d7d958a0c2 (patch) | |
| tree | c343b97a8c16fcacd7703adcf4ee6f84fa7ee2a1 /source4/kdc | |
| parent | 5a5b50f3dd7d75214184f711c35a7536b64cbbe7 (diff) | |
| parent | 97a272a4bf1178c1adcc5761d162b74c338dd230 (diff) | |
| download | samba-fc2cd5ed638b7b3b0ab2cef21ba032d7d958a0c2.tar.gz samba-fc2cd5ed638b7b3b0ab2cef21ba032d7d958a0c2.tar.bz2 samba-fc2cd5ed638b7b3b0ab2cef21ba032d7d958a0c2.zip | |
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-gmake3
(This used to be commit e4da851bd7e7620bbf99efe20a496b1be78ba4e2)
Diffstat (limited to 'source4/kdc')
| -rw-r--r-- | source4/kdc/hdb-ldb.c | 5 | ||||
| -rw-r--r-- | source4/kdc/pac-glue.c | 21 |
2 files changed, 22 insertions, 4 deletions
diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c index 9a17e581e3..bc5a45ae2b 100644 --- a/source4/kdc/hdb-ldb.c +++ b/source4/kdc/hdb-ldb.c @@ -510,9 +510,8 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, entry_ex->entry.valid_start = NULL; - acct_expiry = samdb_result_nttime(msg, "accountExpires", (NTTIME)-1); - if ((acct_expiry == (NTTIME)-1) || - (acct_expiry == 0x7FFFFFFFFFFFFFFFULL)) { + acct_expiry = samdb_result_account_expires(msg, 0); + if (acct_expiry == 0x7FFFFFFFFFFFFFFFULL) { entry_ex->entry.valid_end = NULL; } else { entry_ex->entry.valid_end = malloc(sizeof(*entry_ex->entry.valid_end)); diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c index a99cf6ded8..66f36af870 100644 --- a/source4/kdc/pac-glue.c +++ b/source4/kdc/pac-glue.c @@ -276,9 +276,28 @@ krb5_error_code samba_kdc_check_client_access(void *priv, /* TODO: Need a more complete mapping of NTSTATUS to krb5kdc errors */ - if (!NT_STATUS_IS_OK(nt_status)) { + /* TODO: Also need to add the appropriate e-data struct of type + * PA-PW-SALT (3) that includes the NT_STATUS code, which gives Windows + * the information it needs to display the appropriate dialog. */ + + if (NT_STATUS_EQUAL(nt_status, NT_STATUS_PASSWORD_MUST_CHANGE)) + return KRB5KDC_ERR_KEY_EXPIRED; + else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_PASSWORD_EXPIRED)) + return KRB5KDC_ERR_KEY_EXPIRED; + else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_ACCOUNT_EXPIRED)) + return KRB5KDC_ERR_CLIENT_REVOKED; + else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_ACCOUNT_DISABLED)) + return KRB5KDC_ERR_CLIENT_REVOKED; + else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_INVALID_LOGON_HOURS)) + return KRB5KDC_ERR_CLIENT_REVOKED; + else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_ACCOUNT_LOCKED_OUT)) + return KRB5KDC_ERR_CLIENT_REVOKED; + else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_INVALID_WORKSTATION)) + return KRB5KDC_ERR_POLICY; + else if (!NT_STATUS_IS_OK(nt_status)) { return KRB5KDC_ERR_POLICY; } + return 0; } |