diff options
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/sesssetup.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index ae6dd49663..11c5e9bbf9 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -292,6 +292,22 @@ static int reply_spnego_kerberos(connection_struct *conn, username_was_mapped = map_username( user ); pw = smb_getpwnam( mem_ctx, user, real_username, True ); + + if (pw) { + /* if a real user check pam account restrictions */ + /* only really perfomed if "obey pam restriction" is true */ + /* do this before an eventual mappign to guest occurs */ + ret = smb_pam_accountcheck(pw->pw_name); + if ( !NT_STATUS_IS_OK(ret)) { + DEBUG(1, ("PAM account restriction prevents user login\n")); + data_blob_free(&ap_rep); + data_blob_free(&session_key); + talloc_destroy(mem_ctx); + TALLOC_FREE(pw); + return ERROR_NT(nt_status_squash(ret)); + } + } + if (!pw) { /* this was originally the behavior of Samba 2.2, if a user |