From 865467c82f39a98afa3c65f25b7e24137f904e93 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 26 Sep 2001 13:11:22 +0000 Subject: Process the workstation trust account code INSIDE the authenticaion subsystem, just like any other logon. Matching code removal in reply.c to follow. Andrew Bartlett (This used to be commit da4873d889928e9bd88e736e26e4e77e87bcd931) --- source3/auth/auth_sam.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) (limited to 'source3/auth') diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 7a21c3111b..567414d1a2 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -215,15 +215,15 @@ NTSTATUS sam_account_ok(SAM_ACCOUNT *sampass, const auth_usersupplied_info *user if (kickoff_time != (time_t)-1) { if (time(NULL) > kickoff_time) { DEBUG(1,("Account for user '%s' has expried.\n", sampass->username)); - DEBUG(3,("Account expired at '%d' unix time.\n", kickoff_time)); + DEBUG(3,("Account expired at '%ld' unix time.\n", (long)kickoff_time)); return NT_STATUS_ACCOUNT_EXPIRED; } } - + /* Test workstation. Workstation list is comma separated. */ - + workstation_list = strdup(pdb_get_workstations(sampass)); - + if (workstation_list) { if (*workstation_list) { BOOL invalid_ws = True; @@ -259,10 +259,25 @@ NTSTATUS sam_account_ok(SAM_ACCOUNT *sampass, const auth_usersupplied_info *user if (must_change_time != (time_t)-1 && must_change_time < time(NULL)) { DEBUG(1,("Account for user '%s' password expired!.\n", sampass->username)); - DEBUG(1,("Password expired at '%d' unix time.\n", must_change_time)); + DEBUG(1,("Password expired at '%ld' unix time.\n", (long)must_change_time)); return NT_STATUS_PASSWORD_EXPIRED; } } + + if (acct_ctrl & ACB_DOMTRUST) { + DEBUG(0,("session_trust_account: Domain trust account %s denied by server\n", sampass->username)); + return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT; + } + + if (acct_ctrl & ACB_SVRTRUST) { + DEBUG(0,("session_trust_account: Server trust account %s denied by server\n", sampass->username)); + return NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT; + } + + if (acct_ctrl & ACB_WSTRUST) { + DEBUG(4,("session_trust_account: Wksta trust account %s denied by server\n", sampass->username)); + return NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT; + } return NT_STATUS_OK; } -- cgit