From 546f63df5b214a1419069887ecfd9118aae8030a Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 28 Oct 2005 11:20:48 +0000
Subject: r11370: Samba4 now passes it's own RPC-SAMLOGON test again.

This avoids the nasty user@DOMAIN test for now, as it has very odd
semantics with NTLMv2.

Allow only user accounts to do an interactive login.

Andrew Bartlett
(This used to be commit 690cad8083e176b2e58fc243a11a003a78ce4074)
---
 source4/auth/auth_sam.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'source4/auth/auth_sam.c')

diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c
index e17eea8087..44609bb7f8 100644
--- a/source4/auth/auth_sam.c
+++ b/source4/auth/auth_sam.c
@@ -370,6 +370,13 @@ static NTSTATUS authsam_authenticate(struct auth_context *auth_context,
 		return NT_STATUS_ACCOUNT_LOCKED_OUT;
 	}
 
+	/* You can only do an interactive login to normal accounts */
+	if (user_info->flags & USER_INFO_INTERACTIVE_LOGON) {
+		if (!(acct_flags & ACB_NORMAL)) {
+			return NT_STATUS_NO_SUCH_USER;
+		}
+	}
+
 	nt_status = samdb_result_passwords(mem_ctx, msgs[0], &lm_pwd, &nt_pwd);
 	NT_STATUS_NOT_OK_RETURN(nt_status);
 
-- 
cgit