r19980: Implement pam account stack checks when obey pam restrictions is true.

It was missing for security=server/domain/ads Simo. (This used to be commit 550f651499c22c3c11594a0a39061a8a9b438d82)
author: Simo Sorce <idra@samba.org> 2006-12-01 15:06:34 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 12:16:17 -0500
commit: cb0402c2d3941a813e33b2b5e07c54b9ff644ca4 (patch)
tree: 799a448568dc233247089b8068bd119d9c3f65b7 /source3/auth/auth_unix.c
parent: ef8d6bf5f700dcfeec7919203da9c357c4f21e3f (diff)
download: samba-cb0402c2d3941a813e33b2b5e07c54b9ff644ca4.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c
index efe5203b233..837c9323654 100644
--- a/source3/auth/auth_unix.c
+++ b/source3/auth/auth_unix.c
@@ -110,7 +110,14 @@ static NTSTATUS check_unix_security(const struct auth_context *auth_context,
 
 	if (NT_STATUS_IS_OK(nt_status)) {
 		if (pass) {
-			make_server_info_pw(server_info, pass->pw_name, pass);
+			/* if a real user check pam account restrictions */
+			/* only really perfomed if "obey pam restriction" is true */
+			nt_status = smb_pam_accountcheck(pass->pw_name);
+			if (  !NT_STATUS_IS_OK(nt_status)) {
+				DEBUG(1, ("PAM account restriction prevents user login\n"));
+			} else {
+				make_server_info_pw(server_info, pass->pw_name, pass);
+			}
 		} else {
 			/* we need to do somthing more useful here */
 			nt_status = NT_STATUS_NO_SUCH_USER;
author	Simo Sorce <idra@samba.org>	2006-12-01 15:06:34 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 12:16:17 -0500
commit	cb0402c2d3941a813e33b2b5e07c54b9ff644ca4 (patch)
tree	799a448568dc233247089b8068bd119d9c3f65b7 /source3/auth/auth_unix.c
parent	ef8d6bf5f700dcfeec7919203da9c357c4f21e3f (diff)
download	samba-cb0402c2d3941a813e33b2b5e07c54b9ff644ca4.tar.gz