svn commit: samba r12722 - in trunk/source/nsswitch: .

Thu, 05 Jan 2006 06:28:59 -0800 

Author: gd
Date: 2006-01-05 14:28:34 +0000 (Thu, 05 Jan 2006)
New Revision: 12722

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12722

Log:
Handle NT_STATUS_ACCOUNT_DISABLED on logon as well.

Guenther

Modified:
   trunk/source/nsswitch/pam_winbind.c


Changeset:
Modified: trunk/source/nsswitch/pam_winbind.c
===================================================================
--- trunk/source/nsswitch/pam_winbind.c 2006-01-05 11:35:29 UTC (rev 12721)
+++ trunk/source/nsswitch/pam_winbind.c 2006-01-05 14:28:34 UTC (rev 12722)
@@ -125,6 +125,7 @@
        {"NT_STATUS_INVALID_WORKSTATION", "You are not allowed to logon from 
this workstation"},
        {"NT_STATUS_INVALID_LOGON_HOURS", "You are not allowed to logon at this 
time"},
        {"NT_STATUS_ACCOUNT_EXPIRED", "Your account has expired. Please contact 
your System administrator"}, /* SCNR */
+       {"NT_STATUS_ACCOUNT_DISABLED", "Your account is disabled. Please 
contact your System administrator"}, /* SCNR */
        {"NT_STATUS_ACCOUNT_LOCKED_OUT", "Your account has been locked. Please 
contact your System administrator"}, /* SCNR */
        {"NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT", "Invalid Trust 
Account"},
        {"NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT", "Invalid Trust Account"},
@@ -403,6 +404,7 @@
                PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, 
"NT_STATUS_INVALID_WORKSTATION");
                PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, 
"NT_STATUS_INVALID_LOGON_HOURS");
                PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, 
"NT_STATUS_ACCOUNT_EXPIRED");
+               PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, 
"NT_STATUS_ACCOUNT_DISABLED");
                PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, 
"NT_STATUS_ACCOUNT_LOCKED_OUT");
                PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, 
"NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT");
                PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, 
"NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT");
@@ -999,6 +1001,8 @@
                struct winbindd_response response;
                const char *user;
                const char *ccname = NULL;
+               struct passwd *pwd = NULL;
+
                int retval;
 
                ZERO_STRUCT(request);
@@ -1027,7 +1031,11 @@
                fstrcpy(request.data.logoff.user, user);
                fstrcpy(request.data.logoff.krb5ccname, ccname);
 
-               request.data.logoff.uid = geteuid();
+               pwd = getpwnam(user);
+               if (pwd == NULL) {
+                       return PAM_USER_UNKNOWN;
+               }
+               request.data.logoff.uid = pwd->pw_uid;
 
                request.flags = WBFLAG_PAM_KRB5 | WBFLAG_PAM_CONTACT_TRUSTDOM;

Reply via email to