The branch, master has been updated via ba706d6... s3: Remove smb_pam_accountcheck from the auth modules from 89899f5... s4-drs: ATTIDs for deleted attributes should be based on msDs-IntId value if it exists
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit ba706d696b8fb14b8d449cd198d982eef18e4320 Author: Volker Lendecke <v...@samba.org> Date: Wed Aug 18 18:16:24 2010 +0200 s3: Remove smb_pam_accountcheck from the auth modules We go through the same check in auth/auth.c line 287 after the module has done its job. So we don't have to do that check twice. ----------------------------------------------------------------------- Summary of changes: source3/auth/auth_domain.c | 17 ++--------------- source3/auth/auth_server.c | 10 +--------- source3/auth/auth_unix.c | 9 +-------- 3 files changed, 4 insertions(+), 32 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index 445aff5..cac482c 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -342,22 +342,9 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, if (NT_STATUS_IS_OK(nt_status)) { (*server_info)->nss_token |= user_info->was_mapped; - - if ( ! (*server_info)->guest) { - /* if a real user check pam account restrictions */ - /* only really perfomed if "obey pam restriction" is true */ - nt_status = smb_pam_accountcheck((*server_info)->unix_name); - if ( !NT_STATUS_IS_OK(nt_status)) { - DEBUG(1, ("PAM account restriction prevents user login\n")); - cli_shutdown(cli); - TALLOC_FREE(info3); - return nt_status; - } - } + netsamlogon_cache_store(user_info->client.account_name, info3); + TALLOC_FREE(info3); } - - netsamlogon_cache_store(user_info->client.account_name, info3); - TALLOC_FREE(info3); } /* Note - once the cli stream is shutdown the mem_ctx used diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index b5954e6..4ce0336 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -435,15 +435,7 @@ use this machine as the password server.\n")); if ( (pass = smb_getpwnam( NULL, user_info->mapped.account_name, real_username, True )) != NULL ) { - /* if a real user check pam account restrictions */ - /* only really perfomed if "obey pam restriction" is true */ - nt_status = smb_pam_accountcheck(pass->pw_name); - if ( !NT_STATUS_IS_OK(nt_status)) { - DEBUG(1, ("PAM account restriction prevents user login\n")); - } else { - - nt_status = make_server_info_pw(server_info, pass->pw_name, pass); - } + nt_status = make_server_info_pw(server_info, pass->pw_name, pass); TALLOC_FREE(pass); } else diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c index 8668a2f..c50ac78 100644 --- a/source3/auth/auth_unix.c +++ b/source3/auth/auth_unix.c @@ -54,14 +54,7 @@ static NTSTATUS check_unix_security(const struct auth_context *auth_context, if (NT_STATUS_IS_OK(nt_status)) { if (pass) { - /* if a real user check pam account restrictions */ - /* only really perfomed if "obey pam restriction" is true */ - nt_status = smb_pam_accountcheck(pass->pw_name); - if ( !NT_STATUS_IS_OK(nt_status)) { - DEBUG(1, ("PAM account restriction prevents user login\n")); - } else { - make_server_info_pw(server_info, pass->pw_name, pass); - } + make_server_info_pw(server_info, pass->pw_name, pass); } else { /* we need to do somthing more useful here */ nt_status = NT_STATUS_NO_SUCH_USER; -- Samba Shared Repository