Author: gd Date: 2006-01-05 14:28:34 +0000 (Thu, 05 Jan 2006) New Revision: 12722
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12722 Log: Handle NT_STATUS_ACCOUNT_DISABLED on logon as well. Guenther Modified: trunk/source/nsswitch/pam_winbind.c Changeset: Modified: trunk/source/nsswitch/pam_winbind.c =================================================================== --- trunk/source/nsswitch/pam_winbind.c 2006-01-05 11:35:29 UTC (rev 12721) +++ trunk/source/nsswitch/pam_winbind.c 2006-01-05 14:28:34 UTC (rev 12722) @@ -125,6 +125,7 @@ {"NT_STATUS_INVALID_WORKSTATION", "You are not allowed to logon from this workstation"}, {"NT_STATUS_INVALID_LOGON_HOURS", "You are not allowed to logon at this time"}, {"NT_STATUS_ACCOUNT_EXPIRED", "Your account has expired. Please contact your System administrator"}, /* SCNR */ + {"NT_STATUS_ACCOUNT_DISABLED", "Your account is disabled. Please contact your System administrator"}, /* SCNR */ {"NT_STATUS_ACCOUNT_LOCKED_OUT", "Your account has been locked. Please contact your System administrator"}, /* SCNR */ {"NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT", "Invalid Trust Account"}, {"NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT", "Invalid Trust Account"}, @@ -403,6 +404,7 @@ PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_INVALID_WORKSTATION"); PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_INVALID_LOGON_HOURS"); PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_ACCOUNT_EXPIRED"); + PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_ACCOUNT_DISABLED"); PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_ACCOUNT_LOCKED_OUT"); PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT"); PAM_WB_REMARK_CHECK_RESPONSE(pamh, response, "NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT"); @@ -999,6 +1001,8 @@ struct winbindd_response response; const char *user; const char *ccname = NULL; + struct passwd *pwd = NULL; + int retval; ZERO_STRUCT(request); @@ -1027,7 +1031,11 @@ fstrcpy(request.data.logoff.user, user); fstrcpy(request.data.logoff.krb5ccname, ccname); - request.data.logoff.uid = geteuid(); + pwd = getpwnam(user); + if (pwd == NULL) { + return PAM_USER_UNKNOWN; + } + request.data.logoff.uid = pwd->pw_uid; request.flags = WBFLAG_PAM_KRB5 | WBFLAG_PAM_CONTACT_TRUSTDOM;