allowed workstation check based on 2.2.1
Toomas Soome
tsoome at ut.ee
Thu Jul 12 10:30:24 GMT 2001
hi!
included is diff to test workstation limit. works for me:)
toomas
--
I was toilet-trained at gunpoint.
-- Billy Braver
-------------- next part --------------
Index: rpc_server/srv_netlog_nt.c
===================================================================
RCS file: /cvsroot/samba/source/rpc_server/srv_netlog_nt.c,v
retrieving revision 1.1.2.17
diff -u -r1.1.2.17 srv_netlog_nt.c
--- rpc_server/srv_netlog_nt.c 20 Jun 2001 19:44:27 -0000 1.1.2.17
+++ rpc_server/srv_netlog_nt.c 12 Jul 2001 10:23:51 -0000
@@ -505,7 +505,9 @@
struct smb_passwd *smb_pass = NULL;
struct sam_passwd *sam_pass = NULL;
UNISTR2 *uni_samlogon_user = NULL;
+ UNISTR2 *uni_samlogon_workstation = NULL;
fstring nt_username;
+ fstring nt_workstation;
usr_info = (NET_USER_INFO_3 *)talloc(p->mem_ctx, sizeof(NET_USER_INFO_3));
if (!usr_info)
@@ -535,11 +537,13 @@
switch (q_u->sam_id.logon_level) {
case INTERACTIVE_LOGON_TYPE:
uni_samlogon_user = &q_u->sam_id.ctr->auth.id1.uni_user_name;
+ uni_samlogon_workstation = &q_u->sam_id.ctr->auth.id1.uni_wksta_name;
DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup()));
break;
case NET_LOGON_TYPE:
uni_samlogon_user = &q_u->sam_id.ctr->auth.id2.uni_user_name;
+ uni_samlogon_workstation = &q_u->sam_id.ctr->auth.id2.uni_wksta_name;
DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", lp_workgroup()));
break;
@@ -548,11 +552,12 @@
return NT_STATUS_INVALID_INFO_CLASS;
} /* end switch */
+ pstrcpy(nt_workstation, dos_unistrn2(uni_samlogon_workstation->buffer, uni_samlogon_workstation->uni_str_len));
/* check username exists */
pstrcpy(nt_username, dos_unistrn2(uni_samlogon_user->buffer, uni_samlogon_user->uni_str_len));
- DEBUG(3,("User:[%s]\n", nt_username));
+ DEBUG(3,("User:[%s@%s]\n", nt_username, nt_workstation));
/*
* Convert to a UNIX username.
@@ -584,6 +589,32 @@
else if (smb_pass->acct_ctrl & ACB_DISABLED)
return NT_STATUS_ACCOUNT_DISABLED;
+ /* Test account expire time. */
+ if ( time(NULL) > sam_pass->kickoff_time )
+ return NT_STATUS_ACCOUNT_EXPIRED;
+
+ /* Test workstation. Workstation list is comma separated. */
+ if ( sam_pass->workstations ) {
+ fstring workstations;
+ char *str;
+ int invalid_ws = 1;
+ pstrcpy(workstations, sam_pass->workstations);
+
+ str = strtok(workstations, ",");
+ while( str != NULL ) {
+ if( strcmp(str, nt_workstation) == 0 ) {
+ invalid_ws = 0;
+ break;
+ }
+ str = strtok(NULL, ",");
+ }
+ if ( invalid_ws ) return NT_STATUS_INVALID_WORKSTATION;
+ }
+
+ /* Test logon hours. */
+
+ /* Test must change password. */
+
/* Validate password - if required. */
if (smb_pass->acct_ctrl & ACB_PWNOTREQ) {
@@ -631,7 +662,12 @@
{
DOM_GID *gids = NULL;
int num_gids = 0;
- NTTIME dummy_time;
+ NTTIME logon_time;
+ NTTIME logoff_time;
+ NTTIME kickoff_time;
+ NTTIME pass_last_set_time;
+ NTTIME pass_can_change_time;
+ NTTIME pass_must_change_time;
pstring my_name;
pstring my_workgroup;
pstring domain_groups;
@@ -641,8 +677,13 @@
/* set up pointer indicating user/password failed to be found */
usr_info->ptr_user_info = 0;
- dummy_time.low = 0xffffffff;
- dummy_time.high = 0x7fffffff;
+ /* should we set new logon time there? */
+ unix_to_nt_time(&logon_time, sam_pass->logon_time);
+ unix_to_nt_time(&logoff_time, sam_pass->logoff_time);
+ unix_to_nt_time(&kickoff_time, sam_pass->kickoff_time);
+ unix_to_nt_time(&pass_last_set_time, sam_pass->pass_last_set_time);
+ unix_to_nt_time(&pass_can_change_time, sam_pass->pass_can_change_time);
+ unix_to_nt_time(&pass_must_change_time, sam_pass->pass_must_change_time);
pstrcpy(my_workgroup, lp_workgroup());
@@ -668,12 +709,12 @@
if (pdb_name_to_rid(nt_username, &r_uid, &r_gid))
{
init_net_user_info3(p->mem_ctx, usr_info,
- &dummy_time, /* logon_time */
- &dummy_time, /* logoff_time */
- &dummy_time, /* kickoff_time */
- &dummy_time, /* pass_last_set_time */
- &dummy_time, /* pass_can_change_time */
- &dummy_time, /* pass_must_change_time */
+ &logon_time,
+ &logoff_time,
+ &kickoff_time,
+ &pass_last_set_time,
+ &pass_can_change_time,
+ &pass_must_change_time,
nt_username , /* user_name */
sam_pass->full_name, /* full_name */
More information about the samba-technical
mailing list