allowed workstation check based on 2.2.1

Toomas Soome tsoome at ut.ee
Thu Jul 12 10:30:24 GMT 2001



hi!

included is diff to test workstation limit. works for me:)

toomas
-- 
I was toilet-trained at gunpoint.
		-- Billy Braver
-------------- next part --------------
Index: rpc_server/srv_netlog_nt.c
===================================================================
RCS file: /cvsroot/samba/source/rpc_server/srv_netlog_nt.c,v
retrieving revision 1.1.2.17
diff -u -r1.1.2.17 srv_netlog_nt.c
--- rpc_server/srv_netlog_nt.c	20 Jun 2001 19:44:27 -0000	1.1.2.17
+++ rpc_server/srv_netlog_nt.c	12 Jul 2001 10:23:51 -0000
@@ -505,7 +505,9 @@
 	struct smb_passwd *smb_pass = NULL;
 	struct sam_passwd *sam_pass = NULL;
 	UNISTR2 *uni_samlogon_user = NULL;
+	UNISTR2 *uni_samlogon_workstation = NULL;
 	fstring nt_username;
+	fstring nt_workstation;
    
 	usr_info = (NET_USER_INFO_3 *)talloc(p->mem_ctx, sizeof(NET_USER_INFO_3));
 	if (!usr_info)
@@ -535,11 +537,13 @@
 	switch (q_u->sam_id.logon_level) {
 	case INTERACTIVE_LOGON_TYPE:
 		uni_samlogon_user = &q_u->sam_id.ctr->auth.id1.uni_user_name;
+		uni_samlogon_workstation = &q_u->sam_id.ctr->auth.id1.uni_wksta_name;
             
 		DEBUG(3,("SAM Logon (Interactive). Domain:[%s].  ", lp_workgroup()));
 		break;
 	case NET_LOGON_TYPE:
 		uni_samlogon_user = &q_u->sam_id.ctr->auth.id2.uni_user_name;
+		uni_samlogon_workstation = &q_u->sam_id.ctr->auth.id2.uni_wksta_name;
             
 		DEBUG(3,("SAM Logon (Network). Domain:[%s].  ", lp_workgroup()));
 		break;
@@ -548,11 +552,12 @@
 		return NT_STATUS_INVALID_INFO_CLASS;
 	} /* end switch */
 
+	pstrcpy(nt_workstation, dos_unistrn2(uni_samlogon_workstation->buffer, uni_samlogon_workstation->uni_str_len));
 	/* check username exists */
 
 	pstrcpy(nt_username, dos_unistrn2(uni_samlogon_user->buffer, uni_samlogon_user->uni_str_len));
 
-	DEBUG(3,("User:[%s]\n", nt_username));
+	DEBUG(3,("User:[%s@%s]\n", nt_username, nt_workstation));
         
 	/*
 	 * Convert to a UNIX username.
@@ -584,6 +589,32 @@
 	else if (smb_pass->acct_ctrl & ACB_DISABLED)
 		return NT_STATUS_ACCOUNT_DISABLED;
     
+	/* Test account expire time. */
+	if ( time(NULL) > sam_pass->kickoff_time )
+	  return NT_STATUS_ACCOUNT_EXPIRED;
+
+	/* Test workstation. Workstation list is comma separated. */
+        if ( sam_pass->workstations ) {
+	  fstring workstations;
+	  char *str;
+	  int invalid_ws = 1;
+	  pstrcpy(workstations, sam_pass->workstations);
+	  
+	  str = strtok(workstations, ",");
+          while( str != NULL ) {
+            if( strcmp(str, nt_workstation) == 0 ) {
+	      invalid_ws = 0;
+	      break;
+	    }
+	    str = strtok(NULL, ",");
+          }
+	  if ( invalid_ws ) return NT_STATUS_INVALID_WORKSTATION;
+        }
+
+	/* Test logon hours. */
+
+	/* Test must change password. */
+
 	/* Validate password - if required. */
     
 	if (smb_pass->acct_ctrl & ACB_PWNOTREQ) {
@@ -631,7 +662,12 @@
 	{
 		DOM_GID *gids = NULL;
 		int num_gids = 0;
-		NTTIME dummy_time;
+		NTTIME logon_time;
+		NTTIME logoff_time;
+		NTTIME kickoff_time;
+		NTTIME pass_last_set_time;
+		NTTIME pass_can_change_time;
+		NTTIME pass_must_change_time;
 		pstring my_name;
 		pstring my_workgroup;
 		pstring domain_groups;
@@ -641,8 +677,13 @@
 		/* set up pointer indicating user/password failed to be found */
 		usr_info->ptr_user_info = 0;
         
-		dummy_time.low  = 0xffffffff;
-		dummy_time.high = 0x7fffffff;
+		/* should we set new logon time there? */
+		unix_to_nt_time(&logon_time, sam_pass->logon_time);
+		unix_to_nt_time(&logoff_time, sam_pass->logoff_time);
+		unix_to_nt_time(&kickoff_time, sam_pass->kickoff_time);
+		unix_to_nt_time(&pass_last_set_time, sam_pass->pass_last_set_time);
+		unix_to_nt_time(&pass_can_change_time, sam_pass->pass_can_change_time);
+		unix_to_nt_time(&pass_must_change_time, sam_pass->pass_must_change_time);
 
 		pstrcpy(my_workgroup, lp_workgroup());
         
@@ -668,12 +709,12 @@
 		if (pdb_name_to_rid(nt_username, &r_uid, &r_gid))
 		{
 			init_net_user_info3(p->mem_ctx, usr_info,
-					&dummy_time, /* logon_time */
-					&dummy_time, /* logoff_time */
-					&dummy_time, /* kickoff_time */
-					&dummy_time, /* pass_last_set_time */
-					&dummy_time, /* pass_can_change_time */
-					&dummy_time, /* pass_must_change_time */
+					&logon_time,
+					&logoff_time,
+					&kickoff_time,
+					&pass_last_set_time,
+					&pass_can_change_time,
+					&pass_must_change_time,
                                 
 					nt_username , /* user_name */
 					sam_pass->full_name,	/* full_name */
 


More information about the samba-technical mailing list