s3: Remove smb_pam_accountcheck from the auth modules

We go through the same check in auth/auth.c line 287 after the module has done
its job. So we don't have to do that check twice.

diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index 445aff51bb7d52c5cdf95a087832b9bb562c4dd3..cac482c3d07fc34ee868c3cd87eb3acd8171845f 100644 (file)
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -342,22 +342,9 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
 
                if (NT_STATUS_IS_OK(nt_status)) {
                        (*server_info)->nss_token |= user_info->was_mapped;
-
-                       if ( ! (*server_info)->guest) {
-                               /* if a real user check pam account restrictions */
-                               /* only really perfomed if "obey pam restriction" is true */
-                               nt_status = smb_pam_accountcheck((*server_info)->unix_name);
-                               if (  !NT_STATUS_IS_OK(nt_status)) {
-                                       DEBUG(1, ("PAM account restriction prevents user login\n"));
-                                       cli_shutdown(cli);
-                                       TALLOC_FREE(info3);
-                                       return nt_status;
-                               }
-                       }
+                       netsamlogon_cache_store(user_info->client.account_name, info3);
+                       TALLOC_FREE(info3);
                }
-
-               netsamlogon_cache_store(user_info->client.account_name, info3);
-               TALLOC_FREE(info3);
        }
 
        /* Note - once the cli stream is shutdown the mem_ctx used

diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c
index b5954e6a4df1cea6617a1df03c1a08c6747c9795..4ce0336ccc5bfc147e7548cef8acd6cd83ec8788 100644 (file)
--- a/source3/auth/auth_server.c
+++ b/source3/auth/auth_server.c
@@ -435,15 +435,7 @@ use this machine as the password server.\n"));
                if ( (pass = smb_getpwnam( NULL, user_info->mapped.account_name,
                        real_username, True )) != NULL ) 
                {
-                       /* if a real user check pam account restrictions */
-                       /* only really perfomed if "obey pam restriction" is true */
-                       nt_status = smb_pam_accountcheck(pass->pw_name);
-                       if (  !NT_STATUS_IS_OK(nt_status)) {
-                               DEBUG(1, ("PAM account restriction prevents user login\n"));
-                       } else {
-
-                               nt_status = make_server_info_pw(server_info, pass->pw_name, pass);
-                       }
+                       nt_status = make_server_info_pw(server_info, pass->pw_name, pass);
                        TALLOC_FREE(pass);
                }
                else

diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c
index 8668a2f5794f47c831ce4325b84907680e4a2cc8..c50ac78ee4c5e7474f94589e36516fa4c97f81ee 100644 (file)
--- a/source3/auth/auth_unix.c
+++ b/source3/auth/auth_unix.c
@@ -54,14 +54,7 @@ static NTSTATUS check_unix_security(const struct auth_context *auth_context,
 
        if (NT_STATUS_IS_OK(nt_status)) {
                if (pass) {
-                       /* if a real user check pam account restrictions */
-                       /* only really perfomed if "obey pam restriction" is true */
-                       nt_status = smb_pam_accountcheck(pass->pw_name);
-                       if (  !NT_STATUS_IS_OK(nt_status)) {
-                               DEBUG(1, ("PAM account restriction prevents user login\n"));
-                       } else {
-                               make_server_info_pw(server_info, pass->pw_name, pass);
-                       }
+                       make_server_info_pw(server_info, pass->pw_name, pass);
                } else {
                        /* we need to do somthing more useful here */
                        nt_status = NT_STATUS_NO_SUCH_USER;