summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2007-01-25 01:18:31 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:17:26 -0500
commit76fd8f8e1d774f247423ddfe0c76c3f89bbd3b48 (patch)
tree1f96ffff642a8837050181dfdbf5f889c4271f60
parent6ff9007252c530f59e8365a10be234a13e6202bd (diff)
downloadsamba-76fd8f8e1d774f247423ddfe0c76c3f89bbd3b48.tar.gz
samba-76fd8f8e1d774f247423ddfe0c76c3f89bbd3b48.tar.bz2
samba-76fd8f8e1d774f247423ddfe0c76c3f89bbd3b48.zip
r21011: Another patch from Danilo Almeida @ Centeris (via me):
Details: Reset the "new password prompt required" state whenever we do a new auth. In more detail, in pam_sm_authenticate, if not settting PAM_WINBIND_NEW_AUTHTOK_REQD, then clean any potentially present PAM_WINBIND_NEW_AUTHTOK_REQD. (This used to be commit 402e8594759b42c1986f4f8d69273f68ec5160af)
-rw-r--r--source3/nsswitch/pam_winbind.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c
index 8984b92df8..91a333b93d 100644
--- a/source3/nsswitch/pam_winbind.c
+++ b/source3/nsswitch/pam_winbind.c
@@ -1179,6 +1179,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
int retval = PAM_AUTH_ERR;
dictionary *d = NULL;
char *username_ret = NULL;
+ char *new_authtok_required = NULL;
/* parse arguments */
int ctrl = _pam_parse(pamh, flags, argc, argv, &d);
@@ -1227,14 +1228,12 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
if (retval == PAM_NEW_AUTHTOK_REQD ||
retval == PAM_AUTHTOK_EXPIRED) {
- char *buf;
-
- if (!asprintf(&buf, "%d", retval)) {
+ if (!asprintf(&new_authtok_required, "%d", retval)) {
retval = PAM_BUF_ERR;
goto out;
}
- pam_set_data( pamh, PAM_WINBIND_NEW_AUTHTOK_REQD, (void *)buf, _pam_winbind_cleanup_func);
+ pam_set_data(pamh, PAM_WINBIND_NEW_AUTHTOK_REQD, new_authtok_required, _pam_winbind_cleanup_func);
retval = PAM_SUCCESS;
goto out;
@@ -1296,6 +1295,10 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags,
iniparser_freedict(d);
}
+ if (!new_authtok_required) {
+ pam_set_data(pamh, PAM_WINBIND_NEW_AUTHTOK_REQD, NULL, NULL);
+ }
+
return ret;
}