summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2006-09-20 07:18:30 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:00:50 -0500
commitc4046b0e883de51d211a83adcc08b7497237dc6e (patch)
tree86340d1cd85d2749c0ac49ddce66ba855bb884a4
parent2fb8589862506d8a325f85c6c7d67509fe149d48 (diff)
downloadsamba-c4046b0e883de51d211a83adcc08b7497237dc6e.tar.gz
samba-c4046b0e883de51d211a83adcc08b7497237dc6e.tar.bz2
samba-c4046b0e883de51d211a83adcc08b7497237dc6e.zip
r18710: Prevent that our offline cache can get outdated after a password change.
Guenther (This used to be commit 8006cf962b4a33278414fcdf07bf94d739cb4aab)
-rw-r--r--source3/nsswitch/winbindd_pam.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index df12ceb3f1..3611e13c8c 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -2098,7 +2098,14 @@ enum winbindd_result winbindd_dual_pam_chng_pswd_auth_crap(struct winbindd_domai
(unsigned long)state->pid,
state->request.data.chng_pswd_auth_crap.domain,
state->request.data.chng_pswd_auth_crap.user));
-
+
+ if (lp_winbind_offline_logon()) {
+ DEBUG(0,("Refusing password change as winbind offline logons are enabled. "));
+ DEBUGADD(0,("Changing passwords here would risk inconsistent logons\n"));
+ result = NT_STATUS_ACCESS_DENIED;
+ goto done;
+ }
+
if (*state->request.data.chng_pswd_auth_crap.domain) {
fstrcpy(domain,state->request.data.chng_pswd_auth_crap.domain);
} else {