diff options
author | Günther Deschner <gd@samba.org> | 2006-09-20 07:18:30 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:00:50 -0500 |
commit | c4046b0e883de51d211a83adcc08b7497237dc6e (patch) | |
tree | 86340d1cd85d2749c0ac49ddce66ba855bb884a4 | |
parent | 2fb8589862506d8a325f85c6c7d67509fe149d48 (diff) | |
download | samba-c4046b0e883de51d211a83adcc08b7497237dc6e.tar.gz samba-c4046b0e883de51d211a83adcc08b7497237dc6e.tar.bz2 samba-c4046b0e883de51d211a83adcc08b7497237dc6e.zip |
r18710: Prevent that our offline cache can get outdated after a password change.
Guenther
(This used to be commit 8006cf962b4a33278414fcdf07bf94d739cb4aab)
-rw-r--r-- | source3/nsswitch/winbindd_pam.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index df12ceb3f1..3611e13c8c 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -2098,7 +2098,14 @@ enum winbindd_result winbindd_dual_pam_chng_pswd_auth_crap(struct winbindd_domai (unsigned long)state->pid, state->request.data.chng_pswd_auth_crap.domain, state->request.data.chng_pswd_auth_crap.user)); - + + if (lp_winbind_offline_logon()) { + DEBUG(0,("Refusing password change as winbind offline logons are enabled. ")); + DEBUGADD(0,("Changing passwords here would risk inconsistent logons\n")); + result = NT_STATUS_ACCESS_DENIED; + goto done; + } + if (*state->request.data.chng_pswd_auth_crap.domain) { fstrcpy(domain,state->request.data.chng_pswd_auth_crap.domain); } else { |