summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2008-06-06 15:59:52 +0200
committerGünther Deschner <gd@samba.org>2008-06-06 16:00:34 +0200
commitf4e93883c999ac30d4106149f341724a7243847f (patch)
treec1e73f5ecc3a8f0c940d66bccd70c974e1f5eeb3
parenta3353677d32161ffaf3f292de422c682624084d8 (diff)
downloadsamba-f4e93883c999ac30d4106149f341724a7243847f.tar.gz
samba-f4e93883c999ac30d4106149f341724a7243847f.tar.bz2
samba-f4e93883c999ac30d4106149f341724a7243847f.zip
pam_winbind: fix pam_sm_chauthtok for storing modified cached creds.
Thanks to Bo Yang for pointing this out. Guenther (This used to be commit 516a067016955938988ab37c777102a14b41e100)
-rw-r--r--source3/nsswitch/pam_winbind.c17
1 files changed, 16 insertions, 1 deletions
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c
index 47e0e3cd12..7288d7af77 100644
--- a/source3/nsswitch/pam_winbind.c
+++ b/source3/nsswitch/pam_winbind.c
@@ -2417,6 +2417,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
{
unsigned int lctrl;
int ret;
+ bool cached_login = false;
/* <DO NOT free() THESE> */
const char *user;
@@ -2439,7 +2440,9 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
_PAM_LOG_FUNCTION_ENTER("pam_sm_chauthtok", ctx);
- /* clearing offline bit for the auth in the password change */
+ cached_login = (ctx->ctrl & WINBIND_CACHED_LOGIN);
+
+ /* clearing offline bit for auth */
ctx->ctrl &= ~WINBIND_CACHED_LOGIN;
/*
@@ -2595,6 +2598,15 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
_pam_get_data(pamh, PAM_WINBIND_PWD_LAST_SET,
&pwdlastset_update);
+ /*
+ * if cached creds were enabled, make sure to set the
+ * WINBIND_CACHED_LOGIN bit here in order to have winbindd
+ * update the cached creds storage - gd
+ */
+ if (cached_login) {
+ ctx->ctrl |= WINBIND_CACHED_LOGIN;
+ }
+
ret = winbind_chauthtok_request(ctx, user, pass_old,
pass_new, pwdlastset_update);
if (ret) {
@@ -2614,6 +2626,9 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
cctype = get_krb5_cc_type_from_config(ctx);
warn_pwd_expire = get_warn_pwd_expire_from_config(ctx);
+ /* clearing offline bit for auth */
+ ctx->ctrl &= ~WINBIND_CACHED_LOGIN;
+
ret = winbind_auth_request(ctx, user, pass_new,
member, cctype, 0, &response,
NULL, &username_ret);