summaryrefslogtreecommitdiff
path: root/source3/nsswitch
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2008-07-07 11:26:16 -0700
committerJeremy Allison <jra@samba.org>2008-07-07 11:26:16 -0700
commit06b3a79d1fb2b66c39e0d8667c5904bfaff26b03 (patch)
tree595bb051c118c4a30b1f31a9b0973027b4b6c756 /source3/nsswitch
parent4be7a83a2cc249f4b15de43df30560fe078dacf8 (diff)
downloadsamba-06b3a79d1fb2b66c39e0d8667c5904bfaff26b03.tar.gz
samba-06b3a79d1fb2b66c39e0d8667c5904bfaff26b03.tar.bz2
samba-06b3a79d1fb2b66c39e0d8667c5904bfaff26b03.zip
Allow authentication and memory credential refresh after password change from gdm/xdm. Patch from boyang <boyang@novell.com>.
Jeremy. (This used to be commit 8cfc6afc7b4a6af9aea5f5a7cb5af7e3218c2d75)
Diffstat (limited to 'source3/nsswitch')
-rw-r--r--source3/nsswitch/pam_winbind.c21
1 files changed, 14 insertions, 7 deletions
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c
index e42199cd0f..95b3d23dd4 100644
--- a/source3/nsswitch/pam_winbind.c
+++ b/source3/nsswitch/pam_winbind.c
@@ -2384,15 +2384,17 @@ static bool _pam_require_krb5_auth_after_chauthtok(struct pwb_context *ctx,
/* Make sure that we only do this if a) the chauthtok got initiated
* during a logon attempt (authenticate->acct_mgmt->chauthtok) b) any
* later password change via the "passwd" command if done by the user
- * itself */
+ * itself
+ * NB. If we login from gdm or xdm and the password expires,
+ * we change the password, but there is no memory cache.
+ * Thus, even for passthrough login, we should do the
+ * authentication again to update memory cache.
+ * --- BoYang
+ * */
char *new_authtok_reqd_during_auth = NULL;
struct passwd *pwd = NULL;
- if (!(ctx->ctrl & WINBIND_KRB5_AUTH)) {
- return false;
- }
-
_pam_get_data(ctx->pamh, PAM_WINBIND_NEW_AUTHTOK_REQD_DURING_AUTH,
&new_authtok_reqd_during_auth);
pam_set_data(ctx->pamh, PAM_WINBIND_NEW_AUTHTOK_REQD_DURING_AUTH,
@@ -2630,8 +2632,13 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
cctype = get_krb5_cc_type_from_config(ctx);
warn_pwd_expire = get_warn_pwd_expire_from_config(ctx);
- /* clearing offline bit for auth */
- ctx->ctrl &= ~WINBIND_CACHED_LOGIN;
+ /* Keep WINBIND_CACHED_LOGIN bit for
+ * authentication after changing the password.
+ * This will update the cached credentials in case
+ * that winbindd_dual_pam_chauthtok() fails
+ * to update them.
+ * --- BoYang
+ * */
ret = winbind_auth_request(ctx, user, pass_new,
member, cctype, 0, &response,