summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/nsswitch/pam_winbind.c17
1 files changed, 16 insertions, 1 deletions
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c
index 47e0e3cd12..7288d7af77 100644
--- a/source3/nsswitch/pam_winbind.c
+++ b/source3/nsswitch/pam_winbind.c
@@ -2417,6 +2417,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
{
unsigned int lctrl;
int ret;
+ bool cached_login = false;
/* <DO NOT free() THESE> */
const char *user;
@@ -2439,7 +2440,9 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
_PAM_LOG_FUNCTION_ENTER("pam_sm_chauthtok", ctx);
- /* clearing offline bit for the auth in the password change */
+ cached_login = (ctx->ctrl & WINBIND_CACHED_LOGIN);
+
+ /* clearing offline bit for auth */
ctx->ctrl &= ~WINBIND_CACHED_LOGIN;
/*
@@ -2595,6 +2598,15 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
_pam_get_data(pamh, PAM_WINBIND_PWD_LAST_SET,
&pwdlastset_update);
+ /*
+ * if cached creds were enabled, make sure to set the
+ * WINBIND_CACHED_LOGIN bit here in order to have winbindd
+ * update the cached creds storage - gd
+ */
+ if (cached_login) {
+ ctx->ctrl |= WINBIND_CACHED_LOGIN;
+ }
+
ret = winbind_chauthtok_request(ctx, user, pass_old,
pass_new, pwdlastset_update);
if (ret) {
@@ -2614,6 +2626,9 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
cctype = get_krb5_cc_type_from_config(ctx);
warn_pwd_expire = get_warn_pwd_expire_from_config(ctx);
+ /* clearing offline bit for auth */
+ ctx->ctrl &= ~WINBIND_CACHED_LOGIN;
+
ret = winbind_auth_request(ctx, user, pass_new,
member, cctype, 0, &response,
NULL, &username_ret);