diff options
-rw-r--r-- | source3/nsswitch/pam_winbind.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index 47e0e3cd12..7288d7af77 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -2417,6 +2417,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, { unsigned int lctrl; int ret; + bool cached_login = false; /* <DO NOT free() THESE> */ const char *user; @@ -2439,7 +2440,9 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, _PAM_LOG_FUNCTION_ENTER("pam_sm_chauthtok", ctx); - /* clearing offline bit for the auth in the password change */ + cached_login = (ctx->ctrl & WINBIND_CACHED_LOGIN); + + /* clearing offline bit for auth */ ctx->ctrl &= ~WINBIND_CACHED_LOGIN; /* @@ -2595,6 +2598,15 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, _pam_get_data(pamh, PAM_WINBIND_PWD_LAST_SET, &pwdlastset_update); + /* + * if cached creds were enabled, make sure to set the + * WINBIND_CACHED_LOGIN bit here in order to have winbindd + * update the cached creds storage - gd + */ + if (cached_login) { + ctx->ctrl |= WINBIND_CACHED_LOGIN; + } + ret = winbind_chauthtok_request(ctx, user, pass_old, pass_new, pwdlastset_update); if (ret) { @@ -2614,6 +2626,9 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, cctype = get_krb5_cc_type_from_config(ctx); warn_pwd_expire = get_warn_pwd_expire_from_config(ctx); + /* clearing offline bit for auth */ + ctx->ctrl &= ~WINBIND_CACHED_LOGIN; + ret = winbind_auth_request(ctx, user, pass_new, member, cctype, 0, &response, NULL, &username_ret); |