From 76fd8f8e1d774f247423ddfe0c76c3f89bbd3b48 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 25 Jan 2007 01:18:31 +0000 Subject: r21011: Another patch from Danilo Almeida @ Centeris (via me): Details: Reset the "new password prompt required" state whenever we do a new auth. In more detail, in pam_sm_authenticate, if not settting PAM_WINBIND_NEW_AUTHTOK_REQD, then clean any potentially present PAM_WINBIND_NEW_AUTHTOK_REQD. (This used to be commit 402e8594759b42c1986f4f8d69273f68ec5160af) --- source3/nsswitch/pam_winbind.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index 8984b92df8..91a333b93d 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -1179,6 +1179,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int retval = PAM_AUTH_ERR; dictionary *d = NULL; char *username_ret = NULL; + char *new_authtok_required = NULL; /* parse arguments */ int ctrl = _pam_parse(pamh, flags, argc, argv, &d); @@ -1227,14 +1228,12 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, if (retval == PAM_NEW_AUTHTOK_REQD || retval == PAM_AUTHTOK_EXPIRED) { - char *buf; - - if (!asprintf(&buf, "%d", retval)) { + if (!asprintf(&new_authtok_required, "%d", retval)) { retval = PAM_BUF_ERR; goto out; } - pam_set_data( pamh, PAM_WINBIND_NEW_AUTHTOK_REQD, (void *)buf, _pam_winbind_cleanup_func); + pam_set_data(pamh, PAM_WINBIND_NEW_AUTHTOK_REQD, new_authtok_required, _pam_winbind_cleanup_func); retval = PAM_SUCCESS; goto out; @@ -1296,6 +1295,10 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, iniparser_freedict(d); } + if (!new_authtok_required) { + pam_set_data(pamh, PAM_WINBIND_NEW_AUTHTOK_REQD, NULL, NULL); + } + return ret; } -- cgit