From f4e93883c999ac30d4106149f341724a7243847f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 6 Jun 2008 15:59:52 +0200 Subject: pam_winbind: fix pam_sm_chauthtok for storing modified cached creds. Thanks to Bo Yang for pointing this out. Guenther (This used to be commit 516a067016955938988ab37c777102a14b41e100) --- source3/nsswitch/pam_winbind.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index 47e0e3cd12..7288d7af77 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -2417,6 +2417,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, { unsigned int lctrl; int ret; + bool cached_login = false; /* */ const char *user; @@ -2439,7 +2440,9 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, _PAM_LOG_FUNCTION_ENTER("pam_sm_chauthtok", ctx); - /* clearing offline bit for the auth in the password change */ + cached_login = (ctx->ctrl & WINBIND_CACHED_LOGIN); + + /* clearing offline bit for auth */ ctx->ctrl &= ~WINBIND_CACHED_LOGIN; /* @@ -2595,6 +2598,15 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, _pam_get_data(pamh, PAM_WINBIND_PWD_LAST_SET, &pwdlastset_update); + /* + * if cached creds were enabled, make sure to set the + * WINBIND_CACHED_LOGIN bit here in order to have winbindd + * update the cached creds storage - gd + */ + if (cached_login) { + ctx->ctrl |= WINBIND_CACHED_LOGIN; + } + ret = winbind_chauthtok_request(ctx, user, pass_old, pass_new, pwdlastset_update); if (ret) { @@ -2614,6 +2626,9 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, cctype = get_krb5_cc_type_from_config(ctx); warn_pwd_expire = get_warn_pwd_expire_from_config(ctx); + /* clearing offline bit for auth */ + ctx->ctrl &= ~WINBIND_CACHED_LOGIN; + ret = winbind_auth_request(ctx, user, pass_new, member, cctype, 0, &response, NULL, &username_ret); -- cgit