From c4046b0e883de51d211a83adcc08b7497237dc6e Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Wed, 20 Sep 2006 07:18:30 +0000
Subject: r18710: Prevent that our offline cache can get outdated after a
 password change.

Guenther
(This used to be commit 8006cf962b4a33278414fcdf07bf94d739cb4aab)
---
 source3/nsswitch/winbindd_pam.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'source3/nsswitch/winbindd_pam.c')

diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index df12ceb3f1..3611e13c8c 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -2098,7 +2098,14 @@ enum winbindd_result winbindd_dual_pam_chng_pswd_auth_crap(struct winbindd_domai
 		  (unsigned long)state->pid,
 		  state->request.data.chng_pswd_auth_crap.domain,
 		  state->request.data.chng_pswd_auth_crap.user));
-	
+
+	if (lp_winbind_offline_logon()) {
+		DEBUG(0,("Refusing password change as winbind offline logons are enabled. "));
+		DEBUGADD(0,("Changing passwords here would risk inconsistent logons\n"));
+		result = NT_STATUS_ACCESS_DENIED;
+		goto done;
+	}
+
 	if (*state->request.data.chng_pswd_auth_crap.domain) {
 		fstrcpy(domain,state->request.data.chng_pswd_auth_crap.domain);
 	} else {
-- 
cgit