From 06b3a79d1fb2b66c39e0d8667c5904bfaff26b03 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 7 Jul 2008 11:26:16 -0700 Subject: Allow authentication and memory credential refresh after password change from gdm/xdm. Patch from boyang . Jeremy. (This used to be commit 8cfc6afc7b4a6af9aea5f5a7cb5af7e3218c2d75) --- source3/winbindd/winbindd_pam.c | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) (limited to 'source3/winbindd/winbindd_pam.c') diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index f7001f7716..c26f552d31 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -2114,11 +2114,21 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact done: if (NT_STATUS_IS_OK(result) && (state->request.flags & WBFLAG_PAM_CACHED_LOGIN)) { - + /* Update the single sign-on memory creds. */ result = winbindd_replace_memory_creds(state->request.data.chauthtok.user, newpass); + /* When we login from gdm or xdm and password expires, + * we change password, but there are no memory crendentials + * So, winbindd_replace_memory_creds() returns + * NT_STATUS_OBJECT_NAME_NOT_FOUND. This is not a failure. + * --- BoYang + * */ + if (NT_STATUS_EQUAL(result, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { + result = NT_STATUS_OK; + } + if (!NT_STATUS_IS_OK(result)) { DEBUG(10,("Failed to replace memory creds: %s\n", nt_errstr(result))); goto process_result; @@ -2128,12 +2138,23 @@ done: result = winbindd_update_creds_by_name(contact_domain, state->mem_ctx, user, newpass); + /* Again, this happens when we login from gdm or xdm + * and the password expires, *BUT* cached crendentials + * doesn't exist. winbindd_update_creds_by_name() + * returns NT_STATUS_NO_SUCH_USER. + * This is not a failure. + * --- BoYang + * */ + if (NT_STATUS_EQUAL(result, NT_STATUS_NO_SUCH_USER)) { + result = NT_STATUS_OK; + } + if (!NT_STATUS_IS_OK(result)) { DEBUG(10,("Failed to store creds: %s\n", nt_errstr(result))); goto process_result; } } - } + } if (!NT_STATUS_IS_OK(result) && !got_info && contact_domain) { -- cgit