pam_winbind: fix pam_sm_chauthtok for storing modified cached creds.

author Günther Deschner <gd@samba.org>

Fri, 6 Jun 2008 13:59:52 +0000 (15:59 +0200)

committer Karolin Seeger <kseeger@samba.org>

Mon, 9 Jun 2008 08:33:59 +0000 (10:33 +0200)
author Günther Deschner <gd@samba.org>
Fri, 6 Jun 2008 13:59:52 +0000 (15:59 +0200)
committer Karolin Seeger <kseeger@samba.org>
Mon, 9 Jun 2008 08:33:59 +0000 (10:33 +0200)
diff --git a/source/nsswitch/pam_winbind.c b/source/nsswitch/pam_winbind.c

index 47e0e3cd128f04c15b39088521adb540dfbf3648..7288d7af77b153763e170f25e49ff3b63cd47ec0 100644 (file)
--- a/source/nsswitch/pam_winbind.c
+++ b/source/nsswitch/pam_winbind.c
@@ -2417,6 +2417,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
  {
         unsigned int lctrl;
         int ret;
+       bool cached_login = false;
  
         /* <DO NOT free() THESE> */
         const char *user;
@@ -2439,7 +2440,9 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
  
         _PAM_LOG_FUNCTION_ENTER("pam_sm_chauthtok", ctx);
  
-       /* clearing offline bit for the auth in the password change */
+       cached_login = (ctx->ctrl & WINBIND_CACHED_LOGIN);
+
+       /* clearing offline bit for auth */
         ctx->ctrl &= ~WINBIND_CACHED_LOGIN;
  
         /*
@@ -2595,6 +2598,15 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
                 _pam_get_data(pamh, PAM_WINBIND_PWD_LAST_SET,
                               &pwdlastset_update);
  
+               /*
+                * if cached creds were enabled, make sure to set the
+                * WINBIND_CACHED_LOGIN bit here in order to have winbindd
+                * update the cached creds storage - gd
+                */
+               if (cached_login) {
+                       ctx->ctrl |= WINBIND_CACHED_LOGIN;
+               }
+
                 ret = winbind_chauthtok_request(ctx, user, pass_old,
                                                 pass_new, pwdlastset_update);
                 if (ret) {
@@ -2614,6 +2626,9 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
                         cctype = get_krb5_cc_type_from_config(ctx);
                         warn_pwd_expire = get_warn_pwd_expire_from_config(ctx);
  
+                       /* clearing offline bit for auth */
+                       ctx->ctrl &= ~WINBIND_CACHED_LOGIN;
+
                         ret = winbind_auth_request(ctx, user, pass_new,
                                                    member, cctype, 0, &response,
                                                    NULL, &username_ret);
author	Günther Deschner <gd@samba.org>
	Fri, 6 Jun 2008 13:59:52 +0000 (15:59 +0200)
committer	Karolin Seeger <kseeger@samba.org>
	Mon, 9 Jun 2008 08:33:59 +0000 (10:33 +0200)