From: Günther Deschner Date: Tue, 19 Dec 2006 17:35:47 +0000 (+0000) Subject: r20254: The pam_chauthtok needs to go through the async interface as well. X-Git-Tag: samba-misc-tags/initial-v3-0-unstable~1500 X-Git-Url: http://git.samba.org/?a=commitdiff_plain;h=2d2de1ac27180756df095c586211fe2e7694b94e;p=samba.git r20254: The pam_chauthtok needs to go through the async interface as well. This fixes pam password changes in the online case. Guenther --- diff --git a/source/nsswitch/winbindd_dual.c b/source/nsswitch/winbindd_dual.c index cbf9a7c3d02..fc8a95dfc0c 100644 --- a/source/nsswitch/winbindd_dual.c +++ b/source/nsswitch/winbindd_dual.c @@ -355,6 +355,7 @@ static struct winbindd_child_dispatch_table child_dispatch_table[] = { { WINBINDD_PAM_AUTH_CRAP, winbindd_dual_pam_auth_crap, "AUTH_CRAP" }, { WINBINDD_PAM_LOGOFF, winbindd_dual_pam_logoff, "PAM_LOGOFF" }, { WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP,winbindd_dual_pam_chng_pswd_auth_crap,"CHNG_PSWD_AUTH_CRAP" }, + { WINBINDD_PAM_CHAUTHTOK, winbindd_dual_pam_chauthtok, "PAM_CHAUTHTOK" }, { WINBINDD_CHECK_MACHACC, winbindd_dual_check_machine_acct, "CHECK_MACHACC" }, { WINBINDD_DUAL_SID2UID, winbindd_dual_sid2uid, "DUAL_SID2UID" }, { WINBINDD_DUAL_SID2GID, winbindd_dual_sid2gid, "DUAL_SID2GID" }, diff --git a/source/nsswitch/winbindd_pam.c b/source/nsswitch/winbindd_pam.c index 6248272f699..47721b1bb05 100644 --- a/source/nsswitch/winbindd_pam.c +++ b/source/nsswitch/winbindd_pam.c @@ -1793,16 +1793,8 @@ done: void winbindd_pam_chauthtok(struct winbindd_cli_state *state) { - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - char *oldpass; - char *newpass = NULL; fstring domain, user; - POLICY_HND dom_pol; struct winbindd_domain *contact_domain; - struct rpc_pipe_client *cli; - BOOL got_info = False; - SAM_UNK_INFO_1 info; - SAMR_CHANGE_REJECT reject; DEBUG(3, ("[%5lu]: pam chauthtok %s\n", (unsigned long)state->pid, state->request.data.chauthtok.user)); @@ -1822,9 +1814,33 @@ void winbindd_pam_chauthtok(struct winbindd_cli_state *state) contact_domain = find_domain_from_name(domain); if (!contact_domain) { + set_auth_errors(&state->response, NT_STATUS_NO_SUCH_USER); DEBUG(3, ("Cannot change password for [%s] -> [%s]\\[%s] as %s is not a trusted domain\n", state->request.data.chauthtok.user, domain, user, domain)); - result = NT_STATUS_NO_SUCH_USER; + request_error(state); + return; + } + + sendto_domain(state, contact_domain); +} + +enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact_domain, + struct winbindd_cli_state *state) +{ + char *oldpass; + char *newpass = NULL; + POLICY_HND dom_pol; + struct rpc_pipe_client *cli; + BOOL got_info = False; + SAM_UNK_INFO_1 info; + SAMR_CHANGE_REJECT reject; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + fstring domain, user; + + DEBUG(3, ("[%5lu]: dual pam chauthtok %s\n", (unsigned long)state->pid, + state->request.data.auth.user)); + + if (!parse_domain_user(state->request.data.chauthtok.user, domain, user)) { goto done; } @@ -1931,11 +1947,7 @@ process_result: state->response.data.auth.nt_status_string, state->response.data.auth.pam_error)); - if (NT_STATUS_IS_OK(result)) { - request_ok(state); - } else { - request_error(state); - } + return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; } void winbindd_pam_logoff(struct winbindd_cli_state *state)