r20254: The pam_chauthtok needs to go through the async interface as well.

This fixes pam password changes in the online case.

Guenther

diff --git a/source/nsswitch/winbindd_dual.c b/source/nsswitch/winbindd_dual.c
index cbf9a7c3d02a1d1f74647461265b94a65b047053..fc8a95dfc0c81804b103d2f61d444e0b37ea7d76 100644 (file)
--- a/source/nsswitch/winbindd_dual.c
+++ b/source/nsswitch/winbindd_dual.c
@@ -355,6 +355,7 @@ static struct winbindd_child_dispatch_table child_dispatch_table[] = {
        { WINBINDD_PAM_AUTH_CRAP,        winbindd_dual_pam_auth_crap,         "AUTH_CRAP" },
        { WINBINDD_PAM_LOGOFF,           winbindd_dual_pam_logoff,            "PAM_LOGOFF" },
        { WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP,winbindd_dual_pam_chng_pswd_auth_crap,"CHNG_PSWD_AUTH_CRAP" },
+       { WINBINDD_PAM_CHAUTHTOK,        winbindd_dual_pam_chauthtok,         "PAM_CHAUTHTOK" },
        { WINBINDD_CHECK_MACHACC,        winbindd_dual_check_machine_acct,    "CHECK_MACHACC" },
        { WINBINDD_DUAL_SID2UID,         winbindd_dual_sid2uid,               "DUAL_SID2UID" },
        { WINBINDD_DUAL_SID2GID,         winbindd_dual_sid2gid,               "DUAL_SID2GID" },

diff --git a/source/nsswitch/winbindd_pam.c b/source/nsswitch/winbindd_pam.c
index 6248272f699c21ce547762caf76359e1cf653cc1..47721b1bb059a1e7e6cbf85ab2c3c842d4909dcf 100644 (file)
--- a/source/nsswitch/winbindd_pam.c
+++ b/source/nsswitch/winbindd_pam.c
@@ -1793,16 +1793,8 @@ done:
 
 void winbindd_pam_chauthtok(struct winbindd_cli_state *state)
 {
-       NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-       char *oldpass;
-       char *newpass = NULL;
        fstring domain, user;
-       POLICY_HND dom_pol;
        struct winbindd_domain *contact_domain;
-       struct rpc_pipe_client *cli;
-       BOOL got_info = False;
-       SAM_UNK_INFO_1 info;
-       SAMR_CHANGE_REJECT reject;
 
        DEBUG(3, ("[%5lu]: pam chauthtok %s\n", (unsigned long)state->pid,
                state->request.data.chauthtok.user));
@@ -1822,9 +1814,33 @@ void winbindd_pam_chauthtok(struct winbindd_cli_state *state)
 
        contact_domain = find_domain_from_name(domain);
        if (!contact_domain) {
+               set_auth_errors(&state->response, NT_STATUS_NO_SUCH_USER);
                DEBUG(3, ("Cannot change password for [%s] -> [%s]\\[%s] as %s is not a trusted domain\n", 
                          state->request.data.chauthtok.user, domain, user, domain)); 
-               result = NT_STATUS_NO_SUCH_USER;
+               request_error(state);
+               return;
+       }
+
+       sendto_domain(state, contact_domain);
+}
+
+enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact_domain,
+                                                struct winbindd_cli_state *state)
+{
+       char *oldpass;
+       char *newpass = NULL;
+       POLICY_HND dom_pol;
+       struct rpc_pipe_client *cli;
+       BOOL got_info = False;
+       SAM_UNK_INFO_1 info;
+       SAMR_CHANGE_REJECT reject;
+       NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+       fstring domain, user;
+
+       DEBUG(3, ("[%5lu]: dual pam chauthtok %s\n", (unsigned long)state->pid,
+                 state->request.data.auth.user));
+
+       if (!parse_domain_user(state->request.data.chauthtok.user, domain, user)) {
                goto done;
        }
 
@@ -1931,11 +1947,7 @@ process_result:
               state->response.data.auth.nt_status_string,
               state->response.data.auth.pam_error));         
 
-       if (NT_STATUS_IS_OK(result)) {
-               request_ok(state);
-       } else {
-               request_error(state);
-       }
+       return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
 }
 
 void winbindd_pam_logoff(struct winbindd_cli_state *state)