git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: db528ad)
pam_winbind: fix pam_sm_chauthtok for storing modified cached creds.
authorGünther Deschner <gd@samba.org>
Fri, 6 Jun 2008 13:59:52 +0000 (15:59 +0200)
committerGünther Deschner <gd@samba.org>
Fri, 6 Jun 2008 14:08:25 +0000 (16:08 +0200)
Thanks to Bo Yang for pointing this out.

Guenther

source/nsswitch/pam_winbind.c patch | blob | history

diff --git a/source/nsswitch/pam_winbind.c b/source/nsswitch/pam_winbind.c
index 2846e141fdcdcdbb8c3daab5a3245531170daaac..599384066298108326e74a3a02542d383465f584 100644 (file)
--- a/source/nsswitch/pam_winbind.c
+++ b/source/nsswitch/pam_winbind.c
@@ -1946,6 +1946,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
        unsigned int lctrl;
        int ret;
        unsigned int ctrl;
+       bool cached_login = False;
 
        /* <DO NOT free() THESE> */
        const char *user;
@@ -1969,7 +1970,9 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
 
        _PAM_LOG_FUNCTION_ENTER("pam_sm_chauthtok", pamh, ctrl, flags);
 
-       /* clearing offline bit for the auth in the password change */
+       cached_login = (ctrl & WINBIND_CACHED_LOGIN);
+
+       /* clearing offline bit for auth */
        ctrl &= ~WINBIND_CACHED_LOGIN;
 
        /*
@@ -2117,6 +2120,15 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
                _pam_get_data( pamh, PAM_WINBIND_PWD_LAST_SET,
                               &pwdlastset_update);
 
+               /*
+                * if cached creds were enabled, make sure to set the
+                * WINBIND_CACHED_LOGIN bit here in order to have winbindd
+                * update the cached creds storage - gd
+                */
+               if (cached_login) {
+                       ctrl |= WINBIND_CACHED_LOGIN;
+               }
+
                ret = winbind_chauthtok_request(pamh, ctrl, user, pass_old, pass_new, pwdlastset_update);
                if (ret) {
                        _pam_overwrite(pass_new);
@@ -2130,6 +2142,9 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
                        const char *member = get_member_from_config(pamh, argc, argv, ctrl, d);
                        const char *cctype = get_krb5_cc_type_from_config(pamh, argc, argv, ctrl, d);
 
+                       /* clearing offline bit for auth */
+                       ctrl &= ~WINBIND_CACHED_LOGIN;
+
                        ret = winbind_auth_request(pamh, ctrl, user, pass_new,
                                                        member, cctype, &response, NULL, &username_ret);
                        _pam_overwrite(pass_new);
Samba Shared Repository