unsigned int lctrl;
int ret;
unsigned int ctrl;
+ bool cached_login = False;
/* <DO NOT free() THESE> */
const char *user;
_PAM_LOG_FUNCTION_ENTER("pam_sm_chauthtok", pamh, ctrl, flags);
- /* clearing offline bit for the auth in the password change */
+ cached_login = (ctrl & WINBIND_CACHED_LOGIN);
+
+ /* clearing offline bit for auth */
ctrl &= ~WINBIND_CACHED_LOGIN;
/*
_pam_get_data( pamh, PAM_WINBIND_PWD_LAST_SET,
&pwdlastset_update);
+ /*
+ * if cached creds were enabled, make sure to set the
+ * WINBIND_CACHED_LOGIN bit here in order to have winbindd
+ * update the cached creds storage - gd
+ */
+ if (cached_login) {
+ ctrl |= WINBIND_CACHED_LOGIN;
+ }
+
ret = winbind_chauthtok_request(pamh, ctrl, user, pass_old, pass_new, pwdlastset_update);
if (ret) {
_pam_overwrite(pass_new);
const char *member = get_member_from_config(pamh, argc, argv, ctrl, d);
const char *cctype = get_krb5_cc_type_from_config(pamh, argc, argv, ctrl, d);
+ /* clearing offline bit for auth */
+ ctrl &= ~WINBIND_CACHED_LOGIN;
+
ret = winbind_auth_request(pamh, ctrl, user, pass_new,
member, cctype, &response, NULL, &username_ret);
_pam_overwrite(pass_new);