svn commit: samba r13016 - in trunk/source/nsswitch: .
gd at samba.org
gd at samba.org
Wed Jan 18 21:22:07 GMT 2006
Author: gd
Date: 2006-01-18 21:22:06 +0000 (Wed, 18 Jan 2006)
New Revision: 13016
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13016
Log:
Make sure a user has krb5 creds after a password change using the msrpc
calls.
Guenther
Modified:
trunk/source/nsswitch/pam_winbind.c
Changeset:
Modified: trunk/source/nsswitch/pam_winbind.c
===================================================================
--- trunk/source/nsswitch/pam_winbind.c 2006-01-18 20:45:44 UTC (rev 13015)
+++ trunk/source/nsswitch/pam_winbind.c 2006-01-18 21:22:06 UTC (rev 13016)
@@ -1218,13 +1218,39 @@
*/
retval = winbind_chauthtok_request(pamh, ctrl, user, pass_old, pass_new);
- _pam_overwrite(pass_new);
- _pam_overwrite(pass_old);
- pass_old = pass_new = NULL;
+ if (retval) {
+ _pam_overwrite(pass_new);
+ _pam_overwrite(pass_old);
+ pass_old = pass_new = NULL;
+ return retval;
+ }
+
+ /* just in case we need krb5 creds after a password change over msrpc */
+
+ if (ctrl & WBFLAG_PAM_KRB5) {
+
+ const char *member = NULL;
+ const char *cctype = NULL;
+
+ member = get_member_from_config(argc, argv, ctrl);
+ if (member != NULL) {
+ _pam_log_debug(ctrl, LOG_INFO, "got required membership: '%s'\n", member);
+ }
+
+ cctype = get_krb5_cc_type_from_config(argc, argv, ctrl);
+ if (cctype != NULL) {
+ _pam_log_debug(ctrl, LOG_INFO, "using cctype '%s' from config\n", cctype);
+ }
+
+ retval = winbind_auth_request(pamh, ctrl, user, pass_new, member, cctype, False);
+ _pam_overwrite(pass_new);
+ _pam_overwrite(pass_old);
+ pass_old = pass_new = NULL;
+ }
} else {
retval = PAM_SERVICE_ERR;
}
-
+
return retval;
}
More information about the samba-cvs
mailing list