Update memory and cached creds when changing password from gdm or xdm

boyang boyang at novell.com
Tue Jul 1 05:29:39 GMT 2008 

Hi, All:
    There is a lot of pain when changing password from 
    gdm or xdm. Ie, When users try to login from gdm or
    xdm, and password expires.

    1. because user didn't login(PAM_AUTH returns 
    NT_STATUS_PASSWORD_EXPIRED), thus ther is no memory
    creds, which causes winbindd_replace_memory_creds()
    fail. It will return NT_STATUS_OBJECT_NAME_NOT_FOUND,
    which is not a real failure. Because changing password
    succeeded.
    
    2. And there can be no cached creds(If it has been deleted
    if cached creds reach the maximum cached number. Thus
    Updating cached creds will probably fail with NT_STATUS_NO_SUCH_USER.
    It is not a real failure too because changing password succeed.
    
    3. When login from gdm or xdm with passthrough authentication.
    there is no memory creds. Therefore, we should authenticate with
    new password even for passthrough authentication to update memory
    creds.

    4. because updating cached creds in winbindd_dual_pam_chauthtok()
    can probably fail. Therefore we should set WINBIND_CACHED_LOGIN
    bit in the authentication immediately after changing password
    to cover the hole of the possible failure of updating creds
    in winbindd_dual_pam_chauthtok.

    Please correct if there is anything wrong.

    Patch for v3-[023]-test in the attachment. Please review them.

    Thanks very much!

Best
    Regards
BoYang
First, July.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: v1-update_memory_and_cached_creds-v3-0-test.diff
Type: text/x-patch
Size: 3810 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20080701/dee67365/v1-update_memory_and_cached_creds-v3-0-test.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: v1-update_memory_and_cached_creds-v3-2-test.diff
Type: text/x-patch
Size: 4132 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20080701/dee67365/v1-update_memory_and_cached_creds-v3-2-test.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: v1-update_memory_and_cached_creds-v3-3-test.diff
Type: text/x-patch
Size: 4132 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20080701/dee67365/v1-update_memory_and_cached_creds-v3-3-test.bin

More information about the samba-technical mailing list