diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2010-04-13 21:21:58 +0200 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2010-04-13 21:21:58 +0200 |
| commit | 1a8af2491f22bf1f702d1a3b6baaec560618df66 (patch) | |
| tree | 00464a4eb78f2c8e769a7a33a1b23021d357310c /nslcd/pam.c | |
| parent | c2b19908cd670ee3b616db572996423b5d8651f4 (diff) | |
don't have myldap_set_credentials() try to open a connection but have the PAM code perform a search with the new credentials so we re-use the fail-over mechanism in myldap_search()
git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1079 ef36b2f9-881f-0410-afb5-c4e39611909c
Diffstat (limited to 'nslcd/pam.c')
| -rw-r--r-- | nslcd/pam.c | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/nslcd/pam.c b/nslcd/pam.c index 58b5a01..a544185 100644 --- a/nslcd/pam.c +++ b/nslcd/pam.c @@ -47,15 +47,11 @@ static int try_bind(const char *userdn,const char *password) if (session==NULL) return NSLCD_PAM_AUTH_ERR; /* set up credentials for the session */ - rc=myldap_set_credentials(session,userdn,password); - /* TODO: test rc */ - if (rc==LDAP_SUCCESS) - { - /* perform search for own object (just to do any kind of search) */ - username=lookup_dn2uid(session,userdn,&rc); - if (username!=NULL) - free(username); - } + myldap_set_credentials(session,userdn,password); + /* perform search for own object (just to do any kind of search) */ + username=lookup_dn2uid(session,userdn,&rc); + if (username!=NULL) + free(username); /* close the session */ myldap_session_close(session); /* handle the results */ @@ -276,13 +272,19 @@ static int try_pwmod(const char *binddn,const char *userdn, const char *oldpassword,const char *newpassword) { MYLDAP_SESSION *session; + char *username; int rc; /* set up a new connection */ session=myldap_create_session(); if (session==NULL) return NSLCD_PAM_AUTH_ERR; /* set up credentials for the session */ - rc=myldap_set_credentials(session,binddn,oldpassword); + myldap_set_credentials(session,binddn,oldpassword); + /* perform search for own object (just to do any kind of search) */ + username=lookup_dn2uid(session,userdn,&rc); + if (username!=NULL) + free(username); + /* perform actual password modification */ if (rc==LDAP_SUCCESS) { /* if doing password modification as admin, don't pass old password along */ |