From 027df03a3b8b8c2753e67c4c38f475f29a3941f0 Mon Sep 17 00:00:00 2001 From: Vasilis Tsiligiannis Date: Wed, 23 Dec 2015 13:43:16 +0200 Subject: Fix updating of 'shadowLastChange' attribute when chasing referrals This fixes a bug where 'shadowLastChange' attribute cannot be updated when chasing a referral. After a password is succesfully changed, the credentials for binding should also be updated with the new password for the session. Signed-off-by: Vasilis Tsiligiannis --- nslcd/pam.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'nslcd/pam.c') diff --git a/nslcd/pam.c b/nslcd/pam.c index 0eff71b..82656ae 100644 --- a/nslcd/pam.c +++ b/nslcd/pam.c @@ -3,6 +3,7 @@ Copyright (C) 2009 Howard Chu Copyright (C) 2009-2014 Arthur de Jong + Copyright (C) 2015 Nokia Solutions and Networks This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -711,6 +712,14 @@ static int try_pwmod(MYLDAP_SESSION *oldsession, rc = myldap_passwd(session, userdn, oldpassword, newpassword); if (rc == LDAP_SUCCESS) { + /* if user modifies own password, update credentials for the session */ + if (binddn == userdn) + if (myldap_set_credentials(session, binddn, newpassword)) { + log_log(LOG_WARNING, "%s: shadowLastChange: modification failed: %s", + userdn, ldap_err2string(LDAP_LOCAL_ERROR)); + myldap_session_close(session); + return rc; + } /* try to update the shadowLastChange attribute */ if (update_lastchange(session, userdn) != LDAP_SUCCESS) /* retry with the normal session */ -- cgit v1.2.3