From 1a8af2491f22bf1f702d1a3b6baaec560618df66 Mon Sep 17 00:00:00 2001
From: Arthur de Jong <arthur@arthurdejong.org>
Date: Tue, 13 Apr 2010 19:21:58 +0000
Subject: don't have myldap_set_credentials() try to open a connection but have
 the PAM code perform a search with the new credentials so we re-use the
 fail-over mechanism in myldap_search()

git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1079 ef36b2f9-881f-0410-afb5-c4e39611909c
---
 nslcd/pam.c | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

(limited to 'nslcd/pam.c')

diff --git a/nslcd/pam.c b/nslcd/pam.c
index 58b5a01..a544185 100644
--- a/nslcd/pam.c
+++ b/nslcd/pam.c
@@ -47,15 +47,11 @@ static int try_bind(const char *userdn,const char *password)
   if (session==NULL)
     return NSLCD_PAM_AUTH_ERR;
   /* set up credentials for the session */
-  rc=myldap_set_credentials(session,userdn,password);
-  /* TODO: test rc */
-  if (rc==LDAP_SUCCESS)
-  {
-    /* perform search for own object (just to do any kind of search) */
-    username=lookup_dn2uid(session,userdn,&rc);
-    if (username!=NULL)
-      free(username);
-  }
+  myldap_set_credentials(session,userdn,password);
+  /* perform search for own object (just to do any kind of search) */
+  username=lookup_dn2uid(session,userdn,&rc);
+  if (username!=NULL)
+    free(username);
   /* close the session */
   myldap_session_close(session);
   /* handle the results */
@@ -276,13 +272,19 @@ static int try_pwmod(const char *binddn,const char *userdn,
                      const char *oldpassword,const char *newpassword)
 {
   MYLDAP_SESSION *session;
+  char *username;
   int rc;
   /* set up a new connection */
   session=myldap_create_session();
   if (session==NULL)
     return NSLCD_PAM_AUTH_ERR;
   /* set up credentials for the session */
-  rc=myldap_set_credentials(session,binddn,oldpassword);
+  myldap_set_credentials(session,binddn,oldpassword);
+  /* perform search for own object (just to do any kind of search) */
+  username=lookup_dn2uid(session,userdn,&rc);
+  if (username!=NULL)
+    free(username);
+  /* perform actual password modification */
   if (rc==LDAP_SUCCESS)
   {
     /* if doing password modification as admin, don't pass old password along */
-- 
cgit v1.2.3