svn commit: samba r20172 - in branches/SAMBA_3_0_24/source/nsswitch: .

[gd at samba.org]

Author: gd
Date: 2006-12-14 16:35:07 +0000 (Thu, 14 Dec 2006)
New Revision: 20172

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=20172

Log:
Don't delete the krb5 credential if others still reference to it.

Guenther

Modified:
   branches/SAMBA_3_0_24/source/nsswitch/winbindd_cred_cache.c
   branches/SAMBA_3_0_24/source/nsswitch/winbindd_pam.c


Changeset:
Modified: branches/SAMBA_3_0_24/source/nsswitch/winbindd_cred_cache.c
===================================================================
--- branches/SAMBA_3_0_24/source/nsswitch/winbindd_cred_cache.c	2006-12-14 16:34:24 UTC (rev 20171)
+++ branches/SAMBA_3_0_24/source/nsswitch/winbindd_cred_cache.c	2006-12-14 16:35:07 UTC (rev 20172)
@@ -382,9 +382,17 @@
 	return NT_STATUS_NO_MEMORY;
 }
 
+/*******************************************************************
+ Remove a WINBINDD_CCACHE_ENTRY entry and the krb5 ccache if no longer referenced.
+*******************************************************************/
+
 NTSTATUS remove_ccache(const char *username)
 {
 	struct WINBINDD_CCACHE_ENTRY *entry = get_ccache_by_username(username);
+	NTSTATUS status;
+#ifdef HAVE_KRB5
+	krb5_error_code ret;
+#endif
 
 	if (!entry) {
 		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
@@ -397,17 +405,34 @@
 	}
 
 	entry->ref_count--;
-	if (entry->ref_count <= 0) {
-		DLIST_REMOVE(ccache_list, entry);
-		TALLOC_FREE(entry->event); /* unregisters events */
-		TALLOC_FREE(entry);
-	 	DEBUG(10,("remove_ccache: removed ccache for user %s\n", username));
-	} else {
+
+	if (entry->ref_count > 0) {
 		DEBUG(10,("remove_ccache: entry %s ref count now %d\n",
 			username, entry->ref_count ));
+		return NT_STATUS_OK;
 	}
 
-	return NT_STATUS_OK;
+	/* no references any more */
+
+	DLIST_REMOVE(ccache_list, entry);
+	TALLOC_FREE(entry->event); /* unregisters events */
+
+#ifdef HAVE_KRB5
+	ret = ads_kdestroy(entry->ccname);
+	if (ret) {
+		DEBUG(0,("remove_ccache: failed to destroy user krb5 ccache %s with: %s\n",
+			entry->ccname, error_message(ret)));
+	} else {
+		DEBUG(10,("remove_ccache: successfully destroyed krb5 ccache %s for user %s\n",
+			entry->ccname, username));
+	}
+	status = krb5_to_nt_status(ret);
+#endif
+
+	TALLOC_FREE(entry);
+ 	DEBUG(10,("remove_ccache: removed ccache for user %s\n", username));
+
+	return status;
 }
 
 /*******************************************************************

Modified: branches/SAMBA_3_0_24/source/nsswitch/winbindd_pam.c
===================================================================
--- branches/SAMBA_3_0_24/source/nsswitch/winbindd_pam.c	2006-12-14 16:34:24 UTC (rev 20171)
+++ branches/SAMBA_3_0_24/source/nsswitch/winbindd_pam.c	2006-12-14 16:35:07 UTC (rev 20172)
@@ -1976,9 +1976,6 @@
 					      struct winbindd_cli_state *state) 
 {
 	NTSTATUS result = NT_STATUS_NOT_SUPPORTED;
-#ifdef HAVE_KRB5
-	int ret;
-#endif
 
 	DEBUG(3, ("[%5lu]: pam dual logoff %s\n", (unsigned long)state->pid,
 		state->request.data.logoff.user));
@@ -2010,19 +2007,13 @@
 		goto process_result;
 	}
 
-	ret = ads_kdestroy(state->request.data.logoff.krb5ccname);
-
-	if (ret) {
-		DEBUG(0,("winbindd_pam_logoff: failed to destroy user ccache %s with: %s\n", 
-			state->request.data.logoff.krb5ccname, error_message(ret)));
-	} else {
-		DEBUG(10,("winbindd_pam_logoff: successfully destroyed ccache %s for user %s\n", 
-			state->request.data.logoff.krb5ccname, state->request.data.logoff.user));
+	result = remove_ccache(state->request.data.logoff.user);
+	if (!NT_STATUS_IS_OK(result)) {
+		DEBUG(0,("winbindd_pam_logoff: failed to remove ccache: %s\n",
+			nt_errstr(result)));
+		goto process_result;
 	}
 
-	remove_ccache(state->request.data.logoff.user);
-
-	result = krb5_to_nt_status(ret);
 #else
 	result = NT_STATUS_NOT_SUPPORTED;
 #endif