[SCM] Samba Shared Repository - branch v3-6-test updated
Karolin Seeger
kseeger at samba.org
Thu Aug 23 12:18:02 MDT 2012
The branch, v3-6-test has been updated
via ecf4d5e Fix bug #9098 - winbind does not refresh kerberos tickets.
from 733dbbb Fix bug #9104 - winbindd can mis-identify idle clients - can cause crashes and NDR parsing errors.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit ecf4d5e79c4dad452600498958ebe7a8e1c81fcd
Author: Jeremy Allison <jra at samba.org>
Date: Tue Aug 21 11:24:58 2012 -0700
Fix bug #9098 - winbind does not refresh kerberos tickets.
Based on work from Ian Gordon <ian.gordon at strath.ac.uk>.
(cherry picked from commit 3f60bff699223a8895d060585f765706e167da37)
-----------------------------------------------------------------------
Summary of changes:
source3/winbindd/winbindd_cred_cache.c | 29 +++++++++++++++++++++++++++++
source3/winbindd/winbindd_pam.c | 9 +++++++++
source3/winbindd/winbindd_proto.h | 1 +
3 files changed, 39 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd_cred_cache.c b/source3/winbindd/winbindd_cred_cache.c
index ab8934b..3b6277e 100644
--- a/source3/winbindd/winbindd_cred_cache.c
+++ b/source3/winbindd/winbindd_cred_cache.c
@@ -490,6 +490,7 @@ NTSTATUS add_ccache_to_list(const char *princ_name,
const char *ccname,
const char *service,
const char *username,
+ const char *pass,
const char *realm,
uid_t uid,
time_t create_time,
@@ -591,8 +592,22 @@ NTSTATUS add_ccache_to_list(const char *princ_name,
}
DEBUG(10,("add_ccache_to_list: added krb5_ticket handler\n"));
+
}
+ /*
+ * If we're set up to renew our krb5 tickets, we must
+ * cache the credentials in memory for the ticket
+ * renew function (or increase the reference count
+ * if we're logging in more than once). Fix inspired
+ * by patch from Ian Gordon <ian.gordon at strath.ac.uk>
+ * for bugid #9098.
+ */
+
+ ntret = winbindd_add_memory_creds(username, uid, pass);
+ DEBUG(10, ("winbindd_add_memory_creds returned: %s\n",
+ nt_errstr(ntret)));
+
return NT_STATUS_OK;
}
@@ -675,6 +690,20 @@ NTSTATUS add_ccache_to_list(const char *princ_name,
"added ccache [%s] for user [%s] to the list\n",
ccname, username));
+ if (entry->event) {
+ /*
+ * If we're set up to renew our krb5 tickets, we must
+ * cache the credentials in memory for the ticket
+ * renew function. Fix inspired by patch from
+ * Ian Gordon <ian.gordon at strath.ac.uk> for
+ * bugid #9098.
+ */
+
+ ntret = winbindd_add_memory_creds(username, uid, pass);
+ DEBUG(10, ("winbindd_add_memory_creds returned: %s\n",
+ nt_errstr(ntret)));
+ }
+
return NT_STATUS_OK;
no_mem:
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 55069f6..619b632 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -640,6 +640,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
cc,
service,
user,
+ pass,
realm,
uid,
time(NULL),
@@ -957,6 +958,7 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
cc,
service,
state->request->data.auth.user,
+ state->request->data.auth.pass,
domain->alt_name,
uid,
time(NULL),
@@ -2105,6 +2107,13 @@ enum winbindd_result winbindd_dual_pam_logoff(struct winbindd_domain *domain,
goto process_result;
}
+ /*
+ * Remove any mlock'ed memory creds in the child
+ * we might be using for krb5 ticket renewal.
+ */
+
+ winbindd_delete_memory_creds(state->request->data.logoff.user);
+
#else
result = NT_STATUS_NOT_SUPPORTED;
#endif
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index ab61223..41292d4 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -188,6 +188,7 @@ NTSTATUS add_ccache_to_list(const char *princ_name,
const char *ccname,
const char *service,
const char *username,
+ const char *password,
const char *realm,
uid_t uid,
time_t create_time,
--
Samba Shared Repository
More information about the samba-cvs
mailing list