Attachment 7799 Details for Bug 9098 – git-am fix for 3.6.next.

[patch] git-am fix for 3.6.next.

0001-Fix-bug-9098-winbind-does-not-refresh-kerberos-ticke.patch (text/plain), 3.72 KB, created by Jeremy Allison on 2012-08-21 19:26:25 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Jeremy Allison

Created: 2012-08-21 19:26:25 UTC

Size: 3.72 KB

patch

obsolete

>From 77011b7864a82732c8a6c385e8c671f4a15152e8 Mon Sep 17 00:00:00 2001
>From: Jeremy Allison <jra@samba.org>
>Date: Tue, 21 Aug 2012 11:24:58 -0700
>Subject: [PATCH] Fix bug #9098 - winbind does not refresh kerberos tickets.
>
>Based on work from Ian Gordon <ian.gordon@strath.ac.uk>.
>(cherry picked from commit 3f60bff699223a8895d060585f765706e167da37)
>---
> source3/winbindd/winbindd_cred_cache.c |   29 +++++++++++++++++++++++++++++
> source3/winbindd/winbindd_pam.c        |    9 +++++++++
> source3/winbindd/winbindd_proto.h      |    1 +
> 3 files changed, 39 insertions(+), 0 deletions(-)
>
>diff --git a/source3/winbindd/winbindd_cred_cache.c b/source3/winbindd/winbindd_cred_cache.c
>index ab8934b..3b6277e 100644
>--- a/source3/winbindd/winbindd_cred_cache.c
>+++ b/source3/winbindd/winbindd_cred_cache.c
>@@ -490,6 +490,7 @@ NTSTATUS add_ccache_to_list(const char *princ_name,
> 			    const char *ccname,
> 			    const char *service,
> 			    const char *username,
>+			    const char *pass,
> 			    const char *realm,
> 			    uid_t uid,
> 			    time_t create_time,
>@@ -591,8 +592,22 @@ NTSTATUS add_ccache_to_list(const char *princ_name,
> 			}
> 
> 			DEBUG(10,("add_ccache_to_list: added krb5_ticket handler\n"));
>+
> 		}
> 
>+		/*
>+		 * If we're set up to renew our krb5 tickets, we must
>+		 * cache the credentials in memory for the ticket
>+		 * renew function (or increase the reference count
>+		 * if we're logging in more than once). Fix inspired
>+		 * by patch from Ian Gordon <ian.gordon@strath.ac.uk>
>+		 * for bugid #9098.
>+		 */
>+
>+		ntret = winbindd_add_memory_creds(username, uid, pass);
>+		DEBUG(10, ("winbindd_add_memory_creds returned: %s\n",
>+			nt_errstr(ntret)));
>+
> 		return NT_STATUS_OK;
> 	}
> 
>@@ -675,6 +690,20 @@ NTSTATUS add_ccache_to_list(const char *princ_name,
> 		"added ccache [%s] for user [%s] to the list\n",
> 		ccname, username));
> 
>+	if (entry->event) {
>+		/*
>+		 * If we're set up to renew our krb5 tickets, we must
>+		 * cache the credentials in memory for the ticket
>+		 * renew function. Fix inspired by patch from
>+		 * Ian Gordon <ian.gordon@strath.ac.uk> for
>+		 * bugid #9098.
>+		 */
>+
>+		ntret = winbindd_add_memory_creds(username, uid, pass);
>+		DEBUG(10, ("winbindd_add_memory_creds returned: %s\n",
>+			nt_errstr(ntret)));
>+	}
>+
> 	return NT_STATUS_OK;
> 
>  no_mem:
>diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
>index 55069f6..619b632 100644
>--- a/source3/winbindd/winbindd_pam.c
>+++ b/source3/winbindd/winbindd_pam.c
>@@ -640,6 +640,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
> 					    cc,
> 					    service,
> 					    user,
>+					    pass,
> 					    realm,
> 					    uid,
> 					    time(NULL),
>@@ -957,6 +958,7 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
> 							    cc,
> 							    service,
> 							    state->request->data.auth.user,
>+							    state->request->data.auth.pass,
> 							    domain->alt_name,
> 							    uid,
> 							    time(NULL),
>@@ -2105,6 +2107,13 @@ enum winbindd_result winbindd_dual_pam_logoff(struct winbindd_domain *domain,
> 		goto process_result;
> 	}
> 
>+	/*
>+	 * Remove any mlock'ed memory creds in the child
>+	 * we might be using for krb5 ticket renewal.
>+	 */
>+
>+	winbindd_delete_memory_creds(state->request->data.logoff.user);
>+
> #else
> 	result = NT_STATUS_NOT_SUPPORTED;
> #endif
>diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
>index ab61223..41292d4 100644
>--- a/source3/winbindd/winbindd_proto.h
>+++ b/source3/winbindd/winbindd_proto.h
>@@ -188,6 +188,7 @@ NTSTATUS add_ccache_to_list(const char *princ_name,
> 			    const char *ccname,
> 			    const char *service,
> 			    const char *username,
>+			    const char *password,
> 			    const char *realm,
> 			    uid_t uid,
> 			    time_t create_time,
>-- 
>1.7.7.3
>

Flags:

asn: review+

Actions: View

Attachments on bug 9098: 7774 | 7777 | 7778 | 7779 | 7782 | 7783 | 7786 | 7795 | 7799 | 7800