The Samba-Bugzilla – Attachment 7799 Details for
Bug 9098
winbind does not refresh kerberos tickets
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 3.6.next.
0001-Fix-bug-9098-winbind-does-not-refresh-kerberos-ticke.patch (text/plain), 3.72 KB, created by
Jeremy Allison
on 2012-08-21 19:26:25 UTC
(
hide
)
Description:
git-am fix for 3.6.next.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2012-08-21 19:26:25 UTC
Size:
3.72 KB
patch
obsolete
>From 77011b7864a82732c8a6c385e8c671f4a15152e8 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Tue, 21 Aug 2012 11:24:58 -0700 >Subject: [PATCH] Fix bug #9098 - winbind does not refresh kerberos tickets. > >Based on work from Ian Gordon <ian.gordon@strath.ac.uk>. >(cherry picked from commit 3f60bff699223a8895d060585f765706e167da37) >--- > source3/winbindd/winbindd_cred_cache.c | 29 +++++++++++++++++++++++++++++ > source3/winbindd/winbindd_pam.c | 9 +++++++++ > source3/winbindd/winbindd_proto.h | 1 + > 3 files changed, 39 insertions(+), 0 deletions(-) > >diff --git a/source3/winbindd/winbindd_cred_cache.c b/source3/winbindd/winbindd_cred_cache.c >index ab8934b..3b6277e 100644 >--- a/source3/winbindd/winbindd_cred_cache.c >+++ b/source3/winbindd/winbindd_cred_cache.c >@@ -490,6 +490,7 @@ NTSTATUS add_ccache_to_list(const char *princ_name, > const char *ccname, > const char *service, > const char *username, >+ const char *pass, > const char *realm, > uid_t uid, > time_t create_time, >@@ -591,8 +592,22 @@ NTSTATUS add_ccache_to_list(const char *princ_name, > } > > DEBUG(10,("add_ccache_to_list: added krb5_ticket handler\n")); >+ > } > >+ /* >+ * If we're set up to renew our krb5 tickets, we must >+ * cache the credentials in memory for the ticket >+ * renew function (or increase the reference count >+ * if we're logging in more than once). Fix inspired >+ * by patch from Ian Gordon <ian.gordon@strath.ac.uk> >+ * for bugid #9098. >+ */ >+ >+ ntret = winbindd_add_memory_creds(username, uid, pass); >+ DEBUG(10, ("winbindd_add_memory_creds returned: %s\n", >+ nt_errstr(ntret))); >+ > return NT_STATUS_OK; > } > >@@ -675,6 +690,20 @@ NTSTATUS add_ccache_to_list(const char *princ_name, > "added ccache [%s] for user [%s] to the list\n", > ccname, username)); > >+ if (entry->event) { >+ /* >+ * If we're set up to renew our krb5 tickets, we must >+ * cache the credentials in memory for the ticket >+ * renew function. Fix inspired by patch from >+ * Ian Gordon <ian.gordon@strath.ac.uk> for >+ * bugid #9098. >+ */ >+ >+ ntret = winbindd_add_memory_creds(username, uid, pass); >+ DEBUG(10, ("winbindd_add_memory_creds returned: %s\n", >+ nt_errstr(ntret))); >+ } >+ > return NT_STATUS_OK; > > no_mem: >diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c >index 55069f6..619b632 100644 >--- a/source3/winbindd/winbindd_pam.c >+++ b/source3/winbindd/winbindd_pam.c >@@ -640,6 +640,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx, > cc, > service, > user, >+ pass, > realm, > uid, > time(NULL), >@@ -957,6 +958,7 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain, > cc, > service, > state->request->data.auth.user, >+ state->request->data.auth.pass, > domain->alt_name, > uid, > time(NULL), >@@ -2105,6 +2107,13 @@ enum winbindd_result winbindd_dual_pam_logoff(struct winbindd_domain *domain, > goto process_result; > } > >+ /* >+ * Remove any mlock'ed memory creds in the child >+ * we might be using for krb5 ticket renewal. >+ */ >+ >+ winbindd_delete_memory_creds(state->request->data.logoff.user); >+ > #else > result = NT_STATUS_NOT_SUPPORTED; > #endif >diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h >index ab61223..41292d4 100644 >--- a/source3/winbindd/winbindd_proto.h >+++ b/source3/winbindd/winbindd_proto.h >@@ -188,6 +188,7 @@ NTSTATUS add_ccache_to_list(const char *princ_name, > const char *ccname, > const char *service, > const char *username, >+ const char *password, > const char *realm, > uid_t uid, > time_t create_time, >-- >1.7.7.3 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
asn
:
review+
Actions:
View
Attachments on
bug 9098
:
7774
|
7777
|
7778
|
7779
|
7782
|
7783
|
7786
|
7795
| 7799 |
7800