The Samba-Bugzilla – Attachment 7800 Details for
Bug 9098
winbind does not refresh kerberos tickets
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 3.5.next
0001-Fix-bug-9098-winbind-does-not-refresh-kerberos-ticke.patch (text/plain), 3.72 KB, created by
Jeremy Allison
on 2012-08-21 21:08:25 UTC
(
hide
)
Description:
git-am fix for 3.5.next
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2012-08-21 21:08:25 UTC
Size:
3.72 KB
patch
obsolete
>From 34b6a2b64b5e36d7f1e5fcb483e84b3a85098b7e Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Tue, 21 Aug 2012 14:08:24 -0700 >Subject: [PATCH] Fix bug #9098 - winbind does not refresh kerberos tickets. > >Based on work from Ian Gordon <ian.gordon@strath.ac.uk>. >--- > source3/winbindd/winbindd_cred_cache.c | 30 +++++++++++++++++++++++++++++- > source3/winbindd/winbindd_pam.c | 9 +++++++++ > source3/winbindd/winbindd_proto.h | 1 + > 3 files changed, 39 insertions(+), 1 deletions(-) > >diff --git a/source3/winbindd/winbindd_cred_cache.c b/source3/winbindd/winbindd_cred_cache.c >index e63e732..ba4a7b2 100644 >--- a/source3/winbindd/winbindd_cred_cache.c >+++ b/source3/winbindd/winbindd_cred_cache.c >@@ -484,6 +484,7 @@ NTSTATUS add_ccache_to_list(const char *princ_name, > const char *ccname, > const char *service, > const char *username, >+ const char *pass, > const char *realm, > uid_t uid, > time_t create_time, >@@ -586,7 +587,20 @@ NTSTATUS add_ccache_to_list(const char *princ_name, > > DEBUG(10,("add_ccache_to_list: added krb5_ticket handler\n")); > } >- >+ >+ /* >+ * If we're set up to renew our krb5 tickets, we must >+ * cache the credentials in memory for the ticket >+ * renew function (or increase the reference count >+ * if we're logging in more than once). Fix inspired >+ * by patch from Ian Gordon <ian.gordon@strath.ac.uk> >+ * for bugid #9098. >+ */ >+ >+ ntret = winbindd_add_memory_creds(username, uid, pass); >+ DEBUG(10, ("winbindd_add_memory_creds returned: %s\n", >+ nt_errstr(ntret))); >+ > return NT_STATUS_OK; > } > >@@ -669,6 +683,20 @@ NTSTATUS add_ccache_to_list(const char *princ_name, > "added ccache [%s] for user [%s] to the list\n", > ccname, username)); > >+ if (entry->event) { >+ /* >+ * If we're set up to renew our krb5 tickets, we must >+ * cache the credentials in memory for the ticket >+ * renew function. Fix inspired by patch from >+ * Ian Gordon <ian.gordon@strath.ac.uk> for >+ * bugid #9098. >+ */ >+ >+ ntret = winbindd_add_memory_creds(username, uid, pass); >+ DEBUG(10, ("winbindd_add_memory_creds returned: %s\n", >+ nt_errstr(ntret))); >+ } >+ > return NT_STATUS_OK; > > no_mem: >diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c >index 50b6541..59a95b0 100644 >--- a/source3/winbindd/winbindd_pam.c >+++ b/source3/winbindd/winbindd_pam.c >@@ -656,6 +656,7 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain, > cc, > service, > state->request->data.auth.user, >+ state->request->data.auth.pass, > realm, > uid, > time(NULL), >@@ -1034,6 +1035,7 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain, > cc, > service, > state->request->data.auth.user, >+ state->request->data.auth.pass, > domain->alt_name, > uid, > time(NULL), >@@ -2456,6 +2458,13 @@ enum winbindd_result winbindd_dual_pam_logoff(struct winbindd_domain *domain, > goto process_result; > } > >+ /* >+ * Remove any mlock'ed memory creds in the child >+ * we might be using for krb5 ticket renewal. >+ */ >+ >+ winbindd_delete_memory_creds(state->request->data.logoff.user); >+ > #else > result = NT_STATUS_NOT_SUPPORTED; > #endif >diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h >index 62fbc8e..b7b64de 100644 >--- a/source3/winbindd/winbindd_proto.h >+++ b/source3/winbindd/winbindd_proto.h >@@ -216,6 +216,7 @@ NTSTATUS add_ccache_to_list(const char *princ_name, > const char *ccname, > const char *service, > const char *username, >+ const char *password, > const char *realm, > uid_t uid, > time_t create_time, >-- >1.7.7.3 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
asn
:
review+
Actions:
View
Attachments on
bug 9098
:
7774
|
7777
|
7778
|
7779
|
7782
|
7783
|
7786
|
7795
|
7799
| 7800