Fix the wcache_invalidate_samlogon calls.

Jeremy.
(This used to be commit 7c820899ed1364fdaeb7b49e8ddd839e67397ec0)

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 2145a892c6aa8f357fbbbeef8746dfa4a6190fb7..d5e942a6d7143561afec442d2ec10a196b9bbb82 100644 (file)
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -5002,7 +5002,7 @@ void pwd_get_cleartext(struct pwd_info *pwd, fstring clr);
 
 bool netsamlogon_cache_init(void);
 bool netsamlogon_cache_shutdown(void);
-void netsamlogon_clear_cached_user(TDB_CONTEXT *tdb, struct netr_SamInfo3 *info3);
+void netsamlogon_clear_cached_user(struct netr_SamInfo3 *info3);
 bool netsamlogon_cache_store(const char *username, struct netr_SamInfo3 *info3);
 struct netr_SamInfo3 *netsamlogon_cache_get(TALLOC_CTX *mem_ctx, const DOM_SID *user_sid);
 bool netsamlogon_cache_have(const DOM_SID *user_sid);

diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index c9d857c2ec2c30e0aafb8138bc54b4067b4be192..2fbb01b623ac24b412fc49a2ce53cd238244cc4f 100644 (file)
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -2259,6 +2259,8 @@ static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
 void wcache_invalidate_samlogon(struct winbindd_domain *domain, 
                                struct netr_SamInfo3 *info3)
 {
+        DOM_SID sid;
+        fstring key_str, sid_string;
        struct winbind_cache *cache;
 
        /* dont clear cached U/SID and UG/SID entries when we want to logon
@@ -2272,7 +2274,26 @@ void wcache_invalidate_samlogon(struct winbindd_domain *domain,
                return;
 
        cache = get_cache(domain);
-       netsamlogon_clear_cached_user(cache->tdb, info3);
+
+        if (!cache->tdb) {
+                return;
+        }
+
+       sid_copy(&sid, info3->base.domain_sid);
+       sid_append_rid(&sid, info3->base.rid);
+
+       /* Clear U/SID cache entry */
+       fstr_sprintf(key_str, "U/%s", sid_to_fstring(sid_string, &sid));
+       DEBUG(10, ("wcache_invalidate_samlogon: clearing %s\n", key_str));
+       tdb_delete(cache->tdb, string_tdb_data(key_str));
+
+       /* Clear UG/SID cache entry */
+       fstr_sprintf(key_str, "UG/%s", sid_to_fstring(sid_string, &sid));
+       DEBUG(10, ("wcache_invalidate_samlogon: clearing %s\n", key_str));
+       tdb_delete(cache->tdb, string_tdb_data(key_str));
+
+       /* Samba/winbindd never needs this. */
+       netsamlogon_clear_cached_user(info3);
 }
 
 bool wcache_invalidate_cache(void)

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index a7911f60aa712ba8c73c60940c81455e69901ca6..d4a2e3ed7942f2a524856efebafad15d69fd9069 100644 (file)
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1595,8 +1595,8 @@ process_result:
                        goto done;
                }
 
-               netsamlogon_cache_store(name_user, info3);
                wcache_invalidate_samlogon(find_domain_from_name(name_domain), info3);
+               netsamlogon_cache_store(name_user, info3);
 
                /* save name_to_sid info as early as possible (only if
                   this is our primary domain so we don't invalidate
@@ -1921,8 +1921,8 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
 
        if (NT_STATUS_IS_OK(result)) {
 
-               netsamlogon_cache_store(name_user, info3);
                wcache_invalidate_samlogon(find_domain_from_name(name_domain), info3);
+               netsamlogon_cache_store(name_user, info3);
 
                /* Check if the user is in the right group */