s3-winbind: Do not delete an existing valid credential cache.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9994

Thanks to David Woodhouse <dwmw2@infradead.org>.

Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jul 15 12:48:46 CEST 2013 on sn-devel-104

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 158a7c431d2487a09a1202eea0085fd0a47e1765..aed47416ac84b366c515044e95d6833093cd6693 100644 (file)
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -685,6 +685,14 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
        return NT_STATUS_OK;
 
 failed:
+       /*
+        * Do not delete an existing valid credential cache, if the user
+        * e.g. enters a wrong password
+        */
+       if ((strequal(krb5_cc_type, "FILE") || strequal(krb5_cc_type, "WRFILE"))
+           && user_ccache_file != NULL) {
+               return result;
+       }
 
        /* we could have created a new credential cache with a valid tgt in it
         * but we werent able to get or verify the service ticket for this