const char *ccname,
const char *service,
const char *username,
+ const char *pass,
const char *realm,
uid_t uid,
time_t create_time,
DEBUG(10,("add_ccache_to_list: added krb5_ticket handler\n"));
}
-
+
+ /*
+ * If we're set up to renew our krb5 tickets, we must
+ * cache the credentials in memory for the ticket
+ * renew function (or increase the reference count
+ * if we're logging in more than once). Fix inspired
+ * by patch from Ian Gordon <ian.gordon@strath.ac.uk>
+ * for bugid #9098.
+ */
+
+ ntret = winbindd_add_memory_creds(username, uid, pass);
+ DEBUG(10, ("winbindd_add_memory_creds returned: %s\n",
+ nt_errstr(ntret)));
+
return NT_STATUS_OK;
}
"added ccache [%s] for user [%s] to the list\n",
ccname, username));
+ if (entry->event) {
+ /*
+ * If we're set up to renew our krb5 tickets, we must
+ * cache the credentials in memory for the ticket
+ * renew function. Fix inspired by patch from
+ * Ian Gordon <ian.gordon@strath.ac.uk> for
+ * bugid #9098.
+ */
+
+ ntret = winbindd_add_memory_creds(username, uid, pass);
+ DEBUG(10, ("winbindd_add_memory_creds returned: %s\n",
+ nt_errstr(ntret)));
+ }
+
return NT_STATUS_OK;
no_mem:
cc,
service,
state->request->data.auth.user,
+ state->request->data.auth.pass,
realm,
uid,
time(NULL),
cc,
service,
state->request->data.auth.user,
+ state->request->data.auth.pass,
domain->alt_name,
uid,
time(NULL),
goto process_result;
}
+ /*
+ * Remove any mlock'ed memory creds in the child
+ * we might be using for krb5 ticket renewal.
+ */
+
+ winbindd_delete_memory_creds(state->request->data.logoff.user);
+
#else
result = NT_STATUS_NOT_SUPPORTED;
#endif
git.samba.org / samba.git / commitdiff