[samba/f19] Local user's krb5cc deleted by winbind.
asn
asn at fedoraproject.org
Tue Jul 16 09:20:35 UTC 2013
commit ac18a529d7ce1c03ca984cc5556e1fd4ea1d0732
Author: Andreas Schneider <asn at redhat.com>
Date: Mon Jul 15 16:22:45 2013 +0200
Local user's krb5cc deleted by winbind.
resolves: #981033
samba-4.0.8-fix_winbind_ccache_cleanup.patch | 44 ++++++++++++++++++++++++++
samba.spec | 3 ++
2 files changed, 47 insertions(+), 0 deletions(-)
---
diff --git a/samba-4.0.8-fix_winbind_ccache_cleanup.patch b/samba-4.0.8-fix_winbind_ccache_cleanup.patch
new file mode 100644
index 0000000..68d5444
--- /dev/null
+++ b/samba-4.0.8-fix_winbind_ccache_cleanup.patch
@@ -0,0 +1,44 @@
+From 91300255f4b93dad920af2399a6cd64720d47e4f Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn at samba.org>
+Date: Thu, 11 Jul 2013 13:44:53 +0200
+Subject: [PATCH] s3-winbind: Do not delete an existing valid credential cache.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=9994
+
+Thanks to David Woodhouse <dwmw2 at infradead.org>.
+
+Reviewed-by: Günther Deschner <gd at samba.org>
+
+Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
+Autobuild-Date(master): Mon Jul 15 12:48:46 CEST 2013 on sn-devel-104
+
+(cherry picked from commit 0529b59fbe3f96509893fc4e93a75d6928b5a532)
+---
+ source3/winbindd/winbindd_pam.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
+index b23d421..99794e6 100644
+--- a/source3/winbindd/winbindd_pam.c
++++ b/source3/winbindd/winbindd_pam.c
+@@ -677,6 +677,14 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
+ return NT_STATUS_OK;
+
+ failed:
++ /*
++ * Do not delete an existing valid credential cache, if the user
++ * e.g. enters a wrong password
++ */
++ if ((strequal(krb5_cc_type, "FILE") || strequal(krb5_cc_type, "WRFILE"))
++ && user_ccache_file != NULL) {
++ return result;
++ }
+
+ /* we could have created a new credential cache with a valid tgt in it
+ * but we werent able to get or verify the service ticket for this
+--
+1.8.3.1
+
diff --git a/samba.spec b/samba.spec
index 14feeee..ce9808d 100644
--- a/samba.spec
+++ b/samba.spec
@@ -79,6 +79,7 @@ Source200: README.dc
Source201: README.downgrade
Patch0: samba-4.0.6_add_passdb_upn_enum.patch
+Patch1: samba-4.0.8-fix_winbind_ccache_cleanup.patch
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
@@ -458,6 +459,7 @@ the local kerberos library to use the same KDC as samba and winbind use
%prep
%setup -q -n samba-%{version}%{pre_release}
%patch0 -p1
+%patch1 -p1
%build
%global _talloc_lib ,talloc,pytalloc,pytalloc-util
@@ -1505,6 +1507,7 @@ rm -rf %{buildroot}
* Mon Jul 15 2013 - Andreas Schneider <asn at redhat.com> - 2:4.0.7-2
- resolves: #972692 - Build with PIE and full RELRO.
- resolves: #884169 - Add explicit dependencies suggested by rpmdiff.
+- resolves: #981033 - Local user's krb5cc deleted by winbind.
* Wed Jul 03 2013 - Andreas Schneider <asn at redhat.com> - 2:4.0.7-1
- Update to Samba 4.0.7.
More information about the scm-commits
mailing list