[samba/f19] Local user's krb5cc deleted by winbind.

[asn]

commit ac18a529d7ce1c03ca984cc5556e1fd4ea1d0732
Author: Andreas Schneider <asn at redhat.com>
Date:   Mon Jul 15 16:22:45 2013 +0200

    Local user's krb5cc deleted by winbind.
    
    resolves: #981033

 samba-4.0.8-fix_winbind_ccache_cleanup.patch |   44 ++++++++++++++++++++++++++
 samba.spec                                   |    3 ++
 2 files changed, 47 insertions(+), 0 deletions(-)
---
diff --git a/samba-4.0.8-fix_winbind_ccache_cleanup.patch b/samba-4.0.8-fix_winbind_ccache_cleanup.patch
new file mode 100644
index 0000000..68d5444
--- /dev/null
+++ b/samba-4.0.8-fix_winbind_ccache_cleanup.patch
@@ -0,0 +1,44 @@
+From 91300255f4b93dad920af2399a6cd64720d47e4f Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn at samba.org>
+Date: Thu, 11 Jul 2013 13:44:53 +0200
+Subject: [PATCH] s3-winbind: Do not delete an existing valid credential cache.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=9994
+
+Thanks to David Woodhouse <dwmw2 at infradead.org>.
+
+Reviewed-by: Günther Deschner <gd at samba.org>
+
+Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
+Autobuild-Date(master): Mon Jul 15 12:48:46 CEST 2013 on sn-devel-104
+
+(cherry picked from commit 0529b59fbe3f96509893fc4e93a75d6928b5a532)
+---
+ source3/winbindd/winbindd_pam.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
+index b23d421..99794e6 100644
+--- a/source3/winbindd/winbindd_pam.c
++++ b/source3/winbindd/winbindd_pam.c
+@@ -677,6 +677,14 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
+ 	return NT_STATUS_OK;
+ 
+ failed:
++	/*
++	 * Do not delete an existing valid credential cache, if the user
++	 * e.g. enters a wrong password
++	 */
++	if ((strequal(krb5_cc_type, "FILE") || strequal(krb5_cc_type, "WRFILE"))
++	    && user_ccache_file != NULL) {
++		return result;
++	}
+ 
+ 	/* we could have created a new credential cache with a valid tgt in it
+ 	 * but we werent able to get or verify the service ticket for this
+-- 
+1.8.3.1
+
diff --git a/samba.spec b/samba.spec
index 14feeee..ce9808d 100644
--- a/samba.spec
+++ b/samba.spec
@@ -79,6 +79,7 @@ Source200: README.dc
 Source201: README.downgrade
 
 Patch0: samba-4.0.6_add_passdb_upn_enum.patch
+Patch1: samba-4.0.8-fix_winbind_ccache_cleanup.patch
 
 BuildRoot:      %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
@@ -458,6 +459,7 @@ the local kerberos library to use the same KDC as samba and winbind use
 %prep
 %setup -q -n samba-%{version}%{pre_release}
 %patch0 -p1
+%patch1 -p1
 
 %build
 %global _talloc_lib ,talloc,pytalloc,pytalloc-util
@@ -1505,6 +1507,7 @@ rm -rf %{buildroot}
 * Mon Jul 15 2013 - Andreas Schneider <asn at redhat.com> - 2:4.0.7-2
 - resolves: #972692 - Build with PIE and full RELRO.
 - resolves: #884169 - Add explicit dependencies suggested by rpmdiff.
+- resolves: #981033 - Local user's krb5cc deleted by winbind.
 
 * Wed Jul 03 2013 - Andreas Schneider <asn at redhat.com> - 2:4.0.7-1
 - Update to Samba 4.0.7.