s3-winbind: Do not delete an existing valid credential cache.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9994 Thanks to David Woodhouse <dwmw2@infradead.org>. Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Jul 15 12:48:46 CEST 2013 on sn-devel-104 (cherry picked from commit 0529b59fbe3f96509893fc4e93a75d6928b5a532) (cherry picked from commit 64732d3d317be8bb3b3579455ce3b3d5c81b6ad8)
author: Andreas Schneider <asn@samba.org> 2013-07-11 13:44:53 +0200
committer: Karolin Seeger <kseeger@samba.org> 2013-09-18 10:41:20 +0200
commit: 69c6410cfbfeea2972fec9a20040ea4d87108408 (patch)
tree: 163b8d14facbf0a3e49064a7b5b12180aa8ed97e
parent: 1c92376271a07fd44dd17c0837e3e3a2b72fdeee (diff)
download: samba-69c6410cfbfeea2972fec9a20040ea4d87108408.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index a9662028884..125e393220d 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -668,6 +668,14 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
 	return NT_STATUS_OK;
 
 failed:
+	/*
+	 * Do not delete an existing valid credential cache, if the user
+	 * e.g. enters a wrong password
+	 */
+	if ((strequal(krb5_cc_type, "FILE") || strequal(krb5_cc_type, "WRFILE"))
+	    && user_ccache_file != NULL) {
+		return result;
+	}
 
 	/* we could have created a new credential cache with a valid tgt in it
 	 * but we werent able to get or verify the service ticket for this
author	Andreas Schneider <asn@samba.org>	2013-07-11 13:44:53 +0200
committer	Karolin Seeger <kseeger@samba.org>	2013-09-18 10:41:20 +0200
commit	69c6410cfbfeea2972fec9a20040ea4d87108408 (patch)
tree	163b8d14facbf0a3e49064a7b5b12180aa8ed97e
parent	1c92376271a07fd44dd17c0837e3e3a2b72fdeee (diff)
download	samba-69c6410cfbfeea2972fec9a20040ea4d87108408.tar.gz