diff options
author | Samuel Cabrero <scabrero@suse.de> | 2022-02-22 13:19:02 +0100 |
---|---|---|
committer | Jule Anger <janger@samba.org> | 2022-02-25 17:12:17 +0000 |
commit | e3efe2d0de20216ea7ecbc8e41ae8c6968507d29 (patch) | |
tree | b2c0d76760cf48db7f2ed876d561ff8e36f2bf16 | |
parent | 85fdd88e3cabbd405ddfda32b0b2b4e7eeee673e (diff) | |
download | samba-e3efe2d0de20216ea7ecbc8e41ae8c6968507d29.tar.gz |
s3:winbind: Store canonical principal and realm in ccache entry
They will be used later to refresh the tickets.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 0f4f330773d272b4d28ff3ba5a41bdd4ba569c8b)
-rw-r--r-- | source3/winbindd/winbindd.h | 2 | ||||
-rw-r--r-- | source3/winbindd/winbindd_cred_cache.c | 16 | ||||
-rw-r--r-- | source3/winbindd/winbindd_pam.c | 14 | ||||
-rw-r--r-- | source3/winbindd/winbindd_proto.h | 4 |
4 files changed, 30 insertions, 6 deletions
diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h index a6b2238cec1..dac4a1fa927 100644 --- a/source3/winbindd/winbindd.h +++ b/source3/winbindd/winbindd.h @@ -344,6 +344,8 @@ struct WINBINDD_CCACHE_ENTRY { const char *service; const char *username; const char *realm; + const char *canon_principal; + const char *canon_realm; struct WINBINDD_MEMORY_CREDS *cred_ptr; int ref_count; uid_t uid; diff --git a/source3/winbindd/winbindd_cred_cache.c b/source3/winbindd/winbindd_cred_cache.c index c3077e21989..88847b1ab97 100644 --- a/source3/winbindd/winbindd_cred_cache.c +++ b/source3/winbindd/winbindd_cred_cache.c @@ -501,7 +501,9 @@ NTSTATUS add_ccache_to_list(const char *princ_name, time_t create_time, time_t ticket_end, time_t renew_until, - bool postponed_request) + bool postponed_request, + const char *canon_principal, + const char *canon_realm) { struct WINBINDD_CCACHE_ENTRY *entry = NULL; struct timeval t; @@ -617,6 +619,18 @@ NTSTATUS add_ccache_to_list(const char *princ_name, goto no_mem; } } + if (canon_principal != NULL) { + entry->canon_principal = talloc_strdup(entry, canon_principal); + if (entry->canon_principal == NULL) { + goto no_mem; + } + } + if (canon_realm != NULL) { + entry->canon_realm = talloc_strdup(entry, canon_realm); + if (entry->canon_realm == NULL) { + goto no_mem; + } + } entry->ccname = talloc_strdup(entry, ccname); if (!entry->ccname) { diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 3ceaec6977f..ca89d48cb49 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -687,6 +687,8 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx, const char *local_service; uint32_t i; struct netr_SamInfo6 *info6_copy = NULL; + char *canon_principal = NULL; + char *canon_realm = NULL; bool ok; *info6 = NULL; @@ -789,8 +791,8 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx, WINBINDD_PAM_AUTH_KRB5_RENEW_TIME, NULL, local_service, - NULL, - NULL, + &canon_principal, + &canon_realm, &pac_data_ctr); if (user_ccache_file != NULL) { gain_root_privilege(); @@ -856,7 +858,9 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx, time(NULL), ticket_lifetime, renewal_until, - false); + false, + canon_principal, + canon_realm); if (!NT_STATUS_IS_OK(result)) { DEBUG(10,("winbindd_raw_kerberos_login: failed to add ccache to list: %s\n", @@ -1233,7 +1237,9 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain, time(NULL), time(NULL) + lp_winbind_cache_time(), time(NULL) + WINBINDD_PAM_AUTH_KRB5_RENEW_TIME, - true); + true, + principal_s, + realm); if (!NT_STATUS_IS_OK(result)) { DEBUG(10,("winbindd_dual_pam_auth_cached: failed " diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index c0d653a6d77..16c23f3de40 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -236,7 +236,9 @@ NTSTATUS add_ccache_to_list(const char *princ_name, time_t create_time, time_t ticket_end, time_t renew_until, - bool postponed_request); + bool postponed_request, + const char *canon_principal, + const char *canon_realm); NTSTATUS remove_ccache(const char *username); struct WINBINDD_MEMORY_CREDS *find_memory_creds_by_name(const char *username); NTSTATUS winbindd_add_memory_creds(const char *username, |