From a3a014fd6c3883b2646f9921502f07aa475a8d54 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Mon, 15 Jul 2013 16:22:45 +0200 Subject: [PATCH] Local user's krb5cc deleted by winbind. resolves: #981033 --- samba-4.0.8-fix_winbind_ccache_cleanup.patch | 44 ++++++++++++++++++++ samba.spec | 3 ++ 2 files changed, 47 insertions(+) create mode 100644 samba-4.0.8-fix_winbind_ccache_cleanup.patch diff --git a/samba-4.0.8-fix_winbind_ccache_cleanup.patch b/samba-4.0.8-fix_winbind_ccache_cleanup.patch new file mode 100644 index 0000000..68d5444 --- /dev/null +++ b/samba-4.0.8-fix_winbind_ccache_cleanup.patch @@ -0,0 +1,44 @@ +From 91300255f4b93dad920af2399a6cd64720d47e4f Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Thu, 11 Jul 2013 13:44:53 +0200 +Subject: [PATCH] s3-winbind: Do not delete an existing valid credential cache. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=9994 + +Thanks to David Woodhouse . + +Reviewed-by: Günther Deschner + +Autobuild-User(master): Andreas Schneider +Autobuild-Date(master): Mon Jul 15 12:48:46 CEST 2013 on sn-devel-104 + +(cherry picked from commit 0529b59fbe3f96509893fc4e93a75d6928b5a532) +--- + source3/winbindd/winbindd_pam.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c +index b23d421..99794e6 100644 +--- a/source3/winbindd/winbindd_pam.c ++++ b/source3/winbindd/winbindd_pam.c +@@ -677,6 +677,14 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx, + return NT_STATUS_OK; + + failed: ++ /* ++ * Do not delete an existing valid credential cache, if the user ++ * e.g. enters a wrong password ++ */ ++ if ((strequal(krb5_cc_type, "FILE") || strequal(krb5_cc_type, "WRFILE")) ++ && user_ccache_file != NULL) { ++ return result; ++ } + + /* we could have created a new credential cache with a valid tgt in it + * but we werent able to get or verify the service ticket for this +-- +1.8.3.1 + diff --git a/samba.spec b/samba.spec index 14feeee..ce9808d 100644 --- a/samba.spec +++ b/samba.spec @@ -79,6 +79,7 @@ Source200: README.dc Source201: README.downgrade Patch0: samba-4.0.6_add_passdb_upn_enum.patch +Patch1: samba-4.0.8-fix_winbind_ccache_cleanup.patch BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) @@ -458,6 +459,7 @@ the local kerberos library to use the same KDC as samba and winbind use %prep %setup -q -n samba-%{version}%{pre_release} %patch0 -p1 +%patch1 -p1 %build %global _talloc_lib ,talloc,pytalloc,pytalloc-util @@ -1505,6 +1507,7 @@ rm -rf %{buildroot} * Mon Jul 15 2013 - Andreas Schneider - 2:4.0.7-2 - resolves: #972692 - Build with PIE and full RELRO. - resolves: #884169 - Add explicit dependencies suggested by rpmdiff. +- resolves: #981033 - Local user's krb5cc deleted by winbind. * Wed Jul 03 2013 - Andreas Schneider - 2:4.0.7-1 - Update to Samba 4.0.7.