r17837: Split out the storing of memory cached credentials

from the krb5 ticket renewal code. This allows cached
credentials to be stored for single sign-on via ntlm_auth
for machines in a domain still using NTLM. Also (hopefully)
fixes the reference counting problem with pam_logon/logoff
so multiple logons/logoffs won't lose cached credentials.
This compiles, but I'm intending to test it over the weekend
so don't complain too much :-). I also want it in the tree
so Coverity can scan it for errors. Guenther, check this over
please - I ran through the architecture with Jerry and he's
ok with it, but this is modifying your code a lot.
Jeremy.
(This used to be commit 679eeeb91155dad3942efde6ae9f8d81faf18c5b)

1 files changed, 2 insertions, 2 deletions

diff --git a/source3/nsswitch/winbindd_ccache_access.c b/source3/nsswitch/winbindd_ccache_access.c
index d17f15ae9f..6aa221448e 100644
--- a/source3/nsswitch/winbindd_ccache_access.c
+++ b/source3/nsswitch/winbindd_ccache_access.c
@@ -230,7 +230,7 @@ enum winbindd_result winbindd_dual_ccache_ntlm_auth(struct winbindd_domain *doma
 	}
 
 	entry = get_ccache_by_username(state->request.data.ccache_ntlm_auth.user);
-	if (entry == NULL) {
+	if (entry == NULL || entry->cred_ptr == NULL) {
 		DEBUG(10,("winbindd_dual_ccache_ntlm_auth: could not find "
 			"credentials for user %s\n", 
 			state->request.data.ccache_ntlm_auth.user));
@@ -258,7 +258,7 @@ enum winbindd_result winbindd_dual_ccache_ntlm_auth(struct winbindd_domain *doma
 		result = NT_STATUS_NO_MEMORY;
 	} else {
 		result = do_ntlm_auth_with_hashes(name_user, name_domain,
-						entry->lm_hash, entry->nt_hash,
+						entry->cred_ptr->lm_hash, entry->cred_ptr->nt_hash,
 						initial, challenge, &auth);
 	}