Fix bug #9098 - winbind does not refresh kerberos tickets.

Based on work from Ian Gordon <ian.gordon@strath.ac.uk>.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 21 22:01:15 CEST 2012 on sn-devel-104

1 files changed, 29 insertions, 0 deletions

diff --git a/source3/winbindd/winbindd_cred_cache.c b/source3/winbindd/winbindd_cred_cache.c
index 5e79a96ca7..e8bbf9c824 100644
--- a/source3/winbindd/winbindd_cred_cache.c
+++ b/source3/winbindd/winbindd_cred_cache.c
@@ -490,6 +490,7 @@ NTSTATUS add_ccache_to_list(const char *princ_name,
 			    const char *ccname,
 			    const char *service,
 			    const char *username,
+			    const char *pass,
 			    const char *realm,
 			    uid_t uid,
 			    time_t create_time,
@@ -591,8 +592,22 @@ NTSTATUS add_ccache_to_list(const char *princ_name,
 			}
 
 			DEBUG(10,("add_ccache_to_list: added krb5_ticket handler\n"));
+
 		}
 
+		/*
+		 * If we're set up to renew our krb5 tickets, we must
+		 * cache the credentials in memory for the ticket
+		 * renew function (or increase the reference count
+		 * if we're logging in more than once). Fix inspired
+		 * by patch from Ian Gordon <ian.gordon@strath.ac.uk>
+		 * for bugid #9098.
+		 */
+
+		ntret = winbindd_add_memory_creds(username, uid, pass);
+		DEBUG(10, ("winbindd_add_memory_creds returned: %s\n",
+			nt_errstr(ntret)));
+
 		return NT_STATUS_OK;
 	}
 
@@ -675,6 +690,20 @@ NTSTATUS add_ccache_to_list(const char *princ_name,
 		"added ccache [%s] for user [%s] to the list\n",
 		ccname, username));
 
+	if (entry->event) {
+		/*
+		 * If we're set up to renew our krb5 tickets, we must
+		 * cache the credentials in memory for the ticket
+		 * renew function. Fix inspired by patch from
+		 * Ian Gordon <ian.gordon@strath.ac.uk> for
+		 * bugid #9098.
+		 */
+
+		ntret = winbindd_add_memory_creds(username, uid, pass);
+		DEBUG(10, ("winbindd_add_memory_creds returned: %s\n",
+			nt_errstr(ntret)));
+	}
+
 	return NT_STATUS_OK;
 
  no_mem: