diff options
-rw-r--r-- | source3/nsswitch/winbindd_cred_cache.c | 12 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_pam.c | 10 |
2 files changed, 20 insertions, 2 deletions
diff --git a/source3/nsswitch/winbindd_cred_cache.c b/source3/nsswitch/winbindd_cred_cache.c index 84c844a9da..0847ac9e27 100644 --- a/source3/nsswitch/winbindd_cred_cache.c +++ b/source3/nsswitch/winbindd_cred_cache.c @@ -249,6 +249,16 @@ static void krb5_ticket_gain_handler(struct event_context *event_ctx, } /**************************************************************** + Check if an ccache entry exists. +****************************************************************/ + +BOOL ccache_entry_exists(const char *username) +{ + struct WINBINDD_CCACHE_ENTRY *entry = get_ccache_by_username(username); + return (entry != NULL); +} + +/**************************************************************** Ensure we're changing the correct entry. ****************************************************************/ @@ -305,6 +315,8 @@ NTSTATUS add_ccache_to_list(const char *princ_name, entry->ref_count++; DEBUG(10,("add_ccache_to_list: ref count on entry %s is now %d\n", username, entry->ref_count)); + /* FIXME: in this case we still might want to have a krb5 cred + * event handler created - gd*/ return NT_STATUS_OK; } diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index 69e004ec71..2e679c37dc 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -2147,8 +2147,14 @@ enum winbindd_result winbindd_dual_pam_logoff(struct winbindd_domain *domain, } /* what we need here is to find the corresponding krb5 ccache name *we* - * created for a given username and destroy it (as the user who created it) */ - + * created for a given username and destroy it */ + + if (!ccache_entry_exists(state->request.data.logoff.user)) { + result = NT_STATUS_OK; + DEBUG(10,("winbindd_pam_logoff: no entry found.\n")); + goto process_result; + } + if (!ccache_entry_identical(state->request.data.logoff.user, state->request.data.logoff.uid, state->request.data.logoff.krb5ccname)) { |