diff options
| -rw-r--r-- | source3/include/proto.h | 2 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_cache.c | 23 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_pam.c | 4 |
3 files changed, 25 insertions, 4 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index 2145a892c6..d5e942a6d7 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -5002,7 +5002,7 @@ void pwd_get_cleartext(struct pwd_info *pwd, fstring clr); bool netsamlogon_cache_init(void); bool netsamlogon_cache_shutdown(void); -void netsamlogon_clear_cached_user(TDB_CONTEXT *tdb, struct netr_SamInfo3 *info3); +void netsamlogon_clear_cached_user(struct netr_SamInfo3 *info3); bool netsamlogon_cache_store(const char *username, struct netr_SamInfo3 *info3); struct netr_SamInfo3 *netsamlogon_cache_get(TALLOC_CTX *mem_ctx, const DOM_SID *user_sid); bool netsamlogon_cache_have(const DOM_SID *user_sid); diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c index c9d857c2ec..2fbb01b623 100644 --- a/source3/winbindd/winbindd_cache.c +++ b/source3/winbindd/winbindd_cache.c @@ -2259,6 +2259,8 @@ static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf, void wcache_invalidate_samlogon(struct winbindd_domain *domain, struct netr_SamInfo3 *info3) { + DOM_SID sid; + fstring key_str, sid_string; struct winbind_cache *cache; /* dont clear cached U/SID and UG/SID entries when we want to logon @@ -2272,7 +2274,26 @@ void wcache_invalidate_samlogon(struct winbindd_domain *domain, return; cache = get_cache(domain); - netsamlogon_clear_cached_user(cache->tdb, info3); + + if (!cache->tdb) { + return; + } + + sid_copy(&sid, info3->base.domain_sid); + sid_append_rid(&sid, info3->base.rid); + + /* Clear U/SID cache entry */ + fstr_sprintf(key_str, "U/%s", sid_to_fstring(sid_string, &sid)); + DEBUG(10, ("wcache_invalidate_samlogon: clearing %s\n", key_str)); + tdb_delete(cache->tdb, string_tdb_data(key_str)); + + /* Clear UG/SID cache entry */ + fstr_sprintf(key_str, "UG/%s", sid_to_fstring(sid_string, &sid)); + DEBUG(10, ("wcache_invalidate_samlogon: clearing %s\n", key_str)); + tdb_delete(cache->tdb, string_tdb_data(key_str)); + + /* Samba/winbindd never needs this. */ + netsamlogon_clear_cached_user(info3); } bool wcache_invalidate_cache(void) diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index a7911f60aa..d4a2e3ed79 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1595,8 +1595,8 @@ process_result: goto done; } - netsamlogon_cache_store(name_user, info3); wcache_invalidate_samlogon(find_domain_from_name(name_domain), info3); + netsamlogon_cache_store(name_user, info3); /* save name_to_sid info as early as possible (only if this is our primary domain so we don't invalidate @@ -1921,8 +1921,8 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain, if (NT_STATUS_IS_OK(result)) { - netsamlogon_cache_store(name_user, info3); wcache_invalidate_samlogon(find_domain_from_name(name_domain), info3); + netsamlogon_cache_store(name_user, info3); /* Check if the user is in the right group */ |