summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/nsswitch/winbindd_cred_cache.c12
-rw-r--r--source3/nsswitch/winbindd_pam.c7
2 files changed, 18 insertions, 1 deletions
diff --git a/source3/nsswitch/winbindd_cred_cache.c b/source3/nsswitch/winbindd_cred_cache.c
index eb39d1dafb..db1dc57795 100644
--- a/source3/nsswitch/winbindd_cred_cache.c
+++ b/source3/nsswitch/winbindd_cred_cache.c
@@ -75,6 +75,7 @@ NTSTATUS remove_ccache_by_ccname(const char *ccname)
DLIST_REMOVE(ccache_list, entry);
TALLOC_FREE(entry->event); /* unregisters events */
TALLOC_FREE(entry);
+ DEBUG(10,("remove_ccache_by_ccname: removed ccache %s\n", ccname));
return NT_STATUS_OK;
}
}
@@ -171,6 +172,7 @@ NTSTATUS add_ccache_to_list(const char *princ_name,
BOOL schedule_refresh_event)
{
struct WINBINDD_CCACHE_ENTRY *new_entry = NULL;
+ struct WINBINDD_CCACHE_ENTRY *old_entry = NULL;
NTSTATUS status;
if ((username == NULL && sid_string == NULL && princ_name == NULL) ||
@@ -192,6 +194,16 @@ NTSTATUS add_ccache_to_list(const char *princ_name,
return NT_STATUS_NO_MORE_ENTRIES;
}
+ /* get rid of old entries */
+ old_entry = get_ccache_by_username(username);
+ if (old_entry) {
+ status = remove_ccache_by_ccname(old_entry->ccname);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10,("add_ccache_to_list: failed to delete old ccache entry\n"));
+ return status;
+ }
+ }
+
new_entry = TALLOC_P(mem_ctx, struct WINBINDD_CCACHE_ENTRY);
if (new_entry == NULL) {
return NT_STATUS_NO_MEMORY;
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index d38bdf3dfa..9e4fd39707 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -611,11 +611,16 @@ failed:
krb5_ret = ads_kdestroy(cc);
if (krb5_ret) {
- DEBUG(0,("winbindd_raw_kerberos_login: "
+ DEBUG(3,("winbindd_raw_kerberos_login: "
"could not destroy krb5 credential cache: "
"%s\n", error_message(krb5_ret)));
}
+ if (!NT_STATUS_IS_OK(remove_ccache_by_ccname(cc))) {
+ DEBUG(3,("winbindd_raw_kerberos_login: "
+ "could not remove ccache\n"));
+ }
+
done:
data_blob_free(&session_key);
data_blob_free(&session_key_krb5);