summaryrefslogtreecommitdiff
path: root/source3/winbindd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/winbindd')
-rw-r--r--source3/winbindd/winbindd_cache.c23
-rw-r--r--source3/winbindd/winbindd_pam.c4
2 files changed, 24 insertions, 3 deletions
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index c9d857c2ec..2fbb01b623 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -2259,6 +2259,8 @@ static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
void wcache_invalidate_samlogon(struct winbindd_domain *domain,
struct netr_SamInfo3 *info3)
{
+ DOM_SID sid;
+ fstring key_str, sid_string;
struct winbind_cache *cache;
/* dont clear cached U/SID and UG/SID entries when we want to logon
@@ -2272,7 +2274,26 @@ void wcache_invalidate_samlogon(struct winbindd_domain *domain,
return;
cache = get_cache(domain);
- netsamlogon_clear_cached_user(cache->tdb, info3);
+
+ if (!cache->tdb) {
+ return;
+ }
+
+ sid_copy(&sid, info3->base.domain_sid);
+ sid_append_rid(&sid, info3->base.rid);
+
+ /* Clear U/SID cache entry */
+ fstr_sprintf(key_str, "U/%s", sid_to_fstring(sid_string, &sid));
+ DEBUG(10, ("wcache_invalidate_samlogon: clearing %s\n", key_str));
+ tdb_delete(cache->tdb, string_tdb_data(key_str));
+
+ /* Clear UG/SID cache entry */
+ fstr_sprintf(key_str, "UG/%s", sid_to_fstring(sid_string, &sid));
+ DEBUG(10, ("wcache_invalidate_samlogon: clearing %s\n", key_str));
+ tdb_delete(cache->tdb, string_tdb_data(key_str));
+
+ /* Samba/winbindd never needs this. */
+ netsamlogon_clear_cached_user(info3);
}
bool wcache_invalidate_cache(void)
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index a7911f60aa..d4a2e3ed79 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1595,8 +1595,8 @@ process_result:
goto done;
}
- netsamlogon_cache_store(name_user, info3);
wcache_invalidate_samlogon(find_domain_from_name(name_domain), info3);
+ netsamlogon_cache_store(name_user, info3);
/* save name_to_sid info as early as possible (only if
this is our primary domain so we don't invalidate
@@ -1921,8 +1921,8 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
if (NT_STATUS_IS_OK(result)) {
- netsamlogon_cache_store(name_user, info3);
wcache_invalidate_samlogon(find_domain_from_name(name_domain), info3);
+ netsamlogon_cache_store(name_user, info3);
/* Check if the user is in the right group */