From 46928878f615f5605f32b9679669268646bda11f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 3 Sep 2007 12:23:45 +0000 Subject: r24920: Reformatting. Guenther (This used to be commit 62426a055513c309a381d0d96d60edc07e6dfcdf) --- source3/nsswitch/winbindd_cred_cache.c | 310 +++++++++++++++++++-------------- 1 file changed, 182 insertions(+), 128 deletions(-) (limited to 'source3/nsswitch/winbindd_cred_cache.c') diff --git a/source3/nsswitch/winbindd_cred_cache.c b/source3/nsswitch/winbindd_cred_cache.c index 8b12c459d6..65dcbe5a00 100644 --- a/source3/nsswitch/winbindd_cred_cache.c +++ b/source3/nsswitch/winbindd_cred_cache.c @@ -6,17 +6,17 @@ Copyright (C) Guenther Deschner 2005-2006 Copyright (C) Jeremy Allison 2006 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see . */ @@ -26,7 +26,7 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND -/* uncomment this to to fast debugging on the krb5 ticket renewal event */ +/* uncomment this to do fast debugging on the krb5 ticket renewal event */ #ifdef DEBUG_KRB5_TKT_RENEWAL #undef DEBUG_KRB5_TKT_RENEWAL #endif @@ -35,8 +35,8 @@ static struct WINBINDD_CCACHE_ENTRY *ccache_list; -/* The Krb5 ticket refresh handler should be scheduled - at one-half of the period from now till the tkt +/* The Krb5 ticket refresh handler should be scheduled + at one-half of the period from now till the tkt expiration */ #define KRB5_EVENT_REFRESH_TIME(x) ((x) - (((x) - time(NULL))/2)) @@ -89,7 +89,8 @@ static void krb5_ticket_refresh_handler(struct event_context *event_ctx, #endif DEBUG(10,("krb5_ticket_refresh_handler called\n")); - DEBUGADD(10,("event called for: %s, %s\n", entry->ccname, entry->username)); + DEBUGADD(10,("event called for: %s, %s\n", + entry->ccname, entry->username)); TALLOC_FREE(entry->event); @@ -99,7 +100,7 @@ static void krb5_ticket_refresh_handler(struct event_context *event_ctx, * tgt anymore */ if ((entry->renew_until < time(NULL)) && cred_ptr && cred_ptr->pass) { - + set_effective_uid(entry->uid); ret = kerberos_kinit_password_ext(entry->principal_name, @@ -115,30 +116,30 @@ static void krb5_ticket_refresh_handler(struct event_context *event_ctx, gain_root_privilege(); if (ret) { - DEBUG(3,("krb5_ticket_refresh_handler: could not re-kinit: %s\n", + DEBUG(3,("krb5_ticket_refresh_handler: " + "could not re-kinit: %s\n", error_message(ret))); TALLOC_FREE(entry->event); return; } DEBUG(10,("krb5_ticket_refresh_handler: successful re-kinit " - "for: %s in ccache: %s\n", + "for: %s in ccache: %s\n", entry->principal_name, entry->ccname)); #if defined(DEBUG_KRB5_TKT_RENEWAL) - new_start = time(NULL) + 30; + new_start = time(NULL) + 30; #else /* The tkt should be refreshed at one-half the period from now to the expiration time */ new_start = KRB5_EVENT_REFRESH_TIME(entry->refresh_time); #endif - goto done; } set_effective_uid(entry->uid); - ret = smb_krb5_renew_ticket(entry->ccname, + ret = smb_krb5_renew_ticket(entry->ccname, entry->principal_name, entry->service, &new_start); @@ -151,15 +152,18 @@ static void krb5_ticket_refresh_handler(struct event_context *event_ctx, gain_root_privilege(); if (ret) { - DEBUG(3,("krb5_ticket_refresh_handler: could not renew tickets: %s\n", + DEBUG(3,("krb5_ticket_refresh_handler: " + "could not renew tickets: %s\n", error_message(ret))); /* maybe we are beyond the renewing window */ - /* avoid breaking the renewal chain: retry in lp_winbind_cache_time() - * seconds when the KDC was not available right now. */ + /* avoid breaking the renewal chain: retry in + * lp_winbind_cache_time() seconds when the KDC was not + * available right now. */ if (ret == KRB5_KDC_UNREACH) { - new_start = time(NULL) + MAX(30, lp_winbind_cache_time()); + new_start = time(NULL) + + MAX(30, lp_winbind_cache_time()); goto done; } @@ -168,7 +172,7 @@ static void krb5_ticket_refresh_handler(struct event_context *event_ctx, done: - entry->event = event_add_timed(winbind_event_context(), entry, + entry->event = event_add_timed(winbind_event_context(), entry, timeval_set(new_start, 0), "krb5_ticket_refresh_handler", krb5_ticket_refresh_handler, @@ -183,8 +187,8 @@ done: static void krb5_ticket_gain_handler(struct event_context *event_ctx, struct timed_event *te, - const struct timeval *now, - void *private_data) + const struct timeval *now, + void *private_data) { struct WINBINDD_CCACHE_ENTRY *entry = talloc_get_type_abort(private_data, struct WINBINDD_CCACHE_ENTRY); @@ -196,7 +200,8 @@ static void krb5_ticket_gain_handler(struct event_context *event_ctx, #endif DEBUG(10,("krb5_ticket_gain_handler called\n")); - DEBUGADD(10,("event called for: %s, %s\n", entry->ccname, entry->username)); + DEBUGADD(10,("event called for: %s, %s\n", + entry->ccname, entry->username)); TALLOC_FREE(entry->event); @@ -212,41 +217,47 @@ static void krb5_ticket_gain_handler(struct event_context *event_ctx, return; } - if (domain->online) { + if (!domain->online) { + goto retry_later; + } - set_effective_uid(entry->uid); + set_effective_uid(entry->uid); - ret = kerberos_kinit_password_ext(entry->principal_name, - cred_ptr->pass, - 0, /* hm, can we do time correction here ? */ - &entry->refresh_time, - &entry->renew_until, - entry->ccname, - False, /* no PAC required anymore */ - True, - WINBINDD_PAM_AUTH_KRB5_RENEW_TIME, - NULL); - gain_root_privilege(); + ret = kerberos_kinit_password_ext(entry->principal_name, + cred_ptr->pass, + 0, /* hm, can we do time correction here ? */ + &entry->refresh_time, + &entry->renew_until, + entry->ccname, + False, /* no PAC required anymore */ + True, + WINBINDD_PAM_AUTH_KRB5_RENEW_TIME, + NULL); + gain_root_privilege(); - if (ret) { - DEBUG(3,("krb5_ticket_gain_handler: could not kinit: %s\n", - error_message(ret))); - goto retry_later; - } + if (ret) { + DEBUG(3,("krb5_ticket_gain_handler: " + "could not kinit: %s\n", + error_message(ret))); + goto retry_later; + } - DEBUG(10,("krb5_ticket_gain_handler: successful kinit for: %s in ccache: %s\n", - entry->principal_name, entry->ccname)); + DEBUG(10,("krb5_ticket_gain_handler: " + "successful kinit for: %s in ccache: %s\n", + entry->principal_name, entry->ccname)); - goto got_ticket; - } + goto got_ticket; retry_later: - entry->event = event_add_timed(winbind_event_context(), entry, - timeval_current_ofs(MAX(30, lp_winbind_cache_time()), 0), - "krb5_ticket_gain_handler", - krb5_ticket_gain_handler, - entry); + t = timeval_current_ofs(MAX(30, lp_winbind_cache_time()), 0); + + entry->event = event_add_timed(winbind_event_context(), + entry, + t, + "krb5_ticket_gain_handler", + krb5_ticket_gain_handler, + entry); return; @@ -258,11 +269,12 @@ static void krb5_ticket_gain_handler(struct event_context *event_ctx, t = timeval_set(KRB5_EVENT_REFRESH_TIME(entry->refresh_time), 0); #endif - entry->event = event_add_timed(winbind_event_context(), entry, - t, - "krb5_ticket_refresh_handler", - krb5_ticket_refresh_handler, - entry); + entry->event = event_add_timed(winbind_event_context(), + entry, + t, + "krb5_ticket_refresh_handler", + krb5_ticket_refresh_handler, + entry); return; #endif @@ -282,7 +294,9 @@ BOOL ccache_entry_exists(const char *username) Ensure we're changing the correct entry. ****************************************************************/ -BOOL ccache_entry_identical(const char *username, uid_t uid, const char *ccname) +BOOL ccache_entry_identical(const char *username, + uid_t uid, + const char *ccname) { struct WINBINDD_CCACHE_ENTRY *entry = get_ccache_by_username(username); @@ -292,11 +306,12 @@ BOOL ccache_entry_identical(const char *username, uid_t uid, const char *ccname) if (entry->uid != uid) { DEBUG(0,("cache_entry_identical: uid's differ: %u != %u\n", - (unsigned int)entry->uid, (unsigned int)uid )); + (unsigned int)entry->uid, (unsigned int)uid)); return False; } if (!strcsequal(entry->ccname, ccname)) { - DEBUG(0,("cache_entry_identical: ccnames differ: (cache) %s != (client) %s\n", + DEBUG(0,("cache_entry_identical: " + "ccnames differ: (cache) %s != (client) %s\n", entry->ccname, ccname)); return False; } @@ -306,22 +321,25 @@ BOOL ccache_entry_identical(const char *username, uid_t uid, const char *ccname) NTSTATUS add_ccache_to_list(const char *princ_name, const char *ccname, const char *service, - const char *username, + const char *username, const char *realm, uid_t uid, - time_t create_time, - time_t ticket_end, - time_t renew_until, + time_t create_time, + time_t ticket_end, + time_t renew_until, BOOL postponed_request) { struct WINBINDD_CCACHE_ENTRY *entry = NULL; + struct timeval t; - if ((username == NULL && princ_name == NULL) || ccname == NULL || uid < 0) { + if ((username == NULL && princ_name == NULL) || + ccname == NULL || uid < 0) { return NT_STATUS_INVALID_PARAMETER; } if (ccache_entry_count() + 1 > MAX_CCACHES) { - DEBUG(10,("add_ccache_to_list: max number of ccaches reached\n")); + DEBUG(10,("add_ccache_to_list: " + "max number of ccaches reached\n")); return NT_STATUS_NO_MORE_ENTRIES; } @@ -333,13 +351,14 @@ NTSTATUS add_ccache_to_list(const char *princ_name, return NT_STATUS_INVALID_PARAMETER; } entry->ref_count++; - DEBUG(10,("add_ccache_to_list: ref count on entry %s is now %d\n", + DEBUG(10,("add_ccache_to_list: " + "ref count on entry %s is now %d\n", username, entry->ref_count)); /* FIXME: in this case we still might want to have a krb5 cred * event handler created - gd*/ return NT_STATUS_OK; } - + entry = TALLOC_P(NULL, struct WINBINDD_CCACHE_ENTRY); if (!entry) { return NT_STATUS_NO_MEMORY; @@ -381,36 +400,46 @@ NTSTATUS add_ccache_to_list(const char *princ_name, entry->uid = uid; entry->ref_count = 1; - if (lp_winbind_refresh_tickets() && renew_until > 0) { - if (postponed_request) { - entry->event = event_add_timed(winbind_event_context(), entry, - timeval_current_ofs(MAX(30, lp_winbind_cache_time()), 0), - "krb5_ticket_gain_handler", - krb5_ticket_gain_handler, - entry); - } else { - /* Renew at 1/2 the ticket expiration time */ - entry->event = event_add_timed(winbind_event_context(), entry, + if (!lp_winbind_refresh_tickets() || renew_until <= 0) { + goto add_entry; + } + + if (postponed_request) { + t = timeval_current_ofs(MAX(30, lp_winbind_cache_time()), 0); + entry->event = event_add_timed(winbind_event_context(), + entry, + t, + "krb5_ticket_gain_handler", + krb5_ticket_gain_handler, + entry); + } else { + /* Renew at 1/2 the ticket expiration time */ #if defined(DEBUG_KRB5_TKT_RENEWAL) - timeval_set(time(NULL)+30, 0), + t = timeval_set(time(NULL)+30, 0); #else - timeval_set(KRB5_EVENT_REFRESH_TIME(ticket_end), 0), + t = timeval_set(KRB5_EVENT_REFRESH_TIME(ticket_end), 0); #endif - "krb5_ticket_refresh_handler", - krb5_ticket_refresh_handler, - entry); - } - - if (!entry->event) { - goto no_mem; - } + entry->event = event_add_timed(winbind_event_context(), + entry, + t, + "krb5_ticket_refresh_handler", + krb5_ticket_refresh_handler, + entry); + } - DEBUG(10,("add_ccache_to_list: added krb5_ticket handler\n")); + if (!entry->event) { + goto no_mem; } + DEBUG(10,("add_ccache_to_list: added krb5_ticket handler\n")); + + add_entry: + DLIST_ADD(ccache_list, entry); - DEBUG(10,("add_ccache_to_list: added ccache [%s] for user [%s] to the list\n", ccname, username)); + DEBUG(10,("add_ccache_to_list: " + "added ccache [%s] for user [%s] to the list\n", + ccname, username)); return NT_STATUS_OK; @@ -421,14 +450,15 @@ NTSTATUS add_ccache_to_list(const char *princ_name, } /******************************************************************* - Remove a WINBINDD_CCACHE_ENTRY entry and the krb5 ccache if no longer referenced. -*******************************************************************/ + Remove a WINBINDD_CCACHE_ENTRY entry and the krb5 ccache if no longer + referenced. + *******************************************************************/ NTSTATUS remove_ccache(const char *username) { struct WINBINDD_CCACHE_ENTRY *entry = get_ccache_by_username(username); NTSTATUS status = NT_STATUS_OK; -#ifdef HAVE_KRB5 + #ifdef HAVE_KRB5 krb5_error_code ret; #endif @@ -437,7 +467,8 @@ NTSTATUS remove_ccache(const char *username) } if (entry->ref_count <= 0) { - DEBUG(0,("remove_ccache: logic error. ref count for user %s = %d\n", + DEBUG(0,("remove_ccache: logic error. " + "ref count for user %s = %d\n", username, entry->ref_count)); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -446,7 +477,7 @@ NTSTATUS remove_ccache(const char *username) if (entry->ref_count > 0) { DEBUG(10,("remove_ccache: entry %s ref count now %d\n", - username, entry->ref_count )); + username, entry->ref_count)); return NT_STATUS_OK; } @@ -462,10 +493,12 @@ NTSTATUS remove_ccache(const char *username) if (ret == KRB5_FCC_NOFILE) { ret = 0; } else if (ret) { - DEBUG(0,("remove_ccache: failed to destroy user krb5 ccache %s with: %s\n", + DEBUG(0,("remove_ccache: " + "failed to destroy user krb5 ccache %s with: %s\n", entry->ccname, error_message(ret))); } else { - DEBUG(10,("remove_ccache: successfully destroyed krb5 ccache %s for user %s\n", + DEBUG(10,("remove_ccache: " + "successfully destroyed krb5 ccache %s for user %s\n", entry->ccname, username)); } status = krb5_to_nt_status(ret); @@ -503,7 +536,8 @@ struct WINBINDD_MEMORY_CREDS *find_memory_creds_by_name(const char *username) Store the required creds and mlock them. ***********************************************************/ -static NTSTATUS store_memory_creds(struct WINBINDD_MEMORY_CREDS *memcredp, const char *pass) +static NTSTATUS store_memory_creds(struct WINBINDD_MEMORY_CREDS *memcredp, + const char *pass) { #if !defined(HAVE_MLOCK) return NT_STATUS_OK; @@ -519,27 +553,27 @@ static NTSTATUS store_memory_creds(struct WINBINDD_MEMORY_CREDS *memcredp, const #if defined(LINUX) - /* aligning the memory on on x86_64 and compiling - with gcc 4.1 using -O2 causes a segv in the + /* aligning the memory on on x86_64 and compiling + with gcc 4.1 using -O2 causes a segv in the next memset() --jerry */ memcredp->nt_hash = SMB_MALLOC_ARRAY(unsigned char, memcredp->len); #else /* On non-linux platforms, mlock()'d memory must be aligned */ - memcredp->nt_hash = SMB_MEMALIGN_ARRAY(unsigned char, + memcredp->nt_hash = SMB_MEMALIGN_ARRAY(unsigned char, getpagesize(), memcredp->len); #endif if (!memcredp->nt_hash) { return NT_STATUS_NO_MEMORY; } - memset( memcredp->nt_hash, 0x0, memcredp->len ); + memset(memcredp->nt_hash, 0x0, memcredp->len); memcredp->lm_hash = memcredp->nt_hash + NT_HASH_LEN; #ifdef DEBUG_PASSWORD DEBUG(10,("mlocking memory: %p\n", memcredp->nt_hash)); -#endif +#endif if ((mlock(memcredp->nt_hash, memcredp->len)) == -1) { - DEBUG(0,("failed to mlock memory: %s (%d)\n", + DEBUG(0,("failed to mlock memory: %s (%d)\n", strerror(errno), errno)); SAFE_FREE(memcredp->nt_hash); return map_nt_error_from_unix(errno); @@ -547,7 +581,7 @@ static NTSTATUS store_memory_creds(struct WINBINDD_MEMORY_CREDS *memcredp, const #ifdef DEBUG_PASSWORD DEBUG(10,("mlocked memory: %p\n", memcredp->nt_hash)); -#endif +#endif /* Create and store the password hashes. */ E_md4hash(pass, memcredp->nt_hash); @@ -555,7 +589,8 @@ static NTSTATUS store_memory_creds(struct WINBINDD_MEMORY_CREDS *memcredp, const if (pass) { memcredp->pass = (char *)memcredp->lm_hash + LM_HASH_LEN; - memcpy(memcredp->pass, pass, memcredp->len - NT_HASH_LEN - LM_HASH_LEN); + memcpy(memcredp->pass, pass, + memcredp->len - NT_HASH_LEN - LM_HASH_LEN); } return NT_STATUS_OK; @@ -572,7 +607,7 @@ static NTSTATUS delete_memory_creds(struct WINBINDD_MEMORY_CREDS *memcredp) return NT_STATUS_OK; #else if (munlock(memcredp->nt_hash, memcredp->len) == -1) { - DEBUG(0,("failed to munlock memory: %s (%d)\n", + DEBUG(0,("failed to munlock memory: %s (%d)\n", strerror(errno), errno)); return map_nt_error_from_unix(errno); } @@ -591,7 +626,7 @@ static NTSTATUS delete_memory_creds(struct WINBINDD_MEMORY_CREDS *memcredp) ***********************************************************/ static NTSTATUS winbindd_replace_memory_creds_internal(struct WINBINDD_MEMORY_CREDS *memcredp, - const char *pass) + const char *pass) { NTSTATUS status = delete_memory_creds(memcredp); if (!NT_STATUS_IS_OK(status)) { @@ -604,32 +639,38 @@ static NTSTATUS winbindd_replace_memory_creds_internal(struct WINBINDD_MEMORY_CR Store credentials in memory in a list. *************************************************************/ -static NTSTATUS winbindd_add_memory_creds_internal(const char *username, uid_t uid, const char *pass) +static NTSTATUS winbindd_add_memory_creds_internal(const char *username, + uid_t uid, + const char *pass) { /* Shortcut to ensure we don't store if no mlock. */ #if !defined(HAVE_MLOCK) || !defined(HAVE_MUNLOCK) return NT_STATUS_OK; #else NTSTATUS status; - struct WINBINDD_MEMORY_CREDS *memcredp = find_memory_creds_by_name(username); + struct WINBINDD_MEMORY_CREDS *memcredp = NULL; + memcredp = find_memory_creds_by_name(username); if (uid == (uid_t)-1) { - DEBUG(0,("winbindd_add_memory_creds_internal: invalid uid for user %s.\n", - username )); + DEBUG(0,("winbindd_add_memory_creds_internal: " + "invalid uid for user %s.\n", username)); return NT_STATUS_INVALID_PARAMETER; } if (memcredp) { /* Already exists. Increment the reference count and replace stored creds. */ if (uid != memcredp->uid) { - DEBUG(0,("winbindd_add_memory_creds_internal: uid %u for user %s doesn't " + DEBUG(0,("winbindd_add_memory_creds_internal: " + "uid %u for user %s doesn't " "match stored uid %u. Replacing.\n", - (unsigned int)uid, username, (unsigned int)memcredp->uid )); + (unsigned int)uid, username, + (unsigned int)memcredp->uid)); memcredp->uid = uid; } memcredp->ref_count++; - DEBUG(10,("winbindd_add_memory_creds_internal: ref count for user %s is now %d\n", - username, memcredp->ref_count )); + DEBUG(10,("winbindd_add_memory_creds_internal: " + "ref count for user %s is now %d\n", + username, memcredp->ref_count)); return winbindd_replace_memory_creds_internal(memcredp, pass); } @@ -653,21 +694,23 @@ static NTSTATUS winbindd_add_memory_creds_internal(const char *username, uid_t u memcredp->ref_count = 1; DLIST_ADD(memory_creds_list, memcredp); - DEBUG(10,("winbindd_add_memory_creds_internal: added entry for user %s\n", - username )); + DEBUG(10,("winbindd_add_memory_creds_internal: " + "added entry for user %s\n", username)); return NT_STATUS_OK; #endif } /************************************************************* - Store users credentials in memory. If we also have a + Store users credentials in memory. If we also have a struct WINBINDD_CCACHE_ENTRY for this username with a refresh timer, then store the plaintext of the password and associate the new credentials with the struct WINBINDD_CCACHE_ENTRY. *************************************************************/ -NTSTATUS winbindd_add_memory_creds(const char *username, uid_t uid, const char *pass) +NTSTATUS winbindd_add_memory_creds(const char *username, + uid_t uid, + const char *pass) { struct WINBINDD_CCACHE_ENTRY *entry = get_ccache_by_username(username); NTSTATUS status; @@ -678,7 +721,8 @@ NTSTATUS winbindd_add_memory_creds(const char *username, uid_t uid, const char * } if (entry) { - struct WINBINDD_MEMORY_CREDS *memcredp = find_memory_creds_by_name(username); + struct WINBINDD_MEMORY_CREDS *memcredp = NULL; + memcredp = find_memory_creds_by_name(username); if (memcredp) { entry->cred_ptr = memcredp; } @@ -693,18 +737,22 @@ NTSTATUS winbindd_add_memory_creds(const char *username, uid_t uid, const char * NTSTATUS winbindd_delete_memory_creds(const char *username) { - struct WINBINDD_MEMORY_CREDS *memcredp = find_memory_creds_by_name(username); - struct WINBINDD_CCACHE_ENTRY *entry = get_ccache_by_username(username); + struct WINBINDD_MEMORY_CREDS *memcredp = NULL; + struct WINBINDD_CCACHE_ENTRY *entry = NULL; NTSTATUS status = NT_STATUS_OK; + memcredp = find_memory_creds_by_name(username); + entry = get_ccache_by_username(username); + if (!memcredp) { DEBUG(10,("winbindd_delete_memory_creds: unknown user %s\n", - username )); + username)); return NT_STATUS_OBJECT_NAME_NOT_FOUND; } if (memcredp->ref_count <= 0) { - DEBUG(0,("winbindd_delete_memory_creds: logic error. ref count for user %s = %d\n", + DEBUG(0,("winbindd_delete_memory_creds: logic error. " + "ref count for user %s = %d\n", username, memcredp->ref_count)); status = NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -714,16 +762,20 @@ NTSTATUS winbindd_delete_memory_creds(const char *username) delete_memory_creds(memcredp); DLIST_REMOVE(memory_creds_list, memcredp); talloc_destroy(memcredp); - DEBUG(10,("winbindd_delete_memory_creds: deleted entry for user %s\n", + DEBUG(10,("winbindd_delete_memory_creds: " + "deleted entry for user %s\n", username)); } else { - DEBUG(10,("winbindd_delete_memory_creds: entry for user %s ref_count now %d\n", + DEBUG(10,("winbindd_delete_memory_creds: " + "entry for user %s ref_count now %d\n", username, memcredp->ref_count)); } if (entry) { - entry->cred_ptr = NULL; /* Ensure we have no dangling references to this. */ + /* Ensure we have no dangling references to this. */ + entry->cred_ptr = NULL; } + return status; } @@ -731,18 +783,20 @@ NTSTATUS winbindd_delete_memory_creds(const char *username) Replace the required creds with new ones (password change). ***********************************************************/ -NTSTATUS winbindd_replace_memory_creds(const char *username, const char *pass) +NTSTATUS winbindd_replace_memory_creds(const char *username, + const char *pass) { - struct WINBINDD_MEMORY_CREDS *memcredp = find_memory_creds_by_name(username); + struct WINBINDD_MEMORY_CREDS *memcredp = NULL; + memcredp = find_memory_creds_by_name(username); if (!memcredp) { DEBUG(10,("winbindd_replace_memory_creds: unknown user %s\n", - username )); + username)); return NT_STATUS_OBJECT_NAME_NOT_FOUND; } DEBUG(10,("winbindd_replace_memory_creds: replaced creds for user %s\n", - username )); + username)); return winbindd_replace_memory_creds_internal(memcredp, pass); } -- cgit