s3:winbind: Store canonical principal and realm in ccache entry

They will be used later to refresh the tickets.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h
index a6b2238cec18078cc25973327d7ca1b294a7c873..dac4a1fa92721c638c1ba1b4153b3a5fa3313755 100644 (file)
--- a/source3/winbindd/winbindd.h
+++ b/source3/winbindd/winbindd.h
@@ -344,6 +344,8 @@ struct WINBINDD_CCACHE_ENTRY {
        const char *service;
        const char *username;
        const char *realm;
+       const char *canon_principal;
+       const char *canon_realm;
        struct WINBINDD_MEMORY_CREDS *cred_ptr;
        int ref_count;
        uid_t uid;

diff --git a/source3/winbindd/winbindd_cred_cache.c b/source3/winbindd/winbindd_cred_cache.c
index c3077e219893d62785ef8c4bdeb44772fc9619a6..88847b1ab97ce2595a5c56cbdf2d8caa04937c19 100644 (file)
--- a/source3/winbindd/winbindd_cred_cache.c
+++ b/source3/winbindd/winbindd_cred_cache.c
@@ -501,7 +501,9 @@ NTSTATUS add_ccache_to_list(const char *princ_name,
                            time_t create_time,
                            time_t ticket_end,
                            time_t renew_until,
-                           bool postponed_request)
+                           bool postponed_request,
+                           const char *canon_principal,
+                           const char *canon_realm)
 {
        struct WINBINDD_CCACHE_ENTRY *entry = NULL;
        struct timeval t;
@@ -617,6 +619,18 @@ NTSTATUS add_ccache_to_list(const char *princ_name,
                        goto no_mem;
                }
        }
+       if (canon_principal != NULL) {
+               entry->canon_principal = talloc_strdup(entry, canon_principal);
+               if (entry->canon_principal == NULL) {
+                       goto no_mem;
+               }
+       }
+       if (canon_realm != NULL) {
+               entry->canon_realm = talloc_strdup(entry, canon_realm);
+               if (entry->canon_realm == NULL) {
+                       goto no_mem;
+               }
+       }
 
        entry->ccname = talloc_strdup(entry, ccname);
        if (!entry->ccname) {

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 3ceaec6977f72cff4b955fb75e91e2dc021d93e9..ca89d48cb491c9ed0bb043335bb4cfc3a378fcf4 100644 (file)
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -687,6 +687,8 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
        const char *local_service;
        uint32_t i;
        struct netr_SamInfo6 *info6_copy = NULL;
+       char *canon_principal = NULL;
+       char *canon_realm = NULL;
        bool ok;
 
        *info6 = NULL;
@@ -789,8 +791,8 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
                                     WINBINDD_PAM_AUTH_KRB5_RENEW_TIME,
                                     NULL,
                                     local_service,
-                                    NULL,
-                                    NULL,
+                                    &canon_principal,
+                                    &canon_realm,
                                     &pac_data_ctr);
        if (user_ccache_file != NULL) {
                gain_root_privilege();
@@ -856,7 +858,9 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
                                            time(NULL),
                                            ticket_lifetime,
                                            renewal_until,
-                                           false);
+                                           false,
+                                           canon_principal,
+                                           canon_realm);
 
                if (!NT_STATUS_IS_OK(result)) {
                        DEBUG(10,("winbindd_raw_kerberos_login: failed to add ccache to list: %s\n",
@@ -1233,7 +1237,9 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
                                                            time(NULL),
                                                            time(NULL) + lp_winbind_cache_time(),
                                                            time(NULL) + WINBINDD_PAM_AUTH_KRB5_RENEW_TIME,
-                                                           true);
+                                                           true,
+                                                           principal_s,
+                                                           realm);
 
                                if (!NT_STATUS_IS_OK(result)) {
                                        DEBUG(10,("winbindd_dual_pam_auth_cached: failed "

diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index c0d653a6d7782f4d6b7e2f9b86781311447f2350..16c23f3de401c2a355ebe3d81208a6eff1f46cfa 100644 (file)
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -236,7 +236,9 @@ NTSTATUS add_ccache_to_list(const char *princ_name,
                            time_t create_time,
                            time_t ticket_end,
                            time_t renew_until,
-                           bool postponed_request);
+                           bool postponed_request,
+                           const char *canon_principal,
+                           const char *canon_realm);
 NTSTATUS remove_ccache(const char *username);
 struct WINBINDD_MEMORY_CREDS *find_memory_creds_by_name(const char *username);
 NTSTATUS winbindd_add_memory_creds(const char *username,