r20536: In the offline PAM session close case the attempt to delete a

non-existing krb5 credential cache should not generate an error.

Guenther
(This used to be commit 11c6f573af5c1d3387e60f3fc44b00e28cd87813)

diff --git a/source3/libads/krb5_errs.c b/source3/libads/krb5_errs.c
index a4a3bd3adb3308fd72e8de0717831e8c8a4ecccc..89cfc2d14397622538982e4b15f392d61cac6498 100644 (file)
--- a/source3/libads/krb5_errs.c
+++ b/source3/libads/krb5_errs.c
@@ -56,6 +56,8 @@ static const struct {
 #if defined(KRB5KRB_ERR_RESPONSE_TOO_BIG)
        {KRB5KRB_ERR_RESPONSE_TOO_BIG, NT_STATUS_PROTOCOL_UNREACHABLE},
 #endif
+       {KRB5_CC_NOTFOUND, NT_STATUS_NO_SUCH_FILE},
+       {KRB5_FCC_NOFILE, NT_STATUS_NO_SUCH_FILE},
        {KRB5KDC_ERR_NONE, NT_STATUS_OK},
        {0, NT_STATUS_OK}
 };

diff --git a/source3/nsswitch/winbindd_cred_cache.c b/source3/nsswitch/winbindd_cred_cache.c
index 5772be15a86dd4b45b05e232cc91385f5d28cd98..def4c6197cc105bc0076212a260897fac986cc20 100644 (file)
--- a/source3/nsswitch/winbindd_cred_cache.c
+++ b/source3/nsswitch/winbindd_cred_cache.c
@@ -419,7 +419,11 @@ NTSTATUS remove_ccache(const char *username)
 
 #ifdef HAVE_KRB5
        ret = ads_kdestroy(entry->ccname);
-       if (ret) {
+
+       /* we ignore the error when there has been no credential cache */
+       if (ret == KRB5_FCC_NOFILE) {
+               ret = 0;
+       } else if (ret) {
                DEBUG(0,("remove_ccache: failed to destroy user krb5 ccache %s with: %s\n",
                        entry->ccname, error_message(ret)));
        } else {