]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
s3:libsmb: add a cache for cli_session_creds_prepare_krb5()
authorStefan Metzmacher <metze@samba.org>
Wed, 7 Aug 2019 10:11:58 +0000 (12:11 +0200)
committerAndreas Schneider <asn@cryptomilk.org>
Tue, 9 Jun 2020 16:02:59 +0000 (16:02 +0000)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
source3/include/client.h
source3/libsmb/cliconnect.c

index 6a3b1b02ff37ee1d6ec1b907e04d20e545942a40..c9d1f00146e638c9293899d88e51a893a4815baf 100644 (file)
@@ -95,6 +95,14 @@ struct cli_state {
                struct smbXcli_tcon *tcon;
                struct idr_context *open_handles;
        } smb2;
+
+       /*
+        * We don't want to kinit twice if
+        * cli_session_creds_prepare_krb5()
+        * is called more than once for a given
+        * cli_state cli_credentials combination.
+        */
+       const struct cli_credentials *last_prepared_creds;
 };
 
 struct file_info {
index 1fb1f0127b966d07c02e3c5b4bfe65679c699755..c1be7fc39430862089fb7221e63af5df9d87f1cd 100644 (file)
@@ -305,6 +305,18 @@ NTSTATUS cli_session_creds_prepare_krb5(struct cli_state *cli,
         * only if required!
         */
        setenv(KRB5_ENV_CCNAME, "MEMORY:cliconnect", 1);
+
+       if (cli->last_prepared_creds == creds) {
+               DBG_DEBUG("Re-using previously prepared Kerberos credentials "
+                         "for %s to access %s.\n",
+                         user_principal,
+                         target_hostname);
+               TALLOC_FREE(frame);
+               return NT_STATUS_OK;
+       }
+
+       cli->last_prepared_creds = NULL;
+
        ret = kerberos_kinit_password_ext(user_principal,
                                          pass,
                                          0,
@@ -362,6 +374,8 @@ NTSTATUS cli_session_creds_prepare_krb5(struct cli_state *cli,
                  canon_principal,
                  target_hostname);
 
+       cli->last_prepared_creds = creds;
+
        TALLOC_FREE(frame);
        return NT_STATUS_OK;
 }