summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2005-09-16 16:20:48 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:03:40 -0500
commitc2e5ce15017270cfc62ea4fed23976115305b0d5 (patch)
tree307713423d80cf95d9e1cd41ecac24b49d079259
parentbc9c617b16b1996812d6e698d74aef27c5f4e8d7 (diff)
downloadsamba-c2e5ce15017270cfc62ea4fed23976115305b0d5.tar.gz
samba-c2e5ce15017270cfc62ea4fed23976115305b0d5.tar.bz2
samba-c2e5ce15017270cfc62ea4fed23976115305b0d5.zip
r10269: Server-side fix for creds change - revert jcmd's change.
Jeremy. (This used to be commit e1c9813d63a441037bc71622a29acda099d72f71)
-rw-r--r--source3/libsmb/credentials.c32
-rw-r--r--source3/rpc_client/cli_netlogon.c1
-rw-r--r--source3/rpc_server/srv_netlog_nt.c10
3 files changed, 4 insertions, 39 deletions
diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c
index 322b25ee43..0d521bae8a 100644
--- a/source3/libsmb/credentials.c
+++ b/source3/libsmb/credentials.c
@@ -208,36 +208,8 @@ BOOL deal_with_creds(uchar sess_key[8],
DEBUG(5,("deal_with_creds: clnt_cred=%s\n", credstr(sto_clnt_cred->challenge.data)));
- /* Bug #2953 - don't store new seed in client credentials
- here, because we need to make sure we're moving forward first
- */
+ /* store new seed in client credentials */
+ SIVAL(sto_clnt_cred->challenge.data, 0, new_cred);
return True;
}
-
-/*
- stores new seed in client credentials
- jmcd - Bug #2953 - moved this functionality out of deal_with_creds, because we're
- not supposed to move to the next step in the chain if a nonexistent user tries to logon
-*/
-void reseed_client_creds(DOM_CRED *sto_clnt_cred, DOM_CRED *rcv_clnt_cred)
-{
- UTIME new_clnt_time;
- uint32 new_cred;
-
- /* increment client time by one second */
- new_clnt_time.time = rcv_clnt_cred->timestamp.time + 1;
-
- /* first 4 bytes of the new seed is old client 4 bytes + clnt time + 1 */
- new_cred = IVAL(sto_clnt_cred->challenge.data, 0);
- new_cred += new_clnt_time.time;
-
- DEBUG(5,("reseed_client_creds: new_cred[0]=%x\n", new_cred));
- DEBUG(5,("reseed_client_creds: new_clnt_time=%x\n",
- new_clnt_time.time));
- DEBUG(5,("reseed_client_creds: clnt_cred=%s\n",
- credstr(sto_clnt_cred->challenge.data)));
-
- /* store new seed in client credentials */
- SIVAL(sto_clnt_cred->challenge.data, 0, new_cred);
-}
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index 1474c94513..fad60dbc20 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -931,7 +931,6 @@ NTSTATUS cli_net_srv_pwset(struct cli_state *cli, TALLOC_CTX *mem_ctx,
{
/* report error code */
DEBUG(0,("cli_net_srv_pwset: %s\n", nt_errstr(nt_status)));
- goto done;
}
/* Update the credentials. */
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 78ff669d07..15827a8b55 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -449,7 +449,6 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *
if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->clnt_id.cred, &srv_cred)))
return NT_STATUS_INVALID_HANDLE;
- reseed_client_creds(&p->dc.clnt_cred, &q_u->clnt_id.cred);
memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred));
DEBUG(5,("_net_srv_pwset: %d\n", __LINE__));
@@ -547,7 +546,6 @@ NTSTATUS _net_sam_logoff(pipes_struct *p, NET_Q_SAM_LOGOFF *q_u, NET_R_SAM_LOGOF
return NT_STATUS_INVALID_HANDLE;
/* what happens if we get a logoff for an unknown user? */
- reseed_client_creds(&p->dc.clnt_cred, &q_u->sam_id.client.cred);
memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred));
/* XXXX maybe we want to say 'no', reject the client's credentials */
@@ -606,6 +604,8 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->sam_id.client.cred, &srv_cred)))
return NT_STATUS_INVALID_HANDLE;
+ memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred));
+
r_u->buffer_creds = 1; /* yes, we have valid server credentials */
memcpy(&r_u->srv_creds, &srv_cred, sizeof(r_u->srv_creds));
@@ -729,12 +729,6 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
return status;
}
- /* moved from right after deal_with_creds above, since we weren't
- supposed to update unless logon was successful */
-
- reseed_client_creds(&p->dc.clnt_cred, &q_u->sam_id.client.cred);
- memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred));
-
if (server_info->guest) {
/* We don't like guest domain logons... */
DEBUG(5,("_net_sam_logon: Attempted domain logon as GUEST denied.\n"));