r13519: Fix the credentials chaining across netlogon pipe disconnects.

I mean it this time :-).
Jeremy.
(This used to be commit 80f4868944d349015d2b64c2414b06466a8194aa)

1 files changed, 19 insertions, 6 deletions

diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c
index 795c30d12d..5026f513ab 100644
--- a/source3/libsmb/credentials.c
+++ b/source3/libsmb/credentials.c
@@ -183,17 +183,30 @@ static void creds_reseed(struct dcinfo *dc)
 
 BOOL creds_server_step(struct dcinfo *dc, const DOM_CRED *received_cred, DOM_CRED *cred_out)
 {
-	dc->sequence = received_cred->timestamp.time;
+	BOOL ret;
+	struct dcinfo tmp_dc = *dc;
 
-	creds_step(dc);
+	/* Do all operations on a temporary copy of the dc,
+	   which we throw away if the checks fail. */
+
+	tmp_dc.sequence = received_cred->timestamp.time;
+
+	creds_step(&tmp_dc);
 
 	/* Create the outgoing credentials */
-	cred_out->timestamp.time = dc->sequence + 1;
-	cred_out->challenge = dc->srv_chal;
+	cred_out->timestamp.time = tmp_dc.sequence + 1;
+	cred_out->challenge = tmp_dc.srv_chal;
 
-	creds_reseed(dc);
+	creds_reseed(&tmp_dc);
 
-	return creds_server_check(dc, &received_cred->challenge);
+	ret = creds_server_check(&tmp_dc, &received_cred->challenge);
+	if (!ret) {
+		return False;
+	}
+
+	/* creds step succeeded - replace the current creds. */
+	*dc = tmp_dc;
+	return True;
 }
 
 /****************************************************************************