diff options
author | Jim McDonough <jmcd@samba.org> | 2005-08-05 12:33:00 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:00:26 -0500 |
commit | 7fff6638fca113694ef1570ce1331cc8c2e056f8 (patch) | |
tree | d5e3874aa1d7a3a197df6713160c2cacb8ea9a3e /source3/rpc_server | |
parent | 6014bb000e77e2522cb35110af881b9b0ccc9ed5 (diff) | |
download | samba-7fff6638fca113694ef1570ce1331cc8c2e056f8.tar.gz samba-7fff6638fca113694ef1570ce1331cc8c2e056f8.tar.bz2 samba-7fff6638fca113694ef1570ce1331cc8c2e056f8.zip |
r9112: Fix #2953 - credentials chain on DC gets out of sync with client when
NT_STATUS_NO_USER returned. We were moving to the next step in the
chain when the client wasn't. Only update when the user logs on.
(This used to be commit b01a3a4111f544eef5bd678237d07a82d1ce9c22)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r-- | source3/rpc_server/srv_netlog_nt.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 7880a724b5..0af8b14fe2 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -449,6 +449,7 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET * if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->clnt_id.cred, &srv_cred))) return NT_STATUS_INVALID_HANDLE; + reseed_client_creds(&p->dc.clnt_cred, &q_u->clnt_id.cred); memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred)); DEBUG(5,("_net_srv_pwset: %d\n", __LINE__)); @@ -545,6 +546,8 @@ NTSTATUS _net_sam_logoff(pipes_struct *p, NET_Q_SAM_LOGOFF *q_u, NET_R_SAM_LOGOF &q_u->sam_id.client.cred, &srv_cred))) return NT_STATUS_INVALID_HANDLE; + /* what happens if we get a logoff for an unknown user? */ + reseed_client_creds(&p->dc.clnt_cred, &q_u->sam_id.client.cred); memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred)); /* XXXX maybe we want to say 'no', reject the client's credentials */ @@ -603,11 +606,6 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->sam_id.client.cred, &srv_cred))) return NT_STATUS_INVALID_HANDLE; - memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred)); - - r_u->buffer_creds = 1; /* yes, we have valid server credentials */ - memcpy(&r_u->srv_creds, &srv_cred, sizeof(r_u->srv_creds)); - /* find the username */ switch (q_u->sam_id.logon_level) { @@ -719,6 +717,15 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * return status; } + /* moved from right after deal_with_creds above, since we weren't + supposed to update unless logon was successful */ + + reseed_client_creds(&p->dc.clnt_cred, &q_u->sam_id.client.cred); + memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred)); + + r_u->buffer_creds = 1; /* yes, we have valid server credentials */ + memcpy(&r_u->srv_creds, &srv_cred, sizeof(r_u->srv_creds)); + if (server_info->guest) { /* We don't like guest domain logons... */ DEBUG(5,("_net_sam_logon: Attempted domain logon as GUEST denied.\n")); |