summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorJim McDonough <jmcd@samba.org>2005-08-05 12:33:00 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:00:26 -0500
commit7fff6638fca113694ef1570ce1331cc8c2e056f8 (patch)
treed5e3874aa1d7a3a197df6713160c2cacb8ea9a3e /source3/rpc_server
parent6014bb000e77e2522cb35110af881b9b0ccc9ed5 (diff)
downloadsamba-7fff6638fca113694ef1570ce1331cc8c2e056f8.tar.gz
samba-7fff6638fca113694ef1570ce1331cc8c2e056f8.tar.bz2
samba-7fff6638fca113694ef1570ce1331cc8c2e056f8.zip
r9112: Fix #2953 - credentials chain on DC gets out of sync with client when
NT_STATUS_NO_USER returned. We were moving to the next step in the chain when the client wasn't. Only update when the user logs on. (This used to be commit b01a3a4111f544eef5bd678237d07a82d1ce9c22)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_netlog_nt.c17
1 files changed, 12 insertions, 5 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 7880a724b5..0af8b14fe2 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -449,6 +449,7 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *
if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->clnt_id.cred, &srv_cred)))
return NT_STATUS_INVALID_HANDLE;
+ reseed_client_creds(&p->dc.clnt_cred, &q_u->clnt_id.cred);
memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred));
DEBUG(5,("_net_srv_pwset: %d\n", __LINE__));
@@ -545,6 +546,8 @@ NTSTATUS _net_sam_logoff(pipes_struct *p, NET_Q_SAM_LOGOFF *q_u, NET_R_SAM_LOGOF
&q_u->sam_id.client.cred, &srv_cred)))
return NT_STATUS_INVALID_HANDLE;
+ /* what happens if we get a logoff for an unknown user? */
+ reseed_client_creds(&p->dc.clnt_cred, &q_u->sam_id.client.cred);
memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred));
/* XXXX maybe we want to say 'no', reject the client's credentials */
@@ -603,11 +606,6 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->sam_id.client.cred, &srv_cred)))
return NT_STATUS_INVALID_HANDLE;
- memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred));
-
- r_u->buffer_creds = 1; /* yes, we have valid server credentials */
- memcpy(&r_u->srv_creds, &srv_cred, sizeof(r_u->srv_creds));
-
/* find the username */
switch (q_u->sam_id.logon_level) {
@@ -719,6 +717,15 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
return status;
}
+ /* moved from right after deal_with_creds above, since we weren't
+ supposed to update unless logon was successful */
+
+ reseed_client_creds(&p->dc.clnt_cred, &q_u->sam_id.client.cred);
+ memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred));
+
+ r_u->buffer_creds = 1; /* yes, we have valid server credentials */
+ memcpy(&r_u->srv_creds, &srv_cred, sizeof(r_u->srv_creds));
+
if (server_info->guest) {
/* We don't like guest domain logons... */
DEBUG(5,("_net_sam_logon: Attempted domain logon as GUEST denied.\n"));