summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJim McDonough <jmcd@samba.org>2005-08-05 12:33:00 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:00:26 -0500
commit7fff6638fca113694ef1570ce1331cc8c2e056f8 (patch)
treed5e3874aa1d7a3a197df6713160c2cacb8ea9a3e /source3
parent6014bb000e77e2522cb35110af881b9b0ccc9ed5 (diff)
downloadsamba-7fff6638fca113694ef1570ce1331cc8c2e056f8.tar.gz
samba-7fff6638fca113694ef1570ce1331cc8c2e056f8.tar.bz2
samba-7fff6638fca113694ef1570ce1331cc8c2e056f8.zip
r9112: Fix #2953 - credentials chain on DC gets out of sync with client when
NT_STATUS_NO_USER returned. We were moving to the next step in the chain when the client wasn't. Only update when the user logs on. (This used to be commit b01a3a4111f544eef5bd678237d07a82d1ce9c22)
Diffstat (limited to 'source3')
-rw-r--r--source3/libsmb/credentials.c32
-rw-r--r--source3/rpc_server/srv_netlog_nt.c17
2 files changed, 42 insertions, 7 deletions
diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c
index 0d521bae8a..322b25ee43 100644
--- a/source3/libsmb/credentials.c
+++ b/source3/libsmb/credentials.c
@@ -208,8 +208,36 @@ BOOL deal_with_creds(uchar sess_key[8],
DEBUG(5,("deal_with_creds: clnt_cred=%s\n", credstr(sto_clnt_cred->challenge.data)));
- /* store new seed in client credentials */
- SIVAL(sto_clnt_cred->challenge.data, 0, new_cred);
+ /* Bug #2953 - don't store new seed in client credentials
+ here, because we need to make sure we're moving forward first
+ */
return True;
}
+
+/*
+ stores new seed in client credentials
+ jmcd - Bug #2953 - moved this functionality out of deal_with_creds, because we're
+ not supposed to move to the next step in the chain if a nonexistent user tries to logon
+*/
+void reseed_client_creds(DOM_CRED *sto_clnt_cred, DOM_CRED *rcv_clnt_cred)
+{
+ UTIME new_clnt_time;
+ uint32 new_cred;
+
+ /* increment client time by one second */
+ new_clnt_time.time = rcv_clnt_cred->timestamp.time + 1;
+
+ /* first 4 bytes of the new seed is old client 4 bytes + clnt time + 1 */
+ new_cred = IVAL(sto_clnt_cred->challenge.data, 0);
+ new_cred += new_clnt_time.time;
+
+ DEBUG(5,("reseed_client_creds: new_cred[0]=%x\n", new_cred));
+ DEBUG(5,("reseed_client_creds: new_clnt_time=%x\n",
+ new_clnt_time.time));
+ DEBUG(5,("reseed_client_creds: clnt_cred=%s\n",
+ credstr(sto_clnt_cred->challenge.data)));
+
+ /* store new seed in client credentials */
+ SIVAL(sto_clnt_cred->challenge.data, 0, new_cred);
+}
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 7880a724b5..0af8b14fe2 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -449,6 +449,7 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *
if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->clnt_id.cred, &srv_cred)))
return NT_STATUS_INVALID_HANDLE;
+ reseed_client_creds(&p->dc.clnt_cred, &q_u->clnt_id.cred);
memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred));
DEBUG(5,("_net_srv_pwset: %d\n", __LINE__));
@@ -545,6 +546,8 @@ NTSTATUS _net_sam_logoff(pipes_struct *p, NET_Q_SAM_LOGOFF *q_u, NET_R_SAM_LOGOF
&q_u->sam_id.client.cred, &srv_cred)))
return NT_STATUS_INVALID_HANDLE;
+ /* what happens if we get a logoff for an unknown user? */
+ reseed_client_creds(&p->dc.clnt_cred, &q_u->sam_id.client.cred);
memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred));
/* XXXX maybe we want to say 'no', reject the client's credentials */
@@ -603,11 +606,6 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->sam_id.client.cred, &srv_cred)))
return NT_STATUS_INVALID_HANDLE;
- memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred));
-
- r_u->buffer_creds = 1; /* yes, we have valid server credentials */
- memcpy(&r_u->srv_creds, &srv_cred, sizeof(r_u->srv_creds));
-
/* find the username */
switch (q_u->sam_id.logon_level) {
@@ -719,6 +717,15 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
return status;
}
+ /* moved from right after deal_with_creds above, since we weren't
+ supposed to update unless logon was successful */
+
+ reseed_client_creds(&p->dc.clnt_cred, &q_u->sam_id.client.cred);
+ memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred));
+
+ r_u->buffer_creds = 1; /* yes, we have valid server credentials */
+ memcpy(&r_u->srv_creds, &srv_cred, sizeof(r_u->srv_creds));
+
if (server_info->guest) {
/* We don't like guest domain logons... */
DEBUG(5,("_net_sam_logon: Attempted domain logon as GUEST denied.\n"));