summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndreas Schneider <asn@samba.org>2012-07-17 10:50:48 +0200
committerAndreas Schneider <asn@samba.org>2012-07-17 13:26:37 +0200
commit18692b060f098015bf2eee0835611eb7d95fd923 (patch)
treea88d063a3c31f346a7c9a34e5d8029d1d6cab192 /source4
parent197781a651d5be0b491a0aa51cc3756049a1e1d5 (diff)
downloadsamba-18692b060f098015bf2eee0835611eb7d95fd923.tar.gz
samba-18692b060f098015bf2eee0835611eb7d95fd923.tar.bz2
samba-18692b060f098015bf2eee0835611eb7d95fd923.zip
s4-auth: Make sure we use the correct credential state.
If we create a copy of the credential state we miss updates to the credentials. To establish a netlogon schannel connection we create client credentials and authenticate with them using dcerpc_netr_ServerAuthenticate2() For this we call netlogon_creds_client_authenticator() which increases the sequence number and steps the credentials. Lets assume the sequence number is 1002. After a successful authentication we get the server credentials and we send bind a auth request with the received creds. This sets up gensec and the gensec schannel module created a copy of the client creds and stores it in the schannel auth state. So the creds stored in gensec have the sequence number 1002. After that we continue and need the client credentials to call dcerpc_netr_LogonGetCapabilities() to verify the connection. So we need to increase the sequence number of the credentials to 1004 and step the credentials to the next state. The server always does the same and everything is just fine here. The connection is established and we want to do another netlogon call. So we get the creds from gensec and want to do a netlogon call e.g. dcerpc_netr_SamLogonWithFlags. We get the needed creds from gensec. The sequence number is 1002 and we talk to the server. The server is already ahead cause we are already at sequence number 1004 and the server expects it to be 1006. So the server gives us ACCESS_DENIED cause we use a copy in gensec. Signed-off-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'source4')
-rw-r--r--source4/auth/gensec/schannel.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
index 2465e53bff..e7c545fb66 100644
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -77,7 +77,12 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
if (state->creds == NULL) {
return NT_STATUS_INVALID_PARAMETER_MIX;
}
- state->creds = netlogon_creds_copy(state, state->creds);
+ /*
+ * We need to create a reference here or we don't get
+ * updates performed on the credentials if we create a
+ * copy.
+ */
+ state->creds = talloc_reference(state, state->creds);
if (state->creds == NULL) {
return NT_STATUS_NO_MEMORY;
}