From c2e5ce15017270cfc62ea4fed23976115305b0d5 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 16 Sep 2005 16:20:48 +0000 Subject: r10269: Server-side fix for creds change - revert jcmd's change. Jeremy. (This used to be commit e1c9813d63a441037bc71622a29acda099d72f71) --- source3/libsmb/credentials.c | 32 ++------------------------------ source3/rpc_client/cli_netlogon.c | 1 - source3/rpc_server/srv_netlog_nt.c | 10 ++-------- 3 files changed, 4 insertions(+), 39 deletions(-) diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c index 322b25ee43..0d521bae8a 100644 --- a/source3/libsmb/credentials.c +++ b/source3/libsmb/credentials.c @@ -208,36 +208,8 @@ BOOL deal_with_creds(uchar sess_key[8], DEBUG(5,("deal_with_creds: clnt_cred=%s\n", credstr(sto_clnt_cred->challenge.data))); - /* Bug #2953 - don't store new seed in client credentials - here, because we need to make sure we're moving forward first - */ + /* store new seed in client credentials */ + SIVAL(sto_clnt_cred->challenge.data, 0, new_cred); return True; } - -/* - stores new seed in client credentials - jmcd - Bug #2953 - moved this functionality out of deal_with_creds, because we're - not supposed to move to the next step in the chain if a nonexistent user tries to logon -*/ -void reseed_client_creds(DOM_CRED *sto_clnt_cred, DOM_CRED *rcv_clnt_cred) -{ - UTIME new_clnt_time; - uint32 new_cred; - - /* increment client time by one second */ - new_clnt_time.time = rcv_clnt_cred->timestamp.time + 1; - - /* first 4 bytes of the new seed is old client 4 bytes + clnt time + 1 */ - new_cred = IVAL(sto_clnt_cred->challenge.data, 0); - new_cred += new_clnt_time.time; - - DEBUG(5,("reseed_client_creds: new_cred[0]=%x\n", new_cred)); - DEBUG(5,("reseed_client_creds: new_clnt_time=%x\n", - new_clnt_time.time)); - DEBUG(5,("reseed_client_creds: clnt_cred=%s\n", - credstr(sto_clnt_cred->challenge.data))); - - /* store new seed in client credentials */ - SIVAL(sto_clnt_cred->challenge.data, 0, new_cred); -} diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index 1474c94513..fad60dbc20 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -931,7 +931,6 @@ NTSTATUS cli_net_srv_pwset(struct cli_state *cli, TALLOC_CTX *mem_ctx, { /* report error code */ DEBUG(0,("cli_net_srv_pwset: %s\n", nt_errstr(nt_status))); - goto done; } /* Update the credentials. */ diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 78ff669d07..15827a8b55 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -449,7 +449,6 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET * if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->clnt_id.cred, &srv_cred))) return NT_STATUS_INVALID_HANDLE; - reseed_client_creds(&p->dc.clnt_cred, &q_u->clnt_id.cred); memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred)); DEBUG(5,("_net_srv_pwset: %d\n", __LINE__)); @@ -547,7 +546,6 @@ NTSTATUS _net_sam_logoff(pipes_struct *p, NET_Q_SAM_LOGOFF *q_u, NET_R_SAM_LOGOF return NT_STATUS_INVALID_HANDLE; /* what happens if we get a logoff for an unknown user? */ - reseed_client_creds(&p->dc.clnt_cred, &q_u->sam_id.client.cred); memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred)); /* XXXX maybe we want to say 'no', reject the client's credentials */ @@ -606,6 +604,8 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->sam_id.client.cred, &srv_cred))) return NT_STATUS_INVALID_HANDLE; + memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred)); + r_u->buffer_creds = 1; /* yes, we have valid server credentials */ memcpy(&r_u->srv_creds, &srv_cred, sizeof(r_u->srv_creds)); @@ -729,12 +729,6 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * return status; } - /* moved from right after deal_with_creds above, since we weren't - supposed to update unless logon was successful */ - - reseed_client_creds(&p->dc.clnt_cred, &q_u->sam_id.client.cred); - memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred)); - if (server_info->guest) { /* We don't like guest domain logons... */ DEBUG(5,("_net_sam_logon: Attempted domain logon as GUEST denied.\n")); -- cgit