From 3e4cf56fa3f9d465d27dadaa6790bbcdea5d3cd9 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 15 Feb 2006 23:15:55 +0000
Subject: r13519: Fix the credentials chaining across netlogon pipe
 disconnects. I mean it this time :-). Jeremy. (This used to be commit
 80f4868944d349015d2b64c2414b06466a8194aa)

---
 source3/libsmb/credentials.c | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

(limited to 'source3/libsmb/credentials.c')

diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c
index 795c30d12d..5026f513ab 100644
--- a/source3/libsmb/credentials.c
+++ b/source3/libsmb/credentials.c
@@ -183,17 +183,30 @@ static void creds_reseed(struct dcinfo *dc)
 
 BOOL creds_server_step(struct dcinfo *dc, const DOM_CRED *received_cred, DOM_CRED *cred_out)
 {
-	dc->sequence = received_cred->timestamp.time;
+	BOOL ret;
+	struct dcinfo tmp_dc = *dc;
 
-	creds_step(dc);
+	/* Do all operations on a temporary copy of the dc,
+	   which we throw away if the checks fail. */
+
+	tmp_dc.sequence = received_cred->timestamp.time;
+
+	creds_step(&tmp_dc);
 
 	/* Create the outgoing credentials */
-	cred_out->timestamp.time = dc->sequence + 1;
-	cred_out->challenge = dc->srv_chal;
+	cred_out->timestamp.time = tmp_dc.sequence + 1;
+	cred_out->challenge = tmp_dc.srv_chal;
 
-	creds_reseed(dc);
+	creds_reseed(&tmp_dc);
 
-	return creds_server_check(dc, &received_cred->challenge);
+	ret = creds_server_check(&tmp_dc, &received_cred->challenge);
+	if (!ret) {
+		return False;
+	}
+
+	/* creds step succeeded - replace the current creds. */
+	*dc = tmp_dc;
+	return True;
 }
 
 /****************************************************************************
-- 
cgit