From 7fff6638fca113694ef1570ce1331cc8c2e056f8 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Fri, 5 Aug 2005 12:33:00 +0000 Subject: r9112: Fix #2953 - credentials chain on DC gets out of sync with client when NT_STATUS_NO_USER returned. We were moving to the next step in the chain when the client wasn't. Only update when the user logs on. (This used to be commit b01a3a4111f544eef5bd678237d07a82d1ce9c22) --- source3/libsmb/credentials.c | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) (limited to 'source3/libsmb') diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c index 0d521bae8a..322b25ee43 100644 --- a/source3/libsmb/credentials.c +++ b/source3/libsmb/credentials.c @@ -208,8 +208,36 @@ BOOL deal_with_creds(uchar sess_key[8], DEBUG(5,("deal_with_creds: clnt_cred=%s\n", credstr(sto_clnt_cred->challenge.data))); - /* store new seed in client credentials */ - SIVAL(sto_clnt_cred->challenge.data, 0, new_cred); + /* Bug #2953 - don't store new seed in client credentials + here, because we need to make sure we're moving forward first + */ return True; } + +/* + stores new seed in client credentials + jmcd - Bug #2953 - moved this functionality out of deal_with_creds, because we're + not supposed to move to the next step in the chain if a nonexistent user tries to logon +*/ +void reseed_client_creds(DOM_CRED *sto_clnt_cred, DOM_CRED *rcv_clnt_cred) +{ + UTIME new_clnt_time; + uint32 new_cred; + + /* increment client time by one second */ + new_clnt_time.time = rcv_clnt_cred->timestamp.time + 1; + + /* first 4 bytes of the new seed is old client 4 bytes + clnt time + 1 */ + new_cred = IVAL(sto_clnt_cred->challenge.data, 0); + new_cred += new_clnt_time.time; + + DEBUG(5,("reseed_client_creds: new_cred[0]=%x\n", new_cred)); + DEBUG(5,("reseed_client_creds: new_clnt_time=%x\n", + new_clnt_time.time)); + DEBUG(5,("reseed_client_creds: clnt_cred=%s\n", + credstr(sto_clnt_cred->challenge.data))); + + /* store new seed in client credentials */ + SIVAL(sto_clnt_cred->challenge.data, 0, new_cred); +} -- cgit