diff options
| author | Andreas Schneider <asn@samba.org> | 2019-11-13 10:12:41 +0100 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2019-11-14 08:01:44 +0000 |
| commit | 05f59cbcf803d57ab41b4c7fa4f81da50cd02cd6 (patch) | |
| tree | 82c031fdcf82f15e91b2b8146f86022b6cb1101c | |
| parent | a64a5b7e17d80a4363774d4e35d3ee676ecf426d (diff) | |
| download | samba-05f59cbcf803d57ab41b4c7fa4f81da50cd02cd6.tar.gz | |
libcli:auth: Check return code of netlogon_creds_step()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| -rw-r--r-- | libcli/auth/credentials.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index e5bf2c4703c..3dd50a11bce 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -191,9 +191,10 @@ static NTSTATUS netlogon_creds_first_step(struct netlogon_creds_CredentialState step the credentials to the next element in the chain, updating the current client and server credentials and the seed */ -static void netlogon_creds_step(struct netlogon_creds_CredentialState *creds) +static NTSTATUS netlogon_creds_step(struct netlogon_creds_CredentialState *creds) { struct netr_Credential time_cred; + NTSTATUS status; DEBUG(5,("\tseed %08x:%08x\n", IVAL(creds->seed.data, 0), IVAL(creds->seed.data, 4))); @@ -220,6 +221,8 @@ static void netlogon_creds_step(struct netlogon_creds_CredentialState *creds) IVAL(creds->server.data, 0), IVAL(creds->server.data, 4))); creds->seed = time_cred; + + return NT_STATUS_OK; } @@ -518,6 +521,7 @@ netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState *creds struct netr_Authenticator *next) { uint32_t t32n = (uint32_t)time(NULL); + NTSTATUS status; /* * we always increment and ignore an overflow here @@ -540,7 +544,10 @@ netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState *creds } } - netlogon_creds_step(creds); + status = netlogon_creds_step(creds); + if (!NT_STATUS_IS_OK(status)) { + return status; + } next->cred = creds->client; next->timestamp = creds->sequence; @@ -686,6 +693,8 @@ NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState const struct netr_Authenticator *received_authenticator, struct netr_Authenticator *return_authenticator) { + NTSTATUS status; + if (!received_authenticator || !return_authenticator) { return NT_STATUS_INVALID_PARAMETER; } @@ -695,7 +704,12 @@ NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState } creds->sequence = received_authenticator->timestamp; - netlogon_creds_step(creds); + status = netlogon_creds_step(creds); + if (!NT_STATUS_IS_OK(status)) { + ZERO_STRUCTP(return_authenticator); + return status; + } + if (netlogon_creds_server_check_internal(creds, &received_authenticator->cred)) { return_authenticator->cred = creds->server; return_authenticator->timestamp = 0; |