diff options
| author | Stefan Metzmacher <metze@samba.org> | 2017-02-15 08:58:20 +0100 |
|---|---|---|
| committer | Ralph Boehme <slow@samba.org> | 2017-02-21 16:09:21 +0100 |
| commit | 0ed2a65593b5abc9ba7f40992ed0ed8f448f5836 (patch) | |
| tree | 39f63cf9417da438997dbefcb7572a0abc643e3a /libcli | |
| parent | cebcc2adc7e568d492466bb69f21ba2a9630a0d2 (diff) | |
| download | samba-0ed2a65593b5abc9ba7f40992ed0ed8f448f5836.tar.gz | |
libcli/auth: use the correct creds value against servers without LogonSamLogonEx
If we use the credential chain we need to use the value from
netlogon_creds_client_authenticator() to make sure we have the current
value to encrypt in logon info.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12586
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Diffstat (limited to 'libcli')
| -rw-r--r-- | libcli/auth/netlogon_creds_cli.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c index 38b1351f591..b97d60e3a02 100644 --- a/libcli/auth/netlogon_creds_cli.c +++ b/libcli/auth/netlogon_creds_cli.c @@ -2075,11 +2075,24 @@ struct netlogon_creds_cli_LogonSamLogon_state { /* * the read only credentials before we started the operation + * used for netr_LogonSamLogonEx() if required (validation_level = 3). */ struct netlogon_creds_CredentialState *ro_creds; + /* + * The (locked) credentials used for the credential chain + * used for netr_LogonSamLogonWithFlags() or + * netr_LogonSamLogonWith(). + */ struct netlogon_creds_CredentialState *lk_creds; + /* + * While we have locked the global credentials (lk_creds above) + * we operate an a temporary copy, because a server + * may not support netr_LogonSamLogonWithFlags() and + * didn't process our netr_Authenticator, so we need to + * restart from lk_creds. + */ struct netlogon_creds_CredentialState tmp_creds; struct netr_Authenticator req_auth; struct netr_Authenticator rep_auth; @@ -2311,7 +2324,7 @@ static void netlogon_creds_cli_LogonSamLogon_start(struct tevent_req *req) return; } - netlogon_creds_encrypt_samlogon_logon(state->ro_creds, + netlogon_creds_encrypt_samlogon_logon(&state->tmp_creds, state->logon_level, state->logon); @@ -2414,8 +2427,10 @@ static void netlogon_creds_cli_LogonSamLogon_done(struct tevent_req *subreq) /* * We got a race, lets retry with on authenticator * protection. + * + * netlogon_creds_cli_LogonSamLogon_start() + * will TALLOC_FREE(state->ro_creds); */ - TALLOC_FREE(state->ro_creds); state->try_logon_ex = false; netlogon_creds_cli_LogonSamLogon_start(req); return; |