diff options
author | Jim McDonough <jmcd@samba.org> | 2005-08-05 12:33:00 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:00:26 -0500 |
commit | 7fff6638fca113694ef1570ce1331cc8c2e056f8 (patch) | |
tree | d5e3874aa1d7a3a197df6713160c2cacb8ea9a3e /source3/libsmb | |
parent | 6014bb000e77e2522cb35110af881b9b0ccc9ed5 (diff) | |
download | samba-7fff6638fca113694ef1570ce1331cc8c2e056f8.tar.gz |
r9112: Fix #2953 - credentials chain on DC gets out of sync with client when
NT_STATUS_NO_USER returned. We were moving to the next step in the
chain when the client wasn't. Only update when the user logs on.
(This used to be commit b01a3a4111f544eef5bd678237d07a82d1ce9c22)
Diffstat (limited to 'source3/libsmb')
-rw-r--r-- | source3/libsmb/credentials.c | 32 |
1 files changed, 30 insertions, 2 deletions
diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c index 0d521bae8ac..322b25ee43f 100644 --- a/source3/libsmb/credentials.c +++ b/source3/libsmb/credentials.c @@ -208,8 +208,36 @@ BOOL deal_with_creds(uchar sess_key[8], DEBUG(5,("deal_with_creds: clnt_cred=%s\n", credstr(sto_clnt_cred->challenge.data))); - /* store new seed in client credentials */ - SIVAL(sto_clnt_cred->challenge.data, 0, new_cred); + /* Bug #2953 - don't store new seed in client credentials + here, because we need to make sure we're moving forward first + */ return True; } + +/* + stores new seed in client credentials + jmcd - Bug #2953 - moved this functionality out of deal_with_creds, because we're + not supposed to move to the next step in the chain if a nonexistent user tries to logon +*/ +void reseed_client_creds(DOM_CRED *sto_clnt_cred, DOM_CRED *rcv_clnt_cred) +{ + UTIME new_clnt_time; + uint32 new_cred; + + /* increment client time by one second */ + new_clnt_time.time = rcv_clnt_cred->timestamp.time + 1; + + /* first 4 bytes of the new seed is old client 4 bytes + clnt time + 1 */ + new_cred = IVAL(sto_clnt_cred->challenge.data, 0); + new_cred += new_clnt_time.time; + + DEBUG(5,("reseed_client_creds: new_cred[0]=%x\n", new_cred)); + DEBUG(5,("reseed_client_creds: new_clnt_time=%x\n", + new_clnt_time.time)); + DEBUG(5,("reseed_client_creds: clnt_cred=%s\n", + credstr(sto_clnt_cred->challenge.data))); + + /* store new seed in client credentials */ + SIVAL(sto_clnt_cred->challenge.data, 0, new_cred); +} |