summaryrefslogtreecommitdiff
path: root/source3/libsmb
diff options
context:
space:
mode:
authorJim McDonough <jmcd@samba.org>2005-08-05 12:33:00 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:00:26 -0500
commit7fff6638fca113694ef1570ce1331cc8c2e056f8 (patch)
treed5e3874aa1d7a3a197df6713160c2cacb8ea9a3e /source3/libsmb
parent6014bb000e77e2522cb35110af881b9b0ccc9ed5 (diff)
downloadsamba-7fff6638fca113694ef1570ce1331cc8c2e056f8.tar.gz
r9112: Fix #2953 - credentials chain on DC gets out of sync with client when
NT_STATUS_NO_USER returned. We were moving to the next step in the chain when the client wasn't. Only update when the user logs on. (This used to be commit b01a3a4111f544eef5bd678237d07a82d1ce9c22)
Diffstat (limited to 'source3/libsmb')
-rw-r--r--source3/libsmb/credentials.c32
1 files changed, 30 insertions, 2 deletions
diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c
index 0d521bae8ac..322b25ee43f 100644
--- a/source3/libsmb/credentials.c
+++ b/source3/libsmb/credentials.c
@@ -208,8 +208,36 @@ BOOL deal_with_creds(uchar sess_key[8],
DEBUG(5,("deal_with_creds: clnt_cred=%s\n", credstr(sto_clnt_cred->challenge.data)));
- /* store new seed in client credentials */
- SIVAL(sto_clnt_cred->challenge.data, 0, new_cred);
+ /* Bug #2953 - don't store new seed in client credentials
+ here, because we need to make sure we're moving forward first
+ */
return True;
}
+
+/*
+ stores new seed in client credentials
+ jmcd - Bug #2953 - moved this functionality out of deal_with_creds, because we're
+ not supposed to move to the next step in the chain if a nonexistent user tries to logon
+*/
+void reseed_client_creds(DOM_CRED *sto_clnt_cred, DOM_CRED *rcv_clnt_cred)
+{
+ UTIME new_clnt_time;
+ uint32 new_cred;
+
+ /* increment client time by one second */
+ new_clnt_time.time = rcv_clnt_cred->timestamp.time + 1;
+
+ /* first 4 bytes of the new seed is old client 4 bytes + clnt time + 1 */
+ new_cred = IVAL(sto_clnt_cred->challenge.data, 0);
+ new_cred += new_clnt_time.time;
+
+ DEBUG(5,("reseed_client_creds: new_cred[0]=%x\n", new_cred));
+ DEBUG(5,("reseed_client_creds: new_clnt_time=%x\n",
+ new_clnt_time.time));
+ DEBUG(5,("reseed_client_creds: clnt_cred=%s\n",
+ credstr(sto_clnt_cred->challenge.data)));
+
+ /* store new seed in client credentials */
+ SIVAL(sto_clnt_cred->challenge.data, 0, new_cred);
+}