svn commit: samba r10244 - in trunk/source: libsmb rpc_parse rpc_server

jra at samba.org jra at samba.org
Thu Sep 15 18:50:45 GMT 2005


Author: jra
Date: 2005-09-15 18:50:44 +0000 (Thu, 15 Sep 2005)
New Revision: 10244

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10244

Log:
Ensure we set the cred buffer correctly and always return creds.
Jeremy.

Modified:
   trunk/source/libsmb/credentials.c
   trunk/source/rpc_parse/parse_net.c
   trunk/source/rpc_server/srv_netlog_nt.c


Changeset:
Modified: trunk/source/libsmb/credentials.c
===================================================================
--- trunk/source/libsmb/credentials.c	2005-09-15 18:35:26 UTC (rev 10243)
+++ trunk/source/libsmb/credentials.c	2005-09-15 18:50:44 UTC (rev 10244)
@@ -168,11 +168,16 @@
  leave that to reseed below.
 ****************************************************************************/
 
-BOOL creds_server_step(struct dcinfo *dc, const DOM_CRED *received_cred)
+BOOL creds_server_step(struct dcinfo *dc, const DOM_CRED *received_cred, DOM_CRED *cred_out)
 {
 	dc->sequence = received_cred->timestamp.time;
 
 	creds_step(dc);
+
+	/* Create the outgoing credentials */
+	cred_out->timestamp.time = dc->sequence + 1;
+	cred_out->challenge = dc->srv_chal;
+
 	return creds_server_check(dc, &received_cred->challenge);
 }
 
@@ -199,15 +204,12 @@
 */
 
 /****************************************************************************
- Replace current seed chal and return authenticator cred.
+ Replace current seed chal.
 ****************************************************************************/
 
-void creds_reseed_server(struct dcinfo *dc, DOM_CRED *cred_out)
+void creds_reseed_server(struct dcinfo *dc)
 {
 	creds_reseed(dc);
-
-	cred_out->timestamp.time = dc->sequence + 1;
-	cred_out->challenge = dc->srv_chal;
 }
 
 /****************************************************************************

Modified: trunk/source/rpc_parse/parse_net.c
===================================================================
--- trunk/source/rpc_parse/parse_net.c	2005-09-15 18:35:26 UTC (rev 10243)
+++ trunk/source/rpc_parse/parse_net.c	2005-09-15 18:50:44 UTC (rev 10244)
@@ -1724,8 +1724,10 @@
 
 	if(!prs_uint32("buffer_creds", ps, depth, &r_l->buffer_creds)) /* undocumented buffer pointer */
 		return False;
-	if(!smb_io_cred("", &r_l->srv_creds, ps, depth)) /* server credentials.  server time stamp appears to be ignored. */
-		return False;
+	if (&r_l->buffer_creds) {
+		if(!smb_io_cred("", &r_l->srv_creds, ps, depth)) /* server credentials.  server time stamp appears to be ignored. */
+			return False;
+	}
 
 	if(!prs_uint16("switch_value", ps, depth, &r_l->switch_value))
 		return False;

Modified: trunk/source/rpc_server/srv_netlog_nt.c
===================================================================
--- trunk/source/rpc_server/srv_netlog_nt.c	2005-09-15 18:35:26 UTC (rev 10243)
+++ trunk/source/rpc_server/srv_netlog_nt.c	2005-09-15 18:50:44 UTC (rev 10244)
@@ -463,7 +463,7 @@
 		return NT_STATUS_INVALID_HANDLE;
 	}
 
-	if (!creds_server_step(p->dc, &q_u->clnt_id.cred)) {
+	if (!creds_server_step(p->dc, &q_u->clnt_id.cred, &cred_out)) {
 		DEBUG(0,("_net_srv_pwset: creds_server_step failed. Rejecting auth "
 			"request from client %s machine account %s\n",
 			p->dc->remote_machine, p->dc->mach_acct ));
@@ -473,7 +473,7 @@
 	/* Do the second part of the credentials chain. This is split out here
 	   so it can be optional for a failed logon. */
 
-	creds_reseed_server(p->dc, &cred_out);
+	creds_reseed_server(p->dc);
 
 	DEBUG(5,("_net_srv_pwset: %d\n", __LINE__));
 
@@ -568,8 +568,10 @@
 		return NT_STATUS_INVALID_HANDLE;
 	}
 
+	r_u->buffer_creds = 1; /* yes, we have valid server credentials */
+
 	/* checks and updates credentials.  creates reply credentials */
-	if (!creds_server_step(p->dc, &q_u->sam_id.client.cred)) {
+	if (!creds_server_step(p->dc, &q_u->sam_id.client.cred, &r_u->srv_creds)) {
 		DEBUG(0,("_net_sam_logoff: creds_server_step failed. Rejecting auth "
 			"request from client %s machine account %s\n",
 			p->dc->remote_machine, p->dc->mach_acct ));
@@ -582,8 +584,7 @@
 	/* what happens if we get a logoff for an unknown user? */
 
 	/* XXXX maybe we want to say 'no', reject the client's credentials */
-	r_u->buffer_creds = 1; /* yes, we have valid server credentials */
-	creds_reseed_server(p->dc, &r_u->srv_creds);
+	creds_reseed_server(p->dc);
 
 	r_u->status = NT_STATUS_OK;
 
@@ -620,6 +621,7 @@
 	r_u->switch_value = 0; /* indicates no info */
 	r_u->auth_resp = 1; /* authoritative response */
 	r_u->switch_value = 3; /* indicates type of validation user info */
+	r_u->buffer_creds = 1; /* Ensure we always return server creds. */
  
 	if (!get_valid_user_struct(p->vuid))
 		return NT_STATUS_NO_SUCH_USER;
@@ -638,7 +640,7 @@
 	}
 
 	/* checks and updates credentials.  creates reply credentials */
-	if (!creds_server_step(p->dc, &q_u->sam_id.client.cred)) {
+	if (!creds_server_step(p->dc, &q_u->sam_id.client.cred,  &r_u->srv_creds)) {
 		DEBUG(0,("_net_sam_logoff: creds_server_step failed. Rejecting auth "
 			"request from client %s machine account %s\n",
 			p->dc->remote_machine, p->dc->mach_acct ));
@@ -768,8 +770,7 @@
 	/* moved from right after deal_with_creds above, since we weren't
 	   supposed to update unless logon was successful */
 
-	r_u->buffer_creds = 1; /* yes, we have valid server credentials */
-	creds_reseed_server(p->dc, &r_u->srv_creds);
+	creds_reseed_server(p->dc);
     
 	if (server_info->guest) {
 		/* We don't like guest domain logons... */



More information about the samba-cvs mailing list