svn commit: samba r10244 - in trunk/source: libsmb rpc_parse
rpc_server
jra at samba.org
jra at samba.org
Thu Sep 15 18:50:45 GMT 2005
Author: jra
Date: 2005-09-15 18:50:44 +0000 (Thu, 15 Sep 2005)
New Revision: 10244
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10244
Log:
Ensure we set the cred buffer correctly and always return creds.
Jeremy.
Modified:
trunk/source/libsmb/credentials.c
trunk/source/rpc_parse/parse_net.c
trunk/source/rpc_server/srv_netlog_nt.c
Changeset:
Modified: trunk/source/libsmb/credentials.c
===================================================================
--- trunk/source/libsmb/credentials.c 2005-09-15 18:35:26 UTC (rev 10243)
+++ trunk/source/libsmb/credentials.c 2005-09-15 18:50:44 UTC (rev 10244)
@@ -168,11 +168,16 @@
leave that to reseed below.
****************************************************************************/
-BOOL creds_server_step(struct dcinfo *dc, const DOM_CRED *received_cred)
+BOOL creds_server_step(struct dcinfo *dc, const DOM_CRED *received_cred, DOM_CRED *cred_out)
{
dc->sequence = received_cred->timestamp.time;
creds_step(dc);
+
+ /* Create the outgoing credentials */
+ cred_out->timestamp.time = dc->sequence + 1;
+ cred_out->challenge = dc->srv_chal;
+
return creds_server_check(dc, &received_cred->challenge);
}
@@ -199,15 +204,12 @@
*/
/****************************************************************************
- Replace current seed chal and return authenticator cred.
+ Replace current seed chal.
****************************************************************************/
-void creds_reseed_server(struct dcinfo *dc, DOM_CRED *cred_out)
+void creds_reseed_server(struct dcinfo *dc)
{
creds_reseed(dc);
-
- cred_out->timestamp.time = dc->sequence + 1;
- cred_out->challenge = dc->srv_chal;
}
/****************************************************************************
Modified: trunk/source/rpc_parse/parse_net.c
===================================================================
--- trunk/source/rpc_parse/parse_net.c 2005-09-15 18:35:26 UTC (rev 10243)
+++ trunk/source/rpc_parse/parse_net.c 2005-09-15 18:50:44 UTC (rev 10244)
@@ -1724,8 +1724,10 @@
if(!prs_uint32("buffer_creds", ps, depth, &r_l->buffer_creds)) /* undocumented buffer pointer */
return False;
- if(!smb_io_cred("", &r_l->srv_creds, ps, depth)) /* server credentials. server time stamp appears to be ignored. */
- return False;
+ if (&r_l->buffer_creds) {
+ if(!smb_io_cred("", &r_l->srv_creds, ps, depth)) /* server credentials. server time stamp appears to be ignored. */
+ return False;
+ }
if(!prs_uint16("switch_value", ps, depth, &r_l->switch_value))
return False;
Modified: trunk/source/rpc_server/srv_netlog_nt.c
===================================================================
--- trunk/source/rpc_server/srv_netlog_nt.c 2005-09-15 18:35:26 UTC (rev 10243)
+++ trunk/source/rpc_server/srv_netlog_nt.c 2005-09-15 18:50:44 UTC (rev 10244)
@@ -463,7 +463,7 @@
return NT_STATUS_INVALID_HANDLE;
}
- if (!creds_server_step(p->dc, &q_u->clnt_id.cred)) {
+ if (!creds_server_step(p->dc, &q_u->clnt_id.cred, &cred_out)) {
DEBUG(0,("_net_srv_pwset: creds_server_step failed. Rejecting auth "
"request from client %s machine account %s\n",
p->dc->remote_machine, p->dc->mach_acct ));
@@ -473,7 +473,7 @@
/* Do the second part of the credentials chain. This is split out here
so it can be optional for a failed logon. */
- creds_reseed_server(p->dc, &cred_out);
+ creds_reseed_server(p->dc);
DEBUG(5,("_net_srv_pwset: %d\n", __LINE__));
@@ -568,8 +568,10 @@
return NT_STATUS_INVALID_HANDLE;
}
+ r_u->buffer_creds = 1; /* yes, we have valid server credentials */
+
/* checks and updates credentials. creates reply credentials */
- if (!creds_server_step(p->dc, &q_u->sam_id.client.cred)) {
+ if (!creds_server_step(p->dc, &q_u->sam_id.client.cred, &r_u->srv_creds)) {
DEBUG(0,("_net_sam_logoff: creds_server_step failed. Rejecting auth "
"request from client %s machine account %s\n",
p->dc->remote_machine, p->dc->mach_acct ));
@@ -582,8 +584,7 @@
/* what happens if we get a logoff for an unknown user? */
/* XXXX maybe we want to say 'no', reject the client's credentials */
- r_u->buffer_creds = 1; /* yes, we have valid server credentials */
- creds_reseed_server(p->dc, &r_u->srv_creds);
+ creds_reseed_server(p->dc);
r_u->status = NT_STATUS_OK;
@@ -620,6 +621,7 @@
r_u->switch_value = 0; /* indicates no info */
r_u->auth_resp = 1; /* authoritative response */
r_u->switch_value = 3; /* indicates type of validation user info */
+ r_u->buffer_creds = 1; /* Ensure we always return server creds. */
if (!get_valid_user_struct(p->vuid))
return NT_STATUS_NO_SUCH_USER;
@@ -638,7 +640,7 @@
}
/* checks and updates credentials. creates reply credentials */
- if (!creds_server_step(p->dc, &q_u->sam_id.client.cred)) {
+ if (!creds_server_step(p->dc, &q_u->sam_id.client.cred, &r_u->srv_creds)) {
DEBUG(0,("_net_sam_logoff: creds_server_step failed. Rejecting auth "
"request from client %s machine account %s\n",
p->dc->remote_machine, p->dc->mach_acct ));
@@ -768,8 +770,7 @@
/* moved from right after deal_with_creds above, since we weren't
supposed to update unless logon was successful */
- r_u->buffer_creds = 1; /* yes, we have valid server credentials */
- creds_reseed_server(p->dc, &r_u->srv_creds);
+ creds_reseed_server(p->dc);
if (server_info->guest) {
/* We don't like guest domain logons... */
More information about the samba-cvs
mailing list