svn commit: samba r10249 - in trunk/source: libsmb rpc_server
jra at samba.org
jra at samba.org
Thu Sep 15 21:24:15 GMT 2005
Author: jra
Date: 2005-09-15 21:24:14 +0000 (Thu, 15 Sep 2005)
New Revision: 10249
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10249
Log:
Revert the effects of the change made for bug #2953 by jmcd.
Alsways step server credentials and return them. I will
fix this in 3.0 when I get home as the code is different.
Jeremy.
Modified:
trunk/source/libsmb/credentials.c
trunk/source/rpc_server/srv_netlog_nt.c
Changeset:
Modified: trunk/source/libsmb/credentials.c
===================================================================
--- trunk/source/libsmb/credentials.c 2005-09-15 20:41:25 UTC (rev 10248)
+++ trunk/source/libsmb/credentials.c 2005-09-15 21:24:14 UTC (rev 10249)
@@ -164,24 +164,6 @@
}
/****************************************************************************
- Step the server credential chain one forward. Don't replace current creds,
- leave that to reseed below.
-****************************************************************************/
-
-BOOL creds_server_step(struct dcinfo *dc, const DOM_CRED *received_cred, DOM_CRED *cred_out)
-{
- dc->sequence = received_cred->timestamp.time;
-
- creds_step(dc);
-
- /* Create the outgoing credentials */
- cred_out->timestamp.time = dc->sequence + 1;
- cred_out->challenge = dc->srv_chal;
-
- return creds_server_check(dc, &received_cred->challenge);
-}
-
-/****************************************************************************
Replace current seed chal. Internal function - due to split server step below.
****************************************************************************/
@@ -197,19 +179,23 @@
DEBUG(5,("cred_reseed: seed %s\n", credstr(dc->seed_chal.data) ));
}
-/*
- stores new seed in client credentials
- jmcd - Bug #2953 - moved this functionality out of deal_with_creds, because we're
- not supposed to move to the next step in the chain if a nonexistent user tries to logon
-*/
-
/****************************************************************************
- Replace current seed chal.
+ Step the server credential chain one forward.
****************************************************************************/
-void creds_reseed_server(struct dcinfo *dc)
+BOOL creds_server_step(struct dcinfo *dc, const DOM_CRED *received_cred, DOM_CRED *cred_out)
{
+ dc->sequence = received_cred->timestamp.time;
+
+ creds_step(dc);
+
+ /* Create the outgoing credentials */
+ cred_out->timestamp.time = dc->sequence + 1;
+ cred_out->challenge = dc->srv_chal;
+
creds_reseed(dc);
+
+ return creds_server_check(dc, &received_cred->challenge);
}
/****************************************************************************
Modified: trunk/source/rpc_server/srv_netlog_nt.c
===================================================================
--- trunk/source/rpc_server/srv_netlog_nt.c 2005-09-15 20:41:25 UTC (rev 10248)
+++ trunk/source/rpc_server/srv_netlog_nt.c 2005-09-15 21:24:14 UTC (rev 10249)
@@ -463,6 +463,7 @@
return NT_STATUS_INVALID_HANDLE;
}
+ /* Step the creds chain forward. */
if (!creds_server_step(p->dc, &q_u->clnt_id.cred, &cred_out)) {
DEBUG(0,("_net_srv_pwset: creds_server_step failed. Rejecting auth "
"request from client %s machine account %s\n",
@@ -470,11 +471,6 @@
return NT_STATUS_ACCESS_DENIED;
}
- /* Do the second part of the credentials chain. This is split out here
- so it can be optional for a failed logon. */
-
- creds_reseed_server(p->dc);
-
DEBUG(5,("_net_srv_pwset: %d\n", __LINE__));
rpcstr_pull(workstation,q_u->clnt_id.login.uni_comp_name.buffer,
@@ -578,16 +574,7 @@
return NT_STATUS_ACCESS_DENIED;
}
- /* Do the second part of the credentials chain. This is split out here
- so it can be optional for a failed logon. */
-
- /* what happens if we get a logoff for an unknown user? */
-
- /* XXXX maybe we want to say 'no', reject the client's credentials */
- creds_reseed_server(p->dc);
-
r_u->status = NT_STATUS_OK;
-
return r_u->status;
}
@@ -767,11 +754,6 @@
return status;
}
- /* moved from right after deal_with_creds above, since we weren't
- supposed to update unless logon was successful */
-
- creds_reseed_server(p->dc);
-
if (server_info->guest) {
/* We don't like guest domain logons... */
DEBUG(5,("_net_sam_logon: Attempted domain logon as GUEST denied.\n"));
More information about the samba-cvs
mailing list