svn commit: samba r10249 - in trunk/source: libsmb rpc_server

Thu Sep 15 21:24:15 GMT 2005

Author: jra
Date: 2005-09-15 21:24:14 +0000 (Thu, 15 Sep 2005)
New Revision: 10249

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10249

Log:
Revert the effects of the change made for bug #2953 by jmcd.
Alsways step server credentials and return them. I will
fix this in 3.0 when I get home as the code is different.
Jeremy.

Modified:
   trunk/source/libsmb/credentials.c
   trunk/source/rpc_server/srv_netlog_nt.c


Changeset:
Modified: trunk/source/libsmb/credentials.c
===================================================================

--- trunk/source/libsmb/credentials.c	2005-09-15 20:41:25 UTC (rev 10248)
+++ trunk/source/libsmb/credentials.c	2005-09-15 21:24:14 UTC (rev 10249)
@@ -164,24 +164,6 @@
 }
 
 /****************************************************************************
- Step the server credential chain one forward. Don't replace current creds,
- leave that to reseed below.
-****************************************************************************/
-
-BOOL creds_server_step(struct dcinfo *dc, const DOM_CRED *received_cred, DOM_CRED *cred_out)
-{
-	dc->sequence = received_cred->timestamp.time;
-
-	creds_step(dc);
-
-	/* Create the outgoing credentials */
-	cred_out->timestamp.time = dc->sequence + 1;
-	cred_out->challenge = dc->srv_chal;
-
-	return creds_server_check(dc, &received_cred->challenge);
-}
-
-/****************************************************************************
  Replace current seed chal. Internal function - due to split server step below.
 ****************************************************************************/
 
@@ -197,19 +179,23 @@
 	DEBUG(5,("cred_reseed: seed %s\n", credstr(dc->seed_chal.data) ));
 }
 
-/*
-  stores new seed in client credentials
-  jmcd - Bug #2953 - moved this functionality out of deal_with_creds, because we're
-  not supposed to move to the next step in the chain if a nonexistent user tries to logon
-*/
-
 /****************************************************************************
- Replace current seed chal.
+ Step the server credential chain one forward. 
 ****************************************************************************/
 
-void creds_reseed_server(struct dcinfo *dc)
+BOOL creds_server_step(struct dcinfo *dc, const DOM_CRED *received_cred, DOM_CRED *cred_out)
 {
+	dc->sequence = received_cred->timestamp.time;
+
+	creds_step(dc);
+
+	/* Create the outgoing credentials */
+	cred_out->timestamp.time = dc->sequence + 1;
+	cred_out->challenge = dc->srv_chal;
+
 	creds_reseed(dc);
+
+	return creds_server_check(dc, &received_cred->challenge);
 }
 
 /****************************************************************************

Modified: trunk/source/rpc_server/srv_netlog_nt.c
===================================================================
--- trunk/source/rpc_server/srv_netlog_nt.c	2005-09-15 20:41:25 UTC (rev 10248)
+++ trunk/source/rpc_server/srv_netlog_nt.c	2005-09-15 21:24:14 UTC (rev 10249)
@@ -463,6 +463,7 @@
 		return NT_STATUS_INVALID_HANDLE;
 	}
 
+	/* Step the creds chain forward. */
 	if (!creds_server_step(p->dc, &q_u->clnt_id.cred, &cred_out)) {
 		DEBUG(0,("_net_srv_pwset: creds_server_step failed. Rejecting auth "
 			"request from client %s machine account %s\n",
@@ -470,11 +471,6 @@
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	/* Do the second part of the credentials chain. This is split out here
-	   so it can be optional for a failed logon. */
-
-	creds_reseed_server(p->dc);
-
 	DEBUG(5,("_net_srv_pwset: %d\n", __LINE__));
 
 	rpcstr_pull(workstation,q_u->clnt_id.login.uni_comp_name.buffer,
@@ -578,16 +574,7 @@
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	/* Do the second part of the credentials chain. This is split out here
-	   so it can be optional for a failed logon. */
-
-	/* what happens if we get a logoff for an unknown user? */
-
-	/* XXXX maybe we want to say 'no', reject the client's credentials */
-	creds_reseed_server(p->dc);
-
 	r_u->status = NT_STATUS_OK;
-
 	return r_u->status;
 }
 
@@ -767,11 +754,6 @@
 		return status;
 	}
 
-	/* moved from right after deal_with_creds above, since we weren't
-	   supposed to update unless logon was successful */
-
-	creds_reseed_server(p->dc);
-    
 	if (server_info->guest) {
 		/* We don't like guest domain logons... */
 		DEBUG(5,("_net_sam_logon: Attempted domain logon as GUEST denied.\n"));

