Author: jra Date: 2005-09-15 21:24:14 +0000 (Thu, 15 Sep 2005) New Revision: 10249
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10249 Log: Revert the effects of the change made for bug #2953 by jmcd. Alsways step server credentials and return them. I will fix this in 3.0 when I get home as the code is different. Jeremy. Modified: trunk/source/libsmb/credentials.c trunk/source/rpc_server/srv_netlog_nt.c Changeset: Modified: trunk/source/libsmb/credentials.c =================================================================== --- trunk/source/libsmb/credentials.c 2005-09-15 20:41:25 UTC (rev 10248) +++ trunk/source/libsmb/credentials.c 2005-09-15 21:24:14 UTC (rev 10249) @@ -164,24 +164,6 @@ } /**************************************************************************** - Step the server credential chain one forward. Don't replace current creds, - leave that to reseed below. -****************************************************************************/ - -BOOL creds_server_step(struct dcinfo *dc, const DOM_CRED *received_cred, DOM_CRED *cred_out) -{ - dc->sequence = received_cred->timestamp.time; - - creds_step(dc); - - /* Create the outgoing credentials */ - cred_out->timestamp.time = dc->sequence + 1; - cred_out->challenge = dc->srv_chal; - - return creds_server_check(dc, &received_cred->challenge); -} - -/**************************************************************************** Replace current seed chal. Internal function - due to split server step below. ****************************************************************************/ @@ -197,19 +179,23 @@ DEBUG(5,("cred_reseed: seed %s\n", credstr(dc->seed_chal.data) )); } -/* - stores new seed in client credentials - jmcd - Bug #2953 - moved this functionality out of deal_with_creds, because we're - not supposed to move to the next step in the chain if a nonexistent user tries to logon -*/ - /**************************************************************************** - Replace current seed chal. + Step the server credential chain one forward. ****************************************************************************/ -void creds_reseed_server(struct dcinfo *dc) +BOOL creds_server_step(struct dcinfo *dc, const DOM_CRED *received_cred, DOM_CRED *cred_out) { + dc->sequence = received_cred->timestamp.time; + + creds_step(dc); + + /* Create the outgoing credentials */ + cred_out->timestamp.time = dc->sequence + 1; + cred_out->challenge = dc->srv_chal; + creds_reseed(dc); + + return creds_server_check(dc, &received_cred->challenge); } /**************************************************************************** Modified: trunk/source/rpc_server/srv_netlog_nt.c =================================================================== --- trunk/source/rpc_server/srv_netlog_nt.c 2005-09-15 20:41:25 UTC (rev 10248) +++ trunk/source/rpc_server/srv_netlog_nt.c 2005-09-15 21:24:14 UTC (rev 10249) @@ -463,6 +463,7 @@ return NT_STATUS_INVALID_HANDLE; } + /* Step the creds chain forward. */ if (!creds_server_step(p->dc, &q_u->clnt_id.cred, &cred_out)) { DEBUG(0,("_net_srv_pwset: creds_server_step failed. Rejecting auth " "request from client %s machine account %s\n", @@ -470,11 +471,6 @@ return NT_STATUS_ACCESS_DENIED; } - /* Do the second part of the credentials chain. This is split out here - so it can be optional for a failed logon. */ - - creds_reseed_server(p->dc); - DEBUG(5,("_net_srv_pwset: %d\n", __LINE__)); rpcstr_pull(workstation,q_u->clnt_id.login.uni_comp_name.buffer, @@ -578,16 +574,7 @@ return NT_STATUS_ACCESS_DENIED; } - /* Do the second part of the credentials chain. This is split out here - so it can be optional for a failed logon. */ - - /* what happens if we get a logoff for an unknown user? */ - - /* XXXX maybe we want to say 'no', reject the client's credentials */ - creds_reseed_server(p->dc); - r_u->status = NT_STATUS_OK; - return r_u->status; } @@ -767,11 +754,6 @@ return status; } - /* moved from right after deal_with_creds above, since we weren't - supposed to update unless logon was successful */ - - creds_reseed_server(p->dc); - if (server_info->guest) { /* We don't like guest domain logons... */ DEBUG(5,("_net_sam_logon: Attempted domain logon as GUEST denied.\n"));