The Samba-Bugzilla – Attachment 12963 Details for
Bug 12586
netlogon_creds_cli_LogonSamLogon doesn't work without netr_LogonSamLogonEx
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for v4-6-test
tmp46.diff.txt (text/plain), 2.51 KB, created by
Stefan Metzmacher
on 2017-02-22 17:50:32 UTC
(
hide
)
Description:
Patch for v4-6-test
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2017-02-22 17:50:32 UTC
Size:
2.51 KB
patch
obsolete
>From 8e95168fb67334bd063d279e7a96ac2a8261bdf8 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 15 Feb 2017 08:58:20 +0100 >Subject: [PATCH] libcli/auth: use the correct creds value against servers > without LogonSamLogonEx > >If we use the credential chain we need to use the value from >netlogon_creds_client_authenticator() to make sure we have the current >value to encrypt in logon info. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12586 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> >(cherry picked from commit 0ed2a65593b5abc9ba7f40992ed0ed8f448f5836) >--- > libcli/auth/netlogon_creds_cli.c | 19 +++++++++++++++++-- > 1 file changed, 17 insertions(+), 2 deletions(-) > >diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c >index 38b1351..b97d60e 100644 >--- a/libcli/auth/netlogon_creds_cli.c >+++ b/libcli/auth/netlogon_creds_cli.c >@@ -2075,11 +2075,24 @@ struct netlogon_creds_cli_LogonSamLogon_state { > > /* > * the read only credentials before we started the operation >+ * used for netr_LogonSamLogonEx() if required (validation_level = 3). > */ > struct netlogon_creds_CredentialState *ro_creds; > >+ /* >+ * The (locked) credentials used for the credential chain >+ * used for netr_LogonSamLogonWithFlags() or >+ * netr_LogonSamLogonWith(). >+ */ > struct netlogon_creds_CredentialState *lk_creds; > >+ /* >+ * While we have locked the global credentials (lk_creds above) >+ * we operate an a temporary copy, because a server >+ * may not support netr_LogonSamLogonWithFlags() and >+ * didn't process our netr_Authenticator, so we need to >+ * restart from lk_creds. >+ */ > struct netlogon_creds_CredentialState tmp_creds; > struct netr_Authenticator req_auth; > struct netr_Authenticator rep_auth; >@@ -2311,7 +2324,7 @@ static void netlogon_creds_cli_LogonSamLogon_start(struct tevent_req *req) > return; > } > >- netlogon_creds_encrypt_samlogon_logon(state->ro_creds, >+ netlogon_creds_encrypt_samlogon_logon(&state->tmp_creds, > state->logon_level, > state->logon); > >@@ -2414,8 +2427,10 @@ static void netlogon_creds_cli_LogonSamLogon_done(struct tevent_req *subreq) > /* > * We got a race, lets retry with on authenticator > * protection. >+ * >+ * netlogon_creds_cli_LogonSamLogon_start() >+ * will TALLOC_FREE(state->ro_creds); > */ >- TALLOC_FREE(state->ro_creds); > state->try_logon_ex = false; > netlogon_creds_cli_LogonSamLogon_start(req); > return; >-- >1.9.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
slow
:
review+
Actions:
View
Attachments on
bug 12586
:
12945
| 12963 |
12964
|
12965