|
 |
b6b438 |
From 13601560c9b48466b70ad577ebab245fea1f50b5 Mon Sep 17 00:00:00 2001
|
|
|
b6b438 |
From: Andreas Schneider <asn@samba.org>
|
|
|
b6b438 |
Date: Wed, 13 Nov 2019 10:12:41 +0100
|
|
|
b6b438 |
Subject: [PATCH 153/187] libcli:auth: Check return code of
|
|
|
b6b438 |
netlogon_creds_step()
|
|
|
b6b438 |
|
|
|
b6b438 |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
|
|
|
b6b438 |
|
|
|
b6b438 |
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
|
b6b438 |
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
b6b438 |
(cherry picked from commit 05f59cbcf803d57ab41b4c7fa4f81da50cd02cd6)
|
|
|
b6b438 |
---
|
|
|
b6b438 |
libcli/auth/credentials.c | 20 +++++++++++++++++---
|
|
|
b6b438 |
1 file changed, 17 insertions(+), 3 deletions(-)
|
|
|
b6b438 |
|
|
|
b6b438 |
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
|
|
|
b6b438 |
index e5bf2c4703c..3dd50a11bce 100644
|
|
|
b6b438 |
--- a/libcli/auth/credentials.c
|
|
|
b6b438 |
+++ b/libcli/auth/credentials.c
|
|
|
b6b438 |
@@ -191,9 +191,10 @@ static NTSTATUS netlogon_creds_first_step(struct netlogon_creds_CredentialState
|
|
|
b6b438 |
step the credentials to the next element in the chain, updating the
|
|
|
b6b438 |
current client and server credentials and the seed
|
|
|
b6b438 |
*/
|
|
|
b6b438 |
-static void netlogon_creds_step(struct netlogon_creds_CredentialState *creds)
|
|
|
b6b438 |
+static NTSTATUS netlogon_creds_step(struct netlogon_creds_CredentialState *creds)
|
|
|
b6b438 |
{
|
|
|
b6b438 |
struct netr_Credential time_cred;
|
|
|
b6b438 |
+ NTSTATUS status;
|
|
|
b6b438 |
|
|
|
b6b438 |
DEBUG(5,("\tseed %08x:%08x\n",
|
|
|
b6b438 |
IVAL(creds->seed.data, 0), IVAL(creds->seed.data, 4)));
|
|
|
b6b438 |
@@ -220,6 +221,8 @@ static void netlogon_creds_step(struct netlogon_creds_CredentialState *creds)
|
|
|
b6b438 |
IVAL(creds->server.data, 0), IVAL(creds->server.data, 4)));
|
|
|
b6b438 |
|
|
|
b6b438 |
creds->seed = time_cred;
|
|
|
b6b438 |
+
|
|
|
b6b438 |
+ return NT_STATUS_OK;
|
|
|
b6b438 |
}
|
|
|
b6b438 |
|
|
|
b6b438 |
|
|
|
b6b438 |
@@ -518,6 +521,7 @@ netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState *creds
|
|
|
b6b438 |
struct netr_Authenticator *next)
|
|
|
b6b438 |
{
|
|
|
b6b438 |
uint32_t t32n = (uint32_t)time(NULL);
|
|
|
b6b438 |
+ NTSTATUS status;
|
|
|
b6b438 |
|
|
|
b6b438 |
/*
|
|
|
b6b438 |
* we always increment and ignore an overflow here
|
|
|
b6b438 |
@@ -540,7 +544,10 @@ netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState *creds
|
|
|
b6b438 |
}
|
|
|
b6b438 |
}
|
|
|
b6b438 |
|
|
|
b6b438 |
- netlogon_creds_step(creds);
|
|
|
b6b438 |
+ status = netlogon_creds_step(creds);
|
|
|
b6b438 |
+ if (!NT_STATUS_IS_OK(status)) {
|
|
|
b6b438 |
+ return status;
|
|
|
b6b438 |
+ }
|
|
|
b6b438 |
|
|
|
b6b438 |
next->cred = creds->client;
|
|
|
b6b438 |
next->timestamp = creds->sequence;
|
|
|
b6b438 |
@@ -686,6 +693,8 @@ NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState
|
|
|
b6b438 |
const struct netr_Authenticator *received_authenticator,
|
|
|
b6b438 |
struct netr_Authenticator *return_authenticator)
|
|
|
b6b438 |
{
|
|
|
b6b438 |
+ NTSTATUS status;
|
|
|
b6b438 |
+
|
|
|
b6b438 |
if (!received_authenticator || !return_authenticator) {
|
|
|
b6b438 |
return NT_STATUS_INVALID_PARAMETER;
|
|
|
b6b438 |
}
|
|
|
b6b438 |
@@ -695,7 +704,12 @@ NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState
|
|
|
b6b438 |
}
|
|
|
b6b438 |
|
|
|
b6b438 |
creds->sequence = received_authenticator->timestamp;
|
|
|
b6b438 |
- netlogon_creds_step(creds);
|
|
|
b6b438 |
+ status = netlogon_creds_step(creds);
|
|
|
b6b438 |
+ if (!NT_STATUS_IS_OK(status)) {
|
|
|
b6b438 |
+ ZERO_STRUCTP(return_authenticator);
|
|
|
b6b438 |
+ return status;
|
|
|
b6b438 |
+ }
|
|
|
b6b438 |
+
|
|
|
b6b438 |
if (netlogon_creds_server_check_internal(creds, &received_authenticator->cred)) {
|
|
|
b6b438 |
return_authenticator->cred = creds->server;
|
|
|
b6b438 |
return_authenticator->timestamp = 0;
|
|
|
b6b438 |
--
|
|
|
b6b438 |
2.23.0
|
|
|
b6b438 |
|