The branch, master has been updated via e6afeae libcli/auth: try to use the current timestamp creds->sequence via 636daac libcli/auth: remove bogus comment regarding replay attacks via 202bcf9 libcli/auth: set the return_authenticator->timestamp = 0 from 819e1f5 selftest: add rodc and other env tests for wbinfo
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit e6afeae69537f55ed187b28b60ad29b9e237ec6e Author: Stefan Metzmacher <me...@samba.org> Date: Tue Dec 17 19:55:12 2013 +0100 libcli/auth: try to use the current timestamp creds->sequence If the last usage of netlogon_creds_client_authenticator() is in the past try to use the current timestamp and increment more than just 2. If we use netlogon_creds_client_authenticator() a lot within a second, we increment keep incrementing by 2. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Stefan Metzmacher <me...@samba.org> Autobuild-Date(master): Tue Dec 24 13:18:18 CET 2013 on sn-devel-104 commit 636daac3b7b08ccb8845dab060157918d296ef67 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Dec 17 19:40:15 2013 +0100 libcli/auth: remove bogus comment regarding replay attacks creds->sequence (timestamp) is the value that is used to increment the internal state, it's not a real sequence number. The sequence comes from adding all timestamps of the whole session. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 202bcf9096e53d94b294936d6144ae77f1536b72 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Dec 17 19:35:37 2013 +0100 libcli/auth: set the return_authenticator->timestamp = 0 This is what windows returns, the value is ignored by the client anyway. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: libcli/auth/credentials.c | 26 +++++++++++++++++++++++--- 1 files changed, 23 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c index 1f664d3..f52538a 100644 --- a/libcli/auth/credentials.c +++ b/libcli/auth/credentials.c @@ -344,7 +344,29 @@ struct netlogon_creds_CredentialState *netlogon_creds_client_init_session_key(TA void netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState *creds, struct netr_Authenticator *next) { + uint32_t t32n = (uint32_t)time(NULL); + + /* + * we always increment and ignore an overflow here + */ creds->sequence += 2; + + if (t32n > creds->sequence) { + /* + * we may increment more + */ + creds->sequence = t32n; + } else { + uint32_t d = creds->sequence - t32n; + + if (d >= INT32_MAX) { + /* + * got an overflow of time_t vs. uint32_t + */ + creds->sequence = t32n; + } + } + netlogon_creds_step(creds); next->cred = creds->client; @@ -473,13 +495,11 @@ NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState return NT_STATUS_ACCESS_DENIED; } - /* TODO: this may allow the a replay attack on a non-signed - connection. Should we check that this is increasing? */ creds->sequence = received_authenticator->timestamp; netlogon_creds_step(creds); if (netlogon_creds_server_check_internal(creds, &received_authenticator->cred)) { return_authenticator->cred = creds->server; - return_authenticator->timestamp = creds->sequence; + return_authenticator->timestamp = 0; return NT_STATUS_OK; } else { ZERO_STRUCTP(return_authenticator); -- Samba Shared Repository