libcli/auth: try to use the current timestamp creds->sequence
authorStefan Metzmacher <metze@samba.org>
Tue, 17 Dec 2013 18:55:12 +0000 (19:55 +0100)
committerStefan Metzmacher <metze@samba.org>
Tue, 17 Dec 2013 19:08:29 +0000 (20:08 +0100)
If the last usage of netlogon_creds_client_authenticator()
is in the past try to use the current timestamp and increment
more than just 2.

If we use netlogon_creds_client_authenticator() a lot within a
second, we increment keep incrementing by 2.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
libcli/auth/credentials.c

index afb4a04b55cba668a8d627093b8f3a86fb40a722..f52538a72426f585a0033ae102567402ed0f6b47 100644 (file)
@@ -344,7 +344,29 @@ struct netlogon_creds_CredentialState *netlogon_creds_client_init_session_key(TA
 void netlogon_creds_client_authenticator(struct netlogon_creds_CredentialState *creds,
                                struct netr_Authenticator *next)
 {
+       uint32_t t32n = (uint32_t)time(NULL);
+
+       /*
+        * we always increment and ignore an overflow here
+        */
        creds->sequence += 2;
+
+       if (t32n > creds->sequence) {
+               /*
+                * we may increment more
+                */
+               creds->sequence = t32n;
+       } else {
+               uint32_t d = creds->sequence - t32n;
+
+               if (d >= INT32_MAX) {
+                       /*
+                        * got an overflow of time_t vs. uint32_t
+                        */
+                       creds->sequence = t32n;
+               }
+       }
+
        netlogon_creds_step(creds);
 
        next->cred = creds->client;