Now that we have p->server_info, use p->server_info->user_session_key

(This used to be commit aefad64e3a5c86d2f988d47e6215ed2085b8fc47)

5 files changed, 47 insertions, 41 deletions

diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h
index 352d17bd3b..d582d50c97 100644
--- a/source3/include/ntdomain.h
+++ b/source3/include/ntdomain.h
@@ -237,7 +237,6 @@ typedef struct pipes_struct {
 	 */
 
 	struct current_user pipe_user;
-	DATA_BLOB session_key;
  
 	/*
 	 * Set to true when an RPC bind has been done on this pipe.
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index cac48db7ee..80e2b2f9a9 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -606,9 +606,10 @@ bool create_next_pdu(pipes_struct *p)
 
 static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
 {
-	DATA_BLOB reply;
+	DATA_BLOB session_key, reply;
 	NTSTATUS status;
 	AUTH_NTLMSSP_STATE *a = p->auth.a_u.auth_ntlmssp_state;
+	bool ret;
 
 	DEBUG(5,("pipe_ntlmssp_verify_final: pipe %s checking user details\n", p->name));
 
@@ -663,18 +664,6 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
 	p->pipe_user.ut.uid = a->server_info->utok.uid;
 	p->pipe_user.ut.gid = a->server_info->utok.gid;
 	
-	/*
-	 * We're an authenticated bind over smb, so the session key needs to
-	 * be set to "SystemLibraryDTC". Weird, but this is what Windows
-	 * does. See the RPC-SAMBA3SESSIONKEY.
-	 */
-
-	data_blob_free(&p->session_key);
-	p->session_key = generic_session_key();
-	if (!p->session_key.data) {
-		return False;
-	}
-
 	p->pipe_user.ut.ngroups = a->server_info->utok.ngroups;
 	if (p->pipe_user.ut.ngroups) {
 		if (!(p->pipe_user.ut.groups = (gid_t *)memdup(
@@ -702,7 +691,20 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
 		return false;
 	}
 
-	server_info_set_session_key(p->server_info, p->session_key);
+	/*
+	 * We're an authenticated bind over smb, so the session key needs to
+	 * be set to "SystemLibraryDTC". Weird, but this is what Windows
+	 * does. See the RPC-SAMBA3SESSIONKEY.
+	 */
+
+	session_key = generic_session_key();
+	if (session_key.data == NULL) {
+		return False;
+	}
+
+	ret = server_info_set_session_key(p->server_info, session_key);
+
+	data_blob_free(&session_key);
 
 	return True;
 }
@@ -1332,6 +1334,7 @@ static bool pipe_schannel_auth_bind(pipes_struct *p, prs_struct *rpc_in_p,
 	bool ret;
 	struct dcinfo *pdcinfo;
 	uint32 flags;
+	DATA_BLOB session_key;
 
 	if (!smb_io_rpc_auth_schannel_neg("", &neg, rpc_in_p, 0)) {
 		DEBUG(0,("pipe_schannel_auth_bind: Could not unmarshal SCHANNEL auth neg\n"));
@@ -1378,12 +1381,20 @@ static bool pipe_schannel_auth_bind(pipes_struct *p, prs_struct *rpc_in_p,
 	 * anymore.
 	 */
 
-	data_blob_free(&p->session_key);
-	p->session_key = generic_session_key();
-	if (p->session_key.data == NULL) {
+	session_key = generic_session_key();
+	if (session_key.data == NULL) {
 		DEBUG(0, ("pipe_schannel_auth_bind: Could not alloc session"
 			  " key\n"));
-		return False;
+		return false;
+	}
+
+	ret = server_info_set_session_key(p->server_info, session_key);
+
+	data_blob_free(&session_key);
+
+	if (!ret) {
+		DEBUG(0, ("server_info_set_session_key failed\n"));
+		return false;
 	}
 
 	init_rpc_hdr_auth(&auth_info, RPC_SCHANNEL_AUTH_TYPE, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1);
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index 9a57a1bdb3..f2b2919f43 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -339,9 +339,6 @@ static void *make_internal_rpc_pipe_p(const char *pipe_name,
 	
 	/* Store the session key and NT_TOKEN */
 	if (vuser) {
-		p->session_key = data_blob(
-			vuser->server_info->user_session_key.data,
-			vuser->server_info->user_session_key.length);
 		p->pipe_user.nt_user_token = dup_nt_token(
 			NULL, vuser->server_info->ptok);
 	}
@@ -1219,7 +1216,6 @@ static bool close_internal_rpc_pipe_hnd(void *np_conn)
 	close_policy_by_pipe(p);
 
 	TALLOC_FREE(p->pipe_user.nt_user_token);
-	data_blob_free(&p->session_key);
 	SAFE_FREE(p->pipe_user.ut.groups);
 
 	DLIST_REMOVE(InternalPipes, p);
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index a89e00f1ec..1b1e98c049 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -4206,11 +4206,11 @@ static NTSTATUS samr_SetUserInfo_internal(const char *fn_name,
 			break;
 
 		case 23:
-			if (!p->session_key.length) {
+			if (!p->server_info->user_session_key.length) {
 				status = NT_STATUS_NO_USER_SESSION_KEY;
 			}
 			SamOEMhashBlob(info->info23.password.data, 516,
-				       &p->session_key);
+				       &p->server_info->user_session_key);
 
 			dump_data(100, info->info23.password.data, 516);
 
@@ -4219,12 +4219,12 @@ static NTSTATUS samr_SetUserInfo_internal(const char *fn_name,
 			break;
 
 		case 24:
-			if (!p->session_key.length) {
+			if (!p->server_info->user_session_key.length) {
 				status = NT_STATUS_NO_USER_SESSION_KEY;
 			}
 			SamOEMhashBlob(info->info24.password.data,
 				       516,
-				       &p->session_key);
+				       &p->server_info->user_session_key);
 
 			dump_data(100, info->info24.password.data, 516);
 
@@ -4235,11 +4235,12 @@ static NTSTATUS samr_SetUserInfo_internal(const char *fn_name,
 			break;
 
 		case 25:
-			if (!p->session_key.length) {
+			if (!p->server_info->user_session_key.length) {
 				status = NT_STATUS_NO_USER_SESSION_KEY;
 			}
-			encode_or_decode_arc4_passwd_buffer(info->info25.password.data,
-							    &p->session_key);
+			encode_or_decode_arc4_passwd_buffer(
+				info->info25.password.data,
+				&p->server_info->user_session_key);
 
 			dump_data(100, info->info25.password.data, 532);
 
@@ -4255,11 +4256,12 @@ static NTSTATUS samr_SetUserInfo_internal(const char *fn_name,
 			break;
 
 		case 26:
-			if (!p->session_key.length) {
+			if (!p->server_info->user_session_key.length) {
 				status = NT_STATUS_NO_USER_SESSION_KEY;
 			}
-			encode_or_decode_arc4_passwd_buffer(info->info26.password.data,
-							    &p->session_key);
+			encode_or_decode_arc4_passwd_buffer(
+				info->info26.password.data,
+				&p->server_info->user_session_key);
 
 			dump_data(100, info->info26.password.data, 516);
 
diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c
index 3c64abfcdf..c96439cc1a 100644
--- a/source3/rpc_server/srv_wkssvc_nt.c
+++ b/source3/rpc_server/srv_wkssvc_nt.c
@@ -316,10 +316,9 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p,
 		return WERR_NOT_SUPPORTED;
 	}
 
-	werr = decode_wkssvc_join_password_buffer(p->mem_ctx,
-						  r->in.encrypted_password,
-						  &p->session_key,
-						  &cleartext_pwd);
+	werr = decode_wkssvc_join_password_buffer(
+		p->mem_ctx, r->in.encrypted_password,
+		&p->server_info->user_session_key, &cleartext_pwd);
 	if (!W_ERROR_IS_OK(werr)) {
 		return werr;
 	}
@@ -383,10 +382,9 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p,
 		return WERR_ACCESS_DENIED;
 	}
 
-	werr = decode_wkssvc_join_password_buffer(p->mem_ctx,
-						  r->in.encrypted_password,
-						  &p->session_key,
-						  &cleartext_pwd);
+	werr = decode_wkssvc_join_password_buffer(
+		p->mem_ctx, r->in.encrypted_password,
+		&p->server_info->user_session_key, &cleartext_pwd);
 	if (!W_ERROR_IS_OK(werr)) {
 		return werr;
 	}