Remove "session_key" from "struct user_struct"

This one took a bit -- I hope I covered all data paths
(This used to be commit 74c88a44422f88d6e2f2cdbfdfa0bafe0dbe06c4)

4 files changed, 17 insertions, 27 deletions

diff --git a/source3/include/smb.h b/source3/include/smb.h
index 2dba5487dc..d1af77d1d6 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1780,8 +1780,6 @@ typedef struct user_struct {
 
 	userdom_struct user;
 
-	DATA_BLOB session_key;
-
 	char *session_keystr; /* used by utmp and pam session code.  
 				 TDB key string */
 	int homes_snum;
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index 9224774380..1d62199ad8 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -340,7 +340,9 @@ static void *make_internal_rpc_pipe_p(const char *pipe_name,
 	
 	/* Store the session key and NT_TOKEN */
 	if (vuser) {
-		p->session_key = data_blob(vuser->session_key.data, vuser->session_key.length);
+		p->session_key = data_blob(
+			vuser->server_info->user_session_key.data,
+			vuser->server_info->user_session_key.length);
 		p->pipe_user.nt_user_token = dup_nt_token(
 			NULL, vuser->server_info->ptok);
 	}
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 6305180e6f..5e2e713d43 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -119,8 +119,6 @@ void invalidate_vuid(uint16 vuid)
 
 	session_yield(vuser);
 
-	data_blob_free(&vuser->session_key);
-
 	if (vuser->auth_ntlmssp_state) {
 		auth_ntlmssp_end(&vuser->auth_ntlmssp_state);
 	}
@@ -252,7 +250,6 @@ static int register_homes_share(const char *username)
 
 int register_existing_vuid(uint16 vuid,
 			auth_serversupplied_info *server_info,
-			DATA_BLOB session_key,
 			DATA_BLOB response_blob,
 			const char *smb_name)
 {
@@ -279,8 +276,6 @@ int register_existing_vuid(uint16 vuid,
 	fstrcpy(vuser->user.full_name,
 	pdb_get_fullname(server_info->sam_account));
 
-	vuser->session_key = session_key;
-
 	DEBUG(10,("register_existing_vuid: (%u,%u) %s %s %s guest=%d\n",
 			(unsigned int)vuser->server_info->uid,
 			(unsigned int)vuser->server_info->gid,
@@ -328,7 +323,7 @@ int register_existing_vuid(uint16 vuid,
 			!srv_signing_started()) {
 		/* Try and turn on server signing on the first non-guest
 		 * sessionsetup. */
-		srv_set_signing(vuser->session_key, response_blob);
+		srv_set_signing(vuser->server_info->user_session_key, response_blob);
 	}
 
 	/* fill in the current_user_info struct */
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 33a54dd0de..99bf0dcbb9 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -560,9 +560,13 @@ static void reply_spnego_kerberos(struct smb_request *req,
 	if (!is_partial_auth_vuid(sess_vuid)) {
 		sess_vuid = register_initial_vuid();
 	}
+
+	data_blob_free(&server_info->user_session_key);
+	server_info->user_session_key = session_key;
+	session_key = data_blob_null;
+
 	sess_vuid = register_existing_vuid(sess_vuid,
 					server_info,
-					session_key,
 					nullblob,
 					client);
 
@@ -573,7 +577,6 @@ static void reply_spnego_kerberos(struct smb_request *req,
 
 	if (sess_vuid == UID_FIELD_INVALID ) {
 		ret = NT_STATUS_LOGON_FAILURE;
-		data_blob_free(&session_key);
 	} else {
 		/* current_user_info is changed on new vuid */
 		reload_services( True );
@@ -649,14 +652,19 @@ static void reply_spnego_ntlmssp(struct smb_request *req,
 			(*auth_ntlmssp_state)->ntlmssp_state->session_key.length);
 
 		if (!is_partial_auth_vuid(vuid)) {
-			data_blob_free(&session_key);
 			nt_status = NT_STATUS_LOGON_FAILURE;
 			goto out;
 		}
+
+		data_blob_free(&server_info->user_session_key);
+		server_info->user_session_key =
+			data_blob(
+			(*auth_ntlmssp_state)->ntlmssp_state->session_key.data,
+			(*auth_ntlmssp_state)->ntlmssp_state->session_key.length);
+
 		/* register_existing_vuid keeps the server info */
 		if (register_existing_vuid(vuid,
-				server_info,
-				session_key, nullblob,
+				server_info, nullblob,
 				(*auth_ntlmssp_state)->ntlmssp_state->user) !=
 					vuid) {
 			data_blob_free(&session_key);
@@ -1398,8 +1406,6 @@ void reply_sesssetup_and_X(struct smb_request *req)
 
 	bool doencrypt = global_encrypted_passwords_negotiated;
 
-	DATA_BLOB session_key;
-
 	START_PROFILE(SMBsesssetupX);
 
 	ZERO_STRUCT(lm_resp);
@@ -1747,13 +1753,6 @@ void reply_sesssetup_and_X(struct smb_request *req)
 		return;
 	}
 
-	if (server_info->user_session_key.data) {
-		session_key = data_blob(server_info->user_session_key.data,
-				server_info->user_session_key.length);
-	} else {
-		session_key = data_blob_null;
-	}
-
 	data_blob_clear_free(&plaintext_password);
 
 	/* it's ok - setup a reply */
@@ -1772,7 +1771,6 @@ void reply_sesssetup_and_X(struct smb_request *req)
 
 	if (lp_security() == SEC_SHARE) {
 		sess_vuid = UID_FIELD_INVALID;
-		data_blob_free(&session_key);
 		TALLOC_FREE(server_info);
 	} else {
 		/* Ignore the initial vuid. */
@@ -1780,7 +1778,6 @@ void reply_sesssetup_and_X(struct smb_request *req)
 		if (sess_vuid == UID_FIELD_INVALID) {
 			data_blob_free(&nt_resp);
 			data_blob_free(&lm_resp);
-			data_blob_free(&session_key);
 			reply_nterror(req, nt_status_squash(
 					      NT_STATUS_LOGON_FAILURE));
 			END_PROFILE(SMBsesssetupX);
@@ -1789,13 +1786,11 @@ void reply_sesssetup_and_X(struct smb_request *req)
 		/* register_existing_vuid keeps the server info */
 		sess_vuid = register_existing_vuid(sess_vuid,
 					server_info,
-					session_key,
 					nt_resp.data ? nt_resp : lm_resp,
 					sub_user);
 		if (sess_vuid == UID_FIELD_INVALID) {
 			data_blob_free(&nt_resp);
 			data_blob_free(&lm_resp);
-			data_blob_free(&session_key);
 			reply_nterror(req, nt_status_squash(
 					      NT_STATUS_LOGON_FAILURE));
 			END_PROFILE(SMBsesssetupX);