diff options
24 files changed, 74 insertions, 75 deletions
diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c index 4736e73d5a..417b05cf06 100644 --- a/auth/gensec/gensec.c +++ b/auth/gensec/gensec.c @@ -148,7 +148,8 @@ _PUBLIC_ NTSTATUS gensec_unwrap(struct gensec_security *gensec_security, } _PUBLIC_ NTSTATUS gensec_session_key(struct gensec_security *gensec_security, - DATA_BLOB *session_key) + TALLOC_CTX *mem_ctx, + DATA_BLOB *session_key) { if (!gensec_security->ops->session_key) { return NT_STATUS_NOT_IMPLEMENTED; @@ -157,7 +158,7 @@ _PUBLIC_ NTSTATUS gensec_session_key(struct gensec_security *gensec_security, return NT_STATUS_NO_USER_SESSION_KEY; } - return gensec_security->ops->session_key(gensec_security, session_key); + return gensec_security->ops->session_key(gensec_security, mem_ctx, session_key); } /** @@ -171,12 +172,13 @@ _PUBLIC_ NTSTATUS gensec_session_key(struct gensec_security *gensec_security, */ _PUBLIC_ NTSTATUS gensec_session_info(struct gensec_security *gensec_security, - struct auth_session_info **session_info) + TALLOC_CTX *mem_ctx, + struct auth_session_info **session_info) { if (!gensec_security->ops->session_info) { return NT_STATUS_NOT_IMPLEMENTED; } - return gensec_security->ops->session_info(gensec_security, session_info); + return gensec_security->ops->session_info(gensec_security, mem_ctx, session_info); } /** diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h index 852618c1af..38f2513742 100644 --- a/auth/gensec/gensec.h +++ b/auth/gensec/gensec.h @@ -132,8 +132,9 @@ struct gensec_security_ops { size_t *len_processed); NTSTATUS (*packet_full_request)(struct gensec_security *gensec_security, DATA_BLOB blob, size_t *size); - NTSTATUS (*session_key)(struct gensec_security *gensec_security, DATA_BLOB *session_key); - NTSTATUS (*session_info)(struct gensec_security *gensec_security, + NTSTATUS (*session_key)(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, + DATA_BLOB *session_key); + NTSTATUS (*session_info)(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx, struct auth_session_info **session_info); void (*want_feature)(struct gensec_security *gensec_security, uint32_t feature); @@ -233,6 +234,7 @@ const char *gensec_get_target_service(struct gensec_security *gensec_security); NTSTATUS gensec_set_target_hostname(struct gensec_security *gensec_security, const char *hostname); const char *gensec_get_target_hostname(struct gensec_security *gensec_security); NTSTATUS gensec_session_key(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, DATA_BLOB *session_key); NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security, const char *mech_oid); @@ -269,6 +271,7 @@ NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx, struct auth4_context *auth_context, struct gensec_security **gensec_security); NTSTATUS gensec_session_info(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, struct auth_session_info **session_info); NTSTATUS gensec_set_local_address(struct gensec_security *gensec_security, diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 4dd809856c..55610f5742 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -169,9 +169,6 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security) break; } - gensec_gssapi_state->session_key = data_blob(NULL, 0); - gensec_gssapi_state->pac = data_blob(NULL, 0); - ret = smb_krb5_init_context(gensec_gssapi_state, NULL, gensec_security->settings->lp_ctx, @@ -1242,6 +1239,7 @@ static bool gensec_gssapi_have_feature(struct gensec_security *gensec_security, * This breaks all the abstractions, but what do you expect... */ static NTSTATUS gensec_gssapi_session_key(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, DATA_BLOB *session_key) { struct gensec_gssapi_state *gensec_gssapi_state @@ -1253,11 +1251,6 @@ static NTSTATUS gensec_gssapi_session_key(struct gensec_security *gensec_securit return NT_STATUS_NO_USER_SESSION_KEY; } - if (gensec_gssapi_state->session_key.data) { - *session_key = gensec_gssapi_state->session_key; - return NT_STATUS_OK; - } - maj_stat = gsskrb5_get_subkey(&min_stat, gensec_gssapi_state->gssapi_context, &subkey); @@ -1269,10 +1262,9 @@ static NTSTATUS gensec_gssapi_session_key(struct gensec_security *gensec_securit DEBUG(10, ("Got KRB5 session key of length %d%s\n", (int)KRB5_KEY_LENGTH(subkey), (gensec_gssapi_state->sasl_state == STAGE_DONE)?" (done)":"")); - *session_key = data_blob_talloc(gensec_gssapi_state, + *session_key = data_blob_talloc(mem_ctx, KRB5_KEY_DATA(subkey), KRB5_KEY_LENGTH(subkey)); krb5_free_keyblock(gensec_gssapi_state->smb_krb5_context->krb5_context, subkey); - gensec_gssapi_state->session_key = *session_key; dump_data_pw("KRB5 Session Key:\n", session_key->data, session_key->length); return NT_STATUS_OK; @@ -1282,6 +1274,7 @@ static NTSTATUS gensec_gssapi_session_key(struct gensec_security *gensec_securit * this session. This uses either the PAC (if present) or a local * database lookup */ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx_out, struct auth_session_info **_session_info) { NTSTATUS nt_status; @@ -1302,7 +1295,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi return NT_STATUS_INVALID_PARAMETER; } - mem_ctx = talloc_named(gensec_gssapi_state, 0, "gensec_gssapi_session_info context"); + mem_ctx = talloc_named(mem_ctx_out, 0, "gensec_gssapi_session_info context"); NT_STATUS_HAVE_NO_MEMORY(mem_ctx); nt_status = gssapi_obtain_pac_blob(mem_ctx, gensec_gssapi_state->gssapi_context, @@ -1391,7 +1384,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi return nt_status; } - nt_status = gensec_gssapi_session_key(gensec_security, &session_info->session_key); + nt_status = gensec_gssapi_session_key(gensec_security, session_info, &session_info->session_key); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(mem_ctx); return nt_status; @@ -1436,9 +1429,8 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi /* It has been taken from this place... */ gensec_gssapi_state->delegated_cred_handle = GSS_C_NO_CREDENTIAL; } - talloc_steal(gensec_gssapi_state, session_info); + *_session_info = talloc_steal(mem_ctx_out, session_info); talloc_free(mem_ctx); - *_session_info = session_info; return NT_STATUS_OK; } diff --git a/source4/auth/gensec/gensec_gssapi.h b/source4/auth/gensec/gensec_gssapi.h index 1b826b963d..246fc99a72 100644 --- a/source4/auth/gensec/gensec_gssapi.h +++ b/source4/auth/gensec/gensec_gssapi.h @@ -43,9 +43,6 @@ struct gensec_gssapi_state { OM_uint32 want_flags, got_flags; gss_OID gss_oid; - DATA_BLOB session_key; - DATA_BLOB pac; - struct smb_krb5_context *smb_krb5_context; struct gssapi_creds_container *client_cred; struct gssapi_creds_container *server_cred; diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index 90794b850c..b3a20e4b63 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -50,8 +50,6 @@ enum GENSEC_KRB5_STATE { }; struct gensec_krb5_state { - DATA_BLOB session_key; - DATA_BLOB pac; enum GENSEC_KRB5_STATE state_position; struct smb_krb5_context *smb_krb5_context; krb5_auth_context auth_context; @@ -115,8 +113,6 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security, bool gensec_krb5_state->ticket = NULL; ZERO_STRUCT(gensec_krb5_state->enc_ticket); gensec_krb5_state->keyblock = NULL; - gensec_krb5_state->session_key = data_blob(NULL, 0); - gensec_krb5_state->pac = data_blob(NULL, 0); gensec_krb5_state->gssapi = gssapi; talloc_set_destructor(gensec_krb5_state, gensec_krb5_destroy); @@ -559,6 +555,7 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, } static NTSTATUS gensec_krb5_session_key(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, DATA_BLOB *session_key) { struct gensec_krb5_state *gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data; @@ -571,11 +568,6 @@ static NTSTATUS gensec_krb5_session_key(struct gensec_security *gensec_security, return NT_STATUS_NO_USER_SESSION_KEY; } - if (gensec_krb5_state->session_key.data) { - *session_key = gensec_krb5_state->session_key; - return NT_STATUS_OK; - } - switch (gensec_security->gensec_role) { case GENSEC_CLIENT: err = krb5_auth_con_getlocalsubkey(context, auth_context, &skey); @@ -587,9 +579,8 @@ static NTSTATUS gensec_krb5_session_key(struct gensec_security *gensec_security, if (err == 0 && skey != NULL) { DEBUG(10, ("Got KRB5 session key of length %d\n", (int)KRB5_KEY_LENGTH(skey))); - gensec_krb5_state->session_key = data_blob_talloc(gensec_krb5_state, - KRB5_KEY_DATA(skey), KRB5_KEY_LENGTH(skey)); - *session_key = gensec_krb5_state->session_key; + *session_key = data_blob_talloc(mem_ctx, + KRB5_KEY_DATA(skey), KRB5_KEY_LENGTH(skey)); dump_data_pw("KRB5 Session Key:\n", session_key->data, session_key->length); krb5_free_keyblock(context, skey); @@ -601,6 +592,7 @@ static NTSTATUS gensec_krb5_session_key(struct gensec_security *gensec_security, } static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx_out, struct auth_session_info **_session_info) { NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; @@ -618,7 +610,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security krb5_error_code ret; - TALLOC_CTX *mem_ctx = talloc_new(gensec_security); + TALLOC_CTX *mem_ctx = talloc_new(mem_ctx_out); if (!mem_ctx) { return NT_STATUS_NO_MEMORY; } @@ -736,16 +728,15 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security return nt_status; } - nt_status = gensec_krb5_session_key(gensec_security, &session_info->session_key); + nt_status = gensec_krb5_session_key(gensec_security, session_info, &session_info->session_key); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(mem_ctx); return nt_status; } - *_session_info = session_info; + *_session_info = talloc_steal(mem_ctx_out, session_info); - talloc_steal(gensec_krb5_state, session_info); talloc_free(mem_ctx); return NT_STATUS_OK; } diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c index 102836533c..6a69fd3f9d 100644 --- a/source4/auth/gensec/pygensec.c +++ b/source4/auth/gensec/pygensec.c @@ -257,6 +257,7 @@ static PyObject *py_gensec_set_credentials(PyObject *self, PyObject *args) static PyObject *py_gensec_session_info(PyObject *self) { + TALLOC_CTX *mem_ctx; NTSTATUS status; PyObject *py_session_info; struct gensec_security *security = py_talloc_get_type(self, struct gensec_security); @@ -265,7 +266,9 @@ static PyObject *py_gensec_session_info(PyObject *self) PyErr_SetString(PyExc_RuntimeError, "no mechanism selected"); return NULL; } - status = gensec_session_info(security, &info); + mem_ctx = talloc_new(NULL); + + status = gensec_session_info(security, mem_ctx, &info); if (NT_STATUS_IS_ERR(status)) { PyErr_SetNTSTATUS(status); return NULL; @@ -273,6 +276,7 @@ static PyObject *py_gensec_session_info(PyObject *self) py_session_info = py_return_ndr_struct("samba.dcerpc.auth", "session_info", info, info); + talloc_free(mem_ctx); return py_session_info; } diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c index 8f9aa921a9..67d928e710 100644 --- a/source4/auth/gensec/schannel.c +++ b/source4/auth/gensec/schannel.c @@ -43,7 +43,8 @@ static size_t schannel_sig_size(struct gensec_security *gensec_security, size_t } static NTSTATUS schannel_session_key(struct gensec_security *gensec_security, - DATA_BLOB *session_key) + TALLOC_CTX *mem_ctx, + DATA_BLOB *session_key) { return NT_STATUS_NOT_IMPLEMENTED; } @@ -215,10 +216,11 @@ _PUBLIC_ NTSTATUS dcerpc_schannel_creds(struct gensec_security *gensec_security, */ static NTSTATUS schannel_session_info(struct gensec_security *gensec_security, - struct auth_session_info **_session_info) + TALLOC_CTX *mem_ctx, + struct auth_session_info **_session_info) { struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state); - return auth_anonymous_session_info(state, gensec_security->settings->lp_ctx, _session_info); + return auth_anonymous_session_info(mem_ctx, gensec_security->settings->lp_ctx, _session_info); } static NTSTATUS schannel_start(struct gensec_security *gensec_security) diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c index c48e87e8b5..66204ee262 100644 --- a/source4/auth/gensec/spnego.c +++ b/source4/auth/gensec/spnego.c @@ -295,6 +295,7 @@ static size_t gensec_spnego_max_wrapped_size(struct gensec_security *gensec_secu } static NTSTATUS gensec_spnego_session_key(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, DATA_BLOB *session_key) { struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data; @@ -303,11 +304,13 @@ static NTSTATUS gensec_spnego_session_key(struct gensec_security *gensec_securit } return gensec_session_key(spnego_state->sub_sec_security, + mem_ctx, session_key); } static NTSTATUS gensec_spnego_session_info(struct gensec_security *gensec_security, - struct auth_session_info **session_info) + TALLOC_CTX *mem_ctx, + struct auth_session_info **session_info) { struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data; if (!spnego_state->sub_sec_security) { @@ -315,6 +318,7 @@ static NTSTATUS gensec_spnego_session_info(struct gensec_security *gensec_securi } return gensec_session_info(spnego_state->sub_sec_security, + mem_ctx, session_info); } diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c index 1a15d319a9..a53e5547ab 100644 --- a/source4/auth/ntlmssp/ntlmssp.c +++ b/source4/auth/ntlmssp/ntlmssp.c @@ -181,6 +181,7 @@ static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security, */ NTSTATUS gensec_ntlmssp_session_key(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, DATA_BLOB *session_key) { struct gensec_ntlmssp_context *gensec_ntlmssp = @@ -195,7 +196,10 @@ NTSTATUS gensec_ntlmssp_session_key(struct gensec_security *gensec_security, if (!ntlmssp_state->session_key.data) { return NT_STATUS_NO_USER_SESSION_KEY; } - *session_key = ntlmssp_state->session_key; + *session_key = data_blob_talloc(mem_ctx, ntlmssp_state->session_key.data, ntlmssp_state->session_key.length); + if (!session_key->data) { + return NT_STATUS_NO_MEMORY; + } return NT_STATUS_OK; } diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c index 240edbeaad..477972d1d4 100644 --- a/source4/auth/ntlmssp/ntlmssp_server.c +++ b/source4/auth/ntlmssp/ntlmssp_server.c @@ -213,6 +213,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, */ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, struct auth_session_info **session_info) { NTSTATUS nt_status; @@ -221,17 +222,14 @@ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security, struct gensec_ntlmssp_context); struct ntlmssp_state *ntlmssp_state = gensec_ntlmssp->ntlmssp_state; - nt_status = gensec_generate_session_info(ntlmssp_state, + nt_status = gensec_generate_session_info(mem_ctx, gensec_security, gensec_ntlmssp->user_info_dc, session_info); NT_STATUS_NOT_OK_RETURN(nt_status); - (*session_info)->session_key = data_blob_talloc(*session_info, - ntlmssp_state->session_key.data, - ntlmssp_state->session_key.length); - - return NT_STATUS_OK; + return gensec_ntlmssp_session_key(gensec_security, *session_info, + &(*session_info)->session_key); } /** diff --git a/source4/dsdb/repl/drepl_out_helpers.c b/source4/dsdb/repl/drepl_out_helpers.c index ebf2f77708..7b513a8050 100644 --- a/source4/dsdb/repl/drepl_out_helpers.c +++ b/source4/dsdb/repl/drepl_out_helpers.c @@ -114,6 +114,7 @@ static void dreplsrv_out_drsuapi_connect_done(struct composite_context *creq) state->drsuapi->drsuapi_handle = state->drsuapi->pipe->binding_handle; status = gensec_session_key(state->drsuapi->pipe->conn->security_state.generic_state, + state->drsuapi, &state->drsuapi->gensec_skey); if (tevent_req_nterror(req, status)) { return; diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c index 5d288f69a7..478dcaf573 100644 --- a/source4/kdc/kpasswdd.c +++ b/source4/kdc/kpasswdd.c @@ -227,6 +227,7 @@ static bool kpasswd_process_request(struct kdc_server *kdc, size_t pw_len; if (!NT_STATUS_IS_OK(gensec_session_info(gensec_security, + mem_ctx, &session_info))) { return kpasswdd_make_error_reply(kdc, mem_ctx, KRB5_KPASSWD_HARDERROR, diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c index 105e64078f..fd7deda499 100644 --- a/source4/ldap_server/ldap_bind.c +++ b/source4/ldap_server/ldap_bind.c @@ -68,8 +68,7 @@ static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call) errstr = NULL; talloc_unlink(call->conn, call->conn->session_info); - call->conn->session_info = session_info; - talloc_steal(call->conn, session_info); + call->conn->session_info = talloc_steal(call->conn, session_info); /* don't leak the old LDB */ talloc_unlink(call->conn, call->conn->ldb); @@ -277,7 +276,7 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) old_session_info = conn->session_info; conn->session_info = NULL; - status = gensec_session_info(conn->gensec, &conn->session_info); + status = gensec_session_info(conn->gensec, conn, &conn->session_info); if (!NT_STATUS_IS_OK(status)) { conn->session_info = old_session_info; result = LDAP_OPERATIONS_ERROR; @@ -286,7 +285,6 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) req->creds.SASL.mechanism, nt_errstr(status)); } else { talloc_unlink(conn, old_session_info); - talloc_steal(conn, conn->session_info); /* don't leak the old LDB */ talloc_unlink(conn, conn->ldb); diff --git a/source4/libcli/smb2/session.c b/source4/libcli/smb2/session.c index d46cdefc69..0f749a0b6c 100644 --- a/source4/libcli/smb2/session.c +++ b/source4/libcli/smb2/session.c @@ -233,8 +233,6 @@ static void smb2_session_setup_spnego_handler(struct smb2_request *subreq) tevent_req_data(req, struct smb2_session_setup_spnego_state); struct smb2_session *session = subreq->session; - NTSTATUS session_key_err; - DATA_BLOB session_key; NTSTATUS peer_status; NTSTATUS status; @@ -267,10 +265,7 @@ static void smb2_session_setup_spnego_handler(struct smb2_request *subreq) return; } - session_key_err = gensec_session_key(session->gensec, &session_key); - if (NT_STATUS_IS_OK(session_key_err)) { - session->session_key = session_key; - } + gensec_session_key(session->gensec, session, &session->session_key); if (session->transport->signing_required) { if (session->session_key.length == 0) { diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index ebc35983d2..d617055c41 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -200,10 +200,9 @@ static void request_handler(struct smbcli_request *req) c->status = NT_STATUS_INTERNAL_ERROR; break; } - session_key_err = gensec_session_key(session->gensec, &session_key); + session_key_err = gensec_session_key(session->gensec, session, &session->user_session_key); if (NT_STATUS_IS_OK(session_key_err)) { - set_user_session_key(session, &session_key); - smbcli_transport_simple_set_signing(session->transport, session_key, null_data_blob); + smbcli_transport_simple_set_signing(session->transport, session->user_session_key, null_data_blob); } } diff --git a/source4/libnet/libnet_become_dc.c b/source4/libnet/libnet_become_dc.c index 4d845ca1f0..aabb3b41a8 100644 --- a/source4/libnet/libnet_become_dc.c +++ b/source4/libnet/libnet_become_dc.c @@ -1595,6 +1595,7 @@ static void becomeDC_drsuapi1_connect_recv(struct composite_context *req) s->drsuapi1.drsuapi_handle = s->drsuapi1.pipe->binding_handle; c->status = gensec_session_key(s->drsuapi1.pipe->conn->security_state.generic_state, + s, &s->drsuapi1.gensec_skey); if (!composite_is_ok(c)) return; @@ -2475,6 +2476,7 @@ static void becomeDC_drsuapi2_connect_recv(struct composite_context *req) s->drsuapi2.drsuapi_handle = s->drsuapi2.pipe->binding_handle; c->status = gensec_session_key(s->drsuapi2.pipe->conn->security_state.generic_state, + s, &s->drsuapi2.gensec_skey); if (!composite_is_ok(c)) return; @@ -2535,6 +2537,7 @@ static void becomeDC_drsuapi3_connect_recv(struct composite_context *req) s->drsuapi3.drsuapi_handle = s->drsuapi3.pipe->binding_handle; c->status = gensec_session_key(s->drsuapi3.pipe->conn->security_state.generic_state, + s, &s->drsuapi3.gensec_skey); if (!composite_is_ok(c)) return; diff --git a/source4/libnet/py_net.c b/source4/libnet/py_net.c index fdf21592ad..90fa1d56d6 100644 --- a/source4/libnet/py_net.c +++ b/source4/libnet/py_net.c @@ -434,6 +434,7 @@ static PyObject *py_net_replicate_init(py_net_Object *self, PyObject *args, PyOb } status = gensec_session_key(s->drs_pipe->pipe->conn->security_state.generic_state, + s, &s->gensec_skey); if (!NT_STATUS_IS_OK(status)) { PyErr_Format(PyExc_RuntimeError, "Unable to get session key from drspipe: %s", diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c index 0802cd4323..ee7a86ab85 100644 --- a/source4/rpc_server/dcesrv_auth.c +++ b/source4/rpc_server/dcesrv_auth.c @@ -119,6 +119,7 @@ NTSTATUS dcesrv_auth_bind_ack(struct dcesrv_call_state *call, struct ncacn_packe if (NT_STATUS_IS_OK(status)) { status = gensec_session_info(dce_conn->auth_state.gensec_security, + dce_conn, &dce_conn->auth_state.session_info); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to establish session_info: %s\n", nt_errstr(status))); @@ -175,6 +176,7 @@ bool dcesrv_auth_auth3(struct dcesrv_call_state *call) &dce_conn->auth_state.auth_info->credentials); if (NT_STATUS_IS_OK(status)) { status = gensec_session_info(dce_conn->auth_state.gensec_security, + dce_conn, &dce_conn->auth_state.session_info); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to establish session_info: %s\n", nt_errstr(status))); @@ -254,6 +256,7 @@ NTSTATUS dcesrv_auth_alter_ack(struct dcesrv_call_state *call, struct ncacn_pack if (NT_STATUS_IS_OK(status)) { status = gensec_session_info(dce_conn->auth_state.gensec_security, + dce_conn, &dce_conn->auth_state.session_info); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to establish session_info: %s\n", nt_errstr(status))); diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index 116f2cd958..c84be7f79b 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -379,10 +379,11 @@ static void sesssetup_spnego_send(struct tevent_req *subreq) goto failed; } - status = gensec_session_info(smb_sess->gensec_ctx, &session_info); + status = gensec_session_info(smb_sess->gensec_ctx, smb_sess, &session_info); if (!NT_STATUS_IS_OK(status)) goto failed; - skey_status = gensec_session_key(smb_sess->gensec_ctx, &session_key); + /* The session_key is only needed until the end of the smbsrv_setup_signing() call */ + skey_status = gensec_session_key(smb_sess->gensec_ctx, req, &session_key); if (NT_STATUS_IS_OK(skey_status)) { smbsrv_setup_signing(req->smb_conn, &session_key, NULL); } diff --git a/source4/smb_server/smb2/sesssetup.c b/source4/smb_server/smb2/sesssetup.c index 94fe0da9fa..60e5500ee7 100644 --- a/source4/smb_server/smb2/sesssetup.c +++ b/source4/smb_server/smb2/sesssetup.c @@ -79,7 +79,7 @@ static void smb2srv_sesssetup_callback(struct tevent_req *subreq) goto failed; } - status = gensec_session_info(smb_sess->gensec_ctx, &session_info); + status = gensec_session_info(smb_sess->gensec_ctx, smb_sess, &session_info); if (!NT_STATUS_IS_OK(status)) { goto failed; } diff --git a/source4/torture/drs/rpc/dssync.c b/source4/torture/drs/rpc/dssync.c index 8279e736b1..7149da4a85 100644 --- a/source4/torture/drs/rpc/dssync.c +++ b/source4/torture/drs/rpc/dssync.c @@ -678,7 +678,7 @@ static bool test_GetNCChanges(struct torture_context *tctx, } } status = gensec_session_key(ctx->new_dc.drsuapi.drs_pipe->conn->security_state.generic_state, - &gensec_skey); + ctx, &gensec_skey); if (!NT_STATUS_IS_OK(status)) { printf("failed to get gensec session key: %s\n", nt_errstr(status)); return false; diff --git a/source4/torture/drs/rpc/msds_intid.c b/source4/torture/drs/rpc/msds_intid.c index 14c6454abe..c866c2181b 100644 --- a/source4/torture/drs/rpc/msds_intid.c +++ b/source4/torture/drs/rpc/msds_intid.c @@ -185,7 +185,7 @@ static bool _test_DsaBind(struct torture_context *tctx, bi->drs_handle = bi->drs_pipe->binding_handle; status = gensec_session_key(bi->drs_pipe->conn->security_state.generic_state, - &bi->gensec_skey); + mem_ctx, &bi->gensec_skey); torture_assert_ntstatus_ok(tctx, status, "failed to get gensec session key"); /* Bind to DRSUAPI interface */ diff --git a/source4/torture/rpc/remote_pac.c b/source4/torture/rpc/remote_pac.c index 37fb8af147..88a40b4fe4 100644 --- a/source4/torture/rpc/remote_pac.c +++ b/source4/torture/rpc/remote_pac.c @@ -129,7 +129,7 @@ static bool test_PACVerify(struct torture_context *tctx, /* Extract the PAC using Samba's code */ - status = gensec_session_info(gensec_server_context, &session_info); + status = gensec_session_info(gensec_server_context, gensec_server_context, &session_info); torture_assert_ntstatus_ok(tctx, status, "gensec_session_info failed"); torture_assert(tctx, session_info->torture != NULL, "gensec_session_info failed to fill in torture sub struct"); torture_assert(tctx, session_info->torture->pac_srv_sig != NULL, "pac_srv_sig not present"); @@ -468,7 +468,7 @@ static bool test_S2U4Self(struct torture_context *tctx, /* Extract the PAC using Samba's code */ - status = gensec_session_info(gensec_server_context, &kinit_session_info); + status = gensec_session_info(gensec_server_context, gensec_server_context, &kinit_session_info); torture_assert_ntstatus_ok(tctx, status, "gensec_session_info failed"); @@ -530,7 +530,7 @@ static bool test_S2U4Self(struct torture_context *tctx, /* Extract the PAC using Samba's code */ - status = gensec_session_info(gensec_server_context, &s2u4self_session_info); + status = gensec_session_info(gensec_server_context, gensec_server_context, &s2u4self_session_info); torture_assert_ntstatus_ok(tctx, status, "gensec_session_info failed"); cli_credentials_get_ntlm_username_domain(cmdline_credentials, tctx, diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c index d5c385cbc6..465d9b5982 100644 --- a/source4/utils/ntlm_auth.c +++ b/source4/utils/ntlm_auth.c @@ -575,7 +575,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode, char *grouplist = NULL; struct auth_session_info *session_info; - nt_status = gensec_session_info(state->gensec_state, &session_info); + nt_status = gensec_session_info(state->gensec_state, mem_ctx, &session_info); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(1, ("gensec_session_info failed: %s\n", nt_errstr(nt_status))); mux_printf(mux_id, "BH %s\n", nt_errstr(nt_status)); @@ -604,7 +604,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode, if (strncmp(buf, "GK", 2) == 0) { char *base64_key; DEBUG(10, ("Requested session key\n")); - nt_status = gensec_session_key(state->gensec_state, &session_key); + nt_status = gensec_session_key(state->gensec_state, mem_ctx, &session_key); if(!NT_STATUS_IS_OK(nt_status)) { DEBUG(1, ("gensec_session_key failed: %s\n", nt_errstr(nt_status))); mux_printf(mux_id, "BH No session key\n"); @@ -671,7 +671,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode, } else if /* OK */ (state->gensec_state->gensec_role == GENSEC_SERVER) { struct auth_session_info *session_info; - nt_status = gensec_session_info(state->gensec_state, &session_info); + nt_status = gensec_session_info(state->gensec_state, mem_ctx, &session_info); if (!NT_STATUS_IS_OK(nt_status)) { reply_code = "BH Failed to retrive session info"; reply_arg = nt_errstr(nt_status); |