diff options
-rw-r--r-- | source3/include/smb.h | 2 | ||||
-rw-r--r-- | source3/rpc_server/srv_pipe_hnd.c | 4 | ||||
-rw-r--r-- | source3/smbd/password.c | 7 | ||||
-rw-r--r-- | source3/smbd/sesssetup.c | 31 |
4 files changed, 17 insertions, 27 deletions
diff --git a/source3/include/smb.h b/source3/include/smb.h index 2dba5487dc..d1af77d1d6 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -1780,8 +1780,6 @@ typedef struct user_struct { userdom_struct user; - DATA_BLOB session_key; - char *session_keystr; /* used by utmp and pam session code. TDB key string */ int homes_snum; diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 9224774380..1d62199ad8 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -340,7 +340,9 @@ static void *make_internal_rpc_pipe_p(const char *pipe_name, /* Store the session key and NT_TOKEN */ if (vuser) { - p->session_key = data_blob(vuser->session_key.data, vuser->session_key.length); + p->session_key = data_blob( + vuser->server_info->user_session_key.data, + vuser->server_info->user_session_key.length); p->pipe_user.nt_user_token = dup_nt_token( NULL, vuser->server_info->ptok); } diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 6305180e6f..5e2e713d43 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -119,8 +119,6 @@ void invalidate_vuid(uint16 vuid) session_yield(vuser); - data_blob_free(&vuser->session_key); - if (vuser->auth_ntlmssp_state) { auth_ntlmssp_end(&vuser->auth_ntlmssp_state); } @@ -252,7 +250,6 @@ static int register_homes_share(const char *username) int register_existing_vuid(uint16 vuid, auth_serversupplied_info *server_info, - DATA_BLOB session_key, DATA_BLOB response_blob, const char *smb_name) { @@ -279,8 +276,6 @@ int register_existing_vuid(uint16 vuid, fstrcpy(vuser->user.full_name, pdb_get_fullname(server_info->sam_account)); - vuser->session_key = session_key; - DEBUG(10,("register_existing_vuid: (%u,%u) %s %s %s guest=%d\n", (unsigned int)vuser->server_info->uid, (unsigned int)vuser->server_info->gid, @@ -328,7 +323,7 @@ int register_existing_vuid(uint16 vuid, !srv_signing_started()) { /* Try and turn on server signing on the first non-guest * sessionsetup. */ - srv_set_signing(vuser->session_key, response_blob); + srv_set_signing(vuser->server_info->user_session_key, response_blob); } /* fill in the current_user_info struct */ diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 33a54dd0de..99bf0dcbb9 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -560,9 +560,13 @@ static void reply_spnego_kerberos(struct smb_request *req, if (!is_partial_auth_vuid(sess_vuid)) { sess_vuid = register_initial_vuid(); } + + data_blob_free(&server_info->user_session_key); + server_info->user_session_key = session_key; + session_key = data_blob_null; + sess_vuid = register_existing_vuid(sess_vuid, server_info, - session_key, nullblob, client); @@ -573,7 +577,6 @@ static void reply_spnego_kerberos(struct smb_request *req, if (sess_vuid == UID_FIELD_INVALID ) { ret = NT_STATUS_LOGON_FAILURE; - data_blob_free(&session_key); } else { /* current_user_info is changed on new vuid */ reload_services( True ); @@ -649,14 +652,19 @@ static void reply_spnego_ntlmssp(struct smb_request *req, (*auth_ntlmssp_state)->ntlmssp_state->session_key.length); if (!is_partial_auth_vuid(vuid)) { - data_blob_free(&session_key); nt_status = NT_STATUS_LOGON_FAILURE; goto out; } + + data_blob_free(&server_info->user_session_key); + server_info->user_session_key = + data_blob( + (*auth_ntlmssp_state)->ntlmssp_state->session_key.data, + (*auth_ntlmssp_state)->ntlmssp_state->session_key.length); + /* register_existing_vuid keeps the server info */ if (register_existing_vuid(vuid, - server_info, - session_key, nullblob, + server_info, nullblob, (*auth_ntlmssp_state)->ntlmssp_state->user) != vuid) { data_blob_free(&session_key); @@ -1398,8 +1406,6 @@ void reply_sesssetup_and_X(struct smb_request *req) bool doencrypt = global_encrypted_passwords_negotiated; - DATA_BLOB session_key; - START_PROFILE(SMBsesssetupX); ZERO_STRUCT(lm_resp); @@ -1747,13 +1753,6 @@ void reply_sesssetup_and_X(struct smb_request *req) return; } - if (server_info->user_session_key.data) { - session_key = data_blob(server_info->user_session_key.data, - server_info->user_session_key.length); - } else { - session_key = data_blob_null; - } - data_blob_clear_free(&plaintext_password); /* it's ok - setup a reply */ @@ -1772,7 +1771,6 @@ void reply_sesssetup_and_X(struct smb_request *req) if (lp_security() == SEC_SHARE) { sess_vuid = UID_FIELD_INVALID; - data_blob_free(&session_key); TALLOC_FREE(server_info); } else { /* Ignore the initial vuid. */ @@ -1780,7 +1778,6 @@ void reply_sesssetup_and_X(struct smb_request *req) if (sess_vuid == UID_FIELD_INVALID) { data_blob_free(&nt_resp); data_blob_free(&lm_resp); - data_blob_free(&session_key); reply_nterror(req, nt_status_squash( NT_STATUS_LOGON_FAILURE)); END_PROFILE(SMBsesssetupX); @@ -1789,13 +1786,11 @@ void reply_sesssetup_and_X(struct smb_request *req) /* register_existing_vuid keeps the server info */ sess_vuid = register_existing_vuid(sess_vuid, server_info, - session_key, nt_resp.data ? nt_resp : lm_resp, sub_user); if (sess_vuid == UID_FIELD_INVALID) { data_blob_free(&nt_resp); data_blob_free(&lm_resp); - data_blob_free(&session_key); reply_nterror(req, nt_status_squash( NT_STATUS_LOGON_FAILURE)); END_PROFILE(SMBsesssetupX); |