summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/smb.h2
-rw-r--r--source3/rpc_server/srv_pipe_hnd.c4
-rw-r--r--source3/smbd/password.c7
-rw-r--r--source3/smbd/sesssetup.c31
4 files changed, 17 insertions, 27 deletions
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 2dba5487dc..d1af77d1d6 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1780,8 +1780,6 @@ typedef struct user_struct {
userdom_struct user;
- DATA_BLOB session_key;
-
char *session_keystr; /* used by utmp and pam session code.
TDB key string */
int homes_snum;
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index 9224774380..1d62199ad8 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -340,7 +340,9 @@ static void *make_internal_rpc_pipe_p(const char *pipe_name,
/* Store the session key and NT_TOKEN */
if (vuser) {
- p->session_key = data_blob(vuser->session_key.data, vuser->session_key.length);
+ p->session_key = data_blob(
+ vuser->server_info->user_session_key.data,
+ vuser->server_info->user_session_key.length);
p->pipe_user.nt_user_token = dup_nt_token(
NULL, vuser->server_info->ptok);
}
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 6305180e6f..5e2e713d43 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -119,8 +119,6 @@ void invalidate_vuid(uint16 vuid)
session_yield(vuser);
- data_blob_free(&vuser->session_key);
-
if (vuser->auth_ntlmssp_state) {
auth_ntlmssp_end(&vuser->auth_ntlmssp_state);
}
@@ -252,7 +250,6 @@ static int register_homes_share(const char *username)
int register_existing_vuid(uint16 vuid,
auth_serversupplied_info *server_info,
- DATA_BLOB session_key,
DATA_BLOB response_blob,
const char *smb_name)
{
@@ -279,8 +276,6 @@ int register_existing_vuid(uint16 vuid,
fstrcpy(vuser->user.full_name,
pdb_get_fullname(server_info->sam_account));
- vuser->session_key = session_key;
-
DEBUG(10,("register_existing_vuid: (%u,%u) %s %s %s guest=%d\n",
(unsigned int)vuser->server_info->uid,
(unsigned int)vuser->server_info->gid,
@@ -328,7 +323,7 @@ int register_existing_vuid(uint16 vuid,
!srv_signing_started()) {
/* Try and turn on server signing on the first non-guest
* sessionsetup. */
- srv_set_signing(vuser->session_key, response_blob);
+ srv_set_signing(vuser->server_info->user_session_key, response_blob);
}
/* fill in the current_user_info struct */
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 33a54dd0de..99bf0dcbb9 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -560,9 +560,13 @@ static void reply_spnego_kerberos(struct smb_request *req,
if (!is_partial_auth_vuid(sess_vuid)) {
sess_vuid = register_initial_vuid();
}
+
+ data_blob_free(&server_info->user_session_key);
+ server_info->user_session_key = session_key;
+ session_key = data_blob_null;
+
sess_vuid = register_existing_vuid(sess_vuid,
server_info,
- session_key,
nullblob,
client);
@@ -573,7 +577,6 @@ static void reply_spnego_kerberos(struct smb_request *req,
if (sess_vuid == UID_FIELD_INVALID ) {
ret = NT_STATUS_LOGON_FAILURE;
- data_blob_free(&session_key);
} else {
/* current_user_info is changed on new vuid */
reload_services( True );
@@ -649,14 +652,19 @@ static void reply_spnego_ntlmssp(struct smb_request *req,
(*auth_ntlmssp_state)->ntlmssp_state->session_key.length);
if (!is_partial_auth_vuid(vuid)) {
- data_blob_free(&session_key);
nt_status = NT_STATUS_LOGON_FAILURE;
goto out;
}
+
+ data_blob_free(&server_info->user_session_key);
+ server_info->user_session_key =
+ data_blob(
+ (*auth_ntlmssp_state)->ntlmssp_state->session_key.data,
+ (*auth_ntlmssp_state)->ntlmssp_state->session_key.length);
+
/* register_existing_vuid keeps the server info */
if (register_existing_vuid(vuid,
- server_info,
- session_key, nullblob,
+ server_info, nullblob,
(*auth_ntlmssp_state)->ntlmssp_state->user) !=
vuid) {
data_blob_free(&session_key);
@@ -1398,8 +1406,6 @@ void reply_sesssetup_and_X(struct smb_request *req)
bool doencrypt = global_encrypted_passwords_negotiated;
- DATA_BLOB session_key;
-
START_PROFILE(SMBsesssetupX);
ZERO_STRUCT(lm_resp);
@@ -1747,13 +1753,6 @@ void reply_sesssetup_and_X(struct smb_request *req)
return;
}
- if (server_info->user_session_key.data) {
- session_key = data_blob(server_info->user_session_key.data,
- server_info->user_session_key.length);
- } else {
- session_key = data_blob_null;
- }
-
data_blob_clear_free(&plaintext_password);
/* it's ok - setup a reply */
@@ -1772,7 +1771,6 @@ void reply_sesssetup_and_X(struct smb_request *req)
if (lp_security() == SEC_SHARE) {
sess_vuid = UID_FIELD_INVALID;
- data_blob_free(&session_key);
TALLOC_FREE(server_info);
} else {
/* Ignore the initial vuid. */
@@ -1780,7 +1778,6 @@ void reply_sesssetup_and_X(struct smb_request *req)
if (sess_vuid == UID_FIELD_INVALID) {
data_blob_free(&nt_resp);
data_blob_free(&lm_resp);
- data_blob_free(&session_key);
reply_nterror(req, nt_status_squash(
NT_STATUS_LOGON_FAILURE));
END_PROFILE(SMBsesssetupX);
@@ -1789,13 +1786,11 @@ void reply_sesssetup_and_X(struct smb_request *req)
/* register_existing_vuid keeps the server info */
sess_vuid = register_existing_vuid(sess_vuid,
server_info,
- session_key,
nt_resp.data ? nt_resp : lm_resp,
sub_user);
if (sess_vuid == UID_FIELD_INVALID) {
data_blob_free(&nt_resp);
data_blob_free(&lm_resp);
- data_blob_free(&session_key);
reply_nterror(req, nt_status_squash(
NT_STATUS_LOGON_FAILURE));
END_PROFILE(SMBsesssetupX);