summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/include/ntdomain.h1
-rw-r--r--source3/rpc_server/srv_pipe.c47
-rw-r--r--source3/rpc_server/srv_pipe_hnd.c4
-rw-r--r--source3/rpc_server/srv_samr_nt.c22
-rw-r--r--source3/rpc_server/srv_wkssvc_nt.c14
5 files changed, 47 insertions, 41 deletions
diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h
index 352d17bd3b..d582d50c97 100644
--- a/source3/include/ntdomain.h
+++ b/source3/include/ntdomain.h
@@ -237,7 +237,6 @@ typedef struct pipes_struct {
*/
struct current_user pipe_user;
- DATA_BLOB session_key;
/*
* Set to true when an RPC bind has been done on this pipe.
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index cac48db7ee..80e2b2f9a9 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -606,9 +606,10 @@ bool create_next_pdu(pipes_struct *p)
static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
{
- DATA_BLOB reply;
+ DATA_BLOB session_key, reply;
NTSTATUS status;
AUTH_NTLMSSP_STATE *a = p->auth.a_u.auth_ntlmssp_state;
+ bool ret;
DEBUG(5,("pipe_ntlmssp_verify_final: pipe %s checking user details\n", p->name));
@@ -663,18 +664,6 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
p->pipe_user.ut.uid = a->server_info->utok.uid;
p->pipe_user.ut.gid = a->server_info->utok.gid;
- /*
- * We're an authenticated bind over smb, so the session key needs to
- * be set to "SystemLibraryDTC". Weird, but this is what Windows
- * does. See the RPC-SAMBA3SESSIONKEY.
- */
-
- data_blob_free(&p->session_key);
- p->session_key = generic_session_key();
- if (!p->session_key.data) {
- return False;
- }
-
p->pipe_user.ut.ngroups = a->server_info->utok.ngroups;
if (p->pipe_user.ut.ngroups) {
if (!(p->pipe_user.ut.groups = (gid_t *)memdup(
@@ -702,7 +691,20 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
return false;
}
- server_info_set_session_key(p->server_info, p->session_key);
+ /*
+ * We're an authenticated bind over smb, so the session key needs to
+ * be set to "SystemLibraryDTC". Weird, but this is what Windows
+ * does. See the RPC-SAMBA3SESSIONKEY.
+ */
+
+ session_key = generic_session_key();
+ if (session_key.data == NULL) {
+ return False;
+ }
+
+ ret = server_info_set_session_key(p->server_info, session_key);
+
+ data_blob_free(&session_key);
return True;
}
@@ -1332,6 +1334,7 @@ static bool pipe_schannel_auth_bind(pipes_struct *p, prs_struct *rpc_in_p,
bool ret;
struct dcinfo *pdcinfo;
uint32 flags;
+ DATA_BLOB session_key;
if (!smb_io_rpc_auth_schannel_neg("", &neg, rpc_in_p, 0)) {
DEBUG(0,("pipe_schannel_auth_bind: Could not unmarshal SCHANNEL auth neg\n"));
@@ -1378,12 +1381,20 @@ static bool pipe_schannel_auth_bind(pipes_struct *p, prs_struct *rpc_in_p,
* anymore.
*/
- data_blob_free(&p->session_key);
- p->session_key = generic_session_key();
- if (p->session_key.data == NULL) {
+ session_key = generic_session_key();
+ if (session_key.data == NULL) {
DEBUG(0, ("pipe_schannel_auth_bind: Could not alloc session"
" key\n"));
- return False;
+ return false;
+ }
+
+ ret = server_info_set_session_key(p->server_info, session_key);
+
+ data_blob_free(&session_key);
+
+ if (!ret) {
+ DEBUG(0, ("server_info_set_session_key failed\n"));
+ return false;
}
init_rpc_hdr_auth(&auth_info, RPC_SCHANNEL_AUTH_TYPE, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1);
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index 9a57a1bdb3..f2b2919f43 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -339,9 +339,6 @@ static void *make_internal_rpc_pipe_p(const char *pipe_name,
/* Store the session key and NT_TOKEN */
if (vuser) {
- p->session_key = data_blob(
- vuser->server_info->user_session_key.data,
- vuser->server_info->user_session_key.length);
p->pipe_user.nt_user_token = dup_nt_token(
NULL, vuser->server_info->ptok);
}
@@ -1219,7 +1216,6 @@ static bool close_internal_rpc_pipe_hnd(void *np_conn)
close_policy_by_pipe(p);
TALLOC_FREE(p->pipe_user.nt_user_token);
- data_blob_free(&p->session_key);
SAFE_FREE(p->pipe_user.ut.groups);
DLIST_REMOVE(InternalPipes, p);
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index a89e00f1ec..1b1e98c049 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -4206,11 +4206,11 @@ static NTSTATUS samr_SetUserInfo_internal(const char *fn_name,
break;
case 23:
- if (!p->session_key.length) {
+ if (!p->server_info->user_session_key.length) {
status = NT_STATUS_NO_USER_SESSION_KEY;
}
SamOEMhashBlob(info->info23.password.data, 516,
- &p->session_key);
+ &p->server_info->user_session_key);
dump_data(100, info->info23.password.data, 516);
@@ -4219,12 +4219,12 @@ static NTSTATUS samr_SetUserInfo_internal(const char *fn_name,
break;
case 24:
- if (!p->session_key.length) {
+ if (!p->server_info->user_session_key.length) {
status = NT_STATUS_NO_USER_SESSION_KEY;
}
SamOEMhashBlob(info->info24.password.data,
516,
- &p->session_key);
+ &p->server_info->user_session_key);
dump_data(100, info->info24.password.data, 516);
@@ -4235,11 +4235,12 @@ static NTSTATUS samr_SetUserInfo_internal(const char *fn_name,
break;
case 25:
- if (!p->session_key.length) {
+ if (!p->server_info->user_session_key.length) {
status = NT_STATUS_NO_USER_SESSION_KEY;
}
- encode_or_decode_arc4_passwd_buffer(info->info25.password.data,
- &p->session_key);
+ encode_or_decode_arc4_passwd_buffer(
+ info->info25.password.data,
+ &p->server_info->user_session_key);
dump_data(100, info->info25.password.data, 532);
@@ -4255,11 +4256,12 @@ static NTSTATUS samr_SetUserInfo_internal(const char *fn_name,
break;
case 26:
- if (!p->session_key.length) {
+ if (!p->server_info->user_session_key.length) {
status = NT_STATUS_NO_USER_SESSION_KEY;
}
- encode_or_decode_arc4_passwd_buffer(info->info26.password.data,
- &p->session_key);
+ encode_or_decode_arc4_passwd_buffer(
+ info->info26.password.data,
+ &p->server_info->user_session_key);
dump_data(100, info->info26.password.data, 516);
diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c
index 3c64abfcdf..c96439cc1a 100644
--- a/source3/rpc_server/srv_wkssvc_nt.c
+++ b/source3/rpc_server/srv_wkssvc_nt.c
@@ -316,10 +316,9 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p,
return WERR_NOT_SUPPORTED;
}
- werr = decode_wkssvc_join_password_buffer(p->mem_ctx,
- r->in.encrypted_password,
- &p->session_key,
- &cleartext_pwd);
+ werr = decode_wkssvc_join_password_buffer(
+ p->mem_ctx, r->in.encrypted_password,
+ &p->server_info->user_session_key, &cleartext_pwd);
if (!W_ERROR_IS_OK(werr)) {
return werr;
}
@@ -383,10 +382,9 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p,
return WERR_ACCESS_DENIED;
}
- werr = decode_wkssvc_join_password_buffer(p->mem_ctx,
- r->in.encrypted_password,
- &p->session_key,
- &cleartext_pwd);
+ werr = decode_wkssvc_join_password_buffer(
+ p->mem_ctx, r->in.encrypted_password,
+ &p->server_info->user_session_key, &cleartext_pwd);
if (!W_ERROR_IS_OK(werr)) {
return werr;
}