From c7aad1deeaa4d962cfbd9581f05d2e61eeb20efe Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 17 Feb 2006 01:26:21 +0000 Subject: r13538: Make sure we store all 16 bytes of credentials session key and delete records that are old. We will need this for the full 16 byte session key support. Jeremy. (This used to be commit cef240d571f9ba1cdf596cd4cab4ec0790f943a0) --- source3/passdb/secrets.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index 6e46ea57fe..f6b1ece7d4 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -949,7 +949,7 @@ BOOL secrets_store_schannel_session_info(TALLOC_CTX *mem_ctx, const struct dcinf 8, pdc->seed_chal.data, 8, pdc->clnt_chal.data, 8, pdc->srv_chal.data, - 8, pdc->sess_key, + 16, pdc->sess_key, 16, pdc->mach_pw, pdc->mach_acct, pdc->remote_machine, @@ -966,7 +966,7 @@ BOOL secrets_store_schannel_session_info(TALLOC_CTX *mem_ctx, const struct dcinf 8, pdc->seed_chal.data, 8, pdc->clnt_chal.data, 8, pdc->srv_chal.data, - 8, pdc->sess_key, + 16, pdc->sess_key, 16, pdc->mach_pw, pdc->mach_acct, pdc->remote_machine, @@ -1050,7 +1050,7 @@ BOOL secrets_restore_schannel_session_info(TALLOC_CTX *mem_ctx, &pdc->remote_machine, &pdc->domain); - if (ret == -1 || l1 != 8 || l2 != 8 || l3 != 8 || l4 != 8 || l5 != 16) { + if (ret == -1 || l1 != 8 || l2 != 8 || l3 != 8 || l4 != 16 || l5 != 16) { talloc_free(keystr); talloc_free(pdc); SAFE_FREE(pseed_chal); @@ -1059,14 +1059,15 @@ BOOL secrets_restore_schannel_session_info(TALLOC_CTX *mem_ctx, SAFE_FREE(psess_key); SAFE_FREE(pmach_pw); SAFE_FREE(value.dptr); + /* Bad record - delete it. */ + tdb_delete_bystring(tdb_sc, keystr); return False; } memcpy(pdc->seed_chal.data, pseed_chal, 8); memcpy(pdc->clnt_chal.data, pclnt_chal, 8); memcpy(pdc->srv_chal.data, psrv_chal, 8); - memcpy(pdc->sess_key, psess_key, 8); - memset(&pdc->sess_key[8], '\0', 8); /* key followed by 8 bytes of zero. */ + memcpy(pdc->sess_key, psess_key, 16); memcpy(pdc->mach_pw, pmach_pw, 16); /* We know these are true so didn't bother to store them. */ -- cgit