From c7aad1deeaa4d962cfbd9581f05d2e61eeb20efe Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 17 Feb 2006 01:26:21 +0000
Subject: r13538: Make sure we store all 16 bytes of credentials session key
 and delete records that are old. We will need this for the full 16 byte
 session key support. Jeremy. (This used to be commit
 cef240d571f9ba1cdf596cd4cab4ec0790f943a0)

---
 source3/passdb/secrets.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

(limited to 'source3/passdb')

diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index 6e46ea57fe..f6b1ece7d4 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -949,7 +949,7 @@ BOOL secrets_store_schannel_session_info(TALLOC_CTX *mem_ctx, const struct dcinf
 				8, pdc->seed_chal.data,
 				8, pdc->clnt_chal.data,
 				8, pdc->srv_chal.data,
-				8, pdc->sess_key,
+				16, pdc->sess_key,
 				16, pdc->mach_pw,
 				pdc->mach_acct,
 				pdc->remote_machine,
@@ -966,7 +966,7 @@ BOOL secrets_store_schannel_session_info(TALLOC_CTX *mem_ctx, const struct dcinf
 				8, pdc->seed_chal.data,
 				8, pdc->clnt_chal.data,
 				8, pdc->srv_chal.data,
-				8, pdc->sess_key,
+				16, pdc->sess_key,
 				16, pdc->mach_pw,
 				pdc->mach_acct,
 				pdc->remote_machine,
@@ -1050,7 +1050,7 @@ BOOL secrets_restore_schannel_session_info(TALLOC_CTX *mem_ctx,
 				&pdc->remote_machine,
 				&pdc->domain);
 
-	if (ret == -1 || l1 != 8 || l2 != 8 || l3 != 8 || l4 != 8 || l5 != 16) {
+	if (ret == -1 || l1 != 8 || l2 != 8 || l3 != 8 || l4 != 16 || l5 != 16) {
 		talloc_free(keystr);
 		talloc_free(pdc);
 		SAFE_FREE(pseed_chal);
@@ -1059,14 +1059,15 @@ BOOL secrets_restore_schannel_session_info(TALLOC_CTX *mem_ctx,
 		SAFE_FREE(psess_key);
 		SAFE_FREE(pmach_pw);
 		SAFE_FREE(value.dptr);
+		/* Bad record - delete it. */
+		tdb_delete_bystring(tdb_sc, keystr);
 		return False;
 	}
 
 	memcpy(pdc->seed_chal.data, pseed_chal, 8);
 	memcpy(pdc->clnt_chal.data, pclnt_chal, 8);
 	memcpy(pdc->srv_chal.data, psrv_chal, 8);
-	memcpy(pdc->sess_key, psess_key, 8);
-	memset(&pdc->sess_key[8], '\0', 8); /* key followed by 8 bytes of zero. */
+	memcpy(pdc->sess_key, psess_key, 16);
 	memcpy(pdc->mach_pw, pmach_pw, 16);
 
 	/* We know these are true so didn't bother to store them. */
-- 
cgit