From 15a96c42985c9bb4778a16160290220a935d99bd Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 12 Sep 2004 03:18:24 +0000
Subject: r2290: Fix 'lsakey' for the server-side, it is static for
 'authenticated' connections.

Fix kerberos session key issues - we need to call the
routine for extracting the session key, not just read the cache.

Andrew Bartlett
(This used to be commit b80d849b6b586869fc7d3d4153db1a316f2867a9)
---
 source4/libcli/auth/gensec_krb5.c       |  6 ++----
 source4/rpc_server/dcerpc_server.c      | 32 +++++++++++++++++++++++++++++++-
 source4/rpc_server/dcerpc_server.h      |  1 +
 source4/rpc_server/dcerpc_tcp.c         |  2 --
 source4/rpc_server/dcesrv_auth.c        |  5 +++++
 source4/rpc_server/samr/samr_password.c | 18 ++++++++----------
 6 files changed, 47 insertions(+), 17 deletions(-)

(limited to 'source4')

diff --git a/source4/libcli/auth/gensec_krb5.c b/source4/libcli/auth/gensec_krb5.c
index 4a97d51c40..5dbdf56b03 100644
--- a/source4/libcli/auth/gensec_krb5.c
+++ b/source4/libcli/auth/gensec_krb5.c
@@ -682,15 +682,13 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
 		session_info->nt_user_token = NULL;
 	}
 
-	session_info->session_key = data_blob_talloc(session_info->mem_ctx, 
-						     gensec_krb5_state->session_key.data,
-						     gensec_krb5_state->session_key.length);
+	nt_status = gensec_krb5_session_key(gensec_security, &session_info->session_key);
 
 	session_info->workstation = NULL;
 
 	*session_info_out = session_info;
 
-	return NT_STATUS_OK;
+	return nt_status;
 }
 
 
diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index ba8d2bd835..4c460d377a 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -239,6 +239,35 @@ NTSTATUS dcesrv_interface_register(struct dcesrv_context *dce_ctx,
 	return NT_STATUS_OK;
 }
 
+static NTSTATUS dcesrv_inherited_session_key(struct dcesrv_connection *p,
+					      DATA_BLOB *session_key)
+{
+	if (p->auth_state.session_info->session_key.length) {
+		*session_key = p->auth_state.session_info->session_key;
+		return NT_STATUS_OK;
+	}
+	return NT_STATUS_NO_USER_SESSION_KEY;
+}
+
+NTSTATUS dcesrv_generic_session_key(struct dcesrv_connection *p,
+				  DATA_BLOB *session_key)
+{
+	/* this took quite a few CPU cycles to find ... */
+	session_key->data = "SystemLibraryDTC";
+	session_key->length = 16;
+	return NT_STATUS_OK;
+}
+
+/*
+  fetch the user session key - may be default (above) or the SMB session key
+*/
+NTSTATUS dcesrv_fetch_session_key(struct dcesrv_connection *p,
+				  DATA_BLOB *session_key)
+{
+	return p->auth_state.session_key(p, session_key);
+}
+
+
 /*
   connect to a dcerpc endpoint
 */
@@ -271,6 +300,7 @@ NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx,
 	(*p)->auth_state.auth_info = NULL;
 	(*p)->auth_state.gensec_security = NULL;
 	(*p)->auth_state.session_info = NULL;
+	(*p)->auth_state.session_key = dcesrv_generic_session_key;
 	(*p)->srv_conn = NULL;
 
 	return NT_STATUS_OK;
@@ -300,7 +330,7 @@ NTSTATUS dcesrv_endpoint_search_connect(struct dcesrv_context *dce_ctx,
 
 	session_info->refcount++;
 	(*dce_conn_p)->auth_state.session_info = session_info;
-	(*dce_conn_p)->transport_session_key = session_info->session_key;
+	(*dce_conn_p)->auth_state.session_key = dcesrv_inherited_session_key;
 
 	/* TODO: check security descriptor of the endpoint here 
 	 *       if it's a smb named pipe
diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h
index 0a7ccdaed8..fd009f6219 100644
--- a/source4/rpc_server/dcerpc_server.h
+++ b/source4/rpc_server/dcerpc_server.h
@@ -99,6 +99,7 @@ struct dcesrv_auth {
 	struct dcerpc_auth *auth_info;
 	struct gensec_security *gensec_security;
 	struct auth_session_info *session_info;
+	NTSTATUS (*session_key)(struct dcesrv_connection *, DATA_BLOB *session_key);
 };
 
 
diff --git a/source4/rpc_server/dcerpc_tcp.c b/source4/rpc_server/dcerpc_tcp.c
index 3d51ecc51d..a3290e0170 100644
--- a/source4/rpc_server/dcerpc_tcp.c
+++ b/source4/rpc_server/dcerpc_tcp.c
@@ -133,8 +133,6 @@ void dcesrv_tcp_accept(struct server_connection *conn)
 
 	dcesrv_conn->srv_conn = conn;
 
-	dcesrv_conn->transport_session_key = data_blob_talloc(dcesrv_conn, "SystemLibraryDTC", 16);
-
 	conn->private_data = dcesrv_conn;
 
 	/* TODO: this should to the generic code
diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index ea029d4d7d..ace5da992d 100644
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -128,6 +128,9 @@ BOOL dcesrv_auth_bind_ack(struct dcesrv_call_state *call, struct dcerpc_packet *
 			DEBUG(1, ("Failed to establish session_info: %s\n", nt_errstr(status)));
 			return False;
 		}
+
+		/* Now that we are authenticated, got back to the generic session key... */
+		dce_conn->auth_state.session_key = dcesrv_generic_session_key;
 		return True;
 	} else if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 		dce_conn->auth_state.auth_info->auth_pad_length = 0;
@@ -176,6 +179,8 @@ BOOL dcesrv_auth_auth3(struct dcesrv_call_state *call)
 			DEBUG(1, ("Failed to establish session_info: %s\n", nt_errstr(status)));
 			return False;
 		}
+		/* Now that we are authenticated, got back to the generic session key... */
+		dce_conn->auth_state.session_key = dcesrv_generic_session_key;
 		return True;
 	} else {
 		DEBUG(4, ("dcesrv_auth_auth3: failed to authenticate: %s\n", 
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index 436a53b7d9..3347787425 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -679,15 +679,14 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
 			   struct ldb_message *msg, 
 			   struct samr_CryptPassword *pwbuf)
 {
+	NTSTATUS nt_status;
 	char new_pass[512];
 	uint32_t new_pass_len;
 	DATA_BLOB session_key = data_blob(NULL, 0);
 
-	session_key = dce_call->conn->transport_session_key;
-
-	if (session_key.length == 0) {
-		DEBUG(3,("Bad session key in samr_set_password\n"));
-		return NT_STATUS_NO_USER_SESSION_KEY;
+	nt_status = dcesrv_fetch_session_key(dce_call->conn, &session_key);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
 	}
 
 	arcfour_crypt_blob(pwbuf->data, 516, &session_key);
@@ -721,17 +720,16 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
 			      struct ldb_message *msg, 
 			      struct samr_CryptPasswordEx *pwbuf)
 {
+	NTSTATUS nt_status;
 	char new_pass[512];
 	uint32_t new_pass_len;
 	DATA_BLOB co_session_key;
 	DATA_BLOB session_key = data_blob(NULL, 0);
 	struct MD5Context ctx;
 
-	session_key = dce_call->conn->transport_session_key;
-
-	if (session_key.length == 0) {
-		DEBUG(3,("Bad session key in samr_set_password\n"));
-		return NT_STATUS_NO_USER_SESSION_KEY;
+	nt_status = dcesrv_fetch_session_key(dce_call->conn, &session_key);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
 	}
 
 	co_session_key = data_blob_talloc(mem_ctx, NULL, 16);
-- 
cgit