s3:libsmb/samlogon_cache: zero session keys before storing the info3 structure

The samlogon_cache is only used to get group memberships of the account
without asking the dc.

But for authentication we always ask the dc.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/source3/libsmb/samlogon_cache.c b/source3/libsmb/samlogon_cache.c
index 70645f2dc402b749ed3edf39f9363e152e9fbbb1..ae77610ec99abf733a185c5c267c041c49100f5c 100644 (file)
--- a/source3/libsmb/samlogon_cache.c
+++ b/source3/libsmb/samlogon_cache.c
@@ -193,6 +193,10 @@ bool netsamlogon_cache_store(const char *username, struct netr_SamInfo3 *info3)
        r.timestamp = time(NULL);
        r.info3 = *info3;
 
+       /* avoid storing secret information */
+       ZERO_STRUCT(r.info3.base.key);
+       ZERO_STRUCT(r.info3.base.LMSessKey);
+
        if (DEBUGLEVEL >= 10) {
                NDR_PRINT_DEBUG(netsamlogoncache_entry, &r);
        }