r13538: Make sure we store all 16 bytes of credentials session

key and delete records that are old. We will need this
for the full 16 byte session key support.
Jeremy.

diff --git a/source/passdb/secrets.c b/source/passdb/secrets.c
index 6e46ea57febe49c45cb97dd97a08c787afe4b8ba..f6b1ece7d4c7e33e08c7dbbf6bf013c2fad5a710 100644 (file)
--- a/source/passdb/secrets.c
+++ b/source/passdb/secrets.c
@@ -949,7 +949,7 @@ BOOL secrets_store_schannel_session_info(TALLOC_CTX *mem_ctx, const struct dcinf
                                8, pdc->seed_chal.data,
                                8, pdc->clnt_chal.data,
                                8, pdc->srv_chal.data,
-                               8, pdc->sess_key,
+                               16, pdc->sess_key,
                                16, pdc->mach_pw,
                                pdc->mach_acct,
                                pdc->remote_machine,
@@ -966,7 +966,7 @@ BOOL secrets_store_schannel_session_info(TALLOC_CTX *mem_ctx, const struct dcinf
                                8, pdc->seed_chal.data,
                                8, pdc->clnt_chal.data,
                                8, pdc->srv_chal.data,
-                               8, pdc->sess_key,
+                               16, pdc->sess_key,
                                16, pdc->mach_pw,
                                pdc->mach_acct,
                                pdc->remote_machine,
@@ -1050,7 +1050,7 @@ BOOL secrets_restore_schannel_session_info(TALLOC_CTX *mem_ctx,
                                &pdc->remote_machine,
                                &pdc->domain);
 
-       if (ret == -1 || l1 != 8 || l2 != 8 || l3 != 8 || l4 != 8 || l5 != 16) {
+       if (ret == -1 || l1 != 8 || l2 != 8 || l3 != 8 || l4 != 16 || l5 != 16) {
                talloc_free(keystr);
                talloc_free(pdc);
                SAFE_FREE(pseed_chal);
@@ -1059,14 +1059,15 @@ BOOL secrets_restore_schannel_session_info(TALLOC_CTX *mem_ctx,
                SAFE_FREE(psess_key);
                SAFE_FREE(pmach_pw);
                SAFE_FREE(value.dptr);
+               /* Bad record - delete it. */
+               tdb_delete_bystring(tdb_sc, keystr);
                return False;
        }
 
        memcpy(pdc->seed_chal.data, pseed_chal, 8);
        memcpy(pdc->clnt_chal.data, pclnt_chal, 8);
        memcpy(pdc->srv_chal.data, psrv_chal, 8);
-       memcpy(pdc->sess_key, psess_key, 8);
-       memset(&pdc->sess_key[8], '\0', 8); /* key followed by 8 bytes of zero. */
+       memcpy(pdc->sess_key, psess_key, 16);
        memcpy(pdc->mach_pw, pmach_pw, 16);
 
        /* We know these are true so didn't bother to store them. */