diff --git a/source/rpc_server/dcerpc_server.c b/source/rpc_server/dcerpc_server.c index 891462214c2..ba8d2bd835a 100644 --- a/source/rpc_server/dcerpc_server.c +++ b/source/rpc_server/dcerpc_server.c @@ -300,6 +300,7 @@ NTSTATUS dcesrv_endpoint_search_connect(struct dcesrv_context *dce_ctx, session_info->refcount++; (*dce_conn_p)->auth_state.session_info = session_info; + (*dce_conn_p)->transport_session_key = session_info->session_key; /* TODO: check security descriptor of the endpoint here * if it's a smb named pipe @@ -763,15 +764,16 @@ NTSTATUS dcesrv_input_process(struct dcesrv_connection *dce_conn) return status; } - dce_partial_advance(dce_conn, blob.length); - /* we have to check the signing here, before combining the pdus */ if (call->pkt.ptype == DCERPC_PKT_REQUEST && - !dcesrv_auth_request(call)) { + !dcesrv_auth_request(call, &blob)) { + dce_partial_advance(dce_conn, blob.length); return dcesrv_fault(call, DCERPC_FAULT_LOGON_FAILURE); } + dce_partial_advance(dce_conn, blob.length); + /* see if this is a continued packet */ if (!(call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST)) { struct dcesrv_call_state *call2 = call; diff --git a/source/rpc_server/dcerpc_server.h b/source/rpc_server/dcerpc_server.h index 15da3e38bbe..0a7ccdaed87 100644 --- a/source/rpc_server/dcerpc_server.h +++ b/source/rpc_server/dcerpc_server.h @@ -134,6 +134,9 @@ struct dcesrv_connection { struct dcesrv_auth auth_state; struct server_connection *srv_conn; + + /* the transport level session key */ + DATA_BLOB transport_session_key; }; diff --git a/source/rpc_server/dcerpc_tcp.c b/source/rpc_server/dcerpc_tcp.c index c6a85377e02..3d51ecc51d0 100644 --- a/source/rpc_server/dcerpc_tcp.c +++ b/source/rpc_server/dcerpc_tcp.c @@ -124,8 +124,6 @@ void dcesrv_tcp_accept(struct server_connection *conn) DEBUG(5,("dcesrv_tcp_accept\n")); - - status = dcesrv_endpoint_connect(dcesrv_sock->dcesrv_ctx, dcesrv_sock->endpoint, &dcesrv_conn); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("dcesrv_tcp_accept: dcesrv_endpoint_connect failed: %s\n", @@ -135,6 +133,8 @@ void dcesrv_tcp_accept(struct server_connection *conn) dcesrv_conn->srv_conn = conn; + dcesrv_conn->transport_session_key = data_blob_talloc(dcesrv_conn, "SystemLibraryDTC", 16); + conn->private_data = dcesrv_conn; /* TODO: this should to the generic code diff --git a/source/rpc_server/samr/samr_password.c b/source/rpc_server/samr/samr_password.c index 852f564aef7..436a53b7d96 100644 --- a/source/rpc_server/samr/samr_password.c +++ b/source/rpc_server/samr/samr_password.c @@ -683,11 +683,7 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call, uint32_t new_pass_len; DATA_BLOB session_key = data_blob(NULL, 0); - session_key = data_blob(NULL,0); - - if (dce_call->conn->auth_state.session_info) { - session_key = dce_call->conn->auth_state.session_info->session_key; - } + session_key = dce_call->conn->transport_session_key; if (session_key.length == 0) { DEBUG(3,("Bad session key in samr_set_password\n")); @@ -731,11 +727,7 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call, DATA_BLOB session_key = data_blob(NULL, 0); struct MD5Context ctx; - session_key = data_blob(NULL,0); - - if (dce_call->conn->auth_state.session_info) { - session_key = dce_call->conn->auth_state.session_info->session_key; - } + session_key = dce_call->conn->transport_session_key; if (session_key.length == 0) { DEBUG(3,("Bad session key in samr_set_password\n"));