s3:rpc_server/netlogon: make usage of session_extract_session_key()

[kai/samba.git] / source3 / rpc_server / netlogon / srv_netlog_nt.c

diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index f6f6d874a46da4c8d25c6938f3f06cfe33ad4d61..d992a65561b1ae83c74dc598657a3cec6e1662cb 100644 (file)
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -909,6 +909,10 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p,
                srv_flgs |= NETLOGON_NEG_STRONG_KEYS;
        }
 
+       if (in_neg_flags & NETLOGON_NEG_SUPPORTS_AES) {
+               srv_flgs |= NETLOGON_NEG_SUPPORTS_AES;
+       }
+
        if (lp_server_schannel() != false) {
                srv_flgs |= NETLOGON_NEG_SCHANNEL;
        }
@@ -1138,9 +1142,17 @@ static NTSTATUS netr_set_machine_account_password(TALLOC_CTX *mem_ctx,
        struct samr_UserInfo18 info18;
        DATA_BLOB in,out;
        int rc;
+       DATA_BLOB session_key;
 
        ZERO_STRUCT(user_handle);
 
+       status = session_extract_session_key(session_info,
+                                            &session_key,
+                                            KEY_USE_16BYTES);
+       if (!NT_STATUS_IS_OK(status)) {
+               goto out;
+       }
+
        rc = tsocket_address_inet_from_strings(mem_ctx,
                                               "ip",
                                               "127.0.0.1",
@@ -1206,7 +1218,7 @@ static NTSTATUS netr_set_machine_account_password(TALLOC_CTX *mem_ctx,
 
        in = data_blob_const(nt_hash->hash, 16);
        out = data_blob_talloc_zero(mem_ctx, 16);
-       sess_crypt_blob(&out, &in, &session_info->session_key, true);
+       sess_crypt_blob(&out, &in, &session_key, true);
        memcpy(info18.nt_pwd.hash, out.data, out.length);
 
        info18.nt_pwd_active = true;