From 277f9ff99a87e0ccbd7895f81f23a8f2de21c890 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 14 Sep 2024 15:59:29 +0200
Subject: [PATCH] s3:rpc_client: the transport_session_key is per connection!

It's not per auth_context_id, currently there's no difference
but that will change in future...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 1a311df3d61d3f3dbb986cc35470df6445802ff6)
---
 source3/librpc/rpc/dcerpc.h     |  3 ---
 source3/rpc_client/cli_pipe.c   | 17 +++++------------
 source3/rpc_client/rpc_client.h |  1 +
 3 files changed, 6 insertions(+), 15 deletions(-)

diff --git a/source3/librpc/rpc/dcerpc.h b/source3/librpc/rpc/dcerpc.h
index 4b76c5c6d55..76f2fa05ae0 100644
--- a/source3/librpc/rpc/dcerpc.h
+++ b/source3/librpc/rpc/dcerpc.h
@@ -44,9 +44,6 @@ struct pipe_auth_data {
 	bool verified_bitmask1;
 
 	struct gensec_security *auth_ctx;
-
-	/* Only the client code uses this for now */
-	DATA_BLOB transport_session_key;
 };
 
 /* The following definitions come from librpc/rpc/dcerpc_helpers.c  */
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 5be23b99054..1e02f53efe9 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -2168,24 +2168,17 @@ static NTSTATUS rpccli_bh_transport_session_key(struct dcerpc_binding_handle *h,
 {
 	struct rpccli_bh_state *hs = dcerpc_binding_handle_data(h,
 				     struct rpccli_bh_state);
-	struct pipe_auth_data *auth = NULL;
 	DATA_BLOB sk = { .length = 0, };
 
 	if (hs->rpc_cli == NULL) {
 		return NT_STATUS_NO_USER_SESSION_KEY;
 	}
 
-	if (hs->rpc_cli->auth == NULL) {
-		return NT_STATUS_NO_USER_SESSION_KEY;
-	}
-
-	auth = hs->rpc_cli->auth;
-
-	if (auth->transport_session_key.length == 0) {
+	if (hs->rpc_cli->transport_session_key.length == 0) {
 		return NT_STATUS_NO_USER_SESSION_KEY;
 	}
 
-	sk = auth->transport_session_key;
+	sk = hs->rpc_cli->transport_session_key;
 	sk.length = MIN(sk.length, 16);
 
 	*session_key = data_blob_dup_talloc(mem_ctx, sk);
@@ -3479,10 +3472,10 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
 			session = cli->smb1.session;
 		}
 
-		status = smbXcli_session_application_key(session, auth,
-						&auth->transport_session_key);
+		status = smbXcli_session_application_key(session, result,
+						&result->transport_session_key);
 		if (!NT_STATUS_IS_OK(status)) {
-			auth->transport_session_key = data_blob_null;
+			result->transport_session_key = data_blob_null;
 		}
 	}
 
diff --git a/source3/rpc_client/rpc_client.h b/source3/rpc_client/rpc_client.h
index 55eb4dec90b..9ba78351851 100644
--- a/source3/rpc_client/rpc_client.h
+++ b/source3/rpc_client/rpc_client.h
@@ -34,6 +34,7 @@ struct dcerpc_binding_handle;
 struct rpc_pipe_client {
 	struct rpc_pipe_client *prev, *next;
 
+	DATA_BLOB transport_session_key;
 	struct rpc_cli_transport *transport;
 	struct dcerpc_binding_handle *binding_handle;
 
-- 
2.47.2