diff options
author | Jelmer Vernooij <jelmer@samba.org> | 2007-12-02 17:56:09 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2007-12-21 05:47:05 +0100 |
commit | 51db4c3f3d81d1ed03beae6426786c843ac59807 (patch) | |
tree | d85647baa9f9715657a900da164ea54dc07fd13f | |
parent | f4a1083cf9f64b4d2b65b68942e93861409ea90f (diff) | |
download | samba-51db4c3f3d81d1ed03beae6426786c843ac59807.tar.gz samba-51db4c3f3d81d1ed03beae6426786c843ac59807.tar.bz2 samba-51db4c3f3d81d1ed03beae6426786c843ac59807.zip |
r26228: Store loadparm context in auth context, move more loadparm_contexts up the call stack.
(This used to be commit ba75f1613a9aac69dd5df94dd8a2b37820acd166)
26 files changed, 88 insertions, 64 deletions
diff --git a/source4/auth/auth.c b/source4/auth/auth.c index e4af53d25e..b915a43e39 100644 --- a/source4/auth/auth.c +++ b/source4/auth/auth.c @@ -353,6 +353,7 @@ NTSTATUS auth_check_password_recv(struct auth_check_password_request *req, NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods, struct event_context *ev, struct messaging_context *msg, + struct loadparm_context *lp_ctx, struct auth_context **auth_ctx) { int i; @@ -381,6 +382,7 @@ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods, ctx->methods = NULL; ctx->event_ctx = ev; ctx->msg_ctx = msg; + ctx->lp_ctx = lp_ctx; for (i=0; methods[i] ; i++) { struct auth_method_context *method; @@ -429,7 +431,7 @@ NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx, auth_methods = lp_parm_string_list(lp_ctx, NULL, "auth methods", "domain controller", NULL); break; } - return auth_context_create_methods(mem_ctx, auth_methods, ev, msg, auth_ctx); + return auth_context_create_methods(mem_ctx, auth_methods, ev, msg, lp_ctx, auth_ctx); } diff --git a/source4/auth/auth.h b/source4/auth/auth.h index 95819fbaf3..ff7132c3ff 100644 --- a/source4/auth/auth.h +++ b/source4/auth/auth.h @@ -168,6 +168,9 @@ struct auth_context { /* the messaging context which can be used by backends */ struct messaging_context *msg_ctx; + + /* loadparm context */ + struct loadparm_context *lp_ctx; }; /* this structure is used by backends to determine the size of some critical types */ diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c index 42e5ae9e7e..812c80f4d0 100644 --- a/source4/auth/auth_sam.c +++ b/source4/auth/auth_sam.c @@ -151,7 +151,7 @@ static NTSTATUS authsam_password_ok(struct auth_context *auth_context, NTSTATUS status; if (acct_flags & ACB_PWNOTREQ) { - if (lp_null_passwords(global_loadparm)) { + if (lp_null_passwords(auth_context->lp_ctx)) { DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", user_info->mapped.account_name)); return NT_STATUS_OK; @@ -181,6 +181,7 @@ static NTSTATUS authsam_password_ok(struct auth_context *auth_context, *lm_sess_key = data_blob(NULL, 0); *user_sess_key = data_blob(NULL, 0); status = hash_password_check(mem_ctx, + auth_context->lp_ctx, user_info->password.hash.lanman, user_info->password.hash.nt, user_info->mapped.account_name, @@ -189,7 +190,9 @@ static NTSTATUS authsam_password_ok(struct auth_context *auth_context, break; case AUTH_PASSWORD_RESPONSE: - status = ntlm_password_check(mem_ctx, user_info->logon_parameters, + status = ntlm_password_check(mem_ctx, + auth_context->lp_ctx, + user_info->logon_parameters, &auth_context->challenge.data, &user_info->password.response.lanman, &user_info->password.response.nt, @@ -283,7 +286,7 @@ static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx return NT_STATUS_NO_MEMORY; } - sam_ctx = samdb_connect(tmp_ctx, global_loadparm, system_session(mem_ctx)); + sam_ctx = samdb_connect(tmp_ctx, ctx->auth_ctx->lp_ctx, system_session(mem_ctx)); if (sam_ctx == NULL) { talloc_free(tmp_ctx); return NT_STATUS_INVALID_SYSTEM_SERVICE; @@ -348,13 +351,13 @@ static NTSTATUS authsam_want_check(struct auth_method_context *ctx, return NT_STATUS_NOT_IMPLEMENTED; } - is_local_name = lp_is_myname(global_loadparm, + is_local_name = lp_is_myname(ctx->auth_ctx->lp_ctx, user_info->mapped.domain_name); - is_my_domain = lp_is_mydomain(global_loadparm, + is_my_domain = lp_is_mydomain(ctx->auth_ctx->lp_ctx, user_info->mapped.domain_name); /* check whether or not we service this domain/workgroup name */ - switch (lp_server_role(global_loadparm)) { + switch (lp_server_role(ctx->auth_ctx->lp_ctx)) { case ROLE_STANDALONE: return NT_STATUS_OK; @@ -390,14 +393,14 @@ static NTSTATUS authsam_check_password(struct auth_method_context *ctx, const char *domain; /* check whether or not we service this domain/workgroup name */ - switch (lp_server_role(global_loadparm)) { + switch (lp_server_role(ctx->auth_ctx->lp_ctx)) { case ROLE_STANDALONE: case ROLE_DOMAIN_MEMBER: - domain = lp_netbios_name(global_loadparm); + domain = lp_netbios_name(ctx->auth_ctx->lp_ctx); break; case ROLE_DOMAIN_CONTROLLER: - domain = lp_workgroup(global_loadparm); + domain = lp_workgroup(ctx->auth_ctx->lp_ctx); break; default: diff --git a/source4/auth/auth_server.c b/source4/auth/auth_server.c index 36637edd57..6502564dca 100644 --- a/source4/auth/auth_server.c +++ b/source4/auth/auth_server.c @@ -206,7 +206,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context * password file. */ - if (lp_is_myname(global_loadparm, user_info->domain.str)) { + if (lp_is_myname(auth_context->lp_ctx, user_info->domain.str)) { DEBUG(3,("check_smbserver_security: Requested domain was for this machine.\n")); return NT_STATUS_LOGON_FAILURE; } diff --git a/source4/auth/auth_simple.c b/source4/auth/auth_simple.c index 0b94669008..cde170482a 100644 --- a/source4/auth/auth_simple.c +++ b/source4/auth/auth_simple.c @@ -33,6 +33,7 @@ _PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx, struct event_context *ev, struct messaging_context *msg, + struct loadparm_context *lp_ctx, const char *nt4_domain, const char *nt4_username, const char *password, @@ -50,7 +51,7 @@ _PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx, nt_status = auth_context_create(tmp_ctx, ev, msg, - global_loadparm, + lp_ctx, &auth_context); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(tmp_ctx); diff --git a/source4/auth/auth_unix.c b/source4/auth/auth_unix.c index 4cbe3723a8..9efbe5dc12 100644 --- a/source4/auth/auth_unix.c +++ b/source4/auth/auth_unix.c @@ -804,7 +804,7 @@ static NTSTATUS authunix_check_password(struct auth_method_context *ctx, return NT_STATUS_NO_MEMORY; } - nt_status = check_unix_password(check_ctx, global_loadparm, user_info, &pwd); + nt_status = check_unix_password(check_ctx, ctx->auth_ctx->lp_ctx, user_info, &pwd); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(check_ctx); return nt_status; diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c index 91f0e5163c..9110fc1b97 100644 --- a/source4/auth/auth_util.c +++ b/source4/auth/auth_util.c @@ -138,8 +138,8 @@ NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_contex } chall_blob = data_blob_talloc(mem_ctx, challenge, 8); - if (lp_client_ntlmv2_auth(global_loadparm)) { - DATA_BLOB names_blob = NTLMv2_generate_names_blob(mem_ctx, lp_netbios_name(global_loadparm), lp_workgroup(global_loadparm)); + if (lp_client_ntlmv2_auth(auth_context->lp_ctx)) { + DATA_BLOB names_blob = NTLMv2_generate_names_blob(mem_ctx, lp_netbios_name(auth_context->lp_ctx), lp_workgroup(auth_context->lp_ctx)); DATA_BLOB lmv2_response, ntlmv2_response, lmv2_session_key, ntlmv2_session_key; if (!SMBNTLMv2encrypt_hash(user_info_temp, @@ -163,7 +163,7 @@ NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_contex SMBOWFencrypt(user_info_in->password.hash.nt->hash, challenge, blob.data); user_info_temp->password.response.nt = blob; - if (lp_client_lanman_auth(global_loadparm) && user_info_in->password.hash.lanman) { + if (lp_client_lanman_auth(auth_context->lp_ctx) && user_info_in->password.hash.lanman) { DATA_BLOB lm_blob = data_blob_talloc(mem_ctx, NULL, 24); SMBOWFencrypt(user_info_in->password.hash.lanman->hash, challenge, blob.data); user_info_temp->password.response.lanman = lm_blob; diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 1bb71d8fc9..77f5dfb599 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -32,7 +32,7 @@ /** connect to the schannel ldb */ -struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx) +struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) { char *path; struct ldb_context *ldb; @@ -42,14 +42,14 @@ struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx) "computerName: CASE_INSENSITIVE\n" \ "flatname: CASE_INSENSITIVE\n"; - path = smbd_tmp_path(mem_ctx, global_loadparm, "schannel.ldb"); + path = smbd_tmp_path(mem_ctx, lp_ctx, "schannel.ldb"); if (!path) { return NULL; } existed = file_exist(path); - ldb = ldb_wrap_connect(mem_ctx, global_loadparm, path, + ldb = ldb_wrap_connect(mem_ctx, lp_ctx, path, system_session(mem_ctx), NULL, LDB_FLG_NOSYNC, NULL); talloc_free(path); @@ -143,7 +143,7 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx, NTSTATUS nt_status; int ret; - ldb = schannel_db_connect(mem_ctx); + ldb = schannel_db_connect(mem_ctx, global_loadparm); if (!ldb) { return NT_STATUS_ACCESS_DENIED; } @@ -274,7 +274,7 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx, NTSTATUS nt_status; struct ldb_context *ldb; - ldb = schannel_db_connect(mem_ctx); + ldb = schannel_db_connect(mem_ctx, global_loadparm); if (!ldb) { return NT_STATUS_ACCESS_DENIED; } diff --git a/source4/auth/ntlm_check.c b/source4/auth/ntlm_check.c index 5214c46e0e..f1ea6829e0 100644 --- a/source4/auth/ntlm_check.c +++ b/source4/auth/ntlm_check.c @@ -219,6 +219,7 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx, */ NTSTATUS hash_password_check(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, const struct samr_Password *client_lanman, const struct samr_Password *client_nt, const char *username, @@ -240,7 +241,7 @@ NTSTATUS hash_password_check(TALLOC_CTX *mem_ctx, } } else if (client_lanman && stored_lanman) { - if (!lp_lanman_auth(global_loadparm)) { + if (!lp_lanman_auth(lp_ctx)) { DEBUG(3,("ntlm_password_check: Interactive logon: only LANMAN password supplied for user %s, and LM passwords are disabled!\n", username)); return NT_STATUS_WRONG_PASSWORD; @@ -281,6 +282,7 @@ NTSTATUS hash_password_check(TALLOC_CTX *mem_ctx, */ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, uint32_t logon_parameters, const DATA_BLOB *challenge, const DATA_BLOB *lm_response, @@ -330,6 +332,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, lm_ok = false; } return hash_password_check(mem_ctx, + lp_ctx, lm_ok ? &client_lm : NULL, nt_response->length ? &client_nt : NULL, username, @@ -392,7 +395,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, DEBUG(3,("ntlm_password_check: NTLMv2 password check failed\n")); } } else if (nt_response->length == 24 && stored_nt) { - if (lp_ntlm_auth(global_loadparm)) { + if (lp_ntlm_auth(lp_ctx)) { /* We have the NT MD4 hash challenge available - see if we can use it (ie. does it exist in the smbpasswd file). */ @@ -404,7 +407,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, /* The LM session key for this response is not very secure, so use it only if we otherwise allow LM authentication */ - if (lp_lanman_auth(global_loadparm) && stored_lanman) { + if (lp_lanman_auth(lp_ctx) && stored_lanman) { *lm_sess_key = data_blob_talloc(mem_ctx, stored_lanman->hash, 8); } return NT_STATUS_OK; @@ -432,7 +435,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, return NT_STATUS_WRONG_PASSWORD; } - if (!lp_lanman_auth(global_loadparm)) { + if (!lp_lanman_auth(lp_ctx)) { DEBUG(3,("ntlm_password_check: Lanman passwords NOT PERMITTED for user %s\n", username)); } else if (!stored_lanman) { @@ -451,7 +454,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, It not very secure, so use it only if we otherwise allow LM authentication */ - if (lp_lanman_auth(global_loadparm) && stored_lanman) { + if (lp_lanman_auth(lp_ctx) && stored_lanman) { uint8_t first_8_lm_hash[16]; memcpy(first_8_lm_hash, stored_lanman->hash, 8); memset(first_8_lm_hash + 8, '\0', 8); @@ -567,7 +570,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, - I think this is related to Win9X pass-though authentication */ DEBUG(4,("ntlm_password_check: Checking NT MD4 password in LM field\n")); - if (lp_ntlm_auth(global_loadparm)) { + if (lp_ntlm_auth(lp_ctx)) { if (smb_pwd_check_ntlmv1(mem_ctx, lm_response, stored_nt->hash, challenge, @@ -576,7 +579,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, It not very secure, so use it only if we otherwise allow LM authentication */ - if (lp_lanman_auth(global_loadparm) && stored_lanman) { + if (lp_lanman_auth(lp_ctx) && stored_lanman) { uint8_t first_8_lm_hash[16]; memcpy(first_8_lm_hash, stored_lanman->hash, 8); memset(first_8_lm_hash + 8, '\0', 8); diff --git a/source4/dsdb/common/sidmap.c b/source4/dsdb/common/sidmap.c index 8383d2b36b..97e5fb2b19 100644 --- a/source4/dsdb/common/sidmap.c +++ b/source4/dsdb/common/sidmap.c @@ -48,14 +48,14 @@ struct sidmap_context { /* open a sidmap context - use talloc_free to close */ -_PUBLIC_ struct sidmap_context *sidmap_open(TALLOC_CTX *mem_ctx) +_PUBLIC_ struct sidmap_context *sidmap_open(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) { struct sidmap_context *sidmap; sidmap = talloc(mem_ctx, struct sidmap_context); if (sidmap == NULL) { return NULL; } - sidmap->samctx = samdb_connect(sidmap, global_loadparm, system_session(sidmap)); + sidmap->samctx = samdb_connect(sidmap, lp_ctx, system_session(sidmap)); if (sidmap->samctx == NULL) { talloc_free(sidmap); return NULL; diff --git a/source4/dsdb/repl/drepl_service.c b/source4/dsdb/repl/drepl_service.c index 5c74dbfb72..72033f4177 100644 --- a/source4/dsdb/repl/drepl_service.c +++ b/source4/dsdb/repl/drepl_service.c @@ -45,12 +45,12 @@ static WERROR dreplsrv_init_creds(struct dreplsrv_service *service) return WERR_OK; } -static WERROR dreplsrv_connect_samdb(struct dreplsrv_service *service) +static WERROR dreplsrv_connect_samdb(struct dreplsrv_service *service, struct loadparm_context *lp_ctx) { const struct GUID *ntds_guid; struct drsuapi_DsBindInfo28 *bind_info28; - service->samdb = samdb_connect(service, global_loadparm, service->system_session_info); + service->samdb = samdb_connect(service, lp_ctx, service->system_session_info); if (!service->samdb) { return WERR_DS_SERVICE_UNAVAILABLE; } @@ -118,7 +118,7 @@ static void dreplsrv_task_init(struct task_server *task) struct dreplsrv_service *service; uint32_t periodic_startup_interval; - switch (lp_server_role(global_loadparm)) { + switch (lp_server_role(task->lp_ctx)) { case ROLE_STANDALONE: task_server_terminate(task, "dreplsrv: no DSDB replication required in standalone configuration"); return; @@ -149,7 +149,7 @@ static void dreplsrv_task_init(struct task_server *task) return; } - status = dreplsrv_connect_samdb(service); + status = dreplsrv_connect_samdb(service, task->lp_ctx); if (!W_ERROR_IS_OK(status)) { task_server_terminate(task, talloc_asprintf(task, "dreplsrv: Failed to connect to local samdb: %s\n", @@ -165,8 +165,8 @@ static void dreplsrv_task_init(struct task_server *task) return; } - periodic_startup_interval = lp_parm_int(global_loadparm, NULL, "dreplsrv", "periodic_startup_interval", 15); /* in seconds */ - service->periodic.interval = lp_parm_int(global_loadparm, NULL, "dreplsrv", "periodic_interval", 300); /* in seconds */ + periodic_startup_interval = lp_parm_int(task->lp_ctx, NULL, "dreplsrv", "periodic_startup_interval", 15); /* in seconds */ + service->periodic.interval = lp_parm_int(task->lp_ctx, NULL, "dreplsrv", "periodic_interval", 300); /* in seconds */ status = dreplsrv_periodic_schedule(service, periodic_startup_interval); if (!W_ERROR_IS_OK(status)) { diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c index fe4680b1f2..50521e9a52 100644 --- a/source4/ldap_server/ldap_bind.c +++ b/source4/ldap_server/ldap_bind.c @@ -27,6 +27,7 @@ #include "dsdb/samdb/samdb.h" #include "auth/gensec/gensec.h" #include "auth/gensec/socket.h" +#include "param/param.h" static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call) { @@ -46,7 +47,7 @@ static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call) status = crack_auto_name_to_nt4_name(call, req->dn, &nt4_domain, &nt4_account); if (NT_STATUS_IS_OK(status)) { - status = authenticate_username_pw(call, + status = authenticate_username_pw(global_loadparm, call, call->conn->connection->event.ctx, call->conn->connection->msg_ctx, nt4_domain, nt4_account, diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 1ee37dceff..30afe7c590 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -389,8 +389,7 @@ static void ldapsrv_accept(struct stream_connection *c) /* Ensure we don't get packets until the database is ready below */ packet_recv_disable(conn->packet); - server_credentials - = cli_credentials_init(conn); + server_credentials = cli_credentials_init(conn); if (!server_credentials) { stream_terminate_connection(c, "Failed to init server credentials\n"); return; @@ -515,7 +514,7 @@ static void ldapsrv_task_init(struct task_server *task) NTSTATUS status; const struct model_ops *model_ops; - switch (lp_server_role(global_loadparm)) { + switch (lp_server_role(task->lp_ctx)) { case ROLE_STANDALONE: task_server_terminate(task, "ldap_server: no LDAP server required in standalone configuration"); return; diff --git a/source4/lib/dbwrap/dbwrap.c b/source4/lib/dbwrap/dbwrap.c index 9e893b1243..791d0adee6 100644 --- a/source4/lib/dbwrap/dbwrap.c +++ b/source4/lib/dbwrap/dbwrap.c @@ -25,15 +25,15 @@ #include "lib/dbwrap/dbwrap.h" #include "param/param.h" -/* +/** open a temporary database */ -struct db_context *db_tmp_open(TALLOC_CTX *mem_ctx, const char *name, int tdb_flags) +struct db_context *db_tmp_open(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, const char *name, int tdb_flags) { - if (lp_parm_bool(global_loadparm, NULL, "ctdb", "enable", false) && - lp_parm_bool(global_loadparm, NULL, "ctdb", name, true)) { + if (lp_parm_bool(lp_ctx, NULL, "ctdb", "enable", false) && + lp_parm_bool(lp_ctx, NULL, "ctdb", name, true)) { return db_tmp_open_ctdb(mem_ctx, name, tdb_flags); } - return db_tmp_open_tdb(mem_ctx, name, tdb_flags); + return db_tmp_open_tdb(mem_ctx, lp_ctx, name, tdb_flags); } diff --git a/source4/lib/dbwrap/dbwrap.h b/source4/lib/dbwrap/dbwrap.h index b4267d802d..fc1f123e23 100644 --- a/source4/lib/dbwrap/dbwrap.h +++ b/source4/lib/dbwrap/dbwrap.h @@ -45,9 +45,10 @@ struct db_context { void *private_data; }; -struct db_context *db_tmp_open(TALLOC_CTX *mem_ctx, const char *name, int tdb_flags); +struct loadparm_context; +struct db_context *db_tmp_open(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, const char *name, int tdb_flags); /* backends */ -struct db_context *db_tmp_open_tdb(TALLOC_CTX *mem_ctx, const char *name, int tdb_flags); +struct db_context *db_tmp_open_tdb(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, const char *name, int tdb_flags); struct db_context *db_tmp_open_ctdb(TALLOC_CTX *mem_ctx, const char *name, int tdb_flags); diff --git a/source4/lib/dbwrap/dbwrap_tdb.c b/source4/lib/dbwrap/dbwrap_tdb.c index 621b19532d..fae73a1db8 100644 --- a/source4/lib/dbwrap/dbwrap_tdb.c +++ b/source4/lib/dbwrap/dbwrap_tdb.c @@ -225,7 +225,8 @@ static int db_tdb_get_seqnum(struct db_context *db) /* open a temporary database */ -struct db_context *db_tmp_open_tdb(TALLOC_CTX *mem_ctx, const char *name, int tdb_flags) +struct db_context *db_tmp_open_tdb(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, + const char *name, int tdb_flags) { struct db_context *result; struct db_tdb_ctx *db_tdb; @@ -241,7 +242,7 @@ struct db_context *db_tmp_open_tdb(TALLOC_CTX *mem_ctx, const char *name, int td /* the name passed in should not be a full path, it should be just be the db name */ - path = smbd_tmp_path(result, global_loadparm, name); + path = smbd_tmp_path(result, lp_ctx, name); db_tdb->wtdb = tdb_wrap_open(db_tdb, path, 0, tdb_flags, O_CREAT|O_RDWR, 0666); diff --git a/source4/lib/gencache/gencache.c b/source4/lib/gencache/gencache.c index ea80a93624..aaaa40eea8 100644 --- a/source4/lib/gencache/gencache.c +++ b/source4/lib/gencache/gencache.c @@ -47,7 +47,7 @@ static struct tdb_wrap *cache; * false on failure **/ -bool gencache_init(void) +bool gencache_init(struct loadparm_context *lp_ctx) { char* cache_fname = NULL; TALLOC_CTX *mem_ctx = talloc_autofree_context(); @@ -55,7 +55,7 @@ bool gencache_init(void) /* skip file open if it's already opened */ if (cache) return true; - cache_fname = lock_path(mem_ctx, global_loadparm, "gencache.tdb"); + cache_fname = lock_path(mem_ctx, lp_ctx, "gencache.tdb"); if (cache_fname != NULL) { DEBUG(5, ("Opening cache file at %s\n", cache_fname)); } else { diff --git a/source4/lib/ldb/tools/cmdline.c b/source4/lib/ldb/tools/cmdline.c index 5e3013600a..1f8c7ce684 100644 --- a/source4/lib/ldb/tools/cmdline.c +++ b/source4/lib/ldb/tools/cmdline.c @@ -217,6 +217,10 @@ struct ldb_cmdline *ldb_cmdline_process(struct ldb_context *ldb, int argc, const if (ldb_set_opaque(ldb, "credentials", cmdline_credentials)) { goto failed; } + if (ldb_set_opaque(ldb, "loadparm", global_loadparm)) { + goto failed; + } + ldb_set_utf8_fns(ldb, NULL, wrap_casefold); #endif diff --git a/source4/ntvfs/common/brlock_tdb.c b/source4/ntvfs/common/brlock_tdb.c index 2b81521a2c..25642d5f5c 100644 --- a/source4/ntvfs/common/brlock_tdb.c +++ b/source4/ntvfs/common/brlock_tdb.c @@ -34,6 +34,7 @@ #include "cluster/cluster.h" #include "ntvfs/common/brlock.h" #include "ntvfs/ntvfs.h" +#include "param/param.h" /* in this module a "DATA_BLOB *file_key" is a blob that uniquely identifies @@ -94,7 +95,7 @@ static struct brl_context *brl_tdb_init(TALLOC_CTX *mem_ctx, struct server_id se return NULL; } - brl->db = db_tmp_open(brl, "brlock.tdb", TDB_DEFAULT); + brl->db = db_tmp_open(brl, global_loadparm, "brlock.tdb", TDB_DEFAULT); if (brl->db == NULL) { talloc_free(brl); return NULL; diff --git a/source4/ntvfs/posix/vfs_posix.c b/source4/ntvfs/posix/vfs_posix.c index 24aa023de5..07948a64e2 100644 --- a/source4/ntvfs/posix/vfs_posix.c +++ b/source4/ntvfs/posix/vfs_posix.c @@ -31,7 +31,7 @@ #include "util/util_ldb.h" #include "libcli/security/security.h" #include "lib/events/events.h" - +#include "param/param.h" /* setup config options for a posix share @@ -216,7 +216,7 @@ static NTSTATUS pvfs_connect(struct ntvfs_module_context *ntvfs, event_context_find(pvfs), pvfs->ntvfs->ctx->config); - pvfs->sidmap = sidmap_open(pvfs); + pvfs->sidmap = sidmap_open(pvfs, global_loadparm); if (pvfs->sidmap == NULL) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 0ad8a8501b..d7b64b01f2 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -26,6 +26,7 @@ #include "auth/auth.h" #include "ntvfs/ntvfs.h" #include "dsdb/samdb/samdb.h" +#include "param/param.h" struct unixuid_private { struct sidmap_context *sidmap; @@ -215,7 +216,7 @@ static NTSTATUS unixuid_connect(struct ntvfs_module_context *ntvfs, return NT_STATUS_NO_MEMORY; } - private->sidmap = sidmap_open(private); + private->sidmap = sidmap_open(private, global_loadparm); if (private->sidmap == NULL) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } diff --git a/source4/rpc_server/lsa/lsa_init.c b/source4/rpc_server/lsa/lsa_init.c index 83607cc446..c86fdf333d 100644 --- a/source4/rpc_server/lsa/lsa_init.c +++ b/source4/rpc_server/lsa/lsa_init.c @@ -57,7 +57,7 @@ NTSTATUS dcesrv_lsa_get_policy_state(struct dcesrv_call_state *dce_call, TALLOC_ partitions_basedn = samdb_partitions_dn(state->sam_ldb, mem_ctx); - state->sidmap = sidmap_open(state); + state->sidmap = sidmap_open(state, global_loadparm); if (state->sidmap == NULL) { return NT_STATUS_INVALID_SYSTEM_SERVICE; } diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index d5e385f70d..448f2b93f9 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -244,7 +244,7 @@ static NTSTATUS dcesrv_netr_creds_server_step_check(const char *computer_name, struct ldb_context *ldb; int ret; - ldb = schannel_db_connect(mem_ctx); + ldb = schannel_db_connect(mem_ctx, global_loadparm); if (!ldb) { return NT_STATUS_ACCESS_DENIED; } diff --git a/source4/rpc_server/unixinfo/dcesrv_unixinfo.c b/source4/rpc_server/unixinfo/dcesrv_unixinfo.c index 1f9e584ecf..290cfda640 100644 --- a/source4/rpc_server/unixinfo/dcesrv_unixinfo.c +++ b/source4/rpc_server/unixinfo/dcesrv_unixinfo.c @@ -26,6 +26,7 @@ #include "lib/events/events.h" #include "dsdb/samdb/samdb.h" #include "system/passwd.h" +#include "param/param.h" static NTSTATUS dcesrv_unixinfo_SidToUid(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, @@ -35,7 +36,7 @@ static NTSTATUS dcesrv_unixinfo_SidToUid(struct dcesrv_call_state *dce_call, struct sidmap_context *sidmap; uid_t uid; - sidmap = sidmap_open(mem_ctx); + sidmap = sidmap_open(mem_ctx, global_loadparm); if (sidmap == NULL) { DEBUG(10, ("sidmap_open failed\n")); return NT_STATUS_NO_MEMORY; @@ -55,7 +56,7 @@ static NTSTATUS dcesrv_unixinfo_UidToSid(struct dcesrv_call_state *dce_call, struct sidmap_context *sidmap; uid_t uid; - sidmap = sidmap_open(mem_ctx); + sidmap = sidmap_open(mem_ctx, global_loadparm); if (sidmap == NULL) { DEBUG(10, ("sidmap_open failed\n")); return NT_STATUS_NO_MEMORY; @@ -79,7 +80,7 @@ static NTSTATUS dcesrv_unixinfo_SidToGid(struct dcesrv_call_state *dce_call, struct sidmap_context *sidmap; gid_t gid; - sidmap = sidmap_open(mem_ctx); + sidmap = sidmap_open(mem_ctx, global_loadparm); if (sidmap == NULL) { DEBUG(10, ("sidmap_open failed\n")); return NT_STATUS_NO_MEMORY; @@ -99,7 +100,7 @@ static NTSTATUS dcesrv_unixinfo_GidToSid(struct dcesrv_call_state *dce_call, struct sidmap_context *sidmap; gid_t gid; - sidmap = sidmap_open(mem_ctx); + sidmap = sidmap_open(mem_ctx, global_loadparm); if (sidmap == NULL) { DEBUG(10, ("sidmap_open failed\n")); return NT_STATUS_NO_MEMORY; diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 6ddb049788..39e84d7f2c 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -60,7 +60,7 @@ static int ejs_doauth(MprVarHandle eid, } if (auth_types) { - nt_status = auth_context_create_methods(tmp_ctx, auth_types, ev, msg, &auth_context); + nt_status = auth_context_create_methods(tmp_ctx, auth_types, ev, msg, global_loadparm, &auth_context); } else { nt_status = auth_context_create(tmp_ctx, ev, msg, global_loadparm, &auth_context); } diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c index 80ecfff572..bb9b5d89fa 100644 --- a/source4/utils/ntlm_auth.c +++ b/source4/utils/ntlm_auth.c @@ -176,7 +176,8 @@ static bool check_plaintext_auth(const char *user, const char *pass, /* authenticate a user with an encrypted username/password */ -static NTSTATUS local_pw_check_specified(const char *username, +static NTSTATUS local_pw_check_specified(struct loadparm_context *lp_ctx, + const char *username, const char *domain, const char *workstation, const DATA_BLOB *challenge, @@ -206,6 +207,7 @@ static NTSTATUS local_pw_check_specified(const char *username, nt_status = ntlm_password_check(mem_ctx, + lp_ctx, MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT, challenge, @@ -755,7 +757,8 @@ static void manage_ntlm_server_1_request(enum stdio_helper_mode stdio_helper_mod flags |= NTLM_AUTH_FLAG_USER_SESSION_KEY; if (!NT_STATUS_IS_OK( - local_pw_check_specified(username, + local_pw_check_specified(global_loadparm, + username, domain, lp_netbios_name(global_loadparm), &challenge, |