summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-10-12 22:55:34 +1100
committerAndrew Bartlett <abartlet@samba.org>2011-10-13 14:06:07 +0200
commit5603dab6478fbb40206a8664a308b5db5b1863e8 (patch)
tree865595e3efb120830d8d7c52e5da786bbf554d99 /source3
parent43d84aa619be5851acea82bef77164f0dc3e9f7e (diff)
downloadsamba-5603dab6478fbb40206a8664a308b5db5b1863e8.tar.gz
samba-5603dab6478fbb40206a8664a308b5db5b1863e8.tar.bz2
samba-5603dab6478fbb40206a8664a308b5db5b1863e8.zip
libcli/auth: Provide a struct loadparm_context to schannel calls
This will allow us to pass this down to the tdb_wrap layer. Andrew Bartlett
Diffstat (limited to 'source3')
-rw-r--r--source3/rpc_server/netlogon/srv_netlog_nt.c55
-rw-r--r--source3/rpc_server/srv_pipe.c13
-rw-r--r--source3/smbd/server.c5
3 files changed, 64 insertions, 9 deletions
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index 5e945187fa..dc0c33d395 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -44,6 +44,7 @@
#include "auth.h"
#include "messages.h"
#include "../lib/tsocket/tsocket.h"
+#include "lib/param/param.h"
extern userdom_struct current_user_info;
@@ -882,6 +883,7 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p,
* so use a copy to avoid destroying the client values. */
uint32_t in_neg_flags = *r->in.negotiate_flags;
const char *fn;
+ struct loadparm_context *lp_ctx;
struct dom_sid sid;
struct samr_Password mach_pwd;
struct netlogon_creds_CredentialState *creds;
@@ -993,11 +995,20 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p,
goto out;
}
+ lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_context());
+ if (lp_ctx == NULL) {
+ DEBUG(10, ("loadparm_init_s3 failed\n"));
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto out;
+ }
+
/* Store off the state so we can continue after client disconnect. */
become_root();
- status = schannel_save_creds_state(p->mem_ctx, lp_private_dir(), creds);
+ status = schannel_save_creds_state(p->mem_ctx, lp_ctx, creds);
unbecome_root();
+ talloc_unlink(p->mem_ctx, lp_ctx);
+
if (!NT_STATUS_IS_OK(status)) {
goto out;
}
@@ -1078,6 +1089,7 @@ static NTSTATUS netr_creds_server_step_check(struct pipes_struct *p,
{
NTSTATUS status;
bool schannel_global_required = (lp_server_schannel() == true) ? true:false;
+ struct loadparm_context *lp_ctx;
if (schannel_global_required) {
status = schannel_check_required(&p->auth,
@@ -1088,10 +1100,16 @@ static NTSTATUS netr_creds_server_step_check(struct pipes_struct *p,
}
}
- status = schannel_check_creds_state(mem_ctx, lp_private_dir(),
+ lp_ctx = loadparm_init_s3(mem_ctx, loadparm_s3_context());
+ if (lp_ctx == NULL) {
+ DEBUG(0, ("loadparm_init_s3 failed\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ status = schannel_check_creds_state(mem_ctx, lp_ctx,
computer_name, received_authenticator,
return_authenticator, creds_out);
-
+ talloc_unlink(mem_ctx, lp_ctx);
return status;
}
@@ -1731,6 +1749,7 @@ NTSTATUS _netr_LogonSamLogonEx(struct pipes_struct *p,
{
NTSTATUS status;
struct netlogon_creds_CredentialState *creds = NULL;
+ struct loadparm_context *lp_ctx;
*r->out.authoritative = true;
@@ -1746,10 +1765,18 @@ NTSTATUS _netr_LogonSamLogonEx(struct pipes_struct *p,
return NT_STATUS_INVALID_PARAMETER;
}
+ lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_context());
+ if (lp_ctx == NULL) {
+ DEBUG(0, ("loadparm_init_s3 failed\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
become_root();
- status = schannel_get_creds_state(p->mem_ctx, lp_private_dir(),
+ status = schannel_get_creds_state(p->mem_ctx, lp_ctx,
r->in.computer_name, &creds);
unbecome_root();
+ talloc_unlink(p->mem_ctx, lp_ctx);
+
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -2267,14 +2294,22 @@ NTSTATUS _netr_GetForestTrustInformation(struct pipes_struct *p,
NTSTATUS status;
struct netlogon_creds_CredentialState *creds;
struct lsa_ForestTrustInformation *info, **info_ptr;
+ struct loadparm_context *lp_ctx;
/* TODO: check server name */
- status = schannel_check_creds_state(p->mem_ctx, lp_private_dir(),
+ lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_context());
+ if (lp_ctx == NULL) {
+ DEBUG(0, ("loadparm_init_s3 failed\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ status = schannel_check_creds_state(p->mem_ctx, lp_ctx,
r->in.computer_name,
r->in.credential,
r->out.return_authenticator,
&creds);
+ talloc_unlink(p->mem_ctx, lp_ctx);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -2367,14 +2402,22 @@ NTSTATUS _netr_ServerGetTrustInfo(struct pipes_struct *p,
struct samr_Password *new_owf_enc;
struct samr_Password *old_owf_enc;
DATA_BLOB session_key;
+ struct loadparm_context *lp_ctx;
+
+ lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_context());
+ if (lp_ctx == NULL) {
+ DEBUG(0, ("loadparm_init_s3 failed\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
/* TODO: check server name */
- status = schannel_check_creds_state(p->mem_ctx, lp_private_dir(),
+ status = schannel_check_creds_state(p->mem_ctx, lp_ctx,
r->in.computer_name,
r->in.credential,
r->out.return_authenticator,
&creds);
+ talloc_unlink(p->mem_ctx, lp_ctx);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 7a616c0ee6..449bf7555b 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -43,6 +43,7 @@
#include "ntdomain.h"
#include "rpc_server/srv_pipe.h"
#include "rpc_server/rpc_contexts.h"
+#include "lib/param/param.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_SRV
@@ -477,6 +478,7 @@ static bool pipe_schannel_auth_bind(struct pipes_struct *p,
struct netlogon_creds_CredentialState *creds;
enum ndr_err_code ndr_err;
struct schannel_state *schannel_auth;
+ struct loadparm_context *lp_ctx;
ndr_err = ndr_pull_struct_blob(
&auth_info->credentials, mem_ctx, &neg,
@@ -495,6 +497,12 @@ static bool pipe_schannel_auth_bind(struct pipes_struct *p,
return false;
}
+ lp_ctx = loadparm_init_s3(p, loadparm_s3_context());
+ if (!lp_ctx) {
+ DEBUG(0,("pipe_schannel_auth_bind: loadparm_init_s3() failed!\n"));
+ return false;
+ }
+
/*
* The neg.oem_netbios_computer.a key here must match the remote computer name
* given in the DOM_CLNT_SRV.uni_comp_name used on all netlogon pipe
@@ -502,10 +510,11 @@ static bool pipe_schannel_auth_bind(struct pipes_struct *p,
*/
become_root();
- status = schannel_get_creds_state(p, lp_private_dir(),
+ status = schannel_get_creds_state(p, lp_ctx,
neg.oem_netbios_computer.a, &creds);
unbecome_root();
-
+
+ talloc_unlink(p, lp_ctx);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("pipe_schannel_auth_bind: Attempt to bind using schannel without successful serverauth2\n"));
return False;
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index e47187a697..acbab9d88c 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -40,6 +40,7 @@
#include "messages.h"
#include "smbprofile.h"
#include "lib/id_cache.h"
+#include "lib/param/param.h"
extern void start_epmd(struct tevent_context *ev_ctx,
struct messaging_context *msg_ctx);
@@ -1150,10 +1151,12 @@ extern void build_options(bool screen);
}
if (lp_server_role() == ROLE_DOMAIN_BDC || lp_server_role() == ROLE_DOMAIN_PDC) {
- if (!open_schannel_session_store(NULL, lp_private_dir())) {
+ struct loadparm_context *lp_ctx = loadparm_init_s3(NULL, loadparm_s3_context());
+ if (!open_schannel_session_store(NULL, lp_ctx)) {
DEBUG(0,("ERROR: Samba cannot open schannel store for secured NETLOGON operations.\n"));
exit(1);
}
+ TALLOC_FREE(lp_ctx);
}
if(!get_global_sam_sid()) {