diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-10-12 22:55:34 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-10-13 14:06:07 +0200 |
commit | 5603dab6478fbb40206a8664a308b5db5b1863e8 (patch) | |
tree | 865595e3efb120830d8d7c52e5da786bbf554d99 /source3 | |
parent | 43d84aa619be5851acea82bef77164f0dc3e9f7e (diff) | |
download | samba-5603dab6478fbb40206a8664a308b5db5b1863e8.tar.gz samba-5603dab6478fbb40206a8664a308b5db5b1863e8.tar.bz2 samba-5603dab6478fbb40206a8664a308b5db5b1863e8.zip |
libcli/auth: Provide a struct loadparm_context to schannel calls
This will allow us to pass this down to the tdb_wrap layer.
Andrew Bartlett
Diffstat (limited to 'source3')
-rw-r--r-- | source3/rpc_server/netlogon/srv_netlog_nt.c | 55 | ||||
-rw-r--r-- | source3/rpc_server/srv_pipe.c | 13 | ||||
-rw-r--r-- | source3/smbd/server.c | 5 |
3 files changed, 64 insertions, 9 deletions
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c index 5e945187fa..dc0c33d395 100644 --- a/source3/rpc_server/netlogon/srv_netlog_nt.c +++ b/source3/rpc_server/netlogon/srv_netlog_nt.c @@ -44,6 +44,7 @@ #include "auth.h" #include "messages.h" #include "../lib/tsocket/tsocket.h" +#include "lib/param/param.h" extern userdom_struct current_user_info; @@ -882,6 +883,7 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p, * so use a copy to avoid destroying the client values. */ uint32_t in_neg_flags = *r->in.negotiate_flags; const char *fn; + struct loadparm_context *lp_ctx; struct dom_sid sid; struct samr_Password mach_pwd; struct netlogon_creds_CredentialState *creds; @@ -993,11 +995,20 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p, goto out; } + lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_context()); + if (lp_ctx == NULL) { + DEBUG(10, ("loadparm_init_s3 failed\n")); + status = NT_STATUS_INTERNAL_ERROR; + goto out; + } + /* Store off the state so we can continue after client disconnect. */ become_root(); - status = schannel_save_creds_state(p->mem_ctx, lp_private_dir(), creds); + status = schannel_save_creds_state(p->mem_ctx, lp_ctx, creds); unbecome_root(); + talloc_unlink(p->mem_ctx, lp_ctx); + if (!NT_STATUS_IS_OK(status)) { goto out; } @@ -1078,6 +1089,7 @@ static NTSTATUS netr_creds_server_step_check(struct pipes_struct *p, { NTSTATUS status; bool schannel_global_required = (lp_server_schannel() == true) ? true:false; + struct loadparm_context *lp_ctx; if (schannel_global_required) { status = schannel_check_required(&p->auth, @@ -1088,10 +1100,16 @@ static NTSTATUS netr_creds_server_step_check(struct pipes_struct *p, } } - status = schannel_check_creds_state(mem_ctx, lp_private_dir(), + lp_ctx = loadparm_init_s3(mem_ctx, loadparm_s3_context()); + if (lp_ctx == NULL) { + DEBUG(0, ("loadparm_init_s3 failed\n")); + return NT_STATUS_INTERNAL_ERROR; + } + + status = schannel_check_creds_state(mem_ctx, lp_ctx, computer_name, received_authenticator, return_authenticator, creds_out); - + talloc_unlink(mem_ctx, lp_ctx); return status; } @@ -1731,6 +1749,7 @@ NTSTATUS _netr_LogonSamLogonEx(struct pipes_struct *p, { NTSTATUS status; struct netlogon_creds_CredentialState *creds = NULL; + struct loadparm_context *lp_ctx; *r->out.authoritative = true; @@ -1746,10 +1765,18 @@ NTSTATUS _netr_LogonSamLogonEx(struct pipes_struct *p, return NT_STATUS_INVALID_PARAMETER; } + lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_context()); + if (lp_ctx == NULL) { + DEBUG(0, ("loadparm_init_s3 failed\n")); + return NT_STATUS_INTERNAL_ERROR; + } + become_root(); - status = schannel_get_creds_state(p->mem_ctx, lp_private_dir(), + status = schannel_get_creds_state(p->mem_ctx, lp_ctx, r->in.computer_name, &creds); unbecome_root(); + talloc_unlink(p->mem_ctx, lp_ctx); + if (!NT_STATUS_IS_OK(status)) { return status; } @@ -2267,14 +2294,22 @@ NTSTATUS _netr_GetForestTrustInformation(struct pipes_struct *p, NTSTATUS status; struct netlogon_creds_CredentialState *creds; struct lsa_ForestTrustInformation *info, **info_ptr; + struct loadparm_context *lp_ctx; /* TODO: check server name */ - status = schannel_check_creds_state(p->mem_ctx, lp_private_dir(), + lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_context()); + if (lp_ctx == NULL) { + DEBUG(0, ("loadparm_init_s3 failed\n")); + return NT_STATUS_INTERNAL_ERROR; + } + + status = schannel_check_creds_state(p->mem_ctx, lp_ctx, r->in.computer_name, r->in.credential, r->out.return_authenticator, &creds); + talloc_unlink(p->mem_ctx, lp_ctx); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -2367,14 +2402,22 @@ NTSTATUS _netr_ServerGetTrustInfo(struct pipes_struct *p, struct samr_Password *new_owf_enc; struct samr_Password *old_owf_enc; DATA_BLOB session_key; + struct loadparm_context *lp_ctx; + + lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_context()); + if (lp_ctx == NULL) { + DEBUG(0, ("loadparm_init_s3 failed\n")); + return NT_STATUS_INTERNAL_ERROR; + } /* TODO: check server name */ - status = schannel_check_creds_state(p->mem_ctx, lp_private_dir(), + status = schannel_check_creds_state(p->mem_ctx, lp_ctx, r->in.computer_name, r->in.credential, r->out.return_authenticator, &creds); + talloc_unlink(p->mem_ctx, lp_ctx); if (!NT_STATUS_IS_OK(status)) { return status; } diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 7a616c0ee6..449bf7555b 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -43,6 +43,7 @@ #include "ntdomain.h" #include "rpc_server/srv_pipe.h" #include "rpc_server/rpc_contexts.h" +#include "lib/param/param.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV @@ -477,6 +478,7 @@ static bool pipe_schannel_auth_bind(struct pipes_struct *p, struct netlogon_creds_CredentialState *creds; enum ndr_err_code ndr_err; struct schannel_state *schannel_auth; + struct loadparm_context *lp_ctx; ndr_err = ndr_pull_struct_blob( &auth_info->credentials, mem_ctx, &neg, @@ -495,6 +497,12 @@ static bool pipe_schannel_auth_bind(struct pipes_struct *p, return false; } + lp_ctx = loadparm_init_s3(p, loadparm_s3_context()); + if (!lp_ctx) { + DEBUG(0,("pipe_schannel_auth_bind: loadparm_init_s3() failed!\n")); + return false; + } + /* * The neg.oem_netbios_computer.a key here must match the remote computer name * given in the DOM_CLNT_SRV.uni_comp_name used on all netlogon pipe @@ -502,10 +510,11 @@ static bool pipe_schannel_auth_bind(struct pipes_struct *p, */ become_root(); - status = schannel_get_creds_state(p, lp_private_dir(), + status = schannel_get_creds_state(p, lp_ctx, neg.oem_netbios_computer.a, &creds); unbecome_root(); - + + talloc_unlink(p, lp_ctx); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("pipe_schannel_auth_bind: Attempt to bind using schannel without successful serverauth2\n")); return False; diff --git a/source3/smbd/server.c b/source3/smbd/server.c index e47187a697..acbab9d88c 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -40,6 +40,7 @@ #include "messages.h" #include "smbprofile.h" #include "lib/id_cache.h" +#include "lib/param/param.h" extern void start_epmd(struct tevent_context *ev_ctx, struct messaging_context *msg_ctx); @@ -1150,10 +1151,12 @@ extern void build_options(bool screen); } if (lp_server_role() == ROLE_DOMAIN_BDC || lp_server_role() == ROLE_DOMAIN_PDC) { - if (!open_schannel_session_store(NULL, lp_private_dir())) { + struct loadparm_context *lp_ctx = loadparm_init_s3(NULL, loadparm_s3_context()); + if (!open_schannel_session_store(NULL, lp_ctx)) { DEBUG(0,("ERROR: Samba cannot open schannel store for secured NETLOGON operations.\n")); exit(1); } + TALLOC_FREE(lp_ctx); } if(!get_global_sam_sid()) { |