diff options
| author | Jelmer Vernooij <jelmer@samba.org> | 2007-12-02 19:04:33 +0100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2007-12-21 05:47:06 +0100 |
| commit | cc04f143dcd35fb67884e385ffd3e6ed2d32a4c2 (patch) | |
| tree | b543f309338aff262df5dba69bb12fdb24b5b825 /source4/auth | |
| parent | 51db4c3f3d81d1ed03beae6426786c843ac59807 (diff) | |
| download | samba-cc04f143dcd35fb67884e385ffd3e6ed2d32a4c2.tar.gz samba-cc04f143dcd35fb67884e385ffd3e6ed2d32a4c2.tar.bz2 samba-cc04f143dcd35fb67884e385ffd3e6ed2d32a4c2.zip | |
r26229: Set loadparm context as opaque pointer in ldb, remove more uses of global_loadparm.
(This used to be commit 37d05fdc7b0e6b3211ba6ae56b1b5da30a6a392a)
Diffstat (limited to 'source4/auth')
| -rw-r--r-- | source4/auth/auth_server.c | 8 | ||||
| -rw-r--r-- | source4/auth/auth_unix.c | 6 | ||||
| -rw-r--r-- | source4/auth/auth_util.c | 2 | ||||
| -rw-r--r-- | source4/auth/credentials/credentials_files.c | 11 | ||||
| -rw-r--r-- | source4/auth/session.c | 1 |
5 files changed, 15 insertions, 13 deletions
diff --git a/source4/auth/auth_server.c b/source4/auth/auth_server.c index 6502564dca..d391793bd9 100644 --- a/source4/auth/auth_server.c +++ b/source4/auth/auth_server.c @@ -24,7 +24,7 @@ Support for server level security. ****************************************************************************/ -static struct smbcli_state *server_cryptkey(TALLOC_CTX *mem_ctx) +static struct smbcli_state *server_cryptkey(TALLOC_CTX *mem_ctx, int maxprotocol) { struct smbcli_state *cli = NULL; fstring desthost; @@ -92,7 +92,7 @@ static struct smbcli_state *server_cryptkey(TALLOC_CTX *mem_ctx) DEBUG(3,("got session\n")); - if (!smbcli_negprot(cli, lp_cli_maxprotocol(global_loadparm))) { + if (!smbcli_negprot(cli, maxprotocol)) { DEBUG(1,("%s rejected the negprot\n",desthost)); release_server_mutex(); talloc_free(cli); @@ -148,7 +148,7 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte void **my_private_data, TALLOC_CTX *mem_ctx) { - struct smbcli_state *cli = server_cryptkey(mem_ctx); + struct smbcli_state *cli = server_cryptkey(mem_ctx, lp_cli_maxprotocol(auth_context->lp_ctx)); if (cli) { DEBUG(3,("using password server validation\n")); @@ -215,7 +215,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context if (cli) { } else { - cli = server_cryptkey(mem_ctx); + cli = server_cryptkey(mem_ctx, lp_cli_maxprotocol(auth_context->lp_ctx)); locally_made_cli = true; } diff --git a/source4/auth/auth_unix.c b/source4/auth/auth_unix.c index 9efbe5dc12..fac04fd735 100644 --- a/source4/auth/auth_unix.c +++ b/source4/auth/auth_unix.c @@ -308,7 +308,7 @@ static NTSTATUS smb_pam_end(pam_handle_t *pamh) /* * PAM Authentication Handler */ -static NTSTATUS smb_pam_auth(pam_handle_t *pamh, const char *user) +static NTSTATUS smb_pam_auth(pam_handle_t *pamh, bool allow_null_passwords, const char *user) { int pam_error; @@ -319,7 +319,7 @@ static NTSTATUS smb_pam_auth(pam_handle_t *pamh, const char *user) DEBUG(4,("smb_pam_auth: PAM: Authenticate User: %s\n", user)); - pam_error = pam_authenticate(pamh, PAM_SILENT | lp_null_passwords(global_loadparm) ? 0 : PAM_DISALLOW_NULL_AUTHTOK); + pam_error = pam_authenticate(pamh, PAM_SILENT | allow_null_passwords ? 0 : PAM_DISALLOW_NULL_AUTHTOK); switch( pam_error ){ case PAM_AUTH_ERR: DEBUG(2, ("smb_pam_auth: PAM: Authentication Error for user %s\n", user)); @@ -461,7 +461,7 @@ static NTSTATUS check_unix_password(TALLOC_CTX *ctx, struct loadparm_context *lp return nt_status; } - nt_status = smb_pam_auth(pamh, user_info->mapped.account_name); + nt_status = smb_pam_auth(pamh, lp_null_passwords(lp_ctx), user_info->mapped.account_name); if (!NT_STATUS_IS_OK(nt_status)) { smb_pam_end(pamh); return nt_status; diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c index 9110fc1b97..c3ecfece39 100644 --- a/source4/auth/auth_util.c +++ b/source4/auth/auth_util.c @@ -58,7 +58,7 @@ NTSTATUS map_user_info(TALLOC_CTX *mem_ctx, } /* don't allow "" as a domain, fixes a Win9X bug - where it doens't supply a domain for logon script + where it doesn't supply a domain for logon script 'net use' commands. */ /* Split user@realm names into user and realm components. This is TODO to fix with proper userprincipalname support */ diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c index 2d850956e2..f3f73f7fb1 100644 --- a/source4/auth/credentials/credentials_files.c +++ b/source4/auth/credentials/credentials_files.c @@ -169,6 +169,7 @@ bool cli_credentials_parse_file(struct cli_credentials *cred, const char *file, * @retval NTSTATUS error detailing any failure */ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, struct ldb_context *ldb, const char *base, const char *filter) @@ -212,7 +213,7 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, if (!ldb) { /* Local secrets are stored in secrets.ldb */ - ldb = secrets_db_connect(mem_ctx, global_loadparm); + ldb = secrets_db_connect(mem_ctx, lp_ctx); if (!ldb) { /* set anonymous as the fallback, if the machine account won't work */ cli_credentials_set_anonymous(cred); @@ -308,7 +309,7 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, } else { keytab = ldb_msg_find_attr_as_string(msgs[0], "privateKeytab", NULL); if (keytab) { - keytab = talloc_asprintf(mem_ctx, "FILE:%s", private_path(mem_ctx, global_loadparm, keytab)); + keytab = talloc_asprintf(mem_ctx, "FILE:%s", private_path(mem_ctx, lp_ctx, keytab)); if (keytab) { cli_credentials_set_keytab_name(cred, keytab, CRED_SPECIFIED); } @@ -334,7 +335,7 @@ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred) cred->machine_account_pending = false; filter = talloc_asprintf(cred, SECRETS_PRIMARY_DOMAIN_FILTER, cli_credentials_get_domain(cred)); - return cli_credentials_set_secrets(cred, NULL, SECRETS_PRIMARY_DOMAIN_DN, + return cli_credentials_set_secrets(cred, global_loadparm, NULL, SECRETS_PRIMARY_DOMAIN_DN, filter); } @@ -354,7 +355,7 @@ NTSTATUS cli_credentials_set_krbtgt(struct cli_credentials *cred) filter = talloc_asprintf(cred, SECRETS_KRBTGT_SEARCH, cli_credentials_get_realm(cred), cli_credentials_get_domain(cred)); - return cli_credentials_set_secrets(cred, NULL, SECRETS_PRINCIPALS_DN, + return cli_credentials_set_secrets(cred, global_loadparm, NULL, SECRETS_PRINCIPALS_DN, filter); } @@ -376,7 +377,7 @@ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred, cli_credentials_get_realm(cred), cli_credentials_get_domain(cred), serviceprincipal); - return cli_credentials_set_secrets(cred, NULL, SECRETS_PRINCIPALS_DN, + return cli_credentials_set_secrets(cred, global_loadparm, NULL, SECRETS_PRINCIPALS_DN, filter); } diff --git a/source4/auth/session.c b/source4/auth/session.c index 1a87e98bed..259f52ac5c 100644 --- a/source4/auth/session.c +++ b/source4/auth/session.c @@ -161,6 +161,7 @@ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, session_info->session_key = server_info->user_session_key; nt_status = security_token_create(session_info, + global_loadparm, server_info->account_sid, server_info->primary_group_sid, server_info->n_domain_groups, |