diff options
77 files changed, 352 insertions, 186 deletions
diff --git a/lib/util/debug.h b/lib/util/debug.h index 632c24fadb..a5962b04bb 100644 --- a/lib/util/debug.h +++ b/lib/util/debug.h @@ -83,7 +83,7 @@ enum debug_logtype {DEBUG_STDOUT = 0, DEBUG_FILE = 1, DEBUG_STDERR = 2}; */ _PUBLIC_ void dbghdr(int level, const char *location, const char *func); -_PUBLIC_ void dbghdrclass(int level, int class, const char *location, const char *func); +_PUBLIC_ void dbghdrclass(int level, int cls, const char *location, const char *func); /** reopen the log file (usually called because the log file name might have changed) diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm index e30102b4e1..bb0c18e13c 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm @@ -120,7 +120,8 @@ static NTSTATUS $name\__op_ndr_pull(struct dcesrv_call_state *dce_call, TALLOC_C /* unravel the NDR for the packet */ ndr_err = ndr_table_$name.calls[opnum].ndr_pull(pull, NDR_IN, *r); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - dcerpc_log_packet(&ndr_table_$name, opnum, NDR_IN, + dcerpc_log_packet(dce_call->conn->packet_log_dir, + &ndr_table_$name, opnum, NDR_IN, &dce_call->pkt.u.request.stub_and_verifier); dce_call->fault_code = DCERPC_FAULT_NDR; return NT_STATUS_NET_WRITE_FAULT; @@ -144,7 +145,8 @@ pidl " } if (dce_call->fault_code != 0) { - dcerpc_log_packet(&ndr_table_$name, opnum, NDR_IN, + dcerpc_log_packet(dce_call->conn->packet_log_dir, + &ndr_table_$name, opnum, NDR_IN, &dce_call->pkt.u.request.stub_and_verifier); return NT_STATUS_NET_WRITE_FAULT; } @@ -167,7 +169,8 @@ pidl " } if (dce_call->fault_code != 0) { - dcerpc_log_packet(&ndr_table_$name, opnum, NDR_IN, + dcerpc_log_packet(dce_call->conn->packet_log_dir, + &ndr_table_$name, opnum, NDR_IN, &dce_call->pkt.u.request.stub_and_verifier); return NT_STATUS_NET_WRITE_FAULT; } diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c index 5d57383d2a..20c88f86bc 100644 --- a/source4/auth/gensec/gensec.c +++ b/source4/auth/gensec/gensec.c @@ -477,7 +477,7 @@ const char **gensec_security_oids(struct gensec_security *gensec_security, */ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx, struct event_context *ev, - struct loadparm_context *lp_ctx, + struct gensec_settings *settings, struct messaging_context *msg, struct gensec_security **gensec_security) { @@ -501,7 +501,7 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx, (*gensec_security)->event_ctx = ev; (*gensec_security)->msg_ctx = msg; - (*gensec_security)->lp_ctx = lp_ctx; + (*gensec_security)->settings = talloc_reference(*gensec_security, settings); return NT_STATUS_OK; } @@ -529,7 +529,7 @@ _PUBLIC_ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx, (*gensec_security)->want_features = parent->want_features; (*gensec_security)->event_ctx = parent->event_ctx; (*gensec_security)->msg_ctx = parent->msg_ctx; - (*gensec_security)->lp_ctx = parent->lp_ctx; + (*gensec_security)->settings = talloc_reference(*gensec_security, parent->settings); return NT_STATUS_OK; } @@ -543,11 +543,11 @@ _PUBLIC_ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx, _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx, struct gensec_security **gensec_security, struct event_context *ev, - struct loadparm_context *lp_ctx) + struct gensec_settings *settings) { NTSTATUS status; - status = gensec_start(mem_ctx, ev, lp_ctx, NULL, gensec_security); + status = gensec_start(mem_ctx, ev, settings, NULL, gensec_security); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -564,7 +564,7 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx, */ _PUBLIC_ NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx, struct event_context *ev, - struct loadparm_context *lp_ctx, + struct gensec_settings *settings, struct messaging_context *msg, struct gensec_security **gensec_security) { @@ -580,7 +580,7 @@ _PUBLIC_ NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx, return NT_STATUS_INTERNAL_ERROR; } - status = gensec_start(mem_ctx, ev, lp_ctx, msg, gensec_security); + status = gensec_start(mem_ctx, ev, settings, msg, gensec_security); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -1107,9 +1107,8 @@ _PUBLIC_ NTSTATUS gensec_set_target_hostname(struct gensec_security *gensec_secu _PUBLIC_ const char *gensec_get_target_hostname(struct gensec_security *gensec_security) { /* We allow the target hostname to be overriden for testing purposes */ - const char *target_hostname = lp_parm_string(gensec_security->lp_ctx, NULL, "gensec", "target_hostname"); - if (target_hostname) { - return target_hostname; + if (gensec_security->settings->target_hostname) { + return gensec_security->settings->target_hostname; } if (gensec_security->target.hostname) { @@ -1255,6 +1254,16 @@ static int sort_gensec(struct gensec_security_ops **gs1, struct gensec_security_ return (*gs2)->priority - (*gs1)->priority; } +int gensec_setting_int(struct gensec_settings *settings, const char *mechanism, const char *name, int default_value) +{ + return lp_parm_int(settings->lp_ctx, NULL, mechanism, name, default_value); +} + +bool gensec_setting_bool(struct gensec_settings *settings, const char *mechanism, const char *name, bool default_value) +{ + return lp_parm_bool(settings->lp_ctx, NULL, mechanism, name, default_value); +} + /* initialise the GENSEC subsystem */ diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h index 0b31882ddd..2a483171f7 100644 --- a/source4/auth/gensec/gensec.h +++ b/source4/auth/gensec/gensec.h @@ -64,6 +64,7 @@ enum gensec_role struct auth_session_info; struct cli_credentials; +struct gensec_settings; struct gensec_update_request { struct gensec_security *gensec_security; @@ -77,6 +78,12 @@ struct gensec_update_request { } callback; }; +struct gensec_settings { + struct loadparm_context *lp_ctx; + struct smb_iconv_convenience *iconv_convenience; + const char *target_hostname; +}; + struct gensec_security_ops { const char *name; const char *sasl_name; @@ -151,7 +158,6 @@ struct gensec_security_ops_wrapper { struct gensec_security { const struct gensec_security_ops *ops; - struct loadparm_context *lp_ctx; void *private_data; struct cli_credentials *credentials; struct gensec_target target; @@ -161,6 +167,7 @@ struct gensec_security { struct event_context *event_ctx; struct messaging_context *msg_ctx; /* only valid as server */ struct socket_address *my_addr, *peer_addr; + struct gensec_settings *settings; }; /* this structure is used by backends to determine the size of some critical types */ @@ -210,7 +217,7 @@ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx, NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx, struct gensec_security **gensec_security, struct event_context *ev, - struct loadparm_context *lp_ctx); + struct gensec_settings *settings); NTSTATUS gensec_start_mech_by_sasl_list(struct gensec_security *gensec_security, const char **sasl_names); NTSTATUS gensec_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, @@ -262,7 +269,7 @@ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security, const char *gensec_get_name_by_authtype(uint8_t authtype); NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx, struct event_context *ev, - struct loadparm_context *lp_ctx, + struct gensec_settings *settings, struct messaging_context *msg, struct gensec_security **gensec_security); NTSTATUS gensec_session_info(struct gensec_security *gensec_security, @@ -295,5 +302,7 @@ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx, NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security, const char *sasl_name); +int gensec_setting_int(struct gensec_settings *settings, const char *mechanism, const char *name, int default_value); +bool gensec_setting_bool(struct gensec_settings *settings, const char *mechanism, const char *name, bool default_value); #endif /* __GENSEC_H__ */ diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index e307dbb5cb..dcfffef3df 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -154,7 +154,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security) gensec_gssapi_state->gss_exchange_count = 0; gensec_gssapi_state->max_wrap_buf_size - = lp_parm_int(gensec_security->lp_ctx, NULL, "gensec_gssapi", "max wrap buf size", 65536); + = gensec_setting_int(gensec_security->settings, "gensec_gssapi", "max wrap buf size", 65536); gensec_gssapi_state->sasl = false; gensec_gssapi_state->sasl_state = STAGE_GSS_NEG; @@ -170,16 +170,16 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security) gensec_gssapi_state->input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS; gensec_gssapi_state->want_flags = 0; - if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "mutual", true)) { + if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "mutual", true)) { gensec_gssapi_state->want_flags |= GSS_C_MUTUAL_FLAG; } - if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "delegation", true)) { + if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "delegation", true)) { gensec_gssapi_state->want_flags |= GSS_C_DELEG_FLAG; } - if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "replay", true)) { + if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "replay", true)) { gensec_gssapi_state->want_flags |= GSS_C_REPLAY_FLAG; } - if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "sequence", true)) { + if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "sequence", true)) { gensec_gssapi_state->want_flags |= GSS_C_SEQUENCE_FLAG; } @@ -214,10 +214,10 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security) talloc_free(gensec_gssapi_state); return NT_STATUS_INTERNAL_ERROR; } - if (lp_realm(gensec_security->lp_ctx) && *lp_realm(gensec_security->lp_ctx)) { - char *upper_realm = strupper_talloc(gensec_gssapi_state, lp_realm(gensec_security->lp_ctx)); + if (lp_realm(gensec_security->settings->lp_ctx) && *lp_realm(gensec_security->settings->lp_ctx)) { + char *upper_realm = strupper_talloc(gensec_gssapi_state, lp_realm(gensec_security->settings->lp_ctx)); if (!upper_realm) { - DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm(gensec_security->lp_ctx))); + DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm(gensec_security->settings->lp_ctx))); talloc_free(gensec_gssapi_state); return NT_STATUS_NO_MEMORY; } @@ -231,7 +231,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security) } /* don't do DNS lookups of any kind, it might/will fail for a netbios name */ - ret = gsskrb5_set_dns_canonicalize(lp_parm_bool(gensec_security->lp_ctx, NULL, "krb5", "set_dns_canonicalize", false)); + ret = gsskrb5_set_dns_canonicalize(gensec_setting_bool(gensec_security->settings, "krb5", "set_dns_canonicalize", false)); if (ret) { DEBUG(1,("gensec_krb5_start: gsskrb5_set_dns_canonicalize failed\n")); talloc_free(gensec_gssapi_state); @@ -240,7 +240,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security) ret = smb_krb5_init_context(gensec_gssapi_state, gensec_security->event_ctx, - gensec_security->lp_ctx, + gensec_security->settings->lp_ctx, &gensec_gssapi_state->smb_krb5_context); if (ret) { DEBUG(1,("gensec_krb5_start: krb5_init_context failed (%s)\n", @@ -274,7 +274,7 @@ static NTSTATUS gensec_gssapi_server_start(struct gensec_security *gensec_securi } else { ret = cli_credentials_get_server_gss_creds(machine_account, gensec_security->event_ctx, - gensec_security->lp_ctx, &gcc); + gensec_security->settings->lp_ctx, &gcc); if (ret) { DEBUG(1, ("Aquiring acceptor credentials failed: %s\n", error_message(ret))); @@ -336,7 +336,7 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi gensec_gssapi_state->gss_oid = gss_mech_krb5; principal = gensec_get_target_principal(gensec_security); - if (principal && lp_client_use_spnego_principal(gensec_security->lp_ctx)) { + if (principal && lp_client_use_spnego_principal(gensec_security->settings->lp_ctx)) { name_type = GSS_C_NULL_OID; } else { principal = talloc_asprintf(gensec_gssapi_state, "%s@%s", @@ -362,7 +362,7 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi ret = cli_credentials_get_client_gss_creds(creds, gensec_security->event_ctx, - gensec_security->lp_ctx, &gcc); + gensec_security->settings->lp_ctx, &gcc); switch (ret) { case 0: break; @@ -1142,10 +1142,10 @@ static bool gensec_gssapi_have_feature(struct gensec_security *gensec_security, return false; } - if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "force_new_spnego", false)) { + if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "force_new_spnego", false)) { return true; } - if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "disable_new_spnego", false)) { + if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "disable_new_spnego", false)) { return false; } @@ -1256,7 +1256,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi */ if (pac_blob.length) { nt_status = kerberos_pac_blob_to_server_info(mem_ctx, - lp_iconv_convenience(gensec_security->lp_ctx), + gensec_security->settings->iconv_convenience, pac_blob, gensec_gssapi_state->smb_krb5_context->krb5_context, &server_info); @@ -1290,11 +1290,11 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi return NT_STATUS_NO_MEMORY; } - if (!lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec", "require_pac", false)) { + if (!gensec_setting_bool(gensec_security->settings, "gensec", "require_pac", false)) { DEBUG(1, ("Unable to find PAC, resorting to local user lookup: %s\n", gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid))); nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->event_ctx, - gensec_security->lp_ctx, principal_string, + gensec_security->settings->lp_ctx, principal_string, &server_info); if (!NT_STATUS_IS_OK(nt_status)) { @@ -1311,7 +1311,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi /* references the server_info into the session_info */ nt_status = auth_generate_session_info(mem_ctx, gensec_security->event_ctx, - gensec_security->lp_ctx, server_info, &session_info); + gensec_security->settings->lp_ctx, server_info, &session_info); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(mem_ctx); return nt_status; @@ -1334,13 +1334,13 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi return NT_STATUS_NO_MEMORY; } - cli_credentials_set_conf(session_info->credentials, gensec_security->lp_ctx); + cli_credentials_set_conf(session_info->credentials, gensec_security->settings->lp_ctx); /* Just so we don't segfault trying to get at a username */ cli_credentials_set_anonymous(session_info->credentials); ret = cli_credentials_set_client_gss_creds(session_info->credentials, gensec_security->event_ctx, - gensec_security->lp_ctx, + gensec_security->settings->lp_ctx, gensec_gssapi_state->delegated_cred_handle, CRED_SPECIFIED); if (ret) { diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index 1f54043038..16867366a4 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -120,7 +120,7 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security) if (cli_credentials_get_krb5_context(creds, gensec_security->event_ctx, - gensec_security->lp_ctx, &gensec_krb5_state->smb_krb5_context)) { + gensec_security->settings->lp_ctx, &gensec_krb5_state->smb_krb5_context)) { talloc_free(gensec_krb5_state); return NT_STATUS_INTERNAL_ERROR; } @@ -252,7 +252,7 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security), gensec_security->event_ctx, - gensec_security->lp_ctx, &ccache_container); + gensec_security->settings->lp_ctx, &ccache_container); switch (ret) { case 0: break; @@ -267,7 +267,7 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security } in_data.length = 0; - if (principal && lp_client_use_spnego_principal(gensec_security->lp_ctx)) { + if (principal && lp_client_use_spnego_principal(gensec_security->settings->lp_ctx)) { krb5_principal target_principal; ret = krb5_parse_name(gensec_krb5_state->smb_krb5_context->krb5_context, principal, &target_principal); @@ -452,7 +452,7 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, /* Grab the keytab, however generated */ ret = cli_credentials_get_keytab(gensec_get_credentials(gensec_security), gensec_security->event_ctx, - gensec_security->lp_ctx, &keytab); + gensec_security->settings->lp_ctx, &keytab); if (ret) { return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; } @@ -594,7 +594,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security KRB5_AUTHDATA_WIN2K_PAC, &pac_data); - if (ret && lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec", "require_pac", false)) { + if (ret && gensec_setting_bool(gensec_security->settings, "gensec", "require_pac", false)) { DEBUG(1, ("Unable to find PAC in ticket from %s, failing to allow access: %s \n", principal_string, smb_get_krb5_error_message(context, @@ -607,7 +607,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security DEBUG(5, ("krb5_ticket_get_authorization_data_type failed to find PAC: %s\n", smb_get_krb5_error_message(context, ret, mem_ctx))); - nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->event_ctx, gensec_security->lp_ctx, principal_string, + nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->event_ctx, gensec_security->settings->lp_ctx, principal_string, &server_info); krb5_free_principal(context, client_principal); free(principal_string); @@ -630,7 +630,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security /* decode and verify the pac */ nt_status = kerberos_pac_logon_info(gensec_krb5_state, - lp_iconv_convenience(gensec_security->lp_ctx), + gensec_security->settings->iconv_convenience, &logon_info, pac, gensec_krb5_state->smb_krb5_context->krb5_context, NULL, gensec_krb5_state->keyblock, @@ -655,7 +655,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security } /* references the server_info into the session_info */ - nt_status = auth_generate_session_info(mem_ctx, gensec_security->event_ctx, gensec_security->lp_ctx, server_info, &session_info); + nt_status = auth_generate_session_info(mem_ctx, gensec_security->event_ctx, gensec_security->settings->lp_ctx, server_info, &session_info); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(mem_ctx); diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c index f21202b86f..e6d38c14a3 100644 --- a/source4/auth/gensec/schannel.c +++ b/source4/auth/gensec/schannel.c @@ -85,7 +85,7 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_ #endif ndr_err = ndr_push_struct_blob(out, out_mem_ctx, - lp_iconv_convenience(gensec_security->lp_ctx), &bind_schannel, + gensec_security->settings->iconv_convenience, &bind_schannel, (ndr_push_flags_fn_t)ndr_push_schannel_bind); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { status = ndr_map_error2ntstatus(ndr_err); @@ -106,7 +106,7 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_ /* parse the schannel startup blob */ ndr_err = ndr_pull_struct_blob(&in, out_mem_ctx, - lp_iconv_convenience(gensec_security->lp_ctx), + gensec_security->settings->iconv_convenience, &bind_schannel, (ndr_pull_flags_fn_t)ndr_pull_schannel_bind); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { @@ -126,7 +126,7 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_ /* pull the session key for this client */ status = schannel_fetch_session_key(out_mem_ctx, gensec_security->event_ctx, - gensec_security->lp_ctx, workstation, + gensec_security->settings->lp_ctx, workstation, domain, &creds); if (!NT_STATUS_IS_OK(status)) { DEBUG(3, ("Could not find session key for attempted schannel connection from %s: %s\n", @@ -144,7 +144,7 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_ bind_schannel_ack.unknown3 = 0x6c0000; ndr_err = ndr_push_struct_blob(out, out_mem_ctx, - lp_iconv_convenience(gensec_security->lp_ctx), &bind_schannel_ack, + gensec_security->settings->iconv_convenience, &bind_schannel_ack, (ndr_push_flags_fn_t)ndr_push_schannel_bind_ack); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { status = ndr_map_error2ntstatus(ndr_err); @@ -190,7 +190,7 @@ static NTSTATUS schannel_session_info(struct gensec_security *gensec_security, struct auth_session_info **_session_info) { struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state); - return auth_anonymous_session_info(state, gensec_security->event_ctx, gensec_security->lp_ctx, _session_info); + return auth_anonymous_session_info(state, gensec_security->event_ctx, gensec_security->settings->lp_ctx, _session_info); } static NTSTATUS schannel_start(struct gensec_security *gensec_security) diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c index 90b542c4c4..06db904130 100644 --- a/source4/auth/kerberos/krb5_init_context.c +++ b/source4/auth/kerberos/krb5_init_context.c @@ -250,14 +250,10 @@ krb5_error_code smb_krb5_send_and_recv_func(krb5_context context, status = NT_STATUS_INVALID_PARAMETER; switch (hi->proto) { case KRB5_KRBHST_UDP: - if (lp_parm_bool(global_loadparm, NULL, "krb5", "udp", true)) { - status = socket_create(name, SOCKET_TYPE_DGRAM, &smb_krb5->sock, 0); - } + status = socket_create(name, SOCKET_TYPE_DGRAM, &smb_krb5->sock, 0); break; case KRB5_KRBHST_TCP: - if (lp_parm_bool(global_loadparm, NULL, "krb5", "tcp", true)) { - status = socket_create(name, SOCKET_TYPE_STREAM, &smb_krb5->sock, 0); - } + status = socket_create(name, SOCKET_TYPE_STREAM, &smb_krb5->sock, 0); break; case KRB5_KRBHST_HTTP: talloc_free(smb_krb5); diff --git a/source4/auth/ntlm/auth_server.c b/source4/auth/ntlm/auth_server.c index 0b1e091eea..2af0cc8a00 100644 --- a/source4/auth/ntlm/auth_server.c +++ b/source4/auth/ntlm/auth_server.c @@ -66,6 +66,7 @@ static NTSTATUS server_get_challenge(struct auth_method_context *ctx, TALLOC_CTX return NT_STATUS_INTERNAL_ERROR; } io.in.dest_ports = lp_smb_ports(ctx->auth_ctx->lp_ctx); + io.in.socket_options = lp_socket_options(ctx->auth_ctx->lp_ctx); io.in.called_name = strupper_talloc(mem_ctx, io.in.dest_host); @@ -145,6 +146,7 @@ static NTSTATUS server_check_password(struct auth_method_context *ctx, session_setup.in.credentials = creds; session_setup.in.workgroup = ""; /* Only used with SPNEGO, which we are not doing */ + session_setup.in.gensec_settings = lp_gensec_settings(session, ctx->auth_ctx->lp_ctx); /* Check password with remove server - this should be async some day */ nt_status = smb_composite_sesssetup(session, &session_setup); diff --git a/source4/auth/ntlmssp/ntlmssp_client.c b/source4/auth/ntlmssp/ntlmssp_client.c index 31da9fc927..e28d8462d4 100644 --- a/source4/auth/ntlmssp/ntlmssp_client.c +++ b/source4/auth/ntlmssp/ntlmssp_client.c @@ -192,7 +192,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security, if (gensec_ntlmssp_state->use_nt_response) { flags |= CLI_CRED_NTLM_AUTH; } - if (lp_client_lanman_auth(gensec_security->lp_ctx)) { + if (lp_client_lanman_auth(gensec_security->settings->lp_ctx)) { flags |= CLI_CRED_LANMAN_AUTH; } @@ -217,7 +217,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security, } if ((gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) - && lp_client_lanman_auth(gensec_security->lp_ctx) && lm_session_key.length == 16) { + && lp_client_lanman_auth(gensec_security->settings->lp_ctx) && lm_session_key.length == 16) { DATA_BLOB new_session_key = data_blob_talloc(mem_ctx, NULL, 16); if (lm_response.length == 24) { SMBsesskeygen_lm_sess_key(lm_session_key.data, lm_response.data, @@ -308,17 +308,17 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security) gensec_ntlmssp_state->role = NTLMSSP_CLIENT; - gensec_ntlmssp_state->domain = lp_workgroup(gensec_security->lp_ctx); + gensec_ntlmssp_state->domain = lp_workgroup(gensec_security->settings->lp_ctx); - gensec_ntlmssp_state->unicode = lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "unicode", true); + gensec_ntlmssp_state->unicode = gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "unicode", true); - gensec_ntlmssp_state->use_nt_response = lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "send_nt_reponse", true); + gensec_ntlmssp_state->use_nt_response = gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "send_nt_reponse", true); - gensec_ntlmssp_state->allow_lm_key = (lp_client_lanman_auth(gensec_security->lp_ctx) - && (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "allow_lm_key", false) - || lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "lm_key", false))); + gensec_ntlmssp_state->allow_lm_key = (lp_client_lanman_auth(gensec_security->settings->lp_ctx) + && (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "allow_lm_key", false) + || gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "lm_key", false))); - gensec_ntlmssp_state->use_ntlmv2 = lp_client_ntlmv2_auth(gensec_security->lp_ctx); + gensec_ntlmssp_state->use_ntlmv2 = lp_client_ntlmv2_auth(gensec_security->settings->lp_ctx); gensec_ntlmssp_state->expected_state = NTLMSSP_INITIAL; @@ -326,27 +326,27 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security) NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_REQUEST_TARGET; - if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "128bit", true)) { + if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "128bit", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128; } - if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "56bit", false)) { + if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "56bit", false)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56; } - if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "lm_key", false)) { + if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "lm_key", false)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY; } - if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "keyexchange", true)) { + if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "keyexchange", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH; } - if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "alwayssign", true)) { + if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "alwayssign", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN; } - if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "ntlm2", true)) { + if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "ntlm2", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2; } else { /* apparently we can't do ntlmv2 if we don't do ntlm2 */ diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c index cb336d5b46..37cc5f318f 100644 --- a/source4/auth/ntlmssp/ntlmssp_server.c +++ b/source4/auth/ntlmssp/ntlmssp_server.c @@ -186,7 +186,7 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security, /* Find out the DNS domain name */ dnsdomname[0] = '\0'; - safe_strcpy(dnsdomname, lp_realm(gensec_security->lp_ctx), sizeof(dnsdomname) - 1); + safe_strcpy(dnsdomname, lp_realm(gensec_security->settings->lp_ctx), sizeof(dnsdomname) - 1); strlower_m(dnsdomname); /* Find out the DNS host name */ @@ -722,7 +722,7 @@ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security, NTSTATUS nt_status; struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data; - nt_status = auth_generate_session_info(gensec_ntlmssp_state, gensec_security->event_ctx, gensec_security->lp_ctx, gensec_ntlmssp_state->server_info, session_info); + nt_status = auth_generate_session_info(gensec_ntlmssp_state, gensec_security->event_ctx, gensec_security->settings->lp_ctx, gensec_ntlmssp_state->server_info, session_info); NT_STATUS_NOT_OK_RETURN(nt_status); (*session_info)->session_key = data_blob_talloc(*session_info, @@ -749,14 +749,14 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security) gensec_ntlmssp_state->role = NTLMSSP_SERVER; gensec_ntlmssp_state->workstation = NULL; - gensec_ntlmssp_state->server_name = lp_netbios_name(gensec_security->lp_ctx); + gensec_ntlmssp_state->server_name = lp_netbios_name(gensec_security->settings->lp_ctx); - gensec_ntlmssp_state->domain = lp_workgroup(gensec_security->lp_ctx); + gensec_ntlmssp_state->domain = lp_workgroup(gensec_security->settings->lp_ctx); gensec_ntlmssp_state->expected_state = NTLMSSP_NEGOTIATE; - gensec_ntlmssp_state->allow_lm_key = (lp_lanman_auth(gensec_security->lp_ctx) - && lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "allow_lm_key", false)); + gensec_ntlmssp_state->allow_lm_key = (lp_lanman_auth(gensec_security->settings->lp_ctx) + && gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "allow_lm_key", false)); gensec_ntlmssp_state->server_multiple_authentications = false; @@ -767,23 +767,23 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security) gensec_ntlmssp_state->nt_resp = data_blob(NULL, 0); gensec_ntlmssp_state->encrypted_session_key = data_blob(NULL, 0); - if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "128bit", true)) { + if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "128bit", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128; } - if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "56bit", true)) { + if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "56bit", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56; } - if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "keyexchange", true)) { + if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "keyexchange", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH; } - if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "alwayssign", true)) { + if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "alwayssign", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN; } - if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "ntlm2", true)) { + if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "ntlm2", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2; } @@ -797,7 +797,7 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security) nt_status = auth_context_create(gensec_ntlmssp_state, gensec_security->event_ctx, gensec_security->msg_ctx, - gensec_security->lp_ctx, + gensec_security->settings->lp_ctx, &gensec_ntlmssp_state->auth_context); NT_STATUS_NOT_OK_RETURN(nt_status); @@ -805,7 +805,7 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security) gensec_ntlmssp_state->may_set_challenge = auth_ntlmssp_may_set_challenge; gensec_ntlmssp_state->set_challenge = auth_ntlmssp_set_challenge; gensec_ntlmssp_state->check_password = auth_ntlmssp_check_password; - gensec_ntlmssp_state->server_role = lp_server_role(gensec_security->lp_ctx); + gensec_ntlmssp_state->server_role = lp_server_role(gensec_security->settings->lp_ctx); return NT_STATUS_OK; } diff --git a/source4/auth/sam.c b/source4/auth/sam.c index 4255a6432a..f6a998ae0f 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -447,7 +447,8 @@ NTSTATUS sam_get_server_info_principal(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - sam_ctx = samdb_connect(tmp_ctx, event_ctx, lp_ctx, system_session(tmp_ctx, lp_ctx)); + sam_ctx = samdb_connect(tmp_ctx, event_ctx, lp_ctx, + system_session(tmp_ctx, lp_ctx)); if (sam_ctx == NULL) { talloc_free(tmp_ctx); return NT_STATUS_INVALID_SYSTEM_SERVICE; @@ -459,7 +460,8 @@ NTSTATUS sam_get_server_info_principal(TALLOC_CTX *mem_ctx, return nt_status; } - nt_status = authsam_make_server_info(tmp_ctx, sam_ctx, lp_netbios_name(lp_ctx), + nt_status = authsam_make_server_info(tmp_ctx, sam_ctx, + lp_netbios_name(lp_ctx), msgs[0], msgs_domain_ref[0], user_sess_key, lm_sess_key, server_info); diff --git a/source4/auth/system_session.c b/source4/auth/system_session.c index 1d227fe468..07b0060643 100644 --- a/source4/auth/system_session.c +++ b/source4/auth/system_session.c @@ -234,6 +234,7 @@ NTSTATUS auth_system_server_info(TALLOC_CTX *mem_ctx, const char *netbios_name, struct auth_serversupplied_info **_server_info) { struct auth_serversupplied_info *server_info; + server_info = talloc(mem_ctx, struct auth_serversupplied_info); NT_STATUS_HAVE_NO_MEMORY(server_info); diff --git a/source4/client/cifsdd.c b/source4/client/cifsdd.c index 6d35dc6b82..3e0ab7af78 100644 --- a/source4/client/cifsdd.c +++ b/source4/client/cifsdd.c @@ -358,6 +358,7 @@ static struct dd_iohandle * open_file(struct resolve_context *resolve_ctx, struct event_context *ev, const char * which, const char **ports, struct smbcli_options *smb_options, + const char *socket_options, struct smbcli_session_options *smb_session_options, struct smb_iconv_convenience *iconv_convenience) { @@ -381,6 +382,7 @@ static struct dd_iohandle * open_file(struct resolve_context *resolve_ctx, path = check_arg_pathname("if"); handle = dd_open_path(resolve_ctx, ev, path, ports, check_arg_numeric("ibs"), options, + socket_options, smb_options, smb_session_options, iconv_convenience); } else if (strcmp(which, "of") == 0) { @@ -388,6 +390,7 @@ static struct dd_iohandle * open_file(struct resolve_context *resolve_ctx, path = check_arg_pathname("of"); handle = dd_open_path(resolve_ctx, ev, path, ports, check_arg_numeric("obs"), options, + socket_options, smb_options, smb_session_options, iconv_convenience); } else { @@ -443,12 +446,14 @@ static int copy_files(struct event_context *ev, struct loadparm_context *lp_ctx) if (!(ifile = open_file(lp_resolve_context(lp_ctx), ev, "if", lp_smb_ports(lp_ctx), &options, + lp_socket_options(lp_ctx), &session_options, lp_iconv_convenience(lp_ctx)))) { return(FILESYS_EXIT_CODE); } if (!(ofile = open_file(lp_resolve_context(lp_ctx), ev, "of", lp_smb_ports(lp_ctx), &options, + lp_socket_options(lp_ctx), &session_options, lp_iconv_convenience(lp_ctx)))) { return(FILESYS_EXIT_CODE); diff --git a/source4/client/cifsdd.h b/source4/client/cifsdd.h index bb851fa248..cfc37cad54 100644 --- a/source4/client/cifsdd.h +++ b/source4/client/cifsdd.h @@ -97,6 +97,7 @@ struct dd_iohandle * dd_open_path(struct resolve_context *resolve_ctx, const char * path, const char **ports, uint64_t io_size, int options, + const char *socket_options, struct smbcli_options *smb_options, struct smbcli_session_options *smb_session_options, struct smb_iconv_convenience *iconv_convenience); diff --git a/source4/client/cifsddio.c b/source4/client/cifsddio.c index 3c9e0c2202..49c32a37dc 100644 --- a/source4/client/cifsddio.c +++ b/source4/client/cifsddio.c @@ -225,6 +225,7 @@ static struct smbcli_state * init_smb_session(struct resolve_context *resolve_ct const char * host, const char **ports, const char * share, + const char *socket_options, struct smbcli_options *options, struct smbcli_session_options *session_options, struct smb_iconv_convenience *iconv_convenience) @@ -237,6 +238,7 @@ static struct smbcli_state * init_smb_session(struct resolve_context *resolve_ct */ ret = smbcli_full_connection(NULL, &cli, host, ports, share, NULL /* devtype */, + socket_options, cmdline_credentials, resolve_ctx, ev, options, session_options, @@ -306,6 +308,7 @@ static struct dd_iohandle * open_cifs_handle(struct resolve_context *resolve_ctx const char * path, uint64_t io_size, int options, + const char *socket_options, struct smbcli_options *smb_options, struct smbcli_session_options *smb_session_options, struct smb_iconv_convenience *iconv_convenience) @@ -329,6 +332,7 @@ static struct dd_iohandle * open_cifs_handle(struct resolve_context *resolve_ctx smbh->h.io_seek = smb_seek_func; if ((smbh->cli = init_smb_session(resolve_ctx, ev, host, ports, share, + socket_options, smb_options, smb_session_options, iconv_convenience)) == NULL) { return(NULL); @@ -351,6 +355,7 @@ struct dd_iohandle * dd_open_path(struct resolve_context *resolve_ctx, const char **ports, uint64_t io_size, int options, + const char *socket_options, struct smbcli_options *smb_options, struct smbcli_session_options *smb_session_options, struct smb_iconv_convenience *iconv_convenience) @@ -370,7 +375,8 @@ struct dd_iohandle * dd_open_path(struct resolve_context *resolve_ctx, return(open_cifs_handle(resolve_ctx, ev, host, ports, share, remain, - io_size, options, smb_options, + io_size, options, + socket_options, smb_options, smb_session_options, iconv_convenience)); } diff --git a/source4/client/client.c b/source4/client/client.c index 8936a3cf2f..5066df1f54 100644 --- a/source4/client/client.c +++ b/source4/client/client.c @@ -3045,6 +3045,7 @@ static bool do_connect(struct smbclient_context *ctx, struct resolve_context *resolve_ctx, const char *specified_server, const char **ports, const char *specified_share, + const char *socket_options, struct cli_credentials *cred, struct smbcli_options *options, struct smbcli_session_options *session_options, @@ -3066,7 +3067,9 @@ static bool do_connect(struct smbclient_context *ctx, ctx->remote_cur_dir = talloc_strdup(ctx, "\\"); status = smbcli_full_connection(ctx, &ctx->cli, server, ports, - share, NULL, cred, resolve_ctx, + share, NULL, + socket_options, + cred, resolve_ctx, ev_ctx, options, session_options, iconv_convenience); if (!NT_STATUS_IS_OK(status)) { @@ -3279,6 +3282,7 @@ static int do_message_op(const char *netbios_name, const char *desthost, if (!do_connect(ctx, ev_ctx, lp_resolve_context(cmdline_lp_ctx), desthost, lp_smb_ports(cmdline_lp_ctx), service, + lp_socket_options(cmdline_lp_ctx), cmdline_credentials, &smb_options, &smb_session_options, lp_iconv_convenience(cmdline_lp_ctx))) return 1; diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c index f5d92cd3c5..2fa07d0531 100644 --- a/source4/kdc/kpasswdd.c +++ b/source4/kdc/kpasswdd.c @@ -483,7 +483,9 @@ bool kpasswdd_process(struct kdc_server *kdc, ap_req = data_blob_const(&input->data[header_len], ap_req_len); krb_priv_req = data_blob_const(&input->data[header_len + ap_req_len], krb_priv_len); - nt_status = gensec_server_start(tmp_ctx, kdc->task->event_ctx, kdc->task->lp_ctx, kdc->task->msg_ctx, &gensec_security); + nt_status = gensec_server_start(tmp_ctx, kdc->task->event_ctx, + lp_gensec_settings(tmp_ctx, kdc->task->lp_ctx), kdc->task->msg_ctx, + &gensec_security); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(tmp_ctx); return false; diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c index 20777e5261..0fe6fcce90 100644 --- a/source4/ldap_server/ldap_bind.c +++ b/source4/ldap_server/ldap_bind.c @@ -142,7 +142,7 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) status = gensec_server_start(conn, conn->connection->event.ctx, - conn->lp_ctx, + lp_gensec_settings(conn, conn->lp_ctx), conn->connection->msg_ctx, &conn->gensec); if (!NT_STATUS_IS_OK(status)) { diff --git a/source4/lib/socket/socket.c b/source4/lib/socket/socket.c index 0c3d032068..eff2c0a743 100644 --- a/source4/lib/socket/socket.c +++ b/source4/lib/socket/socket.c @@ -70,7 +70,7 @@ _PUBLIC_ NTSTATUS socket_create_with_ops(TALLOC_CTX *mem_ctx, const struct socke if (!(flags & SOCKET_FLAG_BLOCK) && type == SOCKET_TYPE_STREAM && - lp_parm_bool(global_loadparm, NULL, "socket", "testnonblock", false)) { + lp_parm_bool(global_loadparm, NULL, "socket", "testnonblock", false)) { (*new_sock)->flags |= SOCKET_FLAG_TESTNONBLOCK; } diff --git a/source4/lib/socket/socket.h b/source4/lib/socket/socket.h index 4baa0cfbb1..ec3afe8f7f 100644 --- a/source4/lib/socket/socket.h +++ b/source4/lib/socket/socket.h @@ -208,4 +208,6 @@ NTSTATUS socket_connect_multi(TALLOC_CTX *mem_ctx, const char *server_address, void set_socket_options(int fd, const char *options); void socket_set_flags(struct socket_context *socket, unsigned flags); +extern bool testnonblock; + #endif /* _SAMBA_SOCKET_H */ diff --git a/source4/libcli/cliconnect.c b/source4/libcli/cliconnect.c index 6f58cfa8a7..402387f5b5 100644 --- a/source4/libcli/cliconnect.c +++ b/source4/libcli/cliconnect.c @@ -73,7 +73,8 @@ NTSTATUS smbcli_negprot(struct smbcli_state *cli, bool unicode, int maxprotocol) NTSTATUS smbcli_session_setup(struct smbcli_state *cli, struct cli_credentials *credentials, const char *workgroup, - struct smbcli_session_options options) + struct smbcli_session_options options, + struct gensec_settings *gensec_settings) { struct smb_composite_sesssetup setup; NTSTATUS status; @@ -86,6 +87,7 @@ NTSTATUS smbcli_session_setup(struct smbcli_state *cli, setup.in.capabilities = cli->transport->negotiate.capabilities; setup.in.credentials = credentials; setup.in.workgroup = workgroup; + setup.in.gensec_settings = gensec_settings; status = smb_composite_sesssetup(cli->session, &setup); @@ -146,6 +148,7 @@ NTSTATUS smbcli_full_connection(TALLOC_CTX *parent_ctx, const char **ports, const char *sharename, const char *devtype, + const char *socket_options, struct cli_credentials *credentials, struct resolve_context *resolve_ctx, struct event_context *ev, @@ -161,6 +164,7 @@ NTSTATUS smbcli_full_connection(TALLOC_CTX *parent_ctx, status = smbcli_tree_full_connection(parent_ctx, &tree, host, ports, sharename, devtype, + socket_options, credentials, resolve_ctx, ev, options, session_options, diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/ldap_bind.c index b66232c02e..a12f7652a5 100644 --- a/source4/libcli/ldap/ldap_bind.c +++ b/source4/libcli/ldap/ldap_bind.c @@ -224,7 +224,8 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn, gensec_init(lp_ctx); status = gensec_client_start(conn, &conn->gensec, - conn->event.event_ctx, lp_ctx); + conn->event.event_ctx, + lp_gensec_settings(conn, lp_ctx)); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("Failed to start GENSEC engine (%s)\n", nt_errstr(status))); goto failed; diff --git a/source4/libcli/libcli.h b/source4/libcli/libcli.h index 163852d90a..a4bd727f4c 100644 --- a/source4/libcli/libcli.h +++ b/source4/libcli/libcli.h @@ -64,6 +64,7 @@ enum brl_type { #include "libcli/raw/libcliraw.h" +struct gensec_settings; #include "libcli/libcli_proto.h" #endif /* __LIBCLI_H__ */ diff --git a/source4/libcli/raw/clitree.c b/source4/libcli/raw/clitree.c index 61cbfa7ecb..8640a25747 100644 --- a/source4/libcli/raw/clitree.c +++ b/source4/libcli/raw/clitree.c @@ -173,6 +173,7 @@ NTSTATUS smbcli_tree_full_connection(TALLOC_CTX *parent_ctx, struct smbcli_tree **ret_tree, const char *dest_host, const char **dest_ports, const char *service, const char *service_type, + const char *socket_options, struct cli_credentials *credentials, struct resolve_context *resolve_ctx, struct event_context *ev, @@ -189,6 +190,7 @@ NTSTATUS smbcli_tree_full_connection(TALLOC_CTX *parent_ctx, io.in.dest_host = dest_host; io.in.dest_ports = dest_ports; + io.in.socket_options = socket_options; io.in.called_name = strupper_talloc(tmp_ctx, dest_host); io.in.service = service; io.in.service_type = service_type; diff --git a/source4/libcli/resolve/nbtlist.c b/source4/libcli/resolve/nbtlist.c index 531ce6098f..ec4cfb81b4 100644 --- a/source4/libcli/resolve/nbtlist.c +++ b/source4/libcli/resolve/nbtlist.c @@ -142,7 +142,7 @@ struct composite_context *resolve_name_nbtlist_send(TALLOC_CTX *mem_ctx, } state->nbtsock = nbt_name_socket_init(state, event_ctx, - lp_iconv_convenience(global_loadparm)); + global_iconv_convenience); if (composite_nomem(state->nbtsock, c)) return c; /* count the address_list size */ diff --git a/source4/libcli/smb2/connect.c b/source4/libcli/smb2/connect.c index 67d98cfeaf..e7aa8c753d 100644 --- a/source4/libcli/smb2/connect.c +++ b/source4/libcli/smb2/connect.c @@ -33,6 +33,8 @@ struct smb2_connect_state { struct resolve_context *resolve_ctx; const char *host; const char *share; + const char **ports; + const char *socket_options; struct smbcli_options options; struct smb2_negprot negprot; struct smb2_tree_connect tcon; @@ -138,7 +140,7 @@ static void continue_negprot(struct smb2_request *req) break; } - state->session = smb2_session_init(transport, global_loadparm, state, true); + state->session = smb2_session_init(transport, lp_gensec_settings(transport, global_loadparm), state, true); if (composite_nomem(state->session, c)) return; creq = smb2_session_setup_spnego_send(state->session, state->credentials); @@ -208,15 +210,16 @@ static void continue_resolve(struct composite_context *creq) const char **ports; const char *default_ports[] = { "445", NULL }; - ports = lp_parm_string_list(state, global_loadparm, NULL, "smb2", "ports", NULL); - if (ports == NULL) { - ports = default_ports; - } - c->status = resolve_name_recv(creq, state, &addr); if (!composite_is_ok(c)) return; - creq = smbcli_sock_connect_send(state, addr, ports, state->host, state->resolve_ctx, c->event_ctx, lp_socket_options(global_loadparm)); + if (state->ports == NULL) { + ports = default_ports; + } else { + ports = state->ports; + } + + creq = smbcli_sock_connect_send(state, addr, ports, state->host, state->resolve_ctx, c->event_ctx, state->socket_options); composite_continue(c, creq, continue_socket, c); } @@ -227,11 +230,13 @@ static void continue_resolve(struct composite_context *creq) */ struct composite_context *smb2_connect_send(TALLOC_CTX *mem_ctx, const char *host, + const char **ports, const char *share, struct resolve_context *resolve_ctx, struct cli_credentials *credentials, struct event_context *ev, - struct smbcli_options *options) + struct smbcli_options *options, + const char *socket_options) { struct composite_context *c; struct smb2_connect_state *state; @@ -249,9 +254,12 @@ struct composite_context *smb2_connect_send(TALLOC_CTX *mem_ctx, state->options = *options; state->host = talloc_strdup(c, host); if (composite_nomem(state->host, c)) return c; + state->ports = talloc_reference(state, ports); state->share = talloc_strdup(c, share); if (composite_nomem(state->share, c)) return c; state->resolve_ctx = talloc_reference(state, resolve_ctx); + state->socket_options = talloc_reference(state, socket_options); + if (composite_nomem(state->socket_options, c)) return c; ZERO_STRUCT(name); name.name = host; @@ -282,15 +290,18 @@ NTSTATUS smb2_connect_recv(struct composite_context *c, TALLOC_CTX *mem_ctx, sync version of smb2_connect */ NTSTATUS smb2_connect(TALLOC_CTX *mem_ctx, - const char *host, const char *share, + const char *host, const char **ports, + const char *share, struct resolve_context *resolve_ctx, struct cli_credentials *credentials, struct smb2_tree **tree, struct event_context *ev, - struct smbcli_options *options) + struct smbcli_options *options, + const char *socket_options) { - struct composite_context *c = smb2_connect_send(mem_ctx, host, share, - resolve_ctx, - credentials, ev, options); + struct composite_context *c = smb2_connect_send(mem_ctx, host, ports, + share, resolve_ctx, + credentials, ev, options, + socket_options); return smb2_connect_recv(c, mem_ctx, tree); } diff --git a/source4/libcli/smb2/session.c b/source4/libcli/smb2/session.c index 31b3e942e9..127bb9bcae 100644 --- a/source4/libcli/smb2/session.c +++ b/source4/libcli/smb2/session.c @@ -25,13 +25,12 @@ #include "libcli/smb2/smb2_calls.h" #include "libcli/composite/composite.h" #include "auth/gensec/gensec.h" -#include "param/param.h" /** initialise a smb2_session structure */ struct smb2_session *smb2_session_init(struct smb2_transport *transport, - struct loadparm_context *lp_ctx, + struct gensec_settings *settings, TALLOC_CTX *parent_ctx, bool primary) { struct smb2_session *session; @@ -50,7 +49,7 @@ struct smb2_session *smb2_session_init(struct smb2_transport *transport, /* prepare a gensec context for later use */ status = gensec_client_start(session, &session->gensec, session->transport->socket->event.ctx, - lp_ctx); + settings); if (!NT_STATUS_IS_OK(status)) { talloc_free(session); return NULL; diff --git a/source4/libcli/smb2/smb2_calls.h b/source4/libcli/smb2/smb2_calls.h index f66236af30..ec246b209d 100644 --- a/source4/libcli/smb2/smb2_calls.h +++ b/source4/libcli/smb2/smb2_calls.h @@ -107,4 +107,5 @@ struct smb2_setinfo { struct cli_credentials; struct event_context; struct resolve_context; +struct gensec_settings; #include "libcli/smb2/smb2_proto.h" diff --git a/source4/libcli/smb_composite/connect.c b/source4/libcli/smb_composite/connect.c index 4a73acfd57..70df0a19ff 100644 --- a/source4/libcli/smb_composite/connect.c +++ b/source4/libcli/smb_composite/connect.c @@ -257,6 +257,7 @@ static NTSTATUS connect_negprot(struct composite_context *c, state->io_setup->in.capabilities = state->transport->negotiate.capabilities; state->io_setup->in.credentials = io->in.credentials; state->io_setup->in.workgroup = io->in.workgroup; + state->io_setup->in.gensec_settings = lp_gensec_settings(state->io_setup, global_loadparm); state->creq = smb_composite_sesssetup_send(state->session, state->io_setup); NT_STATUS_HAVE_NO_MEMORY(state->creq); @@ -377,7 +378,7 @@ static NTSTATUS connect_resolve(struct composite_context *c, io->in.dest_ports, io->in.dest_host, NULL, c->event_ctx, - lp_socket_options(global_loadparm)); + io->in.socket_options); NT_STATUS_HAVE_NO_MEMORY(state->creq); state->stage = CONNECT_SOCKET; diff --git a/source4/libcli/smb_composite/fetchfile.c b/source4/libcli/smb_composite/fetchfile.c index cbe2289a55..6dc2ae8c8f 100644 --- a/source4/libcli/smb_composite/fetchfile.c +++ b/source4/libcli/smb_composite/fetchfile.c @@ -138,6 +138,7 @@ struct composite_context *smb_composite_fetchfile_send(struct smb_composite_fetc state->connect->in.dest_host = io->in.dest_host; state->connect->in.dest_ports = io->in.ports; + state->connect->in.socket_options = io->in.socket_options; state->connect->in.called_name = io->in.called_name; state->connect->in.service = io->in.service; state->connect->in.service_type = io->in.service_type; diff --git a/source4/libcli/smb_composite/fsinfo.c b/source4/libcli/smb_composite/fsinfo.c index f148fb8bf6..8f5339fa05 100644 --- a/source4/libcli/smb_composite/fsinfo.c +++ b/source4/libcli/smb_composite/fsinfo.c @@ -146,6 +146,7 @@ struct composite_context *smb_composite_fsinfo_send(struct smbcli_tree *tree, state->connect->in.dest_host = io->in.dest_host; state->connect->in.dest_ports = io->in.dest_ports; + state->connect->in.socket_options = io->in.socket_options; state->connect->in.called_name = io->in.called_name; state->connect->in.service = io->in.service; state->connect->in.service_type = io->in.service_type; diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 2ca12a5898..10f84a5dba 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -408,7 +408,7 @@ static NTSTATUS session_setup_spnego(struct composite_context *c, smbcli_temp_set_signing(session->transport); status = gensec_client_start(session, &session->gensec, c->event_ctx, - global_loadparm); + io->in.gensec_settings); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start GENSEC client mode: %s\n", nt_errstr(status))); return status; diff --git a/source4/libcli/smb_composite/smb_composite.h b/source4/libcli/smb_composite/smb_composite.h index fd1b95e64f..431733d600 100644 --- a/source4/libcli/smb_composite/smb_composite.h +++ b/source4/libcli/smb_composite/smb_composite.h @@ -53,6 +53,7 @@ struct smb_composite_fetchfile { const char *called_name; const char *service; const char *service_type; + const char *socket_options; struct cli_credentials *credentials; const char *workgroup; const char *filename; @@ -93,6 +94,7 @@ struct smb_composite_connect { struct { const char *dest_host; const char **dest_ports; + const char *socket_options; const char *called_name; const char *service; const char *service_type; @@ -120,6 +122,7 @@ struct smb_composite_sesssetup { uint32_t capabilities; struct cli_credentials *credentials; const char *workgroup; + struct gensec_settings *gensec_settings; } in; struct { uint16_t vuid; @@ -133,6 +136,7 @@ struct smb_composite_fsinfo { struct { const char *dest_host; const char **dest_ports; + const char *socket_options; const char *called_name; const char *service; const char *service_type; diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index bd8e60d4bd..042745d74d 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -1457,8 +1457,9 @@ _PUBLIC_ NTSTATUS dcerpc_ndr_request_recv(struct rpc_request *req) ndr_err = call->ndr_pull(pull, NDR_OUT, r); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { status = ndr_map_error2ntstatus(ndr_err); - dcerpc_log_packet(table, opnum, NDR_OUT, - &response); + dcerpc_log_packet(p->conn->packet_log_dir, + table, opnum, NDR_OUT, + &response); return status; } @@ -1467,7 +1468,8 @@ _PUBLIC_ NTSTATUS dcerpc_ndr_request_recv(struct rpc_request *req) call->ndr_push, call->ndr_pull, call->ndr_print); if (!NT_STATUS_IS_OK(status)) { - dcerpc_log_packet(table, opnum, NDR_OUT, + dcerpc_log_packet(p->conn->packet_log_dir, + table, opnum, NDR_OUT, &response); return status; } diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h index cc8d3d1429..dfbe6ee7a6 100644 --- a/source4/librpc/rpc/dcerpc.h +++ b/source4/librpc/rpc/dcerpc.h @@ -40,6 +40,7 @@ enum dcerpc_transport_t { this defines a generic security context for signed/sealed dcerpc pipes. */ struct dcerpc_connection; +struct gensec_settings; struct dcerpc_security { struct dcerpc_auth *auth_info; struct gensec_security *generic_state; @@ -61,6 +62,9 @@ struct dcerpc_connection { struct event_context *event_ctx; struct smb_iconv_convenience *iconv_convenience; + /** Directory in which to save ndrdump-parseable files */ + const char *packet_log_dir; + bool dead; bool free_skipped; @@ -109,10 +113,10 @@ struct dcerpc_pipe { struct dcerpc_connection *conn; struct dcerpc_binding *binding; - /* the last fault code from a DCERPC fault */ + /** the last fault code from a DCERPC fault */ uint32_t last_fault_code; - /* timeout for individual rpc requests, in seconds */ + /** timeout for individual rpc requests, in seconds */ uint32_t request_timeout; }; @@ -319,7 +323,7 @@ NTSTATUS dcerpc_alter_context(struct dcerpc_pipe *p, NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p, const struct ndr_interface_table *table, struct cli_credentials *credentials, - struct loadparm_context *lp_ctx, + struct gensec_settings *gensec_settings, uint8_t auth_type, uint8_t auth_level, const char *service); struct composite_context* dcerpc_pipe_connect_send(TALLOC_CTX *parent_ctx, @@ -345,9 +349,10 @@ NTSTATUS dcerpc_secondary_auth_connection_recv(struct composite_context *c, struct composite_context* dcerpc_secondary_connection_send(struct dcerpc_pipe *p, struct dcerpc_binding *b); -void dcerpc_log_packet(const struct ndr_interface_table *ndr, - uint32_t opnum, uint32_t flags, - DATA_BLOB *pkt); +void dcerpc_log_packet(const char *lockdir, + const struct ndr_interface_table *ndr, + uint32_t opnum, uint32_t flags, + DATA_BLOB *pkt); NTSTATUS dcerpc_binding_build_tower(TALLOC_CTX *mem_ctx, struct dcerpc_binding *binding, struct epm_tower *tower); NTSTATUS dcerpc_floor_get_lhs_data(struct epm_floor *epm_floor, struct ndr_syntax_id *syntax); diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c index 2eced55967..7c9d04eeb4 100644 --- a/source4/librpc/rpc/dcerpc_auth.c +++ b/source4/librpc/rpc/dcerpc_auth.c @@ -222,7 +222,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *p, const struct ndr_interface_table *table, struct cli_credentials *credentials, - struct loadparm_context *lp_ctx, + struct gensec_settings *gensec_settings, uint8_t auth_type, uint8_t auth_level, const char *service) { @@ -251,7 +251,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx, c->status = gensec_client_start(p, &sec->generic_state, p->conn->event_ctx, - lp_ctx); + gensec_settings); if (!NT_STATUS_IS_OK(c->status)) { DEBUG(1, ("Failed to start GENSEC client mode: %s\n", nt_errstr(c->status))); @@ -387,12 +387,12 @@ NTSTATUS dcerpc_bind_auth_recv(struct composite_context *creq) _PUBLIC_ NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p, const struct ndr_interface_table *table, struct cli_credentials *credentials, - struct loadparm_context *lp_ctx, + struct gensec_settings *gensec_settings, uint8_t auth_type, uint8_t auth_level, const char *service) { struct composite_context *creq; - creq = dcerpc_bind_auth_send(p, p, table, credentials, lp_ctx, + creq = dcerpc_bind_auth_send(p, p, table, credentials, gensec_settings, auth_type, auth_level, service); return dcerpc_bind_auth_recv(creq); } diff --git a/source4/librpc/rpc/dcerpc_connect.c b/source4/librpc/rpc/dcerpc_connect.c index 9583fcdc02..8d03f9cde3 100644 --- a/source4/librpc/rpc/dcerpc_connect.c +++ b/source4/librpc/rpc/dcerpc_connect.c @@ -116,6 +116,7 @@ static struct composite_context *dcerpc_pipe_connect_ncacn_np_smb_send(TALLOC_CT conn->in.called_name = "*SMBSERVER"; /* FIXME: This is invalid */ else conn->in.called_name = s->io.binding->target_hostname; + conn->in.socket_options = lp_socket_options(lp_ctx); conn->in.service = "IPC$"; conn->in.service_type = NULL; conn->in.workgroup = lp_workgroup(lp_ctx); @@ -247,11 +248,15 @@ static struct composite_context *dcerpc_pipe_connect_ncacn_np_smb2_send( lp_smbcli_options(lp_ctx, &options); /* send smb2 connect request */ - conn_req = smb2_connect_send(mem_ctx, s->io.binding->host, "IPC$", + conn_req = smb2_connect_send(mem_ctx, s->io.binding->host, + lp_parm_string_list(mem_ctx, lp_ctx, NULL, "smb2", "ports", NULL), + "IPC$", s->io.resolve_ctx, s->io.creds, c->event_ctx, - &options); + &options, + lp_socket_options(lp_ctx) + ); composite_continue(c, conn_req, continue_smb2_connect, c); return c; } @@ -740,6 +745,9 @@ _PUBLIC_ struct composite_context* dcerpc_pipe_connect_b_send(TALLOC_CTX *parent s->pipe = dcerpc_pipe_init(c, ev, lp_iconv_convenience(lp_ctx)); if (composite_nomem(s->pipe, c)) return c; + if (DEBUGLEVEL >= 10) + s->pipe->conn->packet_log_dir = lp_lockdir(lp_ctx); + /* store parameters in state structure */ s->binding = binding; s->table = table; diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index 13bbc3d51f..e3add82bf2 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -29,6 +29,7 @@ #include "librpc/gen_ndr/ndr_netlogon_c.h" #include "auth/credentials/credentials.h" #include "librpc/rpc/dcerpc_proto.h" +#include "param/param.h" struct schannel_key_state { struct dcerpc_pipe *pipe; @@ -319,7 +320,7 @@ static void continue_schannel_key(struct composite_context *ctx) /* send bind auth request with received creds */ auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table, s->credentials, - s->lp_ctx, + lp_gensec_settings(c, s->lp_ctx), DCERPC_AUTH_TYPE_SCHANNEL, s->auth_level, NULL); if (composite_nomem(auth_req, c)) return; diff --git a/source4/librpc/rpc/dcerpc_secondary.c b/source4/librpc/rpc/dcerpc_secondary.c index b4d5d05b61..8ac235c67c 100644 --- a/source4/librpc/rpc/dcerpc_secondary.c +++ b/source4/librpc/rpc/dcerpc_secondary.c @@ -75,6 +75,9 @@ _PUBLIC_ struct composite_context* dcerpc_secondary_connection_send(struct dcerp s->pipe2 = dcerpc_pipe_init(c, s->pipe->conn->event_ctx, s->pipe->conn->iconv_convenience); if (composite_nomem(s->pipe2, c)) return c; + if (DEBUGLEVEL >= 10) + s->pipe2->conn->packet_log_dir = s->pipe->conn->packet_log_dir; + /* open second dcerpc pipe using the same transport as for primary pipe */ switch (s->pipe->conn->transport.transport) { case NCACN_NP: diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c index 32646e85b0..1847b20ee7 100644 --- a/source4/librpc/rpc/dcerpc_util.c +++ b/source4/librpc/rpc/dcerpc_util.c @@ -421,7 +421,8 @@ static void continue_ntlmssp_connection(struct composite_context *ctx) /* initiate a authenticated bind */ auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table, - s->credentials, s->lp_ctx, + s->credentials, + lp_gensec_settings(c, s->lp_ctx), DCERPC_AUTH_TYPE_NTLMSSP, dcerpc_auth_level(s->pipe->conn), s->table->authservices->names[0]); @@ -453,7 +454,9 @@ static void continue_spnego_after_wrong_pass(struct composite_context *ctx) /* initiate a authenticated bind */ auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table, - s->credentials, s->lp_ctx, DCERPC_AUTH_TYPE_SPNEGO, + s->credentials, + lp_gensec_settings(c, s->lp_ctx), + DCERPC_AUTH_TYPE_SPNEGO, dcerpc_auth_level(s->pipe->conn), s->table->authservices->names[0]); composite_continue(c, auth_req, continue_auth, c); @@ -572,7 +575,9 @@ struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p, } else { /* try SPNEGO with fallback to NTLMSSP */ auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table, - s->credentials, s->lp_ctx, DCERPC_AUTH_TYPE_SPNEGO, + s->credentials, + lp_gensec_settings(c, s->lp_ctx), + DCERPC_AUTH_TYPE_SPNEGO, dcerpc_auth_level(conn), s->table->authservices->names[0]); composite_continue(c, auth_req, continue_auth_auto, c); @@ -580,7 +585,9 @@ struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p, } auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table, - s->credentials, s->lp_ctx, auth_type, + s->credentials, + lp_gensec_settings(c, s->lp_ctx), + auth_type, dcerpc_auth_level(conn), s->table->authservices->names[0]); composite_continue(c, auth_req, continue_auth, c); @@ -671,19 +678,20 @@ _PUBLIC_ NTSTATUS dcerpc_fetch_session_key(struct dcerpc_pipe *p, this triggers on a debug level of >= 10 */ -_PUBLIC_ void dcerpc_log_packet(const struct ndr_interface_table *ndr, +_PUBLIC_ void dcerpc_log_packet(const char *lockdir, + const struct ndr_interface_table *ndr, uint32_t opnum, uint32_t flags, DATA_BLOB *pkt) { const int num_examples = 20; int i; - if (DEBUGLEVEL < 10) return; + if (lockdir == NULL) return; for (i=0;i<num_examples;i++) { char *name=NULL; asprintf(&name, "%s/rpclog/%s-%u.%d.%s", - lp_lockdir(global_loadparm), ndr->name, opnum, i, + lockdir, ndr->name, opnum, i, (flags&NDR_IN)?"in":"out"); if (name == NULL) { return; diff --git a/source4/ntvfs/cifs/vfs_cifs.c b/source4/ntvfs/cifs/vfs_cifs.c index 14bf79ecf6..27d5b9de5a 100644 --- a/source4/ntvfs/cifs/vfs_cifs.c +++ b/source4/ntvfs/cifs/vfs_cifs.c @@ -199,6 +199,7 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs, /* connect to the server, using the smbd event context */ io.in.dest_host = host; io.in.dest_ports = lp_smb_ports(ntvfs->ctx->lp_ctx); + io.in.socket_options = lp_socket_options(ntvfs->ctx->lp_ctx); io.in.called_name = host; io.in.credentials = credentials; io.in.fallback_to_anonymous = false; diff --git a/source4/ntvfs/smb2/vfs_smb2.c b/source4/ntvfs/smb2/vfs_smb2.c index 2c1461b916..8e3219293d 100644 --- a/source4/ntvfs/smb2/vfs_smb2.c +++ b/source4/ntvfs/smb2/vfs_smb2.c @@ -226,10 +226,14 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs, lp_smbcli_options(ntvfs->ctx->lp_ctx, &options); - creq = smb2_connect_send(private, host, remote_share, + creq = smb2_connect_send(private, host, + lp_parm_string_list(private, ntvfs->ctx->lp_ctx, NULL, "smb2", "ports", NULL), + remote_share, lp_resolve_context(ntvfs->ctx->lp_ctx), credentials, - ntvfs->ctx->event_ctx, &options); + ntvfs->ctx->event_ctx, &options, + lp_socket_options(ntvfs->ctx->lp_ctx) + ); status = smb2_connect_recv(creq, private, &tree); NT_STATUS_NOT_OK_RETURN(status); diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c index b4098c840c..6b8db0e7f5 100644 --- a/source4/param/loadparm.c +++ b/source4/param/loadparm.c @@ -65,6 +65,8 @@ #include "param/loadparm.h" #include "libcli/raw/libcliraw.h" #include "rpc_server/common/common.h" +#include "lib/socket/socket.h" +#include "auth/gensec/gensec.h" #define standard_sub_basic talloc_strdup @@ -2671,3 +2673,14 @@ _PUBLIC_ struct dcerpc_server_info *lp_dcerpc_server_info(TALLOC_CTX *mem_ctx, s return ret; } + +struct gensec_settings *lp_gensec_settings(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) +{ + struct gensec_settings *settings = talloc(mem_ctx, struct gensec_settings); + if (settings == NULL) + return NULL; + settings->lp_ctx = talloc_reference(settings, lp_ctx); + settings->iconv_convenience = lp_iconv_convenience(lp_ctx); + settings->target_hostname = lp_parm_string(lp_ctx, NULL, "gensec", "target_hostname"); + return settings; +} diff --git a/source4/param/param.h b/source4/param/param.h index 8a653be0a8..80bb5ff128 100644 --- a/source4/param/param.h +++ b/source4/param/param.h @@ -67,6 +67,7 @@ struct loadparm_context; struct loadparm_service; struct smbcli_options; struct smbcli_session_options; +struct gensec_settings; void reload_charcnv(struct loadparm_context *lp_ctx); @@ -166,7 +167,6 @@ int lp_cli_minprotocol(struct loadparm_context *); int lp_security(struct loadparm_context *); bool lp_paranoid_server_security(struct loadparm_context *); int lp_announce_as(struct loadparm_context *); -const char **lp_js_include(struct loadparm_context *); const char *lp_servicename(const struct loadparm_service *service); const char *lp_pathname(struct loadparm_service *, struct loadparm_service *); @@ -329,6 +329,7 @@ void lp_smbcli_options(struct loadparm_context *lp_ctx, void lp_smbcli_session_options(struct loadparm_context *lp_ctx, struct smbcli_session_options *options); struct dcerpc_server_info *lp_dcerpc_server_info(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx); +struct gensec_settings *lp_gensec_settings(TALLOC_CTX *, struct loadparm_context *); /* The following definitions come from param/generic.c */ diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index 1d1efa7480..6f3f6799e7 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -339,6 +339,7 @@ _PUBLIC_ NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx, p->endpoint = ep; p->contexts = NULL; p->call_list = NULL; + p->packet_log_dir = lp_lockdir(dce_ctx->lp_ctx); p->incoming_fragmented_call_list = NULL; p->pending_call_list = NULL; p->cli_max_recv_frag = 0; diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h index 59a4bab083..4788fb3a51 100644 --- a/source4/rpc_server/dcerpc_server.h +++ b/source4/rpc_server/dcerpc_server.h @@ -210,6 +210,8 @@ struct dcesrv_connection { bool processing; + const char *packet_log_dir; + /* this is the default state_flags for dcesrv_call_state structs */ uint32_t state_flags; diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c index bef7e4be78..5169031d16 100644 --- a/source4/rpc_server/dcesrv_auth.c +++ b/source4/rpc_server/dcesrv_auth.c @@ -61,7 +61,9 @@ bool dcesrv_auth_bind(struct dcesrv_call_state *call) return false; } - status = gensec_server_start(dce_conn, call->event_ctx, call->conn->dce_ctx->lp_ctx, call->msg_ctx, &auth->gensec_security); + status = gensec_server_start(dce_conn, call->event_ctx, + lp_gensec_settings(dce_conn, call->conn->dce_ctx->lp_ctx), + call->msg_ctx, &auth->gensec_security); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start GENSEC for DCERPC server: %s\n", nt_errstr(status))); return false; diff --git a/source4/rpc_server/remote/dcesrv_remote.c b/source4/rpc_server/remote/dcesrv_remote.c index 3cf8fbe8fb..1310ecee90 100644 --- a/source4/rpc_server/remote/dcesrv_remote.c +++ b/source4/rpc_server/remote/dcesrv_remote.c @@ -144,7 +144,8 @@ static NTSTATUS remote_op_ndr_pull(struct dcesrv_call_state *dce_call, TALLOC_CT /* unravel the NDR for the packet */ ndr_err = table->calls[opnum].ndr_pull(pull, NDR_IN, *r); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - dcerpc_log_packet(table, opnum, NDR_IN, + dcerpc_log_packet(dce_call->conn->packet_log_dir, + table, opnum, NDR_IN, &dce_call->pkt.u.request.stub_and_verifier); dce_call->fault_code = DCERPC_FAULT_NDR; return NT_STATUS_NET_WRITE_FAULT; diff --git a/source4/smb_server/smb/negprot.c b/source4/smb_server/smb/negprot.c index 00ff3862f5..71ee82d162 100644 --- a/source4/smb_server/smb/negprot.c +++ b/source4/smb_server/smb/negprot.c @@ -353,7 +353,7 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice) nt_status = gensec_server_start(req->smb_conn, req->smb_conn->connection->event.ctx, - req->smb_conn->lp_ctx, + lp_gensec_settings(req->smb_conn, req->smb_conn->lp_ctx), req->smb_conn->connection->msg_ctx, &gensec_security); if (!NT_STATUS_IS_OK(nt_status)) { diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index a12bbd5cec..f34124b1a0 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -365,7 +365,7 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se status = gensec_server_start(req, req->smb_conn->connection->event.ctx, - req->smb_conn->lp_ctx, + lp_gensec_settings(req, req->smb_conn->lp_ctx), req->smb_conn->connection->msg_ctx, &gensec_ctx); if (!NT_STATUS_IS_OK(status)) { diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 49a2d12ef4..03e5c9356d 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -42,7 +42,7 @@ static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB * nt_status = gensec_server_start(req, req->smb_conn->connection->event.ctx, - req->smb_conn->lp_ctx, + lp_gensec_settings(req, req->smb_conn->lp_ctx), req->smb_conn->connection->msg_ctx, &gensec_security); if (!NT_STATUS_IS_OK(nt_status)) { diff --git a/source4/smb_server/smb2/sesssetup.c b/source4/smb_server/smb2/sesssetup.c index 9f8765d6e9..176be0b3ea 100644 --- a/source4/smb_server/smb2/sesssetup.c +++ b/source4/smb_server/smb2/sesssetup.c @@ -126,7 +126,7 @@ static void smb2srv_sesssetup_backend(struct smb2srv_request *req, union smb_ses status = gensec_server_start(req, req->smb_conn->connection->event.ctx, - req->smb_conn->lp_ctx, + lp_gensec_settings(req, req->smb_conn->lp_ctx), req->smb_conn->connection->msg_ctx, &gensec_ctx); if (!NT_STATUS_IS_OK(status)) { diff --git a/source4/torture/auth/ntlmssp.c b/source4/torture/auth/ntlmssp.c index 1e8b339997..e62b150a4b 100644 --- a/source4/torture/auth/ntlmssp.c +++ b/source4/torture/auth/ntlmssp.c @@ -23,6 +23,7 @@ #include "auth/ntlmssp/ntlmssp.h" #include "lib/cmdline/popt_common.h" #include "torture/torture.h" +#include "param/param.h" static bool torture_ntlmssp_self_check(struct torture_context *tctx) { @@ -34,7 +35,7 @@ static bool torture_ntlmssp_self_check(struct torture_context *tctx) torture_assert_ntstatus_ok(tctx, gensec_client_start(mem_ctx, &gensec_security, - tctx->ev, tctx->lp_ctx), + tctx->ev, lp_gensec_settings(tctx, tctx->lp_ctx)), "gensec client start"); gensec_set_credentials(gensec_security, cmdline_credentials); @@ -89,7 +90,7 @@ static bool torture_ntlmssp_self_check(struct torture_context *tctx) torture_assert_ntstatus_ok(tctx, gensec_client_start(mem_ctx, &gensec_security, - tctx->ev, tctx->lp_ctx), + tctx->ev, lp_gensec_settings(tctx, tctx->lp_ctx)), "Failed to start GENSEC for NTLMSSP"); gensec_set_credentials(gensec_security, cmdline_credentials); diff --git a/source4/torture/basic/misc.c b/source4/torture/basic/misc.c index 89e7169883..c19b08e617 100644 --- a/source4/torture/basic/misc.c +++ b/source4/torture/basic/misc.c @@ -817,6 +817,7 @@ static struct composite_context *torture_connect_async( smb->in.dest_host=talloc_strdup(mem_ctx,host); smb->in.service=talloc_strdup(mem_ctx,share); smb->in.dest_ports=lp_smb_ports(tctx->lp_ctx); + smb->in.socket_options = lp_socket_options(tctx->lp_ctx); smb->in.called_name = strupper_talloc(mem_ctx, host); smb->in.service_type=NULL; smb->in.credentials=cmdline_credentials; diff --git a/source4/torture/basic/secleak.c b/source4/torture/basic/secleak.c index ca1fd444d9..3fdd9a9bbd 100644 --- a/source4/torture/basic/secleak.c +++ b/source4/torture/basic/secleak.c @@ -44,8 +44,9 @@ static bool try_failed_login(struct torture_context *tctx, struct smbcli_state * setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities = cli->transport->negotiate.capabilities; setup.in.workgroup = lp_workgroup(tctx->lp_ctx); - setup.in.credentials = cli_credentials_init(session); + setup.in.gensec_settings = lp_gensec_settings(tctx, tctx->lp_ctx); + cli_credentials_set_conf(setup.in.credentials, tctx->lp_ctx); cli_credentials_set_domain(setup.in.credentials, "INVALID-DOMAIN", CRED_SPECIFIED); cli_credentials_set_username(setup.in.credentials, "INVALID-USERNAME", CRED_SPECIFIED); diff --git a/source4/torture/gentest.c b/source4/torture/gentest.c index aefed23f51..9e2456d236 100644 --- a/source4/torture/gentest.c +++ b/source4/torture/gentest.c @@ -227,17 +227,21 @@ static bool connect_servers(struct event_context *ev, if (options.smb2) { status = smb2_connect(NULL, servers[i].server_name, + lp_smb_ports(lp_ctx), servers[i].share_name, lp_resolve_context(lp_ctx), servers[i].credentials, &servers[i].smb2_tree[j], - ev, &smb_options); + ev, &smb_options, + lp_socket_options(lp_ctx) + ); } else { status = smbcli_tree_full_connection(NULL, &servers[i].smb_tree[j], servers[i].server_name, lp_smb_ports(lp_ctx), servers[i].share_name, "A:", + lp_socket_options(lp_ctx), servers[i].credentials, lp_resolve_context(lp_ctx), ev, &smb_options, diff --git a/source4/torture/locktest.c b/source4/torture/locktest.c index 819fbe072b..4beef98a8f 100644 --- a/source4/torture/locktest.c +++ b/source4/torture/locktest.c @@ -164,6 +164,7 @@ static struct smbcli_state *connect_one(struct event_context *ev, server, lp_smb_ports(lp_ctx), share, NULL, + lp_socket_options(lp_ctx), servers[snum], lp_resolve_context(lp_ctx), ev, &options, &session_options, diff --git a/source4/torture/masktest.c b/source4/torture/masktest.c index 14d597666e..fb1277a95a 100644 --- a/source4/torture/masktest.c +++ b/source4/torture/masktest.c @@ -76,6 +76,7 @@ static struct smbcli_state *connect_one(struct resolve_context *resolve_ctx, struct event_context *ev, TALLOC_CTX *mem_ctx, char *share, const char **ports, + const char *socket_options, struct smbcli_options *options, struct smbcli_session_options *session_options, struct smb_iconv_convenience *iconv_convenience) @@ -96,6 +97,7 @@ static struct smbcli_state *connect_one(struct resolve_context *resolve_ctx, server, ports, share, NULL, + socket_options, cmdline_credentials, resolve_ctx, ev, options, session_options, iconv_convenience); @@ -368,7 +370,8 @@ static void usage(poptContext pc) lp_smbcli_session_options(lp_ctx, &session_options); cli = connect_one(lp_resolve_context(lp_ctx), ev, mem_ctx, share, - lp_smb_ports(lp_ctx), &options, &session_options, + lp_smb_ports(lp_ctx), lp_socket_options(lp_ctx), + &options, &session_options, lp_iconv_convenience(lp_ctx)); if (!cli) { DEBUG(0,("Failed to connect to %s\n", share)); diff --git a/source4/torture/raw/composite.c b/source4/torture/raw/composite.c index 16de4308bb..6eb4fe0e67 100644 --- a/source4/torture/raw/composite.c +++ b/source4/torture/raw/composite.c @@ -347,6 +347,7 @@ static bool test_fsinfo(struct smbcli_state *cli, struct torture_context *tctx) io1.in.dest_host = torture_setting_string(tctx, "host", NULL); io1.in.dest_ports = lp_smb_ports(tctx->lp_ctx); + io1.in.socket_options = lp_socket_options(tctx->lp_ctx); io1.in.called_name = torture_setting_string(tctx, "host", NULL); io1.in.service = torture_setting_string(tctx, "share", NULL); io1.in.service_type = "A:"; diff --git a/source4/torture/raw/context.c b/source4/torture/raw/context.c index 450ad0f260..a9d36b7788 100644 --- a/source4/torture/raw/context.c +++ b/source4/torture/raw/context.c @@ -74,6 +74,7 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx) struct smbcli_tree *tree; struct smb_composite_sesssetup setup; struct smb_composite_sesssetup setups[15]; + struct gensec_settings *gensec_settings; union smb_open io; union smb_write wr; union smb_close cl; @@ -92,6 +93,7 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx) printf("create a second security context on the same transport\n"); lp_smbcli_session_options(tctx->lp_ctx, &options); + gensec_settings = lp_gensec_settings(tctx, tctx->lp_ctx); session = smbcli_session_init(cli->transport, tctx, false, options); @@ -100,6 +102,7 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx) setup.in.workgroup = lp_workgroup(tctx->lp_ctx); setup.in.credentials = cmdline_credentials; + setup.in.gensec_settings = gensec_settings; status = smb_composite_sesssetup(session, &setup); CHECK_STATUS(status, NT_STATUS_OK); @@ -142,7 +145,6 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx) setup.in.workgroup = lp_workgroup(tctx->lp_ctx); setup.in.credentials = cmdline_credentials; - status = smb_composite_sesssetup(session3, &setup); CHECK_STATUS(status, NT_STATUS_LOGON_FAILURE); @@ -233,6 +235,7 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx) setups[i].in.workgroup = lp_workgroup(tctx->lp_ctx); setups[i].in.credentials = cmdline_credentials; + setups[i].in.gensec_settings = gensec_settings; sessions[i] = smbcli_session_init(cli->transport, tctx, false, options); composite_contexts[i] = smb_composite_sesssetup_send(sessions[i], &setups[i]); @@ -402,6 +405,7 @@ static bool test_tree_ulogoff(struct smbcli_state *cli, struct torture_context * setup.in.capabilities = cli->transport->negotiate.capabilities; setup.in.workgroup = lp_workgroup(tctx->lp_ctx); setup.in.credentials = cmdline_credentials; + setup.in.gensec_settings = lp_gensec_settings(tctx, tctx->lp_ctx); status = smb_composite_sesssetup(session1, &setup); CHECK_STATUS(status, NT_STATUS_OK); session1->vuid = setup.out.vuid; @@ -458,6 +462,7 @@ static bool test_tree_ulogoff(struct smbcli_state *cli, struct torture_context * setup.in.capabilities = cli->transport->negotiate.capabilities; setup.in.workgroup = lp_workgroup(tctx->lp_ctx); setup.in.credentials = cmdline_credentials; + setup.in.gensec_settings = lp_gensec_settings(tctx, tctx->lp_ctx); status = smb_composite_sesssetup(session2, &setup); CHECK_STATUS(status, NT_STATUS_OK); session2->vuid = setup.out.vuid; @@ -657,8 +662,8 @@ static bool test_pid_2sess(struct smbcli_state *cli, struct torture_context *tct setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */ setup.in.workgroup = lp_workgroup(tctx->lp_ctx); - setup.in.credentials = cmdline_credentials; + setup.in.gensec_settings = lp_gensec_settings(tctx, tctx->lp_ctx); status = smb_composite_sesssetup(session, &setup); CHECK_STATUS(status, NT_STATUS_OK); diff --git a/source4/torture/raw/lock.c b/source4/torture/raw/lock.c index dbe071c9ad..2d1eae3a69 100644 --- a/source4/torture/raw/lock.c +++ b/source4/torture/raw/lock.c @@ -598,6 +598,7 @@ static bool test_async(struct torture_context *tctx, setup.in.capabilities = cli->transport->negotiate.capabilities; setup.in.workgroup = lp_workgroup(tctx->lp_ctx); setup.in.credentials = cmdline_credentials; + setup.in.gensec_settings = lp_gensec_settings(tctx, tctx->lp_ctx); status = smb_composite_sesssetup(session, &setup); CHECK_STATUS(status, NT_STATUS_OK); session->vuid = setup.out.vuid; diff --git a/source4/torture/raw/lockbench.c b/source4/torture/raw/lockbench.c index a6dce8a926..6b59b35b5d 100644 --- a/source4/torture/raw/lockbench.c +++ b/source4/torture/raw/lockbench.c @@ -188,6 +188,7 @@ static void reopen_connection(struct event_context *ev, struct timed_event *te, io->in.dest_host = state->dest_host; io->in.dest_ports = state->dest_ports; + io->in.socket_options = lp_socket_options(state->tctx->lp_ctx); io->in.called_name = state->called_name; io->in.service = share; io->in.service_type = state->service_type; diff --git a/source4/torture/raw/openbench.c b/source4/torture/raw/openbench.c index ec94637445..e2d52f6c02 100644 --- a/source4/torture/raw/openbench.c +++ b/source4/torture/raw/openbench.c @@ -130,6 +130,7 @@ static void reopen_connection(struct event_context *ev, struct timed_event *te, io->in.dest_host = state->dest_host; io->in.dest_ports = state->dest_ports; + io->in.socket_options = lp_socket_options(state->tctx->lp_ctx); io->in.called_name = state->called_name; io->in.service = share; io->in.service_type = state->service_type; diff --git a/source4/torture/raw/oplock.c b/source4/torture/raw/oplock.c index 46b41e51a0..86dae6bc1f 100644 --- a/source4/torture/raw/oplock.c +++ b/source4/torture/raw/oplock.c @@ -187,7 +187,7 @@ static bool open_connection_no_level2_oplocks(struct torture_context *tctx, torture_setting_string(tctx, "host", NULL), lp_smb_ports(tctx->lp_ctx), torture_setting_string(tctx, "share", NULL), - NULL, cmdline_credentials, + NULL, lp_socket_options(tctx->lp_ctx), cmdline_credentials, lp_resolve_context(tctx->lp_ctx), tctx->ev, &options, &session_options, lp_iconv_convenience(tctx->lp_ctx)); diff --git a/source4/torture/raw/tconrate.c b/source4/torture/raw/tconrate.c index 9e75301828..1615b5322a 100644 --- a/source4/torture/raw/tconrate.c +++ b/source4/torture/raw/tconrate.c @@ -100,7 +100,7 @@ static int fork_tcon_client(struct torture_context *tctx, status = smbcli_full_connection(NULL, &cli, host, lp_smb_ports(tctx->lp_ctx), share, - NULL, cmdline_credentials, + NULL, lp_socket_options(tctx->lp_ctx), cmdline_credentials, lp_resolve_context(tctx->lp_ctx), tctx->ev, &options, &session_options, lp_iconv_convenience(tctx->lp_ctx)); diff --git a/source4/torture/rpc/join.c b/source4/torture/rpc/join.c index a6bb53a759..9d6c803ad7 100644 --- a/source4/torture/rpc/join.c +++ b/source4/torture/rpc/join.c @@ -39,6 +39,7 @@ bool torture_rpc_join(struct torture_context *torture) status = smbcli_full_connection(tj, &cli, host, lp_smb_ports(torture->lp_ctx), "IPC$", NULL, + lp_socket_options(torture->lp_ctx), machine_account, lp_resolve_context(torture->lp_ctx), torture->ev, &options, &session_options, @@ -66,6 +67,7 @@ bool torture_rpc_join(struct torture_context *torture) status = smbcli_full_connection(tj, &cli, host, lp_smb_ports(torture->lp_ctx), "IPC$", NULL, + lp_socket_options(torture->lp_ctx), machine_account, lp_resolve_context(torture->lp_ctx), torture->ev, &options, &session_options, diff --git a/source4/torture/rpc/remote_pac.c b/source4/torture/rpc/remote_pac.c index 1f03ad6396..0d18228563 100644 --- a/source4/torture/rpc/remote_pac.c +++ b/source4/torture/rpc/remote_pac.c @@ -92,7 +92,8 @@ static bool test_PACVerify(struct torture_context *tctx, torture_assert(tctx, msg_server_ctx != NULL, "Failed to init messaging context"); - status = gensec_client_start(tctx, &gensec_client_context, tctx->ev, tctx->lp_ctx); + status = gensec_client_start(tctx, &gensec_client_context, tctx->ev, + lp_gensec_settings(tctx, tctx->lp_ctx)); torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed"); status = gensec_set_target_hostname(gensec_client_context, TEST_MACHINE_NAME); @@ -103,7 +104,9 @@ static bool test_PACVerify(struct torture_context *tctx, status = gensec_start_mech_by_sasl_name(gensec_client_context, "GSSAPI"); torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (client) failed"); - status = gensec_server_start(tctx, tctx->ev, tctx->lp_ctx, msg_server_ctx, &gensec_server_context); + status = gensec_server_start(tctx, tctx->ev, + lp_gensec_settings(tctx, tctx->lp_ctx), + msg_server_ctx, &gensec_server_context); torture_assert_ntstatus_ok(tctx, status, "gensec_server_start (server) failed"); status = gensec_set_credentials(gensec_server_context, credentials); diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c index 93bcb3a1ea..73c2044449 100644 --- a/source4/torture/rpc/samba3rpc.c +++ b/source4/torture/rpc/samba3rpc.c @@ -89,7 +89,9 @@ bool torture_bind_authcontext(struct torture_context *torture) status = smbcli_full_connection(mem_ctx, &cli, torture_setting_string(torture, "host", NULL), lp_smb_ports(torture->lp_ctx), - "IPC$", NULL, cmdline_credentials, + "IPC$", NULL, + lp_socket_options(torture->lp_ctx), + cmdline_credentials, lp_resolve_context(torture->lp_ctx), torture->ev, &options, &session_options, lp_iconv_convenience(torture->lp_ctx)); @@ -160,6 +162,7 @@ bool torture_bind_authcontext(struct torture_context *torture) setup.in.capabilities = cli->transport->negotiate.capabilities; setup.in.workgroup = ""; setup.in.credentials = anon_creds; + setup.in.gensec_settings = lp_gensec_settings(torture, torture->lp_ctx); status = smb_composite_sesssetup(session2, &setup); if (!NT_STATUS_IS_OK(status)) { @@ -233,7 +236,7 @@ static bool bindtest(struct smbcli_state *cli, } status = dcerpc_bind_auth(lsa_pipe, &ndr_table_lsarpc, - credentials, lp_ctx, auth_type, auth_level, + credentials, lp_gensec_settings(lp_ctx, lp_ctx), auth_type, auth_level, NULL); if (!NT_STATUS_IS_OK(status)) { d_printf("dcerpc_bind_auth failed: %s\n", nt_errstr(status)); @@ -308,7 +311,9 @@ bool torture_bind_samba3(struct torture_context *torture) status = smbcli_full_connection(mem_ctx, &cli, torture_setting_string(torture, "host", NULL), lp_smb_ports(torture->lp_ctx), - "IPC$", NULL, cmdline_credentials, + "IPC$", NULL, + lp_socket_options(torture->lp_ctx), + cmdline_credentials, lp_resolve_context(torture->lp_ctx), torture->ev, &options, &session_options, lp_iconv_convenience(torture->lp_ctx)); @@ -384,7 +389,7 @@ static NTSTATUS get_usr_handle(struct smbcli_state *cli, if (admin_creds != NULL) { status = dcerpc_bind_auth(samr_pipe, &ndr_table_samr, - admin_creds, lp_ctx, auth_type, auth_level, + admin_creds, lp_gensec_settings(lp_ctx, lp_ctx), auth_type, auth_level, NULL); if (!NT_STATUS_IS_OK(status)) { d_printf("dcerpc_bind_auth failed: %s\n", @@ -1013,7 +1018,7 @@ static bool schan(struct smbcli_state *cli, #if 1 net_pipe->conn->flags |= (DCERPC_SIGN | DCERPC_SEAL); status = dcerpc_bind_auth(net_pipe, &ndr_table_netlogon, - wks_creds, lp_ctx, DCERPC_AUTH_TYPE_SCHANNEL, + wks_creds, lp_gensec_settings(lp_ctx, lp_ctx), DCERPC_AUTH_TYPE_SCHANNEL, DCERPC_AUTH_LEVEL_PRIVACY, NULL); #else @@ -1244,7 +1249,9 @@ bool torture_netlogon_samba3(struct torture_context *torture) status = smbcli_full_connection(mem_ctx, &cli, torture_setting_string(torture, "host", NULL), lp_smb_ports(torture->lp_ctx), - "IPC$", NULL, anon_creds, + "IPC$", NULL, + lp_socket_options(torture->lp_ctx), + anon_creds, lp_resolve_context(torture->lp_ctx), torture->ev, &options, &session_options, lp_iconv_convenience(torture->lp_ctx)); @@ -1334,8 +1341,8 @@ static bool test_join3(struct torture_context *tctx, status = smbcli_full_connection(tctx, &cli, torture_setting_string(tctx, "host", NULL), lp_smb_ports(tctx->lp_ctx), - "IPC$", NULL, smb_creds, - lp_resolve_context(tctx->lp_ctx), + "IPC$", NULL, lp_socket_options(tctx->lp_ctx), + smb_creds, lp_resolve_context(tctx->lp_ctx), tctx->ev, &options, &session_options, lp_iconv_convenience(tctx->lp_ctx)); if (!NT_STATUS_IS_OK(status)) { @@ -1717,7 +1724,7 @@ bool torture_samba3_rpc_getusername(struct torture_context *torture) status = smbcli_full_connection( mem_ctx, &cli, torture_setting_string(torture, "host", NULL), lp_smb_ports(torture->lp_ctx), - "IPC$", NULL, cmdline_credentials, + "IPC$", NULL, lp_socket_options(torture->lp_ctx), cmdline_credentials, lp_resolve_context(torture->lp_ctx), torture->ev, &options, &session_options, lp_iconv_convenience(torture->lp_ctx)); @@ -1744,8 +1751,8 @@ bool torture_samba3_rpc_getusername(struct torture_context *torture) status = smbcli_full_connection( mem_ctx, &cli, torture_setting_string(torture, "host", NULL), - lp_smb_ports(torture->lp_ctx), - "IPC$", NULL, anon_creds, + lp_smb_ports(torture->lp_ctx), "IPC$", NULL, + lp_socket_options(torture->lp_ctx), anon_creds, lp_resolve_context(torture->lp_ctx), torture->ev, &options, &session_options, lp_iconv_convenience(torture->lp_ctx)); @@ -1812,6 +1819,7 @@ bool torture_samba3_rpc_getusername(struct torture_context *torture) setup.in.capabilities = cli->transport->negotiate.capabilities; setup.in.workgroup = ""; setup.in.credentials = user_creds; + setup.in.gensec_settings = lp_gensec_settings(torture, torture->lp_ctx); status = smb_composite_sesssetup(session2, &setup); if (!NT_STATUS_IS_OK(status)) { diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c index 2c39596e35..ca1655729b 100644 --- a/source4/torture/rpc/schannel.c +++ b/source4/torture/rpc/schannel.c @@ -292,7 +292,7 @@ static bool test_schannel(struct torture_context *tctx, torture_assert_ntstatus_ok(tctx, status, "seconday connection"); status = dcerpc_bind_auth(p_netlogon, &ndr_table_netlogon, - credentials, tctx->lp_ctx, + credentials, lp_gensec_settings(tctx, tctx->lp_ctx), DCERPC_AUTH_TYPE_SCHANNEL, dcerpc_auth_level(p->conn), NULL); @@ -319,7 +319,7 @@ static bool test_schannel(struct torture_context *tctx, torture_assert_ntstatus_ok(tctx, status, "seconday connection"); status = dcerpc_bind_auth(p_lsa, &ndr_table_lsarpc, - credentials, tctx->lp_ctx, + credentials, lp_gensec_settings(tctx, tctx->lp_ctx), DCERPC_AUTH_TYPE_SCHANNEL, dcerpc_auth_level(p->conn), NULL); @@ -360,7 +360,7 @@ static bool test_schannel(struct torture_context *tctx, /* and now setup an SCHANNEL bind on netlogon */ status = dcerpc_bind_auth(p_netlogon2, &ndr_table_netlogon, - credentials, tctx->lp_ctx, + credentials, lp_gensec_settings(tctx, tctx->lp_ctx), DCERPC_AUTH_TYPE_SCHANNEL, dcerpc_auth_level(p_samr2->conn), NULL); diff --git a/source4/torture/rpc/spoolss_notify.c b/source4/torture/rpc/spoolss_notify.c index dc2a82414b..f9ff31a797 100644 --- a/source4/torture/rpc/spoolss_notify.c +++ b/source4/torture/rpc/spoolss_notify.c @@ -60,7 +60,8 @@ static NTSTATUS spoolss__op_ndr_pull(struct dcesrv_call_state *dce_call, TALLOC_ /* unravel the NDR for the packet */ ndr_err = ndr_table_spoolss.calls[opnum].ndr_pull(pull, NDR_IN, *r); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - dcerpc_log_packet(&ndr_table_spoolss, opnum, NDR_IN, + dcerpc_log_packet(dce_call->conn->packet_log_dir, + &ndr_table_spoolss, opnum, NDR_IN, &dce_call->pkt.u.request.stub_and_verifier); dce_call->fault_code = DCERPC_FAULT_NDR; return NT_STATUS_NET_WRITE_FAULT; @@ -102,7 +103,8 @@ static NTSTATUS spoolss__op_dispatch(struct dcesrv_call_state *dce_call, TALLOC_ } if (dce_call->fault_code != 0) { - dcerpc_log_packet(&ndr_table_spoolss, opnum, NDR_IN, + dcerpc_log_packet(dce_call->conn->packet_log_dir, + &ndr_table_spoolss, opnum, NDR_IN, &dce_call->pkt.u.request.stub_and_verifier); return NT_STATUS_NET_WRITE_FAULT; } diff --git a/source4/torture/smb2/scan.c b/source4/torture/smb2/scan.c index ae51af1882..f0d25017c6 100644 --- a/source4/torture/smb2/scan.c +++ b/source4/torture/smb2/scan.c @@ -204,10 +204,12 @@ bool torture_smb2_scan(struct torture_context *torture) lp_smbcli_options(torture->lp_ctx, &options); - status = smb2_connect(mem_ctx, host, share, - lp_resolve_context(torture->lp_ctx), - credentials, &tree, - torture->ev, &options); + status = smb2_connect(mem_ctx, host, + lp_smb_ports(torture->lp_ctx), + share, + lp_resolve_context(torture->lp_ctx), + credentials, &tree, torture->ev, &options, + lp_socket_options(torture->lp_ctx)); if (!NT_STATUS_IS_OK(status)) { printf("Connection failed - %s\n", nt_errstr(status)); return false; @@ -221,10 +223,12 @@ bool torture_smb2_scan(struct torture_context *torture) smb2_transport_send(req); if (!smb2_request_receive(req)) { talloc_free(tree); - status = smb2_connect(mem_ctx, host, share, - lp_resolve_context(torture->lp_ctx), - credentials, &tree, - torture->ev, &options); + status = smb2_connect(mem_ctx, host, + lp_smb_ports(torture->lp_ctx), + share, + lp_resolve_context(torture->lp_ctx), + credentials, &tree, torture->ev, &options, + lp_socket_options(torture->lp_ctx)); if (!NT_STATUS_IS_OK(status)) { printf("Connection failed - %s\n", nt_errstr(status)); return false; diff --git a/source4/torture/smb2/util.c b/source4/torture/smb2/util.c index 3a437acbab..e53b6cddac 100644 --- a/source4/torture/smb2/util.c +++ b/source4/torture/smb2/util.c @@ -274,10 +274,14 @@ bool torture_smb2_connection(struct torture_context *tctx, struct smb2_tree **tr lp_smbcli_options(tctx->lp_ctx, &options); - status = smb2_connect(tctx, host, share, + status = smb2_connect(tctx, host, + lp_smb_ports(tctx->lp_ctx), + share, lp_resolve_context(tctx->lp_ctx), credentials, tree, - tctx->ev, &options); + tctx->ev, &options, + lp_socket_options(tctx->lp_ctx) + ); if (!NT_STATUS_IS_OK(status)) { printf("Failed to connect to SMB2 share \\\\%s\\%s - %s\n", host, share, nt_errstr(status)); diff --git a/source4/torture/unix/unix_info2.c b/source4/torture/unix/unix_info2.c index 53909f645b..2e451e1999 100644 --- a/source4/torture/unix/unix_info2.c +++ b/source4/torture/unix/unix_info2.c @@ -63,7 +63,7 @@ static struct smbcli_state *connect_to_server(struct torture_context *tctx) status = smbcli_full_connection(tctx, &cli, host, lp_smb_ports(tctx->lp_ctx), - share, NULL, + share, NULL, lp_socket_options(tctx->lp_ctx), cmdline_credentials, lp_resolve_context(tctx->lp_ctx), tctx->ev, &options, &session_options, diff --git a/source4/torture/unix/whoami.c b/source4/torture/unix/whoami.c index d7fbe4a23d..f3a6acee50 100644 --- a/source4/torture/unix/whoami.c +++ b/source4/torture/unix/whoami.c @@ -84,7 +84,7 @@ static struct smbcli_state *connect_to_server(struct torture_context *tctx, status = smbcli_full_connection(tctx, &cli, host, lp_smb_ports(tctx->lp_ctx), - share, NULL, + share, NULL, lp_socket_options(tctx->lp_ctx), creds, lp_resolve_context(tctx->lp_ctx), tctx->ev, &options, &session_options, lp_iconv_convenience(tctx->lp_ctx)); diff --git a/source4/torture/util_smb.c b/source4/torture/util_smb.c index b84938cf11..5157369a78 100644 --- a/source4/torture/util_smb.c +++ b/source4/torture/util_smb.c @@ -486,6 +486,7 @@ _PUBLIC_ bool torture_open_connection_share(TALLOC_CTX *mem_ctx, status = smbcli_full_connection(mem_ctx, c, hostname, lp_smb_ports(tctx->lp_ctx), sharename, NULL, + lp_socket_options(tctx->lp_ctx), cmdline_credentials, lp_resolve_context(tctx->lp_ctx), ev, &options, &session_options, diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c index 99fb3e8081..4964694790 100644 --- a/source4/utils/ntlm_auth.c +++ b/source4/utils/ntlm_auth.c @@ -473,7 +473,8 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode, case NTLMSSP_CLIENT_1: /* setup the client side */ - nt_status = gensec_client_start(NULL, &state->gensec_state, ev, lp_ctx); + nt_status = gensec_client_start(NULL, &state->gensec_state, ev, + lp_gensec_settings(NULL, lp_ctx)); if (!NT_STATUS_IS_OK(nt_status)) { exit(1); } @@ -486,7 +487,8 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode, if (!msg) { exit(1); } - if (!NT_STATUS_IS_OK(gensec_server_start(state, ev, lp_ctx, msg, &state->gensec_state))) { + if (!NT_STATUS_IS_OK(gensec_server_start(state, ev, lp_gensec_settings(state, lp_ctx), + msg, &state->gensec_state))) { exit(1); } break; |