diff options
76 files changed, 690 insertions, 225 deletions
diff --git a/lib/replace/replace.h b/lib/replace/replace.h index c1444cd5ee..c3b0604a2c 100644 --- a/lib/replace/replace.h +++ b/lib/replace/replace.h @@ -4,7 +4,7 @@ macros to go along with the lib/replace/ portability layer code Copyright (C) Andrew Tridgell 2005 - Copyright (C) Jelmer Vernooij 2006 + Copyright (C) Jelmer Vernooij 2006-2008 Copyright (C) Jeremy Allison 2007. ** NOTE! The following LGPL license applies to the replace @@ -215,6 +215,14 @@ int rep_seteuid(uid_t); int rep_setegid(gid_t); #endif +#if (defined(USE_SETRESUID) && !defined(HAVE_SETRESUID_DECL)) +/* stupid glibc */ +int setresuid(uid_t ruid, uid_t euid, uid_t suid); +#endif +#if (defined(USE_SETRESUID) && !defined(HAVE_SETRESGID_DECL)) +int setresgid(gid_t rgid, gid_t egid, gid_t sgid); +#endif + #ifndef HAVE_CHOWN #define chown rep_chown int rep_chown(const char *path, uid_t uid, gid_t gid); diff --git a/libcli/nbt/libnbt.h b/libcli/nbt/libnbt.h index 4ef4e9d60d..e03352d7cf 100644 --- a/libcli/nbt/libnbt.h +++ b/libcli/nbt/libnbt.h @@ -122,6 +122,8 @@ struct nbt_name_socket { struct socket_address *); void *private_data; } unexpected; + + uint32_t wack_timeout; }; diff --git a/libcli/nbt/nbtsocket.c b/libcli/nbt/nbtsocket.c index dbbdc1b02a..65ed872533 100644 --- a/libcli/nbt/nbtsocket.c +++ b/libcli/nbt/nbtsocket.c @@ -247,7 +247,7 @@ static void nbt_name_socket_recv(struct nbt_name_socket *nbtsock) req->received_wack = true; /* although there can be a timeout in the packet, w2k3 screws it up, so better to set it ourselves */ - req->timeout = lp_parm_int(global_loadparm, NULL, "nbt", "wack_timeout", 30); + req->timeout = nbtsock->wack_timeout; req->te = event_add_timed(req->nbtsock->event_ctx, req, timeval_current_ofs(req->timeout, 0), nbt_name_socket_timeout, req); @@ -334,6 +334,7 @@ _PUBLIC_ struct nbt_name_socket *nbt_name_socket_init(TALLOC_CTX *mem_ctx, nbtsock->send_queue = NULL; nbtsock->num_pending = 0; + nbtsock->wack_timeout = 30; nbtsock->incoming.handler = NULL; nbtsock->unexpected.handler = NULL; nbtsock->iconv_convenience = iconv_convenience; diff --git a/libcli/nbt/pynbt.c b/libcli/nbt/pynbt.c index 9179245e88..6750ad7b4e 100644 --- a/libcli/nbt/pynbt.c +++ b/libcli/nbt/pynbt.c @@ -48,7 +48,8 @@ static PyObject *py_nbt_node_init(PyTypeObject *self, PyObject *args, PyObject * return NULL; ev = s4_event_context_init(ret->mem_ctx); - ret->socket = nbt_name_socket_init(ret->mem_ctx, ev, py_iconv_convenience(ret->mem_ctx)); + ret->socket = nbt_name_socket_init(ret->mem_ctx, ev, + py_iconv_convenience(ret->mem_ctx)); return (PyObject *)ret; } diff --git a/libcli/util/ntstatus.h b/libcli/util/ntstatus.h index bf03d51d02..fa4553df1e 100644 --- a/libcli/util/ntstatus.h +++ b/libcli/util/ntstatus.h @@ -628,6 +628,9 @@ const char *get_nt_error_c_code(NTSTATUS nt_code); *****************************************************************************/ NTSTATUS nt_status_string_to_code(const char *nt_status_str); +/** Used by ntstatus_dos_equal: */ +extern bool ntstatus_check_dos_mapping; + #define NT_STATUS_IS_OK(x) (NT_STATUS_V(x) == 0) #define NT_STATUS_IS_ERR(x) ((NT_STATUS_V(x) & 0xc0000000) == 0xc0000000) /* checking for DOS error mapping here is ugly, but unfortunately the diff --git a/librpc/ndr/ndr.c b/librpc/ndr/ndr.c index 2f1daeaeb5..12f95a9ceb 100644 --- a/librpc/ndr/ndr.c +++ b/librpc/ndr/ndr.c @@ -933,7 +933,7 @@ _PUBLIC_ size_t ndr_size_struct(const void *p, int flags, ndr_push_flags_fn_t pu /* avoid recursion */ if (flags & LIBNDR_FLAG_NO_NDR_SIZE) return 0; - ndr = ndr_push_init_ctx(NULL, lp_iconv_convenience(global_loadparm)); + ndr = ndr_push_init_ctx(NULL, global_iconv_convenience); if (!ndr) return 0; ndr->flags |= flags | LIBNDR_FLAG_NO_NDR_SIZE; status = push(ndr, NDR_SCALARS|NDR_BUFFERS, discard_const(p)); @@ -958,7 +958,7 @@ _PUBLIC_ size_t ndr_size_union(const void *p, int flags, uint32_t level, ndr_pus /* avoid recursion */ if (flags & LIBNDR_FLAG_NO_NDR_SIZE) return 0; - ndr = ndr_push_init_ctx(NULL, lp_iconv_convenience(global_loadparm)); + ndr = ndr_push_init_ctx(NULL, global_iconv_convenience); if (!ndr) return 0; ndr->flags |= flags | LIBNDR_FLAG_NO_NDR_SIZE; diff --git a/pidl/lib/Parse/Pidl/Samba4/Python.pm b/pidl/lib/Parse/Pidl/Samba4/Python.pm index 58e6910d3d..38aee2c9d1 100644 --- a/pidl/lib/Parse/Pidl/Samba4/Python.pm +++ b/pidl/lib/Parse/Pidl/Samba4/Python.pm @@ -698,6 +698,14 @@ sub Interface($$$) $self->pidl("}"); $self->pidl(""); + $self->pidl("status = dcerpc_init(lp_ctx);"); + $self->pidl("if (!NT_STATUS_IS_OK(status)) {"); + $self->indent; + $self->pidl("PyErr_SetNTSTATUS(status);"); + $self->pidl("return;"); + $self->deindent; + $self->pidl("}"); + $self->pidl("credentials = cli_credentials_from_py_object(py_credentials);"); $self->pidl("if (credentials == NULL) {"); $self->indent; @@ -1210,14 +1218,6 @@ sub Parse($$$$$) } $self->pidl(""); - $self->pidl("status = dcerpc_init();"); - $self->pidl("if (!NT_STATUS_IS_OK(status)) {"); - $self->indent; - $self->pidl("PyErr_SetNTSTATUS(status);"); - $self->pidl("return;"); - $self->deindent; - $self->pidl("}"); - $self->deindent; $self->pidl("}"); return ($self->{res_hdr}, $self->{res}); diff --git a/source3/Makefile.in b/source3/Makefile.in index 94146eb022..ce24001fd2 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -2847,9 +2847,10 @@ valgrindtest:: all torture timelimit PERL="$(PERL)" $(srcdir)/script/tests/selftest.sh ${selftest_prefix} all "${smbtorture4_path}" SELFTEST_FORMAT = plain +selftestdir = ../selftest selftest:: all torture timelimit - @../selftest/selftest.pl --prefix=st --target=samba3 \ + @$(selftestdir)/selftest.pl --prefix=st --target=samba3 \ --testlist="$(srcdir)/selftest/tests.sh|" \ --expected-failures=$(srcdir)/selftest/knownfail \ --exclude=$(srcdir)/selftest/skip \ diff --git a/source3/configure.in b/source3/configure.in index c2a5d1a75f..0aeefe4180 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -857,19 +857,6 @@ if test x"$ac_cv_func_dirfd" = x"yes"; then default_shared_modules="$default_shared_modules vfs_syncops" fi -AC_CACHE_CHECK([for sig_atomic_t type],samba_cv_sig_atomic_t, [ - AC_TRY_COMPILE([ -#include <sys/types.h> -#if STDC_HEADERS -#include <stdlib.h> -#include <stddef.h> -#endif -#include <signal.h>],[sig_atomic_t i = 0], - samba_cv_sig_atomic_t=yes,samba_cv_sig_atomic_t=no)]) -if test x"$samba_cv_sig_atomic_t" = x"yes"; then - AC_DEFINE(HAVE_SIG_ATOMIC_T_TYPE,1,[Whether we have the atomic_t variable type]) -fi - AC_CACHE_CHECK([for struct sigevent type],samba_cv_struct_sigevent, [ AC_TRY_COMPILE([ #include <sys/types.h> @@ -908,11 +895,6 @@ if test x"$samba_cv_struct_timespec" = x"yes"; then AC_DEFINE(HAVE_STRUCT_TIMESPEC,1,[Whether we have struct timespec]) fi -# stupid headers have the functions but no declaration. grrrr. -AC_HAVE_DECL(errno, [#include <errno.h>]) -AC_HAVE_DECL(setresuid, [#include <unistd.h>]) -AC_HAVE_DECL(setresgid, [#include <unistd.h>]) - # and glibc has setresuid under linux but the function does # nothing until kernel 2.1.44! very dumb. AC_CACHE_CHECK([for real setresuid],samba_cv_have_setresuid,[ @@ -1025,20 +1007,20 @@ if test x"$ac_cv_func_execl" = x"no"; then EXTRA_BIN_PROGS="$EXTRA_BIN_PROGS bin/smbrun\$(EXEEXT)" fi -AC_CHECK_FUNCS(waitpid getcwd strdup strndup strnlen strerror fchown chmod fchmod mknod mknod64) -AC_CHECK_FUNCS(strtol strtoll strtoul strtoull strtouq __strtoull) +AC_CHECK_FUNCS(getcwd fchown chmod fchmod mknod mknod64) +AC_CHECK_FUNCS(strtol) AC_CHECK_FUNCS(fstat strchr chflags) -AC_CHECK_FUNCS(getrlimit fsync fdatasync memset strlcpy strlcat setpgid) -AC_CHECK_FUNCS(memmove setsid glob strpbrk pipe crypt16 getauthuid) -AC_CHECK_FUNCS(strftime sigprocmask sigblock sigaction sigset innetgr setnetgrent getnetgrent endnetgrent) +AC_CHECK_FUNCS(getrlimit fsync fdatasync setpgid) +AC_CHECK_FUNCS(setsid glob strpbrk crypt16 getauthuid) +AC_CHECK_FUNCS(sigprocmask sigblock sigaction sigset innetgr setnetgrent getnetgrent endnetgrent) AC_CHECK_FUNCS(initgroups select poll rdchk getgrnam getgrent pathconf) -AC_CHECK_FUNCS(setpriv setgidx setuidx setgroups sysconf mktime rename ftruncate chsize stat64 fstat64) -AC_CHECK_FUNCS(lstat64 fopen64 atexit grantpt dup2 lseek64 ftruncate64) -AC_CHECK_FUNCS(fseek64 fseeko64 ftell64 ftello64 setluid getpwanam setlinebuf) +AC_CHECK_FUNCS(setpriv setgidx setuidx setgroups sysconf stat64 fstat64) +AC_CHECK_FUNCS(lstat64 fopen64 atexit grantpt lseek64 ftruncate64) +AC_CHECK_FUNCS(fseek64 fseeko64 ftell64 ftello64 setluid getpwanam) AC_CHECK_FUNCS(opendir64 readdir64 seekdir64 telldir64 rewinddir64 closedir64) AC_CHECK_FUNCS(getpwent_r) -AC_CHECK_FUNCS(getdents getdents64) -AC_CHECK_FUNCS(srandom random srand rand setenv usleep strcasecmp fcvt fcvtl) +AC_CHECK_FUNCS(getdents64) +AC_CHECK_FUNCS(setenv strcasecmp fcvt fcvtl) AC_CHECK_FUNCS(syslog vsyslog timegm) AC_CHECK_FUNCS(setlocale nl_langinfo) AC_CHECK_FUNCS(nanosleep) @@ -1046,7 +1028,7 @@ AC_CHECK_FUNCS(mlock munlock mlockall munlockall) AC_CHECK_FUNCS(memalign posix_memalign hstrerror) AC_CHECK_HEADERS(sys/mman.h) # setbuffer, shmget, shm_open are needed for smbtorture -AC_CHECK_FUNCS(setbuffer shmget shm_open) +AC_CHECK_FUNCS(shmget shm_open) # Find a method of generating a stack trace AC_CHECK_HEADERS(execinfo.h libexc.h libunwind.h) diff --git a/source3/include/includes.h b/source3/include/includes.h index 73600e379b..4399c734d0 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -524,14 +524,6 @@ struct timespec { }; #endif -#ifndef MIN -#define MIN(a,b) ((a)<(b)?(a):(b)) -#endif - -#ifndef MAX -#define MAX(a,b) ((a)>(b)?(a):(b)) -#endif - #ifdef HAVE_BROKEN_GETGROUPS #define GID_T int #else @@ -567,7 +559,7 @@ typedef char fstring[FSTRING_LEN]; #endif /* Samba 3 doesn't use iconv_convenience: */ -extern void *global_loadparm; +extern void *global_iconv_convenience; extern void *cmdline_lp_ctx; struct smb_iconv_convenience *lp_iconv_convenience(void *lp_ctx); @@ -719,7 +711,7 @@ enum flush_reason_enum { #include "modules/nfs4_acls.h" #include "nsswitch/libwbclient/wbclient.h" -/***** automatically generated prototypes *****/ +/***** prototypes *****/ #ifndef NO_PROTO_H #include "proto.h" #endif @@ -812,14 +804,6 @@ enum flush_reason_enum { #define ULTRIX_AUTH 1 #endif -#if (defined(USE_SETRESUID) && !defined(HAVE_SETRESUID_DECL)) -/* stupid glibc */ -int setresuid(uid_t ruid, uid_t euid, uid_t suid); -#endif -#if (defined(USE_SETRESUID) && !defined(HAVE_SETRESGID_DECL)) -int setresgid(gid_t rgid, gid_t egid, gid_t sgid); -#endif - /* yuck, I'd like a better way of doing this */ #define DIRP_SIZE (256 + 32) @@ -892,11 +876,6 @@ int smb_xvasprintf(char **ptr, const char *format, va_list ap) PRINTF_ATTRIBUTE( int asprintf_strupper_m(char **strp, const char *fmt, ...) PRINTF_ATTRIBUTE(2,3); char *talloc_asprintf_strupper_m(TALLOC_CTX *t, const char *fmt, ...) PRINTF_ATTRIBUTE(2,3); -/* we used to use these fns, but now we have good replacements - for snprintf and vsnprintf */ -#define slprintf snprintf -#define vslprintf vsnprintf - /* * Veritas File System. Often in addition to native. * Quotas different. diff --git a/source3/librpc/ndr/util.c b/source3/librpc/ndr/util.c index 457615ce22..b8221838fa 100644 --- a/source3/librpc/ndr/util.c +++ b/source3/librpc/ndr/util.c @@ -166,7 +166,7 @@ _PUBLIC_ void ndr_print_sockaddr_storage(struct ndr_print *ndr, const char *name ndr->print(ndr, "%-25s: %s", name, print_sockaddr(addr, sizeof(addr), ss)); } -void *global_loadparm; +void *global_iconv_convenience; void *cmdline_lp_ctx; struct smb_iconv_convenience *lp_iconv_convenience(void *lp_ctx) { diff --git a/source3/samba4.mk b/source3/samba4.mk index c3b6af10e4..1743431aa4 100644 --- a/source3/samba4.mk +++ b/source3/samba4.mk @@ -164,3 +164,82 @@ pythonmods:: $(PYTHON_PYS) $(PYTHON_SO) all:: bin/samba4 bin/regpatch4 bin/regdiff4 bin/regshell4 bin/regtree4 bin/smbclient4 torture:: bin/smbtorture4 everything:: $(patsubst %,%4,$(BINARIES)) + +SELFTEST4 = $(LD_LIBPATH_OVERRIDE) $(PERL) $(selftestdir)/selftest.pl --prefix=st4 \ + --builddir=$(builddir) --srcdir=$(samba4srcdir) \ + --expected-failures=$(samba4srcdir)/selftest/knownfail \ + --format=$(SELFTEST_FORMAT) \ + --exclude=$(samba4srcdir)/selftest/skip --testlist="$(samba4srcdir)/selftest/tests.sh|" \ + $(TEST4_OPTIONS) + +SELFTEST4_NOSLOW_OPTS = --exclude=$(samba4srcdir)/selftest/slow +SELFTEST4_QUICK_OPTS = $(SELFTEST4_NOSLOW_OPTS) --quick --include=$(samba4srcdir)/selftest/quick + +slowtest4:: everything + $(SELFTEST4) $(DEFAULT_TEST_OPTIONS) --immediate $(TESTS) + +test4:: everything + $(SELFTEST4) $(SELFTEST4_NOSLOW_OPTS) $(DEFAULT_TEST_OPTIONS) --immediate \ + $(TESTS) + +testone4:: everything + $(SELFTEST4) $(SELFTEST4_NOSLOW_OPTS) $(DEFAULT_TEST_OPTIONS) --one $(TESTS) + +test4-swrap:: everything + $(SELFTEST4) $(SELFTEST4_NOSLOW_OPTS) --socket-wrapper --immediate $(TESTS) + +test4-swrap-pcap:: everything + $(SELFTEST4) $(SELFTEST4_NOSLOW_OPTS) --socket-wrapper-pcap --immediate $(TESTS) + +test4-swrap-keep-pcap:: everything + $(SELFTEST4) $(SELFTEST4_NOSLOW_OPTS) --socket-wrapper-keep-pcap --immediate $(TESTS) + +test4-noswrap:: everything + $(SELFTEST4) $(SELFTEST4_NOSLOW_OPTS) --immediate $(TESTS) + +quicktest4:: all + $(SELFTEST4) $(SELFTEST4_QUICK_OPTS) --socket-wrapper --immediate $(TESTS) + +quicktestone4:: all + $(SELFTEST4) $(SELFTEST4_QUICK_OPTS) --socket-wrapper --one $(TESTS) + +testenv4:: everything + $(SELFTEST4) $(SELFTEST4_NOSLOW_OPTS) --socket-wrapper --testenv + +testenv4-%:: everything + SELFTEST_TESTENV=$* $(SELFTEST4) $(SELFTEST4_NOSLOW_OPTS) --socket-wrapper --testenv + +test4-%:: + $(MAKE) test TESTS=$* + +valgrindtest4:: valgrindtest-all + +valgrindtest4-quick:: all + SMBD_VALGRIND="xterm -n server -e $(selftestdir)/valgrind_run $(LD_LIBPATH_OVERRIDE)" \ + VALGRIND="valgrind -q --num-callers=30 --log-file=${selftest_prefix}/valgrind.log" \ + $(SELFTEST4) $(SELFTEST4_QUICK_OPTS) --immediate --socket-wrapper $(TESTS) + +valgrindtest4-all:: everything + SMBD_VALGRIND="xterm -n server -e $(selftestdir)/valgrind_run $(LD_LIBPATH_OVERRIDE)" \ + VALGRIND="valgrind -q --num-callers=30 --log-file=${selftest_prefix}/valgrind.log" \ + $(SELFTEST4) $(SELFTEST4_NOSLOW_OPTS) --immediate --socket-wrapper $(TESTS) + +valgrindtest4-env:: everything + SMBD_VALGRIND="xterm -n server -e $(selftestdir)/valgrind_run $(LD_LIBPATH_OVERRIDE)" \ + VALGRIND="valgrind -q --num-callers=30 --log-file=${selftest_prefix}/valgrind.log" \ + $(SELFTEST4) $(SELFTEST4_NOSLOW_OPTS) --socket-wrapper --testenv + +gdbtest4:: gdbtest4-all + +gdbtest4-quick:: all + SMBD_VALGRIND="xterm -n server -e $(selftestdir)/gdb_run $(LD_LIBPATH_OVERRIDE)" \ + $(SELFTEST4) $(SELFTEST4_QUICK_OPTS) --immediate --socket-wrapper $(TESTS) + +gdbtest4-all:: everything + SMBD_VALGRIND="xterm -n server -e $(selftestdir)/gdb_run $(LD_LIBPATH_OVERRIDE)" \ + $(SELFTEST4) $(SELFTEST4_NOSLOW_OPTS) --immediate --socket-wrapper $(TESTS) + +gdbtest4-env:: everything + SMBD_VALGRIND="xterm -n server -e $(selftestdir)/gdb_run $(LD_LIBPATH_OVERRIDE)" \ + $(SELFTEST4) $(SELFTEST4_NOSLOW_OPTS) --socket-wrapper --testenv + diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c index 20c88f86bc..7a8da71a7d 100644 --- a/source4/auth/gensec/gensec.c +++ b/source4/auth/gensec/gensec.c @@ -40,6 +40,12 @@ _PUBLIC_ struct gensec_security_ops **gensec_security_all(void) return generic_security_ops; } +bool gensec_security_ops_enabled(struct gensec_security_ops *ops, + struct loadparm_context *lp_ctx) +{ + return lp_parm_bool(lp_ctx, NULL, "gensec", ops->name, ops->enabled); +} + /* Sometimes we want to force only kerberos, sometimes we want to * force it's avoidance. The old list could be either * gensec_security_all(), or from cli_credentials_gensec_list() (ie, @@ -76,6 +82,7 @@ _PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ j = 0; for (i=0; old_gensec_list && old_gensec_list[i]; i++) { int oid_idx; + for (oid_idx = 0; old_gensec_list[i]->oid && old_gensec_list[i]->oid[oid_idx]; oid_idx++) { if (strcmp(old_gensec_list[i]->oid[oid_idx], GENSEC_OID_SPNEGO) == 0) { new_gensec_list[j] = old_gensec_list[i]; @@ -140,6 +147,9 @@ static const struct gensec_security_ops *gensec_security_by_authtype(struct gens } backends = gensec_security_mechs(gensec_security, mem_ctx); for (i=0; backends && backends[i]; i++) { + if (!gensec_security_ops_enabled(backends[i], + gensec_security->settings->lp_ctx)) + continue; if (backends[i]->auth_type == auth_type) { backend = backends[i]; talloc_free(mem_ctx); @@ -163,6 +173,10 @@ const struct gensec_security_ops *gensec_security_by_oid(struct gensec_security } backends = gensec_security_mechs(gensec_security, mem_ctx); for (i=0; backends && backends[i]; i++) { + if (gensec_security != NULL && + !gensec_security_ops_enabled(backends[i], + gensec_security->settings->lp_ctx)) + continue; if (backends[i]->oid) { for (j=0; backends[i]->oid[j]; j++) { if (backends[i]->oid[j] && @@ -191,6 +205,8 @@ const struct gensec_security_ops *gensec_security_by_sasl_name(struct gensec_sec } backends = gensec_security_mechs(gensec_security, mem_ctx); for (i=0; backends && backends[i]; i++) { + if (!gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx)) + continue; if (backends[i]->sasl_name && (strcmp(backends[i]->sasl_name, sasl_name) == 0)) { backend = backends[i]; @@ -215,6 +231,9 @@ static const struct gensec_security_ops *gensec_security_by_name(struct gensec_s } backends = gensec_security_mechs(gensec_security, mem_ctx); for (i=0; backends && backends[i]; i++) { + if (gensec_security != NULL && + !gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx)) + continue; if (backends[i]->name && (strcmp(backends[i]->name, name) == 0)) { backend = backends[i]; @@ -258,6 +277,9 @@ const struct gensec_security_ops **gensec_security_by_sasl_list(struct gensec_se /* Find backends in our preferred order, by walking our list, * then looking in the supplied list */ for (i=0; backends && backends[i]; i++) { + if (gensec_security != NULL && + !gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx)) + continue; for (sasl_idx = 0; sasl_names[sasl_idx]; sasl_idx++) { if (!backends[i]->sasl_name || !(strcmp(backends[i]->sasl_name, @@ -326,6 +348,9 @@ const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(struct gen /* Find backends in our preferred order, by walking our list, * then looking in the supplied list */ for (i=0; backends && backends[i]; i++) { + if (gensec_security != NULL && + !gensec_security_ops_enabled(backends[i], gensec_security->settings->lp_ctx)) + continue; if (!backends[i]->oid) { continue; } @@ -374,7 +399,8 @@ const struct gensec_security_ops_wrapper *gensec_security_by_oid_list(struct gen * Return OIDS from the security subsystems listed */ -const char **gensec_security_oids_from_ops(TALLOC_CTX *mem_ctx, +const char **gensec_security_oids_from_ops(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, struct gensec_security_ops **ops, const char *skip) { @@ -391,6 +417,10 @@ const char **gensec_security_oids_from_ops(TALLOC_CTX *mem_ctx, } for (i=0; ops && ops[i]; i++) { + if (gensec_security != NULL && + !gensec_security_ops_enabled(ops[i], gensec_security->settings->lp_ctx)) { + continue; + } if (!ops[i]->oid) { continue; } @@ -464,7 +494,7 @@ const char **gensec_security_oids(struct gensec_security *gensec_security, { struct gensec_security_ops **ops = gensec_security_mechs(gensec_security, mem_ctx); - return gensec_security_oids_from_ops(mem_ctx, ops, skip); + return gensec_security_oids_from_ops(gensec_security, mem_ctx, ops, skip); } @@ -501,6 +531,7 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx, (*gensec_security)->event_ctx = ev; (*gensec_security)->msg_ctx = msg; + SMB_ASSERT(settings->lp_ctx != NULL); (*gensec_security)->settings = talloc_reference(*gensec_security, settings); return NT_STATUS_OK; @@ -547,6 +578,11 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx, { NTSTATUS status; + if (settings == NULL) { + DEBUG(0,("gensec_client_start: no settings given!\n")); + return NT_STATUS_INTERNAL_ERROR; + } + status = gensec_start(mem_ctx, ev, settings, NULL, gensec_security); if (!NT_STATUS_IS_OK(status)) { return status; @@ -580,6 +616,11 @@ _PUBLIC_ NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx, return NT_STATUS_INTERNAL_ERROR; } + if (!settings) { + DEBUG(0,("gensec_server_start: no settings given!\n")); + return NT_STATUS_INTERNAL_ERROR; + } + status = gensec_start(mem_ctx, ev, settings, msg, gensec_security); if (!NT_STATUS_IS_OK(status)) { return status; @@ -653,10 +694,10 @@ _PUBLIC_ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_s return gensec_start_mech(gensec_security); } -_PUBLIC_ const char *gensec_get_name_by_authtype(uint8_t authtype) +_PUBLIC_ const char *gensec_get_name_by_authtype(struct gensec_security *gensec_security, uint8_t authtype) { const struct gensec_security_ops *ops; - ops = gensec_security_by_authtype(NULL, authtype); + ops = gensec_security_by_authtype(gensec_security, authtype); if (ops) { return ops->name; } @@ -664,10 +705,11 @@ _PUBLIC_ const char *gensec_get_name_by_authtype(uint8_t authtype) } -_PUBLIC_ const char *gensec_get_name_by_oid(const char *oid_string) +_PUBLIC_ const char *gensec_get_name_by_oid(struct gensec_security *gensec_security, + const char *oid_string) { const struct gensec_security_ops *ops; - ops = gensec_security_by_oid(NULL, oid_string); + ops = gensec_security_by_oid(gensec_security, oid_string); if (ops) { return ops->name; } @@ -697,6 +739,8 @@ NTSTATUS gensec_start_mech_by_ops(struct gensec_security *gensec_security, _PUBLIC_ NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security, const char *mech_oid) { + SMB_ASSERT(gensec_security != NULL); + gensec_security->ops = gensec_security_by_oid(gensec_security, mech_oid); if (!gensec_security->ops) { DEBUG(3, ("Could not find GENSEC backend for oid=%s\n", mech_oid)); @@ -1204,11 +1248,6 @@ const char *gensec_get_target_principal(struct gensec_security *gensec_security) */ NTSTATUS gensec_register(const struct gensec_security_ops *ops) { - if (!lp_parm_bool(global_loadparm, NULL, "gensec", ops->name, ops->enabled)) { - DEBUG(2,("gensec subsystem %s is disabled\n", ops->name)); - return NT_STATUS_OK; - } - if (gensec_security_by_name(NULL, ops->name) != NULL) { /* its already registered! */ DEBUG(0,("GENSEC backend '%s' already registered\n", diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h index 2a483171f7..cb7f3aec99 100644 --- a/source4/auth/gensec/gensec.h +++ b/source4/auth/gensec/gensec.h @@ -239,7 +239,7 @@ NTSTATUS gensec_session_key(struct gensec_security *gensec_security, DATA_BLOB *session_key); NTSTATUS gensec_start_mech_by_oid(struct gensec_security *gensec_security, const char *mech_oid); -const char *gensec_get_name_by_oid(const char *oid_string); +const char *gensec_get_name_by_oid(struct gensec_security *gensec_security, const char *oid_string); struct cli_credentials *gensec_get_credentials(struct gensec_security *gensec_security); struct socket_address *gensec_get_peer_addr(struct gensec_security *gensec_security); NTSTATUS gensec_init(struct loadparm_context *lp_ctx); @@ -266,7 +266,7 @@ NTSTATUS gensec_sign_packet(struct gensec_security *gensec_security, DATA_BLOB *sig); NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security, uint8_t auth_type, uint8_t auth_level); -const char *gensec_get_name_by_authtype(uint8_t authtype); +const char *gensec_get_name_by_authtype(struct gensec_security *gensec_security, uint8_t authtype); NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx, struct event_context *ev, struct gensec_settings *settings, @@ -295,6 +295,7 @@ NTSTATUS gensec_wrap(struct gensec_security *gensec_security, DATA_BLOB *out); struct gensec_security_ops **gensec_security_all(void); +bool gensec_security_ops_enabled(struct gensec_security_ops *ops, struct loadparm_context *lp_ctx); struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx, struct gensec_security_ops **old_gensec_list, struct cli_credentials *creds); diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c index bf991616bd..e51b215807 100644 --- a/source4/auth/gensec/spnego.c +++ b/source4/auth/gensec/spnego.c @@ -336,6 +336,11 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec for (i=0; all_ops[i]; i++) { bool is_spnego; NTSTATUS nt_status; + + if (gensec_security != NULL && + !gensec_security_ops_enabled(all_ops[i], gensec_security->settings->lp_ctx)) + continue; + if (!all_ops[i]->oid) { continue; } @@ -969,8 +974,8 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA spnego.negTokenTarg.supportedMech && strcmp(spnego.negTokenTarg.supportedMech, spnego_state->neg_oid) != 0) { DEBUG(3,("GENSEC SPNEGO: client preferred mech (%s) not accepted, server wants: %s\n", - gensec_get_name_by_oid(spnego.negTokenTarg.supportedMech), - gensec_get_name_by_oid(spnego_state->neg_oid))); + gensec_get_name_by_oid(gensec_security, spnego.negTokenTarg.supportedMech), + gensec_get_name_by_oid(gensec_security, spnego_state->neg_oid))); talloc_free(spnego_state->sub_sec_security); nt_status = gensec_subcontext_start(spnego_state, diff --git a/source4/auth/ntlm/auth_server.c b/source4/auth/ntlm/auth_server.c index 2af0cc8a00..fd0ef0fe4a 100644 --- a/source4/auth/ntlm/auth_server.c +++ b/source4/auth/ntlm/auth_server.c @@ -67,6 +67,7 @@ static NTSTATUS server_get_challenge(struct auth_method_context *ctx, TALLOC_CTX } io.in.dest_ports = lp_smb_ports(ctx->auth_ctx->lp_ctx); io.in.socket_options = lp_socket_options(ctx->auth_ctx->lp_ctx); + io.in.gensec_settings = lp_gensec_settings(mem_ctx, ctx->auth_ctx->lp_ctx); io.in.called_name = strupper_talloc(mem_ctx, io.in.dest_host); diff --git a/source4/client/cifsdd.c b/source4/client/cifsdd.c index 3e0ab7af78..8d0b87d722 100644 --- a/source4/client/cifsdd.c +++ b/source4/client/cifsdd.c @@ -360,7 +360,8 @@ static struct dd_iohandle * open_file(struct resolve_context *resolve_ctx, struct smbcli_options *smb_options, const char *socket_options, struct smbcli_session_options *smb_session_options, - struct smb_iconv_convenience *iconv_convenience) + struct smb_iconv_convenience *iconv_convenience, + struct gensec_settings *gensec_settings) { int options = 0; const char * path = NULL; @@ -384,7 +385,8 @@ static struct dd_iohandle * open_file(struct resolve_context *resolve_ctx, check_arg_numeric("ibs"), options, socket_options, smb_options, smb_session_options, - iconv_convenience); + iconv_convenience, + gensec_settings); } else if (strcmp(which, "of") == 0) { options |= DD_WRITE; path = check_arg_pathname("of"); @@ -392,7 +394,8 @@ static struct dd_iohandle * open_file(struct resolve_context *resolve_ctx, check_arg_numeric("obs"), options, socket_options, smb_options, smb_session_options, - iconv_convenience); + iconv_convenience, + gensec_settings); } else { SMB_ASSERT(0); return(NULL); @@ -447,7 +450,8 @@ static int copy_files(struct event_context *ev, struct loadparm_context *lp_ctx) if (!(ifile = open_file(lp_resolve_context(lp_ctx), ev, "if", lp_smb_ports(lp_ctx), &options, lp_socket_options(lp_ctx), - &session_options, lp_iconv_convenience(lp_ctx)))) { + &session_options, lp_iconv_convenience(lp_ctx), + lp_gensec_settings(lp_ctx, lp_ctx)))) { return(FILESYS_EXIT_CODE); } @@ -455,7 +459,8 @@ static int copy_files(struct event_context *ev, struct loadparm_context *lp_ctx) lp_smb_ports(lp_ctx), &options, lp_socket_options(lp_ctx), &session_options, - lp_iconv_convenience(lp_ctx)))) { + lp_iconv_convenience(lp_ctx), + lp_gensec_settings(lp_ctx, lp_ctx)))) { return(FILESYS_EXIT_CODE); } diff --git a/source4/client/cifsdd.h b/source4/client/cifsdd.h index cfc37cad54..28fe6778f4 100644 --- a/source4/client/cifsdd.h +++ b/source4/client/cifsdd.h @@ -100,7 +100,8 @@ struct dd_iohandle * dd_open_path(struct resolve_context *resolve_ctx, const char *socket_options, struct smbcli_options *smb_options, struct smbcli_session_options *smb_session_options, - struct smb_iconv_convenience *iconv_convenience); + struct smb_iconv_convenience *iconv_convenience, + struct gensec_settings *gensec_settings); bool dd_fill_block(struct dd_iohandle * h, uint8_t * buf, uint64_t * buf_size, uint64_t need_size, uint64_t block_size); bool dd_flush_block(struct dd_iohandle * h, uint8_t * buf, diff --git a/source4/client/cifsddio.c b/source4/client/cifsddio.c index 49c32a37dc..06631ee3ac 100644 --- a/source4/client/cifsddio.c +++ b/source4/client/cifsddio.c @@ -228,7 +228,8 @@ static struct smbcli_state * init_smb_session(struct resolve_context *resolve_ct const char *socket_options, struct smbcli_options *options, struct smbcli_session_options *session_options, - struct smb_iconv_convenience *iconv_convenience) + struct smb_iconv_convenience *iconv_convenience, + struct gensec_settings *gensec_settings) { NTSTATUS ret; struct smbcli_state * cli = NULL; @@ -242,7 +243,8 @@ static struct smbcli_state * init_smb_session(struct resolve_context *resolve_ct cmdline_credentials, resolve_ctx, ev, options, session_options, - iconv_convenience); + iconv_convenience, + gensec_settings); if (!NT_STATUS_IS_OK(ret)) { fprintf(stderr, "%s: connecting to //%s/%s: %s\n", @@ -311,7 +313,8 @@ static struct dd_iohandle * open_cifs_handle(struct resolve_context *resolve_ctx const char *socket_options, struct smbcli_options *smb_options, struct smbcli_session_options *smb_session_options, - struct smb_iconv_convenience *iconv_convenience) + struct smb_iconv_convenience *iconv_convenience, + struct gensec_settings *gensec_settings) { struct cifs_handle * smbh; @@ -334,7 +337,8 @@ static struct dd_iohandle * open_cifs_handle(struct resolve_context *resolve_ctx if ((smbh->cli = init_smb_session(resolve_ctx, ev, host, ports, share, socket_options, smb_options, smb_session_options, - iconv_convenience)) == NULL) { + iconv_convenience, + gensec_settings)) == NULL) { return(NULL); } @@ -358,7 +362,8 @@ struct dd_iohandle * dd_open_path(struct resolve_context *resolve_ctx, const char *socket_options, struct smbcli_options *smb_options, struct smbcli_session_options *smb_session_options, - struct smb_iconv_convenience *iconv_convenience) + struct smb_iconv_convenience *iconv_convenience, + struct gensec_settings *gensec_settings) { if (file_exist(path)) { return(open_fd_handle(path, io_size, options)); @@ -378,7 +383,8 @@ struct dd_iohandle * dd_open_path(struct resolve_context *resolve_ctx, io_size, options, socket_options, smb_options, smb_session_options, - iconv_convenience)); + iconv_convenience, + gensec_settings)); } return(open_fd_handle(path, io_size, options)); diff --git a/source4/client/client.c b/source4/client/client.c index 5066df1f54..a600b5fb0c 100644 --- a/source4/client/client.c +++ b/source4/client/client.c @@ -3049,7 +3049,8 @@ static bool do_connect(struct smbclient_context *ctx, struct cli_credentials *cred, struct smbcli_options *options, struct smbcli_session_options *session_options, - struct smb_iconv_convenience *iconv_convenience) + struct smb_iconv_convenience *iconv_convenience, + struct gensec_settings *gensec_settings) { NTSTATUS status; char *server, *share; @@ -3071,7 +3072,8 @@ static bool do_connect(struct smbclient_context *ctx, socket_options, cred, resolve_ctx, ev_ctx, options, session_options, - iconv_convenience); + iconv_convenience, + gensec_settings); if (!NT_STATUS_IS_OK(status)) { d_printf("Connection to \\\\%s\\%s failed - %s\n", server, share, nt_errstr(status)); @@ -3284,7 +3286,8 @@ static int do_message_op(const char *netbios_name, const char *desthost, desthost, lp_smb_ports(cmdline_lp_ctx), service, lp_socket_options(cmdline_lp_ctx), cmdline_credentials, &smb_options, &smb_session_options, - lp_iconv_convenience(cmdline_lp_ctx))) + lp_iconv_convenience(cmdline_lp_ctx), + lp_gensec_settings(ctx, cmdline_lp_ctx))) return 1; if (base_directory) diff --git a/source4/heimdal/lib/krb5/get_addrs.c b/source4/heimdal/lib/krb5/get_addrs.c new file mode 100644 index 0000000000..fb45d08d29 --- /dev/null +++ b/source4/heimdal/lib/krb5/get_addrs.c @@ -0,0 +1,292 @@ +/* + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: get_addrs.c 23815 2008-09-13 09:21:03Z lha $"); + +#ifdef __osf__ +/* hate */ +struct rtentry; +struct mbuf; +#endif +#ifdef HAVE_NET_IF_H +#include <net/if.h> +#endif +#include <ifaddrs.h> + +static krb5_error_code +gethostname_fallback (krb5_context context, krb5_addresses *res) +{ + krb5_error_code ret; + char hostname[MAXHOSTNAMELEN]; + struct hostent *hostent; + + if (gethostname (hostname, sizeof(hostname))) { + ret = errno; + krb5_set_error_message(context, ret, "gethostname: %s", strerror(ret)); + return ret; + } + hostent = roken_gethostbyname (hostname); + if (hostent == NULL) { + ret = errno; + krb5_set_error_message (context, ret, "gethostbyname %s: %s", + hostname, strerror(ret)); + return ret; + } + res->len = 1; + res->val = malloc (sizeof(*res->val)); + if (res->val == NULL) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); + return ENOMEM; + } + res->val[0].addr_type = hostent->h_addrtype; + res->val[0].address.data = NULL; + res->val[0].address.length = 0; + ret = krb5_data_copy (&res->val[0].address, + hostent->h_addr, + hostent->h_length); + if (ret) { + free (res->val); + return ret; + } + return 0; +} + +enum { + LOOP = 1, /* do include loopback interfaces */ + LOOP_IF_NONE = 2, /* include loopback if no other if's */ + EXTRA_ADDRESSES = 4, /* include extra addresses */ + SCAN_INTERFACES = 8 /* scan interfaces for addresses */ +}; + +/* + * Try to figure out the addresses of all configured interfaces with a + * lot of magic ioctls. + */ + +static krb5_error_code +find_all_addresses (krb5_context context, krb5_addresses *res, int flags) +{ + struct sockaddr sa_zero; + struct ifaddrs *ifa0, *ifa; + krb5_error_code ret = ENXIO; + unsigned int num, idx; + krb5_addresses ignore_addresses; + + res->val = NULL; + + if (getifaddrs(&ifa0) == -1) { + ret = errno; + krb5_set_error_message(context, ret, "getifaddrs: %s", strerror(ret)); + return (ret); + } + + memset(&sa_zero, 0, sizeof(sa_zero)); + + /* First, count all the ifaddrs. */ + for (ifa = ifa0, num = 0; ifa != NULL; ifa = ifa->ifa_next, num++) + /* nothing */; + + if (num == 0) { + freeifaddrs(ifa0); + krb5_set_error_message(context, ENXIO, N_("no addresses found", "")); + return (ENXIO); + } + + if (flags & EXTRA_ADDRESSES) { + /* we'll remove the addresses we don't care about */ + ret = krb5_get_ignore_addresses(context, &ignore_addresses); + if(ret) + return ret; + } + + /* Allocate storage for them. */ + res->val = calloc(num, sizeof(*res->val)); + if (res->val == NULL) { + krb5_free_addresses(context, &ignore_addresses); + freeifaddrs(ifa0); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); + return ENOMEM; + } + + /* Now traverse the list. */ + for (ifa = ifa0, idx = 0; ifa != NULL; ifa = ifa->ifa_next) { + if ((ifa->ifa_flags & IFF_UP) == 0) + continue; + if (ifa->ifa_addr == NULL) + continue; + if (memcmp(ifa->ifa_addr, &sa_zero, sizeof(sa_zero)) == 0) + continue; + if (krb5_sockaddr_uninteresting(ifa->ifa_addr)) + continue; + if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) { + /* We'll deal with the LOOP_IF_NONE case later. */ + if ((flags & LOOP) == 0) + continue; + } + + ret = krb5_sockaddr2address(context, ifa->ifa_addr, &res->val[idx]); + if (ret) { + /* + * The most likely error here is going to be "Program + * lacks support for address type". This is no big + * deal -- just continue, and we'll listen on the + * addresses who's type we *do* support. + */ + continue; + } + /* possibly skip this address? */ + if((flags & EXTRA_ADDRESSES) && + krb5_address_search(context, &res->val[idx], &ignore_addresses)) { + krb5_free_address(context, &res->val[idx]); + flags &= ~LOOP_IF_NONE; /* we actually found an address, + so don't add any loop-back + addresses */ + continue; + } + + idx++; + } + + /* + * If no addresses were found, and LOOP_IF_NONE is set, then find + * the loopback addresses and add them to our list. + */ + if ((flags & LOOP_IF_NONE) != 0 && idx == 0) { + for (ifa = ifa0; ifa != NULL; ifa = ifa->ifa_next) { + if ((ifa->ifa_flags & IFF_UP) == 0) + continue; + if (ifa->ifa_addr == NULL) + continue; + if (memcmp(ifa->ifa_addr, &sa_zero, sizeof(sa_zero)) == 0) + continue; + if (krb5_sockaddr_uninteresting(ifa->ifa_addr)) + continue; + + if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) { + ret = krb5_sockaddr2address(context, + ifa->ifa_addr, &res->val[idx]); + if (ret) { + /* + * See comment above. + */ + continue; + } + if((flags & EXTRA_ADDRESSES) && + krb5_address_search(context, &res->val[idx], + &ignore_addresses)) { + krb5_free_address(context, &res->val[idx]); + continue; + } + idx++; + } + } + } + + if (flags & EXTRA_ADDRESSES) + krb5_free_addresses(context, &ignore_addresses); + freeifaddrs(ifa0); + if (ret) { + free(res->val); + res->val = NULL; + } else + res->len = idx; /* Now a count. */ + return (ret); +} + +static krb5_error_code +get_addrs_int (krb5_context context, krb5_addresses *res, int flags) +{ + krb5_error_code ret = -1; + + if (flags & SCAN_INTERFACES) { + ret = find_all_addresses (context, res, flags); + if(ret || res->len == 0) + ret = gethostname_fallback (context, res); + } else { + res->len = 0; + res->val = NULL; + ret = 0; + } + + if(ret == 0 && (flags & EXTRA_ADDRESSES)) { + krb5_addresses a; + /* append user specified addresses */ + ret = krb5_get_extra_addresses(context, &a); + if(ret) { + krb5_free_addresses(context, res); + return ret; + } + ret = krb5_append_addresses(context, res, &a); + if(ret) { + krb5_free_addresses(context, res); + return ret; + } + krb5_free_addresses(context, &a); + } + if(res->len == 0) { + free(res->val); + res->val = NULL; + } + return ret; +} + +/* + * Try to get all addresses, but return the one corresponding to + * `hostname' if we fail. + * + * Only include loopback address if there are no other. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_all_client_addrs (krb5_context context, krb5_addresses *res) +{ + int flags = LOOP_IF_NONE | EXTRA_ADDRESSES; + + if (context->scan_interfaces) + flags |= SCAN_INTERFACES; + + return get_addrs_int (context, res, flags); +} + +/* + * Try to get all local addresses that a server should listen to. + * If that fails, we return the address corresponding to `hostname'. + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_all_server_addrs (krb5_context context, krb5_addresses *res) +{ + return get_addrs_int (context, res, LOOP | SCAN_INTERFACES); +} diff --git a/source4/heimdal_build/internal.mk b/source4/heimdal_build/internal.mk index 85ce6d3ab0..92bef089e4 100644 --- a/source4/heimdal_build/internal.mk +++ b/source4/heimdal_build/internal.mk @@ -290,6 +290,7 @@ HEIMDAL_KRB5_OBJ_FILES = \ $(heimdalsrcdir)/lib/krb5/free_host_realm.o \ $(heimdalsrcdir)/lib/krb5/generate_seq_number.o \ $(heimdalsrcdir)/lib/krb5/generate_subkey.o \ + $(heimdalsrcdir)/lib/krb5/get_addrs.o \ $(heimdalsrcdir)/lib/krb5/get_cred.o \ $(heimdalsrcdir)/lib/krb5/get_default_principal.o \ $(heimdalsrcdir)/lib/krb5/get_default_realm.o \ diff --git a/source4/heimdal_build/krb5-glue.c b/source4/heimdal_build/krb5-glue.c index b41e3c0271..8a09a91f3e 100644 --- a/source4/heimdal_build/krb5-glue.c +++ b/source4/heimdal_build/krb5-glue.c @@ -25,39 +25,6 @@ #include "lib/socket/netif.h" #include "param/param.h" -/** - get the list of IP addresses for configured interfaces -*/ -krb5_error_code KRB5_LIB_FUNCTION krb5_get_all_client_addrs(krb5_context context, krb5_addresses *res) -{ - int i; - struct interface *ifaces; - - load_interfaces(NULL, lp_interfaces(global_loadparm), &ifaces); - - res->len = iface_count(ifaces); - res->val = malloc_array_p(HostAddress, res->len); - if (res->val == NULL) { - talloc_free(ifaces); - return ENOMEM; - } - for (i=0;i<res->len;i++) { - const char *ip = iface_n_ip(ifaces, i); - res->val[i].addr_type = AF_INET; - res->val[i].address.length = 4; - res->val[i].address.data = malloc(4); - if (res->val[i].address.data == NULL) { - talloc_free(ifaces); - return ENOMEM; - } - ((struct in_addr *)res->val[i].address.data)->s_addr = inet_addr(ip); - } - - talloc_free(ifaces); - - return 0; -} - #include "heimdal/lib/krb5/krb5_locl.h" const krb5_cc_ops krb5_scc_ops = { diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c index 32fc00832e..d0417107f1 100644 --- a/source4/ldap_server/ldap_backend.c +++ b/source4/ldap_server/ldap_backend.c @@ -74,6 +74,9 @@ NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn) = gensec_use_kerberos_mechs(conn, backends, conn->server_credentials); int i, j = 0; for (i = 0; ops && ops[i]; i++) { + if (!gensec_security_ops_enabled(ops[i], conn->lp_ctx)) + continue; + if (ops[i]->sasl_name && ops[i]->server_start) { char *sasl_name = talloc_strdup(conn, ops[i]->sasl_name); diff --git a/source4/lib/cmdline/popt_common.c b/source4/lib/cmdline/popt_common.c index 96d8b8b40a..712d99996c 100644 --- a/source4/lib/cmdline/popt_common.c +++ b/source4/lib/cmdline/popt_common.c @@ -23,7 +23,6 @@ #include "version.h" #include "lib/cmdline/popt_common.h" #include "param/param.h" -#include "dynconfig/dynconfig.h" /* Handle command line options: * -d,--debuglevel @@ -63,10 +62,7 @@ static void popt_samba_callback(poptContext con, if (reason == POPT_CALLBACK_REASON_POST) { if (lp_configfile(cmdline_lp_ctx) == NULL) { - if (getenv("SMB_CONF_PATH")) - lp_load(cmdline_lp_ctx, getenv("SMB_CONF_PATH")); - else - lp_load(cmdline_lp_ctx, dyn_CONFIGFILE); + lp_load_default(cmdline_lp_ctx); } /* Hook any 'every Samba program must do this, after * the smb.conf is setup' functions here */ @@ -82,11 +78,7 @@ static void popt_samba_callback(poptContext con, pname++; if (reason == POPT_CALLBACK_REASON_PRE) { - if (global_loadparm != NULL) { - cmdline_lp_ctx = global_loadparm; - } else { - cmdline_lp_ctx = global_loadparm = loadparm_init(talloc_autofree_context()); - } + cmdline_lp_ctx = loadparm_init(talloc_autofree_context()); /* Hook for 'almost the first thing to do in a samba program' here */ /* setup for panics */ diff --git a/source4/lib/cmdline/popt_credentials.c b/source4/lib/cmdline/popt_credentials.c index de5ea7c1b6..42ecac1eaa 100644 --- a/source4/lib/cmdline/popt_credentials.c +++ b/source4/lib/cmdline/popt_credentials.c @@ -60,7 +60,7 @@ static void popt_common_credentials_callback(poptContext con, } if (reason == POPT_CALLBACK_REASON_POST) { - cli_credentials_guess(cmdline_credentials, global_loadparm); + cli_credentials_guess(cmdline_credentials, cmdline_lp_ctx); if (!dont_ask) { cli_credentials_set_cmdline_callbacks(cmdline_credentials); diff --git a/source4/lib/messaging/pymessaging.c b/source4/lib/messaging/pymessaging.c index c2c23b679e..ad8f955466 100644 --- a/source4/lib/messaging/pymessaging.c +++ b/source4/lib/messaging/pymessaging.c @@ -34,6 +34,9 @@ PyAPI_DATA(PyTypeObject) messaging_Type; PyAPI_DATA(PyTypeObject) irpc_ClientConnectionType; +/* FIXME: This prototype should be in param/pyparam.h */ +struct loadparm_context *py_default_loadparm_context(TALLOC_CTX *mem_ctx); + static bool server_id_from_py(PyObject *object, struct server_id *server_id) { if (!PyTuple_Check(object)) { @@ -80,7 +83,8 @@ PyObject *py_messaging_connect(PyTypeObject *self, PyObject *args, PyObject *kwa ev = s4_event_context_init(ret->mem_ctx); if (messaging_path == NULL) { - messaging_path = lp_messaging_path(ret->mem_ctx, global_loadparm); + messaging_path = lp_messaging_path(ret->mem_ctx, + py_default_loadparm_context(ret->mem_ctx)); } else { messaging_path = talloc_strdup(ret->mem_ctx, messaging_path); } @@ -334,7 +338,8 @@ PyObject *py_irpc_connect(PyTypeObject *self, PyObject *args, PyObject *kwargs) ev = s4_event_context_init(ret->mem_ctx); if (messaging_path == NULL) { - messaging_path = lp_messaging_path(ret->mem_ctx, global_loadparm); + messaging_path = lp_messaging_path(ret->mem_ctx, + py_default_loadparm_context(ret->mem_ctx)); } else { messaging_path = talloc_strdup(ret->mem_ctx, messaging_path); } diff --git a/source4/lib/registry/rpc.c b/source4/lib/registry/rpc.c index 3a16ae1db5..117951ed03 100644 --- a/source4/lib/registry/rpc.c +++ b/source4/lib/registry/rpc.c @@ -486,7 +486,7 @@ _PUBLIC_ WERROR reg_open_remote(struct registry_context **ctx, struct dcerpc_pipe *p; struct rpc_registry_context *rctx; - dcerpc_init(); + dcerpc_init(lp_ctx); rctx = talloc(NULL, struct rpc_registry_context); diff --git a/source4/lib/socket/socket.c b/source4/lib/socket/socket.c index eff2c0a743..26cdac99a3 100644 --- a/source4/lib/socket/socket.c +++ b/source4/lib/socket/socket.c @@ -70,7 +70,7 @@ _PUBLIC_ NTSTATUS socket_create_with_ops(TALLOC_CTX *mem_ctx, const struct socke if (!(flags & SOCKET_FLAG_BLOCK) && type == SOCKET_TYPE_STREAM && - lp_parm_bool(global_loadparm, NULL, "socket", "testnonblock", false)) { + getenv("SOCKET_TESTNONBLOCK") != NULL) { (*new_sock)->flags |= SOCKET_FLAG_TESTNONBLOCK; } diff --git a/source4/lib/wmi/wmicore.c b/source4/lib/wmi/wmicore.c index a853f26035..7624946536 100644 --- a/source4/lib/wmi/wmicore.c +++ b/source4/lib/wmi/wmicore.c @@ -37,9 +37,10 @@ struct IWbemContext; DEBUG(1, ("OK : %s\n", msg)); \ } -void wmi_init(struct com_context **ctx, struct cli_credentials *credentials) +void wmi_init(struct com_context **ctx, struct cli_credentials *credentials, + struct loadparm_context *lp_ctx) { - dcerpc_init(); + dcerpc_init(lp_ctx); ndr_table_init(); /* FIXME: Register DCOM proxies? */ diff --git a/source4/libcli/cliconnect.c b/source4/libcli/cliconnect.c index 402387f5b5..dda05c8d73 100644 --- a/source4/libcli/cliconnect.c +++ b/source4/libcli/cliconnect.c @@ -154,7 +154,8 @@ NTSTATUS smbcli_full_connection(TALLOC_CTX *parent_ctx, struct event_context *ev, struct smbcli_options *options, struct smbcli_session_options *session_options, - struct smb_iconv_convenience *iconv_convenience) + struct smb_iconv_convenience *iconv_convenience, + struct gensec_settings *gensec_settings) { struct smbcli_tree *tree; NTSTATUS status; @@ -168,7 +169,8 @@ NTSTATUS smbcli_full_connection(TALLOC_CTX *parent_ctx, credentials, resolve_ctx, ev, options, session_options, - iconv_convenience); + iconv_convenience, + gensec_settings); if (!NT_STATUS_IS_OK(status)) { goto done; } diff --git a/source4/libcli/raw/clitree.c b/source4/libcli/raw/clitree.c index 8640a25747..984aa70247 100644 --- a/source4/libcli/raw/clitree.c +++ b/source4/libcli/raw/clitree.c @@ -179,7 +179,8 @@ NTSTATUS smbcli_tree_full_connection(TALLOC_CTX *parent_ctx, struct event_context *ev, struct smbcli_options *options, struct smbcli_session_options *session_options, - struct smb_iconv_convenience *iconv_convenience) + struct smb_iconv_convenience *iconv_convenience, + struct gensec_settings *gensec_settings) { struct smb_composite_connect io; NTSTATUS status; @@ -195,6 +196,7 @@ NTSTATUS smbcli_tree_full_connection(TALLOC_CTX *parent_ctx, io.in.service = service; io.in.service_type = service_type; io.in.credentials = credentials; + io.in.gensec_settings = gensec_settings; io.in.fallback_to_anonymous = false; /* This workgroup gets sent out by the SPNEGO session setup. diff --git a/source4/libcli/raw/libcliraw.h b/source4/libcli/raw/libcliraw.h index ccd8681fa0..7757d10099 100644 --- a/source4/libcli/raw/libcliraw.h +++ b/source4/libcli/raw/libcliraw.h @@ -32,6 +32,7 @@ struct smbcli_transport; /* forward declare */ struct resolve_context; struct cli_credentials; +struct gensec_settings; /* default timeout for all smb requests */ #define SMB_REQUEST_TIMEOUT 60 diff --git a/source4/libcli/smb2/connect.c b/source4/libcli/smb2/connect.c index e7aa8c753d..c7613841b8 100644 --- a/source4/libcli/smb2/connect.c +++ b/source4/libcli/smb2/connect.c @@ -35,6 +35,7 @@ struct smb2_connect_state { const char *share; const char **ports; const char *socket_options; + struct gensec_settings *gensec_settings; struct smbcli_options options; struct smb2_negprot negprot; struct smb2_tree_connect tcon; @@ -140,7 +141,7 @@ static void continue_negprot(struct smb2_request *req) break; } - state->session = smb2_session_init(transport, lp_gensec_settings(transport, global_loadparm), state, true); + state->session = smb2_session_init(transport, state->gensec_settings, state, true); if (composite_nomem(state->session, c)) return; creq = smb2_session_setup_spnego_send(state->session, state->credentials); @@ -236,7 +237,8 @@ struct composite_context *smb2_connect_send(TALLOC_CTX *mem_ctx, struct cli_credentials *credentials, struct event_context *ev, struct smbcli_options *options, - const char *socket_options) + const char *socket_options, + struct gensec_settings *gensec_settings) { struct composite_context *c; struct smb2_connect_state *state; @@ -259,7 +261,7 @@ struct composite_context *smb2_connect_send(TALLOC_CTX *mem_ctx, if (composite_nomem(state->share, c)) return c; state->resolve_ctx = talloc_reference(state, resolve_ctx); state->socket_options = talloc_reference(state, socket_options); - if (composite_nomem(state->socket_options, c)) return c; + state->gensec_settings = talloc_reference(state, gensec_settings); ZERO_STRUCT(name); name.name = host; @@ -297,11 +299,13 @@ NTSTATUS smb2_connect(TALLOC_CTX *mem_ctx, struct smb2_tree **tree, struct event_context *ev, struct smbcli_options *options, - const char *socket_options) + const char *socket_options, + struct gensec_settings *gensec_settings) { struct composite_context *c = smb2_connect_send(mem_ctx, host, ports, share, resolve_ctx, credentials, ev, options, - socket_options); + socket_options, + gensec_settings); return smb2_connect_recv(c, mem_ctx, tree); } diff --git a/source4/libcli/smb_composite/connect.c b/source4/libcli/smb_composite/connect.c index 70df0a19ff..980a418619 100644 --- a/source4/libcli/smb_composite/connect.c +++ b/source4/libcli/smb_composite/connect.c @@ -257,7 +257,7 @@ static NTSTATUS connect_negprot(struct composite_context *c, state->io_setup->in.capabilities = state->transport->negotiate.capabilities; state->io_setup->in.credentials = io->in.credentials; state->io_setup->in.workgroup = io->in.workgroup; - state->io_setup->in.gensec_settings = lp_gensec_settings(state->io_setup, global_loadparm); + state->io_setup->in.gensec_settings = io->in.gensec_settings; state->creq = smb_composite_sesssetup_send(state->session, state->io_setup); NT_STATUS_HAVE_NO_MEMORY(state->creq); @@ -470,6 +470,7 @@ struct composite_context *smb_composite_connect_send(struct smb_composite_connec state = talloc_zero(c, struct connect_state); if (state == NULL) goto failed; + if (io->in.gensec_settings == NULL) goto failed; state->io = io; c->state = COMPOSITE_STATE_IN_PROGRESS; diff --git a/source4/libcli/smb_composite/fetchfile.c b/source4/libcli/smb_composite/fetchfile.c index 6dc2ae8c8f..a19898efae 100644 --- a/source4/libcli/smb_composite/fetchfile.c +++ b/source4/libcli/smb_composite/fetchfile.c @@ -145,6 +145,7 @@ struct composite_context *smb_composite_fetchfile_send(struct smb_composite_fetc state->connect->in.credentials = io->in.credentials; state->connect->in.fallback_to_anonymous = false; state->connect->in.workgroup = io->in.workgroup; + state->connect->in.gensec_settings = io->in.gensec_settings; state->connect->in.iconv_convenience = io->in.iconv_convenience; state->connect->in.options = io->in.options; diff --git a/source4/libcli/smb_composite/fsinfo.c b/source4/libcli/smb_composite/fsinfo.c index 8f5339fa05..7c9c7963f4 100644 --- a/source4/libcli/smb_composite/fsinfo.c +++ b/source4/libcli/smb_composite/fsinfo.c @@ -154,6 +154,7 @@ struct composite_context *smb_composite_fsinfo_send(struct smbcli_tree *tree, state->connect->in.fallback_to_anonymous = false; state->connect->in.workgroup = io->in.workgroup; state->connect->in.iconv_convenience = io->in.iconv_convenience; + state->connect->in.gensec_settings = io->in.gensec_settings; state->connect->in.options = tree->session->transport->options; state->connect->in.session_options = tree->session->options; diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index 10f84a5dba..7c9d1fb731 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -442,12 +442,13 @@ static NTSTATUS session_setup_spnego(struct composite_context *c, status = gensec_start_mech_by_oid(session->gensec, chosen_oid); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start set GENSEC client mechanism %s: %s\n", - gensec_get_name_by_oid(chosen_oid), nt_errstr(status))); + gensec_get_name_by_oid(session->gensec, chosen_oid), nt_errstr(status))); chosen_oid = GENSEC_OID_NTLMSSP; status = gensec_start_mech_by_oid(session->gensec, chosen_oid); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start set (fallback) GENSEC client mechanism %s: %s\n", - gensec_get_name_by_oid(chosen_oid), nt_errstr(status))); + gensec_get_name_by_oid(session->gensec, chosen_oid), + nt_errstr(status))); return status; } } @@ -457,7 +458,7 @@ static NTSTATUS session_setup_spnego(struct composite_context *c, status = gensec_start_mech_by_oid(session->gensec, chosen_oid); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start set GENSEC client mechanism %s: %s\n", - gensec_get_name_by_oid(chosen_oid), nt_errstr(status))); + gensec_get_name_by_oid(session->gensec, chosen_oid), nt_errstr(status))); } } @@ -475,7 +476,8 @@ static NTSTATUS session_setup_spnego(struct composite_context *c, if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) && !NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed initial gensec_update with mechanism %s: %s\n", - gensec_get_name_by_oid(chosen_oid), nt_errstr(status))); + gensec_get_name_by_oid(session->gensec, chosen_oid), + nt_errstr(status))); return status; } state->gensec_status = status; diff --git a/source4/libcli/smb_composite/smb_composite.h b/source4/libcli/smb_composite/smb_composite.h index 431733d600..a1e1e99d7e 100644 --- a/source4/libcli/smb_composite/smb_composite.h +++ b/source4/libcli/smb_composite/smb_composite.h @@ -61,6 +61,7 @@ struct smb_composite_fetchfile { struct smbcli_session_options session_options; struct resolve_context *resolve_ctx; struct smb_iconv_convenience *iconv_convenience; + struct gensec_settings *gensec_settings; } in; struct { uint8_t *data; @@ -104,6 +105,7 @@ struct smb_composite_connect { struct smbcli_options options; struct smbcli_session_options session_options; struct smb_iconv_convenience *iconv_convenience; + struct gensec_settings *gensec_settings; } in; struct { struct smbcli_tree *tree; @@ -144,6 +146,7 @@ struct smb_composite_fsinfo { const char *workgroup; enum smb_fsinfo_level level; struct smb_iconv_convenience *iconv_convenience; + struct gensec_settings *gensec_settings; } in; struct { diff --git a/source4/libcli/util/errormap.c b/source4/libcli/util/errormap.c index 2257955c76..0185e66c39 100644 --- a/source4/libcli/util/errormap.c +++ b/source4/libcli/util/errormap.c @@ -20,7 +20,6 @@ */ #include "includes.h" -#include "param/param.h" #include "librpc/ndr/libndr.h" /* This map was extracted by the ERRMAPEXTRACT smbtorture command. @@ -1157,8 +1156,10 @@ static const struct { {NT_STATUS(0x80000025), W_ERROR(0x962)}, {NT_STATUS(0x80000288), W_ERROR(0x48d)}, {NT_STATUS(0x80000289), W_ERROR(0x48e)}, - {NT_STATUS_OK, WERR_OK}}; + {NT_STATUS_OK, WERR_OK} +}; +bool ntstatus_check_dos_mapping = true; /* check if a DOS encoded NTSTATUS code maps to the given NTSTATUS code @@ -1169,7 +1170,7 @@ bool ntstatus_dos_equal(NTSTATUS status1, NTSTATUS status2) the mapping of dos codes, as we want to catch the cases where a forced dos code is needed */ - if (lp_nt_status_support(global_loadparm)) { + if (ntstatus_check_dos_mapping) { return NT_STATUS_V(status1) == NT_STATUS_V(status2); } diff --git a/source4/libnet/py_net.c b/source4/libnet/py_net.c index 37d51d7840..887c3f466c 100644 --- a/source4/libnet/py_net.c +++ b/source4/libnet/py_net.c @@ -24,10 +24,13 @@ #include "lib/events/events.h" #include "param/param.h" +/* FIXME: This prototype should be in param/pyparam.h */ +struct loadparm_context *py_default_loadparm_context(TALLOC_CTX *mem_ctx); + static struct libnet_context *py_net_ctx(PyObject *obj, struct event_context *ev) { /* FIXME: Use obj */ - return libnet_context_init(ev, global_loadparm); + return libnet_context_init(ev, py_default_loadparm_context(NULL)); } static PyObject *py_net_join(PyObject *cls, PyObject *args, PyObject *kwargs) diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index 042745d74d..16ea51e6ff 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -31,9 +31,9 @@ #include "auth/gensec/gensec.h" #include "param/param.h" -_PUBLIC_ NTSTATUS dcerpc_init(void) +_PUBLIC_ NTSTATUS dcerpc_init(struct loadparm_context *lp_ctx) { - return gensec_init(global_loadparm); + return gensec_init(lp_ctx); } static void dcerpc_connection_dead(struct dcerpc_connection *conn, NTSTATUS status); diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h index dfbe6ee7a6..6b9d61dd0f 100644 --- a/source4/librpc/rpc/dcerpc.h +++ b/source4/librpc/rpc/dcerpc.h @@ -309,7 +309,7 @@ NTSTATUS dcerpc_bind_auth_schannel(TALLOC_CTX *tmp_ctx, struct loadparm_context *lp_ctx, uint8_t auth_level); struct event_context *dcerpc_event_context(struct dcerpc_pipe *p); -NTSTATUS dcerpc_init(void); +NTSTATUS dcerpc_init(struct loadparm_context *lp_ctx); struct smbcli_tree *dcerpc_smb_tree(struct dcerpc_connection *c); uint16_t dcerpc_smb_fnum(struct dcerpc_connection *c); NTSTATUS dcerpc_secondary_context(struct dcerpc_pipe *p, diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c index 7c9d04eeb4..14f0f9deb4 100644 --- a/source4/librpc/rpc/dcerpc_auth.c +++ b/source4/librpc/rpc/dcerpc_auth.c @@ -291,7 +291,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx, auth_type, auth_level); if (!NT_STATUS_IS_OK(c->status)) { DEBUG(1, ("Failed to start GENSEC client mechanism %s: %s\n", - gensec_get_name_by_authtype(auth_type), + gensec_get_name_by_authtype(sec->generic_state, auth_type), nt_errstr(c->status))); composite_error(c, c->status); return c; diff --git a/source4/librpc/rpc/dcerpc_connect.c b/source4/librpc/rpc/dcerpc_connect.c index 8d03f9cde3..32485f5653 100644 --- a/source4/librpc/rpc/dcerpc_connect.c +++ b/source4/librpc/rpc/dcerpc_connect.c @@ -120,7 +120,7 @@ static struct composite_context *dcerpc_pipe_connect_ncacn_np_smb_send(TALLOC_CT conn->in.service = "IPC$"; conn->in.service_type = NULL; conn->in.workgroup = lp_workgroup(lp_ctx); - + conn->in.gensec_settings = lp_gensec_settings(conn, lp_ctx); conn->in.iconv_convenience = lp_iconv_convenience(lp_ctx); lp_smbcli_options(lp_ctx, &conn->in.options); @@ -255,7 +255,8 @@ static struct composite_context *dcerpc_pipe_connect_ncacn_np_smb2_send( s->io.creds, c->event_ctx, &options, - lp_socket_options(lp_ctx) + lp_socket_options(lp_ctx), + lp_gensec_settings(mem_ctx, lp_ctx) ); composite_continue(c, conn_req, continue_smb2_connect, c); return c; diff --git a/source4/ntvfs/cifs/vfs_cifs.c b/source4/ntvfs/cifs/vfs_cifs.c index 27d5b9de5a..d133bbc480 100644 --- a/source4/ntvfs/cifs/vfs_cifs.c +++ b/source4/ntvfs/cifs/vfs_cifs.c @@ -207,6 +207,7 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs, io.in.service = remote_share; io.in.service_type = "?????"; io.in.iconv_convenience = lp_iconv_convenience(ntvfs->ctx->lp_ctx); + io.in.gensec_settings = lp_gensec_settings(private, ntvfs->ctx->lp_ctx); lp_smbcli_options(ntvfs->ctx->lp_ctx, &io.in.options); lp_smbcli_session_options(ntvfs->ctx->lp_ctx, &io.in.session_options); diff --git a/source4/ntvfs/smb2/vfs_smb2.c b/source4/ntvfs/smb2/vfs_smb2.c index 8e3219293d..ebb17e2806 100644 --- a/source4/ntvfs/smb2/vfs_smb2.c +++ b/source4/ntvfs/smb2/vfs_smb2.c @@ -232,7 +232,8 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs, lp_resolve_context(ntvfs->ctx->lp_ctx), credentials, ntvfs->ctx->event_ctx, &options, - lp_socket_options(ntvfs->ctx->lp_ctx) + lp_socket_options(ntvfs->ctx->lp_ctx), + lp_gensec_settings(private, ntvfs->ctx->lp_ctx) ); status = smb2_connect_recv(creq, private, &tree); diff --git a/source4/ntvfs/sysdep/inotify.c b/source4/ntvfs/sysdep/inotify.c index 68653d60bd..c47a1216c8 100644 --- a/source4/ntvfs/sysdep/inotify.c +++ b/source4/ntvfs/sysdep/inotify.c @@ -339,10 +339,6 @@ static NTSTATUS inotify_watch(struct sys_notify_context *ctx, /* maybe setup the inotify fd */ if (ctx->private_data == NULL) { NTSTATUS status; - if (!lp_parm_bool(global_loadparm, NULL, "notify", "inotify", true)) { - return NT_STATUS_INVALID_SYSTEM_SERVICE; - } - status = inotify_setup(ctx); NT_STATUS_NOT_OK_RETURN(status); } diff --git a/source4/ntvfs/sysdep/sys_notify.c b/source4/ntvfs/sysdep/sys_notify.c index d84979e44c..a27386bb13 100644 --- a/source4/ntvfs/sysdep/sys_notify.c +++ b/source4/ntvfs/sysdep/sys_notify.c @@ -71,6 +71,17 @@ _PUBLIC_ struct sys_notify_context *sys_notify_context_create(struct share_confi } for (i=0;i<num_backends;i++) { + char *enable_opt_name; + bool enabled; + + enable_opt_name = talloc_asprintf(mem_ctx, "notify:%s", + backends[i].name); + enabled = share_bool_option(scfg, enable_opt_name, true); + talloc_free(enable_opt_name); + + if (!enabled) + continue; + if (strcasecmp(backends[i].name, bname) == 0) { bname = backends[i].name; break; diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c index 6b8db0e7f5..d660141efc 100644 --- a/source4/param/loadparm.c +++ b/source4/param/loadparm.c @@ -228,8 +228,6 @@ struct loadparm_service }; -struct loadparm_context *global_loadparm = NULL; - #define NUMPARAMETERS (sizeof(parm_table) / sizeof(struct parm_struct)) @@ -2431,7 +2429,10 @@ const char *lp_configfile(struct loadparm_context *lp_ctx) bool lp_load_default(struct loadparm_context *lp_ctx) { - return lp_load(lp_ctx, dyn_CONFIGFILE); + if (getenv("SMB_CONF_PATH")) + return lp_load(lp_ctx, getenv("SMB_CONF_PATH")); + else + return lp_load(lp_ctx, dyn_CONFIGFILE); } /** @@ -2477,6 +2478,16 @@ bool lp_load(struct loadparm_context *lp_ctx, const char *filename) reload_charcnv(lp_ctx); + /* FIXME: ntstatus_check_dos_mapping = lp_nt_status_support(lp_ctx); */ + + /* FIXME: This is a bit of a hack, but we can't use a global, since + * not everything that uses lp also uses the socket library */ + if (lp_parm_bool(lp_ctx, NULL, "socket", "testnonblock", false)) { + setenv("SOCKET_TESTNONBLOCK", "1", 1); + } else { + unsetenv("SOCKET_TESTNONBLOCK"); + } + /* FIXME: Check locale in environment for this: */ if (strcmp(lp_display_charset(lp_ctx), lp_unix_charset(lp_ctx)) != 0) d_set_iconv(smb_iconv_open(lp_display_charset(lp_ctx), lp_unix_charset(lp_ctx))); @@ -2679,6 +2690,7 @@ struct gensec_settings *lp_gensec_settings(TALLOC_CTX *mem_ctx, struct loadparm_ struct gensec_settings *settings = talloc(mem_ctx, struct gensec_settings); if (settings == NULL) return NULL; + SMB_ASSERT(lp_ctx != NULL); settings->lp_ctx = talloc_reference(settings, lp_ctx); settings->iconv_convenience = lp_iconv_convenience(lp_ctx); settings->target_hostname = lp_parm_string(lp_ctx, NULL, "gensec", "target_hostname"); diff --git a/source4/param/param.h b/source4/param/param.h index 80bb5ff128..ba0dbfd0fa 100644 --- a/source4/param/param.h +++ b/source4/param/param.h @@ -71,8 +71,6 @@ struct gensec_settings; void reload_charcnv(struct loadparm_context *lp_ctx); -extern _DEPRECATED_ struct loadparm_context *global_loadparm; - struct loadparm_service *lp_default_service(struct loadparm_context *lp_ctx); struct parm_struct *lp_parm_table(void); int lp_server_role(struct loadparm_context *); diff --git a/source4/param/param.i b/source4/param/param.i index 6158c92f80..c085ca2f05 100644 --- a/source4/param/param.i +++ b/source4/param/param.i @@ -344,4 +344,13 @@ struct loadparm_context *lp_from_py_object(PyObject *py_obj) return lp_ctx; } +struct loadparm_context *py_default_loadparm_context(TALLOC_CTX *mem_ctx) +{ + struct loadparm_context *ret; + ret = loadparm_init(mem_ctx); + if (!lp_load_default(ret)) + return NULL; + return ret; +} + %} diff --git a/source4/param/param_wrap.c b/source4/param/param_wrap.c index 23b3c17623..8f4f529532 100644 --- a/source4/param/param_wrap.c +++ b/source4/param/param_wrap.c @@ -2814,6 +2814,15 @@ struct loadparm_context *lp_from_py_object(PyObject *py_obj) return lp_ctx; } +struct loadparm_context *py_default_loadparm_context(TALLOC_CTX *mem_ctx) +{ + struct loadparm_context *ret; + ret = loadparm_init(mem_ctx); + if (!lp_load_default(ret)) + return NULL; + return ret; +} + #ifdef __cplusplus extern "C" { diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index f34124b1a0..0767a187e5 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -382,7 +382,7 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se status = gensec_start_mech_by_oid(gensec_ctx, req->smb_conn->negotiate.oid); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start GENSEC %s server code: %s\n", - gensec_get_name_by_oid(req->smb_conn->negotiate.oid), nt_errstr(status))); + gensec_get_name_by_oid(gensec_ctx, req->smb_conn->negotiate.oid), nt_errstr(status))); goto failed; } diff --git a/source4/torture/basic/base.c b/source4/torture/basic/base.c index 4725188e8f..ea7b6c08fd 100644 --- a/source4/torture/basic/base.c +++ b/source4/torture/basic/base.c @@ -1450,14 +1450,8 @@ static bool torture_samba3_errorpaths(struct torture_context *tctx) const char *os2_fname = ".+,;=[]."; const char *dname = "samba3_errordir"; union smb_open io; - TALLOC_CTX *mem_ctx = talloc_init("samba3_errorpaths"); NTSTATUS status; - if (mem_ctx == NULL) { - torture_comment(tctx, "talloc_init failed\n"); - return false; - } - nt_status_support = lp_nt_status_support(tctx->lp_ctx); if (!lp_set_cmdline(tctx->lp_ctx, "nt status support", "yes")) { @@ -1506,14 +1500,14 @@ static bool torture_samba3_errorpaths(struct torture_context *tctx) io.ntcreatex.in.security_flags = 0; io.ntcreatex.in.fname = dname; - status = smb_raw_open(cli_nt->tree, mem_ctx, &io); + status = smb_raw_open(cli_nt->tree, tctx, &io); if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_COLLISION)) { torture_comment(tctx, "(%s) incorrect status %s should be %s\n", __location__, nt_errstr(status), nt_errstr(NT_STATUS_OBJECT_NAME_COLLISION)); goto fail; } - status = smb_raw_open(cli_dos->tree, mem_ctx, &io); + status = smb_raw_open(cli_dos->tree, tctx, &io); if (!NT_STATUS_EQUAL(status, NT_STATUS_DOS(ERRDOS, ERRfilexists))) { torture_comment(tctx, "(%s) incorrect status %s should be %s\n", __location__, nt_errstr(status), @@ -1563,7 +1557,7 @@ static bool torture_samba3_errorpaths(struct torture_context *tctx) } io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY; - status = smb_raw_open(cli_nt->tree, mem_ctx, &io); + status = smb_raw_open(cli_nt->tree, tctx, &io); if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_COLLISION)) { torture_comment(tctx, "(%s) incorrect status %s should be %s\n", __location__, nt_errstr(status), @@ -1571,7 +1565,7 @@ static bool torture_samba3_errorpaths(struct torture_context *tctx) goto fail; } - status = smb_raw_open(cli_dos->tree, mem_ctx, &io); + status = smb_raw_open(cli_dos->tree, tctx, &io); if (!NT_STATUS_EQUAL(status, NT_STATUS_DOS(ERRDOS, ERRfilexists))) { torture_comment(tctx, "(%s) incorrect status %s should be %s\n", __location__, nt_errstr(status), @@ -1644,7 +1638,7 @@ static bool torture_samba3_errorpaths(struct torture_context *tctx) io.ntcreatex.in.fname = fname; io.ntcreatex.in.flags = 0; - status = smb_raw_open(cli_nt->tree, mem_ctx, &io); + status = smb_raw_open(cli_nt->tree, tctx, &io); if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_A_DIRECTORY)) { torture_comment(tctx, "ntcreate as dir gave %s, " "expected NT_STATUS_NOT_A_DIRECTORY\n", @@ -1656,7 +1650,7 @@ static bool torture_samba3_errorpaths(struct torture_context *tctx) smbcli_close(cli_nt->tree, io.ntcreatex.out.file.fnum); } - status = smb_raw_open(cli_dos->tree, mem_ctx, &io); + status = smb_raw_open(cli_dos->tree, tctx, &io); if (!NT_STATUS_EQUAL(status, NT_STATUS_DOS(ERRDOS, ERRbaddirectory))) { torture_comment(tctx, "ntcreate as dir gave %s, " diff --git a/source4/torture/basic/misc.c b/source4/torture/basic/misc.c index c19b08e617..f11b90f448 100644 --- a/source4/torture/basic/misc.c +++ b/source4/torture/basic/misc.c @@ -823,6 +823,7 @@ static struct composite_context *torture_connect_async( smb->in.credentials=cmdline_credentials; smb->in.fallback_to_anonymous=false; smb->in.iconv_convenience = lp_iconv_convenience(tctx->lp_ctx); + smb->in.gensec_settings = lp_gensec_settings(mem_ctx, tctx->lp_ctx); smb->in.workgroup=workgroup; lp_smbcli_options(tctx->lp_ctx, &smb->in.options); lp_smbcli_session_options(tctx->lp_ctx, &smb->in.session_options); diff --git a/source4/torture/gentest.c b/source4/torture/gentest.c index 9e2456d236..02eecd7f40 100644 --- a/source4/torture/gentest.c +++ b/source4/torture/gentest.c @@ -233,7 +233,8 @@ static bool connect_servers(struct event_context *ev, servers[i].credentials, &servers[i].smb2_tree[j], ev, &smb_options, - lp_socket_options(lp_ctx) + lp_socket_options(lp_ctx), + lp_gensec_settings(lp_ctx, lp_ctx) ); } else { status = smbcli_tree_full_connection(NULL, @@ -246,7 +247,8 @@ static bool connect_servers(struct event_context *ev, lp_resolve_context(lp_ctx), ev, &smb_options, &smb_session_options, - lp_iconv_convenience(lp_ctx)); + lp_iconv_convenience(lp_ctx), + lp_gensec_settings(lp_ctx, lp_ctx)); } if (!NT_STATUS_IS_OK(status)) { printf("Failed to connect to \\\\%s\\%s - %s\n", diff --git a/source4/torture/locktest.c b/source4/torture/locktest.c index 4beef98a8f..18c4156cc3 100644 --- a/source4/torture/locktest.c +++ b/source4/torture/locktest.c @@ -168,7 +168,8 @@ static struct smbcli_state *connect_one(struct event_context *ev, servers[snum], lp_resolve_context(lp_ctx), ev, &options, &session_options, - lp_iconv_convenience(lp_ctx)); + lp_iconv_convenience(lp_ctx), + lp_gensec_settings(mem_ctx, lp_ctx)); if (!NT_STATUS_IS_OK(status)) { sleep(2); } diff --git a/source4/torture/locktest2.c b/source4/torture/locktest2.c index e7cbf13c74..cb435c7b55 100644 --- a/source4/torture/locktest2.c +++ b/source4/torture/locktest2.c @@ -144,6 +144,7 @@ static struct smbcli_state *connect_one(TALLOC_CTX *mem_ctx, char *share, const char **ports, struct smb_options *options, struct smb_options *session_options, + struct gensec_settings *gensec_settings, struct event_context *ev) { struct smbcli_state *c; @@ -173,7 +174,7 @@ static struct smbcli_state *connect_one(TALLOC_CTX *mem_ctx, nt_status = smbcli_full_connection(NULL, &c, myname, server_n, ports, share, NULL, username, lp_workgroup(), password, ev, - options, session_options); + options, session_options, gensec_settings); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("smbcli_full_connection failed with error %s\n", nt_errstr(nt_status))); return NULL; @@ -192,6 +193,7 @@ static void reconnect(TALLOC_CTX *mem_ctx, const char **ports, struct smbcli_options *options, struct smbcli_session_options *session_options, + struct gensec_settings *gensec_settings, struct event_context *ev, char *share1, char *share2) { @@ -211,7 +213,7 @@ static void reconnect(TALLOC_CTX *mem_ctx, smbcli_ulogoff(cli[server][conn]); talloc_free(cli[server][conn]); } - cli[server][conn] = connect_one(mem_ctx, share[server], ports, options, session_options, ev); + cli[server][conn] = connect_one(mem_ctx, share[server], ports, options, session_options, gensec_settings, ev); if (!cli[server][conn]) { DEBUG(0,("Failed to connect to %s\n", share[server])); exit(1); @@ -362,6 +364,7 @@ static void test_locks(TALLOC_CTX *mem_ctx, char *share1, char *share2, const char **ports, struct smbcli_options *options, struct smbcli_session_options *session_options, + struct gensec_settings *gensec_settings, struct event_context *ev) { struct smbcli_state *cli[NSERVERS][NCONNECTIONS]; @@ -391,7 +394,7 @@ static void test_locks(TALLOC_CTX *mem_ctx, char *share1, char *share2, recorded[n].needed = true; } - reconnect(mem_ctx, cli, nfs, fnum, ports, options, session_options, ev, share1, share2); + reconnect(mem_ctx, cli, nfs, fnum, ports, options, session_options, gensec_settings, ev, share1, share2); open_files(cli, nfs, fnum); n = retest(cli, nfs, fnum, numops); @@ -429,7 +432,7 @@ static void test_locks(TALLOC_CTX *mem_ctx, char *share1, char *share2, } close_files(cli, nfs, fnum); - reconnect(mem_ctx, cli, nfs, fnum, ports, options, session_options, ev, share1, share2); + reconnect(mem_ctx, cli, nfs, fnum, ports, options, session_options, gensec_settings, ev, share1, share2); open_files(cli, nfs, fnum); showall = true; n1 = retest(cli, nfs, fnum, n); @@ -567,8 +570,9 @@ static void usage(void) locking_init(1); lp_smbcli_options(lp_ctx, &options); lp_smbcli_session_options(lp_ctx, &session_options); - test_locks(mem_ctx, share1, share2, nfspath1, nfspath2, lp_smb_ports(lp_ctx), - &options, &session_options, ev); + test_locks(mem_ctx, share1, share2, nfspath1, nfspath2, + lp_smb_ports(lp_ctx), + &options, &session_options, lp_gensec_settings(lp_ctx), ev); return(0); } diff --git a/source4/torture/masktest.c b/source4/torture/masktest.c index fb1277a95a..9ff790c2b0 100644 --- a/source4/torture/masktest.c +++ b/source4/torture/masktest.c @@ -79,7 +79,8 @@ static struct smbcli_state *connect_one(struct resolve_context *resolve_ctx, const char *socket_options, struct smbcli_options *options, struct smbcli_session_options *session_options, - struct smb_iconv_convenience *iconv_convenience) + struct smb_iconv_convenience *iconv_convenience, + struct gensec_settings *gensec_settings) { struct smbcli_state *c; char *server; @@ -100,7 +101,8 @@ static struct smbcli_state *connect_one(struct resolve_context *resolve_ctx, socket_options, cmdline_credentials, resolve_ctx, ev, options, session_options, - iconv_convenience); + iconv_convenience, + gensec_settings); if (!NT_STATUS_IS_OK(status)) { return NULL; @@ -372,7 +374,8 @@ static void usage(poptContext pc) cli = connect_one(lp_resolve_context(lp_ctx), ev, mem_ctx, share, lp_smb_ports(lp_ctx), lp_socket_options(lp_ctx), &options, &session_options, - lp_iconv_convenience(lp_ctx)); + lp_iconv_convenience(lp_ctx), + lp_gensec_settings(mem_ctx, lp_ctx)); if (!cli) { DEBUG(0,("Failed to connect to %s\n", share)); exit(1); diff --git a/source4/torture/raw/composite.c b/source4/torture/raw/composite.c index 6eb4fe0e67..79ae41dafb 100644 --- a/source4/torture/raw/composite.c +++ b/source4/torture/raw/composite.c @@ -164,6 +164,7 @@ static bool test_fetchfile(struct smbcli_state *cli, struct torture_context *tct io2.in.filename = fname; io2.in.resolve_ctx = lp_resolve_context(tctx->lp_ctx); io2.in.iconv_convenience = lp_iconv_convenience(tctx->lp_ctx); + io2.in.gensec_settings = lp_gensec_settings(tctx, tctx->lp_ctx); lp_smbcli_options(tctx->lp_ctx, &io2.in.options); lp_smbcli_session_options(tctx->lp_ctx, &io2.in.session_options); @@ -355,6 +356,7 @@ static bool test_fsinfo(struct smbcli_state *cli, struct torture_context *tctx) io1.in.workgroup = lp_workgroup(tctx->lp_ctx); io1.in.level = RAW_QFS_OBJECTID_INFORMATION; io1.in.iconv_convenience = lp_iconv_convenience(tctx->lp_ctx); + io1.in.gensec_settings = lp_gensec_settings(tctx, tctx->lp_ctx); printf("testing parallel queryfsinfo [Object ID] with %d ops\n", torture_numops); diff --git a/source4/torture/raw/lockbench.c b/source4/torture/raw/lockbench.c index 6b59b35b5d..dce21ebe71 100644 --- a/source4/torture/raw/lockbench.c +++ b/source4/torture/raw/lockbench.c @@ -188,6 +188,7 @@ static void reopen_connection(struct event_context *ev, struct timed_event *te, io->in.dest_host = state->dest_host; io->in.dest_ports = state->dest_ports; + io->in.gensec_settings = lp_gensec_settings(state->mem_ctx, state->tctx->lp_ctx); io->in.socket_options = lp_socket_options(state->tctx->lp_ctx); io->in.called_name = state->called_name; io->in.service = share; diff --git a/source4/torture/raw/openbench.c b/source4/torture/raw/openbench.c index e2d52f6c02..2440649e7f 100644 --- a/source4/torture/raw/openbench.c +++ b/source4/torture/raw/openbench.c @@ -137,6 +137,7 @@ static void reopen_connection(struct event_context *ev, struct timed_event *te, io->in.credentials = cmdline_credentials; io->in.fallback_to_anonymous = false; io->in.workgroup = lp_workgroup(state->tctx->lp_ctx); + io->in.gensec_settings = lp_gensec_settings(state->mem_ctx, state->tctx->lp_ctx); lp_smbcli_options(state->tctx->lp_ctx, &io->in.options); lp_smbcli_session_options(state->tctx->lp_ctx, &io->in.session_options); diff --git a/source4/torture/raw/oplock.c b/source4/torture/raw/oplock.c index 86dae6bc1f..4ffb24eb03 100644 --- a/source4/torture/raw/oplock.c +++ b/source4/torture/raw/oplock.c @@ -190,7 +190,8 @@ static bool open_connection_no_level2_oplocks(struct torture_context *tctx, NULL, lp_socket_options(tctx->lp_ctx), cmdline_credentials, lp_resolve_context(tctx->lp_ctx), tctx->ev, &options, &session_options, - lp_iconv_convenience(tctx->lp_ctx)); + lp_iconv_convenience(tctx->lp_ctx), + lp_gensec_settings(tctx, tctx->lp_ctx)); if (!NT_STATUS_IS_OK(status)) { printf("Failed to open connection - %s\n", nt_errstr(status)); return false; diff --git a/source4/torture/raw/tconrate.c b/source4/torture/raw/tconrate.c index 1615b5322a..0109b65481 100644 --- a/source4/torture/raw/tconrate.c +++ b/source4/torture/raw/tconrate.c @@ -103,7 +103,8 @@ static int fork_tcon_client(struct torture_context *tctx, NULL, lp_socket_options(tctx->lp_ctx), cmdline_credentials, lp_resolve_context(tctx->lp_ctx), tctx->ev, &options, &session_options, - lp_iconv_convenience(tctx->lp_ctx)); + lp_iconv_convenience(tctx->lp_ctx), + lp_gensec_settings(tctx, tctx->lp_ctx)); if (!NT_STATUS_IS_OK(status)) { printf("failed to connect to //%s/%s: %s\n", diff --git a/source4/torture/rpc/join.c b/source4/torture/rpc/join.c index 9d6c803ad7..b0c122c1b6 100644 --- a/source4/torture/rpc/join.c +++ b/source4/torture/rpc/join.c @@ -43,7 +43,8 @@ bool torture_rpc_join(struct torture_context *torture) machine_account, lp_resolve_context(torture->lp_ctx), torture->ev, &options, &session_options, - lp_iconv_convenience(torture->lp_ctx)); + lp_iconv_convenience(torture->lp_ctx), + lp_gensec_settings(torture, torture->lp_ctx)); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("%s failed to connect to IPC$ with workstation credentials\n", TORTURE_NETBIOS_NAME)); @@ -71,7 +72,8 @@ bool torture_rpc_join(struct torture_context *torture) machine_account, lp_resolve_context(torture->lp_ctx), torture->ev, &options, &session_options, - lp_iconv_convenience(torture->lp_ctx)); + lp_iconv_convenience(torture->lp_ctx), + lp_gensec_settings(torture, torture->lp_ctx)); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("%s failed to connect to IPC$ with workstation credentials\n", TORTURE_NETBIOS_NAME)); diff --git a/source4/torture/rpc/mgmt.c b/source4/torture/rpc/mgmt.c index fed432f31c..7f618ab776 100644 --- a/source4/torture/rpc/mgmt.c +++ b/source4/torture/rpc/mgmt.c @@ -128,7 +128,7 @@ static bool test_inq_princ_name(struct dcerpc_pipe *p, continue; } if (W_ERROR_IS_OK(r.out.result)) { - const char *name = gensec_get_name_by_authtype(i); + const char *name = gensec_get_name_by_authtype(NULL, i); ret = true; if (name) { printf("\tprinciple name for proto %u (%s) is '%s'\n", diff --git a/source4/torture/rpc/rpc.c b/source4/torture/rpc/rpc.c index 3e5d2d4323..2fcf700c36 100644 --- a/source4/torture/rpc/rpc.c +++ b/source4/torture/rpc/rpc.c @@ -77,6 +77,8 @@ _PUBLIC_ NTSTATUS torture_rpc_connection(struct torture_context *tctx, NTSTATUS status; struct dcerpc_binding *binding; + dcerpc_init(tctx->lp_ctx); + status = torture_rpc_binding(tctx, &binding); if (NT_STATUS_IS_ERR(status)) return status; @@ -371,8 +373,6 @@ NTSTATUS torture_rpc_init(void) { struct torture_suite *suite = torture_suite_create(talloc_autofree_context(), "RPC"); - dcerpc_init(); - ndr_table_init(); torture_suite_add_simple_test(suite, "LSA", torture_rpc_lsa); diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c index 73c2044449..c2b849127f 100644 --- a/source4/torture/rpc/samba3rpc.c +++ b/source4/torture/rpc/samba3rpc.c @@ -94,7 +94,8 @@ bool torture_bind_authcontext(struct torture_context *torture) cmdline_credentials, lp_resolve_context(torture->lp_ctx), torture->ev, &options, &session_options, - lp_iconv_convenience(torture->lp_ctx)); + lp_iconv_convenience(torture->lp_ctx), + lp_gensec_settings(torture, torture->lp_ctx)); if (!NT_STATUS_IS_OK(status)) { d_printf("smbcli_full_connection failed: %s\n", nt_errstr(status)); @@ -316,7 +317,8 @@ bool torture_bind_samba3(struct torture_context *torture) cmdline_credentials, lp_resolve_context(torture->lp_ctx), torture->ev, &options, &session_options, - lp_iconv_convenience(torture->lp_ctx)); + lp_iconv_convenience(torture->lp_ctx), + lp_gensec_settings(torture, torture->lp_ctx)); if (!NT_STATUS_IS_OK(status)) { d_printf("smbcli_full_connection failed: %s\n", nt_errstr(status)); @@ -1254,7 +1256,8 @@ bool torture_netlogon_samba3(struct torture_context *torture) anon_creds, lp_resolve_context(torture->lp_ctx), torture->ev, &options, &session_options, - lp_iconv_convenience(torture->lp_ctx)); + lp_iconv_convenience(torture->lp_ctx), + lp_gensec_settings(torture, torture->lp_ctx)); if (!NT_STATUS_IS_OK(status)) { d_printf("smbcli_full_connection failed: %s\n", nt_errstr(status)); @@ -1344,7 +1347,8 @@ static bool test_join3(struct torture_context *tctx, "IPC$", NULL, lp_socket_options(tctx->lp_ctx), smb_creds, lp_resolve_context(tctx->lp_ctx), tctx->ev, &options, &session_options, - lp_iconv_convenience(tctx->lp_ctx)); + lp_iconv_convenience(tctx->lp_ctx), + lp_gensec_settings(tctx, tctx->lp_ctx)); if (!NT_STATUS_IS_OK(status)) { d_printf("smbcli_full_connection failed: %s\n", nt_errstr(status)); @@ -1727,7 +1731,8 @@ bool torture_samba3_rpc_getusername(struct torture_context *torture) "IPC$", NULL, lp_socket_options(torture->lp_ctx), cmdline_credentials, lp_resolve_context(torture->lp_ctx), torture->ev, &options, &session_options, - lp_iconv_convenience(torture->lp_ctx)); + lp_iconv_convenience(torture->lp_ctx), + lp_gensec_settings(torture, torture->lp_ctx)); if (!NT_STATUS_IS_OK(status)) { d_printf("(%s) smbcli_full_connection failed: %s\n", __location__, nt_errstr(status)); @@ -1755,7 +1760,8 @@ bool torture_samba3_rpc_getusername(struct torture_context *torture) lp_socket_options(torture->lp_ctx), anon_creds, lp_resolve_context(torture->lp_ctx), torture->ev, &options, &session_options, - lp_iconv_convenience(torture->lp_ctx)); + lp_iconv_convenience(torture->lp_ctx), + lp_gensec_settings(torture, torture->lp_ctx)); if (!NT_STATUS_IS_OK(status)) { d_printf("(%s) anon smbcli_full_connection failed: %s\n", __location__, nt_errstr(status)); diff --git a/source4/torture/smb2/scan.c b/source4/torture/smb2/scan.c index f0d25017c6..a5e682c111 100644 --- a/source4/torture/smb2/scan.c +++ b/source4/torture/smb2/scan.c @@ -209,7 +209,8 @@ bool torture_smb2_scan(struct torture_context *torture) share, lp_resolve_context(torture->lp_ctx), credentials, &tree, torture->ev, &options, - lp_socket_options(torture->lp_ctx)); + lp_socket_options(torture->lp_ctx), + lp_gensec_settings(torture, torture->lp_ctx)); if (!NT_STATUS_IS_OK(status)) { printf("Connection failed - %s\n", nt_errstr(status)); return false; @@ -228,7 +229,8 @@ bool torture_smb2_scan(struct torture_context *torture) share, lp_resolve_context(torture->lp_ctx), credentials, &tree, torture->ev, &options, - lp_socket_options(torture->lp_ctx)); + lp_socket_options(torture->lp_ctx), + lp_gensec_settings(mem_ctx, torture->lp_ctx)); if (!NT_STATUS_IS_OK(status)) { printf("Connection failed - %s\n", nt_errstr(status)); return false; diff --git a/source4/torture/smb2/util.c b/source4/torture/smb2/util.c index e53b6cddac..b17dc246e3 100644 --- a/source4/torture/smb2/util.c +++ b/source4/torture/smb2/util.c @@ -280,7 +280,8 @@ bool torture_smb2_connection(struct torture_context *tctx, struct smb2_tree **tr lp_resolve_context(tctx->lp_ctx), credentials, tree, tctx->ev, &options, - lp_socket_options(tctx->lp_ctx) + lp_socket_options(tctx->lp_ctx), + lp_gensec_settings(tctx, tctx->lp_ctx) ); if (!NT_STATUS_IS_OK(status)) { printf("Failed to connect to SMB2 share \\\\%s\\%s - %s\n", diff --git a/source4/torture/smbtorture.c b/source4/torture/smbtorture.c index bfe6d0503d..0c2c8c0f6b 100644 --- a/source4/torture/smbtorture.c +++ b/source4/torture/smbtorture.c @@ -33,6 +33,7 @@ #include "torture/smbtorture.h" #include "../lib/util/dlinklist.h" #include "librpc/rpc/dcerpc.h" +#include "auth/gensec/gensec.h" #include "param/param.h" #include "auth/credentials/credentials.h" @@ -648,6 +649,8 @@ int main(int argc,char *argv[]) torture->lp_ctx = cmdline_lp_ctx; + gensec_init(cmdline_lp_ctx); + if (argc_new == 0) { printf("You must specify a test to run, or 'ALL'\n"); } else if (shell) { diff --git a/source4/torture/unix/unix_info2.c b/source4/torture/unix/unix_info2.c index 2e451e1999..d0a2c3d041 100644 --- a/source4/torture/unix/unix_info2.c +++ b/source4/torture/unix/unix_info2.c @@ -67,7 +67,8 @@ static struct smbcli_state *connect_to_server(struct torture_context *tctx) cmdline_credentials, lp_resolve_context(tctx->lp_ctx), tctx->ev, &options, &session_options, - lp_iconv_convenience(tctx->lp_ctx)); + lp_iconv_convenience(tctx->lp_ctx), + lp_gensec_settings(tctx, tctx->lp_ctx)); if (!NT_STATUS_IS_OK(status)) { printf("failed to connect to //%s/%s: %s\n", diff --git a/source4/torture/unix/whoami.c b/source4/torture/unix/whoami.c index f3a6acee50..5e5a5e81cd 100644 --- a/source4/torture/unix/whoami.c +++ b/source4/torture/unix/whoami.c @@ -87,7 +87,8 @@ static struct smbcli_state *connect_to_server(struct torture_context *tctx, share, NULL, lp_socket_options(tctx->lp_ctx), creds, lp_resolve_context(tctx->lp_ctx), tctx->ev, &options, &session_options, - lp_iconv_convenience(tctx->lp_ctx)); + lp_iconv_convenience(tctx->lp_ctx), + lp_gensec_settings(tctx, tctx->lp_ctx)); if (!NT_STATUS_IS_OK(status)) { printf("failed to connect to //%s/%s: %s\n", diff --git a/source4/torture/util_smb.c b/source4/torture/util_smb.c index 5157369a78..ae051b9735 100644 --- a/source4/torture/util_smb.c +++ b/source4/torture/util_smb.c @@ -490,7 +490,8 @@ _PUBLIC_ bool torture_open_connection_share(TALLOC_CTX *mem_ctx, cmdline_credentials, lp_resolve_context(tctx->lp_ctx), ev, &options, &session_options, - lp_iconv_convenience(tctx->lp_ctx)); + lp_iconv_convenience(tctx->lp_ctx), + lp_gensec_settings(tctx, tctx->lp_ctx)); if (!NT_STATUS_IS_OK(status)) { printf("Failed to open connection - %s\n", nt_errstr(status)); return false; diff --git a/source4/utils/net/net.c b/source4/utils/net/net.c index 1c834fe4f0..81584e4398 100644 --- a/source4/utils/net/net.c +++ b/source4/utils/net/net.c @@ -183,7 +183,7 @@ static int binary_net(int argc, const char **argv) return net_usage(ctx, argc, argv); } - dcerpc_init(); + dcerpc_init(cmdline_lp_ctx); ev = s4_event_context_init(NULL); if (!ev) { |