diff options
-rw-r--r-- | source4/auth/auth_server.c | 8 | ||||
-rw-r--r-- | source4/auth/auth_unix.c | 6 | ||||
-rw-r--r-- | source4/auth/auth_util.c | 2 | ||||
-rw-r--r-- | source4/auth/credentials/credentials_files.c | 11 | ||||
-rw-r--r-- | source4/auth/session.c | 1 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/password_hash.c | 2 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/update_keytab.c | 4 | ||||
-rw-r--r-- | source4/dsdb/samdb/samdb.c | 3 | ||||
-rw-r--r-- | source4/dsdb/samdb/samdb_privilege.c | 4 | ||||
-rw-r--r-- | source4/kdc/kdc.c | 10 | ||||
-rw-r--r-- | source4/ldap_server/ldap_bind.c | 3 | ||||
-rw-r--r-- | source4/lib/ldb_wrap.c | 5 |
12 files changed, 34 insertions, 25 deletions
diff --git a/source4/auth/auth_server.c b/source4/auth/auth_server.c index 6502564dca..d391793bd9 100644 --- a/source4/auth/auth_server.c +++ b/source4/auth/auth_server.c @@ -24,7 +24,7 @@ Support for server level security. ****************************************************************************/ -static struct smbcli_state *server_cryptkey(TALLOC_CTX *mem_ctx) +static struct smbcli_state *server_cryptkey(TALLOC_CTX *mem_ctx, int maxprotocol) { struct smbcli_state *cli = NULL; fstring desthost; @@ -92,7 +92,7 @@ static struct smbcli_state *server_cryptkey(TALLOC_CTX *mem_ctx) DEBUG(3,("got session\n")); - if (!smbcli_negprot(cli, lp_cli_maxprotocol(global_loadparm))) { + if (!smbcli_negprot(cli, maxprotocol)) { DEBUG(1,("%s rejected the negprot\n",desthost)); release_server_mutex(); talloc_free(cli); @@ -148,7 +148,7 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte void **my_private_data, TALLOC_CTX *mem_ctx) { - struct smbcli_state *cli = server_cryptkey(mem_ctx); + struct smbcli_state *cli = server_cryptkey(mem_ctx, lp_cli_maxprotocol(auth_context->lp_ctx)); if (cli) { DEBUG(3,("using password server validation\n")); @@ -215,7 +215,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context if (cli) { } else { - cli = server_cryptkey(mem_ctx); + cli = server_cryptkey(mem_ctx, lp_cli_maxprotocol(auth_context->lp_ctx)); locally_made_cli = true; } diff --git a/source4/auth/auth_unix.c b/source4/auth/auth_unix.c index 9efbe5dc12..fac04fd735 100644 --- a/source4/auth/auth_unix.c +++ b/source4/auth/auth_unix.c @@ -308,7 +308,7 @@ static NTSTATUS smb_pam_end(pam_handle_t *pamh) /* * PAM Authentication Handler */ -static NTSTATUS smb_pam_auth(pam_handle_t *pamh, const char *user) +static NTSTATUS smb_pam_auth(pam_handle_t *pamh, bool allow_null_passwords, const char *user) { int pam_error; @@ -319,7 +319,7 @@ static NTSTATUS smb_pam_auth(pam_handle_t *pamh, const char *user) DEBUG(4,("smb_pam_auth: PAM: Authenticate User: %s\n", user)); - pam_error = pam_authenticate(pamh, PAM_SILENT | lp_null_passwords(global_loadparm) ? 0 : PAM_DISALLOW_NULL_AUTHTOK); + pam_error = pam_authenticate(pamh, PAM_SILENT | allow_null_passwords ? 0 : PAM_DISALLOW_NULL_AUTHTOK); switch( pam_error ){ case PAM_AUTH_ERR: DEBUG(2, ("smb_pam_auth: PAM: Authentication Error for user %s\n", user)); @@ -461,7 +461,7 @@ static NTSTATUS check_unix_password(TALLOC_CTX *ctx, struct loadparm_context *lp return nt_status; } - nt_status = smb_pam_auth(pamh, user_info->mapped.account_name); + nt_status = smb_pam_auth(pamh, lp_null_passwords(lp_ctx), user_info->mapped.account_name); if (!NT_STATUS_IS_OK(nt_status)) { smb_pam_end(pamh); return nt_status; diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c index 9110fc1b97..c3ecfece39 100644 --- a/source4/auth/auth_util.c +++ b/source4/auth/auth_util.c @@ -58,7 +58,7 @@ NTSTATUS map_user_info(TALLOC_CTX *mem_ctx, } /* don't allow "" as a domain, fixes a Win9X bug - where it doens't supply a domain for logon script + where it doesn't supply a domain for logon script 'net use' commands. */ /* Split user@realm names into user and realm components. This is TODO to fix with proper userprincipalname support */ diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c index 2d850956e2..f3f73f7fb1 100644 --- a/source4/auth/credentials/credentials_files.c +++ b/source4/auth/credentials/credentials_files.c @@ -169,6 +169,7 @@ bool cli_credentials_parse_file(struct cli_credentials *cred, const char *file, * @retval NTSTATUS error detailing any failure */ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, struct ldb_context *ldb, const char *base, const char *filter) @@ -212,7 +213,7 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, if (!ldb) { /* Local secrets are stored in secrets.ldb */ - ldb = secrets_db_connect(mem_ctx, global_loadparm); + ldb = secrets_db_connect(mem_ctx, lp_ctx); if (!ldb) { /* set anonymous as the fallback, if the machine account won't work */ cli_credentials_set_anonymous(cred); @@ -308,7 +309,7 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, } else { keytab = ldb_msg_find_attr_as_string(msgs[0], "privateKeytab", NULL); if (keytab) { - keytab = talloc_asprintf(mem_ctx, "FILE:%s", private_path(mem_ctx, global_loadparm, keytab)); + keytab = talloc_asprintf(mem_ctx, "FILE:%s", private_path(mem_ctx, lp_ctx, keytab)); if (keytab) { cli_credentials_set_keytab_name(cred, keytab, CRED_SPECIFIED); } @@ -334,7 +335,7 @@ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred) cred->machine_account_pending = false; filter = talloc_asprintf(cred, SECRETS_PRIMARY_DOMAIN_FILTER, cli_credentials_get_domain(cred)); - return cli_credentials_set_secrets(cred, NULL, SECRETS_PRIMARY_DOMAIN_DN, + return cli_credentials_set_secrets(cred, global_loadparm, NULL, SECRETS_PRIMARY_DOMAIN_DN, filter); } @@ -354,7 +355,7 @@ NTSTATUS cli_credentials_set_krbtgt(struct cli_credentials *cred) filter = talloc_asprintf(cred, SECRETS_KRBTGT_SEARCH, cli_credentials_get_realm(cred), cli_credentials_get_domain(cred)); - return cli_credentials_set_secrets(cred, NULL, SECRETS_PRINCIPALS_DN, + return cli_credentials_set_secrets(cred, global_loadparm, NULL, SECRETS_PRINCIPALS_DN, filter); } @@ -376,7 +377,7 @@ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred, cli_credentials_get_realm(cred), cli_credentials_get_domain(cred), serviceprincipal); - return cli_credentials_set_secrets(cred, NULL, SECRETS_PRINCIPALS_DN, + return cli_credentials_set_secrets(cred, global_loadparm, NULL, SECRETS_PRINCIPALS_DN, filter); } diff --git a/source4/auth/session.c b/source4/auth/session.c index 1a87e98bed..259f52ac5c 100644 --- a/source4/auth/session.c +++ b/source4/auth/session.c @@ -161,6 +161,7 @@ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, session_info->session_key = server_info->user_session_key; nt_status = security_token_create(session_info, + global_loadparm, server_info->account_sid, server_info->primary_group_sid, server_info->n_domain_groups, diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index d0afae5395..eecec6a55b 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -341,7 +341,7 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io, return LDB_ERR_OPERATIONS_ERROR; } - if (lp_parm_bool(global_loadparm, NULL, "password_hash", "create_aes_key", false)) { + if (lp_parm_bool(ldb_get_opaque(io->ac->module->ldb, "loadparm"), NULL, "password_hash", "create_aes_key", false)) { /* * TODO: * diff --git a/source4/dsdb/samdb/ldb_modules/update_keytab.c b/source4/dsdb/samdb/ldb_modules/update_keytab.c index f193731900..87efa6a6f8 100644 --- a/source4/dsdb/samdb/ldb_modules/update_keytab.c +++ b/source4/dsdb/samdb/ldb_modules/update_keytab.c @@ -89,8 +89,8 @@ static int add_modified(struct ldb_module *module, struct ldb_dn *dn, bool delet return LDB_ERR_OPERATIONS_ERROR; } - cli_credentials_set_conf(item->creds, global_loadparm); - status = cli_credentials_set_secrets(item->creds, module->ldb, NULL, filter); + cli_credentials_set_conf(item->creds, ldb_get_opaque(module->ldb, "loadparm")); + status = cli_credentials_set_secrets(item->creds, ldb_get_opaque(module->ldb, "loadparm"), module->ldb, NULL, filter); talloc_free(filter); if (NT_STATUS_IS_OK(status)) { if (delete) { diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c index dd20937ab7..36f4a8816d 100644 --- a/source4/dsdb/samdb/samdb.c +++ b/source4/dsdb/samdb/samdb.c @@ -1854,6 +1854,7 @@ _PUBLIC_ NTSTATUS samdb_set_password_sid(struct ldb_context *ctx, TALLOC_CTX *me Create the SID list for this user. ****************************************************************************/ NTSTATUS security_token_create(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, struct dom_sid *user_sid, struct dom_sid *group_sid, int n_groupSIDs, @@ -1911,7 +1912,7 @@ NTSTATUS security_token_create(TALLOC_CTX *mem_ctx, } /* setup the privilege mask for this token */ - status = samdb_privilege_setup(ptoken); + status = samdb_privilege_setup(lp_ctx, ptoken); if (!NT_STATUS_IS_OK(status)) { talloc_free(ptoken); return status; diff --git a/source4/dsdb/samdb/samdb_privilege.c b/source4/dsdb/samdb/samdb_privilege.c index 468a26bf98..f81a6502ab 100644 --- a/source4/dsdb/samdb/samdb_privilege.c +++ b/source4/dsdb/samdb/samdb_privilege.c @@ -73,7 +73,7 @@ static NTSTATUS samdb_privilege_setup_sid(void *samctx, TALLOC_CTX *mem_ctx, setup the privilege mask for this security token based on our local SAM */ -_PUBLIC_ NTSTATUS samdb_privilege_setup(struct security_token *token) +_PUBLIC_ NTSTATUS samdb_privilege_setup(struct loadparm_context *lp_ctx, struct security_token *token) { void *samctx; TALLOC_CTX *mem_ctx; @@ -97,7 +97,7 @@ _PUBLIC_ NTSTATUS samdb_privilege_setup(struct security_token *token) } mem_ctx = talloc_new(token); - samctx = samdb_connect(mem_ctx, global_loadparm, system_session(mem_ctx)); + samctx = samdb_connect(mem_ctx, lp_ctx, system_session(mem_ctx)); if (samctx == NULL) { talloc_free(mem_ctx); return NT_STATUS_INTERNAL_DB_CORRUPTION; diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c index d1582215f8..b24b58f8d4 100644 --- a/source4/kdc/kdc.c +++ b/source4/kdc/kdc.c @@ -516,7 +516,7 @@ static NTSTATUS kdc_add_socket(struct kdc_server *kdc, const char *address, /* setup our listening sockets on the configured network interfaces */ -static NTSTATUS kdc_startup_interfaces(struct kdc_server *kdc) +static NTSTATUS kdc_startup_interfaces(struct kdc_server *kdc, struct loadparm_context *lp_ctx) { int num_interfaces = iface_count(); TALLOC_CTX *tmp_ctx = talloc_new(kdc); @@ -526,8 +526,8 @@ static NTSTATUS kdc_startup_interfaces(struct kdc_server *kdc) for (i=0; i<num_interfaces; i++) { const char *address = talloc_strdup(tmp_ctx, iface_n_ip(i)); - status = kdc_add_socket(kdc, address, lp_krb5_port(global_loadparm), - lp_kpasswd_port(global_loadparm)); + status = kdc_add_socket(kdc, address, lp_krb5_port(lp_ctx), + lp_kpasswd_port(lp_ctx)); NT_STATUS_NOT_OK_RETURN(status); } @@ -555,7 +555,7 @@ static void kdc_task_init(struct task_server *task) NTSTATUS status; krb5_error_code ret; - switch (lp_server_role(global_loadparm)) { + switch (lp_server_role(task->lp_ctx)) { case ROLE_STANDALONE: task_server_terminate(task, "kdc: no KDC required in standalone configuration"); return; @@ -636,7 +636,7 @@ static void kdc_task_init(struct task_server *task) kdc_mem_ctx = kdc->smb_krb5_context; /* start listening on the configured network interfaces */ - status = kdc_startup_interfaces(kdc); + status = kdc_startup_interfaces(kdc, task->lp_ctx); if (!NT_STATUS_IS_OK(status)) { task_server_terminate(task, "kdc failed to setup interfaces"); return; diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c index 50521e9a52..6a43228185 100644 --- a/source4/ldap_server/ldap_bind.c +++ b/source4/ldap_server/ldap_bind.c @@ -47,9 +47,10 @@ static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call) status = crack_auto_name_to_nt4_name(call, req->dn, &nt4_domain, &nt4_account); if (NT_STATUS_IS_OK(status)) { - status = authenticate_username_pw(global_loadparm, call, + status = authenticate_username_pw(call, call->conn->connection->event.ctx, call->conn->connection->msg_ctx, + global_loadparm, nt4_domain, nt4_account, req->creds.password, &session_info); diff --git a/source4/lib/ldb_wrap.c b/source4/lib/ldb_wrap.c index 21ca04997e..d0abb5808a 100644 --- a/source4/lib/ldb_wrap.c +++ b/source4/lib/ldb_wrap.c @@ -134,6 +134,11 @@ struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx, talloc_free(ldb); return NULL; } + + if (ldb_set_opaque(ldb, "loadparm", lp_ctx)) { + talloc_free(ldb); + return NULL; + } if (strcmp(lp_sam_url(lp_ctx), url) == 0) { dsdb_set_global_schema(ldb); |