diff options
25 files changed, 101 insertions, 95 deletions
diff --git a/source4/auth/auth_server.c b/source4/auth/auth_server.c index 1e25702671..b5fcda15b3 100644 --- a/source4/auth/auth_server.c +++ b/source4/auth/auth_server.c @@ -24,7 +24,7 @@ Support for server level security. ****************************************************************************/ -static struct smbcli_state *server_cryptkey(TALLOC_CTX *mem_ctx, bool unicode, int maxprotocol) +static struct smbcli_state *server_cryptkey(TALLOC_CTX *mem_ctx, bool unicode, int maxprotocol, const char **name_resolve_order) { struct smbcli_state *cli = NULL; fstring desthost; @@ -45,7 +45,7 @@ static struct smbcli_state *server_cryptkey(TALLOC_CTX *mem_ctx, bool unicode, i while(next_token( &p, desthost, LIST_SEP, sizeof(desthost))) { strupper(desthost); - if(!resolve_name( desthost, &dest_ip, 0x20, lp_name_resolve_order(global_loadparm))) { + if(!resolve_name( desthost, &dest_ip, 0x20, name_resolve_order)) { DEBUG(1,("server_cryptkey: Can't resolve address for %s\n",desthost)); continue; } @@ -215,7 +215,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context if (cli) { } else { - cli = server_cryptkey(mem_ctx, lp_unicode(auth_context->lp_ctx), lp_cli_maxprotocol(auth_context->lp_ctx)); + cli = server_cryptkey(mem_ctx, lp_unicode(auth_context->lp_ctx), lp_cli_maxprotocol(auth_context->lp_ctx), lp_name_resolve_order(auth_context->lp_ctx)); locally_made_cli = true; } diff --git a/source4/nsswitch/wbinfo.c b/source4/nsswitch/wbinfo.c index 4538911f97..4303f36e4a 100644 --- a/source4/nsswitch/wbinfo.c +++ b/source4/nsswitch/wbinfo.c @@ -786,7 +786,7 @@ static bool wbinfo_auth(char *username) /* Authenticate a user with a challenge/response */ -static bool wbinfo_auth_crap(char *username) +static bool wbinfo_auth_crap(struct loadparm_context *lp_ctx, char *username) { struct winbindd_request request; struct winbindd_response response; @@ -819,7 +819,7 @@ static bool wbinfo_auth_crap(char *username) generate_random_buffer(request.data.auth_crap.chal, 8); - if (lp_client_ntlmv2_auth(global_loadparm)) { + if (lp_client_ntlmv2_auth(lp_ctx)) { DATA_BLOB server_chal; DATA_BLOB names_blob; @@ -836,7 +836,7 @@ static bool wbinfo_auth_crap(char *username) server_chal = data_blob(request.data.auth_crap.chal, 8); /* Pretend this is a login to 'us', for blob purposes */ - names_blob = NTLMv2_generate_names_blob(mem_ctx, lp_netbios_name(global_loadparm), lp_workgroup(global_loadparm)); + names_blob = NTLMv2_generate_names_blob(mem_ctx, lp_netbios_name(lp_ctx), lp_workgroup(lp_ctx)); if (!SMBNTLMv2encrypt(mem_ctx, name_user, name_domain, pass, &server_chal, &names_blob, @@ -862,7 +862,7 @@ static bool wbinfo_auth_crap(char *username) data_blob_free(&lm_response); } else { - if (lp_client_lanman_auth(global_loadparm) + if (lp_client_lanman_auth(lp_ctx) && SMBencrypt(pass, request.data.auth_crap.chal, (unsigned char *)request.data.auth_crap.lm_resp)) { request.data.auth_crap.lm_resp_len = 24; @@ -1218,7 +1218,7 @@ int main(int argc, char **argv, char **envp) got_error = true; } - if (!wbinfo_auth_crap(string_arg)) { + if (!wbinfo_auth_crap(global_loadparm, string_arg)) { d_fprintf(stderr, "Could not authenticate user %s with " "challenge/response\n", string_arg); got_error = true; diff --git a/source4/smb_server/smb/negprot.c b/source4/smb_server/smb/negprot.c index 81cfe43137..f92c542ef6 100644 --- a/source4/smb_server/smb/negprot.c +++ b/source4/smb_server/smb/negprot.c @@ -47,7 +47,7 @@ static NTSTATUS get_challenge(struct smbsrv_connection *smb_conn, uint8_t buff[8 nt_status = auth_context_create(smb_conn, smb_conn->connection->event.ctx, smb_conn->connection->msg_ctx, - global_loadparm, + smb_conn->lp_ctx, &smb_conn->negotiate.auth_context); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("auth_context_create() returned %s", nt_errstr(nt_status))); @@ -92,7 +92,7 @@ this any more it probably doesn't matter ****************************************************************************/ static void reply_coreplus(struct smbsrv_request *req, uint16_t choice) { - uint16_t raw = (lp_readraw(global_loadparm)?1:0) | (lp_writeraw(global_loadparm)?2:0); + uint16_t raw = (lp_readraw(req->smb_conn->lp_ctx)?1:0) | (lp_writeraw(req->smb_conn->lp_ctx)?2:0); smbsrv_setup_reply(req, 13, 0); @@ -123,13 +123,13 @@ static void reply_coreplus(struct smbsrv_request *req, uint16_t choice) ****************************************************************************/ static void reply_lanman1(struct smbsrv_request *req, uint16_t choice) { - int raw = (lp_readraw(global_loadparm)?1:0) | (lp_writeraw(global_loadparm)?2:0); + int raw = (lp_readraw(req->smb_conn->lp_ctx)?1:0) | (lp_writeraw(req->smb_conn->lp_ctx)?2:0); int secword=0; time_t t = req->request_time.tv_sec; - req->smb_conn->negotiate.encrypted_passwords = lp_encrypted_passwords(global_loadparm); + req->smb_conn->negotiate.encrypted_passwords = lp_encrypted_passwords(req->smb_conn->lp_ctx); - if (lp_security(global_loadparm) != SEC_SHARE) + if (lp_security(req->smb_conn->lp_ctx) != SEC_SHARE) secword |= NEGOTIATE_SECURITY_USER_LEVEL; if (req->smb_conn->negotiate.encrypted_passwords) @@ -146,7 +146,7 @@ static void reply_lanman1(struct smbsrv_request *req, uint16_t choice) SSVAL(req->out.vwv, VWV(0), choice); SSVAL(req->out.vwv, VWV(1), secword); SSVAL(req->out.vwv, VWV(2), req->smb_conn->negotiate.max_recv); - SSVAL(req->out.vwv, VWV(3), lp_maxmux(global_loadparm)); + SSVAL(req->out.vwv, VWV(3), lp_maxmux(req->smb_conn->lp_ctx)); SSVAL(req->out.vwv, VWV(4), 1); SSVAL(req->out.vwv, VWV(5), raw); SIVAL(req->out.vwv, VWV(6), req->smb_conn->connection->server_id.id); @@ -181,13 +181,13 @@ static void reply_lanman1(struct smbsrv_request *req, uint16_t choice) ****************************************************************************/ static void reply_lanman2(struct smbsrv_request *req, uint16_t choice) { - int raw = (lp_readraw(global_loadparm)?1:0) | (lp_writeraw(global_loadparm)?2:0); + int raw = (lp_readraw(req->smb_conn->lp_ctx)?1:0) | (lp_writeraw(req->smb_conn->lp_ctx)?2:0); int secword=0; time_t t = req->request_time.tv_sec; - req->smb_conn->negotiate.encrypted_passwords = lp_encrypted_passwords(global_loadparm); + req->smb_conn->negotiate.encrypted_passwords = lp_encrypted_passwords(req->smb_conn->lp_ctx); - if (lp_security(global_loadparm) != SEC_SHARE) + if (lp_security(req->smb_conn->lp_ctx) != SEC_SHARE) secword |= NEGOTIATE_SECURITY_USER_LEVEL; if (req->smb_conn->negotiate.encrypted_passwords) @@ -200,7 +200,7 @@ static void reply_lanman2(struct smbsrv_request *req, uint16_t choice) SSVAL(req->out.vwv, VWV(0), choice); SSVAL(req->out.vwv, VWV(1), secword); SSVAL(req->out.vwv, VWV(2), req->smb_conn->negotiate.max_recv); - SSVAL(req->out.vwv, VWV(3), lp_maxmux(global_loadparm)); + SSVAL(req->out.vwv, VWV(3), lp_maxmux(req->smb_conn->lp_ctx)); SSVAL(req->out.vwv, VWV(4), 1); SSVAL(req->out.vwv, VWV(5), raw); SIVAL(req->out.vwv, VWV(6), req->smb_conn->connection->server_id.id); @@ -215,7 +215,7 @@ static void reply_lanman2(struct smbsrv_request *req, uint16_t choice) get_challenge(req->smb_conn, req->out.data); } - req_push_str(req, NULL, lp_workgroup(global_loadparm), -1, STR_TERMINATE); + req_push_str(req, NULL, lp_workgroup(req->smb_conn->lp_ctx), -1, STR_TERMINATE); if (req->smb_conn->signing.mandatory_signing) { smbsrv_terminate_connection(req->smb_conn, @@ -237,8 +237,8 @@ static void reply_nt1_orig(struct smbsrv_request *req) req->out.ptr += 8; SCVAL(req->out.vwv+1, VWV(16), 8); } - req_push_str(req, NULL, lp_workgroup(global_loadparm), -1, STR_UNICODE|STR_TERMINATE|STR_NOALIGN); - req_push_str(req, NULL, lp_netbios_name(global_loadparm), -1, STR_UNICODE|STR_TERMINATE|STR_NOALIGN); + req_push_str(req, NULL, lp_workgroup(req->smb_conn->lp_ctx), -1, STR_UNICODE|STR_TERMINATE|STR_NOALIGN); + req_push_str(req, NULL, lp_netbios_name(req->smb_conn->lp_ctx), -1, STR_UNICODE|STR_TERMINATE|STR_NOALIGN); DEBUG(3,("not using extended security (SPNEGO or NTLMSSP)\n")); } @@ -261,50 +261,51 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice) CAP_NT_FIND | CAP_LOCK_AND_READ | CAP_LEVEL_II_OPLOCKS | CAP_NT_SMBS | CAP_RPC_REMOTE_APIS; - req->smb_conn->negotiate.encrypted_passwords = lp_encrypted_passwords(global_loadparm); + req->smb_conn->negotiate.encrypted_passwords = lp_encrypted_passwords(req->smb_conn->lp_ctx); /* do spnego in user level security if the client supports it and we can do encrypted passwords */ if (req->smb_conn->negotiate.encrypted_passwords && - (lp_security(global_loadparm) != SEC_SHARE) && - lp_use_spnego(global_loadparm) && + (lp_security(req->smb_conn->lp_ctx) != SEC_SHARE) && + lp_use_spnego(req->smb_conn->lp_ctx) && (req->flags2 & FLAGS2_EXTENDED_SECURITY)) { negotiate_spnego = true; capabilities |= CAP_EXTENDED_SECURITY; } - if (lp_unix_extensions(global_loadparm)) { + if (lp_unix_extensions(req->smb_conn->lp_ctx)) { capabilities |= CAP_UNIX; } - if (lp_large_readwrite(global_loadparm)) { + if (lp_large_readwrite(req->smb_conn->lp_ctx)) { capabilities |= CAP_LARGE_READX | CAP_LARGE_WRITEX | CAP_W2K_SMBS; } - large_test_path = lock_path(req, global_loadparm, "large_test.dat"); + large_test_path = lock_path(req, req->smb_conn->lp_ctx, "large_test.dat"); if (large_file_support(large_test_path)) { capabilities |= CAP_LARGE_FILES; } - if (lp_readraw(global_loadparm) && lp_writeraw(global_loadparm)) { + if (lp_readraw(req->smb_conn->lp_ctx) && + lp_writeraw(req->smb_conn->lp_ctx)) { capabilities |= CAP_RAW_MODE; } /* allow for disabling unicode */ - if (lp_unicode(global_loadparm)) { + if (lp_unicode(req->smb_conn->lp_ctx)) { capabilities |= CAP_UNICODE; } - if (lp_nt_status_support(global_loadparm)) { + if (lp_nt_status_support(req->smb_conn->lp_ctx)) { capabilities |= CAP_STATUS32; } - if (lp_host_msdfs(global_loadparm)) { + if (lp_host_msdfs(req->smb_conn->lp_ctx)) { capabilities |= CAP_DFS; } - if (lp_security(global_loadparm) != SEC_SHARE) { + if (lp_security(req->smb_conn->lp_ctx) != SEC_SHARE) { secword |= NEGOTIATE_SECURITY_USER_LEVEL; } @@ -331,7 +332,7 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice) this is the one and only SMB packet that is malformed in the specification - all the command words after the secword are offset by 1 byte */ - SSVAL(req->out.vwv+1, VWV(1), lp_maxmux(global_loadparm)); + SSVAL(req->out.vwv+1, VWV(1), lp_maxmux(req->smb_conn->lp_ctx)); SSVAL(req->out.vwv+1, VWV(2), 1); /* num vcs */ SIVAL(req->out.vwv+1, VWV(3), req->smb_conn->negotiate.max_recv); SIVAL(req->out.vwv+1, VWV(5), 0x10000); /* raw size. full 64k */ @@ -352,7 +353,7 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice) nt_status = gensec_server_start(req->smb_conn, req->smb_conn->connection->event.ctx, - global_loadparm, + req->smb_conn->lp_ctx, req->smb_conn->connection->msg_ctx, &gensec_security); if (!NT_STATUS_IS_OK(nt_status)) { @@ -373,7 +374,7 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice) return; } - cli_credentials_set_conf(server_credentials, global_loadparm); + cli_credentials_set_conf(server_credentials, req->smb_conn->lp_ctx); nt_status = cli_credentials_set_machine_account(server_credentials); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(10, ("Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(nt_status))); @@ -519,9 +520,9 @@ void smbsrv_reply_negprot(struct smbsrv_request *req) for (protocol = 0; supported_protocols[protocol].proto_name; protocol++) { int i; - if (supported_protocols[protocol].protocol_level > lp_srv_maxprotocol(global_loadparm)) + if (supported_protocols[protocol].protocol_level > lp_srv_maxprotocol(req->smb_conn->lp_ctx)) continue; - if (supported_protocols[protocol].protocol_level < lp_srv_minprotocol(global_loadparm)) + if (supported_protocols[protocol].protocol_level < lp_srv_minprotocol(req->smb_conn->lp_ctx)) continue; for (i = 0; i < protos_count; i++) { diff --git a/source4/smb_server/smb/service.c b/source4/smb_server/smb/service.c index 558f30307b..0e602f6a8b 100644 --- a/source4/smb_server/smb/service.c +++ b/source4/smb_server/smb/service.c @@ -201,7 +201,7 @@ NTSTATUS smbsrv_tcon_backend(struct smbsrv_request *req, union smb_tcon *con) con->tconx.out.dev_type = talloc_strdup(req, req->tcon->ntvfs->dev_type); con->tconx.out.fs_type = talloc_strdup(req, req->tcon->ntvfs->fs_type); con->tconx.out.options = SMB_SUPPORT_SEARCH_BITS | (share_int_option(req->tcon->ntvfs->config, SHARE_CSC_POLICY, SHARE_CSC_POLICY_DEFAULT) << 2); - if (share_bool_option(req->tcon->ntvfs->config, SHARE_MSDFS_ROOT, SHARE_MSDFS_ROOT_DEFAULT) && lp_host_msdfs(global_loadparm)) { + if (share_bool_option(req->tcon->ntvfs->config, SHARE_MSDFS_ROOT, SHARE_MSDFS_ROOT_DEFAULT) && lp_host_msdfs(req->smb_conn->lp_ctx)) { con->tconx.out.options |= SMB_SHARE_IN_DFS; } diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index 8cc16aaa68..de2141b808 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -40,7 +40,8 @@ static void sesssetup_common_strings(struct smbsrv_request *req, { (*os) = talloc_asprintf(req, "Unix"); (*lanman) = talloc_asprintf(req, "Samba %s", SAMBA_VERSION_STRING); - (*domain) = talloc_asprintf(req, "%s", lp_workgroup(global_loadparm)); + (*domain) = talloc_asprintf(req, "%s", + lp_workgroup(req->smb_conn->lp_ctx)); } static void smbsrv_sesssetup_backend_send(struct smbsrv_request *req, @@ -69,7 +70,8 @@ static void sesssetup_old_send(struct auth_check_password_request *areq, if (!NT_STATUS_IS_OK(status)) goto failed; /* This references server_info into session_info */ - status = auth_generate_session_info(req, global_loadparm, server_info, &session_info); + status = auth_generate_session_info(req, req->smb_conn->lp_ctx, + server_info, &session_info); if (!NT_STATUS_IS_OK(status)) goto failed; /* allocate a new session */ @@ -164,7 +166,8 @@ static void sesssetup_nt1_send(struct auth_check_password_request *areq, if (!NT_STATUS_IS_OK(status)) goto failed; /* This references server_info into session_info */ - status = auth_generate_session_info(req, global_loadparm, server_info, &session_info); + status = auth_generate_session_info(req, req->smb_conn->lp_ctx, + server_info, &session_info); if (!NT_STATUS_IS_OK(status)) goto failed; /* allocate a new session */ @@ -246,7 +249,7 @@ static void sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *sess) status = auth_context_create(req, req->smb_conn->connection->event.ctx, req->smb_conn->connection->msg_ctx, - global_loadparm, + req->smb_conn->lp_ctx, &auth_context); if (!NT_STATUS_IS_OK(status)) goto failed; } else { @@ -380,7 +383,7 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se status = gensec_server_start(req, req->smb_conn->connection->event.ctx, - global_loadparm, + req->smb_conn->lp_ctx, req->smb_conn->connection->msg_ctx, &gensec_ctx); if (!NT_STATUS_IS_OK(status)) { diff --git a/source4/smb_server/smb/signing.c b/source4/smb_server/smb/signing.c index b91a65ab84..146d8c7256 100644 --- a/source4/smb_server/smb/signing.c +++ b/source4/smb_server/smb/signing.c @@ -102,7 +102,7 @@ bool smbsrv_init_signing(struct smbsrv_connection *smb_conn) return false; } - switch (lp_server_signing(global_loadparm)) { + switch (lp_server_signing(smb_conn->lp_ctx)) { case SMB_SIGNING_OFF: smb_conn->signing.allow_smb_signing = false; break; @@ -114,7 +114,7 @@ bool smbsrv_init_signing(struct smbsrv_connection *smb_conn) smb_conn->signing.mandatory_signing = true; break; case SMB_SIGNING_AUTO: - if (lp_domain_logons(global_loadparm)) { + if (lp_domain_logons(smb_conn->lp_ctx)) { smb_conn->signing.allow_smb_signing = true; } else { smb_conn->signing.allow_smb_signing = false; diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 30160c9d5d..664079812a 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -39,7 +39,7 @@ static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB * nt_status = gensec_server_start(req, req->smb_conn->connection->event.ctx, - global_loadparm, + req->smb_conn->lp_ctx, req->smb_conn->connection->msg_ctx, &gensec_security); if (!NT_STATUS_IS_OK(nt_status)) { @@ -54,7 +54,7 @@ static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB * return NT_STATUS_NO_MEMORY; } - cli_credentials_set_conf(server_credentials, global_loadparm); + cli_credentials_set_conf(server_credentials, req->smb_conn->lp_ctx); nt_status = cli_credentials_set_machine_account(server_credentials); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(10, ("Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(nt_status))); diff --git a/source4/smb_server/smb2/receive.c b/source4/smb_server/smb2/receive.c index a440c33dc0..cfae2dbe52 100644 --- a/source4/smb_server/smb2/receive.c +++ b/source4/smb_server/smb2/receive.c @@ -516,7 +516,7 @@ NTSTATUS smbsrv_init_smb2_connection(struct smbsrv_connection *smb_conn) /* this is the size that w2k uses, and it appears to be important for good performance */ - smb_conn->negotiate.max_recv = lp_max_xmit(global_loadparm); + smb_conn->negotiate.max_recv = lp_max_xmit(smb_conn->lp_ctx); smb_conn->negotiate.zone_offset = get_time_zone(time(NULL)); diff --git a/source4/smb_server/smb2/sesssetup.c b/source4/smb_server/smb2/sesssetup.c index 5c8d0144be..636f5f0e27 100644 --- a/source4/smb_server/smb2/sesssetup.c +++ b/source4/smb_server/smb2/sesssetup.c @@ -122,7 +122,7 @@ static void smb2srv_sesssetup_backend(struct smb2srv_request *req, union smb_ses status = gensec_server_start(req, req->smb_conn->connection->event.ctx, - global_loadparm, + req->smb_conn->lp_ctx, req->smb_conn->connection->msg_ctx, &gensec_ctx); if (!NT_STATUS_IS_OK(status)) { diff --git a/source4/smb_server/smb_server.c b/source4/smb_server/smb_server.c index 8ba93b9a59..59d9e8f7b3 100644 --- a/source4/smb_server/smb_server.c +++ b/source4/smb_server/smb_server.c @@ -42,7 +42,7 @@ static NTSTATUS smbsrv_recv_generic_request(void *private, DATA_BLOB blob) /* see if its a special NBT packet */ if (CVAL(blob.data,0) != 0) { - status = smbsrv_init_smb_connection(smb_conn, global_loadparm); + status = smbsrv_init_smb_connection(smb_conn, smb_conn->lp_ctx); NT_STATUS_NOT_OK_RETURN(status); packet_set_callback(smb_conn->packet, smbsrv_recv_smb_request); return smbsrv_recv_smb_request(smb_conn, blob); @@ -58,12 +58,12 @@ static NTSTATUS smbsrv_recv_generic_request(void *private, DATA_BLOB blob) switch (protocol_version) { case SMB_MAGIC: - status = smbsrv_init_smb_connection(smb_conn, global_loadparm); + status = smbsrv_init_smb_connection(smb_conn, smb_conn->lp_ctx); NT_STATUS_NOT_OK_RETURN(status); packet_set_callback(smb_conn->packet, smbsrv_recv_smb_request); return smbsrv_recv_smb_request(smb_conn, blob); case SMB2_MAGIC: - if (lp_srv_maxprotocol(global_loadparm) < PROTOCOL_SMB2) break; + if (lp_srv_maxprotocol(smb_conn->lp_ctx) < PROTOCOL_SMB2) break; status = smbsrv_init_smb2_connection(smb_conn); NT_STATUS_NOT_OK_RETURN(status); packet_set_callback(smb_conn->packet, smbsrv_recv_smb2_request); @@ -149,6 +149,7 @@ static void smbsrv_accept(struct stream_connection *conn) packet_set_fde(smb_conn->packet, conn->event.fde); packet_set_serialise(smb_conn->packet); + smb_conn->lp_ctx = global_loadparm; smb_conn->connection = conn; conn->private = smb_conn; diff --git a/source4/smb_server/smb_server.h b/source4/smb_server/smb_server.h index 5aa2e0b6ce..5644dfe6fb 100644 --- a/source4/smb_server/smb_server.h +++ b/source4/smb_server/smb_server.h @@ -374,6 +374,8 @@ struct smbsrv_connection { } statistics; struct share_context *share_context; + + struct loadparm_context *lp_ctx; }; struct model_ops; diff --git a/source4/torture/nbt/dgram.c b/source4/torture/nbt/dgram.c index ff1a7b97cb..f7a094b52d 100644 --- a/source4/torture/nbt/dgram.c +++ b/source4/torture/nbt/dgram.c @@ -84,7 +84,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx) /* do an initial name resolution to find its IP */ torture_assert_ntstatus_ok(tctx, - resolve_name(&name, tctx, &address, event_context_find(tctx), lp_name_resolve_order(global_loadparm)), + resolve_name(&name, tctx, &address, event_context_find(tctx), lp_name_resolve_order(tctx->lp_ctx)), talloc_asprintf(tctx, "Failed to resolve %s", name.name)); myaddress = talloc_strdup(dgmsock, iface_best_ip(address)); diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c index 522b821b91..fa54f43afd 100644 --- a/source4/torture/rpc/samba3rpc.c +++ b/source4/torture/rpc/samba3rpc.c @@ -1219,7 +1219,7 @@ bool torture_netlogon_samba3(struct torture_context *torture) * credentials */ -static bool test_join3(TALLOC_CTX *mem_ctx, +static bool test_join3(struct torture_context *tctx, bool use_level25, struct cli_credentials *smb_creds, struct cli_credentials *samr_creds, @@ -1230,8 +1230,8 @@ static bool test_join3(TALLOC_CTX *mem_ctx, struct smbcli_state *cli; struct cli_credentials *wks_creds; - status = smbcli_full_connection(mem_ctx, &cli, - lp_parm_string(global_loadparm, NULL, "torture", "host"), + status = smbcli_full_connection(tctx, &cli, + torture_setting_string(tctx, "host", NULL), "IPC$", NULL, smb_creds, NULL); if (!NT_STATUS_IS_OK(status)) { d_printf("smbcli_full_connection failed: %s\n", @@ -1245,7 +1245,7 @@ static bool test_join3(TALLOC_CTX *mem_ctx, goto done; } - cli_credentials_set_conf(wks_creds, global_loadparm); + cli_credentials_set_conf(wks_creds, tctx->lp_ctx); cli_credentials_set_secure_channel_type(wks_creds, SEC_CHAN_WKSTA); cli_credentials_set_username(wks_creds, wks_name, CRED_SPECIFIED); cli_credentials_set_workstation(wks_creds, wks_name, CRED_SPECIFIED); @@ -1287,21 +1287,13 @@ static bool test_join3(TALLOC_CTX *mem_ctx, bool torture_samba3_sessionkey(struct torture_context *torture) { - TALLOC_CTX *mem_ctx; bool ret = false; struct cli_credentials *anon_creds; const char *wks_name; wks_name = torture_setting_string(torture, "wksname", get_myname()); - mem_ctx = talloc_init("torture_samba3_sessionkey"); - - if (mem_ctx == NULL) { - d_printf("talloc_init failed\n"); - return false; - } - - if (!(anon_creds = create_anon_creds(mem_ctx))) { + if (!(anon_creds = create_anon_creds(torture))) { d_printf("create_anon_creds failed\n"); goto done; } @@ -1313,27 +1305,27 @@ bool torture_samba3_sessionkey(struct torture_context *torture) /* Samba3 in the build farm right now does this happily. Need * to fix :-) */ - if (test_join3(mem_ctx, false, anon_creds, NULL, wks_name)) { + if (test_join3(torture, false, anon_creds, NULL, wks_name)) { d_printf("join using anonymous bind on an anonymous smb " "connection succeeded -- HUH??\n"); ret = false; } } - if (!test_join3(mem_ctx, false, anon_creds, cmdline_credentials, + if (!test_join3(torture, false, anon_creds, cmdline_credentials, wks_name)) { d_printf("join using ntlmssp bind on an anonymous smb " "connection failed\n"); ret = false; } - if (!test_join3(mem_ctx, false, cmdline_credentials, NULL, wks_name)) { + if (!test_join3(torture, false, cmdline_credentials, NULL, wks_name)) { d_printf("join using anonymous bind on an authenticated smb " "connection failed\n"); ret = false; } - if (!test_join3(mem_ctx, false, cmdline_credentials, + if (!test_join3(torture, false, cmdline_credentials, cmdline_credentials, wks_name)) { d_printf("join using ntlmssp bind on an authenticated smb " @@ -1345,14 +1337,14 @@ bool torture_samba3_sessionkey(struct torture_context *torture) * The following two are tests for setuserinfolevel 25 */ - if (!test_join3(mem_ctx, true, anon_creds, cmdline_credentials, + if (!test_join3(torture, true, anon_creds, cmdline_credentials, wks_name)) { d_printf("join using ntlmssp bind on an anonymous smb " "connection failed\n"); ret = false; } - if (!test_join3(mem_ctx, true, cmdline_credentials, NULL, wks_name)) { + if (!test_join3(torture, true, cmdline_credentials, NULL, wks_name)) { d_printf("join using anonymous bind on an authenticated smb " "connection failed\n"); ret = false; diff --git a/source4/utils/testparm.c b/source4/utils/testparm.c index 17e6a72746..665c649e73 100644 --- a/source4/utils/testparm.c +++ b/source4/utils/testparm.c @@ -246,7 +246,6 @@ static int do_share_checks(struct loadparm_context *lp_ctx, const char *cname, c fprintf(stderr,"Loaded services file OK.\n"); ret = do_global_checks(global_loadparm); - ret |= do_share_checks(global_loadparm, cname, caddr, silent_mode, show_defaults, section_name, parameter_name); return(ret); diff --git a/source4/winbind/wb_cmd_getpwnam.c b/source4/winbind/wb_cmd_getpwnam.c index 5029e168a2..fb2dc197c9 100644 --- a/source4/winbind/wb_cmd_getpwnam.c +++ b/source4/winbind/wb_cmd_getpwnam.c @@ -86,7 +86,7 @@ static void cmd_getpwnam_recv_domain(struct composite_context *ctx) user_info = talloc(state, struct libnet_UserInfo); if (composite_nomem(user_info, state->ctx)) return; - ok= wb_samba3_split_username(state, global_loadparm, state->name, &user_dom, &user_name); + ok= wb_samba3_split_username(state, state->service->task->lp_ctx, state->name, &user_dom, &user_name); if(!ok){ composite_error(state->ctx, NT_STATUS_OBJECT_NAME_INVALID); return; @@ -124,12 +124,14 @@ static void cmd_getpwnam_recv_user_info(struct composite_context *ctx) WBSRV_SAMBA3_SET_STRING(pw->pw_name, user_info->out.account_name); WBSRV_SAMBA3_SET_STRING(pw->pw_passwd, "*"); WBSRV_SAMBA3_SET_STRING(pw->pw_gecos, user_info->out.full_name); - WBSRV_SAMBA3_SET_STRING(pw->pw_dir, lp_template_homedir(global_loadparm)); + WBSRV_SAMBA3_SET_STRING(pw->pw_dir, + lp_template_homedir(state->service->task->lp_ctx)); all_string_sub(pw->pw_dir, "%WORKGROUP%", state->workgroup_name, sizeof(fstring) - 1); all_string_sub(pw->pw_dir, "%ACCOUNTNAME%", user_info->out.account_name, sizeof(fstring) - 1); - WBSRV_SAMBA3_SET_STRING(pw->pw_shell, lp_template_shell(global_loadparm)); + WBSRV_SAMBA3_SET_STRING(pw->pw_shell, + lp_template_shell(state->service->task->lp_ctx)); state->group_sid = dom_sid_dup(state, user_info->out.primary_group_sid); if(composite_nomem(state->group_sid, state->ctx)) return; diff --git a/source4/winbind/wb_cmd_getpwuid.c b/source4/winbind/wb_cmd_getpwuid.c index 339f7e896c..c250af1b56 100644 --- a/source4/winbind/wb_cmd_getpwuid.c +++ b/source4/winbind/wb_cmd_getpwuid.c @@ -148,12 +148,14 @@ static void cmd_getpwuid_recv_user_info(struct composite_context *ctx) WBSRV_SAMBA3_SET_STRING(pw->pw_name, user_info->out.account_name); WBSRV_SAMBA3_SET_STRING(pw->pw_passwd, "*"); WBSRV_SAMBA3_SET_STRING(pw->pw_gecos, user_info->out.full_name); - WBSRV_SAMBA3_SET_STRING(pw->pw_dir, lp_template_homedir(global_loadparm)); + WBSRV_SAMBA3_SET_STRING(pw->pw_dir, + lp_template_homedir(state->service->task->lp_ctx)); all_string_sub(pw->pw_dir, "%WORKGROUP%", state->workgroup, sizeof(fstring) - 1); all_string_sub(pw->pw_dir, "%ACCOUNTNAME%", user_info->out.account_name, sizeof(fstring) - 1); - WBSRV_SAMBA3_SET_STRING(pw->pw_shell, lp_template_shell(global_loadparm)); + WBSRV_SAMBA3_SET_STRING(pw->pw_shell, + lp_template_shell(state->service->task->lp_ctx)); pw->pw_uid = state->uid; diff --git a/source4/winbind/wb_dom_info.c b/source4/winbind/wb_dom_info.c index 13d446897e..99538bfb00 100644 --- a/source4/winbind/wb_dom_info.c +++ b/source4/winbind/wb_dom_info.c @@ -68,7 +68,8 @@ struct composite_context *wb_get_dom_info_send(TALLOC_CTX *mem_ctx, if (dom_sid == NULL) goto failed; ctx = finddcs_send(mem_ctx, domain_name, NBT_NAME_LOGON, - dom_sid, lp_name_resolve_order(global_loadparm), + dom_sid, + lp_name_resolve_order(service->task->lp_ctx), service->task->event_ctx, service->task->msg_ctx); if (ctx == NULL) goto failed; diff --git a/source4/winbind/wb_dom_info_trusted.c b/source4/winbind/wb_dom_info_trusted.c index 23436fa67a..5d960cb1d4 100644 --- a/source4/winbind/wb_dom_info_trusted.c +++ b/source4/winbind/wb_dom_info_trusted.c @@ -193,7 +193,7 @@ static void trusted_dom_info_recv_dcname(struct rpc_request *req) make_nbt_name(&name, state->info->dcs[0].name, 0x20); ctx = resolve_name_send(&name, state->service->task->event_ctx, - lp_name_resolve_order(global_loadparm)); + lp_name_resolve_order(state->service->task->lp_ctx)); composite_continue(state->ctx, ctx, trusted_dom_info_recv_dcaddr, state); diff --git a/source4/winbind/wb_init_domain.c b/source4/winbind/wb_init_domain.c index 7d050d5c67..fbc2c0c80a 100644 --- a/source4/winbind/wb_init_domain.c +++ b/source4/winbind/wb_init_domain.c @@ -151,7 +151,7 @@ struct composite_context *wb_init_domain_send(TALLOC_CTX *mem_ctx, cli_credentials_set_event_context(state->domain->libnet_ctx->cred, service->task->event_ctx); - cli_credentials_set_conf(state->domain->libnet_ctx->cred, global_loadparm); + cli_credentials_set_conf(state->domain->libnet_ctx->cred, service->task->lp_ctx); /* Connect the machine account to the credentials */ state->ctx->status = @@ -163,14 +163,14 @@ struct composite_context *wb_init_domain_send(TALLOC_CTX *mem_ctx, state->domain->netlogon_pipe = NULL; if ((!cli_credentials_is_anonymous(state->domain->libnet_ctx->cred)) && - ((lp_server_role(global_loadparm) == ROLE_DOMAIN_MEMBER) || - (lp_server_role(global_loadparm) == ROLE_DOMAIN_CONTROLLER)) && + ((lp_server_role(service->task->lp_ctx) == ROLE_DOMAIN_MEMBER) || + (lp_server_role(service->task->lp_ctx) == ROLE_DOMAIN_CONTROLLER)) && (dom_sid_equal(state->domain->info->sid, state->service->primary_sid))) { state->domain->netlogon_binding->flags |= DCERPC_SCHANNEL; /* For debugging, it can be a real pain if all the traffic is encrypted */ - if (lp_winbind_sealed_pipes(global_loadparm)) { + if (lp_winbind_sealed_pipes(service->task->lp_ctx)) { state->domain->netlogon_binding->flags |= (DCERPC_SIGN | DCERPC_SEAL ); } else { state->domain->netlogon_binding->flags |= (DCERPC_SIGN); @@ -216,7 +216,7 @@ static void init_domain_recv_netlogonpipe(struct composite_context *ctx) state->domain->lsa_binding = init_domain_binding(state, &ndr_table_lsarpc); /* For debugging, it can be a real pain if all the traffic is encrypted */ - if (lp_winbind_sealed_pipes(global_loadparm)) { + if (lp_winbind_sealed_pipes(state->service->task->lp_ctx)) { state->domain->lsa_binding->flags |= (DCERPC_SIGN | DCERPC_SEAL ); } else { state->domain->lsa_binding->flags |= (DCERPC_SIGN); diff --git a/source4/winbind/wb_name2domain.c b/source4/winbind/wb_name2domain.c index 60fe18b5b9..e19703b1e5 100644 --- a/source4/winbind/wb_name2domain.c +++ b/source4/winbind/wb_name2domain.c @@ -55,7 +55,7 @@ struct composite_context *wb_name2domain_send(TALLOC_CTX *mem_ctx, result->private_data = state; state->service = service; - ok = wb_samba3_split_username(state, global_loadparm, name, &user_dom, &user_name); + ok = wb_samba3_split_username(state, service->task->lp_ctx, name, &user_dom, &user_name); if(!ok) { composite_error(state->ctx, NT_STATUS_OBJECT_NAME_INVALID); return result; diff --git a/source4/winbind/wb_pam_auth.c b/source4/winbind/wb_pam_auth.c index 06e2bff990..9045c63d63 100644 --- a/source4/winbind/wb_pam_auth.c +++ b/source4/winbind/wb_pam_auth.c @@ -221,11 +221,11 @@ struct composite_context *wb_cmd_pam_auth_send(TALLOC_CTX *mem_ctx, DATA_BLOB chal, nt_resp, lm_resp, names_blob; int flags = CLI_CRED_NTLM_AUTH; - if (lp_client_lanman_auth(global_loadparm)) { + if (lp_client_lanman_auth(service->task->lp_ctx)) { flags |= CLI_CRED_LANMAN_AUTH; } - if (lp_client_ntlmv2_auth(global_loadparm)) { + if (lp_client_ntlmv2_auth(service->task->lp_ctx)) { flags |= CLI_CRED_NTLMv2_AUTH; } @@ -235,7 +235,7 @@ struct composite_context *wb_cmd_pam_auth_send(TALLOC_CTX *mem_ctx, if (!credentials) { return NULL; } - cli_credentials_set_conf(credentials, global_loadparm); + cli_credentials_set_conf(credentials, service->task->lp_ctx); cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED); cli_credentials_set_username(credentials, user, CRED_SPECIFIED); diff --git a/source4/winbind/wb_samba3_cmd.c b/source4/winbind/wb_samba3_cmd.c index 041284e307..24074700fc 100644 --- a/source4/winbind/wb_samba3_cmd.c +++ b/source4/winbind/wb_samba3_cmd.c @@ -86,7 +86,7 @@ NTSTATUS wbsrv_samba3_interface_version(struct wbsrv_samba3_call *s3call) NTSTATUS wbsrv_samba3_info(struct wbsrv_samba3_call *s3call) { s3call->response.result = WINBINDD_OK; - s3call->response.data.info.winbind_separator = *lp_winbind_separator(global_loadparm); + s3call->response.data.info.winbind_separator = *lp_winbind_separator(s3call->wbconn->lp_ctx); WBSRV_SAMBA3_SET_STRING(s3call->response.data.info.samba_version, SAMBA_VERSION_STRING); return NT_STATUS_OK; @@ -96,7 +96,7 @@ NTSTATUS wbsrv_samba3_domain_name(struct wbsrv_samba3_call *s3call) { s3call->response.result = WINBINDD_OK; WBSRV_SAMBA3_SET_STRING(s3call->response.data.domain_name, - lp_workgroup(global_loadparm)); + lp_workgroup(s3call->wbconn->lp_ctx)); return NT_STATUS_OK; } @@ -104,7 +104,7 @@ NTSTATUS wbsrv_samba3_netbios_name(struct wbsrv_samba3_call *s3call) { s3call->response.result = WINBINDD_OK; WBSRV_SAMBA3_SET_STRING(s3call->response.data.netbios_name, - lp_netbios_name(global_loadparm)); + lp_netbios_name(s3call->wbconn->lp_ctx)); return NT_STATUS_OK; } @@ -112,7 +112,7 @@ NTSTATUS wbsrv_samba3_priv_pipe_dir(struct wbsrv_samba3_call *s3call) { s3call->response.result = WINBINDD_OK; s3call->response.extra_data.data = - smbd_tmp_path(s3call, global_loadparm, WINBINDD_SAMBA3_PRIVILEGED_SOCKET); + smbd_tmp_path(s3call, s3call->wbconn->lp_ctx, WINBINDD_SAMBA3_PRIVILEGED_SOCKET); NT_STATUS_HAVE_NO_MEMORY(s3call->response.extra_data.data); return NT_STATUS_OK; } @@ -545,7 +545,7 @@ NTSTATUS wbsrv_samba3_pam_auth(struct wbsrv_samba3_call *s3call) s3call->wbconn->listen_socket->service; char *user, *domain; - if (!wb_samba3_split_username(s3call, global_loadparm, + if (!wb_samba3_split_username(s3call, s3call->wbconn->lp_ctx, s3call->request.data.auth.user, &domain, &user)) { return NT_STATUS_NO_SUCH_USER; diff --git a/source4/winbind/wb_server.c b/source4/winbind/wb_server.c index 0b3ebc461f..87ffc5b98e 100644 --- a/source4/winbind/wb_server.c +++ b/source4/winbind/wb_server.c @@ -60,6 +60,7 @@ static void wbsrv_accept(struct stream_connection *conn) } wbconn->conn = conn; wbconn->listen_socket = listen_socket; + wbconn->lp_ctx = global_loadparm; conn->private = wbconn; wbconn->packet = packet_init(wbconn); diff --git a/source4/winbind/wb_server.h b/source4/winbind/wb_server.h index 369fe025a9..f3cfc18565 100644 --- a/source4/winbind/wb_server.h +++ b/source4/winbind/wb_server.h @@ -99,6 +99,8 @@ struct wbsrv_connection { uint32_t pending_calls; struct packet_context *packet; + + struct loadparm_context *lp_ctx; }; #define WBSRV_SAMBA3_SET_STRING(dest, src) do { \ diff --git a/source4/winbind/wb_sid2domain.c b/source4/winbind/wb_sid2domain.c index 8336449602..fcf02cedcd 100644 --- a/source4/winbind/wb_sid2domain.c +++ b/source4/winbind/wb_sid2domain.c @@ -85,7 +85,7 @@ struct composite_context *wb_sid2domain_send(TALLOC_CTX *mem_ctx, if (dom_sid_equal(service->primary_sid, sid) || dom_sid_in_domain(service->primary_sid, sid)) { - ctx = wb_get_dom_info_send(state, service, lp_workgroup(global_loadparm), + ctx = wb_get_dom_info_send(state, service, lp_workgroup(service->task->lp_ctx), service->primary_sid); if (ctx == NULL) goto failed; ctx->async.fn = sid2domain_recv_dom_info; |