summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/auth/auth_server.c6
-rw-r--r--source4/nsswitch/wbinfo.c10
-rw-r--r--source4/smb_server/smb/negprot.c59
-rw-r--r--source4/smb_server/smb/service.c2
-rw-r--r--source4/smb_server/smb/sesssetup.c13
-rw-r--r--source4/smb_server/smb/signing.c4
-rw-r--r--source4/smb_server/smb2/negprot.c4
-rw-r--r--source4/smb_server/smb2/receive.c2
-rw-r--r--source4/smb_server/smb2/sesssetup.c2
-rw-r--r--source4/smb_server/smb_server.c7
-rw-r--r--source4/smb_server/smb_server.h2
-rw-r--r--source4/torture/nbt/dgram.c2
-rw-r--r--source4/torture/rpc/samba3rpc.c30
-rw-r--r--source4/utils/testparm.c1
-rw-r--r--source4/winbind/wb_cmd_getpwnam.c8
-rw-r--r--source4/winbind/wb_cmd_getpwuid.c6
-rw-r--r--source4/winbind/wb_dom_info.c3
-rw-r--r--source4/winbind/wb_dom_info_trusted.c2
-rw-r--r--source4/winbind/wb_init_domain.c10
-rw-r--r--source4/winbind/wb_name2domain.c2
-rw-r--r--source4/winbind/wb_pam_auth.c6
-rw-r--r--source4/winbind/wb_samba3_cmd.c10
-rw-r--r--source4/winbind/wb_server.c1
-rw-r--r--source4/winbind/wb_server.h2
-rw-r--r--source4/winbind/wb_sid2domain.c2
25 files changed, 101 insertions, 95 deletions
diff --git a/source4/auth/auth_server.c b/source4/auth/auth_server.c
index 1e25702671..b5fcda15b3 100644
--- a/source4/auth/auth_server.c
+++ b/source4/auth/auth_server.c
@@ -24,7 +24,7 @@
Support for server level security.
****************************************************************************/
-static struct smbcli_state *server_cryptkey(TALLOC_CTX *mem_ctx, bool unicode, int maxprotocol)
+static struct smbcli_state *server_cryptkey(TALLOC_CTX *mem_ctx, bool unicode, int maxprotocol, const char **name_resolve_order)
{
struct smbcli_state *cli = NULL;
fstring desthost;
@@ -45,7 +45,7 @@ static struct smbcli_state *server_cryptkey(TALLOC_CTX *mem_ctx, bool unicode, i
while(next_token( &p, desthost, LIST_SEP, sizeof(desthost))) {
strupper(desthost);
- if(!resolve_name( desthost, &dest_ip, 0x20, lp_name_resolve_order(global_loadparm))) {
+ if(!resolve_name( desthost, &dest_ip, 0x20, name_resolve_order)) {
DEBUG(1,("server_cryptkey: Can't resolve address for %s\n",desthost));
continue;
}
@@ -215,7 +215,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context
if (cli) {
} else {
- cli = server_cryptkey(mem_ctx, lp_unicode(auth_context->lp_ctx), lp_cli_maxprotocol(auth_context->lp_ctx));
+ cli = server_cryptkey(mem_ctx, lp_unicode(auth_context->lp_ctx), lp_cli_maxprotocol(auth_context->lp_ctx), lp_name_resolve_order(auth_context->lp_ctx));
locally_made_cli = true;
}
diff --git a/source4/nsswitch/wbinfo.c b/source4/nsswitch/wbinfo.c
index 4538911f97..4303f36e4a 100644
--- a/source4/nsswitch/wbinfo.c
+++ b/source4/nsswitch/wbinfo.c
@@ -786,7 +786,7 @@ static bool wbinfo_auth(char *username)
/* Authenticate a user with a challenge/response */
-static bool wbinfo_auth_crap(char *username)
+static bool wbinfo_auth_crap(struct loadparm_context *lp_ctx, char *username)
{
struct winbindd_request request;
struct winbindd_response response;
@@ -819,7 +819,7 @@ static bool wbinfo_auth_crap(char *username)
generate_random_buffer(request.data.auth_crap.chal, 8);
- if (lp_client_ntlmv2_auth(global_loadparm)) {
+ if (lp_client_ntlmv2_auth(lp_ctx)) {
DATA_BLOB server_chal;
DATA_BLOB names_blob;
@@ -836,7 +836,7 @@ static bool wbinfo_auth_crap(char *username)
server_chal = data_blob(request.data.auth_crap.chal, 8);
/* Pretend this is a login to 'us', for blob purposes */
- names_blob = NTLMv2_generate_names_blob(mem_ctx, lp_netbios_name(global_loadparm), lp_workgroup(global_loadparm));
+ names_blob = NTLMv2_generate_names_blob(mem_ctx, lp_netbios_name(lp_ctx), lp_workgroup(lp_ctx));
if (!SMBNTLMv2encrypt(mem_ctx, name_user, name_domain, pass, &server_chal,
&names_blob,
@@ -862,7 +862,7 @@ static bool wbinfo_auth_crap(char *username)
data_blob_free(&lm_response);
} else {
- if (lp_client_lanman_auth(global_loadparm)
+ if (lp_client_lanman_auth(lp_ctx)
&& SMBencrypt(pass, request.data.auth_crap.chal,
(unsigned char *)request.data.auth_crap.lm_resp)) {
request.data.auth_crap.lm_resp_len = 24;
@@ -1218,7 +1218,7 @@ int main(int argc, char **argv, char **envp)
got_error = true;
}
- if (!wbinfo_auth_crap(string_arg)) {
+ if (!wbinfo_auth_crap(global_loadparm, string_arg)) {
d_fprintf(stderr, "Could not authenticate user %s with "
"challenge/response\n", string_arg);
got_error = true;
diff --git a/source4/smb_server/smb/negprot.c b/source4/smb_server/smb/negprot.c
index 81cfe43137..f92c542ef6 100644
--- a/source4/smb_server/smb/negprot.c
+++ b/source4/smb_server/smb/negprot.c
@@ -47,7 +47,7 @@ static NTSTATUS get_challenge(struct smbsrv_connection *smb_conn, uint8_t buff[8
nt_status = auth_context_create(smb_conn,
smb_conn->connection->event.ctx,
smb_conn->connection->msg_ctx,
- global_loadparm,
+ smb_conn->lp_ctx,
&smb_conn->negotiate.auth_context);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("auth_context_create() returned %s", nt_errstr(nt_status)));
@@ -92,7 +92,7 @@ this any more it probably doesn't matter
****************************************************************************/
static void reply_coreplus(struct smbsrv_request *req, uint16_t choice)
{
- uint16_t raw = (lp_readraw(global_loadparm)?1:0) | (lp_writeraw(global_loadparm)?2:0);
+ uint16_t raw = (lp_readraw(req->smb_conn->lp_ctx)?1:0) | (lp_writeraw(req->smb_conn->lp_ctx)?2:0);
smbsrv_setup_reply(req, 13, 0);
@@ -123,13 +123,13 @@ static void reply_coreplus(struct smbsrv_request *req, uint16_t choice)
****************************************************************************/
static void reply_lanman1(struct smbsrv_request *req, uint16_t choice)
{
- int raw = (lp_readraw(global_loadparm)?1:0) | (lp_writeraw(global_loadparm)?2:0);
+ int raw = (lp_readraw(req->smb_conn->lp_ctx)?1:0) | (lp_writeraw(req->smb_conn->lp_ctx)?2:0);
int secword=0;
time_t t = req->request_time.tv_sec;
- req->smb_conn->negotiate.encrypted_passwords = lp_encrypted_passwords(global_loadparm);
+ req->smb_conn->negotiate.encrypted_passwords = lp_encrypted_passwords(req->smb_conn->lp_ctx);
- if (lp_security(global_loadparm) != SEC_SHARE)
+ if (lp_security(req->smb_conn->lp_ctx) != SEC_SHARE)
secword |= NEGOTIATE_SECURITY_USER_LEVEL;
if (req->smb_conn->negotiate.encrypted_passwords)
@@ -146,7 +146,7 @@ static void reply_lanman1(struct smbsrv_request *req, uint16_t choice)
SSVAL(req->out.vwv, VWV(0), choice);
SSVAL(req->out.vwv, VWV(1), secword);
SSVAL(req->out.vwv, VWV(2), req->smb_conn->negotiate.max_recv);
- SSVAL(req->out.vwv, VWV(3), lp_maxmux(global_loadparm));
+ SSVAL(req->out.vwv, VWV(3), lp_maxmux(req->smb_conn->lp_ctx));
SSVAL(req->out.vwv, VWV(4), 1);
SSVAL(req->out.vwv, VWV(5), raw);
SIVAL(req->out.vwv, VWV(6), req->smb_conn->connection->server_id.id);
@@ -181,13 +181,13 @@ static void reply_lanman1(struct smbsrv_request *req, uint16_t choice)
****************************************************************************/
static void reply_lanman2(struct smbsrv_request *req, uint16_t choice)
{
- int raw = (lp_readraw(global_loadparm)?1:0) | (lp_writeraw(global_loadparm)?2:0);
+ int raw = (lp_readraw(req->smb_conn->lp_ctx)?1:0) | (lp_writeraw(req->smb_conn->lp_ctx)?2:0);
int secword=0;
time_t t = req->request_time.tv_sec;
- req->smb_conn->negotiate.encrypted_passwords = lp_encrypted_passwords(global_loadparm);
+ req->smb_conn->negotiate.encrypted_passwords = lp_encrypted_passwords(req->smb_conn->lp_ctx);
- if (lp_security(global_loadparm) != SEC_SHARE)
+ if (lp_security(req->smb_conn->lp_ctx) != SEC_SHARE)
secword |= NEGOTIATE_SECURITY_USER_LEVEL;
if (req->smb_conn->negotiate.encrypted_passwords)
@@ -200,7 +200,7 @@ static void reply_lanman2(struct smbsrv_request *req, uint16_t choice)
SSVAL(req->out.vwv, VWV(0), choice);
SSVAL(req->out.vwv, VWV(1), secword);
SSVAL(req->out.vwv, VWV(2), req->smb_conn->negotiate.max_recv);
- SSVAL(req->out.vwv, VWV(3), lp_maxmux(global_loadparm));
+ SSVAL(req->out.vwv, VWV(3), lp_maxmux(req->smb_conn->lp_ctx));
SSVAL(req->out.vwv, VWV(4), 1);
SSVAL(req->out.vwv, VWV(5), raw);
SIVAL(req->out.vwv, VWV(6), req->smb_conn->connection->server_id.id);
@@ -215,7 +215,7 @@ static void reply_lanman2(struct smbsrv_request *req, uint16_t choice)
get_challenge(req->smb_conn, req->out.data);
}
- req_push_str(req, NULL, lp_workgroup(global_loadparm), -1, STR_TERMINATE);
+ req_push_str(req, NULL, lp_workgroup(req->smb_conn->lp_ctx), -1, STR_TERMINATE);
if (req->smb_conn->signing.mandatory_signing) {
smbsrv_terminate_connection(req->smb_conn,
@@ -237,8 +237,8 @@ static void reply_nt1_orig(struct smbsrv_request *req)
req->out.ptr += 8;
SCVAL(req->out.vwv+1, VWV(16), 8);
}
- req_push_str(req, NULL, lp_workgroup(global_loadparm), -1, STR_UNICODE|STR_TERMINATE|STR_NOALIGN);
- req_push_str(req, NULL, lp_netbios_name(global_loadparm), -1, STR_UNICODE|STR_TERMINATE|STR_NOALIGN);
+ req_push_str(req, NULL, lp_workgroup(req->smb_conn->lp_ctx), -1, STR_UNICODE|STR_TERMINATE|STR_NOALIGN);
+ req_push_str(req, NULL, lp_netbios_name(req->smb_conn->lp_ctx), -1, STR_UNICODE|STR_TERMINATE|STR_NOALIGN);
DEBUG(3,("not using extended security (SPNEGO or NTLMSSP)\n"));
}
@@ -261,50 +261,51 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
CAP_NT_FIND | CAP_LOCK_AND_READ |
CAP_LEVEL_II_OPLOCKS | CAP_NT_SMBS | CAP_RPC_REMOTE_APIS;
- req->smb_conn->negotiate.encrypted_passwords = lp_encrypted_passwords(global_loadparm);
+ req->smb_conn->negotiate.encrypted_passwords = lp_encrypted_passwords(req->smb_conn->lp_ctx);
/* do spnego in user level security if the client
supports it and we can do encrypted passwords */
if (req->smb_conn->negotiate.encrypted_passwords &&
- (lp_security(global_loadparm) != SEC_SHARE) &&
- lp_use_spnego(global_loadparm) &&
+ (lp_security(req->smb_conn->lp_ctx) != SEC_SHARE) &&
+ lp_use_spnego(req->smb_conn->lp_ctx) &&
(req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
negotiate_spnego = true;
capabilities |= CAP_EXTENDED_SECURITY;
}
- if (lp_unix_extensions(global_loadparm)) {
+ if (lp_unix_extensions(req->smb_conn->lp_ctx)) {
capabilities |= CAP_UNIX;
}
- if (lp_large_readwrite(global_loadparm)) {
+ if (lp_large_readwrite(req->smb_conn->lp_ctx)) {
capabilities |= CAP_LARGE_READX | CAP_LARGE_WRITEX | CAP_W2K_SMBS;
}
- large_test_path = lock_path(req, global_loadparm, "large_test.dat");
+ large_test_path = lock_path(req, req->smb_conn->lp_ctx, "large_test.dat");
if (large_file_support(large_test_path)) {
capabilities |= CAP_LARGE_FILES;
}
- if (lp_readraw(global_loadparm) && lp_writeraw(global_loadparm)) {
+ if (lp_readraw(req->smb_conn->lp_ctx) &&
+ lp_writeraw(req->smb_conn->lp_ctx)) {
capabilities |= CAP_RAW_MODE;
}
/* allow for disabling unicode */
- if (lp_unicode(global_loadparm)) {
+ if (lp_unicode(req->smb_conn->lp_ctx)) {
capabilities |= CAP_UNICODE;
}
- if (lp_nt_status_support(global_loadparm)) {
+ if (lp_nt_status_support(req->smb_conn->lp_ctx)) {
capabilities |= CAP_STATUS32;
}
- if (lp_host_msdfs(global_loadparm)) {
+ if (lp_host_msdfs(req->smb_conn->lp_ctx)) {
capabilities |= CAP_DFS;
}
- if (lp_security(global_loadparm) != SEC_SHARE) {
+ if (lp_security(req->smb_conn->lp_ctx) != SEC_SHARE) {
secword |= NEGOTIATE_SECURITY_USER_LEVEL;
}
@@ -331,7 +332,7 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
this is the one and only SMB packet that is malformed in
the specification - all the command words after the secword
are offset by 1 byte */
- SSVAL(req->out.vwv+1, VWV(1), lp_maxmux(global_loadparm));
+ SSVAL(req->out.vwv+1, VWV(1), lp_maxmux(req->smb_conn->lp_ctx));
SSVAL(req->out.vwv+1, VWV(2), 1); /* num vcs */
SIVAL(req->out.vwv+1, VWV(3), req->smb_conn->negotiate.max_recv);
SIVAL(req->out.vwv+1, VWV(5), 0x10000); /* raw size. full 64k */
@@ -352,7 +353,7 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
nt_status = gensec_server_start(req->smb_conn,
req->smb_conn->connection->event.ctx,
- global_loadparm,
+ req->smb_conn->lp_ctx,
req->smb_conn->connection->msg_ctx,
&gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
@@ -373,7 +374,7 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
return;
}
- cli_credentials_set_conf(server_credentials, global_loadparm);
+ cli_credentials_set_conf(server_credentials, req->smb_conn->lp_ctx);
nt_status = cli_credentials_set_machine_account(server_credentials);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(10, ("Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(nt_status)));
@@ -519,9 +520,9 @@ void smbsrv_reply_negprot(struct smbsrv_request *req)
for (protocol = 0; supported_protocols[protocol].proto_name; protocol++) {
int i;
- if (supported_protocols[protocol].protocol_level > lp_srv_maxprotocol(global_loadparm))
+ if (supported_protocols[protocol].protocol_level > lp_srv_maxprotocol(req->smb_conn->lp_ctx))
continue;
- if (supported_protocols[protocol].protocol_level < lp_srv_minprotocol(global_loadparm))
+ if (supported_protocols[protocol].protocol_level < lp_srv_minprotocol(req->smb_conn->lp_ctx))
continue;
for (i = 0; i < protos_count; i++) {
diff --git a/source4/smb_server/smb/service.c b/source4/smb_server/smb/service.c
index 558f30307b..0e602f6a8b 100644
--- a/source4/smb_server/smb/service.c
+++ b/source4/smb_server/smb/service.c
@@ -201,7 +201,7 @@ NTSTATUS smbsrv_tcon_backend(struct smbsrv_request *req, union smb_tcon *con)
con->tconx.out.dev_type = talloc_strdup(req, req->tcon->ntvfs->dev_type);
con->tconx.out.fs_type = talloc_strdup(req, req->tcon->ntvfs->fs_type);
con->tconx.out.options = SMB_SUPPORT_SEARCH_BITS | (share_int_option(req->tcon->ntvfs->config, SHARE_CSC_POLICY, SHARE_CSC_POLICY_DEFAULT) << 2);
- if (share_bool_option(req->tcon->ntvfs->config, SHARE_MSDFS_ROOT, SHARE_MSDFS_ROOT_DEFAULT) && lp_host_msdfs(global_loadparm)) {
+ if (share_bool_option(req->tcon->ntvfs->config, SHARE_MSDFS_ROOT, SHARE_MSDFS_ROOT_DEFAULT) && lp_host_msdfs(req->smb_conn->lp_ctx)) {
con->tconx.out.options |= SMB_SHARE_IN_DFS;
}
diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c
index 8cc16aaa68..de2141b808 100644
--- a/source4/smb_server/smb/sesssetup.c
+++ b/source4/smb_server/smb/sesssetup.c
@@ -40,7 +40,8 @@ static void sesssetup_common_strings(struct smbsrv_request *req,
{
(*os) = talloc_asprintf(req, "Unix");
(*lanman) = talloc_asprintf(req, "Samba %s", SAMBA_VERSION_STRING);
- (*domain) = talloc_asprintf(req, "%s", lp_workgroup(global_loadparm));
+ (*domain) = talloc_asprintf(req, "%s",
+ lp_workgroup(req->smb_conn->lp_ctx));
}
static void smbsrv_sesssetup_backend_send(struct smbsrv_request *req,
@@ -69,7 +70,8 @@ static void sesssetup_old_send(struct auth_check_password_request *areq,
if (!NT_STATUS_IS_OK(status)) goto failed;
/* This references server_info into session_info */
- status = auth_generate_session_info(req, global_loadparm, server_info, &session_info);
+ status = auth_generate_session_info(req, req->smb_conn->lp_ctx,
+ server_info, &session_info);
if (!NT_STATUS_IS_OK(status)) goto failed;
/* allocate a new session */
@@ -164,7 +166,8 @@ static void sesssetup_nt1_send(struct auth_check_password_request *areq,
if (!NT_STATUS_IS_OK(status)) goto failed;
/* This references server_info into session_info */
- status = auth_generate_session_info(req, global_loadparm, server_info, &session_info);
+ status = auth_generate_session_info(req, req->smb_conn->lp_ctx,
+ server_info, &session_info);
if (!NT_STATUS_IS_OK(status)) goto failed;
/* allocate a new session */
@@ -246,7 +249,7 @@ static void sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *sess)
status = auth_context_create(req,
req->smb_conn->connection->event.ctx,
req->smb_conn->connection->msg_ctx,
- global_loadparm,
+ req->smb_conn->lp_ctx,
&auth_context);
if (!NT_STATUS_IS_OK(status)) goto failed;
} else {
@@ -380,7 +383,7 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se
status = gensec_server_start(req,
req->smb_conn->connection->event.ctx,
- global_loadparm,
+ req->smb_conn->lp_ctx,
req->smb_conn->connection->msg_ctx,
&gensec_ctx);
if (!NT_STATUS_IS_OK(status)) {
diff --git a/source4/smb_server/smb/signing.c b/source4/smb_server/smb/signing.c
index b91a65ab84..146d8c7256 100644
--- a/source4/smb_server/smb/signing.c
+++ b/source4/smb_server/smb/signing.c
@@ -102,7 +102,7 @@ bool smbsrv_init_signing(struct smbsrv_connection *smb_conn)
return false;
}
- switch (lp_server_signing(global_loadparm)) {
+ switch (lp_server_signing(smb_conn->lp_ctx)) {
case SMB_SIGNING_OFF:
smb_conn->signing.allow_smb_signing = false;
break;
@@ -114,7 +114,7 @@ bool smbsrv_init_signing(struct smbsrv_connection *smb_conn)
smb_conn->signing.mandatory_signing = true;
break;
case SMB_SIGNING_AUTO:
- if (lp_domain_logons(global_loadparm)) {
+ if (lp_domain_logons(smb_conn->lp_ctx)) {
smb_conn->signing.allow_smb_signing = true;
} else {
smb_conn->signing.allow_smb_signing = false;
diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c
index 30160c9d5d..664079812a 100644
--- a/source4/smb_server/smb2/negprot.c
+++ b/source4/smb_server/smb2/negprot.c
@@ -39,7 +39,7 @@ static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB *
nt_status = gensec_server_start(req,
req->smb_conn->connection->event.ctx,
- global_loadparm,
+ req->smb_conn->lp_ctx,
req->smb_conn->connection->msg_ctx,
&gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
@@ -54,7 +54,7 @@ static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB *
return NT_STATUS_NO_MEMORY;
}
- cli_credentials_set_conf(server_credentials, global_loadparm);
+ cli_credentials_set_conf(server_credentials, req->smb_conn->lp_ctx);
nt_status = cli_credentials_set_machine_account(server_credentials);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(10, ("Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(nt_status)));
diff --git a/source4/smb_server/smb2/receive.c b/source4/smb_server/smb2/receive.c
index a440c33dc0..cfae2dbe52 100644
--- a/source4/smb_server/smb2/receive.c
+++ b/source4/smb_server/smb2/receive.c
@@ -516,7 +516,7 @@ NTSTATUS smbsrv_init_smb2_connection(struct smbsrv_connection *smb_conn)
/* this is the size that w2k uses, and it appears to be important for
good performance */
- smb_conn->negotiate.max_recv = lp_max_xmit(global_loadparm);
+ smb_conn->negotiate.max_recv = lp_max_xmit(smb_conn->lp_ctx);
smb_conn->negotiate.zone_offset = get_time_zone(time(NULL));
diff --git a/source4/smb_server/smb2/sesssetup.c b/source4/smb_server/smb2/sesssetup.c
index 5c8d0144be..636f5f0e27 100644
--- a/source4/smb_server/smb2/sesssetup.c
+++ b/source4/smb_server/smb2/sesssetup.c
@@ -122,7 +122,7 @@ static void smb2srv_sesssetup_backend(struct smb2srv_request *req, union smb_ses
status = gensec_server_start(req,
req->smb_conn->connection->event.ctx,
- global_loadparm,
+ req->smb_conn->lp_ctx,
req->smb_conn->connection->msg_ctx,
&gensec_ctx);
if (!NT_STATUS_IS_OK(status)) {
diff --git a/source4/smb_server/smb_server.c b/source4/smb_server/smb_server.c
index 8ba93b9a59..59d9e8f7b3 100644
--- a/source4/smb_server/smb_server.c
+++ b/source4/smb_server/smb_server.c
@@ -42,7 +42,7 @@ static NTSTATUS smbsrv_recv_generic_request(void *private, DATA_BLOB blob)
/* see if its a special NBT packet */
if (CVAL(blob.data,0) != 0) {
- status = smbsrv_init_smb_connection(smb_conn, global_loadparm);
+ status = smbsrv_init_smb_connection(smb_conn, smb_conn->lp_ctx);
NT_STATUS_NOT_OK_RETURN(status);
packet_set_callback(smb_conn->packet, smbsrv_recv_smb_request);
return smbsrv_recv_smb_request(smb_conn, blob);
@@ -58,12 +58,12 @@ static NTSTATUS smbsrv_recv_generic_request(void *private, DATA_BLOB blob)
switch (protocol_version) {
case SMB_MAGIC:
- status = smbsrv_init_smb_connection(smb_conn, global_loadparm);
+ status = smbsrv_init_smb_connection(smb_conn, smb_conn->lp_ctx);
NT_STATUS_NOT_OK_RETURN(status);
packet_set_callback(smb_conn->packet, smbsrv_recv_smb_request);
return smbsrv_recv_smb_request(smb_conn, blob);
case SMB2_MAGIC:
- if (lp_srv_maxprotocol(global_loadparm) < PROTOCOL_SMB2) break;
+ if (lp_srv_maxprotocol(smb_conn->lp_ctx) < PROTOCOL_SMB2) break;
status = smbsrv_init_smb2_connection(smb_conn);
NT_STATUS_NOT_OK_RETURN(status);
packet_set_callback(smb_conn->packet, smbsrv_recv_smb2_request);
@@ -149,6 +149,7 @@ static void smbsrv_accept(struct stream_connection *conn)
packet_set_fde(smb_conn->packet, conn->event.fde);
packet_set_serialise(smb_conn->packet);
+ smb_conn->lp_ctx = global_loadparm;
smb_conn->connection = conn;
conn->private = smb_conn;
diff --git a/source4/smb_server/smb_server.h b/source4/smb_server/smb_server.h
index 5aa2e0b6ce..5644dfe6fb 100644
--- a/source4/smb_server/smb_server.h
+++ b/source4/smb_server/smb_server.h
@@ -374,6 +374,8 @@ struct smbsrv_connection {
} statistics;
struct share_context *share_context;
+
+ struct loadparm_context *lp_ctx;
};
struct model_ops;
diff --git a/source4/torture/nbt/dgram.c b/source4/torture/nbt/dgram.c
index ff1a7b97cb..f7a094b52d 100644
--- a/source4/torture/nbt/dgram.c
+++ b/source4/torture/nbt/dgram.c
@@ -84,7 +84,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx)
/* do an initial name resolution to find its IP */
torture_assert_ntstatus_ok(tctx,
- resolve_name(&name, tctx, &address, event_context_find(tctx), lp_name_resolve_order(global_loadparm)),
+ resolve_name(&name, tctx, &address, event_context_find(tctx), lp_name_resolve_order(tctx->lp_ctx)),
talloc_asprintf(tctx, "Failed to resolve %s", name.name));
myaddress = talloc_strdup(dgmsock, iface_best_ip(address));
diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c
index 522b821b91..fa54f43afd 100644
--- a/source4/torture/rpc/samba3rpc.c
+++ b/source4/torture/rpc/samba3rpc.c
@@ -1219,7 +1219,7 @@ bool torture_netlogon_samba3(struct torture_context *torture)
* credentials
*/
-static bool test_join3(TALLOC_CTX *mem_ctx,
+static bool test_join3(struct torture_context *tctx,
bool use_level25,
struct cli_credentials *smb_creds,
struct cli_credentials *samr_creds,
@@ -1230,8 +1230,8 @@ static bool test_join3(TALLOC_CTX *mem_ctx,
struct smbcli_state *cli;
struct cli_credentials *wks_creds;
- status = smbcli_full_connection(mem_ctx, &cli,
- lp_parm_string(global_loadparm, NULL, "torture", "host"),
+ status = smbcli_full_connection(tctx, &cli,
+ torture_setting_string(tctx, "host", NULL),
"IPC$", NULL, smb_creds, NULL);
if (!NT_STATUS_IS_OK(status)) {
d_printf("smbcli_full_connection failed: %s\n",
@@ -1245,7 +1245,7 @@ static bool test_join3(TALLOC_CTX *mem_ctx,
goto done;
}
- cli_credentials_set_conf(wks_creds, global_loadparm);
+ cli_credentials_set_conf(wks_creds, tctx->lp_ctx);
cli_credentials_set_secure_channel_type(wks_creds, SEC_CHAN_WKSTA);
cli_credentials_set_username(wks_creds, wks_name, CRED_SPECIFIED);
cli_credentials_set_workstation(wks_creds, wks_name, CRED_SPECIFIED);
@@ -1287,21 +1287,13 @@ static bool test_join3(TALLOC_CTX *mem_ctx,
bool torture_samba3_sessionkey(struct torture_context *torture)
{
- TALLOC_CTX *mem_ctx;
bool ret = false;
struct cli_credentials *anon_creds;
const char *wks_name;
wks_name = torture_setting_string(torture, "wksname", get_myname());
- mem_ctx = talloc_init("torture_samba3_sessionkey");
-
- if (mem_ctx == NULL) {
- d_printf("talloc_init failed\n");
- return false;
- }
-
- if (!(anon_creds = create_anon_creds(mem_ctx))) {
+ if (!(anon_creds = create_anon_creds(torture))) {
d_printf("create_anon_creds failed\n");
goto done;
}
@@ -1313,27 +1305,27 @@ bool torture_samba3_sessionkey(struct torture_context *torture)
/* Samba3 in the build farm right now does this happily. Need
* to fix :-) */
- if (test_join3(mem_ctx, false, anon_creds, NULL, wks_name)) {
+ if (test_join3(torture, false, anon_creds, NULL, wks_name)) {
d_printf("join using anonymous bind on an anonymous smb "
"connection succeeded -- HUH??\n");
ret = false;
}
}
- if (!test_join3(mem_ctx, false, anon_creds, cmdline_credentials,
+ if (!test_join3(torture, false, anon_creds, cmdline_credentials,
wks_name)) {
d_printf("join using ntlmssp bind on an anonymous smb "
"connection failed\n");
ret = false;
}
- if (!test_join3(mem_ctx, false, cmdline_credentials, NULL, wks_name)) {
+ if (!test_join3(torture, false, cmdline_credentials, NULL, wks_name)) {
d_printf("join using anonymous bind on an authenticated smb "
"connection failed\n");
ret = false;
}
- if (!test_join3(mem_ctx, false, cmdline_credentials,
+ if (!test_join3(torture, false, cmdline_credentials,
cmdline_credentials,
wks_name)) {
d_printf("join using ntlmssp bind on an authenticated smb "
@@ -1345,14 +1337,14 @@ bool torture_samba3_sessionkey(struct torture_context *torture)
* The following two are tests for setuserinfolevel 25
*/
- if (!test_join3(mem_ctx, true, anon_creds, cmdline_credentials,
+ if (!test_join3(torture, true, anon_creds, cmdline_credentials,
wks_name)) {
d_printf("join using ntlmssp bind on an anonymous smb "
"connection failed\n");
ret = false;
}
- if (!test_join3(mem_ctx, true, cmdline_credentials, NULL, wks_name)) {
+ if (!test_join3(torture, true, cmdline_credentials, NULL, wks_name)) {
d_printf("join using anonymous bind on an authenticated smb "
"connection failed\n");
ret = false;
diff --git a/source4/utils/testparm.c b/source4/utils/testparm.c
index 17e6a72746..665c649e73 100644
--- a/source4/utils/testparm.c
+++ b/source4/utils/testparm.c
@@ -246,7 +246,6 @@ static int do_share_checks(struct loadparm_context *lp_ctx, const char *cname, c
fprintf(stderr,"Loaded services file OK.\n");
ret = do_global_checks(global_loadparm);
-
ret |= do_share_checks(global_loadparm, cname, caddr, silent_mode, show_defaults, section_name, parameter_name);
return(ret);
diff --git a/source4/winbind/wb_cmd_getpwnam.c b/source4/winbind/wb_cmd_getpwnam.c
index 5029e168a2..fb2dc197c9 100644
--- a/source4/winbind/wb_cmd_getpwnam.c
+++ b/source4/winbind/wb_cmd_getpwnam.c
@@ -86,7 +86,7 @@ static void cmd_getpwnam_recv_domain(struct composite_context *ctx)
user_info = talloc(state, struct libnet_UserInfo);
if (composite_nomem(user_info, state->ctx)) return;
- ok= wb_samba3_split_username(state, global_loadparm, state->name, &user_dom, &user_name);
+ ok= wb_samba3_split_username(state, state->service->task->lp_ctx, state->name, &user_dom, &user_name);
if(!ok){
composite_error(state->ctx, NT_STATUS_OBJECT_NAME_INVALID);
return;
@@ -124,12 +124,14 @@ static void cmd_getpwnam_recv_user_info(struct composite_context *ctx)
WBSRV_SAMBA3_SET_STRING(pw->pw_name, user_info->out.account_name);
WBSRV_SAMBA3_SET_STRING(pw->pw_passwd, "*");
WBSRV_SAMBA3_SET_STRING(pw->pw_gecos, user_info->out.full_name);
- WBSRV_SAMBA3_SET_STRING(pw->pw_dir, lp_template_homedir(global_loadparm));
+ WBSRV_SAMBA3_SET_STRING(pw->pw_dir,
+ lp_template_homedir(state->service->task->lp_ctx));
all_string_sub(pw->pw_dir, "%WORKGROUP%", state->workgroup_name,
sizeof(fstring) - 1);
all_string_sub(pw->pw_dir, "%ACCOUNTNAME%", user_info->out.account_name,
sizeof(fstring) - 1);
- WBSRV_SAMBA3_SET_STRING(pw->pw_shell, lp_template_shell(global_loadparm));
+ WBSRV_SAMBA3_SET_STRING(pw->pw_shell,
+ lp_template_shell(state->service->task->lp_ctx));
state->group_sid = dom_sid_dup(state, user_info->out.primary_group_sid);
if(composite_nomem(state->group_sid, state->ctx)) return;
diff --git a/source4/winbind/wb_cmd_getpwuid.c b/source4/winbind/wb_cmd_getpwuid.c
index 339f7e896c..c250af1b56 100644
--- a/source4/winbind/wb_cmd_getpwuid.c
+++ b/source4/winbind/wb_cmd_getpwuid.c
@@ -148,12 +148,14 @@ static void cmd_getpwuid_recv_user_info(struct composite_context *ctx)
WBSRV_SAMBA3_SET_STRING(pw->pw_name, user_info->out.account_name);
WBSRV_SAMBA3_SET_STRING(pw->pw_passwd, "*");
WBSRV_SAMBA3_SET_STRING(pw->pw_gecos, user_info->out.full_name);
- WBSRV_SAMBA3_SET_STRING(pw->pw_dir, lp_template_homedir(global_loadparm));
+ WBSRV_SAMBA3_SET_STRING(pw->pw_dir,
+ lp_template_homedir(state->service->task->lp_ctx));
all_string_sub(pw->pw_dir, "%WORKGROUP%", state->workgroup,
sizeof(fstring) - 1);
all_string_sub(pw->pw_dir, "%ACCOUNTNAME%", user_info->out.account_name,
sizeof(fstring) - 1);
- WBSRV_SAMBA3_SET_STRING(pw->pw_shell, lp_template_shell(global_loadparm));
+ WBSRV_SAMBA3_SET_STRING(pw->pw_shell,
+ lp_template_shell(state->service->task->lp_ctx));
pw->pw_uid = state->uid;
diff --git a/source4/winbind/wb_dom_info.c b/source4/winbind/wb_dom_info.c
index 13d446897e..99538bfb00 100644
--- a/source4/winbind/wb_dom_info.c
+++ b/source4/winbind/wb_dom_info.c
@@ -68,7 +68,8 @@ struct composite_context *wb_get_dom_info_send(TALLOC_CTX *mem_ctx,
if (dom_sid == NULL) goto failed;
ctx = finddcs_send(mem_ctx, domain_name, NBT_NAME_LOGON,
- dom_sid, lp_name_resolve_order(global_loadparm),
+ dom_sid,
+ lp_name_resolve_order(service->task->lp_ctx),
service->task->event_ctx,
service->task->msg_ctx);
if (ctx == NULL) goto failed;
diff --git a/source4/winbind/wb_dom_info_trusted.c b/source4/winbind/wb_dom_info_trusted.c
index 23436fa67a..5d960cb1d4 100644
--- a/source4/winbind/wb_dom_info_trusted.c
+++ b/source4/winbind/wb_dom_info_trusted.c
@@ -193,7 +193,7 @@ static void trusted_dom_info_recv_dcname(struct rpc_request *req)
make_nbt_name(&name, state->info->dcs[0].name, 0x20);
ctx = resolve_name_send(&name, state->service->task->event_ctx,
- lp_name_resolve_order(global_loadparm));
+ lp_name_resolve_order(state->service->task->lp_ctx));
composite_continue(state->ctx, ctx, trusted_dom_info_recv_dcaddr,
state);
diff --git a/source4/winbind/wb_init_domain.c b/source4/winbind/wb_init_domain.c
index 7d050d5c67..fbc2c0c80a 100644
--- a/source4/winbind/wb_init_domain.c
+++ b/source4/winbind/wb_init_domain.c
@@ -151,7 +151,7 @@ struct composite_context *wb_init_domain_send(TALLOC_CTX *mem_ctx,
cli_credentials_set_event_context(state->domain->libnet_ctx->cred, service->task->event_ctx);
- cli_credentials_set_conf(state->domain->libnet_ctx->cred, global_loadparm);
+ cli_credentials_set_conf(state->domain->libnet_ctx->cred, service->task->lp_ctx);
/* Connect the machine account to the credentials */
state->ctx->status =
@@ -163,14 +163,14 @@ struct composite_context *wb_init_domain_send(TALLOC_CTX *mem_ctx,
state->domain->netlogon_pipe = NULL;
if ((!cli_credentials_is_anonymous(state->domain->libnet_ctx->cred)) &&
- ((lp_server_role(global_loadparm) == ROLE_DOMAIN_MEMBER) ||
- (lp_server_role(global_loadparm) == ROLE_DOMAIN_CONTROLLER)) &&
+ ((lp_server_role(service->task->lp_ctx) == ROLE_DOMAIN_MEMBER) ||
+ (lp_server_role(service->task->lp_ctx) == ROLE_DOMAIN_CONTROLLER)) &&
(dom_sid_equal(state->domain->info->sid,
state->service->primary_sid))) {
state->domain->netlogon_binding->flags |= DCERPC_SCHANNEL;
/* For debugging, it can be a real pain if all the traffic is encrypted */
- if (lp_winbind_sealed_pipes(global_loadparm)) {
+ if (lp_winbind_sealed_pipes(service->task->lp_ctx)) {
state->domain->netlogon_binding->flags |= (DCERPC_SIGN | DCERPC_SEAL );
} else {
state->domain->netlogon_binding->flags |= (DCERPC_SIGN);
@@ -216,7 +216,7 @@ static void init_domain_recv_netlogonpipe(struct composite_context *ctx)
state->domain->lsa_binding = init_domain_binding(state, &ndr_table_lsarpc);
/* For debugging, it can be a real pain if all the traffic is encrypted */
- if (lp_winbind_sealed_pipes(global_loadparm)) {
+ if (lp_winbind_sealed_pipes(state->service->task->lp_ctx)) {
state->domain->lsa_binding->flags |= (DCERPC_SIGN | DCERPC_SEAL );
} else {
state->domain->lsa_binding->flags |= (DCERPC_SIGN);
diff --git a/source4/winbind/wb_name2domain.c b/source4/winbind/wb_name2domain.c
index 60fe18b5b9..e19703b1e5 100644
--- a/source4/winbind/wb_name2domain.c
+++ b/source4/winbind/wb_name2domain.c
@@ -55,7 +55,7 @@ struct composite_context *wb_name2domain_send(TALLOC_CTX *mem_ctx,
result->private_data = state;
state->service = service;
- ok = wb_samba3_split_username(state, global_loadparm, name, &user_dom, &user_name);
+ ok = wb_samba3_split_username(state, service->task->lp_ctx, name, &user_dom, &user_name);
if(!ok) {
composite_error(state->ctx, NT_STATUS_OBJECT_NAME_INVALID);
return result;
diff --git a/source4/winbind/wb_pam_auth.c b/source4/winbind/wb_pam_auth.c
index 06e2bff990..9045c63d63 100644
--- a/source4/winbind/wb_pam_auth.c
+++ b/source4/winbind/wb_pam_auth.c
@@ -221,11 +221,11 @@ struct composite_context *wb_cmd_pam_auth_send(TALLOC_CTX *mem_ctx,
DATA_BLOB chal, nt_resp, lm_resp, names_blob;
int flags = CLI_CRED_NTLM_AUTH;
- if (lp_client_lanman_auth(global_loadparm)) {
+ if (lp_client_lanman_auth(service->task->lp_ctx)) {
flags |= CLI_CRED_LANMAN_AUTH;
}
- if (lp_client_ntlmv2_auth(global_loadparm)) {
+ if (lp_client_ntlmv2_auth(service->task->lp_ctx)) {
flags |= CLI_CRED_NTLMv2_AUTH;
}
@@ -235,7 +235,7 @@ struct composite_context *wb_cmd_pam_auth_send(TALLOC_CTX *mem_ctx,
if (!credentials) {
return NULL;
}
- cli_credentials_set_conf(credentials, global_loadparm);
+ cli_credentials_set_conf(credentials, service->task->lp_ctx);
cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
cli_credentials_set_username(credentials, user, CRED_SPECIFIED);
diff --git a/source4/winbind/wb_samba3_cmd.c b/source4/winbind/wb_samba3_cmd.c
index 041284e307..24074700fc 100644
--- a/source4/winbind/wb_samba3_cmd.c
+++ b/source4/winbind/wb_samba3_cmd.c
@@ -86,7 +86,7 @@ NTSTATUS wbsrv_samba3_interface_version(struct wbsrv_samba3_call *s3call)
NTSTATUS wbsrv_samba3_info(struct wbsrv_samba3_call *s3call)
{
s3call->response.result = WINBINDD_OK;
- s3call->response.data.info.winbind_separator = *lp_winbind_separator(global_loadparm);
+ s3call->response.data.info.winbind_separator = *lp_winbind_separator(s3call->wbconn->lp_ctx);
WBSRV_SAMBA3_SET_STRING(s3call->response.data.info.samba_version,
SAMBA_VERSION_STRING);
return NT_STATUS_OK;
@@ -96,7 +96,7 @@ NTSTATUS wbsrv_samba3_domain_name(struct wbsrv_samba3_call *s3call)
{
s3call->response.result = WINBINDD_OK;
WBSRV_SAMBA3_SET_STRING(s3call->response.data.domain_name,
- lp_workgroup(global_loadparm));
+ lp_workgroup(s3call->wbconn->lp_ctx));
return NT_STATUS_OK;
}
@@ -104,7 +104,7 @@ NTSTATUS wbsrv_samba3_netbios_name(struct wbsrv_samba3_call *s3call)
{
s3call->response.result = WINBINDD_OK;
WBSRV_SAMBA3_SET_STRING(s3call->response.data.netbios_name,
- lp_netbios_name(global_loadparm));
+ lp_netbios_name(s3call->wbconn->lp_ctx));
return NT_STATUS_OK;
}
@@ -112,7 +112,7 @@ NTSTATUS wbsrv_samba3_priv_pipe_dir(struct wbsrv_samba3_call *s3call)
{
s3call->response.result = WINBINDD_OK;
s3call->response.extra_data.data =
- smbd_tmp_path(s3call, global_loadparm, WINBINDD_SAMBA3_PRIVILEGED_SOCKET);
+ smbd_tmp_path(s3call, s3call->wbconn->lp_ctx, WINBINDD_SAMBA3_PRIVILEGED_SOCKET);
NT_STATUS_HAVE_NO_MEMORY(s3call->response.extra_data.data);
return NT_STATUS_OK;
}
@@ -545,7 +545,7 @@ NTSTATUS wbsrv_samba3_pam_auth(struct wbsrv_samba3_call *s3call)
s3call->wbconn->listen_socket->service;
char *user, *domain;
- if (!wb_samba3_split_username(s3call, global_loadparm,
+ if (!wb_samba3_split_username(s3call, s3call->wbconn->lp_ctx,
s3call->request.data.auth.user,
&domain, &user)) {
return NT_STATUS_NO_SUCH_USER;
diff --git a/source4/winbind/wb_server.c b/source4/winbind/wb_server.c
index 0b3ebc461f..87ffc5b98e 100644
--- a/source4/winbind/wb_server.c
+++ b/source4/winbind/wb_server.c
@@ -60,6 +60,7 @@ static void wbsrv_accept(struct stream_connection *conn)
}
wbconn->conn = conn;
wbconn->listen_socket = listen_socket;
+ wbconn->lp_ctx = global_loadparm;
conn->private = wbconn;
wbconn->packet = packet_init(wbconn);
diff --git a/source4/winbind/wb_server.h b/source4/winbind/wb_server.h
index 369fe025a9..f3cfc18565 100644
--- a/source4/winbind/wb_server.h
+++ b/source4/winbind/wb_server.h
@@ -99,6 +99,8 @@ struct wbsrv_connection {
uint32_t pending_calls;
struct packet_context *packet;
+
+ struct loadparm_context *lp_ctx;
};
#define WBSRV_SAMBA3_SET_STRING(dest, src) do { \
diff --git a/source4/winbind/wb_sid2domain.c b/source4/winbind/wb_sid2domain.c
index 8336449602..fcf02cedcd 100644
--- a/source4/winbind/wb_sid2domain.c
+++ b/source4/winbind/wb_sid2domain.c
@@ -85,7 +85,7 @@ struct composite_context *wb_sid2domain_send(TALLOC_CTX *mem_ctx,
if (dom_sid_equal(service->primary_sid, sid) ||
dom_sid_in_domain(service->primary_sid, sid)) {
- ctx = wb_get_dom_info_send(state, service, lp_workgroup(global_loadparm),
+ ctx = wb_get_dom_info_send(state, service, lp_workgroup(service->task->lp_ctx),
service->primary_sid);
if (ctx == NULL) goto failed;
ctx->async.fn = sid2domain_recv_dom_info;