diff options
31 files changed, 112 insertions, 98 deletions
diff --git a/source4/auth/gensec/cyrus_sasl.c b/source4/auth/gensec/cyrus_sasl.c index 7ccdb1edec..0bce35e1c5 100644 --- a/source4/auth/gensec/cyrus_sasl.c +++ b/source4/auth/gensec/cyrus_sasl.c @@ -112,7 +112,7 @@ static int gensec_sasl_dispose(struct gensec_sasl_state *gensec_sasl_state) return 0; } -static NTSTATUS gensec_sasl_client_start(struct gensec_security *gensec_security, struct loadparm_context *lp_ctx) +static NTSTATUS gensec_sasl_client_start(struct gensec_security *gensec_security) { struct gensec_sasl_state *gensec_sasl_state; const char *service = gensec_get_target_service(gensec_security); diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c index 27981a7504..f055b1a995 100644 --- a/source4/auth/gensec/gensec.c +++ b/source4/auth/gensec/gensec.c @@ -477,6 +477,7 @@ const char **gensec_security_oids(struct gensec_security *gensec_security, */ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx, struct event_context *ev, + struct loadparm_context *lp_ctx, struct messaging_context *msg, struct gensec_security **gensec_security) { @@ -502,6 +503,7 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx, (*gensec_security)->event_ctx = ev; (*gensec_security)->msg_ctx = msg; + (*gensec_security)->lp_ctx = lp_ctx; return NT_STATUS_OK; } @@ -528,6 +530,7 @@ _PUBLIC_ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx, (*gensec_security)->subcontext = true; (*gensec_security)->event_ctx = parent->event_ctx; (*gensec_security)->msg_ctx = parent->msg_ctx; + (*gensec_security)->lp_ctx = parent->lp_ctx; return NT_STATUS_OK; } @@ -540,7 +543,8 @@ _PUBLIC_ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx, */ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx, struct gensec_security **gensec_security, - struct event_context *ev) + struct event_context *ev, + struct loadparm_context *lp_ctx) { NTSTATUS status; struct event_context *new_ev = NULL; @@ -551,7 +555,7 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx, ev = new_ev; } - status = gensec_start(mem_ctx, ev, NULL, gensec_security); + status = gensec_start(mem_ctx, ev, lp_ctx, NULL, gensec_security); if (!NT_STATUS_IS_OK(status)) { talloc_free(new_ev); return status; @@ -570,6 +574,7 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx, */ NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx, struct event_context *ev, + struct loadparm_context *lp_ctx, struct messaging_context *msg, struct gensec_security **gensec_security) { @@ -585,7 +590,7 @@ NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx, return NT_STATUS_INTERNAL_ERROR; } - status = gensec_start(mem_ctx, ev, msg, gensec_security); + status = gensec_start(mem_ctx, ev, lp_ctx, msg, gensec_security); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -603,7 +608,7 @@ static NTSTATUS gensec_start_mech(struct gensec_security *gensec_security) switch (gensec_security->gensec_role) { case GENSEC_CLIENT: if (gensec_security->ops->client_start) { - status = gensec_security->ops->client_start(gensec_security, global_loadparm); + status = gensec_security->ops->client_start(gensec_security); if (!NT_STATUS_IS_OK(status)) { DEBUG(2, ("Failed to start GENSEC client mech %s: %s\n", gensec_security->ops->name, nt_errstr(status))); @@ -1108,7 +1113,7 @@ _PUBLIC_ NTSTATUS gensec_set_target_hostname(struct gensec_security *gensec_secu _PUBLIC_ const char *gensec_get_target_hostname(struct gensec_security *gensec_security) { /* We allow the target hostname to be overriden for testing purposes */ - const char *target_hostname = lp_parm_string(global_loadparm, NULL, "gensec", "target_hostname"); + const char *target_hostname = lp_parm_string(gensec_security->lp_ctx, NULL, "gensec", "target_hostname"); if (target_hostname) { return target_hostname; } diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h index 6b787d25aa..dbedcf091a 100644 --- a/source4/auth/gensec/gensec.h +++ b/source4/auth/gensec/gensec.h @@ -75,15 +75,12 @@ struct gensec_update_request { } callback; }; -struct loadparm_context; - struct gensec_security_ops { const char *name; const char *sasl_name; uint8_t auth_type; /* 0 if not offered on DCE-RPC */ const char **oid; /* NULL if not offered by SPNEGO */ - NTSTATUS (*client_start)(struct gensec_security *gensec_security, - struct loadparm_context *lp_ctx); + NTSTATUS (*client_start)(struct gensec_security *gensec_security); NTSTATUS (*server_start)(struct gensec_security *gensec_security); /** Determine if a packet has the right 'magic' for this mechanism @@ -150,6 +147,7 @@ struct gensec_security_ops_wrapper { struct gensec_security { const struct gensec_security_ops *ops; + struct loadparm_context *lp_ctx; void *private_data; struct cli_credentials *credentials; struct gensec_target target; diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 1d8d5f057a..c91da6d1a0 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -142,8 +142,7 @@ static int gensec_gssapi_destructor(struct gensec_gssapi_state *gensec_gssapi_st return 0; } -static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security, - struct loadparm_context *lp_ctx) +static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security) { struct gensec_gssapi_state *gensec_gssapi_state; krb5_error_code ret; @@ -156,7 +155,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security, gensec_gssapi_state->gss_exchange_count = 0; gensec_gssapi_state->max_wrap_buf_size - = lp_parm_int(lp_ctx, NULL, "gensec_gssapi", "max wrap buf size", 65536); + = lp_parm_int(gensec_security->lp_ctx, NULL, "gensec_gssapi", "max wrap buf size", 65536); gensec_gssapi_state->sasl = false; gensec_gssapi_state->sasl_state = STAGE_GSS_NEG; @@ -171,16 +170,16 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security, gensec_gssapi_state->input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS; gensec_gssapi_state->want_flags = 0; - if (lp_parm_bool(lp_ctx, NULL, "gensec_gssapi", "mutual", true)) { + if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "mutual", true)) { gensec_gssapi_state->want_flags |= GSS_C_MUTUAL_FLAG; } - if (lp_parm_bool(lp_ctx, NULL, "gensec_gssapi", "delegation", true)) { + if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "delegation", true)) { gensec_gssapi_state->want_flags |= GSS_C_DELEG_FLAG; } - if (lp_parm_bool(lp_ctx, NULL, "gensec_gssapi", "replay", true)) { + if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "replay", true)) { gensec_gssapi_state->want_flags |= GSS_C_REPLAY_FLAG; } - if (lp_parm_bool(lp_ctx, NULL, "gensec_gssapi", "sequence", true)) { + if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "sequence", true)) { gensec_gssapi_state->want_flags |= GSS_C_SEQUENCE_FLAG; } @@ -214,10 +213,10 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security, talloc_free(gensec_gssapi_state); return NT_STATUS_INTERNAL_ERROR; } - if (lp_realm(lp_ctx) && *lp_realm(lp_ctx)) { - char *upper_realm = strupper_talloc(gensec_gssapi_state, lp_realm(lp_ctx)); + if (lp_realm(gensec_security->lp_ctx) && *lp_realm(gensec_security->lp_ctx)) { + char *upper_realm = strupper_talloc(gensec_gssapi_state, lp_realm(gensec_security->lp_ctx)); if (!upper_realm) { - DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm(lp_ctx))); + DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm(gensec_security->lp_ctx))); talloc_free(gensec_gssapi_state); return NT_STATUS_NO_MEMORY; } @@ -231,7 +230,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security, } /* don't do DNS lookups of any kind, it might/will fail for a netbios name */ - ret = gsskrb5_set_dns_canonicalize(lp_parm_bool(lp_ctx, NULL, "krb5", "set_dns_canonicalize", false)); + ret = gsskrb5_set_dns_canonicalize(lp_parm_bool(gensec_security->lp_ctx, NULL, "krb5", "set_dns_canonicalize", false)); if (ret) { DEBUG(1,("gensec_krb5_start: gsskrb5_set_dns_canonicalize failed\n")); talloc_free(gensec_gssapi_state); @@ -240,7 +239,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security, ret = smb_krb5_init_context(gensec_gssapi_state, gensec_security->event_ctx, - lp_ctx, + gensec_security->lp_ctx, &gensec_gssapi_state->smb_krb5_context); if (ret) { DEBUG(1,("gensec_krb5_start: krb5_init_context failed (%s)\n", @@ -259,7 +258,7 @@ static NTSTATUS gensec_gssapi_server_start(struct gensec_security *gensec_securi struct cli_credentials *machine_account; struct gssapi_creds_container *gcc; - nt_status = gensec_gssapi_start(gensec_security, global_loadparm); + nt_status = gensec_gssapi_start(gensec_security); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } @@ -298,7 +297,7 @@ static NTSTATUS gensec_gssapi_sasl_server_start(struct gensec_security *gensec_s return nt_status; } -static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_security, struct loadparm_context *lp_ctx) +static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_security) { struct gensec_gssapi_state *gensec_gssapi_state; struct cli_credentials *creds = gensec_get_credentials(gensec_security); @@ -324,7 +323,7 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi return NT_STATUS_INVALID_PARAMETER; } - nt_status = gensec_gssapi_start(gensec_security, lp_ctx); + nt_status = gensec_gssapi_start(gensec_security); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } @@ -334,7 +333,7 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi gensec_gssapi_state->gss_oid = gss_mech_krb5; principal = gensec_get_target_principal(gensec_security); - if (principal && lp_client_use_spnego_principal(lp_ctx)) { + if (principal && lp_client_use_spnego_principal(gensec_security->lp_ctx)) { name_type = GSS_C_NULL_OID; } else { principal = talloc_asprintf(gensec_gssapi_state, "%s@%s", @@ -380,11 +379,11 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi return NT_STATUS_OK; } -static NTSTATUS gensec_gssapi_sasl_client_start(struct gensec_security *gensec_security, struct loadparm_context *lp_ctx) +static NTSTATUS gensec_gssapi_sasl_client_start(struct gensec_security *gensec_security) { NTSTATUS nt_status; struct gensec_gssapi_state *gensec_gssapi_state; - nt_status = gensec_gssapi_client_start(gensec_security, lp_ctx); + nt_status = gensec_gssapi_client_start(gensec_security); if (NT_STATUS_IS_OK(nt_status)) { gensec_gssapi_state = talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state); @@ -1319,10 +1318,10 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi talloc_free(mem_ctx); return nt_status; } - } else if (!lp_parm_bool(global_loadparm, NULL, "gensec", "require_pac", false)) { + } else if (!lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec", "require_pac", false)) { DEBUG(1, ("Unable to find PAC, resorting to local user lookup: %s\n", gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid))); - nt_status = sam_get_server_info_principal(mem_ctx, global_loadparm, principal_string, + nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->lp_ctx, principal_string, &server_info); if (!NT_STATUS_IS_OK(nt_status)) { @@ -1361,7 +1360,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi } cli_credentials_set_event_context(session_info->credentials, gensec_security->event_ctx); - cli_credentials_set_conf(session_info->credentials, global_loadparm); + cli_credentials_set_conf(session_info->credentials, gensec_security->lp_ctx); /* Just so we don't segfault trying to get at a username */ cli_credentials_set_anonymous(session_info->credentials); diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index 296f587827..26cc66a213 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -116,7 +116,7 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security) talloc_set_destructor(gensec_krb5_state, gensec_krb5_destroy); - if (cli_credentials_get_krb5_context(creds, global_loadparm, &gensec_krb5_state->smb_krb5_context)) { + if (cli_credentials_get_krb5_context(creds, gensec_security->lp_ctx, &gensec_krb5_state->smb_krb5_context)) { talloc_free(gensec_krb5_state); return NT_STATUS_INTERNAL_ERROR; } @@ -210,7 +210,7 @@ static NTSTATUS gensec_fake_gssapi_krb5_server_start(struct gensec_security *gen return nt_status; } -static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security, struct loadparm_context *lp_ctx) +static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security) { struct gensec_krb5_state *gensec_krb5_state; krb5_error_code ret; @@ -261,7 +261,7 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security } in_data.length = 0; - if (principal && lp_client_use_spnego_principal(global_loadparm)) { + if (principal && lp_client_use_spnego_principal(gensec_security->lp_ctx)) { krb5_principal target_principal; ret = krb5_parse_name(gensec_krb5_state->smb_krb5_context->krb5_context, principal, &target_principal); @@ -322,9 +322,9 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security } } -static NTSTATUS gensec_fake_gssapi_krb5_client_start(struct gensec_security *gensec_security, struct loadparm_context *lp_ctx) +static NTSTATUS gensec_fake_gssapi_krb5_client_start(struct gensec_security *gensec_security) { - NTSTATUS nt_status = gensec_krb5_client_start(gensec_security, lp_ctx); + NTSTATUS nt_status = gensec_krb5_client_start(gensec_security); if (NT_STATUS_IS_OK(nt_status)) { struct gensec_krb5_state *gensec_krb5_state; @@ -582,7 +582,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security KRB5_AUTHDATA_WIN2K_PAC, &pac_data); - if (ret && lp_parm_bool(global_loadparm, NULL, "gensec", "require_pac", false)) { + if (ret && lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec", "require_pac", false)) { DEBUG(1, ("Unable to find PAC in ticket from %s, failing to allow access: %s \n", principal_string, smb_get_krb5_error_message(context, @@ -595,7 +595,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security DEBUG(5, ("krb5_ticket_get_authorization_data_type failed to find PAC: %s\n", smb_get_krb5_error_message(context, ret, mem_ctx))); - nt_status = sam_get_server_info_principal(mem_ctx, global_loadparm, principal_string, + nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->lp_ctx, principal_string, &server_info); krb5_free_principal(context, client_principal); free(principal_string); diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c index 7da96560a1..b14e741311 100644 --- a/source4/auth/gensec/schannel.c +++ b/source4/auth/gensec/schannel.c @@ -120,7 +120,7 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_ } /* pull the session key for this client */ - status = schannel_fetch_session_key(out_mem_ctx, global_loadparm, workstation, + status = schannel_fetch_session_key(out_mem_ctx, gensec_security->lp_ctx, workstation, domain, &creds); if (!NT_STATUS_IS_OK(status)) { DEBUG(3, ("Could not find session key for attempted schannel connection from %s: %s\n", @@ -183,7 +183,7 @@ static NTSTATUS schannel_session_info(struct gensec_security *gensec_security, struct auth_session_info **_session_info) { struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state); - return auth_anonymous_session_info(state, global_loadparm, _session_info); + return auth_anonymous_session_info(state, gensec_security->lp_ctx, _session_info); } static NTSTATUS schannel_start(struct gensec_security *gensec_security) @@ -218,8 +218,7 @@ static NTSTATUS schannel_server_start(struct gensec_security *gensec_security) return NT_STATUS_OK; } -static NTSTATUS schannel_client_start(struct gensec_security *gensec_security, - struct loadparm_context *lp_ctx) +static NTSTATUS schannel_client_start(struct gensec_security *gensec_security) { NTSTATUS status; struct schannel_state *state; diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c index 4a7c2e1d49..15dabb8033 100644 --- a/source4/auth/gensec/spnego.c +++ b/source4/auth/gensec/spnego.c @@ -47,7 +47,7 @@ struct spnego_state { }; -static NTSTATUS gensec_spnego_client_start(struct gensec_security *gensec_security, struct loadparm_context *lp_ctx) +static NTSTATUS gensec_spnego_client_start(struct gensec_security *gensec_security) { struct spnego_state *spnego_state; diff --git a/source4/auth/ntlmssp/ntlmssp_client.c b/source4/auth/ntlmssp/ntlmssp_client.c index 49ba6d2409..53b52ae701 100644 --- a/source4/auth/ntlmssp/ntlmssp_client.c +++ b/source4/auth/ntlmssp/ntlmssp_client.c @@ -181,7 +181,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security, if (gensec_ntlmssp_state->use_nt_response) { flags |= CLI_CRED_NTLM_AUTH; } - if (lp_client_lanman_auth(global_loadparm)) { + if (lp_client_lanman_auth(gensec_security->lp_ctx)) { flags |= CLI_CRED_LANMAN_AUTH; } @@ -206,7 +206,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security, } if ((gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) - && lp_client_lanman_auth(global_loadparm) && lm_session_key.length == 16) { + && lp_client_lanman_auth(gensec_security->lp_ctx) && lm_session_key.length == 16) { DATA_BLOB new_session_key = data_blob_talloc(mem_ctx, NULL, 16); if (lm_response.length == 24) { SMBsesskeygen_lm_sess_key(lm_session_key.data, lm_response.data, @@ -285,8 +285,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security, return NT_STATUS_OK; } -NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security, - struct loadparm_context *lp_ctx) +NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security) { struct gensec_ntlmssp_state *gensec_ntlmssp_state; NTSTATUS nt_status; @@ -298,17 +297,17 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security, gensec_ntlmssp_state->role = NTLMSSP_CLIENT; - gensec_ntlmssp_state->domain = lp_workgroup(lp_ctx); + gensec_ntlmssp_state->domain = lp_workgroup(gensec_security->lp_ctx); - gensec_ntlmssp_state->unicode = lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "unicode", true); + gensec_ntlmssp_state->unicode = lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "unicode", true); - gensec_ntlmssp_state->use_nt_response = lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "send_nt_reponse", true); + gensec_ntlmssp_state->use_nt_response = lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "send_nt_reponse", true); - gensec_ntlmssp_state->allow_lm_key = (lp_client_lanman_auth(lp_ctx) - && (lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "allow_lm_key", false) - || lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "lm_key", false))); + gensec_ntlmssp_state->allow_lm_key = (lp_client_lanman_auth(gensec_security->lp_ctx) + && (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "allow_lm_key", false) + || lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "lm_key", false))); - gensec_ntlmssp_state->use_ntlmv2 = lp_client_ntlmv2_auth(lp_ctx); + gensec_ntlmssp_state->use_ntlmv2 = lp_client_ntlmv2_auth(gensec_security->lp_ctx); gensec_ntlmssp_state->expected_state = NTLMSSP_INITIAL; @@ -316,27 +315,27 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security, NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_REQUEST_TARGET; - if (lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "128bit", true)) { + if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "128bit", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128; } - if (lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "56bit", false)) { + if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "56bit", false)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56; } - if (lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "lm_key", false)) { + if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "lm_key", false)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY; } - if (lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "keyexchange", true)) { + if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "keyexchange", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH; } - if (lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "alwayssign", true)) { + if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "alwayssign", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN; } - if (lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "ntlm2", true)) { + if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "ntlm2", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2; } else { /* apparently we can't do ntlmv2 if we don't do ntlm2 */ diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c index 2734c545d8..52c027baac 100644 --- a/source4/auth/ntlmssp/ntlmssp_server.c +++ b/source4/auth/ntlmssp/ntlmssp_server.c @@ -744,14 +744,14 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security) gensec_ntlmssp_state->role = NTLMSSP_SERVER; gensec_ntlmssp_state->workstation = NULL; - gensec_ntlmssp_state->server_name = lp_netbios_name(global_loadparm); + gensec_ntlmssp_state->server_name = lp_netbios_name(gensec_security->lp_ctx); - gensec_ntlmssp_state->domain = lp_workgroup(global_loadparm); + gensec_ntlmssp_state->domain = lp_workgroup(gensec_security->lp_ctx); gensec_ntlmssp_state->expected_state = NTLMSSP_NEGOTIATE; - gensec_ntlmssp_state->allow_lm_key = (lp_lanman_auth(global_loadparm) - && lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "allow_lm_key", false)); + gensec_ntlmssp_state->allow_lm_key = (lp_lanman_auth(gensec_security->lp_ctx) + && lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "allow_lm_key", false)); gensec_ntlmssp_state->server_multiple_authentications = false; @@ -762,23 +762,23 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security) gensec_ntlmssp_state->nt_resp = data_blob(NULL, 0); gensec_ntlmssp_state->encrypted_session_key = data_blob(NULL, 0); - if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "128bit", true)) { + if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "128bit", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128; } - if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "56bit", true)) { + if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "56bit", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56; } - if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "keyexchange", true)) { + if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "keyexchange", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH; } - if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "alwayssign", true)) { + if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "alwayssign", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN; } - if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "ntlm2", true)) { + if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "ntlm2", true)) { gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2; } @@ -792,7 +792,7 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security) nt_status = auth_context_create(gensec_ntlmssp_state, gensec_security->event_ctx, gensec_security->msg_ctx, - global_loadparm, + gensec_security->lp_ctx, &gensec_ntlmssp_state->auth_context); NT_STATUS_NOT_OK_RETURN(nt_status); @@ -800,7 +800,7 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security) gensec_ntlmssp_state->may_set_challenge = auth_ntlmssp_may_set_challenge; gensec_ntlmssp_state->set_challenge = auth_ntlmssp_set_challenge; gensec_ntlmssp_state->check_password = auth_ntlmssp_check_password; - gensec_ntlmssp_state->server_role = lp_server_role(global_loadparm); + gensec_ntlmssp_state->server_role = lp_server_role(gensec_security->lp_ctx); return NT_STATUS_OK; } diff --git a/source4/auth/session.c b/source4/auth/session.c index 0557187199..70cfc1a101 100644 --- a/source4/auth/session.c +++ b/source4/auth/session.c @@ -29,11 +29,12 @@ #include "auth/credentials/credentials.h" #include "param/param.h" -struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx) +struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx) { NTSTATUS nt_status; struct auth_session_info *session_info = NULL; - nt_status = auth_anonymous_session_info(mem_ctx, global_loadparm, &session_info); + nt_status = auth_anonymous_session_info(mem_ctx, lp_ctx, &session_info); if (!NT_STATUS_IS_OK(nt_status)) { return NULL; } diff --git a/source4/cldap_server/cldap_server.c b/source4/cldap_server/cldap_server.c index 477526a1f2..f2c3568469 100644 --- a/source4/cldap_server/cldap_server.c +++ b/source4/cldap_server/cldap_server.c @@ -181,7 +181,7 @@ static void cldapd_task_init(struct task_server *task) } cldapd->task = task; - cldapd->samctx = samdb_connect(cldapd, task->lp_ctx, anonymous_session(cldapd)); + cldapd->samctx = samdb_connect(cldapd, task->lp_ctx, anonymous_session(cldapd, task->lp_ctx)); if (cldapd->samctx == NULL) { task_server_terminate(task, "cldapd failed to open samdb"); return; diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c index 300fb478a8..59f4bb4067 100644 --- a/source4/kdc/kpasswdd.c +++ b/source4/kdc/kpasswdd.c @@ -458,7 +458,7 @@ bool kpasswdd_process(struct kdc_server *kdc, ap_req = data_blob_const(&input->data[header_len], ap_req_len); krb_priv_req = data_blob_const(&input->data[header_len + ap_req_len], krb_priv_len); - nt_status = gensec_server_start(tmp_ctx, kdc->task->event_ctx, kdc->task->msg_ctx, &gensec_security); + nt_status = gensec_server_start(tmp_ctx, kdc->task->event_ctx, kdc->task->lp_ctx, kdc->task->msg_ctx, &gensec_security); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(tmp_ctx); return false; diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c index 979a4b5283..874c9bfb49 100644 --- a/source4/ldap_server/ldap_bind.c +++ b/source4/ldap_server/ldap_bind.c @@ -143,6 +143,7 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) status = gensec_server_start(conn, conn->connection->event.ctx, + global_loadparm, conn->connection->msg_ctx, &conn->gensec); if (!NT_STATUS_IS_OK(status)) { diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/ldap_bind.c index d285735d4e..60bfb52e2d 100644 --- a/source4/libcli/ldap/ldap_bind.c +++ b/source4/libcli/ldap/ldap_bind.c @@ -29,6 +29,7 @@ #include "auth/gensec/socket.h" #include "auth/credentials/credentials.h" #include "lib/stream/packet.h" +#include "param/param.h" struct ldap_simple_creds { const char *dn; @@ -217,7 +218,7 @@ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn, struct cli_credentials *cr NULL }; - status = gensec_client_start(conn, &conn->gensec, NULL); + status = gensec_client_start(conn, &conn->gensec, NULL, global_loadparm); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("Failed to start GENSEC engine (%s)\n", nt_errstr(status))); goto failed; diff --git a/source4/libcli/smb2/session.c b/source4/libcli/smb2/session.c index 462f60d2c2..c85dc91579 100644 --- a/source4/libcli/smb2/session.c +++ b/source4/libcli/smb2/session.c @@ -25,8 +25,9 @@ #include "libcli/smb2/smb2_calls.h" #include "libcli/composite/composite.h" #include "auth/gensec/gensec.h" +#include "param/param.h" -/* +/** initialise a smb2_session structure */ struct smb2_session *smb2_session_init(struct smb2_transport *transport, @@ -47,7 +48,8 @@ struct smb2_session *smb2_session_init(struct smb2_transport *transport, /* prepare a gensec context for later use */ status = gensec_client_start(session, &session->gensec, - session->transport->socket->event.ctx); + session->transport->socket->event.ctx, + global_loadparm); if (!NT_STATUS_IS_OK(status)) { talloc_free(session); return NULL; @@ -58,7 +60,7 @@ struct smb2_session *smb2_session_init(struct smb2_transport *transport, return session; } -/* +/** send a session setup request */ struct smb2_request *smb2_session_setup_send(struct smb2_session *session, @@ -91,7 +93,7 @@ struct smb2_request *smb2_session_setup_send(struct smb2_session *session, } -/* +/** recv a session setup reply */ NTSTATUS smb2_session_setup_recv(struct smb2_request *req, TALLOC_CTX *mem_ctx, diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c index a726860647..3ed0bb2473 100644 --- a/source4/libcli/smb_composite/sesssetup.c +++ b/source4/libcli/smb_composite/sesssetup.c @@ -365,7 +365,8 @@ static NTSTATUS session_setup_spnego(struct composite_context *c, smbcli_temp_set_signing(session->transport); - status = gensec_client_start(session, &session->gensec, c->event_ctx); + status = gensec_client_start(session, &session->gensec, c->event_ctx, + global_loadparm); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start GENSEC client mode: %s\n", nt_errstr(status))); return status; diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c index 0fb898c562..0012b38f2e 100644 --- a/source4/librpc/rpc/dcerpc_auth.c +++ b/source4/librpc/rpc/dcerpc_auth.c @@ -25,6 +25,7 @@ #include "libcli/composite/composite.h" #include "auth/gensec/gensec.h" #include "librpc/rpc/dcerpc.h" +#include "param/param.h" /* return the rpc syntax and transfer syntax given the pipe uuid and version @@ -238,7 +239,8 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx, sec = &p->conn->security_state; c->status = gensec_client_start(p, &sec->generic_state, - p->conn->event_ctx); + p->conn->event_ctx, + global_loadparm); if (!NT_STATUS_IS_OK(c->status)) { DEBUG(1, ("Failed to start GENSEC client mode: %s\n", nt_errstr(c->status))); diff --git a/source4/nbt_server/dgram/netlogon.c b/source4/nbt_server/dgram/netlogon.c index ab6588348f..153d3ccfdd 100644 --- a/source4/nbt_server/dgram/netlogon.c +++ b/source4/nbt_server/dgram/netlogon.c @@ -53,7 +53,7 @@ static void nbtd_netlogon_getdc(struct dgram_mailslot_handler *dgmslot, return; } - samctx = samdb_connect(packet, global_loadparm, anonymous_session(packet)); + samctx = samdb_connect(packet, global_loadparm, anonymous_session(packet, global_loadparm)); if (samctx == NULL) { DEBUG(2,("Unable to open sam in getdc reply\n")); return; @@ -123,7 +123,7 @@ static void nbtd_netlogon_getdc2(struct dgram_mailslot_handler *dgmslot, return; } - samctx = samdb_connect(packet, global_loadparm, anonymous_session(packet)); + samctx = samdb_connect(packet, global_loadparm, anonymous_session(packet, global_loadparm)); if (samctx == NULL) { DEBUG(2,("Unable to open sam in getdc reply\n")); return; diff --git a/source4/nbt_server/nbt_server.c b/source4/nbt_server/nbt_server.c index 6e669f1930..30c64db129 100644 --- a/source4/nbt_server/nbt_server.c +++ b/source4/nbt_server/nbt_server.c @@ -28,6 +28,7 @@ #include "lib/socket/netif.h" #include "auth/auth.h" #include "dsdb/samdb/samdb.h" +#include "param/param.h" /* startup the nbtd task @@ -62,7 +63,7 @@ static void nbtd_task_init(struct task_server *task) return; } - nbtsrv->sam_ctx = samdb_connect(nbtsrv, task->lp_ctx, anonymous_session(nbtsrv)); + nbtsrv->sam_ctx = samdb_connect(nbtsrv, task->lp_ctx, anonymous_session(nbtsrv, global_loadparm)); if (nbtsrv->sam_ctx == NULL) { task_server_terminate(task, "nbtd failed to open samdb"); return; diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c index 2d15f9c019..be5464c8e6 100644 --- a/source4/param/loadparm.c +++ b/source4/param/loadparm.c @@ -2468,7 +2468,7 @@ bool lp_load(const char *filename) lp_do_global_parameter(lp_ctx, "wins server", "127.0.0.1"); } - init_iconv(); + close_iconv(); return bRetval; } diff --git a/source4/rpc_server/common/server_info.c b/source4/rpc_server/common/server_info.c index 6896c9fada..6275e35c6c 100644 --- a/source4/rpc_server/common/server_info.c +++ b/source4/rpc_server/common/server_info.c @@ -118,7 +118,7 @@ _PUBLIC_ uint32_t dcesrv_common_get_server_type(TALLOC_CTX *mem_ctx, struct dces break; } /* open main ldb */ - samctx = samdb_connect(tmp_ctx, global_loadparm, anonymous_session(tmp_ctx)); + samctx = samdb_connect(tmp_ctx, global_loadparm, anonymous_session(tmp_ctx, global_loadparm)); if (samctx == NULL) { DEBUG(2,("Unable to open samdb in determining server announce flags\n")); } else { diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c index 0ce55dd069..4656b1d49c 100644 --- a/source4/rpc_server/dcesrv_auth.c +++ b/source4/rpc_server/dcesrv_auth.c @@ -59,7 +59,7 @@ bool dcesrv_auth_bind(struct dcesrv_call_state *call) return false; } - status = gensec_server_start(dce_conn, call->event_ctx, call->msg_ctx, &auth->gensec_security); + status = gensec_server_start(dce_conn, call->event_ctx, global_loadparm, call->msg_ctx, &auth->gensec_security); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start GENSEC for DCERPC server: %s\n", nt_errstr(status))); return false; diff --git a/source4/smb_server/smb/negprot.c b/source4/smb_server/smb/negprot.c index 7ab4c7d352..81cfe43137 100644 --- a/source4/smb_server/smb/negprot.c +++ b/source4/smb_server/smb/negprot.c @@ -352,6 +352,7 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice) nt_status = gensec_server_start(req->smb_conn, req->smb_conn->connection->event.ctx, + global_loadparm, req->smb_conn->connection->msg_ctx, &gensec_security); if (!NT_STATUS_IS_OK(nt_status)) { diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index d96ebb6cce..d78f4050cf 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -380,6 +380,7 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se status = gensec_server_start(req, req->smb_conn->connection->event.ctx, + global_loadparm, req->smb_conn->connection->msg_ctx, &gensec_ctx); if (!NT_STATUS_IS_OK(status)) { diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 78c17aa03e..30160c9d5d 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -39,6 +39,7 @@ static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB * nt_status = gensec_server_start(req, req->smb_conn->connection->event.ctx, + global_loadparm, req->smb_conn->connection->msg_ctx, &gensec_security); if (!NT_STATUS_IS_OK(nt_status)) { diff --git a/source4/smb_server/smb2/sesssetup.c b/source4/smb_server/smb2/sesssetup.c index 7d72193e6e..5c8d0144be 100644 --- a/source4/smb_server/smb2/sesssetup.c +++ b/source4/smb_server/smb2/sesssetup.c @@ -28,6 +28,7 @@ #include "smb_server/service_smb_proto.h" #include "smb_server/smb2/smb2_server.h" #include "smbd/service_stream.h" +#include "param/param.h" static void smb2srv_sesssetup_send(struct smb2srv_request *req, union smb_sesssetup *io) { @@ -121,6 +122,7 @@ static void smb2srv_sesssetup_backend(struct smb2srv_request *req, union smb_ses status = gensec_server_start(req, req->smb_conn->connection->event.ctx, + global_loadparm, req->smb_conn->connection->msg_ctx, &gensec_ctx); if (!NT_STATUS_IS_OK(status)) { diff --git a/source4/smbd/process_standard.c b/source4/smbd/process_standard.c index 07fdccdb36..1d254f3927 100644 --- a/source4/smbd/process_standard.c +++ b/source4/smbd/process_standard.c @@ -195,9 +195,9 @@ _NORETURN_ static void standard_terminate(struct event_context *ev, const char * { DEBUG(2,("standard_terminate: reason[%s]\n",reason)); - /* this init_iconv() has the effect of freeing the iconv context memory, + /* this close_iconv() has the effect of freeing the iconv context memory, which makes leak checking easier */ - init_iconv(); + close_iconv(); /* the secrets db should really hang off the connection structure */ secrets_shutdown(); diff --git a/source4/torture/auth/ntlmssp.c b/source4/torture/auth/ntlmssp.c index 23269a0160..f2cc0a9182 100644 --- a/source4/torture/auth/ntlmssp.c +++ b/source4/torture/auth/ntlmssp.c @@ -32,7 +32,7 @@ static bool torture_ntlmssp_self_check(struct torture_context *tctx) TALLOC_CTX *mem_ctx = tctx; torture_assert_ntstatus_ok(tctx, - gensec_client_start(mem_ctx, &gensec_security, NULL), + gensec_client_start(mem_ctx, &gensec_security, NULL, tctx->lp_ctx), "gensec client start"); gensec_set_credentials(gensec_security, cmdline_credentials); @@ -86,7 +86,7 @@ static bool torture_ntlmssp_self_check(struct torture_context *tctx) talloc_free(gensec_security); torture_assert_ntstatus_ok(tctx, - gensec_client_start(mem_ctx, &gensec_security, NULL), + gensec_client_start(mem_ctx, &gensec_security, NULL, tctx->lp_ctx), "Failed to start GENSEC for NTLMSSP"); gensec_set_credentials(gensec_security, cmdline_credentials); diff --git a/source4/torture/masktest.c b/source4/torture/masktest.c index d9ac271119..9f47a6839f 100644 --- a/source4/torture/masktest.c +++ b/source4/torture/masktest.c @@ -309,7 +309,7 @@ static void usage(void) seed = time(NULL); - init_iconv(); + close_iconv(); while ((opt = getopt(argc, argv, "n:d:U:s:hm:f:aoW:M:vEl:")) != EOF) { switch (opt) { diff --git a/source4/torture/smbtorture.c b/source4/torture/smbtorture.c index 75260e1277..ef6484ebc9 100644 --- a/source4/torture/smbtorture.c +++ b/source4/torture/smbtorture.c @@ -50,7 +50,7 @@ static bool run_matching(struct torture_context *torture, for (o = torture_root->children; o; o = o->next) { if (gen_fnmatch(expr, o->name) == 0) { *matched = true; - init_iconv(); + close_iconv(); ret &= torture_run_suite(torture, o); continue; } @@ -67,7 +67,7 @@ static bool run_matching(struct torture_context *torture, if (gen_fnmatch(expr, name) == 0) { *matched = true; - init_iconv(); + close_iconv(); torture->active_testname = talloc_strdup(torture, prefix); ret &= torture_run_suite(torture, c); free(name); @@ -83,7 +83,7 @@ static bool run_matching(struct torture_context *torture, asprintf(&name, "%s-%s", prefix, t->name); if (gen_fnmatch(expr, name) == 0) { *matched = true; - init_iconv(); + close_iconv(); torture->active_testname = talloc_strdup(torture, prefix); ret &= torture_run_tcase(torture, t); talloc_free(torture->active_testname); diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c index f76eb8390a..cb2fbd63c1 100644 --- a/source4/utils/ntlm_auth.c +++ b/source4/utils/ntlm_auth.c @@ -458,7 +458,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode, case NTLMSSP_CLIENT_1: /* setup the client side */ - nt_status = gensec_client_start(NULL, &state->gensec_state, NULL); + nt_status = gensec_client_start(NULL, &state->gensec_state, NULL, lp_ctx); if (!NT_STATUS_IS_OK(nt_status)) { exit(1); } @@ -474,7 +474,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode, if (!msg) { exit(1); } - if (!NT_STATUS_IS_OK(gensec_server_start(state, ev, msg, &state->gensec_state))) { + if (!NT_STATUS_IS_OK(gensec_server_start(state, ev, lp_ctx, msg, &state->gensec_state))) { exit(1); } break; |