7 files changed, 56 insertions, 28 deletions

diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
index bd8e60d4bd..16ea51e6ff 100644
--- a/source4/librpc/rpc/dcerpc.c
+++ b/source4/librpc/rpc/dcerpc.c
@@ -31,9 +31,9 @@
 #include "auth/gensec/gensec.h"
 #include "param/param.h"
 
-_PUBLIC_ NTSTATUS dcerpc_init(void)
+_PUBLIC_ NTSTATUS dcerpc_init(struct loadparm_context *lp_ctx)
 {
-	return gensec_init(global_loadparm);
+	return gensec_init(lp_ctx);
 }
 
 static void dcerpc_connection_dead(struct dcerpc_connection *conn, NTSTATUS status);
@@ -1457,8 +1457,9 @@ _PUBLIC_ NTSTATUS dcerpc_ndr_request_recv(struct rpc_request *req)
 	ndr_err = call->ndr_pull(pull, NDR_OUT, r);
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 		status = ndr_map_error2ntstatus(ndr_err);
-		dcerpc_log_packet(table, opnum, NDR_OUT, 
-				  &response);
+		dcerpc_log_packet(p->conn->packet_log_dir,
+						  table, opnum, NDR_OUT, 
+						  &response);
 		return status;
 	}
 
@@ -1467,7 +1468,8 @@ _PUBLIC_ NTSTATUS dcerpc_ndr_request_recv(struct rpc_request *req)
 						 call->ndr_push, call->ndr_pull, 
 						 call->ndr_print);
 		if (!NT_STATUS_IS_OK(status)) {
-			dcerpc_log_packet(table, opnum, NDR_OUT, 
+			dcerpc_log_packet(p->conn->packet_log_dir, 
+							  table, opnum, NDR_OUT, 
 				  &response);
 			return status;
 		}
diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h
index cc8d3d1429..6b9d61dd0f 100644
--- a/source4/librpc/rpc/dcerpc.h
+++ b/source4/librpc/rpc/dcerpc.h
@@ -40,6 +40,7 @@ enum dcerpc_transport_t {
   this defines a generic security context for signed/sealed dcerpc pipes.
 */
 struct dcerpc_connection;
+struct gensec_settings;
 struct dcerpc_security {
 	struct dcerpc_auth *auth_info;
 	struct gensec_security *generic_state;
@@ -61,6 +62,9 @@ struct dcerpc_connection {
 	struct event_context *event_ctx;
 	struct smb_iconv_convenience *iconv_convenience;
 
+	/** Directory in which to save ndrdump-parseable files */
+	const char *packet_log_dir;
+
 	bool dead;
 	bool free_skipped;
 
@@ -109,10 +113,10 @@ struct dcerpc_pipe {
 	struct dcerpc_connection *conn;
 	struct dcerpc_binding *binding;
 
-	/* the last fault code from a DCERPC fault */
+	/** the last fault code from a DCERPC fault */
 	uint32_t last_fault_code;
 
-	/* timeout for individual rpc requests, in seconds */
+	/** timeout for individual rpc requests, in seconds */
 	uint32_t request_timeout;
 };
 
@@ -305,7 +309,7 @@ NTSTATUS dcerpc_bind_auth_schannel(TALLOC_CTX *tmp_ctx,
 				   struct loadparm_context *lp_ctx,
 				   uint8_t auth_level);
 struct event_context *dcerpc_event_context(struct dcerpc_pipe *p);
-NTSTATUS dcerpc_init(void);
+NTSTATUS dcerpc_init(struct loadparm_context *lp_ctx);
 struct smbcli_tree *dcerpc_smb_tree(struct dcerpc_connection *c);
 uint16_t dcerpc_smb_fnum(struct dcerpc_connection *c);
 NTSTATUS dcerpc_secondary_context(struct dcerpc_pipe *p, 
@@ -319,7 +323,7 @@ NTSTATUS dcerpc_alter_context(struct dcerpc_pipe *p,
 NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p,
 			  const struct ndr_interface_table *table,
 			  struct cli_credentials *credentials,
-			  struct loadparm_context *lp_ctx,
+			  struct gensec_settings *gensec_settings,
 			  uint8_t auth_type, uint8_t auth_level,
 			  const char *service);
 struct composite_context* dcerpc_pipe_connect_send(TALLOC_CTX *parent_ctx,
@@ -345,9 +349,10 @@ NTSTATUS dcerpc_secondary_auth_connection_recv(struct composite_context *c,
 
 struct composite_context* dcerpc_secondary_connection_send(struct dcerpc_pipe *p,
 							   struct dcerpc_binding *b);
-void dcerpc_log_packet(const struct ndr_interface_table *ndr,
-		       uint32_t opnum, uint32_t flags, 
-		       DATA_BLOB *pkt);
+void dcerpc_log_packet(const char *lockdir, 
+					   const struct ndr_interface_table *ndr,
+					   uint32_t opnum, uint32_t flags, 
+					   DATA_BLOB *pkt);
 NTSTATUS dcerpc_binding_build_tower(TALLOC_CTX *mem_ctx, struct dcerpc_binding *binding, struct epm_tower *tower);
 
 NTSTATUS dcerpc_floor_get_lhs_data(struct epm_floor *epm_floor, struct ndr_syntax_id *syntax);
diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c
index 2eced55967..14f0f9deb4 100644
--- a/source4/librpc/rpc/dcerpc_auth.c
+++ b/source4/librpc/rpc/dcerpc_auth.c
@@ -222,7 +222,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
 						struct dcerpc_pipe *p,
 						const struct ndr_interface_table *table,
 						struct cli_credentials *credentials,
-						struct loadparm_context *lp_ctx,
+						struct gensec_settings *gensec_settings,
 						uint8_t auth_type, uint8_t auth_level,
 						const char *service)
 {
@@ -251,7 +251,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
 
 	c->status = gensec_client_start(p, &sec->generic_state,
 					p->conn->event_ctx,
-					lp_ctx);
+					gensec_settings);
 	if (!NT_STATUS_IS_OK(c->status)) {
 		DEBUG(1, ("Failed to start GENSEC client mode: %s\n",
 			  nt_errstr(c->status)));
@@ -291,7 +291,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
 						  auth_type, auth_level);
 	if (!NT_STATUS_IS_OK(c->status)) {
 		DEBUG(1, ("Failed to start GENSEC client mechanism %s: %s\n",
-			  gensec_get_name_by_authtype(auth_type),
+			  gensec_get_name_by_authtype(sec->generic_state, auth_type),
 			  nt_errstr(c->status)));
 		composite_error(c, c->status);
 		return c;
@@ -387,12 +387,12 @@ NTSTATUS dcerpc_bind_auth_recv(struct composite_context *creq)
 _PUBLIC_ NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p,
 			  const struct ndr_interface_table *table,
 			  struct cli_credentials *credentials,
-			  struct loadparm_context *lp_ctx,
+			  struct gensec_settings *gensec_settings,
 			  uint8_t auth_type, uint8_t auth_level,
 			  const char *service)
 {
 	struct composite_context *creq;
-	creq = dcerpc_bind_auth_send(p, p, table, credentials, lp_ctx,
+	creq = dcerpc_bind_auth_send(p, p, table, credentials, gensec_settings,
 				     auth_type, auth_level, service);
 	return dcerpc_bind_auth_recv(creq);
 }
diff --git a/source4/librpc/rpc/dcerpc_connect.c b/source4/librpc/rpc/dcerpc_connect.c
index 9583fcdc02..32485f5653 100644
--- a/source4/librpc/rpc/dcerpc_connect.c
+++ b/source4/librpc/rpc/dcerpc_connect.c
@@ -116,10 +116,11 @@ static struct composite_context *dcerpc_pipe_connect_ncacn_np_smb_send(TALLOC_CT
 		conn->in.called_name = "*SMBSERVER"; /* FIXME: This is invalid */
 	else
 		conn->in.called_name            = s->io.binding->target_hostname;
+	conn->in.socket_options         = lp_socket_options(lp_ctx);
 	conn->in.service                = "IPC$";
 	conn->in.service_type           = NULL;
 	conn->in.workgroup		= lp_workgroup(lp_ctx);
-
+	conn->in.gensec_settings = lp_gensec_settings(conn, lp_ctx);
 	conn->in.iconv_convenience = lp_iconv_convenience(lp_ctx);
 
 	lp_smbcli_options(lp_ctx, &conn->in.options);
@@ -247,11 +248,16 @@ static struct composite_context *dcerpc_pipe_connect_ncacn_np_smb2_send(
 	lp_smbcli_options(lp_ctx, &options);
 
 	/* send smb2 connect request */
-	conn_req = smb2_connect_send(mem_ctx, s->io.binding->host, "IPC$", 
+	conn_req = smb2_connect_send(mem_ctx, s->io.binding->host, 
+			lp_parm_string_list(mem_ctx, lp_ctx, NULL, "smb2", "ports", NULL),
+					"IPC$", 
 				     s->io.resolve_ctx,
 				     s->io.creds,
 				     c->event_ctx,
-				     &options);
+				     &options,
+					 lp_socket_options(lp_ctx),
+					 lp_gensec_settings(mem_ctx, lp_ctx)
+					 );
 	composite_continue(c, conn_req, continue_smb2_connect, c);
 	return c;
 }
@@ -740,6 +746,9 @@ _PUBLIC_ struct composite_context* dcerpc_pipe_connect_b_send(TALLOC_CTX *parent
 	s->pipe = dcerpc_pipe_init(c, ev, lp_iconv_convenience(lp_ctx));
 	if (composite_nomem(s->pipe, c)) return c;
 
+	if (DEBUGLEVEL >= 10)
+		s->pipe->conn->packet_log_dir = lp_lockdir(lp_ctx);
+
 	/* store parameters in state structure */
 	s->binding      = binding;
 	s->table        = table;
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c
index 13bbc3d51f..e3add82bf2 100644
--- a/source4/librpc/rpc/dcerpc_schannel.c
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -29,6 +29,7 @@
 #include "librpc/gen_ndr/ndr_netlogon_c.h"
 #include "auth/credentials/credentials.h"
 #include "librpc/rpc/dcerpc_proto.h"
+#include "param/param.h"
 
 struct schannel_key_state {
 	struct dcerpc_pipe *pipe;
@@ -319,7 +320,7 @@ static void continue_schannel_key(struct composite_context *ctx)
 
 	/* send bind auth request with received creds */
 	auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table, s->credentials, 
-					 s->lp_ctx,
+					 lp_gensec_settings(c, s->lp_ctx),
 					 DCERPC_AUTH_TYPE_SCHANNEL, s->auth_level,
 					 NULL);
 	if (composite_nomem(auth_req, c)) return;
diff --git a/source4/librpc/rpc/dcerpc_secondary.c b/source4/librpc/rpc/dcerpc_secondary.c
index b4d5d05b61..8ac235c67c 100644
--- a/source4/librpc/rpc/dcerpc_secondary.c
+++ b/source4/librpc/rpc/dcerpc_secondary.c
@@ -75,6 +75,9 @@ _PUBLIC_ struct composite_context* dcerpc_secondary_connection_send(struct dcerp
 	s->pipe2 = dcerpc_pipe_init(c, s->pipe->conn->event_ctx, s->pipe->conn->iconv_convenience);
 	if (composite_nomem(s->pipe2, c)) return c;
 
+	if (DEBUGLEVEL >= 10)
+		s->pipe2->conn->packet_log_dir = s->pipe->conn->packet_log_dir;
+
 	/* open second dcerpc pipe using the same transport as for primary pipe */
 	switch (s->pipe->conn->transport.transport) {
 	case NCACN_NP:
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
index 32646e85b0..1847b20ee7 100644
--- a/source4/librpc/rpc/dcerpc_util.c
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -421,7 +421,8 @@ static void continue_ntlmssp_connection(struct composite_context *ctx)
 
 	/* initiate a authenticated bind */
 	auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
-					 s->credentials, s->lp_ctx,
+					 s->credentials, 
+					 lp_gensec_settings(c, s->lp_ctx),
 					 DCERPC_AUTH_TYPE_NTLMSSP,
 					 dcerpc_auth_level(s->pipe->conn),
 					 s->table->authservices->names[0]);
@@ -453,7 +454,9 @@ static void continue_spnego_after_wrong_pass(struct composite_context *ctx)
 
 	/* initiate a authenticated bind */
 	auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
-					 s->credentials, s->lp_ctx, DCERPC_AUTH_TYPE_SPNEGO,
+					 s->credentials, 
+					 lp_gensec_settings(c, s->lp_ctx), 
+					 DCERPC_AUTH_TYPE_SPNEGO,
 					 dcerpc_auth_level(s->pipe->conn),
 					 s->table->authservices->names[0]);
 	composite_continue(c, auth_req, continue_auth, c);
@@ -572,7 +575,9 @@ struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p,
 	} else {
 		/* try SPNEGO with fallback to NTLMSSP */
 		auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
-						 s->credentials, s->lp_ctx, DCERPC_AUTH_TYPE_SPNEGO,
+						 s->credentials, 
+						 lp_gensec_settings(c, s->lp_ctx), 
+						 DCERPC_AUTH_TYPE_SPNEGO,
 						 dcerpc_auth_level(conn),
 						 s->table->authservices->names[0]);
 		composite_continue(c, auth_req, continue_auth_auto, c);
@@ -580,7 +585,9 @@ struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p,
 	}
 
 	auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
-					 s->credentials, s->lp_ctx, auth_type,
+					 s->credentials, 
+					 lp_gensec_settings(c, s->lp_ctx), 
+					 auth_type,
 					 dcerpc_auth_level(conn),
 					 s->table->authservices->names[0]);
 	composite_continue(c, auth_req, continue_auth, c);
@@ -671,19 +678,20 @@ _PUBLIC_ NTSTATUS dcerpc_fetch_session_key(struct dcerpc_pipe *p,
 
   this triggers on a debug level of >= 10
 */
-_PUBLIC_ void dcerpc_log_packet(const struct ndr_interface_table *ndr,
+_PUBLIC_ void dcerpc_log_packet(const char *lockdir,
+								const struct ndr_interface_table *ndr,
 		       uint32_t opnum, uint32_t flags, 
 		       DATA_BLOB *pkt)
 {
 	const int num_examples = 20;
 	int i;
 
-	if (DEBUGLEVEL < 10) return;
+	if (lockdir == NULL) return;
 
 	for (i=0;i<num_examples;i++) {
 		char *name=NULL;
 		asprintf(&name, "%s/rpclog/%s-%u.%d.%s", 
-			 lp_lockdir(global_loadparm), ndr->name, opnum, i,
+			 lockdir, ndr->name, opnum, i,
 			 (flags&NDR_IN)?"in":"out");
 		if (name == NULL) {
 			return;