diff options
Diffstat (limited to 'source4')
-rw-r--r-- | source4/auth/gensec/gensec_gssapi.c | 2 | ||||
-rw-r--r-- | source4/auth/gensec/gensec_krb5.c | 4 | ||||
-rw-r--r-- | source4/auth/kerberos/kerberos.h | 4 | ||||
-rw-r--r-- | source4/auth/kerberos/kerberos_pac.c | 11 | ||||
-rw-r--r-- | source4/kdc/hdb-ldb.c | 10 | ||||
-rw-r--r-- | source4/lib/tdr/tdr.c | 2 | ||||
-rw-r--r-- | source4/torture/auth/pac.c | 34 | ||||
-rw-r--r-- | source4/torture/rap/rap.c | 29 | ||||
-rw-r--r-- | source4/torture/rpc/samba3rpc.c | 7 |
9 files changed, 70 insertions, 33 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 8361b115d7..d8cdb90197 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -1298,7 +1298,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi } /* decode and verify the pac */ - nt_status = kerberos_pac_logon_info(mem_ctx, &logon_info, pac_blob, + nt_status = kerberos_pac_logon_info(mem_ctx, lp_iconv_convenience(gensec_security->lp_ctx), &logon_info, pac_blob, gensec_gssapi_state->smb_krb5_context->krb5_context, NULL, keyblock, principal, authtime, NULL); krb5_free_principal(gensec_gssapi_state->smb_krb5_context->krb5_context, principal); diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index d9addcaa3c..88432c7f89 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -617,7 +617,9 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security } /* decode and verify the pac */ - nt_status = kerberos_pac_logon_info(gensec_krb5_state, &logon_info, pac, + nt_status = kerberos_pac_logon_info(gensec_krb5_state, + lp_iconv_convenience(gensec_security->lp_ctx), + &logon_info, pac, gensec_krb5_state->smb_krb5_context->krb5_context, NULL, gensec_krb5_state->keyblock, client_principal, diff --git a/source4/auth/kerberos/kerberos.h b/source4/auth/kerberos/kerberos.h index bafd58a048..8585aa321b 100644 --- a/source4/auth/kerberos/kerberos.h +++ b/source4/auth/kerberos/kerberos.h @@ -111,6 +111,7 @@ krb5_error_code principal_from_credentials(TALLOC_CTX *parent_ctx, struct smb_krb5_context *smb_krb5_context, krb5_principal *princ); NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, + struct smb_iconv_convenience *iconv_convenience, struct PAC_DATA **pac_data_out, DATA_BLOB blob, krb5_context context, @@ -120,6 +121,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, time_t tgs_authtime, krb5_error_code *k5ret); NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx, + struct smb_iconv_convenience *iconv_convenience, struct PAC_LOGON_INFO **logon_info, DATA_BLOB blob, krb5_context context, @@ -129,12 +131,14 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, time_t tgs_authtime, krb5_error_code *k5ret); krb5_error_code kerberos_encode_pac(TALLOC_CTX *mem_ctx, + struct smb_iconv_convenience *iconv_convenience, struct PAC_DATA *pac_data, krb5_context context, const krb5_keyblock *krbtgt_keyblock, const krb5_keyblock *service_keyblock, DATA_BLOB *pac); krb5_error_code kerberos_create_pac(TALLOC_CTX *mem_ctx, + struct smb_iconv_convenience *iconv_convenience, struct auth_serversupplied_info *server_info, krb5_context context, const krb5_keyblock *krbtgt_keyblock, diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c index c46e06bc72..e485f75302 100644 --- a/source4/auth/kerberos/kerberos_pac.c +++ b/source4/auth/kerberos/kerberos_pac.c @@ -66,6 +66,7 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, } NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, + struct smb_iconv_convenience *iconv_convenience, struct PAC_DATA **pac_data_out, DATA_BLOB blob, krb5_context context, @@ -86,7 +87,6 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, struct PAC_LOGON_NAME *logon_name = NULL; struct PAC_DATA *pac_data; struct PAC_DATA_RAW *pac_data_raw; - struct smb_iconv_convenience *iconv_convenience = lp_iconv_convenience(global_loadparm); DATA_BLOB *srv_sig_blob = NULL; DATA_BLOB *kdc_sig_blob = NULL; @@ -340,6 +340,7 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx, } _PUBLIC_ NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx, + struct smb_iconv_convenience *iconv_convenience, struct PAC_LOGON_INFO **logon_info, DATA_BLOB blob, krb5_context context, @@ -352,7 +353,9 @@ _PUBLIC_ NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx, NTSTATUS nt_status; struct PAC_DATA *pac_data; int i; - nt_status = kerberos_decode_pac(mem_ctx, &pac_data, + nt_status = kerberos_decode_pac(mem_ctx, + iconv_convenience, + &pac_data, blob, context, krbtgt_keyblock, @@ -423,6 +426,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx, } krb5_error_code kerberos_encode_pac(TALLOC_CTX *mem_ctx, + struct smb_iconv_convenience *iconv_convenience, struct PAC_DATA *pac_data, krb5_context context, const krb5_keyblock *krbtgt_keyblock, @@ -437,7 +441,6 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx, struct PAC_SIGNATURE_DATA *kdc_checksum = NULL; struct PAC_SIGNATURE_DATA *srv_checksum = NULL; int i; - struct smb_iconv_convenience *iconv_convenience = lp_iconv_convenience(global_loadparm); /* First, just get the keytypes filled in (and lengths right, eventually) */ for (i=0; i < pac_data->num_buffers; i++) { @@ -528,6 +531,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx, krb5_error_code kerberos_create_pac(TALLOC_CTX *mem_ctx, + struct smb_iconv_convenience *iconv_convenience, struct auth_serversupplied_info *server_info, krb5_context context, const krb5_keyblock *krbtgt_keyblock, @@ -640,6 +644,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx, unix_to_nt_time(&LOGON_NAME->logon_time, tgs_authtime); ret = kerberos_encode_pac(mem_ctx, + iconv_convenience, pac_data, context, krbtgt_keyblock, diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c index 51726a03c3..d8877655c9 100644 --- a/source4/kdc/hdb-ldb.c +++ b/source4/kdc/hdb-ldb.c @@ -180,6 +180,7 @@ static void hdb_ldb_free_entry(krb5_context context, hdb_entry_ex *entry_ex) } static krb5_error_code LDB_message2entry_keys(krb5_context context, + struct smb_iconv_convenience *iconv_convenience, TALLOC_CTX *mem_ctx, struct ldb_message *msg, unsigned int userAccountControl, @@ -213,7 +214,7 @@ static krb5_error_code LDB_message2entry_keys(krb5_context context, /* supplementalCredentials if present */ if (sc_val) { - ndr_err = ndr_pull_struct_blob_all(sc_val, mem_ctx, lp_iconv_convenience(global_loadparm), &scb, + ndr_err = ndr_pull_struct_blob_all(sc_val, mem_ctx, iconv_convenience, &scb, (ndr_pull_flags_fn_t)ndr_pull_supplementalCredentialsBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { dump_data(0, sc_val->data, sc_val->length); @@ -250,7 +251,7 @@ static krb5_error_code LDB_message2entry_keys(krb5_context context, talloc_steal(mem_ctx, blob.data); /* TODO: use ndr_pull_struct_blob_all(), when the ndr layer handles it correct with relative pointers */ - ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, lp_iconv_convenience(global_loadparm), &_pkb, + ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, iconv_convenience, &_pkb, (ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { krb5_set_error_string(context, "LDB_message2entry_keys: could not parse package_PrimaryKerberosBlob"); @@ -393,6 +394,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, krb5_boolean is_computer = FALSE; const char *dnsdomain = ldb_msg_find_attr_as_string(realm_ref_msg, "dnsRoot", NULL); char *realm = strupper_talloc(mem_ctx, dnsdomain); + struct loadparm_context *lp_ctx = ldb_get_opaque((struct ldb_context *)db->hdb_db, "loadparm"); struct ldb_dn *domain_dn = samdb_result_dn((struct ldb_context *)db->hdb_db, mem_ctx, realm_ref_msg, @@ -481,7 +483,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, entry_ex->entry.flags.ok_as_delegate = 1; } - if (lp_parm_bool(global_loadparm, NULL, "kdc", "require spn for service", true)) { + if (lp_parm_bool(lp_ctx, NULL, "kdc", "require spn for service", true)) { if (!is_computer && !ldb_msg_find_attr_as_string(msg, "servicePrincipalName", NULL)) { entry_ex->entry.flags.server = 0; } @@ -544,7 +546,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, entry_ex->entry.generation = NULL; /* Get keys from the db */ - ret = LDB_message2entry_keys(context, private, msg, userAccountControl, entry_ex); + ret = LDB_message2entry_keys(context, lp_iconv_convenience(lp_ctx), private, msg, userAccountControl, entry_ex); if (ret) { /* Could be bougus data in the entry, or out of memory */ goto out; diff --git a/source4/lib/tdr/tdr.c b/source4/lib/tdr/tdr.c index f75cac9810..2ad099174d 100644 --- a/source4/lib/tdr/tdr.c +++ b/source4/lib/tdr/tdr.c @@ -154,7 +154,7 @@ NTSTATUS tdr_pull_charset(struct tdr_pull *tdr, TALLOC_CTX *ctx, const char **v, TDR_PULL_NEED_BYTES(tdr, el_size*length); - ret = convert_string_talloc(ctx, lp_iconv_convenience(global_loadparm), chset, CH_UNIX, tdr->data.data+tdr->offset, el_size*length, discard_const_p(void *, v)); + ret = convert_string_talloc(ctx, tdr->iconv_convenience, chset, CH_UNIX, tdr->data.data+tdr->offset, el_size*length, discard_const_p(void *, v)); if (ret == -1) { return NT_STATUS_INVALID_PARAMETER; diff --git a/source4/torture/auth/pac.c b/source4/torture/auth/pac.c index efb36e3ef8..68bbd3483a 100644 --- a/source4/torture/auth/pac.c +++ b/source4/torture/auth/pac.c @@ -112,7 +112,9 @@ static bool torture_pac_self_check(struct torture_context *tctx) } /* OK, go ahead and make a PAC */ - ret = kerberos_create_pac(mem_ctx, server_info, + ret = kerberos_create_pac(mem_ctx, + lp_iconv_convenience(tctx->lp_ctx), + server_info, smb_krb5_context->krb5_context, &krbtgt_keyblock, &server_keyblock, @@ -137,7 +139,9 @@ static bool torture_pac_self_check(struct torture_context *tctx) dump_data(10,tmp_blob.data,tmp_blob.length); /* Now check that we can read it back */ - nt_status = kerberos_decode_pac(mem_ctx, &pac_data, + nt_status = kerberos_decode_pac(mem_ctx, + lp_iconv_convenience(tctx->lp_ctx), + &pac_data, tmp_blob, smb_krb5_context->krb5_context, &krbtgt_keyblock, @@ -159,7 +163,9 @@ static bool torture_pac_self_check(struct torture_context *tctx) } /* Now check that we can read it back */ - nt_status = kerberos_pac_logon_info(mem_ctx, &logon_info, + nt_status = kerberos_pac_logon_info(mem_ctx, + lp_iconv_convenience(tctx->lp_ctx), + &logon_info, tmp_blob, smb_krb5_context->krb5_context, &krbtgt_keyblock, @@ -367,7 +373,9 @@ static bool torture_pac_saved_check(struct torture_context *tctx) } /* Decode and verify the signaure on the PAC */ - nt_status = kerberos_decode_pac(mem_ctx, &pac_data, + nt_status = kerberos_decode_pac(mem_ctx, + lp_iconv_convenience(tctx->lp_ctx), + &pac_data, tmp_blob, smb_krb5_context->krb5_context, &krbtgt_keyblock, @@ -386,7 +394,9 @@ static bool torture_pac_saved_check(struct torture_context *tctx) } /* Parse the PAC again, for the logon info this time */ - nt_status = kerberos_pac_logon_info(mem_ctx, &logon_info, + nt_status = kerberos_pac_logon_info(mem_ctx, + lp_iconv_convenience(tctx->lp_ctx), + &logon_info, tmp_blob, smb_krb5_context->krb5_context, &krbtgt_keyblock, @@ -442,6 +452,7 @@ static bool torture_pac_saved_check(struct torture_context *tctx) } ret = kerberos_encode_pac(mem_ctx, + lp_iconv_convenience(tctx->lp_ctx), pac_data, smb_krb5_context->krb5_context, &krbtgt_keyblock, @@ -493,6 +504,7 @@ static bool torture_pac_saved_check(struct torture_context *tctx) } ret = kerberos_create_pac(mem_ctx, + lp_iconv_convenience(tctx->lp_ctx), server_info_out, smb_krb5_context->krb5_context, &krbtgt_keyblock, @@ -565,7 +577,9 @@ static bool torture_pac_saved_check(struct torture_context *tctx) } /* Break the auth time, to ensure we check this vital detail (not setting this caused all the pain in the first place... */ - nt_status = kerberos_decode_pac(mem_ctx, &pac_data, + nt_status = kerberos_decode_pac(mem_ctx, + lp_iconv_convenience(tctx->lp_ctx), + &pac_data, tmp_blob, smb_krb5_context->krb5_context, &krbtgt_keyblock, @@ -601,7 +615,9 @@ static bool torture_pac_saved_check(struct torture_context *tctx) smb_get_krb5_error_message(smb_krb5_context->krb5_context, ret, mem_ctx))); } - nt_status = kerberos_decode_pac(mem_ctx, &pac_data, + nt_status = kerberos_decode_pac(mem_ctx, + lp_iconv_convenience(tctx->lp_ctx), + &pac_data, tmp_blob, smb_krb5_context->krb5_context, &krbtgt_keyblock, @@ -619,7 +635,9 @@ static bool torture_pac_saved_check(struct torture_context *tctx) /* Finally... Bugger up the signature, and check we fail the checksum */ tmp_blob.data[tmp_blob.length - 2]++; - nt_status = kerberos_decode_pac(mem_ctx, &pac_data, + nt_status = kerberos_decode_pac(mem_ctx, + lp_iconv_convenience(tctx->lp_ctx), + &pac_data, tmp_blob, smb_krb5_context->krb5_context, &krbtgt_keyblock, diff --git a/source4/torture/rap/rap.c b/source4/torture/rap/rap.c index 71689786e8..8bdd6a8ddd 100644 --- a/source4/torture/rap/rap.c +++ b/source4/torture/rap/rap.c @@ -189,14 +189,16 @@ static NTSTATUS rap_pull_string(TALLOC_CTX *mem_ctx, struct ndr_pull *ndr, return NT_STATUS_OK; } -static NTSTATUS rap_cli_do_call(struct smbcli_tree *tree, struct rap_call *call) +static NTSTATUS rap_cli_do_call(struct smbcli_tree *tree, + struct smb_iconv_convenience *iconv_convenience, + struct rap_call *call) { NTSTATUS result; DATA_BLOB param_blob; struct ndr_push *params; struct smb_trans2 trans; - params = ndr_push_init_ctx(call, lp_iconv_convenience(global_loadparm)); + params = ndr_push_init_ctx(call, iconv_convenience); if (params == NULL) return NT_STATUS_NO_MEMORY; @@ -231,11 +233,11 @@ static NTSTATUS rap_cli_do_call(struct smbcli_tree *tree, struct rap_call *call) return result; call->ndr_pull_param = ndr_pull_init_blob(&trans.out.params, call, - lp_iconv_convenience(global_loadparm)); + iconv_convenience); call->ndr_pull_param->flags = RAPNDR_FLAGS; call->ndr_pull_data = ndr_pull_init_blob(&trans.out.data, call, - lp_iconv_convenience(global_loadparm)); + iconv_convenience); call->ndr_pull_data->flags = RAPNDR_FLAGS; return result; @@ -243,6 +245,7 @@ static NTSTATUS rap_cli_do_call(struct smbcli_tree *tree, struct rap_call *call) static NTSTATUS smbcli_rap_netshareenum(struct smbcli_tree *tree, + struct smb_iconv_convenience *iconv_convenience, TALLOC_CTX *mem_ctx, struct rap_NetShareEnum *r) { @@ -268,7 +271,7 @@ static NTSTATUS smbcli_rap_netshareenum(struct smbcli_tree *tree, break; } - result = rap_cli_do_call(tree, call); + result = rap_cli_do_call(tree, iconv_convenience, call); if (!NT_STATUS_IS_OK(result)) goto done; @@ -322,7 +325,7 @@ static bool test_netshareenum(struct torture_context *tctx, r.in.bufsize = 8192; torture_assert_ntstatus_ok(tctx, - smbcli_rap_netshareenum(cli->tree, tctx, &r), ""); + smbcli_rap_netshareenum(cli->tree, lp_iconv_convenience(tctx->lp_ctx), tctx, &r), ""); for (i=0; i<r.out.count; i++) { printf("%s %d %s\n", r.out.info[i].info1.name, @@ -334,6 +337,7 @@ static bool test_netshareenum(struct torture_context *tctx, } static NTSTATUS smbcli_rap_netserverenum2(struct smbcli_tree *tree, + struct smb_iconv_convenience *iconv_convenience, TALLOC_CTX *mem_ctx, struct rap_NetServerEnum2 *r) { @@ -361,7 +365,7 @@ static NTSTATUS smbcli_rap_netserverenum2(struct smbcli_tree *tree, break; } - result = rap_cli_do_call(tree, call); + result = rap_cli_do_call(tree, iconv_convenience, call); if (!NT_STATUS_IS_OK(result)) goto done; @@ -421,7 +425,7 @@ static bool test_netserverenum(struct torture_context *tctx, r.in.domain = NULL; torture_assert_ntstatus_ok(tctx, - smbcli_rap_netserverenum2(cli->tree, tctx, &r), ""); + smbcli_rap_netserverenum2(cli->tree, lp_iconv_convenience(tctx->lp_ctx), tctx, &r), ""); for (i=0; i<r.out.count; i++) { switch (r.in.level) { @@ -440,6 +444,7 @@ static bool test_netserverenum(struct torture_context *tctx, } _PUBLIC_ NTSTATUS smbcli_rap_netservergetinfo(struct smbcli_tree *tree, + struct smb_iconv_convenience *iconv_convenience, TALLOC_CTX *mem_ctx, struct rap_WserverGetInfo *r) { @@ -466,7 +471,7 @@ _PUBLIC_ NTSTATUS smbcli_rap_netservergetinfo(struct smbcli_tree *tree, goto done; } - result = rap_cli_do_call(tree, call); + result = rap_cli_do_call(tree, iconv_convenience, call); if (!NT_STATUS_IS_OK(result)) goto done; @@ -507,9 +512,9 @@ static bool test_netservergetinfo(struct torture_context *tctx, r.in.bufsize = 0xffff; r.in.level = 0; - torture_assert_ntstatus_ok(tctx, smbcli_rap_netservergetinfo(cli->tree, tctx, &r), ""); + torture_assert_ntstatus_ok(tctx, smbcli_rap_netservergetinfo(cli->tree, lp_iconv_convenience(tctx->lp_ctx), tctx, &r), ""); r.in.level = 1; - torture_assert_ntstatus_ok(tctx, smbcli_rap_netservergetinfo(cli->tree, tctx, &r), ""); + torture_assert_ntstatus_ok(tctx, smbcli_rap_netservergetinfo(cli->tree, lp_iconv_convenience(tctx->lp_ctx), tctx, &r), ""); return res; } @@ -522,7 +527,7 @@ bool torture_rap_scan(struct torture_context *torture, struct smbcli_state *cli) struct rap_call *call = new_rap_cli_call(torture, callno); NTSTATUS result; - result = rap_cli_do_call(cli->tree, call); + result = rap_cli_do_call(cli->tree, lp_iconv_convenience(torture->lp_ctx), call); if (!NT_STATUS_EQUAL(result, NT_STATUS_INVALID_PARAMETER)) continue; diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c index 779a28e126..f62fa8742b 100644 --- a/source4/torture/rpc/samba3rpc.c +++ b/source4/torture/rpc/samba3rpc.c @@ -2337,6 +2337,7 @@ bool torture_samba3_rpc_lsa(struct torture_context *torture) } static NTSTATUS get_servername(TALLOC_CTX *mem_ctx, struct smbcli_tree *tree, + struct smb_iconv_convenience *iconv_convenience, char **name) { struct rap_WserverGetInfo r; @@ -2346,7 +2347,7 @@ static NTSTATUS get_servername(TALLOC_CTX *mem_ctx, struct smbcli_tree *tree, r.in.level = 0; r.in.bufsize = 0xffff; - status = smbcli_rap_netservergetinfo(tree, mem_ctx, &r); + status = smbcli_rap_netservergetinfo(tree, iconv_convenience, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -2561,7 +2562,7 @@ bool torture_samba3_rpc_spoolss(struct torture_context *torture) return false; } - status = get_servername(mem_ctx, cli->tree, &servername); + status = get_servername(mem_ctx, cli->tree, lp_iconv_convenience(torture->lp_ctx), &servername); if (!NT_STATUS_IS_OK(status)) { d_fprintf(stderr, "(%s) get_servername returned %s\n", __location__, nt_errstr(status)); @@ -2747,7 +2748,7 @@ bool torture_samba3_rpc_wkssvc(struct torture_context *torture) return false; } - status = get_servername(mem_ctx, cli->tree, &servername); + status = get_servername(mem_ctx, cli->tree, lp_iconv_convenience(torture->lp_ctx), &servername); if (!NT_STATUS_IS_OK(status)) { d_fprintf(stderr, "(%s) get_servername returned %s\n", __location__, nt_errstr(status)); |