summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/auth/auth_server.c8
-rw-r--r--source4/auth/auth_unix.c6
-rw-r--r--source4/auth/auth_util.c2
-rw-r--r--source4/auth/credentials/credentials_files.c11
-rw-r--r--source4/auth/session.c1
-rw-r--r--source4/dsdb/samdb/ldb_modules/password_hash.c2
-rw-r--r--source4/dsdb/samdb/ldb_modules/update_keytab.c4
-rw-r--r--source4/dsdb/samdb/samdb.c3
-rw-r--r--source4/dsdb/samdb/samdb_privilege.c4
-rw-r--r--source4/kdc/kdc.c10
-rw-r--r--source4/ldap_server/ldap_bind.c3
-rw-r--r--source4/lib/ldb_wrap.c5
12 files changed, 34 insertions, 25 deletions
diff --git a/source4/auth/auth_server.c b/source4/auth/auth_server.c
index 6502564dca..d391793bd9 100644
--- a/source4/auth/auth_server.c
+++ b/source4/auth/auth_server.c
@@ -24,7 +24,7 @@
Support for server level security.
****************************************************************************/
-static struct smbcli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
+static struct smbcli_state *server_cryptkey(TALLOC_CTX *mem_ctx, int maxprotocol)
{
struct smbcli_state *cli = NULL;
fstring desthost;
@@ -92,7 +92,7 @@ static struct smbcli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
DEBUG(3,("got session\n"));
- if (!smbcli_negprot(cli, lp_cli_maxprotocol(global_loadparm))) {
+ if (!smbcli_negprot(cli, maxprotocol)) {
DEBUG(1,("%s rejected the negprot\n",desthost));
release_server_mutex();
talloc_free(cli);
@@ -148,7 +148,7 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte
void **my_private_data,
TALLOC_CTX *mem_ctx)
{
- struct smbcli_state *cli = server_cryptkey(mem_ctx);
+ struct smbcli_state *cli = server_cryptkey(mem_ctx, lp_cli_maxprotocol(auth_context->lp_ctx));
if (cli) {
DEBUG(3,("using password server validation\n"));
@@ -215,7 +215,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context
if (cli) {
} else {
- cli = server_cryptkey(mem_ctx);
+ cli = server_cryptkey(mem_ctx, lp_cli_maxprotocol(auth_context->lp_ctx));
locally_made_cli = true;
}
diff --git a/source4/auth/auth_unix.c b/source4/auth/auth_unix.c
index 9efbe5dc12..fac04fd735 100644
--- a/source4/auth/auth_unix.c
+++ b/source4/auth/auth_unix.c
@@ -308,7 +308,7 @@ static NTSTATUS smb_pam_end(pam_handle_t *pamh)
/*
* PAM Authentication Handler
*/
-static NTSTATUS smb_pam_auth(pam_handle_t *pamh, const char *user)
+static NTSTATUS smb_pam_auth(pam_handle_t *pamh, bool allow_null_passwords, const char *user)
{
int pam_error;
@@ -319,7 +319,7 @@ static NTSTATUS smb_pam_auth(pam_handle_t *pamh, const char *user)
DEBUG(4,("smb_pam_auth: PAM: Authenticate User: %s\n", user));
- pam_error = pam_authenticate(pamh, PAM_SILENT | lp_null_passwords(global_loadparm) ? 0 : PAM_DISALLOW_NULL_AUTHTOK);
+ pam_error = pam_authenticate(pamh, PAM_SILENT | allow_null_passwords ? 0 : PAM_DISALLOW_NULL_AUTHTOK);
switch( pam_error ){
case PAM_AUTH_ERR:
DEBUG(2, ("smb_pam_auth: PAM: Authentication Error for user %s\n", user));
@@ -461,7 +461,7 @@ static NTSTATUS check_unix_password(TALLOC_CTX *ctx, struct loadparm_context *lp
return nt_status;
}
- nt_status = smb_pam_auth(pamh, user_info->mapped.account_name);
+ nt_status = smb_pam_auth(pamh, lp_null_passwords(lp_ctx), user_info->mapped.account_name);
if (!NT_STATUS_IS_OK(nt_status)) {
smb_pam_end(pamh);
return nt_status;
diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c
index 9110fc1b97..c3ecfece39 100644
--- a/source4/auth/auth_util.c
+++ b/source4/auth/auth_util.c
@@ -58,7 +58,7 @@ NTSTATUS map_user_info(TALLOC_CTX *mem_ctx,
}
/* don't allow "" as a domain, fixes a Win9X bug
- where it doens't supply a domain for logon script
+ where it doesn't supply a domain for logon script
'net use' commands. */
/* Split user@realm names into user and realm components. This is TODO to fix with proper userprincipalname support */
diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c
index 2d850956e2..f3f73f7fb1 100644
--- a/source4/auth/credentials/credentials_files.c
+++ b/source4/auth/credentials/credentials_files.c
@@ -169,6 +169,7 @@ bool cli_credentials_parse_file(struct cli_credentials *cred, const char *file,
* @retval NTSTATUS error detailing any failure
*/
NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
struct ldb_context *ldb,
const char *base,
const char *filter)
@@ -212,7 +213,7 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
if (!ldb) {
/* Local secrets are stored in secrets.ldb */
- ldb = secrets_db_connect(mem_ctx, global_loadparm);
+ ldb = secrets_db_connect(mem_ctx, lp_ctx);
if (!ldb) {
/* set anonymous as the fallback, if the machine account won't work */
cli_credentials_set_anonymous(cred);
@@ -308,7 +309,7 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
} else {
keytab = ldb_msg_find_attr_as_string(msgs[0], "privateKeytab", NULL);
if (keytab) {
- keytab = talloc_asprintf(mem_ctx, "FILE:%s", private_path(mem_ctx, global_loadparm, keytab));
+ keytab = talloc_asprintf(mem_ctx, "FILE:%s", private_path(mem_ctx, lp_ctx, keytab));
if (keytab) {
cli_credentials_set_keytab_name(cred, keytab, CRED_SPECIFIED);
}
@@ -334,7 +335,7 @@ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred)
cred->machine_account_pending = false;
filter = talloc_asprintf(cred, SECRETS_PRIMARY_DOMAIN_FILTER,
cli_credentials_get_domain(cred));
- return cli_credentials_set_secrets(cred, NULL, SECRETS_PRIMARY_DOMAIN_DN,
+ return cli_credentials_set_secrets(cred, global_loadparm, NULL, SECRETS_PRIMARY_DOMAIN_DN,
filter);
}
@@ -354,7 +355,7 @@ NTSTATUS cli_credentials_set_krbtgt(struct cli_credentials *cred)
filter = talloc_asprintf(cred, SECRETS_KRBTGT_SEARCH,
cli_credentials_get_realm(cred),
cli_credentials_get_domain(cred));
- return cli_credentials_set_secrets(cred, NULL, SECRETS_PRINCIPALS_DN,
+ return cli_credentials_set_secrets(cred, global_loadparm, NULL, SECRETS_PRINCIPALS_DN,
filter);
}
@@ -376,7 +377,7 @@ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
cli_credentials_get_realm(cred),
cli_credentials_get_domain(cred),
serviceprincipal);
- return cli_credentials_set_secrets(cred, NULL, SECRETS_PRINCIPALS_DN,
+ return cli_credentials_set_secrets(cred, global_loadparm, NULL, SECRETS_PRINCIPALS_DN,
filter);
}
diff --git a/source4/auth/session.c b/source4/auth/session.c
index 1a87e98bed..259f52ac5c 100644
--- a/source4/auth/session.c
+++ b/source4/auth/session.c
@@ -161,6 +161,7 @@ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
session_info->session_key = server_info->user_session_key;
nt_status = security_token_create(session_info,
+ global_loadparm,
server_info->account_sid,
server_info->primary_group_sid,
server_info->n_domain_groups,
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index d0afae5395..eecec6a55b 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -341,7 +341,7 @@ static int setup_primary_kerberos(struct setup_password_fields_io *io,
return LDB_ERR_OPERATIONS_ERROR;
}
- if (lp_parm_bool(global_loadparm, NULL, "password_hash", "create_aes_key", false)) {
+ if (lp_parm_bool(ldb_get_opaque(io->ac->module->ldb, "loadparm"), NULL, "password_hash", "create_aes_key", false)) {
/*
* TODO:
*
diff --git a/source4/dsdb/samdb/ldb_modules/update_keytab.c b/source4/dsdb/samdb/ldb_modules/update_keytab.c
index f193731900..87efa6a6f8 100644
--- a/source4/dsdb/samdb/ldb_modules/update_keytab.c
+++ b/source4/dsdb/samdb/ldb_modules/update_keytab.c
@@ -89,8 +89,8 @@ static int add_modified(struct ldb_module *module, struct ldb_dn *dn, bool delet
return LDB_ERR_OPERATIONS_ERROR;
}
- cli_credentials_set_conf(item->creds, global_loadparm);
- status = cli_credentials_set_secrets(item->creds, module->ldb, NULL, filter);
+ cli_credentials_set_conf(item->creds, ldb_get_opaque(module->ldb, "loadparm"));
+ status = cli_credentials_set_secrets(item->creds, ldb_get_opaque(module->ldb, "loadparm"), module->ldb, NULL, filter);
talloc_free(filter);
if (NT_STATUS_IS_OK(status)) {
if (delete) {
diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c
index dd20937ab7..36f4a8816d 100644
--- a/source4/dsdb/samdb/samdb.c
+++ b/source4/dsdb/samdb/samdb.c
@@ -1854,6 +1854,7 @@ _PUBLIC_ NTSTATUS samdb_set_password_sid(struct ldb_context *ctx, TALLOC_CTX *me
Create the SID list for this user.
****************************************************************************/
NTSTATUS security_token_create(TALLOC_CTX *mem_ctx,
+ struct loadparm_context *lp_ctx,
struct dom_sid *user_sid,
struct dom_sid *group_sid,
int n_groupSIDs,
@@ -1911,7 +1912,7 @@ NTSTATUS security_token_create(TALLOC_CTX *mem_ctx,
}
/* setup the privilege mask for this token */
- status = samdb_privilege_setup(ptoken);
+ status = samdb_privilege_setup(lp_ctx, ptoken);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(ptoken);
return status;
diff --git a/source4/dsdb/samdb/samdb_privilege.c b/source4/dsdb/samdb/samdb_privilege.c
index 468a26bf98..f81a6502ab 100644
--- a/source4/dsdb/samdb/samdb_privilege.c
+++ b/source4/dsdb/samdb/samdb_privilege.c
@@ -73,7 +73,7 @@ static NTSTATUS samdb_privilege_setup_sid(void *samctx, TALLOC_CTX *mem_ctx,
setup the privilege mask for this security token based on our
local SAM
*/
-_PUBLIC_ NTSTATUS samdb_privilege_setup(struct security_token *token)
+_PUBLIC_ NTSTATUS samdb_privilege_setup(struct loadparm_context *lp_ctx, struct security_token *token)
{
void *samctx;
TALLOC_CTX *mem_ctx;
@@ -97,7 +97,7 @@ _PUBLIC_ NTSTATUS samdb_privilege_setup(struct security_token *token)
}
mem_ctx = talloc_new(token);
- samctx = samdb_connect(mem_ctx, global_loadparm, system_session(mem_ctx));
+ samctx = samdb_connect(mem_ctx, lp_ctx, system_session(mem_ctx));
if (samctx == NULL) {
talloc_free(mem_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c
index d1582215f8..b24b58f8d4 100644
--- a/source4/kdc/kdc.c
+++ b/source4/kdc/kdc.c
@@ -516,7 +516,7 @@ static NTSTATUS kdc_add_socket(struct kdc_server *kdc, const char *address,
/*
setup our listening sockets on the configured network interfaces
*/
-static NTSTATUS kdc_startup_interfaces(struct kdc_server *kdc)
+static NTSTATUS kdc_startup_interfaces(struct kdc_server *kdc, struct loadparm_context *lp_ctx)
{
int num_interfaces = iface_count();
TALLOC_CTX *tmp_ctx = talloc_new(kdc);
@@ -526,8 +526,8 @@ static NTSTATUS kdc_startup_interfaces(struct kdc_server *kdc)
for (i=0; i<num_interfaces; i++) {
const char *address = talloc_strdup(tmp_ctx, iface_n_ip(i));
- status = kdc_add_socket(kdc, address, lp_krb5_port(global_loadparm),
- lp_kpasswd_port(global_loadparm));
+ status = kdc_add_socket(kdc, address, lp_krb5_port(lp_ctx),
+ lp_kpasswd_port(lp_ctx));
NT_STATUS_NOT_OK_RETURN(status);
}
@@ -555,7 +555,7 @@ static void kdc_task_init(struct task_server *task)
NTSTATUS status;
krb5_error_code ret;
- switch (lp_server_role(global_loadparm)) {
+ switch (lp_server_role(task->lp_ctx)) {
case ROLE_STANDALONE:
task_server_terminate(task, "kdc: no KDC required in standalone configuration");
return;
@@ -636,7 +636,7 @@ static void kdc_task_init(struct task_server *task)
kdc_mem_ctx = kdc->smb_krb5_context;
/* start listening on the configured network interfaces */
- status = kdc_startup_interfaces(kdc);
+ status = kdc_startup_interfaces(kdc, task->lp_ctx);
if (!NT_STATUS_IS_OK(status)) {
task_server_terminate(task, "kdc failed to setup interfaces");
return;
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c
index 50521e9a52..6a43228185 100644
--- a/source4/ldap_server/ldap_bind.c
+++ b/source4/ldap_server/ldap_bind.c
@@ -47,9 +47,10 @@ static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call)
status = crack_auto_name_to_nt4_name(call, req->dn, &nt4_domain, &nt4_account);
if (NT_STATUS_IS_OK(status)) {
- status = authenticate_username_pw(global_loadparm, call,
+ status = authenticate_username_pw(call,
call->conn->connection->event.ctx,
call->conn->connection->msg_ctx,
+ global_loadparm,
nt4_domain, nt4_account,
req->creds.password,
&session_info);
diff --git a/source4/lib/ldb_wrap.c b/source4/lib/ldb_wrap.c
index 21ca04997e..d0abb5808a 100644
--- a/source4/lib/ldb_wrap.c
+++ b/source4/lib/ldb_wrap.c
@@ -134,6 +134,11 @@ struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx,
talloc_free(ldb);
return NULL;
}
+
+ if (ldb_set_opaque(ldb, "loadparm", lp_ctx)) {
+ talloc_free(ldb);
+ return NULL;
+ }
if (strcmp(lp_sam_url(lp_ctx), url) == 0) {
dsdb_set_global_schema(ldb);