From a2cea02584256e2cf59da5420e8e080e70c66939 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 13 Dec 2007 22:46:17 +0100 Subject: r26430: require explicit specification of loadparm context. (This used to be commit 1b947fe0e6e16318e5a8127bb4932d6b5d20bcf6) --- source4/auth/credentials/credentials.c | 23 ++++++++++------ source4/auth/credentials/credentials.h | 2 +- source4/auth/credentials/credentials_files.c | 16 +++++++----- source4/auth/credentials/credentials_krb5.c | 36 ++++++++++++++++---------- source4/auth/gensec/gensec_gssapi.c | 5 ++-- source4/auth/gensec/gensec_krb5.c | 4 +-- source4/auth/system_session.c | 2 +- source4/dsdb/samdb/ldb_modules/update_keytab.c | 2 +- source4/kdc/kpasswdd.c | 2 +- source4/ldap_server/ldap_server.c | 2 +- source4/lib/cmdline/popt_credentials.c | 2 +- source4/libnet/libnet_samdump_keytab.c | 8 +++--- source4/libnet/libnet_vampire.c | 2 +- source4/ntvfs/cifs/vfs_cifs.c | 2 +- source4/rpc_server/dcesrv_auth.c | 2 +- source4/rpc_server/remote/dcesrv_remote.c | 2 +- source4/scripting/ejs/smbcalls_creds.c | 2 +- source4/smb_server/smb/negprot.c | 2 +- source4/smb_server/smb2/negprot.c | 2 +- source4/utils/ntlm_auth.c | 2 +- source4/winbind/wb_init_domain.c | 2 +- 21 files changed, 72 insertions(+), 50 deletions(-) diff --git a/source4/auth/credentials/credentials.c b/source4/auth/credentials/credentials.c index e7f2280bc9..6d5c1210c9 100644 --- a/source4/auth/credentials/credentials.c +++ b/source4/auth/credentials/credentials.c @@ -118,7 +118,8 @@ uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds) const char *cli_credentials_get_username(struct cli_credentials *cred) { if (cred->machine_account_pending) { - cli_credentials_set_machine_account(cred); + cli_credentials_set_machine_account(cred, + cred->machine_account_pending_lp_ctx); } if (cred->username_obtained == CRED_CALLBACK && @@ -186,7 +187,8 @@ const char *cli_credentials_get_bind_dn(struct cli_credentials *cred) const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx) { if (cred->machine_account_pending) { - cli_credentials_set_machine_account(cred); + cli_credentials_set_machine_account(cred, + cred->machine_account_pending_lp_ctx); } if (cred->principal_obtained == CRED_CALLBACK && @@ -276,7 +278,8 @@ bool cli_credentials_authentication_requested(struct cli_credentials *cred) const char *cli_credentials_get_password(struct cli_credentials *cred) { if (cred->machine_account_pending) { - cli_credentials_set_machine_account(cred); + cli_credentials_set_machine_account(cred, + cred->machine_account_pending_lp_ctx); } if (cred->password_obtained == CRED_CALLBACK && @@ -331,7 +334,8 @@ bool cli_credentials_set_password_callback(struct cli_credentials *cred, const char *cli_credentials_get_old_password(struct cli_credentials *cred) { if (cred->machine_account_pending) { - cli_credentials_set_machine_account(cred); + cli_credentials_set_machine_account(cred, + cred->machine_account_pending_lp_ctx); } return cred->old_password; @@ -400,7 +404,8 @@ bool cli_credentials_set_nt_hash(struct cli_credentials *cred, const char *cli_credentials_get_domain(struct cli_credentials *cred) { if (cred->machine_account_pending) { - cli_credentials_set_machine_account(cred); + cli_credentials_set_machine_account(cred, + cred->machine_account_pending_lp_ctx); } if (cred->domain_obtained == CRED_CALLBACK && @@ -454,7 +459,8 @@ bool cli_credentials_set_domain_callback(struct cli_credentials *cred, const char *cli_credentials_get_realm(struct cli_credentials *cred) { if (cred->machine_account_pending) { - cli_credentials_set_machine_account(cred); + cli_credentials_set_machine_account(cred, + cred->machine_account_pending_lp_ctx); } if (cred->realm_obtained == CRED_CALLBACK && @@ -669,7 +675,7 @@ void cli_credentials_guess(struct cli_credentials *cred, } if (cli_credentials_get_kerberos_state(cred) != CRED_DONT_USE_KERBEROS) { - cli_credentials_set_ccache(cred, NULL, CRED_GUESS_FILE); + cli_credentials_set_ccache(cred, lp_ctx, NULL, CRED_GUESS_FILE); } } @@ -733,7 +739,8 @@ bool cli_credentials_is_anonymous(struct cli_credentials *cred) const char *username; if (cred->machine_account_pending) { - cli_credentials_set_machine_account(cred); + cli_credentials_set_machine_account(cred, + cred->machine_account_pending_lp_ctx); } username = cli_credentials_get_username(cred); diff --git a/source4/auth/credentials/credentials.h b/source4/auth/credentials/credentials.h index 7ea37e40d1..e00acf727a 100644 --- a/source4/auth/credentials/credentials.h +++ b/source4/auth/credentials/credentials.h @@ -104,8 +104,8 @@ struct cli_credentials { /* We are flagged to get machine account details from the * secrets.ldb when we are asked for a username or password */ - bool machine_account_pending; + struct loadparm_context *machine_account_pending_lp_ctx; /* Is this a machine account? */ bool machine_account; diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c index e7435f56f8..c1001c9622 100644 --- a/source4/auth/credentials/credentials_files.c +++ b/source4/auth/credentials/credentials_files.c @@ -305,13 +305,13 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, * (chewing CPU time) from the password */ keytab = ldb_msg_find_attr_as_string(msgs[0], "krb5Keytab", NULL); if (keytab) { - cli_credentials_set_keytab_name(cred, keytab, CRED_SPECIFIED); + cli_credentials_set_keytab_name(cred, lp_ctx, keytab, CRED_SPECIFIED); } else { keytab = ldb_msg_find_attr_as_string(msgs[0], "privateKeytab", NULL); if (keytab) { keytab = talloc_asprintf(mem_ctx, "FILE:%s", private_path(mem_ctx, lp_ctx, keytab)); if (keytab) { - cli_credentials_set_keytab_name(cred, keytab, CRED_SPECIFIED); + cli_credentials_set_keytab_name(cred, lp_ctx, keytab, CRED_SPECIFIED); } } } @@ -326,7 +326,8 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, * @param cred Credentials structure to fill in * @retval NTSTATUS error detailing any failure */ -NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred) +NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred, + struct loadparm_context *lp_ctx) { char *filter; /* Bleh, nasty recursion issues: We are setting a machine @@ -335,7 +336,7 @@ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred) cred->machine_account_pending = false; filter = talloc_asprintf(cred, SECRETS_PRIMARY_DOMAIN_FILTER, cli_credentials_get_domain(cred)); - return cli_credentials_set_secrets(cred, global_loadparm, NULL, + return cli_credentials_set_secrets(cred, lp_ctx, NULL, SECRETS_PRIMARY_DOMAIN_DN, filter); } @@ -369,6 +370,7 @@ NTSTATUS cli_credentials_set_krbtgt(struct cli_credentials *cred, * @retval NTSTATUS error detailing any failure */ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, const char *serviceprincipal) { char *filter; @@ -380,7 +382,7 @@ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred, cli_credentials_get_realm(cred), cli_credentials_get_domain(cred), serviceprincipal); - return cli_credentials_set_secrets(cred, global_loadparm, NULL, + return cli_credentials_set_secrets(cred, lp_ctx, NULL, SECRETS_PRINCIPALS_DN, filter); } @@ -393,9 +395,11 @@ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred, * than during, popt processing. * */ -void cli_credentials_set_machine_account_pending(struct cli_credentials *cred) +void cli_credentials_set_machine_account_pending(struct cli_credentials *cred, + struct loadparm_context *lp_ctx) { cred->machine_account_pending = true; + cred->machine_account_pending_lp_ctx = lp_ctx; } diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c index cfdc2e3f5a..90b196e99e 100644 --- a/source4/auth/credentials/credentials_krb5.c +++ b/source4/auth/credentials/credentials_krb5.c @@ -127,6 +127,7 @@ static int free_dccache(struct ccache_container *ccc) { } int cli_credentials_set_ccache(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, const char *name, enum credentials_obtained obtained) { @@ -142,7 +143,7 @@ int cli_credentials_set_ccache(struct cli_credentials *cred, return ENOMEM; } - ret = cli_credentials_get_krb5_context(cred, global_loadparm, + ret = cli_credentials_get_krb5_context(cred, lp_ctx, &ccc->smb_krb5_context); if (ret) { talloc_free(ccc); @@ -201,6 +202,7 @@ int cli_credentials_set_ccache(struct cli_credentials *cred, static int cli_credentials_new_ccache(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, struct ccache_container **_ccc) { krb5_error_code ret; @@ -218,7 +220,7 @@ static int cli_credentials_new_ccache(struct cli_credentials *cred, return ENOMEM; } - ret = cli_credentials_get_krb5_context(cred, global_loadparm, + ret = cli_credentials_get_krb5_context(cred, lp_ctx, &ccc->smb_krb5_context); if (ret) { talloc_free(ccc); @@ -250,12 +252,13 @@ static int cli_credentials_new_ccache(struct cli_credentials *cred, } int cli_credentials_get_ccache(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, struct ccache_container **ccc) { krb5_error_code ret; if (cred->machine_account_pending) { - cli_credentials_set_machine_account(cred); + cli_credentials_set_machine_account(cred, lp_ctx); } if (cred->ccache_obtained >= cred->ccache_threshold && @@ -267,7 +270,7 @@ int cli_credentials_get_ccache(struct cli_credentials *cred, return EINVAL; } - ret = cli_credentials_new_ccache(cred, ccc); + ret = cli_credentials_new_ccache(cred, lp_ctx, ccc); if (ret) { return ret; } @@ -344,6 +347,7 @@ static int free_gssapi_creds(struct gssapi_creds_container *gcc) } int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, struct gssapi_creds_container **_gcc) { int ret = 0; @@ -355,7 +359,7 @@ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, *_gcc = cred->client_gss_creds; return 0; } - ret = cli_credentials_get_ccache(cred, + ret = cli_credentials_get_ccache(cred, lp_ctx, &ccache); if (ret) { DEBUG(1, ("Failed to get CCACHE for GSSAPI client: %s\n", error_message(ret))); @@ -397,6 +401,7 @@ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, */ int cli_credentials_set_client_gss_creds(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, gss_cred_id_t gssapi_cred, enum credentials_obtained obtained) { @@ -413,7 +418,7 @@ int cli_credentials_set_client_gss_creds(struct cli_credentials *cred, return ENOMEM; } - ret = cli_credentials_new_ccache(cred, &ccc); + ret = cli_credentials_new_ccache(cred, lp_ctx, &ccc); if (ret != 0) { return ret; } @@ -450,6 +455,7 @@ int cli_credentials_set_client_gss_creds(struct cli_credentials *cred, * it will be generated from the password. */ int cli_credentials_get_keytab(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, struct keytab_container **_ktc) { krb5_error_code ret; @@ -468,7 +474,7 @@ int cli_credentials_get_keytab(struct cli_credentials *cred, return EINVAL; } - ret = cli_credentials_get_krb5_context(cred, global_loadparm, + ret = cli_credentials_get_krb5_context(cred, lp_ctx, &smb_krb5_context); if (ret) { return ret; @@ -503,6 +509,7 @@ int cli_credentials_get_keytab(struct cli_credentials *cred, * FILE:/etc/krb5.keytab), open it and attach it */ int cli_credentials_set_keytab_name(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, const char *keytab_name, enum credentials_obtained obtained) { @@ -515,7 +522,7 @@ int cli_credentials_set_keytab_name(struct cli_credentials *cred, return 0; } - ret = cli_credentials_get_krb5_context(cred, global_loadparm, &smb_krb5_context); + ret = cli_credentials_get_krb5_context(cred, lp_ctx, &smb_krb5_context); if (ret) { return ret; } @@ -540,7 +547,8 @@ int cli_credentials_set_keytab_name(struct cli_credentials *cred, return ret; } -int cli_credentials_update_keytab(struct cli_credentials *cred) +int cli_credentials_update_keytab(struct cli_credentials *cred, + struct loadparm_context *lp_ctx) { krb5_error_code ret; struct keytab_container *ktc; @@ -553,7 +561,7 @@ int cli_credentials_update_keytab(struct cli_credentials *cred) return ENOMEM; } - ret = cli_credentials_get_krb5_context(cred, global_loadparm, &smb_krb5_context); + ret = cli_credentials_get_krb5_context(cred, lp_ctx, &smb_krb5_context); if (ret) { talloc_free(mem_ctx); return ret; @@ -561,7 +569,7 @@ int cli_credentials_update_keytab(struct cli_credentials *cred) enctype_strings = cli_credentials_get_enctype_strings(cred); - ret = cli_credentials_get_keytab(cred, &ktc); + ret = cli_credentials_get_keytab(cred, lp_ctx, &ktc); if (ret != 0) { talloc_free(mem_ctx); return ret; @@ -576,6 +584,7 @@ int cli_credentials_update_keytab(struct cli_credentials *cred) /* Get server gss credentials (in gsskrb5, this means the keytab) */ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, struct gssapi_creds_container **_gcc) { int ret = 0; @@ -593,13 +602,12 @@ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, return 0; } - ret = cli_credentials_get_krb5_context(cred, global_loadparm, &smb_krb5_context); + ret = cli_credentials_get_krb5_context(cred, lp_ctx, &smb_krb5_context); if (ret) { return ret; } - ret = cli_credentials_get_keytab(cred, - &ktc); + ret = cli_credentials_get_keytab(cred, lp_ctx, &ktc); if (ret) { DEBUG(1, ("Failed to get keytab for GSSAPI server: %s\n", error_message(ret))); return ret; diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index bb71a55073..87fa47646b 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -271,7 +271,7 @@ static NTSTATUS gensec_gssapi_server_start(struct gensec_security *gensec_securi DEBUG(3, ("No machine account credentials specified\n")); return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; } else { - ret = cli_credentials_get_server_gss_creds(machine_account, &gcc); + ret = cli_credentials_get_server_gss_creds(machine_account, gensec_security->lp_ctx, &gcc); if (ret) { DEBUG(1, ("Aquiring acceptor credentials failed: %s\n", error_message(ret))); @@ -357,7 +357,7 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi return NT_STATUS_INVALID_PARAMETER; } - ret = cli_credentials_get_client_gss_creds(creds, &gcc); + ret = cli_credentials_get_client_gss_creds(creds, gensec_security->lp_ctx, &gcc); switch (ret) { case 0: break; @@ -1365,6 +1365,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi cli_credentials_set_anonymous(session_info->credentials); ret = cli_credentials_set_client_gss_creds(session_info->credentials, + gensec_security->lp_ctx, gensec_gssapi_state->delegated_cred_handle, CRED_SPECIFIED); if (ret) { diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index ca289f24d3..5cd0de1ceb 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -246,7 +246,7 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security principal = gensec_get_target_principal(gensec_security); - ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security), &ccache_container); + ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security), gensec_security->lp_ctx, &ccache_container); switch (ret) { case 0: break; @@ -444,7 +444,7 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, } /* Grab the keytab, however generated */ - ret = cli_credentials_get_keytab(gensec_get_credentials(gensec_security), &keytab); + ret = cli_credentials_get_keytab(gensec_get_credentials(gensec_security), gensec_security->lp_ctx, &keytab); if (ret) { return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; } diff --git a/source4/auth/system_session.c b/source4/auth/system_session.c index 7c1e97b74f..e99bbbb1ab 100644 --- a/source4/auth/system_session.c +++ b/source4/auth/system_session.c @@ -196,7 +196,7 @@ static NTSTATUS _auth_system_session_info(TALLOC_CTX *parent_ctx, if (anonymous_credentials) { cli_credentials_set_anonymous(session_info->credentials); } else { - cli_credentials_set_machine_account_pending(session_info->credentials); + cli_credentials_set_machine_account_pending(session_info->credentials, lp_ctx); } *_session_info = session_info; diff --git a/source4/dsdb/samdb/ldb_modules/update_keytab.c b/source4/dsdb/samdb/ldb_modules/update_keytab.c index 87efa6a6f8..a18efd757a 100644 --- a/source4/dsdb/samdb/ldb_modules/update_keytab.c +++ b/source4/dsdb/samdb/ldb_modules/update_keytab.c @@ -158,7 +158,7 @@ static int update_kt_end_trans(struct ldb_module *module) struct dn_list *p; for (p=data->changed_dns; p; p = p->next) { int kret; - kret = cli_credentials_update_keytab(p->creds); + kret = cli_credentials_update_keytab(p->creds, ldb_get_opaque(module->ldb, "loadparm")); if (kret != 0) { talloc_free(data->changed_dns); data->changed_dns = NULL; diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c index 0a3bfe1219..f468fea6c4 100644 --- a/source4/kdc/kpasswdd.c +++ b/source4/kdc/kpasswdd.c @@ -474,7 +474,7 @@ bool kpasswdd_process(struct kdc_server *kdc, * we already have, rather than a new context */ cli_credentials_set_krb5_context(server_credentials, kdc->smb_krb5_context); cli_credentials_set_conf(server_credentials, kdc->task->lp_ctx); - nt_status = cli_credentials_set_stored_principal(server_credentials, "kadmin/changepw"); + nt_status = cli_credentials_set_stored_principal(server_credentials, kdc->task->lp_ctx, "kadmin/changepw"); if (!NT_STATUS_IS_OK(nt_status)) { ret = kpasswdd_make_unauth_error_reply(kdc, mem_ctx, KRB5_KPASSWD_HARDERROR, diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index f0b5e56205..a2521ca406 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -397,7 +397,7 @@ static void ldapsrv_accept(struct stream_connection *c) } cli_credentials_set_conf(server_credentials, conn->lp_ctx); - status = cli_credentials_set_machine_account(server_credentials); + status = cli_credentials_set_machine_account(server_credentials, conn->lp_ctx); if (!NT_STATUS_IS_OK(status)) { stream_terminate_connection(c, talloc_asprintf(conn, "Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(status))); return; diff --git a/source4/lib/cmdline/popt_credentials.c b/source4/lib/cmdline/popt_credentials.c index b5de734a19..de5ea7c1b6 100644 --- a/source4/lib/cmdline/popt_credentials.c +++ b/source4/lib/cmdline/popt_credentials.c @@ -96,7 +96,7 @@ static void popt_common_credentials_callback(poptContext con, case 'P': /* Later, after this is all over, get the machine account details from the secrets.ldb */ - cli_credentials_set_machine_account_pending(cmdline_credentials); + cli_credentials_set_machine_account_pending(cmdline_credentials, cmdline_lp_ctx); break; case OPT_KERBEROS: diff --git a/source4/libnet/libnet_samdump_keytab.c b/source4/libnet/libnet_samdump_keytab.c index c235df6d25..c25cb4d9c5 100644 --- a/source4/libnet/libnet_samdump_keytab.c +++ b/source4/libnet/libnet_samdump_keytab.c @@ -28,6 +28,7 @@ #include "param/param.h" static NTSTATUS samdump_keytab_handle_user(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, const char *keytab_name, struct netr_DELTA_ENUM *delta) { @@ -45,19 +46,19 @@ static NTSTATUS samdump_keytab_handle_user(TALLOC_CTX *mem_ctx, if (!credentials) { return NT_STATUS_NO_MEMORY; } - cli_credentials_set_conf(credentials, global_loadparm); + cli_credentials_set_conf(credentials, lp_ctx); cli_credentials_set_username(credentials, username, CRED_SPECIFIED); /* We really should consult ldap in the main SamSync code, and * pass a value in here */ cli_credentials_set_kvno(credentials, 0); cli_credentials_set_nt_hash(credentials, &user->ntpassword, CRED_SPECIFIED); - ret = cli_credentials_set_keytab_name(credentials, keytab_name, CRED_SPECIFIED); + ret = cli_credentials_set_keytab_name(credentials, lp_ctx, keytab_name, CRED_SPECIFIED); if (ret) { return NT_STATUS_UNSUCCESSFUL; } - ret = cli_credentials_update_keytab(credentials); + ret = cli_credentials_update_keytab(credentials, lp_ctx); if (ret) { return NT_STATUS_UNSUCCESSFUL; } @@ -81,6 +82,7 @@ static NTSTATUS libnet_samdump_keytab_fn(TALLOC_CTX *mem_ctx, /* not interested in builtin users */ if (database == SAM_DATABASE_DOMAIN) { nt_status = samdump_keytab_handle_user(mem_ctx, + global_loadparm, keytab_name, delta); break; diff --git a/source4/libnet/libnet_vampire.c b/source4/libnet/libnet_vampire.c index 574b34c246..df4cb4d657 100644 --- a/source4/libnet/libnet_vampire.c +++ b/source4/libnet/libnet_vampire.c @@ -186,7 +186,7 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context *ctx, TALLOC_CTX *mem_ctx return NT_STATUS_NO_MEMORY; } cli_credentials_set_conf(machine_account, ctx->lp_ctx); - nt_status = cli_credentials_set_machine_account(machine_account); + nt_status = cli_credentials_set_machine_account(machine_account, ctx->lp_ctx); if (!NT_STATUS_IS_OK(nt_status)) { r->out.error_string = talloc_strdup(mem_ctx, "Could not obtain machine account password - are we joined to the domain?"); talloc_free(samsync_ctx); diff --git a/source4/ntvfs/cifs/vfs_cifs.c b/source4/ntvfs/cifs/vfs_cifs.c index 178e9b01cc..9426355ecb 100644 --- a/source4/ntvfs/cifs/vfs_cifs.c +++ b/source4/ntvfs/cifs/vfs_cifs.c @@ -180,7 +180,7 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs, if (domain) { cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED); } - status = cli_credentials_set_machine_account(credentials); + status = cli_credentials_set_machine_account(credentials, ntvfs->ctx->lp_ctx); if (!NT_STATUS_IS_OK(status)) { return status; } diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c index fa724a0726..319dc0788a 100644 --- a/source4/rpc_server/dcesrv_auth.c +++ b/source4/rpc_server/dcesrv_auth.c @@ -73,7 +73,7 @@ bool dcesrv_auth_bind(struct dcesrv_call_state *call) } cli_credentials_set_conf(server_credentials, call->conn->dce_ctx->lp_ctx); - status = cli_credentials_set_machine_account(server_credentials); + status = cli_credentials_set_machine_account(server_credentials, call->conn->dce_ctx->lp_ctx); if (!NT_STATUS_IS_OK(status)) { DEBUG(10, ("Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(status))); talloc_free(server_credentials); diff --git a/source4/rpc_server/remote/dcesrv_remote.c b/source4/rpc_server/remote/dcesrv_remote.c index 3b5c0a02ae..cd32160d88 100644 --- a/source4/rpc_server/remote/dcesrv_remote.c +++ b/source4/rpc_server/remote/dcesrv_remote.c @@ -89,7 +89,7 @@ static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct if (domain) { cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED); } - status = cli_credentials_set_machine_account(credentials); + status = cli_credentials_set_machine_account(credentials, dce_call->conn->dce_ctx->lp_ctx); if (!NT_STATUS_IS_OK(status)) { return status; } diff --git a/source4/scripting/ejs/smbcalls_creds.c b/source4/scripting/ejs/smbcalls_creds.c index 781843371a..6dfff8f925 100644 --- a/source4/scripting/ejs/smbcalls_creds.c +++ b/source4/scripting/ejs/smbcalls_creds.c @@ -192,7 +192,7 @@ static int ejs_creds_set_machine_account(MprVarHandle eid, int argc, struct MprV return -1; } - if (NT_STATUS_IS_OK(cli_credentials_set_machine_account(creds))) { + if (NT_STATUS_IS_OK(cli_credentials_set_machine_account(creds, global_loadparm))) { mpr_Return(eid, mprCreateBoolVar(true)); } else { mpr_Return(eid, mprCreateBoolVar(false)); diff --git a/source4/smb_server/smb/negprot.c b/source4/smb_server/smb/negprot.c index f92c542ef6..6d9ff838cb 100644 --- a/source4/smb_server/smb/negprot.c +++ b/source4/smb_server/smb/negprot.c @@ -375,7 +375,7 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice) } cli_credentials_set_conf(server_credentials, req->smb_conn->lp_ctx); - nt_status = cli_credentials_set_machine_account(server_credentials); + nt_status = cli_credentials_set_machine_account(server_credentials, req->smb_conn->lp_ctx); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(10, ("Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(nt_status))); talloc_free(server_credentials); diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index 664079812a..8e3cfd3547 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -55,7 +55,7 @@ static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB * } cli_credentials_set_conf(server_credentials, req->smb_conn->lp_ctx); - nt_status = cli_credentials_set_machine_account(server_credentials); + nt_status = cli_credentials_set_machine_account(server_credentials, req->smb_conn->lp_ctx); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(10, ("Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(nt_status))); talloc_free(server_credentials); diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c index 93d1909a56..299be37765 100644 --- a/source4/utils/ntlm_auth.c +++ b/source4/utils/ntlm_auth.c @@ -504,7 +504,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode, switch (stdio_helper_mode) { case GSS_SPNEGO_SERVER: case SQUID_2_5_NTLMSSP: - cli_credentials_set_machine_account(creds); + cli_credentials_set_machine_account(creds, lp_ctx); break; default: break; diff --git a/source4/winbind/wb_init_domain.c b/source4/winbind/wb_init_domain.c index cee7e5c3e7..fc35f11db6 100644 --- a/source4/winbind/wb_init_domain.c +++ b/source4/winbind/wb_init_domain.c @@ -157,7 +157,7 @@ struct composite_context *wb_init_domain_send(TALLOC_CTX *mem_ctx, /* Connect the machine account to the credentials */ state->ctx->status = - cli_credentials_set_machine_account(state->domain->libnet_ctx->cred); + cli_credentials_set_machine_account(state->domain->libnet_ctx->cred, state->domain->libnet_ctx->lp_ctx); if (!NT_STATUS_IS_OK(state->ctx->status)) goto failed; state->domain->netlogon_binding = init_domain_binding(state, &ndr_table_netlogon); -- cgit