return 0;
}
-static NTSTATUS gensec_sasl_client_start(struct gensec_security *gensec_security, struct loadparm_context *lp_ctx)
+static NTSTATUS gensec_sasl_client_start(struct gensec_security *gensec_security)
{
struct gensec_sasl_state *gensec_sasl_state;
const char *service = gensec_get_target_service(gensec_security);
*/
static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx,
struct event_context *ev,
+ struct loadparm_context *lp_ctx,
struct messaging_context *msg,
struct gensec_security **gensec_security)
{
(*gensec_security)->event_ctx = ev;
(*gensec_security)->msg_ctx = msg;
+ (*gensec_security)->lp_ctx = lp_ctx;
return NT_STATUS_OK;
}
(*gensec_security)->subcontext = true;
(*gensec_security)->event_ctx = parent->event_ctx;
(*gensec_security)->msg_ctx = parent->msg_ctx;
+ (*gensec_security)->lp_ctx = parent->lp_ctx;
return NT_STATUS_OK;
}
*/
_PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
struct gensec_security **gensec_security,
- struct event_context *ev)
+ struct event_context *ev,
+ struct loadparm_context *lp_ctx)
{
NTSTATUS status;
struct event_context *new_ev = NULL;
ev = new_ev;
}
- status = gensec_start(mem_ctx, ev, NULL, gensec_security);
+ status = gensec_start(mem_ctx, ev, lp_ctx, NULL, gensec_security);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(new_ev);
return status;
*/
NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
struct event_context *ev,
+ struct loadparm_context *lp_ctx,
struct messaging_context *msg,
struct gensec_security **gensec_security)
{
return NT_STATUS_INTERNAL_ERROR;
}
- status = gensec_start(mem_ctx, ev, msg, gensec_security);
+ status = gensec_start(mem_ctx, ev, lp_ctx, msg, gensec_security);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
switch (gensec_security->gensec_role) {
case GENSEC_CLIENT:
if (gensec_security->ops->client_start) {
- status = gensec_security->ops->client_start(gensec_security, global_loadparm);
+ status = gensec_security->ops->client_start(gensec_security);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(2, ("Failed to start GENSEC client mech %s: %s\n",
gensec_security->ops->name, nt_errstr(status)));
_PUBLIC_ const char *gensec_get_target_hostname(struct gensec_security *gensec_security)
{
/* We allow the target hostname to be overriden for testing purposes */
- const char *target_hostname = lp_parm_string(global_loadparm, NULL, "gensec", "target_hostname");
+ const char *target_hostname = lp_parm_string(gensec_security->lp_ctx, NULL, "gensec", "target_hostname");
if (target_hostname) {
return target_hostname;
}
} callback;
};
-struct loadparm_context;
-
struct gensec_security_ops {
const char *name;
const char *sasl_name;
uint8_t auth_type; /* 0 if not offered on DCE-RPC */
const char **oid; /* NULL if not offered by SPNEGO */
- NTSTATUS (*client_start)(struct gensec_security *gensec_security,
- struct loadparm_context *lp_ctx);
+ NTSTATUS (*client_start)(struct gensec_security *gensec_security);
NTSTATUS (*server_start)(struct gensec_security *gensec_security);
/**
Determine if a packet has the right 'magic' for this mechanism
struct gensec_security {
const struct gensec_security_ops *ops;
+ struct loadparm_context *lp_ctx;
void *private_data;
struct cli_credentials *credentials;
struct gensec_target target;
return 0;
}
-static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security,
- struct loadparm_context *lp_ctx)
+static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
{
struct gensec_gssapi_state *gensec_gssapi_state;
krb5_error_code ret;
gensec_gssapi_state->gss_exchange_count = 0;
gensec_gssapi_state->max_wrap_buf_size
- = lp_parm_int(lp_ctx, NULL, "gensec_gssapi", "max wrap buf size", 65536);
+ = lp_parm_int(gensec_security->lp_ctx, NULL, "gensec_gssapi", "max wrap buf size", 65536);
gensec_gssapi_state->sasl = false;
gensec_gssapi_state->sasl_state = STAGE_GSS_NEG;
gensec_gssapi_state->input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS;
gensec_gssapi_state->want_flags = 0;
- if (lp_parm_bool(lp_ctx, NULL, "gensec_gssapi", "mutual", true)) {
+ if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "mutual", true)) {
gensec_gssapi_state->want_flags |= GSS_C_MUTUAL_FLAG;
}
- if (lp_parm_bool(lp_ctx, NULL, "gensec_gssapi", "delegation", true)) {
+ if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "delegation", true)) {
gensec_gssapi_state->want_flags |= GSS_C_DELEG_FLAG;
}
- if (lp_parm_bool(lp_ctx, NULL, "gensec_gssapi", "replay", true)) {
+ if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "replay", true)) {
gensec_gssapi_state->want_flags |= GSS_C_REPLAY_FLAG;
}
- if (lp_parm_bool(lp_ctx, NULL, "gensec_gssapi", "sequence", true)) {
+ if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "sequence", true)) {
gensec_gssapi_state->want_flags |= GSS_C_SEQUENCE_FLAG;
}
talloc_free(gensec_gssapi_state);
return NT_STATUS_INTERNAL_ERROR;
}
- if (lp_realm(lp_ctx) && *lp_realm(lp_ctx)) {
- char *upper_realm = strupper_talloc(gensec_gssapi_state, lp_realm(lp_ctx));
+ if (lp_realm(gensec_security->lp_ctx) && *lp_realm(gensec_security->lp_ctx)) {
+ char *upper_realm = strupper_talloc(gensec_gssapi_state, lp_realm(gensec_security->lp_ctx));
if (!upper_realm) {
- DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm(lp_ctx)));
+ DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm(gensec_security->lp_ctx)));
talloc_free(gensec_gssapi_state);
return NT_STATUS_NO_MEMORY;
}
}
/* don't do DNS lookups of any kind, it might/will fail for a netbios name */
- ret = gsskrb5_set_dns_canonicalize(lp_parm_bool(lp_ctx, NULL, "krb5", "set_dns_canonicalize", false));
+ ret = gsskrb5_set_dns_canonicalize(lp_parm_bool(gensec_security->lp_ctx, NULL, "krb5", "set_dns_canonicalize", false));
if (ret) {
DEBUG(1,("gensec_krb5_start: gsskrb5_set_dns_canonicalize failed\n"));
talloc_free(gensec_gssapi_state);
ret = smb_krb5_init_context(gensec_gssapi_state,
gensec_security->event_ctx,
- lp_ctx,
+ gensec_security->lp_ctx,
&gensec_gssapi_state->smb_krb5_context);
if (ret) {
DEBUG(1,("gensec_krb5_start: krb5_init_context failed (%s)\n",
struct cli_credentials *machine_account;
struct gssapi_creds_container *gcc;
- nt_status = gensec_gssapi_start(gensec_security, global_loadparm);
+ nt_status = gensec_gssapi_start(gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
return nt_status;
}
-static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_security, struct loadparm_context *lp_ctx)
+static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_security)
{
struct gensec_gssapi_state *gensec_gssapi_state;
struct cli_credentials *creds = gensec_get_credentials(gensec_security);
return NT_STATUS_INVALID_PARAMETER;
}
- nt_status = gensec_gssapi_start(gensec_security, lp_ctx);
+ nt_status = gensec_gssapi_start(gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
gensec_gssapi_state->gss_oid = gss_mech_krb5;
principal = gensec_get_target_principal(gensec_security);
- if (principal && lp_client_use_spnego_principal(lp_ctx)) {
+ if (principal && lp_client_use_spnego_principal(gensec_security->lp_ctx)) {
name_type = GSS_C_NULL_OID;
} else {
principal = talloc_asprintf(gensec_gssapi_state, "%s@%s",
return NT_STATUS_OK;
}
-static NTSTATUS gensec_gssapi_sasl_client_start(struct gensec_security *gensec_security, struct loadparm_context *lp_ctx)
+static NTSTATUS gensec_gssapi_sasl_client_start(struct gensec_security *gensec_security)
{
NTSTATUS nt_status;
struct gensec_gssapi_state *gensec_gssapi_state;
- nt_status = gensec_gssapi_client_start(gensec_security, lp_ctx);
+ nt_status = gensec_gssapi_client_start(gensec_security);
if (NT_STATUS_IS_OK(nt_status)) {
gensec_gssapi_state = talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
talloc_free(mem_ctx);
return nt_status;
}
- } else if (!lp_parm_bool(global_loadparm, NULL, "gensec", "require_pac", false)) {
+ } else if (!lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec", "require_pac", false)) {
DEBUG(1, ("Unable to find PAC, resorting to local user lookup: %s\n",
gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
- nt_status = sam_get_server_info_principal(mem_ctx, global_loadparm, principal_string,
+ nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->lp_ctx, principal_string,
&server_info);
if (!NT_STATUS_IS_OK(nt_status)) {
}
cli_credentials_set_event_context(session_info->credentials, gensec_security->event_ctx);
- cli_credentials_set_conf(session_info->credentials, global_loadparm);
+ cli_credentials_set_conf(session_info->credentials, gensec_security->lp_ctx);
/* Just so we don't segfault trying to get at a username */
cli_credentials_set_anonymous(session_info->credentials);
talloc_set_destructor(gensec_krb5_state, gensec_krb5_destroy);
- if (cli_credentials_get_krb5_context(creds, global_loadparm, &gensec_krb5_state->smb_krb5_context)) {
+ if (cli_credentials_get_krb5_context(creds, gensec_security->lp_ctx, &gensec_krb5_state->smb_krb5_context)) {
talloc_free(gensec_krb5_state);
return NT_STATUS_INTERNAL_ERROR;
}
return nt_status;
}
-static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security, struct loadparm_context *lp_ctx)
+static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security)
{
struct gensec_krb5_state *gensec_krb5_state;
krb5_error_code ret;
}
in_data.length = 0;
- if (principal && lp_client_use_spnego_principal(global_loadparm)) {
+ if (principal && lp_client_use_spnego_principal(gensec_security->lp_ctx)) {
krb5_principal target_principal;
ret = krb5_parse_name(gensec_krb5_state->smb_krb5_context->krb5_context, principal,
&target_principal);
}
}
-static NTSTATUS gensec_fake_gssapi_krb5_client_start(struct gensec_security *gensec_security, struct loadparm_context *lp_ctx)
+static NTSTATUS gensec_fake_gssapi_krb5_client_start(struct gensec_security *gensec_security)
{
- NTSTATUS nt_status = gensec_krb5_client_start(gensec_security, lp_ctx);
+ NTSTATUS nt_status = gensec_krb5_client_start(gensec_security);
if (NT_STATUS_IS_OK(nt_status)) {
struct gensec_krb5_state *gensec_krb5_state;
KRB5_AUTHDATA_WIN2K_PAC,
&pac_data);
- if (ret && lp_parm_bool(global_loadparm, NULL, "gensec", "require_pac", false)) {
+ if (ret && lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec", "require_pac", false)) {
DEBUG(1, ("Unable to find PAC in ticket from %s, failing to allow access: %s \n",
principal_string,
smb_get_krb5_error_message(context,
DEBUG(5, ("krb5_ticket_get_authorization_data_type failed to find PAC: %s\n",
smb_get_krb5_error_message(context,
ret, mem_ctx)));
- nt_status = sam_get_server_info_principal(mem_ctx, global_loadparm, principal_string,
+ nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->lp_ctx, principal_string,
&server_info);
krb5_free_principal(context, client_principal);
free(principal_string);
}
/* pull the session key for this client */
- status = schannel_fetch_session_key(out_mem_ctx, global_loadparm, workstation,
+ status = schannel_fetch_session_key(out_mem_ctx, gensec_security->lp_ctx, workstation,
domain, &creds);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(3, ("Could not find session key for attempted schannel connection from %s: %s\n",
struct auth_session_info **_session_info)
{
struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state);
- return auth_anonymous_session_info(state, global_loadparm, _session_info);
+ return auth_anonymous_session_info(state, gensec_security->lp_ctx, _session_info);
}
static NTSTATUS schannel_start(struct gensec_security *gensec_security)
return NT_STATUS_OK;
}
-static NTSTATUS schannel_client_start(struct gensec_security *gensec_security,
- struct loadparm_context *lp_ctx)
+static NTSTATUS schannel_client_start(struct gensec_security *gensec_security)
{
NTSTATUS status;
struct schannel_state *state;
};
-static NTSTATUS gensec_spnego_client_start(struct gensec_security *gensec_security, struct loadparm_context *lp_ctx)
+static NTSTATUS gensec_spnego_client_start(struct gensec_security *gensec_security)
{
struct spnego_state *spnego_state;
if (gensec_ntlmssp_state->use_nt_response) {
flags |= CLI_CRED_NTLM_AUTH;
}
- if (lp_client_lanman_auth(global_loadparm)) {
+ if (lp_client_lanman_auth(gensec_security->lp_ctx)) {
flags |= CLI_CRED_LANMAN_AUTH;
}
}
if ((gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY)
- && lp_client_lanman_auth(global_loadparm) && lm_session_key.length == 16) {
+ && lp_client_lanman_auth(gensec_security->lp_ctx) && lm_session_key.length == 16) {
DATA_BLOB new_session_key = data_blob_talloc(mem_ctx, NULL, 16);
if (lm_response.length == 24) {
SMBsesskeygen_lm_sess_key(lm_session_key.data, lm_response.data,
return NT_STATUS_OK;
}
-NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security,
- struct loadparm_context *lp_ctx)
+NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
{
struct gensec_ntlmssp_state *gensec_ntlmssp_state;
NTSTATUS nt_status;
gensec_ntlmssp_state->role = NTLMSSP_CLIENT;
- gensec_ntlmssp_state->domain = lp_workgroup(lp_ctx);
+ gensec_ntlmssp_state->domain = lp_workgroup(gensec_security->lp_ctx);
- gensec_ntlmssp_state->unicode = lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "unicode", true);
+ gensec_ntlmssp_state->unicode = lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "unicode", true);
- gensec_ntlmssp_state->use_nt_response = lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "send_nt_reponse", true);
+ gensec_ntlmssp_state->use_nt_response = lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "send_nt_reponse", true);
- gensec_ntlmssp_state->allow_lm_key = (lp_client_lanman_auth(lp_ctx)
- && (lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "allow_lm_key", false)
- || lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "lm_key", false)));
+ gensec_ntlmssp_state->allow_lm_key = (lp_client_lanman_auth(gensec_security->lp_ctx)
+ && (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "allow_lm_key", false)
+ || lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "lm_key", false)));
- gensec_ntlmssp_state->use_ntlmv2 = lp_client_ntlmv2_auth(lp_ctx);
+ gensec_ntlmssp_state->use_ntlmv2 = lp_client_ntlmv2_auth(gensec_security->lp_ctx);
gensec_ntlmssp_state->expected_state = NTLMSSP_INITIAL;
NTLMSSP_NEGOTIATE_NTLM |
NTLMSSP_REQUEST_TARGET;
- if (lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "128bit", true)) {
+ if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "128bit", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128;
}
- if (lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "56bit", false)) {
+ if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "56bit", false)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56;
}
- if (lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "lm_key", false)) {
+ if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "lm_key", false)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY;
}
- if (lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "keyexchange", true)) {
+ if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "keyexchange", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH;
}
- if (lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "alwayssign", true)) {
+ if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "alwayssign", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
}
- if (lp_parm_bool(lp_ctx, NULL, "ntlmssp_client", "ntlm2", true)) {
+ if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "ntlm2", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
} else {
/* apparently we can't do ntlmv2 if we don't do ntlm2 */
gensec_ntlmssp_state->role = NTLMSSP_SERVER;
gensec_ntlmssp_state->workstation = NULL;
- gensec_ntlmssp_state->server_name = lp_netbios_name(global_loadparm);
+ gensec_ntlmssp_state->server_name = lp_netbios_name(gensec_security->lp_ctx);
- gensec_ntlmssp_state->domain = lp_workgroup(global_loadparm);
+ gensec_ntlmssp_state->domain = lp_workgroup(gensec_security->lp_ctx);
gensec_ntlmssp_state->expected_state = NTLMSSP_NEGOTIATE;
- gensec_ntlmssp_state->allow_lm_key = (lp_lanman_auth(global_loadparm)
- && lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "allow_lm_key", false));
+ gensec_ntlmssp_state->allow_lm_key = (lp_lanman_auth(gensec_security->lp_ctx)
+ && lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "allow_lm_key", false));
gensec_ntlmssp_state->server_multiple_authentications = false;
gensec_ntlmssp_state->nt_resp = data_blob(NULL, 0);
gensec_ntlmssp_state->encrypted_session_key = data_blob(NULL, 0);
- if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "128bit", true)) {
+ if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "128bit", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128;
}
- if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "56bit", true)) {
+ if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "56bit", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56;
}
- if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "keyexchange", true)) {
+ if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "keyexchange", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH;
}
- if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "alwayssign", true)) {
+ if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "alwayssign", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
}
- if (lp_parm_bool(global_loadparm, NULL, "ntlmssp_server", "ntlm2", true)) {
+ if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "ntlm2", true)) {
gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;
}
nt_status = auth_context_create(gensec_ntlmssp_state,
gensec_security->event_ctx,
gensec_security->msg_ctx,
- global_loadparm,
+ gensec_security->lp_ctx,
&gensec_ntlmssp_state->auth_context);
NT_STATUS_NOT_OK_RETURN(nt_status);
gensec_ntlmssp_state->may_set_challenge = auth_ntlmssp_may_set_challenge;
gensec_ntlmssp_state->set_challenge = auth_ntlmssp_set_challenge;
gensec_ntlmssp_state->check_password = auth_ntlmssp_check_password;
- gensec_ntlmssp_state->server_role = lp_server_role(global_loadparm);
+ gensec_ntlmssp_state->server_role = lp_server_role(gensec_security->lp_ctx);
return NT_STATUS_OK;
}
#include "auth/credentials/credentials.h"
#include "param/param.h"
-struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx)
+struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx,
+ struct loadparm_context *lp_ctx)
{
NTSTATUS nt_status;
struct auth_session_info *session_info = NULL;
- nt_status = auth_anonymous_session_info(mem_ctx, global_loadparm, &session_info);
+ nt_status = auth_anonymous_session_info(mem_ctx, lp_ctx, &session_info);
if (!NT_STATUS_IS_OK(nt_status)) {
return NULL;
}
}
cldapd->task = task;
- cldapd->samctx = samdb_connect(cldapd, task->lp_ctx, anonymous_session(cldapd));
+ cldapd->samctx = samdb_connect(cldapd, task->lp_ctx, anonymous_session(cldapd, task->lp_ctx));
if (cldapd->samctx == NULL) {
task_server_terminate(task, "cldapd failed to open samdb");
return;
ap_req = data_blob_const(&input->data[header_len], ap_req_len);
krb_priv_req = data_blob_const(&input->data[header_len + ap_req_len], krb_priv_len);
- nt_status = gensec_server_start(tmp_ctx, kdc->task->event_ctx, kdc->task->msg_ctx, &gensec_security);
+ nt_status = gensec_server_start(tmp_ctx, kdc->task->event_ctx, kdc->task->lp_ctx, kdc->task->msg_ctx, &gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
return false;
status = gensec_server_start(conn,
conn->connection->event.ctx,
+ global_loadparm,
conn->connection->msg_ctx,
&conn->gensec);
if (!NT_STATUS_IS_OK(status)) {
#include "auth/gensec/socket.h"
#include "auth/credentials/credentials.h"
#include "lib/stream/packet.h"
+#include "param/param.h"
struct ldap_simple_creds {
const char *dn;
NULL
};
- status = gensec_client_start(conn, &conn->gensec, NULL);
+ status = gensec_client_start(conn, &conn->gensec, NULL, global_loadparm);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Failed to start GENSEC engine (%s)\n", nt_errstr(status)));
goto failed;
#include "libcli/smb2/smb2_calls.h"
#include "libcli/composite/composite.h"
#include "auth/gensec/gensec.h"
+#include "param/param.h"
-/*
+/**
initialise a smb2_session structure
*/
struct smb2_session *smb2_session_init(struct smb2_transport *transport,
/* prepare a gensec context for later use */
status = gensec_client_start(session, &session->gensec,
- session->transport->socket->event.ctx);
+ session->transport->socket->event.ctx,
+ global_loadparm);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(session);
return NULL;
return session;
}
-/*
+/**
send a session setup request
*/
struct smb2_request *smb2_session_setup_send(struct smb2_session *session,
}
-/*
+/**
recv a session setup reply
*/
NTSTATUS smb2_session_setup_recv(struct smb2_request *req, TALLOC_CTX *mem_ctx,
smbcli_temp_set_signing(session->transport);
- status = gensec_client_start(session, &session->gensec, c->event_ctx);
+ status = gensec_client_start(session, &session->gensec, c->event_ctx,
+ global_loadparm);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start GENSEC client mode: %s\n", nt_errstr(status)));
return status;
#include "libcli/composite/composite.h"
#include "auth/gensec/gensec.h"
#include "librpc/rpc/dcerpc.h"
+#include "param/param.h"
/*
return the rpc syntax and transfer syntax given the pipe uuid and version
sec = &p->conn->security_state;
c->status = gensec_client_start(p, &sec->generic_state,
- p->conn->event_ctx);
+ p->conn->event_ctx,
+ global_loadparm);
if (!NT_STATUS_IS_OK(c->status)) {
DEBUG(1, ("Failed to start GENSEC client mode: %s\n",
nt_errstr(c->status)));
return;
}
- samctx = samdb_connect(packet, global_loadparm, anonymous_session(packet));
+ samctx = samdb_connect(packet, global_loadparm, anonymous_session(packet, global_loadparm));
if (samctx == NULL) {
DEBUG(2,("Unable to open sam in getdc reply\n"));
return;
return;
}
- samctx = samdb_connect(packet, global_loadparm, anonymous_session(packet));
+ samctx = samdb_connect(packet, global_loadparm, anonymous_session(packet, global_loadparm));
if (samctx == NULL) {
DEBUG(2,("Unable to open sam in getdc reply\n"));
return;
#include "lib/socket/netif.h"
#include "auth/auth.h"
#include "dsdb/samdb/samdb.h"
+#include "param/param.h"
/*
startup the nbtd task
return;
}
- nbtsrv->sam_ctx = samdb_connect(nbtsrv, task->lp_ctx, anonymous_session(nbtsrv));
+ nbtsrv->sam_ctx = samdb_connect(nbtsrv, task->lp_ctx, anonymous_session(nbtsrv, global_loadparm));
if (nbtsrv->sam_ctx == NULL) {
task_server_terminate(task, "nbtd failed to open samdb");
return;
lp_do_global_parameter(lp_ctx, "wins server", "127.0.0.1");
}
- init_iconv();
+ close_iconv();
return bRetval;
}
break;
}
/* open main ldb */
- samctx = samdb_connect(tmp_ctx, global_loadparm, anonymous_session(tmp_ctx));
+ samctx = samdb_connect(tmp_ctx, global_loadparm, anonymous_session(tmp_ctx, global_loadparm));
if (samctx == NULL) {
DEBUG(2,("Unable to open samdb in determining server announce flags\n"));
} else {
return false;
}
- status = gensec_server_start(dce_conn, call->event_ctx, call->msg_ctx, &auth->gensec_security);
+ status = gensec_server_start(dce_conn, call->event_ctx, global_loadparm, call->msg_ctx, &auth->gensec_security);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start GENSEC for DCERPC server: %s\n", nt_errstr(status)));
return false;
nt_status = gensec_server_start(req->smb_conn,
req->smb_conn->connection->event.ctx,
+ global_loadparm,
req->smb_conn->connection->msg_ctx,
&gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
status = gensec_server_start(req,
req->smb_conn->connection->event.ctx,
+ global_loadparm,
req->smb_conn->connection->msg_ctx,
&gensec_ctx);
if (!NT_STATUS_IS_OK(status)) {
nt_status = gensec_server_start(req,
req->smb_conn->connection->event.ctx,
+ global_loadparm,
req->smb_conn->connection->msg_ctx,
&gensec_security);
if (!NT_STATUS_IS_OK(nt_status)) {
#include "smb_server/service_smb_proto.h"
#include "smb_server/smb2/smb2_server.h"
#include "smbd/service_stream.h"
+#include "param/param.h"
static void smb2srv_sesssetup_send(struct smb2srv_request *req, union smb_sesssetup *io)
{
status = gensec_server_start(req,
req->smb_conn->connection->event.ctx,
+ global_loadparm,
req->smb_conn->connection->msg_ctx,
&gensec_ctx);
if (!NT_STATUS_IS_OK(status)) {
{
DEBUG(2,("standard_terminate: reason[%s]\n",reason));
- /* this init_iconv() has the effect of freeing the iconv context memory,
+ /* this close_iconv() has the effect of freeing the iconv context memory,
which makes leak checking easier */
- init_iconv();
+ close_iconv();
/* the secrets db should really hang off the connection structure */
secrets_shutdown();
TALLOC_CTX *mem_ctx = tctx;
torture_assert_ntstatus_ok(tctx,
- gensec_client_start(mem_ctx, &gensec_security, NULL),
+ gensec_client_start(mem_ctx, &gensec_security, NULL, tctx->lp_ctx),
"gensec client start");
gensec_set_credentials(gensec_security, cmdline_credentials);
talloc_free(gensec_security);
torture_assert_ntstatus_ok(tctx,
- gensec_client_start(mem_ctx, &gensec_security, NULL),
+ gensec_client_start(mem_ctx, &gensec_security, NULL, tctx->lp_ctx),
"Failed to start GENSEC for NTLMSSP");
gensec_set_credentials(gensec_security, cmdline_credentials);
seed = time(NULL);
- init_iconv();
+ close_iconv();
while ((opt = getopt(argc, argv, "n:d:U:s:hm:f:aoW:M:vEl:")) != EOF) {
switch (opt) {
for (o = torture_root->children; o; o = o->next) {
if (gen_fnmatch(expr, o->name) == 0) {
*matched = true;
- init_iconv();
+ close_iconv();
ret &= torture_run_suite(torture, o);
continue;
}
if (gen_fnmatch(expr, name) == 0) {
*matched = true;
- init_iconv();
+ close_iconv();
torture->active_testname = talloc_strdup(torture, prefix);
ret &= torture_run_suite(torture, c);
free(name);
asprintf(&name, "%s-%s", prefix, t->name);
if (gen_fnmatch(expr, name) == 0) {
*matched = true;
- init_iconv();
+ close_iconv();
torture->active_testname = talloc_strdup(torture, prefix);
ret &= torture_run_tcase(torture, t);
talloc_free(torture->active_testname);
case NTLMSSP_CLIENT_1:
/* setup the client side */
- nt_status = gensec_client_start(NULL, &state->gensec_state, NULL);
+ nt_status = gensec_client_start(NULL, &state->gensec_state, NULL, lp_ctx);
if (!NT_STATUS_IS_OK(nt_status)) {
exit(1);
}
if (!msg) {
exit(1);
}
- if (!NT_STATUS_IS_OK(gensec_server_start(state, ev, msg, &state->gensec_state))) {
+ if (!NT_STATUS_IS_OK(gensec_server_start(state, ev, lp_ctx, msg, &state->gensec_state))) {
exit(1);
}
break;