Support for server level security.
****************************************************************************/
-static struct smbcli_state *server_cryptkey(TALLOC_CTX *mem_ctx, int maxprotocol)
+static struct smbcli_state *server_cryptkey(TALLOC_CTX *mem_ctx, bool unicode, int maxprotocol)
{
struct smbcli_state *cli = NULL;
fstring desthost;
DEBUG(3,("got session\n"));
- if (!smbcli_negprot(cli, maxprotocol)) {
+ if (!smbcli_negprot(cli, unicode, maxprotocol)) {
DEBUG(1,("%s rejected the negprot\n",desthost));
release_server_mutex();
talloc_free(cli);
if (cli) {
} else {
- cli = server_cryptkey(mem_ctx, lp_cli_maxprotocol(auth_context->lp_ctx));
+ cli = server_cryptkey(mem_ctx, lp_unicode(auth_context->lp_ctx), lp_cli_maxprotocol(auth_context->lp_ctx));
locally_made_cli = true;
}
talloc_set_destructor(gensec_krb5_state, gensec_krb5_destroy);
- if (cli_credentials_get_krb5_context(creds, &gensec_krb5_state->smb_krb5_context)) {
+ if (cli_credentials_get_krb5_context(creds, global_loadparm, &gensec_krb5_state->smb_krb5_context)) {
talloc_free(gensec_krb5_state);
return NT_STATUS_INTERNAL_ERROR;
}
/*****************************************************
return a connection to a server
*******************************************************/
-static struct smbcli_state *do_connection(char *the_service, int maxprotocol)
+static struct smbcli_state *do_connection(const char *the_service, bool unicode, int maxprotocol)
{
struct smbcli_state *c;
struct nmb_name called, calling;
DEBUG(4,("%d: session request ok\n", sys_getpid()));
- if (!smbcli_negprot(c, maxprotocol)) {
+ if (!smbcli_negprot(c, unicode, maxprotocol)) {
DEBUG(0,("%d: protocol negotiation failed\n", sys_getpid()));
talloc_free(c);
return NULL;
* not exit after open_sockets() or send_login() errors,
* as the smbfs mount would then have no way to recover.
*/
-static void send_fs_socket(char *the_service, char *mount_point, struct smbcli_state *c)
+static void send_fs_socket(const char *the_service, char *mount_point, struct smbcli_state *c)
{
int fd, closed = 0, res = 1;
pid_t parentpid = getppid();
CatchSignal(SIGUSR1, &usr1_handler);
pause();
DEBUG(2,("mount.smbfs[%d]: got signal, getting new socket\n", sys_getpid()));
- c = do_connection(the_service);
+ c = do_connection(the_service, lp_unicode(global_loadparm), lp_cli_maxprotocol(global_loadparm));
}
}
}
- c = do_connection(service, lp_cli_maxprotocol(global_loadparm));
+ c = do_connection(service, lp_unicode(global_loadparm), lp_cli_maxprotocol(global_loadparm));
if (!c) {
fprintf(stderr,"SMB connection failed\n");
exit(1);
const char *arg, const void *data)
{
const char *pname;
+ struct loadparm_context *lp_ctx = global_loadparm; /* FIXME: allow overriding */
if (reason == POPT_CALLBACK_REASON_POST) {
if (!lp_loaded()) {
switch(opt->val) {
case 'd':
- lp_set_cmdline(global_loadparm, "log level", arg);
+ lp_set_cmdline(lp_ctx, "log level", arg);
break;
case OPT_DEBUG_STDERR:
case 'O':
if (arg) {
- lp_set_cmdline(global_loadparm, "socket options", arg);
+ lp_set_cmdline(lp_ctx, "socket options", arg);
}
break;
case 'l':
if (arg) {
char *new_logfile = talloc_asprintf(NULL, "%s/log.%s", arg, pname);
- lp_set_cmdline(global_loadparm, "log file", new_logfile);
+ lp_set_cmdline(lp_ctx, "log file", new_logfile);
talloc_free(new_logfile);
}
break;
case 'W':
- lp_set_cmdline(global_loadparm, "workgroup", arg);
+ lp_set_cmdline(lp_ctx, "workgroup", arg);
break;
case 'r':
- lp_set_cmdline(global_loadparm, "realm", arg);
+ lp_set_cmdline(lp_ctx, "realm", arg);
break;
case 'n':
- lp_set_cmdline(global_loadparm, "netbios name", arg);
+ lp_set_cmdline(lp_ctx, "netbios name", arg);
break;
case 'i':
- lp_set_cmdline(global_loadparm, "netbios scope", arg);
+ lp_set_cmdline(lp_ctx, "netbios scope", arg);
break;
case 'm':
- lp_set_cmdline(global_loadparm, "client max protocol", arg);
+ lp_set_cmdline(lp_ctx, "client max protocol", arg);
break;
case 'R':
- lp_set_cmdline(global_loadparm, "name resolve order", arg);
+ lp_set_cmdline(lp_ctx, "name resolve order", arg);
break;
case OPT_OPTION:
- if (!lp_set_option(global_loadparm, arg)) {
+ if (!lp_set_option(lp_ctx, arg)) {
fprintf(stderr, "Error setting option '%s'\n", arg);
exit(1);
}
struct auth_session_info;
struct event_context;
+struct loadparm_context;
/**
* Open the locally defined registry.
WERROR reg_open_samba(TALLOC_CTX *mem_ctx,
struct registry_context **ctx,
+ struct loadparm_context *lp_ctx,
struct auth_session_info *session_info,
struct cli_credentials *credentials);
WERROR reg_open_samba(TALLOC_CTX *mem_ctx,
struct registry_context **ctx,
+ struct loadparm_context *lp_ctx,
struct auth_session_info *session_info,
struct cli_credentials *credentials);
*/
static WERROR mount_samba_hive(struct registry_context *ctx,
+ struct loadparm_context *lp_ctx,
struct auth_session_info *auth_info,
struct cli_credentials *creds,
const char *name,
const char *location;
location = talloc_asprintf(ctx, "%s/%s.ldb",
- lp_private_dir(global_loadparm),
+ lp_private_dir(lp_ctx),
name);
error = reg_open_hive(ctx, location, auth_info, creds, &hive);
_PUBLIC_ WERROR reg_open_samba(TALLOC_CTX *mem_ctx,
struct registry_context **ctx,
+ struct loadparm_context *lp_ctx,
struct auth_session_info *session_info,
struct cli_credentials *credentials)
{
return result;
}
- mount_samba_hive(*ctx, session_info, credentials,
+ mount_samba_hive(*ctx, lp_ctx, session_info, credentials,
"hklm", HKEY_LOCAL_MACHINE);
- mount_samba_hive(*ctx, session_info, credentials,
+ mount_samba_hive(*ctx, lp_ctx, session_info, credentials,
"hkcr", HKEY_CLASSES_ROOT);
/* FIXME: Should be mounted from NTUSER.DAT in the home directory of the
* current user */
- mount_samba_hive(*ctx, session_info, credentials,
+ mount_samba_hive(*ctx, lp_ctx, session_info, credentials,
"hkcu", HKEY_CURRENT_USER);
- mount_samba_hive(*ctx, session_info, credentials,
+ mount_samba_hive(*ctx, lp_ctx, session_info, credentials,
"hku", HKEY_USERS);
/* FIXME: Different hive backend for HKEY_CLASSES_ROOT: merged view of HKEY_LOCAL_MACHINE\Software\Classes
return reg_import_hive_key(h, hive_root, -1, NULL);
}
-struct registry_context *reg_common_open_local(struct cli_credentials *creds)
+struct registry_context *reg_common_open_local(struct cli_credentials *creds, struct loadparm_context *lp_ctx)
{
WERROR error;
struct registry_context *h;
- error = reg_open_samba(NULL, &h, NULL, creds);
+ error = reg_open_samba(NULL, &h, lp_ctx, NULL, creds);
if(!W_ERROR_IS_OK(error)) {
fprintf(stderr, "Unable to open local registry:%s \n",
#include "lib/events/events.h"
#include "lib/cmdline/popt_common.h"
#include "lib/registry/tools/common.h"
+#include "param/param.h"
enum reg_backend { REG_UNKNOWN, REG_LOCAL, REG_REMOTE, REG_NULL };
static struct registry_context *open_backend(poptContext pc,
+ struct loadparm_context *lp_ctx,
enum reg_backend backend,
const char *remote_host)
{
poptPrintUsage(pc, stderr, 0);
return NULL;
case REG_LOCAL:
- error = reg_open_samba(NULL, &ctx, NULL, cmdline_credentials);
+ error = reg_open_samba(NULL, &ctx, lp_ctx, NULL, cmdline_credentials);
break;
case REG_REMOTE:
error = reg_open_remote(&ctx, NULL, cmdline_credentials,
}
- h1 = open_backend(pc, backend1, remote1);
+ h1 = open_backend(pc, global_loadparm, backend1, remote1);
if (h1 == NULL)
return 1;
- h2 = open_backend(pc, backend2, remote2);
+ h2 = open_backend(pc, global_loadparm, backend2, remote2);
if (h2 == NULL)
return 1;
#include "lib/cmdline/popt_common.h"
#include "lib/registry/tools/common.h"
#include "lib/registry/patchfile.h"
+#include "param/param.h"
int main(int argc, char **argv)
{
if (remote) {
h = reg_common_open_remote (remote, cmdline_credentials);
} else {
- h = reg_common_open_local (cmdline_credentials);
+ h = reg_common_open_local (cmdline_credentials, global_loadparm);
}
if (h == NULL)
#include "lib/smbreadline/smbreadline.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "lib/registry/tools/common.h"
+#include "param/param.h"
struct regshell_context {
struct registry_context *registry;
ctx->registry = ctx->current->context;
ctx->path = talloc_strdup(ctx, "");
} else {
- ctx->registry = reg_common_open_local(cmdline_credentials);
+ ctx->registry = reg_common_open_local(cmdline_credentials, global_loadparm);
}
if (ctx->registry == NULL)
#include "lib/registry/tools/common.h"
#include "lib/events/events.h"
#include "lib/cmdline/popt_common.h"
+#include "param/param.h"
/**
* Print a registry key recursively
} else if (file != NULL) {
start_key = reg_common_open_file(file, cmdline_credentials);
} else {
- h = reg_common_open_local(cmdline_credentials);
+ h = reg_common_open_local(cmdline_credentials, global_loadparm);
}
if (h == NULL && start_key == NULL)
}
/* wrapper around smb_raw_negotiate() */
-NTSTATUS smbcli_negprot(struct smbcli_state *cli, int maxprotocol)
+NTSTATUS smbcli_negprot(struct smbcli_state *cli, bool unicode, int maxprotocol)
{
- return smb_raw_negotiate(cli->transport, maxprotocol);
+ return smb_raw_negotiate(cli->transport, unicode, maxprotocol);
}
/* wrapper around smb_raw_sesssetup() */
Send a negprot command.
*/
struct smbcli_request *smb_raw_negotiate_send(struct smbcli_transport *transport,
+ bool unicode,
int maxprotocol)
{
struct smbcli_request *req;
}
flags2 |= FLAGS2_32_BIT_ERROR_CODES;
- if (lp_unicode(global_loadparm)) {
+ if (unicode) {
flags2 |= FLAGS2_UNICODE_STRINGS;
}
flags2 |= FLAGS2_EXTENDED_ATTRIBUTES;
/*
Send a negprot command (sync interface)
*/
-NTSTATUS smb_raw_negotiate(struct smbcli_transport *transport, int maxprotocol)
+NTSTATUS smb_raw_negotiate(struct smbcli_transport *transport, bool unicode, int maxprotocol)
{
- struct smbcli_request *req = smb_raw_negotiate_send(transport, maxprotocol);
+ struct smbcli_request *req = smb_raw_negotiate_send(transport, unicode, maxprotocol);
return smb_raw_negotiate_recv(req);
}
{
struct connect_state *state = talloc_get_type(c->private_data, struct connect_state);
- state->req = smb_raw_negotiate_send(state->transport,
+ state->req = smb_raw_negotiate_send(state->transport, lp_unicode(global_loadparm),
lp_cli_maxprotocol(global_loadparm));
NT_STATUS_HAVE_NO_MEMORY(state->req);
int sizeof_ntptr_context;
int sizeof_ntptr_ops;
};
+
+struct loadparm_context;
+
#include "ntptr/ntptr_proto.h"
return NT_STATUS_OK;
}
-NTSTATUS ntptr_init(void)
+NTSTATUS ntptr_init(struct loadparm_context *lp_ctx)
{
init_module_fn static_init[] = STATIC_ntptr_MODULES;
- init_module_fn *shared_init = load_samba_modules(NULL, global_loadparm, "ntptr");
+ init_module_fn *shared_init = load_samba_modules(NULL, lp_ctx, "ntptr");
run_init_functions(static_init);
run_init_functions(shared_init);
/*
initialise the SHARE subsystem
*/
-NTSTATUS share_init(void)
+NTSTATUS share_init(struct loadparm_context *lp_ctx)
{
init_module_fn static_init[] = STATIC_share_MODULES;
- init_module_fn *shared_init = load_samba_modules(NULL, global_loadparm, "share");
+ init_module_fn *shared_init = load_samba_modules(NULL, lp_ctx, "share");
run_init_functions(static_init);
run_init_functions(shared_init);
NTSTATUS (*remove)(struct share_context *, const char *);
};
+struct loadparm_context;
+
#include "param/share_proto.h"
/* list of shares options */
#include "includes.h"
#include "param/share.h"
+#include "param/param.h"
#include "torture/torture.h"
static bool test_list_empty(struct torture_context *tctx,
struct torture_suite *suite = torture_suite_create(mem_ctx, "SHARE");
struct torture_tcase *tcase;
- share_init();
+ share_init(global_loadparm);
tcase = torture_suite_add_tcase(suite, "ldb");
torture_tcase_set_fixture(tcase, setup_ldb, teardown);
#include "librpc/gen_ndr/ndr_winreg.h"
#include "rpc_server/common/common.h"
#include "librpc/gen_ndr/ndr_security.h"
+#include "param/param.h"
enum handle_types { HTYPE_REGVAL, HTYPE_REGKEY };
WERROR err;
err = reg_open_samba(dce_call->context,
+ global_loadparm,
&ctx, dce_call->conn->auth_state.session_info,
NULL);
struct registry_context *rctx;
WERROR error;
- error = reg_open_samba(mprMemCtx(), &rctx, NULL, NULL);
+ error = reg_open_samba(mprMemCtx(), &rctx, global_loadparm, NULL, NULL);
SMB_ASSERT(W_ERROR_IS_OK(error));
mprSetPtrChild(reg, "registry", rctx);
/*
* init the SMB protocol related stuff
*/
-NTSTATUS smbsrv_init_smb_connection(struct smbsrv_connection *smb_conn)
+NTSTATUS smbsrv_init_smb_connection(struct smbsrv_connection *smb_conn, struct loadparm_context *lp_ctx)
{
NTSTATUS status;
/* this is the size that w2k uses, and it appears to be important for
good performance */
- smb_conn->negotiate.max_recv = lp_max_xmit(global_loadparm);
+ smb_conn->negotiate.max_recv = lp_max_xmit(lp_ctx);
smb_conn->negotiate.zone_offset = get_time_zone(time(NULL));
- smb_conn->config.security = lp_security(global_loadparm);
- smb_conn->config.nt_status_support = lp_nt_status_support(global_loadparm);
+ smb_conn->config.security = lp_security(lp_ctx);
+ smb_conn->config.nt_status_support = lp_nt_status_support(lp_ctx);
status = smbsrv_init_sessions(smb_conn, UINT16_MAX);
NT_STATUS_NOT_OK_RETURN(status);
/* see if its a special NBT packet */
if (CVAL(blob.data,0) != 0) {
- status = smbsrv_init_smb_connection(smb_conn);
+ status = smbsrv_init_smb_connection(smb_conn, global_loadparm);
NT_STATUS_NOT_OK_RETURN(status);
packet_set_callback(smb_conn->packet, smbsrv_recv_smb_request);
return smbsrv_recv_smb_request(smb_conn, blob);
switch (protocol_version) {
case SMB_MAGIC:
- status = smbsrv_init_smb_connection(smb_conn);
+ status = smbsrv_init_smb_connection(smb_conn, global_loadparm);
NT_STATUS_NOT_OK_RETURN(status);
packet_set_callback(smb_conn->packet, smbsrv_recv_smb_request);
return smbsrv_recv_smb_request(smb_conn, blob);
const struct model_ops *model_ops,
const char *address);
+struct loadparm_context;
+
#include "smb_server/smb_server_proto.h"
#include "smb_server/smb/smb_proto.h"
* return the pid in a pidfile. return 0 if the process (or pidfile)
* does not exist
*/
-pid_t pidfile_pid(const char *name)
+pid_t pidfile_pid(const char *piddir, const char *name)
{
int fd;
char pidstr[20];
pid_t ret;
char *pidFile;
- asprintf(&pidFile, "%s/%s.pid", lp_piddir(global_loadparm), name);
+ asprintf(&pidFile, "%s/%s.pid", piddir, name);
fd = open(pidFile, O_NONBLOCK | O_RDONLY, 0644);
/**
* create a pid file in the pid directory. open it and leave it locked
*/
-void pidfile_create(const char *name)
+void pidfile_create(const char *piddir, const char *name)
{
int fd;
char buf[20];
char *pidFile;
pid_t pid;
- asprintf(&pidFile, "%s/%s.pid", lp_piddir(global_loadparm), name);
+ asprintf(&pidFile, "%s/%s.pid", piddir, name);
- pid = pidfile_pid(name);
+ pid = pidfile_pid(piddir, name);
if (pid != 0) {
DEBUG(0,("ERROR: %s is already running. File %s exists and process id %d is running.\n",
name, pidFile, (int)pid));
return NT_STATUS_OK;
}
-NTSTATUS process_model_init(void)
+NTSTATUS process_model_init(struct loadparm_context *lp_ctx)
{
init_module_fn static_init[] = STATIC_process_model_MODULES;
- init_module_fn *shared_init = load_samba_modules(NULL, global_loadparm, "process_model");
+ init_module_fn *shared_init = load_samba_modules(NULL, lp_ctx, "process_model");
run_init_functions(static_init);
run_init_functions(shared_init);
range locking system. So instead of putting the burden on tdb to
cleanup tmp files, this function deletes them.
*/
-static void cleanup_tmp_files(void)
+static void cleanup_tmp_files(struct loadparm_context *lp_ctx)
{
char *path;
TALLOC_CTX *mem_ctx = talloc_new(NULL);
- path = smbd_tmp_path(mem_ctx, global_loadparm, NULL);
+ path = smbd_tmp_path(mem_ctx, lp_ctx, NULL);
recursive_delete(path);
talloc_free(mem_ctx);
become_daemon(true);
}
- cleanup_tmp_files();
+ cleanup_tmp_files(global_loadparm);
if (!directory_exist(lp_lockdir(global_loadparm))) {
mkdir(lp_lockdir(global_loadparm), 0755);
}
- pidfile_create(binary_name);
+ pidfile_create(lp_piddir(global_loadparm), binary_name);
/* Do *not* remove this, until you have removed
* passdb/secrets.c, and proved that Samba still builds... */
ldb_global_init(); /* FIXME: */
- share_init();
+ share_init(global_loadparm);
gensec_init(global_loadparm); /* FIXME: */
- ntptr_init(); /* FIXME: maybe run this in the initialization function
+ ntptr_init(global_loadparm); /* FIXME: maybe run this in the initialization function
of the spoolss RPC server instead? */
ntvfs_init(); /* FIXME: maybe run this in the initialization functions
of the SMB[,2] server instead? */
- process_model_init();
+ process_model_init(global_loadparm);
shared_init = load_samba_modules(NULL, global_loadparm, "service");
for (i=0;i<100;i++) {
struct smbcli_request *req;
- req = smb_raw_negotiate_send(cli->transport, PROTOCOL_NT1);
+ req = smb_raw_negotiate_send(cli->transport, lp_unicode(global_loadparm), PROTOCOL_NT1);
event_loop_once(cli->transport->socket->event.ctx);
if (req->state == SMBCLI_REQUEST_ERROR) {
if (i > 0) {
break;
}
- domain_admin_account = lp_parm_string(global_loadparm, NULL,
- "torture",
- "domain_admin_account");
+ domain_admin_account = torture_setting_string(tctx, "domain_admin_account", NULL);
- domain_admin_password = lp_parm_string(global_loadparm, NULL,
- "torture",
- "domain_admin_password");
+ domain_admin_password = torture_setting_string(tctx, "domain_admin_password", NULL);
- domain_name = lp_parm_string(global_loadparm, NULL,
- "torture",
- "domain_name");
+ domain_name = torture_setting_string(tctx, "domain_name", NULL);
if ((domain_admin_account == NULL) ||
(domain_admin_password == NULL) ||
break;
}
- domain_admin_account = lp_parm_string(global_loadparm, NULL,
- "torture",
- "domain_admin_account");
+ domain_admin_account = torture_setting_string(tctx, "domain_admin_account", NULL);
- domain_admin_password = lp_parm_string(global_loadparm, NULL,
- "torture",
- "domain_admin_password");
+ domain_admin_password = torture_setting_string(tctx, "domain_admin_password", NULL);
if ((domain_admin_account == NULL) ||
(domain_admin_password == NULL)) {
fstring user)
{
- char *p = strchr(domuser,*lp_winbind_separator(global_loadparm));
+ char *p = strchr(domuser, *lp_winbind_separator(global_loadparm));
if (!p) {
return false;