Add gensec_settings structure. This wraps loadparm_context for now, but

author Jelmer Vernooij <jelmer@samba.org>

Sun, 2 Nov 2008 01:05:48 +0000 (02:05 +0100)

committer Jelmer Vernooij <jelmer@samba.org>

Sun, 2 Nov 2008 01:05:48 +0000 (02:05 +0100)
author Jelmer Vernooij <jelmer@samba.org>
Sun, 2 Nov 2008 01:05:48 +0000 (02:05 +0100)
committer Jelmer Vernooij <jelmer@samba.org>
Sun, 2 Nov 2008 01:05:48 +0000 (02:05 +0100)
diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c

index 5d57383d2a853a3529ef4e16ceea4e90444d6778..3416ee10bca42848c9997bf2284ceebe4071778f 100644 (file)
--- a/source4/auth/gensec/gensec.c
+++ b/source4/auth/gensec/gensec.c
@@ -477,7 +477,7 @@ const char **gensec_security_oids(struct gensec_security *gensec_security,
  */
  static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx, 
                              struct event_context *ev,
-                            struct loadparm_context *lp_ctx,
+                            struct gensec_settings *settings,
                              struct messaging_context *msg,
                              struct gensec_security **gensec_security)
  {
@@ -501,7 +501,7 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx,
  
         (*gensec_security)->event_ctx = ev;
         (*gensec_security)->msg_ctx = msg;
-       (*gensec_security)->lp_ctx = lp_ctx;
+       (*gensec_security)->settings = settings;
  
         return NT_STATUS_OK;
  }
@@ -529,7 +529,7 @@ _PUBLIC_ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx,
         (*gensec_security)->want_features = parent->want_features;
         (*gensec_security)->event_ctx = parent->event_ctx;
         (*gensec_security)->msg_ctx = parent->msg_ctx;
-       (*gensec_security)->lp_ctx = parent->lp_ctx;
+       (*gensec_security)->settings = parent->settings;
  
         return NT_STATUS_OK;
  }
@@ -543,11 +543,11 @@ _PUBLIC_ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx,
  _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx, 
                              struct gensec_security **gensec_security,
                              struct event_context *ev,
-                            struct loadparm_context *lp_ctx)
+                            struct gensec_settings *settings)
  {
         NTSTATUS status;
  
-       status = gensec_start(mem_ctx, ev, lp_ctx, NULL, gensec_security);
+       status = gensec_start(mem_ctx, ev, settings, NULL, gensec_security);
         if (!NT_STATUS_IS_OK(status)) {
                 return status;
         }
@@ -564,7 +564,7 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
  */
  _PUBLIC_ NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx, 
                              struct event_context *ev,
-                            struct loadparm_context *lp_ctx,
+                            struct gensec_settings *settings,
                              struct messaging_context *msg,
                              struct gensec_security **gensec_security)
  {
@@ -580,7 +580,7 @@ _PUBLIC_ NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
                 return NT_STATUS_INTERNAL_ERROR;
         }
  
-       status = gensec_start(mem_ctx, ev, lp_ctx, msg, gensec_security);
+       status = gensec_start(mem_ctx, ev, settings, msg, gensec_security);
         if (!NT_STATUS_IS_OK(status)) {
                 return status;
         }
@@ -1107,9 +1107,8 @@ _PUBLIC_ NTSTATUS gensec_set_target_hostname(struct gensec_security *gensec_secu
  _PUBLIC_ const char *gensec_get_target_hostname(struct gensec_security *gensec_security) 
  {
         /* We allow the target hostname to be overriden for testing purposes */
-       const char *target_hostname = lp_parm_string(gensec_security->lp_ctx, NULL, "gensec", "target_hostname");
-       if (target_hostname) {
-               return target_hostname;
+       if (gensec_security->settings->target_hostname) {
+               return gensec_security->settings->target_hostname;
         }
  
         if (gensec_security->target.hostname) {
@@ -1255,6 +1254,16 @@ static int sort_gensec(struct gensec_security_ops **gs1, struct gensec_security_
         return (*gs2)->priority - (*gs1)->priority;
  }
  
+int gensec_setting_int(struct gensec_settings *settings, const char *mechanism, const char *name, int default_value)
+{
+       return lp_parm_int(settings->lp_ctx, NULL, mechanism, name, default_value);
+}
+
+bool gensec_setting_bool(struct gensec_settings *settings, const char *mechanism, const char *name, bool default_value)
+{
+       return lp_parm_bool(settings->lp_ctx, NULL, mechanism, name, default_value);
+}
+
  /*
    initialise the GENSEC subsystem
  */
diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h

index 0b31882ddd6865d95b4f2fc63018393ce5a3de2b..2a483171f73c9074b5f8ba385fc48b593d82fed0 100644 (file)
--- a/source4/auth/gensec/gensec.h
+++ b/source4/auth/gensec/gensec.h
@@ -64,6 +64,7 @@ enum gensec_role
  
  struct auth_session_info;
  struct cli_credentials;
+struct gensec_settings;
  
  struct gensec_update_request {
         struct gensec_security *gensec_security;
@@ -77,6 +78,12 @@ struct gensec_update_request {
         } callback;
  };
  
+struct gensec_settings {
+       struct loadparm_context *lp_ctx;
+       struct smb_iconv_convenience *iconv_convenience;
+       const char *target_hostname;
+};
+
  struct gensec_security_ops {
         const char *name;
         const char *sasl_name;
@@ -151,7 +158,6 @@ struct gensec_security_ops_wrapper {
  
  struct gensec_security {
         const struct gensec_security_ops *ops;
-       struct loadparm_context *lp_ctx;
         void *private_data;
         struct cli_credentials *credentials;
         struct gensec_target target;
@@ -161,6 +167,7 @@ struct gensec_security {
         struct event_context *event_ctx;
         struct messaging_context *msg_ctx; /* only valid as server */
         struct socket_address *my_addr, *peer_addr;
+       struct gensec_settings *settings;
  };
  
  /* this structure is used by backends to determine the size of some critical types */
@@ -210,7 +217,7 @@ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx,
  NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx, 
                              struct gensec_security **gensec_security,
                              struct event_context *ev,
-                            struct loadparm_context *lp_ctx);
+                            struct gensec_settings *settings);
  NTSTATUS gensec_start_mech_by_sasl_list(struct gensec_security *gensec_security, 
                                                  const char **sasl_names);
  NTSTATUS gensec_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, 
@@ -262,7 +269,7 @@ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security,
  const char *gensec_get_name_by_authtype(uint8_t authtype);
  NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx, 
                              struct event_context *ev,
-                            struct loadparm_context *lp_ctx,
+                            struct gensec_settings *settings,
                              struct messaging_context *msg,
                              struct gensec_security **gensec_security);
  NTSTATUS gensec_session_info(struct gensec_security *gensec_security, 
@@ -295,5 +302,7 @@ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
  NTSTATUS gensec_start_mech_by_sasl_name(struct gensec_security *gensec_security, 
                                         const char *sasl_name);
  
+int gensec_setting_int(struct gensec_settings *settings, const char *mechanism, const char *name, int default_value);
+bool gensec_setting_bool(struct gensec_settings *settings, const char *mechanism, const char *name, bool default_value);
  
  #endif /* __GENSEC_H__ */
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c

index e307dbb5cb6913a5f7dd39bc28551c9bcfafae36..dcfffef3df6ee05414b9bdbb8ba7c15df46ea1e0 100644 (file)
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -154,7 +154,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
         
         gensec_gssapi_state->gss_exchange_count = 0;
         gensec_gssapi_state->max_wrap_buf_size
-               = lp_parm_int(gensec_security->lp_ctx, NULL, "gensec_gssapi", "max wrap buf size", 65536);
+               = gensec_setting_int(gensec_security->settings, "gensec_gssapi", "max wrap buf size", 65536);
                 
         gensec_gssapi_state->sasl = false;
         gensec_gssapi_state->sasl_state = STAGE_GSS_NEG;
@@ -170,16 +170,16 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
         gensec_gssapi_state->input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS;
         
         gensec_gssapi_state->want_flags = 0;
-       if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "mutual", true)) {
+       if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "mutual", true)) {
                 gensec_gssapi_state->want_flags |= GSS_C_MUTUAL_FLAG;
         }
-       if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "delegation", true)) {
+       if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "delegation", true)) {
                 gensec_gssapi_state->want_flags |= GSS_C_DELEG_FLAG;
         }
-       if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "replay", true)) {
+       if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "replay", true)) {
                 gensec_gssapi_state->want_flags |= GSS_C_REPLAY_FLAG;
         }
-       if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "sequence", true)) {
+       if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "sequence", true)) {
                 gensec_gssapi_state->want_flags |= GSS_C_SEQUENCE_FLAG;
         }
  
@@ -214,10 +214,10 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
                 talloc_free(gensec_gssapi_state);
                 return NT_STATUS_INTERNAL_ERROR;
         }
-       if (lp_realm(gensec_security->lp_ctx) && *lp_realm(gensec_security->lp_ctx)) {
-               char *upper_realm = strupper_talloc(gensec_gssapi_state, lp_realm(gensec_security->lp_ctx));
+       if (lp_realm(gensec_security->settings->lp_ctx) && *lp_realm(gensec_security->settings->lp_ctx)) {
+               char *upper_realm = strupper_talloc(gensec_gssapi_state, lp_realm(gensec_security->settings->lp_ctx));
                 if (!upper_realm) {
-                       DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm(gensec_security->lp_ctx)));
+                       DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm(gensec_security->settings->lp_ctx)));
                         talloc_free(gensec_gssapi_state);
                         return NT_STATUS_NO_MEMORY;
                 }
@@ -231,7 +231,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
         }
  
         /* don't do DNS lookups of any kind, it might/will fail for a netbios name */
-       ret = gsskrb5_set_dns_canonicalize(lp_parm_bool(gensec_security->lp_ctx, NULL, "krb5", "set_dns_canonicalize", false));
+       ret = gsskrb5_set_dns_canonicalize(gensec_setting_bool(gensec_security->settings, "krb5", "set_dns_canonicalize", false));
         if (ret) {
                 DEBUG(1,("gensec_krb5_start: gsskrb5_set_dns_canonicalize failed\n"));
                 talloc_free(gensec_gssapi_state);
@@ -240,7 +240,7 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security)
  
         ret = smb_krb5_init_context(gensec_gssapi_state, 
                                     gensec_security->event_ctx,
-                                   gensec_security->lp_ctx,
+                                   gensec_security->settings->lp_ctx,
                                     &gensec_gssapi_state->smb_krb5_context);
         if (ret) {
                 DEBUG(1,("gensec_krb5_start: krb5_init_context failed (%s)\n",
@@ -274,7 +274,7 @@ static NTSTATUS gensec_gssapi_server_start(struct gensec_security *gensec_securi
         } else {
                 ret = cli_credentials_get_server_gss_creds(machine_account, 
                                                            gensec_security->event_ctx, 
-                                                          gensec_security->lp_ctx, &gcc);
+                                                          gensec_security->settings->lp_ctx, &gcc);
                 if (ret) {
                         DEBUG(1, ("Aquiring acceptor credentials failed: %s\n", 
                                   error_message(ret)));
@@ -336,7 +336,7 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi
         gensec_gssapi_state->gss_oid = gss_mech_krb5;
  
         principal = gensec_get_target_principal(gensec_security);
-       if (principal && lp_client_use_spnego_principal(gensec_security->lp_ctx)) {
+       if (principal && lp_client_use_spnego_principal(gensec_security->settings->lp_ctx)) {
                 name_type = GSS_C_NULL_OID;
         } else {
                 principal = talloc_asprintf(gensec_gssapi_state, "%s@%s", 
@@ -362,7 +362,7 @@ static NTSTATUS gensec_gssapi_client_start(struct gensec_security *gensec_securi
  
         ret = cli_credentials_get_client_gss_creds(creds, 
                                                    gensec_security->event_ctx, 
-                                                  gensec_security->lp_ctx, &gcc);
+                                                  gensec_security->settings->lp_ctx, &gcc);
         switch (ret) {
         case 0:
                 break;
@@ -1142,10 +1142,10 @@ static bool gensec_gssapi_have_feature(struct gensec_security *gensec_security,
                         return false;
                 }
  
-               if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "force_new_spnego", false)) {
+               if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "force_new_spnego", false)) {
                         return true;
                 }
-               if (lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec_gssapi", "disable_new_spnego", false)) {
+               if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "disable_new_spnego", false)) {
                         return false;
                 }
  
@@ -1256,7 +1256,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
          */
         if (pac_blob.length) {
                 nt_status = kerberos_pac_blob_to_server_info(mem_ctx, 
-                                                            lp_iconv_convenience(gensec_security->lp_ctx),
+                                                            gensec_security->settings->iconv_convenience,
                                                              pac_blob, 
                                                              gensec_gssapi_state->smb_krb5_context->krb5_context,
                                                              &server_info);
@@ -1290,11 +1290,11 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
                         return NT_STATUS_NO_MEMORY;
                 }
  
-               if (!lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec", "require_pac", false)) {
+               if (!gensec_setting_bool(gensec_security->settings, "gensec", "require_pac", false)) {
                         DEBUG(1, ("Unable to find PAC, resorting to local user lookup: %s\n",
                                   gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
                         nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->event_ctx, 
-                                                                 gensec_security->lp_ctx, principal_string,
+                                                                 gensec_security->settings->lp_ctx, principal_string,
                                                                   &server_info);
                         
                         if (!NT_STATUS_IS_OK(nt_status)) {
@@ -1311,7 +1311,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
  
         /* references the server_info into the session_info */
         nt_status = auth_generate_session_info(mem_ctx, gensec_security->event_ctx, 
-                                              gensec_security->lp_ctx, server_info, &session_info);
+                                              gensec_security->settings->lp_ctx, server_info, &session_info);
         if (!NT_STATUS_IS_OK(nt_status)) {
                 talloc_free(mem_ctx);
                 return nt_status;
@@ -1334,13 +1334,13 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
                         return NT_STATUS_NO_MEMORY;
                 }
  
-               cli_credentials_set_conf(session_info->credentials, gensec_security->lp_ctx);
+               cli_credentials_set_conf(session_info->credentials, gensec_security->settings->lp_ctx);
                 /* Just so we don't segfault trying to get at a username */
                 cli_credentials_set_anonymous(session_info->credentials);
                 
                 ret = cli_credentials_set_client_gss_creds(session_info->credentials, 
                                                            gensec_security->event_ctx,
-                                                          gensec_security->lp_ctx, 
+                                                          gensec_security->settings->lp_ctx, 
                                                            gensec_gssapi_state->delegated_cred_handle,
                                                            CRED_SPECIFIED);
                 if (ret) {
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c

index 1f54043038441025893806ca7c8e1905aef6f9b3..16867366a4890d08959bdf0cc5ed19e6941dbd64 100644 (file)
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -120,7 +120,7 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security)
  
         if (cli_credentials_get_krb5_context(creds, 
                                              gensec_security->event_ctx, 
-                                            gensec_security->lp_ctx, &gensec_krb5_state->smb_krb5_context)) {
+                                            gensec_security->settings->lp_ctx, &gensec_krb5_state->smb_krb5_context)) {
                 talloc_free(gensec_krb5_state);
                 return NT_STATUS_INTERNAL_ERROR;
         }
@@ -252,7 +252,7 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security
  
         ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security), 
                                          gensec_security->event_ctx, 
-                                        gensec_security->lp_ctx, &ccache_container);
+                                        gensec_security->settings->lp_ctx, &ccache_container);
         switch (ret) {
         case 0:
                 break;
@@ -267,7 +267,7 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security
         }
         in_data.length = 0;
         
-       if (principal && lp_client_use_spnego_principal(gensec_security->lp_ctx)) {
+       if (principal && lp_client_use_spnego_principal(gensec_security->settings->lp_ctx)) {
                 krb5_principal target_principal;
                 ret = krb5_parse_name(gensec_krb5_state->smb_krb5_context->krb5_context, principal,
                                       &target_principal);
@@ -452,7 +452,7 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security,
                 /* Grab the keytab, however generated */
                 ret = cli_credentials_get_keytab(gensec_get_credentials(gensec_security), 
                                                  gensec_security->event_ctx, 
-                                                gensec_security->lp_ctx, &keytab);
+                                                gensec_security->settings->lp_ctx, &keytab);
                 if (ret) {
                         return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
                 }
@@ -594,7 +594,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
                                                       KRB5_AUTHDATA_WIN2K_PAC, 
                                                       &pac_data);
         
-       if (ret && lp_parm_bool(gensec_security->lp_ctx, NULL, "gensec", "require_pac", false)) {
+       if (ret && gensec_setting_bool(gensec_security->settings, "gensec", "require_pac", false)) {
                 DEBUG(1, ("Unable to find PAC in ticket from %s, failing to allow access: %s \n",
                           principal_string,
                           smb_get_krb5_error_message(context, 
@@ -607,7 +607,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
                 DEBUG(5, ("krb5_ticket_get_authorization_data_type failed to find PAC: %s\n", 
                           smb_get_krb5_error_message(context, 
                                                      ret, mem_ctx)));
-               nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->event_ctx, gensec_security->lp_ctx, principal_string,
+               nt_status = sam_get_server_info_principal(mem_ctx, gensec_security->event_ctx, gensec_security->settings->lp_ctx, principal_string,
                                                           &server_info);
                 krb5_free_principal(context, client_principal);
                 free(principal_string);
@@ -630,7 +630,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
  
                 /* decode and verify the pac */
                 nt_status = kerberos_pac_logon_info(gensec_krb5_state, 
-                                                   lp_iconv_convenience(gensec_security->lp_ctx),
+                                                   gensec_security->settings->iconv_convenience,
                                                     &logon_info, pac,
                                                     gensec_krb5_state->smb_krb5_context->krb5_context,
                                                     NULL, gensec_krb5_state->keyblock,
@@ -655,7 +655,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
         }
  
         /* references the server_info into the session_info */
-       nt_status = auth_generate_session_info(mem_ctx, gensec_security->event_ctx, gensec_security->lp_ctx, server_info, &session_info);
+       nt_status = auth_generate_session_info(mem_ctx, gensec_security->event_ctx, gensec_security->settings->lp_ctx, server_info, &session_info);
  
         if (!NT_STATUS_IS_OK(nt_status)) {
                 talloc_free(mem_ctx);
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c

index f21202b86f5486e46a94898adf518d73ba90ae2d..e6d38c14a371ee4bae1ee0448545191236b4f26c 100644 (file)
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -85,7 +85,7 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
  #endif
                 
                 ndr_err = ndr_push_struct_blob(out, out_mem_ctx, 
-                                              lp_iconv_convenience(gensec_security->lp_ctx), &bind_schannel,
+                                              gensec_security->settings->iconv_convenience, &bind_schannel,
                                                (ndr_push_flags_fn_t)ndr_push_schannel_bind);
                 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
                         status = ndr_map_error2ntstatus(ndr_err);
@@ -106,7 +106,7 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
                 
                 /* parse the schannel startup blob */
                 ndr_err = ndr_pull_struct_blob(&in, out_mem_ctx,
-                       lp_iconv_convenience(gensec_security->lp_ctx),
+                       gensec_security->settings->iconv_convenience,
                         &bind_schannel, 
                         (ndr_pull_flags_fn_t)ndr_pull_schannel_bind);
                 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
@@ -126,7 +126,7 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
                 
                 /* pull the session key for this client */
                 status = schannel_fetch_session_key(out_mem_ctx, gensec_security->event_ctx, 
-                                                   gensec_security->lp_ctx, workstation, 
+                                                   gensec_security->settings->lp_ctx, workstation, 
                                                     domain, &creds);
                 if (!NT_STATUS_IS_OK(status)) {
                         DEBUG(3, ("Could not find session key for attempted schannel connection from %s: %s\n",
@@ -144,7 +144,7 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
                 bind_schannel_ack.unknown3 = 0x6c0000;
                 
                 ndr_err = ndr_push_struct_blob(out, out_mem_ctx, 
-                                              lp_iconv_convenience(gensec_security->lp_ctx), &bind_schannel_ack,
+                                              gensec_security->settings->iconv_convenience, &bind_schannel_ack,
                                                (ndr_push_flags_fn_t)ndr_push_schannel_bind_ack);
                 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
                         status = ndr_map_error2ntstatus(ndr_err);
@@ -190,7 +190,7 @@ static NTSTATUS schannel_session_info(struct gensec_security *gensec_security,
                                          struct auth_session_info **_session_info) 
  {
         struct schannel_state *state = talloc_get_type(gensec_security->private_data, struct schannel_state);
-       return auth_anonymous_session_info(state, gensec_security->event_ctx, gensec_security->lp_ctx, _session_info);
+       return auth_anonymous_session_info(state, gensec_security->event_ctx, gensec_security->settings->lp_ctx, _session_info);
  }
  
  static NTSTATUS schannel_start(struct gensec_security *gensec_security)
diff --git a/source4/auth/ntlm/auth_server.c b/source4/auth/ntlm/auth_server.c

index eeecfbce15c5afce292b357bc1f38c29b6f73ca7..2af0cc8a00baa96619706902482eba5ef98ebccd 100644 (file)
--- a/source4/auth/ntlm/auth_server.c
+++ b/source4/auth/ntlm/auth_server.c
@@ -146,6 +146,7 @@ static NTSTATUS server_check_password(struct auth_method_context *ctx,
  
         session_setup.in.credentials = creds;
         session_setup.in.workgroup = ""; /* Only used with SPNEGO, which we are not doing */
+       session_setup.in.gensec_settings = lp_gensec_settings(session, ctx->auth_ctx->lp_ctx);
  
         /* Check password with remove server - this should be async some day */
         nt_status = smb_composite_sesssetup(session, &session_setup);
diff --git a/source4/auth/ntlmssp/ntlmssp_client.c b/source4/auth/ntlmssp/ntlmssp_client.c

index 31da9fc9270d2e77eed08ff0055d4b927a2ea3be..e28d8462d456d4492e7c5b3be6c7381f818bd4da 100644 (file)
--- a/source4/auth/ntlmssp/ntlmssp_client.c
+++ b/source4/auth/ntlmssp/ntlmssp_client.c
@@ -192,7 +192,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
         if (gensec_ntlmssp_state->use_nt_response) {
                 flags |= CLI_CRED_NTLM_AUTH;
         }
-       if (lp_client_lanman_auth(gensec_security->lp_ctx)) {
+       if (lp_client_lanman_auth(gensec_security->settings->lp_ctx)) {
                 flags |= CLI_CRED_LANMAN_AUTH;
         }
  
@@ -217,7 +217,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
         }
         
         if ((gensec_ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) 
-           && lp_client_lanman_auth(gensec_security->lp_ctx) && lm_session_key.length == 16) {
+           && lp_client_lanman_auth(gensec_security->settings->lp_ctx) && lm_session_key.length == 16) {
                 DATA_BLOB new_session_key = data_blob_talloc(mem_ctx, NULL, 16);
                 if (lm_response.length == 24) {
                         SMBsesskeygen_lm_sess_key(lm_session_key.data, lm_response.data, 
@@ -308,17 +308,17 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
  
         gensec_ntlmssp_state->role = NTLMSSP_CLIENT;
  
-       gensec_ntlmssp_state->domain = lp_workgroup(gensec_security->lp_ctx);
+       gensec_ntlmssp_state->domain = lp_workgroup(gensec_security->settings->lp_ctx);
  
-       gensec_ntlmssp_state->unicode = lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "unicode", true);
+       gensec_ntlmssp_state->unicode = gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "unicode", true);
  
-       gensec_ntlmssp_state->use_nt_response = lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "send_nt_reponse", true);
+       gensec_ntlmssp_state->use_nt_response = gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "send_nt_reponse", true);
  
-       gensec_ntlmssp_state->allow_lm_key = (lp_client_lanman_auth(gensec_security->lp_ctx) 
-                                             && (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "allow_lm_key", false)
-                                                 || lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "lm_key", false)));
+       gensec_ntlmssp_state->allow_lm_key = (lp_client_lanman_auth(gensec_security->settings->lp_ctx) 
+                                             && (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "allow_lm_key", false)
+                                                 || gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "lm_key", false)));
  
-       gensec_ntlmssp_state->use_ntlmv2 = lp_client_ntlmv2_auth(gensec_security->lp_ctx);
+       gensec_ntlmssp_state->use_ntlmv2 = lp_client_ntlmv2_auth(gensec_security->settings->lp_ctx);
  
         gensec_ntlmssp_state->expected_state = NTLMSSP_INITIAL;
  
@@ -326,27 +326,27 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
                 NTLMSSP_NEGOTIATE_NTLM |
                 NTLMSSP_REQUEST_TARGET;
  
-       if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "128bit", true)) {
+       if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "128bit", true)) {
                 gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128;               
         }
  
-       if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "56bit", false)) {
+       if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "56bit", false)) {
                 gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56;                
         }
  
-       if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "lm_key", false)) {
+       if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "lm_key", false)) {
                 gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_LM_KEY;
         }
  
-       if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "keyexchange", true)) {
+       if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "keyexchange", true)) {
                 gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH;          
         }
  
-       if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "alwayssign", true)) {
+       if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "alwayssign", true)) {
                 gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;               
         }
  
-       if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_client", "ntlm2", true)) {
+       if (gensec_setting_bool(gensec_security->settings, "ntlmssp_client", "ntlm2", true)) {
                 gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;             
         } else {
                 /* apparently we can't do ntlmv2 if we don't do ntlm2 */
diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c

index cb336d5b463870dd345f8dc21bca049886c3996a..37cc5f318ff5278036b57b5143baf23f1b6cbef3 100644 (file)
--- a/source4/auth/ntlmssp/ntlmssp_server.c
+++ b/source4/auth/ntlmssp/ntlmssp_server.c
@@ -186,7 +186,7 @@ NTSTATUS ntlmssp_server_negotiate(struct gensec_security *gensec_security,
  
                 /* Find out the DNS domain name */
                 dnsdomname[0] = '\0';
-               safe_strcpy(dnsdomname, lp_realm(gensec_security->lp_ctx), sizeof(dnsdomname) - 1);
+               safe_strcpy(dnsdomname, lp_realm(gensec_security->settings->lp_ctx), sizeof(dnsdomname) - 1);
                 strlower_m(dnsdomname);
  
                 /* Find out the DNS host name */
@@ -722,7 +722,7 @@ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security,
         NTSTATUS nt_status;
         struct gensec_ntlmssp_state *gensec_ntlmssp_state = (struct gensec_ntlmssp_state *)gensec_security->private_data;
  
-       nt_status = auth_generate_session_info(gensec_ntlmssp_state, gensec_security->event_ctx, gensec_security->lp_ctx, gensec_ntlmssp_state->server_info, session_info);
+       nt_status = auth_generate_session_info(gensec_ntlmssp_state, gensec_security->event_ctx, gensec_security->settings->lp_ctx, gensec_ntlmssp_state->server_info, session_info);
         NT_STATUS_NOT_OK_RETURN(nt_status);
  
         (*session_info)->session_key = data_blob_talloc(*session_info, 
@@ -749,14 +749,14 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
         gensec_ntlmssp_state->role = NTLMSSP_SERVER;
  
         gensec_ntlmssp_state->workstation = NULL;
-       gensec_ntlmssp_state->server_name = lp_netbios_name(gensec_security->lp_ctx);
+       gensec_ntlmssp_state->server_name = lp_netbios_name(gensec_security->settings->lp_ctx);
  
-       gensec_ntlmssp_state->domain = lp_workgroup(gensec_security->lp_ctx);
+       gensec_ntlmssp_state->domain = lp_workgroup(gensec_security->settings->lp_ctx);
  
         gensec_ntlmssp_state->expected_state = NTLMSSP_NEGOTIATE;
  
-       gensec_ntlmssp_state->allow_lm_key = (lp_lanman_auth(gensec_security->lp_ctx) 
-                                         && lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "allow_lm_key", false));
+       gensec_ntlmssp_state->allow_lm_key = (lp_lanman_auth(gensec_security->settings->lp_ctx) 
+                                         && gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "allow_lm_key", false));
  
         gensec_ntlmssp_state->server_multiple_authentications = false;
         
@@ -767,23 +767,23 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
         gensec_ntlmssp_state->nt_resp = data_blob(NULL, 0);
         gensec_ntlmssp_state->encrypted_session_key = data_blob(NULL, 0);
  
-       if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "128bit", true)) {
+       if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "128bit", true)) {
                 gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_128;               
         }
  
-       if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "56bit", true)) {
+       if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "56bit", true)) {
                 gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_56;                
         }
  
-       if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "keyexchange", true)) {
+       if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "keyexchange", true)) {
                 gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_KEY_EXCH;          
         }
  
-       if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "alwayssign", true)) {
+       if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "alwayssign", true)) {
                 gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;               
         }
  
-       if (lp_parm_bool(gensec_security->lp_ctx, NULL, "ntlmssp_server", "ntlm2", true)) {
+       if (gensec_setting_bool(gensec_security->settings, "ntlmssp_server", "ntlm2", true)) {
                 gensec_ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2;             
         }
  
@@ -797,7 +797,7 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
         nt_status = auth_context_create(gensec_ntlmssp_state, 
                                         gensec_security->event_ctx,
                                         gensec_security->msg_ctx,
-                                       gensec_security->lp_ctx,
+                                       gensec_security->settings->lp_ctx,
                                         &gensec_ntlmssp_state->auth_context);
         NT_STATUS_NOT_OK_RETURN(nt_status);
  
@@ -805,7 +805,7 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
         gensec_ntlmssp_state->may_set_challenge = auth_ntlmssp_may_set_challenge;
         gensec_ntlmssp_state->set_challenge = auth_ntlmssp_set_challenge;
         gensec_ntlmssp_state->check_password = auth_ntlmssp_check_password;
-       gensec_ntlmssp_state->server_role = lp_server_role(gensec_security->lp_ctx);
+       gensec_ntlmssp_state->server_role = lp_server_role(gensec_security->settings->lp_ctx);
  
         return NT_STATUS_OK;
  }
diff --git a/source4/auth/sam.c b/source4/auth/sam.c

index 4255a6432a1fa6a16ea1c7352cc1d5cb7e30afc6..f6a998ae0f1f50b7c87cc57b7402c243aa4dfaf3 100644 (file)
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -447,7 +447,8 @@ NTSTATUS sam_get_server_info_principal(TALLOC_CTX *mem_ctx,
                 return NT_STATUS_NO_MEMORY;
         }
  
-       sam_ctx = samdb_connect(tmp_ctx, event_ctx, lp_ctx, system_session(tmp_ctx, lp_ctx));
+       sam_ctx = samdb_connect(tmp_ctx, event_ctx, lp_ctx, 
+                               system_session(tmp_ctx, lp_ctx));
         if (sam_ctx == NULL) {
                 talloc_free(tmp_ctx);
                 return NT_STATUS_INVALID_SYSTEM_SERVICE;
@@ -459,7 +460,8 @@ NTSTATUS sam_get_server_info_principal(TALLOC_CTX *mem_ctx,
                 return nt_status;
         }
  
-       nt_status = authsam_make_server_info(tmp_ctx, sam_ctx, lp_netbios_name(lp_ctx),
+       nt_status = authsam_make_server_info(tmp_ctx, sam_ctx, 
+                                            lp_netbios_name(lp_ctx),
                                              msgs[0], msgs_domain_ref[0],
                                              user_sess_key, lm_sess_key,
                                              server_info);
diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c

index f5d92cd3c591741e66d558cda1acf3bcf7f707b0..2fa07d0531c4ba7231528faf41652a30b6b417d8 100644 (file)
--- a/source4/kdc/kpasswdd.c
+++ b/source4/kdc/kpasswdd.c
@@ -483,7 +483,9 @@ bool kpasswdd_process(struct kdc_server *kdc,
         ap_req = data_blob_const(&input->data[header_len], ap_req_len);
         krb_priv_req = data_blob_const(&input->data[header_len + ap_req_len], krb_priv_len);
         
-       nt_status = gensec_server_start(tmp_ctx, kdc->task->event_ctx, kdc->task->lp_ctx, kdc->task->msg_ctx, &gensec_security);
+       nt_status = gensec_server_start(tmp_ctx, kdc->task->event_ctx, 
+                                       lp_gensec_settings(tmp_ctx, kdc->task->lp_ctx), kdc->task->msg_ctx, 
+                                       &gensec_security);
         if (!NT_STATUS_IS_OK(nt_status)) {
                 talloc_free(tmp_ctx);
                 return false;
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c

index 20777e526195b353586308d58af78e1185e0a40d..0fe6fcce908766b44f80b018f4372b1189bfe03f 100644 (file)
--- a/source4/ldap_server/ldap_bind.c
+++ b/source4/ldap_server/ldap_bind.c
@@ -142,7 +142,7 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
  
                 status = gensec_server_start(conn,
                                              conn->connection->event.ctx,
-                                            conn->lp_ctx,
+                                            lp_gensec_settings(conn, conn->lp_ctx),
                                              conn->connection->msg_ctx,
                                              &conn->gensec);
                 if (!NT_STATUS_IS_OK(status)) {
diff --git a/source4/libcli/cliconnect.c b/source4/libcli/cliconnect.c

index 6f58cfa8a79fbd3983e271db33963ff21a17b052..402387f5b5fbd6ac4b6a553b7956e69145a8de58 100644 (file)
--- a/source4/libcli/cliconnect.c
+++ b/source4/libcli/cliconnect.c
@@ -73,7 +73,8 @@ NTSTATUS smbcli_negprot(struct smbcli_state *cli, bool unicode, int maxprotocol)
  NTSTATUS smbcli_session_setup(struct smbcli_state *cli, 
                               struct cli_credentials *credentials,
                               const char *workgroup,
-                             struct smbcli_session_options options)
+                             struct smbcli_session_options options,
+                             struct gensec_settings *gensec_settings)
  {
         struct smb_composite_sesssetup setup;
         NTSTATUS status;
@@ -86,6 +87,7 @@ NTSTATUS smbcli_session_setup(struct smbcli_state *cli,
         setup.in.capabilities = cli->transport->negotiate.capabilities;
         setup.in.credentials = credentials;
         setup.in.workgroup = workgroup;
+       setup.in.gensec_settings = gensec_settings;
  
         status = smb_composite_sesssetup(cli->session, &setup);
  
@@ -146,6 +148,7 @@ NTSTATUS smbcli_full_connection(TALLOC_CTX *parent_ctx,
                                 const char **ports,
                                 const char *sharename,
                                 const char *devtype,
+                               const char *socket_options,
                                 struct cli_credentials *credentials,
                                 struct resolve_context *resolve_ctx,
                                 struct event_context *ev,
@@ -161,6 +164,7 @@ NTSTATUS smbcli_full_connection(TALLOC_CTX *parent_ctx,
         status = smbcli_tree_full_connection(parent_ctx,
                                              &tree, host, ports, 
                                              sharename, devtype,
+                                                socket_options,
                                              credentials, resolve_ctx, ev,
                                              options,
                                              session_options,
diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/ldap_bind.c

index b66232c02e55356cdad32dcba285516e6e7ae5d4..a12f7652a55fa31803f4f494dd07934bc9cfa1ca 100644 (file)
--- a/source4/libcli/ldap/ldap_bind.c
+++ b/source4/libcli/ldap/ldap_bind.c
@@ -224,7 +224,8 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn,
         gensec_init(lp_ctx);
  
         status = gensec_client_start(conn, &conn->gensec,
-                                    conn->event.event_ctx, lp_ctx);
+                                    conn->event.event_ctx, 
+                                    lp_gensec_settings(conn, lp_ctx));
         if (!NT_STATUS_IS_OK(status)) {
                 DEBUG(0, ("Failed to start GENSEC engine (%s)\n", nt_errstr(status)));
                 goto failed;
diff --git a/source4/libcli/libcli.h b/source4/libcli/libcli.h

index 163852d90ac96abf682c190a6a135168a6e31f48..a4bd727f4c7419d19cb936ee07fa6019cec3da45 100644 (file)
--- a/source4/libcli/libcli.h
+++ b/source4/libcli/libcli.h
@@ -64,6 +64,7 @@ enum brl_type {
  
  
  #include "libcli/raw/libcliraw.h"
+struct gensec_settings;
  #include "libcli/libcli_proto.h"
  
  #endif /* __LIBCLI_H__ */
diff --git a/source4/libcli/smb2/connect.c b/source4/libcli/smb2/connect.c

index 61ee99448406b43a5aae98843cb86da57b6b66d3..27c78fbce08335d64fc5a1b530c15dff8de327c3 100644 (file)
--- a/source4/libcli/smb2/connect.c
+++ b/source4/libcli/smb2/connect.c
@@ -140,7 +140,7 @@ static void continue_negprot(struct smb2_request *req)
                 break;
         }
  
-       state->session = smb2_session_init(transport, global_loadparm, state, true);
+       state->session = smb2_session_init(transport, lp_gensec_settings(transport, global_loadparm), state, true);
         if (composite_nomem(state->session, c)) return;
  
         creq = smb2_session_setup_spnego_send(state->session, state->credentials);
@@ -239,6 +239,7 @@ struct composite_context *smb2_connect_send(TALLOC_CTX *mem_ctx,
                                                 const char *socket_options)
  {
         struct composite_context *c;
+       const char *default_ports[] = { "445", NULL };
         struct smb2_connect_state *state;
         struct nbt_name name;
         struct composite_context *creq;
diff --git a/source4/libcli/smb2/session.c b/source4/libcli/smb2/session.c

index 31b3e942e92d967e8ff72a4e09c301594f16d544..127bb9bcae7c3cb31a00ffb63c4f1d1fcba3f6ba 100644 (file)
--- a/source4/libcli/smb2/session.c
+++ b/source4/libcli/smb2/session.c
@@ -25,13 +25,12 @@
  #include "libcli/smb2/smb2_calls.h"
  #include "libcli/composite/composite.h"
  #include "auth/gensec/gensec.h"
-#include "param/param.h"
  
  /**
    initialise a smb2_session structure
   */
  struct smb2_session *smb2_session_init(struct smb2_transport *transport,
-                                      struct loadparm_context *lp_ctx,
+                                      struct gensec_settings *settings,
                                        TALLOC_CTX *parent_ctx, bool primary)
  {
         struct smb2_session *session;
@@ -50,7 +49,7 @@ struct smb2_session *smb2_session_init(struct smb2_transport *transport,
         /* prepare a gensec context for later use */
         status = gensec_client_start(session, &session->gensec, 
                                      session->transport->socket->event.ctx, 
-                                    lp_ctx);
+                                    settings);
         if (!NT_STATUS_IS_OK(status)) {
                 talloc_free(session);
                 return NULL;
diff --git a/source4/libcli/smb2/smb2_calls.h b/source4/libcli/smb2/smb2_calls.h

index f66236af30c90e9e780ffcfe7569051442e7fb7f..ec246b209dff9818884f4af4085ede87cb0cf7d2 100644 (file)
--- a/source4/libcli/smb2/smb2_calls.h
+++ b/source4/libcli/smb2/smb2_calls.h
@@ -107,4 +107,5 @@ struct smb2_setinfo {
  struct cli_credentials;
  struct event_context;
  struct resolve_context;
+struct gensec_settings;
  #include "libcli/smb2/smb2_proto.h"
diff --git a/source4/libcli/smb_composite/connect.c b/source4/libcli/smb_composite/connect.c

index 7508035f48f4fe27bef01d72d193ac0710840c3e..70df0a19ffeee2a00e1cedd8181e247c43103ece 100644 (file)
--- a/source4/libcli/smb_composite/connect.c
+++ b/source4/libcli/smb_composite/connect.c
@@ -257,6 +257,7 @@ static NTSTATUS connect_negprot(struct composite_context *c,
         state->io_setup->in.capabilities = state->transport->negotiate.capabilities;
         state->io_setup->in.credentials  = io->in.credentials;
         state->io_setup->in.workgroup    = io->in.workgroup;
+       state->io_setup->in.gensec_settings = lp_gensec_settings(state->io_setup, global_loadparm);
  
         state->creq = smb_composite_sesssetup_send(state->session, state->io_setup);
         NT_STATUS_HAVE_NO_MEMORY(state->creq);
diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c

index 2ca12a589880dadd70fe90c5b9f12650cd7a05be..10f84a5dbace12d13b14f1f7ba22d6f3fb558f35 100644 (file)
--- a/source4/libcli/smb_composite/sesssetup.c
+++ b/source4/libcli/smb_composite/sesssetup.c
@@ -408,7 +408,7 @@ static NTSTATUS session_setup_spnego(struct composite_context *c,
         smbcli_temp_set_signing(session->transport);
  
         status = gensec_client_start(session, &session->gensec, c->event_ctx,
-                                    global_loadparm);
+                                    io->in.gensec_settings);
         if (!NT_STATUS_IS_OK(status)) {
                 DEBUG(1, ("Failed to start GENSEC client mode: %s\n", nt_errstr(status)));
                 return status;
diff --git a/source4/libcli/smb_composite/smb_composite.h b/source4/libcli/smb_composite/smb_composite.h

index 2b1e368daa516c15a9efffddee53d417c210d717..431733d600dc69eaffd86952882a5543c180799f 100644 (file)
--- a/source4/libcli/smb_composite/smb_composite.h
+++ b/source4/libcli/smb_composite/smb_composite.h
@@ -122,6 +122,7 @@ struct smb_composite_sesssetup {
                 uint32_t capabilities;
                 struct cli_credentials *credentials;
                 const char *workgroup;
+               struct gensec_settings *gensec_settings;
         } in;
         struct {
                 uint16_t vuid;
diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h

index 2f0a34d88d3e62558c3024a455f7af32205b4ec2..dfbe6ee7a6a9a047f1ad2bffe72feb59c19c547b 100644 (file)
--- a/source4/librpc/rpc/dcerpc.h
+++ b/source4/librpc/rpc/dcerpc.h
@@ -40,6 +40,7 @@ enum dcerpc_transport_t {
    this defines a generic security context for signed/sealed dcerpc pipes.
  */
  struct dcerpc_connection;
+struct gensec_settings;
  struct dcerpc_security {
         struct dcerpc_auth *auth_info;
         struct gensec_security *generic_state;
@@ -322,7 +323,7 @@ NTSTATUS dcerpc_alter_context(struct dcerpc_pipe *p,
  NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p,
                           const struct ndr_interface_table *table,
                           struct cli_credentials *credentials,
-                         struct loadparm_context *lp_ctx,
+                         struct gensec_settings *gensec_settings,
                           uint8_t auth_type, uint8_t auth_level,
                           const char *service);
  struct composite_context* dcerpc_pipe_connect_send(TALLOC_CTX *parent_ctx,
diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c

index 2eced55967e956360b08e67d4c623204faff6289..7c9d04eeb4f6e51379512e690fade31354bf9b7b 100644 (file)
--- a/source4/librpc/rpc/dcerpc_auth.c
+++ b/source4/librpc/rpc/dcerpc_auth.c
@@ -222,7 +222,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
                                                 struct dcerpc_pipe *p,
                                                 const struct ndr_interface_table *table,
                                                 struct cli_credentials *credentials,
-                                               struct loadparm_context *lp_ctx,
+                                               struct gensec_settings *gensec_settings,
                                                 uint8_t auth_type, uint8_t auth_level,
                                                 const char *service)
  {
@@ -251,7 +251,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
  
         c->status = gensec_client_start(p, &sec->generic_state,
                                         p->conn->event_ctx,
-                                       lp_ctx);
+                                       gensec_settings);
         if (!NT_STATUS_IS_OK(c->status)) {
                 DEBUG(1, ("Failed to start GENSEC client mode: %s\n",
                           nt_errstr(c->status)));
@@ -387,12 +387,12 @@ NTSTATUS dcerpc_bind_auth_recv(struct composite_context *creq)
  _PUBLIC_ NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p,
                           const struct ndr_interface_table *table,
                           struct cli_credentials *credentials,
-                         struct loadparm_context *lp_ctx,
+                         struct gensec_settings *gensec_settings,
                           uint8_t auth_type, uint8_t auth_level,
                           const char *service)
  {
         struct composite_context *creq;
-       creq = dcerpc_bind_auth_send(p, p, table, credentials, lp_ctx,
+       creq = dcerpc_bind_auth_send(p, p, table, credentials, gensec_settings,
                                      auth_type, auth_level, service);
         return dcerpc_bind_auth_recv(creq);
  }
diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c

index 13bbc3d51fce6261010d68bf26df85e65b5fc948..e3add82bf2e918ab1824bc347d2d8faa57957e9f 100644 (file)
--- a/source4/librpc/rpc/dcerpc_schannel.c
+++ b/source4/librpc/rpc/dcerpc_schannel.c
@@ -29,6 +29,7 @@
  #include "librpc/gen_ndr/ndr_netlogon_c.h"
  #include "auth/credentials/credentials.h"
  #include "librpc/rpc/dcerpc_proto.h"
+#include "param/param.h"
  
  struct schannel_key_state {
         struct dcerpc_pipe *pipe;
@@ -319,7 +320,7 @@ static void continue_schannel_key(struct composite_context *ctx)
  
         /* send bind auth request with received creds */
         auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table, s->credentials, 
-                                        s->lp_ctx,
+                                        lp_gensec_settings(c, s->lp_ctx),
                                          DCERPC_AUTH_TYPE_SCHANNEL, s->auth_level,
                                          NULL);
         if (composite_nomem(auth_req, c)) return;
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c

index ca6a785834b43ff26f0d86ef8f50273c8c9f4bb8..1847b20ee7304042f4c59ad2963de74631d0f00b 100644 (file)
--- a/source4/librpc/rpc/dcerpc_util.c
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -421,7 +421,8 @@ static void continue_ntlmssp_connection(struct composite_context *ctx)
  
         /* initiate a authenticated bind */
         auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
-                                        s->credentials, s->lp_ctx,
+                                        s->credentials, 
+                                        lp_gensec_settings(c, s->lp_ctx),
                                          DCERPC_AUTH_TYPE_NTLMSSP,
                                          dcerpc_auth_level(s->pipe->conn),
                                          s->table->authservices->names[0]);
@@ -453,7 +454,9 @@ static void continue_spnego_after_wrong_pass(struct composite_context *ctx)
  
         /* initiate a authenticated bind */
         auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
-                                        s->credentials, s->lp_ctx, DCERPC_AUTH_TYPE_SPNEGO,
+                                        s->credentials, 
+                                        lp_gensec_settings(c, s->lp_ctx), 
+                                        DCERPC_AUTH_TYPE_SPNEGO,
                                          dcerpc_auth_level(s->pipe->conn),
                                          s->table->authservices->names[0]);
         composite_continue(c, auth_req, continue_auth, c);
@@ -572,7 +575,9 @@ struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p,
         } else {
                 /* try SPNEGO with fallback to NTLMSSP */
                 auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
-                                                s->credentials, s->lp_ctx, DCERPC_AUTH_TYPE_SPNEGO,
+                                                s->credentials, 
+                                                lp_gensec_settings(c, s->lp_ctx), 
+                                                DCERPC_AUTH_TYPE_SPNEGO,
                                                  dcerpc_auth_level(conn),
                                                  s->table->authservices->names[0]);
                 composite_continue(c, auth_req, continue_auth_auto, c);
@@ -580,7 +585,9 @@ struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p,
         }
  
         auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
-                                        s->credentials, s->lp_ctx, auth_type,
+                                        s->credentials, 
+                                        lp_gensec_settings(c, s->lp_ctx), 
+                                        auth_type,
                                          dcerpc_auth_level(conn),
                                          s->table->authservices->names[0]);
         composite_continue(c, auth_req, continue_auth, c);
diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c

index 6494199fa41d49aeb728922f8e064844c95279b0..0c831b23d8c908fada9edbd4d94c707680cc1ca5 100644 (file)
--- a/source4/param/loadparm.c
+++ b/source4/param/loadparm.c
@@ -66,6 +66,7 @@
  #include "libcli/raw/libcliraw.h"
  #include "rpc_server/common/common.h"
  #include "lib/socket/socket.h"
+#include "auth/gensec/gensec.h"
  
  #define standard_sub_basic talloc_strdup
  
@@ -2674,3 +2675,14 @@ _PUBLIC_ struct dcerpc_server_info *lp_dcerpc_server_info(TALLOC_CTX *mem_ctx, s
  
         return ret;
  }
+
+struct gensec_settings *lp_gensec_settings(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
+{
+       struct gensec_settings *settings = talloc(mem_ctx, struct gensec_settings);
+       if (settings == NULL)
+               return NULL;
+       settings->lp_ctx = talloc_reference(settings, lp_ctx);
+       settings->iconv_convenience = lp_iconv_convenience(lp_ctx);
+       settings->target_hostname = lp_parm_string(lp_ctx, NULL, "gensec", "target_hostname");
+       return settings;
+}
diff --git a/source4/param/param.h b/source4/param/param.h

index 8a653be0a8041ff3657a2b389337d5239cc72aa7..80bb5ff1283cb247598338fd7a92912a39322bac 100644 (file)
--- a/source4/param/param.h
+++ b/source4/param/param.h
@@ -67,6 +67,7 @@ struct loadparm_context;
  struct loadparm_service;
  struct smbcli_options;
  struct smbcli_session_options;
+struct gensec_settings;
  
  void reload_charcnv(struct loadparm_context *lp_ctx);
  
@@ -166,7 +167,6 @@ int lp_cli_minprotocol(struct loadparm_context *);
  int lp_security(struct loadparm_context *);
  bool lp_paranoid_server_security(struct loadparm_context *);
  int lp_announce_as(struct loadparm_context *);
-const char **lp_js_include(struct loadparm_context *);
  
  const char *lp_servicename(const struct loadparm_service *service);
  const char *lp_pathname(struct loadparm_service *, struct loadparm_service *);
@@ -329,6 +329,7 @@ void lp_smbcli_options(struct loadparm_context *lp_ctx,
  void lp_smbcli_session_options(struct loadparm_context *lp_ctx,
                                  struct smbcli_session_options *options);
  struct dcerpc_server_info *lp_dcerpc_server_info(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx);
+struct gensec_settings *lp_gensec_settings(TALLOC_CTX *, struct loadparm_context *);
  
  
  /* The following definitions come from param/generic.c  */
diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c

index bef7e4be78134b94967ffa67a9a95e053fc2c2db..5169031d1634781c4692015bb2f5e40369fc7b8a 100644 (file)
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -61,7 +61,9 @@ bool dcesrv_auth_bind(struct dcesrv_call_state *call)
                 return false;
         }
  
-       status = gensec_server_start(dce_conn, call->event_ctx, call->conn->dce_ctx->lp_ctx, call->msg_ctx, &auth->gensec_security);
+       status = gensec_server_start(dce_conn, call->event_ctx, 
+                                    lp_gensec_settings(dce_conn, call->conn->dce_ctx->lp_ctx), 
+                                    call->msg_ctx, &auth->gensec_security);
         if (!NT_STATUS_IS_OK(status)) {
                 DEBUG(1, ("Failed to start GENSEC for DCERPC server: %s\n", nt_errstr(status)));
                 return false;
diff --git a/source4/smb_server/smb/negprot.c b/source4/smb_server/smb/negprot.c

index 00ff3862f5edbf678211a835dda8dc0d640dae71..71ee82d16205d68aae13b972afa065d7a9d27f4a 100644 (file)
--- a/source4/smb_server/smb/negprot.c
+++ b/source4/smb_server/smb/negprot.c
@@ -353,7 +353,7 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
  
                 nt_status = gensec_server_start(req->smb_conn,
                                                 req->smb_conn->connection->event.ctx,
-                                               req->smb_conn->lp_ctx,
+                                               lp_gensec_settings(req->smb_conn, req->smb_conn->lp_ctx),
                                                 req->smb_conn->connection->msg_ctx,
                                                 &gensec_security);
                 if (!NT_STATUS_IS_OK(nt_status)) {
diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c

index a12bbd5cec29d46233f4d4a4c8d0ec67f22edf40..f34124b1a0b4b250653cd55cb458d30006f85537 100644 (file)
--- a/source4/smb_server/smb/sesssetup.c
+++ b/source4/smb_server/smb/sesssetup.c
@@ -365,7 +365,7 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se
  
                 status = gensec_server_start(req,
                                              req->smb_conn->connection->event.ctx,
-                                            req->smb_conn->lp_ctx,
+                                            lp_gensec_settings(req, req->smb_conn->lp_ctx),
                                              req->smb_conn->connection->msg_ctx,
                                              &gensec_ctx);
                 if (!NT_STATUS_IS_OK(status)) {
diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c

index 49a2d12ef47073bdb166e2bb7bab64811ef6b97a..03e5c9356d1daf046a3c4a035208b70ceb912c1b 100644 (file)
--- a/source4/smb_server/smb2/negprot.c
+++ b/source4/smb_server/smb2/negprot.c
@@ -42,7 +42,7 @@ static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB *
  
         nt_status = gensec_server_start(req,
                                         req->smb_conn->connection->event.ctx,
-                                       req->smb_conn->lp_ctx,
+                                       lp_gensec_settings(req, req->smb_conn->lp_ctx),
                                         req->smb_conn->connection->msg_ctx,
                                         &gensec_security);
         if (!NT_STATUS_IS_OK(nt_status)) {
diff --git a/source4/smb_server/smb2/sesssetup.c b/source4/smb_server/smb2/sesssetup.c

index 9f8765d6e9461069532ad9ba8b08ec251467c883..176be0b3ea7f56f993d81c27163de9f9cb72f3c2 100644 (file)
--- a/source4/smb_server/smb2/sesssetup.c
+++ b/source4/smb_server/smb2/sesssetup.c
@@ -126,7 +126,7 @@ static void smb2srv_sesssetup_backend(struct smb2srv_request *req, union smb_ses
  
                 status = gensec_server_start(req,
                                              req->smb_conn->connection->event.ctx,
-                                            req->smb_conn->lp_ctx,
+                                            lp_gensec_settings(req, req->smb_conn->lp_ctx),
                                              req->smb_conn->connection->msg_ctx,
                                              &gensec_ctx);
                 if (!NT_STATUS_IS_OK(status)) {
diff --git a/source4/torture/auth/ntlmssp.c b/source4/torture/auth/ntlmssp.c

index 1e8b33999751a82ceab3c4597938840d72feb7ee..e62b150a4ba9e8439558048328d0e33b0d087778 100644 (file)
--- a/source4/torture/auth/ntlmssp.c
+++ b/source4/torture/auth/ntlmssp.c
@@ -23,6 +23,7 @@
  #include "auth/ntlmssp/ntlmssp.h"
  #include "lib/cmdline/popt_common.h"
  #include "torture/torture.h"
+#include "param/param.h"
  
  static bool torture_ntlmssp_self_check(struct torture_context *tctx)
  {
@@ -34,7 +35,7 @@ static bool torture_ntlmssp_self_check(struct torture_context *tctx)
  
         torture_assert_ntstatus_ok(tctx, 
                 gensec_client_start(mem_ctx, &gensec_security,
-                                   tctx->ev, tctx->lp_ctx),
+                                   tctx->ev, lp_gensec_settings(tctx, tctx->lp_ctx)),
                 "gensec client start");
  
         gensec_set_credentials(gensec_security, cmdline_credentials);
@@ -89,7 +90,7 @@ static bool torture_ntlmssp_self_check(struct torture_context *tctx)
  
         torture_assert_ntstatus_ok(tctx, 
                 gensec_client_start(mem_ctx, &gensec_security,
-                                   tctx->ev, tctx->lp_ctx),
+                                   tctx->ev, lp_gensec_settings(tctx, tctx->lp_ctx)),
                 "Failed to start GENSEC for NTLMSSP");
  
         gensec_set_credentials(gensec_security, cmdline_credentials);
diff --git a/source4/torture/basic/secleak.c b/source4/torture/basic/secleak.c

index ca1fd444d9e1494b55efc51f233b133b619ff9f4..3fdd9a9bbd262a8e172eab2827c81e4e9ae21ca1 100644 (file)
--- a/source4/torture/basic/secleak.c
+++ b/source4/torture/basic/secleak.c
@@ -44,8 +44,9 @@ static bool try_failed_login(struct torture_context *tctx, struct smbcli_state *
         setup.in.sesskey = cli->transport->negotiate.sesskey;
         setup.in.capabilities = cli->transport->negotiate.capabilities;
         setup.in.workgroup = lp_workgroup(tctx->lp_ctx);
-
         setup.in.credentials = cli_credentials_init(session);
+       setup.in.gensec_settings = lp_gensec_settings(tctx, tctx->lp_ctx);
+
         cli_credentials_set_conf(setup.in.credentials, tctx->lp_ctx);
         cli_credentials_set_domain(setup.in.credentials, "INVALID-DOMAIN", CRED_SPECIFIED);
         cli_credentials_set_username(setup.in.credentials, "INVALID-USERNAME", CRED_SPECIFIED);
diff --git a/source4/torture/raw/context.c b/source4/torture/raw/context.c

index 450ad0f2605b9eb66c53558084123e4ad7ade6b8..a9d36b7788c9f9a19963c063c0a63baf3d6ea930 100644 (file)
--- a/source4/torture/raw/context.c
+++ b/source4/torture/raw/context.c
@@ -74,6 +74,7 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx)
         struct smbcli_tree *tree;
         struct smb_composite_sesssetup setup;
         struct smb_composite_sesssetup setups[15];
+       struct gensec_settings *gensec_settings;
         union smb_open io;
         union smb_write wr;
         union smb_close cl;
@@ -92,6 +93,7 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx)
         printf("create a second security context on the same transport\n");
  
         lp_smbcli_session_options(tctx->lp_ctx, &options);
+       gensec_settings = lp_gensec_settings(tctx, tctx->lp_ctx);
  
         session = smbcli_session_init(cli->transport, tctx, false, options);
  
@@ -100,6 +102,7 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx)
         setup.in.workgroup = lp_workgroup(tctx->lp_ctx);
  
         setup.in.credentials = cmdline_credentials;
+       setup.in.gensec_settings = gensec_settings;
  
         status = smb_composite_sesssetup(session, &setup);
         CHECK_STATUS(status, NT_STATUS_OK);
@@ -142,7 +145,6 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx)
                 setup.in.workgroup = lp_workgroup(tctx->lp_ctx);
         
                 setup.in.credentials = cmdline_credentials;
-       
  
                 status = smb_composite_sesssetup(session3, &setup);
                 CHECK_STATUS(status, NT_STATUS_LOGON_FAILURE);
@@ -233,6 +235,7 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx)
                 setups[i].in.workgroup = lp_workgroup(tctx->lp_ctx);
                 
                 setups[i].in.credentials = cmdline_credentials;
+               setups[i].in.gensec_settings = gensec_settings;
  
                 sessions[i] = smbcli_session_init(cli->transport, tctx, false, options);
                 composite_contexts[i] = smb_composite_sesssetup_send(sessions[i], &setups[i]);
@@ -402,6 +405,7 @@ static bool test_tree_ulogoff(struct smbcli_state *cli, struct torture_context *
         setup.in.capabilities = cli->transport->negotiate.capabilities;
         setup.in.workgroup = lp_workgroup(tctx->lp_ctx);
         setup.in.credentials = cmdline_credentials;
+       setup.in.gensec_settings = lp_gensec_settings(tctx, tctx->lp_ctx);
         status = smb_composite_sesssetup(session1, &setup);
         CHECK_STATUS(status, NT_STATUS_OK);
         session1->vuid = setup.out.vuid;
@@ -458,6 +462,7 @@ static bool test_tree_ulogoff(struct smbcli_state *cli, struct torture_context *
         setup.in.capabilities = cli->transport->negotiate.capabilities;
         setup.in.workgroup = lp_workgroup(tctx->lp_ctx);
         setup.in.credentials = cmdline_credentials;
+       setup.in.gensec_settings = lp_gensec_settings(tctx, tctx->lp_ctx);
         status = smb_composite_sesssetup(session2, &setup);
         CHECK_STATUS(status, NT_STATUS_OK);
         session2->vuid = setup.out.vuid;
@@ -657,8 +662,8 @@ static bool test_pid_2sess(struct smbcli_state *cli, struct torture_context *tct
         setup.in.sesskey = cli->transport->negotiate.sesskey;
         setup.in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */
         setup.in.workgroup = lp_workgroup(tctx->lp_ctx);
-
         setup.in.credentials = cmdline_credentials;
+       setup.in.gensec_settings = lp_gensec_settings(tctx, tctx->lp_ctx);
  
         status = smb_composite_sesssetup(session, &setup);
         CHECK_STATUS(status, NT_STATUS_OK);     
diff --git a/source4/torture/raw/lock.c b/source4/torture/raw/lock.c

index dbe071c9adf5cac7a709c12679ebe4777b7d7864..2d1eae3a696ed196b20a46c06821a2d5ddb3b566 100644 (file)
--- a/source4/torture/raw/lock.c
+++ b/source4/torture/raw/lock.c
@@ -598,6 +598,7 @@ static bool test_async(struct torture_context *tctx,
         setup.in.capabilities = cli->transport->negotiate.capabilities;
         setup.in.workgroup = lp_workgroup(tctx->lp_ctx);
         setup.in.credentials = cmdline_credentials;
+       setup.in.gensec_settings = lp_gensec_settings(tctx, tctx->lp_ctx);
         status = smb_composite_sesssetup(session, &setup);
         CHECK_STATUS(status, NT_STATUS_OK);
         session->vuid = setup.out.vuid;
diff --git a/source4/torture/rpc/remote_pac.c b/source4/torture/rpc/remote_pac.c

index 1f03ad6396b24cd521180e902096720a2f6f2355..0d18228563997a4e22e957cb16d7d43ecb797b73 100644 (file)
--- a/source4/torture/rpc/remote_pac.c
+++ b/source4/torture/rpc/remote_pac.c
@@ -92,7 +92,8 @@ static bool test_PACVerify(struct torture_context *tctx,
         
         torture_assert(tctx, msg_server_ctx != NULL, "Failed to init messaging context");
  
-       status = gensec_client_start(tctx, &gensec_client_context, tctx->ev, tctx->lp_ctx);
+       status = gensec_client_start(tctx, &gensec_client_context, tctx->ev, 
+                                    lp_gensec_settings(tctx, tctx->lp_ctx));
         torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed");
  
         status = gensec_set_target_hostname(gensec_client_context, TEST_MACHINE_NAME);
@@ -103,7 +104,9 @@ static bool test_PACVerify(struct torture_context *tctx,
         status = gensec_start_mech_by_sasl_name(gensec_client_context, "GSSAPI");
         torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (client) failed");
  
-       status = gensec_server_start(tctx, tctx->ev, tctx->lp_ctx, msg_server_ctx, &gensec_server_context);
+       status = gensec_server_start(tctx, tctx->ev, 
+                                    lp_gensec_settings(tctx, tctx->lp_ctx), 
+                                    msg_server_ctx, &gensec_server_context);
         torture_assert_ntstatus_ok(tctx, status, "gensec_server_start (server) failed");
  
         status = gensec_set_credentials(gensec_server_context, credentials);
diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c

index 93bcb3a1ea7e3ba54615e5737b15d5cf0a4f2120..f466244a4087affca24b7ee8a909629d2435e6b9 100644 (file)
--- a/source4/torture/rpc/samba3rpc.c
+++ b/source4/torture/rpc/samba3rpc.c
@@ -160,6 +160,7 @@ bool torture_bind_authcontext(struct torture_context *torture)
         setup.in.capabilities = cli->transport->negotiate.capabilities;
         setup.in.workgroup = "";
         setup.in.credentials = anon_creds;
+       setup.in.gensec_settings = lp_gensec_settings(torture, torture->lp_ctx);
  
         status = smb_composite_sesssetup(session2, &setup);
         if (!NT_STATUS_IS_OK(status)) {
@@ -233,7 +234,7 @@ static bool bindtest(struct smbcli_state *cli,
         }
  
         status = dcerpc_bind_auth(lsa_pipe, &ndr_table_lsarpc,
-                                 credentials, lp_ctx, auth_type, auth_level,
+                                 credentials, lp_gensec_settings(lp_ctx, lp_ctx), auth_type, auth_level,
                                   NULL);
         if (!NT_STATUS_IS_OK(status)) {
                 d_printf("dcerpc_bind_auth failed: %s\n", nt_errstr(status));
@@ -384,7 +385,7 @@ static NTSTATUS get_usr_handle(struct smbcli_state *cli,
  
         if (admin_creds != NULL) {
                 status = dcerpc_bind_auth(samr_pipe, &ndr_table_samr,
-                                         admin_creds, lp_ctx, auth_type, auth_level,
+                                         admin_creds, lp_gensec_settings(lp_ctx, lp_ctx), auth_type, auth_level,
                                           NULL);
                 if (!NT_STATUS_IS_OK(status)) {
                         d_printf("dcerpc_bind_auth failed: %s\n",
@@ -1013,7 +1014,7 @@ static bool schan(struct smbcli_state *cli,
  #if 1
         net_pipe->conn->flags |= (DCERPC_SIGN | DCERPC_SEAL);
         status = dcerpc_bind_auth(net_pipe, &ndr_table_netlogon,
-                                 wks_creds, lp_ctx, DCERPC_AUTH_TYPE_SCHANNEL,
+                                 wks_creds, lp_gensec_settings(lp_ctx, lp_ctx), DCERPC_AUTH_TYPE_SCHANNEL,
                                   DCERPC_AUTH_LEVEL_PRIVACY,
                                   NULL);
  #else
@@ -1812,6 +1813,7 @@ bool torture_samba3_rpc_getusername(struct torture_context *torture)
                 setup.in.capabilities = cli->transport->negotiate.capabilities;
                 setup.in.workgroup = "";
                 setup.in.credentials = user_creds;
+               setup.in.gensec_settings = lp_gensec_settings(torture, torture->lp_ctx);
  
                 status = smb_composite_sesssetup(session2, &setup);
                 if (!NT_STATUS_IS_OK(status)) {
diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c

index 99fb3e80817ab33702258a2a77cee5186549bb87..4964694790a05402e44f9494e2a1295a58df3bfb 100644 (file)
--- a/source4/utils/ntlm_auth.c
+++ b/source4/utils/ntlm_auth.c
@@ -473,7 +473,8 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
                 case NTLMSSP_CLIENT_1:
                         /* setup the client side */
  
-                       nt_status = gensec_client_start(NULL, &state->gensec_state, ev, lp_ctx);
+                       nt_status = gensec_client_start(NULL, &state->gensec_state, ev, 
+                                                       lp_gensec_settings(NULL, lp_ctx));
                         if (!NT_STATUS_IS_OK(nt_status)) {
                                 exit(1);
                         }
@@ -486,7 +487,8 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
                         if (!msg) {
                                 exit(1);
                         }
-                       if (!NT_STATUS_IS_OK(gensec_server_start(state, ev, lp_ctx, msg, &state->gensec_state))) {
+                       if (!NT_STATUS_IS_OK(gensec_server_start(state, ev, lp_gensec_settings(state, lp_ctx), 
+                                                                msg, &state->gensec_state))) {
                                 exit(1);
                         }
                         break;
author	Jelmer Vernooij <jelmer@samba.org>
	Sun, 2 Nov 2008 01:05:48 +0000 (02:05 +0100)
committer	Jelmer Vernooij <jelmer@samba.org>
	Sun, 2 Nov 2008 01:05:48 +0000 (02:05 +0100)
source4/auth/gensec/gensec.c		patch \| blob \| history
source4/auth/gensec/gensec.h		patch \| blob \| history
source4/auth/gensec/gensec_gssapi.c		patch \| blob \| history
source4/auth/gensec/gensec_krb5.c		patch \| blob \| history
source4/auth/gensec/schannel.c		patch \| blob \| history
source4/auth/ntlm/auth_server.c		patch \| blob \| history
source4/auth/ntlmssp/ntlmssp_client.c		patch \| blob \| history
source4/auth/ntlmssp/ntlmssp_server.c		patch \| blob \| history
source4/auth/sam.c		patch \| blob \| history
source4/kdc/kpasswdd.c		patch \| blob \| history
source4/ldap_server/ldap_bind.c		patch \| blob \| history
source4/libcli/cliconnect.c		patch \| blob \| history
source4/libcli/ldap/ldap_bind.c		patch \| blob \| history
source4/libcli/libcli.h		patch \| blob \| history
source4/libcli/smb2/connect.c		patch \| blob \| history
source4/libcli/smb2/session.c		patch \| blob \| history
source4/libcli/smb2/smb2_calls.h		patch \| blob \| history
source4/libcli/smb_composite/connect.c		patch \| blob \| history
source4/libcli/smb_composite/sesssetup.c		patch \| blob \| history
source4/libcli/smb_composite/smb_composite.h		patch \| blob \| history
source4/librpc/rpc/dcerpc.h		patch \| blob \| history
source4/librpc/rpc/dcerpc_auth.c		patch \| blob \| history
source4/librpc/rpc/dcerpc_schannel.c		patch \| blob \| history
source4/librpc/rpc/dcerpc_util.c		patch \| blob \| history
source4/param/loadparm.c		patch \| blob \| history
source4/param/param.h		patch \| blob \| history
source4/rpc_server/dcesrv_auth.c		patch \| blob \| history
source4/smb_server/smb/negprot.c		patch \| blob \| history
source4/smb_server/smb/sesssetup.c		patch \| blob \| history
source4/smb_server/smb2/negprot.c		patch \| blob \| history
source4/smb_server/smb2/sesssetup.c		patch \| blob \| history
source4/torture/auth/ntlmssp.c		patch \| blob \| history
source4/torture/basic/secleak.c		patch \| blob \| history
source4/torture/raw/context.c		patch \| blob \| history
source4/torture/raw/lock.c		patch \| blob \| history
source4/torture/rpc/remote_pac.c		patch \| blob \| history
source4/torture/rpc/samba3rpc.c		patch \| blob \| history
source4/utils/ntlm_auth.c		patch \| blob \| history