1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00

Avoid use of global_loadparm.

This commit is contained in:
Jelmer Vernooij 2008-02-21 14:16:02 +01:00
parent a0a05c5a3d
commit c5a95bbe0c
9 changed files with 70 additions and 33 deletions

View File

@ -1298,7 +1298,7 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
}
/* decode and verify the pac */
nt_status = kerberos_pac_logon_info(mem_ctx, &logon_info, pac_blob,
nt_status = kerberos_pac_logon_info(mem_ctx, lp_iconv_convenience(gensec_security->lp_ctx), &logon_info, pac_blob,
gensec_gssapi_state->smb_krb5_context->krb5_context,
NULL, keyblock, principal, authtime, NULL);
krb5_free_principal(gensec_gssapi_state->smb_krb5_context->krb5_context, principal);

View File

@ -617,7 +617,9 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
}
/* decode and verify the pac */
nt_status = kerberos_pac_logon_info(gensec_krb5_state, &logon_info, pac,
nt_status = kerberos_pac_logon_info(gensec_krb5_state,
lp_iconv_convenience(gensec_security->lp_ctx),
&logon_info, pac,
gensec_krb5_state->smb_krb5_context->krb5_context,
NULL, gensec_krb5_state->keyblock,
client_principal,

View File

@ -111,6 +111,7 @@ krb5_error_code principal_from_credentials(TALLOC_CTX *parent_ctx,
struct smb_krb5_context *smb_krb5_context,
krb5_principal *princ);
NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
struct smb_iconv_convenience *iconv_convenience,
struct PAC_DATA **pac_data_out,
DATA_BLOB blob,
krb5_context context,
@ -120,6 +121,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
time_t tgs_authtime,
krb5_error_code *k5ret);
NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx,
struct smb_iconv_convenience *iconv_convenience,
struct PAC_LOGON_INFO **logon_info,
DATA_BLOB blob,
krb5_context context,
@ -129,12 +131,14 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
time_t tgs_authtime,
krb5_error_code *k5ret);
krb5_error_code kerberos_encode_pac(TALLOC_CTX *mem_ctx,
struct smb_iconv_convenience *iconv_convenience,
struct PAC_DATA *pac_data,
krb5_context context,
const krb5_keyblock *krbtgt_keyblock,
const krb5_keyblock *service_keyblock,
DATA_BLOB *pac);
krb5_error_code kerberos_create_pac(TALLOC_CTX *mem_ctx,
struct smb_iconv_convenience *iconv_convenience,
struct auth_serversupplied_info *server_info,
krb5_context context,
const krb5_keyblock *krbtgt_keyblock,

View File

@ -66,6 +66,7 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
}
NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
struct smb_iconv_convenience *iconv_convenience,
struct PAC_DATA **pac_data_out,
DATA_BLOB blob,
krb5_context context,
@ -86,7 +87,6 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
struct PAC_LOGON_NAME *logon_name = NULL;
struct PAC_DATA *pac_data;
struct PAC_DATA_RAW *pac_data_raw;
struct smb_iconv_convenience *iconv_convenience = lp_iconv_convenience(global_loadparm);
DATA_BLOB *srv_sig_blob = NULL;
DATA_BLOB *kdc_sig_blob = NULL;
@ -340,6 +340,7 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
}
_PUBLIC_ NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx,
struct smb_iconv_convenience *iconv_convenience,
struct PAC_LOGON_INFO **logon_info,
DATA_BLOB blob,
krb5_context context,
@ -352,7 +353,9 @@ _PUBLIC_ NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx,
NTSTATUS nt_status;
struct PAC_DATA *pac_data;
int i;
nt_status = kerberos_decode_pac(mem_ctx, &pac_data,
nt_status = kerberos_decode_pac(mem_ctx,
iconv_convenience,
&pac_data,
blob,
context,
krbtgt_keyblock,
@ -423,6 +426,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
}
krb5_error_code kerberos_encode_pac(TALLOC_CTX *mem_ctx,
struct smb_iconv_convenience *iconv_convenience,
struct PAC_DATA *pac_data,
krb5_context context,
const krb5_keyblock *krbtgt_keyblock,
@ -437,7 +441,6 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
struct PAC_SIGNATURE_DATA *kdc_checksum = NULL;
struct PAC_SIGNATURE_DATA *srv_checksum = NULL;
int i;
struct smb_iconv_convenience *iconv_convenience = lp_iconv_convenience(global_loadparm);
/* First, just get the keytypes filled in (and lengths right, eventually) */
for (i=0; i < pac_data->num_buffers; i++) {
@ -528,6 +531,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
krb5_error_code kerberos_create_pac(TALLOC_CTX *mem_ctx,
struct smb_iconv_convenience *iconv_convenience,
struct auth_serversupplied_info *server_info,
krb5_context context,
const krb5_keyblock *krbtgt_keyblock,
@ -640,6 +644,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
unix_to_nt_time(&LOGON_NAME->logon_time, tgs_authtime);
ret = kerberos_encode_pac(mem_ctx,
iconv_convenience,
pac_data,
context,
krbtgt_keyblock,

View File

@ -180,6 +180,7 @@ static void hdb_ldb_free_entry(krb5_context context, hdb_entry_ex *entry_ex)
}
static krb5_error_code LDB_message2entry_keys(krb5_context context,
struct smb_iconv_convenience *iconv_convenience,
TALLOC_CTX *mem_ctx,
struct ldb_message *msg,
unsigned int userAccountControl,
@ -213,7 +214,7 @@ static krb5_error_code LDB_message2entry_keys(krb5_context context,
/* supplementalCredentials if present */
if (sc_val) {
ndr_err = ndr_pull_struct_blob_all(sc_val, mem_ctx, lp_iconv_convenience(global_loadparm), &scb,
ndr_err = ndr_pull_struct_blob_all(sc_val, mem_ctx, iconv_convenience, &scb,
(ndr_pull_flags_fn_t)ndr_pull_supplementalCredentialsBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
dump_data(0, sc_val->data, sc_val->length);
@ -250,7 +251,7 @@ static krb5_error_code LDB_message2entry_keys(krb5_context context,
talloc_steal(mem_ctx, blob.data);
/* TODO: use ndr_pull_struct_blob_all(), when the ndr layer handles it correct with relative pointers */
ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, lp_iconv_convenience(global_loadparm), &_pkb,
ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, iconv_convenience, &_pkb,
(ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
krb5_set_error_string(context, "LDB_message2entry_keys: could not parse package_PrimaryKerberosBlob");
@ -393,6 +394,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
krb5_boolean is_computer = FALSE;
const char *dnsdomain = ldb_msg_find_attr_as_string(realm_ref_msg, "dnsRoot", NULL);
char *realm = strupper_talloc(mem_ctx, dnsdomain);
struct loadparm_context *lp_ctx = ldb_get_opaque((struct ldb_context *)db->hdb_db, "loadparm");
struct ldb_dn *domain_dn = samdb_result_dn((struct ldb_context *)db->hdb_db,
mem_ctx,
realm_ref_msg,
@ -481,7 +483,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
entry_ex->entry.flags.ok_as_delegate = 1;
}
if (lp_parm_bool(global_loadparm, NULL, "kdc", "require spn for service", true)) {
if (lp_parm_bool(lp_ctx, NULL, "kdc", "require spn for service", true)) {
if (!is_computer && !ldb_msg_find_attr_as_string(msg, "servicePrincipalName", NULL)) {
entry_ex->entry.flags.server = 0;
}
@ -544,7 +546,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
entry_ex->entry.generation = NULL;
/* Get keys from the db */
ret = LDB_message2entry_keys(context, private, msg, userAccountControl, entry_ex);
ret = LDB_message2entry_keys(context, lp_iconv_convenience(lp_ctx), private, msg, userAccountControl, entry_ex);
if (ret) {
/* Could be bougus data in the entry, or out of memory */
goto out;

View File

@ -154,7 +154,7 @@ NTSTATUS tdr_pull_charset(struct tdr_pull *tdr, TALLOC_CTX *ctx, const char **v,
TDR_PULL_NEED_BYTES(tdr, el_size*length);
ret = convert_string_talloc(ctx, lp_iconv_convenience(global_loadparm), chset, CH_UNIX, tdr->data.data+tdr->offset, el_size*length, discard_const_p(void *, v));
ret = convert_string_talloc(ctx, tdr->iconv_convenience, chset, CH_UNIX, tdr->data.data+tdr->offset, el_size*length, discard_const_p(void *, v));
if (ret == -1) {
return NT_STATUS_INVALID_PARAMETER;

View File

@ -112,7 +112,9 @@ static bool torture_pac_self_check(struct torture_context *tctx)
}
/* OK, go ahead and make a PAC */
ret = kerberos_create_pac(mem_ctx, server_info,
ret = kerberos_create_pac(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
server_info,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,
&server_keyblock,
@ -137,7 +139,9 @@ static bool torture_pac_self_check(struct torture_context *tctx)
dump_data(10,tmp_blob.data,tmp_blob.length);
/* Now check that we can read it back */
nt_status = kerberos_decode_pac(mem_ctx, &pac_data,
nt_status = kerberos_decode_pac(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
&pac_data,
tmp_blob,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,
@ -159,7 +163,9 @@ static bool torture_pac_self_check(struct torture_context *tctx)
}
/* Now check that we can read it back */
nt_status = kerberos_pac_logon_info(mem_ctx, &logon_info,
nt_status = kerberos_pac_logon_info(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
&logon_info,
tmp_blob,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,
@ -367,7 +373,9 @@ static bool torture_pac_saved_check(struct torture_context *tctx)
}
/* Decode and verify the signaure on the PAC */
nt_status = kerberos_decode_pac(mem_ctx, &pac_data,
nt_status = kerberos_decode_pac(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
&pac_data,
tmp_blob,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,
@ -386,7 +394,9 @@ static bool torture_pac_saved_check(struct torture_context *tctx)
}
/* Parse the PAC again, for the logon info this time */
nt_status = kerberos_pac_logon_info(mem_ctx, &logon_info,
nt_status = kerberos_pac_logon_info(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
&logon_info,
tmp_blob,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,
@ -442,6 +452,7 @@ static bool torture_pac_saved_check(struct torture_context *tctx)
}
ret = kerberos_encode_pac(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
pac_data,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,
@ -493,6 +504,7 @@ static bool torture_pac_saved_check(struct torture_context *tctx)
}
ret = kerberos_create_pac(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
server_info_out,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,
@ -565,7 +577,9 @@ static bool torture_pac_saved_check(struct torture_context *tctx)
}
/* Break the auth time, to ensure we check this vital detail (not setting this caused all the pain in the first place... */
nt_status = kerberos_decode_pac(mem_ctx, &pac_data,
nt_status = kerberos_decode_pac(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
&pac_data,
tmp_blob,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,
@ -601,7 +615,9 @@ static bool torture_pac_saved_check(struct torture_context *tctx)
smb_get_krb5_error_message(smb_krb5_context->krb5_context, ret, mem_ctx)));
}
nt_status = kerberos_decode_pac(mem_ctx, &pac_data,
nt_status = kerberos_decode_pac(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
&pac_data,
tmp_blob,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,
@ -619,7 +635,9 @@ static bool torture_pac_saved_check(struct torture_context *tctx)
/* Finally... Bugger up the signature, and check we fail the checksum */
tmp_blob.data[tmp_blob.length - 2]++;
nt_status = kerberos_decode_pac(mem_ctx, &pac_data,
nt_status = kerberos_decode_pac(mem_ctx,
lp_iconv_convenience(tctx->lp_ctx),
&pac_data,
tmp_blob,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,

View File

@ -189,14 +189,16 @@ static NTSTATUS rap_pull_string(TALLOC_CTX *mem_ctx, struct ndr_pull *ndr,
return NT_STATUS_OK;
}
static NTSTATUS rap_cli_do_call(struct smbcli_tree *tree, struct rap_call *call)
static NTSTATUS rap_cli_do_call(struct smbcli_tree *tree,
struct smb_iconv_convenience *iconv_convenience,
struct rap_call *call)
{
NTSTATUS result;
DATA_BLOB param_blob;
struct ndr_push *params;
struct smb_trans2 trans;
params = ndr_push_init_ctx(call, lp_iconv_convenience(global_loadparm));
params = ndr_push_init_ctx(call, iconv_convenience);
if (params == NULL)
return NT_STATUS_NO_MEMORY;
@ -231,11 +233,11 @@ static NTSTATUS rap_cli_do_call(struct smbcli_tree *tree, struct rap_call *call)
return result;
call->ndr_pull_param = ndr_pull_init_blob(&trans.out.params, call,
lp_iconv_convenience(global_loadparm));
iconv_convenience);
call->ndr_pull_param->flags = RAPNDR_FLAGS;
call->ndr_pull_data = ndr_pull_init_blob(&trans.out.data, call,
lp_iconv_convenience(global_loadparm));
iconv_convenience);
call->ndr_pull_data->flags = RAPNDR_FLAGS;
return result;
@ -243,6 +245,7 @@ static NTSTATUS rap_cli_do_call(struct smbcli_tree *tree, struct rap_call *call)
static NTSTATUS smbcli_rap_netshareenum(struct smbcli_tree *tree,
struct smb_iconv_convenience *iconv_convenience,
TALLOC_CTX *mem_ctx,
struct rap_NetShareEnum *r)
{
@ -268,7 +271,7 @@ static NTSTATUS smbcli_rap_netshareenum(struct smbcli_tree *tree,
break;
}
result = rap_cli_do_call(tree, call);
result = rap_cli_do_call(tree, iconv_convenience, call);
if (!NT_STATUS_IS_OK(result))
goto done;
@ -322,7 +325,7 @@ static bool test_netshareenum(struct torture_context *tctx,
r.in.bufsize = 8192;
torture_assert_ntstatus_ok(tctx,
smbcli_rap_netshareenum(cli->tree, tctx, &r), "");
smbcli_rap_netshareenum(cli->tree, lp_iconv_convenience(tctx->lp_ctx), tctx, &r), "");
for (i=0; i<r.out.count; i++) {
printf("%s %d %s\n", r.out.info[i].info1.name,
@ -334,6 +337,7 @@ static bool test_netshareenum(struct torture_context *tctx,
}
static NTSTATUS smbcli_rap_netserverenum2(struct smbcli_tree *tree,
struct smb_iconv_convenience *iconv_convenience,
TALLOC_CTX *mem_ctx,
struct rap_NetServerEnum2 *r)
{
@ -361,7 +365,7 @@ static NTSTATUS smbcli_rap_netserverenum2(struct smbcli_tree *tree,
break;
}
result = rap_cli_do_call(tree, call);
result = rap_cli_do_call(tree, iconv_convenience, call);
if (!NT_STATUS_IS_OK(result))
goto done;
@ -421,7 +425,7 @@ static bool test_netserverenum(struct torture_context *tctx,
r.in.domain = NULL;
torture_assert_ntstatus_ok(tctx,
smbcli_rap_netserverenum2(cli->tree, tctx, &r), "");
smbcli_rap_netserverenum2(cli->tree, lp_iconv_convenience(tctx->lp_ctx), tctx, &r), "");
for (i=0; i<r.out.count; i++) {
switch (r.in.level) {
@ -440,6 +444,7 @@ static bool test_netserverenum(struct torture_context *tctx,
}
_PUBLIC_ NTSTATUS smbcli_rap_netservergetinfo(struct smbcli_tree *tree,
struct smb_iconv_convenience *iconv_convenience,
TALLOC_CTX *mem_ctx,
struct rap_WserverGetInfo *r)
{
@ -466,7 +471,7 @@ _PUBLIC_ NTSTATUS smbcli_rap_netservergetinfo(struct smbcli_tree *tree,
goto done;
}
result = rap_cli_do_call(tree, call);
result = rap_cli_do_call(tree, iconv_convenience, call);
if (!NT_STATUS_IS_OK(result))
goto done;
@ -507,9 +512,9 @@ static bool test_netservergetinfo(struct torture_context *tctx,
r.in.bufsize = 0xffff;
r.in.level = 0;
torture_assert_ntstatus_ok(tctx, smbcli_rap_netservergetinfo(cli->tree, tctx, &r), "");
torture_assert_ntstatus_ok(tctx, smbcli_rap_netservergetinfo(cli->tree, lp_iconv_convenience(tctx->lp_ctx), tctx, &r), "");
r.in.level = 1;
torture_assert_ntstatus_ok(tctx, smbcli_rap_netservergetinfo(cli->tree, tctx, &r), "");
torture_assert_ntstatus_ok(tctx, smbcli_rap_netservergetinfo(cli->tree, lp_iconv_convenience(tctx->lp_ctx), tctx, &r), "");
return res;
}
@ -522,7 +527,7 @@ bool torture_rap_scan(struct torture_context *torture, struct smbcli_state *cli)
struct rap_call *call = new_rap_cli_call(torture, callno);
NTSTATUS result;
result = rap_cli_do_call(cli->tree, call);
result = rap_cli_do_call(cli->tree, lp_iconv_convenience(torture->lp_ctx), call);
if (!NT_STATUS_EQUAL(result, NT_STATUS_INVALID_PARAMETER))
continue;

View File

@ -2337,6 +2337,7 @@ bool torture_samba3_rpc_lsa(struct torture_context *torture)
}
static NTSTATUS get_servername(TALLOC_CTX *mem_ctx, struct smbcli_tree *tree,
struct smb_iconv_convenience *iconv_convenience,
char **name)
{
struct rap_WserverGetInfo r;
@ -2346,7 +2347,7 @@ static NTSTATUS get_servername(TALLOC_CTX *mem_ctx, struct smbcli_tree *tree,
r.in.level = 0;
r.in.bufsize = 0xffff;
status = smbcli_rap_netservergetinfo(tree, mem_ctx, &r);
status = smbcli_rap_netservergetinfo(tree, iconv_convenience, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@ -2561,7 +2562,7 @@ bool torture_samba3_rpc_spoolss(struct torture_context *torture)
return false;
}
status = get_servername(mem_ctx, cli->tree, &servername);
status = get_servername(mem_ctx, cli->tree, lp_iconv_convenience(torture->lp_ctx), &servername);
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, "(%s) get_servername returned %s\n",
__location__, nt_errstr(status));
@ -2747,7 +2748,7 @@ bool torture_samba3_rpc_wkssvc(struct torture_context *torture)
return false;
}
status = get_servername(mem_ctx, cli->tree, &servername);
status = get_servername(mem_ctx, cli->tree, lp_iconv_convenience(torture->lp_ctx), &servername);
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, "(%s) get_servername returned %s\n",
__location__, nt_errstr(status));