svn commit: samba r26229 - in branches/SAMBA_4_0: . source/auth source/auth/credentials source/dsdb/samdb source/dsdb/samdb/ldb_modules source/kdc source/ldap_server source/lib

jelmer at samba.org jelmer at samba.org
Sun Dec 2 19:04:35 GMT 2007 

Author: jelmer
Date: 2007-12-02 19:04:33 +0000 (Sun, 02 Dec 2007)
New Revision: 26229

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=26229

Log:
Set loadparm context as opaque pointer in ldb, remove more uses of global_loadparm.
Modified:
   branches/SAMBA_4_0/
   branches/SAMBA_4_0/source/auth/auth_server.c
   branches/SAMBA_4_0/source/auth/auth_unix.c
   branches/SAMBA_4_0/source/auth/auth_util.c
   branches/SAMBA_4_0/source/auth/credentials/credentials_files.c
   branches/SAMBA_4_0/source/auth/session.c
   branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c
   branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/update_keytab.c
   branches/SAMBA_4_0/source/dsdb/samdb/samdb.c
   branches/SAMBA_4_0/source/dsdb/samdb/samdb_privilege.c
   branches/SAMBA_4_0/source/kdc/kdc.c
   branches/SAMBA_4_0/source/ldap_server/ldap_bind.c
   branches/SAMBA_4_0/source/lib/ldb_wrap.c


Changeset:

Property changes on: branches/SAMBA_4_0
___________________________________________________________________
Name: bzr:revision-info
...skipped...
Name: bzr:revision-id:v3-trunk0
...skipped...

Modified: branches/SAMBA_4_0/source/auth/auth_server.c
===================================================================
--- branches/SAMBA_4_0/source/auth/auth_server.c	2007-12-02 17:56:09 UTC (rev 26228)
+++ branches/SAMBA_4_0/source/auth/auth_server.c	2007-12-02 19:04:33 UTC (rev 26229)
@@ -24,7 +24,7 @@
  Support for server level security.
 ****************************************************************************/
 
-static struct smbcli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
+static struct smbcli_state *server_cryptkey(TALLOC_CTX *mem_ctx, int maxprotocol)
 {
 	struct smbcli_state *cli = NULL;
 	fstring desthost;
@@ -92,7 +92,7 @@
 	
 	DEBUG(3,("got session\n"));
 
-	if (!smbcli_negprot(cli, lp_cli_maxprotocol(global_loadparm))) {
+	if (!smbcli_negprot(cli, maxprotocol)) {
 		DEBUG(1,("%s rejected the negprot\n",desthost));
 		release_server_mutex();
 		talloc_free(cli);
@@ -148,7 +148,7 @@
 					   void **my_private_data, 
 					   TALLOC_CTX *mem_ctx)
 {
-	struct smbcli_state *cli = server_cryptkey(mem_ctx);
+	struct smbcli_state *cli = server_cryptkey(mem_ctx, lp_cli_maxprotocol(auth_context->lp_ctx));
 	
 	if (cli) {
 		DEBUG(3,("using password server validation\n"));
@@ -215,7 +215,7 @@
 	
 	if (cli) {
 	} else {
-		cli = server_cryptkey(mem_ctx);
+		cli = server_cryptkey(mem_ctx, lp_cli_maxprotocol(auth_context->lp_ctx));
 		locally_made_cli = true;
 	}
 

Modified: branches/SAMBA_4_0/source/auth/auth_unix.c
===================================================================
--- branches/SAMBA_4_0/source/auth/auth_unix.c	2007-12-02 17:56:09 UTC (rev 26228)
+++ branches/SAMBA_4_0/source/auth/auth_unix.c	2007-12-02 19:04:33 UTC (rev 26229)
@@ -308,7 +308,7 @@
 /*
  * PAM Authentication Handler
  */
-static NTSTATUS smb_pam_auth(pam_handle_t *pamh, const char *user)
+static NTSTATUS smb_pam_auth(pam_handle_t *pamh, bool allow_null_passwords, const char *user)
 {
 	int pam_error;
 
@@ -319,7 +319,7 @@
 	
 	DEBUG(4,("smb_pam_auth: PAM: Authenticate User: %s\n", user));
 
-	pam_error = pam_authenticate(pamh, PAM_SILENT | lp_null_passwords(global_loadparm) ? 0 : PAM_DISALLOW_NULL_AUTHTOK);
+	pam_error = pam_authenticate(pamh, PAM_SILENT | allow_null_passwords ? 0 : PAM_DISALLOW_NULL_AUTHTOK);
 	switch( pam_error ){
 		case PAM_AUTH_ERR:
 			DEBUG(2, ("smb_pam_auth: PAM: Authentication Error for user %s\n", user));
@@ -461,7 +461,7 @@
 		return nt_status;
 	}
 
-	nt_status = smb_pam_auth(pamh, user_info->mapped.account_name);
+	nt_status = smb_pam_auth(pamh, lp_null_passwords(lp_ctx), user_info->mapped.account_name);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		smb_pam_end(pamh);
 		return nt_status;

Modified: branches/SAMBA_4_0/source/auth/auth_util.c
===================================================================
--- branches/SAMBA_4_0/source/auth/auth_util.c	2007-12-02 17:56:09 UTC (rev 26228)
+++ branches/SAMBA_4_0/source/auth/auth_util.c	2007-12-02 19:04:33 UTC (rev 26229)
@@ -58,7 +58,7 @@
 	}
 	
 	/* don't allow "" as a domain, fixes a Win9X bug 
-	   where it doens't supply a domain for logon script
+	   where it doesn't supply a domain for logon script
 	   'net use' commands.                                 */
 
 	/* Split user at realm names into user and realm components.  This is TODO to fix with proper userprincipalname support */

Modified: branches/SAMBA_4_0/source/auth/credentials/credentials_files.c
===================================================================
--- branches/SAMBA_4_0/source/auth/credentials/credentials_files.c	2007-12-02 17:56:09 UTC (rev 26228)
+++ branches/SAMBA_4_0/source/auth/credentials/credentials_files.c	2007-12-02 19:04:33 UTC (rev 26229)
@@ -169,6 +169,7 @@
  * @retval NTSTATUS error detailing any failure
  */
 NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, 
+				     struct loadparm_context *lp_ctx,
 				     struct ldb_context *ldb,
 				     const char *base,
 				     const char *filter)
@@ -212,7 +213,7 @@
 
 	if (!ldb) {
 		/* Local secrets are stored in secrets.ldb */
-		ldb = secrets_db_connect(mem_ctx, global_loadparm);
+		ldb = secrets_db_connect(mem_ctx, lp_ctx);
 		if (!ldb) {
 			/* set anonymous as the fallback, if the machine account won't work */
 			cli_credentials_set_anonymous(cred);
@@ -308,7 +309,7 @@
 	} else {
 		keytab = ldb_msg_find_attr_as_string(msgs[0], "privateKeytab", NULL);
 		if (keytab) {
-			keytab = talloc_asprintf(mem_ctx, "FILE:%s", private_path(mem_ctx, global_loadparm, keytab));
+			keytab = talloc_asprintf(mem_ctx, "FILE:%s", private_path(mem_ctx, lp_ctx, keytab));
 			if (keytab) {
 				cli_credentials_set_keytab_name(cred, keytab, CRED_SPECIFIED);
 			}
@@ -334,7 +335,7 @@
 	cred->machine_account_pending = false;
 	filter = talloc_asprintf(cred, SECRETS_PRIMARY_DOMAIN_FILTER, 
 				       cli_credentials_get_domain(cred));
-	return cli_credentials_set_secrets(cred, NULL, SECRETS_PRIMARY_DOMAIN_DN,
+	return cli_credentials_set_secrets(cred, global_loadparm, NULL, SECRETS_PRIMARY_DOMAIN_DN,
 					   filter);
 }
 
@@ -354,7 +355,7 @@
 	filter = talloc_asprintf(cred, SECRETS_KRBTGT_SEARCH,
 				       cli_credentials_get_realm(cred),
 				       cli_credentials_get_domain(cred));
-	return cli_credentials_set_secrets(cred, NULL, SECRETS_PRINCIPALS_DN,
+	return cli_credentials_set_secrets(cred, global_loadparm, NULL, SECRETS_PRINCIPALS_DN,
 					   filter);
 }
 
@@ -376,7 +377,7 @@
 				 cli_credentials_get_realm(cred),
 				 cli_credentials_get_domain(cred),
 				 serviceprincipal);
-	return cli_credentials_set_secrets(cred, NULL, SECRETS_PRINCIPALS_DN,
+	return cli_credentials_set_secrets(cred, global_loadparm, NULL, SECRETS_PRINCIPALS_DN,
 					   filter);
 }
 

Modified: branches/SAMBA_4_0/source/auth/session.c
===================================================================
--- branches/SAMBA_4_0/source/auth/session.c	2007-12-02 17:56:09 UTC (rev 26228)
+++ branches/SAMBA_4_0/source/auth/session.c	2007-12-02 19:04:33 UTC (rev 26229)
@@ -161,6 +161,7 @@
 	session_info->session_key = server_info->user_session_key;
 
 	nt_status = security_token_create(session_info,
+					  global_loadparm,
 					  server_info->account_sid,
 					  server_info->primary_group_sid,
 					  server_info->n_domain_groups,

Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c
===================================================================
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c	2007-12-02 17:56:09 UTC (rev 26228)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c	2007-12-02 19:04:33 UTC (rev 26229)
@@ -341,7 +341,7 @@
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
 
-	if (lp_parm_bool(global_loadparm, NULL, "password_hash", "create_aes_key", false)) {
+	if (lp_parm_bool(ldb_get_opaque(io->ac->module->ldb, "loadparm"), NULL, "password_hash", "create_aes_key", false)) {
 	/*
 	 * TODO:
 	 *

Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/update_keytab.c
===================================================================
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/update_keytab.c	2007-12-02 17:56:09 UTC (rev 26228)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/update_keytab.c	2007-12-02 19:04:33 UTC (rev 26229)
@@ -89,8 +89,8 @@
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
 
-	cli_credentials_set_conf(item->creds, global_loadparm);
-	status = cli_credentials_set_secrets(item->creds, module->ldb, NULL, filter);
+	cli_credentials_set_conf(item->creds, ldb_get_opaque(module->ldb, "loadparm"));
+	status = cli_credentials_set_secrets(item->creds, ldb_get_opaque(module->ldb, "loadparm"), module->ldb, NULL, filter);
 	talloc_free(filter);
 	if (NT_STATUS_IS_OK(status)) {
 		if (delete) {

Modified: branches/SAMBA_4_0/source/dsdb/samdb/samdb.c
===================================================================
--- branches/SAMBA_4_0/source/dsdb/samdb/samdb.c	2007-12-02 17:56:09 UTC (rev 26228)
+++ branches/SAMBA_4_0/source/dsdb/samdb/samdb.c	2007-12-02 19:04:33 UTC (rev 26229)
@@ -1854,6 +1854,7 @@
  Create the SID list for this user.
 ****************************************************************************/
 NTSTATUS security_token_create(TALLOC_CTX *mem_ctx, 
+			       struct loadparm_context *lp_ctx,
 			       struct dom_sid *user_sid,
 			       struct dom_sid *group_sid, 
 			       int n_groupSIDs,
@@ -1911,7 +1912,7 @@
 	}
 
 	/* setup the privilege mask for this token */
-	status = samdb_privilege_setup(ptoken);
+	status = samdb_privilege_setup(lp_ctx, ptoken);
 	if (!NT_STATUS_IS_OK(status)) {
 		talloc_free(ptoken);
 		return status;

Modified: branches/SAMBA_4_0/source/dsdb/samdb/samdb_privilege.c
===================================================================
--- branches/SAMBA_4_0/source/dsdb/samdb/samdb_privilege.c	2007-12-02 17:56:09 UTC (rev 26228)
+++ branches/SAMBA_4_0/source/dsdb/samdb/samdb_privilege.c	2007-12-02 19:04:33 UTC (rev 26229)
@@ -73,7 +73,7 @@
   setup the privilege mask for this security token based on our
   local SAM
 */
-_PUBLIC_ NTSTATUS samdb_privilege_setup(struct security_token *token)
+_PUBLIC_ NTSTATUS samdb_privilege_setup(struct loadparm_context *lp_ctx, struct security_token *token)
 {
 	void *samctx;
 	TALLOC_CTX *mem_ctx;
@@ -97,7 +97,7 @@
 	}
 
 	mem_ctx = talloc_new(token);
-	samctx = samdb_connect(mem_ctx, global_loadparm, system_session(mem_ctx));
+	samctx = samdb_connect(mem_ctx, lp_ctx, system_session(mem_ctx));
 	if (samctx == NULL) {
 		talloc_free(mem_ctx);
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;

Modified: branches/SAMBA_4_0/source/kdc/kdc.c
===================================================================
--- branches/SAMBA_4_0/source/kdc/kdc.c	2007-12-02 17:56:09 UTC (rev 26228)
+++ branches/SAMBA_4_0/source/kdc/kdc.c	2007-12-02 19:04:33 UTC (rev 26229)
@@ -516,7 +516,7 @@
 /*
   setup our listening sockets on the configured network interfaces
 */
-static NTSTATUS kdc_startup_interfaces(struct kdc_server *kdc)
+static NTSTATUS kdc_startup_interfaces(struct kdc_server *kdc, struct loadparm_context *lp_ctx)
 {
 	int num_interfaces = iface_count();
 	TALLOC_CTX *tmp_ctx = talloc_new(kdc);
@@ -526,8 +526,8 @@
 	
 	for (i=0; i<num_interfaces; i++) {
 		const char *address = talloc_strdup(tmp_ctx, iface_n_ip(i));
-		status = kdc_add_socket(kdc, address, lp_krb5_port(global_loadparm), 
-					lp_kpasswd_port(global_loadparm));
+		status = kdc_add_socket(kdc, address, lp_krb5_port(lp_ctx), 
+					lp_kpasswd_port(lp_ctx));
 		NT_STATUS_NOT_OK_RETURN(status);
 	}
 
@@ -555,7 +555,7 @@
 	NTSTATUS status;
 	krb5_error_code ret;
 
-	switch (lp_server_role(global_loadparm)) {
+	switch (lp_server_role(task->lp_ctx)) {
 	case ROLE_STANDALONE:
 		task_server_terminate(task, "kdc: no KDC required in standalone configuration");
 		return;
@@ -636,7 +636,7 @@
 	kdc_mem_ctx = kdc->smb_krb5_context;
 
 	/* start listening on the configured network interfaces */
-	status = kdc_startup_interfaces(kdc);
+	status = kdc_startup_interfaces(kdc, task->lp_ctx);
 	if (!NT_STATUS_IS_OK(status)) {
 		task_server_terminate(task, "kdc failed to setup interfaces");
 		return;

Modified: branches/SAMBA_4_0/source/ldap_server/ldap_bind.c
===================================================================
--- branches/SAMBA_4_0/source/ldap_server/ldap_bind.c	2007-12-02 17:56:09 UTC (rev 26228)
+++ branches/SAMBA_4_0/source/ldap_server/ldap_bind.c	2007-12-02 19:04:33 UTC (rev 26229)
@@ -47,9 +47,10 @@
 
 	status = crack_auto_name_to_nt4_name(call, req->dn, &nt4_domain, &nt4_account);
 	if (NT_STATUS_IS_OK(status)) {
-		status = authenticate_username_pw(global_loadparm, call,
+		status = authenticate_username_pw(call,
 						  call->conn->connection->event.ctx,
 						  call->conn->connection->msg_ctx,
+						  global_loadparm,
 						  nt4_domain, nt4_account, 
 						  req->creds.password,
 						  &session_info);

Modified: branches/SAMBA_4_0/source/lib/ldb_wrap.c
===================================================================
--- branches/SAMBA_4_0/source/lib/ldb_wrap.c	2007-12-02 17:56:09 UTC (rev 26228)
+++ branches/SAMBA_4_0/source/lib/ldb_wrap.c	2007-12-02 19:04:33 UTC (rev 26229)
@@ -134,6 +134,11 @@
 		talloc_free(ldb);
 		return NULL;
 	}
+
+	if (ldb_set_opaque(ldb, "loadparm", lp_ctx)) {
+		talloc_free(ldb);
+		return NULL;
+	}
 	
 	if (strcmp(lp_sam_url(lp_ctx), url) == 0) {
 		dsdb_set_global_schema(ldb);

More information about the samba-cvs mailing list