[PATCH] More talloc_autofree_context() cleanups.

Andreas Schneider asn at samba.org
Thu May 11 15:46:18 UTC 2017


On Wednesday, 10 May 2017 18:13:38 CEST Jeremy Allison wrote:
> And some global conversion to access functions.
> 
> Passes local full make test.
> 
> Please review and push if happy.
> 
> Jeremy.

Samba with MIT Kerberos doesn't build anymore with this patchset. The attached 
patchset has a commit you can SQUASH and push with my RB+


	Andreas


-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org
-------------- next part --------------
>From 7bd00f93230248f1a60aa1784d2cd6812bb97b5b Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Tue, 9 May 2017 12:39:14 -0700
Subject: [PATCH 1/9] s4: auth: Add TALLOC_CTX * to auth_register()

Use the talloc context passed into all modules.
Remove one more talloc_autofree_context().

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
---
 source4/auth/auth.h                | 2 +-
 source4/auth/ntlm/auth.c           | 5 +++--
 source4/auth/ntlm/auth_anonymous.c | 2 +-
 source4/auth/ntlm/auth_developer.c | 2 +-
 source4/auth/ntlm/auth_sam.c       | 6 +++---
 source4/auth/ntlm/auth_unix.c      | 2 +-
 source4/auth/ntlm/auth_winbind.c   | 6 +++---
 7 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index 066703d59da..de3a8bd5b22 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -156,7 +156,7 @@ NTSTATUS auth_check_password(struct auth4_context *auth_ctx,
 			     struct auth_user_info_dc **user_info_dc,
 			     uint8_t *pauthoritative);
 NTSTATUS auth4_init(void);
-NTSTATUS auth_register(const struct auth_operations *ops);
+NTSTATUS auth_register(TALLOC_CTX *mem_ctx, const struct auth_operations *ops);
 NTSTATUS server_service_auth_init(TALLOC_CTX *ctx);
 NTSTATUS authenticate_ldap_simple_bind(TALLOC_CTX *mem_ctx,
 				       struct tevent_context *ev,
diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c
index 2f2cdc1a4ff..c8c3e11e5b3 100644
--- a/source4/auth/ntlm/auth.c
+++ b/source4/auth/ntlm/auth.c
@@ -764,7 +764,8 @@ static int num_backends;
   The 'name' can be later used by other backends to find the operations
   structure for this backend.
 */
-_PUBLIC_ NTSTATUS auth_register(const struct auth_operations *ops)
+_PUBLIC_ NTSTATUS auth_register(TALLOC_CTX *mem_ctx,
+			const struct auth_operations *ops)
 {
 	struct auth_operations *new_ops;
 	
@@ -775,7 +776,7 @@ _PUBLIC_ NTSTATUS auth_register(const struct auth_operations *ops)
 		return NT_STATUS_OBJECT_NAME_COLLISION;
 	}
 
-	backends = talloc_realloc(talloc_autofree_context(), backends, 
+	backends = talloc_realloc(mem_ctx, backends,
 				  struct auth_backend, num_backends+1);
 	NT_STATUS_HAVE_NO_MEMORY(backends);
 
diff --git a/source4/auth/ntlm/auth_anonymous.c b/source4/auth/ntlm/auth_anonymous.c
index 9bdcf0cbcb4..6d3d0ace82c 100644
--- a/source4/auth/ntlm/auth_anonymous.c
+++ b/source4/auth/ntlm/auth_anonymous.c
@@ -99,7 +99,7 @@ _PUBLIC_ NTSTATUS auth4_anonymous_init(TALLOC_CTX *ctx)
 {
 	NTSTATUS ret;
 
-	ret = auth_register(&anonymous_auth_ops);
+	ret = auth_register(ctx, &anonymous_auth_ops);
 	if (!NT_STATUS_IS_OK(ret)) {
 		DEBUG(0,("Failed to register 'anonymous' auth backend!\n"));
 		return ret;
diff --git a/source4/auth/ntlm/auth_developer.c b/source4/auth/ntlm/auth_developer.c
index 93a073b125d..e7e4be96ae8 100644
--- a/source4/auth/ntlm/auth_developer.c
+++ b/source4/auth/ntlm/auth_developer.c
@@ -141,7 +141,7 @@ _PUBLIC_ NTSTATUS auth4_developer_init(TALLOC_CTX *ctx)
 {
 	NTSTATUS ret;
 
-	ret = auth_register(&name_to_ntstatus_auth_ops);
+	ret = auth_register(ctx, &name_to_ntstatus_auth_ops);
 	if (!NT_STATUS_IS_OK(ret)) {
 		DEBUG(0,("Failed to register 'name_to_ntstatus' auth backend!\n"));
 		return ret;
diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c
index 305fdc5d281..f7da04e6573 100644
--- a/source4/auth/ntlm/auth_sam.c
+++ b/source4/auth/ntlm/auth_sam.c
@@ -928,19 +928,19 @@ _PUBLIC_ NTSTATUS auth4_sam_init(TALLOC_CTX *ctx)
 {
 	NTSTATUS ret;
 
-	ret = auth_register(&sam_ops);
+	ret = auth_register(ctx, &sam_ops);
 	if (!NT_STATUS_IS_OK(ret)) {
 		DEBUG(0,("Failed to register 'sam' auth backend!\n"));
 		return ret;
 	}
 
-	ret = auth_register(&sam_ignoredomain_ops);
+	ret = auth_register(ctx, &sam_ignoredomain_ops);
 	if (!NT_STATUS_IS_OK(ret)) {
 		DEBUG(0,("Failed to register 'sam_ignoredomain' auth backend!\n"));
 		return ret;
 	}
 
-	ret = auth_register(&sam_failtrusts_ops);
+	ret = auth_register(ctx, &sam_failtrusts_ops);
 	if (!NT_STATUS_IS_OK(ret)) {
 		DEBUG(0,("Failed to register 'sam_failtrusts' auth backend!\n"));
 		return ret;
diff --git a/source4/auth/ntlm/auth_unix.c b/source4/auth/ntlm/auth_unix.c
index 5fb8b4f5dde..ad780bafc82 100644
--- a/source4/auth/ntlm/auth_unix.c
+++ b/source4/auth/ntlm/auth_unix.c
@@ -755,7 +755,7 @@ _PUBLIC_ NTSTATUS auth4_unix_init(TALLOC_CTX *ctx)
 {
 	NTSTATUS ret;
 
-	ret = auth_register(&unix_ops);
+	ret = auth_register(ctx, &unix_ops);
 	if (!NT_STATUS_IS_OK(ret)) {
 		DEBUG(0,("Failed to register unix auth backend!\n"));
 		return ret;
diff --git a/source4/auth/ntlm/auth_winbind.c b/source4/auth/ntlm/auth_winbind.c
index d5bf5ad2685..f5bd22acef6 100644
--- a/source4/auth/ntlm/auth_winbind.c
+++ b/source4/auth/ntlm/auth_winbind.c
@@ -317,19 +317,19 @@ _PUBLIC_ NTSTATUS auth4_winbind_init(TALLOC_CTX *ctx)
 {
 	NTSTATUS ret;
 
-	ret = auth_register(&winbind_ops);
+	ret = auth_register(ctx, &winbind_ops);
 	if (!NT_STATUS_IS_OK(ret)) {
 		DEBUG(0,("Failed to register 'winbind' auth backend!\n"));
 		return ret;
 	}
 
-	ret = auth_register(&winbind_rodc_ops);
+	ret = auth_register(ctx, &winbind_rodc_ops);
 	if (!NT_STATUS_IS_OK(ret)) {
 		DEBUG(0,("Failed to register 'winbind_rodc' auth backend!\n"));
 		return ret;
 	}
 
-	ret = auth_register(&winbind_wbclient_ops);
+	ret = auth_register(ctx, &winbind_wbclient_ops);
 	if (!NT_STATUS_IS_OK(ret)) {
 		DEBUG(0,("Failed to register 'winbind_wbclient' auth backend!\n"));
 		return ret;
-- 
2.12.2


>From f975ae764f978f02750b7ae085af5b456833f18a Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Tue, 9 May 2017 13:28:49 -0700
Subject: [PATCH 2/9] s4: auth: Remove a talloc_autofree_context() use.

Use NULL here, not the autofree context for this
static pointer. The destructor prevents freeing this
memory anyway.

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
---
 source4/auth/system_session.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/source4/auth/system_session.c b/source4/auth/system_session.c
index 3b9edd779df..4c5290db71a 100644
--- a/source4/auth/system_session.c
+++ b/source4/auth/system_session.c
@@ -51,7 +51,12 @@ _PUBLIC_ struct auth_session_info *system_session(struct loadparm_context *lp_ct
 		return static_session;
 	}
 
-	nt_status = auth_system_session_info(talloc_autofree_context(),
+	/*
+	 * Use NULL here, not the autofree context for this
+	 * static pointer. The destructor prevents freeing this
+	 * memory anyway.
+	 */
+	nt_status = auth_system_session_info(NULL,
 					     lp_ctx,
 					     &static_session);
 	if (!NT_STATUS_IS_OK(nt_status)) {
-- 
2.12.2


>From d91cf89ee09aa30c14081145a0c112efca238689 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Tue, 9 May 2017 13:46:45 -0700
Subject: [PATCH 3/9] s4: Add TALLOC_CTX * to register_server_service().

Use the passed in context from callers. Remove one
talloc_autofree_context().

Signed-off-by: Jeremy Allison <jra at samba.org>
---
 file_server/file_server.c           | 2 +-
 source4/cldap_server/cldap_server.c | 2 +-
 source4/dns_server/dns_server.c     | 2 +-
 source4/dsdb/dns/dns_update.c       | 2 +-
 source4/dsdb/kcc/kcc_service.c      | 2 +-
 source4/dsdb/repl/drepl_service.c   | 2 +-
 source4/echo_server/echo_server.c   | 2 +-
 source4/kdc/kdc-heimdal.c           | 2 +-
 source4/kdc/kdc-service-mit.c       | 2 +-
 source4/ldap_server/ldap_server.c   | 2 +-
 source4/nbt_server/nbt_server.c     | 2 +-
 source4/ntp_signd/ntp_signd.c       | 2 +-
 source4/rpc_server/service_rpc.c    | 2 +-
 source4/smb_server/service_smb.c    | 2 +-
 source4/smbd/service.c              | 7 ++++---
 source4/web_server/web_server.c     | 2 +-
 source4/winbind/winbindd.c          | 4 ++--
 source4/wrepl_server/wrepl_server.c | 2 +-
 18 files changed, 22 insertions(+), 21 deletions(-)

diff --git a/file_server/file_server.c b/file_server/file_server.c
index 72d7de5e20f..83641f819f6 100644
--- a/file_server/file_server.c
+++ b/file_server/file_server.c
@@ -97,5 +97,5 @@ NTSTATUS server_service_s3fs_init(TALLOC_CTX *);
 
 NTSTATUS server_service_s3fs_init(TALLOC_CTX *ctx)
 {
-	return register_server_service("s3fs", s3fs_task_init);
+	return register_server_service(ctx, "s3fs", s3fs_task_init);
 }
diff --git a/source4/cldap_server/cldap_server.c b/source4/cldap_server/cldap_server.c
index de8bc4eeef0..35a2b99e222 100644
--- a/source4/cldap_server/cldap_server.c
+++ b/source4/cldap_server/cldap_server.c
@@ -243,5 +243,5 @@ static void cldapd_task_init(struct task_server *task)
 */
 NTSTATUS server_service_cldapd_init(TALLOC_CTX *ctx)
 {
-	return register_server_service("cldap", cldapd_task_init);
+	return register_server_service(ctx, "cldap", cldapd_task_init);
 }
diff --git a/source4/dns_server/dns_server.c b/source4/dns_server/dns_server.c
index d467cca3e43..5e9527d1f72 100644
--- a/source4/dns_server/dns_server.c
+++ b/source4/dns_server/dns_server.c
@@ -929,5 +929,5 @@ static void dns_task_init(struct task_server *task)
 
 NTSTATUS server_service_dns_init(TALLOC_CTX *ctx)
 {
-	return register_server_service("dns", dns_task_init);
+	return register_server_service(ctx, "dns", dns_task_init);
 }
diff --git a/source4/dsdb/dns/dns_update.c b/source4/dsdb/dns/dns_update.c
index d2e34669aea..f74256d95ea 100644
--- a/source4/dsdb/dns/dns_update.c
+++ b/source4/dsdb/dns/dns_update.c
@@ -667,5 +667,5 @@ static void dnsupdate_task_init(struct task_server *task)
 */
 NTSTATUS server_service_dnsupdate_init(TALLOC_CTX *ctx)
 {
-	return register_server_service("dnsupdate", dnsupdate_task_init);
+	return register_server_service(ctx, "dnsupdate", dnsupdate_task_init);
 }
diff --git a/source4/dsdb/kcc/kcc_service.c b/source4/dsdb/kcc/kcc_service.c
index 000206f98b7..946a8fef3ec 100644
--- a/source4/dsdb/kcc/kcc_service.c
+++ b/source4/dsdb/kcc/kcc_service.c
@@ -347,5 +347,5 @@ static void kccsrv_task_init(struct task_server *task)
 */
 NTSTATUS server_service_kcc_init(TALLOC_CTX *ctx)
 {
-	return register_server_service("kcc", kccsrv_task_init);
+	return register_server_service(ctx, "kcc", kccsrv_task_init);
 }
diff --git a/source4/dsdb/repl/drepl_service.c b/source4/dsdb/repl/drepl_service.c
index 787f2d79138..39791b44aa8 100644
--- a/source4/dsdb/repl/drepl_service.c
+++ b/source4/dsdb/repl/drepl_service.c
@@ -516,5 +516,5 @@ static void dreplsrv_task_init(struct task_server *task)
 */
 NTSTATUS server_service_drepl_init(TALLOC_CTX *ctx)
 {
-	return register_server_service("drepl", dreplsrv_task_init);
+	return register_server_service(ctx, "drepl", dreplsrv_task_init);
 }
diff --git a/source4/echo_server/echo_server.c b/source4/echo_server/echo_server.c
index a934b5b431c..e6102322cc8 100644
--- a/source4/echo_server/echo_server.c
+++ b/source4/echo_server/echo_server.c
@@ -343,5 +343,5 @@ static void echo_task_init(struct task_server *task)
  */
 NTSTATUS server_service_echo_init(TALLOC_CTX *ctx)
 {
-	return register_server_service("echo", echo_task_init);
+	return register_server_service(ctx, "echo", echo_task_init);
 }
diff --git a/source4/kdc/kdc-heimdal.c b/source4/kdc/kdc-heimdal.c
index fd48114edf8..d5c721b6056 100644
--- a/source4/kdc/kdc-heimdal.c
+++ b/source4/kdc/kdc-heimdal.c
@@ -468,5 +468,5 @@ static void kdc_task_init(struct task_server *task)
 /* called at smbd startup - register ourselves as a server service */
 NTSTATUS server_service_kdc_init(TALLOC_CTX *ctx)
 {
-	return register_server_service("kdc", kdc_task_init);
+	return register_server_service(ctx, "kdc", kdc_task_init);
 }
diff --git a/source4/kdc/kdc-service-mit.c b/source4/kdc/kdc-service-mit.c
index 87c0179f461..d27381d71cb 100644
--- a/source4/kdc/kdc-service-mit.c
+++ b/source4/kdc/kdc-service-mit.c
@@ -352,5 +352,5 @@ NTSTATUS server_service_mitkdc_init(TALLOC_CTX *mem_ctx);
 
 NTSTATUS server_service_mitkdc_init(TALLOC_CTX *mem_ctx)
 {
-	return register_server_service("kdc", mitkdc_task_init);
+	return register_server_service(ctx, "kdc", mitkdc_task_init);
 }
diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
index 747e25dde22..347a17dde5a 100644
--- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -1184,5 +1184,5 @@ failed:
 
 NTSTATUS server_service_ldap_init(TALLOC_CTX *ctx)
 {
-	return register_server_service("ldap", ldapsrv_task_init);
+	return register_server_service(ctx, "ldap", ldapsrv_task_init);
 }
diff --git a/source4/nbt_server/nbt_server.c b/source4/nbt_server/nbt_server.c
index 2c20c10c18e..2196bb045e9 100644
--- a/source4/nbt_server/nbt_server.c
+++ b/source4/nbt_server/nbt_server.c
@@ -100,5 +100,5 @@ static void nbtd_task_init(struct task_server *task)
 */
 NTSTATUS server_service_nbtd_init(TALLOC_CTX *ctx)
 {
-	return register_server_service("nbt", nbtd_task_init);
+	return register_server_service(ctx, "nbt", nbtd_task_init);
 }
diff --git a/source4/ntp_signd/ntp_signd.c b/source4/ntp_signd/ntp_signd.c
index ddd38c1e303..7949dc2f3b0 100644
--- a/source4/ntp_signd/ntp_signd.c
+++ b/source4/ntp_signd/ntp_signd.c
@@ -554,5 +554,5 @@ static void ntp_signd_task_init(struct task_server *task)
 /* called at smbd startup - register ourselves as a server service */
 NTSTATUS server_service_ntp_signd_init(TALLOC_CTX *ctx)
 {
-	return register_server_service("ntp_signd", ntp_signd_task_init);
+	return register_server_service(ctx, "ntp_signd", ntp_signd_task_init);
 }
diff --git a/source4/rpc_server/service_rpc.c b/source4/rpc_server/service_rpc.c
index f6b1ac9f821..44c0d53aee6 100644
--- a/source4/rpc_server/service_rpc.c
+++ b/source4/rpc_server/service_rpc.c
@@ -126,5 +126,5 @@ failed:
 
 NTSTATUS server_service_rpc_init(TALLOC_CTX *ctx)
 {
-	return register_server_service("rpc", dcesrv_task_init);
+	return register_server_service(ctx, "rpc", dcesrv_task_init);
 }
diff --git a/source4/smb_server/service_smb.c b/source4/smb_server/service_smb.c
index 1a830d0e322..a607861d6e3 100644
--- a/source4/smb_server/service_smb.c
+++ b/source4/smb_server/service_smb.c
@@ -89,5 +89,5 @@ NTSTATUS server_service_smb_init(TALLOC_CTX *ctx)
 {
 	ntvfs_init(cmdline_lp_ctx);
 	share_init();
-	return register_server_service("smb", smbsrv_task_init);
+	return register_server_service(ctx, "smb", smbsrv_task_init);
 }
diff --git a/source4/smbd/service.c b/source4/smbd/service.c
index 81ad3c5aabc..403ae74964b 100644
--- a/source4/smbd/service.c
+++ b/source4/smbd/service.c
@@ -36,11 +36,12 @@ static struct registered_server {
 /*
   register a server service. 
 */
-NTSTATUS register_server_service(const char *name,
-				 void (*task_init)(struct task_server *))
+NTSTATUS register_server_service(TALLOC_CTX *ctx,
+				const char *name,
+				void (*task_init)(struct task_server *))
 {
 	struct registered_server *srv;
-	srv = talloc(talloc_autofree_context(), struct registered_server);
+	srv = talloc(ctx, struct registered_server);
 	NT_STATUS_HAVE_NO_MEMORY(srv);
 	srv->service_name = name;
 	srv->task_init = task_init;
diff --git a/source4/web_server/web_server.c b/source4/web_server/web_server.c
index 02f24609cc5..d854a298a9c 100644
--- a/source4/web_server/web_server.c
+++ b/source4/web_server/web_server.c
@@ -372,5 +372,5 @@ failed:
 /* called at smbd startup - register ourselves as a server service */
 NTSTATUS server_service_web_init(TALLOC_CTX *ctx)
 {
-	return register_server_service("web", websrv_task_init);
+	return register_server_service(ctx, "web", websrv_task_init);
 }
diff --git a/source4/winbind/winbindd.c b/source4/winbind/winbindd.c
index 6e6f262cf7a..c8c0733b615 100644
--- a/source4/winbind/winbindd.c
+++ b/source4/winbind/winbindd.c
@@ -90,9 +90,9 @@ NTSTATUS server_service_winbindd_init(TALLOC_CTX *);
 
 NTSTATUS server_service_winbindd_init(TALLOC_CTX *ctx)
 {
-	NTSTATUS status = register_server_service("winbindd", winbindd_task_init);
+	NTSTATUS status = register_server_service(ctx, "winbindd", winbindd_task_init);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
-	return register_server_service("winbind", winbindd_task_init);
+	return register_server_service(ctx, "winbind", winbindd_task_init);
 }
diff --git a/source4/wrepl_server/wrepl_server.c b/source4/wrepl_server/wrepl_server.c
index d054a222cad..dc28e23371e 100644
--- a/source4/wrepl_server/wrepl_server.c
+++ b/source4/wrepl_server/wrepl_server.c
@@ -508,5 +508,5 @@ static void wreplsrv_task_init(struct task_server *task)
 */
 NTSTATUS server_service_wrepl_init(TALLOC_CTX *ctx)
 {
-	return register_server_service("wrepl", wreplsrv_task_init);
+	return register_server_service(ctx, "wrepl", wreplsrv_task_init);
 }
-- 
2.12.2


>From 96e1c99d9ea1de978a9e369617cd3e1abd38c105 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Thu, 11 May 2017 17:39:39 +0200
Subject: [PATCH 4/9] SQ server_service_mitkdc_init

---
 source4/kdc/kdc-service-mit.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source4/kdc/kdc-service-mit.c b/source4/kdc/kdc-service-mit.c
index d27381d71cb..13d6f1f6e0a 100644
--- a/source4/kdc/kdc-service-mit.c
+++ b/source4/kdc/kdc-service-mit.c
@@ -352,5 +352,5 @@ NTSTATUS server_service_mitkdc_init(TALLOC_CTX *mem_ctx);
 
 NTSTATUS server_service_mitkdc_init(TALLOC_CTX *mem_ctx)
 {
-	return register_server_service(ctx, "kdc", mitkdc_task_init);
+	return register_server_service(mem_ctx, "kdc", mitkdc_task_init);
 }
-- 
2.12.2


>From 1444ed4c5e29bb4a0b30237ce65145a4450861e6 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Tue, 9 May 2017 14:34:35 -0700
Subject: [PATCH 5/9] s4: popt: Add set/get/free functions for
 cmdline_credentials.

Preparing to make this static instead of a global.

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
---
 source4/lib/cmdline/popt_common.c | 16 ++++++++++++++++
 source4/lib/cmdline/popt_common.h |  3 +++
 2 files changed, 19 insertions(+)

diff --git a/source4/lib/cmdline/popt_common.c b/source4/lib/cmdline/popt_common.c
index 25b02b446d0..59f06e8ba25 100644
--- a/source4/lib/cmdline/popt_common.c
+++ b/source4/lib/cmdline/popt_common.c
@@ -39,6 +39,22 @@
 enum {OPT_OPTION=1,OPT_LEAK_REPORT,OPT_LEAK_REPORT_FULL,OPT_DEBUG_STDERR};
 
 struct cli_credentials *cmdline_credentials = NULL;
+
+void popt_set_cmdline_credentials(struct cli_credentials *creds)
+{
+	cmdline_credentials = creds;
+}
+
+struct cli_credentials *popt_get_cmdline_credentials(void)
+{
+	return cmdline_credentials;
+}
+
+void popt_free_cmdline_credentials(void)
+{
+	TALLOC_FREE(cmdline_credentials);
+}
+
 struct loadparm_context *cmdline_lp_ctx = NULL;
 
 static void popt_version_callback(poptContext con,
diff --git a/source4/lib/cmdline/popt_common.h b/source4/lib/cmdline/popt_common.h
index fec7a3c3057..d1f764a0df9 100644
--- a/source4/lib/cmdline/popt_common.h
+++ b/source4/lib/cmdline/popt_common.h
@@ -38,6 +38,9 @@ extern struct poptOption popt_common_credentials4[];
 #define POPT_COMMON_CREDENTIALS { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_credentials4, 0, "Authentication options:", NULL },
 
 extern struct cli_credentials *cmdline_credentials;
+void popt_set_cmdline_credentials(struct cli_credentials *creds);
+struct cli_credentials *popt_get_cmdline_credentials(void);
+void popt_free_cmdline_credentials(void);
 extern struct loadparm_context *cmdline_lp_ctx;
 
 #endif /* _POPT_COMMON_H */
-- 
2.12.2


>From c05e77069ca456eea9ccf7ec1dbcca9e5f9b4f4a Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Tue, 9 May 2017 16:10:03 -0700
Subject: [PATCH 6/9] s4: popt: Global replace of cmdline_credentials ->
 popt_get_cmdline_credentials().

Add one use of popt_set_cmdline_credentials().
Fix 80 column limits when cmdline_credentials changes
to popt_get_cmdline_credentials().

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
---
 lib/ldb-samba/samba_extensions.c            |  3 +-
 nsswitch/libwbclient/tests/wbclient.c       | 60 +++++++++++++++++---------
 source4/client/cifsddio.c                   | 13 +++---
 source4/client/client.c                     | 14 +++++--
 source4/lib/cmdline/popt_credentials.c      | 43 ++++++++++++-------
 source4/lib/registry/tools/regdiff.c        |  6 ++-
 source4/lib/registry/tools/regpatch.c       |  6 ++-
 source4/lib/registry/tools/regshell.c       | 11 +++--
 source4/lib/registry/tools/regtree.c        |  9 ++--
 source4/lib/wmi/tools/wmic.c                |  2 +-
 source4/lib/wmi/tools/wmis.c                |  2 +-
 source4/torture/auth/ntlmssp.c              |  4 +-
 source4/torture/basic/misc.c                |  5 +--
 source4/torture/dns/dlz_bind9.c             | 46 +++++++++++---------
 source4/torture/drs/rpc/dssync.c            |  4 +-
 source4/torture/drs/rpc/msds_intid.c        |  2 +-
 source4/torture/krb5/kdc-canon-heimdal.c    | 19 ++++++---
 source4/torture/krb5/kdc-heimdal.c          | 18 ++++----
 source4/torture/krb5/kdc-mit.c              | 15 +++----
 source4/torture/ldap/basic.c                |  4 +-
 source4/torture/ldap/ldap_sort.c            |  2 +-
 source4/torture/ldap/nested_search.c        |  2 +-
 source4/torture/ldap/schema.c               |  2 +-
 source4/torture/ldap/uptodatevector.c       |  2 +-
 source4/torture/libnet/libnet_BecomeDC.c    |  2 +-
 source4/torture/libnet/libnet_domain.c      | 13 +++---
 source4/torture/libnet/libnet_group.c       |  4 +-
 source4/torture/libnet/libnet_lookup.c      |  8 ++--
 source4/torture/libnet/libnet_rpc.c         |  2 +-
 source4/torture/libnet/libnet_share.c       |  4 +-
 source4/torture/libnet/libnet_user.c        |  2 +-
 source4/torture/libnet/utils.c              |  4 +-
 source4/torture/libnetapi/libnetapi.c       |  4 +-
 source4/torture/libsmbclient/libsmbclient.c |  3 +-
 source4/torture/masktest.c                  |  6 ++-
 source4/torture/raw/composite.c             |  4 +-
 source4/torture/raw/context.c               | 14 +++----
 source4/torture/raw/lock.c                  |  2 +-
 source4/torture/raw/lockbench.c             |  2 +-
 source4/torture/raw/openbench.c             |  2 +-
 source4/torture/raw/oplock.c                |  3 +-
 source4/torture/raw/session.c               |  6 +--
 source4/torture/raw/tconrate.c              |  3 +-
 source4/torture/rpc/async_bind.c            |  2 +-
 source4/torture/rpc/backupkey.c             | 13 ++++--
 source4/torture/rpc/backupkey_heimdal.c     | 13 ++++--
 source4/torture/rpc/bind.c                  |  2 +-
 source4/torture/rpc/dfs.c                   |  4 +-
 source4/torture/rpc/dsgetinfo.c             |  2 +-
 source4/torture/rpc/fsrvp.c                 | 12 +++---
 source4/torture/rpc/netlogon.c              | 32 +++++++-------
 source4/torture/rpc/remote_pac.c            |  7 ++--
 source4/torture/rpc/rpc.c                   | 11 ++---
 source4/torture/rpc/samba3rpc.c             | 65 +++++++++++++++++------------
 source4/torture/rpc/samlogon.c              | 40 +++++++++++-------
 source4/torture/rpc/schannel.c              | 29 +++++++------
 source4/torture/rpc/session_key.c           |  2 +-
 source4/torture/rpc/spoolss.c               |  4 +-
 source4/torture/rpc/testjoin.c              |  7 ++--
 source4/torture/rpc/witness.c               |  2 +-
 source4/torture/rpc/wkssvc.c                |  6 +--
 source4/torture/shell.c                     | 31 +++++++++-----
 source4/torture/smb2/acls.c                 |  2 +-
 source4/torture/smb2/oplock.c               |  2 +-
 source4/torture/smb2/replay.c               |  8 ++--
 source4/torture/smb2/scan.c                 |  2 +-
 source4/torture/smb2/session.c              | 27 ++++++------
 source4/torture/smb2/util.c                 |  6 +--
 source4/torture/unix/unix_info2.c           |  2 +-
 source4/torture/unix/whoami.c               |  8 ++--
 source4/torture/util_smb.c                  |  2 +-
 source4/torture/vfs/acl_xattr.c             |  2 +-
 source4/torture/winbind/winbind.c           |  3 +-
 73 files changed, 432 insertions(+), 298 deletions(-)

diff --git a/lib/ldb-samba/samba_extensions.c b/lib/ldb-samba/samba_extensions.c
index be9f36a5a7d..28c820ecbee 100644
--- a/lib/ldb-samba/samba_extensions.c
+++ b/lib/ldb-samba/samba_extensions.c
@@ -87,7 +87,8 @@ static int extensions_hook(struct ldb_context *ldb, enum ldb_module_hook_type t)
 		if (ldb_set_opaque(ldb, "sessionInfo", system_session(cmdline_lp_ctx))) {
 			return ldb_operr(ldb);
 		}
-		if (ldb_set_opaque(ldb, "credentials", cmdline_credentials)) {
+		if (ldb_set_opaque(ldb, "credentials",
+				popt_get_cmdline_credentials())) {
 			return ldb_operr(ldb);
 		}
 		if (ldb_set_opaque(ldb, "loadparm", cmdline_lp_ctx)) {
diff --git a/nsswitch/libwbclient/tests/wbclient.c b/nsswitch/libwbclient/tests/wbclient.c
index c5428afac43..e80afc4bd78 100644
--- a/nsswitch/libwbclient/tests/wbclient.c
+++ b/nsswitch/libwbclient/tests/wbclient.c
@@ -693,13 +693,15 @@ static bool test_wbc_authenticate_user_int(struct torture_context *tctx,
 	struct wbcAuthErrorInfo *error = NULL;
 	wbcErr ret;
 
-	ret = wbcAuthenticateUser(cli_credentials_get_username(cmdline_credentials), correct_password);
+	ret = wbcAuthenticateUser(cli_credentials_get_username(
+			popt_get_cmdline_credentials()), correct_password);
 	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
-				 "wbcAuthenticateUser of %s failed",
-				 cli_credentials_get_username(cmdline_credentials));
+		 "wbcAuthenticateUser of %s failed",
+		 cli_credentials_get_username(popt_get_cmdline_credentials()));
 
 	ZERO_STRUCT(params);
-	params.account_name		= cli_credentials_get_username(cmdline_credentials);
+	params.account_name		=
+		cli_credentials_get_username(popt_get_cmdline_credentials());
 	params.level			= WBC_AUTH_USER_LEVEL_PLAIN;
 	params.password.plaintext	= correct_password;
 
@@ -728,13 +730,15 @@ static bool test_wbc_authenticate_user_int(struct torture_context *tctx,
 
 static bool test_wbc_authenticate_user(struct torture_context *tctx)
 {
-	return test_wbc_authenticate_user_int(tctx, cli_credentials_get_password(cmdline_credentials));
+	return test_wbc_authenticate_user_int(tctx,
+		cli_credentials_get_password(popt_get_cmdline_credentials()));
 }
 
 static bool test_wbc_change_password(struct torture_context *tctx)
 {
 	wbcErr ret;
-	const char *oldpass = cli_credentials_get_password(cmdline_credentials);
+	const char *oldpass =
+		cli_credentials_get_password(popt_get_cmdline_credentials());
 	const char *newpass = "Koo8irei%$";
 
 	struct samr_CryptPassword new_nt_password;
@@ -799,8 +803,10 @@ static bool test_wbc_change_password(struct torture_context *tctx)
 	params.new_password.response.nt_data = new_nt_password.data;
 
 	params.level = WBC_CHANGE_PASSWORD_LEVEL_RESPONSE;
-	params.account_name = cli_credentials_get_username(cmdline_credentials);
-	params.domain_name = cli_credentials_get_domain(cmdline_credentials);
+	params.account_name =
+		cli_credentials_get_username(popt_get_cmdline_credentials());
+	params.domain_name =
+		cli_credentials_get_domain(popt_get_cmdline_credentials());
 
 	ret = wbcChangeUserPasswordEx(&params, NULL, NULL, NULL);
 	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
@@ -810,12 +816,15 @@ static bool test_wbc_change_password(struct torture_context *tctx)
 		return false;
 	}
 
-	ret = wbcChangeUserPassword(cli_credentials_get_username(cmdline_credentials), newpass,
-				    cli_credentials_get_password(cmdline_credentials));
+	ret = wbcChangeUserPassword(
+		cli_credentials_get_username(popt_get_cmdline_credentials()),
+		newpass,
+		cli_credentials_get_password(popt_get_cmdline_credentials()));
 	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
 				 "wbcChangeUserPassword for %s failed", params.account_name);
 
-	return test_wbc_authenticate_user_int(tctx, cli_credentials_get_password(cmdline_credentials));
+	return test_wbc_authenticate_user_int(tctx,
+		cli_credentials_get_password(popt_get_cmdline_credentials()));
 }
 
 static bool test_wbc_logon_user(struct torture_context *tctx)
@@ -837,8 +846,10 @@ static bool test_wbc_logon_user(struct torture_context *tctx)
 				 "%s", "wbcLogonUser succeeded for NULL where it should "
 				 "have failed");
 
-	params.username = cli_credentials_get_username(cmdline_credentials);
-	params.password = cli_credentials_get_password(cmdline_credentials);
+	params.username =
+		cli_credentials_get_username(popt_get_cmdline_credentials());
+	params.password =
+		cli_credentials_get_password(popt_get_cmdline_credentials());
 
 	ret = wbcAddNamedBlob(&params.num_blobs, &params.blobs,
 			      "foo", 0, discard_const_p(uint8_t, "bar"), 4);
@@ -868,7 +879,8 @@ static bool test_wbc_logon_user(struct torture_context *tctx)
 			      strlen("S-1-2-3-4")+1);
 	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
 				 "%s", "wbcAddNamedBlob failed");
-	params.password = cli_credentials_get_password(cmdline_credentials);
+	params.password =
+		cli_credentials_get_password(popt_get_cmdline_credentials());
 	ret = wbcLogonUser(&params, &info, &error, &policy);
 	torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR,
 				 "wbcLogonUser for %s should have failed with "
@@ -883,11 +895,14 @@ static bool test_wbc_logon_user(struct torture_context *tctx)
 	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
 				 "%s", "wbcInterfaceDetails failed");
 
-	ret = wbcLookupName(iface->netbios_domain, cli_credentials_get_username(cmdline_credentials), &sid,
-			    &sidtype);
+	ret = wbcLookupName(iface->netbios_domain,
+		cli_credentials_get_username(popt_get_cmdline_credentials()),
+		&sid,
+		&sidtype);
 	wbcFreeMemory(iface);
 	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
-				 "wbcLookupName for %s failed", cli_credentials_get_username(cmdline_credentials));
+		"wbcLookupName for %s failed",
+		cli_credentials_get_username(popt_get_cmdline_credentials()));
 
 	ret = wbcSidToString(&sid, &sidstr);
 	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
@@ -899,7 +914,8 @@ static bool test_wbc_logon_user(struct torture_context *tctx)
 	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
 				 "%s", "wbcAddNamedBlob failed");
 	wbcFreeMemory(sidstr);
-	params.password = cli_credentials_get_password(cmdline_credentials);
+	params.password =
+		cli_credentials_get_password(popt_get_cmdline_credentials());
 	ret = wbcLogonUser(&params, &info, &error, &policy);
 	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
 				 "wbcLogonUser for %s failed", params.username);
@@ -918,9 +934,13 @@ static bool test_wbc_getgroups(struct torture_context *tctx)
 	uint32_t num_groups;
 	gid_t *groups;
 
-	ret = wbcGetGroups(cli_credentials_get_username(cmdline_credentials), &num_groups, &groups);
+	ret = wbcGetGroups(
+		cli_credentials_get_username(popt_get_cmdline_credentials()),
+		&num_groups,
+		&groups);
 	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
-				 "wbcGetGroups for %s failed", cli_credentials_get_username(cmdline_credentials));
+		"wbcGetGroups for %s failed",
+		cli_credentials_get_username(popt_get_cmdline_credentials()));
 	wbcFreeMemory(groups);
 	return true;
 }
diff --git a/source4/client/cifsddio.c b/source4/client/cifsddio.c
index 0ceb69e3b15..19d7dc82dbc 100644
--- a/source4/client/cifsddio.c
+++ b/source4/client/cifsddio.c
@@ -236,12 +236,13 @@ static struct smbcli_state * init_smb_session(struct resolve_context *resolve_ct
 	 * each connection, but for now, we just use the same one for both.
 	 */
 	ret = smbcli_full_connection(NULL, &cli, host, ports, share,
-				     NULL /* devtype */,
-				     socket_options,
-				     cmdline_credentials, resolve_ctx,
-				     ev, options,
-				     session_options,
-				     gensec_settings);
+				NULL /* devtype */,
+				socket_options,
+				popt_get_cmdline_credentials(),
+				resolve_ctx,
+				ev, options,
+				session_options,
+				gensec_settings);
 
 	if (!NT_STATUS_IS_OK(ret)) {
 		fprintf(stderr, "%s: connecting to //%s/%s: %s\n",
diff --git a/source4/client/client.c b/source4/client/client.c
index 1182e5be013..9b2115acc31 100644
--- a/source4/client/client.c
+++ b/source4/client/client.c
@@ -174,7 +174,11 @@ static void send_message(struct smbcli_state *cli, const char *desthost)
 	int total_len = 0;
 	int grp_id;
 
-	if (!smbcli_message_start(cli->tree, desthost, cli_credentials_get_username(cmdline_credentials), &grp_id)) {
+	if (!smbcli_message_start(cli->tree,
+			desthost,
+			cli_credentials_get_username(
+				popt_get_cmdline_credentials()),
+			&grp_id)) {
 		d_printf("message start: %s\n", smbcli_errstr(cli->tree));
 		return;
 	}
@@ -2702,7 +2706,7 @@ static bool browse_host(struct loadparm_context *lp_ctx,
 
 	status = dcerpc_pipe_connect(mem_ctx, &p, binding, 
 					 &ndr_table_srvsvc,
-				     cmdline_credentials, ev_ctx,
+				     popt_get_cmdline_credentials(), ev_ctx,
 				     lp_ctx);
 	if (!NT_STATUS_IS_OK(status)) {
 		d_printf("Failed to connect to %s - %s\n", 
@@ -3395,7 +3399,8 @@ static int do_message_op(const char *netbios_name, const char *desthost,
 	}
 
 	if (poptPeekArg(pc)) { 
-		cli_credentials_set_password(cmdline_credentials, poptGetArg(pc), CRED_SPECIFIED);
+		cli_credentials_set_password(popt_get_cmdline_credentials(),
+			poptGetArg(pc), CRED_SPECIFIED);
 	}
 
 	/*init_names(); */
@@ -3439,7 +3444,8 @@ static int do_message_op(const char *netbios_name, const char *desthost,
 	if (!do_connect(ctx, ev_ctx, lpcfg_resolve_context(cmdline_lp_ctx),
 			desthost, lpcfg_smb_ports(cmdline_lp_ctx), service,
 			lpcfg_socket_options(cmdline_lp_ctx),
-			cmdline_credentials, &smb_options, &smb_session_options,
+			popt_get_cmdline_credentials(),
+			&smb_options, &smb_session_options,
 			lpcfg_gensec_settings(ctx, cmdline_lp_ctx)))
 		return 1;
 
diff --git a/source4/lib/cmdline/popt_credentials.c b/source4/lib/cmdline/popt_credentials.c
index 59a724c6f9e..4b4088af7f6 100644
--- a/source4/lib/cmdline/popt_credentials.c
+++ b/source4/lib/cmdline/popt_credentials.c
@@ -48,19 +48,23 @@ static void popt_common_credentials_callback(poptContext con,
 						const char *arg, const void *data)
 {
 	if (reason == POPT_CALLBACK_REASON_PRE) {
-		cmdline_credentials = cli_credentials_init(talloc_autofree_context());
+		popt_set_cmdline_credentials(
+			cli_credentials_init(talloc_autofree_context()));
 		return;
 	}
 	
 	if (reason == POPT_CALLBACK_REASON_POST) {
-		cli_credentials_guess(cmdline_credentials, cmdline_lp_ctx);
+		cli_credentials_guess(popt_get_cmdline_credentials(),
+				cmdline_lp_ctx);
 
 		if (!dont_ask) {
-			cli_credentials_set_cmdline_callbacks(cmdline_credentials);
+			cli_credentials_set_cmdline_callbacks(
+				popt_get_cmdline_credentials());
 		}
 
 		if (machine_account_pending) {
-			cli_credentials_set_machine_account(cmdline_credentials, cmdline_lp_ctx);
+			cli_credentials_set_machine_account(
+				popt_get_cmdline_credentials(), cmdline_lp_ctx);
 		}
 
 		return;
@@ -72,7 +76,8 @@ static void popt_common_credentials_callback(poptContext con,
 	{
 		char *lp;
 		
-		cli_credentials_parse_string(cmdline_credentials, arg, CRED_SPECIFIED);
+		cli_credentials_parse_string(
+			popt_get_cmdline_credentials(), arg, CRED_SPECIFIED);
 		/* This breaks the abstraction, including the const above */
 		if ((lp=strchr_m(arg,'%'))) {
 			lp[0]='\0';
@@ -84,13 +89,15 @@ static void popt_common_credentials_callback(poptContext con,
 	break;
 
 	case OPT_PASSWORD:
-		cli_credentials_set_password(cmdline_credentials, arg, CRED_SPECIFIED);
+		cli_credentials_set_password(popt_get_cmdline_credentials(),
+			arg, CRED_SPECIFIED);
 		/* Try to prevent this showing up in ps */
 		memset(discard_const(arg),0,strlen(arg));
 		break;
 
 	case 'A':
-		cli_credentials_parse_file(cmdline_credentials, arg, CRED_SPECIFIED);
+		cli_credentials_parse_file(popt_get_cmdline_credentials(),
+			arg, CRED_SPECIFIED);
 		break;
 
 	case 'P':
@@ -111,7 +118,8 @@ static void popt_common_credentials_callback(poptContext con,
 			}
 		}
 		
-		cli_credentials_set_kerberos_state(cmdline_credentials, 
+		cli_credentials_set_kerberos_state(
+			popt_get_cmdline_credentials(),
 						   use_kerberos 
 						   ? CRED_MUST_USE_KERBEROS
 						   : CRED_DONT_USE_KERBEROS);
@@ -120,13 +128,16 @@ static void popt_common_credentials_callback(poptContext con,
 		
 	case OPT_SIMPLE_BIND_DN:
 	{
-		cli_credentials_set_bind_dn(cmdline_credentials, arg);
+		cli_credentials_set_bind_dn(popt_get_cmdline_credentials(),
+				arg);
 		break;
 	}
 	case OPT_KRB5_CCACHE:
 	{
 		const char *error_string;
-		if (cli_credentials_set_ccache(cmdline_credentials, cmdline_lp_ctx, arg, CRED_SPECIFIED,
+		if (cli_credentials_set_ccache(
+			popt_get_cmdline_credentials(), cmdline_lp_ctx,
+			arg, CRED_SPECIFIED,
 					       &error_string) != 0) {
 			fprintf(stderr, "Error reading krb5 credentials cache: '%s' %s", arg, error_string);
 			exit(1);
@@ -137,10 +148,12 @@ static void popt_common_credentials_callback(poptContext con,
 	{
 		uint32_t gensec_features;
 
-		gensec_features = cli_credentials_get_gensec_features(cmdline_credentials);
+		gensec_features = cli_credentials_get_gensec_features(
+					popt_get_cmdline_credentials());
 
 		gensec_features |= GENSEC_FEATURE_SIGN;
-		cli_credentials_set_gensec_features(cmdline_credentials,
+		cli_credentials_set_gensec_features(
+					popt_get_cmdline_credentials(),
 						    gensec_features);
 		break;
 	}
@@ -148,10 +161,12 @@ static void popt_common_credentials_callback(poptContext con,
 	{
 		uint32_t gensec_features;
 
-		gensec_features = cli_credentials_get_gensec_features(cmdline_credentials);
+		gensec_features = cli_credentials_get_gensec_features(
+					popt_get_cmdline_credentials());
 
 		gensec_features |= GENSEC_FEATURE_SEAL;
-		cli_credentials_set_gensec_features(cmdline_credentials,
+		cli_credentials_set_gensec_features(
+					popt_get_cmdline_credentials(),
 						    gensec_features);
 		break;
 	}
diff --git a/source4/lib/registry/tools/regdiff.c b/source4/lib/registry/tools/regdiff.c
index cf65de30642..da813336b85 100644
--- a/source4/lib/registry/tools/regdiff.c
+++ b/source4/lib/registry/tools/regdiff.c
@@ -43,10 +43,12 @@ static struct registry_context *open_backend(TALLOC_CTX *mem_ctx,
 		poptPrintUsage(pc, stderr, 0);
 		return NULL;
 	case REG_LOCAL:
-		error = reg_open_samba(mem_ctx, &ctx, ev_ctx, lp_ctx, NULL, cmdline_credentials);
+		error = reg_open_samba(mem_ctx, &ctx, ev_ctx, lp_ctx, NULL,
+				popt_get_cmdline_credentials());
 		break;
 	case REG_REMOTE:
-		error = reg_open_remote(mem_ctx, &ctx, NULL, cmdline_credentials, lp_ctx,
+		error = reg_open_remote(mem_ctx, &ctx, NULL,
+				popt_get_cmdline_credentials(), lp_ctx,
 					remote_host, ev_ctx);
 		break;
 	case REG_NULL:
diff --git a/source4/lib/registry/tools/regpatch.c b/source4/lib/registry/tools/regpatch.c
index 34cbd1c5aaa..50195fe084c 100644
--- a/source4/lib/registry/tools/regpatch.c
+++ b/source4/lib/registry/tools/regpatch.c
@@ -52,9 +52,11 @@ int main(int argc, const char **argv)
 	ev_ctx = s4_event_context_init(NULL);
 
 	if (remote) {
-		h = reg_common_open_remote (remote, ev_ctx, cmdline_lp_ctx, cmdline_credentials);
+		h = reg_common_open_remote (remote, ev_ctx, cmdline_lp_ctx,
+				popt_get_cmdline_credentials());
 	} else {
-		h = reg_common_open_local (cmdline_credentials, ev_ctx, cmdline_lp_ctx);
+		h = reg_common_open_local (popt_get_cmdline_credentials(),
+				ev_ctx, cmdline_lp_ctx);
 	}
 
 	if (h == NULL)
diff --git a/source4/lib/registry/tools/regshell.c b/source4/lib/registry/tools/regshell.c
index cba0d3f878d..5308d30e849 100644
--- a/source4/lib/registry/tools/regshell.c
+++ b/source4/lib/registry/tools/regshell.c
@@ -586,9 +586,12 @@ int main(int argc, const char **argv)
 
 	if (remote != NULL) {
 		ctx->registry = reg_common_open_remote(remote, ev_ctx,
-					 cmdline_lp_ctx, cmdline_credentials);
+					 cmdline_lp_ctx,
+					popt_get_cmdline_credentials());
 	} else if (file != NULL) {
-		ctx->current = reg_common_open_file(file, ev_ctx, cmdline_lp_ctx, cmdline_credentials);
+		ctx->current = reg_common_open_file(file, ev_ctx,
+					cmdline_lp_ctx,
+					popt_get_cmdline_credentials());
 		if (ctx->current == NULL)
 			return 1;
 		ctx->registry = ctx->current->context;
@@ -596,7 +599,9 @@ int main(int argc, const char **argv)
 		ctx->predef = NULL;
 		ctx->root = ctx->current;
 	} else {
-		ctx->registry = reg_common_open_local(cmdline_credentials, ev_ctx, cmdline_lp_ctx);
+		ctx->registry = reg_common_open_local(
+					popt_get_cmdline_credentials(),
+					ev_ctx, cmdline_lp_ctx);
 	}
 
 	if (ctx->registry == NULL)
diff --git a/source4/lib/registry/tools/regtree.c b/source4/lib/registry/tools/regtree.c
index 56f38e7d4ba..d4319f5f6bb 100644
--- a/source4/lib/registry/tools/regtree.c
+++ b/source4/lib/registry/tools/regtree.c
@@ -131,11 +131,14 @@ int main(int argc, const char **argv)
 	ev_ctx = s4_event_context_init(NULL);
 
 	if (remote != NULL) {
-		h = reg_common_open_remote(remote, ev_ctx, cmdline_lp_ctx, cmdline_credentials);
+		h = reg_common_open_remote(remote, ev_ctx, cmdline_lp_ctx,
+				popt_get_cmdline_credentials());
 	} else if (file != NULL) {
-		start_key = reg_common_open_file(file, ev_ctx, cmdline_lp_ctx, cmdline_credentials);
+		start_key = reg_common_open_file(file, ev_ctx, cmdline_lp_ctx,
+				popt_get_cmdline_credentials());
 	} else {
-		h = reg_common_open_local(cmdline_credentials, ev_ctx, cmdline_lp_ctx);
+		h = reg_common_open_local(popt_get_cmdline_credentials(),
+				ev_ctx, cmdline_lp_ctx);
 	}
 
 	if (h == NULL && start_key == NULL)
diff --git a/source4/lib/wmi/tools/wmic.c b/source4/lib/wmi/tools/wmic.c
index 3921fd8bdb1..4817decc816 100644
--- a/source4/lib/wmi/tools/wmic.c
+++ b/source4/lib/wmi/tools/wmic.c
@@ -166,7 +166,7 @@ int main(int argc, char **argv)
 
 	parse_args(argc, argv, &args);
 
-	wmi_init(&ctx, cmdline_credentials);
+	wmi_init(&ctx, popt_get_cmdline_credentials());
 
 	if (!args.ns)
 		args.ns = "root\\cimv2";
diff --git a/source4/lib/wmi/tools/wmis.c b/source4/lib/wmi/tools/wmis.c
index c4c8ed92999..395cec2ce6d 100644
--- a/source4/lib/wmi/tools/wmis.c
+++ b/source4/lib/wmi/tools/wmis.c
@@ -191,7 +191,7 @@ int main(int argc, char **argv)
 
 	parse_args(argc, argv, &args);
 
-	wmi_init(&ctx, cmdline_credentials);
+	wmi_init(&ctx, popt_get_cmdline_credentials());
 	result = WBEM_ConnectServer(ctx, args.hostname, "root\\cimv2", 0, 0, 0, 0, 0, 0, &pWS);
 	WERR_CHECK("WBEM_ConnectServer.");
 
diff --git a/source4/torture/auth/ntlmssp.c b/source4/torture/auth/ntlmssp.c
index 45e58890eb6..6d24a1839cb 100644
--- a/source4/torture/auth/ntlmssp.c
+++ b/source4/torture/auth/ntlmssp.c
@@ -41,7 +41,7 @@ static bool torture_ntlmssp_self_check(struct torture_context *tctx)
 				    lpcfg_gensec_settings(tctx, tctx->lp_ctx)),
 		"gensec client start");
 
-	gensec_set_credentials(gensec_security, cmdline_credentials);
+	gensec_set_credentials(gensec_security, popt_get_cmdline_credentials());
 
 	gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
 	gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL);
@@ -98,7 +98,7 @@ static bool torture_ntlmssp_self_check(struct torture_context *tctx)
 				    lpcfg_gensec_settings(tctx, tctx->lp_ctx)),
 		"Failed to start GENSEC for NTLMSSP");
 
-	gensec_set_credentials(gensec_security, cmdline_credentials);
+	gensec_set_credentials(gensec_security, popt_get_cmdline_credentials());
 
 	gensec_want_feature(gensec_security, GENSEC_FEATURE_SIGN);
 	gensec_want_feature(gensec_security, GENSEC_FEATURE_SEAL);
diff --git a/source4/torture/basic/misc.c b/source4/torture/basic/misc.c
index 7dcb9a7014c..68b7cbec812 100644
--- a/source4/torture/basic/misc.c
+++ b/source4/torture/basic/misc.c
@@ -34,9 +34,8 @@
 #include "libcli/composite/composite.h"
 #include "param/param.h"
 #include "torture/basic/proto.h"
+#include "lib/cmdline/popt_common.h"
 
-extern struct cli_credentials *cmdline_credentials;
-	
 static bool wait_lock(struct smbcli_state *c, int fnum, uint32_t offset, uint32_t len)
 {
 	while (NT_STATUS_IS_ERR(smbcli_lock(c->tree, fnum, offset, len, -1, WRITE_LOCK))) {
@@ -873,7 +872,7 @@ static struct composite_context *torture_connect_async(
 	smb->in.socket_options = lpcfg_socket_options(tctx->lp_ctx);
 	smb->in.called_name = strupper_talloc(mem_ctx, host);
 	smb->in.service_type=NULL;
-	smb->in.credentials=cmdline_credentials;
+	smb->in.credentials=popt_get_cmdline_credentials();
 	smb->in.fallback_to_anonymous=false;
 	smb->in.gensec_settings = lpcfg_gensec_settings(mem_ctx, tctx->lp_ctx);
 	smb->in.workgroup=workgroup;
diff --git a/source4/torture/dns/dlz_bind9.c b/source4/torture/dns/dlz_bind9.c
index f16d16ec061..c29f26802f5 100644
--- a/source4/torture/dns/dlz_bind9.c
+++ b/source4/torture/dns/dlz_bind9.c
@@ -174,7 +174,8 @@ static bool test_dlz_bind9_gensec(struct torture_context *tctx, const char *mech
 	status = gensec_set_target_service(gensec_client_context, "dns");
 	torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_service failed");
 
-	status = gensec_set_credentials(gensec_client_context, cmdline_credentials);
+	status = gensec_set_credentials(gensec_client_context,
+			popt_get_cmdline_credentials());
 	torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (client) failed");
 
 	status = gensec_start_mech_by_sasl_name(gensec_client_context, mech);
@@ -188,14 +189,16 @@ static bool test_dlz_bind9_gensec(struct torture_context *tctx, const char *mech
 		torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed");
 	}
 
-	torture_assert_int_equal(tctx, dlz_ssumatch(cli_credentials_get_username(cmdline_credentials),
-						    lpcfg_dnsdomain(tctx->lp_ctx),
-						    "127.0.0.1", "type", "key",
-						    client_to_server.length,
-						    client_to_server.data,
-						    dbdata),
-				 ISC_TRUE,
-				 "Failed to check key for update rights samba_dlz");
+	torture_assert_int_equal(tctx, dlz_ssumatch(
+					cli_credentials_get_username(
+						popt_get_cmdline_credentials()),
+					lpcfg_dnsdomain(tctx->lp_ctx),
+					"127.0.0.1", "type", "key",
+					client_to_server.length,
+					client_to_server.data,
+					dbdata),
+					ISC_TRUE,
+			 "Failed to check key for update rights samba_dlz");
 
 	dlz_destroy(dbdata);
 
@@ -653,7 +656,8 @@ static bool test_dlz_bind9_update01(struct torture_context *tctx)
 	status = gensec_set_target_service(gensec_client_context, "dns");
 	torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_service failed");
 
-	status = gensec_set_credentials(gensec_client_context, cmdline_credentials);
+	status = gensec_set_credentials(gensec_client_context,
+			popt_get_cmdline_credentials());
 	torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (client) failed");
 
 	status = gensec_start_mech_by_sasl_name(gensec_client_context, "GSS-SPNEGO");
@@ -667,16 +671,18 @@ static bool test_dlz_bind9_update01(struct torture_context *tctx)
 		torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed");
 	}
 
-	torture_assert_int_equal(tctx, dlz_ssumatch(cli_credentials_get_username(cmdline_credentials),
-						    name,
-						    "127.0.0.1",
-						    expected1->records[0].type,
-						    "key",
-						    client_to_server.length,
-						    client_to_server.data,
-						    dbdata),
-				 ISC_TRUE,
-				 "Failed to check key for update rights samba_dlz");
+	torture_assert_int_equal(tctx, dlz_ssumatch(
+				cli_credentials_get_username(
+					popt_get_cmdline_credentials()),
+				name,
+				"127.0.0.1",
+				expected1->records[0].type,
+				"key",
+				client_to_server.length,
+				client_to_server.data,
+				dbdata),
+				ISC_TRUE,
+			 "Failed to check key for update rights samba_dlz");
 
 	/*
 	 * We test the following:
diff --git a/source4/torture/drs/rpc/dssync.c b/source4/torture/drs/rpc/dssync.c
index 8fa04c32b48..316fad75249 100644
--- a/source4/torture/drs/rpc/dssync.c
+++ b/source4/torture/drs/rpc/dssync.c
@@ -123,7 +123,7 @@ static struct DsSyncTest *test_create_context(struct torture_context *tctx)
 	}
 
 	/* ctx->admin ...*/
-	ctx->admin.credentials				= cmdline_credentials;
+	ctx->admin.credentials	= popt_get_cmdline_credentials();
 
 	our_bind_info28				= &ctx->admin.drsuapi.our_bind_info28;
 	our_bind_info28->supported_extensions	= 0xFFFFFFFF;
@@ -143,7 +143,7 @@ static struct DsSyncTest *test_create_context(struct torture_context *tctx)
 	ctx->admin.drsuapi.req.out.bind_handle		= &ctx->admin.drsuapi.bind_handle;
 
 	/* ctx->new_dc ...*/
-	ctx->new_dc.credentials			= cmdline_credentials;
+	ctx->new_dc.credentials	= popt_get_cmdline_credentials();
 
 	our_bind_info28				= &ctx->new_dc.drsuapi.our_bind_info28;
 	our_bind_info28->supported_extensions	|= DRSUAPI_SUPPORTED_EXTENSION_BASE;
diff --git a/source4/torture/drs/rpc/msds_intid.c b/source4/torture/drs/rpc/msds_intid.c
index 53d0c3b79b6..3eaa094b9db 100644
--- a/source4/torture/drs/rpc/msds_intid.c
+++ b/source4/torture/drs/rpc/msds_intid.c
@@ -185,7 +185,7 @@ static struct DsIntIdTestCtx *_dsintid_create_context(struct torture_context *tc
 	}
 
 	/* populate test suite context */
-	ctx->creds = cmdline_credentials;
+	ctx->creds = popt_get_cmdline_credentials();
 	ctx->dsa_bind.server_binding = server_binding;
 
 	ctx->ldap_url = talloc_asprintf(ctx, "ldap://%s",
diff --git a/source4/torture/krb5/kdc-canon-heimdal.c b/source4/torture/krb5/kdc-canon-heimdal.c
index fece17f3249..7f806e73e66 100644
--- a/source4/torture/krb5/kdc-canon-heimdal.c
+++ b/source4/torture/krb5/kdc-canon-heimdal.c
@@ -1423,7 +1423,8 @@ static bool torture_krb5_as_req_canon(struct torture_context *tctx, const void *
 	int expected_principal_flags;
 	char *got_principal_string;
 	char *assertion_message;
-	const char *password = cli_credentials_get_password(cmdline_credentials);
+	const char *password = cli_credentials_get_password(
+			popt_get_cmdline_credentials());
 	krb5_context k5_context;
 	struct torture_krb5_context *test_context;
 	bool ok;
@@ -1913,7 +1914,8 @@ static bool torture_krb5_as_req_canon(struct torture_context *tctx, const void *
 		torture_assert_int_equal(tctx, k5ret, 0, assertion_message);
 		client_to_server = data_blob_const(enc_ticket.data, enc_ticket.length);
 		torture_assert(tctx,
-			       test_accept_ticket(tctx, cmdline_credentials,
+			       test_accept_ticket(tctx,
+					popt_get_cmdline_credentials(),
 						  expected_unparse_principal_string,
 						  client_to_server),
 			       "test_accept_ticket failed - failed to accept the ticket we just created");
@@ -2227,10 +2229,15 @@ struct torture_suite *torture_krb5_canon(TALLOC_CTX *mem_ctx)
 
 		test_data->test_name = name;
 		test_data->real_realm
-			= strupper_talloc(test_data, cli_credentials_get_realm(cmdline_credentials));
-		test_data->real_domain = cli_credentials_get_domain(cmdline_credentials);
-		test_data->username = cli_credentials_get_username(cmdline_credentials);
-		test_data->real_username = cli_credentials_get_username(cmdline_credentials);
+			= strupper_talloc(test_data,
+				cli_credentials_get_realm(
+					popt_get_cmdline_credentials()));
+		test_data->real_domain = cli_credentials_get_domain(
+						popt_get_cmdline_credentials());
+		test_data->username = cli_credentials_get_username(
+						popt_get_cmdline_credentials());
+		test_data->real_username = cli_credentials_get_username(
+						popt_get_cmdline_credentials());
 		test_data->canonicalize = (i & TEST_CANONICALIZE) != 0;
 		test_data->enterprise = (i & TEST_ENTERPRISE) != 0;
 		test_data->upper_realm = (i & TEST_UPPER_REALM) != 0;
diff --git a/source4/torture/krb5/kdc-heimdal.c b/source4/torture/krb5/kdc-heimdal.c
index 2cf972cea6f..7d5a16702c3 100644
--- a/source4/torture/krb5/kdc-heimdal.c
+++ b/source4/torture/krb5/kdc-heimdal.c
@@ -643,7 +643,8 @@ static bool torture_krb5_as_req_creds(struct torture_context *tctx,
 
 static bool torture_krb5_as_req_cmdline(struct torture_context *tctx)
 {
-	return torture_krb5_as_req_creds(tctx, cmdline_credentials, TORTURE_KRB5_TEST_PLAIN);
+	return torture_krb5_as_req_creds(tctx, popt_get_cmdline_credentials(),
+			TORTURE_KRB5_TEST_PLAIN);
 }
 
 static bool torture_krb5_as_req_pac_request(struct torture_context *tctx)
@@ -651,37 +652,40 @@ static bool torture_krb5_as_req_pac_request(struct torture_context *tctx)
 	if (torture_setting_bool(tctx, "expect_rodc", false)) {
 		torture_skip(tctx, "This test needs further investigation in the RODC case against a Windows DC, in particular with non-cached users");
 	}
-	return torture_krb5_as_req_creds(tctx, cmdline_credentials, TORTURE_KRB5_TEST_PAC_REQUEST);
+	return torture_krb5_as_req_creds(tctx, popt_get_cmdline_credentials(),
+			TORTURE_KRB5_TEST_PAC_REQUEST);
 }
 
 static bool torture_krb5_as_req_break_pw(struct torture_context *tctx)
 {
-	return torture_krb5_as_req_creds(tctx, cmdline_credentials, TORTURE_KRB5_TEST_BREAK_PW);
+	return torture_krb5_as_req_creds(tctx, popt_get_cmdline_credentials(),
+			TORTURE_KRB5_TEST_BREAK_PW);
 }
 
 static bool torture_krb5_as_req_clock_skew(struct torture_context *tctx)
 {
-	return torture_krb5_as_req_creds(tctx, cmdline_credentials, TORTURE_KRB5_TEST_CLOCK_SKEW);
+	return torture_krb5_as_req_creds(tctx, popt_get_cmdline_credentials(),
+			TORTURE_KRB5_TEST_CLOCK_SKEW);
 }
 
 static bool torture_krb5_as_req_aes(struct torture_context *tctx)
 {
 	return torture_krb5_as_req_creds(tctx,
-					 cmdline_credentials,
+					 popt_get_cmdline_credentials(),
 					 TORTURE_KRB5_TEST_AES);
 }
 
 static bool torture_krb5_as_req_rc4(struct torture_context *tctx)
 {
 	return torture_krb5_as_req_creds(tctx,
-					 cmdline_credentials,
+					 popt_get_cmdline_credentials(),
 					 TORTURE_KRB5_TEST_RC4);
 }
 
 static bool torture_krb5_as_req_aes_rc4(struct torture_context *tctx)
 {
 	return torture_krb5_as_req_creds(tctx,
-					 cmdline_credentials,
+					 popt_get_cmdline_credentials(),
 					 TORTURE_KRB5_TEST_AES_RC4);
 }
 
diff --git a/source4/torture/krb5/kdc-mit.c b/source4/torture/krb5/kdc-mit.c
index 77fa8c34a95..ba97137cd74 100644
--- a/source4/torture/krb5/kdc-mit.c
+++ b/source4/torture/krb5/kdc-mit.c
@@ -691,7 +691,7 @@ static bool torture_krb5_as_req_creds(struct torture_context *tctx,
 static bool torture_krb5_as_req_cmdline(struct torture_context *tctx)
 {
 	return torture_krb5_as_req_creds(tctx,
-					 cmdline_credentials,
+					 popt_get_cmdline_credentials(),
 					 TORTURE_KRB5_TEST_PLAIN);
 }
 
@@ -707,42 +707,43 @@ static bool torture_krb5_as_req_pac_request(struct torture_context *tctx)
 			     "RODC case against a Windows DC, in particular "
 			     "with non-cached users");
 	}
-	return torture_krb5_as_req_creds(tctx, cmdline_credentials, TORTURE_KRB5_TEST_PAC_REQUEST);
+	return torture_krb5_as_req_creds(tctx, popt_get_cmdline_credentials(),
+			TORTURE_KRB5_TEST_PAC_REQUEST);
 }
 #endif /* HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PAC_REQUEST */
 
 static bool torture_krb5_as_req_break_pw(struct torture_context *tctx)
 {
 	return torture_krb5_as_req_creds(tctx,
-					 cmdline_credentials,
+					 popt_get_cmdline_credentials(),
 					 TORTURE_KRB5_TEST_BREAK_PW);
 }
 
 static bool torture_krb5_as_req_clock_skew(struct torture_context *tctx)
 {
 	return torture_krb5_as_req_creds(tctx,
-					 cmdline_credentials,
+					 popt_get_cmdline_credentials(),
 					 TORTURE_KRB5_TEST_CLOCK_SKEW);
 }
 
 static bool torture_krb5_as_req_aes(struct torture_context *tctx)
 {
 	return torture_krb5_as_req_creds(tctx,
-					 cmdline_credentials,
+					 popt_get_cmdline_credentials(),
 					 TORTURE_KRB5_TEST_AES);
 }
 
 static bool torture_krb5_as_req_rc4(struct torture_context *tctx)
 {
 	return torture_krb5_as_req_creds(tctx,
-					 cmdline_credentials,
+					 popt_get_cmdline_credentials(),
 					 TORTURE_KRB5_TEST_RC4);
 }
 
 static bool torture_krb5_as_req_aes_rc4(struct torture_context *tctx)
 {
 	return torture_krb5_as_req_creds(tctx,
-					 cmdline_credentials,
+					 popt_get_cmdline_credentials(),
 					 TORTURE_KRB5_TEST_AES_RC4);
 }
 
diff --git a/source4/torture/ldap/basic.c b/source4/torture/ldap/basic.c
index 5f758a95029..fd287bde73c 100644
--- a/source4/torture/ldap/basic.c
+++ b/source4/torture/ldap/basic.c
@@ -724,7 +724,7 @@ static bool test_referrals(struct torture_context *tctx, TALLOC_CTX *mem_ctx,
 	}
 
 	ldb = ldb_wrap_connect(mem_ctx, tctx->ev, tctx->lp_ctx, url,
-			       NULL, cmdline_credentials, 0);
+			       NULL, popt_get_cmdline_credentials(), 0);
 
 	/* "partitions[i]" are the partitions for which we search the parents */
 	for (i = 1; partitions[i] != NULL; i++) {
@@ -968,7 +968,7 @@ bool torture_ldap_basic(struct torture_context *torture)
 		ret = false;
 	}
 
-	if (!test_bind_sasl(torture, conn, cmdline_credentials)) {
+	if (!test_bind_sasl(torture, conn, popt_get_cmdline_credentials())) {
 		ret = false;
 	}
 
diff --git a/source4/torture/ldap/ldap_sort.c b/source4/torture/ldap/ldap_sort.c
index 643ff3ffbcf..7aa0d54bf6f 100644
--- a/source4/torture/ldap/ldap_sort.c
+++ b/source4/torture/ldap/ldap_sort.c
@@ -62,7 +62,7 @@ bool torture_ldap_sort(struct torture_context *torture)
 
 	ldb = ldb_wrap_connect(torture, torture->ev, torture->lp_ctx, url,
 						 NULL,
-						 cmdline_credentials,
+						 popt_get_cmdline_credentials(),
 						 0);
 	torture_assert(torture, ldb, "Failed to make LDB connection to target");
 
diff --git a/source4/torture/ldap/nested_search.c b/source4/torture/ldap/nested_search.c
index 9699919ecc1..31e127d04ff 100644
--- a/source4/torture/ldap/nested_search.c
+++ b/source4/torture/ldap/nested_search.c
@@ -162,7 +162,7 @@ bool test_ldap_nested_search(struct torture_context *tctx)
 	torture_comment(tctx, "Connecting to: %s\n", url);
 	sctx->ldb = ldb_wrap_connect(sctx, tctx->ev, tctx->lp_ctx, url,
 	                             NULL,
-	                             cmdline_credentials,
+	                             popt_get_cmdline_credentials(),
 	                             0);
 	torture_assert(tctx, sctx->ldb, "Failed to create ldb connection");
 
diff --git a/source4/torture/ldap/schema.c b/source4/torture/ldap/schema.c
index 8f40d944234..b6da873e7fc 100644
--- a/source4/torture/ldap/schema.c
+++ b/source4/torture/ldap/schema.c
@@ -388,7 +388,7 @@ bool torture_ldap_schema(struct torture_context *torture)
 
 	ldb = ldb_wrap_connect(torture, torture->ev, torture->lp_ctx, url,
 			       NULL,
-			       cmdline_credentials,
+			       popt_get_cmdline_credentials(),
 			       0);
 	if (!ldb) goto failed;
 
diff --git a/source4/torture/ldap/uptodatevector.c b/source4/torture/ldap/uptodatevector.c
index d2a8980f3ba..289ff6d863b 100644
--- a/source4/torture/ldap/uptodatevector.c
+++ b/source4/torture/ldap/uptodatevector.c
@@ -159,7 +159,7 @@ bool torture_ldap_uptodatevector(struct torture_context *torture)
 
 	ldb = ldb_wrap_connect(torture, torture->ev, torture->lp_ctx, url,
 			       NULL,
-			       cmdline_credentials,
+			       popt_get_cmdline_credentials(),
 			       0);
 	if (!ldb) goto failed;
 
diff --git a/source4/torture/libnet/libnet_BecomeDC.c b/source4/torture/libnet/libnet_BecomeDC.c
index 372311e5c11..ffba17c855c 100644
--- a/source4/torture/libnet/libnet_BecomeDC.c
+++ b/source4/torture/libnet/libnet_BecomeDC.c
@@ -92,7 +92,7 @@ bool torture_net_become_dc(struct torture_context *torture)
 	torture_assert(torture, s, "libnet_vampire_cb_state_init");
 
 	ctx = libnet_context_init(torture->ev, torture->lp_ctx);
-	ctx->cred = cmdline_credentials;
+	ctx->cred = popt_get_cmdline_credentials();
 
 	ZERO_STRUCT(b);
 	b.in.domain_dns_name		= torture_join_dom_dns_name(tj);
diff --git a/source4/torture/libnet/libnet_domain.c b/source4/torture/libnet/libnet_domain.c
index 0b45ac48ed9..7fcab74cfcf 100644
--- a/source4/torture/libnet/libnet_domain.c
+++ b/source4/torture/libnet/libnet_domain.c
@@ -141,7 +141,7 @@ bool torture_domain_open_lsa(struct torture_context *torture)
 		return false;
 	}
 
-	ctx->cred = cmdline_credentials;
+	ctx->cred = popt_get_cmdline_credentials();
 
 	ZERO_STRUCT(r);
 	r.in.type = DOMAIN_LSA;
@@ -196,11 +196,12 @@ bool torture_domain_close_lsa(struct torture_context *torture)
 		goto done;
 	}
 
-	ctx->cred = cmdline_credentials;
+	ctx->cred = popt_get_cmdline_credentials();
 
 	mem_ctx = talloc_init("torture_domain_close_lsa");
 	status = dcerpc_pipe_connect_b(mem_ctx, &p, binding, &ndr_table_lsarpc,
-				     cmdline_credentials, torture->ev, torture->lp_ctx);
+				     popt_get_cmdline_credentials(),
+				torture->ev, torture->lp_ctx);
 	if (!NT_STATUS_IS_OK(status)) {
 		torture_comment(torture, "failed to connect to server: %s\n", nt_errstr(status));
 		ret = false;
@@ -251,7 +252,7 @@ bool torture_domain_open_samr(struct torture_context *torture)
 	mem_ctx = talloc_init("test_domainopen_lsa");
 
 	ctx = libnet_context_init(torture->ev, torture->lp_ctx);
-	ctx->cred = cmdline_credentials;
+	ctx->cred = popt_get_cmdline_credentials();
 
 	/* we're accessing domain controller so the domain name should be
 	   passed (it's going to be resolved to dc name and address) instead
@@ -322,7 +323,7 @@ bool torture_domain_close_samr(struct torture_context *torture)
 		goto done;
 	}
 
-	ctx->cred = cmdline_credentials;
+	ctx->cred = popt_get_cmdline_credentials();
 
 	mem_ctx = talloc_init("torture_domain_close_samr");
 	status = dcerpc_pipe_connect_b(mem_ctx, &p, binding, &ndr_table_samr,
@@ -386,7 +387,7 @@ bool torture_domain_list(struct torture_context *torture)
 		goto done;
 	}
 
-	ctx->cred = cmdline_credentials;
+	ctx->cred = popt_get_cmdline_credentials();
 
 	mem_ctx = talloc_init("torture_domain_close_samr");
 
diff --git a/source4/torture/libnet/libnet_group.c b/source4/torture/libnet/libnet_group.c
index f76587c1083..e304f8bf22d 100644
--- a/source4/torture/libnet/libnet_group.c
+++ b/source4/torture/libnet/libnet_group.c
@@ -114,7 +114,7 @@ bool torture_grouplist(struct torture_context *torture)
 	int i;
 
 	ctx = libnet_context_init(torture->ev, torture->lp_ctx);
-	ctx->cred = cmdline_credentials;
+	ctx->cred = popt_get_cmdline_credentials();
 
 	domain_name.string = lpcfg_workgroup(torture->lp_ctx);
 	mem_ctx = talloc_init("torture group list");
@@ -177,7 +177,7 @@ bool torture_creategroup(struct torture_context *torture)
 	mem_ctx = talloc_init("test_creategroup");
 
 	ctx = libnet_context_init(torture->ev, torture->lp_ctx);
-	ctx->cred = cmdline_credentials;
+	ctx->cred = popt_get_cmdline_credentials();
 
 	req.in.group_name = TEST_GROUPNAME;
 	req.in.domain_name = lpcfg_workgroup(torture->lp_ctx);
diff --git a/source4/torture/libnet/libnet_lookup.c b/source4/torture/libnet/libnet_lookup.c
index 618acdee049..82ab10a6396 100644
--- a/source4/torture/libnet/libnet_lookup.c
+++ b/source4/torture/libnet/libnet_lookup.c
@@ -39,7 +39,7 @@ bool torture_lookup(struct torture_context *torture)
 	mem_ctx = talloc_init("test_lookup");
 
 	ctx = libnet_context_init(torture->ev, torture->lp_ctx);
-	ctx->cred = cmdline_credentials;
+	ctx->cred = popt_get_cmdline_credentials();
 
 	lookup.in.hostname = torture_setting_string(torture, "host", NULL);
 	if (lookup.in.hostname == NULL) {
@@ -83,7 +83,7 @@ bool torture_lookup_host(struct torture_context *torture)
 	mem_ctx = talloc_init("test_lookup_host");
 
 	ctx = libnet_context_init(torture->ev, torture->lp_ctx);
-	ctx->cred = cmdline_credentials;
+	ctx->cred = popt_get_cmdline_credentials();
 
 	lookup.in.hostname = torture_setting_string(torture, "host", NULL);
 	if (lookup.in.hostname == NULL) {
@@ -126,7 +126,7 @@ bool torture_lookup_pdc(struct torture_context *torture)
 	mem_ctx = talloc_init("test_lookup_pdc");
 
 	ctx = libnet_context_init(torture->ev, torture->lp_ctx);
-	ctx->cred = cmdline_credentials;
+	ctx->cred = popt_get_cmdline_credentials();
 
 	talloc_steal(ctx, mem_ctx);
 
@@ -171,7 +171,7 @@ bool torture_lookup_sam_name(struct torture_context *torture)
 	bool ret = true;
 
 	ctx = libnet_context_init(torture->ev, torture->lp_ctx);
-	ctx->cred = cmdline_credentials;
+	ctx->cred = popt_get_cmdline_credentials();
 
 	mem_ctx = talloc_init("torture lookup sam name");
 	if (mem_ctx == NULL) return false;
diff --git a/source4/torture/libnet/libnet_rpc.c b/source4/torture/libnet/libnet_rpc.c
index 3e2048274a9..17ed0d1cbd9 100644
--- a/source4/torture/libnet/libnet_rpc.c
+++ b/source4/torture/libnet/libnet_rpc.c
@@ -90,7 +90,7 @@ static bool torture_rpc_connect(struct torture_context *torture,
 	struct libnet_context *ctx;
 
 	ctx = libnet_context_init(torture->ev, torture->lp_ctx);
-	ctx->cred = cmdline_credentials;
+	ctx->cred = popt_get_cmdline_credentials();
 
 	torture_comment(torture, "Testing connection to LSA interface\n");
 
diff --git a/source4/torture/libnet/libnet_share.c b/source4/torture/libnet/libnet_share.c
index 3c50883318e..c09790f9545 100644
--- a/source4/torture/libnet/libnet_share.c
+++ b/source4/torture/libnet/libnet_share.c
@@ -140,7 +140,7 @@ bool torture_listshares(struct torture_context *torture)
 		goto done;
 	}
 
-	libnetctx->cred = cmdline_credentials;
+	libnetctx->cred = popt_get_cmdline_credentials();
 
 	torture_comment(torture, "Testing libnet_ListShare\n");
 
@@ -221,7 +221,7 @@ bool torture_delshare(struct torture_context *torture)
 	torture_assert_ntstatus_ok(torture, status, "Failed to get binding");
 
 	libnetctx = libnet_context_init(torture->ev, torture->lp_ctx);
-	libnetctx->cred = cmdline_credentials;
+	libnetctx->cred = popt_get_cmdline_credentials();
 
 	status = torture_rpc_connection(torture,
 					&p,
diff --git a/source4/torture/libnet/libnet_user.c b/source4/torture/libnet/libnet_user.c
index 64f57d57ad5..c3f7da19463 100644
--- a/source4/torture/libnet/libnet_user.c
+++ b/source4/torture/libnet/libnet_user.c
@@ -466,7 +466,7 @@ bool torture_userlist(struct torture_context *torture)
 	int i;
 
 	ctx = libnet_context_init(torture->ev, torture->lp_ctx);
-	ctx->cred = cmdline_credentials;
+	ctx->cred = popt_get_cmdline_credentials();
 
 	domain_name.string = lpcfg_workgroup(torture->lp_ctx);
 	mem_ctx = talloc_init("torture user list");
diff --git a/source4/torture/libnet/utils.c b/source4/torture/libnet/utils.c
index 88cebf1fbdc..228e8165fcc 100644
--- a/source4/torture/libnet/utils.c
+++ b/source4/torture/libnet/utils.c
@@ -134,7 +134,7 @@ static bool _get_account_name_for_user_rdn(struct torture_context *tctx,
 
 	ldb = ldb_wrap_connect(tmp_ctx,
 	                       tctx->ev, tctx->lp_ctx,
-	                       url, NULL, cmdline_credentials, 0);
+	                       url, NULL, popt_get_cmdline_credentials(), 0);
 	torture_assert_goto(tctx, ldb != NULL, test_res, done, "Failed to make LDB connection");
 
 	ldb_ret = ldb_search(ldb, tmp_ctx, &ldb_res,
@@ -493,7 +493,7 @@ bool test_libnet_context_init(struct torture_context *tctx,
 	torture_assert(tctx, net_ctx != NULL, "Failed to create libnet_context");
 
 	/* Use command line credentials for testing */
-	net_ctx->cred = cmdline_credentials;
+	net_ctx->cred = popt_get_cmdline_credentials();
 
 	if (rpc_connect) {
 		/* connect SAMR pipe */
diff --git a/source4/torture/libnetapi/libnetapi.c b/source4/torture/libnetapi/libnetapi.c
index 9d3973a2bb8..dc48caf6031 100644
--- a/source4/torture/libnetapi/libnetapi.c
+++ b/source4/torture/libnetapi/libnetapi.c
@@ -49,9 +49,9 @@ bool torture_libnetapi_init_context(struct torture_context *tctx,
 	}
 
 	libnetapi_set_username(ctx,
-		cli_credentials_get_username(cmdline_credentials));
+		cli_credentials_get_username(popt_get_cmdline_credentials()));
 	libnetapi_set_password(ctx,
-		cli_credentials_get_password(cmdline_credentials));
+		cli_credentials_get_password(popt_get_cmdline_credentials()));
 
 	*ctx_p = ctx;
 
diff --git a/source4/torture/libsmbclient/libsmbclient.c b/source4/torture/libsmbclient/libsmbclient.c
index b93fda00b69..f6cd8102c4d 100644
--- a/source4/torture/libsmbclient/libsmbclient.c
+++ b/source4/torture/libsmbclient/libsmbclient.c
@@ -38,7 +38,8 @@ bool torture_libsmbclient_init_context(struct torture_context *tctx,
 
 	/* yes, libsmbclient API frees the username when freeing the context, so
 	 * have to pass malloced data here */
-	smbc_setUser(ctx, strdup(cli_credentials_get_username(cmdline_credentials)));
+	smbc_setUser(ctx, strdup(cli_credentials_get_username(
+			popt_get_cmdline_credentials())));
 
 	*ctx_p = ctx;
 
diff --git a/source4/torture/masktest.c b/source4/torture/masktest.c
index 7f1be866d07..9c5906fc7c6 100644
--- a/source4/torture/masktest.c
+++ b/source4/torture/masktest.c
@@ -90,14 +90,16 @@ static struct smbcli_state *connect_one(struct resolve_context *resolve_ctx,
 	*share = 0;
 	share++;
 
-	cli_credentials_set_workstation(cmdline_credentials, "masktest", CRED_SPECIFIED);
+	cli_credentials_set_workstation(popt_get_cmdline_credentials(),
+			"masktest", CRED_SPECIFIED);
 
 	status = smbcli_full_connection(NULL, &c,
 					server, 
 					ports,
 					share, NULL,
 					socket_options,
-					cmdline_credentials, resolve_ctx, ev,
+					popt_get_cmdline_credentials(),
+					resolve_ctx, ev,
 					options, session_options,
 					gensec_settings);
 
diff --git a/source4/torture/raw/composite.c b/source4/torture/raw/composite.c
index 1c02e40013d..2a36431fc40 100644
--- a/source4/torture/raw/composite.c
+++ b/source4/torture/raw/composite.c
@@ -159,7 +159,7 @@ static bool test_fetchfile(struct torture_context *tctx, struct smbcli_state *cl
 	io2.in.service_type = "A:";
 	io2.in.socket_options = lpcfg_socket_options(tctx->lp_ctx);
 
-	io2.in.credentials = cmdline_credentials;
+	io2.in.credentials = popt_get_cmdline_credentials();
 	io2.in.workgroup  = lpcfg_workgroup(tctx->lp_ctx);
 	io2.in.filename = fname;
 	lpcfg_smbcli_options(tctx->lp_ctx, &io2.in.options);
@@ -348,7 +348,7 @@ static bool test_fsinfo(struct torture_context *tctx, struct smbcli_state *cli)
 	io1.in.called_name = torture_setting_string(tctx, "host", NULL);
 	io1.in.service = torture_setting_string(tctx, "share", NULL);
 	io1.in.service_type = "A:";
-	io1.in.credentials = cmdline_credentials;
+	io1.in.credentials = popt_get_cmdline_credentials();
 	io1.in.workgroup = lpcfg_workgroup(tctx->lp_ctx);
 	io1.in.level = RAW_QFS_OBJECTID_INFORMATION;
 	io1.in.gensec_settings = lpcfg_gensec_settings(tctx, tctx->lp_ctx);
diff --git a/source4/torture/raw/context.c b/source4/torture/raw/context.c
index e10e77535dd..8c3a7675047 100644
--- a/source4/torture/raw/context.c
+++ b/source4/torture/raw/context.c
@@ -86,7 +86,7 @@ static bool test_session(struct torture_context *tctx,
 	setup.in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */
 	setup.in.workgroup = lpcfg_workgroup(tctx->lp_ctx);
 
-	setup.in.credentials = cmdline_credentials;
+	setup.in.credentials = popt_get_cmdline_credentials();
 	setup.in.gensec_settings = gensec_settings;
 
 	status = smb_composite_sesssetup(session, &setup);
@@ -114,7 +114,7 @@ static bool test_session(struct torture_context *tctx,
 	setup.in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */
 	setup.in.workgroup = lpcfg_workgroup(tctx->lp_ctx);
 
-	setup.in.credentials = cmdline_credentials;
+	setup.in.credentials = popt_get_cmdline_credentials();
 
 	torture_comment(tctx, "vuid1=%d vuid2=%d vuid3=%d\n", cli->session->vuid, session->vuid, vuid3);
 
@@ -142,7 +142,7 @@ static bool test_session(struct torture_context *tctx,
 		setup.in.capabilities &= ~CAP_EXTENDED_SECURITY; /* force a non extended security login (should fail) */
 		setup.in.workgroup = lpcfg_workgroup(tctx->lp_ctx);
 	
-		setup.in.credentials = cmdline_credentials;
+		setup.in.credentials = popt_get_cmdline_credentials();
 
 		status = smb_composite_sesssetup(session3, &setup);
 		if (!NT_STATUS_EQUAL(status, NT_STATUS_LOGON_FAILURE)) {
@@ -239,7 +239,7 @@ static bool test_session(struct torture_context *tctx,
 		setups[i].in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */
 		setups[i].in.workgroup = lpcfg_workgroup(tctx->lp_ctx);
 		
-		setups[i].in.credentials = cmdline_credentials;
+		setups[i].in.credentials = popt_get_cmdline_credentials();
 		setups[i].in.gensec_settings = gensec_settings;
 
 		sessions[i] = smbcli_session_init(cli->transport, tctx, false, options);
@@ -402,7 +402,7 @@ static bool test_tree_ulogoff(struct torture_context *tctx, struct smbcli_state
 	setup.in.sesskey = cli->transport->negotiate.sesskey;
 	setup.in.capabilities = cli->transport->negotiate.capabilities;
 	setup.in.workgroup = lpcfg_workgroup(tctx->lp_ctx);
-	setup.in.credentials = cmdline_credentials;
+	setup.in.credentials = popt_get_cmdline_credentials();
 	setup.in.gensec_settings = lpcfg_gensec_settings(tctx, tctx->lp_ctx);
 	status = smb_composite_sesssetup(session1, &setup);
 	CHECK_STATUS(status, NT_STATUS_OK);
@@ -459,7 +459,7 @@ static bool test_tree_ulogoff(struct torture_context *tctx, struct smbcli_state
 	setup.in.sesskey = cli->transport->negotiate.sesskey;
 	setup.in.capabilities = cli->transport->negotiate.capabilities;
 	setup.in.workgroup = lpcfg_workgroup(tctx->lp_ctx);
-	setup.in.credentials = cmdline_credentials;
+	setup.in.credentials = popt_get_cmdline_credentials();
 	setup.in.gensec_settings = lpcfg_gensec_settings(tctx, tctx->lp_ctx);
 	status = smb_composite_sesssetup(session2, &setup);
 	CHECK_STATUS(status, NT_STATUS_OK);
@@ -659,7 +659,7 @@ static bool test_pid_2sess(struct torture_context *tctx,
 	setup.in.sesskey = cli->transport->negotiate.sesskey;
 	setup.in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */
 	setup.in.workgroup = lpcfg_workgroup(tctx->lp_ctx);
-	setup.in.credentials = cmdline_credentials;
+	setup.in.credentials = popt_get_cmdline_credentials();
 	setup.in.gensec_settings = lpcfg_gensec_settings(tctx, tctx->lp_ctx);
 
 	status = smb_composite_sesssetup(session, &setup);
diff --git a/source4/torture/raw/lock.c b/source4/torture/raw/lock.c
index 71f49552641..a8cc153b3d7 100644
--- a/source4/torture/raw/lock.c
+++ b/source4/torture/raw/lock.c
@@ -816,7 +816,7 @@ static bool test_async(struct torture_context *tctx,
 	setup.in.sesskey = cli->transport->negotiate.sesskey;
 	setup.in.capabilities = cli->transport->negotiate.capabilities;
 	setup.in.workgroup = lpcfg_workgroup(tctx->lp_ctx);
-	setup.in.credentials = cmdline_credentials;
+	setup.in.credentials = popt_get_cmdline_credentials();
 	setup.in.gensec_settings = lpcfg_gensec_settings(tctx, tctx->lp_ctx);
 	status = smb_composite_sesssetup(session, &setup);
 	CHECK_STATUS(status, NT_STATUS_OK);
diff --git a/source4/torture/raw/lockbench.c b/source4/torture/raw/lockbench.c
index 1f016f0ee0f..b100a27f041 100644
--- a/source4/torture/raw/lockbench.c
+++ b/source4/torture/raw/lockbench.c
@@ -195,7 +195,7 @@ static void reopen_connection(struct tevent_context *ev, struct tevent_timer *te
 	io->in.called_name  = state->called_name;
 	io->in.service      = share;
 	io->in.service_type = state->service_type;
-	io->in.credentials  = cmdline_credentials;
+	io->in.credentials  = popt_get_cmdline_credentials();
 	io->in.fallback_to_anonymous = false;
 	io->in.workgroup    = lpcfg_workgroup(state->tctx->lp_ctx);
 	lpcfg_smbcli_options(state->tctx->lp_ctx, &io->in.options);
diff --git a/source4/torture/raw/openbench.c b/source4/torture/raw/openbench.c
index 7533c4fb65c..167a62626b4 100644
--- a/source4/torture/raw/openbench.c
+++ b/source4/torture/raw/openbench.c
@@ -137,7 +137,7 @@ static void reopen_connection(struct tevent_context *ev, struct tevent_timer *te
 	io->in.called_name  = state->called_name;
 	io->in.service      = share;
 	io->in.service_type = state->service_type;
-	io->in.credentials  = cmdline_credentials;
+	io->in.credentials  = popt_get_cmdline_credentials();
 	io->in.fallback_to_anonymous = false;
 	io->in.workgroup    = lpcfg_workgroup(state->tctx->lp_ctx);
 	io->in.gensec_settings = lpcfg_gensec_settings(state->mem_ctx, state->tctx->lp_ctx);
diff --git a/source4/torture/raw/oplock.c b/source4/torture/raw/oplock.c
index 1d7522f5419..0c081392ba6 100644
--- a/source4/torture/raw/oplock.c
+++ b/source4/torture/raw/oplock.c
@@ -186,7 +186,8 @@ static bool open_connection_no_level2_oplocks(struct torture_context *tctx,
 					torture_setting_string(tctx, "host", NULL),
 					lpcfg_smb_ports(tctx->lp_ctx),
 					torture_setting_string(tctx, "share", NULL),
-					NULL, lpcfg_socket_options(tctx->lp_ctx), cmdline_credentials,
+					NULL, lpcfg_socket_options(tctx->lp_ctx),
+					popt_get_cmdline_credentials(),
 					lpcfg_resolve_context(tctx->lp_ctx),
 					tctx->ev, &options, &session_options,
 					lpcfg_gensec_settings(tctx, tctx->lp_ctx));
diff --git a/source4/torture/raw/session.c b/source4/torture/raw/session.c
index 26b93cca512..c96e970d061 100644
--- a/source4/torture/raw/session.c
+++ b/source4/torture/raw/session.c
@@ -63,7 +63,7 @@ static bool test_session_reauth1(struct torture_context *tctx,
 	ZERO_STRUCT(io);
 	io.in.sesskey         = cli->transport->negotiate.sesskey;
 	io.in.capabilities    = cli->transport->negotiate.capabilities;
-	io.in.credentials     = cmdline_credentials;
+	io.in.credentials     = popt_get_cmdline_credentials();
 	io.in.workgroup       = lpcfg_workgroup(tctx->lp_ctx);
 	io.in.gensec_settings = lpcfg_gensec_settings(tctx, tctx->lp_ctx);
 	status = smb_composite_sesssetup(cli->session, &io);
@@ -205,7 +205,7 @@ static bool test_session_reauth2(struct torture_context *tctx,
 	ZERO_STRUCT(io_sesssetup);
 	io_sesssetup.in.sesskey      = cli->transport->negotiate.sesskey;
 	io_sesssetup.in.capabilities = cli->transport->negotiate.capabilities;
-	io_sesssetup.in.credentials  = cmdline_credentials;
+	io_sesssetup.in.credentials  = popt_get_cmdline_credentials();
 	io_sesssetup.in.workgroup    = lpcfg_workgroup(tctx->lp_ctx);
 	io_sesssetup.in.gensec_settings = lpcfg_gensec_settings(
 		tctx, tctx->lp_ctx);
@@ -234,7 +234,7 @@ static bool test_session_expire1(struct torture_context *tctx)
 	struct smbcli_session_options session_options;
 	const char *host = torture_setting_string(tctx, "host", NULL);
 	const char *share = torture_setting_string(tctx, "share", NULL);
-	struct cli_credentials *credentials = cmdline_credentials;
+	struct cli_credentials *credentials = popt_get_cmdline_credentials();
 	struct smbcli_state *cli = NULL;
 	enum credentials_use_kerberos use_kerberos;
 	char fname[256];
diff --git a/source4/torture/raw/tconrate.c b/source4/torture/raw/tconrate.c
index ae7d544f927..b485ccd8e63 100644
--- a/source4/torture/raw/tconrate.c
+++ b/source4/torture/raw/tconrate.c
@@ -100,7 +100,8 @@ static int fork_tcon_client(struct torture_context *tctx,
 
 		status = smbcli_full_connection(NULL, &cli,
 				host, lpcfg_smb_ports(tctx->lp_ctx), share,
-				NULL, lpcfg_socket_options(tctx->lp_ctx), cmdline_credentials,
+				NULL, lpcfg_socket_options(tctx->lp_ctx),
+				popt_get_cmdline_credentials(),
 				lpcfg_resolve_context(tctx->lp_ctx),
 				tctx->ev, &options, &session_options,
 				lpcfg_gensec_settings(tctx, tctx->lp_ctx));
diff --git a/source4/torture/rpc/async_bind.c b/source4/torture/rpc/async_bind.c
index d667a33b8a4..b736f73984c 100644
--- a/source4/torture/rpc/async_bind.c
+++ b/source4/torture/rpc/async_bind.c
@@ -63,7 +63,7 @@ bool torture_async_bind(struct torture_context *torture)
 	if (table == NULL) return false;
 	
 	/* credentials */
-	creds = cmdline_credentials;
+	creds = popt_get_cmdline_credentials();
 
 	/* send bind requests */
 	for (i = 0; i < torture_numasync; i++) {
diff --git a/source4/torture/rpc/backupkey.c b/source4/torture/rpc/backupkey.c
index 8cd3c166d0e..b955f933430 100644
--- a/source4/torture/rpc/backupkey.c
+++ b/source4/torture/rpc/backupkey.c
@@ -79,7 +79,8 @@ static struct dom_sid *get_user_sid(struct torture_context *tctx,
 	struct dcerpc_pipe *p2;
 	struct dcerpc_binding_handle *b;
 
-	const char *domain = cli_credentials_get_domain(cmdline_credentials);
+	const char *domain = cli_credentials_get_domain(
+			popt_get_cmdline_credentials());
 
 	torture_assert_ntstatus_ok(tctx,
 				torture_rpc_connection(tctx, &p2, &ndr_table_lsarpc),
@@ -644,7 +645,8 @@ static struct bkrp_BackupKey *createRestoreGUIDStruct(struct torture_context *tc
 		/* we take a fake user*/
 		user = "guest";
 	} else {
-		user = cli_credentials_get_username(cmdline_credentials);
+		user = cli_credentials_get_username(
+				popt_get_cmdline_credentials());
 	}
 
 
@@ -1814,7 +1816,8 @@ static bool test_ServerWrap_encrypt_decrypt_manual(struct torture_context *tctx,
 	torture_assert_ntstatus_ok(tctx,
 				   dcerpc_pipe_connect_b(tctx, &lsa_p,
 					lsa_binding, &ndr_table_lsarpc,
-					cmdline_credentials, tctx->ev, tctx->lp_ctx),
+					popt_get_cmdline_credentials(),
+					tctx->ev, tctx->lp_ctx),
 				   "Opening LSA pipe");
 	lsa_b = lsa_p->binding_handle;
 
@@ -1980,7 +1983,9 @@ static bool test_ServerWrap_encrypt_decrypt_manual(struct torture_context *tctx,
 				 "decrypted data is not correct");
 
 	/* Not strictly correct all the time, but good enough for this test */
-	caller_sid = get_user_sid(tctx, tctx, cli_credentials_get_username(cmdline_credentials));
+	caller_sid = get_user_sid(tctx, tctx,
+			cli_credentials_get_username(
+				popt_get_cmdline_credentials()));
 
 	torture_assert_sid_equal(tctx, &rc4payload.sid, caller_sid, "Secret saved with wrong SID");
 
diff --git a/source4/torture/rpc/backupkey_heimdal.c b/source4/torture/rpc/backupkey_heimdal.c
index c516a025c32..79b45e7aab8 100644
--- a/source4/torture/rpc/backupkey_heimdal.c
+++ b/source4/torture/rpc/backupkey_heimdal.c
@@ -82,7 +82,8 @@ static struct dom_sid *get_user_sid(struct torture_context *tctx,
 	struct dcerpc_pipe *p2;
 	struct dcerpc_binding_handle *b;
 
-	const char *domain = cli_credentials_get_domain(cmdline_credentials);
+	const char *domain = cli_credentials_get_domain(
+				popt_get_cmdline_credentials());
 
 	torture_assert_ntstatus_ok(tctx,
 				torture_rpc_connection(tctx, &p2, &ndr_table_lsarpc),
@@ -594,7 +595,8 @@ static struct bkrp_BackupKey *createRestoreGUIDStruct(struct torture_context *tc
 		/* we take a fake user*/
 		user = "guest";
 	} else {
-		user = cli_credentials_get_username(cmdline_credentials);
+		user = cli_credentials_get_username(
+				popt_get_cmdline_credentials());
 	}
 
 
@@ -1589,7 +1591,8 @@ static bool test_ServerWrap_encrypt_decrypt_manual(struct torture_context *tctx,
 	torture_assert_ntstatus_ok(tctx,
 				   dcerpc_pipe_connect_b(tctx, &lsa_p,
 					lsa_binding, &ndr_table_lsarpc,
-					cmdline_credentials, tctx->ev, tctx->lp_ctx),
+					popt_get_cmdline_credentials(),
+					tctx->ev, tctx->lp_ctx),
 				   "Opening LSA pipe");
 	lsa_b = lsa_p->binding_handle;
 
@@ -1726,7 +1729,9 @@ static bool test_ServerWrap_encrypt_decrypt_manual(struct torture_context *tctx,
 				 "decrypted data is not correct");
 
 	/* Not strictly correct all the time, but good enough for this test */
-	caller_sid = get_user_sid(tctx, tctx, cli_credentials_get_username(cmdline_credentials));
+	caller_sid = get_user_sid(tctx, tctx,
+			cli_credentials_get_username(
+				popt_get_cmdline_credentials()));
 
 	torture_assert_sid_equal(tctx, &rc4payload.sid, caller_sid, "Secret saved with wrong SID");
 
diff --git a/source4/torture/rpc/bind.c b/source4/torture/rpc/bind.c
index f20af4afb10..e809a1fdc9f 100644
--- a/source4/torture/rpc/bind.c
+++ b/source4/torture/rpc/bind.c
@@ -59,7 +59,7 @@ static bool test_bind(struct torture_context *tctx,
 	torture_assert_ntstatus_ok(tctx,
 		dcerpc_pipe_connect_b(tctx, &p, binding,
 				      &ndr_table_lsarpc,
-				      cmdline_credentials,
+				      popt_get_cmdline_credentials(),
 				      tctx->ev,
 				      tctx->lp_ctx),
 		"failed to connect pipe");
diff --git a/source4/torture/rpc/dfs.c b/source4/torture/rpc/dfs.c
index 8eb4f9f8e2d..1a6f132a0a7 100644
--- a/source4/torture/rpc/dfs.c
+++ b/source4/torture/rpc/dfs.c
@@ -56,7 +56,7 @@ static bool test_NetShareAdd(struct torture_context *tctx,
 		return false;
 	}
 
-	libnetctx->cred = cmdline_credentials;
+	libnetctx->cred = popt_get_cmdline_credentials();
 
 	i.name			= sharename;
 	i.type			= STYPE_DISKTREE;
@@ -95,7 +95,7 @@ static bool test_NetShareDel(struct torture_context *tctx,
 		return false;
 	}
 
-	libnetctx->cred = cmdline_credentials;
+	libnetctx->cred = popt_get_cmdline_credentials();
 
 	r.in.share_name		= sharename;
 	r.in.server_name	= host;
diff --git a/source4/torture/rpc/dsgetinfo.c b/source4/torture/rpc/dsgetinfo.c
index 00dfc69e208..141b4de586d 100644
--- a/source4/torture/rpc/dsgetinfo.c
+++ b/source4/torture/rpc/dsgetinfo.c
@@ -134,7 +134,7 @@ static struct DsGetinfoTest *test_create_context(struct torture_context *tctx)
 	}
 
 	/* ctx->admin ...*/
-	ctx->admin.credentials				= cmdline_credentials;
+	ctx->admin.credentials = popt_get_cmdline_credentials();
 
 	our_bind_info28				= &ctx->admin.drsuapi.our_bind_info28;
 	our_bind_info28->supported_extensions	= 0xFFFFFFFF;
diff --git a/source4/torture/rpc/fsrvp.c b/source4/torture/rpc/fsrvp.c
index 4a4e0d4418b..14559c9b453 100644
--- a/source4/torture/rpc/fsrvp.c
+++ b/source4/torture/rpc/fsrvp.c
@@ -44,6 +44,7 @@
 #include "librpc/gen_ndr/ndr_security.h"
 #include "librpc/gen_ndr/ndr_srvsvc_c.h"
 #include "librpc/gen_ndr/ndr_fsrvp_c.h"
+#include "lib/cmdline/popt_common.h"
 
 #define FSHARE	"fsrvp_share"
 #define FNAME	"testfss.dat"
@@ -506,7 +507,6 @@ static bool test_fsrvp_sc_share_io(struct torture_context *tctx,
 	TALLOC_CTX *tmp_ctx = talloc_new(tctx);
 	char *share_unc = talloc_asprintf(tmp_ctx, "\\\\%s\\%s",
 					  dcerpc_server_name(p), FSHARE);
-	extern struct cli_credentials *cmdline_credentials;
 	struct smb2_tree *tree_base;
 	struct smb2_tree *tree_snap;
 	struct smbcli_options options;
@@ -520,7 +520,7 @@ static bool test_fsrvp_sc_share_io(struct torture_context *tctx,
 			      lpcfg_smb_ports(tctx->lp_ctx),
 			      FSHARE,
 			      lpcfg_resolve_context(tctx->lp_ctx),
-			      cmdline_credentials,
+			      popt_get_cmdline_credentials(),
 			      &tree_base,
 			      tctx->ev,
 			      &options,
@@ -551,7 +551,7 @@ static bool test_fsrvp_sc_share_io(struct torture_context *tctx,
 			      lpcfg_smb_ports(tctx->lp_ctx),
 			      sc_map->ShadowCopyShareName,
 			      lpcfg_resolve_context(tctx->lp_ctx),
-			      cmdline_credentials,
+			      popt_get_cmdline_credentials(),
 			      &tree_snap,
 			      tctx->ev,
 			      &options,
@@ -633,7 +633,6 @@ static bool test_fsrvp_enum_created(struct torture_context *tctx,
 	TALLOC_CTX *tmp_ctx = talloc_new(tctx);
 	char *share_unc = talloc_asprintf(tmp_ctx, "\\\\%s\\%s\\",
 					  dcerpc_server_name(p), FSHARE);
-	extern struct cli_credentials *cmdline_credentials;
 	struct smb2_tree *tree_base;
 	struct smbcli_options options;
 	struct smb2_handle base_fh;
@@ -645,7 +644,7 @@ static bool test_fsrvp_enum_created(struct torture_context *tctx,
 			      lpcfg_smb_ports(tctx->lp_ctx),
 			      FSHARE,
 			      lpcfg_resolve_context(tctx->lp_ctx),
-			      cmdline_credentials,
+			      popt_get_cmdline_credentials(),
 			      &tree_base,
 			      tctx->ev,
 			      &options,
@@ -915,10 +914,9 @@ static bool fsrvp_rpc_setup(struct torture_context *tctx, void **data)
 	struct torture_rpc_tcase *tcase = talloc_get_type(
 						tctx->active_tcase, struct torture_rpc_tcase);
 	struct torture_rpc_tcase_data *tcase_data;
-	extern struct cli_credentials *cmdline_credentials;
 
 	*data = tcase_data = talloc_zero(tctx, struct torture_rpc_tcase_data);
-	tcase_data->credentials = cmdline_credentials;
+	tcase_data->credentials = popt_get_cmdline_credentials();
 
 	status = torture_rpc_connection(tctx,
 				&(tcase_data->pipe),
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index 455fce611ae..29025da05c7 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -107,7 +107,8 @@ static bool test_LogonUasLogon(struct torture_context *tctx,
 	struct dcerpc_binding_handle *b = p->binding_handle;
 
 	r.in.server_name = NULL;
-	r.in.account_name = cli_credentials_get_username(cmdline_credentials);
+	r.in.account_name = cli_credentials_get_username(
+				popt_get_cmdline_credentials());
 	r.in.workstation = TEST_MACHINE_NAME;
 	r.out.info = &info;
 
@@ -126,7 +127,8 @@ static bool test_LogonUasLogoff(struct torture_context *tctx,
 	struct dcerpc_binding_handle *b = p->binding_handle;
 
 	r.in.server_name = NULL;
-	r.in.account_name = cli_credentials_get_username(cmdline_credentials);
+	r.in.account_name = cli_credentials_get_username(
+				popt_get_cmdline_credentials());
 	r.in.workstation = TEST_MACHINE_NAME;
 	r.out.info = &info;
 
@@ -948,7 +950,8 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
 		flags |= CLI_CRED_NTLMv2_AUTH;
 	}
 
-	cli_credentials_get_ntlm_username_domain(cmdline_credentials, tctx,
+	cli_credentials_get_ntlm_username_domain(popt_get_cmdline_credentials(),
+						 tctx,
 						 &ninfo.identity_info.account_name.string,
 						 &ninfo.identity_info.domain_name.string);
 
@@ -964,13 +967,14 @@ static bool test_netlogon_ops_args(struct dcerpc_pipe *p, struct torture_context
 	names_blob = NTLMv2_generate_names_blob(tctx, cli_credentials_get_workstation(credentials),
 						cli_credentials_get_domain(credentials));
 
-	status = cli_credentials_get_ntlm_response(cmdline_credentials, tctx,
-						   &flags,
-						   chal,
-						   NULL, /* server_timestamp */
-						   names_blob,
-						   &lm_resp, &nt_resp,
-						   NULL, NULL);
+	status = cli_credentials_get_ntlm_response(
+				popt_get_cmdline_credentials(), tctx,
+				&flags,
+				chal,
+				NULL, /* server_timestamp */
+				names_blob,
+				&lm_resp, &nt_resp,
+				NULL, NULL);
 	torture_assert_ntstatus_ok(tctx, status, "cli_credentials_get_ntlm_response failed");
 
 	ninfo.lm.data = lm_resp.data;
@@ -3347,7 +3351,7 @@ static bool test_netr_DsrGetDcSiteCoverageW(struct torture_context *tctx,
 		url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
 		sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
 					   NULL,
-					   cmdline_credentials,
+					   popt_get_cmdline_credentials(),
 					   0);
 
 		torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
@@ -3396,7 +3400,7 @@ static bool test_netr_DsRAddressToSitenamesW(struct torture_context *tctx,
 		url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
 		sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
 					   NULL,
-					   cmdline_credentials,
+					   popt_get_cmdline_credentials(),
 					   0);
 
 		torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
@@ -3573,7 +3577,7 @@ static bool test_netr_DsRAddressToSitenamesExW(struct torture_context *tctx,
 		url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
 		sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
 					   NULL,
-					   cmdline_credentials,
+					   popt_get_cmdline_credentials(),
 					   0);
 
 		torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
@@ -3852,7 +3856,7 @@ static bool test_GetDomainInfo(struct torture_context *tctx,
 		url = talloc_asprintf(tctx, "ldap://%s", dcerpc_server_name(p));
 		sam_ctx = ldb_wrap_connect(tctx, tctx->ev, tctx->lp_ctx, url,
 					   NULL,
-					   cmdline_credentials,
+					   popt_get_cmdline_credentials(),
 					   0);
 
 		torture_assert(tctx, sam_ctx, "Connection to the SAMDB on DC failed!");
diff --git a/source4/torture/rpc/remote_pac.c b/source4/torture/rpc/remote_pac.c
index 9fca10f1b08..ab10013356b 100644
--- a/source4/torture/rpc/remote_pac.c
+++ b/source4/torture/rpc/remote_pac.c
@@ -196,7 +196,7 @@ static bool test_PACVerify(struct torture_context *tctx,
 	 * we will get a new clean memory cache.
 	 */
 	client_creds = cli_credentials_shallow_copy(tmp_ctx,
-						    cmdline_credentials);
+					    popt_get_cmdline_credentials());
 	torture_assert(tctx, client_creds, "Failed to copy of credentials");
 	if (!pkinit_in_use) {
 		/* Invalidate the gss creds container to allocate a new MEMORY ccache */
@@ -591,7 +591,8 @@ static bool test_PACVerify_workstation_des(struct torture_context *tctx,
 	struct smb_krb5_context *smb_krb5_context;
 	krb5_error_code ret;
 
-	ret = cli_credentials_get_krb5_context(cmdline_credentials, tctx->lp_ctx, &smb_krb5_context);
+	ret = cli_credentials_get_krb5_context(popt_get_cmdline_credentials(),
+			tctx->lp_ctx, &smb_krb5_context);
 	torture_assert_int_equal(tctx, ret, 0, "cli_credentials_get_krb5_context() failed");
 
 	if (smb_krb5_get_allowed_weak_crypto(smb_krb5_context->krb5_context) == FALSE) {
@@ -671,7 +672,7 @@ static bool test_S2U4Self(struct torture_context *tctx,
 	 * we will get a new clean memory cache.
 	 */
 	client_creds = cli_credentials_shallow_copy(tmp_ctx,
-						    cmdline_credentials);
+					    popt_get_cmdline_credentials());
 	torture_assert(tctx, client_creds, "Failed to copy of credentials");
 
 	server_creds = cli_credentials_shallow_copy(tmp_ctx,
diff --git a/source4/torture/rpc/rpc.c b/source4/torture/rpc/rpc.c
index 36148cce7fd..8526aa1fb84 100644
--- a/source4/torture/rpc/rpc.c
+++ b/source4/torture/rpc/rpc.c
@@ -96,7 +96,8 @@ _PUBLIC_ NTSTATUS torture_rpc_connection_with_binding(struct torture_context *tc
 
 	status = dcerpc_pipe_connect_b(tctx,
 				     p, binding, table,
-				     cmdline_credentials, tctx->ev, tctx->lp_ctx);
+				     popt_get_cmdline_credentials(),
+					tctx->ev, tctx->lp_ctx);
 
 	if (NT_STATUS_IS_ERR(status)) {
 		torture_warning(tctx, "Failed to connect to remote server: %s %s\n",
@@ -142,7 +143,7 @@ NTSTATUS torture_rpc_connection_transport(struct torture_context *tctx,
 	}
 
 	status = dcerpc_pipe_connect_b(tctx, p, binding, table,
-				       cmdline_credentials,
+				       popt_get_cmdline_credentials(),
 				       tctx->ev, tctx->lp_ctx);
 	if (!NT_STATUS_IS_OK(status)) {
 		*p = NULL;
@@ -166,7 +167,7 @@ static bool torture_rpc_setup_machine_workstation(struct torture_context *tctx,
 		return false;
 
 	*data = tcase_data = talloc_zero(tctx, struct torture_rpc_tcase_data);
-	tcase_data->credentials = cmdline_credentials;
+	tcase_data->credentials = popt_get_cmdline_credentials();
 	tcase_data->join_ctx = torture_join_domain(tctx, tcase->machine_name,
 						   ACB_WSTRUST,
 						   &tcase_data->credentials);
@@ -198,7 +199,7 @@ static bool torture_rpc_setup_machine_bdc(struct torture_context *tctx,
 		return false;
 
 	*data = tcase_data = talloc_zero(tctx, struct torture_rpc_tcase_data);
-	tcase_data->credentials = cmdline_credentials;
+	tcase_data->credentials = popt_get_cmdline_credentials();
 	tcase_data->join_ctx = torture_join_domain(tctx, tcase->machine_name,
 						   ACB_SVRTRUST, 
 						   &tcase_data->credentials);
@@ -300,7 +301,7 @@ static bool torture_rpc_setup (struct torture_context *tctx, void **data)
 	struct torture_rpc_tcase_data *tcase_data;
 
 	*data = tcase_data = talloc_zero(tctx, struct torture_rpc_tcase_data);
-	tcase_data->credentials = cmdline_credentials;
+	tcase_data->credentials = popt_get_cmdline_credentials();
 	
 	status = torture_rpc_connection(tctx, 
 				&(tcase_data->pipe),
diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c
index 1bcbdf3ae88..54239d4812e 100644
--- a/source4/torture/rpc/samba3rpc.c
+++ b/source4/torture/rpc/samba3rpc.c
@@ -195,7 +195,7 @@ bool torture_bind_authcontext(struct torture_context *torture)
 					lpcfg_smb_ports(torture->lp_ctx),
 					"IPC$", NULL,
 					lpcfg_socket_options(torture->lp_ctx),
-					cmdline_credentials,
+					popt_get_cmdline_credentials(),
 					lpcfg_resolve_context(torture->lp_ctx),
 					torture->ev, &options, &session_options,
 					lpcfg_gensec_settings(torture, torture->lp_ctx));
@@ -430,7 +430,7 @@ static bool torture_bind_samba3(struct torture_context *torture)
 					lpcfg_smb_ports(torture->lp_ctx),
 					"IPC$", NULL,
 					lpcfg_socket_options(torture->lp_ctx),
-					cmdline_credentials,
+					popt_get_cmdline_credentials(),
 					lpcfg_resolve_context(torture->lp_ctx),
 					torture->ev, &options, &session_options,
 					lpcfg_gensec_settings(torture, torture->lp_ctx));
@@ -442,13 +442,17 @@ static bool torture_bind_samba3(struct torture_context *torture)
 
 	ret = true;
 
-	ret &= bindtest(torture, cli, cmdline_credentials, DCERPC_AUTH_TYPE_NTLMSSP,
+	ret &= bindtest(torture, cli, popt_get_cmdline_credentials(),
+			DCERPC_AUTH_TYPE_NTLMSSP,
 			DCERPC_AUTH_LEVEL_INTEGRITY);
-	ret &= bindtest(torture, cli, cmdline_credentials, DCERPC_AUTH_TYPE_NTLMSSP,
+	ret &= bindtest(torture, cli, popt_get_cmdline_credentials(),
+			DCERPC_AUTH_TYPE_NTLMSSP,
 			DCERPC_AUTH_LEVEL_PRIVACY);
-	ret &= bindtest(torture, cli, cmdline_credentials, DCERPC_AUTH_TYPE_SPNEGO,
+	ret &= bindtest(torture, cli, popt_get_cmdline_credentials(),
+			DCERPC_AUTH_TYPE_SPNEGO,
 			DCERPC_AUTH_LEVEL_INTEGRITY);
-	ret &= bindtest(torture, cli, cmdline_credentials, DCERPC_AUTH_TYPE_SPNEGO,
+	ret &= bindtest(torture, cli, popt_get_cmdline_credentials(),
+			DCERPC_AUTH_TYPE_SPNEGO,
 			DCERPC_AUTH_LEVEL_PRIVACY);
 
  done:
@@ -1381,7 +1385,7 @@ static bool torture_netlogon_samba3(struct torture_context *torture)
 					lpcfg_smb_ports(torture->lp_ctx),
 					"IPC$", NULL,
 					lpcfg_socket_options(torture->lp_ctx),
-					cmdline_credentials,
+					popt_get_cmdline_credentials(),
 					lpcfg_resolve_context(torture->lp_ctx),
 					torture->ev, &options, &session_options,
 					lpcfg_gensec_settings(torture, torture->lp_ctx));
@@ -1405,7 +1409,8 @@ static bool torture_netlogon_samba3(struct torture_context *torture)
 		"join failed");
 
 	cli_credentials_set_domain(
-		cmdline_credentials, cli_credentials_get_domain(wks_creds),
+		popt_get_cmdline_credentials(),
+		cli_credentials_get_domain(wks_creds),
 		CRED_SPECIFIED);
 
 	for (i=0; i<2; i++) {
@@ -1422,7 +1427,8 @@ static bool torture_netlogon_samba3(struct torture_context *torture)
 
 		for (j=0; j<2; j++) {
 			torture_assert(torture,
-				schan(torture, cli, wks_creds, cmdline_credentials),
+				schan(torture, cli, wks_creds,
+				popt_get_cmdline_credentials()),
 				"schan failed");
 		}
 	}
@@ -1480,7 +1486,8 @@ static bool test_join3(struct torture_context *tctx,
 		"join failed");
 
 	cli_credentials_set_domain(
-		cmdline_credentials, cli_credentials_get_domain(wks_creds),
+		popt_get_cmdline_credentials(),
+		cli_credentials_get_domain(wks_creds),
 		CRED_SPECIFIED);
 
 	torture_assert(tctx,
@@ -1527,7 +1534,8 @@ static bool torture_samba3_sessionkey(struct torture_context *torture)
 	}
 
 	torture_assert(torture,
-		test_join3(torture, false, cmdline_credentials, NULL, wks_name),
+		test_join3(torture, false, popt_get_cmdline_credentials(),
+		NULL, wks_name),
 		"join using anonymous bind on an authenticated smb connection failed");
 
 	/*
@@ -1535,7 +1543,8 @@ static bool torture_samba3_sessionkey(struct torture_context *torture)
 	 */
 
 	torture_assert(torture,
-		test_join3(torture, true, cmdline_credentials, NULL, wks_name),
+		test_join3(torture, true, popt_get_cmdline_credentials(),
+		NULL, wks_name),
 		"join using anonymous bind on an authenticated smb connection failed");
 
 	return true;
@@ -1807,7 +1816,8 @@ static bool torture_samba3_rpc_getusername(struct torture_context *torture)
 	status = smbcli_full_connection(
 		torture, &cli, torture_setting_string(torture, "host", NULL),
 		lpcfg_smb_ports(torture->lp_ctx),
-		"IPC$", NULL, lpcfg_socket_options(torture->lp_ctx), cmdline_credentials,
+		"IPC$", NULL, lpcfg_socket_options(torture->lp_ctx),
+		popt_get_cmdline_credentials(),
 		lpcfg_resolve_context(torture->lp_ctx), torture->ev, &options,
 		&session_options, lpcfg_gensec_settings(torture, torture->lp_ctx));
 	torture_assert_ntstatus_ok(torture, status, "smbcli_full_connection failed\n");
@@ -2785,7 +2795,8 @@ static bool torture_samba3_rpc_spoolss(struct torture_context *torture)
 	ZERO_STRUCT(userlevel1);
 	userlevel1.client = talloc_asprintf(
 		torture, "\\\\%s", lpcfg_netbios_name(torture->lp_ctx));
-	userlevel1.user = cli_credentials_get_username(cmdline_credentials);
+	userlevel1.user = cli_credentials_get_username(
+				popt_get_cmdline_credentials());
 	userlevel1.build = 2600;
 	userlevel1.major = 3;
 	userlevel1.minor = 0;
@@ -3411,7 +3422,7 @@ static bool torture_rpc_smb_reauth1(struct torture_context *torture)
 					lpcfg_smb_ports(torture->lp_ctx),
 					"IPC$", NULL,
 					lpcfg_socket_options(torture->lp_ctx),
-					cmdline_credentials,
+					popt_get_cmdline_credentials(),
 					lpcfg_resolve_context(torture->lp_ctx),
 					torture->ev, &options, &session_options,
 					lpcfg_gensec_settings(torture, torture->lp_ctx));
@@ -3496,7 +3507,7 @@ static bool torture_rpc_smb_reauth1(struct torture_context *torture)
 	ZERO_STRUCT(io);
 	io.in.sesskey         = cli->transport->negotiate.sesskey;
 	io.in.capabilities    = cli->transport->negotiate.capabilities;
-	io.in.credentials     = cmdline_credentials;
+	io.in.credentials     = popt_get_cmdline_credentials();
 	io.in.workgroup       = lpcfg_workgroup(torture->lp_ctx);
 	io.in.gensec_settings = lpcfg_gensec_settings(torture, torture->lp_ctx);
 
@@ -3570,7 +3581,7 @@ static bool torture_rpc_smb_reauth2(struct torture_context *torture)
 					lpcfg_smb_ports(torture->lp_ctx),
 					"IPC$", NULL,
 					lpcfg_socket_options(torture->lp_ctx),
-					cmdline_credentials,
+					popt_get_cmdline_credentials(),
 					lpcfg_resolve_context(torture->lp_ctx),
 					torture->ev, &options, &session_options,
 					lpcfg_gensec_settings(torture, torture->lp_ctx));
@@ -3633,7 +3644,7 @@ static bool torture_rpc_smb_reauth2(struct torture_context *torture)
 	ZERO_STRUCT(io);
 	io.in.sesskey         = cli->transport->negotiate.sesskey;
 	io.in.capabilities    = cli->transport->negotiate.capabilities;
-	io.in.credentials     = cmdline_credentials;
+	io.in.credentials     = popt_get_cmdline_credentials();
 	io.in.workgroup       = lpcfg_workgroup(torture->lp_ctx);
 	io.in.gensec_settings = lpcfg_gensec_settings(torture, torture->lp_ctx);
 
@@ -3703,7 +3714,7 @@ static bool torture_rpc_smb2_reauth1(struct torture_context *torture)
 			      lpcfg_smb_ports(torture->lp_ctx),
 			      "IPC$",
 			      lpcfg_resolve_context(torture->lp_ctx),
-			      cmdline_credentials,
+			      popt_get_cmdline_credentials(),
 			      &tree,
 			      torture->ev,
 			      &options,
@@ -3784,7 +3795,7 @@ static bool torture_rpc_smb2_reauth1(struct torture_context *torture)
 	/* smb re-auth again to the original user */
 
 	status = smb2_session_setup_spnego(tree->session,
-					   cmdline_credentials,
+					   popt_get_cmdline_credentials(),
 					   0 /* previous_session_id */);
 	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
 					"session reauth to anon failed");
@@ -3853,7 +3864,7 @@ static bool torture_rpc_smb2_reauth2(struct torture_context *torture)
 			      lpcfg_smb_ports(torture->lp_ctx),
 			      "IPC$",
 			      lpcfg_resolve_context(torture->lp_ctx),
-			      cmdline_credentials,
+			      popt_get_cmdline_credentials(),
 			      &tree,
 			      torture->ev,
 			      &options,
@@ -3912,7 +3923,7 @@ static bool torture_rpc_smb2_reauth2(struct torture_context *torture)
 	/* smb re-auth again to the original user */
 
 	status = smb2_session_setup_spnego(tree->session,
-					   cmdline_credentials,
+					   popt_get_cmdline_credentials(),
 					   0 /* previous_session_id */);
 	torture_assert_ntstatus_ok_goto(torture, status, ret, done,
 					"session reauth to anon failed");
@@ -3971,7 +3982,7 @@ static bool torture_rpc_smb1_pipe_name(struct torture_context *torture)
 					lpcfg_smb_ports(torture->lp_ctx),
 					"IPC$", NULL,
 					lpcfg_socket_options(torture->lp_ctx),
-					cmdline_credentials,
+					popt_get_cmdline_credentials(),
 					lpcfg_resolve_context(torture->lp_ctx),
 					torture->ev, &options, &session_options,
 					lpcfg_gensec_settings(torture, torture->lp_ctx));
@@ -4220,7 +4231,7 @@ static bool torture_rpc_smb2_pipe_name(struct torture_context *torture)
 			      lpcfg_smb_ports(torture->lp_ctx),
 			      "IPC$",
 			      lpcfg_resolve_context(torture->lp_ctx),
-			      cmdline_credentials,
+			      popt_get_cmdline_credentials(),
 			      &tree,
 			      torture->ev,
 			      &options,
@@ -4314,7 +4325,7 @@ static bool torture_rpc_smb2_pipe_read_close(struct torture_context *torture)
 			      lpcfg_smb_ports(torture->lp_ctx),
 			      "IPC$",
 			      lpcfg_resolve_context(torture->lp_ctx),
-			      cmdline_credentials,
+			      popt_get_cmdline_credentials(),
 			      &tree,
 			      torture->ev,
 			      &options,
@@ -4398,7 +4409,7 @@ static bool torture_rpc_smb2_pipe_read_tdis(struct torture_context *torture)
 			      lpcfg_smb_ports(torture->lp_ctx),
 			      "IPC$",
 			      lpcfg_resolve_context(torture->lp_ctx),
-			      cmdline_credentials,
+			      popt_get_cmdline_credentials(),
 			      &tree,
 			      torture->ev,
 			      &options,
@@ -4482,7 +4493,7 @@ static bool torture_rpc_smb2_pipe_read_logoff(struct torture_context *torture)
 			      lpcfg_smb_ports(torture->lp_ctx),
 			      "IPC$",
 			      lpcfg_resolve_context(torture->lp_ctx),
-			      cmdline_credentials,
+			      popt_get_cmdline_credentials(),
 			      &tree,
 			      torture->ev,
 			      &options,
diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c
index d8a1c29d570..e689dfd5e98 100644
--- a/source4/torture/rpc/samlogon.c
+++ b/source4/torture/rpc/samlogon.c
@@ -1816,18 +1816,24 @@ bool torture_rpc_samlogon(struct torture_context *torture)
 		} usercreds[] = {
 			{
 				.comment       = "domain\\user",
-				.domain        = cli_credentials_get_domain(cmdline_credentials),
-				.username      = cli_credentials_get_username(cmdline_credentials),
-				.password      = cli_credentials_get_password(cmdline_credentials),
+				.domain        = cli_credentials_get_domain(
+					popt_get_cmdline_credentials()),
+				.username      = cli_credentials_get_username(
+					popt_get_cmdline_credentials()),
+				.password      = cli_credentials_get_password(
+					popt_get_cmdline_credentials()),
 				.network_login = true,
 				.expected_interactive_error = NT_STATUS_OK,
 				.expected_network_error     = NT_STATUS_OK
 			},
 			{
 				.comment       = "realm\\user",
-				.domain        = cli_credentials_get_realm(cmdline_credentials),
-				.username      = cli_credentials_get_username(cmdline_credentials),
-				.password      = cli_credentials_get_password(cmdline_credentials),
+				.domain        = cli_credentials_get_realm(
+					popt_get_cmdline_credentials()),
+				.username      = cli_credentials_get_username(
+					popt_get_cmdline_credentials()),
+				.password      = cli_credentials_get_password(
+					popt_get_cmdline_credentials()),
 				.network_login = true,
 				.expected_interactive_error = NT_STATUS_OK,
 				.expected_network_error     = NT_STATUS_OK
@@ -1836,11 +1842,14 @@ bool torture_rpc_samlogon(struct torture_context *torture)
 				.comment       = "user at domain",
 				.domain        = NULL,
 				.username      = talloc_asprintf(mem_ctx,
-						"%s@%s",
-						cli_credentials_get_username(cmdline_credentials),
-						cli_credentials_get_domain(cmdline_credentials)
+					"%s@%s",
+					cli_credentials_get_username(
+					popt_get_cmdline_credentials()),
+					cli_credentials_get_domain(
+					popt_get_cmdline_credentials())
 					),
-				.password      = cli_credentials_get_password(cmdline_credentials),
+				.password      = cli_credentials_get_password(
+					popt_get_cmdline_credentials()),
 				.network_login = false, /* works for some things, but not NTLMv2.  Odd */
 				.expected_interactive_error = NT_STATUS_OK,
 				.expected_network_error     = NT_STATUS_OK
@@ -1849,11 +1858,14 @@ bool torture_rpc_samlogon(struct torture_context *torture)
 				.comment       = "user at realm",
 				.domain        = NULL,
 				.username      = talloc_asprintf(mem_ctx,
-						"%s@%s",
-						cli_credentials_get_username(cmdline_credentials),
-						cli_credentials_get_realm(cmdline_credentials)
+					"%s@%s",
+					cli_credentials_get_username(
+						popt_get_cmdline_credentials()),
+					cli_credentials_get_realm(
+						popt_get_cmdline_credentials())
 					),
-				.password      = cli_credentials_get_password(cmdline_credentials),
+				.password      = cli_credentials_get_password(
+						popt_get_cmdline_credentials()),
 				.network_login = true,
 				.expected_interactive_error = NT_STATUS_OK,
 				.expected_network_error     = NT_STATUS_OK
diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c
index 08c1b09b076..de3a36eaa4f 100644
--- a/source4/torture/rpc/schannel.c
+++ b/source4/torture/rpc/schannel.c
@@ -73,9 +73,10 @@ bool test_netlogon_ex_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
 		flags |= CLI_CRED_NTLMv2_AUTH;
 	}
 
-	cli_credentials_get_ntlm_username_domain(cmdline_credentials, tctx,
-						 &ninfo.identity_info.account_name.string,
-						 &ninfo.identity_info.domain_name.string);
+	cli_credentials_get_ntlm_username_domain(popt_get_cmdline_credentials(),
+				tctx,
+				&ninfo.identity_info.account_name.string,
+				&ninfo.identity_info.domain_name.string);
 
 	generate_random_buffer(ninfo.challenge,
 			       sizeof(ninfo.challenge));
@@ -85,13 +86,15 @@ bool test_netlogon_ex_ops(struct dcerpc_pipe *p, struct torture_context *tctx,
 	names_blob = NTLMv2_generate_names_blob(tctx, cli_credentials_get_workstation(credentials),
 						cli_credentials_get_domain(credentials));
 
-	status = cli_credentials_get_ntlm_response(cmdline_credentials, tctx,
-						   &flags,
-						   chal,
-						   NULL, /* server_timestamp */
-						   names_blob,
-						   &lm_resp, &nt_resp,
-						   NULL, NULL);
+	status = cli_credentials_get_ntlm_response(
+			popt_get_cmdline_credentials(),
+			tctx,
+			&flags,
+			chal,
+			NULL, /* server_timestamp */
+			names_blob,
+			&lm_resp, &nt_resp,
+			NULL, NULL);
 	torture_assert_ntstatus_ok(tctx, status,
 				   "cli_credentials_get_ntlm_response failed");
 
@@ -942,12 +945,14 @@ bool torture_rpc_schannel_bench1(struct torture_context *torture)
 	s->nprocs = torture_setting_int(torture, "nprocs", 4);
 	s->conns = talloc_zero_array(s, struct torture_schannel_bench_conn, s->nprocs);
 
-	s->user1_creds = cli_credentials_shallow_copy(s, cmdline_credentials);
+	s->user1_creds = cli_credentials_shallow_copy(s,
+				popt_get_cmdline_credentials());
 	tmp = torture_setting_string(s->tctx, "extra_user1", NULL);
 	if (tmp) {
 		cli_credentials_parse_string(s->user1_creds, tmp, CRED_SPECIFIED);
 	}
-	s->user2_creds = cli_credentials_shallow_copy(s, cmdline_credentials);
+	s->user2_creds = cli_credentials_shallow_copy(s,
+				popt_get_cmdline_credentials());
 	tmp = torture_setting_string(s->tctx, "extra_user2", NULL);
 	if (tmp) {
 		cli_credentials_parse_string(s->user1_creds, tmp, CRED_SPECIFIED);
diff --git a/source4/torture/rpc/session_key.c b/source4/torture/rpc/session_key.c
index 3b7ba1ffa97..5541d48c9d7 100644
--- a/source4/torture/rpc/session_key.c
+++ b/source4/torture/rpc/session_key.c
@@ -162,7 +162,7 @@ static bool test_secrets(struct torture_context *torture, const void *_data)
 
 	status = dcerpc_pipe_connect_b(torture, &p, binding,
 				       &ndr_table_lsarpc,
-				       cmdline_credentials,
+				       popt_get_cmdline_credentials(),
 				       torture->ev,
 				       torture->lp_ctx);
 
diff --git a/source4/torture/rpc/spoolss.c b/source4/torture/rpc/spoolss.c
index 7ab7c601fa0..0e26fcd18e9 100644
--- a/source4/torture/rpc/spoolss.c
+++ b/source4/torture/rpc/spoolss.c
@@ -8717,7 +8717,7 @@ static bool test_print_test_smbd(struct torture_context *tctx,
 
 	struct smb2_tree *tree;
 	struct smb2_handle job_h;
-	struct cli_credentials *credentials = cmdline_credentials;
+	struct cli_credentials *credentials = popt_get_cmdline_credentials();
 	struct smbcli_options options;
 	TALLOC_CTX *mem_ctx = talloc_new(tctx);
 	/*
@@ -10546,7 +10546,7 @@ static bool connect_printer_driver_share(struct torture_context *tctx,
 					lpcfg_smb_ports(tctx->lp_ctx),
 					share_name, NULL,
 					lpcfg_socket_options(tctx->lp_ctx),
-					cmdline_credentials,
+					popt_get_cmdline_credentials(),
 					lpcfg_resolve_context(tctx->lp_ctx),
 					tctx->ev,
 					&smb_options,
diff --git a/source4/torture/rpc/testjoin.c b/source4/torture/rpc/testjoin.c
index 2252dce326e..22867b6e7a9 100644
--- a/source4/torture/rpc/testjoin.c
+++ b/source4/torture/rpc/testjoin.c
@@ -160,7 +160,8 @@ struct test_join *torture_create_testuser_max_pwlen(struct torture_context *tctx
 					     &join->p,
 					     dc_binding,
 					     &ndr_table_samr,
-					     cmdline_credentials, NULL, tctx->lp_ctx);
+					     popt_get_cmdline_credentials(),
+					NULL, tctx->lp_ctx);
 					     
 	} else {
 		status = torture_rpc_connection(tctx,
@@ -549,7 +550,7 @@ _PUBLIC_ struct test_join *torture_join_domain(struct torture_context *tctx,
 	
 	tj->libnet_r = libnet_r;
 		
-	libnet_ctx->cred = cmdline_credentials;
+	libnet_ctx->cred = popt_get_cmdline_credentials();
 	libnet_r->in.binding = dcerpc_binding_string(libnet_r, binding);
 	if (libnet_r->in.binding == NULL) {
 		talloc_free(tj);
@@ -697,7 +698,7 @@ static NTSTATUS torture_leave_ads_domain(struct torture_context *torture,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	ldb_set_opaque(ldb_ctx, "credentials", cmdline_credentials);
+	ldb_set_opaque(ldb_ctx, "credentials", popt_get_cmdline_credentials());
 	ldb_set_opaque(ldb_ctx, "loadparm", cmdline_lp_ctx);
 
 	rtn = ldb_connect(ldb_ctx, remote_ldb_url, 0, NULL);
diff --git a/source4/torture/rpc/witness.c b/source4/torture/rpc/witness.c
index d3edd023e49..4b44e91dbcf 100644
--- a/source4/torture/rpc/witness.c
+++ b/source4/torture/rpc/witness.c
@@ -538,7 +538,7 @@ static bool setup_clusapi_connection(struct torture_context *tctx,
 	torture_assert_ntstatus_ok(tctx,
 		dcerpc_pipe_connect_b(tctx, &s->clusapi.p, binding,
 				      &ndr_table_clusapi,
-				      cmdline_credentials,
+				      popt_get_cmdline_credentials(),
 				      tctx->ev, tctx->lp_ctx),
 		"failed to connect dcerpc pipe");
 
diff --git a/source4/torture/rpc/wkssvc.c b/source4/torture/rpc/wkssvc.c
index aebabac8d1e..0dff6036507 100644
--- a/source4/torture/rpc/wkssvc.c
+++ b/source4/torture/rpc/wkssvc.c
@@ -218,7 +218,7 @@ static bool test_NetrWkstaUserGetInfo(struct torture_context *tctx,
 	struct wkssvc_NetrWkstaUserGetInfo r;
 	union wkssvc_NetrWkstaUserInfo info;
 	const char *dom = lpcfg_workgroup(tctx->lp_ctx);
-	struct cli_credentials *creds = cmdline_credentials;
+	struct cli_credentials *creds = popt_get_cmdline_credentials();
 	const char *user = cli_credentials_get_username(creds);
 	int i;
 	struct dcerpc_binding_handle *b = p->binding_handle;
@@ -1124,7 +1124,7 @@ static bool test_NetrUnjoinDomain(struct torture_context *tctx,
 {
 	NTSTATUS status;
 	struct wkssvc_NetrUnjoinDomain r;
-	struct cli_credentials *creds = cmdline_credentials;
+	struct cli_credentials *creds = popt_get_cmdline_credentials();
 	const char *user = cli_credentials_get_username(creds);
 	const char *admin_account = NULL;
 	struct dcerpc_binding_handle *b = p->binding_handle;
@@ -1153,7 +1153,7 @@ static bool test_NetrJoinDomain(struct torture_context *tctx,
 {
 	NTSTATUS status;
 	struct wkssvc_NetrJoinDomain r;
-	struct cli_credentials *creds = cmdline_credentials;
+	struct cli_credentials *creds = popt_get_cmdline_credentials();
 	const char *user = cli_credentials_get_username(creds);
 	const char *admin_account = NULL;
 	struct dcerpc_binding_handle *b = p->binding_handle;
diff --git a/source4/torture/shell.c b/source4/torture/shell.c
index cf561353731..5a4eb5c1d6a 100644
--- a/source4/torture/shell.c
+++ b/source4/torture/shell.c
@@ -110,7 +110,8 @@ void torture_shell(struct torture_context *tctx)
 	 * stops the credentials system prompting when we use the "auth"
 	 * command to display the current auth parameters.
 	 */
-	cli_credentials_set_password(cmdline_credentials, "", CRED_GUESS_ENV);
+	cli_credentials_set_password(popt_get_cmdline_credentials(),
+			"", CRED_GUESS_ENV);
 
 	while (1) {
 		cline = smb_readline("torture> ", NULL, NULL);
@@ -226,11 +227,14 @@ static void shell_auth(const struct shell_command * command,
 	    const char * password;
 	    const char * principal;
 
-	    username = cli_credentials_get_username(cmdline_credentials);
-	    principal = cli_credentials_get_principal(cmdline_credentials, tctx);
-	    domain = cli_credentials_get_domain(cmdline_credentials);
-	    realm = cli_credentials_get_realm(cmdline_credentials);
-	    password = cli_credentials_get_password(cmdline_credentials);
+	    username = cli_credentials_get_username(
+			popt_get_cmdline_credentials());
+	    principal = cli_credentials_get_principal(
+				popt_get_cmdline_credentials(), tctx);
+	    domain = cli_credentials_get_domain(popt_get_cmdline_credentials());
+	    realm = cli_credentials_get_realm(popt_get_cmdline_credentials());
+	    password = cli_credentials_get_password(
+				popt_get_cmdline_credentials());
 
 	    printf("Username: %s\n", username ? username : "");
 	    printf("User Principal: %s\n", principal ? principal : "");
@@ -242,19 +246,24 @@ static void shell_auth(const struct shell_command * command,
 
 	    if (!strcmp(argv[0], "username")) {
 		    result = cli_credentials_set_username(
-			cmdline_credentials, argv[1], CRED_SPECIFIED);
+			popt_get_cmdline_credentials(),
+			argv[1], CRED_SPECIFIED);
 	    } else if (!strcmp(argv[0], "principal")) {
 		    result = cli_credentials_set_principal(
-			cmdline_credentials, argv[1], CRED_SPECIFIED);
+			popt_get_cmdline_credentials(),
+			argv[1], CRED_SPECIFIED);
 	    } else if (!strcmp(argv[0], "domain")) {
 		    result = cli_credentials_set_domain(
-			cmdline_credentials, argv[1], CRED_SPECIFIED);
+			popt_get_cmdline_credentials(),
+			argv[1], CRED_SPECIFIED);
 	    } else if (!strcmp(argv[0], "realm")) {
 		    result = cli_credentials_set_realm(
-			cmdline_credentials, argv[1], CRED_SPECIFIED);
+			popt_get_cmdline_credentials(),
+			argv[1], CRED_SPECIFIED);
 	    } else if (!strcmp(argv[0], "password")) {
 		    result = cli_credentials_set_password(
-			cmdline_credentials, argv[1], CRED_SPECIFIED);
+			popt_get_cmdline_credentials(),
+			argv[1], CRED_SPECIFIED);
 	    } else {
 		    shell_usage(command);
 		    return;
diff --git a/source4/torture/smb2/acls.c b/source4/torture/smb2/acls.c
index 9dee159845e..fe30380df98 100644
--- a/source4/torture/smb2/acls.c
+++ b/source4/torture/smb2/acls.c
@@ -1872,7 +1872,7 @@ static bool torture_smb2_con_share(struct torture_context *tctx,
         struct smbcli_options options;
         NTSTATUS status;
         const char *host = torture_setting_string(tctx, "host", NULL);
-        struct cli_credentials *credentials = cmdline_credentials;
+        struct cli_credentials *credentials = popt_get_cmdline_credentials();
 
         lpcfg_smbcli_options(tctx->lp_ctx, &options);
 
diff --git a/source4/torture/smb2/oplock.c b/source4/torture/smb2/oplock.c
index 83197a4f4a8..635037b7124 100644
--- a/source4/torture/smb2/oplock.c
+++ b/source4/torture/smb2/oplock.c
@@ -281,7 +281,7 @@ static bool open_smb2_connection_no_level2_oplocks(struct torture_context *tctx,
 	NTSTATUS status;
 	const char *host = torture_setting_string(tctx, "host", NULL);
 	const char *share = torture_setting_string(tctx, "share", NULL);
-	struct cli_credentials *credentials = cmdline_credentials;
+	struct cli_credentials *credentials = popt_get_cmdline_credentials();
 	struct smbcli_options options;
 
 	lpcfg_smbcli_options(tctx->lp_ctx, &options);
diff --git a/source4/torture/smb2/replay.c b/source4/torture/smb2/replay.c
index 19cda2f3e69..f715cf80048 100644
--- a/source4/torture/smb2/replay.c
+++ b/source4/torture/smb2/replay.c
@@ -1764,7 +1764,7 @@ static bool test_replay3(struct torture_context *tctx, struct smb2_tree *tree1)
 {
 	const char *host = torture_setting_string(tctx, "host", NULL);
 	const char *share = torture_setting_string(tctx, "share", NULL);
-	struct cli_credentials *credentials = cmdline_credentials;
+	struct cli_credentials *credentials = popt_get_cmdline_credentials();
 	NTSTATUS status;
 	TALLOC_CTX *mem_ctx = talloc_new(tctx);
 	struct smb2_handle _h;
@@ -1868,7 +1868,7 @@ static bool test_replay3(struct torture_context *tctx, struct smb2_tree *tree1)
 	torture_assert(tctx, session1_2 != NULL, "smb2_session_channel failed");
 
 	status = smb2_session_setup_spnego(session1_2,
-			cmdline_credentials,
+			popt_get_cmdline_credentials(),
 			0 /* previous_session_id */);
 	CHECK_STATUS(status, NT_STATUS_OK);
 
@@ -1923,7 +1923,7 @@ static bool test_replay4(struct torture_context *tctx, struct smb2_tree *tree1)
 {
 	const char *host = torture_setting_string(tctx, "host", NULL);
 	const char *share = torture_setting_string(tctx, "share", NULL);
-	struct cli_credentials *credentials = cmdline_credentials;
+	struct cli_credentials *credentials = popt_get_cmdline_credentials();
 	NTSTATUS status;
 	TALLOC_CTX *mem_ctx = talloc_new(tctx);
 	struct smb2_handle _h1;
@@ -2092,7 +2092,7 @@ static bool test_replay4(struct torture_context *tctx, struct smb2_tree *tree1)
 	torture_assert(tctx, session1_2 != NULL, "smb2_session_channel failed");
 
 	status = smb2_session_setup_spnego(session1_2,
-			cmdline_credentials,
+			popt_get_cmdline_credentials(),
 			0 /* previous_session_id */);
 	CHECK_STATUS(status, NT_STATUS_OK);
 
diff --git a/source4/torture/smb2/scan.c b/source4/torture/smb2/scan.c
index f750dcc05bb..24d1421430f 100644
--- a/source4/torture/smb2/scan.c
+++ b/source4/torture/smb2/scan.c
@@ -204,7 +204,7 @@ static bool torture_smb2_scan(struct torture_context *tctx)
 	struct smb2_tree *tree;
 	const char *host = torture_setting_string(tctx, "host", NULL);
 	const char *share = torture_setting_string(tctx, "share", NULL);
-	struct cli_credentials *credentials = cmdline_credentials;
+	struct cli_credentials *credentials = popt_get_cmdline_credentials();
 	NTSTATUS status;
 	int opcode;
 	struct smb2_request *req;
diff --git a/source4/torture/smb2/session.c b/source4/torture/smb2/session.c
index cfaba731255..fca055294b2 100644
--- a/source4/torture/smb2/session.c
+++ b/source4/torture/smb2/session.c
@@ -243,7 +243,7 @@ bool test_session_reauth1(struct torture_context *tctx, struct smb2_tree *tree)
 					"oplock_level incorrect");
 
 	status = smb2_session_setup_spnego(tree->session,
-					   cmdline_credentials,
+					   popt_get_cmdline_credentials(),
 					   0 /* previous_session_id */);
 	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
 					"smb2_session_setup_spnego failed");
@@ -258,7 +258,7 @@ bool test_session_reauth1(struct torture_context *tctx, struct smb2_tree *tree)
 					"smb2_getinfo_file failed");
 
 	status = smb2_session_setup_spnego(tree->session,
-					   cmdline_credentials,
+					   popt_get_cmdline_credentials(),
 					   0 /* previous_session_id */);
 	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
 					"smb2_session_setup_spnego failed");
@@ -341,7 +341,7 @@ bool test_session_reauth2(struct torture_context *tctx, struct smb2_tree *tree)
 	/* re-authenticate as original user again */
 
 	status = smb2_session_setup_spnego(tree->session,
-					   cmdline_credentials,
+					   popt_get_cmdline_credentials(),
 					   0 /* previous_session_id */);
 	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
 					"smb2_session_setup_spnego failed");
@@ -447,7 +447,7 @@ bool test_session_reauth3(struct torture_context *tctx, struct smb2_tree *tree)
 	/* re-authenticate as original user again */
 
 	status = smb2_session_setup_spnego(tree->session,
-					   cmdline_credentials,
+					   popt_get_cmdline_credentials(),
 					   0 /* previous_session_id */);
 	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
 					"smb2_session_setup_spnego failed");
@@ -574,7 +574,7 @@ bool test_session_reauth4(struct torture_context *tctx, struct smb2_tree *tree)
 	/* re-authenticate as original user again */
 
 	status = smb2_session_setup_spnego(tree->session,
-					   cmdline_credentials,
+					   popt_get_cmdline_credentials(),
 					   0 /* previous_session_id */);
 	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
 					"smb2_session_setup_spnego failed");
@@ -714,7 +714,7 @@ bool test_session_reauth5(struct torture_context *tctx, struct smb2_tree *tree)
 	/* re-authenticate as original user again */
 
 	status = smb2_session_setup_spnego(tree->session,
-					   cmdline_credentials,
+					   popt_get_cmdline_credentials(),
 					   0 /* previous_session_id */);
 	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
 					"smb2_session_setup_spnego failed");
@@ -847,7 +847,7 @@ bool test_session_reauth5(struct torture_context *tctx, struct smb2_tree *tree)
 	/* re-authenticate as original user - again */
 
 	status = smb2_session_setup_spnego(tree->session,
-					   cmdline_credentials,
+					   popt_get_cmdline_credentials(),
 					   0 /* previous_session_id */);
 	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
 					"smb2_session_setup_spnego failed");
@@ -955,7 +955,8 @@ bool test_session_reauth6(struct torture_context *tctx, struct smb2_tree *tree)
 	NTSTATUS expected;
 	enum credentials_use_kerberos krb_state;
 
-	krb_state = cli_credentials_get_kerberos_state(cmdline_credentials);
+	krb_state = cli_credentials_get_kerberos_state(
+			popt_get_cmdline_credentials());
 	if (krb_state == CRED_MUST_USE_KERBEROS) {
 		torture_skip(tctx,
 			     "Can't test failing session setup with kerberos.");
@@ -989,7 +990,7 @@ bool test_session_reauth6(struct torture_context *tctx, struct smb2_tree *tree)
 	 */
 
 	broken_creds = cli_credentials_shallow_copy(mem_ctx,
-						    cmdline_credentials);
+					    popt_get_cmdline_credentials());
 	torture_assert(tctx, (broken_creds != NULL), "talloc error");
 
 	corrupted_password = talloc_asprintf(mem_ctx, "%s%s",
@@ -1051,7 +1052,7 @@ static bool test_session_expire1(struct torture_context *tctx)
 	struct smbcli_options options;
 	const char *host = torture_setting_string(tctx, "host", NULL);
 	const char *share = torture_setting_string(tctx, "share", NULL);
-	struct cli_credentials *credentials = cmdline_credentials;
+	struct cli_credentials *credentials = popt_get_cmdline_credentials();
 	struct smb2_tree *tree = NULL;
 	enum credentials_use_kerberos use_kerberos;
 	char fname[256];
@@ -1170,7 +1171,7 @@ bool test_session_bind1(struct torture_context *tctx, struct smb2_tree *tree1)
 {
 	const char *host = torture_setting_string(tctx, "host", NULL);
 	const char *share = torture_setting_string(tctx, "share", NULL);
-	struct cli_credentials *credentials = cmdline_credentials;
+	struct cli_credentials *credentials = popt_get_cmdline_credentials();
 	NTSTATUS status;
 	TALLOC_CTX *mem_ctx = talloc_new(tctx);
 	char fname[256];
@@ -1240,7 +1241,7 @@ bool test_session_bind1(struct torture_context *tctx, struct smb2_tree *tree1)
 	torture_assert(tctx, session1_2 != NULL, "smb2_session_channel failed");
 
 	status = smb2_session_setup_spnego(session1_2,
-					   cmdline_credentials,
+					   popt_get_cmdline_credentials(),
 					   0 /* previous_session_id */);
 	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
 					"smb2_session_setup_spnego failed");
@@ -1279,7 +1280,7 @@ bool test_session_bind1(struct torture_context *tctx, struct smb2_tree *tree1)
 	torture_assert(tctx, session2_1 != NULL, "smb2_session_channel failed");
 
 	status = smb2_session_setup_spnego(session2_1,
-					   cmdline_credentials,
+					   popt_get_cmdline_credentials(),
 					   0 /* previous_session_id */);
 	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
 					"smb2_session_setup_spnego failed");
diff --git a/source4/torture/smb2/util.c b/source4/torture/smb2/util.c
index 2c9ff136fb5..58956be723e 100644
--- a/source4/torture/smb2/util.c
+++ b/source4/torture/smb2/util.c
@@ -351,7 +351,7 @@ bool torture_smb2_session_setup(struct torture_context *tctx,
 {
 	NTSTATUS status;
 	struct smb2_session *session;
-	struct cli_credentials *credentials = cmdline_credentials;
+	struct cli_credentials *credentials = popt_get_cmdline_credentials();
 
 	session = smb2_session_init(transport,
 				    lpcfg_gensec_settings(tctx, tctx->lp_ctx),
@@ -385,7 +385,7 @@ bool torture_smb2_connection_ext(struct torture_context *tctx,
 	NTSTATUS status;
 	const char *host = torture_setting_string(tctx, "host", NULL);
 	const char *share = torture_setting_string(tctx, "share", NULL);
-	struct cli_credentials *credentials = cmdline_credentials;
+	struct cli_credentials *credentials = popt_get_cmdline_credentials();
 
 	status = smb2_connect_ext(tctx,
 				  host,
@@ -431,7 +431,7 @@ bool torture_smb2_con_sopt(struct torture_context *tctx,
 	NTSTATUS status;
 	const char *host = torture_setting_string(tctx, "host", NULL);
 	const char *share = torture_setting_string(tctx, soption, NULL);
-	struct cli_credentials *credentials = cmdline_credentials;
+	struct cli_credentials *credentials = popt_get_cmdline_credentials();
 
 	lpcfg_smbcli_options(tctx->lp_ctx, &options);
 
diff --git a/source4/torture/unix/unix_info2.c b/source4/torture/unix/unix_info2.c
index 821c8df5099..14f6d776081 100644
--- a/source4/torture/unix/unix_info2.c
+++ b/source4/torture/unix/unix_info2.c
@@ -60,7 +60,7 @@ static struct smbcli_state *connect_to_server(struct torture_context *tctx)
 	status = smbcli_full_connection(tctx, &cli, host, 
 					lpcfg_smb_ports(tctx->lp_ctx),
 					share, NULL, lpcfg_socket_options(tctx->lp_ctx),
-					cmdline_credentials, 
+					popt_get_cmdline_credentials(),
 					lpcfg_resolve_context(tctx->lp_ctx),
 					tctx->ev, &options, &session_options,
 					lpcfg_gensec_settings(tctx, tctx->lp_ctx));
diff --git a/source4/torture/unix/whoami.c b/source4/torture/unix/whoami.c
index 53921d49201..bb70e4781ae 100644
--- a/source4/torture/unix/whoami.c
+++ b/source4/torture/unix/whoami.c
@@ -360,7 +360,7 @@ bool torture_unix_whoami(struct torture_context *torture)
 	struct ldb_context *ldb;
 	const char *addc, *host;
 
-	cli = connect_to_server(torture, cmdline_credentials);
+	cli = connect_to_server(torture, popt_get_cmdline_credentials());
 	torture_assert(torture, cli, "connecting to server with authenticated credentials");
 
 	/* Test basic authenticated mapping. */
@@ -375,7 +375,9 @@ bool torture_unix_whoami(struct torture_context *torture)
 		bool guest = whoami.mapping_flags & SMB_WHOAMI_GUEST;
 		torture_comment(torture, "checking whether we were logged in as guest... %s\n",
 			guest ? "YES" : "NO");
-		torture_assert(torture, cli_credentials_is_anonymous(cmdline_credentials) == guest,
+		torture_assert(torture,
+			cli_credentials_is_anonymous(
+				popt_get_cmdline_credentials()) == guest,
 			       "login did not credentials map to guest");
 	} else {
 		torture_comment(torture, "server does not support SMB_WHOAMI_GUEST flag\n");
@@ -386,7 +388,7 @@ bool torture_unix_whoami(struct torture_context *torture)
 	
  	if (addc) {
 		ldb = ldb_wrap_connect(torture, torture->ev, torture->lp_ctx, talloc_asprintf(torture, "ldap://%s", addc),
-				       NULL, cmdline_credentials, 0);
+				       NULL, popt_get_cmdline_credentials(), 0);
 		torture_assert(torture, ldb, "ldb connect failed");
 
 		/* We skip this testing if we could not contact the LDAP server */
diff --git a/source4/torture/util_smb.c b/source4/torture/util_smb.c
index 32de7536d67..fcbdc7a86ed 100644
--- a/source4/torture/util_smb.c
+++ b/source4/torture/util_smb.c
@@ -456,7 +456,7 @@ _PUBLIC_ bool torture_open_connection_share(TALLOC_CTX *mem_ctx,
 					lpcfg_smb_ports(tctx->lp_ctx),
 					sharename, NULL,
 					lpcfg_socket_options(tctx->lp_ctx),
-					cmdline_credentials, 
+					popt_get_cmdline_credentials(),
 					lpcfg_resolve_context(tctx->lp_ctx),
 					ev, &options, &session_options,
 					lpcfg_gensec_settings(tctx, tctx->lp_ctx));
diff --git a/source4/torture/vfs/acl_xattr.c b/source4/torture/vfs/acl_xattr.c
index d1285d4b0c9..b043d7660f4 100644
--- a/source4/torture/vfs/acl_xattr.c
+++ b/source4/torture/vfs/acl_xattr.c
@@ -57,7 +57,7 @@ static bool torture_smb2_con_share(struct torture_context *tctx,
         struct smbcli_options options;
         NTSTATUS status;
         const char *host = torture_setting_string(tctx, "host", NULL);
-        struct cli_credentials *credentials = cmdline_credentials;
+        struct cli_credentials *credentials = popt_get_cmdline_credentials();
 
         lpcfg_smbcli_options(tctx->lp_ctx, &options);
 
diff --git a/source4/torture/winbind/winbind.c b/source4/torture/winbind/winbind.c
index 82c817c3eb1..9404f197161 100644
--- a/source4/torture/winbind/winbind.c
+++ b/source4/torture/winbind/winbind.c
@@ -214,7 +214,8 @@ static bool torture_winbind_pac(struct torture_context *tctx,
 	status = gensec_set_target_hostname(gensec_client_context, cli_credentials_get_workstation(machine_credentials));
 	torture_assert_ntstatus_ok(tctx, status, "gensec_set_target_hostname (client) failed");
 
-	status = gensec_set_credentials(gensec_client_context, cmdline_credentials);
+	status = gensec_set_credentials(gensec_client_context,
+			popt_get_cmdline_credentials());
 	torture_assert_ntstatus_ok(tctx, status, "gensec_set_credentials (client) failed");
 
 	if (sasl_mech) {
-- 
2.12.2


>From 95c29a0bd419b4bf9c653524be2830969f6d45ec Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Tue, 9 May 2017 16:14:03 -0700
Subject: [PATCH 7/9] s4: popt: Make cmdline_credentials static.

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
---
 source4/lib/cmdline/popt_common.c | 2 +-
 source4/lib/cmdline/popt_common.h | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/source4/lib/cmdline/popt_common.c b/source4/lib/cmdline/popt_common.c
index 59f06e8ba25..5fce312ac7b 100644
--- a/source4/lib/cmdline/popt_common.c
+++ b/source4/lib/cmdline/popt_common.c
@@ -38,7 +38,7 @@
 
 enum {OPT_OPTION=1,OPT_LEAK_REPORT,OPT_LEAK_REPORT_FULL,OPT_DEBUG_STDERR};
 
-struct cli_credentials *cmdline_credentials = NULL;
+static struct cli_credentials *cmdline_credentials = NULL;
 
 void popt_set_cmdline_credentials(struct cli_credentials *creds)
 {
diff --git a/source4/lib/cmdline/popt_common.h b/source4/lib/cmdline/popt_common.h
index d1f764a0df9..4271aa477e6 100644
--- a/source4/lib/cmdline/popt_common.h
+++ b/source4/lib/cmdline/popt_common.h
@@ -37,7 +37,8 @@ extern struct poptOption popt_common_credentials4[];
 #define POPT_COMMON_VERSION { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_version4, 0, "Version options:", NULL },
 #define POPT_COMMON_CREDENTIALS { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_credentials4, 0, "Authentication options:", NULL },
 
-extern struct cli_credentials *cmdline_credentials;
+struct cli_credentials;
+
 void popt_set_cmdline_credentials(struct cli_credentials *creds);
 struct cli_credentials *popt_get_cmdline_credentials(void);
 void popt_free_cmdline_credentials(void);
-- 
2.12.2


>From e05c6243898d5ccf36d684ab47b70e905b98fd49 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Tue, 9 May 2017 16:20:07 -0700
Subject: [PATCH 8/9] s4: popt: Change from talloc_autofree_context() to NULL
 context.

Call popt_free_cmdline_credentials() on successful exit from torture.

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
---
 source4/lib/cmdline/popt_credentials.c | 3 +--
 source4/torture/smbtorture.c           | 3 +++
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/source4/lib/cmdline/popt_credentials.c b/source4/lib/cmdline/popt_credentials.c
index 4b4088af7f6..c06b8c73a8d 100644
--- a/source4/lib/cmdline/popt_credentials.c
+++ b/source4/lib/cmdline/popt_credentials.c
@@ -48,8 +48,7 @@ static void popt_common_credentials_callback(poptContext con,
 						const char *arg, const void *data)
 {
 	if (reason == POPT_CALLBACK_REASON_PRE) {
-		popt_set_cmdline_credentials(
-			cli_credentials_init(talloc_autofree_context()));
+		popt_set_cmdline_credentials(cli_credentials_init(NULL));
 		return;
 	}
 	
diff --git a/source4/torture/smbtorture.c b/source4/torture/smbtorture.c
index 622f3eb15ea..dcce7328647 100644
--- a/source4/torture/smbtorture.c
+++ b/source4/torture/smbtorture.c
@@ -590,6 +590,7 @@ int main(int argc, const char *argv[])
 	if (list_testsuites) {
 		print_testsuite_list();
 		talloc_free(mem_ctx);
+		popt_free_cmdline_credentials();
 		return 0;
 	}
 
@@ -612,6 +613,7 @@ int main(int argc, const char *argv[])
 			}
 		}
 		talloc_free(mem_ctx);
+		popt_free_cmdline_credentials();
 		return 0;
 	}
 
@@ -701,6 +703,7 @@ int main(int argc, const char *argv[])
 
 	if (torture->results->returncode && correct) {
 		talloc_free(mem_ctx);
+		popt_free_cmdline_credentials();
 		return(0);
 	} else {
 		talloc_free(mem_ctx);
-- 
2.12.2


>From 37a3628c619bac85d5cb1e98a2b9711bef983e97 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Tue, 9 May 2017 16:28:53 -0700
Subject: [PATCH 9/9] s4: torture: Remove use of local variables that are
 simply mirroring popt_get_cmdline_credentials().

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
---
 source4/torture/raw/session.c   | 17 ++++++++++-------
 source4/torture/rpc/spoolss.c   |  3 +--
 source4/torture/smb2/acls.c     |  3 +--
 source4/torture/smb2/oplock.c   |  4 ++--
 source4/torture/smb2/replay.c   |  6 ++----
 source4/torture/smb2/scan.c     |  7 ++++---
 source4/torture/smb2/util.c     | 10 ++++------
 source4/torture/vfs/acl_xattr.c |  3 +--
 8 files changed, 25 insertions(+), 28 deletions(-)

diff --git a/source4/torture/raw/session.c b/source4/torture/raw/session.c
index c96e970d061..0c460ae3069 100644
--- a/source4/torture/raw/session.c
+++ b/source4/torture/raw/session.c
@@ -234,7 +234,6 @@ static bool test_session_expire1(struct torture_context *tctx)
 	struct smbcli_session_options session_options;
 	const char *host = torture_setting_string(tctx, "host", NULL);
 	const char *share = torture_setting_string(tctx, "share", NULL);
-	struct cli_credentials *credentials = popt_get_cmdline_credentials();
 	struct smbcli_state *cli = NULL;
 	enum credentials_use_kerberos use_kerberos;
 	char fname[256];
@@ -244,7 +243,8 @@ static bool test_session_expire1(struct torture_context *tctx)
 	struct smb_composite_sesssetup io_sesssetup;
 	size_t i;
 
-	use_kerberos = cli_credentials_get_kerberos_state(credentials);
+	use_kerberos = cli_credentials_get_kerberos_state(
+				popt_get_cmdline_credentials());
 	if (use_kerberos != CRED_MUST_USE_KERBEROS) {
 		torture_warning(tctx, "smb2.session.expire1 requires -k yes!");
 		torture_skip(tctx, "smb2.session.expire1 requires -k yes!");
@@ -264,7 +264,7 @@ static bool test_session_expire1(struct torture_context *tctx)
 					lpcfg_smb_ports(tctx->lp_ctx),
 					share, NULL,
 					lpcfg_socket_options(tctx->lp_ctx),
-					credentials,
+					popt_get_cmdline_credentials(),
 					lpcfg_resolve_context(tctx->lp_ctx),
 					tctx->ev, &options, &session_options,
 					lpcfg_gensec_settings(tctx, tctx->lp_ctx));
@@ -312,7 +312,8 @@ static bool test_session_expire1(struct torture_context *tctx)
 	 * the krb5 library may not handle expired creds
 	 * well, lets start with an empty ccache.
 	 */
-	cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
+	cli_credentials_invalidate_ccache(popt_get_cmdline_credentials(),
+				CRED_SPECIFIED);
 
 	/*
 	 * now with CAP_DYNAMIC_REAUTH
@@ -323,7 +324,7 @@ static bool test_session_expire1(struct torture_context *tctx)
 	io_sesssetup.in.sesskey      = cli->transport->negotiate.sesskey;
 	io_sesssetup.in.capabilities = cli->transport->negotiate.capabilities;
 	io_sesssetup.in.capabilities |= CAP_DYNAMIC_REAUTH;
-	io_sesssetup.in.credentials  = credentials;
+	io_sesssetup.in.credentials  = popt_get_cmdline_credentials();
 	io_sesssetup.in.workgroup    = lpcfg_workgroup(tctx->lp_ctx);
 	io_sesssetup.in.gensec_settings = lpcfg_gensec_settings(tctx,
 							tctx->lp_ctx);
@@ -357,7 +358,8 @@ static bool test_session_expire1(struct torture_context *tctx)
 		 * the krb5 library may not handle expired creds
 		 * well, lets start with an empty ccache.
 		 */
-		cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
+		cli_credentials_invalidate_ccache(
+			popt_get_cmdline_credentials(), CRED_SPECIFIED);
 
 		torture_comment(tctx, "reauth with CAP_DYNAMIC_REAUTH => OK\n");
 		ZERO_STRUCT(io_sesssetup.out);
@@ -378,7 +380,8 @@ static bool test_session_expire1(struct torture_context *tctx)
 	 * the krb5 library may not handle expired creds
 	 * well, lets start with an empty ccache.
 	 */
-	cli_credentials_invalidate_ccache(credentials, CRED_SPECIFIED);
+	cli_credentials_invalidate_ccache(popt_get_cmdline_credentials(),
+				CRED_SPECIFIED);
 
 	/*
 	 * now without CAP_DYNAMIC_REAUTH
diff --git a/source4/torture/rpc/spoolss.c b/source4/torture/rpc/spoolss.c
index 0e26fcd18e9..20d2f14c113 100644
--- a/source4/torture/rpc/spoolss.c
+++ b/source4/torture/rpc/spoolss.c
@@ -8717,7 +8717,6 @@ static bool test_print_test_smbd(struct torture_context *tctx,
 
 	struct smb2_tree *tree;
 	struct smb2_handle job_h;
-	struct cli_credentials *credentials = popt_get_cmdline_credentials();
 	struct smbcli_options options;
 	TALLOC_CTX *mem_ctx = talloc_new(tctx);
 	/*
@@ -8737,7 +8736,7 @@ static bool test_print_test_smbd(struct torture_context *tctx,
 			      lpcfg_smb_ports(tctx->lp_ctx),
 			      share,
 			      lpcfg_resolve_context(tctx->lp_ctx),
-			      credentials,
+			      popt_get_cmdline_credentials(),
 			      &tree,
 			      tctx->ev,
 			      &options,
diff --git a/source4/torture/smb2/acls.c b/source4/torture/smb2/acls.c
index fe30380df98..7365554470c 100644
--- a/source4/torture/smb2/acls.c
+++ b/source4/torture/smb2/acls.c
@@ -1872,7 +1872,6 @@ static bool torture_smb2_con_share(struct torture_context *tctx,
         struct smbcli_options options;
         NTSTATUS status;
         const char *host = torture_setting_string(tctx, "host", NULL);
-        struct cli_credentials *credentials = popt_get_cmdline_credentials();
 
         lpcfg_smbcli_options(tctx->lp_ctx, &options);
 
@@ -1881,7 +1880,7 @@ static bool torture_smb2_con_share(struct torture_context *tctx,
                                   lpcfg_smb_ports(tctx->lp_ctx),
                                   share,
                                   lpcfg_resolve_context(tctx->lp_ctx),
-                                  credentials,
+                                  popt_get_cmdline_credentials(),
                                   0,
                                   tree,
                                   tctx->ev,
diff --git a/source4/torture/smb2/oplock.c b/source4/torture/smb2/oplock.c
index 635037b7124..858bdcfa46e 100644
--- a/source4/torture/smb2/oplock.c
+++ b/source4/torture/smb2/oplock.c
@@ -281,7 +281,6 @@ static bool open_smb2_connection_no_level2_oplocks(struct torture_context *tctx,
 	NTSTATUS status;
 	const char *host = torture_setting_string(tctx, "host", NULL);
 	const char *share = torture_setting_string(tctx, "share", NULL);
-	struct cli_credentials *credentials = popt_get_cmdline_credentials();
 	struct smbcli_options options;
 
 	lpcfg_smbcli_options(tctx->lp_ctx, &options);
@@ -290,7 +289,8 @@ static bool open_smb2_connection_no_level2_oplocks(struct torture_context *tctx,
 	status = smb2_connect(tctx, host,
 			      lpcfg_smb_ports(tctx->lp_ctx), share,
 			      lpcfg_resolve_context(tctx->lp_ctx),
-			      credentials, tree, tctx->ev, &options,
+			      popt_get_cmdline_credentials(),
+			      tree, tctx->ev, &options,
 			      lpcfg_socket_options(tctx->lp_ctx),
 			      lpcfg_gensec_settings(tctx, tctx->lp_ctx));
 	if (!NT_STATUS_IS_OK(status)) {
diff --git a/source4/torture/smb2/replay.c b/source4/torture/smb2/replay.c
index f715cf80048..a38518aebf2 100644
--- a/source4/torture/smb2/replay.c
+++ b/source4/torture/smb2/replay.c
@@ -1764,7 +1764,6 @@ static bool test_replay3(struct torture_context *tctx, struct smb2_tree *tree1)
 {
 	const char *host = torture_setting_string(tctx, "host", NULL);
 	const char *share = torture_setting_string(tctx, "share", NULL);
-	struct cli_credentials *credentials = popt_get_cmdline_credentials();
 	NTSTATUS status;
 	TALLOC_CTX *mem_ctx = talloc_new(tctx);
 	struct smb2_handle _h;
@@ -1845,7 +1844,7 @@ static bool test_replay3(struct torture_context *tctx, struct smb2_tree *tree1)
 			lpcfg_smb_ports(tctx->lp_ctx),
 			share,
 			lpcfg_resolve_context(tctx->lp_ctx),
-			credentials,
+			popt_get_cmdline_credentials(),
 			&tree2,
 			tctx->ev,
 			&transport1->options,
@@ -1923,7 +1922,6 @@ static bool test_replay4(struct torture_context *tctx, struct smb2_tree *tree1)
 {
 	const char *host = torture_setting_string(tctx, "host", NULL);
 	const char *share = torture_setting_string(tctx, "share", NULL);
-	struct cli_credentials *credentials = popt_get_cmdline_credentials();
 	NTSTATUS status;
 	TALLOC_CTX *mem_ctx = talloc_new(tctx);
 	struct smb2_handle _h1;
@@ -2069,7 +2067,7 @@ static bool test_replay4(struct torture_context *tctx, struct smb2_tree *tree1)
 			lpcfg_smb_ports(tctx->lp_ctx),
 			share,
 			lpcfg_resolve_context(tctx->lp_ctx),
-			credentials,
+			popt_get_cmdline_credentials(),
 			&tree2,
 			tctx->ev,
 			&transport1->options,
diff --git a/source4/torture/smb2/scan.c b/source4/torture/smb2/scan.c
index 24d1421430f..3e43b9dfa32 100644
--- a/source4/torture/smb2/scan.c
+++ b/source4/torture/smb2/scan.c
@@ -204,7 +204,6 @@ static bool torture_smb2_scan(struct torture_context *tctx)
 	struct smb2_tree *tree;
 	const char *host = torture_setting_string(tctx, "host", NULL);
 	const char *share = torture_setting_string(tctx, "share", NULL);
-	struct cli_credentials *credentials = popt_get_cmdline_credentials();
 	NTSTATUS status;
 	int opcode;
 	struct smb2_request *req;
@@ -216,7 +215,8 @@ static bool torture_smb2_scan(struct torture_context *tctx)
 			      lpcfg_smb_ports(tctx->lp_ctx),
 			      share,
 			      lpcfg_resolve_context(tctx->lp_ctx),
-			      credentials, &tree, tctx->ev, &options,
+			      popt_get_cmdline_credentials(),
+			      &tree, tctx->ev, &options,
 			      lpcfg_socket_options(tctx->lp_ctx),
 			      lpcfg_gensec_settings(tctx, tctx->lp_ctx));
 	torture_assert_ntstatus_ok(tctx, status, "Connection failed");
@@ -233,7 +233,8 @@ static bool torture_smb2_scan(struct torture_context *tctx)
 					      lpcfg_smb_ports(tctx->lp_ctx),
 					      share,
 					      lpcfg_resolve_context(tctx->lp_ctx),
-					      credentials, &tree, tctx->ev, &options,
+					      popt_get_cmdline_credentials(),
+					      &tree, tctx->ev, &options,
 					      lpcfg_socket_options(tctx->lp_ctx),
 					      lpcfg_gensec_settings(mem_ctx, tctx->lp_ctx));
 			torture_assert_ntstatus_ok(tctx, status, "Connection failed");
diff --git a/source4/torture/smb2/util.c b/source4/torture/smb2/util.c
index 58956be723e..52a63dd962a 100644
--- a/source4/torture/smb2/util.c
+++ b/source4/torture/smb2/util.c
@@ -351,7 +351,6 @@ bool torture_smb2_session_setup(struct torture_context *tctx,
 {
 	NTSTATUS status;
 	struct smb2_session *session;
-	struct cli_credentials *credentials = popt_get_cmdline_credentials();
 
 	session = smb2_session_init(transport,
 				    lpcfg_gensec_settings(tctx, tctx->lp_ctx),
@@ -361,7 +360,8 @@ bool torture_smb2_session_setup(struct torture_context *tctx,
 		return false;
 	}
 
-	status = smb2_session_setup_spnego(session, credentials,
+	status = smb2_session_setup_spnego(session,
+					   popt_get_cmdline_credentials(),
 					   previous_session_id);
 	if (!NT_STATUS_IS_OK(status)) {
 		torture_comment(tctx, "session setup failed: %s\n", nt_errstr(status));
@@ -385,14 +385,13 @@ bool torture_smb2_connection_ext(struct torture_context *tctx,
 	NTSTATUS status;
 	const char *host = torture_setting_string(tctx, "host", NULL);
 	const char *share = torture_setting_string(tctx, "share", NULL);
-	struct cli_credentials *credentials = popt_get_cmdline_credentials();
 
 	status = smb2_connect_ext(tctx,
 				  host,
 				  lpcfg_smb_ports(tctx->lp_ctx),
 				  share,
 				  lpcfg_resolve_context(tctx->lp_ctx),
-				  credentials,
+				  popt_get_cmdline_credentials(),
 				  previous_session_id,
 				  tree,
 				  tctx->ev,
@@ -431,7 +430,6 @@ bool torture_smb2_con_sopt(struct torture_context *tctx,
 	NTSTATUS status;
 	const char *host = torture_setting_string(tctx, "host", NULL);
 	const char *share = torture_setting_string(tctx, soption, NULL);
-	struct cli_credentials *credentials = popt_get_cmdline_credentials();
 
 	lpcfg_smbcli_options(tctx->lp_ctx, &options);
 
@@ -445,7 +443,7 @@ bool torture_smb2_con_sopt(struct torture_context *tctx,
 				  lpcfg_smb_ports(tctx->lp_ctx),
 				  share,
 				  lpcfg_resolve_context(tctx->lp_ctx),
-				  credentials,
+				  popt_get_cmdline_credentials(),
 				  0,
 				  tree,
 				  tctx->ev,
diff --git a/source4/torture/vfs/acl_xattr.c b/source4/torture/vfs/acl_xattr.c
index b043d7660f4..9024c33980f 100644
--- a/source4/torture/vfs/acl_xattr.c
+++ b/source4/torture/vfs/acl_xattr.c
@@ -57,7 +57,6 @@ static bool torture_smb2_con_share(struct torture_context *tctx,
         struct smbcli_options options;
         NTSTATUS status;
         const char *host = torture_setting_string(tctx, "host", NULL);
-        struct cli_credentials *credentials = popt_get_cmdline_credentials();
 
         lpcfg_smbcli_options(tctx->lp_ctx, &options);
 
@@ -66,7 +65,7 @@ static bool torture_smb2_con_share(struct torture_context *tctx,
                                   lpcfg_smb_ports(tctx->lp_ctx),
                                   share,
                                   lpcfg_resolve_context(tctx->lp_ctx),
-                                  credentials,
+                                  popt_get_cmdline_credentials(),
                                   0,
                                   tree,
                                   tctx->ev,
-- 
2.12.2



More information about the samba-technical mailing list