const char *name_for_logs,
bool allow_domain_trust,
bool password_change);
-struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx);
+struct auth_session_info *system_session(struct loadparm_context *lp_ctx);
NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx,
const char *netbios_name,
const char *domain_name,
existed = file_exist(path);
ldb = ldb_wrap_connect(mem_ctx, ev_ctx, lp_ctx, path,
- system_session(mem_ctx, lp_ctx),
- NULL, LDB_FLG_NOSYNC, NULL);
+ system_session(lp_ctx),
+ NULL, LDB_FLG_NOSYNC);
talloc_free(path);
if (!ldb) {
return NULL;
return NT_STATUS_NO_MEMORY;
}
- sam_ctx = samdb_connect(tmp_ctx, ctx->auth_ctx->event_ctx, ctx->auth_ctx->lp_ctx, system_session(mem_ctx, ctx->auth_ctx->lp_ctx));
+ sam_ctx = samdb_connect(tmp_ctx, ctx->auth_ctx->event_ctx, ctx->auth_ctx->lp_ctx, system_session(ctx->auth_ctx->lp_ctx));
if (sam_ctx == NULL) {
talloc_free(tmp_ctx);
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
sam_ctx = samdb_connect(tmp_ctx, auth_context->event_ctx, auth_context->lp_ctx,
- system_session(tmp_ctx, auth_context->lp_ctx));
+ system_session(auth_context->lp_ctx));
if (sam_ctx == NULL) {
talloc_free(tmp_ctx);
return NT_STATUS_INVALID_SYSTEM_SERVICE;
if (lp_ctx == NULL)
return NULL;
- session = system_session(NULL, lp_ctx);
+ session = system_session(lp_ctx);
return PyAuthSession_FromSession(session);
}
/* Create a security token for a session SYSTEM (the most
* trusted/prvilaged account), including the local machine account as
* the off-host credentials */
-struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) ;
+struct auth_session_info *system_session(struct loadparm_context *lp_ctx) ;
/*
* Create a system session, but with anonymous credentials (so we do
}
+/*
+ prevent the static system session being freed
+ */
+static int system_session_destructor(struct auth_session_info *info)
+{
+ return -1;
+}
/* Create a security token for a session SYSTEM (the most
* trusted/prvilaged account), including the local machine account as
* the off-host credentials
*/
-_PUBLIC_ struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
+_PUBLIC_ struct auth_session_info *system_session(struct loadparm_context *lp_ctx)
{
+ static struct auth_session_info *static_session;
NTSTATUS nt_status;
- struct auth_session_info *session_info = NULL;
- nt_status = auth_system_session_info(mem_ctx,
+
+ if (static_session) {
+ return static_session;
+ }
+
+ nt_status = auth_system_session_info(talloc_autofree_context(),
lp_ctx,
- &session_info);
+ &static_session);
if (!NT_STATUS_IS_OK(nt_status)) {
+ talloc_free(static_session);
+ static_session = NULL;
return NULL;
}
- return session_info;
+ talloc_set_destructor(static_session, system_session_destructor);
+ return static_session;
}
static NTSTATUS _auth_system_session_info(TALLOC_CTX *parent_ctx,
}
cldapd->task = task;
- cldapd->samctx = samdb_connect(cldapd, task->event_ctx, task->lp_ctx, system_session(cldapd, task->lp_ctx));
+ cldapd->samctx = samdb_connect(cldapd, task->event_ctx, task->lp_ctx, system_session(task->lp_ctx));
if (cldapd->samctx == NULL) {
task_server_terminate(task, "cldapd failed to open samdb", true);
return;
return NT_STATUS_OK;
}
- ldb = samdb_connect(mem_ctx, ev_ctx, lp_ctx, system_session(mem_ctx, lp_ctx));
+ ldb = samdb_connect(mem_ctx, ev_ctx, lp_ctx, system_session(lp_ctx));
if (ldb == NULL) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
struct samr_DomInfo1 *dominfo;
struct ldb_context *samdb;
- samdb = samdb_connect(mem_ctx, kdc->task->event_ctx, kdc->task->lp_ctx, system_session(mem_ctx, kdc->task->lp_ctx));
+ samdb = samdb_connect(mem_ctx, kdc->task->event_ctx, kdc->task->lp_ctx, system_session(kdc->task->lp_ctx));
if (!samdb) {
return kpasswdd_make_error_reply(kdc, mem_ctx,
KRB5_KPASSWD_HARDERROR,
/* Load LDAP database, but only to read our settings */
ldb = samdb_connect(ldap_service, ldap_service->task->event_ctx,
- lp_ctx, system_session(ldap_service, lp_ctx));
+ lp_ctx, system_session(lp_ctx));
if (!ldb) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
/* Must be after we have processed command line options */
gensec_init(cmdline_lp_ctx);
- if (ldb_set_opaque(ldb, "sessionInfo", system_session(ldb, cmdline_lp_ctx))) {
+ if (ldb_set_opaque(ldb, "sessionInfo", system_session(cmdline_lp_ctx))) {
goto failed;
}
if (ldb_set_opaque(ldb, "credentials", cmdline_credentials)) {
return;
}
- nbtsrv->sam_ctx = samdb_connect(nbtsrv, task->event_ctx, task->lp_ctx, system_session(nbtsrv, task->lp_ctx));
+ nbtsrv->sam_ctx = samdb_connect(nbtsrv, task->event_ctx, task->lp_ctx, system_session(task->lp_ctx));
if (nbtsrv->sam_ctx == NULL) {
task_server_terminate(task, "nbtd failed to open samdb", true);
return;
ntp_signd->task = task;
/* Must be system to get at the password hashes */
- ntp_signd->samdb = samdb_connect(ntp_signd, task->event_ctx, task->lp_ctx, system_session(ntp_signd, task->lp_ctx));
+ ntp_signd->samdb = samdb_connect(ntp_signd, task->event_ctx, task->lp_ctx, system_session(task->lp_ctx));
if (ntp_signd->samdb == NULL) {
task_server_terminate(task, "ntp_signd failed to open samdb", true);
return;
*/
static struct ldb_context *sptr_db_connect(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx, struct loadparm_context *lp_ctx)
{
- return ldb_wrap_connect(mem_ctx, ev_ctx, lp_ctx, lp_spoolss_url(lp_ctx), system_session(mem_ctx, lp_ctx),
- NULL, 0, NULL);
+ return ldb_wrap_connect(mem_ctx, ev_ctx, lp_ctx, lp_spoolss_url(lp_ctx), system_session(lp_ctx),
+ NULL, 0);
}
static int sptr_db_search(struct ldb_context *ldb,
sdb = ldb_wrap_connect(*ctx, ev_ctx, lp_ctx,
private_path(*ctx, lp_ctx, "share.ldb"),
- system_session(*ctx, lp_ctx),
- NULL, 0, NULL);
+ system_session(lp_ctx),
+ NULL, 0);
if (!sdb) {
talloc_free(*ctx);
werr = drs_security_level_check(dce_call, NULL);
if (W_ERROR_IS_OK(werr)) {
DEBUG(2,(__location__ ": doing DsBind with system_session\n"));
- auth_info = system_session(b_state, dce_call->conn->dce_ctx->lp_ctx);
+ auth_info = system_session(dce_call->conn->dce_ctx->lp_ctx);
} else {
auth_info = dce_call->conn->auth_state.session_info;
}
name = &r->in.name.string[2];
/* We need to connect to the database as system, as this is one of the rare RPC calls that must read the secrets (and this is denied otherwise) */
secret_state->sam_ldb = talloc_reference(secret_state,
- samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(secret_state, dce_call->conn->dce_ctx->lp_ctx)));
+ samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(dce_call->conn->dce_ctx->lp_ctx)));
secret_state->global = true;
if (strlen(name) < 1) {
name = &r->in.name.string[2];
/* We need to connect to the database as system, as this is one of the rare RPC calls that must read the secrets (and this is denied otherwise) */
secret_state->sam_ldb = talloc_reference(secret_state,
- samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(secret_state, dce_call->conn->dce_ctx->lp_ctx)));
+ samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(dce_call->conn->dce_ctx->lp_ctx)));
secret_state->global = true;
if (strlen(name) < 1) {
}
sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx,
- system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
+ system_session(dce_call->conn->dce_ctx->lp_ctx));
if (sam_ctx == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
&creds);
NT_STATUS_NOT_OK_RETURN(nt_status);
- sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
+ sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(dce_call->conn->dce_ctx->lp_ctx));
if (sam_ctx == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
&creds);
NT_STATUS_NOT_OK_RETURN(nt_status);
- sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
+ sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(dce_call->conn->dce_ctx->lp_ctx));
if (sam_ctx == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx,
dce_call->conn->dce_ctx->lp_ctx,
- system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
+ system_session(dce_call->conn->dce_ctx->lp_ctx));
if (sam_ctx == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
}
/* To change a password we need to open as system */
- sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
+ sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(dce_call->conn->dce_ctx->lp_ctx));
if (sam_ctx == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
}
/* To change a password we need to open as system */
- sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
+ sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(dce_call->conn->dce_ctx->lp_ctx));
if (sam_ctx == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
}
/* To change a password we need to open as system */
- sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
+ sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, system_session(dce_call->conn->dce_ctx->lp_ctx));
if (sam_ctx == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
sam_ldb_path = talloc_asprintf(s, "%s/%s", s->targetdir, "private/sam.ldb");
DEBUG(0,("Reopen the SAM LDB with system credentials and a already stored schema: %s\n", sam_ldb_path));
s->ldb = ldb_wrap_connect(s, s->tctx->ev, s->tctx->lp_ctx, sam_ldb_path,
- system_session(s, s->tctx->lp_ctx),
- NULL, 0, NULL);
+ system_session(s->tctx->lp_ctx),
+ NULL, 0);
if (!s->ldb) {
DEBUG(0,("Failed to open '%s'\n",
sam_ldb_path));
sam_ldb_path = talloc_asprintf(s, "%s/%s", s->targetdir, "private/sam.ldb");
DEBUG(0,("Reopen the SAM LDB with system credentials and all replicated data: %s\n", sam_ldb_path));
s->ldb = ldb_wrap_connect(s, s->tctx->ev, s->lp_ctx, sam_ldb_path,
- system_session(s, s->lp_ctx),
- NULL, 0, NULL);
+ system_session(s->lp_ctx),
+ NULL, 0);
if (!s->ldb) {
DEBUG(0,("Failed to open '%s'\n",
sam_ldb_path));
r.in.binding_string = NULL;
/* Needed to override the ACLs on ldb */
- r.in.session_info = system_session(libnetctx, ctx->lp_ctx);
+ r.in.session_info = system_session(ctx->lp_ctx);
status = libnet_samsync_ldb(libnetctx, libnetctx, &r);
if (!NT_STATUS_IS_OK(status)) {
{
return ldb_wrap_connect(mem_ctx, ev_ctx, lp_ctx, private_path(mem_ctx,
lp_ctx, lp_wins_config_url(lp_ctx)),
- system_session(mem_ctx, lp_ctx), NULL, 0, NULL);
+ system_session(lp_ctx), NULL, 0);
}
static uint64_t wins_config_db_get_seqnumber(struct ldb_context *ldb)