This will allow us to pass this down to the tdb_wrap layer.
Andrew Bartlett
struct schannel_state;
struct tdb_wrap *open_schannel_session_store(TALLOC_CTX *mem_ctx,
- const char *private_dir);
+ struct loadparm_context *lp_ctx);
NTSTATUS netsec_incoming_packet(struct schannel_state *state,
bool do_unseal,
#define _LIBCLI_AUTH_SCHANNEL_STATE_H__
NTSTATUS schannel_get_creds_state(TALLOC_CTX *mem_ctx,
- const char *db_priv_dir,
+ struct loadparm_context *lp_ctx,
const char *computer_name,
struct netlogon_creds_CredentialState **creds);
NTSTATUS schannel_save_creds_state(TALLOC_CTX *mem_ctx,
- const char *db_priv_dir,
+ struct loadparm_context *lp_ctx,
struct netlogon_creds_CredentialState *creds);
NTSTATUS schannel_check_creds_state(TALLOC_CTX *mem_ctx,
- const char *db_priv_dir,
+ struct loadparm_context *lp_ctx,
const char *computer_name,
struct netr_Authenticator *received_authenticator,
struct netr_Authenticator *return_authenticator,
#include "system/filesys.h"
#include "../lib/tdb_compat/tdb_compat.h"
#include "../lib/util/util_tdb.h"
+#include "../lib/param/param.h"
#include "../libcli/auth/schannel.h"
#include "../librpc/gen_ndr/ndr_schannel.h"
#include "lib/util/tdb_wrap.h"
*******************************************************************************/
struct tdb_wrap *open_schannel_session_store(TALLOC_CTX *mem_ctx,
- const char *private_dir)
+ struct loadparm_context *lp_ctx)
{
struct tdb_wrap *tdb_sc = NULL;
- char *fname = talloc_asprintf(mem_ctx, "%s/schannel_store.tdb", private_dir);
+ char *fname = lpcfg_private_path(mem_ctx, lp_ctx, "schannel_store.tdb");
if (!fname) {
return NULL;
*******************************************************************************/
NTSTATUS schannel_get_creds_state(TALLOC_CTX *mem_ctx,
- const char *db_priv_dir,
+ struct loadparm_context *lp_ctx,
const char *computer_name,
struct netlogon_creds_CredentialState **_creds)
{
return NT_STATUS_NO_MEMORY;
}
- tdb_sc = open_schannel_session_store(tmpctx, db_priv_dir);
+ tdb_sc = open_schannel_session_store(tmpctx, lp_ctx);
if (!tdb_sc) {
return NT_STATUS_ACCESS_DENIED;
}
*******************************************************************************/
NTSTATUS schannel_save_creds_state(TALLOC_CTX *mem_ctx,
- const char *db_priv_dir,
+ struct loadparm_context *lp_ctx,
struct netlogon_creds_CredentialState *creds)
{
TALLOC_CTX *tmpctx;
return NT_STATUS_NO_MEMORY;
}
- tdb_sc = open_schannel_session_store(tmpctx, db_priv_dir);
+ tdb_sc = open_schannel_session_store(tmpctx, lp_ctx);
if (!tdb_sc) {
return NT_STATUS_ACCESS_DENIED;
}
********************************************************************/
NTSTATUS schannel_check_creds_state(TALLOC_CTX *mem_ctx,
- const char *db_priv_dir,
+ struct loadparm_context *lp_ctx,
const char *computer_name,
struct netr_Authenticator *received_authenticator,
struct netr_Authenticator *return_authenticator,
return NT_STATUS_NO_MEMORY;
}
- tdb_sc = open_schannel_session_store(tmpctx, db_priv_dir);
+ tdb_sc = open_schannel_session_store(tmpctx, lp_ctx);
if (!tdb_sc) {
status = NT_STATUS_ACCESS_DENIED;
goto done;
bld.SAMBA_SUBSYSTEM('COMMON_SCHANNEL',
source='schannel_state_tdb.c schannel_sign.c',
- deps='tdb-wrap UTIL_TDB'
+ deps='tdb-wrap UTIL_TDB samba-hostconfig'
)
#include "auth.h"
#include "messages.h"
#include "../lib/tsocket/tsocket.h"
+#include "lib/param/param.h"
extern userdom_struct current_user_info;
* so use a copy to avoid destroying the client values. */
uint32_t in_neg_flags = *r->in.negotiate_flags;
const char *fn;
+ struct loadparm_context *lp_ctx;
struct dom_sid sid;
struct samr_Password mach_pwd;
struct netlogon_creds_CredentialState *creds;
goto out;
}
+ lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_context());
+ if (lp_ctx == NULL) {
+ DEBUG(10, ("loadparm_init_s3 failed\n"));
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto out;
+ }
+
/* Store off the state so we can continue after client disconnect. */
become_root();
- status = schannel_save_creds_state(p->mem_ctx, lp_private_dir(), creds);
+ status = schannel_save_creds_state(p->mem_ctx, lp_ctx, creds);
unbecome_root();
+ talloc_unlink(p->mem_ctx, lp_ctx);
+
if (!NT_STATUS_IS_OK(status)) {
goto out;
}
{
NTSTATUS status;
bool schannel_global_required = (lp_server_schannel() == true) ? true:false;
+ struct loadparm_context *lp_ctx;
if (schannel_global_required) {
status = schannel_check_required(&p->auth,
}
}
- status = schannel_check_creds_state(mem_ctx, lp_private_dir(),
+ lp_ctx = loadparm_init_s3(mem_ctx, loadparm_s3_context());
+ if (lp_ctx == NULL) {
+ DEBUG(0, ("loadparm_init_s3 failed\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ status = schannel_check_creds_state(mem_ctx, lp_ctx,
computer_name, received_authenticator,
return_authenticator, creds_out);
-
+ talloc_unlink(mem_ctx, lp_ctx);
return status;
}
{
NTSTATUS status;
struct netlogon_creds_CredentialState *creds = NULL;
+ struct loadparm_context *lp_ctx;
*r->out.authoritative = true;
return NT_STATUS_INVALID_PARAMETER;
}
+ lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_context());
+ if (lp_ctx == NULL) {
+ DEBUG(0, ("loadparm_init_s3 failed\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
become_root();
- status = schannel_get_creds_state(p->mem_ctx, lp_private_dir(),
+ status = schannel_get_creds_state(p->mem_ctx, lp_ctx,
r->in.computer_name, &creds);
unbecome_root();
+ talloc_unlink(p->mem_ctx, lp_ctx);
+
if (!NT_STATUS_IS_OK(status)) {
return status;
}
NTSTATUS status;
struct netlogon_creds_CredentialState *creds;
struct lsa_ForestTrustInformation *info, **info_ptr;
+ struct loadparm_context *lp_ctx;
/* TODO: check server name */
- status = schannel_check_creds_state(p->mem_ctx, lp_private_dir(),
+ lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_context());
+ if (lp_ctx == NULL) {
+ DEBUG(0, ("loadparm_init_s3 failed\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ status = schannel_check_creds_state(p->mem_ctx, lp_ctx,
r->in.computer_name,
r->in.credential,
r->out.return_authenticator,
&creds);
+ talloc_unlink(p->mem_ctx, lp_ctx);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
struct samr_Password *new_owf_enc;
struct samr_Password *old_owf_enc;
DATA_BLOB session_key;
+ struct loadparm_context *lp_ctx;
+
+ lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_context());
+ if (lp_ctx == NULL) {
+ DEBUG(0, ("loadparm_init_s3 failed\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
/* TODO: check server name */
- status = schannel_check_creds_state(p->mem_ctx, lp_private_dir(),
+ status = schannel_check_creds_state(p->mem_ctx, lp_ctx,
r->in.computer_name,
r->in.credential,
r->out.return_authenticator,
&creds);
+ talloc_unlink(p->mem_ctx, lp_ctx);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
#include "ntdomain.h"
#include "rpc_server/srv_pipe.h"
#include "rpc_server/rpc_contexts.h"
+#include "lib/param/param.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_SRV
struct netlogon_creds_CredentialState *creds;
enum ndr_err_code ndr_err;
struct schannel_state *schannel_auth;
+ struct loadparm_context *lp_ctx;
ndr_err = ndr_pull_struct_blob(
&auth_info->credentials, mem_ctx, &neg,
return false;
}
+ lp_ctx = loadparm_init_s3(p, loadparm_s3_context());
+ if (!lp_ctx) {
+ DEBUG(0,("pipe_schannel_auth_bind: loadparm_init_s3() failed!\n"));
+ return false;
+ }
+
/*
* The neg.oem_netbios_computer.a key here must match the remote computer name
* given in the DOM_CLNT_SRV.uni_comp_name used on all netlogon pipe
*/
become_root();
- status = schannel_get_creds_state(p, lp_private_dir(),
+ status = schannel_get_creds_state(p, lp_ctx,
neg.oem_netbios_computer.a, &creds);
unbecome_root();
-
+
+ talloc_unlink(p, lp_ctx);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("pipe_schannel_auth_bind: Attempt to bind using schannel without successful serverauth2\n"));
return False;
#include "messages.h"
#include "smbprofile.h"
#include "lib/id_cache.h"
+#include "lib/param/param.h"
extern void start_epmd(struct tevent_context *ev_ctx,
struct messaging_context *msg_ctx);
}
if (lp_server_role() == ROLE_DOMAIN_BDC || lp_server_role() == ROLE_DOMAIN_PDC) {
- if (!open_schannel_session_store(NULL, lp_private_dir())) {
+ struct loadparm_context *lp_ctx = loadparm_init_s3(NULL, loadparm_s3_context());
+ if (!open_schannel_session_store(NULL, lp_ctx)) {
DEBUG(0,("ERROR: Samba cannot open schannel store for secured NETLOGON operations.\n"));
exit(1);
}
+ TALLOC_FREE(lp_ctx);
}
if(!get_global_sam_sid()) {
}
status = schannel_get_creds_state(out_mem_ctx,
- lpcfg_private_dir(gensec_security->settings->lp_ctx),
+ gensec_security->settings->lp_ctx,
workstation, &creds);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(3, ("Could not find session key for attempted schannel connection from %s: %s\n",
creds->sid = samdb_result_dom_sid(creds, msgs[0], "objectSid");
nt_status = schannel_save_creds_state(mem_ctx,
- lpcfg_private_dir(dce_call->conn->dce_ctx->lp_ctx),
+ dce_call->conn->dce_ctx->lp_ctx,
creds);
return nt_status;
}
nt_status = schannel_check_creds_state(mem_ctx,
- lpcfg_private_dir(dce_call->conn->dce_ctx->lp_ctx),
+ dce_call->conn->dce_ctx->lp_ctx,
computer_name,
received_authenticator,
return_authenticator,
}
nt_status = schannel_get_creds_state(mem_ctx,
- lpcfg_private_dir(dce_call->conn->dce_ctx->lp_ctx),
+ dce_call->conn->dce_ctx->lp_ctx,
r->in.computer_name, &creds);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
if (lpcfg_server_role(cmdline_lp_ctx) == ROLE_DOMAIN_CONTROLLER) {
- if (!open_schannel_session_store(talloc_autofree_context(), lpcfg_private_dir(cmdline_lp_ctx))) {
+ if (!open_schannel_session_store(talloc_autofree_context(), cmdline_lp_ctx)) {
DEBUG(0,("ERROR: Samba cannot open schannel store for secured NETLOGON operations.\n"));
exit(1);
}