}
/* decode and verify the pac */
- nt_status = kerberos_pac_logon_info(mem_ctx, &logon_info, pac_blob,
+ nt_status = kerberos_pac_logon_info(mem_ctx, lp_iconv_convenience(gensec_security->lp_ctx), &logon_info, pac_blob,
gensec_gssapi_state->smb_krb5_context->krb5_context,
NULL, keyblock, principal, authtime, NULL);
krb5_free_principal(gensec_gssapi_state->smb_krb5_context->krb5_context, principal);
}
/* decode and verify the pac */
- nt_status = kerberos_pac_logon_info(gensec_krb5_state, &logon_info, pac,
+ nt_status = kerberos_pac_logon_info(gensec_krb5_state,
+ lp_iconv_convenience(gensec_security->lp_ctx),
+ &logon_info, pac,
gensec_krb5_state->smb_krb5_context->krb5_context,
NULL, gensec_krb5_state->keyblock,
client_principal,
struct smb_krb5_context *smb_krb5_context,
krb5_principal *princ);
NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
+ struct smb_iconv_convenience *iconv_convenience,
struct PAC_DATA **pac_data_out,
DATA_BLOB blob,
krb5_context context,
time_t tgs_authtime,
krb5_error_code *k5ret);
NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx,
+ struct smb_iconv_convenience *iconv_convenience,
struct PAC_LOGON_INFO **logon_info,
DATA_BLOB blob,
krb5_context context,
time_t tgs_authtime,
krb5_error_code *k5ret);
krb5_error_code kerberos_encode_pac(TALLOC_CTX *mem_ctx,
+ struct smb_iconv_convenience *iconv_convenience,
struct PAC_DATA *pac_data,
krb5_context context,
const krb5_keyblock *krbtgt_keyblock,
const krb5_keyblock *service_keyblock,
DATA_BLOB *pac);
krb5_error_code kerberos_create_pac(TALLOC_CTX *mem_ctx,
+ struct smb_iconv_convenience *iconv_convenience,
struct auth_serversupplied_info *server_info,
krb5_context context,
const krb5_keyblock *krbtgt_keyblock,
}
NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
+ struct smb_iconv_convenience *iconv_convenience,
struct PAC_DATA **pac_data_out,
DATA_BLOB blob,
krb5_context context,
struct PAC_LOGON_NAME *logon_name = NULL;
struct PAC_DATA *pac_data;
struct PAC_DATA_RAW *pac_data_raw;
- struct smb_iconv_convenience *iconv_convenience = lp_iconv_convenience(global_loadparm);
DATA_BLOB *srv_sig_blob = NULL;
DATA_BLOB *kdc_sig_blob = NULL;
}
_PUBLIC_ NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx,
+ struct smb_iconv_convenience *iconv_convenience,
struct PAC_LOGON_INFO **logon_info,
DATA_BLOB blob,
krb5_context context,
NTSTATUS nt_status;
struct PAC_DATA *pac_data;
int i;
- nt_status = kerberos_decode_pac(mem_ctx, &pac_data,
+ nt_status = kerberos_decode_pac(mem_ctx,
+ iconv_convenience,
+ &pac_data,
blob,
context,
krbtgt_keyblock,
}
krb5_error_code kerberos_encode_pac(TALLOC_CTX *mem_ctx,
+ struct smb_iconv_convenience *iconv_convenience,
struct PAC_DATA *pac_data,
krb5_context context,
const krb5_keyblock *krbtgt_keyblock,
struct PAC_SIGNATURE_DATA *kdc_checksum = NULL;
struct PAC_SIGNATURE_DATA *srv_checksum = NULL;
int i;
- struct smb_iconv_convenience *iconv_convenience = lp_iconv_convenience(global_loadparm);
/* First, just get the keytypes filled in (and lengths right, eventually) */
for (i=0; i < pac_data->num_buffers; i++) {
krb5_error_code kerberos_create_pac(TALLOC_CTX *mem_ctx,
+ struct smb_iconv_convenience *iconv_convenience,
struct auth_serversupplied_info *server_info,
krb5_context context,
const krb5_keyblock *krbtgt_keyblock,
unix_to_nt_time(&LOGON_NAME->logon_time, tgs_authtime);
ret = kerberos_encode_pac(mem_ctx,
+ iconv_convenience,
pac_data,
context,
krbtgt_keyblock,
}
static krb5_error_code LDB_message2entry_keys(krb5_context context,
+ struct smb_iconv_convenience *iconv_convenience,
TALLOC_CTX *mem_ctx,
struct ldb_message *msg,
unsigned int userAccountControl,
/* supplementalCredentials if present */
if (sc_val) {
- ndr_err = ndr_pull_struct_blob_all(sc_val, mem_ctx, lp_iconv_convenience(global_loadparm), &scb,
+ ndr_err = ndr_pull_struct_blob_all(sc_val, mem_ctx, iconv_convenience, &scb,
(ndr_pull_flags_fn_t)ndr_pull_supplementalCredentialsBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
dump_data(0, sc_val->data, sc_val->length);
talloc_steal(mem_ctx, blob.data);
/* TODO: use ndr_pull_struct_blob_all(), when the ndr layer handles it correct with relative pointers */
- ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, lp_iconv_convenience(global_loadparm), &_pkb,
+ ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, iconv_convenience, &_pkb,
(ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
krb5_set_error_string(context, "LDB_message2entry_keys: could not parse package_PrimaryKerberosBlob");
krb5_boolean is_computer = FALSE;
const char *dnsdomain = ldb_msg_find_attr_as_string(realm_ref_msg, "dnsRoot", NULL);
char *realm = strupper_talloc(mem_ctx, dnsdomain);
+ struct loadparm_context *lp_ctx = ldb_get_opaque((struct ldb_context *)db->hdb_db, "loadparm");
struct ldb_dn *domain_dn = samdb_result_dn((struct ldb_context *)db->hdb_db,
mem_ctx,
realm_ref_msg,
entry_ex->entry.flags.ok_as_delegate = 1;
}
- if (lp_parm_bool(global_loadparm, NULL, "kdc", "require spn for service", true)) {
+ if (lp_parm_bool(lp_ctx, NULL, "kdc", "require spn for service", true)) {
if (!is_computer && !ldb_msg_find_attr_as_string(msg, "servicePrincipalName", NULL)) {
entry_ex->entry.flags.server = 0;
}
entry_ex->entry.generation = NULL;
/* Get keys from the db */
- ret = LDB_message2entry_keys(context, private, msg, userAccountControl, entry_ex);
+ ret = LDB_message2entry_keys(context, lp_iconv_convenience(lp_ctx), private, msg, userAccountControl, entry_ex);
if (ret) {
/* Could be bougus data in the entry, or out of memory */
goto out;
TDR_PULL_NEED_BYTES(tdr, el_size*length);
- ret = convert_string_talloc(ctx, lp_iconv_convenience(global_loadparm), chset, CH_UNIX, tdr->data.data+tdr->offset, el_size*length, discard_const_p(void *, v));
+ ret = convert_string_talloc(ctx, tdr->iconv_convenience, chset, CH_UNIX, tdr->data.data+tdr->offset, el_size*length, discard_const_p(void *, v));
if (ret == -1) {
return NT_STATUS_INVALID_PARAMETER;
}
/* OK, go ahead and make a PAC */
- ret = kerberos_create_pac(mem_ctx, server_info,
+ ret = kerberos_create_pac(mem_ctx,
+ lp_iconv_convenience(tctx->lp_ctx),
+ server_info,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,
&server_keyblock,
dump_data(10,tmp_blob.data,tmp_blob.length);
/* Now check that we can read it back */
- nt_status = kerberos_decode_pac(mem_ctx, &pac_data,
+ nt_status = kerberos_decode_pac(mem_ctx,
+ lp_iconv_convenience(tctx->lp_ctx),
+ &pac_data,
tmp_blob,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,
}
/* Now check that we can read it back */
- nt_status = kerberos_pac_logon_info(mem_ctx, &logon_info,
+ nt_status = kerberos_pac_logon_info(mem_ctx,
+ lp_iconv_convenience(tctx->lp_ctx),
+ &logon_info,
tmp_blob,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,
}
/* Decode and verify the signaure on the PAC */
- nt_status = kerberos_decode_pac(mem_ctx, &pac_data,
+ nt_status = kerberos_decode_pac(mem_ctx,
+ lp_iconv_convenience(tctx->lp_ctx),
+ &pac_data,
tmp_blob,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,
}
/* Parse the PAC again, for the logon info this time */
- nt_status = kerberos_pac_logon_info(mem_ctx, &logon_info,
+ nt_status = kerberos_pac_logon_info(mem_ctx,
+ lp_iconv_convenience(tctx->lp_ctx),
+ &logon_info,
tmp_blob,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,
}
ret = kerberos_encode_pac(mem_ctx,
+ lp_iconv_convenience(tctx->lp_ctx),
pac_data,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,
}
ret = kerberos_create_pac(mem_ctx,
+ lp_iconv_convenience(tctx->lp_ctx),
server_info_out,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,
}
/* Break the auth time, to ensure we check this vital detail (not setting this caused all the pain in the first place... */
- nt_status = kerberos_decode_pac(mem_ctx, &pac_data,
+ nt_status = kerberos_decode_pac(mem_ctx,
+ lp_iconv_convenience(tctx->lp_ctx),
+ &pac_data,
tmp_blob,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,
smb_get_krb5_error_message(smb_krb5_context->krb5_context, ret, mem_ctx)));
}
- nt_status = kerberos_decode_pac(mem_ctx, &pac_data,
+ nt_status = kerberos_decode_pac(mem_ctx,
+ lp_iconv_convenience(tctx->lp_ctx),
+ &pac_data,
tmp_blob,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,
/* Finally... Bugger up the signature, and check we fail the checksum */
tmp_blob.data[tmp_blob.length - 2]++;
- nt_status = kerberos_decode_pac(mem_ctx, &pac_data,
+ nt_status = kerberos_decode_pac(mem_ctx,
+ lp_iconv_convenience(tctx->lp_ctx),
+ &pac_data,
tmp_blob,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,
return NT_STATUS_OK;
}
-static NTSTATUS rap_cli_do_call(struct smbcli_tree *tree, struct rap_call *call)
+static NTSTATUS rap_cli_do_call(struct smbcli_tree *tree,
+ struct smb_iconv_convenience *iconv_convenience,
+ struct rap_call *call)
{
NTSTATUS result;
DATA_BLOB param_blob;
struct ndr_push *params;
struct smb_trans2 trans;
- params = ndr_push_init_ctx(call, lp_iconv_convenience(global_loadparm));
+ params = ndr_push_init_ctx(call, iconv_convenience);
if (params == NULL)
return NT_STATUS_NO_MEMORY;
return result;
call->ndr_pull_param = ndr_pull_init_blob(&trans.out.params, call,
- lp_iconv_convenience(global_loadparm));
+ iconv_convenience);
call->ndr_pull_param->flags = RAPNDR_FLAGS;
call->ndr_pull_data = ndr_pull_init_blob(&trans.out.data, call,
- lp_iconv_convenience(global_loadparm));
+ iconv_convenience);
call->ndr_pull_data->flags = RAPNDR_FLAGS;
return result;
static NTSTATUS smbcli_rap_netshareenum(struct smbcli_tree *tree,
+ struct smb_iconv_convenience *iconv_convenience,
TALLOC_CTX *mem_ctx,
struct rap_NetShareEnum *r)
{
break;
}
- result = rap_cli_do_call(tree, call);
+ result = rap_cli_do_call(tree, iconv_convenience, call);
if (!NT_STATUS_IS_OK(result))
goto done;
r.in.bufsize = 8192;
torture_assert_ntstatus_ok(tctx,
- smbcli_rap_netshareenum(cli->tree, tctx, &r), "");
+ smbcli_rap_netshareenum(cli->tree, lp_iconv_convenience(tctx->lp_ctx), tctx, &r), "");
for (i=0; i<r.out.count; i++) {
printf("%s %d %s\n", r.out.info[i].info1.name,
}
static NTSTATUS smbcli_rap_netserverenum2(struct smbcli_tree *tree,
+ struct smb_iconv_convenience *iconv_convenience,
TALLOC_CTX *mem_ctx,
struct rap_NetServerEnum2 *r)
{
break;
}
- result = rap_cli_do_call(tree, call);
+ result = rap_cli_do_call(tree, iconv_convenience, call);
if (!NT_STATUS_IS_OK(result))
goto done;
r.in.domain = NULL;
torture_assert_ntstatus_ok(tctx,
- smbcli_rap_netserverenum2(cli->tree, tctx, &r), "");
+ smbcli_rap_netserverenum2(cli->tree, lp_iconv_convenience(tctx->lp_ctx), tctx, &r), "");
for (i=0; i<r.out.count; i++) {
switch (r.in.level) {
}
_PUBLIC_ NTSTATUS smbcli_rap_netservergetinfo(struct smbcli_tree *tree,
+ struct smb_iconv_convenience *iconv_convenience,
TALLOC_CTX *mem_ctx,
struct rap_WserverGetInfo *r)
{
goto done;
}
- result = rap_cli_do_call(tree, call);
+ result = rap_cli_do_call(tree, iconv_convenience, call);
if (!NT_STATUS_IS_OK(result))
goto done;
r.in.bufsize = 0xffff;
r.in.level = 0;
- torture_assert_ntstatus_ok(tctx, smbcli_rap_netservergetinfo(cli->tree, tctx, &r), "");
+ torture_assert_ntstatus_ok(tctx, smbcli_rap_netservergetinfo(cli->tree, lp_iconv_convenience(tctx->lp_ctx), tctx, &r), "");
r.in.level = 1;
- torture_assert_ntstatus_ok(tctx, smbcli_rap_netservergetinfo(cli->tree, tctx, &r), "");
+ torture_assert_ntstatus_ok(tctx, smbcli_rap_netservergetinfo(cli->tree, lp_iconv_convenience(tctx->lp_ctx), tctx, &r), "");
return res;
}
struct rap_call *call = new_rap_cli_call(torture, callno);
NTSTATUS result;
- result = rap_cli_do_call(cli->tree, call);
+ result = rap_cli_do_call(cli->tree, lp_iconv_convenience(torture->lp_ctx), call);
if (!NT_STATUS_EQUAL(result, NT_STATUS_INVALID_PARAMETER))
continue;
}
static NTSTATUS get_servername(TALLOC_CTX *mem_ctx, struct smbcli_tree *tree,
+ struct smb_iconv_convenience *iconv_convenience,
char **name)
{
struct rap_WserverGetInfo r;
r.in.level = 0;
r.in.bufsize = 0xffff;
- status = smbcli_rap_netservergetinfo(tree, mem_ctx, &r);
+ status = smbcli_rap_netservergetinfo(tree, iconv_convenience, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
return false;
}
- status = get_servername(mem_ctx, cli->tree, &servername);
+ status = get_servername(mem_ctx, cli->tree, lp_iconv_convenience(torture->lp_ctx), &servername);
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, "(%s) get_servername returned %s\n",
__location__, nt_errstr(status));
return false;
}
- status = get_servername(mem_ctx, cli->tree, &servername);
+ status = get_servername(mem_ctx, cli->tree, lp_iconv_convenience(torture->lp_ctx), &servername);
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, "(%s) get_servername returned %s\n",
__location__, nt_errstr(status));
git.samba.org / samba.git / commitdiff