const char *cli_credentials_get_username(struct cli_credentials *cred)
{
if (cred->machine_account_pending) {
- cli_credentials_set_machine_account(cred);
+ cli_credentials_set_machine_account(cred,
+ cred->machine_account_pending_lp_ctx);
}
if (cred->username_obtained == CRED_CALLBACK &&
const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx)
{
if (cred->machine_account_pending) {
- cli_credentials_set_machine_account(cred);
+ cli_credentials_set_machine_account(cred,
+ cred->machine_account_pending_lp_ctx);
}
if (cred->principal_obtained == CRED_CALLBACK &&
const char *cli_credentials_get_password(struct cli_credentials *cred)
{
if (cred->machine_account_pending) {
- cli_credentials_set_machine_account(cred);
+ cli_credentials_set_machine_account(cred,
+ cred->machine_account_pending_lp_ctx);
}
if (cred->password_obtained == CRED_CALLBACK &&
const char *cli_credentials_get_old_password(struct cli_credentials *cred)
{
if (cred->machine_account_pending) {
- cli_credentials_set_machine_account(cred);
+ cli_credentials_set_machine_account(cred,
+ cred->machine_account_pending_lp_ctx);
}
return cred->old_password;
const char *cli_credentials_get_domain(struct cli_credentials *cred)
{
if (cred->machine_account_pending) {
- cli_credentials_set_machine_account(cred);
+ cli_credentials_set_machine_account(cred,
+ cred->machine_account_pending_lp_ctx);
}
if (cred->domain_obtained == CRED_CALLBACK &&
const char *cli_credentials_get_realm(struct cli_credentials *cred)
{
if (cred->machine_account_pending) {
- cli_credentials_set_machine_account(cred);
+ cli_credentials_set_machine_account(cred,
+ cred->machine_account_pending_lp_ctx);
}
if (cred->realm_obtained == CRED_CALLBACK &&
}
if (cli_credentials_get_kerberos_state(cred) != CRED_DONT_USE_KERBEROS) {
- cli_credentials_set_ccache(cred, NULL, CRED_GUESS_FILE);
+ cli_credentials_set_ccache(cred, lp_ctx, NULL, CRED_GUESS_FILE);
}
}
const char *username;
if (cred->machine_account_pending) {
- cli_credentials_set_machine_account(cred);
+ cli_credentials_set_machine_account(cred,
+ cred->machine_account_pending_lp_ctx);
}
username = cli_credentials_get_username(cred);
/* We are flagged to get machine account details from the
* secrets.ldb when we are asked for a username or password */
-
bool machine_account_pending;
+ struct loadparm_context *machine_account_pending_lp_ctx;
/* Is this a machine account? */
bool machine_account;
* (chewing CPU time) from the password */
keytab = ldb_msg_find_attr_as_string(msgs[0], "krb5Keytab", NULL);
if (keytab) {
- cli_credentials_set_keytab_name(cred, keytab, CRED_SPECIFIED);
+ cli_credentials_set_keytab_name(cred, lp_ctx, keytab, CRED_SPECIFIED);
} else {
keytab = ldb_msg_find_attr_as_string(msgs[0], "privateKeytab", NULL);
if (keytab) {
keytab = talloc_asprintf(mem_ctx, "FILE:%s", private_path(mem_ctx, lp_ctx, keytab));
if (keytab) {
- cli_credentials_set_keytab_name(cred, keytab, CRED_SPECIFIED);
+ cli_credentials_set_keytab_name(cred, lp_ctx, keytab, CRED_SPECIFIED);
}
}
}
* @param cred Credentials structure to fill in
* @retval NTSTATUS error detailing any failure
*/
-NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred)
+NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx)
{
char *filter;
/* Bleh, nasty recursion issues: We are setting a machine
cred->machine_account_pending = false;
filter = talloc_asprintf(cred, SECRETS_PRIMARY_DOMAIN_FILTER,
cli_credentials_get_domain(cred));
- return cli_credentials_set_secrets(cred, global_loadparm, NULL,
+ return cli_credentials_set_secrets(cred, lp_ctx, NULL,
SECRETS_PRIMARY_DOMAIN_DN,
filter);
}
* @retval NTSTATUS error detailing any failure
*/
NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
const char *serviceprincipal)
{
char *filter;
cli_credentials_get_realm(cred),
cli_credentials_get_domain(cred),
serviceprincipal);
- return cli_credentials_set_secrets(cred, global_loadparm, NULL,
+ return cli_credentials_set_secrets(cred, lp_ctx, NULL,
SECRETS_PRINCIPALS_DN, filter);
}
* than during, popt processing.
*
*/
-void cli_credentials_set_machine_account_pending(struct cli_credentials *cred)
+void cli_credentials_set_machine_account_pending(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx)
{
cred->machine_account_pending = true;
+ cred->machine_account_pending_lp_ctx = lp_ctx;
}
}
int cli_credentials_set_ccache(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
const char *name,
enum credentials_obtained obtained)
{
return ENOMEM;
}
- ret = cli_credentials_get_krb5_context(cred, global_loadparm,
+ ret = cli_credentials_get_krb5_context(cred, lp_ctx,
&ccc->smb_krb5_context);
if (ret) {
talloc_free(ccc);
static int cli_credentials_new_ccache(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
struct ccache_container **_ccc)
{
krb5_error_code ret;
return ENOMEM;
}
- ret = cli_credentials_get_krb5_context(cred, global_loadparm,
+ ret = cli_credentials_get_krb5_context(cred, lp_ctx,
&ccc->smb_krb5_context);
if (ret) {
talloc_free(ccc);
}
int cli_credentials_get_ccache(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
struct ccache_container **ccc)
{
krb5_error_code ret;
if (cred->machine_account_pending) {
- cli_credentials_set_machine_account(cred);
+ cli_credentials_set_machine_account(cred, lp_ctx);
}
if (cred->ccache_obtained >= cred->ccache_threshold &&
return EINVAL;
}
- ret = cli_credentials_new_ccache(cred, ccc);
+ ret = cli_credentials_new_ccache(cred, lp_ctx, ccc);
if (ret) {
return ret;
}
}
int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
struct gssapi_creds_container **_gcc)
{
int ret = 0;
*_gcc = cred->client_gss_creds;
return 0;
}
- ret = cli_credentials_get_ccache(cred,
+ ret = cli_credentials_get_ccache(cred, lp_ctx,
&ccache);
if (ret) {
DEBUG(1, ("Failed to get CCACHE for GSSAPI client: %s\n", error_message(ret)));
*/
int cli_credentials_set_client_gss_creds(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
gss_cred_id_t gssapi_cred,
enum credentials_obtained obtained)
{
return ENOMEM;
}
- ret = cli_credentials_new_ccache(cred, &ccc);
+ ret = cli_credentials_new_ccache(cred, lp_ctx, &ccc);
if (ret != 0) {
return ret;
}
* it will be generated from the password.
*/
int cli_credentials_get_keytab(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
struct keytab_container **_ktc)
{
krb5_error_code ret;
return EINVAL;
}
- ret = cli_credentials_get_krb5_context(cred, global_loadparm,
+ ret = cli_credentials_get_krb5_context(cred, lp_ctx,
&smb_krb5_context);
if (ret) {
return ret;
* FILE:/etc/krb5.keytab), open it and attach it */
int cli_credentials_set_keytab_name(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
const char *keytab_name,
enum credentials_obtained obtained)
{
return 0;
}
- ret = cli_credentials_get_krb5_context(cred, global_loadparm, &smb_krb5_context);
+ ret = cli_credentials_get_krb5_context(cred, lp_ctx, &smb_krb5_context);
if (ret) {
return ret;
}
return ret;
}
-int cli_credentials_update_keytab(struct cli_credentials *cred)
+int cli_credentials_update_keytab(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx)
{
krb5_error_code ret;
struct keytab_container *ktc;
return ENOMEM;
}
- ret = cli_credentials_get_krb5_context(cred, global_loadparm, &smb_krb5_context);
+ ret = cli_credentials_get_krb5_context(cred, lp_ctx, &smb_krb5_context);
if (ret) {
talloc_free(mem_ctx);
return ret;
enctype_strings = cli_credentials_get_enctype_strings(cred);
- ret = cli_credentials_get_keytab(cred, &ktc);
+ ret = cli_credentials_get_keytab(cred, lp_ctx, &ktc);
if (ret != 0) {
talloc_free(mem_ctx);
return ret;
/* Get server gss credentials (in gsskrb5, this means the keytab) */
int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
struct gssapi_creds_container **_gcc)
{
int ret = 0;
return 0;
}
- ret = cli_credentials_get_krb5_context(cred, global_loadparm, &smb_krb5_context);
+ ret = cli_credentials_get_krb5_context(cred, lp_ctx, &smb_krb5_context);
if (ret) {
return ret;
}
- ret = cli_credentials_get_keytab(cred,
- &ktc);
+ ret = cli_credentials_get_keytab(cred, lp_ctx, &ktc);
if (ret) {
DEBUG(1, ("Failed to get keytab for GSSAPI server: %s\n", error_message(ret)));
return ret;
DEBUG(3, ("No machine account credentials specified\n"));
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
} else {
- ret = cli_credentials_get_server_gss_creds(machine_account, &gcc);
+ ret = cli_credentials_get_server_gss_creds(machine_account, gensec_security->lp_ctx, &gcc);
if (ret) {
DEBUG(1, ("Aquiring acceptor credentials failed: %s\n",
error_message(ret)));
return NT_STATUS_INVALID_PARAMETER;
}
- ret = cli_credentials_get_client_gss_creds(creds, &gcc);
+ ret = cli_credentials_get_client_gss_creds(creds, gensec_security->lp_ctx, &gcc);
switch (ret) {
case 0:
break;
cli_credentials_set_anonymous(session_info->credentials);
ret = cli_credentials_set_client_gss_creds(session_info->credentials,
+ gensec_security->lp_ctx,
gensec_gssapi_state->delegated_cred_handle,
CRED_SPECIFIED);
if (ret) {
principal = gensec_get_target_principal(gensec_security);
- ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security), &ccache_container);
+ ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security), gensec_security->lp_ctx, &ccache_container);
switch (ret) {
case 0:
break;
}
/* Grab the keytab, however generated */
- ret = cli_credentials_get_keytab(gensec_get_credentials(gensec_security), &keytab);
+ ret = cli_credentials_get_keytab(gensec_get_credentials(gensec_security), gensec_security->lp_ctx, &keytab);
if (ret) {
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
if (anonymous_credentials) {
cli_credentials_set_anonymous(session_info->credentials);
} else {
- cli_credentials_set_machine_account_pending(session_info->credentials);
+ cli_credentials_set_machine_account_pending(session_info->credentials, lp_ctx);
}
*_session_info = session_info;
struct dn_list *p;
for (p=data->changed_dns; p; p = p->next) {
int kret;
- kret = cli_credentials_update_keytab(p->creds);
+ kret = cli_credentials_update_keytab(p->creds, ldb_get_opaque(module->ldb, "loadparm"));
if (kret != 0) {
talloc_free(data->changed_dns);
data->changed_dns = NULL;
* we already have, rather than a new context */
cli_credentials_set_krb5_context(server_credentials, kdc->smb_krb5_context);
cli_credentials_set_conf(server_credentials, kdc->task->lp_ctx);
- nt_status = cli_credentials_set_stored_principal(server_credentials, "kadmin/changepw");
+ nt_status = cli_credentials_set_stored_principal(server_credentials, kdc->task->lp_ctx, "kadmin/changepw");
if (!NT_STATUS_IS_OK(nt_status)) {
ret = kpasswdd_make_unauth_error_reply(kdc, mem_ctx,
KRB5_KPASSWD_HARDERROR,
}
cli_credentials_set_conf(server_credentials, conn->lp_ctx);
- status = cli_credentials_set_machine_account(server_credentials);
+ status = cli_credentials_set_machine_account(server_credentials, conn->lp_ctx);
if (!NT_STATUS_IS_OK(status)) {
stream_terminate_connection(c, talloc_asprintf(conn, "Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(status)));
return;
case 'P':
/* Later, after this is all over, get the machine account details from the secrets.ldb */
- cli_credentials_set_machine_account_pending(cmdline_credentials);
+ cli_credentials_set_machine_account_pending(cmdline_credentials, cmdline_lp_ctx);
break;
case OPT_KERBEROS:
#include "param/param.h"
static NTSTATUS samdump_keytab_handle_user(TALLOC_CTX *mem_ctx,
+ struct loadparm_context *lp_ctx,
const char *keytab_name,
struct netr_DELTA_ENUM *delta)
{
if (!credentials) {
return NT_STATUS_NO_MEMORY;
}
- cli_credentials_set_conf(credentials, global_loadparm);
+ cli_credentials_set_conf(credentials, lp_ctx);
cli_credentials_set_username(credentials, username, CRED_SPECIFIED);
/* We really should consult ldap in the main SamSync code, and
* pass a value in here */
cli_credentials_set_kvno(credentials, 0);
cli_credentials_set_nt_hash(credentials, &user->ntpassword, CRED_SPECIFIED);
- ret = cli_credentials_set_keytab_name(credentials, keytab_name, CRED_SPECIFIED);
+ ret = cli_credentials_set_keytab_name(credentials, lp_ctx, keytab_name, CRED_SPECIFIED);
if (ret) {
return NT_STATUS_UNSUCCESSFUL;
}
- ret = cli_credentials_update_keytab(credentials);
+ ret = cli_credentials_update_keytab(credentials, lp_ctx);
if (ret) {
return NT_STATUS_UNSUCCESSFUL;
}
/* not interested in builtin users */
if (database == SAM_DATABASE_DOMAIN) {
nt_status = samdump_keytab_handle_user(mem_ctx,
+ global_loadparm,
keytab_name,
delta);
break;
return NT_STATUS_NO_MEMORY;
}
cli_credentials_set_conf(machine_account, ctx->lp_ctx);
- nt_status = cli_credentials_set_machine_account(machine_account);
+ nt_status = cli_credentials_set_machine_account(machine_account, ctx->lp_ctx);
if (!NT_STATUS_IS_OK(nt_status)) {
r->out.error_string = talloc_strdup(mem_ctx, "Could not obtain machine account password - are we joined to the domain?");
talloc_free(samsync_ctx);
if (domain) {
cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
}
- status = cli_credentials_set_machine_account(credentials);
+ status = cli_credentials_set_machine_account(credentials, ntvfs->ctx->lp_ctx);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
}
cli_credentials_set_conf(server_credentials, call->conn->dce_ctx->lp_ctx);
- status = cli_credentials_set_machine_account(server_credentials);
+ status = cli_credentials_set_machine_account(server_credentials, call->conn->dce_ctx->lp_ctx);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(status)));
talloc_free(server_credentials);
if (domain) {
cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
}
- status = cli_credentials_set_machine_account(credentials);
+ status = cli_credentials_set_machine_account(credentials, dce_call->conn->dce_ctx->lp_ctx);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
return -1;
}
- if (NT_STATUS_IS_OK(cli_credentials_set_machine_account(creds))) {
+ if (NT_STATUS_IS_OK(cli_credentials_set_machine_account(creds, global_loadparm))) {
mpr_Return(eid, mprCreateBoolVar(true));
} else {
mpr_Return(eid, mprCreateBoolVar(false));
}
cli_credentials_set_conf(server_credentials, req->smb_conn->lp_ctx);
- nt_status = cli_credentials_set_machine_account(server_credentials);
+ nt_status = cli_credentials_set_machine_account(server_credentials, req->smb_conn->lp_ctx);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(10, ("Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(nt_status)));
talloc_free(server_credentials);
}
cli_credentials_set_conf(server_credentials, req->smb_conn->lp_ctx);
- nt_status = cli_credentials_set_machine_account(server_credentials);
+ nt_status = cli_credentials_set_machine_account(server_credentials, req->smb_conn->lp_ctx);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(10, ("Failed to obtain server credentials, perhaps a standalone server?: %s\n", nt_errstr(nt_status)));
talloc_free(server_credentials);
switch (stdio_helper_mode) {
case GSS_SPNEGO_SERVER:
case SQUID_2_5_NTLMSSP:
- cli_credentials_set_machine_account(creds);
+ cli_credentials_set_machine_account(creds, lp_ctx);
break;
default:
break;
/* Connect the machine account to the credentials */
state->ctx->status =
- cli_credentials_set_machine_account(state->domain->libnet_ctx->cred);
+ cli_credentials_set_machine_account(state->domain->libnet_ctx->cred, state->domain->libnet_ctx->lp_ctx);
if (!NT_STATUS_IS_OK(state->ctx->status)) goto failed;
state->domain->netlogon_binding = init_domain_binding(state, &ndr_table_netlogon);