s4-auth: pass lp_ctx to auth_generate_session_info() where possible

For non-testing callers of auth_generate_session_info(), passing
lp_ctx will allow us to correctly set a flag indicating if claims
should be evaluated.

For testing applications, the default will allow safe operation
inspecting the SID list.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

diff --git a/source4/auth/system_session.c b/source4/auth/system_session.c
index 999c0f810a201c19a521ea212ca4dda57f92f369..17773776fb5e4dad2f5a6a90c21ab42d2791fc2e 100644 (file)
--- a/source4/auth/system_session.c
+++ b/source4/auth/system_session.c
@@ -92,7 +92,7 @@ NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx,
        }
 
        /* references the user_info_dc into the session_info */
-       nt_status = auth_generate_session_info(parent_ctx, NULL, NULL, user_info_dc, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES, &session_info);
+       nt_status = auth_generate_session_info(parent_ctx, lp_ctx, NULL, user_info_dc, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES, &session_info);
        talloc_free(mem_ctx);
 
        NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -377,7 +377,7 @@ static NTSTATUS auth_domain_admin_session_info(TALLOC_CTX *parent_ctx,
                return nt_status;
        }
 
-       nt_status = auth_generate_session_info(mem_ctx, NULL, NULL, user_info_dc,
+       nt_status = auth_generate_session_info(mem_ctx, lp_ctx, NULL, user_info_dc,
                                               AUTH_SESSION_INFO_SIMPLE_PRIVILEGES|AUTH_SESSION_INFO_AUTHENTICATED|AUTH_SESSION_INFO_DEFAULT_GROUPS,
                                               session_info);
        /* There is already a reference between the session_info and user_info_dc */
@@ -425,7 +425,7 @@ _PUBLIC_ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx,
        }
 
        /* references the user_info_dc into the session_info */
-       nt_status = auth_generate_session_info(parent_ctx, NULL, NULL, user_info_dc, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES, &session_info);
+       nt_status = auth_generate_session_info(parent_ctx, lp_ctx, NULL, user_info_dc, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES, &session_info);
        talloc_free(mem_ctx);
 
        NT_STATUS_NOT_OK_RETURN(nt_status);

diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c
index 207dc7cc261b5bcc14afb465086b83342b48d648..409e2f30dff25596e4617be80e84cc9cd89f2e99 100644 (file)
--- a/source4/dns_server/dlz_bind9.c
+++ b/source4/dns_server/dlz_bind9.c
@@ -595,7 +595,7 @@ static NTSTATUS b9_generate_session_info_pac(struct auth4_context *auth_context,
 
        session_info_flags |= AUTH_SESSION_INFO_SIMPLE_PRIVILEGES;
 
-       status = auth_generate_session_info(mem_ctx, NULL, NULL, user_info_dc,
+       status = auth_generate_session_info(mem_ctx, auth_context->lp_ctx, NULL, user_info_dc,
                                            session_info_flags, session_info);
        if (!NT_STATUS_IS_OK(status)) {
                talloc_free(tmp_ctx);