From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 14 Sep 2023 22:28:34 +0000 (+1200)
Subject: s4-auth: pass lp_ctx to auth_generate_session_info() where possible
X-Git-Tag: tevent-0.16.0~431
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f1fcbc0f101993c6e461d56446f4bca6b672905f;p=thirdparty%2Fsamba.git

s4-auth: pass lp_ctx to auth_generate_session_info() where possible

For non-testing callers of auth_generate_session_info(), passing
lp_ctx will allow us to correctly set a flag indicating if claims
should be evaluated.

For testing applications, the default will allow safe operation
inspecting the SID list.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
---

diff --git a/source4/auth/system_session.c b/source4/auth/system_session.c
index 999c0f810a2..17773776fb5 100644
--- a/source4/auth/system_session.c
+++ b/source4/auth/system_session.c
@@ -92,7 +92,7 @@ NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx,
 	}
 
 	/* references the user_info_dc into the session_info */
-	nt_status = auth_generate_session_info(parent_ctx, NULL, NULL, user_info_dc, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES, &session_info);
+	nt_status = auth_generate_session_info(parent_ctx, lp_ctx, NULL, user_info_dc, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES, &session_info);
 	talloc_free(mem_ctx);
 
 	NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -377,7 +377,7 @@ static NTSTATUS auth_domain_admin_session_info(TALLOC_CTX *parent_ctx,
 		return nt_status;
 	}
 
-	nt_status = auth_generate_session_info(mem_ctx, NULL, NULL, user_info_dc,
+	nt_status = auth_generate_session_info(mem_ctx, lp_ctx, NULL, user_info_dc,
 					       AUTH_SESSION_INFO_SIMPLE_PRIVILEGES|AUTH_SESSION_INFO_AUTHENTICATED|AUTH_SESSION_INFO_DEFAULT_GROUPS,
 					       session_info);
 	/* There is already a reference between the session_info and user_info_dc */
@@ -425,7 +425,7 @@ _PUBLIC_ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx,
 	}
 
 	/* references the user_info_dc into the session_info */
-	nt_status = auth_generate_session_info(parent_ctx, NULL, NULL, user_info_dc, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES, &session_info);
+	nt_status = auth_generate_session_info(parent_ctx, lp_ctx, NULL, user_info_dc, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES, &session_info);
 	talloc_free(mem_ctx);
 
 	NT_STATUS_NOT_OK_RETURN(nt_status);
diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c
index 207dc7cc261..409e2f30dff 100644
--- a/source4/dns_server/dlz_bind9.c
+++ b/source4/dns_server/dlz_bind9.c
@@ -595,7 +595,7 @@ static NTSTATUS b9_generate_session_info_pac(struct auth4_context *auth_context,
 
 	session_info_flags |= AUTH_SESSION_INFO_SIMPLE_PRIVILEGES;
 
-	status = auth_generate_session_info(mem_ctx, NULL, NULL, user_info_dc,
+	status = auth_generate_session_info(mem_ctx, auth_context->lp_ctx, NULL, user_info_dc,
 					    session_info_flags, session_info);
 	if (!NT_STATUS_IS_OK(status)) {
 		talloc_free(tmp_ctx);