r26228: Store loadparm context in auth context, move more loadparm_contexts up the call stack.

(This used to be commit ba75f1613a9aac69dd5df94dd8a2b37820acd166)

9 files changed, 40 insertions, 28 deletions

diff --git a/source4/auth/auth.c b/source4/auth/auth.c
index e4af53d25e..b915a43e39 100644
--- a/source4/auth/auth.c
+++ b/source4/auth/auth.c
@@ -353,6 +353,7 @@ NTSTATUS auth_check_password_recv(struct auth_check_password_request *req,
 NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods, 
 				     struct event_context *ev,
 				     struct messaging_context *msg,
+				     struct loadparm_context *lp_ctx,
 				     struct auth_context **auth_ctx)
 {
 	int i;
@@ -381,6 +382,7 @@ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods,
 	ctx->methods			= NULL;
 	ctx->event_ctx			= ev;
 	ctx->msg_ctx			= msg;
+	ctx->lp_ctx			= lp_ctx;
 
 	for (i=0; methods[i] ; i++) {
 		struct auth_method_context *method;
@@ -429,7 +431,7 @@ NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx,
 		auth_methods = lp_parm_string_list(lp_ctx, NULL, "auth methods", "domain controller", NULL);
 		break;
 	}
-	return auth_context_create_methods(mem_ctx, auth_methods, ev, msg, auth_ctx);
+	return auth_context_create_methods(mem_ctx, auth_methods, ev, msg, lp_ctx, auth_ctx);
 }
 
 
diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index 95819fbaf3..ff7132c3ff 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -168,6 +168,9 @@ struct auth_context {
 
 	/* the messaging context which can be used by backends */
 	struct messaging_context *msg_ctx;
+
+	/* loadparm context */
+	struct loadparm_context *lp_ctx;
 };
 
 /* this structure is used by backends to determine the size of some critical types */
diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c
index 42e5ae9e7e..812c80f4d0 100644
--- a/source4/auth/auth_sam.c
+++ b/source4/auth/auth_sam.c
@@ -151,7 +151,7 @@ static NTSTATUS authsam_password_ok(struct auth_context *auth_context,
 	NTSTATUS status;
 
 	if (acct_flags & ACB_PWNOTREQ) {
-		if (lp_null_passwords(global_loadparm)) {
+		if (lp_null_passwords(auth_context->lp_ctx)) {
 			DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", 
 				 user_info->mapped.account_name));
 			return NT_STATUS_OK;
@@ -181,6 +181,7 @@ static NTSTATUS authsam_password_ok(struct auth_context *auth_context,
 		*lm_sess_key = data_blob(NULL, 0);
 		*user_sess_key = data_blob(NULL, 0);
 		status = hash_password_check(mem_ctx, 
+					     auth_context->lp_ctx,
 					     user_info->password.hash.lanman,
 					     user_info->password.hash.nt,
 					     user_info->mapped.account_name,
@@ -189,7 +190,9 @@ static NTSTATUS authsam_password_ok(struct auth_context *auth_context,
 		break;
 		
 	case AUTH_PASSWORD_RESPONSE:
-		status = ntlm_password_check(mem_ctx, user_info->logon_parameters, 
+		status = ntlm_password_check(mem_ctx, 
+					     auth_context->lp_ctx,
+					     user_info->logon_parameters, 
 					     &auth_context->challenge.data, 
 					     &user_info->password.response.lanman, 
 					     &user_info->password.response.nt,
@@ -283,7 +286,7 @@ static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	sam_ctx = samdb_connect(tmp_ctx, global_loadparm, system_session(mem_ctx));
+	sam_ctx = samdb_connect(tmp_ctx, ctx->auth_ctx->lp_ctx, system_session(mem_ctx));
 	if (sam_ctx == NULL) {
 		talloc_free(tmp_ctx);
 		return NT_STATUS_INVALID_SYSTEM_SERVICE;
@@ -348,13 +351,13 @@ static NTSTATUS authsam_want_check(struct auth_method_context *ctx,
 		return NT_STATUS_NOT_IMPLEMENTED;
 	}
 
-	is_local_name = lp_is_myname(global_loadparm, 
+	is_local_name = lp_is_myname(ctx->auth_ctx->lp_ctx, 
 				  user_info->mapped.domain_name);
-	is_my_domain  = lp_is_mydomain(global_loadparm, 
+	is_my_domain  = lp_is_mydomain(ctx->auth_ctx->lp_ctx, 
 				       user_info->mapped.domain_name); 
 
 	/* check whether or not we service this domain/workgroup name */
-	switch (lp_server_role(global_loadparm)) {
+	switch (lp_server_role(ctx->auth_ctx->lp_ctx)) {
 		case ROLE_STANDALONE:
 			return NT_STATUS_OK;
 
@@ -390,14 +393,14 @@ static NTSTATUS authsam_check_password(struct auth_method_context *ctx,
 	const char *domain;
 
 	/* check whether or not we service this domain/workgroup name */
-	switch (lp_server_role(global_loadparm)) {
+	switch (lp_server_role(ctx->auth_ctx->lp_ctx)) {
 		case ROLE_STANDALONE:
 		case ROLE_DOMAIN_MEMBER:
-			domain = lp_netbios_name(global_loadparm);
+			domain = lp_netbios_name(ctx->auth_ctx->lp_ctx);
 			break;
 
 		case ROLE_DOMAIN_CONTROLLER:
-			domain = lp_workgroup(global_loadparm);
+			domain = lp_workgroup(ctx->auth_ctx->lp_ctx);
 			break;
 
 		default:
diff --git a/source4/auth/auth_server.c b/source4/auth/auth_server.c
index 36637edd57..6502564dca 100644
--- a/source4/auth/auth_server.c
+++ b/source4/auth/auth_server.c
@@ -206,7 +206,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context
 	 * password file.
 	 */
 
-	if (lp_is_myname(global_loadparm, user_info->domain.str)) {
+	if (lp_is_myname(auth_context->lp_ctx, user_info->domain.str)) {
 		DEBUG(3,("check_smbserver_security: Requested domain was for this machine.\n"));
 		return NT_STATUS_LOGON_FAILURE;
 	}
diff --git a/source4/auth/auth_simple.c b/source4/auth/auth_simple.c
index 0b94669008..cde170482a 100644
--- a/source4/auth/auth_simple.c
+++ b/source4/auth/auth_simple.c
@@ -33,6 +33,7 @@
 _PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx,
 					   struct event_context *ev,
 					   struct messaging_context *msg,
+					   struct loadparm_context *lp_ctx,
 					   const char *nt4_domain,
 					   const char *nt4_username,
 					   const char *password,
@@ -50,7 +51,7 @@ _PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx,
 
 	nt_status = auth_context_create(tmp_ctx, 
 					ev, msg,
-					global_loadparm,
+					lp_ctx,
 					&auth_context);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		talloc_free(tmp_ctx);
diff --git a/source4/auth/auth_unix.c b/source4/auth/auth_unix.c
index 4cbe3723a8..9efbe5dc12 100644
--- a/source4/auth/auth_unix.c
+++ b/source4/auth/auth_unix.c
@@ -804,7 +804,7 @@ static NTSTATUS authunix_check_password(struct auth_method_context *ctx,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	nt_status = check_unix_password(check_ctx, global_loadparm, user_info, &pwd);
+	nt_status = check_unix_password(check_ctx, ctx->auth_ctx->lp_ctx, user_info, &pwd);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		talloc_free(check_ctx);
 		return nt_status;
diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c
index 91f0e5163c..9110fc1b97 100644
--- a/source4/auth/auth_util.c
+++ b/source4/auth/auth_util.c
@@ -138,8 +138,8 @@ NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_contex
 			}
 			
 			chall_blob = data_blob_talloc(mem_ctx, challenge, 8);
-			if (lp_client_ntlmv2_auth(global_loadparm)) {
-				DATA_BLOB names_blob = NTLMv2_generate_names_blob(mem_ctx, lp_netbios_name(global_loadparm), lp_workgroup(global_loadparm));
+			if (lp_client_ntlmv2_auth(auth_context->lp_ctx)) {
+				DATA_BLOB names_blob = NTLMv2_generate_names_blob(mem_ctx, lp_netbios_name(auth_context->lp_ctx), lp_workgroup(auth_context->lp_ctx));
 				DATA_BLOB lmv2_response, ntlmv2_response, lmv2_session_key, ntlmv2_session_key;
 				
 				if (!SMBNTLMv2encrypt_hash(user_info_temp,
@@ -163,7 +163,7 @@ NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_contex
 				SMBOWFencrypt(user_info_in->password.hash.nt->hash, challenge, blob.data);
 
 				user_info_temp->password.response.nt = blob;
-				if (lp_client_lanman_auth(global_loadparm) && user_info_in->password.hash.lanman) {
+				if (lp_client_lanman_auth(auth_context->lp_ctx) && user_info_in->password.hash.lanman) {
 					DATA_BLOB lm_blob = data_blob_talloc(mem_ctx, NULL, 24);
 					SMBOWFencrypt(user_info_in->password.hash.lanman->hash, challenge, blob.data);
 					user_info_temp->password.response.lanman = lm_blob;
diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c
index 1bb71d8fc9..77f5dfb599 100644
--- a/source4/auth/gensec/schannel_state.c
+++ b/source4/auth/gensec/schannel_state.c
@@ -32,7 +32,7 @@
 /**
   connect to the schannel ldb
 */
-struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx)
+struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
 {
 	char *path;
 	struct ldb_context *ldb;
@@ -42,14 +42,14 @@ struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx)
 		"computerName: CASE_INSENSITIVE\n" \
 		"flatname: CASE_INSENSITIVE\n";
 
-	path = smbd_tmp_path(mem_ctx, global_loadparm, "schannel.ldb");
+	path = smbd_tmp_path(mem_ctx, lp_ctx, "schannel.ldb");
 	if (!path) {
 		return NULL;
 	}
 
 	existed = file_exist(path);
 	
-	ldb = ldb_wrap_connect(mem_ctx, global_loadparm, path, 
+	ldb = ldb_wrap_connect(mem_ctx, lp_ctx, path, 
 			       system_session(mem_ctx), 
 			       NULL, LDB_FLG_NOSYNC, NULL);
 	talloc_free(path);
@@ -143,7 +143,7 @@ NTSTATUS schannel_store_session_key(TALLOC_CTX *mem_ctx,
 	NTSTATUS nt_status;
 	int ret;
 		
-	ldb = schannel_db_connect(mem_ctx);
+	ldb = schannel_db_connect(mem_ctx, global_loadparm);
 	if (!ldb) {
 		return NT_STATUS_ACCESS_DENIED;
 	}
@@ -274,7 +274,7 @@ NTSTATUS schannel_fetch_session_key(TALLOC_CTX *mem_ctx,
 	NTSTATUS nt_status;
 	struct ldb_context *ldb;
 
-	ldb = schannel_db_connect(mem_ctx);
+	ldb = schannel_db_connect(mem_ctx, global_loadparm);
 	if (!ldb) {
 		return NT_STATUS_ACCESS_DENIED;
 	}
diff --git a/source4/auth/ntlm_check.c b/source4/auth/ntlm_check.c
index 5214c46e0e..f1ea6829e0 100644
--- a/source4/auth/ntlm_check.c
+++ b/source4/auth/ntlm_check.c
@@ -219,6 +219,7 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx,
  */
 
 NTSTATUS hash_password_check(TALLOC_CTX *mem_ctx,
+			     struct loadparm_context *lp_ctx, 
 			     const struct samr_Password *client_lanman,
 			     const struct samr_Password *client_nt,
 			     const char *username, 
@@ -240,7 +241,7 @@ NTSTATUS hash_password_check(TALLOC_CTX *mem_ctx,
 		}
 
 	} else if (client_lanman && stored_lanman) {
-		if (!lp_lanman_auth(global_loadparm)) {
+		if (!lp_lanman_auth(lp_ctx)) {
 			DEBUG(3,("ntlm_password_check: Interactive logon: only LANMAN password supplied for user %s, and LM passwords are disabled!\n",
 				 username));
 			return NT_STATUS_WRONG_PASSWORD;
@@ -281,6 +282,7 @@ NTSTATUS hash_password_check(TALLOC_CTX *mem_ctx,
  */
 
 NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
+			     struct loadparm_context *lp_ctx,
 			     uint32_t logon_parameters,
 			     const DATA_BLOB *challenge,
 			     const DATA_BLOB *lm_response,
@@ -330,6 +332,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 			lm_ok = false;
 		}
 		return hash_password_check(mem_ctx, 
+					   lp_ctx,
 					   lm_ok ? &client_lm : NULL, 
 					   nt_response->length ? &client_nt : NULL, 
 					   username,  
@@ -392,7 +395,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 			DEBUG(3,("ntlm_password_check: NTLMv2 password check failed\n"));
 		}
 	} else if (nt_response->length == 24 && stored_nt) {
-		if (lp_ntlm_auth(global_loadparm)) {		
+		if (lp_ntlm_auth(lp_ctx)) {		
 			/* We have the NT MD4 hash challenge available - see if we can
 			   use it (ie. does it exist in the smbpasswd file).
 			*/
@@ -404,7 +407,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 				/* The LM session key for this response is not very secure, 
 				   so use it only if we otherwise allow LM authentication */
 				
-				if (lp_lanman_auth(global_loadparm) && stored_lanman) {
+				if (lp_lanman_auth(lp_ctx) && stored_lanman) {
 					*lm_sess_key = data_blob_talloc(mem_ctx, stored_lanman->hash, 8);
 				}
 				return NT_STATUS_OK;
@@ -432,7 +435,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 		return NT_STATUS_WRONG_PASSWORD;
 	}
 		
-	if (!lp_lanman_auth(global_loadparm)) {
+	if (!lp_lanman_auth(lp_ctx)) {
 		DEBUG(3,("ntlm_password_check: Lanman passwords NOT PERMITTED for user %s\n",
 			 username));
 	} else if (!stored_lanman) {
@@ -451,7 +454,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 			   It not very secure, so use it only if we otherwise 
 			   allow LM authentication */
 
-			if (lp_lanman_auth(global_loadparm) && stored_lanman) {
+			if (lp_lanman_auth(lp_ctx) && stored_lanman) {
 				uint8_t first_8_lm_hash[16];
 				memcpy(first_8_lm_hash, stored_lanman->hash, 8);
 				memset(first_8_lm_hash + 8, '\0', 8);
@@ -567,7 +570,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 	   - I think this is related to Win9X pass-though authentication
 	*/
 	DEBUG(4,("ntlm_password_check: Checking NT MD4 password in LM field\n"));
-	if (lp_ntlm_auth(global_loadparm)) {
+	if (lp_ntlm_auth(lp_ctx)) {
 		if (smb_pwd_check_ntlmv1(mem_ctx, 
 					 lm_response, 
 					 stored_nt->hash, challenge,
@@ -576,7 +579,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 			   It not very secure, so use it only if we otherwise 
 			   allow LM authentication */
 
-			if (lp_lanman_auth(global_loadparm) && stored_lanman) {
+			if (lp_lanman_auth(lp_ctx) && stored_lanman) {
 				uint8_t first_8_lm_hash[16];
 				memcpy(first_8_lm_hash, stored_lanman->hash, 8);
 				memset(first_8_lm_hash + 8, '\0', 8);