3 files changed, 16 insertions, 9 deletions

diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c
index 51726a03c3..ff226e5b46 100644
--- a/source4/kdc/hdb-ldb.c
+++ b/source4/kdc/hdb-ldb.c
@@ -180,6 +180,7 @@ static void hdb_ldb_free_entry(krb5_context context, hdb_entry_ex *entry_ex)
 }
 
 static krb5_error_code LDB_message2entry_keys(krb5_context context,
+					      struct smb_iconv_convenience *iconv_convenience,
 					      TALLOC_CTX *mem_ctx,
 					      struct ldb_message *msg,
 					      unsigned int userAccountControl,
@@ -213,7 +214,7 @@ static krb5_error_code LDB_message2entry_keys(krb5_context context,
 
 	/* supplementalCredentials if present */
 	if (sc_val) {
-		ndr_err = ndr_pull_struct_blob_all(sc_val, mem_ctx, lp_iconv_convenience(global_loadparm), &scb,
+		ndr_err = ndr_pull_struct_blob_all(sc_val, mem_ctx, iconv_convenience, &scb,
 						   (ndr_pull_flags_fn_t)ndr_pull_supplementalCredentialsBlob);
 		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 			dump_data(0, sc_val->data, sc_val->length);
@@ -250,7 +251,7 @@ static krb5_error_code LDB_message2entry_keys(krb5_context context,
 		talloc_steal(mem_ctx, blob.data);
 
 		/* TODO: use ndr_pull_struct_blob_all(), when the ndr layer handles it correct with relative pointers */
-		ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, lp_iconv_convenience(global_loadparm), &_pkb,
+		ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, iconv_convenience, &_pkb,
 					       (ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob);
 		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 			krb5_set_error_string(context, "LDB_message2entry_keys: could not parse package_PrimaryKerberosBlob");
@@ -393,6 +394,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
 	krb5_boolean is_computer = FALSE;
 	const char *dnsdomain = ldb_msg_find_attr_as_string(realm_ref_msg, "dnsRoot", NULL);
 	char *realm = strupper_talloc(mem_ctx, dnsdomain);
+	struct loadparm_context *lp_ctx = ldb_get_opaque((struct ldb_context *)db->hdb_db, "loadparm");
 	struct ldb_dn *domain_dn = samdb_result_dn((struct ldb_context *)db->hdb_db,
 							mem_ctx,
 							realm_ref_msg,
@@ -428,6 +430,8 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
 	}
 
 	private->entry_ex = entry_ex;
+	private->iconv_convenience = lp_iconv_convenience(lp_ctx);
+	private->netbios_name = lp_netbios_name(lp_ctx);
 
 	talloc_set_destructor(private, hdb_ldb_destrutor);
 
@@ -481,7 +485,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
 		entry_ex->entry.flags.ok_as_delegate = 1;
 	}
 
-	if (lp_parm_bool(global_loadparm, NULL, "kdc", "require spn for service", true)) {
+	if (lp_parm_bool(lp_ctx, NULL, "kdc", "require spn for service", true)) {
 		if (!is_computer && !ldb_msg_find_attr_as_string(msg, "servicePrincipalName", NULL)) {
 			entry_ex->entry.flags.server = 0;
 		}
@@ -544,7 +548,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
 	entry_ex->entry.generation = NULL;
 
 	/* Get keys from the db */
-	ret = LDB_message2entry_keys(context, private, msg, userAccountControl, entry_ex);
+	ret = LDB_message2entry_keys(context, private->iconv_convenience, private, msg, userAccountControl, entry_ex);
 	if (ret) {
 		/* Could be bougus data in the entry, or out of memory */
 		goto out;
diff --git a/source4/kdc/kdc.h b/source4/kdc/kdc.h
index 9d031b8f7d..3a1f9bd34e 100644
--- a/source4/kdc/kdc.h
+++ b/source4/kdc/kdc.h
@@ -51,7 +51,9 @@ struct kdc_server {
 
 struct hdb_ldb_private {
 	struct ldb_context *samdb;
+	struct smb_iconv_convenience *iconv_convenience;
 	struct ldb_message *msg;
 	struct ldb_message *realm_ref_msg;
 	hdb_entry_ex *entry_ex;
+	const char *netbios_name;
 };
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 5f3a718abd..a99cf6ded8 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -47,6 +47,7 @@ void	samba_kdc_plugin_fini(void *ptr)
 
 static krb5_error_code make_pac(krb5_context context,
 				TALLOC_CTX *mem_ctx, 
+				struct smb_iconv_convenience *iconv_convenience,
 				struct auth_serversupplied_info *server_info,
 				krb5_pac *pac) 
 {
@@ -73,7 +74,7 @@ static krb5_error_code make_pac(krb5_context context,
 
 	logon_info.info->info3 = *info3;
 
-	ndr_err = ndr_push_struct_blob(&pac_out, mem_ctx, lp_iconv_convenience(global_loadparm), &logon_info,
+	ndr_err = ndr_push_struct_blob(&pac_out, mem_ctx, iconv_convenience, &logon_info,
 				       (ndr_push_flags_fn_t)ndr_push_PAC_LOGON_INFO_CTR);
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 		nt_status = ndr_map_error2ntstatus(ndr_err);
@@ -126,7 +127,7 @@ krb5_error_code samba_kdc_get_pac(void *priv,
 	}
 
 	nt_status = authsam_make_server_info(mem_ctx, private->samdb, 
-					     lp_netbios_name(global_loadparm),
+					     private->netbios_name,
 					     private->msg, 
 					     private->realm_ref_msg,
 					     data_blob(NULL, 0),
@@ -138,7 +139,7 @@ krb5_error_code samba_kdc_get_pac(void *priv,
 		return ENOMEM;
 	}
 
-	ret = make_pac(context, mem_ctx, server_info, pac);
+	ret = make_pac(context, mem_ctx, private->iconv_convenience, server_info, pac);
 
 	talloc_free(mem_ctx);
 	return ret;
@@ -190,7 +191,7 @@ krb5_error_code samba_kdc_reget_pac(void *priv, krb5_context context,
 		return ENOMEM;
 	}
 		
-	ndr_err = ndr_pull_struct_blob(&pac_in, mem_ctx, lp_iconv_convenience(global_loadparm), &logon_info,
+	ndr_err = ndr_pull_struct_blob(&pac_in, mem_ctx, private->iconv_convenience, &logon_info,
 				       (ndr_pull_flags_fn_t)ndr_pull_PAC_LOGON_INFO_CTR);
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err) || !logon_info.info) {
 		nt_status = ndr_map_error2ntstatus(ndr_err);
@@ -213,7 +214,7 @@ krb5_error_code samba_kdc_reget_pac(void *priv, krb5_context context,
 	/* We will compleatly regenerate this pac */
 	krb5_pac_free(context, *pac);
 
-	ret = make_pac(context, mem_ctx, server_info_out, pac);
+	ret = make_pac(context, mem_ctx, private->iconv_convenience, server_info_out, pac);
 
 	talloc_free(mem_ctx);
 	return ret;