s4-credentials Add explicit event context handling to Kerberos calls (only)

By setting the event context to use for this operation (only) onto the krb5_context just before we call that operation, we can try and emulate the specification of an event context to the actual send_to_kdc() This eliminates the specification of an event context to many other cli_credentials calls, and the last use of event_context_find() Special care is taken to restore the event context in the event of nesting in the send_to_kdc function. Andrew Bartlett
author: Andrew Bartlett <abartlet@samba.org> 2010-10-11 16:53:08 +1100
committer: Andrew Bartlett <abartlet@samba.org> 2010-10-11 13:02:16 +0000
commit: 42127cdbb040a260c2c745e9114b600f2186794a (patch)
tree: 348783a93d8fd3efe162470678ae1cc128edb6f6 /source4/auth/credentials
parent: 5cd9495fb3f74d8e896c81e5c060a1643722870e (diff)
download: samba-42127cdbb040a260c2c745e9114b600f2186794a.tar.gz
samba-42127cdbb040a260c2c745e9114b600f2186794a.tar.bz2
samba-42127cdbb040a260c2c745e9114b600f2186794a.zip
5 files changed, 24 insertions, 42 deletions
diff --git a/source4/auth/credentials/credentials.c b/source4/auth/credentials/credentials.c
index 2bd041450c..21ee987852 100644
--- a/source4/auth/credentials/credentials.c
+++ b/source4/auth/credentials/credentials.c
@@ -727,7 +727,7 @@ _PUBLIC_ void cli_credentials_guess(struct cli_credentials *cred,
 	}
 	
 	if (cli_credentials_get_kerberos_state(cred) != CRED_DONT_USE_KERBEROS) {
-		cli_credentials_set_ccache(cred, event_context_find(cred), lp_ctx, NULL, CRED_GUESS_FILE,
+		cli_credentials_set_ccache(cred, lp_ctx, NULL, CRED_GUESS_FILE,
 					   &error_string);
 	}
 }
diff --git a/source4/auth/credentials/credentials.h b/source4/auth/credentials/credentials.h
index a468624b1f..0b0de59752 100644
--- a/source4/auth/credentials/credentials.h
+++ b/source4/auth/credentials/credentials.h
@@ -168,7 +168,6 @@ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_
 const char *cli_credentials_get_realm(struct cli_credentials *cred);
 const char *cli_credentials_get_username(struct cli_credentials *cred);
 int cli_credentials_get_krb5_context(struct cli_credentials *cred, 
-				     struct tevent_context *event_ctx,
 				     struct loadparm_context *lp_ctx,
 				     struct smb_krb5_context **smb_krb5_context);
 int cli_credentials_get_ccache(struct cli_credentials *cred, 
@@ -182,7 +181,6 @@ int cli_credentials_get_named_ccache(struct cli_credentials *cred,
 				     char *ccache_name,
 				     struct ccache_container **ccc, const char **error_string);
 int cli_credentials_get_keytab(struct cli_credentials *cred, 
-			       struct tevent_context *event_ctx,
 			       struct loadparm_context *lp_ctx,
 			       struct keytab_container **_ktc);
 const char *cli_credentials_get_domain(struct cli_credentials *cred);
@@ -193,7 +191,6 @@ void cli_credentials_set_conf(struct cli_credentials *cred,
 			      struct loadparm_context *lp_ctx);
 const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx);
 int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, 
-					 struct tevent_context *event_ctx,
 					 struct loadparm_context *lp_ctx,
 					 struct gssapi_creds_container **_gcc);
 int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, 
@@ -238,7 +235,6 @@ void cli_credentials_set_netlogon_creds(struct cli_credentials *cred,
 NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred, 
 					  struct smb_krb5_context *smb_krb5_context);
 NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
-					      struct tevent_context *event_ctx,
 					      struct loadparm_context *lp_ctx,
 					      const char *serviceprincipal);
 NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred,
@@ -265,14 +261,12 @@ bool cli_credentials_set_ntlm_response(struct cli_credentials *cred,
 				       const DATA_BLOB *nt_response, 
 				       enum credentials_obtained obtained);
 int cli_credentials_set_keytab_name(struct cli_credentials *cred, 
-				    struct tevent_context *event_ctx,
 				    struct loadparm_context *lp_ctx,
 				    const char *keytab_name, 
 				    enum credentials_obtained obtained);
 void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features);
 uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds);
 int cli_credentials_set_ccache(struct cli_credentials *cred, 
-			       struct tevent_context *event_ctx,
 			       struct loadparm_context *lp_ctx,
 			       const char *name, 
 			       enum credentials_obtained obtained,
@@ -291,7 +285,6 @@ const char *cli_credentials_get_target_service(struct cli_credentials *cred);
 enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds);
 enum credentials_krb_forwardable cli_credentials_get_krb_forwardable(struct cli_credentials *creds);
 NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, 
-				     struct tevent_context *event_ctx,
 				     struct loadparm_context *lp_ctx,
 				     struct ldb_context *ldb,
 				     const char *base,
diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c
index c678b80f87..fb4b440281 100644
--- a/source4/auth/credentials/credentials_krb5.c
+++ b/source4/auth/credentials/credentials_krb5.c
@@ -32,7 +32,6 @@
 #include "param/param.h"
 
 _PUBLIC_ int cli_credentials_get_krb5_context(struct cli_credentials *cred, 
-					      struct tevent_context *event_ctx,
 				     struct loadparm_context *lp_ctx,
 				     struct smb_krb5_context **smb_krb5_context) 
 {
@@ -42,7 +41,7 @@ _PUBLIC_ int cli_credentials_get_krb5_context(struct cli_credentials *cred,
 		return 0;
 	}
 
-	ret = smb_krb5_init_context(cred, event_ctx, lp_ctx,
+	ret = smb_krb5_init_context(cred, NULL, lp_ctx,
 				    &cred->smb_krb5_context);
 	if (ret) {
 		cred->smb_krb5_context = NULL;
@@ -126,7 +125,6 @@ static int free_dccache(struct ccache_container *ccc) {
 }
 
 _PUBLIC_ int cli_credentials_set_ccache(struct cli_credentials *cred, 
-					struct tevent_context *event_ctx,
 					struct loadparm_context *lp_ctx,
 					const char *name,
 					enum credentials_obtained obtained,
@@ -145,7 +143,7 @@ _PUBLIC_ int cli_credentials_set_ccache(struct cli_credentials *cred,
 		return ENOMEM;
 	}
 
-	ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx,
+	ret = cli_credentials_get_krb5_context(cred, lp_ctx,
 					       &ccc->smb_krb5_context);
 	if (ret) {
 		(*error_string) = error_message(ret);
@@ -204,7 +202,6 @@ _PUBLIC_ int cli_credentials_set_ccache(struct cli_credentials *cred,
 
 
 static int cli_credentials_new_ccache(struct cli_credentials *cred, 
-				      struct tevent_context *event_ctx,
 				      struct loadparm_context *lp_ctx,
 				      char *ccache_name,
 				      struct ccache_container **_ccc,
@@ -217,7 +214,7 @@ static int cli_credentials_new_ccache(struct cli_credentials *cred,
 		return ENOMEM;
 	}
 
-	ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx,
+	ret = cli_credentials_get_krb5_context(cred, lp_ctx,
 					       &ccc->smb_krb5_context);
 	if (ret) {
 		talloc_free(ccc);
@@ -294,12 +291,12 @@ _PUBLIC_ int cli_credentials_get_named_ccache(struct cli_credentials *cred,
 		return EINVAL;
 	}
 
-	ret = cli_credentials_new_ccache(cred, event_ctx, lp_ctx, ccache_name, ccc, error_string);
+	ret = cli_credentials_new_ccache(cred, lp_ctx, ccache_name, ccc, error_string);
 	if (ret) {
 		return ret;
 	}
 
-	ret = kinit_to_ccache(cred, cred, (*ccc)->smb_krb5_context, (*ccc)->ccache, &obtained, error_string);
+	ret = kinit_to_ccache(cred, cred, (*ccc)->smb_krb5_context, event_ctx, (*ccc)->ccache, &obtained, error_string);
 	if (ret) {
 		return ret;
 	}
@@ -529,7 +526,6 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
 */
 
  int cli_credentials_set_client_gss_creds(struct cli_credentials *cred, 
-					  struct tevent_context *event_ctx,
 					  struct loadparm_context *lp_ctx,
 					  gss_cred_id_t gssapi_cred,
 					  enum credentials_obtained obtained,
@@ -549,7 +545,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
 		return ENOMEM;
 	}
 
-	ret = cli_credentials_new_ccache(cred, event_ctx, lp_ctx, NULL, &ccc, error_string);
+	ret = cli_credentials_new_ccache(cred, lp_ctx, NULL, &ccc, error_string);
 	if (ret != 0) {
 		return ret;
 	}
@@ -589,9 +585,8 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
  * it will be generated from the password.
  */
 _PUBLIC_ int cli_credentials_get_keytab(struct cli_credentials *cred, 
-					struct tevent_context *event_ctx,
-			       struct loadparm_context *lp_ctx,
-			       struct keytab_container **_ktc)
+					struct loadparm_context *lp_ctx,
+					struct keytab_container **_ktc)
 {
 	krb5_error_code ret;
 	struct keytab_container *ktc;
@@ -608,7 +603,7 @@ _PUBLIC_ int cli_credentials_get_keytab(struct cli_credentials *cred,
 		return EINVAL;
 	}
 
-	ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx,
+	ret = cli_credentials_get_krb5_context(cred, lp_ctx,
 					       &smb_krb5_context);
 	if (ret) {
 		return ret;
@@ -640,10 +635,9 @@ _PUBLIC_ int cli_credentials_get_keytab(struct cli_credentials *cred,
  * FILE:/etc/krb5.keytab), open it and attach it */
 
 _PUBLIC_ int cli_credentials_set_keytab_name(struct cli_credentials *cred, 
-					     struct tevent_context *event_ctx,
-				    struct loadparm_context *lp_ctx,
-				    const char *keytab_name, 
-				    enum credentials_obtained obtained) 
+					     struct loadparm_context *lp_ctx,
+					     const char *keytab_name,
+					     enum credentials_obtained obtained)
 {
 	krb5_error_code ret;
 	struct keytab_container *ktc;
@@ -654,7 +648,7 @@ _PUBLIC_ int cli_credentials_set_keytab_name(struct cli_credentials *cred,
 		return 0;
 	}
 
-	ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx, &smb_krb5_context);
+	ret = cli_credentials_get_krb5_context(cred, lp_ctx, &smb_krb5_context);
 	if (ret) {
 		return ret;
 	}
@@ -682,9 +676,8 @@ _PUBLIC_ int cli_credentials_set_keytab_name(struct cli_credentials *cred,
 /* Get server gss credentials (in gsskrb5, this means the keytab) */
 
 _PUBLIC_ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, 
-						  struct tevent_context *event_ctx,
-					 struct loadparm_context *lp_ctx,
-					 struct gssapi_creds_container **_gcc) 
+						  struct loadparm_context *lp_ctx,
+						  struct gssapi_creds_container **_gcc)
 {
 	int ret = 0;
 	OM_uint32 maj_stat, min_stat;
@@ -701,7 +694,7 @@ _PUBLIC_ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
 		return ENOMEM;
 	}
 
-	ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx, &smb_krb5_context);
+	ret = cli_credentials_get_krb5_context(cred, lp_ctx, &smb_krb5_context);
 	if (ret) {
 		return ret;
 	}
@@ -720,7 +713,7 @@ _PUBLIC_ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
 		return 0;
 	}
 
-	ret = cli_credentials_get_keytab(cred, event_ctx, lp_ctx, &ktc);
+	ret = cli_credentials_get_keytab(cred, lp_ctx, &ktc);
 	if (ret) {
 		DEBUG(1, ("Failed to get keytab for GSSAPI server: %s\n", error_message(ret)));
 		return ret;
diff --git a/source4/auth/credentials/credentials_krb5.h b/source4/auth/credentials/credentials_krb5.h
index 1630b210db..36bf03d5eb 100644
--- a/source4/auth/credentials/credentials_krb5.h
+++ b/source4/auth/credentials/credentials_krb5.h
@@ -33,7 +33,6 @@ struct gssapi_creds_container {
 
 /* Manually prototyped here to avoid needing gss headers in most callers */
 int cli_credentials_set_client_gss_creds(struct cli_credentials *cred, 
-					 struct tevent_context *event_ctx,
 					 struct loadparm_context *lp_ctx,
 					 gss_cred_id_t gssapi_cred,
 					 enum credentials_obtained obtained,
diff --git a/source4/auth/credentials/credentials_secrets.c b/source4/auth/credentials/credentials_secrets.c
index 9ffc39c0c3..0f30dc5e1b 100644
--- a/source4/auth/credentials/credentials_secrets.c
+++ b/source4/auth/credentials/credentials_secrets.c
@@ -42,7 +42,6 @@
  * @retval NTSTATUS error detailing any failure
  */
 _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, 
-					      struct tevent_context *event_ctx,
 					      struct loadparm_context *lp_ctx,
 					      struct ldb_context *ldb,
 					      const char *base,
@@ -180,7 +179,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
 	 * (chewing CPU time) from the password */
 	keytab = keytab_name_from_msg(cred, ldb, msg);
 	if (keytab) {
-		cli_credentials_set_keytab_name(cred, event_ctx, lp_ctx, keytab, CRED_SPECIFIED);
+		cli_credentials_set_keytab_name(cred, lp_ctx, keytab, CRED_SPECIFIED);
 		talloc_free(keytab);
 	}
 	talloc_free(mem_ctx);
@@ -205,9 +204,9 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
 	 * any more */
 	cred->machine_account_pending = false;
 	filter = talloc_asprintf(cred, SECRETS_PRIMARY_DOMAIN_FILTER, 
-				       cli_credentials_get_domain(cred));
-	status = cli_credentials_set_secrets(cred, event_context_find(cred), lp_ctx, NULL,
-					   SECRETS_PRIMARY_DOMAIN_DN,
+				 cli_credentials_get_domain(cred));
+	status = cli_credentials_set_secrets(cred, lp_ctx, NULL,
+					     SECRETS_PRIMARY_DOMAIN_DN,
 					     filter, &error_string);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(1, ("Could not find machine account in secrets database: %s: %s", nt_errstr(status), error_string));
@@ -223,7 +222,6 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
  * @retval NTSTATUS error detailing any failure
  */
 NTSTATUS cli_credentials_set_krbtgt(struct cli_credentials *cred,
-			            struct tevent_context *event_ctx,
 				    struct loadparm_context *lp_ctx)
 {
 	NTSTATUS status;
@@ -236,7 +234,7 @@ NTSTATUS cli_credentials_set_krbtgt(struct cli_credentials *cred,
 	filter = talloc_asprintf(cred, SECRETS_KRBTGT_SEARCH,
 				       cli_credentials_get_realm(cred),
 				       cli_credentials_get_domain(cred));
-	status = cli_credentials_set_secrets(cred, event_ctx, lp_ctx, NULL,
+	status = cli_credentials_set_secrets(cred, lp_ctx, NULL,
 					     SECRETS_PRINCIPALS_DN,
 					     filter, &error_string);
 	if (!NT_STATUS_IS_OK(status)) {
@@ -253,7 +251,6 @@ NTSTATUS cli_credentials_set_krbtgt(struct cli_credentials *cred,
  * @retval NTSTATUS error detailing any failure
  */
 _PUBLIC_ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
-						       struct tevent_context *event_ctx,
 					      struct loadparm_context *lp_ctx,
 					      const char *serviceprincipal)
 {
@@ -268,7 +265,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *c
 				 cli_credentials_get_realm(cred),
 				 cli_credentials_get_domain(cred),
 				 serviceprincipal);
-	status = cli_credentials_set_secrets(cred, event_ctx, lp_ctx, NULL,
+	status = cli_credentials_set_secrets(cred, lp_ctx, NULL,
 					     SECRETS_PRINCIPALS_DN, filter,
 					     &error_string);
 	if (!NT_STATUS_IS_OK(status)) {
author	Andrew Bartlett <abartlet@samba.org>	2010-10-11 16:53:08 +1100
committer	Andrew Bartlett <abartlet@samba.org>	2010-10-11 13:02:16 +0000
commit	42127cdbb040a260c2c745e9114b600f2186794a (patch)
tree	348783a93d8fd3efe162470678ae1cc128edb6f6 /source4/auth/credentials
parent	5cd9495fb3f74d8e896c81e5c060a1643722870e (diff)
download	samba-42127cdbb040a260c2c745e9114b600f2186794a.tar.gz samba-42127cdbb040a260c2c745e9114b600f2186794a.tar.bz2 samba-42127cdbb040a260c2c745e9114b600f2186794a.zip