diff options
author | Andrew Bartlett <abartlet@samba.org> | 2010-10-11 16:53:08 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2010-10-11 13:02:16 +0000 |
commit | 42127cdbb040a260c2c745e9114b600f2186794a (patch) | |
tree | 348783a93d8fd3efe162470678ae1cc128edb6f6 /source4/auth/gensec/gensec_krb5.c | |
parent | 5cd9495fb3f74d8e896c81e5c060a1643722870e (diff) | |
download | samba-42127cdbb040a260c2c745e9114b600f2186794a.tar.gz samba-42127cdbb040a260c2c745e9114b600f2186794a.tar.bz2 samba-42127cdbb040a260c2c745e9114b600f2186794a.zip |
s4-credentials Add explicit event context handling to Kerberos calls (only)
By setting the event context to use for this operation (only) onto
the krb5_context just before we call that operation, we can try
and emulate the specification of an event context to the actual send_to_kdc()
This eliminates the specification of an event context to many other
cli_credentials calls, and the last use of event_context_find()
Special care is taken to restore the event context in the event of
nesting in the send_to_kdc function.
Andrew Bartlett
Diffstat (limited to 'source4/auth/gensec/gensec_krb5.c')
-rw-r--r-- | source4/auth/gensec/gensec_krb5.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index a0d880f5b2..345ef361ed 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -119,7 +119,6 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security, bool talloc_set_destructor(gensec_krb5_state, gensec_krb5_destroy); if (cli_credentials_get_krb5_context(creds, - gensec_security->event_ctx, gensec_security->settings->lp_ctx, &gensec_krb5_state->smb_krb5_context)) { talloc_free(gensec_krb5_state); return NT_STATUS_INTERNAL_ERROR; @@ -240,6 +239,7 @@ static NTSTATUS gensec_krb5_common_client_start(struct gensec_security *gensec_s const char *error_string; const char *principal; krb5_data in_data; + struct tevent_context *previous_ev; hostname = gensec_get_target_hostname(gensec_security); if (!hostname) { @@ -299,6 +299,12 @@ static NTSTATUS gensec_krb5_common_client_start(struct gensec_security *gensec_s } in_data.length = 0; + /* Do this every time, in case we have weird recursive issues here */ + ret = smb_krb5_context_set_event_ctx(gensec_krb5_state->smb_krb5_context, gensec_security->event_ctx, &previous_ev); + if (ret != 0) { + DEBUG(1, ("gensec_krb5_start: Setting event context failed\n")); + return NT_STATUS_NO_MEMORY; + } if (principal) { krb5_principal target_principal; ret = krb5_parse_name(gensec_krb5_state->smb_krb5_context->krb5_context, principal, @@ -322,6 +328,9 @@ static NTSTATUS gensec_krb5_common_client_start(struct gensec_security *gensec_s &in_data, ccache_container->ccache, &gensec_krb5_state->enc_ticket); } + + smb_krb5_context_remove_event_ctx(gensec_krb5_state->smb_krb5_context, previous_ev, gensec_security->event_ctx); + switch (ret) { case 0: return NT_STATUS_OK; @@ -488,7 +497,6 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, /* Grab the keytab, however generated */ ret = cli_credentials_get_keytab(gensec_get_credentials(gensec_security), - gensec_security->event_ctx, gensec_security->settings->lp_ctx, &keytab); if (ret) { return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; |