gensec: move event context from gensec_*_init() to gensec_update()

This avoids keeping the event context around on a the gensec_security context structure long term. In the Samba3 server, the event context we either supply is a NULL pointer as no server-side modules currently use the event context. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
author: Andrew Bartlett <abartlet@samba.org> 2011-10-17 09:22:33 +0200
committer: Andrew Bartlett <abartlet@samba.org> 2011-10-18 13:13:33 +1100
commit: e7d5f0a357c42593a015b80390dedf920117a7e2 (patch)
tree: a4fa1a53f0294607b4abeb6f389ce719502fe849 /source4/auth
parent: 0f2b27e7d428e75b8e6079ee5f36a0cccd4d1785 (diff)
download: samba-e7d5f0a357c42593a015b80390dedf920117a7e2.tar.gz
samba-e7d5f0a357c42593a015b80390dedf920117a7e2.tar.bz2
samba-e7d5f0a357c42593a015b80390dedf920117a7e2.zip
7 files changed, 49 insertions, 42 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 564c20cb48..55c2970d5a 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -267,7 +267,8 @@ static NTSTATUS gensec_gssapi_sasl_server_start(struct gensec_security *gensec_s
 	return nt_status;
 }
 
-static NTSTATUS gensec_gssapi_client_creds(struct gensec_security *gensec_security)
+static NTSTATUS gensec_gssapi_client_creds(struct gensec_security *gensec_security,
+					   struct tevent_context *ev)
 {
 	struct gensec_gssapi_state *gensec_gssapi_state;
 	struct gssapi_creds_container *gcc;
@@ -283,8 +284,8 @@ static NTSTATUS gensec_gssapi_client_creds(struct gensec_security *gensec_securi
 	}
 
 	ret = cli_credentials_get_client_gss_creds(creds,
-						       gensec_security->event_ctx,
-						       gensec_security->settings->lp_ctx, &gcc, &error_string);
+						   ev,
+						   gensec_security->settings->lp_ctx, &gcc, &error_string);
 	switch (ret) {
 	case 0:
 		break;
@@ -423,8 +424,9 @@ static NTSTATUS gensec_gssapi_magic(struct gensec_security *gensec_security,
  */
 
 static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security, 
-				   TALLOC_CTX *out_mem_ctx, 
-				   const DATA_BLOB in, DATA_BLOB *out) 
+				     TALLOC_CTX *out_mem_ctx,
+				     struct tevent_context *ev,
+				     const DATA_BLOB in, DATA_BLOB *out)
 {
 	struct gensec_gssapi_state *gensec_gssapi_state
 		= talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
@@ -445,13 +447,13 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security,
 			struct gsskrb5_send_to_kdc send_to_kdc;
 			krb5_error_code ret;
 
-			nt_status = gensec_gssapi_client_creds(gensec_security);
+			nt_status = gensec_gssapi_client_creds(gensec_security, ev);
 			if (!NT_STATUS_IS_OK(nt_status)) {
 				return nt_status;
 			}
 
 			send_to_kdc.func = smb_krb5_send_and_recv_func;
-			send_to_kdc.ptr = gensec_security->event_ctx;
+			send_to_kdc.ptr = ev;
 
 			min_stat = gsskrb5_set_send_to_kdc(&send_to_kdc);
 			if (min_stat) {
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index f17245ccec..2a3bd22d32 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -272,7 +272,9 @@ static NTSTATUS gensec_krb5_common_client_start(struct gensec_security *gensec_s
 	return NT_STATUS_OK;
 }
 
-static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_security, bool gssapi)
+static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_security,
+						struct tevent_context *ev,
+						bool gssapi)
 {
 	struct gensec_krb5_state *gensec_krb5_state;
 	krb5_error_code ret;
@@ -289,7 +291,7 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s
 	hostname = gensec_get_target_hostname(gensec_security);
 
 	ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security), 
-				         gensec_security->event_ctx, 
+				         ev,
 					 gensec_security->settings->lp_ctx, &ccache_container, &error_string);
 	switch (ret) {
 	case 0:
@@ -311,7 +313,7 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s
 	in_data.length = 0;
 	
 	/* Do this every time, in case we have weird recursive issues here */
-	ret = smb_krb5_context_set_event_ctx(gensec_krb5_state->smb_krb5_context, gensec_security->event_ctx, &previous_ev);
+	ret = smb_krb5_context_set_event_ctx(gensec_krb5_state->smb_krb5_context, ev, &previous_ev);
 	if (ret != 0) {
 		DEBUG(1, ("gensec_krb5_start: Setting event context failed\n"));
 		return NT_STATUS_NO_MEMORY;
@@ -340,7 +342,7 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s
 				  &gensec_krb5_state->enc_ticket);
 	}
 
-	smb_krb5_context_remove_event_ctx(gensec_krb5_state->smb_krb5_context, previous_ev, gensec_security->event_ctx);
+	smb_krb5_context_remove_event_ctx(gensec_krb5_state->smb_krb5_context, previous_ev, ev);
 
 	switch (ret) {
 	case 0:
@@ -423,6 +425,7 @@ static NTSTATUS gensec_fake_gssapi_krb5_magic(struct gensec_security *gensec_sec
 
 static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, 
 				   TALLOC_CTX *out_mem_ctx, 
+				   struct tevent_context *ev,
 				   const DATA_BLOB in, DATA_BLOB *out) 
 {
 	struct gensec_krb5_state *gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
@@ -434,7 +437,7 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security,
 	{
 		DATA_BLOB unwrapped_out;
 		
-		nt_status = gensec_krb5_common_client_creds(gensec_security, gensec_krb5_state->gssapi);
+		nt_status = gensec_krb5_common_client_creds(gensec_security, ev, gensec_krb5_state->gssapi);
 		if (!NT_STATUS_IS_OK(nt_status)) {
 			return nt_status;
 		}
diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c
index d7cbea6f57..858cbe915e 100644
--- a/source4/auth/gensec/pygensec.c
+++ b/source4/auth/gensec/pygensec.c
@@ -82,7 +82,6 @@ static PyObject *py_gensec_start_client(PyTypeObject *type, PyObject *args, PyOb
 	struct gensec_settings *settings;
 	const char *kwnames[] = { "settings", NULL };
 	PyObject *py_settings;
-	struct tevent_context *ev;
 	struct gensec_security *gensec;
 
 	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|O", discard_const_p(char *, kwnames), &py_settings))
@@ -120,13 +119,6 @@ static PyObject *py_gensec_start_client(PyTypeObject *type, PyObject *args, PyOb
 		}
 	}
 
-	ev = tevent_context_init(self->talloc_ctx);
-	if (ev == NULL) {
-		PyErr_NoMemory();
-		PyObject_Del(self);
-		return NULL;
-	}
-
 	status = gensec_init();
 	if (!NT_STATUS_IS_OK(status)) {
 		PyErr_SetNTSTATUS(status);
@@ -134,7 +126,7 @@ static PyObject *py_gensec_start_client(PyTypeObject *type, PyObject *args, PyOb
 		return NULL;
 	}
 
-	status = gensec_client_start(self->talloc_ctx, &gensec, ev, settings);
+	status = gensec_client_start(self->talloc_ctx, &gensec, settings);
 	if (!NT_STATUS_IS_OK(status)) {
 		PyErr_SetNTSTATUS(status);
 		PyObject_DEL(self);
@@ -154,7 +146,6 @@ static PyObject *py_gensec_start_server(PyTypeObject *type, PyObject *args, PyOb
 	const char *kwnames[] = { "settings", "auth_context", NULL };
 	PyObject *py_settings = Py_None;
 	PyObject *py_auth_context = Py_None;
-	struct tevent_context *ev;
 	struct gensec_security *gensec;
 	struct auth4_context *auth_context = NULL;
 
@@ -193,13 +184,6 @@ static PyObject *py_gensec_start_server(PyTypeObject *type, PyObject *args, PyOb
 		}
 	}
 
-	ev = tevent_context_init(self->talloc_ctx);
-	if (ev == NULL) {
-		PyErr_NoMemory();
-		PyObject_Del(self);
-		return NULL;
-	}
-
 	if (py_auth_context != Py_None) {
 		auth_context = pytalloc_get_type(py_auth_context, struct auth4_context);
 		if (!auth_context) {
@@ -217,7 +201,7 @@ static PyObject *py_gensec_start_server(PyTypeObject *type, PyObject *args, PyOb
 		return NULL;
 	}
 
-	status = gensec_server_start(self->talloc_ctx, ev, settings, auth_context, &gensec);
+	status = gensec_server_start(self->talloc_ctx, settings, auth_context, &gensec);
 	if (!NT_STATUS_IS_OK(status)) {
 		PyErr_SetNTSTATUS(status);
 		PyObject_DEL(self);
@@ -368,6 +352,7 @@ static PyObject *py_gensec_update(PyObject *self, PyObject *args)
 	PyObject *ret, *py_in;
 	struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
 	PyObject *finished_processing;
+	struct tevent_context *ev;
 
 	if (!PyArg_ParseTuple(args, "O", &py_in))
 		return NULL;
@@ -382,7 +367,14 @@ static PyObject *py_gensec_update(PyObject *self, PyObject *args)
 	in.data = (uint8_t *)PyString_AsString(py_in);
 	in.length = PyString_Size(py_in);
 
-	status = gensec_update(security, mem_ctx, in, &out);
+	ev = tevent_context_init(mem_ctx);
+	if (ev == NULL) {
+		PyErr_NoMemory();
+		PyObject_Del(self);
+		return NULL;
+	}
+
+	status = gensec_update(security, mem_ctx, ev, in, &out);
 
 	if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)
 	    && !NT_STATUS_IS_OK(status)) {
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
index f947d45596..51be445dbb 100644
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -52,7 +52,8 @@ static NTSTATUS schannel_session_key(struct gensec_security *gensec_security,
 }
 
 static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
-				       const DATA_BLOB in, DATA_BLOB *out)
+				struct tevent_context *ev,
+				const DATA_BLOB in, DATA_BLOB *out)
 {
 	struct schannel_state *state = (struct schannel_state *)gensec_security->private_data;
 	NTSTATUS status;
diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c
index 281b954210..fd3caaad87 100644
--- a/source4/auth/gensec/spnego.c
+++ b/source4/auth/gensec/spnego.c
@@ -331,6 +331,7 @@ static NTSTATUS gensec_spnego_session_info(struct gensec_security *gensec_securi
 
 static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec_security, 
 						  struct spnego_state *spnego_state,
+						  struct tevent_context *ev,
 						  TALLOC_CTX *out_mem_ctx, 
 						  const DATA_BLOB in, DATA_BLOB *out) 
 {
@@ -384,7 +385,7 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec
 			return nt_status;
 		}
 		nt_status = gensec_update(spnego_state->sub_sec_security,
-					  out_mem_ctx, in, out);
+					  ev, out_mem_ctx, in, out);
 		return nt_status;
 	}
 	DEBUG(1, ("Failed to parse SPNEGO request\n"));
@@ -400,6 +401,7 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec
 static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_security,
 						 struct spnego_state *spnego_state, 
 						 TALLOC_CTX *out_mem_ctx, 
+						 struct tevent_context *ev,
 						 const char **mechType,
 						 const DATA_BLOB unwrapped_in, DATA_BLOB *unwrapped_out) 
 {
@@ -451,6 +453,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_
 
 				nt_status = gensec_update(spnego_state->sub_sec_security,
 							  out_mem_ctx, 
+							  ev,
 							  unwrapped_in,
 							  unwrapped_out);
 				if (NT_STATUS_EQUAL(nt_status, NT_STATUS_INVALID_PARAMETER) || 
@@ -504,6 +507,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_
 			/* only get the helping start blob for the first OID */
 			nt_status = gensec_update(spnego_state->sub_sec_security,
 						  out_mem_ctx, 
+						  ev,
 						  null_data_blob, 
 						  unwrapped_out);
 
@@ -579,6 +583,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_
 static NTSTATUS gensec_spnego_create_negTokenInit(struct gensec_security *gensec_security, 
 						  struct spnego_state *spnego_state,
 						  TALLOC_CTX *out_mem_ctx, 
+						  struct tevent_context *ev,
 						  const DATA_BLOB in, DATA_BLOB *out) 
 {
 	int i;
@@ -619,6 +624,7 @@ static NTSTATUS gensec_spnego_create_negTokenInit(struct gensec_security *gensec
 		if (spnego_state->state_position == SPNEGO_CLIENT_START) {
 			nt_status = gensec_update(spnego_state->sub_sec_security,
 						  out_mem_ctx, 
+						  ev,
 						  null_data_blob,
 						  &unwrapped_out);
 			
@@ -734,6 +740,7 @@ static NTSTATUS gensec_spnego_server_negTokenTarg(struct gensec_security *gensec
 
 
 static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, 
+				     struct tevent_context *ev,
 				     const DATA_BLOB in, DATA_BLOB *out) 
 {
 	struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data;
@@ -755,7 +762,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
 
 	switch (spnego_state->state_position) {
 	case SPNEGO_FALLBACK:
-		return gensec_update(spnego_state->sub_sec_security,
+		return gensec_update(spnego_state->sub_sec_security, ev,
 				     out_mem_ctx, in, out);
 	case SPNEGO_SERVER_START:
 	{
@@ -764,8 +771,8 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
 
 			len = spnego_read_data(gensec_security, in, &spnego);
 			if (len == -1) {
-				return gensec_spnego_server_try_fallback(gensec_security, spnego_state, 
-									 out_mem_ctx, in, out);
+				return gensec_spnego_server_try_fallback(gensec_security, spnego_state,
+									 out_mem_ctx, ev, in, out);
 			}
 			/* client sent NegTargetInit, we send NegTokenTarg */
 
@@ -781,6 +788,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
 			nt_status = gensec_spnego_parse_negTokenInit(gensec_security,
 								     spnego_state,
 								     out_mem_ctx, 
+								     ev,
 								     spnego.negTokenInit.mechTypes,
 								     spnego.negTokenInit.mechToken, 
 								     &unwrapped_out);
@@ -798,7 +806,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
 			return nt_status;
 		} else {
 			nt_status = gensec_spnego_create_negTokenInit(gensec_security, spnego_state, 
-								      out_mem_ctx, in, out);
+								      out_mem_ctx, ev, in, out);
 			spnego_state->state_position = SPNEGO_SERVER_START;
 			spnego_state->expected_packet = SPNEGO_NEG_TOKEN_INIT;
 			return nt_status;
@@ -815,7 +823,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
 		if (!in.length) {
 			/* client to produce negTokenInit */
 			nt_status = gensec_spnego_create_negTokenInit(gensec_security, spnego_state, 
-								 out_mem_ctx, in, out);
+								      out_mem_ctx, ev, in, out);
 			spnego_state->state_position = SPNEGO_CLIENT_TARG;
 			spnego_state->expected_packet = SPNEGO_NEG_TOKEN_TARG;
 			return nt_status;
@@ -849,6 +857,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
 		nt_status = gensec_spnego_parse_negTokenInit(gensec_security,
 							     spnego_state,
 							     out_mem_ctx, 
+							     ev,
 							     spnego.negTokenInit.mechTypes,
 							     spnego.negTokenInit.mechToken, 
 							     &unwrapped_out);
@@ -916,7 +925,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
 		}
 
 		nt_status = gensec_update(spnego_state->sub_sec_security,
-					  out_mem_ctx, 
+					  out_mem_ctx, ev,
 					  spnego.negTokenTarg.responseToken,
 					  &unwrapped_out);
 		if (NT_STATUS_IS_OK(nt_status) && spnego.negTokenTarg.mechListMIC.length > 0) {
@@ -1012,7 +1021,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
 			}
 
 			nt_status = gensec_update(spnego_state->sub_sec_security,
-						  out_mem_ctx, 
+						  out_mem_ctx, ev,
 						  spnego.negTokenTarg.responseToken,
 						  &unwrapped_out);
 			spnego_state->neg_oid = talloc_strdup(spnego_state, spnego.negTokenTarg.supportedMech);
@@ -1042,7 +1051,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
 			bool new_spnego = false;
 
 			nt_status = gensec_update(spnego_state->sub_sec_security,
-						  out_mem_ctx, 
+						  out_mem_ctx, ev,
 						  spnego.negTokenTarg.responseToken, 
 						  &unwrapped_out);
 
diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c
index 0c63d05d68..47903d161b 100644
--- a/source4/auth/ntlmssp/ntlmssp.c
+++ b/source4/auth/ntlmssp/ntlmssp.c
@@ -142,6 +142,7 @@ static NTSTATUS gensec_ntlmssp_update_find(struct ntlmssp_state *ntlmssp_state,
 
 static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security, 
 				      TALLOC_CTX *out_mem_ctx, 
+				      struct tevent_context *ev,
 				      const DATA_BLOB input, DATA_BLOB *out)
 {
 	struct gensec_ntlmssp_context *gensec_ntlmssp =
diff --git a/source4/auth/samba_server_gensec.c b/source4/auth/samba_server_gensec.c
index 24b658ad32..7b09aa78d7 100644
--- a/source4/auth/samba_server_gensec.c
+++ b/source4/auth/samba_server_gensec.c
@@ -57,7 +57,6 @@ NTSTATUS samba_server_gensec_start(TALLOC_CTX *mem_ctx,
 	}
 
 	nt_status = gensec_server_start(tmp_ctx,
-					event_ctx,
 					lpcfg_gensec_settings(mem_ctx, lp_ctx),
 					auth_context,
 					&gensec_ctx);
author	Andrew Bartlett <abartlet@samba.org>	2011-10-17 09:22:33 +0200
committer	Andrew Bartlett <abartlet@samba.org>	2011-10-18 13:13:33 +1100
commit	e7d5f0a357c42593a015b80390dedf920117a7e2 (patch)
tree	a4fa1a53f0294607b4abeb6f389ce719502fe849 /source4/auth
parent	0f2b27e7d428e75b8e6079ee5f36a0cccd4d1785 (diff)
download	samba-e7d5f0a357c42593a015b80390dedf920117a7e2.tar.gz samba-e7d5f0a357c42593a015b80390dedf920117a7e2.tar.bz2 samba-e7d5f0a357c42593a015b80390dedf920117a7e2.zip