summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-10-17 09:22:33 +0200
committerAndrew Bartlett <abartlet@samba.org>2011-10-18 13:13:33 +1100
commite7d5f0a357c42593a015b80390dedf920117a7e2 (patch)
treea4fa1a53f0294607b4abeb6f389ce719502fe849 /source4/auth
parent0f2b27e7d428e75b8e6079ee5f36a0cccd4d1785 (diff)
downloadsamba-e7d5f0a357c42593a015b80390dedf920117a7e2.tar.gz
samba-e7d5f0a357c42593a015b80390dedf920117a7e2.tar.bz2
samba-e7d5f0a357c42593a015b80390dedf920117a7e2.zip
gensec: move event context from gensec_*_init() to gensec_update()
This avoids keeping the event context around on a the gensec_security context structure long term. In the Samba3 server, the event context we either supply is a NULL pointer as no server-side modules currently use the event context. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/gensec/gensec_gssapi.c16
-rw-r--r--source4/auth/gensec/gensec_krb5.c13
-rw-r--r--source4/auth/gensec/pygensec.c30
-rw-r--r--source4/auth/gensec/schannel.c3
-rw-r--r--source4/auth/gensec/spnego.c27
-rw-r--r--source4/auth/ntlmssp/ntlmssp.c1
-rw-r--r--source4/auth/samba_server_gensec.c1
7 files changed, 49 insertions, 42 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 564c20cb48..55c2970d5a 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -267,7 +267,8 @@ static NTSTATUS gensec_gssapi_sasl_server_start(struct gensec_security *gensec_s
return nt_status;
}
-static NTSTATUS gensec_gssapi_client_creds(struct gensec_security *gensec_security)
+static NTSTATUS gensec_gssapi_client_creds(struct gensec_security *gensec_security,
+ struct tevent_context *ev)
{
struct gensec_gssapi_state *gensec_gssapi_state;
struct gssapi_creds_container *gcc;
@@ -283,8 +284,8 @@ static NTSTATUS gensec_gssapi_client_creds(struct gensec_security *gensec_securi
}
ret = cli_credentials_get_client_gss_creds(creds,
- gensec_security->event_ctx,
- gensec_security->settings->lp_ctx, &gcc, &error_string);
+ ev,
+ gensec_security->settings->lp_ctx, &gcc, &error_string);
switch (ret) {
case 0:
break;
@@ -423,8 +424,9 @@ static NTSTATUS gensec_gssapi_magic(struct gensec_security *gensec_security,
*/
static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security,
- TALLOC_CTX *out_mem_ctx,
- const DATA_BLOB in, DATA_BLOB *out)
+ TALLOC_CTX *out_mem_ctx,
+ struct tevent_context *ev,
+ const DATA_BLOB in, DATA_BLOB *out)
{
struct gensec_gssapi_state *gensec_gssapi_state
= talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
@@ -445,13 +447,13 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security,
struct gsskrb5_send_to_kdc send_to_kdc;
krb5_error_code ret;
- nt_status = gensec_gssapi_client_creds(gensec_security);
+ nt_status = gensec_gssapi_client_creds(gensec_security, ev);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
send_to_kdc.func = smb_krb5_send_and_recv_func;
- send_to_kdc.ptr = gensec_security->event_ctx;
+ send_to_kdc.ptr = ev;
min_stat = gsskrb5_set_send_to_kdc(&send_to_kdc);
if (min_stat) {
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index f17245ccec..2a3bd22d32 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -272,7 +272,9 @@ static NTSTATUS gensec_krb5_common_client_start(struct gensec_security *gensec_s
return NT_STATUS_OK;
}
-static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_security, bool gssapi)
+static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_security,
+ struct tevent_context *ev,
+ bool gssapi)
{
struct gensec_krb5_state *gensec_krb5_state;
krb5_error_code ret;
@@ -289,7 +291,7 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s
hostname = gensec_get_target_hostname(gensec_security);
ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security),
- gensec_security->event_ctx,
+ ev,
gensec_security->settings->lp_ctx, &ccache_container, &error_string);
switch (ret) {
case 0:
@@ -311,7 +313,7 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s
in_data.length = 0;
/* Do this every time, in case we have weird recursive issues here */
- ret = smb_krb5_context_set_event_ctx(gensec_krb5_state->smb_krb5_context, gensec_security->event_ctx, &previous_ev);
+ ret = smb_krb5_context_set_event_ctx(gensec_krb5_state->smb_krb5_context, ev, &previous_ev);
if (ret != 0) {
DEBUG(1, ("gensec_krb5_start: Setting event context failed\n"));
return NT_STATUS_NO_MEMORY;
@@ -340,7 +342,7 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s
&gensec_krb5_state->enc_ticket);
}
- smb_krb5_context_remove_event_ctx(gensec_krb5_state->smb_krb5_context, previous_ev, gensec_security->event_ctx);
+ smb_krb5_context_remove_event_ctx(gensec_krb5_state->smb_krb5_context, previous_ev, ev);
switch (ret) {
case 0:
@@ -423,6 +425,7 @@ static NTSTATUS gensec_fake_gssapi_krb5_magic(struct gensec_security *gensec_sec
static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security,
TALLOC_CTX *out_mem_ctx,
+ struct tevent_context *ev,
const DATA_BLOB in, DATA_BLOB *out)
{
struct gensec_krb5_state *gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
@@ -434,7 +437,7 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security,
{
DATA_BLOB unwrapped_out;
- nt_status = gensec_krb5_common_client_creds(gensec_security, gensec_krb5_state->gssapi);
+ nt_status = gensec_krb5_common_client_creds(gensec_security, ev, gensec_krb5_state->gssapi);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c
index d7cbea6f57..858cbe915e 100644
--- a/source4/auth/gensec/pygensec.c
+++ b/source4/auth/gensec/pygensec.c
@@ -82,7 +82,6 @@ static PyObject *py_gensec_start_client(PyTypeObject *type, PyObject *args, PyOb
struct gensec_settings *settings;
const char *kwnames[] = { "settings", NULL };
PyObject *py_settings;
- struct tevent_context *ev;
struct gensec_security *gensec;
if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|O", discard_const_p(char *, kwnames), &py_settings))
@@ -120,13 +119,6 @@ static PyObject *py_gensec_start_client(PyTypeObject *type, PyObject *args, PyOb
}
}
- ev = tevent_context_init(self->talloc_ctx);
- if (ev == NULL) {
- PyErr_NoMemory();
- PyObject_Del(self);
- return NULL;
- }
-
status = gensec_init();
if (!NT_STATUS_IS_OK(status)) {
PyErr_SetNTSTATUS(status);
@@ -134,7 +126,7 @@ static PyObject *py_gensec_start_client(PyTypeObject *type, PyObject *args, PyOb
return NULL;
}
- status = gensec_client_start(self->talloc_ctx, &gensec, ev, settings);
+ status = gensec_client_start(self->talloc_ctx, &gensec, settings);
if (!NT_STATUS_IS_OK(status)) {
PyErr_SetNTSTATUS(status);
PyObject_DEL(self);
@@ -154,7 +146,6 @@ static PyObject *py_gensec_start_server(PyTypeObject *type, PyObject *args, PyOb
const char *kwnames[] = { "settings", "auth_context", NULL };
PyObject *py_settings = Py_None;
PyObject *py_auth_context = Py_None;
- struct tevent_context *ev;
struct gensec_security *gensec;
struct auth4_context *auth_context = NULL;
@@ -193,13 +184,6 @@ static PyObject *py_gensec_start_server(PyTypeObject *type, PyObject *args, PyOb
}
}
- ev = tevent_context_init(self->talloc_ctx);
- if (ev == NULL) {
- PyErr_NoMemory();
- PyObject_Del(self);
- return NULL;
- }
-
if (py_auth_context != Py_None) {
auth_context = pytalloc_get_type(py_auth_context, struct auth4_context);
if (!auth_context) {
@@ -217,7 +201,7 @@ static PyObject *py_gensec_start_server(PyTypeObject *type, PyObject *args, PyOb
return NULL;
}
- status = gensec_server_start(self->talloc_ctx, ev, settings, auth_context, &gensec);
+ status = gensec_server_start(self->talloc_ctx, settings, auth_context, &gensec);
if (!NT_STATUS_IS_OK(status)) {
PyErr_SetNTSTATUS(status);
PyObject_DEL(self);
@@ -368,6 +352,7 @@ static PyObject *py_gensec_update(PyObject *self, PyObject *args)
PyObject *ret, *py_in;
struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
PyObject *finished_processing;
+ struct tevent_context *ev;
if (!PyArg_ParseTuple(args, "O", &py_in))
return NULL;
@@ -382,7 +367,14 @@ static PyObject *py_gensec_update(PyObject *self, PyObject *args)
in.data = (uint8_t *)PyString_AsString(py_in);
in.length = PyString_Size(py_in);
- status = gensec_update(security, mem_ctx, in, &out);
+ ev = tevent_context_init(mem_ctx);
+ if (ev == NULL) {
+ PyErr_NoMemory();
+ PyObject_Del(self);
+ return NULL;
+ }
+
+ status = gensec_update(security, mem_ctx, ev, in, &out);
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)
&& !NT_STATUS_IS_OK(status)) {
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
index f947d45596..51be445dbb 100644
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -52,7 +52,8 @@ static NTSTATUS schannel_session_key(struct gensec_security *gensec_security,
}
static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
- const DATA_BLOB in, DATA_BLOB *out)
+ struct tevent_context *ev,
+ const DATA_BLOB in, DATA_BLOB *out)
{
struct schannel_state *state = (struct schannel_state *)gensec_security->private_data;
NTSTATUS status;
diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c
index 281b954210..fd3caaad87 100644
--- a/source4/auth/gensec/spnego.c
+++ b/source4/auth/gensec/spnego.c
@@ -331,6 +331,7 @@ static NTSTATUS gensec_spnego_session_info(struct gensec_security *gensec_securi
static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec_security,
struct spnego_state *spnego_state,
+ struct tevent_context *ev,
TALLOC_CTX *out_mem_ctx,
const DATA_BLOB in, DATA_BLOB *out)
{
@@ -384,7 +385,7 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec
return nt_status;
}
nt_status = gensec_update(spnego_state->sub_sec_security,
- out_mem_ctx, in, out);
+ ev, out_mem_ctx, in, out);
return nt_status;
}
DEBUG(1, ("Failed to parse SPNEGO request\n"));
@@ -400,6 +401,7 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec
static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_security,
struct spnego_state *spnego_state,
TALLOC_CTX *out_mem_ctx,
+ struct tevent_context *ev,
const char **mechType,
const DATA_BLOB unwrapped_in, DATA_BLOB *unwrapped_out)
{
@@ -451,6 +453,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_
nt_status = gensec_update(spnego_state->sub_sec_security,
out_mem_ctx,
+ ev,
unwrapped_in,
unwrapped_out);
if (NT_STATUS_EQUAL(nt_status, NT_STATUS_INVALID_PARAMETER) ||
@@ -504,6 +507,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_
/* only get the helping start blob for the first OID */
nt_status = gensec_update(spnego_state->sub_sec_security,
out_mem_ctx,
+ ev,
null_data_blob,
unwrapped_out);
@@ -579,6 +583,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_
static NTSTATUS gensec_spnego_create_negTokenInit(struct gensec_security *gensec_security,
struct spnego_state *spnego_state,
TALLOC_CTX *out_mem_ctx,
+ struct tevent_context *ev,
const DATA_BLOB in, DATA_BLOB *out)
{
int i;
@@ -619,6 +624,7 @@ static NTSTATUS gensec_spnego_create_negTokenInit(struct gensec_security *gensec
if (spnego_state->state_position == SPNEGO_CLIENT_START) {
nt_status = gensec_update(spnego_state->sub_sec_security,
out_mem_ctx,
+ ev,
null_data_blob,
&unwrapped_out);
@@ -734,6 +740,7 @@ static NTSTATUS gensec_spnego_server_negTokenTarg(struct gensec_security *gensec
static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
+ struct tevent_context *ev,
const DATA_BLOB in, DATA_BLOB *out)
{
struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data;
@@ -755,7 +762,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
switch (spnego_state->state_position) {
case SPNEGO_FALLBACK:
- return gensec_update(spnego_state->sub_sec_security,
+ return gensec_update(spnego_state->sub_sec_security, ev,
out_mem_ctx, in, out);
case SPNEGO_SERVER_START:
{
@@ -764,8 +771,8 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
len = spnego_read_data(gensec_security, in, &spnego);
if (len == -1) {
- return gensec_spnego_server_try_fallback(gensec_security, spnego_state,
- out_mem_ctx, in, out);
+ return gensec_spnego_server_try_fallback(gensec_security, spnego_state,
+ out_mem_ctx, ev, in, out);
}
/* client sent NegTargetInit, we send NegTokenTarg */
@@ -781,6 +788,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
nt_status = gensec_spnego_parse_negTokenInit(gensec_security,
spnego_state,
out_mem_ctx,
+ ev,
spnego.negTokenInit.mechTypes,
spnego.negTokenInit.mechToken,
&unwrapped_out);
@@ -798,7 +806,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
return nt_status;
} else {
nt_status = gensec_spnego_create_negTokenInit(gensec_security, spnego_state,
- out_mem_ctx, in, out);
+ out_mem_ctx, ev, in, out);
spnego_state->state_position = SPNEGO_SERVER_START;
spnego_state->expected_packet = SPNEGO_NEG_TOKEN_INIT;
return nt_status;
@@ -815,7 +823,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
if (!in.length) {
/* client to produce negTokenInit */
nt_status = gensec_spnego_create_negTokenInit(gensec_security, spnego_state,
- out_mem_ctx, in, out);
+ out_mem_ctx, ev, in, out);
spnego_state->state_position = SPNEGO_CLIENT_TARG;
spnego_state->expected_packet = SPNEGO_NEG_TOKEN_TARG;
return nt_status;
@@ -849,6 +857,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
nt_status = gensec_spnego_parse_negTokenInit(gensec_security,
spnego_state,
out_mem_ctx,
+ ev,
spnego.negTokenInit.mechTypes,
spnego.negTokenInit.mechToken,
&unwrapped_out);
@@ -916,7 +925,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
}
nt_status = gensec_update(spnego_state->sub_sec_security,
- out_mem_ctx,
+ out_mem_ctx, ev,
spnego.negTokenTarg.responseToken,
&unwrapped_out);
if (NT_STATUS_IS_OK(nt_status) && spnego.negTokenTarg.mechListMIC.length > 0) {
@@ -1012,7 +1021,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
}
nt_status = gensec_update(spnego_state->sub_sec_security,
- out_mem_ctx,
+ out_mem_ctx, ev,
spnego.negTokenTarg.responseToken,
&unwrapped_out);
spnego_state->neg_oid = talloc_strdup(spnego_state, spnego.negTokenTarg.supportedMech);
@@ -1042,7 +1051,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
bool new_spnego = false;
nt_status = gensec_update(spnego_state->sub_sec_security,
- out_mem_ctx,
+ out_mem_ctx, ev,
spnego.negTokenTarg.responseToken,
&unwrapped_out);
diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c
index 0c63d05d68..47903d161b 100644
--- a/source4/auth/ntlmssp/ntlmssp.c
+++ b/source4/auth/ntlmssp/ntlmssp.c
@@ -142,6 +142,7 @@ static NTSTATUS gensec_ntlmssp_update_find(struct ntlmssp_state *ntlmssp_state,
static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security,
TALLOC_CTX *out_mem_ctx,
+ struct tevent_context *ev,
const DATA_BLOB input, DATA_BLOB *out)
{
struct gensec_ntlmssp_context *gensec_ntlmssp =
diff --git a/source4/auth/samba_server_gensec.c b/source4/auth/samba_server_gensec.c
index 24b658ad32..7b09aa78d7 100644
--- a/source4/auth/samba_server_gensec.c
+++ b/source4/auth/samba_server_gensec.c
@@ -57,7 +57,6 @@ NTSTATUS samba_server_gensec_start(TALLOC_CTX *mem_ctx,
}
nt_status = gensec_server_start(tmp_ctx,
- event_ctx,
lpcfg_gensec_settings(mem_ctx, lp_ctx),
auth_context,
&gensec_ctx);