summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-10-17 09:22:33 +0200
committerAndrew Bartlett <abartlet@samba.org>2011-10-18 13:13:33 +1100
commite7d5f0a357c42593a015b80390dedf920117a7e2 (patch)
treea4fa1a53f0294607b4abeb6f389ce719502fe849 /source4
parent0f2b27e7d428e75b8e6079ee5f36a0cccd4d1785 (diff)
downloadsamba-e7d5f0a357c42593a015b80390dedf920117a7e2.tar.gz
samba-e7d5f0a357c42593a015b80390dedf920117a7e2.tar.bz2
samba-e7d5f0a357c42593a015b80390dedf920117a7e2.zip
gensec: move event context from gensec_*_init() to gensec_update()
This avoids keeping the event context around on a the gensec_security context structure long term. In the Samba3 server, the event context we either supply is a NULL pointer as no server-side modules currently use the event context. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source4')
-rw-r--r--source4/auth/gensec/gensec_gssapi.c16
-rw-r--r--source4/auth/gensec/gensec_krb5.c13
-rw-r--r--source4/auth/gensec/pygensec.c30
-rw-r--r--source4/auth/gensec/schannel.c3
-rw-r--r--source4/auth/gensec/spnego.c27
-rw-r--r--source4/auth/ntlmssp/ntlmssp.c1
-rw-r--r--source4/auth/samba_server_gensec.c1
-rw-r--r--source4/kdc/kpasswdd.c2
-rw-r--r--source4/ldap_server/ldap_bind.c2
-rw-r--r--source4/libcli/ldap/ldap_bind.c2
-rw-r--r--source4/libcli/smb2/session.c3
-rw-r--r--source4/libcli/smb_composite/sesssetup.c6
-rw-r--r--source4/librpc/rpc/dcerpc_auth.c3
-rw-r--r--source4/rpc_server/dcesrv_auth.c6
-rw-r--r--source4/smb_server/smb/negprot.c2
-rw-r--r--source4/smb_server/smb2/negprot.c2
-rw-r--r--source4/torture/auth/ntlmssp.c4
-rw-r--r--source4/torture/rpc/remote_pac.c24
-rw-r--r--source4/utils/ntlm_auth.c6
19 files changed, 82 insertions, 71 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 564c20cb48..55c2970d5a 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -267,7 +267,8 @@ static NTSTATUS gensec_gssapi_sasl_server_start(struct gensec_security *gensec_s
return nt_status;
}
-static NTSTATUS gensec_gssapi_client_creds(struct gensec_security *gensec_security)
+static NTSTATUS gensec_gssapi_client_creds(struct gensec_security *gensec_security,
+ struct tevent_context *ev)
{
struct gensec_gssapi_state *gensec_gssapi_state;
struct gssapi_creds_container *gcc;
@@ -283,8 +284,8 @@ static NTSTATUS gensec_gssapi_client_creds(struct gensec_security *gensec_securi
}
ret = cli_credentials_get_client_gss_creds(creds,
- gensec_security->event_ctx,
- gensec_security->settings->lp_ctx, &gcc, &error_string);
+ ev,
+ gensec_security->settings->lp_ctx, &gcc, &error_string);
switch (ret) {
case 0:
break;
@@ -423,8 +424,9 @@ static NTSTATUS gensec_gssapi_magic(struct gensec_security *gensec_security,
*/
static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security,
- TALLOC_CTX *out_mem_ctx,
- const DATA_BLOB in, DATA_BLOB *out)
+ TALLOC_CTX *out_mem_ctx,
+ struct tevent_context *ev,
+ const DATA_BLOB in, DATA_BLOB *out)
{
struct gensec_gssapi_state *gensec_gssapi_state
= talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
@@ -445,13 +447,13 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security,
struct gsskrb5_send_to_kdc send_to_kdc;
krb5_error_code ret;
- nt_status = gensec_gssapi_client_creds(gensec_security);
+ nt_status = gensec_gssapi_client_creds(gensec_security, ev);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
send_to_kdc.func = smb_krb5_send_and_recv_func;
- send_to_kdc.ptr = gensec_security->event_ctx;
+ send_to_kdc.ptr = ev;
min_stat = gsskrb5_set_send_to_kdc(&send_to_kdc);
if (min_stat) {
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index f17245ccec..2a3bd22d32 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -272,7 +272,9 @@ static NTSTATUS gensec_krb5_common_client_start(struct gensec_security *gensec_s
return NT_STATUS_OK;
}
-static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_security, bool gssapi)
+static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_security,
+ struct tevent_context *ev,
+ bool gssapi)
{
struct gensec_krb5_state *gensec_krb5_state;
krb5_error_code ret;
@@ -289,7 +291,7 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s
hostname = gensec_get_target_hostname(gensec_security);
ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security),
- gensec_security->event_ctx,
+ ev,
gensec_security->settings->lp_ctx, &ccache_container, &error_string);
switch (ret) {
case 0:
@@ -311,7 +313,7 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s
in_data.length = 0;
/* Do this every time, in case we have weird recursive issues here */
- ret = smb_krb5_context_set_event_ctx(gensec_krb5_state->smb_krb5_context, gensec_security->event_ctx, &previous_ev);
+ ret = smb_krb5_context_set_event_ctx(gensec_krb5_state->smb_krb5_context, ev, &previous_ev);
if (ret != 0) {
DEBUG(1, ("gensec_krb5_start: Setting event context failed\n"));
return NT_STATUS_NO_MEMORY;
@@ -340,7 +342,7 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s
&gensec_krb5_state->enc_ticket);
}
- smb_krb5_context_remove_event_ctx(gensec_krb5_state->smb_krb5_context, previous_ev, gensec_security->event_ctx);
+ smb_krb5_context_remove_event_ctx(gensec_krb5_state->smb_krb5_context, previous_ev, ev);
switch (ret) {
case 0:
@@ -423,6 +425,7 @@ static NTSTATUS gensec_fake_gssapi_krb5_magic(struct gensec_security *gensec_sec
static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security,
TALLOC_CTX *out_mem_ctx,
+ struct tevent_context *ev,
const DATA_BLOB in, DATA_BLOB *out)
{
struct gensec_krb5_state *gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
@@ -434,7 +437,7 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security,
{
DATA_BLOB unwrapped_out;
- nt_status = gensec_krb5_common_client_creds(gensec_security, gensec_krb5_state->gssapi);
+ nt_status = gensec_krb5_common_client_creds(gensec_security, ev, gensec_krb5_state->gssapi);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c
index d7cbea6f57..858cbe915e 100644
--- a/source4/auth/gensec/pygensec.c
+++ b/source4/auth/gensec/pygensec.c
@@ -82,7 +82,6 @@ static PyObject *py_gensec_start_client(PyTypeObject *type, PyObject *args, PyOb
struct gensec_settings *settings;
const char *kwnames[] = { "settings", NULL };
PyObject *py_settings;
- struct tevent_context *ev;
struct gensec_security *gensec;
if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|O", discard_const_p(char *, kwnames), &py_settings))
@@ -120,13 +119,6 @@ static PyObject *py_gensec_start_client(PyTypeObject *type, PyObject *args, PyOb
}
}
- ev = tevent_context_init(self->talloc_ctx);
- if (ev == NULL) {
- PyErr_NoMemory();
- PyObject_Del(self);
- return NULL;
- }
-
status = gensec_init();
if (!NT_STATUS_IS_OK(status)) {
PyErr_SetNTSTATUS(status);
@@ -134,7 +126,7 @@ static PyObject *py_gensec_start_client(PyTypeObject *type, PyObject *args, PyOb
return NULL;
}
- status = gensec_client_start(self->talloc_ctx, &gensec, ev, settings);
+ status = gensec_client_start(self->talloc_ctx, &gensec, settings);
if (!NT_STATUS_IS_OK(status)) {
PyErr_SetNTSTATUS(status);
PyObject_DEL(self);
@@ -154,7 +146,6 @@ static PyObject *py_gensec_start_server(PyTypeObject *type, PyObject *args, PyOb
const char *kwnames[] = { "settings", "auth_context", NULL };
PyObject *py_settings = Py_None;
PyObject *py_auth_context = Py_None;
- struct tevent_context *ev;
struct gensec_security *gensec;
struct auth4_context *auth_context = NULL;
@@ -193,13 +184,6 @@ static PyObject *py_gensec_start_server(PyTypeObject *type, PyObject *args, PyOb
}
}
- ev = tevent_context_init(self->talloc_ctx);
- if (ev == NULL) {
- PyErr_NoMemory();
- PyObject_Del(self);
- return NULL;
- }
-
if (py_auth_context != Py_None) {
auth_context = pytalloc_get_type(py_auth_context, struct auth4_context);
if (!auth_context) {
@@ -217,7 +201,7 @@ static PyObject *py_gensec_start_server(PyTypeObject *type, PyObject *args, PyOb
return NULL;
}
- status = gensec_server_start(self->talloc_ctx, ev, settings, auth_context, &gensec);
+ status = gensec_server_start(self->talloc_ctx, settings, auth_context, &gensec);
if (!NT_STATUS_IS_OK(status)) {
PyErr_SetNTSTATUS(status);
PyObject_DEL(self);
@@ -368,6 +352,7 @@ static PyObject *py_gensec_update(PyObject *self, PyObject *args)
PyObject *ret, *py_in;
struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
PyObject *finished_processing;
+ struct tevent_context *ev;
if (!PyArg_ParseTuple(args, "O", &py_in))
return NULL;
@@ -382,7 +367,14 @@ static PyObject *py_gensec_update(PyObject *self, PyObject *args)
in.data = (uint8_t *)PyString_AsString(py_in);
in.length = PyString_Size(py_in);
- status = gensec_update(security, mem_ctx, in, &out);
+ ev = tevent_context_init(mem_ctx);
+ if (ev == NULL) {
+ PyErr_NoMemory();
+ PyObject_Del(self);
+ return NULL;
+ }
+
+ status = gensec_update(security, mem_ctx, ev, in, &out);
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)
&& !NT_STATUS_IS_OK(status)) {
diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c
index f947d45596..51be445dbb 100644
--- a/source4/auth/gensec/schannel.c
+++ b/source4/auth/gensec/schannel.c
@@ -52,7 +52,8 @@ static NTSTATUS schannel_session_key(struct gensec_security *gensec_security,
}
static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
- const DATA_BLOB in, DATA_BLOB *out)
+ struct tevent_context *ev,
+ const DATA_BLOB in, DATA_BLOB *out)
{
struct schannel_state *state = (struct schannel_state *)gensec_security->private_data;
NTSTATUS status;
diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c
index 281b954210..fd3caaad87 100644
--- a/source4/auth/gensec/spnego.c
+++ b/source4/auth/gensec/spnego.c
@@ -331,6 +331,7 @@ static NTSTATUS gensec_spnego_session_info(struct gensec_security *gensec_securi
static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec_security,
struct spnego_state *spnego_state,
+ struct tevent_context *ev,
TALLOC_CTX *out_mem_ctx,
const DATA_BLOB in, DATA_BLOB *out)
{
@@ -384,7 +385,7 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec
return nt_status;
}
nt_status = gensec_update(spnego_state->sub_sec_security,
- out_mem_ctx, in, out);
+ ev, out_mem_ctx, in, out);
return nt_status;
}
DEBUG(1, ("Failed to parse SPNEGO request\n"));
@@ -400,6 +401,7 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec
static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_security,
struct spnego_state *spnego_state,
TALLOC_CTX *out_mem_ctx,
+ struct tevent_context *ev,
const char **mechType,
const DATA_BLOB unwrapped_in, DATA_BLOB *unwrapped_out)
{
@@ -451,6 +453,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_
nt_status = gensec_update(spnego_state->sub_sec_security,
out_mem_ctx,
+ ev,
unwrapped_in,
unwrapped_out);
if (NT_STATUS_EQUAL(nt_status, NT_STATUS_INVALID_PARAMETER) ||
@@ -504,6 +507,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_
/* only get the helping start blob for the first OID */
nt_status = gensec_update(spnego_state->sub_sec_security,
out_mem_ctx,
+ ev,
null_data_blob,
unwrapped_out);
@@ -579,6 +583,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_
static NTSTATUS gensec_spnego_create_negTokenInit(struct gensec_security *gensec_security,
struct spnego_state *spnego_state,
TALLOC_CTX *out_mem_ctx,
+ struct tevent_context *ev,
const DATA_BLOB in, DATA_BLOB *out)
{
int i;
@@ -619,6 +624,7 @@ static NTSTATUS gensec_spnego_create_negTokenInit(struct gensec_security *gensec
if (spnego_state->state_position == SPNEGO_CLIENT_START) {
nt_status = gensec_update(spnego_state->sub_sec_security,
out_mem_ctx,
+ ev,
null_data_blob,
&unwrapped_out);
@@ -734,6 +740,7 @@ static NTSTATUS gensec_spnego_server_negTokenTarg(struct gensec_security *gensec
static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
+ struct tevent_context *ev,
const DATA_BLOB in, DATA_BLOB *out)
{
struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data;
@@ -755,7 +762,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
switch (spnego_state->state_position) {
case SPNEGO_FALLBACK:
- return gensec_update(spnego_state->sub_sec_security,
+ return gensec_update(spnego_state->sub_sec_security, ev,
out_mem_ctx, in, out);
case SPNEGO_SERVER_START:
{
@@ -764,8 +771,8 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
len = spnego_read_data(gensec_security, in, &spnego);
if (len == -1) {
- return gensec_spnego_server_try_fallback(gensec_security, spnego_state,
- out_mem_ctx, in, out);
+ return gensec_spnego_server_try_fallback(gensec_security, spnego_state,
+ out_mem_ctx, ev, in, out);
}
/* client sent NegTargetInit, we send NegTokenTarg */
@@ -781,6 +788,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
nt_status = gensec_spnego_parse_negTokenInit(gensec_security,
spnego_state,
out_mem_ctx,
+ ev,
spnego.negTokenInit.mechTypes,
spnego.negTokenInit.mechToken,
&unwrapped_out);
@@ -798,7 +806,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
return nt_status;
} else {
nt_status = gensec_spnego_create_negTokenInit(gensec_security, spnego_state,
- out_mem_ctx, in, out);
+ out_mem_ctx, ev, in, out);
spnego_state->state_position = SPNEGO_SERVER_START;
spnego_state->expected_packet = SPNEGO_NEG_TOKEN_INIT;
return nt_status;
@@ -815,7 +823,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
if (!in.length) {
/* client to produce negTokenInit */
nt_status = gensec_spnego_create_negTokenInit(gensec_security, spnego_state,
- out_mem_ctx, in, out);
+ out_mem_ctx, ev, in, out);
spnego_state->state_position = SPNEGO_CLIENT_TARG;
spnego_state->expected_packet = SPNEGO_NEG_TOKEN_TARG;
return nt_status;
@@ -849,6 +857,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
nt_status = gensec_spnego_parse_negTokenInit(gensec_security,
spnego_state,
out_mem_ctx,
+ ev,
spnego.negTokenInit.mechTypes,
spnego.negTokenInit.mechToken,
&unwrapped_out);
@@ -916,7 +925,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
}
nt_status = gensec_update(spnego_state->sub_sec_security,
- out_mem_ctx,
+ out_mem_ctx, ev,
spnego.negTokenTarg.responseToken,
&unwrapped_out);
if (NT_STATUS_IS_OK(nt_status) && spnego.negTokenTarg.mechListMIC.length > 0) {
@@ -1012,7 +1021,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
}
nt_status = gensec_update(spnego_state->sub_sec_security,
- out_mem_ctx,
+ out_mem_ctx, ev,
spnego.negTokenTarg.responseToken,
&unwrapped_out);
spnego_state->neg_oid = talloc_strdup(spnego_state, spnego.negTokenTarg.supportedMech);
@@ -1042,7 +1051,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
bool new_spnego = false;
nt_status = gensec_update(spnego_state->sub_sec_security,
- out_mem_ctx,
+ out_mem_ctx, ev,
spnego.negTokenTarg.responseToken,
&unwrapped_out);
diff --git a/source4/auth/ntlmssp/ntlmssp.c b/source4/auth/ntlmssp/ntlmssp.c
index 0c63d05d68..47903d161b 100644
--- a/source4/auth/ntlmssp/ntlmssp.c
+++ b/source4/auth/ntlmssp/ntlmssp.c
@@ -142,6 +142,7 @@ static NTSTATUS gensec_ntlmssp_update_find(struct ntlmssp_state *ntlmssp_state,
static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security,
TALLOC_CTX *out_mem_ctx,
+ struct tevent_context *ev,
const DATA_BLOB input, DATA_BLOB *out)
{
struct gensec_ntlmssp_context *gensec_ntlmssp =
diff --git a/source4/auth/samba_server_gensec.c b/source4/auth/samba_server_gensec.c
index 24b658ad32..7b09aa78d7 100644
--- a/source4/auth/samba_server_gensec.c
+++ b/source4/auth/samba_server_gensec.c
@@ -57,7 +57,6 @@ NTSTATUS samba_server_gensec_start(TALLOC_CTX *mem_ctx,
}
nt_status = gensec_server_start(tmp_ctx,
- event_ctx,
lpcfg_gensec_settings(mem_ctx, lp_ctx),
auth_context,
&gensec_ctx);
diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c
index 0763e92498..8bed20e518 100644
--- a/source4/kdc/kpasswdd.c
+++ b/source4/kdc/kpasswdd.c
@@ -571,7 +571,7 @@ enum kdc_process_ret kpasswdd_process(struct kdc_server *kdc,
}
/* Accept the AP-REQ and generate teh AP-REP we need for the reply */
- nt_status = gensec_update(gensec_security, tmp_ctx, ap_req, &ap_rep);
+ nt_status = gensec_update(gensec_security, tmp_ctx, kdc->task->event_ctx, ap_req, &ap_rep);
if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
ret = kpasswdd_make_unauth_error_reply(kdc, mem_ctx,
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c
index fd7deda499..e0db358b4f 100644
--- a/source4/ldap_server/ldap_bind.c
+++ b/source4/ldap_server/ldap_bind.c
@@ -202,7 +202,7 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
input = *req->creds.SASL.secblob;
}
- status = gensec_update(conn->gensec, reply,
+ status = gensec_update(conn->gensec, reply, conn->connection->event.ctx,
input, &output);
/* Windows 2000 mmc doesn't like secblob == NULL and reports a decoding error */
diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/ldap_bind.c
index e5e8cbadb4..f167f17de9 100644
--- a/source4/libcli/ldap/ldap_bind.c
+++ b/source4/libcli/ldap/ldap_bind.c
@@ -225,7 +225,6 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn,
gensec_init();
status = gensec_client_start(conn, &conn->gensec,
- conn->event.event_ctx,
lpcfg_gensec_settings(conn, lp_ctx));
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Failed to start GENSEC engine (%s)\n", nt_errstr(status)));
@@ -319,6 +318,7 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn,
int result = LDAP_OTHER;
status = gensec_update(conn->gensec, tmp_ctx,
+ conn->event.event_ctx,
input,
&output);
/* The status value here, from GENSEC is vital to the security
diff --git a/source4/libcli/smb2/session.c b/source4/libcli/smb2/session.c
index 0f749a0b6c..f30152329e 100644
--- a/source4/libcli/smb2/session.c
+++ b/source4/libcli/smb2/session.c
@@ -53,7 +53,6 @@ struct smb2_session *smb2_session_init(struct smb2_transport *transport,
/* prepare a gensec context for later use */
status = gensec_client_start(session, &session->gensec,
- session->transport->socket->event.ctx,
settings);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(session);
@@ -203,6 +202,7 @@ struct tevent_req *smb2_session_setup_spnego_send(TALLOC_CTX *mem_ctx,
}
status = gensec_update(session->gensec, state,
+ session->transport->socket->event.ctx,
session->transport->negotiate.secblob,
&state->io.in.secblob);
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
@@ -242,6 +242,7 @@ static void smb2_session_setup_spnego_handler(struct smb2_request *subreq)
(NT_STATUS_IS_OK(peer_status) &&
NT_STATUS_EQUAL(state->gensec_status, NT_STATUS_MORE_PROCESSING_REQUIRED))) {
status = gensec_update(session->gensec, state,
+ session->transport->socket->event.ctx,
state->io.out.secblob,
&state->io.in.secblob);
state->gensec_status = status;
diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c
index 7385669836..8b1571cc49 100644
--- a/source4/libcli/smb_composite/sesssetup.c
+++ b/source4/libcli/smb_composite/sesssetup.c
@@ -181,7 +181,7 @@ static void request_handler(struct smbcli_request *req)
* host/attacker might avoid mutal authentication
* requirements */
- state->gensec_status = gensec_update(session->gensec, state,
+ state->gensec_status = gensec_update(session->gensec, state, c->event_ctx,
state->setup.spnego.out.secblob,
&state->setup.spnego.in.secblob);
c->status = state->gensec_status;
@@ -443,7 +443,7 @@ static NTSTATUS session_setup_spnego(struct composite_context *c,
smbcli_temp_set_signing(session->transport);
- status = gensec_client_start(session, &session->gensec, c->event_ctx,
+ status = gensec_client_start(session, &session->gensec,
io->in.gensec_settings);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to start GENSEC client mode: %s\n", nt_errstr(status)));
@@ -500,10 +500,12 @@ static NTSTATUS session_setup_spnego(struct composite_context *c,
if ((const void *)chosen_oid == (const void *)GENSEC_OID_SPNEGO) {
status = gensec_update(session->gensec, state,
+ c->event_ctx,
session->transport->negotiate.secblob,
&state->setup.spnego.in.secblob);
} else {
status = gensec_update(session->gensec, state,
+ c->event_ctx,
data_blob(NULL, 0),
&state->setup.spnego.in.secblob);
diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c
index fb2f4fb680..b3f4f2fdb0 100644
--- a/source4/librpc/rpc/dcerpc_auth.c
+++ b/source4/librpc/rpc/dcerpc_auth.c
@@ -132,6 +132,7 @@ static void bind_auth_next_step(struct composite_context *c)
*/
c->status = gensec_update(sec->generic_state, state,
+ state->pipe->conn->event_ctx,
sec->auth_info->credentials,
&state->credentials);
data_blob_free(&sec->auth_info->credentials);
@@ -255,7 +256,6 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
sec = &p->conn->security_state;
c->status = gensec_client_start(p, &sec->generic_state,
- p->conn->event_ctx,
gensec_settings);
if (!NT_STATUS_IS_OK(c->status)) {
DEBUG(1, ("Failed to start GENSEC client mode: %s\n",
@@ -334,6 +334,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
*/
c->status = gensec_update(sec->generic_state, state,
+ p->conn->event_ctx,
sec->auth_info->credentials,
&state->credentials);
if (!NT_STATUS_IS_OK(c->status) &&
diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c
index ee7a86ab85..c891cc62b7 100644
--- a/source4/rpc_server/dcesrv_auth.c
+++ b/source4/rpc_server/dcesrv_auth.c
@@ -113,7 +113,7 @@ NTSTATUS dcesrv_auth_bind_ack(struct dcesrv_call_state *call, struct ncacn_packe
}
status = gensec_update(dce_conn->auth_state.gensec_security,
- call,
+ call, call->event_ctx,
dce_conn->auth_state.auth_info->credentials,
&dce_conn->auth_state.auth_info->credentials);
@@ -171,7 +171,7 @@ bool dcesrv_auth_auth3(struct dcesrv_call_state *call)
/* Pass the extra data we got from the client down to gensec for processing */
status = gensec_update(dce_conn->auth_state.gensec_security,
- call,
+ call, call->event_ctx,
dce_conn->auth_state.auth_info->credentials,
&dce_conn->auth_state.auth_info->credentials);
if (NT_STATUS_IS_OK(status)) {
@@ -250,7 +250,7 @@ NTSTATUS dcesrv_auth_alter_ack(struct dcesrv_call_state *call, struct ncacn_pack
}
status = gensec_update(dce_conn->auth_state.gensec_security,
- call,
+ call, call->event_ctx,
dce_conn->auth_state.auth_info->credentials,
&dce_conn->auth_state.auth_info->credentials);
diff --git a/source4/smb_server/smb/negprot.c b/source4/smb_server/smb/negprot.c
index 378330ff28..739881dadc 100644
--- a/source4/smb_server/smb/negprot.c
+++ b/source4/smb_server/smb/negprot.c
@@ -392,7 +392,7 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
if (NT_STATUS_IS_OK(nt_status)) {
/* Get and push the proposed OID list into the packets */
- nt_status = gensec_update(gensec_security, req, null_data_blob, &blob);
+ nt_status = gensec_update(gensec_security, req, req->smb_conn->connection->event.ctx, null_data_blob, &blob);
if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
DEBUG(1, ("Failed to get SPNEGO to give us the first token: %s\n", nt_errstr(nt_status)));
diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c
index bc896aa924..dd69c9fc7e 100644
--- a/source4/smb_server/smb2/negprot.c
+++ b/source4/smb_server/smb2/negprot.c
@@ -79,7 +79,7 @@ static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB *
return nt_status;
}
- nt_status = gensec_update(gensec_security, req, null_data_blob, &blob);
+ nt_status = gensec_update(gensec_security, req, req->smb_conn->connection->event.ctx, null_data_blob, &blob);
if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
DEBUG(0, ("Failed to get SPNEGO to give us the first token: %s\n", nt_errstr(nt_status)));
smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO - no first token\n");
diff --git a/source4/torture/auth/ntlmssp.c b/source4/torture/auth/ntlmssp.c
index c98985c97c..db2f2db314 100644
--- a/source4/torture/auth/ntlmssp.c
+++ b/source4/torture/auth/ntlmssp.c
@@ -36,7 +36,7 @@ static bool torture_ntlmssp_self_check(struct torture_context *tctx)
torture_assert_ntstatus_ok(tctx,
gensec_client_start(mem_ctx, &gensec_security,
- tctx->ev, lpcfg_gensec_settings(tctx, tctx->lp_ctx)),
+ lpcfg_gensec_settings(tctx, tctx->lp_ctx)),
"gensec client start");
gensec_set_credentials(gensec_security, cmdline_credentials);
@@ -93,7 +93,7 @@ static bool torture_ntlmssp_self_check(struct torture_context *tctx)
torture_assert_ntstatus_ok(tctx,
gensec_client_start(mem_ctx, &gensec_security,
- tctx->ev, lpcfg_gensec_settings(tctx, tctx->lp_ctx)),
+ lpcfg_gensec_settings(tctx, tctx->lp_ctx)),
"Failed to start GENSEC for NTLMSSP");
gensec_set_credentials(gensec_security, cmdline_credentials);
diff --git a/source4/torture/rpc/remote_pac.c b/source4/torture/rpc/remote_pac.c
index 88a40b4fe4..22fcd73cb4 100644
--- a/source4/torture/rpc/remote_pac.c
+++ b/source4/torture/rpc/remote_pac.c
@@ -85,7 +85,7 @@ static bool test_PACVerify(struct torture_context *tctx,
return false;
}
- status = gensec_client_start(tctx, &gensec_client_context, tctx->ev,
+ status = gensec_client_start(tctx, &gensec_client_context,
lpcfg_gensec_settings(tctx, tctx->lp_ctx));
torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed");
@@ -97,7 +97,7 @@ static bool test_PACVerify(struct torture_context *tctx,
status = gensec_start_mech_by_sasl_name(gensec_client_context, "GSSAPI");
torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (client) failed");
- status = gensec_server_start(tctx, tctx->ev,
+ status = gensec_server_start(tctx,
lpcfg_gensec_settings(tctx, tctx->lp_ctx),
NULL, &gensec_server_context);
torture_assert_ntstatus_ok(tctx, status, "gensec_server_start (server) failed");
@@ -112,12 +112,12 @@ static bool test_PACVerify(struct torture_context *tctx,
do {
/* Do a client-server update dance */
- status = gensec_update(gensec_client_context, tmp_ctx, server_to_client, &client_to_server);
+ status = gensec_update(gensec_client_context, tmp_ctx, tctx->ev, server_to_client, &client_to_server);
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed");
}
- status = gensec_update(gensec_server_context, tmp_ctx, client_to_server, &server_to_client);
+ status = gensec_update(gensec_server_context, tmp_ctx, tctx->ev, client_to_server, &server_to_client);
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
torture_assert_ntstatus_ok(tctx, status, "gensec_update (server) failed");
}
@@ -424,7 +424,7 @@ static bool test_S2U4Self(struct torture_context *tctx,
/* First, do a normal Kerberos connection */
- status = gensec_client_start(tctx, &gensec_client_context, tctx->ev,
+ status = gensec_client_start(tctx, &gensec_client_context,
lpcfg_gensec_settings(tctx, tctx->lp_ctx));
torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed");
@@ -436,7 +436,7 @@ static bool test_S2U4Self(struct torture_context *tctx,
status = gensec_start_mech_by_sasl_name(gensec_client_context, "GSSAPI");
torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (client) failed");
- status = gensec_server_start(tctx, tctx->ev,
+ status = gensec_server_start(tctx,
lpcfg_gensec_settings(tctx, tctx->lp_ctx),
NULL, &gensec_server_context);
torture_assert_ntstatus_ok(tctx, status, "gensec_server_start (server) failed");
@@ -451,12 +451,12 @@ static bool test_S2U4Self(struct torture_context *tctx,
do {
/* Do a client-server update dance */
- status = gensec_update(gensec_client_context, tmp_ctx, server_to_client, &client_to_server);
+ status = gensec_update(gensec_client_context, tmp_ctx, tctx->ev, server_to_client, &client_to_server);
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed");
}
- status = gensec_update(gensec_server_context, tmp_ctx, client_to_server, &server_to_client);
+ status = gensec_update(gensec_server_context, tmp_ctx, tctx->ev, client_to_server, &server_to_client);
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
torture_assert_ntstatus_ok(tctx, status, "gensec_update (server) failed");
}
@@ -480,7 +480,7 @@ static bool test_S2U4Self(struct torture_context *tctx,
cli_credentials_get_principal(cmdline_credentials, tmp_ctx),
talloc_asprintf(tmp_ctx, "host/%s", test_machine_name));
- status = gensec_client_start(tctx, &gensec_client_context, tctx->ev,
+ status = gensec_client_start(tctx, &gensec_client_context,
lpcfg_gensec_settings(tctx, tctx->lp_ctx));
torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed");
@@ -493,7 +493,7 @@ static bool test_S2U4Self(struct torture_context *tctx,
status = gensec_start_mech_by_sasl_name(gensec_client_context, "GSSAPI");
torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (client) failed");
- status = gensec_server_start(tctx, tctx->ev,
+ status = gensec_server_start(tctx,
lpcfg_gensec_settings(tctx, tctx->lp_ctx),
NULL, &gensec_server_context);
torture_assert_ntstatus_ok(tctx, status, "gensec_server_start (server) failed");
@@ -508,12 +508,12 @@ static bool test_S2U4Self(struct torture_context *tctx,
do {
/* Do a client-server update dance */
- status = gensec_update(gensec_client_context, tmp_ctx, server_to_client, &client_to_server);
+ status = gensec_update(gensec_client_context, tmp_ctx, tctx->ev, server_to_client, &client_to_server);
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed");
}
- status = gensec_update(gensec_server_context, tmp_ctx, client_to_server, &server_to_client);
+ status = gensec_update(gensec_server_context, tmp_ctx, tctx->ev, client_to_server, &server_to_client);
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
torture_assert_ntstatus_ok(tctx, status, "gensec_update (server) failed");
}
diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c
index c0a06bd336..cc92c170b6 100644
--- a/source4/utils/ntlm_auth.c
+++ b/source4/utils/ntlm_auth.c
@@ -449,7 +449,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
case NTLMSSP_CLIENT_1:
/* setup the client side */
- nt_status = gensec_client_start(NULL, &state->gensec_state, ev,
+ nt_status = gensec_client_start(NULL, &state->gensec_state,
lpcfg_gensec_settings(NULL, lp_ctx));
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(mem_ctx);
@@ -481,7 +481,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
exit(1);
}
- if (!NT_STATUS_IS_OK(gensec_server_start(state, ev,
+ if (!NT_STATUS_IS_OK(gensec_server_start(state,
lpcfg_gensec_settings(state, lp_ctx),
auth_context, &state->gensec_state))) {
talloc_free(mem_ctx);
@@ -632,7 +632,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
return;
}
- nt_status = gensec_update(state->gensec_state, mem_ctx, in, &out);
+ nt_status = gensec_update(state->gensec_state, mem_ctx, ev, in, &out);
/* don't leak 'bad password'/'no such user' info to the network client */
nt_status = nt_status_squash(nt_status);