From c5f4378361b9671e39fa83b043f28c972ab30b70 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 25 Sep 2004 12:08:57 +0000 Subject: r2629: convert gensec to the new talloc model by making our gensec structures a talloc child of the open connection we can be sure that it will be destroyed when the connection is dropped. (This used to be commit f12ee2f241aab1549bc1d9ca4c35a35a1ca0d09d) --- source4/libcli/auth/gensec.c | 56 +++++++++++++++++------------------- source4/libcli/auth/gensec.h | 1 - source4/libcli/auth/gensec_krb5.c | 4 +-- source4/libcli/ldap/ldap.c | 2 +- source4/libcli/raw/clisession.c | 2 +- source4/librpc/rpc/dcerpc_auth.c | 4 +-- source4/librpc/rpc/dcerpc_ntlm.c | 2 +- source4/librpc/rpc/dcerpc_schannel.c | 2 +- source4/librpc/rpc/dcerpc_spnego.c | 2 +- source4/rpc_server/dcesrv_auth.c | 2 +- source4/smb_server/negprot.c | 2 +- source4/smb_server/sesssetup.c | 2 +- source4/utils/ntlm_auth.c | 4 +-- 13 files changed, 40 insertions(+), 45 deletions(-) diff --git a/source4/libcli/auth/gensec.c b/source4/libcli/auth/gensec.c index b47840dc65..3d8246cd97 100644 --- a/source4/libcli/auth/gensec.c +++ b/source4/libcli/auth/gensec.c @@ -114,26 +114,22 @@ const char **gensec_security_oids(TALLOC_CTX *mem_ctx, const char *skip) return oid_list; } -static NTSTATUS gensec_start(struct gensec_security **gensec_security) +/* + note that memory context is the parent context to hang this gensec context off. It may be NULL. +*/ +static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx, struct gensec_security **gensec_security) { - TALLOC_CTX *mem_ctx; /* awaiting a correct fix from metze */ if (!gensec_init()) { return NT_STATUS_INTERNAL_ERROR; } - mem_ctx = talloc_init("gensec_security struct"); - if (!mem_ctx) { - return NT_STATUS_NO_MEMORY; - } - - (*gensec_security) = talloc_p(mem_ctx, struct gensec_security); + (*gensec_security) = talloc_p(NULL, struct gensec_security); if (!(*gensec_security)) { - talloc_destroy(mem_ctx); return NT_STATUS_NO_MEMORY; } + talloc_set_name(*gensec_security, "gensec_start"); - (*gensec_security)->mem_ctx = mem_ctx; (*gensec_security)->ops = NULL; ZERO_STRUCT((*gensec_security)->user); @@ -141,8 +137,8 @@ static NTSTATUS gensec_start(struct gensec_security **gensec_security) ZERO_STRUCT((*gensec_security)->default_user); (*gensec_security)->default_user.name = ""; - (*gensec_security)->default_user.domain = talloc_strdup(mem_ctx, lp_workgroup()); - (*gensec_security)->default_user.realm = talloc_strdup(mem_ctx, lp_realm()); + (*gensec_security)->default_user.domain = talloc_strdup(*gensec_security, lp_workgroup()); + (*gensec_security)->default_user.realm = talloc_strdup(*gensec_security, lp_realm()); (*gensec_security)->subcontext = False; (*gensec_security)->want_features = 0; @@ -158,7 +154,7 @@ static NTSTATUS gensec_start(struct gensec_security **gensec_security) NTSTATUS gensec_subcontext_start(struct gensec_security *parent, struct gensec_security **gensec_security) { - (*gensec_security) = talloc_p(parent->mem_ctx, struct gensec_security); + (*gensec_security) = talloc_p(parent, struct gensec_security); if (!(*gensec_security)) { return NT_STATUS_NO_MEMORY; } @@ -172,10 +168,10 @@ NTSTATUS gensec_subcontext_start(struct gensec_security *parent, return NT_STATUS_OK; } -NTSTATUS gensec_client_start(struct gensec_security **gensec_security) +NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx, struct gensec_security **gensec_security) { NTSTATUS status; - status = gensec_start(gensec_security); + status = gensec_start(mem_ctx, gensec_security); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -187,10 +183,10 @@ NTSTATUS gensec_client_start(struct gensec_security **gensec_security) return status; } -NTSTATUS gensec_server_start(struct gensec_security **gensec_security) +NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx, struct gensec_security **gensec_security) { NTSTATUS status; - status = gensec_start(gensec_security); + status = gensec_start(mem_ctx, gensec_security); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -443,7 +439,7 @@ void gensec_end(struct gensec_security **gensec_security) if (!(*gensec_security)->subcontext) { /* don't destory this if this is a subcontext - it belongs to the parent */ - talloc_destroy((*gensec_security)->mem_ctx); + talloc_free(*gensec_security); } gensec_security = NULL; } @@ -467,7 +463,7 @@ void gensec_want_feature(struct gensec_security *gensec_security, NTSTATUS gensec_set_unparsed_username(struct gensec_security *gensec_security, const char *user) { char *p; - char *u = talloc_strdup(gensec_security->mem_ctx, user); + char *u = talloc_strdup(gensec_security, user); if (!u) { return NT_STATUS_NO_MEMORY; } @@ -476,12 +472,12 @@ NTSTATUS gensec_set_unparsed_username(struct gensec_security *gensec_security, c if (p) { *p = '\0'; - gensec_security->user.name = talloc_strdup(gensec_security->mem_ctx, u); + gensec_security->user.name = talloc_strdup(gensec_security, u); if (!gensec_security->user.name) { return NT_STATUS_NO_MEMORY; } - gensec_security->user.realm = talloc_strdup(gensec_security->mem_ctx, p+1); + gensec_security->user.realm = talloc_strdup(gensec_security, p+1); if (!gensec_security->user.realm) { return NT_STATUS_NO_MEMORY; } @@ -495,11 +491,11 @@ NTSTATUS gensec_set_unparsed_username(struct gensec_security *gensec_security, c if (p) { *p = '\0'; - gensec_security->user.domain = talloc_strdup(gensec_security->mem_ctx, u); + gensec_security->user.domain = talloc_strdup(gensec_security, u); if (!gensec_security->user.domain) { return NT_STATUS_NO_MEMORY; } - gensec_security->user.name = talloc_strdup(gensec_security->mem_ctx, p+1); + gensec_security->user.name = talloc_strdup(gensec_security, p+1); if (!gensec_security->user.name) { return NT_STATUS_NO_MEMORY; } @@ -521,7 +517,7 @@ NTSTATUS gensec_set_unparsed_username(struct gensec_security *gensec_security, c NTSTATUS gensec_set_username(struct gensec_security *gensec_security, const char *user) { - gensec_security->user.name = talloc_strdup(gensec_security->mem_ctx, user); + gensec_security->user.name = talloc_strdup(gensec_security, user); if (!gensec_security->user.name) { return NT_STATUS_NO_MEMORY; } @@ -548,7 +544,7 @@ const char *gensec_get_username(struct gensec_security *gensec_security) NTSTATUS gensec_set_domain(struct gensec_security *gensec_security, const char *domain) { - gensec_security->user.domain = talloc_strdup(gensec_security->mem_ctx, domain); + gensec_security->user.domain = talloc_strdup(gensec_security, domain); if (!gensec_security->user.domain) { return NT_STATUS_NO_MEMORY; } @@ -577,7 +573,7 @@ const char *gensec_get_domain(struct gensec_security *gensec_security) NTSTATUS gensec_set_realm(struct gensec_security *gensec_security, const char *realm) { - gensec_security->user.realm = talloc_strdup(gensec_security->mem_ctx, realm); + gensec_security->user.realm = talloc_strdup(gensec_security, realm); if (!gensec_security->user.realm) { return NT_STATUS_NO_MEMORY; } @@ -625,7 +621,7 @@ char *gensec_get_client_principal(struct gensec_security *gensec_security, TALLO NTSTATUS gensec_set_password(struct gensec_security *gensec_security, const char *password) { - gensec_security->user.password = talloc_strdup(gensec_security->mem_ctx, password); + gensec_security->user.password = talloc_strdup(gensec_security, password); if (!gensec_security->user.password) { return NT_STATUS_NO_MEMORY; } @@ -639,7 +635,7 @@ NTSTATUS gensec_set_password(struct gensec_security *gensec_security, NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, const char *principal) { - gensec_security->target.principal = talloc_strdup(gensec_security->mem_ctx, principal); + gensec_security->target.principal = talloc_strdup(gensec_security, principal); if (!gensec_security->target.principal) { return NT_STATUS_NO_MEMORY; } @@ -653,7 +649,7 @@ NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, co NTSTATUS gensec_set_target_service(struct gensec_security *gensec_security, const char *service) { - gensec_security->target.service = talloc_strdup(gensec_security->mem_ctx, service); + gensec_security->target.service = talloc_strdup(gensec_security, service); if (!gensec_security->target.service) { return NT_STATUS_NO_MEMORY; } @@ -667,7 +663,7 @@ NTSTATUS gensec_set_target_service(struct gensec_security *gensec_security, cons NTSTATUS gensec_set_target_hostname(struct gensec_security *gensec_security, const char *hostname) { - gensec_security->target.hostname = talloc_strdup(gensec_security->mem_ctx, hostname); + gensec_security->target.hostname = talloc_strdup(gensec_security, hostname); if (!gensec_security->target.hostname) { return NT_STATUS_NO_MEMORY; } diff --git a/source4/libcli/auth/gensec.h b/source4/libcli/auth/gensec.h index 00c1c0dd0a..7020435f44 100644 --- a/source4/libcli/auth/gensec.h +++ b/source4/libcli/auth/gensec.h @@ -88,7 +88,6 @@ typedef NTSTATUS (*gensec_password_callback)(struct gensec_security *gensec_secu #define GENSEC_INTERFACE_VERSION 0 struct gensec_security { - TALLOC_CTX *mem_ctx; gensec_password_callback password_callback; void *password_callback_private; const struct gensec_security_ops *ops; diff --git a/source4/libcli/auth/gensec_krb5.c b/source4/libcli/auth/gensec_krb5.c index c9e6d572db..37fa95bac4 100644 --- a/source4/libcli/auth/gensec_krb5.c +++ b/source4/libcli/auth/gensec_krb5.c @@ -367,14 +367,14 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security char *password; time_t kdc_time = 0; nt_status = gensec_get_password(gensec_security, - gensec_security->mem_ctx, + gensec_security, &password); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } ret = kerberos_kinit_password_cc(gensec_krb5_state->krb5_context, gensec_krb5_state->krb5_ccache, - gensec_get_client_principal(gensec_security, gensec_security->mem_ctx), + gensec_get_client_principal(gensec_security, gensec_security), password, NULL, &kdc_time); /* cope with ticket being in the future due to clock skew */ diff --git a/source4/libcli/ldap/ldap.c b/source4/libcli/ldap/ldap.c index 5d233bcdca..a94a4f2f30 100644 --- a/source4/libcli/ldap/ldap.c +++ b/source4/libcli/ldap/ldap.c @@ -1458,7 +1458,7 @@ int ldap_bind_sasl(struct ldap_connection *conn, const char *username, const cha if (conn == NULL) return result; - status = gensec_client_start(&conn->gensec); + status = gensec_client_start(conn, &conn->gensec); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("Failed to start GENSEC engine (%s)\n", nt_errstr(status))); return result; diff --git a/source4/libcli/raw/clisession.c b/source4/libcli/raw/clisession.c index 264c1cd616..37992968a4 100644 --- a/source4/libcli/raw/clisession.c +++ b/source4/libcli/raw/clisession.c @@ -395,7 +395,7 @@ static NTSTATUS smb_raw_session_setup_generic_spnego(struct smbcli_session *sess smbcli_temp_set_signing(session->transport); - status = gensec_client_start(&session->gensec); + status = gensec_client_start(session, &session->gensec); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start GENSEC client mode: %s\n", nt_errstr(status))); goto done; diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c index 0966b70338..af138ffe2c 100644 --- a/source4/librpc/rpc/dcerpc_auth.c +++ b/source4/librpc/rpc/dcerpc_auth.c @@ -58,7 +58,7 @@ NTSTATUS dcerpc_bind_auth3(struct dcerpc_pipe *p, uint8_t auth_type, uint8_t aut } if (!p->security_state.generic_state) { - status = gensec_client_start(&p->security_state.generic_state); + status = gensec_client_start(p, &p->security_state.generic_state); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -136,7 +136,7 @@ NTSTATUS dcerpc_bind_alter(struct dcerpc_pipe *p, uint8_t auth_type, uint8_t aut } if (!p->security_state.generic_state) { - status = gensec_client_start(&p->security_state.generic_state); + status = gensec_client_start(p, &p->security_state.generic_state); if (!NT_STATUS_IS_OK(status)) { return status; } diff --git a/source4/librpc/rpc/dcerpc_ntlm.c b/source4/librpc/rpc/dcerpc_ntlm.c index 905be5b76c..c236b6c516 100644 --- a/source4/librpc/rpc/dcerpc_ntlm.c +++ b/source4/librpc/rpc/dcerpc_ntlm.c @@ -37,7 +37,7 @@ NTSTATUS dcerpc_bind_auth_ntlm(struct dcerpc_pipe *p, p->flags |= DCERPC_CONNECT; } - status = gensec_client_start(&p->security_state.generic_state); + status = gensec_client_start(p, &p->security_state.generic_state); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start GENSEC client mode: %s\n", nt_errstr(status))); return status; diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index 9aa2b0c88d..057e20f497 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -436,7 +436,7 @@ NTSTATUS dcerpc_bind_auth_schannel(struct dcerpc_pipe *p, NTSTATUS status; int chan_type = 0; - status = gensec_client_start(&p->security_state.generic_state); + status = gensec_client_start(p, &p->security_state.generic_state); if (!NT_STATUS_IS_OK(status)) { return status; } diff --git a/source4/librpc/rpc/dcerpc_spnego.c b/source4/librpc/rpc/dcerpc_spnego.c index f5e2be0da4..d15224b981 100644 --- a/source4/librpc/rpc/dcerpc_spnego.c +++ b/source4/librpc/rpc/dcerpc_spnego.c @@ -33,7 +33,7 @@ NTSTATUS dcerpc_bind_auth_spnego(struct dcerpc_pipe *p, { NTSTATUS status; - status = gensec_client_start(&p->security_state.generic_state); + status = gensec_client_start(p, &p->security_state.generic_state); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start GENSEC client mode: %s\n", nt_errstr(status))); return status; diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c index 7065b3f259..bcf55d221d 100644 --- a/source4/rpc_server/dcesrv_auth.c +++ b/source4/rpc_server/dcesrv_auth.c @@ -48,7 +48,7 @@ NTSTATUS dcesrv_crypto_select_type(struct dcesrv_connection *dce_conn, */ } - status = gensec_server_start(&auth->gensec_security); + status = gensec_server_start(dce_conn, &auth->gensec_security); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status))); return status; diff --git a/source4/smb_server/negprot.c b/source4/smb_server/negprot.c index 25ab1ab4a9..576fcc22bf 100644 --- a/source4/smb_server/negprot.c +++ b/source4/smb_server/negprot.c @@ -306,7 +306,7 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice) struct gensec_security *gensec_security; DATA_BLOB null_data_blob = data_blob(NULL, 0); DATA_BLOB blob; - NTSTATUS nt_status = gensec_server_start(&gensec_security); + NTSTATUS nt_status = gensec_server_start(req->smb_conn, &gensec_security); if (req->smb_conn->negotiate.auth_context) { smbsrv_terminate_connection(req->smb_conn, "reply_nt1: is this a secondary negprot? auth_context is non-NULL!\n"); diff --git a/source4/smb_server/sesssetup.c b/source4/smb_server/sesssetup.c index aeae404d6a..4cb0447d32 100644 --- a/source4/smb_server/sesssetup.c +++ b/source4/smb_server/sesssetup.c @@ -221,7 +221,7 @@ static NTSTATUS sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup status = gensec_update(smb_sess->gensec_ctx, req, sess->spnego.in.secblob, &sess->spnego.out.secblob); } else { - status = gensec_server_start(&gensec_ctx); + status = gensec_server_start(req->smb_conn, &gensec_ctx); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status))); return status; diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c index ec5f5c6abd..d1e2b80fcf 100644 --- a/source4/utils/ntlm_auth.c +++ b/source4/utils/ntlm_auth.c @@ -315,7 +315,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode, case NTLMSSP_CLIENT_1: /* setup the client side */ - if (!NT_STATUS_IS_OK(gensec_client_start(gensec_state))) { + if (!NT_STATUS_IS_OK(gensec_client_start(NULL, gensec_state))) { exit(1); } gensec_set_username(*gensec_state, opt_username); @@ -334,7 +334,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode, break; case GSS_SPNEGO_SERVER: case SQUID_2_5_NTLMSSP: - if (!NT_STATUS_IS_OK(gensec_server_start(gensec_state))) { + if (!NT_STATUS_IS_OK(gensec_server_start(NULL, gensec_state))) { exit(1); } break; -- cgit