From e7d5f0a357c42593a015b80390dedf920117a7e2 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 17 Oct 2011 09:22:33 +0200
Subject: gensec: move event context from gensec_*_init() to gensec_update()

This avoids keeping the event context around on a the gensec_security
context structure long term.

In the Samba3 server, the event context we either supply is a NULL
pointer as no server-side modules currently use the event context.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 source4/libcli/ldap/ldap_bind.c          | 2 +-
 source4/libcli/smb2/session.c            | 3 ++-
 source4/libcli/smb_composite/sesssetup.c | 6 ++++--
 3 files changed, 7 insertions(+), 4 deletions(-)

(limited to 'source4/libcli')

diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/ldap_bind.c
index e5e8cbadb4..f167f17de9 100644
--- a/source4/libcli/ldap/ldap_bind.c
+++ b/source4/libcli/ldap/ldap_bind.c
@@ -225,7 +225,6 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn,
 	gensec_init();
 
 	status = gensec_client_start(conn, &conn->gensec,
-				     conn->event.event_ctx, 
 				     lpcfg_gensec_settings(conn, lp_ctx));
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(0, ("Failed to start GENSEC engine (%s)\n", nt_errstr(status)));
@@ -319,6 +318,7 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn,
 		int result = LDAP_OTHER;
 	
 		status = gensec_update(conn->gensec, tmp_ctx,
+				       conn->event.event_ctx,
 				       input,
 				       &output);
 		/* The status value here, from GENSEC is vital to the security
diff --git a/source4/libcli/smb2/session.c b/source4/libcli/smb2/session.c
index 0f749a0b6c..f30152329e 100644
--- a/source4/libcli/smb2/session.c
+++ b/source4/libcli/smb2/session.c
@@ -53,7 +53,6 @@ struct smb2_session *smb2_session_init(struct smb2_transport *transport,
 
 	/* prepare a gensec context for later use */
 	status = gensec_client_start(session, &session->gensec, 
-				     session->transport->socket->event.ctx, 
 				     settings);
 	if (!NT_STATUS_IS_OK(status)) {
 		talloc_free(session);
@@ -203,6 +202,7 @@ struct tevent_req *smb2_session_setup_spnego_send(TALLOC_CTX *mem_ctx,
 	}
 
 	status = gensec_update(session->gensec, state,
+			       session->transport->socket->event.ctx,
 			       session->transport->negotiate.secblob,
 			       &state->io.in.secblob);
 	if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
@@ -242,6 +242,7 @@ static void smb2_session_setup_spnego_handler(struct smb2_request *subreq)
 	    (NT_STATUS_IS_OK(peer_status) &&
 	     NT_STATUS_EQUAL(state->gensec_status, NT_STATUS_MORE_PROCESSING_REQUIRED))) {
 		status = gensec_update(session->gensec, state,
+				       session->transport->socket->event.ctx,
 				       state->io.out.secblob,
 				       &state->io.in.secblob);
 		state->gensec_status = status;
diff --git a/source4/libcli/smb_composite/sesssetup.c b/source4/libcli/smb_composite/sesssetup.c
index 7385669836..8b1571cc49 100644
--- a/source4/libcli/smb_composite/sesssetup.c
+++ b/source4/libcli/smb_composite/sesssetup.c
@@ -181,7 +181,7 @@ static void request_handler(struct smbcli_request *req)
 			 * host/attacker might avoid mutal authentication
 			 * requirements */
 			
-			state->gensec_status = gensec_update(session->gensec, state,
+			state->gensec_status = gensec_update(session->gensec, state, c->event_ctx,
 							 state->setup.spnego.out.secblob,
 							 &state->setup.spnego.in.secblob);
 			c->status = state->gensec_status;
@@ -443,7 +443,7 @@ static NTSTATUS session_setup_spnego(struct composite_context *c,
 
 	smbcli_temp_set_signing(session->transport);
 
-	status = gensec_client_start(session, &session->gensec, c->event_ctx,
+	status = gensec_client_start(session, &session->gensec,
 				     io->in.gensec_settings);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(1, ("Failed to start GENSEC client mode: %s\n", nt_errstr(status)));
@@ -500,10 +500,12 @@ static NTSTATUS session_setup_spnego(struct composite_context *c,
 
 	if ((const void *)chosen_oid == (const void *)GENSEC_OID_SPNEGO) {
 		status = gensec_update(session->gensec, state,
+				       c->event_ctx,
 				       session->transport->negotiate.secblob,
 				       &state->setup.spnego.in.secblob);
 	} else {
 		status = gensec_update(session->gensec, state,
+				       c->event_ctx,
 				       data_blob(NULL, 0),
 				       &state->setup.spnego.in.secblob);
 
-- 
cgit