gensec: move event context from gensec_*_init() to gensec_update()
authorAndrew Bartlett <abartlet@samba.org>
Mon, 17 Oct 2011 07:22:33 +0000 (09:22 +0200)
committerAndrew Bartlett <abartlet@samba.org>
Tue, 18 Oct 2011 02:13:33 +0000 (13:13 +1100)
This avoids keeping the event context around on a the gensec_security
context structure long term.

In the Samba3 server, the event context we either supply is a NULL
pointer as no server-side modules currently use the event context.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
24 files changed:
auth/gensec/gensec.c
auth/gensec/gensec.h
auth/gensec/gensec_start.c
source3/auth/auth_ntlmssp.c
source3/libsmb/ntlmssp_wrap.c
source4/auth/gensec/gensec_gssapi.c
source4/auth/gensec/gensec_krb5.c
source4/auth/gensec/pygensec.c
source4/auth/gensec/schannel.c
source4/auth/gensec/spnego.c
source4/auth/ntlmssp/ntlmssp.c
source4/auth/samba_server_gensec.c
source4/kdc/kpasswdd.c
source4/ldap_server/ldap_bind.c
source4/libcli/ldap/ldap_bind.c
source4/libcli/smb2/session.c
source4/libcli/smb_composite/sesssetup.c
source4/librpc/rpc/dcerpc_auth.c
source4/rpc_server/dcesrv_auth.c
source4/smb_server/smb/negprot.c
source4/smb_server/smb2/negprot.c
source4/torture/auth/ntlmssp.c
source4/torture/rpc/remote_pac.c
source4/utils/ntlm_auth.c

index b7f89f1..cdc7c67 100644 (file)
@@ -197,12 +197,13 @@ _PUBLIC_ NTSTATUS gensec_session_info(struct gensec_security *gensec_security,
  */
 
 _PUBLIC_ NTSTATUS gensec_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
-                      const DATA_BLOB in, DATA_BLOB *out)
+                               struct tevent_context *ev,
+                               const DATA_BLOB in, DATA_BLOB *out)
 {
        NTSTATUS status;
 
        status = gensec_security->ops->update(gensec_security, out_mem_ctx,
-                                             in, out);
+                                             ev, in, out);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -305,7 +306,7 @@ static void gensec_update_async_trigger(struct tevent_context *ctx,
                tevent_req_data(req, struct gensec_update_state);
        NTSTATUS status;
 
-       status = gensec_update(state->gensec_security, state,
+       status = gensec_update(state->gensec_security, state, ctx,
                               state->in, &state->out);
        if (tevent_req_nterror(req, status)) {
                return;
index ee87a4d..acfc549 100644 (file)
@@ -92,6 +92,7 @@ struct gensec_security_ops {
        NTSTATUS (*magic)(struct gensec_security *gensec_security,
                          const DATA_BLOB *first_packet);
        NTSTATUS (*update)(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
+                          struct tevent_context *ev,
                           const DATA_BLOB in, DATA_BLOB *out);
        NTSTATUS (*seal_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
                                uint8_t *data, size_t length,
@@ -161,7 +162,6 @@ struct gensec_security {
        bool subcontext;
        uint32_t want_features;
        uint8_t dcerpc_auth_level;
-       struct tevent_context *event_ctx;
        struct tsocket_address *local_addr, *remote_addr;
        struct gensec_settings *settings;
 
@@ -212,13 +212,13 @@ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx,
                                 struct gensec_security **gensec_security);
 NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
                             struct gensec_security **gensec_security,
-                            struct tevent_context *ev,
                             struct gensec_settings *settings);
 NTSTATUS gensec_start_mech_by_ops(struct gensec_security *gensec_security,
                                  const struct gensec_security_ops *ops);
 NTSTATUS gensec_start_mech_by_sasl_list(struct gensec_security *gensec_security,
                                                 const char **sasl_names);
 NTSTATUS gensec_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
+                      struct tevent_context *ev,
                       const DATA_BLOB in, DATA_BLOB *out);
 struct tevent_req *gensec_update_send(TALLOC_CTX *mem_ctx,
                                      struct tevent_context *ev,
@@ -267,7 +267,6 @@ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security,
                                       uint8_t auth_type, uint8_t auth_level);
 const char *gensec_get_name_by_authtype(struct gensec_security *gensec_security, uint8_t authtype);
 NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
-                            struct tevent_context *ev,
                             struct gensec_settings *settings,
                             struct auth4_context *auth_context,
                             struct gensec_security **gensec_security);
index aa609c9..d5a5dc8 100644 (file)
@@ -506,7 +506,6 @@ const char **gensec_security_oids(struct gensec_security *gensec_security,
   @ gensec_security return
 */
 static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx,
-                            struct tevent_context *ev,
                             struct gensec_settings *settings,
                             struct auth4_context *auth_context,
                             struct gensec_security **gensec_security)
@@ -514,7 +513,6 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx,
        (*gensec_security) = talloc_zero(mem_ctx, struct gensec_security);
        NT_STATUS_HAVE_NO_MEMORY(*gensec_security);
 
-       (*gensec_security)->event_ctx = ev;
        SMB_ASSERT(settings->lp_ctx != NULL);
        (*gensec_security)->settings = talloc_reference(*gensec_security, settings);
 
@@ -548,7 +546,6 @@ _PUBLIC_ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx,
        (*gensec_security)->subcontext = true;
        (*gensec_security)->want_features = parent->want_features;
        (*gensec_security)->dcerpc_auth_level = parent->dcerpc_auth_level;
-       (*gensec_security)->event_ctx = parent->event_ctx;
        (*gensec_security)->auth_context = talloc_reference(*gensec_security, parent->auth_context);
        (*gensec_security)->settings = talloc_reference(*gensec_security, parent->settings);
        (*gensec_security)->auth_context = talloc_reference(*gensec_security, parent->auth_context);
@@ -564,7 +561,6 @@ _PUBLIC_ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx,
 */
 _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
                             struct gensec_security **gensec_security,
-                            struct tevent_context *ev,
                             struct gensec_settings *settings)
 {
        NTSTATUS status;
@@ -574,7 +570,7 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
                return NT_STATUS_INTERNAL_ERROR;
        }
 
-       status = gensec_start(mem_ctx, ev, settings, NULL, gensec_security);
+       status = gensec_start(mem_ctx, settings, NULL, gensec_security);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -592,7 +588,6 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
   @note  The mem_ctx is only a parent and may be NULL.
 */
 _PUBLIC_ NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
-                                     struct tevent_context *ev,
                                      struct gensec_settings *settings,
                                      struct auth4_context *auth_context,
                                      struct gensec_security **gensec_security)
@@ -604,7 +599,7 @@ _PUBLIC_ NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
                return NT_STATUS_INTERNAL_ERROR;
        }
 
-       status = gensec_start(mem_ctx, ev, settings, auth_context, gensec_security);
+       status = gensec_start(mem_ctx, settings, auth_context, gensec_security);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
index 9f29ce2..7509840 100644 (file)
@@ -67,6 +67,7 @@ static NTSTATUS gensec_ntlmssp3_server_session_info(struct gensec_security *gens
 
 static NTSTATUS gensec_ntlmssp3_server_update(struct gensec_security *gensec_security,
                                              TALLOC_CTX *out_mem_ctx,
+                                             struct tevent_context *ev,
                                              const DATA_BLOB request,
                                              DATA_BLOB *reply)
 {
@@ -268,7 +269,7 @@ NTSTATUS auth_ntlmssp_prepare(const struct tsocket_address *remote_address,
                        return NT_STATUS_NO_MEMORY;
                }
 
-               nt_status = gensec_server_start(ans, NULL, gensec_settings,
+               nt_status = gensec_server_start(ans, gensec_settings,
                                                NULL, &ans->gensec_security);
 
                if (!NT_STATUS_IS_OK(nt_status)) {
index b90399c..6f854f2 100644 (file)
@@ -166,7 +166,7 @@ NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *ans,
 {
        NTSTATUS status;
        if (ans->gensec_security) {
-               return gensec_update(ans->gensec_security, mem_ctx, request, reply);
+               return gensec_update(ans->gensec_security, mem_ctx, NULL, request, reply);
        }
        status = ntlmssp_update(ans->ntlmssp_state, request, reply);
        if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
index 564c20c..55c2970 100644 (file)
@@ -267,7 +267,8 @@ static NTSTATUS gensec_gssapi_sasl_server_start(struct gensec_security *gensec_s
        return nt_status;
 }
 
-static NTSTATUS gensec_gssapi_client_creds(struct gensec_security *gensec_security)
+static NTSTATUS gensec_gssapi_client_creds(struct gensec_security *gensec_security,
+                                          struct tevent_context *ev)
 {
        struct gensec_gssapi_state *gensec_gssapi_state;
        struct gssapi_creds_container *gcc;
@@ -283,8 +284,8 @@ static NTSTATUS gensec_gssapi_client_creds(struct gensec_security *gensec_securi
        }
 
        ret = cli_credentials_get_client_gss_creds(creds,
-                                                      gensec_security->event_ctx,
-                                                      gensec_security->settings->lp_ctx, &gcc, &error_string);
+                                                  ev,
+                                                  gensec_security->settings->lp_ctx, &gcc, &error_string);
        switch (ret) {
        case 0:
                break;
@@ -423,8 +424,9 @@ static NTSTATUS gensec_gssapi_magic(struct gensec_security *gensec_security,
  */
 
 static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security, 
-                                  TALLOC_CTX *out_mem_ctx, 
-                                  const DATA_BLOB in, DATA_BLOB *out) 
+                                    TALLOC_CTX *out_mem_ctx,
+                                    struct tevent_context *ev,
+                                    const DATA_BLOB in, DATA_BLOB *out)
 {
        struct gensec_gssapi_state *gensec_gssapi_state
                = talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
@@ -445,13 +447,13 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security,
                        struct gsskrb5_send_to_kdc send_to_kdc;
                        krb5_error_code ret;
 
-                       nt_status = gensec_gssapi_client_creds(gensec_security);
+                       nt_status = gensec_gssapi_client_creds(gensec_security, ev);
                        if (!NT_STATUS_IS_OK(nt_status)) {
                                return nt_status;
                        }
 
                        send_to_kdc.func = smb_krb5_send_and_recv_func;
-                       send_to_kdc.ptr = gensec_security->event_ctx;
+                       send_to_kdc.ptr = ev;
 
                        min_stat = gsskrb5_set_send_to_kdc(&send_to_kdc);
                        if (min_stat) {
index f17245c..2a3bd22 100644 (file)
@@ -272,7 +272,9 @@ static NTSTATUS gensec_krb5_common_client_start(struct gensec_security *gensec_s
        return NT_STATUS_OK;
 }
 
-static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_security, bool gssapi)
+static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_security,
+                                               struct tevent_context *ev,
+                                               bool gssapi)
 {
        struct gensec_krb5_state *gensec_krb5_state;
        krb5_error_code ret;
@@ -289,7 +291,7 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s
        hostname = gensec_get_target_hostname(gensec_security);
 
        ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security), 
-                                        gensec_security->event_ctx, 
+                                        ev,
                                         gensec_security->settings->lp_ctx, &ccache_container, &error_string);
        switch (ret) {
        case 0:
@@ -311,7 +313,7 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s
        in_data.length = 0;
        
        /* Do this every time, in case we have weird recursive issues here */
-       ret = smb_krb5_context_set_event_ctx(gensec_krb5_state->smb_krb5_context, gensec_security->event_ctx, &previous_ev);
+       ret = smb_krb5_context_set_event_ctx(gensec_krb5_state->smb_krb5_context, ev, &previous_ev);
        if (ret != 0) {
                DEBUG(1, ("gensec_krb5_start: Setting event context failed\n"));
                return NT_STATUS_NO_MEMORY;
@@ -340,7 +342,7 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s
                                  &gensec_krb5_state->enc_ticket);
        }
 
-       smb_krb5_context_remove_event_ctx(gensec_krb5_state->smb_krb5_context, previous_ev, gensec_security->event_ctx);
+       smb_krb5_context_remove_event_ctx(gensec_krb5_state->smb_krb5_context, previous_ev, ev);
 
        switch (ret) {
        case 0:
@@ -423,6 +425,7 @@ static NTSTATUS gensec_fake_gssapi_krb5_magic(struct gensec_security *gensec_sec
 
 static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security, 
                                   TALLOC_CTX *out_mem_ctx, 
+                                  struct tevent_context *ev,
                                   const DATA_BLOB in, DATA_BLOB *out) 
 {
        struct gensec_krb5_state *gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
@@ -434,7 +437,7 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security,
        {
                DATA_BLOB unwrapped_out;
                
-               nt_status = gensec_krb5_common_client_creds(gensec_security, gensec_krb5_state->gssapi);
+               nt_status = gensec_krb5_common_client_creds(gensec_security, ev, gensec_krb5_state->gssapi);
                if (!NT_STATUS_IS_OK(nt_status)) {
                        return nt_status;
                }
index d7cbea6..858cbe9 100644 (file)
@@ -82,7 +82,6 @@ static PyObject *py_gensec_start_client(PyTypeObject *type, PyObject *args, PyOb
        struct gensec_settings *settings;
        const char *kwnames[] = { "settings", NULL };
        PyObject *py_settings;
-       struct tevent_context *ev;
        struct gensec_security *gensec;
 
        if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|O", discard_const_p(char *, kwnames), &py_settings))
@@ -120,13 +119,6 @@ static PyObject *py_gensec_start_client(PyTypeObject *type, PyObject *args, PyOb
                }
        }
 
-       ev = tevent_context_init(self->talloc_ctx);
-       if (ev == NULL) {
-               PyErr_NoMemory();
-               PyObject_Del(self);
-               return NULL;
-       }
-
        status = gensec_init();
        if (!NT_STATUS_IS_OK(status)) {
                PyErr_SetNTSTATUS(status);
@@ -134,7 +126,7 @@ static PyObject *py_gensec_start_client(PyTypeObject *type, PyObject *args, PyOb
                return NULL;
        }
 
-       status = gensec_client_start(self->talloc_ctx, &gensec, ev, settings);
+       status = gensec_client_start(self->talloc_ctx, &gensec, settings);
        if (!NT_STATUS_IS_OK(status)) {
                PyErr_SetNTSTATUS(status);
                PyObject_DEL(self);
@@ -154,7 +146,6 @@ static PyObject *py_gensec_start_server(PyTypeObject *type, PyObject *args, PyOb
        const char *kwnames[] = { "settings", "auth_context", NULL };
        PyObject *py_settings = Py_None;
        PyObject *py_auth_context = Py_None;
-       struct tevent_context *ev;
        struct gensec_security *gensec;
        struct auth4_context *auth_context = NULL;
 
@@ -193,13 +184,6 @@ static PyObject *py_gensec_start_server(PyTypeObject *type, PyObject *args, PyOb
                }
        }
 
-       ev = tevent_context_init(self->talloc_ctx);
-       if (ev == NULL) {
-               PyErr_NoMemory();
-               PyObject_Del(self);
-               return NULL;
-       }
-
        if (py_auth_context != Py_None) {
                auth_context = pytalloc_get_type(py_auth_context, struct auth4_context);
                if (!auth_context) {
@@ -217,7 +201,7 @@ static PyObject *py_gensec_start_server(PyTypeObject *type, PyObject *args, PyOb
                return NULL;
        }
 
-       status = gensec_server_start(self->talloc_ctx, ev, settings, auth_context, &gensec);
+       status = gensec_server_start(self->talloc_ctx, settings, auth_context, &gensec);
        if (!NT_STATUS_IS_OK(status)) {
                PyErr_SetNTSTATUS(status);
                PyObject_DEL(self);
@@ -368,6 +352,7 @@ static PyObject *py_gensec_update(PyObject *self, PyObject *args)
        PyObject *ret, *py_in;
        struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
        PyObject *finished_processing;
+       struct tevent_context *ev;
 
        if (!PyArg_ParseTuple(args, "O", &py_in))
                return NULL;
@@ -382,7 +367,14 @@ static PyObject *py_gensec_update(PyObject *self, PyObject *args)
        in.data = (uint8_t *)PyString_AsString(py_in);
        in.length = PyString_Size(py_in);
 
-       status = gensec_update(security, mem_ctx, in, &out);
+       ev = tevent_context_init(mem_ctx);
+       if (ev == NULL) {
+               PyErr_NoMemory();
+               PyObject_Del(self);
+               return NULL;
+       }
+
+       status = gensec_update(security, mem_ctx, ev, in, &out);
 
        if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)
            && !NT_STATUS_IS_OK(status)) {
index f947d45..51be445 100644 (file)
@@ -52,7 +52,8 @@ static NTSTATUS schannel_session_key(struct gensec_security *gensec_security,
 }
 
 static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
-                                      const DATA_BLOB in, DATA_BLOB *out)
+                               struct tevent_context *ev,
+                               const DATA_BLOB in, DATA_BLOB *out)
 {
        struct schannel_state *state = (struct schannel_state *)gensec_security->private_data;
        NTSTATUS status;
index 281b954..fd3caaa 100644 (file)
@@ -331,6 +331,7 @@ static NTSTATUS gensec_spnego_session_info(struct gensec_security *gensec_securi
 
 static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec_security, 
                                                  struct spnego_state *spnego_state,
+                                                 struct tevent_context *ev,
                                                  TALLOC_CTX *out_mem_ctx, 
                                                  const DATA_BLOB in, DATA_BLOB *out) 
 {
@@ -384,7 +385,7 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec
                        return nt_status;
                }
                nt_status = gensec_update(spnego_state->sub_sec_security,
-                                         out_mem_ctx, in, out);
+                                         ev, out_mem_ctx, in, out);
                return nt_status;
        }
        DEBUG(1, ("Failed to parse SPNEGO request\n"));
@@ -400,6 +401,7 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec
 static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_security,
                                                 struct spnego_state *spnego_state, 
                                                 TALLOC_CTX *out_mem_ctx, 
+                                                struct tevent_context *ev,
                                                 const char **mechType,
                                                 const DATA_BLOB unwrapped_in, DATA_BLOB *unwrapped_out) 
 {
@@ -451,6 +453,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_
 
                                nt_status = gensec_update(spnego_state->sub_sec_security,
                                                          out_mem_ctx, 
+                                                         ev,
                                                          unwrapped_in,
                                                          unwrapped_out);
                                if (NT_STATUS_EQUAL(nt_status, NT_STATUS_INVALID_PARAMETER) || 
@@ -504,6 +507,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_
                        /* only get the helping start blob for the first OID */
                        nt_status = gensec_update(spnego_state->sub_sec_security,
                                                  out_mem_ctx, 
+                                                 ev,
                                                  null_data_blob, 
                                                  unwrapped_out);
 
@@ -579,6 +583,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_
 static NTSTATUS gensec_spnego_create_negTokenInit(struct gensec_security *gensec_security, 
                                                  struct spnego_state *spnego_state,
                                                  TALLOC_CTX *out_mem_ctx, 
+                                                 struct tevent_context *ev,
                                                  const DATA_BLOB in, DATA_BLOB *out) 
 {
        int i;
@@ -619,6 +624,7 @@ static NTSTATUS gensec_spnego_create_negTokenInit(struct gensec_security *gensec
                if (spnego_state->state_position == SPNEGO_CLIENT_START) {
                        nt_status = gensec_update(spnego_state->sub_sec_security,
                                                  out_mem_ctx, 
+                                                 ev,
                                                  null_data_blob,
                                                  &unwrapped_out);
                        
@@ -734,6 +740,7 @@ static NTSTATUS gensec_spnego_server_negTokenTarg(struct gensec_security *gensec
 
 
 static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, 
+                                    struct tevent_context *ev,
                                     const DATA_BLOB in, DATA_BLOB *out) 
 {
        struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data;
@@ -755,7 +762,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
 
        switch (spnego_state->state_position) {
        case SPNEGO_FALLBACK:
-               return gensec_update(spnego_state->sub_sec_security,
+               return gensec_update(spnego_state->sub_sec_security, ev,
                                     out_mem_ctx, in, out);
        case SPNEGO_SERVER_START:
        {
@@ -764,8 +771,8 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
 
                        len = spnego_read_data(gensec_security, in, &spnego);
                        if (len == -1) {
-                               return gensec_spnego_server_try_fallback(gensec_security, spnego_state, 
-                                                                        out_mem_ctx, in, out);
+                               return gensec_spnego_server_try_fallback(gensec_security, spnego_state,
+                                                                        out_mem_ctx, ev, in, out);
                        }
                        /* client sent NegTargetInit, we send NegTokenTarg */
 
@@ -781,6 +788,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
                        nt_status = gensec_spnego_parse_negTokenInit(gensec_security,
                                                                     spnego_state,
                                                                     out_mem_ctx, 
+                                                                    ev,
                                                                     spnego.negTokenInit.mechTypes,
                                                                     spnego.negTokenInit.mechToken, 
                                                                     &unwrapped_out);
@@ -798,7 +806,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
                        return nt_status;
                } else {
                        nt_status = gensec_spnego_create_negTokenInit(gensec_security, spnego_state, 
-                                                                     out_mem_ctx, in, out);
+                                                                     out_mem_ctx, ev, in, out);
                        spnego_state->state_position = SPNEGO_SERVER_START;
                        spnego_state->expected_packet = SPNEGO_NEG_TOKEN_INIT;
                        return nt_status;
@@ -815,7 +823,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
                if (!in.length) {
                        /* client to produce negTokenInit */
                        nt_status = gensec_spnego_create_negTokenInit(gensec_security, spnego_state, 
-                                                                out_mem_ctx, in, out);
+                                                                     out_mem_ctx, ev, in, out);
                        spnego_state->state_position = SPNEGO_CLIENT_TARG;
                        spnego_state->expected_packet = SPNEGO_NEG_TOKEN_TARG;
                        return nt_status;
@@ -849,6 +857,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
                nt_status = gensec_spnego_parse_negTokenInit(gensec_security,
                                                             spnego_state,
                                                             out_mem_ctx, 
+                                                            ev,
                                                             spnego.negTokenInit.mechTypes,
                                                             spnego.negTokenInit.mechToken, 
                                                             &unwrapped_out);
@@ -916,7 +925,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
                }
 
                nt_status = gensec_update(spnego_state->sub_sec_security,
-                                         out_mem_ctx, 
+                                         out_mem_ctx, ev,
                                          spnego.negTokenTarg.responseToken,
                                          &unwrapped_out);
                if (NT_STATUS_IS_OK(nt_status) && spnego.negTokenTarg.mechListMIC.length > 0) {
@@ -1012,7 +1021,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
                        }
 
                        nt_status = gensec_update(spnego_state->sub_sec_security,
-                                                 out_mem_ctx, 
+                                                 out_mem_ctx, ev,
                                                  spnego.negTokenTarg.responseToken,
                                                  &unwrapped_out);
                        spnego_state->neg_oid = talloc_strdup(spnego_state, spnego.negTokenTarg.supportedMech);
@@ -1042,7 +1051,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
                        bool new_spnego = false;
 
                        nt_status = gensec_update(spnego_state->sub_sec_security,
-                                                 out_mem_ctx, 
+                                                 out_mem_ctx, ev,
                                                  spnego.negTokenTarg.responseToken, 
                                                  &unwrapped_out);
 
index 0c63d05..47903d1 100644 (file)
@@ -142,6 +142,7 @@ static NTSTATUS gensec_ntlmssp_update_find(struct ntlmssp_state *ntlmssp_state,
 
 static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security, 
                                      TALLOC_CTX *out_mem_ctx, 
+                                     struct tevent_context *ev,
                                      const DATA_BLOB input, DATA_BLOB *out)
 {
        struct gensec_ntlmssp_context *gensec_ntlmssp =
index 24b658a..7b09aa7 100644 (file)
@@ -57,7 +57,6 @@ NTSTATUS samba_server_gensec_start(TALLOC_CTX *mem_ctx,
        }
 
        nt_status = gensec_server_start(tmp_ctx,
-                                       event_ctx,
                                        lpcfg_gensec_settings(mem_ctx, lp_ctx),
                                        auth_context,
                                        &gensec_ctx);
index 0763e92..8bed20e 100644 (file)
@@ -571,7 +571,7 @@ enum kdc_process_ret kpasswdd_process(struct kdc_server *kdc,
        }
 
        /* Accept the AP-REQ and generate teh AP-REP we need for the reply */
-       nt_status = gensec_update(gensec_security, tmp_ctx, ap_req, &ap_rep);
+       nt_status = gensec_update(gensec_security, tmp_ctx, kdc->task->event_ctx, ap_req, &ap_rep);
        if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 
                ret = kpasswdd_make_unauth_error_reply(kdc, mem_ctx,
index fd7deda..e0db358 100644 (file)
@@ -202,7 +202,7 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
                        input = *req->creds.SASL.secblob;
                }
 
-               status = gensec_update(conn->gensec, reply,
+               status = gensec_update(conn->gensec, reply, conn->connection->event.ctx,
                                       input, &output);
 
                /* Windows 2000 mmc doesn't like secblob == NULL and reports a decoding error */
index e5e8cba..f167f17 100644 (file)
@@ -225,7 +225,6 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn,
        gensec_init();
 
        status = gensec_client_start(conn, &conn->gensec,
-                                    conn->event.event_ctx, 
                                     lpcfg_gensec_settings(conn, lp_ctx));
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(0, ("Failed to start GENSEC engine (%s)\n", nt_errstr(status)));
@@ -319,6 +318,7 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn,
                int result = LDAP_OTHER;
        
                status = gensec_update(conn->gensec, tmp_ctx,
+                                      conn->event.event_ctx,
                                       input,
                                       &output);
                /* The status value here, from GENSEC is vital to the security
index 0f749a0..f301523 100644 (file)
@@ -53,7 +53,6 @@ struct smb2_session *smb2_session_init(struct smb2_transport *transport,
 
        /* prepare a gensec context for later use */
        status = gensec_client_start(session, &session->gensec, 
-                                    session->transport->socket->event.ctx, 
                                     settings);
        if (!NT_STATUS_IS_OK(status)) {
                talloc_free(session);
@@ -203,6 +202,7 @@ struct tevent_req *smb2_session_setup_spnego_send(TALLOC_CTX *mem_ctx,
        }
 
        status = gensec_update(session->gensec, state,
+                              session->transport->socket->event.ctx,
                               session->transport->negotiate.secblob,
                               &state->io.in.secblob);
        if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
@@ -242,6 +242,7 @@ static void smb2_session_setup_spnego_handler(struct smb2_request *subreq)
            (NT_STATUS_IS_OK(peer_status) &&
             NT_STATUS_EQUAL(state->gensec_status, NT_STATUS_MORE_PROCESSING_REQUIRED))) {
                status = gensec_update(session->gensec, state,
+                                      session->transport->socket->event.ctx,
                                       state->io.out.secblob,
                                       &state->io.in.secblob);
                state->gensec_status = status;
index 7385669..8b1571c 100644 (file)
@@ -181,7 +181,7 @@ static void request_handler(struct smbcli_request *req)
                         * host/attacker might avoid mutal authentication
                         * requirements */
                        
-                       state->gensec_status = gensec_update(session->gensec, state,
+                       state->gensec_status = gensec_update(session->gensec, state, c->event_ctx,
                                                         state->setup.spnego.out.secblob,
                                                         &state->setup.spnego.in.secblob);
                        c->status = state->gensec_status;
@@ -443,7 +443,7 @@ static NTSTATUS session_setup_spnego(struct composite_context *c,
 
        smbcli_temp_set_signing(session->transport);
 
-       status = gensec_client_start(session, &session->gensec, c->event_ctx,
+       status = gensec_client_start(session, &session->gensec,
                                     io->in.gensec_settings);
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(1, ("Failed to start GENSEC client mode: %s\n", nt_errstr(status)));
@@ -500,10 +500,12 @@ static NTSTATUS session_setup_spnego(struct composite_context *c,
 
        if ((const void *)chosen_oid == (const void *)GENSEC_OID_SPNEGO) {
                status = gensec_update(session->gensec, state,
+                                      c->event_ctx,
                                       session->transport->negotiate.secblob,
                                       &state->setup.spnego.in.secblob);
        } else {
                status = gensec_update(session->gensec, state,
+                                      c->event_ctx,
                                       data_blob(NULL, 0),
                                       &state->setup.spnego.in.secblob);
 
index fb2f4fb..b3f4f2f 100644 (file)
@@ -132,6 +132,7 @@ static void bind_auth_next_step(struct composite_context *c)
         */
 
        c->status = gensec_update(sec->generic_state, state,
+                                 state->pipe->conn->event_ctx,
                                  sec->auth_info->credentials,
                                  &state->credentials);
        data_blob_free(&sec->auth_info->credentials);
@@ -255,7 +256,6 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
        sec = &p->conn->security_state;
 
        c->status = gensec_client_start(p, &sec->generic_state,
-                                       p->conn->event_ctx,
                                        gensec_settings);
        if (!NT_STATUS_IS_OK(c->status)) {
                DEBUG(1, ("Failed to start GENSEC client mode: %s\n",
@@ -334,6 +334,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
         */
 
        c->status = gensec_update(sec->generic_state, state,
+                                 p->conn->event_ctx,
                                  sec->auth_info->credentials,
                                  &state->credentials);
        if (!NT_STATUS_IS_OK(c->status) &&
index ee7a86a..c891cc6 100644 (file)
@@ -113,7 +113,7 @@ NTSTATUS dcesrv_auth_bind_ack(struct dcesrv_call_state *call, struct ncacn_packe
        }
 
        status = gensec_update(dce_conn->auth_state.gensec_security,
-                              call,
+                              call, call->event_ctx,
                               dce_conn->auth_state.auth_info->credentials, 
                               &dce_conn->auth_state.auth_info->credentials);
        
@@ -171,7 +171,7 @@ bool dcesrv_auth_auth3(struct dcesrv_call_state *call)
 
        /* Pass the extra data we got from the client down to gensec for processing */
        status = gensec_update(dce_conn->auth_state.gensec_security,
-                              call,
+                              call, call->event_ctx,
                               dce_conn->auth_state.auth_info->credentials, 
                               &dce_conn->auth_state.auth_info->credentials);
        if (NT_STATUS_IS_OK(status)) {
@@ -250,7 +250,7 @@ NTSTATUS dcesrv_auth_alter_ack(struct dcesrv_call_state *call, struct ncacn_pack
        }
 
        status = gensec_update(dce_conn->auth_state.gensec_security,
-                              call,
+                              call, call->event_ctx,
                               dce_conn->auth_state.auth_info->credentials, 
                               &dce_conn->auth_state.auth_info->credentials);
 
index 378330f..739881d 100644 (file)
@@ -392,7 +392,7 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
                
                if (NT_STATUS_IS_OK(nt_status)) {
                        /* Get and push the proposed OID list into the packets */
-                       nt_status = gensec_update(gensec_security, req, null_data_blob, &blob);
+                       nt_status = gensec_update(gensec_security, req, req->smb_conn->connection->event.ctx, null_data_blob, &blob);
 
                        if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
                                DEBUG(1, ("Failed to get SPNEGO to give us the first token: %s\n", nt_errstr(nt_status)));
index bc896aa..dd69c9f 100644 (file)
@@ -79,7 +79,7 @@ static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB *
                return nt_status;
        }
 
-       nt_status = gensec_update(gensec_security, req, null_data_blob, &blob);
+       nt_status = gensec_update(gensec_security, req, req->smb_conn->connection->event.ctx, null_data_blob, &blob);
        if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
                DEBUG(0, ("Failed to get SPNEGO to give us the first token: %s\n", nt_errstr(nt_status)));
                smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO - no first token\n");
index c98985c..db2f2db 100644 (file)
@@ -36,7 +36,7 @@ static bool torture_ntlmssp_self_check(struct torture_context *tctx)
 
        torture_assert_ntstatus_ok(tctx, 
                gensec_client_start(mem_ctx, &gensec_security,
-                                   tctx->ev, lpcfg_gensec_settings(tctx, tctx->lp_ctx)),
+                                   lpcfg_gensec_settings(tctx, tctx->lp_ctx)),
                "gensec client start");
 
        gensec_set_credentials(gensec_security, cmdline_credentials);
@@ -93,7 +93,7 @@ static bool torture_ntlmssp_self_check(struct torture_context *tctx)
 
        torture_assert_ntstatus_ok(tctx, 
                gensec_client_start(mem_ctx, &gensec_security,
-                                   tctx->ev, lpcfg_gensec_settings(tctx, tctx->lp_ctx)),
+                                   lpcfg_gensec_settings(tctx, tctx->lp_ctx)),
                "Failed to start GENSEC for NTLMSSP");
 
        gensec_set_credentials(gensec_security, cmdline_credentials);
index 88a40b4..22fcd73 100644 (file)
@@ -85,7 +85,7 @@ static bool test_PACVerify(struct torture_context *tctx,
                return false;
        }
 
-       status = gensec_client_start(tctx, &gensec_client_context, tctx->ev, 
+       status = gensec_client_start(tctx, &gensec_client_context,
                                     lpcfg_gensec_settings(tctx, tctx->lp_ctx));
        torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed");
 
@@ -97,7 +97,7 @@ static bool test_PACVerify(struct torture_context *tctx,
        status = gensec_start_mech_by_sasl_name(gensec_client_context, "GSSAPI");
        torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (client) failed");
 
-       status = gensec_server_start(tctx, tctx->ev, 
+       status = gensec_server_start(tctx,
                                     lpcfg_gensec_settings(tctx, tctx->lp_ctx),
                                     NULL, &gensec_server_context);
        torture_assert_ntstatus_ok(tctx, status, "gensec_server_start (server) failed");
@@ -112,12 +112,12 @@ static bool test_PACVerify(struct torture_context *tctx,
        
        do {
                /* Do a client-server update dance */
-               status = gensec_update(gensec_client_context, tmp_ctx, server_to_client, &client_to_server);
+               status = gensec_update(gensec_client_context, tmp_ctx, tctx->ev, server_to_client, &client_to_server);
                if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
                        torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed");
                }
 
-               status = gensec_update(gensec_server_context, tmp_ctx, client_to_server, &server_to_client);
+               status = gensec_update(gensec_server_context, tmp_ctx, tctx->ev, client_to_server, &server_to_client);
                if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
                        torture_assert_ntstatus_ok(tctx, status, "gensec_update (server) failed");
                }
@@ -424,7 +424,7 @@ static bool test_S2U4Self(struct torture_context *tctx,
 
        /* First, do a normal Kerberos connection */
 
-       status = gensec_client_start(tctx, &gensec_client_context, tctx->ev,
+       status = gensec_client_start(tctx, &gensec_client_context,
                                     lpcfg_gensec_settings(tctx, tctx->lp_ctx));
        torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed");
 
@@ -436,7 +436,7 @@ static bool test_S2U4Self(struct torture_context *tctx,
        status = gensec_start_mech_by_sasl_name(gensec_client_context, "GSSAPI");
        torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (client) failed");
 
-       status = gensec_server_start(tctx, tctx->ev,
+       status = gensec_server_start(tctx,
                                     lpcfg_gensec_settings(tctx, tctx->lp_ctx),
                                     NULL, &gensec_server_context);
        torture_assert_ntstatus_ok(tctx, status, "gensec_server_start (server) failed");
@@ -451,12 +451,12 @@ static bool test_S2U4Self(struct torture_context *tctx,
 
        do {
                /* Do a client-server update dance */
-               status = gensec_update(gensec_client_context, tmp_ctx, server_to_client, &client_to_server);
+               status = gensec_update(gensec_client_context, tmp_ctx, tctx->ev, server_to_client, &client_to_server);
                if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
                        torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed");
                }
 
-               status = gensec_update(gensec_server_context, tmp_ctx, client_to_server, &server_to_client);
+               status = gensec_update(gensec_server_context, tmp_ctx, tctx->ev, client_to_server, &server_to_client);
                if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
                        torture_assert_ntstatus_ok(tctx, status, "gensec_update (server) failed");
                }
@@ -480,7 +480,7 @@ static bool test_S2U4Self(struct torture_context *tctx,
                        cli_credentials_get_principal(cmdline_credentials, tmp_ctx),
                        talloc_asprintf(tmp_ctx, "host/%s", test_machine_name));
 
-       status = gensec_client_start(tctx, &gensec_client_context, tctx->ev,
+       status = gensec_client_start(tctx, &gensec_client_context,
                                     lpcfg_gensec_settings(tctx, tctx->lp_ctx));
        torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed");
 
@@ -493,7 +493,7 @@ static bool test_S2U4Self(struct torture_context *tctx,
        status = gensec_start_mech_by_sasl_name(gensec_client_context, "GSSAPI");
        torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (client) failed");
 
-       status = gensec_server_start(tctx, tctx->ev,
+       status = gensec_server_start(tctx,
                                     lpcfg_gensec_settings(tctx, tctx->lp_ctx),
                                     NULL, &gensec_server_context);
        torture_assert_ntstatus_ok(tctx, status, "gensec_server_start (server) failed");
@@ -508,12 +508,12 @@ static bool test_S2U4Self(struct torture_context *tctx,
 
        do {
                /* Do a client-server update dance */
-               status = gensec_update(gensec_client_context, tmp_ctx, server_to_client, &client_to_server);
+               status = gensec_update(gensec_client_context, tmp_ctx, tctx->ev, server_to_client, &client_to_server);
                if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
                        torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed");
                }
 
-               status = gensec_update(gensec_server_context, tmp_ctx, client_to_server, &server_to_client);
+               status = gensec_update(gensec_server_context, tmp_ctx, tctx->ev, client_to_server, &server_to_client);
                if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
                        torture_assert_ntstatus_ok(tctx, status, "gensec_update (server) failed");
                }
index c0a06bd..cc92c17 100644 (file)
@@ -449,7 +449,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
                case NTLMSSP_CLIENT_1:
                        /* setup the client side */
 
-                       nt_status = gensec_client_start(NULL, &state->gensec_state, ev, 
+                       nt_status = gensec_client_start(NULL, &state->gensec_state,
                                                        lpcfg_gensec_settings(NULL, lp_ctx));
                        if (!NT_STATUS_IS_OK(nt_status)) {
                                talloc_free(mem_ctx);
@@ -481,7 +481,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
                                exit(1);
                        }
                        
-                       if (!NT_STATUS_IS_OK(gensec_server_start(state, ev, 
+                       if (!NT_STATUS_IS_OK(gensec_server_start(state,
                                                                 lpcfg_gensec_settings(state, lp_ctx),
                                                                 auth_context, &state->gensec_state))) {
                                talloc_free(mem_ctx);
@@ -632,7 +632,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
                return;
        }
 
-       nt_status = gensec_update(state->gensec_state, mem_ctx, in, &out);
+       nt_status = gensec_update(state->gensec_state, mem_ctx, ev, in, &out);
        
        /* don't leak 'bad password'/'no such user' info to the network client */
        nt_status = nt_status_squash(nt_status);