From 2103c373b44871810197fa8e423f55a659a8b89d Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 13 Dec 2013 19:56:13 +0100 Subject: [PATCH] auth/gensec: remove tevent_context argument from gensec_update() Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- auth/gensec/gensec.c | 3 +-- auth/gensec/gensec.h | 4 +-- source3/libads/authdata.c | 2 +- source3/libads/sasl.c | 2 +- source3/libsmb/clifsinfo.c | 6 ++--- source3/rpc_client/cli_pipe.c | 4 +-- source3/rpc_server/dcesrv_auth_generic.c | 4 +-- source3/smbd/negprot.c | 2 +- source3/smbd/seal.c | 2 +- source3/smbd/sesssetup.c | 2 +- source3/torture/test_smb2.c | 30 +++++++++++++++-------- source3/utils/ntlm_auth.c | 2 +- source3/winbindd/winbindd_ccache_access.c | 4 +-- source4/auth/gensec/pygensec.c | 2 +- source4/torture/dns/dlz_bind9.c | 2 +- source4/torture/rpc/remote_pac.c | 12 ++++----- source4/torture/winbind/winbind.c | 4 +-- 17 files changed, 48 insertions(+), 39 deletions(-) diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c index f824b90346a..8b5c02d111c 100644 --- a/auth/gensec/gensec.c +++ b/auth/gensec/gensec.c @@ -321,10 +321,9 @@ _PUBLIC_ NTSTATUS gensec_update_ev(struct gensec_security *gensec_security, _PUBLIC_ NTSTATUS gensec_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, - struct tevent_context *ev, const DATA_BLOB in, DATA_BLOB *out) { - return gensec_update_ev(gensec_security, out_mem_ctx, ev, in, out); + return gensec_update_ev(gensec_security, out_mem_ctx, NULL, in, out); } struct gensec_update_state { diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h index e7ad040da2c..0d3a29ca831 100644 --- a/auth/gensec/gensec.h +++ b/auth/gensec/gensec.h @@ -146,8 +146,8 @@ NTSTATUS gensec_start_mech_by_sasl_list(struct gensec_security *gensec_security, void gensec_set_max_update_size(struct gensec_security *gensec_security, uint32_t max_update_size); size_t gensec_max_update_size(struct gensec_security *gensec_security); -NTSTATUS gensec_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, - struct tevent_context *ev, +NTSTATUS gensec_update(struct gensec_security *gensec_security, + TALLOC_CTX *out_mem_ctx, const DATA_BLOB in, DATA_BLOB *out); NTSTATUS gensec_update_ev(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx, diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c index 276408d880e..18a2e4fccc2 100644 --- a/source3/libads/authdata.c +++ b/source3/libads/authdata.c @@ -276,7 +276,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx, } /* Do a client-server update dance */ - status = gensec_update(gensec_server_context, tmp_ctx, NULL, tkt_wrapped, &ap_rep); + status = gensec_update(gensec_server_context, tmp_ctx, tkt_wrapped, &ap_rep); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("gensec_update() failed: %s\n", nt_errstr(status))); goto out; diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c index 33f4e241918..6890fb27a78 100644 --- a/source3/libads/sasl.c +++ b/source3/libads/sasl.c @@ -177,7 +177,7 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads) do { nt_status = gensec_update(auth_generic_state->gensec_security, - talloc_tos(), NULL, blob_in, &blob_out); + talloc_tos(), blob_in, &blob_out); data_blob_free(&blob_in); if ((NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED) || NT_STATUS_IS_OK(nt_status)) diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index d7ac906b008..376c4f5d5b1 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -615,7 +615,7 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli, do { status = gensec_update(auth_generic_state->gensec_security, auth_generic_state, - NULL, blob_in, &blob_out); + blob_in, &blob_out); data_blob_free(&blob_in); data_blob_free(¶m_out); if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) || NT_STATUS_IS_OK(status)) { @@ -700,7 +700,7 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli) } status = gensec_update(auth_generic_state->gensec_security, talloc_tos(), - NULL, blob_recv, &blob_send); + blob_recv, &blob_send); do { data_blob_free(&blob_recv); @@ -710,7 +710,7 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli) } data_blob_free(&blob_send); status = gensec_update(auth_generic_state->gensec_security, talloc_tos(), - NULL, blob_recv, &blob_send); + blob_recv, &blob_send); } while (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)); data_blob_free(&blob_recv); diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 0def81727a6..cd783f25689 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -1011,7 +1011,7 @@ static NTSTATUS create_generic_auth_rpc_bind_req(struct rpc_pipe_client *cli, struct gensec_security); DEBUG(5, ("create_generic_auth_rpc_bind_req: generate first token\n")); - status = gensec_update(gensec_security, mem_ctx, NULL, null_blob, auth_token); + status = gensec_update(gensec_security, mem_ctx, null_blob, auth_token); if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) @@ -1895,7 +1895,7 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq) } } - status = gensec_update(gensec_security, state, NULL, + status = gensec_update(gensec_security, state, auth.credentials, &auth_token); if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { diff --git a/source3/rpc_server/dcesrv_auth_generic.c b/source3/rpc_server/dcesrv_auth_generic.c index 77d76fc6c39..116512172d9 100644 --- a/source3/rpc_server/dcesrv_auth_generic.c +++ b/source3/rpc_server/dcesrv_auth_generic.c @@ -49,7 +49,7 @@ static NTSTATUS auth_generic_server_authtype_start_as_root(TALLOC_CTX *mem_ctx, return status; } - status = gensec_update(gensec_security, mem_ctx, NULL, *token_in, token_out); + status = gensec_update(gensec_security, mem_ctx, *token_in, token_out); if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { DEBUG(2, (__location__ ": gensec_update failed: %s\n", nt_errstr(status))); @@ -92,7 +92,7 @@ NTSTATUS auth_generic_server_step(struct gensec_security *gensec_security, /* this has to be done as root in order to verify the password */ become_root(); - status = gensec_update(gensec_security, mem_ctx, NULL, *token_in, token_out); + status = gensec_update(gensec_security, mem_ctx, *token_in, token_out); unbecome_root(); return status; diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index bd7df2231e8..f470d0b0571 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -177,7 +177,7 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn) status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_SPNEGO); if (NT_STATUS_IS_OK(status)) { status = gensec_update(gensec_security, ctx, - NULL, data_blob_null, &blob); + data_blob_null, &blob); /* If we get the list of OIDs, the 'OK' answer * is NT_STATUS_MORE_PROCESSING_REQUIRED */ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c index cdcfe06835d..bb9bb083503 100644 --- a/source3/smbd/seal.c +++ b/source3/smbd/seal.c @@ -225,7 +225,7 @@ NTSTATUS srv_request_encryption_setup(connection_struct *conn, /* Second step. */ become_root(); status = gensec_update(es->gensec_security, - talloc_tos(), NULL, + talloc_tos(), blob, &response); unbecome_root(); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) && diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 4b86a99522f..cf5c9f0d0e3 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -258,7 +258,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) become_root(); status = gensec_update(session->gensec, - talloc_tos(), NULL, + talloc_tos(), in_blob, &out_blob); unbecome_root(); if (!NT_STATUS_IS_OK(status) && diff --git a/source3/torture/test_smb2.c b/source3/torture/test_smb2.c index 8cb103163f1..1923668a15e 100644 --- a/source3/torture/test_smb2.c +++ b/source3/torture/test_smb2.c @@ -440,7 +440,8 @@ bool run_smb2_session_reconnect(int dummy) return false; } - status = gensec_update(auth_generic_state->gensec_security, talloc_tos(), ev, data_blob_null, &in_blob); + status = gensec_update(auth_generic_state->gensec_security, + talloc_tos(), data_blob_null, &in_blob); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { printf("gensec_update returned %s\n", nt_errstr(status)); return false; @@ -477,7 +478,8 @@ bool run_smb2_session_reconnect(int dummy) return false; } - status = gensec_update(auth_generic_state->gensec_security, talloc_tos(), ev, out_blob, &in_blob); + status = gensec_update(auth_generic_state->gensec_security, + talloc_tos(), out_blob, &in_blob); if (!NT_STATUS_IS_OK(status)) { printf("auth_generic_update returned %s\n", nt_errstr(status)); return false; @@ -953,7 +955,8 @@ bool run_smb2_multi_channel(int dummy) return false; } - status = gensec_update(auth_generic_state->gensec_security, talloc_tos(), ev, data_blob_null, &in_blob); + status = gensec_update(auth_generic_state->gensec_security, + talloc_tos(), data_blob_null, &in_blob); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { printf("gensec_update returned %s\n", nt_errstr(status)); return false; @@ -987,7 +990,8 @@ bool run_smb2_multi_channel(int dummy) return false; } - status = gensec_update(auth_generic_state->gensec_security, talloc_tos(), ev, out_blob, &in_blob); + status = gensec_update(auth_generic_state->gensec_security, + talloc_tos(), out_blob, &in_blob); if (!NT_STATUS_IS_OK(status)) { printf("auth_generic_update returned %s\n", nt_errstr(status)); return false; @@ -1079,7 +1083,8 @@ bool run_smb2_multi_channel(int dummy) return false; } - status = gensec_update(auth_generic_state->gensec_security, talloc_tos(), ev, data_blob_null, &in_blob); + status = gensec_update(auth_generic_state->gensec_security, + talloc_tos(), data_blob_null, &in_blob); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { printf("gensec_update returned %s\n", nt_errstr(status)); return false; @@ -1113,7 +1118,8 @@ bool run_smb2_multi_channel(int dummy) return false; } - status = gensec_update(auth_generic_state->gensec_security, talloc_tos(), ev, out_blob, &in_blob); + status = gensec_update(auth_generic_state->gensec_security, + talloc_tos(), out_blob, &in_blob); if (!NT_STATUS_IS_OK(status)) { printf("auth_generic_update returned %s\n", nt_errstr(status)); return false; @@ -1263,7 +1269,8 @@ bool run_smb2_multi_channel(int dummy) return false; } - status = gensec_update(auth_generic_state->gensec_security, talloc_tos(), ev, data_blob_null, &in_blob); + status = gensec_update(auth_generic_state->gensec_security, + talloc_tos(), data_blob_null, &in_blob); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { printf("gensec_update returned %s\n", nt_errstr(status)); return false; @@ -1297,7 +1304,8 @@ bool run_smb2_multi_channel(int dummy) return false; } - status = gensec_update(auth_generic_state->gensec_security, talloc_tos(), ev, out_blob, &in_blob); + status = gensec_update(auth_generic_state->gensec_security, + talloc_tos(), out_blob, &in_blob); if (!NT_STATUS_IS_OK(status)) { printf("auth_generic_update returned %s\n", nt_errstr(status)); return false; @@ -1578,7 +1586,8 @@ bool run_smb2_session_reauth(int dummy) return false; } - status = gensec_update(auth_generic_state->gensec_security, talloc_tos(), ev, data_blob_null, &in_blob); + status = gensec_update(auth_generic_state->gensec_security, + talloc_tos(), data_blob_null, &in_blob); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { printf("gensec_update returned %s\n", nt_errstr(status)); return false; @@ -1612,7 +1621,8 @@ bool run_smb2_session_reauth(int dummy) return false; } - status = gensec_update(auth_generic_state->gensec_security, talloc_tos(), ev, out_blob, &in_blob); + status = gensec_update(auth_generic_state->gensec_security, + talloc_tos(), out_blob, &in_blob); if (!NT_STATUS_IS_OK(status)) { printf("auth_generic_update returned %s\n", nt_errstr(status)); return false; diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index 1df615c1e7d..f0cd24bf58f 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -1631,7 +1631,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode, return; } - nt_status = gensec_update(state->gensec_state, mem_ctx, NULL, in, &out); + nt_status = gensec_update(state->gensec_state, mem_ctx, in, &out); /* don't leak 'bad password'/'no such user' info to the network client */ nt_status = nt_status_squash(nt_status); diff --git a/source3/winbindd/winbindd_ccache_access.c b/source3/winbindd/winbindd_ccache_access.c index 7787b3e0071..7e300dbe92e 100644 --- a/source3/winbindd/winbindd_ccache_access.c +++ b/source3/winbindd/winbindd_ccache_access.c @@ -109,7 +109,7 @@ static NTSTATUS do_ntlm_auth_with_stored_pw(const char *username, dummy_msg = data_blob_null; reply = data_blob_null; status = gensec_update(auth_generic_state->gensec_security, - talloc_tos(), NULL, dummy_msg, &reply); + talloc_tos(), dummy_msg, &reply); data_blob_free(&reply); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { @@ -120,7 +120,7 @@ static NTSTATUS do_ntlm_auth_with_stored_pw(const char *username, /* Now we are ready to handle the server's actual response. */ status = gensec_update(auth_generic_state->gensec_security, - NULL, NULL, challenge_msg, &reply); + NULL, challenge_msg, &reply); if (!NT_STATUS_EQUAL(status, NT_STATUS_OK)) { DEBUG(1, ("We didn't get a response to the challenge! [%s]\n", nt_errstr(status))); diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c index e7a21ee457e..83864e65af2 100644 --- a/source4/auth/gensec/pygensec.c +++ b/source4/auth/gensec/pygensec.c @@ -415,7 +415,7 @@ static PyObject *py_gensec_update(PyObject *self, PyObject *args) in.data = (uint8_t *)PyString_AsString(py_in); in.length = PyString_Size(py_in); - status = gensec_update(security, mem_ctx, NULL, in, &out); + status = gensec_update(security, mem_ctx, in, &out); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) && !NT_STATUS_IS_OK(status)) { diff --git a/source4/torture/dns/dlz_bind9.c b/source4/torture/dns/dlz_bind9.c index d7d1736a6fa..b7d6957bd62 100644 --- a/source4/torture/dns/dlz_bind9.c +++ b/source4/torture/dns/dlz_bind9.c @@ -170,7 +170,7 @@ static bool test_dlz_bind9_gensec(struct torture_context *tctx, const char *mech server_to_client = data_blob(NULL, 0); /* Do one step of the client-server update dance */ - status = gensec_update(gensec_client_context, tctx, tctx->ev, server_to_client, &client_to_server); + status = gensec_update(gensec_client_context, tctx, server_to_client, &client_to_server); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {; torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed"); } diff --git a/source4/torture/rpc/remote_pac.c b/source4/torture/rpc/remote_pac.c index b95773f81e5..e7e6dfdb46e 100644 --- a/source4/torture/rpc/remote_pac.c +++ b/source4/torture/rpc/remote_pac.c @@ -195,12 +195,12 @@ static bool test_PACVerify(struct torture_context *tctx, do { /* Do a client-server update dance */ - status = gensec_update(gensec_client_context, tmp_ctx, tctx->ev, server_to_client, &client_to_server); + status = gensec_update(gensec_client_context, tmp_ctx, server_to_client, &client_to_server); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {; torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed"); } - status = gensec_update(gensec_server_context, tmp_ctx, tctx->ev, client_to_server, &server_to_client); + status = gensec_update(gensec_server_context, tmp_ctx, client_to_server, &server_to_client); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {; torture_assert_ntstatus_ok(tctx, status, "gensec_update (server) failed"); } @@ -589,12 +589,12 @@ static bool test_S2U4Self(struct torture_context *tctx, do { /* Do a client-server update dance */ - status = gensec_update(gensec_client_context, tmp_ctx, tctx->ev, server_to_client, &client_to_server); + status = gensec_update(gensec_client_context, tmp_ctx, server_to_client, &client_to_server); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {; torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed"); } - status = gensec_update(gensec_server_context, tmp_ctx, tctx->ev, client_to_server, &server_to_client); + status = gensec_update(gensec_server_context, tmp_ctx, client_to_server, &server_to_client); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {; torture_assert_ntstatus_ok(tctx, status, "gensec_update (server) failed"); } @@ -646,12 +646,12 @@ static bool test_S2U4Self(struct torture_context *tctx, do { /* Do a client-server update dance */ - status = gensec_update(gensec_client_context, tmp_ctx, tctx->ev, server_to_client, &client_to_server); + status = gensec_update(gensec_client_context, tmp_ctx, server_to_client, &client_to_server); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {; torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed"); } - status = gensec_update(gensec_server_context, tmp_ctx, tctx->ev, client_to_server, &server_to_client); + status = gensec_update(gensec_server_context, tmp_ctx, client_to_server, &server_to_client); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {; torture_assert_ntstatus_ok(tctx, status, "gensec_update (server) failed"); } diff --git a/source4/torture/winbind/winbind.c b/source4/torture/winbind/winbind.c index 65382a9083f..35d6c93b4e7 100644 --- a/source4/torture/winbind/winbind.c +++ b/source4/torture/winbind/winbind.c @@ -224,12 +224,12 @@ static bool torture_winbind_pac(struct torture_context *tctx) do { /* Do a client-server update dance */ - status = gensec_update(gensec_client_context, tmp_ctx, tctx->ev, server_to_client, &client_to_server); + status = gensec_update(gensec_client_context, tmp_ctx, server_to_client, &client_to_server); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {; torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed"); } - status = gensec_update(gensec_server_context, tmp_ctx, tctx->ev, client_to_server, &server_to_client); + status = gensec_update(gensec_server_context, tmp_ctx, client_to_server, &server_to_client); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {; torture_assert_ntstatus_ok(tctx, status, "gensec_update (server) failed"); }