r17341: pass a messaging context to auth_context_create()

and gensec_server_start().

calling them with NULL for event context or messaging context
is no longer allowed!

metze

source/auth/auth.c

@@ -360,8 +360,9 @@ NTSTATUS auth_check_password_recv(struct auth_check_password_request *req,
  Make a auth_info struct for the auth subsystem
 ***************************************************************************/
 NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx, const char **methods, 
-			     struct auth_context **auth_ctx,
-			     struct event_context *ev) 
+			     struct event_context *ev,
+			     struct messaging_context *msg,
+			     struct auth_context **auth_ctx)
 {
 	int i;
 	struct auth_context *ctx;
@@ -371,22 +372,24 @@ NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx, const char **methods,
 		return NT_STATUS_INTERNAL_ERROR;
 	}
 
+	if (!ev) {
+		DEBUG(0,("auth_context_create: called with out event context\n"));
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	if (!msg) {
+		DEBUG(0,("auth_context_create: called with out messaging context\n"));
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
 	ctx = talloc(mem_ctx, struct auth_context);
 	NT_STATUS_HAVE_NO_MEMORY(ctx);
 	ctx->challenge.set_by		= NULL;
 	ctx->challenge.may_be_modified	= False;
 	ctx->challenge.data		= data_blob(NULL, 0);
 	ctx->methods			= NULL;
-	
-	if (ev == NULL) {
-		ev = event_context_init(ctx);
-		if (ev == NULL) {
-			talloc_free(ctx);
-			return NT_STATUS_NO_MEMORY;
-		}
-	}
-
-	ctx->event_ctx = ev;
+	ctx->event_ctx			= ev;
+	ctx->msg_ctx			= msg;
 
 	for (i=0; methods[i] ; i++) {
 		struct auth_method_context *method;

source/auth/auth.h

@@ -171,6 +171,9 @@ struct auth_context {
 
 	/* the event context to use for calls that can block */
 	struct event_context *event_ctx;
+
+	/* the messaging context which can be used by backends */
+	struct messaging_context *msg_ctx;
 };
 
 /* this structure is used by backends to determine the size of some critical types */

source/auth/auth_simple.c

@@ -26,11 +26,13 @@
 #include "auth/auth.h"
 #include "lib/events/events.h"
 
-_PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx, 
-				  const char *nt4_domain, 
-				  const char *nt4_username, 
-				  const char *password, 
-				  struct auth_session_info **session_info) 
+_PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx,
+					   struct event_context *ev,
+					   struct messaging_context *msg,
+					   const char *nt4_domain,
+					   const char *nt4_username,
+					   const char *password,
+					   struct auth_session_info **session_info) 
 {
 	struct auth_context *auth_context;
 	struct auth_usersupplied_info *user_info;
@@ -42,8 +44,9 @@ _PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	nt_status = auth_context_create(tmp_ctx, lp_auth_methods(), &auth_context, 
-					event_context_find(mem_ctx));
+	nt_status = auth_context_create(tmp_ctx, lp_auth_methods(),
+					ev, msg,
+					&auth_context);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		talloc_free(tmp_ctx);
 		return nt_status;

source/auth/gensec/gensec.c

@@ -465,8 +465,9 @@ const char **gensec_security_oids(struct gensec_security *gensec_security,
   @note  The mem_ctx is only a parent and may be NULL.
 */
 static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx, 
-			     struct gensec_security **gensec_security,
-			     struct event_context *ev) 
+			     struct event_context *ev,
+			     struct messaging_context *msg,
+			     struct gensec_security **gensec_security)
 {
 	(*gensec_security) = talloc(mem_ctx, struct gensec_security);
 	NT_STATUS_HAVE_NO_MEMORY(*gensec_security);
@@ -489,6 +490,7 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx,
 	}
 
 	(*gensec_security)->event_ctx = ev;
+	(*gensec_security)->msg_ctx = msg;
 
 	return NT_STATUS_OK;
 }
@@ -514,6 +516,7 @@ _PUBLIC_ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx,
 
 	(*gensec_security)->subcontext = True;
 	(*gensec_security)->event_ctx = parent->event_ctx;
+	(*gensec_security)->msg_ctx = parent->msg_ctx;
 
 	return NT_STATUS_OK;
 }
@@ -529,10 +532,20 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
 			     struct event_context *ev)
 {
 	NTSTATUS status;
-	status = gensec_start(mem_ctx, gensec_security, ev);
+	struct event_context *new_ev = NULL;
+
+	if (ev == NULL) {
+		new_ev = event_context_init(mem_ctx);
+		NT_STATUS_HAVE_NO_MEMORY(new_ev);
+		ev = new_ev;
+	}
+
+	status = gensec_start(mem_ctx, ev, NULL, gensec_security);
 	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(new_ev);
 		return status;
 	}
+	talloc_steal((*gensec_security), new_ev);
 	(*gensec_security)->gensec_role = GENSEC_CLIENT;
 
 	return status;
@@ -545,11 +558,23 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
   @note  The mem_ctx is only a parent and may be NULL.
 */
 NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx, 
-			     struct gensec_security **gensec_security,
-			     struct event_context *ev)
+			     struct event_context *ev,
+			     struct messaging_context *msg,
+			     struct gensec_security **gensec_security)
 {
 	NTSTATUS status;
-	status = gensec_start(mem_ctx, gensec_security, ev);
+
+	if (!ev) {
+		DEBUG(0,("gensec_server_start: no event context given!\n"));
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	if (!msg) {
+		DEBUG(0,("gensec_server_start: no messaging context given!\n"));
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	status = gensec_start(mem_ctx, ev, msg, gensec_security);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}

source/auth/gensec/gensec.h

@@ -122,6 +122,7 @@ struct gensec_security {
 	BOOL subcontext;
 	uint32_t want_features;
 	struct event_context *event_ctx;
+	struct messaging_context *msg_ctx; /* only valid as server */
 	struct socket_address *my_addr, *peer_addr;
 };
 

source/auth/ntlmssp/ntlmssp_server.c

@@ -830,8 +830,9 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
 	}
 
 	nt_status = auth_context_create(gensec_ntlmssp_state, lp_auth_methods(), 
-					&gensec_ntlmssp_state->auth_context,
-					gensec_security->event_ctx);
+					gensec_security->event_ctx,
+					gensec_security->msg_ctx,
+					&gensec_ntlmssp_state->auth_context);
 	NT_STATUS_NOT_OK_RETURN(nt_status);
 
 	gensec_ntlmssp_state->get_challenge = auth_ntlmssp_get_challenge;

source/kdc/kpasswdd.c

@@ -451,14 +451,13 @@ BOOL kpasswdd_process(struct kdc_server *kdc,
 	ap_req = data_blob_const(&input->data[header_len], ap_req_len);
 	krb_priv_req = data_blob_const(&input->data[header_len + ap_req_len], krb_priv_len);
 	
-	nt_status = gensec_server_start(tmp_ctx, &gensec_security, kdc->task->event_ctx);
+	nt_status = gensec_server_start(tmp_ctx, kdc->task->event_ctx, kdc->task->msg_ctx, &gensec_security);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		talloc_free(tmp_ctx);
 		return False;
 	}
 
-	server_credentials 
-		= cli_credentials_init(tmp_ctx);
+	server_credentials = cli_credentials_init(tmp_ctx);
 	if (!server_credentials) {
 		DEBUG(1, ("Failed to init server credentials\n"));
 		return False;

source/ldap_server/ldap_bind.c

@@ -46,8 +46,12 @@ static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call)
 
 	status = crack_dn_to_nt4_name(call, req->dn, &nt4_domain, &nt4_account);
 	if (NT_STATUS_IS_OK(status)) {
-		status = authenticate_username_pw(call, nt4_domain, nt4_account, 
-						  req->creds.password, &session_info);
+		status = authenticate_username_pw(call,
+						  call->conn->connection->event.ctx,
+						  call->conn->connection->msg_ctx,
+						  nt4_domain, nt4_account, 
+						  req->creds.password,
+						  &session_info);
 	}
 
 	reply = ldapsrv_init_reply(call, LDAP_TAG_BindResponse);
@@ -135,8 +139,10 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
 	if (!conn->gensec) {
 		conn->session_info = NULL;
 
-		status = gensec_server_start(conn, &conn->gensec,
-					     conn->connection->event.ctx);
+		status = gensec_server_start(conn,
+					     conn->connection->event.ctx,
+					     conn->connection->msg_ctx,
+					     &conn->gensec);
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
 			result = LDAP_OPERATIONS_ERROR;

source/rpc_server/dcesrv_auth.c

@@ -57,7 +57,7 @@ BOOL dcesrv_auth_bind(struct dcesrv_call_state *call)
 		return False;
 	}
 
-	status = gensec_server_start(dce_conn, &auth->gensec_security, call->event_ctx);
+	status = gensec_server_start(dce_conn, call->event_ctx, call->msg_ctx, &auth->gensec_security);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(1, ("Failed to start GENSEC for DCERPC server: %s\n", nt_errstr(status)));
 		return False;

source/rpc_server/netlogon/dcerpc_netlogon.c

@@ -431,8 +431,9 @@ static NTSTATUS netr_LogonSamLogon_base(struct dcesrv_call_state *dce_call, TALL
 		}
 
 		/* TODO: we need to deny anonymous access here */
-		nt_status = auth_context_create(mem_ctx, lp_auth_methods(), &auth_context,
-						dce_call->event_ctx);
+		nt_status = auth_context_create(mem_ctx, lp_auth_methods(),
+						dce_call->event_ctx, dce_call->msg_ctx,
+						&auth_context);
 		NT_STATUS_NOT_OK_RETURN(nt_status);
 
 		user_info->logon_parameters = r->in.logon.password->identity_info.parameter_control;
@@ -456,8 +457,9 @@ static NTSTATUS netr_LogonSamLogon_base(struct dcesrv_call_state *dce_call, TALL
 	case 6:
 
 		/* TODO: we need to deny anonymous access here */
-		nt_status = auth_context_create(mem_ctx, lp_auth_methods(), &auth_context,
-						dce_call->event_ctx);
+		nt_status = auth_context_create(mem_ctx, lp_auth_methods(),
+						dce_call->event_ctx, dce_call->msg_ctx,
+						&auth_context);
 		NT_STATUS_NOT_OK_RETURN(nt_status);
 
 		nt_status = auth_context_set_challenge(auth_context, r->in.logon.network->challenge, "netr_LogonSamLogonWithFlags");

source/scripting/ejs/smbcalls_auth.c

@@ -26,6 +26,7 @@
 #include "auth/auth.h"
 #include "scripting/ejs/smbcalls.h"
 #include "lib/events/events.h"
+#include "lib/messaging/irpc.h"
 
 static int ejs_doauth(MprVarHandle eid,
 		      TALLOC_CTX *tmp_ctx, struct MprVar *auth, const char *username, 
@@ -41,17 +42,20 @@ static int ejs_doauth(MprVarHandle eid,
 
 	struct smbcalls_context *c;
 	struct event_context *ev;
+	struct messaging_context *msg;
 
 	/* Hope we can find an smbcalls_context somewhere up there... */
 	c = talloc_find_parent_bytype(tmp_ctx, struct smbcalls_context);
 	if (c) {
 		ev = c->event_ctx;
+		msg = c->msg_ctx;
 	} else {
 		/* Hope we can find the event context somewhere up there... */
 		ev = event_context_find(tmp_ctx);
+		msg = messaging_client_init(tmp_ctx, ev);
 	}
 
-	nt_status = auth_context_create(tmp_ctx, auth_types, &auth_context, ev);
+	nt_status = auth_context_create(tmp_ctx, auth_types, ev, msg, &auth_context);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		mprSetPropertyValue(auth, "result", mprCreateBoolVar(False));
 		mprSetPropertyValue(auth, "report", mprString("Auth System Failure"));

source/smb_server/smb/negprot.c

@@ -43,8 +43,9 @@ static NTSTATUS get_challenge(struct smbsrv_connection *smb_conn, uint8_t buff[8
 	DEBUG(10, ("get challenge: creating negprot_global_auth_context\n"));
 
 	nt_status = auth_context_create(smb_conn, lp_auth_methods(), 
-					&smb_conn->negotiate.auth_context,
-					smb_conn->connection->event.ctx);
+					smb_conn->connection->event.ctx,
+					smb_conn->connection->msg_ctx,
+					&smb_conn->negotiate.auth_context);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		DEBUG(0, ("auth_context_create() returned %s", nt_errstr(nt_status)));
 		return nt_status;
@@ -340,10 +341,12 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
 		DATA_BLOB null_data_blob = data_blob(NULL, 0);
 		DATA_BLOB blob;
 		const char *oid;
-		NTSTATUS nt_status = gensec_server_start(req->smb_conn, 
-							 &gensec_security,
-							 req->smb_conn->connection->event.ctx);
-		
+		NTSTATUS nt_status;
+
+		nt_status = gensec_server_start(req->smb_conn,
+						req->smb_conn->connection->event.ctx,
+						req->smb_conn->connection->msg_ctx,
+						&gensec_security);
 		if (!NT_STATUS_IS_OK(nt_status)) {
 			DEBUG(0, ("Failed to start GENSEC: %s\n", nt_errstr(nt_status)));
 			smbsrv_terminate_connection(req->smb_conn, "Failed to start GENSEC\n");

source/smb_server/smb/sesssetup.c

@@ -240,8 +240,9 @@ static void sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *sess)
 
 		/* TODO: should we use just "anonymous" here? */
 		status = auth_context_create(req, lp_auth_methods(), 
-					     &auth_context,
-					     req->smb_conn->connection->event.ctx);
+					     req->smb_conn->connection->event.ctx,
+					     req->smb_conn->connection->msg_ctx,
+					     &auth_context);
 		if (!NT_STATUS_IS_OK(status)) goto failed;
 	} else {
 		auth_context = req->smb_conn->negotiate.auth_context;
@@ -368,8 +369,10 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se
 	if (!smb_sess) {
 		struct gensec_security *gensec_ctx;
 
-		status = gensec_server_start(req, &gensec_ctx,
-					     req->smb_conn->connection->event.ctx);
+		status = gensec_server_start(req,
+					     req->smb_conn->connection->event.ctx,
+					     req->smb_conn->connection->msg_ctx,
+					     &gensec_ctx);
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
 			goto failed;

source/smb_server/smb2/negprot.c

@@ -36,8 +36,10 @@ static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB *
 	NTSTATUS nt_status;
 	struct cli_credentials *server_credentials;
 
-	nt_status = gensec_server_start(req, &gensec_security,
-					req->smb_conn->connection->event.ctx);
+	nt_status = gensec_server_start(req,
+					req->smb_conn->connection->event.ctx,
+					req->smb_conn->connection->msg_ctx,
+					&gensec_security);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		DEBUG(0, ("Failed to start GENSEC: %s\n", nt_errstr(nt_status)));
 		smbsrv_terminate_connection(req->smb_conn, "Failed to start GENSEC\n");

source/smb_server/smb2/sesssetup.c

@@ -114,8 +114,10 @@ static void smb2srv_sesssetup_backend(struct smb2srv_request *req, union smb_ses
 	if (vuid == 0) {
 		struct gensec_security *gensec_ctx;
 
-		status = gensec_server_start(req, &gensec_ctx,
-					     req->smb_conn->connection->event.ctx);
+		status = gensec_server_start(req,
+					     req->smb_conn->connection->event.ctx,
+					     req->smb_conn->connection->msg_ctx,
+					     &gensec_ctx);
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
 			goto failed;

source/utils/config.mk

@@ -31,7 +31,9 @@ PRIVATE_DEPENDENCIES = \
 		POPT_CREDENTIALS \
 		gensec \
 		LIBCLI_RESOLVE \
-		auth
+		auth \
+		MESSAGING \
+		LIBEVENTS
 MANPAGE = man/ntlm_auth.1
 # End BINARY ntlm_auth
 #################################

source/utils/ntlm_auth.c

@@ -31,6 +31,9 @@
 #include "libcli/auth/libcli_auth.h"
 #include "libcli/security/security.h"
 #include "lib/ldb/include/ldb.h"
+#include "lib/events/events.h"
+#include "lib/messaging/messaging.h"
+#include "lib/messaging/irpc.h"
 
 #define SQUID_BUFFER_SIZE 2010
 
@@ -329,6 +332,8 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
 		const char *set_password;
 	};
 	struct gensec_ntlm_state *state;
+	struct event_context *ev;
+	struct messaging_context *msg;
 
 	NTSTATUS nt_status;
 	BOOL first = False;
@@ -399,7 +404,15 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
 			break;
 		case GSS_SPNEGO_SERVER:
 		case SQUID_2_5_NTLMSSP:
-			if (!NT_STATUS_IS_OK(gensec_server_start(NULL, &state->gensec_state, NULL))) {
+			ev = event_context_init(state);
+			if (!ev) {
+				exit(1);
+			}
+			msg = messaging_client_init(state, ev);
+			if (!msg) {
+				exit(1);
+			}
+			if (!NT_STATUS_IS_OK(gensec_server_start(state, ev, msg, &state->gensec_state))) {
 				exit(1);
 			}
 			break;