r2629: convert gensec to the new talloc model

by making our gensec structures a talloc child of the open connection
we can be sure that it will be destroyed when the connection is
dropped.
(This used to be commit f12ee2f241aab1549bc1d9ca4c35a35a1ca0d09d)

source4/libcli/auth/gensec.c

@@ -114,26 +114,22 @@ const char **gensec_security_oids(TALLOC_CTX *mem_ctx, const char *skip)
 	return oid_list;
 }
 
-static NTSTATUS gensec_start(struct gensec_security **gensec_security) 
+/*
+  note that memory context is the parent context to hang this gensec context off. It may be NULL.
+*/
+static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx, struct gensec_security **gensec_security) 
 {
-	TALLOC_CTX *mem_ctx;
 	/* awaiting a correct fix from metze */
 	if (!gensec_init()) {
 		return NT_STATUS_INTERNAL_ERROR;
 	}
 
-	mem_ctx = talloc_init("gensec_security struct");
-	if (!mem_ctx) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	(*gensec_security) = talloc_p(mem_ctx, struct gensec_security);
+	(*gensec_security) = talloc_p(NULL, struct gensec_security);
 	if (!(*gensec_security)) {
-		talloc_destroy(mem_ctx);
 		return NT_STATUS_NO_MEMORY;
 	}
+	talloc_set_name(*gensec_security, "gensec_start");
 
-	(*gensec_security)->mem_ctx = mem_ctx;
 	(*gensec_security)->ops = NULL;
 
 	ZERO_STRUCT((*gensec_security)->user);
@@ -141,8 +137,8 @@ static NTSTATUS gensec_start(struct gensec_security **gensec_security)
 	ZERO_STRUCT((*gensec_security)->default_user);
 
 	(*gensec_security)->default_user.name = "";
-	(*gensec_security)->default_user.domain = talloc_strdup(mem_ctx, lp_workgroup());
-	(*gensec_security)->default_user.realm = talloc_strdup(mem_ctx, lp_realm());
+	(*gensec_security)->default_user.domain = talloc_strdup(*gensec_security, lp_workgroup());
+	(*gensec_security)->default_user.realm = talloc_strdup(*gensec_security, lp_realm());
 
 	(*gensec_security)->subcontext = False;
 	(*gensec_security)->want_features = 0;
@@ -158,7 +154,7 @@ static NTSTATUS gensec_start(struct gensec_security **gensec_security)
 NTSTATUS gensec_subcontext_start(struct gensec_security *parent, 
 				 struct gensec_security **gensec_security)
 {
-	(*gensec_security) = talloc_p(parent->mem_ctx, struct gensec_security);
+	(*gensec_security) = talloc_p(parent, struct gensec_security);
 	if (!(*gensec_security)) {
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -172,10 +168,10 @@ NTSTATUS gensec_subcontext_start(struct gensec_security *parent,
 	return NT_STATUS_OK;
 }
 
-NTSTATUS gensec_client_start(struct gensec_security **gensec_security)
+NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx, struct gensec_security **gensec_security)
 {
 	NTSTATUS status;
-	status = gensec_start(gensec_security);
+	status = gensec_start(mem_ctx, gensec_security);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
@@ -187,10 +183,10 @@ NTSTATUS gensec_client_start(struct gensec_security **gensec_security)
 	return status;
 }
 
-NTSTATUS gensec_server_start(struct gensec_security **gensec_security)
+NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx, struct gensec_security **gensec_security)
 {
 	NTSTATUS status;
-	status = gensec_start(gensec_security);
+	status = gensec_start(mem_ctx, gensec_security);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
@@ -443,7 +439,7 @@ void gensec_end(struct gensec_security **gensec_security)
 
 	if (!(*gensec_security)->subcontext) {
 		/* don't destory this if this is a subcontext - it belongs to the parent */
-		talloc_destroy((*gensec_security)->mem_ctx);
+		talloc_free(*gensec_security);
 	}
 	gensec_security = NULL;
 }
@@ -467,7 +463,7 @@ void gensec_want_feature(struct gensec_security *gensec_security,
 NTSTATUS gensec_set_unparsed_username(struct gensec_security *gensec_security, const char *user) 
 {
 	char *p;
-	char *u = talloc_strdup(gensec_security->mem_ctx, user);
+	char *u = talloc_strdup(gensec_security, user);
 	if (!u) {
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -476,12 +472,12 @@ NTSTATUS gensec_set_unparsed_username(struct gensec_security *gensec_security, c
 	
 	if (p) {
 		*p = '\0';
-		gensec_security->user.name = talloc_strdup(gensec_security->mem_ctx, u);
+		gensec_security->user.name = talloc_strdup(gensec_security, u);
 		if (!gensec_security->user.name) {
 			return NT_STATUS_NO_MEMORY;
 		}
 		
-		gensec_security->user.realm = talloc_strdup(gensec_security->mem_ctx, p+1);
+		gensec_security->user.realm = talloc_strdup(gensec_security, p+1);
 		if (!gensec_security->user.realm) {
 			return NT_STATUS_NO_MEMORY;
 		}
@@ -495,11 +491,11 @@ NTSTATUS gensec_set_unparsed_username(struct gensec_security *gensec_security, c
 	
 	if (p) {
 		*p = '\0';
-		gensec_security->user.domain = talloc_strdup(gensec_security->mem_ctx, u);
+		gensec_security->user.domain = talloc_strdup(gensec_security, u);
 		if (!gensec_security->user.domain) {
 			return NT_STATUS_NO_MEMORY;
 		}
-		gensec_security->user.name = talloc_strdup(gensec_security->mem_ctx, p+1);
+		gensec_security->user.name = talloc_strdup(gensec_security, p+1);
 		if (!gensec_security->user.name) {
 			return NT_STATUS_NO_MEMORY;
 		}
@@ -521,7 +517,7 @@ NTSTATUS gensec_set_unparsed_username(struct gensec_security *gensec_security, c
 
 NTSTATUS gensec_set_username(struct gensec_security *gensec_security, const char *user) 
 {
-	gensec_security->user.name = talloc_strdup(gensec_security->mem_ctx, user);
+	gensec_security->user.name = talloc_strdup(gensec_security, user);
 	if (!gensec_security->user.name) {
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -548,7 +544,7 @@ const char *gensec_get_username(struct gensec_security *gensec_security)
 
 NTSTATUS gensec_set_domain(struct gensec_security *gensec_security, const char *domain) 
 {
-	gensec_security->user.domain = talloc_strdup(gensec_security->mem_ctx, domain);
+	gensec_security->user.domain = talloc_strdup(gensec_security, domain);
 	if (!gensec_security->user.domain) {
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -577,7 +573,7 @@ const char *gensec_get_domain(struct gensec_security *gensec_security)
 
 NTSTATUS gensec_set_realm(struct gensec_security *gensec_security, const char *realm) 
 {
-	gensec_security->user.realm = talloc_strdup(gensec_security->mem_ctx, realm);
+	gensec_security->user.realm = talloc_strdup(gensec_security, realm);
 	if (!gensec_security->user.realm) {
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -625,7 +621,7 @@ char *gensec_get_client_principal(struct gensec_security *gensec_security, TALLO
 NTSTATUS gensec_set_password(struct gensec_security *gensec_security,
 			     const char *password) 
 {
-	gensec_security->user.password = talloc_strdup(gensec_security->mem_ctx, password);
+	gensec_security->user.password = talloc_strdup(gensec_security, password);
 	if (!gensec_security->user.password) {
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -639,7 +635,7 @@ NTSTATUS gensec_set_password(struct gensec_security *gensec_security,
 
 NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, const char *principal) 
 {
-	gensec_security->target.principal = talloc_strdup(gensec_security->mem_ctx, principal);
+	gensec_security->target.principal = talloc_strdup(gensec_security, principal);
 	if (!gensec_security->target.principal) {
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -653,7 +649,7 @@ NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, co
 
 NTSTATUS gensec_set_target_service(struct gensec_security *gensec_security, const char *service) 
 {
-	gensec_security->target.service = talloc_strdup(gensec_security->mem_ctx, service);
+	gensec_security->target.service = talloc_strdup(gensec_security, service);
 	if (!gensec_security->target.service) {
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -667,7 +663,7 @@ NTSTATUS gensec_set_target_service(struct gensec_security *gensec_security, cons
 
 NTSTATUS gensec_set_target_hostname(struct gensec_security *gensec_security, const char *hostname) 
 {
-	gensec_security->target.hostname = talloc_strdup(gensec_security->mem_ctx, hostname);
+	gensec_security->target.hostname = talloc_strdup(gensec_security, hostname);
 	if (!gensec_security->target.hostname) {
 		return NT_STATUS_NO_MEMORY;
 	}

source4/libcli/auth/gensec.h

@@ -88,7 +88,6 @@ typedef NTSTATUS (*gensec_password_callback)(struct gensec_security *gensec_secu
 #define GENSEC_INTERFACE_VERSION 0
 
 struct gensec_security {
-	TALLOC_CTX *mem_ctx;
 	gensec_password_callback password_callback;
 	void *password_callback_private;
 	const struct gensec_security_ops *ops;

source4/libcli/auth/gensec_krb5.c

@@ -367,14 +367,14 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security
 			char *password;
 			time_t kdc_time = 0;
 			nt_status = gensec_get_password(gensec_security, 
-							gensec_security->mem_ctx, 
+							gensec_security, 
 							&password);
 			if (!NT_STATUS_IS_OK(nt_status)) {
 				return nt_status;
 			}
 
 			ret = kerberos_kinit_password_cc(gensec_krb5_state->krb5_context, gensec_krb5_state->krb5_ccache, 
-							 gensec_get_client_principal(gensec_security, gensec_security->mem_ctx), 
+							 gensec_get_client_principal(gensec_security, gensec_security), 
 							 password, NULL, &kdc_time);
 
 			/* cope with ticket being in the future due to clock skew */

source4/libcli/ldap/ldap.c

@@ -1458,7 +1458,7 @@ int ldap_bind_sasl(struct ldap_connection *conn, const char *username, const cha
 	if (conn == NULL)
 		return result;
 
-	status = gensec_client_start(&conn->gensec);
+	status = gensec_client_start(conn, &conn->gensec);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(0, ("Failed to start GENSEC engine (%s)\n", nt_errstr(status)));
 		return result;

source4/libcli/raw/clisession.c

@@ -395,7 +395,7 @@ static NTSTATUS smb_raw_session_setup_generic_spnego(struct smbcli_session *sess
 
 	smbcli_temp_set_signing(session->transport);
 
-	status = gensec_client_start(&session->gensec);
+	status = gensec_client_start(session, &session->gensec);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(1, ("Failed to start GENSEC client mode: %s\n", nt_errstr(status)));
 		goto done;

source4/librpc/rpc/dcerpc_auth.c

@@ -58,7 +58,7 @@ NTSTATUS dcerpc_bind_auth3(struct dcerpc_pipe *p, uint8_t auth_type, uint8_t aut
 	}
 	
 	if (!p->security_state.generic_state) {
-		status = gensec_client_start(&p->security_state.generic_state);
+		status = gensec_client_start(p, &p->security_state.generic_state);
 		if (!NT_STATUS_IS_OK(status)) {
 			return status;
 		}
@@ -136,7 +136,7 @@ NTSTATUS dcerpc_bind_alter(struct dcerpc_pipe *p, uint8_t auth_type, uint8_t aut
 	}
 	
 	if (!p->security_state.generic_state) {
-		status = gensec_client_start(&p->security_state.generic_state);
+		status = gensec_client_start(p, &p->security_state.generic_state);
 		if (!NT_STATUS_IS_OK(status)) {
 			return status;
 		}

source4/librpc/rpc/dcerpc_ntlm.c

@@ -37,7 +37,7 @@ NTSTATUS dcerpc_bind_auth_ntlm(struct dcerpc_pipe *p,
 		p->flags |= DCERPC_CONNECT;
 	}
 
-	status = gensec_client_start(&p->security_state.generic_state);
+	status = gensec_client_start(p, &p->security_state.generic_state);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(1, ("Failed to start GENSEC client mode: %s\n", nt_errstr(status)));
 		return status;

source4/librpc/rpc/dcerpc_schannel.c

@@ -436,7 +436,7 @@ NTSTATUS dcerpc_bind_auth_schannel(struct dcerpc_pipe *p,
 	NTSTATUS status;
 	int chan_type = 0;
 
-	status = gensec_client_start(&p->security_state.generic_state);
+	status = gensec_client_start(p, &p->security_state.generic_state);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}

source4/librpc/rpc/dcerpc_spnego.c

@@ -33,7 +33,7 @@ NTSTATUS dcerpc_bind_auth_spnego(struct dcerpc_pipe *p,
 {
 	NTSTATUS status;
 
-	status = gensec_client_start(&p->security_state.generic_state);
+	status = gensec_client_start(p, &p->security_state.generic_state);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(1, ("Failed to start GENSEC client mode: %s\n", nt_errstr(status)));
 		return status;

source4/rpc_server/dcesrv_auth.c

@@ -48,7 +48,7 @@ NTSTATUS dcesrv_crypto_select_type(struct dcesrv_connection *dce_conn,
 		 */
 	}
 
-	status = gensec_server_start(&auth->gensec_security);
+	status = gensec_server_start(dce_conn, &auth->gensec_security);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
 		return status;

source4/smb_server/negprot.c

@@ -306,7 +306,7 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
 		struct gensec_security *gensec_security;
 		DATA_BLOB null_data_blob = data_blob(NULL, 0);
 		DATA_BLOB blob;
-		NTSTATUS nt_status = gensec_server_start(&gensec_security);
+		NTSTATUS nt_status = gensec_server_start(req->smb_conn, &gensec_security);
 		
 		if (req->smb_conn->negotiate.auth_context) {
 			smbsrv_terminate_connection(req->smb_conn, "reply_nt1: is this a secondary negprot?  auth_context is non-NULL!\n");

source4/smb_server/sesssetup.c

@@ -221,7 +221,7 @@ static NTSTATUS sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup
 
 		status = gensec_update(smb_sess->gensec_ctx, req, sess->spnego.in.secblob, &sess->spnego.out.secblob);
 	} else {
-		status = gensec_server_start(&gensec_ctx);
+		status = gensec_server_start(req->smb_conn, &gensec_ctx);
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
 			return status;

source4/utils/ntlm_auth.c

@@ -315,7 +315,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
 		case NTLMSSP_CLIENT_1:
 			/* setup the client side */
 			
-			if (!NT_STATUS_IS_OK(gensec_client_start(gensec_state))) {
+			if (!NT_STATUS_IS_OK(gensec_client_start(NULL, gensec_state))) {
 				exit(1);
 			}
 			gensec_set_username(*gensec_state, opt_username);
@@ -334,7 +334,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
 			break;
 		case GSS_SPNEGO_SERVER:
 		case SQUID_2_5_NTLMSSP:
-			if (!NT_STATUS_IS_OK(gensec_server_start(gensec_state))) {
+			if (!NT_STATUS_IS_OK(gensec_server_start(NULL, gensec_state))) {
 				exit(1);
 			}
 			break;