mirror of
https://github.com/samba-team/samba.git
synced 2025-03-01 04:58:35 +03:00
r2629: convert gensec to the new talloc model
by making our gensec structures a talloc child of the open connection we can be sure that it will be destroyed when the connection is dropped. (This used to be commit f12ee2f241aab1549bc1d9ca4c35a35a1ca0d09d)
This commit is contained in:
Andrew Tridgell
Gerald (Jerry) Carter
parent
223e78990a
commit
c5f4378361
@ -114,26 +114,22 @@ const char **gensec_security_oids(TALLOC_CTX *mem_ctx, const char *skip)
|
||||
return oid_list;
|
||||
}
|
||||
|
||||
static NTSTATUS gensec_start(struct gensec_security **gensec_security)
|
||||
/*
|
||||
note that memory context is the parent context to hang this gensec context off. It may be NULL.
|
||||
*/
|
||||
static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx, struct gensec_security **gensec_security)
|
||||
{
|
||||
TALLOC_CTX *mem_ctx;
|
||||
/* awaiting a correct fix from metze */
|
||||
if (!gensec_init()) {
|
||||
return NT_STATUS_INTERNAL_ERROR;
|
||||
}
|
||||
|
||||
mem_ctx = talloc_init("gensec_security struct");
|
||||
if (!mem_ctx) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
(*gensec_security) = talloc_p(mem_ctx, struct gensec_security);
|
||||
(*gensec_security) = talloc_p(NULL, struct gensec_security);
|
||||
if (!(*gensec_security)) {
|
||||
talloc_destroy(mem_ctx);
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
talloc_set_name(*gensec_security, "gensec_start");
|
||||
|
||||
(*gensec_security)->mem_ctx = mem_ctx;
|
||||
(*gensec_security)->ops = NULL;
|
||||
|
||||
ZERO_STRUCT((*gensec_security)->user);
|
||||
@ -141,8 +137,8 @@ static NTSTATUS gensec_start(struct gensec_security **gensec_security)
|
||||
ZERO_STRUCT((*gensec_security)->default_user);
|
||||
|
||||
(*gensec_security)->default_user.name = "";
|
||||
(*gensec_security)->default_user.domain = talloc_strdup(mem_ctx, lp_workgroup());
|
||||
(*gensec_security)->default_user.realm = talloc_strdup(mem_ctx, lp_realm());
|
||||
(*gensec_security)->default_user.domain = talloc_strdup(*gensec_security, lp_workgroup());
|
||||
(*gensec_security)->default_user.realm = talloc_strdup(*gensec_security, lp_realm());
|
||||
|
||||
(*gensec_security)->subcontext = False;
|
||||
(*gensec_security)->want_features = 0;
|
||||
@ -158,7 +154,7 @@ static NTSTATUS gensec_start(struct gensec_security **gensec_security)
|
||||
NTSTATUS gensec_subcontext_start(struct gensec_security *parent,
|
||||
struct gensec_security **gensec_security)
|
||||
{
|
||||
(*gensec_security) = talloc_p(parent->mem_ctx, struct gensec_security);
|
||||
(*gensec_security) = talloc_p(parent, struct gensec_security);
|
||||
if (!(*gensec_security)) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
@ -172,10 +168,10 @@ NTSTATUS gensec_subcontext_start(struct gensec_security *parent,
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
NTSTATUS gensec_client_start(struct gensec_security **gensec_security)
|
||||
NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx, struct gensec_security **gensec_security)
|
||||
{
|
||||
NTSTATUS status;
|
||||
status = gensec_start(gensec_security);
|
||||
status = gensec_start(mem_ctx, gensec_security);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
@ -187,10 +183,10 @@ NTSTATUS gensec_client_start(struct gensec_security **gensec_security)
|
||||
return status;
|
||||
}
|
||||
|
||||
NTSTATUS gensec_server_start(struct gensec_security **gensec_security)
|
||||
NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx, struct gensec_security **gensec_security)
|
||||
{
|
||||
NTSTATUS status;
|
||||
status = gensec_start(gensec_security);
|
||||
status = gensec_start(mem_ctx, gensec_security);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
@ -443,7 +439,7 @@ void gensec_end(struct gensec_security **gensec_security)
|
||||
|
||||
if (!(*gensec_security)->subcontext) {
|
||||
/* don't destory this if this is a subcontext - it belongs to the parent */
|
||||
talloc_destroy((*gensec_security)->mem_ctx);
|
||||
talloc_free(*gensec_security);
|
||||
}
|
||||
gensec_security = NULL;
|
||||
}
|
||||
@ -467,7 +463,7 @@ void gensec_want_feature(struct gensec_security *gensec_security,
|
||||
NTSTATUS gensec_set_unparsed_username(struct gensec_security *gensec_security, const char *user)
|
||||
{
|
||||
char *p;
|
||||
char *u = talloc_strdup(gensec_security->mem_ctx, user);
|
||||
char *u = talloc_strdup(gensec_security, user);
|
||||
if (!u) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
@ -476,12 +472,12 @@ NTSTATUS gensec_set_unparsed_username(struct gensec_security *gensec_security, c
|
||||
|
||||
if (p) {
|
||||
*p = '\0';
|
||||
gensec_security->user.name = talloc_strdup(gensec_security->mem_ctx, u);
|
||||
gensec_security->user.name = talloc_strdup(gensec_security, u);
|
||||
if (!gensec_security->user.name) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
gensec_security->user.realm = talloc_strdup(gensec_security->mem_ctx, p+1);
|
||||
gensec_security->user.realm = talloc_strdup(gensec_security, p+1);
|
||||
if (!gensec_security->user.realm) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
@ -495,11 +491,11 @@ NTSTATUS gensec_set_unparsed_username(struct gensec_security *gensec_security, c
|
||||
|
||||
if (p) {
|
||||
*p = '\0';
|
||||
gensec_security->user.domain = talloc_strdup(gensec_security->mem_ctx, u);
|
||||
gensec_security->user.domain = talloc_strdup(gensec_security, u);
|
||||
if (!gensec_security->user.domain) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
gensec_security->user.name = talloc_strdup(gensec_security->mem_ctx, p+1);
|
||||
gensec_security->user.name = talloc_strdup(gensec_security, p+1);
|
||||
if (!gensec_security->user.name) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
@ -521,7 +517,7 @@ NTSTATUS gensec_set_unparsed_username(struct gensec_security *gensec_security, c
|
||||
|
||||
NTSTATUS gensec_set_username(struct gensec_security *gensec_security, const char *user)
|
||||
{
|
||||
gensec_security->user.name = talloc_strdup(gensec_security->mem_ctx, user);
|
||||
gensec_security->user.name = talloc_strdup(gensec_security, user);
|
||||
if (!gensec_security->user.name) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
@ -548,7 +544,7 @@ const char *gensec_get_username(struct gensec_security *gensec_security)
|
||||
|
||||
NTSTATUS gensec_set_domain(struct gensec_security *gensec_security, const char *domain)
|
||||
{
|
||||
gensec_security->user.domain = talloc_strdup(gensec_security->mem_ctx, domain);
|
||||
gensec_security->user.domain = talloc_strdup(gensec_security, domain);
|
||||
if (!gensec_security->user.domain) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
@ -577,7 +573,7 @@ const char *gensec_get_domain(struct gensec_security *gensec_security)
|
||||
|
||||
NTSTATUS gensec_set_realm(struct gensec_security *gensec_security, const char *realm)
|
||||
{
|
||||
gensec_security->user.realm = talloc_strdup(gensec_security->mem_ctx, realm);
|
||||
gensec_security->user.realm = talloc_strdup(gensec_security, realm);
|
||||
if (!gensec_security->user.realm) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
@ -625,7 +621,7 @@ char *gensec_get_client_principal(struct gensec_security *gensec_security, TALLO
|
||||
NTSTATUS gensec_set_password(struct gensec_security *gensec_security,
|
||||
const char *password)
|
||||
{
|
||||
gensec_security->user.password = talloc_strdup(gensec_security->mem_ctx, password);
|
||||
gensec_security->user.password = talloc_strdup(gensec_security, password);
|
||||
if (!gensec_security->user.password) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
@ -639,7 +635,7 @@ NTSTATUS gensec_set_password(struct gensec_security *gensec_security,
|
||||
|
||||
NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, const char *principal)
|
||||
{
|
||||
gensec_security->target.principal = talloc_strdup(gensec_security->mem_ctx, principal);
|
||||
gensec_security->target.principal = talloc_strdup(gensec_security, principal);
|
||||
if (!gensec_security->target.principal) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
@ -653,7 +649,7 @@ NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, co
|
||||
|
||||
NTSTATUS gensec_set_target_service(struct gensec_security *gensec_security, const char *service)
|
||||
{
|
||||
gensec_security->target.service = talloc_strdup(gensec_security->mem_ctx, service);
|
||||
gensec_security->target.service = talloc_strdup(gensec_security, service);
|
||||
if (!gensec_security->target.service) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
@ -667,7 +663,7 @@ NTSTATUS gensec_set_target_service(struct gensec_security *gensec_security, cons
|
||||
|
||||
NTSTATUS gensec_set_target_hostname(struct gensec_security *gensec_security, const char *hostname)
|
||||
{
|
||||
gensec_security->target.hostname = talloc_strdup(gensec_security->mem_ctx, hostname);
|
||||
gensec_security->target.hostname = talloc_strdup(gensec_security, hostname);
|
||||
if (!gensec_security->target.hostname) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
@ -88,7 +88,6 @@ typedef NTSTATUS (*gensec_password_callback)(struct gensec_security *gensec_secu
|
||||
#define GENSEC_INTERFACE_VERSION 0
|
||||
|
||||
struct gensec_security {
|
||||
TALLOC_CTX *mem_ctx;
|
||||
gensec_password_callback password_callback;
|
||||
void *password_callback_private;
|
||||
const struct gensec_security_ops *ops;
|
||||
|
||||
@ -367,14 +367,14 @@ static NTSTATUS gensec_krb5_client_start(struct gensec_security *gensec_security
|
||||
char *password;
|
||||
time_t kdc_time = 0;
|
||||
nt_status = gensec_get_password(gensec_security,
|
||||
gensec_security->mem_ctx,
|
||||
gensec_security,
|
||||
&password);
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
ret = kerberos_kinit_password_cc(gensec_krb5_state->krb5_context, gensec_krb5_state->krb5_ccache,
|
||||
gensec_get_client_principal(gensec_security, gensec_security->mem_ctx),
|
||||
gensec_get_client_principal(gensec_security, gensec_security),
|
||||
password, NULL, &kdc_time);
|
||||
|
||||
/* cope with ticket being in the future due to clock skew */
|
||||
|
||||
@ -1458,7 +1458,7 @@ int ldap_bind_sasl(struct ldap_connection *conn, const char *username, const cha
|
||||
if (conn == NULL)
|
||||
return result;
|
||||
|
||||
status = gensec_client_start(&conn->gensec);
|
||||
status = gensec_client_start(conn, &conn->gensec);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(0, ("Failed to start GENSEC engine (%s)\n", nt_errstr(status)));
|
||||
return result;
|
||||
|
||||
@ -395,7 +395,7 @@ static NTSTATUS smb_raw_session_setup_generic_spnego(struct smbcli_session *sess
|
||||
|
||||
smbcli_temp_set_signing(session->transport);
|
||||
|
||||
status = gensec_client_start(&session->gensec);
|
||||
status = gensec_client_start(session, &session->gensec);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(1, ("Failed to start GENSEC client mode: %s\n", nt_errstr(status)));
|
||||
goto done;
|
||||
|
||||
@ -58,7 +58,7 @@ NTSTATUS dcerpc_bind_auth3(struct dcerpc_pipe *p, uint8_t auth_type, uint8_t aut
|
||||
}
|
||||
|
||||
if (!p->security_state.generic_state) {
|
||||
status = gensec_client_start(&p->security_state.generic_state);
|
||||
status = gensec_client_start(p, &p->security_state.generic_state);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
@ -136,7 +136,7 @@ NTSTATUS dcerpc_bind_alter(struct dcerpc_pipe *p, uint8_t auth_type, uint8_t aut
|
||||
}
|
||||
|
||||
if (!p->security_state.generic_state) {
|
||||
status = gensec_client_start(&p->security_state.generic_state);
|
||||
status = gensec_client_start(p, &p->security_state.generic_state);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
|
||||
@ -37,7 +37,7 @@ NTSTATUS dcerpc_bind_auth_ntlm(struct dcerpc_pipe *p,
|
||||
p->flags |= DCERPC_CONNECT;
|
||||
}
|
||||
|
||||
status = gensec_client_start(&p->security_state.generic_state);
|
||||
status = gensec_client_start(p, &p->security_state.generic_state);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(1, ("Failed to start GENSEC client mode: %s\n", nt_errstr(status)));
|
||||
return status;
|
||||
|
||||
@ -436,7 +436,7 @@ NTSTATUS dcerpc_bind_auth_schannel(struct dcerpc_pipe *p,
|
||||
NTSTATUS status;
|
||||
int chan_type = 0;
|
||||
|
||||
status = gensec_client_start(&p->security_state.generic_state);
|
||||
status = gensec_client_start(p, &p->security_state.generic_state);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
|
||||
@ -33,7 +33,7 @@ NTSTATUS dcerpc_bind_auth_spnego(struct dcerpc_pipe *p,
|
||||
{
|
||||
NTSTATUS status;
|
||||
|
||||
status = gensec_client_start(&p->security_state.generic_state);
|
||||
status = gensec_client_start(p, &p->security_state.generic_state);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(1, ("Failed to start GENSEC client mode: %s\n", nt_errstr(status)));
|
||||
return status;
|
||||
|
||||
@ -48,7 +48,7 @@ NTSTATUS dcesrv_crypto_select_type(struct dcesrv_connection *dce_conn,
|
||||
*/
|
||||
}
|
||||
|
||||
status = gensec_server_start(&auth->gensec_security);
|
||||
status = gensec_server_start(dce_conn, &auth->gensec_security);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
|
||||
return status;
|
||||
|
||||
@ -306,7 +306,7 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
|
||||
struct gensec_security *gensec_security;
|
||||
DATA_BLOB null_data_blob = data_blob(NULL, 0);
|
||||
DATA_BLOB blob;
|
||||
NTSTATUS nt_status = gensec_server_start(&gensec_security);
|
||||
NTSTATUS nt_status = gensec_server_start(req->smb_conn, &gensec_security);
|
||||
|
||||
if (req->smb_conn->negotiate.auth_context) {
|
||||
smbsrv_terminate_connection(req->smb_conn, "reply_nt1: is this a secondary negprot? auth_context is non-NULL!\n");
|
||||
|
||||
@ -221,7 +221,7 @@ static NTSTATUS sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup
|
||||
|
||||
status = gensec_update(smb_sess->gensec_ctx, req, sess->spnego.in.secblob, &sess->spnego.out.secblob);
|
||||
} else {
|
||||
status = gensec_server_start(&gensec_ctx);
|
||||
status = gensec_server_start(req->smb_conn, &gensec_ctx);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
|
||||
return status;
|
||||
|
||||
@ -315,7 +315,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
|
||||
case NTLMSSP_CLIENT_1:
|
||||
/* setup the client side */
|
||||
|
||||
if (!NT_STATUS_IS_OK(gensec_client_start(gensec_state))) {
|
||||
if (!NT_STATUS_IS_OK(gensec_client_start(NULL, gensec_state))) {
|
||||
exit(1);
|
||||
}
|
||||
gensec_set_username(*gensec_state, opt_username);
|
||||
@ -334,7 +334,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
|
||||
break;
|
||||
case GSS_SPNEGO_SERVER:
|
||||
case SQUID_2_5_NTLMSSP:
|
||||
if (!NT_STATUS_IS_OK(gensec_server_start(gensec_state))) {
|
||||
if (!NT_STATUS_IS_OK(gensec_server_start(NULL, gensec_state))) {
|
||||
exit(1);
|
||||
}
|
||||
break;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user