mirror of
https://github.com/samba-team/samba.git
synced 2025-03-23 06:50:21 +03:00
gensec: move event context from gensec_*_init() to gensec_update()
This avoids keeping the event context around on a the gensec_security context structure long term. In the Samba3 server, the event context we either supply is a NULL pointer as no server-side modules currently use the event context. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Andrew Bartlett
parent
0f2b27e7d4
commit
e7d5f0a357
@ -197,12 +197,13 @@ _PUBLIC_ NTSTATUS gensec_session_info(struct gensec_security *gensec_security,
|
||||
*/
|
||||
|
||||
_PUBLIC_ NTSTATUS gensec_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
|
||||
const DATA_BLOB in, DATA_BLOB *out)
|
||||
struct tevent_context *ev,
|
||||
const DATA_BLOB in, DATA_BLOB *out)
|
||||
{
|
||||
NTSTATUS status;
|
||||
|
||||
status = gensec_security->ops->update(gensec_security, out_mem_ctx,
|
||||
in, out);
|
||||
ev, in, out);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
@ -305,7 +306,7 @@ static void gensec_update_async_trigger(struct tevent_context *ctx,
|
||||
tevent_req_data(req, struct gensec_update_state);
|
||||
NTSTATUS status;
|
||||
|
||||
status = gensec_update(state->gensec_security, state,
|
||||
status = gensec_update(state->gensec_security, state, ctx,
|
||||
state->in, &state->out);
|
||||
if (tevent_req_nterror(req, status)) {
|
||||
return;
|
||||
|
||||
@ -92,6 +92,7 @@ struct gensec_security_ops {
|
||||
NTSTATUS (*magic)(struct gensec_security *gensec_security,
|
||||
const DATA_BLOB *first_packet);
|
||||
NTSTATUS (*update)(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
|
||||
struct tevent_context *ev,
|
||||
const DATA_BLOB in, DATA_BLOB *out);
|
||||
NTSTATUS (*seal_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
|
||||
uint8_t *data, size_t length,
|
||||
@ -161,7 +162,6 @@ struct gensec_security {
|
||||
bool subcontext;
|
||||
uint32_t want_features;
|
||||
uint8_t dcerpc_auth_level;
|
||||
struct tevent_context *event_ctx;
|
||||
struct tsocket_address *local_addr, *remote_addr;
|
||||
struct gensec_settings *settings;
|
||||
|
||||
@ -212,13 +212,13 @@ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx,
|
||||
struct gensec_security **gensec_security);
|
||||
NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
|
||||
struct gensec_security **gensec_security,
|
||||
struct tevent_context *ev,
|
||||
struct gensec_settings *settings);
|
||||
NTSTATUS gensec_start_mech_by_ops(struct gensec_security *gensec_security,
|
||||
const struct gensec_security_ops *ops);
|
||||
NTSTATUS gensec_start_mech_by_sasl_list(struct gensec_security *gensec_security,
|
||||
const char **sasl_names);
|
||||
NTSTATUS gensec_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
|
||||
struct tevent_context *ev,
|
||||
const DATA_BLOB in, DATA_BLOB *out);
|
||||
struct tevent_req *gensec_update_send(TALLOC_CTX *mem_ctx,
|
||||
struct tevent_context *ev,
|
||||
@ -267,7 +267,6 @@ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_security,
|
||||
uint8_t auth_type, uint8_t auth_level);
|
||||
const char *gensec_get_name_by_authtype(struct gensec_security *gensec_security, uint8_t authtype);
|
||||
NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
|
||||
struct tevent_context *ev,
|
||||
struct gensec_settings *settings,
|
||||
struct auth4_context *auth_context,
|
||||
struct gensec_security **gensec_security);
|
||||
|
||||
@ -506,7 +506,6 @@ const char **gensec_security_oids(struct gensec_security *gensec_security,
|
||||
@ gensec_security return
|
||||
*/
|
||||
static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx,
|
||||
struct tevent_context *ev,
|
||||
struct gensec_settings *settings,
|
||||
struct auth4_context *auth_context,
|
||||
struct gensec_security **gensec_security)
|
||||
@ -514,7 +513,6 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx,
|
||||
(*gensec_security) = talloc_zero(mem_ctx, struct gensec_security);
|
||||
NT_STATUS_HAVE_NO_MEMORY(*gensec_security);
|
||||
|
||||
(*gensec_security)->event_ctx = ev;
|
||||
SMB_ASSERT(settings->lp_ctx != NULL);
|
||||
(*gensec_security)->settings = talloc_reference(*gensec_security, settings);
|
||||
|
||||
@ -548,7 +546,6 @@ _PUBLIC_ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx,
|
||||
(*gensec_security)->subcontext = true;
|
||||
(*gensec_security)->want_features = parent->want_features;
|
||||
(*gensec_security)->dcerpc_auth_level = parent->dcerpc_auth_level;
|
||||
(*gensec_security)->event_ctx = parent->event_ctx;
|
||||
(*gensec_security)->auth_context = talloc_reference(*gensec_security, parent->auth_context);
|
||||
(*gensec_security)->settings = talloc_reference(*gensec_security, parent->settings);
|
||||
(*gensec_security)->auth_context = talloc_reference(*gensec_security, parent->auth_context);
|
||||
@ -564,7 +561,6 @@ _PUBLIC_ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx,
|
||||
*/
|
||||
_PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
|
||||
struct gensec_security **gensec_security,
|
||||
struct tevent_context *ev,
|
||||
struct gensec_settings *settings)
|
||||
{
|
||||
NTSTATUS status;
|
||||
@ -574,7 +570,7 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
|
||||
return NT_STATUS_INTERNAL_ERROR;
|
||||
}
|
||||
|
||||
status = gensec_start(mem_ctx, ev, settings, NULL, gensec_security);
|
||||
status = gensec_start(mem_ctx, settings, NULL, gensec_security);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
@ -592,7 +588,6 @@ _PUBLIC_ NTSTATUS gensec_client_start(TALLOC_CTX *mem_ctx,
|
||||
@note The mem_ctx is only a parent and may be NULL.
|
||||
*/
|
||||
_PUBLIC_ NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
|
||||
struct tevent_context *ev,
|
||||
struct gensec_settings *settings,
|
||||
struct auth4_context *auth_context,
|
||||
struct gensec_security **gensec_security)
|
||||
@ -604,7 +599,7 @@ _PUBLIC_ NTSTATUS gensec_server_start(TALLOC_CTX *mem_ctx,
|
||||
return NT_STATUS_INTERNAL_ERROR;
|
||||
}
|
||||
|
||||
status = gensec_start(mem_ctx, ev, settings, auth_context, gensec_security);
|
||||
status = gensec_start(mem_ctx, settings, auth_context, gensec_security);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
|
||||
@ -67,6 +67,7 @@ static NTSTATUS gensec_ntlmssp3_server_session_info(struct gensec_security *gens
|
||||
|
||||
static NTSTATUS gensec_ntlmssp3_server_update(struct gensec_security *gensec_security,
|
||||
TALLOC_CTX *out_mem_ctx,
|
||||
struct tevent_context *ev,
|
||||
const DATA_BLOB request,
|
||||
DATA_BLOB *reply)
|
||||
{
|
||||
@ -268,7 +269,7 @@ NTSTATUS auth_ntlmssp_prepare(const struct tsocket_address *remote_address,
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
nt_status = gensec_server_start(ans, NULL, gensec_settings,
|
||||
nt_status = gensec_server_start(ans, gensec_settings,
|
||||
NULL, &ans->gensec_security);
|
||||
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
|
||||
@ -166,7 +166,7 @@ NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *ans,
|
||||
{
|
||||
NTSTATUS status;
|
||||
if (ans->gensec_security) {
|
||||
return gensec_update(ans->gensec_security, mem_ctx, request, reply);
|
||||
return gensec_update(ans->gensec_security, mem_ctx, NULL, request, reply);
|
||||
}
|
||||
status = ntlmssp_update(ans->ntlmssp_state, request, reply);
|
||||
if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
|
||||
|
||||
@ -267,7 +267,8 @@ static NTSTATUS gensec_gssapi_sasl_server_start(struct gensec_security *gensec_s
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
static NTSTATUS gensec_gssapi_client_creds(struct gensec_security *gensec_security)
|
||||
static NTSTATUS gensec_gssapi_client_creds(struct gensec_security *gensec_security,
|
||||
struct tevent_context *ev)
|
||||
{
|
||||
struct gensec_gssapi_state *gensec_gssapi_state;
|
||||
struct gssapi_creds_container *gcc;
|
||||
@ -283,8 +284,8 @@ static NTSTATUS gensec_gssapi_client_creds(struct gensec_security *gensec_securi
|
||||
}
|
||||
|
||||
ret = cli_credentials_get_client_gss_creds(creds,
|
||||
gensec_security->event_ctx,
|
||||
gensec_security->settings->lp_ctx, &gcc, &error_string);
|
||||
ev,
|
||||
gensec_security->settings->lp_ctx, &gcc, &error_string);
|
||||
switch (ret) {
|
||||
case 0:
|
||||
break;
|
||||
@ -423,8 +424,9 @@ static NTSTATUS gensec_gssapi_magic(struct gensec_security *gensec_security,
|
||||
*/
|
||||
|
||||
static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security,
|
||||
TALLOC_CTX *out_mem_ctx,
|
||||
const DATA_BLOB in, DATA_BLOB *out)
|
||||
TALLOC_CTX *out_mem_ctx,
|
||||
struct tevent_context *ev,
|
||||
const DATA_BLOB in, DATA_BLOB *out)
|
||||
{
|
||||
struct gensec_gssapi_state *gensec_gssapi_state
|
||||
= talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
|
||||
@ -445,13 +447,13 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security,
|
||||
struct gsskrb5_send_to_kdc send_to_kdc;
|
||||
krb5_error_code ret;
|
||||
|
||||
nt_status = gensec_gssapi_client_creds(gensec_security);
|
||||
nt_status = gensec_gssapi_client_creds(gensec_security, ev);
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
send_to_kdc.func = smb_krb5_send_and_recv_func;
|
||||
send_to_kdc.ptr = gensec_security->event_ctx;
|
||||
send_to_kdc.ptr = ev;
|
||||
|
||||
min_stat = gsskrb5_set_send_to_kdc(&send_to_kdc);
|
||||
if (min_stat) {
|
||||
|
||||
@ -272,7 +272,9 @@ static NTSTATUS gensec_krb5_common_client_start(struct gensec_security *gensec_s
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_security, bool gssapi)
|
||||
static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_security,
|
||||
struct tevent_context *ev,
|
||||
bool gssapi)
|
||||
{
|
||||
struct gensec_krb5_state *gensec_krb5_state;
|
||||
krb5_error_code ret;
|
||||
@ -289,7 +291,7 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s
|
||||
hostname = gensec_get_target_hostname(gensec_security);
|
||||
|
||||
ret = cli_credentials_get_ccache(gensec_get_credentials(gensec_security),
|
||||
gensec_security->event_ctx,
|
||||
ev,
|
||||
gensec_security->settings->lp_ctx, &ccache_container, &error_string);
|
||||
switch (ret) {
|
||||
case 0:
|
||||
@ -311,7 +313,7 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s
|
||||
in_data.length = 0;
|
||||
|
||||
/* Do this every time, in case we have weird recursive issues here */
|
||||
ret = smb_krb5_context_set_event_ctx(gensec_krb5_state->smb_krb5_context, gensec_security->event_ctx, &previous_ev);
|
||||
ret = smb_krb5_context_set_event_ctx(gensec_krb5_state->smb_krb5_context, ev, &previous_ev);
|
||||
if (ret != 0) {
|
||||
DEBUG(1, ("gensec_krb5_start: Setting event context failed\n"));
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
@ -340,7 +342,7 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s
|
||||
&gensec_krb5_state->enc_ticket);
|
||||
}
|
||||
|
||||
smb_krb5_context_remove_event_ctx(gensec_krb5_state->smb_krb5_context, previous_ev, gensec_security->event_ctx);
|
||||
smb_krb5_context_remove_event_ctx(gensec_krb5_state->smb_krb5_context, previous_ev, ev);
|
||||
|
||||
switch (ret) {
|
||||
case 0:
|
||||
@ -423,6 +425,7 @@ static NTSTATUS gensec_fake_gssapi_krb5_magic(struct gensec_security *gensec_sec
|
||||
|
||||
static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security,
|
||||
TALLOC_CTX *out_mem_ctx,
|
||||
struct tevent_context *ev,
|
||||
const DATA_BLOB in, DATA_BLOB *out)
|
||||
{
|
||||
struct gensec_krb5_state *gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
|
||||
@ -434,7 +437,7 @@ static NTSTATUS gensec_krb5_update(struct gensec_security *gensec_security,
|
||||
{
|
||||
DATA_BLOB unwrapped_out;
|
||||
|
||||
nt_status = gensec_krb5_common_client_creds(gensec_security, gensec_krb5_state->gssapi);
|
||||
nt_status = gensec_krb5_common_client_creds(gensec_security, ev, gensec_krb5_state->gssapi);
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
@ -82,7 +82,6 @@ static PyObject *py_gensec_start_client(PyTypeObject *type, PyObject *args, PyOb
|
||||
struct gensec_settings *settings;
|
||||
const char *kwnames[] = { "settings", NULL };
|
||||
PyObject *py_settings;
|
||||
struct tevent_context *ev;
|
||||
struct gensec_security *gensec;
|
||||
|
||||
if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|O", discard_const_p(char *, kwnames), &py_settings))
|
||||
@ -120,13 +119,6 @@ static PyObject *py_gensec_start_client(PyTypeObject *type, PyObject *args, PyOb
|
||||
}
|
||||
}
|
||||
|
||||
ev = tevent_context_init(self->talloc_ctx);
|
||||
if (ev == NULL) {
|
||||
PyErr_NoMemory();
|
||||
PyObject_Del(self);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
status = gensec_init();
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
PyErr_SetNTSTATUS(status);
|
||||
@ -134,7 +126,7 @@ static PyObject *py_gensec_start_client(PyTypeObject *type, PyObject *args, PyOb
|
||||
return NULL;
|
||||
}
|
||||
|
||||
status = gensec_client_start(self->talloc_ctx, &gensec, ev, settings);
|
||||
status = gensec_client_start(self->talloc_ctx, &gensec, settings);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
PyErr_SetNTSTATUS(status);
|
||||
PyObject_DEL(self);
|
||||
@ -154,7 +146,6 @@ static PyObject *py_gensec_start_server(PyTypeObject *type, PyObject *args, PyOb
|
||||
const char *kwnames[] = { "settings", "auth_context", NULL };
|
||||
PyObject *py_settings = Py_None;
|
||||
PyObject *py_auth_context = Py_None;
|
||||
struct tevent_context *ev;
|
||||
struct gensec_security *gensec;
|
||||
struct auth4_context *auth_context = NULL;
|
||||
|
||||
@ -193,13 +184,6 @@ static PyObject *py_gensec_start_server(PyTypeObject *type, PyObject *args, PyOb
|
||||
}
|
||||
}
|
||||
|
||||
ev = tevent_context_init(self->talloc_ctx);
|
||||
if (ev == NULL) {
|
||||
PyErr_NoMemory();
|
||||
PyObject_Del(self);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (py_auth_context != Py_None) {
|
||||
auth_context = pytalloc_get_type(py_auth_context, struct auth4_context);
|
||||
if (!auth_context) {
|
||||
@ -217,7 +201,7 @@ static PyObject *py_gensec_start_server(PyTypeObject *type, PyObject *args, PyOb
|
||||
return NULL;
|
||||
}
|
||||
|
||||
status = gensec_server_start(self->talloc_ctx, ev, settings, auth_context, &gensec);
|
||||
status = gensec_server_start(self->talloc_ctx, settings, auth_context, &gensec);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
PyErr_SetNTSTATUS(status);
|
||||
PyObject_DEL(self);
|
||||
@ -368,6 +352,7 @@ static PyObject *py_gensec_update(PyObject *self, PyObject *args)
|
||||
PyObject *ret, *py_in;
|
||||
struct gensec_security *security = pytalloc_get_type(self, struct gensec_security);
|
||||
PyObject *finished_processing;
|
||||
struct tevent_context *ev;
|
||||
|
||||
if (!PyArg_ParseTuple(args, "O", &py_in))
|
||||
return NULL;
|
||||
@ -382,7 +367,14 @@ static PyObject *py_gensec_update(PyObject *self, PyObject *args)
|
||||
in.data = (uint8_t *)PyString_AsString(py_in);
|
||||
in.length = PyString_Size(py_in);
|
||||
|
||||
status = gensec_update(security, mem_ctx, in, &out);
|
||||
ev = tevent_context_init(mem_ctx);
|
||||
if (ev == NULL) {
|
||||
PyErr_NoMemory();
|
||||
PyObject_Del(self);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
status = gensec_update(security, mem_ctx, ev, in, &out);
|
||||
|
||||
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)
|
||||
&& !NT_STATUS_IS_OK(status)) {
|
||||
|
||||
@ -52,7 +52,8 @@ static NTSTATUS schannel_session_key(struct gensec_security *gensec_security,
|
||||
}
|
||||
|
||||
static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
|
||||
const DATA_BLOB in, DATA_BLOB *out)
|
||||
struct tevent_context *ev,
|
||||
const DATA_BLOB in, DATA_BLOB *out)
|
||||
{
|
||||
struct schannel_state *state = (struct schannel_state *)gensec_security->private_data;
|
||||
NTSTATUS status;
|
||||
|
||||
@ -331,6 +331,7 @@ static NTSTATUS gensec_spnego_session_info(struct gensec_security *gensec_securi
|
||||
|
||||
static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec_security,
|
||||
struct spnego_state *spnego_state,
|
||||
struct tevent_context *ev,
|
||||
TALLOC_CTX *out_mem_ctx,
|
||||
const DATA_BLOB in, DATA_BLOB *out)
|
||||
{
|
||||
@ -384,7 +385,7 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec
|
||||
return nt_status;
|
||||
}
|
||||
nt_status = gensec_update(spnego_state->sub_sec_security,
|
||||
out_mem_ctx, in, out);
|
||||
ev, out_mem_ctx, in, out);
|
||||
return nt_status;
|
||||
}
|
||||
DEBUG(1, ("Failed to parse SPNEGO request\n"));
|
||||
@ -400,6 +401,7 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec
|
||||
static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_security,
|
||||
struct spnego_state *spnego_state,
|
||||
TALLOC_CTX *out_mem_ctx,
|
||||
struct tevent_context *ev,
|
||||
const char **mechType,
|
||||
const DATA_BLOB unwrapped_in, DATA_BLOB *unwrapped_out)
|
||||
{
|
||||
@ -451,6 +453,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_
|
||||
|
||||
nt_status = gensec_update(spnego_state->sub_sec_security,
|
||||
out_mem_ctx,
|
||||
ev,
|
||||
unwrapped_in,
|
||||
unwrapped_out);
|
||||
if (NT_STATUS_EQUAL(nt_status, NT_STATUS_INVALID_PARAMETER) ||
|
||||
@ -504,6 +507,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_
|
||||
/* only get the helping start blob for the first OID */
|
||||
nt_status = gensec_update(spnego_state->sub_sec_security,
|
||||
out_mem_ctx,
|
||||
ev,
|
||||
null_data_blob,
|
||||
unwrapped_out);
|
||||
|
||||
@ -579,6 +583,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_
|
||||
static NTSTATUS gensec_spnego_create_negTokenInit(struct gensec_security *gensec_security,
|
||||
struct spnego_state *spnego_state,
|
||||
TALLOC_CTX *out_mem_ctx,
|
||||
struct tevent_context *ev,
|
||||
const DATA_BLOB in, DATA_BLOB *out)
|
||||
{
|
||||
int i;
|
||||
@ -619,6 +624,7 @@ static NTSTATUS gensec_spnego_create_negTokenInit(struct gensec_security *gensec
|
||||
if (spnego_state->state_position == SPNEGO_CLIENT_START) {
|
||||
nt_status = gensec_update(spnego_state->sub_sec_security,
|
||||
out_mem_ctx,
|
||||
ev,
|
||||
null_data_blob,
|
||||
&unwrapped_out);
|
||||
|
||||
@ -734,6 +740,7 @@ static NTSTATUS gensec_spnego_server_negTokenTarg(struct gensec_security *gensec
|
||||
|
||||
|
||||
static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
|
||||
struct tevent_context *ev,
|
||||
const DATA_BLOB in, DATA_BLOB *out)
|
||||
{
|
||||
struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data;
|
||||
@ -755,7 +762,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
|
||||
|
||||
switch (spnego_state->state_position) {
|
||||
case SPNEGO_FALLBACK:
|
||||
return gensec_update(spnego_state->sub_sec_security,
|
||||
return gensec_update(spnego_state->sub_sec_security, ev,
|
||||
out_mem_ctx, in, out);
|
||||
case SPNEGO_SERVER_START:
|
||||
{
|
||||
@ -764,8 +771,8 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
|
||||
|
||||
len = spnego_read_data(gensec_security, in, &spnego);
|
||||
if (len == -1) {
|
||||
return gensec_spnego_server_try_fallback(gensec_security, spnego_state,
|
||||
out_mem_ctx, in, out);
|
||||
return gensec_spnego_server_try_fallback(gensec_security, spnego_state,
|
||||
out_mem_ctx, ev, in, out);
|
||||
}
|
||||
/* client sent NegTargetInit, we send NegTokenTarg */
|
||||
|
||||
@ -781,6 +788,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
|
||||
nt_status = gensec_spnego_parse_negTokenInit(gensec_security,
|
||||
spnego_state,
|
||||
out_mem_ctx,
|
||||
ev,
|
||||
spnego.negTokenInit.mechTypes,
|
||||
spnego.negTokenInit.mechToken,
|
||||
&unwrapped_out);
|
||||
@ -798,7 +806,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
|
||||
return nt_status;
|
||||
} else {
|
||||
nt_status = gensec_spnego_create_negTokenInit(gensec_security, spnego_state,
|
||||
out_mem_ctx, in, out);
|
||||
out_mem_ctx, ev, in, out);
|
||||
spnego_state->state_position = SPNEGO_SERVER_START;
|
||||
spnego_state->expected_packet = SPNEGO_NEG_TOKEN_INIT;
|
||||
return nt_status;
|
||||
@ -815,7 +823,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
|
||||
if (!in.length) {
|
||||
/* client to produce negTokenInit */
|
||||
nt_status = gensec_spnego_create_negTokenInit(gensec_security, spnego_state,
|
||||
out_mem_ctx, in, out);
|
||||
out_mem_ctx, ev, in, out);
|
||||
spnego_state->state_position = SPNEGO_CLIENT_TARG;
|
||||
spnego_state->expected_packet = SPNEGO_NEG_TOKEN_TARG;
|
||||
return nt_status;
|
||||
@ -849,6 +857,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
|
||||
nt_status = gensec_spnego_parse_negTokenInit(gensec_security,
|
||||
spnego_state,
|
||||
out_mem_ctx,
|
||||
ev,
|
||||
spnego.negTokenInit.mechTypes,
|
||||
spnego.negTokenInit.mechToken,
|
||||
&unwrapped_out);
|
||||
@ -916,7 +925,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
|
||||
}
|
||||
|
||||
nt_status = gensec_update(spnego_state->sub_sec_security,
|
||||
out_mem_ctx,
|
||||
out_mem_ctx, ev,
|
||||
spnego.negTokenTarg.responseToken,
|
||||
&unwrapped_out);
|
||||
if (NT_STATUS_IS_OK(nt_status) && spnego.negTokenTarg.mechListMIC.length > 0) {
|
||||
@ -1012,7 +1021,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
|
||||
}
|
||||
|
||||
nt_status = gensec_update(spnego_state->sub_sec_security,
|
||||
out_mem_ctx,
|
||||
out_mem_ctx, ev,
|
||||
spnego.negTokenTarg.responseToken,
|
||||
&unwrapped_out);
|
||||
spnego_state->neg_oid = talloc_strdup(spnego_state, spnego.negTokenTarg.supportedMech);
|
||||
@ -1042,7 +1051,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
|
||||
bool new_spnego = false;
|
||||
|
||||
nt_status = gensec_update(spnego_state->sub_sec_security,
|
||||
out_mem_ctx,
|
||||
out_mem_ctx, ev,
|
||||
spnego.negTokenTarg.responseToken,
|
||||
&unwrapped_out);
|
||||
|
||||
|
||||
@ -142,6 +142,7 @@ static NTSTATUS gensec_ntlmssp_update_find(struct ntlmssp_state *ntlmssp_state,
|
||||
|
||||
static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security,
|
||||
TALLOC_CTX *out_mem_ctx,
|
||||
struct tevent_context *ev,
|
||||
const DATA_BLOB input, DATA_BLOB *out)
|
||||
{
|
||||
struct gensec_ntlmssp_context *gensec_ntlmssp =
|
||||
|
||||
@ -57,7 +57,6 @@ NTSTATUS samba_server_gensec_start(TALLOC_CTX *mem_ctx,
|
||||
}
|
||||
|
||||
nt_status = gensec_server_start(tmp_ctx,
|
||||
event_ctx,
|
||||
lpcfg_gensec_settings(mem_ctx, lp_ctx),
|
||||
auth_context,
|
||||
&gensec_ctx);
|
||||
|
||||
@ -571,7 +571,7 @@ enum kdc_process_ret kpasswdd_process(struct kdc_server *kdc,
|
||||
}
|
||||
|
||||
/* Accept the AP-REQ and generate teh AP-REP we need for the reply */
|
||||
nt_status = gensec_update(gensec_security, tmp_ctx, ap_req, &ap_rep);
|
||||
nt_status = gensec_update(gensec_security, tmp_ctx, kdc->task->event_ctx, ap_req, &ap_rep);
|
||||
if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
|
||||
|
||||
ret = kpasswdd_make_unauth_error_reply(kdc, mem_ctx,
|
||||
|
||||
@ -202,7 +202,7 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
|
||||
input = *req->creds.SASL.secblob;
|
||||
}
|
||||
|
||||
status = gensec_update(conn->gensec, reply,
|
||||
status = gensec_update(conn->gensec, reply, conn->connection->event.ctx,
|
||||
input, &output);
|
||||
|
||||
/* Windows 2000 mmc doesn't like secblob == NULL and reports a decoding error */
|
||||
|
||||
@ -225,7 +225,6 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn,
|
||||
gensec_init();
|
||||
|
||||
status = gensec_client_start(conn, &conn->gensec,
|
||||
conn->event.event_ctx,
|
||||
lpcfg_gensec_settings(conn, lp_ctx));
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(0, ("Failed to start GENSEC engine (%s)\n", nt_errstr(status)));
|
||||
@ -319,6 +318,7 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn,
|
||||
int result = LDAP_OTHER;
|
||||
|
||||
status = gensec_update(conn->gensec, tmp_ctx,
|
||||
conn->event.event_ctx,
|
||||
input,
|
||||
&output);
|
||||
/* The status value here, from GENSEC is vital to the security
|
||||
|
||||
@ -53,7 +53,6 @@ struct smb2_session *smb2_session_init(struct smb2_transport *transport,
|
||||
|
||||
/* prepare a gensec context for later use */
|
||||
status = gensec_client_start(session, &session->gensec,
|
||||
session->transport->socket->event.ctx,
|
||||
settings);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
talloc_free(session);
|
||||
@ -203,6 +202,7 @@ struct tevent_req *smb2_session_setup_spnego_send(TALLOC_CTX *mem_ctx,
|
||||
}
|
||||
|
||||
status = gensec_update(session->gensec, state,
|
||||
session->transport->socket->event.ctx,
|
||||
session->transport->negotiate.secblob,
|
||||
&state->io.in.secblob);
|
||||
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
|
||||
@ -242,6 +242,7 @@ static void smb2_session_setup_spnego_handler(struct smb2_request *subreq)
|
||||
(NT_STATUS_IS_OK(peer_status) &&
|
||||
NT_STATUS_EQUAL(state->gensec_status, NT_STATUS_MORE_PROCESSING_REQUIRED))) {
|
||||
status = gensec_update(session->gensec, state,
|
||||
session->transport->socket->event.ctx,
|
||||
state->io.out.secblob,
|
||||
&state->io.in.secblob);
|
||||
state->gensec_status = status;
|
||||
|
||||
@ -181,7 +181,7 @@ static void request_handler(struct smbcli_request *req)
|
||||
* host/attacker might avoid mutal authentication
|
||||
* requirements */
|
||||
|
||||
state->gensec_status = gensec_update(session->gensec, state,
|
||||
state->gensec_status = gensec_update(session->gensec, state, c->event_ctx,
|
||||
state->setup.spnego.out.secblob,
|
||||
&state->setup.spnego.in.secblob);
|
||||
c->status = state->gensec_status;
|
||||
@ -443,7 +443,7 @@ static NTSTATUS session_setup_spnego(struct composite_context *c,
|
||||
|
||||
smbcli_temp_set_signing(session->transport);
|
||||
|
||||
status = gensec_client_start(session, &session->gensec, c->event_ctx,
|
||||
status = gensec_client_start(session, &session->gensec,
|
||||
io->in.gensec_settings);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(1, ("Failed to start GENSEC client mode: %s\n", nt_errstr(status)));
|
||||
@ -500,10 +500,12 @@ static NTSTATUS session_setup_spnego(struct composite_context *c,
|
||||
|
||||
if ((const void *)chosen_oid == (const void *)GENSEC_OID_SPNEGO) {
|
||||
status = gensec_update(session->gensec, state,
|
||||
c->event_ctx,
|
||||
session->transport->negotiate.secblob,
|
||||
&state->setup.spnego.in.secblob);
|
||||
} else {
|
||||
status = gensec_update(session->gensec, state,
|
||||
c->event_ctx,
|
||||
data_blob(NULL, 0),
|
||||
&state->setup.spnego.in.secblob);
|
||||
|
||||
|
||||
@ -132,6 +132,7 @@ static void bind_auth_next_step(struct composite_context *c)
|
||||
*/
|
||||
|
||||
c->status = gensec_update(sec->generic_state, state,
|
||||
state->pipe->conn->event_ctx,
|
||||
sec->auth_info->credentials,
|
||||
&state->credentials);
|
||||
data_blob_free(&sec->auth_info->credentials);
|
||||
@ -255,7 +256,6 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
|
||||
sec = &p->conn->security_state;
|
||||
|
||||
c->status = gensec_client_start(p, &sec->generic_state,
|
||||
p->conn->event_ctx,
|
||||
gensec_settings);
|
||||
if (!NT_STATUS_IS_OK(c->status)) {
|
||||
DEBUG(1, ("Failed to start GENSEC client mode: %s\n",
|
||||
@ -334,6 +334,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx,
|
||||
*/
|
||||
|
||||
c->status = gensec_update(sec->generic_state, state,
|
||||
p->conn->event_ctx,
|
||||
sec->auth_info->credentials,
|
||||
&state->credentials);
|
||||
if (!NT_STATUS_IS_OK(c->status) &&
|
||||
|
||||
@ -113,7 +113,7 @@ NTSTATUS dcesrv_auth_bind_ack(struct dcesrv_call_state *call, struct ncacn_packe
|
||||
}
|
||||
|
||||
status = gensec_update(dce_conn->auth_state.gensec_security,
|
||||
call,
|
||||
call, call->event_ctx,
|
||||
dce_conn->auth_state.auth_info->credentials,
|
||||
&dce_conn->auth_state.auth_info->credentials);
|
||||
|
||||
@ -171,7 +171,7 @@ bool dcesrv_auth_auth3(struct dcesrv_call_state *call)
|
||||
|
||||
/* Pass the extra data we got from the client down to gensec for processing */
|
||||
status = gensec_update(dce_conn->auth_state.gensec_security,
|
||||
call,
|
||||
call, call->event_ctx,
|
||||
dce_conn->auth_state.auth_info->credentials,
|
||||
&dce_conn->auth_state.auth_info->credentials);
|
||||
if (NT_STATUS_IS_OK(status)) {
|
||||
@ -250,7 +250,7 @@ NTSTATUS dcesrv_auth_alter_ack(struct dcesrv_call_state *call, struct ncacn_pack
|
||||
}
|
||||
|
||||
status = gensec_update(dce_conn->auth_state.gensec_security,
|
||||
call,
|
||||
call, call->event_ctx,
|
||||
dce_conn->auth_state.auth_info->credentials,
|
||||
&dce_conn->auth_state.auth_info->credentials);
|
||||
|
||||
|
||||
@ -392,7 +392,7 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
|
||||
|
||||
if (NT_STATUS_IS_OK(nt_status)) {
|
||||
/* Get and push the proposed OID list into the packets */
|
||||
nt_status = gensec_update(gensec_security, req, null_data_blob, &blob);
|
||||
nt_status = gensec_update(gensec_security, req, req->smb_conn->connection->event.ctx, null_data_blob, &blob);
|
||||
|
||||
if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
|
||||
DEBUG(1, ("Failed to get SPNEGO to give us the first token: %s\n", nt_errstr(nt_status)));
|
||||
|
||||
@ -79,7 +79,7 @@ static NTSTATUS smb2srv_negprot_secblob(struct smb2srv_request *req, DATA_BLOB *
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
nt_status = gensec_update(gensec_security, req, null_data_blob, &blob);
|
||||
nt_status = gensec_update(gensec_security, req, req->smb_conn->connection->event.ctx, null_data_blob, &blob);
|
||||
if (!NT_STATUS_IS_OK(nt_status) && !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
|
||||
DEBUG(0, ("Failed to get SPNEGO to give us the first token: %s\n", nt_errstr(nt_status)));
|
||||
smbsrv_terminate_connection(req->smb_conn, "Failed to start SPNEGO - no first token\n");
|
||||
|
||||
@ -36,7 +36,7 @@ static bool torture_ntlmssp_self_check(struct torture_context *tctx)
|
||||
|
||||
torture_assert_ntstatus_ok(tctx,
|
||||
gensec_client_start(mem_ctx, &gensec_security,
|
||||
tctx->ev, lpcfg_gensec_settings(tctx, tctx->lp_ctx)),
|
||||
lpcfg_gensec_settings(tctx, tctx->lp_ctx)),
|
||||
"gensec client start");
|
||||
|
||||
gensec_set_credentials(gensec_security, cmdline_credentials);
|
||||
@ -93,7 +93,7 @@ static bool torture_ntlmssp_self_check(struct torture_context *tctx)
|
||||
|
||||
torture_assert_ntstatus_ok(tctx,
|
||||
gensec_client_start(mem_ctx, &gensec_security,
|
||||
tctx->ev, lpcfg_gensec_settings(tctx, tctx->lp_ctx)),
|
||||
lpcfg_gensec_settings(tctx, tctx->lp_ctx)),
|
||||
"Failed to start GENSEC for NTLMSSP");
|
||||
|
||||
gensec_set_credentials(gensec_security, cmdline_credentials);
|
||||
|
||||
@ -85,7 +85,7 @@ static bool test_PACVerify(struct torture_context *tctx,
|
||||
return false;
|
||||
}
|
||||
|
||||
status = gensec_client_start(tctx, &gensec_client_context, tctx->ev,
|
||||
status = gensec_client_start(tctx, &gensec_client_context,
|
||||
lpcfg_gensec_settings(tctx, tctx->lp_ctx));
|
||||
torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed");
|
||||
|
||||
@ -97,7 +97,7 @@ static bool test_PACVerify(struct torture_context *tctx,
|
||||
status = gensec_start_mech_by_sasl_name(gensec_client_context, "GSSAPI");
|
||||
torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (client) failed");
|
||||
|
||||
status = gensec_server_start(tctx, tctx->ev,
|
||||
status = gensec_server_start(tctx,
|
||||
lpcfg_gensec_settings(tctx, tctx->lp_ctx),
|
||||
NULL, &gensec_server_context);
|
||||
torture_assert_ntstatus_ok(tctx, status, "gensec_server_start (server) failed");
|
||||
@ -112,12 +112,12 @@ static bool test_PACVerify(struct torture_context *tctx,
|
||||
|
||||
do {
|
||||
/* Do a client-server update dance */
|
||||
status = gensec_update(gensec_client_context, tmp_ctx, server_to_client, &client_to_server);
|
||||
status = gensec_update(gensec_client_context, tmp_ctx, tctx->ev, server_to_client, &client_to_server);
|
||||
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
|
||||
torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed");
|
||||
}
|
||||
|
||||
status = gensec_update(gensec_server_context, tmp_ctx, client_to_server, &server_to_client);
|
||||
status = gensec_update(gensec_server_context, tmp_ctx, tctx->ev, client_to_server, &server_to_client);
|
||||
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
|
||||
torture_assert_ntstatus_ok(tctx, status, "gensec_update (server) failed");
|
||||
}
|
||||
@ -424,7 +424,7 @@ static bool test_S2U4Self(struct torture_context *tctx,
|
||||
|
||||
/* First, do a normal Kerberos connection */
|
||||
|
||||
status = gensec_client_start(tctx, &gensec_client_context, tctx->ev,
|
||||
status = gensec_client_start(tctx, &gensec_client_context,
|
||||
lpcfg_gensec_settings(tctx, tctx->lp_ctx));
|
||||
torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed");
|
||||
|
||||
@ -436,7 +436,7 @@ static bool test_S2U4Self(struct torture_context *tctx,
|
||||
status = gensec_start_mech_by_sasl_name(gensec_client_context, "GSSAPI");
|
||||
torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (client) failed");
|
||||
|
||||
status = gensec_server_start(tctx, tctx->ev,
|
||||
status = gensec_server_start(tctx,
|
||||
lpcfg_gensec_settings(tctx, tctx->lp_ctx),
|
||||
NULL, &gensec_server_context);
|
||||
torture_assert_ntstatus_ok(tctx, status, "gensec_server_start (server) failed");
|
||||
@ -451,12 +451,12 @@ static bool test_S2U4Self(struct torture_context *tctx,
|
||||
|
||||
do {
|
||||
/* Do a client-server update dance */
|
||||
status = gensec_update(gensec_client_context, tmp_ctx, server_to_client, &client_to_server);
|
||||
status = gensec_update(gensec_client_context, tmp_ctx, tctx->ev, server_to_client, &client_to_server);
|
||||
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
|
||||
torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed");
|
||||
}
|
||||
|
||||
status = gensec_update(gensec_server_context, tmp_ctx, client_to_server, &server_to_client);
|
||||
status = gensec_update(gensec_server_context, tmp_ctx, tctx->ev, client_to_server, &server_to_client);
|
||||
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
|
||||
torture_assert_ntstatus_ok(tctx, status, "gensec_update (server) failed");
|
||||
}
|
||||
@ -480,7 +480,7 @@ static bool test_S2U4Self(struct torture_context *tctx,
|
||||
cli_credentials_get_principal(cmdline_credentials, tmp_ctx),
|
||||
talloc_asprintf(tmp_ctx, "host/%s", test_machine_name));
|
||||
|
||||
status = gensec_client_start(tctx, &gensec_client_context, tctx->ev,
|
||||
status = gensec_client_start(tctx, &gensec_client_context,
|
||||
lpcfg_gensec_settings(tctx, tctx->lp_ctx));
|
||||
torture_assert_ntstatus_ok(tctx, status, "gensec_client_start (client) failed");
|
||||
|
||||
@ -493,7 +493,7 @@ static bool test_S2U4Self(struct torture_context *tctx,
|
||||
status = gensec_start_mech_by_sasl_name(gensec_client_context, "GSSAPI");
|
||||
torture_assert_ntstatus_ok(tctx, status, "gensec_start_mech_by_sasl_name (client) failed");
|
||||
|
||||
status = gensec_server_start(tctx, tctx->ev,
|
||||
status = gensec_server_start(tctx,
|
||||
lpcfg_gensec_settings(tctx, tctx->lp_ctx),
|
||||
NULL, &gensec_server_context);
|
||||
torture_assert_ntstatus_ok(tctx, status, "gensec_server_start (server) failed");
|
||||
@ -508,12 +508,12 @@ static bool test_S2U4Self(struct torture_context *tctx,
|
||||
|
||||
do {
|
||||
/* Do a client-server update dance */
|
||||
status = gensec_update(gensec_client_context, tmp_ctx, server_to_client, &client_to_server);
|
||||
status = gensec_update(gensec_client_context, tmp_ctx, tctx->ev, server_to_client, &client_to_server);
|
||||
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
|
||||
torture_assert_ntstatus_ok(tctx, status, "gensec_update (client) failed");
|
||||
}
|
||||
|
||||
status = gensec_update(gensec_server_context, tmp_ctx, client_to_server, &server_to_client);
|
||||
status = gensec_update(gensec_server_context, tmp_ctx, tctx->ev, client_to_server, &server_to_client);
|
||||
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {;
|
||||
torture_assert_ntstatus_ok(tctx, status, "gensec_update (server) failed");
|
||||
}
|
||||
|
||||
@ -449,7 +449,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
|
||||
case NTLMSSP_CLIENT_1:
|
||||
/* setup the client side */
|
||||
|
||||
nt_status = gensec_client_start(NULL, &state->gensec_state, ev,
|
||||
nt_status = gensec_client_start(NULL, &state->gensec_state,
|
||||
lpcfg_gensec_settings(NULL, lp_ctx));
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
talloc_free(mem_ctx);
|
||||
@ -481,7 +481,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (!NT_STATUS_IS_OK(gensec_server_start(state, ev,
|
||||
if (!NT_STATUS_IS_OK(gensec_server_start(state,
|
||||
lpcfg_gensec_settings(state, lp_ctx),
|
||||
auth_context, &state->gensec_state))) {
|
||||
talloc_free(mem_ctx);
|
||||
@ -632,7 +632,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
|
||||
return;
|
||||
}
|
||||
|
||||
nt_status = gensec_update(state->gensec_state, mem_ctx, in, &out);
|
||||
nt_status = gensec_update(state->gensec_state, mem_ctx, ev, in, &out);
|
||||
|
||||
/* don't leak 'bad password'/'no such user' info to the network client */
|
||||
nt_status = nt_status_squash(nt_status);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user