The branch, master has been updated
via 078482a... s4:auth: change auth_check_password_send/recv to
tevent_req
via 577857d... s4:gensec: change gensec_update_send/recv to tevent_req
from 5126b52... s4:kdc: use the remote and local address from the
stream_connection struct
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 078482ad0efc9c4902601080f146853a1a3494fe
Author: Stefan Metzmacher <[email protected]>
Date: Wed Dec 23 09:09:37 2009 +0100
s4:auth: change auth_check_password_send/recv to tevent_req
metze
commit 577857d351df3d7b40db4d69afb3d67ee4960fb2
Author: Stefan Metzmacher <[email protected]>
Date: Tue Dec 22 16:24:44 2009 +0100
s4:gensec: change gensec_update_send/recv to tevent_req
metze
-----------------------------------------------------------------------
Summary of changes:
source4/auth/auth.h | 12 +-
source4/auth/gensec/config.mk | 2 +-
source4/auth/gensec/gensec.c | 117 +++++++++++------
source4/auth/gensec/gensec.h | 22 +---
source4/auth/ntlm/auth.c | 242 +++++++++++++++++++---------------
source4/auth/ntlm/config.mk | 2 +-
source4/smb_server/smb/sesssetup.c | 59 ++++++---
source4/smb_server/smb2/sesssetup.c | 17 ++-
8 files changed, 279 insertions(+), 194 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index c625c87..28b955a 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -275,14 +275,16 @@ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx,
const char *nt4_username,
const char *password,
struct auth_session_info
**session_info);
-NTSTATUS auth_check_password_recv(struct auth_check_password_request *req,
+
+struct tevent_req *auth_check_password_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct auth_context *auth_ctx,
+ const struct auth_usersupplied_info
*user_info);
+NTSTATUS auth_check_password_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx,
struct auth_serversupplied_info
**server_info);
-void auth_check_password_send(struct auth_context *auth_ctx,
- const struct auth_usersupplied_info *user_info,
- void (*callback)(struct
auth_check_password_request *req, void *private_data),
- void *private_data);
+
NTSTATUS auth_context_set_challenge(struct auth_context *auth_ctx, const
uint8_t chal[8], const char *set_by);
NTSTATUS samba_server_gensec_start(TALLOC_CTX *mem_ctx,
diff --git a/source4/auth/gensec/config.mk b/source4/auth/gensec/config.mk
index f7cbd5b..947a91e 100644
--- a/source4/auth/gensec/config.mk
+++ b/source4/auth/gensec/config.mk
@@ -2,7 +2,7 @@
# Start SUBSYSTEM gensec
[LIBRARY::gensec]
PUBLIC_DEPENDENCIES = \
- CREDENTIALS LIBSAMBA-UTIL LIBCRYPTO ASN1_UTIL samba_socket
LIBPACKET LIBTSOCKET
+ CREDENTIALS LIBSAMBA-UTIL LIBCRYPTO ASN1_UTIL samba_socket
LIBPACKET LIBTSOCKET UTIL_TEVENT
# End SUBSYSTEM gensec
#################################
diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c
index ecd0778..3de0e1c 100644
--- a/source4/auth/gensec/gensec.c
+++ b/source4/auth/gensec/gensec.c
@@ -25,6 +25,7 @@
#include "lib/events/events.h"
#include "lib/socket/socket.h"
#include "lib/tsocket/tsocket.h"
+#include "../lib/util/tevent_ntstatus.h"
#include "librpc/rpc/dcerpc.h"
#include "auth/credentials/credentials.h"
#include "auth/gensec/gensec.h"
@@ -982,71 +983,105 @@ _PUBLIC_ NTSTATUS gensec_update(struct gensec_security
*gensec_security, TALLOC_
return gensec_security->ops->update(gensec_security, out_mem_ctx, in,
out);
}
-static void gensec_update_async_timed_handler(struct tevent_context *ev,
struct tevent_timer *te,
- struct timeval t, void *ptr)
-{
- struct gensec_update_request *req = talloc_get_type(ptr, struct
gensec_update_request);
- req->status = req->gensec_security->ops->update(req->gensec_security,
req, req->in, &req->out);
- req->callback.fn(req, req->callback.private_data);
-}
+struct gensec_update_state {
+ struct tevent_immediate *im;
+ struct gensec_security *gensec_security;
+ DATA_BLOB in;
+ DATA_BLOB out;
+};
+static void gensec_update_async_trigger(struct tevent_context *ctx,
+ struct tevent_immediate *im,
+ void *private_data);
/**
* Next state function for the GENSEC state machine async version
- *
+ *
+ * @param mem_ctx The memory context for the request
+ * @param ev The event context for the request
* @param gensec_security GENSEC State
* @param in The request, as a DATA_BLOB
- * @param callback The function that will be called when the operation is
- * finished, it should return gensec_update_recv() to get
output
- * @param private_data A private pointer that will be passed to the callback
function
+ *
+ * @return The request handle or NULL on no memory failure
*/
-_PUBLIC_ void gensec_update_send(struct gensec_security *gensec_security,
const DATA_BLOB in,
- void (*callback)(struct gensec_update_request
*req, void *private_data),
- void *private_data)
+_PUBLIC_ struct tevent_req *gensec_update_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct gensec_security
*gensec_security,
+ const DATA_BLOB in)
+{
+ struct tevent_req *req;
+ struct gensec_update_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct gensec_update_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ state->gensec_security = gensec_security;
+ state->in = in;
+ state->out = data_blob(NULL, 0);
+ state->im = tevent_create_immediate(state);
+ if (tevent_req_nomem(state->im, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ tevent_schedule_immediate(state->im, ev,
+ gensec_update_async_trigger,
+ req);
+
+ return req;
+}
+
+static void gensec_update_async_trigger(struct tevent_context *ctx,
+ struct tevent_immediate *im,
+ void *private_data)
{
- struct gensec_update_request *req = NULL;
- struct tevent_timer *te = NULL;
-
- req = talloc(gensec_security, struct gensec_update_request);
- if (!req) goto failed;
- req->gensec_security = gensec_security;
- req->in = in;
- req->out = data_blob(NULL, 0);
- req->callback.fn = callback;
- req->callback.private_data = private_data;
-
- te = event_add_timed(gensec_security->event_ctx, req,
- timeval_zero(),
- gensec_update_async_timed_handler, req);
- if (!te) goto failed;
-
- return;
-
-failed:
- talloc_free(req);
- callback(NULL, private_data);
+ struct tevent_req *req =
+ talloc_get_type_abort(private_data, struct tevent_req);
+ struct gensec_update_state *state =
+ tevent_req_data(req, struct gensec_update_state);
+ NTSTATUS status;
+
+ status = gensec_update(state->gensec_security, state,
+ state->in, &state->out);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ tevent_req_done(req);
}
/**
* Next state function for the GENSEC state machine
*
- * @param req GENSEC update request state
+ * @param req request state
* @param out_mem_ctx The TALLOC_CTX for *out to be allocated on
* @param out The reply, as an talloc()ed DATA_BLOB, on *out_mem_ctx
* @return Error, MORE_PROCESSING_REQUIRED if a reply is sent,
* or NT_STATUS_OK if the user is authenticated.
*/
-_PUBLIC_ NTSTATUS gensec_update_recv(struct gensec_update_request *req,
TALLOC_CTX *out_mem_ctx, DATA_BLOB *out)
+_PUBLIC_ NTSTATUS gensec_update_recv(struct tevent_req *req,
+ TALLOC_CTX *out_mem_ctx,
+ DATA_BLOB *out)
{
+ struct gensec_update_state *state =
+ tevent_req_data(req, struct gensec_update_state);
NTSTATUS status;
- NT_STATUS_HAVE_NO_MEMORY(req);
+ if (tevent_req_is_nterror(req, &status)) {
+ if (!NT_STATUS_EQUAL(status,
NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ tevent_req_received(req);
+ return status;
+ }
+ } else {
+ status = NT_STATUS_OK;
+ }
- *out = req->out;
+ *out = state->out;
talloc_steal(out_mem_ctx, out->data);
- status = req->status;
- talloc_free(req);
+ tevent_req_received(req);
return status;
}
diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h
index 2ea2402..232f1a4 100644
--- a/source4/auth/gensec/gensec.h
+++ b/source4/auth/gensec/gensec.h
@@ -69,18 +69,7 @@ struct auth_session_info;
struct cli_credentials;
struct gensec_settings;
struct tevent_context;
-
-struct gensec_update_request {
- struct gensec_security *gensec_security;
- void *private_data;
- DATA_BLOB in;
- DATA_BLOB out;
- NTSTATUS status;
- struct {
- void (*fn)(struct gensec_update_request *req, void
*private_data);
- void *private_data;
- } callback;
-};
+struct tevent_req;
struct gensec_settings {
struct loadparm_context *lp_ctx;
@@ -231,10 +220,11 @@ NTSTATUS gensec_start_mech_by_sasl_list(struct
gensec_security *gensec_security,
const char **sasl_names);
NTSTATUS gensec_update(struct gensec_security *gensec_security, TALLOC_CTX
*out_mem_ctx,
const DATA_BLOB in, DATA_BLOB *out);
-void gensec_update_send(struct gensec_security *gensec_security, const
DATA_BLOB in,
- void (*callback)(struct gensec_update_request
*req, void *private_data),
- void *private_data);
-NTSTATUS gensec_update_recv(struct gensec_update_request *req, TALLOC_CTX
*out_mem_ctx, DATA_BLOB *out);
+struct tevent_req *gensec_update_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct gensec_security *gensec_security,
+ const DATA_BLOB in);
+NTSTATUS gensec_update_recv(struct tevent_req *req, TALLOC_CTX *out_mem_ctx,
DATA_BLOB *out);
void gensec_want_feature(struct gensec_security *gensec_security,
uint32_t feature);
bool gensec_have_feature(struct gensec_security *gensec_security,
diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c
index d0c8ed3..fafaf9c 100644
--- a/source4/auth/ntlm/auth.c
+++ b/source4/auth/ntlm/auth.c
@@ -19,10 +19,11 @@
*/
#include "includes.h"
+#include <tevent.h>
+#include "../lib/util/tevent_ntstatus.h"
#include "../lib/util/dlinklist.h"
#include "auth/auth.h"
#include "auth/ntlm/auth_proto.h"
-#include "lib/events/events.h"
#include "param/param.h"
/***************************************************************************
@@ -124,22 +125,6 @@ _PUBLIC_ NTSTATUS
auth_get_server_info_principal(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
-struct auth_check_password_sync_state {
- bool finished;
- NTSTATUS status;
- struct auth_serversupplied_info *server_info;
-};
-
-static void auth_check_password_sync_callback(struct
auth_check_password_request *req,
- void *private_data)
-{
- struct auth_check_password_sync_state *s = talloc_get_type(private_data,
- struct
auth_check_password_sync_state);
-
- s->finished = true;
- s->status = auth_check_password_recv(req, s, &s->server_info);
-}
-
/**
* Check a user's Plaintext, LM or NTLM password.
* (sync version)
@@ -172,48 +157,43 @@ _PUBLIC_ NTSTATUS auth_check_password(struct auth_context
*auth_ctx,
const struct auth_usersupplied_info *user_info,
struct auth_serversupplied_info **server_info)
{
- struct auth_check_password_sync_state *sync_state;
+ struct tevent_req *subreq;
+ struct tevent_context *ev;
+ bool ok;
NTSTATUS status;
- sync_state = talloc_zero(auth_ctx, struct
auth_check_password_sync_state);
- NT_STATUS_HAVE_NO_MEMORY(sync_state);
+ /*TODO: create a new event context here! */
+ ev = auth_ctx->event_ctx;
- auth_check_password_send(auth_ctx, user_info,
auth_check_password_sync_callback, sync_state);
-
- while (!sync_state->finished) {
- event_loop_once(auth_ctx->event_ctx);
+ subreq = auth_check_password_send(mem_ctx,
+ ev,
+ auth_ctx,
+ user_info);
+ if (subreq == NULL) {
+ return NT_STATUS_NO_MEMORY;
}
- status = sync_state->status;
-
- if (NT_STATUS_IS_OK(status)) {
- *server_info = talloc_steal(mem_ctx, sync_state->server_info);
+ ok = tevent_req_poll(subreq, ev);
+ if (!ok) {
+ return NT_STATUS_INTERNAL_ERROR;
}
- talloc_free(sync_state);
+ status = auth_check_password_recv(subreq, mem_ctx, server_info);
+ TALLOC_FREE(subreq);
+
return status;
}
-struct auth_check_password_request {
+struct auth_check_password_state {
struct auth_context *auth_ctx;
const struct auth_usersupplied_info *user_info;
struct auth_serversupplied_info *server_info;
struct auth_method_context *method;
- NTSTATUS status;
- struct {
- void (*fn)(struct auth_check_password_request *req, void
*private_data);
- void *private_data;
- } callback;
};
-static void auth_check_password_async_timed_handler(struct tevent_context *ev,
struct tevent_timer *te,
- struct timeval t, void *ptr)
-{
- struct auth_check_password_request *req = talloc_get_type(ptr, struct
auth_check_password_request);
- req->status = req->method->ops->check_password(req->method, req,
req->user_info, &req->server_info);
- req->callback.fn(req, req->callback.private_data);
-}
-
+static void auth_check_password_async_trigger(struct tevent_context *ev,
+ struct tevent_immediate *im,
+ void *private_data);
/**
* Check a user's Plaintext, LM or NTLM password.
* async send hook
@@ -225,6 +205,10 @@ static void auth_check_password_async_timed_handler(struct
tevent_context *ev, s
* struct. When the return is other than NT_STATUS_OK the contents
* of that structure is undefined.
*
+ * @param mem_ctx The memory context the request should operate on
+ *
+ * @param ev The tevent context the request should operate on
+ *
* @param auth_ctx Supplies the challenges and some other data.
* Must be created with make_auth_context(), and the
challenges should be
* filled in, either at creation or by calling the challenge
geneation
@@ -232,93 +216,131 @@ static void
auth_check_password_async_timed_handler(struct tevent_context *ev, s
*
* @param user_info Contains the user supplied components, including the
passwords.
*
- * @param callback A callback function which will be called when the operation
is finished.
- * The callback function needs to call
auth_check_password_recv() to get the return values
- *
- * @param private_data A private pointer which will ba passed to the callback
function
+ * @return The request handle or NULL on no memory error.
*
**/
-_PUBLIC_ void auth_check_password_send(struct auth_context *auth_ctx,
- const struct auth_usersupplied_info *user_info,
- void (*callback)(struct
auth_check_password_request *req, void *private_data),
- void *private_data)
+_PUBLIC_ struct tevent_req *auth_check_password_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct auth_context *auth_ctx,
+ const struct auth_usersupplied_info *user_info)
{
+ struct tevent_req *req;
+ struct auth_check_password_state *state;
/* if all the modules say 'not for me' this is reasonable */
NTSTATUS nt_status;
struct auth_method_context *method;
uint8_t chal[8];
struct auth_usersupplied_info *user_info_tmp;
- struct auth_check_password_request *req = NULL;
+ struct tevent_immediate *im;
- DEBUG(3, ("auth_check_password_send: Checking password for unmapped
user [%s]\\[...@[%s]\n",
- user_info->client.domain_name,
user_info->client.account_name, user_info->workstation_name));
+ DEBUG(3,("auth_check_password_send: "
+ "Checking password for unmapped user [%s]\\[...@[%s]\n",
+ user_info->client.domain_name, user_info->client.account_name,
+ user_info->workstation_name));
- req = talloc_zero(auth_ctx, struct auth_check_password_request);
- if (!req) {
- callback(NULL, private_data);
- return;
+ req = tevent_req_create(mem_ctx, &state,
+ struct auth_check_password_state);
+ if (req == NULL) {
+ return NULL;
}
- req->auth_ctx = auth_ctx;
- req->user_info = user_info;
- req->callback.fn = callback;
- req->callback.private_data = private_data;
+
+ state->auth_ctx = auth_ctx;
+ state->user_info = user_info;
+ state->method = NULL;
if (!user_info->mapped_state) {
- nt_status = map_user_info(req, lp_workgroup(auth_ctx->lp_ctx),
user_info, &user_info_tmp);
- if (!NT_STATUS_IS_OK(nt_status)) goto failed;
+ nt_status = map_user_info(req, lp_workgroup(auth_ctx->lp_ctx),
+ user_info, &user_info_tmp);
+ if (tevent_req_nterror(req, nt_status)) {
+ return tevent_req_post(req, ev);
+ }
user_info = user_info_tmp;
- req->user_info = user_info_tmp;
+ state->user_info = user_info_tmp;
}
- DEBUGADD(3,("auth_check_password_send: mapped user is:
[%s]\\[...@[%s]\n",
- user_info->mapped.domain_name,
user_info->mapped.account_name, user_info->workstation_name));
+ DEBUGADD(3,("auth_check_password_send: "
+ "mapped user is: [%s]\\[...@[%s]\n",
+ user_info->mapped.domain_name,
+ user_info->mapped.account_name,
+ user_info->workstation_name));
nt_status = auth_get_challenge(auth_ctx, chal);
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(0, ("auth_check_password_send: Invalid challenge (length
%u) stored for this auth context set_by %s - cannot continue: %s\n",
- (unsigned)auth_ctx->challenge.data.length,
auth_ctx->challenge.set_by, nt_errstr(nt_status)));
- goto failed;
+ if (tevent_req_nterror(req, nt_status)) {
+ DEBUG(0,("auth_check_password_send: "
+ "Invalid challenge (length %u) stored for "
+ "this auth context set_by %s - cannot continue: %s\n",
+ (unsigned)auth_ctx->challenge.data.length,
+ auth_ctx->challenge.set_by,
+ nt_errstr(nt_status)));
+ return tevent_req_post(req, ev);
}
if (auth_ctx->challenge.set_by) {
- DEBUG(10, ("auth_check_password_send: auth_context challenge
created by %s\n",
- auth_ctx->challenge.set_by));
+ DEBUG(10,("auth_check_password_send: "
+ "auth_context challenge created by %s\n",
+ auth_ctx->challenge.set_by));
}
DEBUG(10, ("auth_check_password_send: challenge is: \n"));
- dump_data(5, auth_ctx->challenge.data.data,
auth_ctx->challenge.data.length);
+ dump_data(5, auth_ctx->challenge.data.data,
+ auth_ctx->challenge.data.length);
+
+ im = tevent_create_immediate(state);
+ if (tevent_req_nomem(im, req)) {
+ return tevent_req_post(req, ev);
+ }
- nt_status = NT_STATUS_NO_SUCH_USER; /* If all the modules say 'not for
me', then this is reasonable */
for (method = auth_ctx->methods; method; method = method->next) {
NTSTATUS result;
- struct tevent_timer *te = NULL;
/* check if the module wants to chek the password */
result = method->ops->want_check(method, req, user_info);
if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_IMPLEMENTED)) {
- DEBUG(11,("auth_check_password_send: %s had nothing to
say\n", method->ops->name));
+ DEBUG(11,("auth_check_password_send: "
+ "%s had nothing to say\n",
+ method->ops->name));
continue;
}
- nt_status = result;
- req->method = method;
+ state->method = method;
- if (!NT_STATUS_IS_OK(nt_status)) break;
-
- te = event_add_timed(auth_ctx->event_ctx, req,
- timeval_zero(),
- auth_check_password_async_timed_handler,
req);
- if (!te) {
- nt_status = NT_STATUS_NO_MEMORY;
- goto failed;
+ if (tevent_req_nterror(req, result)) {
+ return tevent_req_post(req, ev);
}
+
--
Samba Shared Repository
