NTLMSSP and GENSEC

Andrew Bartlett abartlet at samba.org
Sun Oct 16 23:08:20 MDT 2011


On Sat, 2011-10-15 at 19:32 +0200, Volker Lendecke wrote:
> On Sat, Oct 15, 2011 at 05:52:40PM +1100, Andrew Bartlett wrote:
> > > I think only gensec_update*() should use event driven stuff.
> > 
> > For now, the module does not use any event context, so I've made no
> > change here yet.  
> 
> If only the gensec_update() routines use any event context
> stuff at all, wouldn't it be better to pass the event
> context explicitly there instead of putting an event context
> into the gensec_security struct? This way the risk of using
> gensec wrongly leading to nested event loops is greatly
> reduced.
> 
> If we absolutely have to accept the whole gensec thing into
> the Samba3 code (something which needs much broader
> discussion I think), then we should only do it if we can
> agree on handling the event stuff. Looking at 'struct
> gensec_security' right now I don't think we are there yet.
> The risk of accidentially getting nested event loops into
> the main Samba3 code, leading to very hard to debug
> situations is much too high for my taste with the tevent
> context being part of a central structure.

I've updated my branch at and addressed the suggestions that you and
metze made, using the approach indicated in the commits you referenced
earlier.  gensec_update() now takes a tevent context, and is the only
gensec function that needs one. 

http://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/s3-auth-gensec-module-2

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org



More information about the samba-technical mailing list