NTLMSSP and GENSEC

[Stefan (metze) Metzmacher]

Hi Andrew,

>>> For now, the module does not use any event context, so I've made no
>>> change here yet.  
>>
>> If only the gensec_update() routines use any event context
>> stuff at all, wouldn't it be better to pass the event
>> context explicitly there instead of putting an event context
>> into the gensec_security struct? This way the risk of using
>> gensec wrongly leading to nested event loops is greatly
>> reduced.
>>
>> If we absolutely have to accept the whole gensec thing into
>> the Samba3 code (something which needs much broader
>> discussion I think), then we should only do it if we can
>> agree on handling the event stuff. Looking at 'struct
>> gensec_security' right now I don't think we are there yet.
>> The risk of accidentially getting nested event loops into
>> the main Samba3 code, leading to very hard to debug
>> situations is much too high for my taste with the tevent
>> context being part of a central structure.
> 
> I've updated my branch at and addressed the suggestions that you and
> metze made, using the approach indicated in the commits you referenced
> earlier.  gensec_update() now takes a tevent context, and is the only
> gensec function that needs one. 
> 
> http://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/s3-auth-gensec-module-2

Thanks! I'll have a closer look later today.
But
http://git.samba.org/?p=abartlet/samba.git/.git;a=commitdiff;h=ffc9033d0a7ed07
looks good, except for py_gensec_update() which seems to lack a
TALLOC_FREE(ev); after gensec_update().

In the long run we should change the callers and backends to
gensec_update_send/recv(),
but for now having the event context just on gensec_update() is fine for me.

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20111017/1edb81c1/attachment.pgp>