NTLMSSP and GENSEC

Andrew Bartlett abartlet at samba.org
Mon Oct 17 00:35:37 MDT 2011 

On Mon, 2011-10-17 at 07:55 +0200, Stefan (metze) Metzmacher wrote:
> Hi Andrew,
> 
> >>> For now, the module does not use any event context, so I've made no
> >>> change here yet.  
> >>
> >> If only the gensec_update() routines use any event context
> >> stuff at all, wouldn't it be better to pass the event
> >> context explicitly there instead of putting an event context
> >> into the gensec_security struct? This way the risk of using
> >> gensec wrongly leading to nested event loops is greatly
> >> reduced.
> >>
> >> If we absolutely have to accept the whole gensec thing into
> >> the Samba3 code (something which needs much broader
> >> discussion I think), then we should only do it if we can
> >> agree on handling the event stuff. Looking at 'struct
> >> gensec_security' right now I don't think we are there yet.
> >> The risk of accidentially getting nested event loops into
> >> the main Samba3 code, leading to very hard to debug
> >> situations is much too high for my taste with the tevent
> >> context being part of a central structure.
> > 
> > I've updated my branch at and addressed the suggestions that you and
> > metze made, using the approach indicated in the commits you referenced
> > earlier.  gensec_update() now takes a tevent context, and is the only
> > gensec function that needs one. 
> > 
> > http://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/s3-auth-gensec-module-2
> 
> Thanks! I'll have a closer look later today.
> But
> http://git.samba.org/?p=abartlet/samba.git/.git;a=commitdiff;h=ffc9033d0a7ed07
> looks good, except for py_gensec_update() which seems to lack a
> TALLOC_FREE(ev); after gensec_update().

The mem_ctx here is only valid for the life of the call, so there is no
need. 

> In the long run we should change the callers and backends to
> gensec_update_send/recv(),
> but for now having the event context just on gensec_update() is fine for me.

Great, thanks!

I'll move on to the client code shortly.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list