[Patches] The way to remove gensec_update_ev()
Stefan Metzmacher
metze at samba.org
Sun May 21 11:19:03 UTC 2017
Am 21.05.2017 um 13:12 schrieb Stefan Metzmacher via samba-technical:
> Am 19.05.2017 um 22:54 schrieb Andrew Bartlett:
>> On Sat, 2017-05-20 at 08:20 +1200, Andrew Bartlett via samba-technical
>> wrote:
>>> On Thu, 2017-05-18 at 16:31 +0200, Stefan Metzmacher wrote:
>>>> Am 17.05.2017 um 20:10 schrieb Stefan Metzmacher via samba-technical:
>>>>> Am 17.05.2017 um 19:56 schrieb Andrew Bartlett:
>>>>>> On Wed, 2017-05-17 at 14:12 +0200, Stefan Metzmacher via samba-
>>>>>> technical wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> I'm currently working on the removal of gensec_update_ev(),
>>>>>>> which relies on nested event loops to be activated.
>>>>>>>
>>>>>>> If we want to have proper support for trusted domains in the
>>>>>>> as AD DC, we need to use real async authentication because
>>>>>>> we still use a single process model for the rpc server.
>>>>>>>
>>>>>>> So the first step is to make all users of gensec_update_ev()
>>>>>>> use gensec_update_send/recv instead.
>>>>>>>
>>>>>>> Once we have that we need to make the low level auth stack async
>>>>>>> for NTLMSSP (as a server) and Kerberos (as a client).
>>>>>>>
>>>>>>> Here's the first chunk of patches, they passed a private autobuild.
>>>>>>>
>>>>>>> Please review and push:-)
>>>>>>
>>>>>> I'm looking at these now. I'm correcting a couple of minor issues in
>>>>>> commit messages (patch of patches attached), but I also noticed:
>>>>>>
>>>>>> Subject: [PATCH 25/35] auth/ntlmssp: add implement
>>>>>> gensec_ntlmssp_update_send/recv()
>>>>>>
>>>>>> - if (!out_mem_ctx) {
>>>>>> - /* if the caller doesn't want to manage/own the
>>>>>> memory,
>>>>>> - we can put it on our context */
>>>>>> - out_mem_ctx = ntlmssp_state;
>>>>>>
>>>>>> I don't think it is used, but can we have this as a distinct commit?
>>>>>> I'm sorry to be petty, but it is hard enough reading the change to
>>>>>> async without also removing this at the same time.
>>>>>
>>>>> Ok, no problem.
>>>>
>>>> Done, the result is in
>>>> https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master3-gensec-ok
>>>>
>>>> I've added your review to the last 24 patches (of chunk 2),
>>>> the first 39 don't have review tags yet.
>>>
>>> I've reviewed it, but it failed autobuild for samba-o3 with:
>>
>> The reviewed branch is at
>>
>> https://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/metze-gensec
>>
>>> ../auth/ntlmssp/ntlmssp.c: In function gensec_ntlmssp_update_send:
>>> ../auth/ntlmssp/ntlmssp.c:179:31: error: i may be used uninitialized in
>>> this function [-Werror=maybe-uninitialized]
>>> status = ntlmssp_callbacks[i].sync_fn(gensec_security,
>>> ^
>>> Sorry,
>
> The compiler doesn't believe tevent_req_nterror() only returns true on
> NT_STATUS_IS_OK().
>
> This diff removes the warning
>
> @@ -161,7 +161,7 @@ static struct tevent_req
> *gensec_ntlmssp_update_send(TALLOC_CTX *mem_ctx,
> struct tevent_req *req = NULL;
> struct gensec_ntlmssp_update_state *state = NULL;
> NTSTATUS status;
> - uint32_t i;
> + uint32_t i = 0;
>
> Is it ok to squash that to the "auth/ntlmssp: add implement
> gensec_ntlmssp_update_send/recv()" commit and push everything?
"everything" is
https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master3-gensec-ok
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170521/2b570e8d/signature.sig>
More information about the samba-technical
mailing list