diff options
author | Stefan Metzmacher <metze@samba.org> | 2017-05-15 07:50:31 +0200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2017-05-21 21:05:12 +0200 |
commit | 31c7493094d696ae0eb7b4ad2eeac7937000e18b (patch) | |
tree | ff4ed78e96b5d04d8bf765aa7f516e117135db09 /source4/kdc | |
parent | c198dee8ea5b631b7e19e81dc9a8070ef8144ad9 (diff) | |
download | samba-31c7493094d696ae0eb7b4ad2eeac7937000e18b.tar.gz |
s4:kdc: make use of gensec_update() in kpasswd_process()
This avoids using gensec_update_ev() with a nested event loop.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/kdc')
-rw-r--r-- | source4/kdc/kpasswd-service.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/source4/kdc/kpasswd-service.c b/source4/kdc/kpasswd-service.c index 9cb14823557..b36cf402228 100644 --- a/source4/kdc/kpasswd-service.c +++ b/source4/kdc/kpasswd-service.c @@ -206,12 +206,20 @@ kdc_code kpasswd_process(struct kdc_server *kdc, goto done; } - /* Accept the AP-REQ and generate the AP-REP we need for the reply */ - status = gensec_update_ev(gensec_security, - tmp_ctx, - kdc->task->event_ctx, - ap_req_blob, - &ap_rep_blob); + /* + * Accept the AP-REQ and generate the AP-REP we need for the reply + * + * We only allow KRB5 and make sure the backend to is RPC/IPC free. + * + * See gensec_krb5_update_internal() as GENSEC_SERVER. + * + * It allows gensec_update() not to block. + * + * If that changes in future we need to use + * gensec_update_send/recv here! + */ + status = gensec_update(gensec_security, tmp_ctx, + ap_req_blob, &ap_rep_blob); if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { ap_rep_blob = data_blob_null; |