From: Stefan Metzmacher Date: Mon, 15 May 2017 05:50:31 +0000 (+0200) Subject: s4:kdc: make use of gensec_update() in kpasswd_process() X-Git-Tag: ldb-1.1.30~146 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=31c7493094d696ae0eb7b4ad2eeac7937000e18b;p=thirdparty%2Fsamba.git s4:kdc: make use of gensec_update() in kpasswd_process() This avoids using gensec_update_ev() with a nested event loop. Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- diff --git a/source4/kdc/kpasswd-service.c b/source4/kdc/kpasswd-service.c index 9cb14823557..b36cf402228 100644 --- a/source4/kdc/kpasswd-service.c +++ b/source4/kdc/kpasswd-service.c @@ -206,12 +206,20 @@ kdc_code kpasswd_process(struct kdc_server *kdc, goto done; } - /* Accept the AP-REQ and generate the AP-REP we need for the reply */ - status = gensec_update_ev(gensec_security, - tmp_ctx, - kdc->task->event_ctx, - ap_req_blob, - &ap_rep_blob); + /* + * Accept the AP-REQ and generate the AP-REP we need for the reply + * + * We only allow KRB5 and make sure the backend to is RPC/IPC free. + * + * See gensec_krb5_update_internal() as GENSEC_SERVER. + * + * It allows gensec_update() not to block. + * + * If that changes in future we need to use + * gensec_update_send/recv here! + */ + status = gensec_update(gensec_security, tmp_ctx, + ap_req_blob, &ap_rep_blob); if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { ap_rep_blob = data_blob_null;