Samba4: Some GENSEC questions
k.blin at gmx.net
Sat Apr 8 11:20:08 GMT 2006
While trying to create a program making use of the GENSEC library from
outside samba, I've encountered a couple of problems of a technical
nature, but Jelmer Vernooij helped me to sort them all out. Many thanks
for that, Jelmer.
Now I have basic authentication over NTLMSSP working and moved on to
sealing/unsealing packets. I then realized I don't fully understand the
API for that and would appreciate some input.
NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security,
const uint8_t *whole_pdu,
Now the struct gensec_security is pretty clear, as is the talloc
context. *data seems to be a pointer to the data to encrypt and also the
place where the encrypted data will be placed. length is the length of
I'm unclear what should go into *whole_pdu. For my test I just put the
same stuff there as *data.
The call to gensec_seal_packet() in my test fails with
NT_STATUS_INVALID_PARAMETER, from which I gather that the
gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL) test on
gensec.c line 782. I requested the feature when setting up the gensec,
but maybe it's at the wrong place.
If you want to have a look at the source code I'm using, I've uploaded a
copy at http://www.nowhere-productions.org/code/gensec_single.c
Without the check if the gensec_have_feature worked, the program runs
nicely up to the point where it fails for gensec_seal_packet.
I'd appreciate any suggestions on this.
Kai Blin, private email
I can give you my word, but I know what it's worth and you don't.
-- Nero Wolfe, "Over My Dead Body"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20060408/e2744b1f/attachment.bin
More information about the samba-technical