[PATCH] Add three new commands to ntlm_auth.

Andrew Bartlett abartlet at samba.org
Thu Jul 13 04:23:07 GMT 2006 

On Thu, 2006-07-13 at 03:00 +0200, Kai Blin wrote:
> On Thursday 13 July 2006 01:09, Andrew Bartlett wrote:
> > On Wed, 2006-07-12 at 17:52 +0200, Kai Blin wrote:
> > > Hi folks,
> > >
> > > attached is a patch to make ntlm_auth recognize three new commands in
> > > ntlmssp-client-1 and squid-2.5-ntlmssp. It applies against trunk in
> > > revision 16983.
> > >
> > > The commands are the following:
> > >
> > > Command: SF <hex number>
> > > Reply: OK
> > > Description: Takes feature request flags similar to samba4's
> > > gensec_want_feature() call. So far, only NTLMSSP_FEATURE_SESSION_KEY,
> > > NTLMSSP_FEATURE_SIGN and NTLMSSP_FEATURE_SEAL are implemented, using the
> > > same values as the corresponding GENSEC_FEATURE_* flags in samba4.
> >
> > Why not make these take text strings?  That way, we can change the
> > internal values without breaking the interface.
> 
> Ok, changed in the attached patch. Anything else?

+       } else if (strncmp(buf, "GK", 2) == 0) {
+               char *reply_base64; 
+               DEBUG(10, ("Requested NTLMSSP session key\n"));
+               if(have_session_key)
+                       reply_base64 =
base64_encode_data_blob(session_key);
+               else
+                       reply_base64 = SMB_STRDUP("AA==");
+               

I don't understand why we reply at all to GK without a valid session key
(which should always exist, after an authentication).  

Also, you will note that we always have NTLMSSP_NEGOTIATE_SIGN enabled,
because for the current code, it assumes CIFS (because we need to
negotiate that or the session key doesn't get generated).

We should remove it from the defaults, and set it as a 'want
feature' (but with a int, not a string) from our libsmb code. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060713/c2e31277/attachment.bin

More information about the samba-technical mailing list