[PATCH] Proposed merge of some NTLMSSP crypto

Stefan (metze) Metzmacher metze at samba.org
Fri Dec 11 02:25:14 MST 2009


Hi Andrew,

> In my git tree 'ntlmssp-merge-wip' I have the current state of my
> efforts to merge the NTLMSSP code between Samba3 and Samba4.
> 
> My hope here is to reduce the duplication of the crypto code, and make
> an eventual full merge of this important subsystem easier.
> 
> git://git.samba.org/abartlet/samba.git ntlmssp-merge-wip
> 
> The tests seem to pass in Samba4, but I still need to look into some
> Samba3 issues.  It will be important to test with Windows clients too,
> and any assistance in that area, particularly against Samba3 will be
> most appreciated.
> 
> I've taken a number of approaches to reduce the risk - in particular
> I've only taken the chance to merge the already very similar code after
> the authentication success and the client key exchange calculation.  As
> such, this has no impact (postive or negative) on event loops, async or
> the actual NTLMSSP negotiation. 
> 
> Any review or testing most appreciated,

I think this patches need some more work to reduce the risk.

1. Both trees need patches which bring the code step by step
   in to the same code. So that the folowing gives no difference:

git diff HEAD:source4/auth/ntlmssp/ntlmssp_sign.c \
  HEAD:source3/libdmb/ntlmssp_sign.c

2. All this steps need to be small easy to review patches,
   which build and pass make test.

3. Then we need to move the file from one tree to the topdir
   and make sure everything still works fine.
   (I'd propose to move the source3 file)

4. Let the other tree use the different file

5. Remove the unused file.

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20091211/c90481a8/attachment.pgp>


More information about the samba-technical mailing list