[PATCH] Proposed merge of some NTLMSSP crypto

Andrew Bartlett abartlet at samba.org
Fri Dec 11 03:32:38 MST 2009


On Fri, 2009-12-11 at 10:25 +0100, Stefan (metze) Metzmacher wrote:
> Hi Andrew,
> 
> > In my git tree 'ntlmssp-merge-wip' I have the current state of my
> > efforts to merge the NTLMSSP code between Samba3 and Samba4.
> > 
> > My hope here is to reduce the duplication of the crypto code, and make
> > an eventual full merge of this important subsystem easier.
> > 
> > git://git.samba.org/abartlet/samba.git ntlmssp-merge-wip
> > 
> > The tests seem to pass in Samba4, but I still need to look into some
> > Samba3 issues.  It will be important to test with Windows clients too,
> > and any assistance in that area, particularly against Samba3 will be
> > most appreciated.
> > 
> > I've taken a number of approaches to reduce the risk - in particular
> > I've only taken the chance to merge the already very similar code after
> > the authentication success and the client key exchange calculation.  As
> > such, this has no impact (postive or negative) on event loops, async or
> > the actual NTLMSSP negotiation. 
> > 
> > Any review or testing most appreciated,
> 
> I think this patches need some more work to reduce the risk.

They need much work anyway - I need to unify some more of the NTLM2
server-side processing to make this all work. 

Once this is done and working in both branches I'll put this up again
for discussion about how to break the final result up again, cleanup
whitespace etc. 

To be clear, while I understand your suggestion, the next patch I do
won't follow the steps you propose, but I'll mention here when it's
done, and it can be accepted, rejected or reworked (Kai has offered to
help on that) on it's merits at that time. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20091211/69efb9e8/attachment.pgp>


More information about the samba-technical mailing list