[PATCH] Proposed merge of some NTLMSSP crypto

Stefan (metze) Metzmacher metze at samba.org
Mon Jan 4 03:07:17 MST 2010


Andrew Bartlett schrieb:
> On Wed, 2009-12-23 at 13:27 +1100, Andrew Bartlett wrote:
> 
>> What I would really appreciate is a constructive review of the actual
>> patches, and proposals about practical ways this particular task can be
>> completed, as well as *any* testing that anyone on this list can do in
>> their many and varied environments and with various windows versions.
>> This code passes 'make test' in Samba3.
> 

Hi Andrew,

> I've noticed that while I was away over Christmas you have done some
> more work to get the NTLMSSP code more similar.  I have to say, I'm
> particularly intrigued by the tevent changes. 

I just wanted to get rid of the "special" auth and gensec async code.
And using the tevent_req infrastructure makes it easier to merge code
later.

> A such, I'm just wondering what you would like me to do next, to get
> this code merged, without stepping on any of your plans?

I took a look at kai's and your various ntlmssp branches.
I also read the existing code in s4 and s3.
I noticed that the existing code is complex
and reading the diff between the new code and the existing
code is very hard.

Then I simply started to find the differences between the two
existing code bases.

e.g.

git diff \
   HEAD:source4/auth/ntlmssp/ntlmssp.h \
   HEAD:source3/include/ntlmssp.h

git diff \
   HEAD:source4/auth/ntlmssp/ntlmssp_sign.c \
   HEAD:source3/libsmb/ntlmssp_sign.c

Then I started to minimize the diff step by step,
taking some ideads from your new code.
I'm not finished yet, but you can review the code here:
http://gitweb.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-gensec

It would be nice if we can merge the good commits (without TODO or
Revert) soon. After review from you and Günther.

I might find/found some bugs in both existing code bases,
while doing the code audit.

E.g. I wonder why ntlmssp_set_workstation() is unused in s3.
I fear it means we don't pass the correct workstation,
for logons via trusted domains.

I'll ask you when I hit the first real non trivial difference between
the code bases.

I hope to get some time to finish this process in the next weeks,
but we're not in a hurry. And the result should be common code with
possibly no bugs, that we don't need to touch in future.

metze
metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100104/589bbec7/attachment.pgp>


More information about the samba-technical mailing list