More s3compat-for-review patches

Andrew Bartlett abartlet at
Thu May 27 16:57:59 MDT 2010

On Thu, 2010-05-27 at 17:31 +0200, Stefan (metze) Metzmacher wrote:
> Hi Andrew,

> >> The first things I noticed are:
> >> - we don't need a ntlmssp_private.h (at least in this patch stream).
> > 
> > Yes and no.  There is no reason ntlmssp_debug_flags needs to be used
> > outside the NTLMSSP code, but must be shared between the sign and main
> > code.  
> yes, I kept it with debug_ntlmssp_flags() only in my branch.
> > I agree the other changes are not strictly required, but as you may have
> > guessed or seen in my s3compat branch, I need those for the way GENSEC
> > uses the common code.  I don't see how they do any harm. 
> we only need it for struct ntlmssp_crypt_direction save_direction;
> correct? I think we should try to solve that in a different way
> and keep the structures private.
> maybe adding a flag to ntlmssp_sign_init() that it should allocate
> a struct ntlmssp_crypt_direction *crypt_save;
> the caller needs to do a ntlmssp_save_crypt_state() and
> ntlmssp_restore_crypt_state().

Honestly, I just don't see the value in added complexity for that amount
of abstraction.  

If we were going to do that much, then it would be better to make the
special case code in gensec_ntlmssp common.  

I don't like outside code peering into private structures, but for
GENSEC's NTLMSSP implementation, which I hope will eventually be the
common and only NTLMSSP API to peer into the NTLMSSP code is quite
reasonable I think.  

I hope to put most of ntlmssp.h into ntlmssp_private.h eventually - but
likewise I strongly suspect that gensec_ntlmssp will need to deal with
these structures too. 

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Cisco Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the samba-technical mailing list