[PATCH] Generalise auth_ntlmssp in s3
Stefan (metze) Metzmacher
metze at samba.org
Thu Dec 22 05:44:50 MST 2011
> This patch series generalises the auth_ntlmssp code into a more generic
> infrastructure, with the aim to have GSSAPI handled via GENSEC in the
> smb sealing, rpc server and eventually session setup code.
> The patches so far are just the start, but take a very measured, one
> small change at a time approach without intentional behaviour change,
> and are at:
Thanks! I plan to sign-off and push this too.
> Handling GSSAPI via GENSEC is important in order to finish the s3/s4
> integration efforts, so that the spoolss server is available with GSSAPI
> authentication in such a combined DC build.
> To achieve that, I will first wish to build a gensec wrapper for the
> 'gse' layer currently in use. Once this works, the existing hooks will
> simply redirect to the s4 gensec modules when in the AD server mode as
> they already do for NTLMSSP.
> This will also simplify the smb sealing code (which will then only deal
> with gensec), and in the longer term allow us to use real GSSAPI for
> session setup handling (rather than the current fake GSSAPI).
It would be really nice if could hide most of the
source3/smbd/sessetup.c spnego code
behind a gensec backend. I think the chunk fragmentation for large krb5
should be handled inside the module.
I'm currently trying to change the register_*_vuid code from
to use a smbXsrv_session structure, which can be used for smb1 and smb2
as a replacement for the current struct smbd_smb2_session.
> Merry Christmas!
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 262 bytes
Desc: OpenPGP digital signature
More information about the samba-technical