NTLMSSP and GENSEC
Stefan (metze) Metzmacher
metze at samba.org
Wed Oct 12 13:03:15 MDT 2011
Hi Andrew,
> At SDC I showed you my work to have the auth_ntlmssp code in
> source3/auth implement a gensec module, to allow gensec functions to be
> called, via the auth_ntlmssp wrapper.
>
> http://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/s3-auth-gensec-module-2
I'm busy currently, but I have a few fixes on top here:
http://gitweb.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master3-auth
> I've got this patch set almost working, but wanted to point you at it in
> case it assists your work. I'll continue to determine the remaining
> test failures in the meantime. (The perl/autogen.sh issue I mention in
> the other thread also remains to be dealt with).
>
> I also wanted to give you a heads-up as to my plans from here, to move
> this from 'an interesting technical change' to a crucial part of the
> work we were discussing to create a common client library, and a common
> client/server smb encryption routine.
>
> The next steps I see are:
> - to merge the NTLMSSP client code into a gensec module, adding in the
> winbind hook for cached credentials
> - to create a common ntlmssp client gensec module
> - to use the common ntlmssp gensec module via the auth_ntlmssp wrapper
> (ie implementing all the calls in terms of gensec)
> - Investigate providing the event context as an argument to
> gensec_start_mech_by*() and gensec_update(), rather than
> gensec_*_init().
I think only gensec_update*() should use event driven stuff.
> - to unwrap the auth_ntlmssp wrapper (ie, have the callers, client and
> then server call gensec directly)
>
> This will then get us to a state where the source3/libsmb/smb_seal.c smb
> encryption routine simply operates on a struct gensec_security, and can
> be the core of a common client library.
That would help me a lot to bring my smb1/2 client library upstream.
> Naturally, I'll post any changes to the s3 code to the list for review
> and keep you updated as I move these ideas into actual working code.
Thanks!
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20111012/863bb86e/attachment.pgp>
More information about the samba-technical
mailing list