NTLMSSP and GENSEC

[Andrew Bartlett]

Metze,

I just wanted to update you and the list about my progress.

On Wed, 2011-10-12 at 10:49 +1100, Andrew Bartlett wrote:

> The next steps I see are:
>  - to merge the NTLMSSP client code into a gensec module, adding in the
> winbind hook for cached credentials

I have not done this yet, as it turned out to be easier not to combine
the code quite yet.  I'll get to this soon.

>  - to create a common ntlmssp client gensec module

Instead, I created another ntlmssp module, using the same mechanism as
used in the s3 server.

>  - to use the common ntlmssp gensec module via the auth_ntlmssp wrapper
> (ie implementing all the calls in terms of gensec)

Now the auth_ntlmssp wrapper only wraps gensec, rather than either
gensec or ntlmssp.

>  - Investigate providing the event context as an argument to
> gensec_start_mech_by*() and gensec_update(), rather than
> gensec_*_init().

This is now done, thank-you for the positive review!

>  - to unwrap the auth_ntlmssp wrapper (ie, have the callers, client and
> then server call gensec directly)

This looks quite trivial to finish at this point, and I think is the key
feature you need.  

> This will then get us to a state where the source3/libsmb/smb_seal.c smb
> encryption routine simply operates on a struct gensec_security, and can
> be the core of a common client library.
> 
> Naturally, I'll post any changes to the s3 code to the list for review
> and keep you updated as I move these ideas into actual working code.

The updated patches are at
http://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/s3-auth-gensec-module-2

Thanks for all your help getting this into the tree!

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org