NTLMSSP and GENSEC
Andrew Bartlett
abartlet at samba.org
Wed Oct 19 02:00:08 MDT 2011
On Wed, 2011-10-19 at 09:03 +1100, Andrew Bartlett wrote:
>
> I've finished the first half of this, and updated the branch.
> http://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/s3-auth-gensec-module-2
>
> The next step is to only keep the struct gensec_security around long
> term (as we only ever use that member after auth_ntlmssp_client_start())
>
> Thanks for all your patience and review on this.
Metze,
I've now done the final patches you should need for the common smb
client lib, updated at the URL above. I think I'll take a break before
I do any more gensec work in s3, to let this settle in. I do hope to
get the last of the ntlmssp client code in common, but it is no longer
urgent for your work.
Jeremy,
You may wish to look carefully at these changes to the smb sealing code:
This patch removes the server-only context:
http://git.samba.org/?p=abartlet/samba.git/.git;a=commitdiff;h=3cc013eb40711ab7250a57dfca8b4ae45da95d98
This patch uses gensec_wrap() and gensec_unwrap(). I'll need to test
against an older version of Samba for this change, as any bug here is
highly likely to be symmetric:
http://git.samba.org/?p=abartlet/samba.git/.git;a=commitdiff;h=e15b5c8c36ef46ef3e644168be50e7c56a49baf7
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list