NTLMSSP and GENSEC
abartlet at samba.org
Wed Oct 19 02:00:08 MDT 2011
On Wed, 2011-10-19 at 09:03 +1100, Andrew Bartlett wrote:
> I've finished the first half of this, and updated the branch.
> The next step is to only keep the struct gensec_security around long
> term (as we only ever use that member after auth_ntlmssp_client_start())
> Thanks for all your patience and review on this.
I've now done the final patches you should need for the common smb
client lib, updated at the URL above. I think I'll take a break before
I do any more gensec work in s3, to let this settle in. I do hope to
get the last of the ntlmssp client code in common, but it is no longer
urgent for your work.
You may wish to look carefully at these changes to the smb sealing code:
This patch removes the server-only context:
This patch uses gensec_wrap() and gensec_unwrap(). I'll need to test
against an older version of Samba for this change, as any bug here is
highly likely to be symmetric:
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical