NTLMSSP and GENSEC
jra at samba.org
Wed Oct 19 09:15:05 MDT 2011
On Wed, Oct 19, 2011 at 07:00:08PM +1100, Andrew Bartlett wrote:
> On Wed, 2011-10-19 at 09:03 +1100, Andrew Bartlett wrote:
> > I've finished the first half of this, and updated the branch.
> > http://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/s3-auth-gensec-module-2
> > The next step is to only keep the struct gensec_security around long
> > term (as we only ever use that member after auth_ntlmssp_client_start())
> > Thanks for all your patience and review on this.
> I've now done the final patches you should need for the common smb
> client lib, updated at the URL above. I think I'll take a break before
> I do any more gensec work in s3, to let this settle in. I do hope to
> get the last of the ntlmssp client code in common, but it is no longer
> urgent for your work.
> You may wish to look carefully at these changes to the smb sealing code:
Will do - thanks for the heads-up !
> This patch removes the server-only context:
> This patch uses gensec_wrap() and gensec_unwrap(). I'll need to test
> against an older version of Samba for this change, as any bug here is
> highly likely to be symmetric:
Yeah, and version of smbclient 3.6.0 or earlier used
with the "-e" option should be able to test this.
Try doing a large "tar" operation or recursive copy
to test it out fully.
More information about the samba-technical