NTLMSSP and GENSEC

Andrew Bartlett abartlet at samba.org
Wed Oct 19 14:04:57 MDT 2011


On Wed, 2011-10-19 at 15:53 +0200, Stefan (metze) Metzmacher wrote:
> Hi Andrew,
> 
> > I've now done the final patches you should need for the common smb
> > client lib, updated at the URL above.  I think I'll take a break before
> > I do any more gensec work in s3, to let this settle in.  I do hope to
> > get the last of the ntlmssp client code in common, but it is no longer
> > urgent for your work. 
> 
> Ok, thanks! I'll work from there and push this to master once I've
> reviewed it.
> 
> > Jeremy,
> > 
> > You may wish to look carefully at these changes to the smb sealing code:
> > 
> > This patch removes the server-only context:
> > http://git.samba.org/?p=abartlet/samba.git/.git;a=commitdiff;h=3cc013eb40711ab7250a57dfca8b4ae45da95d98
> > 
> > This patch uses gensec_wrap() and gensec_unwrap().  I'll need to test
> > against an older version of Samba for this change, as any bug here is
> > highly likely to be symmetric:
> > 
> > http://git.samba.org/?p=abartlet/samba.git/.git;a=commitdiff;h=e15b5c8c36ef46ef3e644168be50e7c56a49baf7
> 
> I think we can use a new (or old bin/smbtorture4) in the autoconf build
> to verify it work against the old (or new) code in make test.

This particular trick won't work, because smbtorture4 does not have any
smb encryption functionality (it is an s3 only feature, hence all this
work to help it be a common feature! :-)

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org



More information about the samba-technical mailing list