s3-seal use gensec_[un]wrap() instead of gensec_[un]seal_packet()
Andrew Bartlett
abartlet at samba.org
Fri Oct 21 05:56:05 MDT 2011
On Fri, 2011-10-21 at 10:23 +0200, Stefan Metzmacher wrote:
> commit b9b170a9dd640dbde0a707b972fdb0c611e68df5
> Author: Andrew Bartlett <abartlet at samba.org>
> Date: Thu Oct 20 11:53:40 2011 +0200
>
> s3-seal use gensec_[un]wrap() instead of gensec_[un]seal_packet()
>
> This should not make a difference for NTLMSSP as it still calls
> the
> low level ntlmssp_[un]seal_packet() functions with the same input
> parameters.
>
> If we convert the gss-api/krb5 based code to gensec we have to use
> gensec_[un]wrap() as the wire format is different compared to
> gensec_[un]seal_packet() there.
>
> Andrew Bartlett
>
> Split from another commit by Stefan Metzmacher <metze at samba.org>
I'm confused by this confusingly attributed statement.
I implemented common_ntlm_decrypt_buffer() not by modifying the
fucntion, but by copying in the common_gss_decrypt_buffer() and then
replacing GSS calls with gensec calls.
That is why I think that a properly implemented gssapi gensec module
(mapping gensec_wrap to gss_wrap) would work. What makes you think
otherwise?
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list