ncacn_http for 4.2? (Re: RPC over HTTP (ncacn_http) implementation for DCERPC client libraries)

Andrew Bartlett abartlet at samba.org
Fri Sep 12 19:48:50 MDT 2014


On Fri, 2014-09-12 at 16:44 +0200, Samuel Cabrero wrote:
> Hi Stefan, Andrew,
> 
> I removed the modifications of the binding structure, implemented the
> HTTP NTLM authentication, squashed last two patches and formatted the
> code following the code style (you are free to correct it if I miss
> something). I hope it is not too late to merge them for 4.2.

Thanks.  On the NTLM support, you should not be including 
#include "auth/ntlmssp/ntlmssp_private.h", or using any of the functions
found in there,

You need to be more generic, and start the mechanism using one of the
gensec_start_mech_by_*() functions.  This will allow you to make this
generic enough to also support Negotiate (SPNEGO) and therefore
Kerberos.

You should also avoid hard-coding the NTLM steps, instead use the output
of gensec_update() to work out if you need to send another packet.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba




More information about the samba-technical mailing list