ncacn_http for 4.2? (Re: RPC over HTTP (ncacn_http) implementation for DCERPC client libraries)
Andrew Bartlett
abartlet at samba.org
Fri Sep 12 19:48:50 MDT 2014
On Fri, 2014-09-12 at 16:44 +0200, Samuel Cabrero wrote:
> Hi Stefan, Andrew,
>
> I removed the modifications of the binding structure, implemented the
> HTTP NTLM authentication, squashed last two patches and formatted the
> code following the code style (you are free to correct it if I miss
> something). I hope it is not too late to merge them for 4.2.
Thanks. On the NTLM support, you should not be including
#include "auth/ntlmssp/ntlmssp_private.h", or using any of the functions
found in there,
You need to be more generic, and start the mechanism using one of the
gensec_start_mech_by_*() functions. This will allow you to make this
generic enough to also support Negotiate (SPNEGO) and therefore
Kerberos.
You should also avoid hard-coding the NTLM steps, instead use the output
of gensec_update() to work out if you need to send another packet.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list