ncacn_http for 4.2? (Re: RPC over HTTP (ncacn_http) implementation for DCERPC client libraries)
abartlet at samba.org
Tue Sep 16 12:07:53 MDT 2014
On Tue, 2014-09-16 at 18:27 +0200, Samuel Cabrero wrote:
> Hi Stefan, Andrew,
> another iteration. The changes:
> * The TLS flag on the binding structure has been changed to a string
> option, so all changes to binding structure are dropped now.
> * NTLM support. After having a look to gensec I have added three
> mechanisms for the HTTP library (http_basic, http_ntlm and
> http_negotiate). The http_ntlm and http_negotiate are just wrappers
> which start a gensec sub context and only encode/decode the blobs in
This is really neat! I'm very impressed!
> * Small changes in the HTTP library interface.
> In my tests the three mechanisms are working against IIS, but I have not
> added the option to use the negotiate scheme for ncacn_http because only
> NTLM and basic are supported ([MS-RPCH] Sec. 1.7). When I tried to use
> it, the server was closing the connection after authentication.
The remaining issues I see are just that it really needs a few more
comments (I still find async/tevent stuff mind-bending, a few comments
might help me understand what is going on), and remove the // TODO
comments, or reformat to /* */ style.
All in all, a very impressive piece of work, particularly the use of
GENSEC subcontexts. I'll try and pin down metze or someone else here so
we can get this reviewed before 4.2 cuts next week.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical