ncacn_http for 4.2? (Re: RPC over HTTP (ncacn_http) implementation for DCERPC client libraries)

Andrew Bartlett abartlet at samba.org
Tue Sep 16 15:26:19 MDT 2014


On Tue, 2014-09-16 at 11:07 -0700, Andrew Bartlett wrote:
> On Tue, 2014-09-16 at 18:27 +0200, Samuel Cabrero wrote:
> > Hi Stefan, Andrew,
> > 
> > another iteration. The changes:
> > 
> > * The TLS flag on the binding structure has been changed to a string
> > option, so all changes to binding structure are dropped now.
> > * NTLM support. After having a look to gensec I have added three
> > mechanisms for the HTTP library (http_basic, http_ntlm and
> > http_negotiate). The http_ntlm and http_negotiate are just wrappers
> > which start a gensec sub context and only encode/decode the blobs in
> > base64.
> 
> This is really neat!  I'm very impressed!
> 
> > * Small changes in the HTTP library interface.
> > 
> > In my tests the three mechanisms are working against IIS, but I have not
> > added the option to use the negotiate scheme for ncacn_http because only
> > NTLM and basic are supported ([MS-RPCH] Sec. 1.7). When I tried to use
> > it, the server was closing the connection after authentication.
> > 
> > Samuel.
> 
> The remaining issues I see are just that it really needs a few more
> comments (I still find async/tevent stuff mind-bending, a few comments
> might help me understand what is going on), and remove the // TODO
> comments, or reformat to /* */ style.
> 
> All in all, a very impressive piece of work, particularly the use of
> GENSEC subcontexts.  I'll try and pin down metze or someone else here so
> we can get this reviewed before 4.2 cuts next week.

The other (harder, sorry) task we need is tests, which I've not seen in
the code so far.  Ideally this means finding some way to have a server
for this, so it works in make test, but at least we should have a test
we can run against Windows manually.

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba




More information about the samba-technical mailing list