1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

389 Commits

Author SHA1 Message Date
Andreas Schneider
72979d1d60 heimdal: Fix size types
This fixes compilation with -Wstrict-overflow=2

Upstream pull request:
https://github.com/heimdal/heimdal/pull/354

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-03-20 23:16:14 +01:00
Stefan Metzmacher
183e5d1e3d HEIMDAL:kdc: fix dh->q allocation check in get_dh_param()
Thanks to Doug Nazar <nazard@nazar.ca> for spotting this!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12986

Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from heimdal commit a79b59ba27070a015479e8d981b7e685dbe34310)
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-12-06 19:06:21 +01:00
Love Hornquist Astrand
dd3e06f14e HEIMDAL: don't bother seeing q if not sent
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12986

Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from heimdal commit 19f9fdbcea11013cf13ac72c416f161ee55dee2b)

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Aug 28 15:10:54 CEST 2017 on sn-devel-144
2017-08-28 15:10:54 +02:00
Love Hornquist Astrand
9f245aafdc HEIMDAL: allow optional q in DH DomainParameters
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12986

Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from heimdal commit e8317b955f5a390c4f296871ba6987ad05478c95)
2017-08-28 11:18:15 +02:00
Andreas Schneider
abd74c3ba5 heimdal: Fix printing a short int into a string
The size of portstr is too small to print an integer and we should print
a short anyway.

This fixes building with GCC 7.1

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Aug 11 18:08:04 CEST 2017 on sn-devel-144
2017-08-11 18:08:04 +02:00
Jeffrey Altman
3799a32e41 CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
In _krb5_extract_ticket() the KDC-REP service name must be obtained from
encrypted version stored in 'enc_part' instead of the unencrypted version
stored in 'ticket'.  Use of the unecrypted version provides an
opportunity for successful server impersonation and other attacks.

Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.

Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12894
(based on heimdal commit 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea)

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 12 17:44:50 CEST 2017 on sn-devel-144
2017-07-12 17:44:50 +02:00
Gary Lockyer
378ae342c4 strerror_r: provide XSI-compliant strerror_r
Provide a XSI-compliant strerror_r on GNU based systems.
The default GNU strerror_r is not XSI-compliant, this patch wraps the
GNU-specific call in an XSI-compliant wrapper.

This reverts 18ed32ce0821d11c0c06d82c07ba1c27b0c2b886 which tried to
make Heimdal use roken, rather than libreplace for strerror_r.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-06-13 18:38:14 +02:00
Andrew Bartlett
f498ba77df heimdal: Pass extra information to hdb_auth_status() to log success and failures
We now pass on the original client name and the client address to allow
consistent audit logging in Samba across multiple protocols.

We use config->db[0] to find the first database to record incorrect
users.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2017-03-29 02:37:28 +02:00
Andrew Bartlett
a998c0073f heimdal: Add initializer for stack pointers
This helps ensure we know these are NULL until set

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-03-27 20:08:18 +02:00
Stefan Metzmacher
209886e95c HEIMDAL:kdc: make it possible to disable the principal based referral detection
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12554

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-03-10 11:37:22 +01:00
Chris Lamb
fccdf34a0f Correct "updateing" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-02-22 08:26:23 +01:00
Chris Lamb
5c20790272 Correct "unavaible" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-02-22 08:26:23 +01:00
Chris Lamb
8fcc49ecd4 Correct "allignment" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-02-22 08:26:23 +01:00
Chris Lamb
e0366ea49d Correct "paramaters" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-02-22 08:26:23 +01:00
Chris Lamb
45b14b18fe Correct "explicity" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-02-22 08:26:23 +01:00
Chris Lamb
6e2869ab10 Correct "encyption" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-02-22 08:26:23 +01:00
Chris Lamb
a4e8f8aa44 Correct "relase" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-02-22 08:26:23 +01:00
Chris Lamb
5482e5426e Correct "existence" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-02-22 08:26:22 +01:00
Chris Lamb
afa9bb4ac5 Correct "extention" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-02-22 08:26:22 +01:00
Chris Lamb
c4feed0b8c Correct "doesnt" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-02-22 08:26:21 +01:00
Volker Lendecke
afd8c389c9 HEIMDAL:lib/krb5: Harden _krb5_derive_key()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-12-20 07:51:14 +01:00
Volker Lendecke
c15464f886 HEIMDAL:lib/krb5: Harden ARCFOUR_sub{en,de}crypt()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-12-20 07:51:14 +01:00
Stefan Metzmacher
fb318ab020 HEIMDAL:lib/krb5: use krb5_verify_checksum() in krb5_c_verify_checksum()
This allows the optimized checksum->verify() function to be used.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-12-20 07:51:14 +01:00
Stefan Metzmacher
05cc099499 HEIMDAL:lib/krb5: move checksum vs. enctype checks into get_checksum_key()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-12-20 07:51:14 +01:00
Stefan Metzmacher
2abc3710a8 HEIMDAL:lib/krb5: destroy a memory ccache on reinit
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-10-12 20:54:08 +02:00
Uri Simchoni
3f1f6e03cd heimdal: revert 1f90983324
A different version has gone upstream, fixing the problem
elsewhere.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Mon Oct  3 11:12:29 CEST 2016 on sn-devel-144
2016-10-03 11:12:29 +02:00
Uri Simchoni
0b61d9e02e heimdal-lib/krb5: keep a copy of config etypes in the context
When reading configuration file, keep an extra copy of
the encryption types, and use this when resetting the
encryption types to default.

GSSAPI always resets the enctypes to default before obtaining
a TGS, because the enctypes might have previously altered,
so this prevents changing the etypes from the configured ones
to the full set of supported etypes.

The same patch has gone into upstream heimdal as commit
a3bece1. It is a different solution to the problem fixed
here by commit 1f90983, so this commit will be reverted next
to keep compatibility with uptream.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-10-03 07:27:13 +02:00
Andreas Schneider
b3e324aad5 heimdal: Fix reauthentication after password change
If the KDC requires a password change kinit will ask after the initial
authentication for a new password. After the password has been changed
it does reauthentication and for that it needs to use the new password
we just set.

It is needed for the a new kpasswd service test.

This is already fixed upstream with:
    911c99375741281adae305f6ec3a3317023eba3e

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-11 02:58:21 +02:00
Andreas Schneider
e4f82de771 s4-heimdal: Export krb5_init_creds_* functions
The function krb5_get_init_creds_opt_get_error() is deprecated and
krb5_init_creds_init() and krb5_init_creds_get_error() should be used
now.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:17 +02:00
Uri Simchoni
1f90983324 heimdal: honor conf enctypes when obtaining a service ticket
This patch removes part of what's categorized in the code as
"hideous glue", which causes Heimdal to ignore krb5.conf
encryption types, and instead use either the application-
supplied values or the default compile-time values.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-09 04:39:07 +02:00
Stefan Metzmacher
0022ea9efb HEIMDAL:kdc: add krb5plugin_windc_pac_pk_generate() hook
This allows PAC_CRENDENTIAL_INFO to be added to the PAC
when using PKINIT. In that case PAC_CRENDENTIAL_INFO contains
an encrypted PAC_CRENDENTIAL_DATA.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-22 23:34:21 +02:00
Stefan Metzmacher
f61833082a HEIMDAL:kdc: reset e_text after successful pre-auth verification
This is already fixed in upstream heimdal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-22 23:34:20 +02:00
Stefan Metzmacher
08ead28c69 HEIMDAL:lib/krb5: allow predefined PAC_{LOGON_NAME,PRIVSVR_CHECKSUM,SERVER_CHECKSUM} elements in _krb5_pac_sign()
A caller may want to specify an explicit order of PAC elements,
e.g. the PAC_UPN_DNS_INFO element should be placed after the PAC_LOGON_NAME
element.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

This is commit 7cd40a610569d5e54ebe323672794fb6415b5dac in heimdal master.
2016-07-22 23:34:20 +02:00
Garming Sam
978bc8681e kerberos: Return enc data on PREAUTH_FAILED
Without the enc data, Windows clients will perform two AS-REQ causing the password
lockout count to increase by two instead of one.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11539

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul  5 10:52:32 CEST 2016 on sn-devel-144
2016-07-05 10:52:32 +02:00
Uri Simchoni
b2b951d14f heimdal make kvno unisgned internally
The folks at heimdal didn't like the patch in
commit 6379737b7d and insisted
that kvno should remain unsigned internally, even though it is
encoded as signed in packets. This patch reverts some of the
unsigned->signed changes in that commit, and resolves conversion
issues - in order to be aligned with upstream Heimdal.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 24 03:00:39 CEST 2016 on sn-devel-144
2016-05-24 03:00:39 +02:00
Uri Simchoni
6379737b7d heimdal: encode/decode kvno as signed integer
This patch changes the encoding/decoding of kvno (key version number)
in blobs and packets to signed integer, for compatibility with Windows.
Reportedly, MIT Kerberos does the same.

This patch effectively reverts commit 1124c4872dfb81bec9c4b527b8927ca35e39a599
in the heimdal tree.

According to the Kerberos spec (RFC 4120 5.2.9), the kvno field
in encrypted data object is an unsigned integer that fits in
32 bits. The Heimdal Kerberos component bundled with Samba
conforms to this. However, Windows deviates from the standard
and encodes kvno as a signed integer, and this creates
interoperability issues.

ASN.1 DER has no special encoding for unsigned integer. A 32-bit
unsigned integer is encoded as a signed integer, so while a signed
32-bit integer (covering the range of -0x80000000..0x7fffffff) is
encoded using up to 4 bytes, an unsigned integer (covering
0..0xffffffff) could require 5 bytes.

Normally, kvno for a given account starts at 1 and increments on
password changes. Kerberos defined this as unsigned because there's
no meaning for negative version numbers, so the standard writers figured
4 billion versions is better than 2 billion. It was not
expected for a kvno to really go past 0x7fffffff and the disctinction
usually does not matter. However, RODCs use kvnos which
have the most-significant bit set.

In Active Directory, RODCs have a private secret for the krbtgt,
because the assumption is that the RODC is less secure, and
recovering the domain krbtgt secret from the RODC would compromise
the security of the entire domain. The kvno field is being used
to identify the private krbtgt account that owns the key - the
upper 16 bits are the RODC id, and the lower 16 bits identify
the key version number for this specific RODC. It's common to
have an RODC id greater than 0x8000, and therefore to have a
kvno larger than 0x7fffffff, which would be DER-encoded using
5 bytes.

Windows encodes kvno as signed integer - basically taking the
32 bits and treating them as a signed integer rather than an
unsigned integer. This means that in Windows a kvno can
always be encoded using 4 bytes, and Windows DCs reject a kvno
encoded using more than 4 bytes without even generating an error
response (the DC assumes it's an attack).

Heimdal re-encodes the TGT when it creates a TGS request. Obviously
it cannot decode and encode the encrypted parts but it does re-encode
the plain parts, which include the kvno. That leads to a 5-byte
kvno in the TGS request, which is rejected without an error
response.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11900

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat May  7 21:14:21 CEST 2016 on sn-devel-144
2016-05-07 21:14:21 +02:00
Ralph Boehme
20dc68050d s4/heimdal: allow SPNs in AS-REQ
This allows testing keytabs with service tickets. Windows KDCs allow
this as well.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-04-25 10:35:14 +02:00
Aurelien Aptel
cb51e8d5cb s4/heimdal/lib/krb5/pac.c: typo
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <rb@sernet.de>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 10 03:33:46 CET 2016 on sn-devel-144
2016-03-10 03:33:46 +01:00
Aurelien Aptel
511c747745 s4/heimdal/lib/gssapi/mech/gss_compare_name.c: typo
make memcmp() compare the name1 and name2 value instead of comparing
name1 with itself.

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Ira Cooper <ira@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-10 00:08:11 +01:00
Douglas Bagnall
116f415779 heimdal asn1: avoid fclose(NULL) caused by missing braces
Thanks to GCC6 -Wmisleading-indentation.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Mar  3 16:21:52 CET 2016 on sn-devel-144
2016-03-03 16:21:52 +01:00
Christian Ambach
fc8e507b48 s4:heimdal fix a compile warning
about a potentially uninitialized variable

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-02-12 09:01:14 +01:00
Har Gagan Sahai
e4b0ea1425 Fix memory leak in dns resolution during spnego authentication using kerberos.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11471

Signed-off-by: Har Gagan Sahai <SHarGagan@novell.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Sep  3 19:11:22 CEST 2015 on sn-devel-104
2015-09-03 19:11:22 +02:00
Andrew Bartlett
ddee603b5e heimdal/gssapi: Allow a NULL authenticator
Some non-GSSAPI implementations that instead try to create compatible packets by wrapping krb5_mk_req()
can trigger a NULL authenticator here.  Assume this to be equvilent to specifying an all-zero
channel bindings and some reasonable (fixed) flags.

This was seen in the wild, with a Huawei Unified Storage System S5500 V3 against the AD DC

Original patch by Andrew Bartlett, restructured by Douglas Bagnall

Cherry-picked from upstream GIT 0a5de96d72cdea9e465412d7dba1e5d13e53dc09
which is the merge of https://github.com/heimdal/heimdal/pull/134

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11425
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-08-05 06:39:19 +02:00
Stefan Metzmacher
2d98800219 heimdal:kdc: add support for HDB_ERR_WRONG_REALM
A backend can return this if asked with HDB_F_GET_CLIENT|HDB_F_FOR_AS_REQ
for a KRB5_NT_ENTERPRISE_PRINCIPAL record or for HDB_F_GET_SERVER | HDB_F_FOR_TGS_REQ.

entry_ex->entry.principal->realm needs to return the real realm of the principal
(or at least a the realm of the next cross-realm trust hop).

This is needed to route enterprise principals between AD domain trusts.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-07-08 18:38:20 +02:00
Stefan Metzmacher
c63f360788 heimdal:kdc: generic support for 3part servicePrincipalNames
This is not DRSUAPI specific, it works for all 3 part principals.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-07-08 18:38:20 +02:00
Stefan Metzmacher
454db47eac heimdal:lib/krb5: add krb5_mk_error_ext() helper function
This gives the caller the ability to skip the client_name
and only provide client_realm. This is required for
KDC_ERR_WRONG_REALM messages.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-07-08 18:38:20 +02:00
Stefan Metzmacher
fca11edc0b heimdal:lib/krb5: correctly follow KRB5_KDC_ERR_WRONG_REALM client referrals
An AS-REQ with an enterprise principal will always directed to a kdc of the local
(default) realm. The KDC directs the client into the direction of the
final realm. See rfc6806.txt.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-07-08 18:38:20 +02:00
Stefan Metzmacher
c245d4f33e heimdal:lib/gssapi/krb5: implement gss_[un]wrap_iov[_length] with arcfour-hmac-md5
Pair-Programmed-With: Andreas Schneider <asn@samba.org>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-06-24 01:03:16 +02:00
Stefan Metzmacher
571a05c649 heimdal:lib/gssapi/krb5: split out a arcfour_mic_cksum_iov() function
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-06-24 01:03:16 +02:00
Stefan Metzmacher
688c537ab1 heimdal:lib/gssapi/krb5: add const to arcfour_mic_key()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-06-24 01:03:16 +02:00