Heimdal rc-hmac and gss_wrap_iov
Andreas Schneider
asn at samba.org
Thu Aug 7 03:19:37 MDT 2014
On Thursday 07 August 2014 20:48:32 Andrew Bartlett wrote:
> On Wed, 2014-08-06 at 11:13 +0200, Andreas Schneider wrote:
> > On Monday 28 July 2014 14:32:59 Andreas Schneider wrote:
> > > Hi Love,
> > >
> > > Günther and I are currently working on MIT Kerberos support for the
> > > Samba AD DC.
> > >
> > > We would like to always use the gss_(un)wrap_iov*() functions but it
> > > isn't
> > > possible with Heimdal codebase right now.
> > >
> > > a) gss_wrap_iov doesn't work with rc4-hmac
> > > b) gss_wrap_iov doesn't support GSS_IOV_BUFFER_TYPE_STREAM
> > >
> > >
> > > Metze already started to hack on this and I took over. The current
> > > changes
> > > are currently here:
> > >
> > > https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/master-gs
> > > s_wr ap_iov
> > >
> > >
> > > Could you please take a look if you're fine with the approach. I'm a
> > > total
> > > GSSAPI newbie so I have a hard time finding the right functions to call
> > > and
> > > split up the blob. So advice and help is very welcome.
> >
> > Ping! :)
>
> I realise this is still very much a WIP, but when you get further it is
> best to proposed Heimdal changes on github, those seem to be dealt with
> pretty promptly.
>
> In the meantime, I've CC'ed heimdal-discuss.
Thanks, I've subscribed to heimdal-discuss yesterday. I need some help with
this stuff. The rc4-hmac stuff for gss_wrap_iov() is working for the DCERPC
case but I'm not able to test the non-DCERPC case cause
GSS_IOV_BUFFER_TYPE_STREAM is not supported. I need help implementing that.
It would be great if someone could take a look so we can discuss how to move
on. Maybe a pair programming session would be possible...
Cheers,
-- andreas
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list