66 lines
2.1 KiB
Diff
66 lines
2.1 KiB
Diff
|
commit eae33e96fcaa456830862325b91579faf2a96213
|
||
|
Author: Günther Deschner <gd@samba.org>
|
||
|
AuthorDate: Thu Dec 15 18:12:41 2011 +0100
|
||
|
Commit: Günther Deschner <gd@samba.org>
|
||
|
CommitDate: Tue Oct 2 16:22:31 2012 +0200
|
||
|
|
||
|
s3-krb5: use and request AES keys in kerberos operations.
|
||
|
|
||
|
Guenther
|
||
|
---
|
||
|
lib/krb5_wrap/krb5_samba.c | 6 ++++++
|
||
|
source3/libads/kerberos.c | 1 +
|
||
|
source3/libads/kerberos_keytab.c | 8 +++++++-
|
||
|
3 files changed, 14 insertions(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
|
||
|
index 1a5a710..8037337 100644
|
||
|
--- a/lib/krb5_wrap/krb5_samba.c
|
||
|
+++ b/lib/krb5_wrap/krb5_samba.c
|
||
|
@@ -688,6 +688,12 @@ int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx,
|
||
|
ENCTYPE_ARCFOUR_HMAC,
|
||
|
ENCTYPE_DES_CBC_MD5,
|
||
|
ENCTYPE_DES_CBC_CRC,
|
||
|
+#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
|
||
|
+ ENCTYPE_AES128_CTS_HMAC_SHA1_96,
|
||
|
+#endif
|
||
|
+#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
|
||
|
+ ENCTYPE_AES256_CTS_HMAC_SHA1_96,
|
||
|
+#endif
|
||
|
ENCTYPE_NULL};
|
||
|
|
||
|
initialize_krb5_error_table();
|
||
|
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
|
||
|
index 1093d12..fd39394 100644
|
||
|
--- a/source3/libads/kerberos.c
|
||
|
+++ b/source3/libads/kerberos.c
|
||
|
@@ -870,6 +870,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
|
||
|
goto done;
|
||
|
}
|
||
|
|
||
|
+ /* FIXME: add aes here - gd */
|
||
|
file_contents = talloc_asprintf(fname,
|
||
|
"[libdefaults]\n\tdefault_realm = %s\n"
|
||
|
"\tdefault_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
|
||
|
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
|
||
|
index eb2603b..b7df50d 100644
|
||
|
--- a/source3/libads/kerberos_keytab.c
|
||
|
+++ b/source3/libads/kerberos_keytab.c
|
||
|
@@ -263,9 +263,15 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc)
|
||
|
krb5_keytab keytab = NULL;
|
||
|
krb5_data password;
|
||
|
krb5_kvno kvno;
|
||
|
- krb5_enctype enctypes[4] = {
|
||
|
+ krb5_enctype enctypes[6] = {
|
||
|
ENCTYPE_DES_CBC_CRC,
|
||
|
ENCTYPE_DES_CBC_MD5,
|
||
|
+#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
|
||
|
+ ENCTYPE_AES128_CTS_HMAC_SHA1_96,
|
||
|
+#endif
|
||
|
+#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
|
||
|
+ ENCTYPE_AES256_CTS_HMAC_SHA1_96,
|
||
|
+#endif
|
||
|
ENCTYPE_ARCFOUR_HMAC,
|
||
|
0
|
||
|
};
|