65 lines
2.1 KiB
Diff
65 lines
2.1 KiB
Diff
commit 06f3b1f0b0dcf9355a8d634cdb62f1f0a8ea4dbe
|
|
Author: Günther Deschner <gd@samba.org>
|
|
AuthorDate: Mon Dec 19 10:52:58 2011 +0100
|
|
Commit: Günther Deschner <gd@samba.org>
|
|
CommitDate: Tue Oct 2 16:22:31 2012 +0200
|
|
|
|
s3-kerberos: add aes enctypes to generated krb5.conf.
|
|
|
|
Guenther
|
|
---
|
|
source3/libads/kerberos.c | 29 ++++++++++++++++++++++++-----
|
|
1 file changed, 24 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
|
|
index fd39394..3183e26 100644
|
|
--- a/source3/libads/kerberos.c
|
|
+++ b/source3/libads/kerberos.c
|
|
@@ -831,6 +831,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
|
|
int fd;
|
|
char *realm_upper = NULL;
|
|
bool result = false;
|
|
+ char *aes_enctypes = NULL;
|
|
|
|
if (!lp_create_krb5_conf()) {
|
|
return false;
|
|
@@ -870,15 +871,33 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
|
|
goto done;
|
|
}
|
|
|
|
- /* FIXME: add aes here - gd */
|
|
+ aes_enctypes = talloc_strdup(fname, "");
|
|
+ if (aes_enctypes == NULL) {
|
|
+ goto done;
|
|
+ }
|
|
+
|
|
+#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
|
|
+ aes_enctypes = talloc_asprintf_append(aes_enctypes, "%s", "aes256-cts-hmac-sha1-96 ");
|
|
+ if (aes_enctypes == NULL) {
|
|
+ goto done;
|
|
+ }
|
|
+#endif
|
|
+#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
|
|
+ aes_enctypes = talloc_asprintf_append(aes_enctypes, "%s", "aes128-cts-hmac-sha1-96");
|
|
+ if (aes_enctypes == NULL) {
|
|
+ goto done;
|
|
+ }
|
|
+#endif
|
|
+
|
|
file_contents = talloc_asprintf(fname,
|
|
"[libdefaults]\n\tdefault_realm = %s\n"
|
|
- "\tdefault_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
|
|
- "\tdefault_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
|
|
- "\tpreferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n\n"
|
|
+ "\tdefault_tgs_enctypes = %s RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
|
|
+ "\tdefault_tkt_enctypes = %s RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
|
|
+ "\tpreferred_enctypes = %s RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n\n"
|
|
"[realms]\n\t%s = {\n"
|
|
"\t%s\t}\n",
|
|
- realm_upper, realm_upper, kdc_ip_string);
|
|
+ realm_upper, aes_enctypes, aes_enctypes, aes_enctypes,
|
|
+ realm_upper, kdc_ip_string);
|
|
|
|
if (!file_contents) {
|
|
goto done;
|