diff options
author | Günther Deschner <gd@samba.org> | 2011-12-19 10:52:58 +0100 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2012-10-02 16:22:31 +0200 |
commit | 06f3b1f0b0dcf9355a8d634cdb62f1f0a8ea4dbe (patch) | |
tree | b774fc8251e5e17b63f33496073105b4f202031c | |
parent | eae33e96fcaa456830862325b91579faf2a96213 (diff) | |
download | samba-06f3b1f0b0dcf9355a8d634cdb62f1f0a8ea4dbe.tar.gz samba-06f3b1f0b0dcf9355a8d634cdb62f1f0a8ea4dbe.tar.bz2 samba-06f3b1f0b0dcf9355a8d634cdb62f1f0a8ea4dbe.zip |
s3-kerberos: add aes enctypes to generated krb5.conf.
Guenther
-rw-r--r-- | source3/libads/kerberos.c | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index fd39394ba6..3183e26c85 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -831,6 +831,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, int fd; char *realm_upper = NULL; bool result = false; + char *aes_enctypes = NULL; if (!lp_create_krb5_conf()) { return false; @@ -870,15 +871,33 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, goto done; } - /* FIXME: add aes here - gd */ + aes_enctypes = talloc_strdup(fname, ""); + if (aes_enctypes == NULL) { + goto done; + } + +#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96 + aes_enctypes = talloc_asprintf_append(aes_enctypes, "%s", "aes256-cts-hmac-sha1-96 "); + if (aes_enctypes == NULL) { + goto done; + } +#endif +#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96 + aes_enctypes = talloc_asprintf_append(aes_enctypes, "%s", "aes128-cts-hmac-sha1-96"); + if (aes_enctypes == NULL) { + goto done; + } +#endif + file_contents = talloc_asprintf(fname, "[libdefaults]\n\tdefault_realm = %s\n" - "\tdefault_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n" - "\tdefault_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n" - "\tpreferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n\n" + "\tdefault_tgs_enctypes = %s RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n" + "\tdefault_tkt_enctypes = %s RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n" + "\tpreferred_enctypes = %s RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n\n" "[realms]\n\t%s = {\n" "\t%s\t}\n", - realm_upper, realm_upper, kdc_ip_string); + realm_upper, aes_enctypes, aes_enctypes, aes_enctypes, + realm_upper, kdc_ip_string); if (!file_contents) { goto done; |