summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2012-10-22 13:47:48 +0200
committerMichael Adam <obnox@samba.org>2012-11-01 16:24:28 +0100
commit24f3f87706329e6e280dc6be6d025e997d46c910 (patch)
tree46f61bc5a74fee4235ad1cc4187428c3d8306596
parentf853c1792967332c4aff52c0fb35f653f614f86d (diff)
downloadsamba-24f3f87706329e6e280dc6be6d025e997d46c910.tar.gz
samba-24f3f87706329e6e280dc6be6d025e997d46c910.tar.bz2
samba-24f3f87706329e6e280dc6be6d025e997d46c910.zip
lib/krb5_wrap: request enc_types in the correct order (bug #9272)
aes256-cts-hmac-sha1-96 and aes128-cts-hmac-sha1-96 should have a higher priority than arcfour-hmac-md5, otherwise the KDC still gives us arcfour-hmac-md5 session keys. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
-rw-r--r--lib/krb5_wrap/krb5_samba.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 8037337d6e..f04f6e1837 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -685,15 +685,15 @@ int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx,
krb5_ccache ccdef = NULL;
krb5_auth_context auth_context = NULL;
krb5_enctype enc_types[] = {
- ENCTYPE_ARCFOUR_HMAC,
- ENCTYPE_DES_CBC_MD5,
- ENCTYPE_DES_CBC_CRC,
-#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
- ENCTYPE_AES128_CTS_HMAC_SHA1_96,
-#endif
#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
#endif
+#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
+ ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+#endif
+ ENCTYPE_ARCFOUR_HMAC,
+ ENCTYPE_DES_CBC_MD5,
+ ENCTYPE_DES_CBC_CRC,
ENCTYPE_NULL};
initialize_krb5_error_table();