diff options
author | Günther Deschner <gd@samba.org> | 2011-12-15 18:12:41 +0100 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2012-10-02 16:22:31 +0200 |
commit | eae33e96fcaa456830862325b91579faf2a96213 (patch) | |
tree | a616870e59c494883df7c2826f29da877e9f3fe7 | |
parent | 4a21d2e7790f1c76cf0d0fcfb2f4a8ef13721532 (diff) | |
download | samba-eae33e96fcaa456830862325b91579faf2a96213.tar.gz samba-eae33e96fcaa456830862325b91579faf2a96213.tar.bz2 samba-eae33e96fcaa456830862325b91579faf2a96213.zip |
s3-krb5: use and request AES keys in kerberos operations.
Guenther
-rw-r--r-- | lib/krb5_wrap/krb5_samba.c | 6 | ||||
-rw-r--r-- | source3/libads/kerberos.c | 1 | ||||
-rw-r--r-- | source3/libads/kerberos_keytab.c | 8 |
3 files changed, 14 insertions, 1 deletions
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index 1a5a71010e..8037337d6e 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -688,6 +688,12 @@ int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx, ENCTYPE_ARCFOUR_HMAC, ENCTYPE_DES_CBC_MD5, ENCTYPE_DES_CBC_CRC, +#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96 + ENCTYPE_AES128_CTS_HMAC_SHA1_96, +#endif +#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96 + ENCTYPE_AES256_CTS_HMAC_SHA1_96, +#endif ENCTYPE_NULL}; initialize_krb5_error_table(); diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 1093d12c2c..fd39394ba6 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -870,6 +870,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, goto done; } + /* FIXME: add aes here - gd */ file_contents = talloc_asprintf(fname, "[libdefaults]\n\tdefault_realm = %s\n" "\tdefault_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n" diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c index eb2603b672..b7df50dddf 100644 --- a/source3/libads/kerberos_keytab.c +++ b/source3/libads/kerberos_keytab.c @@ -263,9 +263,15 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc) krb5_keytab keytab = NULL; krb5_data password; krb5_kvno kvno; - krb5_enctype enctypes[4] = { + krb5_enctype enctypes[6] = { ENCTYPE_DES_CBC_CRC, ENCTYPE_DES_CBC_MD5, +#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96 + ENCTYPE_AES128_CTS_HMAC_SHA1_96, +#endif +#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96 + ENCTYPE_AES256_CTS_HMAC_SHA1_96, +#endif ENCTYPE_ARCFOUR_HMAC, 0 }; |