summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2011-12-15 18:12:41 +0100
committerGünther Deschner <gd@samba.org>2012-10-02 16:22:31 +0200
commiteae33e96fcaa456830862325b91579faf2a96213 (patch)
treea616870e59c494883df7c2826f29da877e9f3fe7
parent4a21d2e7790f1c76cf0d0fcfb2f4a8ef13721532 (diff)
downloadsamba-eae33e96fcaa456830862325b91579faf2a96213.tar.gz
samba-eae33e96fcaa456830862325b91579faf2a96213.tar.bz2
samba-eae33e96fcaa456830862325b91579faf2a96213.zip
s3-krb5: use and request AES keys in kerberos operations.
Guenther
-rw-r--r--lib/krb5_wrap/krb5_samba.c6
-rw-r--r--source3/libads/kerberos.c1
-rw-r--r--source3/libads/kerberos_keytab.c8
3 files changed, 14 insertions, 1 deletions
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 1a5a71010e..8037337d6e 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -688,6 +688,12 @@ int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx,
ENCTYPE_ARCFOUR_HMAC,
ENCTYPE_DES_CBC_MD5,
ENCTYPE_DES_CBC_CRC,
+#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
+ ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+#endif
+#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
+ ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+#endif
ENCTYPE_NULL};
initialize_krb5_error_table();
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 1093d12c2c..fd39394ba6 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -870,6 +870,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
goto done;
}
+ /* FIXME: add aes here - gd */
file_contents = talloc_asprintf(fname,
"[libdefaults]\n\tdefault_realm = %s\n"
"\tdefault_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index eb2603b672..b7df50dddf 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -263,9 +263,15 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc)
krb5_keytab keytab = NULL;
krb5_data password;
krb5_kvno kvno;
- krb5_enctype enctypes[4] = {
+ krb5_enctype enctypes[6] = {
ENCTYPE_DES_CBC_CRC,
ENCTYPE_DES_CBC_MD5,
+#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
+ ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+#endif
+#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
+ ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+#endif
ENCTYPE_ARCFOUR_HMAC,
0
};