summaryrefslogtreecommitdiff
path: root/source3/libads
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2011-12-19 10:52:58 +0100
committerGünther Deschner <gd@samba.org>2012-10-02 16:22:31 +0200
commit06f3b1f0b0dcf9355a8d634cdb62f1f0a8ea4dbe (patch)
treeb774fc8251e5e17b63f33496073105b4f202031c /source3/libads
parenteae33e96fcaa456830862325b91579faf2a96213 (diff)
downloadsamba-06f3b1f0b0dcf9355a8d634cdb62f1f0a8ea4dbe.tar.gz
samba-06f3b1f0b0dcf9355a8d634cdb62f1f0a8ea4dbe.tar.bz2
samba-06f3b1f0b0dcf9355a8d634cdb62f1f0a8ea4dbe.zip
s3-kerberos: add aes enctypes to generated krb5.conf.
Guenther
Diffstat (limited to 'source3/libads')
-rw-r--r--source3/libads/kerberos.c29
1 files changed, 24 insertions, 5 deletions
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index fd39394ba6..3183e26c85 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -831,6 +831,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
int fd;
char *realm_upper = NULL;
bool result = false;
+ char *aes_enctypes = NULL;
if (!lp_create_krb5_conf()) {
return false;
@@ -870,15 +871,33 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
goto done;
}
- /* FIXME: add aes here - gd */
+ aes_enctypes = talloc_strdup(fname, "");
+ if (aes_enctypes == NULL) {
+ goto done;
+ }
+
+#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
+ aes_enctypes = talloc_asprintf_append(aes_enctypes, "%s", "aes256-cts-hmac-sha1-96 ");
+ if (aes_enctypes == NULL) {
+ goto done;
+ }
+#endif
+#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
+ aes_enctypes = talloc_asprintf_append(aes_enctypes, "%s", "aes128-cts-hmac-sha1-96");
+ if (aes_enctypes == NULL) {
+ goto done;
+ }
+#endif
+
file_contents = talloc_asprintf(fname,
"[libdefaults]\n\tdefault_realm = %s\n"
- "\tdefault_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
- "\tdefault_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
- "\tpreferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n\n"
+ "\tdefault_tgs_enctypes = %s RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
+ "\tdefault_tkt_enctypes = %s RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
+ "\tpreferred_enctypes = %s RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n\n"
"[realms]\n\t%s = {\n"
"\t%s\t}\n",
- realm_upper, realm_upper, kdc_ip_string);
+ realm_upper, aes_enctypes, aes_enctypes, aes_enctypes,
+ realm_upper, kdc_ip_string);
if (!file_contents) {
goto done;