diff options
| author | Gerald Carter <jerry@samba.org> | 2007-01-29 21:15:25 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:17:29 -0500 |
| commit | 594ab518a581f3728c82bdb9cf563e5fa449c0e1 (patch) | |
| tree | 8c3157a5da37352500322a09ac4c8b813b65f30f /source3/libsmb/clikrb5.c | |
| parent | 400f419580800020bc832412ef737116a02a9703 (diff) | |
| download | samba-594ab518a581f3728c82bdb9cf563e5fa449c0e1.tar.gz samba-594ab518a581f3728c82bdb9cf563e5fa449c0e1.tar.bz2 samba-594ab518a581f3728c82bdb9cf563e5fa449c0e1.zip | |
r21046: Backing out svn r20403 (Andrew's krb5 ticket cleanup
as this is causing the WRONG_PASSWORD error in the SetUserInfo()
call during net ads join).
We are now back to always list RC4-HMAC first if supported by
the krb5 libraries.
(This used to be commit 4fb57bce87588ac4898588ea4988eadff3a7f435)
Diffstat (limited to 'source3/libsmb/clikrb5.c')
| -rw-r--r-- | source3/libsmb/clikrb5.c | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c index 0df45f1b4d..4092b4b2b9 100644 --- a/source3/libsmb/clikrb5.c +++ b/source3/libsmb/clikrb5.c @@ -130,6 +130,35 @@ static krb5_error_code smb_krb5_parse_name_norealm_conv(krb5_context context, } #endif +#if !defined(HAVE_KRB5_SET_DEFAULT_TGS_KTYPES) + +#if defined(HAVE_KRB5_SET_DEFAULT_TGS_ENCTYPES) + +/* With MIT kerberos, we should use krb5_set_default_tgs_enctypes in preference + * to krb5_set_default_tgs_ktypes. See + * http://lists.samba.org/archive/samba-technical/2006-July/048271.html + * + * If the MIT libraries are not exporting internal symbols, we will end up in + * this branch, which is correct. Otherwise we will continue to use the + * internal symbol + */ + krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc) +{ + return krb5_set_default_tgs_enctypes(ctx, enc); +} + +#elif defined(HAVE_KRB5_SET_DEFAULT_IN_TKT_ETYPES) + +/* Heimdal */ + krb5_error_code krb5_set_default_tgs_ktypes(krb5_context ctx, const krb5_enctype *enc) +{ + return krb5_set_default_in_tkt_etypes(ctx, enc); +} + +#endif /* HAVE_KRB5_SET_DEFAULT_TGS_ENCTYPES */ + +#endif /* HAVE_KRB5_SET_DEFAULT_TGS_KTYPES */ + #if defined(HAVE_ADDR_TYPE_IN_KRB5_ADDRESS) /* HEIMDAL */ void setup_kaddr( krb5_address *pkaddr, struct sockaddr *paddr) @@ -612,6 +641,13 @@ int cli_krb5_get_ticket(const char *principal, time_t time_offset, krb5_context context = NULL; krb5_ccache ccdef = NULL; krb5_auth_context auth_context = NULL; + krb5_enctype enc_types[] = { +#ifdef ENCTYPE_ARCFOUR_HMAC + ENCTYPE_ARCFOUR_HMAC, +#endif + ENCTYPE_DES_CBC_MD5, + ENCTYPE_DES_CBC_CRC, + ENCTYPE_NULL}; initialize_krb5_error_table(); retval = krb5_init_context(&context); @@ -632,6 +668,12 @@ int cli_krb5_get_ticket(const char *principal, time_t time_offset, goto failed; } + if ((retval = krb5_set_default_tgs_ktypes(context, enc_types))) { + DEBUG(1,("cli_krb5_get_ticket: krb5_set_default_tgs_ktypes failed (%s)\n", + error_message(retval))); + goto failed; + } + if ((retval = ads_krb5_mk_req(context, &auth_context, AP_OPTS_USE_SUBKEY | (krb5_flags)extra_ap_opts, |