diff options
author | Andrew Bartlett <abartlet@samba.org> | 2007-04-28 16:38:06 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:51:43 -0500 |
commit | 729674054aa461b17a43a371f6891263d700ac7a (patch) | |
tree | e23ab3d59d95a505720791e27b2bfcf37c69ccc9 /source4/auth/credentials | |
parent | f34c57f4fc1a1817735ddb653011e6deb0edf912 (diff) | |
download | samba-729674054aa461b17a43a371f6891263d700ac7a.tar.gz samba-729674054aa461b17a43a371f6891263d700ac7a.tar.bz2 samba-729674054aa461b17a43a371f6891263d700ac7a.zip |
r22558: Move to a static list of enctypes to put into our keytab. In future,
I'll allow this to be configured from the secrets.ldb, but it should
fix some user issues.
Andrew Bartlett
(This used to be commit 0fd74ada220fb07d4ebe8c2d9b8ae50a387c2695)
Diffstat (limited to 'source4/auth/credentials')
-rw-r--r-- | source4/auth/credentials/credentials_krb5.c | 38 |
1 files changed, 34 insertions, 4 deletions
diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c index 7ba23ad9b6..69fb9e7b33 100644 --- a/source4/auth/credentials/credentials_krb5.c +++ b/source4/auth/credentials/credentials_krb5.c @@ -141,7 +141,10 @@ int cli_credentials_set_ccache(struct cli_credentials *cred, talloc_free(ccc); return ret; } - talloc_reference(ccc, ccc->smb_krb5_context); + if (!talloc_reference(ccc, ccc->smb_krb5_context)) { + talloc_free(ccc); + return ENOMEM; + } if (name) { ret = krb5_cc_resolve(ccc->smb_krb5_context->krb5_context, name, &ccc->ccache); @@ -218,7 +221,10 @@ int cli_credentials_new_ccache(struct cli_credentials *cred, struct ccache_conta talloc_free(ccc); return ret; } - talloc_reference(ccc, ccc->smb_krb5_context); + if (!talloc_reference(ccc, ccc->smb_krb5_context)) { + talloc_free(ccc); + return ENOMEM; + } ret = krb5_cc_resolve(ccc->smb_krb5_context->krb5_context, ccache_name, &ccc->ccache); if (ret) { @@ -394,6 +400,7 @@ int cli_credentials_get_keytab(struct cli_credentials *cred, krb5_error_code ret; struct keytab_container *ktc; struct smb_krb5_context *smb_krb5_context; + const char **enctype_strings; TALLOC_CTX *mem_ctx; if (cred->keytab_obtained >= (MAX(cred->principal_obtained, @@ -416,7 +423,11 @@ int cli_credentials_get_keytab(struct cli_credentials *cred, return ENOMEM; } - ret = smb_krb5_create_memory_keytab(mem_ctx, cred, smb_krb5_context, &ktc); + enctype_strings = cli_credentials_get_enctype_strings(cred); + + ret = smb_krb5_create_memory_keytab(mem_ctx, cred, + smb_krb5_context, + enctype_strings, &ktc); if (ret) { talloc_free(mem_ctx); return ret; @@ -478,6 +489,7 @@ int cli_credentials_update_keytab(struct cli_credentials *cred) krb5_error_code ret; struct keytab_container *ktc; struct smb_krb5_context *smb_krb5_context; + const char **enctype_strings; TALLOC_CTX *mem_ctx; mem_ctx = talloc_new(cred); @@ -491,13 +503,15 @@ int cli_credentials_update_keytab(struct cli_credentials *cred) return ret; } + enctype_strings = cli_credentials_get_enctype_strings(cred); + ret = cli_credentials_get_keytab(cred, &ktc); if (ret != 0) { talloc_free(mem_ctx); return ret; } - ret = smb_krb5_update_keytab(mem_ctx, cred, smb_krb5_context, ktc); + ret = smb_krb5_update_keytab(mem_ctx, cred, smb_krb5_context, enctype_strings, ktc); talloc_free(mem_ctx); return ret; @@ -594,6 +608,22 @@ int cli_credentials_get_kvno(struct cli_credentials *cred) return cred->kvno; } + +const char **cli_credentials_get_enctype_strings(struct cli_credentials *cred) +{ + /* If this is ever made user-configurable, we need to add code + * to remove/hide the other entries from the generated + * keytab */ + static const char *default_enctypes[] = { + "des-cbc-md5", + "aes256-cts-hmac-sha1-96", + "des3-cbc-sha1", + "arcfour-hmac-md5", + NULL + }; + return default_enctypes; +} + const char *cli_credentials_get_salt_principal(struct cli_credentials *cred) { return cred->salt_principal; |