commit eae33e96fcaa456830862325b91579faf2a96213
Author: Günther Deschner <gd@samba.org>
AuthorDate: Thu Dec 15 18:12:41 2011 +0100
Commit: Günther Deschner <gd@samba.org>
CommitDate: Tue Oct 2 16:22:31 2012 +0200
s3-krb5: use and request AES keys in kerberos operations.
Guenther
---
lib/krb5_wrap/krb5_samba.c | 6 ++++++
source3/libads/kerberos.c | 1 +
source3/libads/kerberos_keytab.c | 8 +++++++-
3 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 1a5a710..8037337 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -688,6 +688,12 @@ int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx,
ENCTYPE_ARCFOUR_HMAC,
ENCTYPE_DES_CBC_MD5,
ENCTYPE_DES_CBC_CRC,
+#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
+ ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+#endif
+#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
+ ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+#endif
ENCTYPE_NULL};
initialize_krb5_error_table();
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 1093d12..fd39394 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -870,6 +870,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
goto done;
}
+ /* FIXME: add aes here - gd */
file_contents = talloc_asprintf(fname,
"[libdefaults]\n\tdefault_realm = %s\n"
"\tdefault_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index eb2603b..b7df50d 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -263,9 +263,15 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc)
krb5_keytab keytab = NULL;
krb5_data password;
krb5_kvno kvno;
- krb5_enctype enctypes[4] = {
+ krb5_enctype enctypes[6] = {
ENCTYPE_DES_CBC_CRC,
ENCTYPE_DES_CBC_MD5,
+#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
+ ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+#endif
+#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
+ ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+#endif
ENCTYPE_ARCFOUR_HMAC,
0
};