more enctypes...

[metze/samba/wip.git] / source3 / libads / kerberos.c

diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 82f118a021e48e6e3f75fc1d235065db2c5007ab..bb6b91ee95e4066e14d44ef1cd8e2435e1df5460 100644 (file)
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -22,6 +22,7 @@
 */
 
 #include "includes.h"
+#include "libsmb/namequery.h"
 #include "system/filesys.h"
 #include "smb_krb5.h"
 #include "../librpc/gen_ndr/ndr_misc.h"
@@ -30,6 +31,7 @@
 #include "secrets.h"
 #include "../lib/tsocket/tsocket.h"
 #include "lib/util/asn1.h"
+#include "krb5_errs.h"
 
 #ifdef HAVE_KRB5
 
@@ -58,7 +60,7 @@ kerb_prompter(krb5_context ctx, void *data,
                 * version have looping detection and return with a proper error code.
                 */
 
-#if HAVE_KRB5_PROMPT_TYPE /* Heimdal */
+#if defined(HAVE_KRB5_PROMPT_TYPE) /* Heimdal */
                 if (prompts[0].type == KRB5_PROMPT_TYPE_NEW_PASSWORD &&
                     prompts[1].type == KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN) {
                        /*
@@ -126,9 +128,12 @@ int kerberos_kinit_password_ext(const char *principal,
 
        ZERO_STRUCT(my_creds);
 
-       initialize_krb5_error_table();
-       if ((code = krb5_init_context(&ctx)))
-               goto out;
+       code = smb_krb5_init_context_common(&ctx);
+       if (code != 0) {
+               DBG_ERR("kerberos init context failed (%s)\n",
+                       error_message(code));
+               return code;
+       }
 
        if (time_offset != 0) {
                krb5_set_real_time(ctx, time(NULL) + time_offset, 0);
@@ -242,10 +247,10 @@ int ads_kdestroy(const char *cc_name)
        krb5_context ctx = NULL;
        krb5_ccache cc = NULL;
 
-       initialize_krb5_error_table();
-       if ((code = krb5_init_context (&ctx))) {
-               DEBUG(3, ("ads_kdestroy: kdb5_init_context failed: %s\n", 
-                       error_message(code)));
+       code = smb_krb5_init_context_common(&ctx);
+       if (code != 0) {
+               DBG_ERR("kerberos init context failed (%s)\n",
+                       error_message(code));
                return code;
        }
 
@@ -594,6 +599,28 @@ static char *get_enctypes(TALLOC_CTX *mem_ctx)
 }
 #endif
 
+uint32_t kerberos_supported_encryption_types(void)
+{
+       uint32_t encryption_types = 0;
+
+       if (lp_kerberos_encryption_types() == KERBEROS_ETYPES_ALL ||
+           lp_kerberos_encryption_types() == KERBEROS_ETYPES_STRONG) {
+#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
+               encryption_types |= ENC_HMAC_SHA1_96_AES128;
+#endif
+#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
+               encryption_types |= ENC_HMAC_SHA1_96_AES256;
+#endif
+       }
+
+       if (lp_kerberos_encryption_types() == KERBEROS_ETYPES_ALL ||
+           lp_kerberos_encryption_types() == KERBEROS_ETYPES_LEGACY) {
+               encryption_types |= ENC_CRC32 | ENC_RSA_MD5 | ENC_RC4_HMAC_MD5;
+       }
+
+       return encryption_types;
+}
+
 bool create_local_private_krb5_conf_for_domain(const char *realm,
                                                const char *domain,
                                                const char *sitename,
@@ -627,7 +654,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
                return false;
        }
 
-       dname = lock_path("smb_krb5");
+       dname = lock_path(talloc_tos(), "smb_krb5");
        if (!dname) {
                return false;
        }
@@ -638,7 +665,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
                goto done;
        }
 
-       tmpname = lock_path("smb_tmp_krb5.XXXXXX");
+       tmpname = lock_path(talloc_tos(), "smb_tmp_krb5.XXXXXX");
        if (!tmpname) {
                goto done;
        }