s3-kerberos: add aes enctypes to generated krb5.conf.

author Günther Deschner <gd@samba.org>

Mon, 19 Dec 2011 09:52:58 +0000 (10:52 +0100)

committer Karolin Seeger <kseeger@samba.org>

Mon, 12 Nov 2012 08:07:18 +0000 (09:07 +0100)
author Günther Deschner <gd@samba.org>
Mon, 19 Dec 2011 09:52:58 +0000 (10:52 +0100)
committer Karolin Seeger <kseeger@samba.org>
Mon, 12 Nov 2012 08:07:18 +0000 (09:07 +0100)
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c

index a9da2d6579bdbf3d4253c7f3bf8cba04d6bc29e4..6b8f247b2d7ed0a9271928dfe383af2541c4ea28 100644 (file)
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -850,6 +850,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
         int fd;
         char *realm_upper = NULL;
         bool result = false;
+       char *aes_enctypes = NULL;
  
         if (!lp_create_krb5_conf()) {
                 return false;
@@ -887,15 +888,33 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
                 goto done;
         }
  
-       /* FIXME: add aes here - gd */
+       aes_enctypes = talloc_strdup(fname, "");
+       if (aes_enctypes == NULL) {
+               goto done;
+       }
+
+#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
+       aes_enctypes = talloc_asprintf_append(aes_enctypes, "%s", "aes256-cts-hmac-sha1-96 ");
+       if (aes_enctypes == NULL) {
+               goto done;
+       }
+#endif
+#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
+       aes_enctypes = talloc_asprintf_append(aes_enctypes, "%s", "aes128-cts-hmac-sha1-96");
+       if (aes_enctypes == NULL) {
+               goto done;
+       }
+#endif
+
         file_contents = talloc_asprintf(fname,
                                         "[libdefaults]\n\tdefault_realm = %s\n"
-                                       "\tdefault_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
-                                       "\tdefault_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
-                                       "\tpreferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n\n"
+                                       "\tdefault_tgs_enctypes = %s RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
+                                       "\tdefault_tkt_enctypes = %s RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
+                                       "\tpreferred_enctypes = %s RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n\n"
                                         "[realms]\n\t%s = {\n"
                                         "\t%s\t}\n",
-                                       realm_upper, realm_upper, kdc_ip_string);
+                                       realm_upper, aes_enctypes, aes_enctypes, aes_enctypes,
+                                       realm_upper, kdc_ip_string);
  
         if (!file_contents) {
                 goto done;
author	Günther Deschner <gd@samba.org>
	Mon, 19 Dec 2011 09:52:58 +0000 (10:52 +0100)
committer	Karolin Seeger <kseeger@samba.org>
	Mon, 12 Nov 2012 08:07:18 +0000 (09:07 +0100)