As part of matching the behaviour of Windows, assume that trust objects
support AES256, but not RC4, if not specified otherwise.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15219
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
4bb50c868c8ed14372cb7d27e53cdaba265fc33d)
[jsutton@samba.org Added knownfail removals]
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_service_ticket
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_sid_mismatch_existing
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_sid_mismatch_nonexisting
-#
-# LSA tests
-#
-^samba4.rpc.lsa.trusted.domains with .lsa.TrustedDomains.ad_dc_default
-^samba4.rpc.lsa.trusted.domains with bigendian.lsa.TrustedDomains.ad_dc_default
-^samba4.rpc.lsa.trusted.domains with validate.lsa.TrustedDomains.ad_dc_default
NTSTATUS status;
if (dsdb_functional_level(kdc_db_ctx->samdb) >= DS_DOMAIN_FUNCTION_2008) {
+ /* If not told otherwise, Windows now assumes that trusts support AES. */
supported_enctypes = ldb_msg_find_attr_as_uint(msg,
"msDS-SupportedEncryptionTypes",
- supported_enctypes);
+ ENC_HMAC_SHA1_96_AES256);
}
status = dsdb_trust_parse_tdo_info(mem_ctx, msg, &tdo);