[SCM] Samba Shared Repository - branch master updated

Mon, 07 Sep 2020 02:27:20 -0700 

The branch, master has been updated
       via  6444a743525 s3:libads: Also add a realm entry for the domain name
       via  a5303967287 s3:libads: Only add RC4 if weak crypto is allowed
       via  9cf1aecd73e s3:libads: Remove DES legacy types for Kerberos
      from  bd9f64d19dc Fixed arrow keys typo to the computer move command 
utility

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 6444a743525532c70634e2dd4cacadce54ba2eab
Author: Andreas Schneider <a...@samba.org>
Date:   Thu Sep 3 13:49:33 2020 +0200

    s3:libads: Also add a realm entry for the domain name
    
    This is required if we try to authenticate as Administrator@DOMAIN so it
    can find the KDC. This fixes 'net ads join' for ad_member_fips if we
    require Kerberos auth.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14479
    
    Signed-off-by: Andreas Schneider <a...@samba.org>
    Reviewed-by: Isaac Boukris <ibouk...@samba.org>
    
    Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org>
    Autobuild-Date(master): Mon Sep  7 09:25:33 UTC 2020 on sn-devel-184

commit a5303967287cef0c3d0b653e2aca73d25d438cf7
Author: Andreas Schneider <a...@samba.org>
Date:   Thu Sep 3 11:45:33 2020 +0200

    s3:libads: Only add RC4 if weak crypto is allowed
    
    Signed-off-by: Andreas Schneider <a...@samba.org>
    Reviewed-by: Isaac Boukris <ibouk...@samba.org>

commit 9cf1aecd73e011ad03ddb072760454379b3f0a32
Author: Andreas Schneider <a...@samba.org>
Date:   Thu Sep 3 11:11:14 2020 +0200

    s3:libads: Remove DES legacy types for Kerberos
    
    We already removed DES support for Kerberos in Samba 4.12.
    
    Signed-off-by: Andreas Schneider <a...@samba.org>
    Reviewed-by: Isaac Boukris <ibouk...@samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/libads/kerberos.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 3fab68266f2..1db285cd29a 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -611,9 +611,10 @@ static char *get_enctypes(TALLOC_CTX *mem_ctx)
 #endif
        }
 
-       if (lp_kerberos_encryption_types() == KERBEROS_ETYPES_ALL ||
-           lp_kerberos_encryption_types() == KERBEROS_ETYPES_LEGACY) {
-               legacy_enctypes = "RC4-HMAC DES-CBC-CRC DES-CBC-MD5";
+       if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_ALLOWED &&
+           (lp_kerberos_encryption_types() == KERBEROS_ETYPES_ALL ||
+            lp_kerberos_encryption_types() == KERBEROS_ETYPES_LEGACY)) {
+               legacy_enctypes = "RC4-HMAC";
        }
 
        enctypes =
@@ -744,11 +745,15 @@ bool create_local_private_krb5_conf_for_domain(const char 
*realm,
                            "\tdns_lookup_kdc = true\n\n"
                            "[realms]\n\t%s = {\n"
                            "%s\t}\n"
+                           "\t%s = {\n"
+                           "%s\t}\n"
                            "%s\n",
                            realm_upper,
                            enctypes,
                            realm_upper,
                            kdc_ip_string,
+                           domain,
+                           kdc_ip_string,
                            include_system_krb5);
 
        if (!file_contents) {


-- 
Samba Shared Repository

Reply via email to