[SCM] Samba Shared Repository - branch master updated

Andreas Schneider asn at samba.org
Mon Sep 7 09:26:02 UTC 2020 

The branch, master has been updated
       via  6444a743525 s3:libads: Also add a realm entry for the domain name
       via  a5303967287 s3:libads: Only add RC4 if weak crypto is allowed
       via  9cf1aecd73e s3:libads: Remove DES legacy types for Kerberos
      from  bd9f64d19dc Fixed arrow keys typo to the computer move command utility

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 6444a743525532c70634e2dd4cacadce54ba2eab
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Sep 3 13:49:33 2020 +0200

    s3:libads: Also add a realm entry for the domain name
    
    This is required if we try to authenticate as Administrator at DOMAIN so it
    can find the KDC. This fixes 'net ads join' for ad_member_fips if we
    require Kerberos auth.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14479
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Isaac Boukris <iboukris at samba.org>
    
    Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
    Autobuild-Date(master): Mon Sep  7 09:25:33 UTC 2020 on sn-devel-184

commit a5303967287cef0c3d0b653e2aca73d25d438cf7
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Sep 3 11:45:33 2020 +0200

    s3:libads: Only add RC4 if weak crypto is allowed
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Isaac Boukris <iboukris at samba.org>

commit 9cf1aecd73e011ad03ddb072760454379b3f0a32
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Sep 3 11:11:14 2020 +0200

    s3:libads: Remove DES legacy types for Kerberos
    
    We already removed DES support for Kerberos in Samba 4.12.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Isaac Boukris <iboukris at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/libads/kerberos.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 3fab68266f2..1db285cd29a 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -611,9 +611,10 @@ static char *get_enctypes(TALLOC_CTX *mem_ctx)
 #endif
 	}
 
-	if (lp_kerberos_encryption_types() == KERBEROS_ETYPES_ALL ||
-	    lp_kerberos_encryption_types() == KERBEROS_ETYPES_LEGACY) {
-		legacy_enctypes = "RC4-HMAC DES-CBC-CRC DES-CBC-MD5";
+	if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_ALLOWED &&
+	    (lp_kerberos_encryption_types() == KERBEROS_ETYPES_ALL ||
+	     lp_kerberos_encryption_types() == KERBEROS_ETYPES_LEGACY)) {
+		legacy_enctypes = "RC4-HMAC";
 	}
 
 	enctypes =
@@ -744,11 +745,15 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
 			    "\tdns_lookup_kdc = true\n\n"
 			    "[realms]\n\t%s = {\n"
 			    "%s\t}\n"
+			    "\t%s = {\n"
+			    "%s\t}\n"
 			    "%s\n",
 			    realm_upper,
 			    enctypes,
 			    realm_upper,
 			    kdc_ip_string,
+			    domain,
+			    kdc_ip_string,
 			    include_system_krb5);
 
 	if (!file_contents) {


-- 
Samba Shared Repository

More information about the samba-cvs mailing list