[samba] Add back the AES patches which didn't make it in rc3.
asn
asn at fedoraproject.org
Tue Oct 16 11:44:22 UTC 2012
commit a1b5ef5dd0ec206cafb7709ee8bd69801836b9ac
Author: Andreas Schneider <asn at cryptomilk.org>
Date: Tue Oct 16 13:43:58 2012 +0200
Add back the AES patches which didn't make it in rc3.
samba-4.0.0rc4-add_aes_enctypes_to_krb5_conf.patch | 64 +++++++++++++++++++
samba-4.0.0rc4-request_aes_krb_keys.patch | 65 ++++++++++++++++++++
samba.spec | 11 +++-
3 files changed, 139 insertions(+), 1 deletions(-)
---
diff --git a/samba-4.0.0rc4-add_aes_enctypes_to_krb5_conf.patch b/samba-4.0.0rc4-add_aes_enctypes_to_krb5_conf.patch
new file mode 100644
index 0000000..f34cef2
--- /dev/null
+++ b/samba-4.0.0rc4-add_aes_enctypes_to_krb5_conf.patch
@@ -0,0 +1,64 @@
+commit 06f3b1f0b0dcf9355a8d634cdb62f1f0a8ea4dbe
+Author: Günther Deschner <gd at samba.org>
+AuthorDate: Mon Dec 19 10:52:58 2011 +0100
+Commit: Günther Deschner <gd at samba.org>
+CommitDate: Tue Oct 2 16:22:31 2012 +0200
+
+ s3-kerberos: add aes enctypes to generated krb5.conf.
+
+ Guenther
+---
+ source3/libads/kerberos.c | 29 ++++++++++++++++++++++++-----
+ 1 file changed, 24 insertions(+), 5 deletions(-)
+
+diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
+index fd39394..3183e26 100644
+--- a/source3/libads/kerberos.c
++++ b/source3/libads/kerberos.c
+@@ -831,6 +831,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
+ int fd;
+ char *realm_upper = NULL;
+ bool result = false;
++ char *aes_enctypes = NULL;
+
+ if (!lp_create_krb5_conf()) {
+ return false;
+@@ -870,15 +871,33 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
+ goto done;
+ }
+
+- /* FIXME: add aes here - gd */
++ aes_enctypes = talloc_strdup(fname, "");
++ if (aes_enctypes == NULL) {
++ goto done;
++ }
++
++#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
++ aes_enctypes = talloc_asprintf_append(aes_enctypes, "%s", "aes256-cts-hmac-sha1-96 ");
++ if (aes_enctypes == NULL) {
++ goto done;
++ }
++#endif
++#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
++ aes_enctypes = talloc_asprintf_append(aes_enctypes, "%s", "aes128-cts-hmac-sha1-96");
++ if (aes_enctypes == NULL) {
++ goto done;
++ }
++#endif
++
+ file_contents = talloc_asprintf(fname,
+ "[libdefaults]\n\tdefault_realm = %s\n"
+- "\tdefault_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
+- "\tdefault_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
+- "\tpreferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n\n"
++ "\tdefault_tgs_enctypes = %s RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
++ "\tdefault_tkt_enctypes = %s RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
++ "\tpreferred_enctypes = %s RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n\n"
+ "[realms]\n\t%s = {\n"
+ "\t%s\t}\n",
+- realm_upper, realm_upper, kdc_ip_string);
++ realm_upper, aes_enctypes, aes_enctypes, aes_enctypes,
++ realm_upper, kdc_ip_string);
+
+ if (!file_contents) {
+ goto done;
diff --git a/samba-4.0.0rc4-request_aes_krb_keys.patch b/samba-4.0.0rc4-request_aes_krb_keys.patch
new file mode 100644
index 0000000..31391f8
--- /dev/null
+++ b/samba-4.0.0rc4-request_aes_krb_keys.patch
@@ -0,0 +1,65 @@
+commit eae33e96fcaa456830862325b91579faf2a96213
+Author: Günther Deschner <gd at samba.org>
+AuthorDate: Thu Dec 15 18:12:41 2011 +0100
+Commit: Günther Deschner <gd at samba.org>
+CommitDate: Tue Oct 2 16:22:31 2012 +0200
+
+ s3-krb5: use and request AES keys in kerberos operations.
+
+ Guenther
+---
+ lib/krb5_wrap/krb5_samba.c | 6 ++++++
+ source3/libads/kerberos.c | 1 +
+ source3/libads/kerberos_keytab.c | 8 +++++++-
+ 3 files changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
+index 1a5a710..8037337 100644
+--- a/lib/krb5_wrap/krb5_samba.c
++++ b/lib/krb5_wrap/krb5_samba.c
+@@ -688,6 +688,12 @@ int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx,
+ ENCTYPE_ARCFOUR_HMAC,
+ ENCTYPE_DES_CBC_MD5,
+ ENCTYPE_DES_CBC_CRC,
++#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
++ ENCTYPE_AES128_CTS_HMAC_SHA1_96,
++#endif
++#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
++ ENCTYPE_AES256_CTS_HMAC_SHA1_96,
++#endif
+ ENCTYPE_NULL};
+
+ initialize_krb5_error_table();
+diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
+index 1093d12..fd39394 100644
+--- a/source3/libads/kerberos.c
++++ b/source3/libads/kerberos.c
+@@ -870,6 +870,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
+ goto done;
+ }
+
++ /* FIXME: add aes here - gd */
+ file_contents = talloc_asprintf(fname,
+ "[libdefaults]\n\tdefault_realm = %s\n"
+ "\tdefault_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
+diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
+index eb2603b..b7df50d 100644
+--- a/source3/libads/kerberos_keytab.c
++++ b/source3/libads/kerberos_keytab.c
+@@ -263,9 +263,15 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc)
+ krb5_keytab keytab = NULL;
+ krb5_data password;
+ krb5_kvno kvno;
+- krb5_enctype enctypes[4] = {
++ krb5_enctype enctypes[6] = {
+ ENCTYPE_DES_CBC_CRC,
+ ENCTYPE_DES_CBC_MD5,
++#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
++ ENCTYPE_AES128_CTS_HMAC_SHA1_96,
++#endif
++#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
++ ENCTYPE_AES256_CTS_HMAC_SHA1_96,
++#endif
+ ENCTYPE_ARCFOUR_HMAC,
+ 0
+ };
diff --git a/samba.spec b/samba.spec
index 4c1527c..bbd0683 100644
--- a/samba.spec
+++ b/samba.spec
@@ -1,4 +1,4 @@
-%define main_release 154
+%define main_release 155
%define samba_version 4.0.0
%define talloc_version 2.0.7
@@ -65,6 +65,9 @@ Source100: smbprint
Source200: README.dc
Source201: README.downgrade
+Patch0: samba-4.0.0rc4-request_aes_krb_keys.patch
+Patch1: samba-4.0.0rc4-add_aes_enctypes_to_krb5_conf.patch
+
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
Requires(pre): /usr/sbin/groupadd
@@ -388,6 +391,9 @@ link against the SMB, RPC and other protocols.
%prep
%setup -q -n samba-%{version}%{pre_release}
+%patch0 -p1 -b .request_aes_krb_keys
+%patch1 -p1 -b .add_aes_enctypes_to_krb5_conf
+
%build
%global _talloc_lib ,talloc,pytalloc,pytalloc-util
%global _tevent_lib ,tevent,pytevent
@@ -1273,6 +1279,9 @@ rm -rf %{buildroot}
%endif # with_libwbclient
%changelog
+* Tue Oct 16 2012 - Andreas Schneider <asn at redhat.com> - 2:4.0.0-155.rc3
+- Add back the AES patches which didn't make it in rc3.
+
* Tue Oct 16 2012 - Andreas Schneider <asn at redhat.com> - 2:4.0.0-154.rc3
- Update to 4.0.0rc3.
- resolves: #805562 - Unable to share print queues.
More information about the scm-commits
mailing list