In order to allow better upgrades we need the default value for smb.conf to the
same even if the effective default value of the software changes in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
fa64f8fa8d92167ed15d1109af65bbb4daab4bad)
[jsutton@samba.org Fixed conflicts]
</description>
-<value type="default">36<comment>equivalent to: rc4-hmac aes256-cts-hmac-sha1-96-sk</comment></value>
+<value type="default">0<comment>maps to what the software supports currently: arcfour-hmac-md5 aes256-cts-hmac-sha1-96-sk</comment></value>
</samba:parameter>
"min domain uid",
"1000");
- lpcfg_do_global_parameter(lp_ctx,
- "kdc default domain supported enctypes",
- "rc4-hmac aes256-cts-hmac-sha1-96-sk");
-
for (i = 0; parm_table[i].label; i++) {
if (!(lp_ctx->flags[i] & FLAG_CMDLINE)) {
lp_ctx->flags[i] |= FLAG_DEFAULT;
lp = self.get_lp()
self.default_supported_enctypes = lp.get(
'kdc default domain supported enctypes')
+ if self.default_supported_enctypes == 0:
+ self.default_supported_enctypes = rc4_bit | aes256_sk_bit
def _server_creds(self, supported=None, force_nt4_hash=False,
account_type=None):
from samba import net
from samba.samdb import SamDB, dsdb_Dn
+rc4_bit = security.KERB_ENCTYPE_RC4_HMAC_MD5
+aes256_sk_bit = security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96_SK
+
from samba.tests import delete_force
import samba.tests.krb5.kcrypto as kcrypto
from samba.tests.krb5.raw_testcase import (
if supported_enctypes is None:
lp = self.get_lp()
supported_enctypes = lp.get('kdc default domain supported enctypes')
-
+ if supported_enctypes == 0:
+ supported_enctypes = rc4_bit | aes256_sk_bit
supported_enctypes = int(supported_enctypes)
if extra_bits is not None:
Globals.min_domain_uid = 1000;
- Globals.kdc_default_domain_supported_enctypes =
- KERB_ENCTYPE_RC4_HMAC_MD5 | KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96_SK;
-
/* Now put back the settings that were set with lp_set_cmdline() */
apply_lp_set_cmdline();
}
bool force_rc4 = lpcfg_kdc_force_enable_rc4_weak_session_keys(lp_ctx);
struct ldb_message_element *objectclasses;
struct ldb_val computer_val;
- uint32_t default_supported_enctypes = lpcfg_kdc_default_domain_supported_enctypes(lp_ctx);
+ uint32_t config_default_supported_enctypes = lpcfg_kdc_default_domain_supported_enctypes(lp_ctx);
+ uint32_t default_supported_enctypes =
+ config_default_supported_enctypes != 0 ?
+ config_default_supported_enctypes :
+ ENC_RC4_HMAC_MD5 | ENC_HMAC_SHA1_96_AES256_SK;
uint32_t supported_enctypes
= ldb_msg_find_attr_as_uint(msg,
"msDS-SupportedEncryptionTypes",