Windows: add krb5_enctype_enable(DES) calls
authorJeffrey Altman <jaltman@your-file-system.com>
Sat, 24 Sep 2011 15:12:09 +0000 (11:12 -0400)
committerJeffrey Altman <jaltman@openafs.org>
Sat, 1 Oct 2011 04:40:43 +0000 (21:40 -0700)
Heimdal disables DES by default.  Enable DES-CBC-CRC by
calling krb5_enctype_enable() so that the active profile
does not require

[libdefaults]
allow_weak_enctypes = 1

Change-Id: I75d7b6bd7269081c7b1fcaafe05074dcdcc9a7e0
Reviewed-on: http://gerrit.openafs.org/5501
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Tested-by: Jeffrey Altman <jaltman@openafs.org>

src/WINNT/afsd/afskfw-int.h
src/WINNT/afsd/afskfw.c
src/WINNT/aklog/aklog.c
src/WINNT/aklog/asetkey.c
src/WINNT/netidmgr_plugin/krb5common.c

index 81428f9..3213042 100644 (file)
@@ -170,4 +170,6 @@ DWORD KFW_get_default_mslsa_import(krb5_context);
 
 DWORD KFW_get_default_lifetime(krb5_context, const char *);
 
+void KFW_enable_DES(krb5_context);
+
 #endif /* AFSKFW_INT_H */
index 7bcb712..2833b61 100644 (file)
@@ -160,6 +160,8 @@ KFW_initialize(void)
 
             if ( KFW_is_available() ) {
                 char rootcell[CELL_MAXNAMELEN+1];
+
+                KFW_enable_DES(NULL);
 #ifdef USE_MS2MIT
                 KFW_import_windows_lsa();
 #endif /* USE_MS2MIT */
@@ -1084,6 +1086,27 @@ KFW_import_ccache_data(void)
         krb5_free_context(context);
 }
 
+void
+KFW_enable_DES(krb5_context alt_context)
+{
+    krb5_context context;
+    krb5_error_code code;
+
+    if ( alt_context ) {
+        context = alt_context;
+    } else {
+        code = krb5_init_context(&context);
+        if (code) goto cleanup;
+    }
+
+    if (krb5_enctype_valid(context, ETYPE_DES_CBC_CRC))
+        krb5_enctype_enable(context, ETYPE_DES_CBC_CRC);
+
+  cleanup:
+    if (context && (context != alt_context))
+        krb5_free_context(context);
+}
+
 
 int
 KFW_AFS_get_cred( char * username,
index ecfa5dd..ddc86cf 100644 (file)
@@ -1605,6 +1605,8 @@ int main(int argc, char *argv[])
         validate_krb5_availability();
         if (krb5_init_context(&context))
             return(AKLOG_KERBEROS);
+        if (krb5_enctype_valid(context, ETYPE_DES_CBC_CRC))
+            krb5_enctype_enable(context, ETYPE_DES_CBC_CRC);
     } else
         validate_krb4_availability();
     afs_set_com_err_hook(redirect_errors);
index 51b8ecf..6421525 100644 (file)
@@ -97,6 +97,7 @@ main(int argc, char **argv)
        printf("asetkey: can't initialize conf dir '%s'\n", confdir);
        exit(1);
     }
+
     if (strcmp(argv[1], "add")==0) {
        krb5_context context;
        krb5_principal principal;
@@ -110,6 +111,8 @@ main(int argc, char **argv)
        }
 
        krb5_init_context(&context);
+        if (krb5_enctype_valid(context, ETYPE_DES_CBC_CRC))
+            krb5_enctype_enable(context, ETYPE_DES_CBC_CRC);
 
        kvno = atoi(argv[2]);
        retval = krb5_parse_name(context, argv[4], &principal);
index 90dd94f..f80d92c 100644 (file)
@@ -114,6 +114,9 @@ khm_krb5_initialize(khm_handle ident,
         goto on_error;
     }
 
+    if (krb5_enctype_valid(*ctx, ETYPE_DES_CBC_CRC))
+        krb5_enctype_enable(*ctx, ETYPE_DES_CBC_CRC);
+
     if(*cache == 0) {
         wchar_t wccname[MAX_PATH];
         khm_size cbwccname;