summaryrefslogtreecommitdiffstats
path: root/ipaserver/dcerpc.py
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2012-09-26 18:34:57 -0400
committerMartin Kosek <mkosek@redhat.com>2012-10-17 13:55:11 +0200
commit2d42737d018ac09253f73c89a90f21dddce4fc6c (patch)
tree9efb6a8e326e9ba379d9edf84aac83832e526482 /ipaserver/dcerpc.py
parent21d893ddde06fb247093eccb409da546e0cf84d4 (diff)
downloadfreeipa-2d42737d018ac09253f73c89a90f21dddce4fc6c.tar.gz
freeipa-2d42737d018ac09253f73c89a90f21dddce4fc6c.tar.xz
freeipa-2d42737d018ac09253f73c89a90f21dddce4fc6c.zip
Add support for using AES fo cross-realm TGTs
Diffstat (limited to 'ipaserver/dcerpc.py')
-rw-r--r--ipaserver/dcerpc.py11
1 files changed, 10 insertions, 1 deletions
diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py
index 80e6b7c87..c40313a69 100644
--- a/ipaserver/dcerpc.py
+++ b/ipaserver/dcerpc.py
@@ -375,10 +375,19 @@ class TrustDomainInstance(object):
except RuntimeError, e:
pass
try:
- self._pipe.CreateTrustedDomainEx2(self._policy_handle, info, self.auth_info, security.SEC_STD_DELETE)
+ trustdom_handle = self._pipe.CreateTrustedDomainEx2(self._policy_handle, info, self.auth_info, security.SEC_STD_DELETE)
except RuntimeError, (num, message):
raise assess_dcerpc_exception(num=num, message=message)
+ try:
+ infoclass = lsa.TrustDomainInfoSupportedEncTypes()
+ infoclass.enc_types = security.KERB_ENCTYPE_RC4_HMAC_MD5
+ infoclass.enc_types |= security.KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96
+ infoclass.enc_types |= security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96
+ self._pipe.SetInformationTrustedDomain(trustdom_handle, lsa.LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES, infoclass)
+ except RuntimeError, e:
+ pass
+
def verify_trust(self, another_domain):
def retrieve_netlogon_info_2(domain, function_code, data):
try:
generated by cgit (git 2.34.1) at 2024-04-25 09:56:22 +0000