From 2d42737d018ac09253f73c89a90f21dddce4fc6c Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Wed, 26 Sep 2012 18:34:57 -0400
Subject: Add support for using AES fo cross-realm TGTs

---
 ipaserver/dcerpc.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/ipaserver/dcerpc.py b/ipaserver/dcerpc.py
index 80e6b7c87..c40313a69 100644
--- a/ipaserver/dcerpc.py
+++ b/ipaserver/dcerpc.py
@@ -375,10 +375,19 @@ class TrustDomainInstance(object):
         except RuntimeError, e:
             pass
         try:
-            self._pipe.CreateTrustedDomainEx2(self._policy_handle, info, self.auth_info, security.SEC_STD_DELETE)
+            trustdom_handle = self._pipe.CreateTrustedDomainEx2(self._policy_handle, info, self.auth_info, security.SEC_STD_DELETE)
         except RuntimeError, (num, message):
             raise assess_dcerpc_exception(num=num, message=message)
 
+        try:
+            infoclass = lsa.TrustDomainInfoSupportedEncTypes()
+            infoclass.enc_types = security.KERB_ENCTYPE_RC4_HMAC_MD5
+            infoclass.enc_types |= security.KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96
+            infoclass.enc_types |= security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96
+            self._pipe.SetInformationTrustedDomain(trustdom_handle, lsa.LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES, infoclass)
+        except RuntimeError, e:
+            pass
+
     def verify_trust(self, another_domain):
         def retrieve_netlogon_info_2(domain, function_code, data):
             try:
-- 
cgit