diff options
author | Günther Deschner <gd@samba.org> | 2014-04-29 18:14:05 +0200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2014-08-08 06:02:34 +0200 |
commit | 561c74666aa5342a5f819b1af821032fdf1f362b (patch) | |
tree | 0b1d0ace9da78ff6255277a8f00c1ee6c4bb3197 /lib | |
parent | 38d454eb44fc695f643a0396ececf8e6a7710454 (diff) | |
download | samba-561c74666aa5342a5f819b1af821032fdf1f362b.tar.gz |
lib/krb5_wrap: add smb_krb5_get_allowed_weak_crypto().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/krb5_wrap/krb5_samba.c | 53 | ||||
-rw-r--r-- | lib/krb5_wrap/krb5_samba.h | 2 |
2 files changed, 55 insertions, 0 deletions
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index df0db67f88c..84a62a69061 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -2405,6 +2405,59 @@ char *smb_get_krb5_error_message(krb5_context context, return ret; } + +/** +* @brief Return the kerberos library setting for "libdefaults:allow_weak_crypto" +* +* @param context The krb5_context +* +* @return krb5_boolean +* +* Function returns true if weak crypto is allowd, false if not +*/ + +krb5_boolean smb_krb5_get_allowed_weak_crypto(krb5_context context) +#if defined(HAVE_KRB5_CONFIG_GET_BOOL_DEFAULT) +{ + return krb5_config_get_bool_default(context, + NULL, + FALSE, + "libdefaults", + "allow_weak_crypto", + NULL); +} +#elif defined(HAVE_PROFILE_H) && defined(HAVE_KRB5_GET_PROFILE) +{ +#include <profile.h> + krb5_error_code ret; + krb5_boolean ret_default = false; + profile_t profile; + int ret_profile; + + ret = krb5_get_profile(context, + &profile); + if (ret) { + return ret_default; + } + + ret = profile_get_boolean(profile, + "libdefaults", + "allow_weak_crypto", + NULL, /* subsubname */ + ret_default, /* def_val */ + &ret_profile /* *ret_default */); + if (ret) { + return ret_default; + } + + profile_release(profile); + + return ret_profile; +} +#else +#error UNKNOWN_KRB5_CONFIG_ROUTINES +#endif + #else /* HAVE_KRB5 */ /* this saves a few linking headaches */ int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx, diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h index 0977f8e06ea..ee06f556e3d 100644 --- a/lib/krb5_wrap/krb5_samba.h +++ b/lib/krb5_wrap/krb5_samba.h @@ -306,6 +306,8 @@ int smb_krb5_create_key_from_string(krb5_context context, krb5_enctype enctype, krb5_keyblock *key); +krb5_boolean smb_krb5_get_allowed_weak_crypto(krb5_context context); + #endif /* HAVE_KRB5 */ int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx, |