if to_krbtgt:
target_creds = self.get_krbtgt_creds()
- srealm = target_creds.get_realm()
- sname = self.PrincipalName_create(
- name_type=NT_SRV_INST,
- names=[target_creds.get_username(), srealm])
+ sname = self.get_krbtgt_sname()
else:
target_creds = self.get_service_creds()
sname = None
b'tgsarmor')
armor_key = Krb5EncryptionKey(armor_key, None)
- if to_krbtgt:
- target_creds = self.get_krbtgt_creds()
-
- srealm = target_creds.get_realm()
- sname = self.PrincipalName_create(
- name_type=NT_SRV_INST,
- names=[target_creds.get_username(), srealm])
- else:
- target_enctypes = security.KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED
- target_creds = self.get_cached_creds(
- account_type=self.AccountType.COMPUTER,
- opts={
- 'supported_enctypes': target_enctypes,
- })
-
- srealm = target_creds.get_realm()
- sname = self.PrincipalName_create(
- name_type=NT_PRINCIPAL,
- names=['host', target_creds.get_username()[:-1]])
+ target_creds, sname = self.get_target(
+ to_krbtgt,
+ extra_enctypes=security.KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED)
+ srealm = target_creds.get_realm()
decryption_key = self.TicketDecryptionKey_from_creds(
target_creds)
b'tgsarmor')
armor_key = Krb5EncryptionKey(armor_key, None)
- if to_krbtgt:
- target_creds = self.get_krbtgt_creds()
-
- srealm = target_creds.get_realm()
- sname = self.PrincipalName_create(
- name_type=NT_SRV_INST,
- names=[target_creds.get_username(), srealm])
- else:
- target_enctypes = security.KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED
- target_creds = self.get_cached_creds(
- account_type=self.AccountType.COMPUTER,
- opts={
- 'supported_enctypes': target_enctypes,
- })
-
- srealm = target_creds.get_realm()
- sname = self.PrincipalName_create(
- name_type=NT_PRINCIPAL,
- names=['host', target_creds.get_username()[:-1]])
+ target_creds, sname = self.get_target(
+ to_krbtgt,
+ extra_enctypes=security.KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED)
+ srealm = target_creds.get_realm()
decryption_key = self.TicketDecryptionKey_from_creds(
target_creds)
# Get the credentials and server principal name of either the krbtgt, or a
# specially created account, with resource SID compression either supported
# or unsupported.
- def get_target(self, to_krbtgt, compression):
+ def get_target(self, to_krbtgt, compression=None, extra_enctypes=0):
if to_krbtgt:
self.assertIsNone(compression,
"it's no good specifying compression support "
opts={
'supported_enctypes':
security.KERB_ENCTYPE_RC4_HMAC_MD5 |
- security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+ security.KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 |
+ extra_enctypes,
'sid_compression_support': compression,
})
target_name = creds.get_username()
projects / thirdparty / samba.git / commitdiff
