From: Jo Sutton <josutton@catalyst.net.nz>
Date: Tue, 23 Apr 2024 01:13:20 +0000 (+1200)
Subject: s4:auth: Export AES128 gMSA keys along with AES256 keys by default
X-Git-Tag: tdb-1.4.11~925
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=786eab65cefac69dfd38646437720f33994f8f47;p=thirdparty%2Fsamba.git

s4:auth: Export AES128 gMSA keys along with AES256 keys by default

This is what an existing test expects.

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/selftest/knownfail.d/gmsa b/selftest/knownfail.d/gmsa
deleted file mode 100644
index 7a126d6cc22..00000000000
--- a/selftest/knownfail.d/gmsa
+++ /dev/null
@@ -1 +0,0 @@
-^samba.tests.dckeytab.samba.tests.dckeytab.DCKeytabTests.test_export_keytab_gmsa
diff --git a/source4/auth/kerberos/srv_keytab.c b/source4/auth/kerberos/srv_keytab.c
index 4d5306d9002..a2f0d172e02 100644
--- a/source4/auth/kerberos/srv_keytab.c
+++ b/source4/auth/kerberos/srv_keytab.c
@@ -350,7 +350,7 @@ NTSTATUS smb_krb5_fill_keytab_gmsa_keys(TALLOC_CTX *mem_ctx,
 
 	supported_enctypes = ldb_msg_find_attr_as_uint(msg,
 						       "msDS-SupportedEncryptionTypes",
-						       ENC_HMAC_SHA1_96_AES256);
+						       ENC_STRONG_SALTED_TYPES);
 	/*
 	 * We trim this down to just the salted AES types, as the
 	 * passwords are now wrong for rc4-hmac due to the mapping of