[SCM] Samba Shared Repository - branch v4-4-test updated
Karolin Seeger
kseeger at samba.org
Mon Feb 29 13:36:06 UTC 2016
The branch, v4-4-test has been updated
via 6342580 s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add
from 57bc152 VERSION: Bump version up to 4.4.0rc4...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-4-test
- Log -----------------------------------------------------------------
commit 634258004726500cc472bfffab65375606f54ea9
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jan 22 09:57:04 2016 +0100
s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add
We may not have the permission to modify the object after creation.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11755
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bj at sernet.de>
Reviewed-by: Günther Deschner <gd at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Feb 26 11:30:03 CET 2016 on sn-devel-144
Autobuild-User(v4-4-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-4-test): Mon Feb 29 14:35:08 CET 2016 on sn-devel-144
-----------------------------------------------------------------------
Summary of changes:
source3/libads/ldap.c | 26 ++++++++++++++++++
source3/libnet/libnet_join.c | 65 --------------------------------------------
2 files changed, 26 insertions(+), 65 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 1538500..9918b95 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -29,6 +29,7 @@
#include "../libds/common/flags.h"
#include "smbldap.h"
#include "../libcli/security/security.h"
+#include "../librpc/gen_ndr/netlogon.h"
#include "lib/param/loadparm.h"
#ifdef HAVE_LDAP
@@ -2211,6 +2212,12 @@ ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, const char *machine_name,
uint32_t acct_control = ( UF_WORKSTATION_TRUST_ACCOUNT |\
UF_DONT_EXPIRE_PASSWD |\
UF_ACCOUNTDISABLE );
+ uint32_t func_level = 0;
+
+ ret = ads_domain_func_level(ads, &func_level);
+ if (!ADS_ERR_OK(ret)) {
+ return ret;
+ }
if (!(ctx = talloc_init("ads_add_machine_acct")))
return ADS_ERROR(LDAP_NO_MEMORY);
@@ -2246,6 +2253,25 @@ ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, const char *machine_name,
ads_mod_strlist(ctx, &mods, "objectClass", objectClass);
ads_mod_str(ctx, &mods, "userAccountControl", controlstr);
+ if (func_level >= DS_DOMAIN_FUNCTION_2008) {
+ uint32_t etype_list = ENC_CRC32 | ENC_RSA_MD5 | ENC_RC4_HMAC_MD5;
+ const char *etype_list_str;
+
+#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
+ etype_list |= ENC_HMAC_SHA1_96_AES128;
+#endif
+#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
+ etype_list |= ENC_HMAC_SHA1_96_AES256;
+#endif
+
+ etype_list_str = talloc_asprintf(ctx, "%d", (int)etype_list);
+ if (etype_list_str == NULL) {
+ goto done;
+ }
+ ads_mod_str(ctx, &mods, "msDS-SupportedEncryptionTypes",
+ etype_list_str);
+ }
+
ret = ads_gen_add(ads, new_dn, mods);
done:
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 3e58b18..6dce03c 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -616,52 +616,6 @@ static ADS_STATUS libnet_join_set_os_attributes(TALLOC_CTX *mem_ctx,
/****************************************************************
****************************************************************/
-static ADS_STATUS libnet_join_set_etypes(TALLOC_CTX *mem_ctx,
- struct libnet_JoinCtx *r)
-{
- ADS_STATUS status;
- ADS_MODLIST mods;
- uint32_t etype_list = ENC_CRC32 | ENC_RSA_MD5 | ENC_RC4_HMAC_MD5;
- const char *etype_list_str;
-
-#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
- etype_list |= ENC_HMAC_SHA1_96_AES128;
-#endif
-#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
- etype_list |= ENC_HMAC_SHA1_96_AES256;
-#endif
-
- etype_list_str = talloc_asprintf(mem_ctx, "%d", etype_list);
- if (!etype_list_str) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- /* Find our DN */
-
- status = libnet_join_find_machine_acct(mem_ctx, r);
- if (!ADS_ERR_OK(status)) {
- return status;
- }
-
- /* now do the mods */
-
- mods = ads_init_mods(mem_ctx);
- if (!mods) {
- return ADS_ERROR(LDAP_NO_MEMORY);
- }
-
- status = ads_mod_str(mem_ctx, &mods, "msDS-SupportedEncryptionTypes",
- etype_list_str);
- if (!ADS_ERR_OK(status)) {
- return status;
- }
-
- return ads_gen_mod(r->in.ads, r->out.dn, mods);
-}
-
-/****************************************************************
-****************************************************************/
-
static bool libnet_join_create_keytab(TALLOC_CTX *mem_ctx,
struct libnet_JoinCtx *r)
{
@@ -736,7 +690,6 @@ static ADS_STATUS libnet_join_post_processing_ads(TALLOC_CTX *mem_ctx,
struct libnet_JoinCtx *r)
{
ADS_STATUS status;
- uint32_t func_level = 0;
if (!r->in.ads) {
status = libnet_join_connect_ads(mem_ctx, r);
@@ -771,24 +724,6 @@ static ADS_STATUS libnet_join_post_processing_ads(TALLOC_CTX *mem_ctx,
return status;
}
- status = ads_domain_func_level(r->in.ads, &func_level);
- if (!ADS_ERR_OK(status)) {
- libnet_join_set_error_string(mem_ctx, r,
- "failed to query domain controller functional level: %s",
- ads_errstr(status));
- return status;
- }
-
- if (func_level >= DS_DOMAIN_FUNCTION_2008) {
- status = libnet_join_set_etypes(mem_ctx, r);
- if (!ADS_ERR_OK(status)) {
- libnet_join_set_error_string(mem_ctx, r,
- "failed to set machine kerberos encryption types: %s",
- ads_errstr(status));
- return status;
- }
- }
-
if (!libnet_join_derive_salting_principal(mem_ctx, r)) {
return ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list