git.samba.org / idra / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cbbe4e8)
r7988: Store the KVNO for the machine account, and set it up in the provision.
authorAndrew Bartlett <abartlet@samba.org>
Wed, 29 Jun 2005 02:28:57 +0000 (02:28 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 18:18:56 +0000 (13:18 -0500)
Andrew Bartlett
(This used to be commit 90e94a4630c24282cd93ee05e258877b38e24a57)

source4/include/credentials.h patch | blob | history
source4/lib/credentials.c patch | blob | history
source4/setup/provision.ldif patch | blob | history
source4/setup/secrets.ldif patch | blob | history

diff --git a/source4/include/credentials.h b/source4/include/credentials.h
index 511b775795ad32066772d6285e166a5416247022..58cc4767ad4e9bdb693395c283d1e01fe9dfcd4f 100644 (file)
--- a/source4/include/credentials.h
+++ b/source4/include/credentials.h
@@ -58,6 +58,7 @@ struct cli_credentials {
 
        struct creds_CredentialState *netlogon_creds;
        enum netr_SchannelType secure_channel_type;
+       int kvno;
 
        /* We are flagged to get machine account details from the
         * secrets.ldb when we are asked for a username or password */
diff --git a/source4/lib/credentials.c b/source4/lib/credentials.c
index aaaa2cf05dc9b3e5a72312acdf9c2ec992e01330..58a1b8c0e33f518e8c605d9d5729ac552a085090 100644 (file)
--- a/source4/lib/credentials.c
+++ b/source4/lib/credentials.c
@@ -504,6 +504,7 @@ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred)
                "realm",
                "secureChannelType",
                "ntPwdHash",
+               "msDS-KeyVersionNumber",
                NULL
        };
        
@@ -594,6 +595,8 @@ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred)
                cli_credentials_set_password(cred, password, CRED_SPECIFIED);
        }
 
+       cli_credentials_set_kvno(cred, ldb_msg_find_int(msgs[0], "msDS-KeyVersionNumber", 0));
+       
        talloc_free(mem_ctx);
        
        return NT_STATUS_OK;
@@ -651,6 +654,25 @@ enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_creden
        return cred->secure_channel_type;
 }
 
+/** 
+ * Set Kerberos KVNO
+ */
+
+void cli_credentials_set_kvno(struct cli_credentials *cred,
+                             int kvno)
+{
+       cred->kvno = kvno;
+}
+
+/**
+ * Return Kerberos KVNO
+ */
+
+int cli_credentials_get_kvno(struct cli_credentials *cred)
+{
+       return cred->kvno;
+}
+
 /**
  * Fill in a credentials structure as the anonymous user
  */
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index c3968495e478cfa70d88153fe90580cd68df2e18..8ff93dde8006950e2b01b5ce63ae10673429c5e4 100644 (file)
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -617,6 +617,7 @@ isCriticalSystemObject: TRUE
 unicodePwd: ${JOINPASS}
 servicePrincipalName: HOST/${DNSNAME}
 servicePrincipalName: HOST/${NETBIOSNAME}
+msDS-KeyVersionNumber: 1
 
 dn: CN=krbtgt,CN=Users,${BASEDN}
 objectClass: top
diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif
index 69360f6bf26ed34fa644a0b56f233f39260da6ef..15005163dcec3c707a61aa90959f11ef6cf2b25d 100644 (file)
--- a/source4/setup/secrets.ldif
+++ b/source4/setup/secrets.ldif
@@ -28,4 +28,4 @@ secureChannelType: 6
 sAMAccountName: ${NETBIOSNAME}$
 whenCreated: ${LDAPTIME}
 whenChanged: ${LDAPTIME}
-
+msDS-KeyVersionNumber: 1
Work In Progress