From f62a70fe54c1b1f6172d1d3fbc8b34c03dd96b86 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 29 Jun 2005 02:28:57 +0000
Subject: [PATCH] r7988: Store the KVNO for the machine account, and set it up
 in the provision.

Andrew Bartlett
(This used to be commit 90e94a4630c24282cd93ee05e258877b38e24a57)
---
 source4/include/credentials.h |  1 +
 source4/lib/credentials.c     | 22 ++++++++++++++++++++++
 source4/setup/provision.ldif  |  1 +
 source4/setup/secrets.ldif    |  2 +-
 4 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/source4/include/credentials.h b/source4/include/credentials.h
index 511b775795a..58cc4767ad4 100644
--- a/source4/include/credentials.h
+++ b/source4/include/credentials.h
@@ -58,6 +58,7 @@ struct cli_credentials {
 
 	struct creds_CredentialState *netlogon_creds;
 	enum netr_SchannelType secure_channel_type;
+	int kvno;
 
 	/* We are flagged to get machine account details from the
 	 * secrets.ldb when we are asked for a username or password */
diff --git a/source4/lib/credentials.c b/source4/lib/credentials.c
index aaaa2cf05dc..58a1b8c0e33 100644
--- a/source4/lib/credentials.c
+++ b/source4/lib/credentials.c
@@ -504,6 +504,7 @@ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred)
 		"realm",
 		"secureChannelType",
 		"ntPwdHash",
+		"msDS-KeyVersionNumber",
 		NULL
 	};
 	
@@ -594,6 +595,8 @@ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred)
 		cli_credentials_set_password(cred, password, CRED_SPECIFIED);
 	}
 
+	cli_credentials_set_kvno(cred, ldb_msg_find_int(msgs[0], "msDS-KeyVersionNumber", 0));
+	
 	talloc_free(mem_ctx);
 	
 	return NT_STATUS_OK;
@@ -651,6 +654,25 @@ enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_creden
 	return cred->secure_channel_type;
 }
 
+/** 
+ * Set Kerberos KVNO
+ */
+
+void cli_credentials_set_kvno(struct cli_credentials *cred,
+			      int kvno)
+{
+	cred->kvno = kvno;
+}
+
+/**
+ * Return Kerberos KVNO
+ */
+
+int cli_credentials_get_kvno(struct cli_credentials *cred)
+{
+	return cred->kvno;
+}
+
 /**
  * Fill in a credentials structure as the anonymous user
  */
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index c3968495e47..8ff93dde800 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -617,6 +617,7 @@ isCriticalSystemObject: TRUE
 unicodePwd: ${JOINPASS}
 servicePrincipalName: HOST/${DNSNAME}
 servicePrincipalName: HOST/${NETBIOSNAME}
+msDS-KeyVersionNumber: 1
 
 dn: CN=krbtgt,CN=Users,${BASEDN}
 objectClass: top
diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif
index 69360f6bf26..15005163dce 100644
--- a/source4/setup/secrets.ldif
+++ b/source4/setup/secrets.ldif
@@ -28,4 +28,4 @@ secureChannelType: 6
 sAMAccountName: ${NETBIOSNAME}$
 whenCreated: ${LDAPTIME}
 whenChanged: ${LDAPTIME}
-
+msDS-KeyVersionNumber: 1
-- 
2.34.1