From b7f0c64514a28cfb5d2cdee683c18943b97ea753 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 1 Apr 2019 16:39:45 +0200
Subject: [PATCH] s3:libnet: Use more secure name for the JOIN krb5.conf

Currently we create krb5.conf..JOIN, use krb5.conf._JOIN_ instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 source3/libnet/libnet_join.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index ddc00f7ad7c..e052306523d 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -2598,12 +2598,14 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
 		}
 
 		/* The domain parameter is only used as modifier
-		 * to krb5.conf file name. .JOIN is is not a valid
+		 * to krb5.conf file name. _JOIN_ is is not a valid
 		 * NetBIOS name so it cannot clash with another domain
 		 * -- Uri.
 		 */
-		create_local_private_krb5_conf_for_domain(
-		    pre_connect_realm, ".JOIN", sitename, &ss);
+		create_local_private_krb5_conf_for_domain(pre_connect_realm,
+							  "_JOIN_",
+							  sitename,
+							  &ss);
 	}
 
 	status = libnet_join_lookup_dc_rpc(mem_ctx, r, &cli);
-- 
2.34.1