From ba922343dbfbdcc9a43e540051853c7877b21de1 Mon Sep 17 00:00:00 2001
From: =?utf8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Tue, 8 Jan 2008 18:59:57 +0100
Subject: [PATCH] Add libnet_join_derive_salting_principal().

Guenther
(This used to be commit 95129a28cfa57d8e5bd767b92f065abd1d32a569)
---
 source3/libnet/libnet_join.c | 55 ++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 454c1f29fb5..d139fa04a15 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -438,6 +438,57 @@ static bool libnet_join_create_keytab(TALLOC_CTX *mem_ctx,
 	return true;
 }
 
+#ifdef HAVE_LDAP
+
+/****************************************************************
+****************************************************************/
+
+static bool libnet_join_derive_salting_principal(TALLOC_CTX *mem_ctx,
+						 struct libnet_JoinCtx *r)
+{
+	uint32_t domain_func;
+	ADS_STATUS status;
+	const char *salt = NULL;
+	char *std_salt = NULL;
+
+	status = ads_domain_func_level(r->in.ads, &domain_func);
+	if (!ADS_ERR_OK(status)) {
+		libnet_join_set_error_string(mem_ctx, r,
+			"Failed to determine domain functional level!\n");
+		return false;
+	}
+
+	std_salt = kerberos_standard_des_salt();
+	if (!std_salt) {
+		libnet_join_set_error_string(mem_ctx, r,
+			"failed to obtain standard DES salt\n");
+		return false;
+	}
+
+	salt = talloc_strdup(mem_ctx, std_salt);
+	if (!salt) {
+		return false;
+	}
+
+	SAFE_FREE(std_salt);
+
+	if (domain_func == DS_DOMAIN_FUNCTION_2000) {
+		char *upn;
+
+		upn = ads_get_upn(r->in.ads, mem_ctx,
+				  r->in.machine_name);
+		if (upn) {
+			salt = talloc_strdup(mem_ctx, upn);
+			if (!salt) {
+				return false;
+			}
+		}
+	}
+
+	return kerberos_secrets_store_des_salt(salt);
+}
+#endif
+
 /****************************************************************
 ****************************************************************/
 
@@ -1020,6 +1071,10 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
 			ads_errstr(ads_status));
 		return WERR_GENERAL_FAILURE;
 	}
+
+	if (!libnet_join_derive_salting_principal(mem_ctx, r)) {
+		return WERR_GENERAL_FAILURE;
+	}
 #endif
 	if (!libnet_join_create_keytab(mem_ctx, r)) {
 		libnet_join_set_error_string(mem_ctx, r,
-- 
2.34.1