ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machine_name);
ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_name,
const char *my_fqdn, const char *spn);
-ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, const char *machine_name,
- const char *org_unit);
+ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads,
+ const char *machine_name,
+ const char *org_unit,
+ uint32_t etype_list);
ADS_STATUS ads_move_machine_acct(ADS_STRUCT *ads, const char *machine_name,
const char *org_unit, bool *moved);
int ads_count_replies(ADS_STRUCT *ads, void *res);
* @return 0 upon success, or non-zero otherwise
**/
-ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, const char *machine_name,
- const char *org_unit)
+ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads,
+ const char *machine_name,
+ const char *org_unit,
+ uint32_t etype_list)
{
ADS_STATUS ret;
char *samAccountName, *controlstr;
ads_mod_str(ctx, &mods, "userAccountControl", controlstr);
if (func_level >= DS_DOMAIN_FUNCTION_2008) {
- uint32_t etype_list = ENC_CRC32 | ENC_RSA_MD5 | ENC_RC4_HMAC_MD5;
const char *etype_list_str;
-#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
- etype_list |= ENC_HMAC_SHA1_96_AES128;
-#endif
-#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
- etype_list |= ENC_HMAC_SHA1_96_AES256;
-#endif
-
etype_list_str = talloc_asprintf(ctx, "%d", (int)etype_list);
if (etype_list_str == NULL) {
goto done;
status = ads_create_machine_acct(r->in.ads,
r->in.machine_name,
- r->in.account_ou);
+ r->in.account_ou,
+ r->in.desired_encryption_types);
if (ADS_ERR_OK(status)) {
DEBUG(1,("machine account creation created\n"));
{
ADS_STATUS status;
ADS_MODLIST mods;
- uint32_t etype_list = ENC_CRC32 | ENC_RSA_MD5 | ENC_RC4_HMAC_MD5;
const char *etype_list_str;
-#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
- etype_list |= ENC_HMAC_SHA1_96_AES128;
-#endif
-#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
- etype_list |= ENC_HMAC_SHA1_96_AES256;
-#endif
-
- etype_list_str = talloc_asprintf(mem_ctx, "%d", etype_list);
+ etype_list_str = talloc_asprintf(mem_ctx, "%d",
+ r->in.desired_encryption_types);
if (!etype_list_str) {
return ADS_ERROR(LDAP_NO_MEMORY);
}
ctx->in.secure_channel_type = SEC_CHAN_WKSTA;
+ ctx->in.desired_encryption_types = ENC_CRC32 |
+ ENC_RSA_MD5 |
+ ENC_RC4_HMAC_MD5;
+#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
+ ctx->in.desired_encryption_types |= ENC_HMAC_SHA1_96_AES128;
+#endif
+#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
+ ctx->in.desired_encryption_types |= ENC_HMAC_SHA1_96_AES256;
+#endif
+
*r = ctx;
return WERR_OK;