s3:libnet:libnet_join: define list of desired encryption types only once.

author Günther Deschner <gd@samba.org>

Fri, 11 Mar 2016 15:04:52 +0000 (16:04 +0100)

committer Stefan Metzmacher <metze@samba.org>

Mon, 14 Mar 2016 15:19:23 +0000 (16:19 +0100)
author Günther Deschner <gd@samba.org>
Fri, 11 Mar 2016 15:04:52 +0000 (16:04 +0100)
committer Stefan Metzmacher <metze@samba.org>
Mon, 14 Mar 2016 15:19:23 +0000 (16:19 +0100)
diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h

index 1399f41fbf7eab1daee76a9640e24974ad6b0b08..425c352476c7e8d99d7287da3fef89b7208f978a 100644 (file)
--- a/source3/libads/ads_proto.h
+++ b/source3/libads/ads_proto.h
@@ -97,8 +97,10 @@ ADS_STATUS ads_get_service_principal_names(TALLOC_CTX *mem_ctx,
  ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machine_name);
  ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_name,
                                            const char *my_fqdn, const char *spn);
-ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, const char *machine_name,
-                                   const char *org_unit);
+ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads,
+                                  const char *machine_name,
+                                  const char *org_unit,
+                                  uint32_t etype_list);
  ADS_STATUS ads_move_machine_acct(ADS_STRUCT *ads, const char *machine_name,
                                   const char *org_unit, bool *moved);
  int ads_count_replies(ADS_STRUCT *ads, void *res);
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c

index 10cdae49d0cdd9ffdddee7f280f2909e6d61621d..86191a12783bfb7753db7bce71d5beb8be43d560 100644 (file)
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -2077,8 +2077,10 @@ ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_n
   * @return 0 upon success, or non-zero otherwise
  **/
  
-ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, const char *machine_name, 
-                                   const char *org_unit)
+ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads,
+                                  const char *machine_name,
+                                  const char *org_unit,
+                                  uint32_t etype_list)
  {
         ADS_STATUS ret;
         char *samAccountName, *controlstr;
@@ -2130,16 +2132,8 @@ ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, const char *machine_name,
         ads_mod_str(ctx, &mods, "userAccountControl", controlstr);
  
         if (func_level >= DS_DOMAIN_FUNCTION_2008) {
-               uint32_t etype_list = ENC_CRC32 | ENC_RSA_MD5 | ENC_RC4_HMAC_MD5;
                 const char *etype_list_str;
  
-#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
-               etype_list |= ENC_HMAC_SHA1_96_AES128;
-#endif
-#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
-               etype_list |= ENC_HMAC_SHA1_96_AES256;
-#endif
-
                 etype_list_str = talloc_asprintf(ctx, "%d", (int)etype_list);
                 if (etype_list_str == NULL) {
                         goto done;
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c

index 6b9be5e153d753e37999b29019c83abfa610f2f1..c72172ad97b223b384804dc21ae9f7d2b2549966 100644 (file)
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -318,7 +318,8 @@ static ADS_STATUS libnet_join_precreate_machine_acct(TALLOC_CTX *mem_ctx,
  
         status = ads_create_machine_acct(r->in.ads,
                                          r->in.machine_name,
-                                        r->in.account_ou);
+                                        r->in.account_ou,
+                                        r->in.desired_encryption_types);
  
         if (ADS_ERR_OK(status)) {
                 DEBUG(1,("machine account creation created\n"));
@@ -684,17 +685,10 @@ static ADS_STATUS libnet_join_set_etypes(TALLOC_CTX *mem_ctx,
  {
         ADS_STATUS status;
         ADS_MODLIST mods;
-       uint32_t etype_list = ENC_CRC32 | ENC_RSA_MD5 | ENC_RC4_HMAC_MD5;
         const char *etype_list_str;
  
-#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
-       etype_list |= ENC_HMAC_SHA1_96_AES128;
-#endif
-#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
-       etype_list |= ENC_HMAC_SHA1_96_AES256;
-#endif
-
-       etype_list_str = talloc_asprintf(mem_ctx, "%d", etype_list);
+       etype_list_str = talloc_asprintf(mem_ctx, "%d",
+                                        r->in.desired_encryption_types);
         if (!etype_list_str) {
                 return ADS_ERROR(LDAP_NO_MEMORY);
         }
@@ -2135,6 +2129,16 @@ WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx,
  
         ctx->in.secure_channel_type = SEC_CHAN_WKSTA;
  
+       ctx->in.desired_encryption_types = ENC_CRC32 |
+                                          ENC_RSA_MD5 |
+                                          ENC_RC4_HMAC_MD5;
+#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
+       ctx->in.desired_encryption_types |= ENC_HMAC_SHA1_96_AES128;
+#endif
+#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
+       ctx->in.desired_encryption_types |= ENC_HMAC_SHA1_96_AES256;
+#endif
+
         *r = ctx;
  
         return WERR_OK;
author	Günther Deschner <gd@samba.org>
	Fri, 11 Mar 2016 15:04:52 +0000 (16:04 +0100)
committer	Stefan Metzmacher <metze@samba.org>
	Mon, 14 Mar 2016 15:19:23 +0000 (16:19 +0100)
source3/libads/ads_proto.h		patch \| blob \| history
source3/libads/ldap.c		patch \| blob \| history
source3/libnet/libnet_join.c		patch \| blob \| history