diff options
author | Stefan Metzmacher <metze@samba.org> | 2016-01-22 09:57:04 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2016-02-26 11:30:03 +0100 |
commit | 0c74d62524db376b6a3fac00c688be0cdffcaa80 (patch) | |
tree | a3eaab64ce3216b1f0a7d2106e28bd1eef46cff3 /source3/libads/ldap.c | |
parent | 00f7d1830436f942b2f748f44fc38d35f2d1c8ee (diff) | |
download | samba-0c74d62524db376b6a3fac00c688be0cdffcaa80.tar.gz |
s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add
We may not have the permission to modify the object after creation.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11755
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bj@sernet.de>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Feb 26 11:30:03 CET 2016 on sn-devel-144
Diffstat (limited to 'source3/libads/ldap.c')
-rw-r--r-- | source3/libads/ldap.c | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 2c52e326d3e..322e7ab119f 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -29,6 +29,7 @@ #include "../libds/common/flags.h" #include "smbldap.h" #include "../libcli/security/security.h" +#include "../librpc/gen_ndr/netlogon.h" #include "lib/param/loadparm.h" #ifdef HAVE_LDAP @@ -2211,6 +2212,12 @@ ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, const char *machine_name, uint32_t acct_control = ( UF_WORKSTATION_TRUST_ACCOUNT |\ UF_DONT_EXPIRE_PASSWD |\ UF_ACCOUNTDISABLE ); + uint32_t func_level = 0; + + ret = ads_domain_func_level(ads, &func_level); + if (!ADS_ERR_OK(ret)) { + return ret; + } if (!(ctx = talloc_init("ads_add_machine_acct"))) return ADS_ERROR(LDAP_NO_MEMORY); @@ -2242,6 +2249,25 @@ ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, const char *machine_name, ads_mod_strlist(ctx, &mods, "objectClass", objectClass); ads_mod_str(ctx, &mods, "userAccountControl", controlstr); + if (func_level >= DS_DOMAIN_FUNCTION_2008) { + uint32_t etype_list = ENC_CRC32 | ENC_RSA_MD5 | ENC_RC4_HMAC_MD5; + const char *etype_list_str; + +#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96 + etype_list |= ENC_HMAC_SHA1_96_AES128; +#endif +#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96 + etype_list |= ENC_HMAC_SHA1_96_AES256; +#endif + + etype_list_str = talloc_asprintf(ctx, "%d", (int)etype_list); + if (etype_list_str == NULL) { + goto done; + } + ads_mod_str(ctx, &mods, "msDS-SupportedEncryptionTypes", + etype_list_str); + } + ret = ads_gen_add(ads, new_dn, mods); done: |