summaryrefslogtreecommitdiff
path: root/source3/libnet
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2016-03-11 23:15:06 +0100
committerStefan Metzmacher <metze@samba.org>2016-03-14 19:38:48 +0100
commit06aefe4b956ae8748e20ae4c730aa344e81808b6 (patch)
tree5b9f600f3a7b0f69b5a20d3caa53526293a92d0e /source3/libnet
parent5d498d1b4d9b83f179fb7b2841a19ad984eec5f8 (diff)
downloadsamba-06aefe4b956ae8748e20ae4c730aa344e81808b6.tar.gz
s3:libnet:libnet_join: update msDS-SupportedEncryptionTypes (if required) with machine creds.
Guenther BUG: https://bugzilla.samba.org/show_bug.cgi?id=11755 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Mar 14 19:38:48 CET 2016 on sn-devel-144
Diffstat (limited to 'source3/libnet')
-rw-r--r--source3/libnet/libnet_join.c59
1 files changed, 55 insertions, 4 deletions
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index ac7e3efdbde..235592c4f24 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -253,13 +253,13 @@ static ADS_STATUS libnet_join_connect_ads_user(TALLOC_CTX *mem_ctx,
/****************************************************************
****************************************************************/
-#if 0
+
static ADS_STATUS libnet_join_connect_ads_machine(TALLOC_CTX *mem_ctx,
struct libnet_JoinCtx *r)
{
return libnet_join_connect_ads(mem_ctx, r, true);
}
-#endif
+
/****************************************************************
****************************************************************/
@@ -684,7 +684,7 @@ static ADS_STATUS libnet_join_set_os_attributes(TALLOC_CTX *mem_ctx,
/****************************************************************
****************************************************************/
-#if 0
+
static ADS_STATUS libnet_join_set_etypes(TALLOC_CTX *mem_ctx,
struct libnet_JoinCtx *r)
{
@@ -731,7 +731,7 @@ static ADS_STATUS libnet_join_set_etypes(TALLOC_CTX *mem_ctx,
return ADS_SUCCESS;
}
-#endif
+
/****************************************************************
****************************************************************/
@@ -809,6 +809,7 @@ static ADS_STATUS libnet_join_post_processing_ads(TALLOC_CTX *mem_ctx,
struct libnet_JoinCtx *r)
{
ADS_STATUS status;
+ bool need_etype_update = false;
if (!r->in.ads) {
status = libnet_join_connect_ads_user(mem_ctx, r);
@@ -843,6 +844,56 @@ static ADS_STATUS libnet_join_post_processing_ads(TALLOC_CTX *mem_ctx,
return status;
}
+ status = libnet_join_find_machine_acct(mem_ctx, r);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ if (r->in.desired_encryption_types != r->out.set_encryption_types) {
+ uint32_t func_level = 0;
+
+ status = ads_domain_func_level(r->in.ads, &func_level);
+ if (!ADS_ERR_OK(status)) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "failed to query domain controller functional level: %s",
+ ads_errstr(status));
+ return status;
+ }
+
+ if (func_level >= DS_DOMAIN_FUNCTION_2008) {
+ need_etype_update = true;
+ }
+ }
+
+ if (need_etype_update) {
+ /*
+ * We need to reconnect as machine account in order
+ * to update msDS-SupportedEncryptionTypes reliable
+ */
+
+ if (r->in.ads->auth.ccache_name != NULL) {
+ ads_kdestroy(r->in.ads->auth.ccache_name);
+ }
+
+ ads_destroy(&r->in.ads);
+
+ status = libnet_join_connect_ads_machine(mem_ctx, r);
+ if (!ADS_ERR_OK(status)) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "Failed to connect as machine account: %s",
+ ads_errstr(status));
+ return status;
+ }
+
+ status = libnet_join_set_etypes(mem_ctx, r);
+ if (!ADS_ERR_OK(status)) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "failed to set machine kerberos encryption types: %s",
+ ads_errstr(status));
+ return status;
+ }
+ }
+
if (!libnet_join_derive_salting_principal(mem_ctx, r)) {
return ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
}