diff options
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/libads/ads_proto.h | 6 | ||||
| -rw-r--r-- | source3/libads/ldap.c | 14 | ||||
| -rw-r--r-- | source3/libnet/libnet_join.c | 24 |
3 files changed, 22 insertions, 22 deletions
diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h index 1399f41fbf7..425c352476c 100644 --- a/source3/libads/ads_proto.h +++ b/source3/libads/ads_proto.h @@ -97,8 +97,10 @@ ADS_STATUS ads_get_service_principal_names(TALLOC_CTX *mem_ctx, ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machine_name); ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_name, const char *my_fqdn, const char *spn); -ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, const char *machine_name, - const char *org_unit); +ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, + const char *machine_name, + const char *org_unit, + uint32_t etype_list); ADS_STATUS ads_move_machine_acct(ADS_STRUCT *ads, const char *machine_name, const char *org_unit, bool *moved); int ads_count_replies(ADS_STRUCT *ads, void *res); diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 10cdae49d0c..86191a12783 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -2077,8 +2077,10 @@ ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_n * @return 0 upon success, or non-zero otherwise **/ -ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, const char *machine_name, - const char *org_unit) +ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, + const char *machine_name, + const char *org_unit, + uint32_t etype_list) { ADS_STATUS ret; char *samAccountName, *controlstr; @@ -2130,16 +2132,8 @@ ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, const char *machine_name, ads_mod_str(ctx, &mods, "userAccountControl", controlstr); if (func_level >= DS_DOMAIN_FUNCTION_2008) { - uint32_t etype_list = ENC_CRC32 | ENC_RSA_MD5 | ENC_RC4_HMAC_MD5; const char *etype_list_str; -#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96 - etype_list |= ENC_HMAC_SHA1_96_AES128; -#endif -#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96 - etype_list |= ENC_HMAC_SHA1_96_AES256; -#endif - etype_list_str = talloc_asprintf(ctx, "%d", (int)etype_list); if (etype_list_str == NULL) { goto done; diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 6b9be5e153d..c72172ad97b 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -318,7 +318,8 @@ static ADS_STATUS libnet_join_precreate_machine_acct(TALLOC_CTX *mem_ctx, status = ads_create_machine_acct(r->in.ads, r->in.machine_name, - r->in.account_ou); + r->in.account_ou, + r->in.desired_encryption_types); if (ADS_ERR_OK(status)) { DEBUG(1,("machine account creation created\n")); @@ -684,17 +685,10 @@ static ADS_STATUS libnet_join_set_etypes(TALLOC_CTX *mem_ctx, { ADS_STATUS status; ADS_MODLIST mods; - uint32_t etype_list = ENC_CRC32 | ENC_RSA_MD5 | ENC_RC4_HMAC_MD5; const char *etype_list_str; -#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96 - etype_list |= ENC_HMAC_SHA1_96_AES128; -#endif -#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96 - etype_list |= ENC_HMAC_SHA1_96_AES256; -#endif - - etype_list_str = talloc_asprintf(mem_ctx, "%d", etype_list); + etype_list_str = talloc_asprintf(mem_ctx, "%d", + r->in.desired_encryption_types); if (!etype_list_str) { return ADS_ERROR(LDAP_NO_MEMORY); } @@ -2135,6 +2129,16 @@ WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx, ctx->in.secure_channel_type = SEC_CHAN_WKSTA; + ctx->in.desired_encryption_types = ENC_CRC32 | + ENC_RSA_MD5 | + ENC_RC4_HMAC_MD5; +#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96 + ctx->in.desired_encryption_types |= ENC_HMAC_SHA1_96_AES128; +#endif +#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96 + ctx->in.desired_encryption_types |= ENC_HMAC_SHA1_96_AES256; +#endif + *r = ctx; return WERR_OK; |