From 49df7f267808f5a61855b5e88fbabd4f86bd2800 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 23 Aug 2016 10:38:58 +0200
Subject: s3:libads: use trust_pw_new_value() for krb5 machine passwords

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(similar to commit 00136940757ea6947f97c9c92b25207d9413727b)
---
 source3/libads/util.c | 9 ++++++---
 source3/wscript_build | 2 +-
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/source3/libads/util.c b/source3/libads/util.c
index 2e22bca02e5..b0754be3f56 100644
--- a/source3/libads/util.c
+++ b/source3/libads/util.c
@@ -35,9 +35,12 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip
 		return ADS_ERROR_SYSTEM(ENOENT);
 	}
 
-	new_password = generate_random_password(talloc_tos(),
-				DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH,
-				DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
+	new_password = trust_pw_new_value(talloc_tos(), SEC_CHAN_WKSTA, SEC_ADS);
+	if (new_password == NULL) {
+		ret = ADS_ERROR_SYSTEM(errno);
+		DEBUG(1,("Failed to generate machine password\n"));
+		goto failed;
+	}
 
 	ret = kerberos_set_password(ads->auth.kdc_server, host_principal, password, host_principal, new_password, ads->auth.time_offset);
 
diff --git a/source3/wscript_build b/source3/wscript_build
index 75623dd6c38..dabe262be9d 100755
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -451,7 +451,7 @@ bld.SAMBA3_LIBRARY('ads',
                    libads/ldap_schema.c
                    libads/util.c
                    libads/ndr.c''',
-                   deps='cli-ldap-common krb5samba ldap lber KRBCLIENT param LIBNMB libsmb DCUTIL smbldap',
+                   deps='cli-ldap-common krb5samba ldap lber KRBCLIENT param LIBNMB libsmb DCUTIL smbldap trusts_util',
                    private_library=True)
 
 bld.SAMBA3_SUBSYSTEM('LIBADS_SERVER',
-- 
cgit v1.2.1