From 60c5909859e3699322023896835ea1babedad6b0 Mon Sep 17 00:00:00 2001 From: =?utf8?q?G=C3=BCnther=20Deschner?= Date: Fri, 11 Mar 2016 16:04:52 +0100 Subject: [PATCH] s3:libnet:libnet_join: define list of desired encryption types only once. Guenther BUG: https://bugzilla.samba.org/show_bug.cgi?id=11755 Signed-off-by: Guenther Deschner Reviewed-by: Stefan Metzmacher (cherry picked from commit e0da059b39f9dd5ccb74f32f965e1ced384c77eb) --- source3/libads/ads_proto.h | 6 ++++-- source3/libads/ldap.c | 14 ++++---------- source3/libnet/libnet_join.c | 24 ++++++++++++++---------- 3 files changed, 22 insertions(+), 22 deletions(-) diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h index 224d9927fe0..eb0dea9438b 100644 --- a/source3/libads/ads_proto.h +++ b/source3/libads/ads_proto.h @@ -98,8 +98,10 @@ ADS_STATUS ads_get_service_principal_names(TALLOC_CTX *mem_ctx, ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machine_name); ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_name, const char *my_fqdn, const char *spn); -ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, const char *machine_name, - const char *org_unit); +ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, + const char *machine_name, + const char *org_unit, + uint32_t etype_list); ADS_STATUS ads_move_machine_acct(ADS_STRUCT *ads, const char *machine_name, const char *org_unit, bool *moved); int ads_count_replies(ADS_STRUCT *ads, void *res); diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 664596fe8c9..8232bcc80c3 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -2211,8 +2211,10 @@ ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_n * @return 0 upon success, or non-zero otherwise **/ -ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, const char *machine_name, - const char *org_unit) +ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, + const char *machine_name, + const char *org_unit, + uint32_t etype_list) { ADS_STATUS ret; char *samAccountName, *controlstr; @@ -2268,16 +2270,8 @@ ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, const char *machine_name, ads_mod_str(ctx, &mods, "userAccountControl", controlstr); if (func_level >= DS_DOMAIN_FUNCTION_2008) { - uint32_t etype_list = ENC_CRC32 | ENC_RSA_MD5 | ENC_RC4_HMAC_MD5; const char *etype_list_str; -#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96 - etype_list |= ENC_HMAC_SHA1_96_AES128; -#endif -#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96 - etype_list |= ENC_HMAC_SHA1_96_AES256; -#endif - etype_list_str = talloc_asprintf(ctx, "%d", (int)etype_list); if (etype_list_str == NULL) { goto done; diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 6b9be5e153d..c72172ad97b 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -318,7 +318,8 @@ static ADS_STATUS libnet_join_precreate_machine_acct(TALLOC_CTX *mem_ctx, status = ads_create_machine_acct(r->in.ads, r->in.machine_name, - r->in.account_ou); + r->in.account_ou, + r->in.desired_encryption_types); if (ADS_ERR_OK(status)) { DEBUG(1,("machine account creation created\n")); @@ -684,17 +685,10 @@ static ADS_STATUS libnet_join_set_etypes(TALLOC_CTX *mem_ctx, { ADS_STATUS status; ADS_MODLIST mods; - uint32_t etype_list = ENC_CRC32 | ENC_RSA_MD5 | ENC_RC4_HMAC_MD5; const char *etype_list_str; -#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96 - etype_list |= ENC_HMAC_SHA1_96_AES128; -#endif -#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96 - etype_list |= ENC_HMAC_SHA1_96_AES256; -#endif - - etype_list_str = talloc_asprintf(mem_ctx, "%d", etype_list); + etype_list_str = talloc_asprintf(mem_ctx, "%d", + r->in.desired_encryption_types); if (!etype_list_str) { return ADS_ERROR(LDAP_NO_MEMORY); } @@ -2135,6 +2129,16 @@ WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx, ctx->in.secure_channel_type = SEC_CHAN_WKSTA; + ctx->in.desired_encryption_types = ENC_CRC32 | + ENC_RSA_MD5 | + ENC_RC4_HMAC_MD5; +#ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96 + ctx->in.desired_encryption_types |= ENC_HMAC_SHA1_96_AES128; +#endif +#ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96 + ctx->in.desired_encryption_types |= ENC_HMAC_SHA1_96_AES256; +#endif + *r = ctx; return WERR_OK; -- 2.11.4.GIT