From adb3eb79ea828b6e6e1858c3d1b8b5ffe868f8ed Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 3 Oct 2014 05:14:21 +1300 Subject: credentials: Set secure_channel_type from secrets.tdb in cli_credentials_set_machine_account This should ensure more parts of the source4 code can work with a password set in secrets.tdb. Andrew Bartlett Change-Id: I4a890a719246b073898333d2e04841904c6e1a5d Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher --- auth/credentials/credentials_secrets.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/auth/credentials/credentials_secrets.c b/auth/credentials/credentials_secrets.c index 625ce20283..4f2aeb585c 100644 --- a/auth/credentials/credentials_secrets.c +++ b/auth/credentials/credentials_secrets.c @@ -239,6 +239,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr time_t secrets_tdb_lct = 0; char *secrets_tdb_password = NULL; char *secrets_tdb_old_password = NULL; + uint32_t secrets_tdb_secure_channel_type = SEC_CHAN_NULL; char *keystr; char *keystr_upper = NULL; char *secrets_tdb; @@ -287,6 +288,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr if (NT_STATUS_IS_OK(status)) { secrets_tdb_password = (char *)dbuf.dptr; } + keystr = talloc_asprintf(tmp_ctx, "%s/%s", SECRETS_MACHINE_PASSWORD_PREV, domain); @@ -296,6 +298,16 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr if (NT_STATUS_IS_OK(status)) { secrets_tdb_old_password = (char *)dbuf.dptr; } + + keystr = talloc_asprintf(tmp_ctx, "%s/%s", + SECRETS_MACHINE_SEC_CHANNEL_TYPE, + domain); + keystr_upper = strupper_talloc(tmp_ctx, keystr); + status = dbwrap_fetch(db_ctx, tmp_ctx, string_tdb_data(keystr_upper), + &dbuf); + if (NT_STATUS_IS_OK(status) && dbuf.dsize == 4) { + secrets_tdb_secure_channel_type = IVAL(dbuf.dptr,0); + } } filter = talloc_asprintf(cred, SECRETS_PRIMARY_DOMAIN_FILTER, @@ -323,6 +335,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr cli_credentials_set_domain(cred, domain, CRED_SPECIFIED); cli_credentials_set_username(cred, machine_account, CRED_SPECIFIED); cli_credentials_set_password_last_changed_time(cred, secrets_tdb_lct); + cli_credentials_set_secure_channel_type(cred, secrets_tdb_secure_channel_type); status = NT_STATUS_OK; } else if (!NT_STATUS_IS_OK(status)) { if (db_ctx) { -- cgit