diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2005-06-29 02:28:57 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:18:56 -0500 |
| commit | f62a70fe54c1b1f6172d1d3fbc8b34c03dd96b86 (patch) | |
| tree | 33ebd249e0d48c80b19a81840a064d9ed04bda6d | |
| parent | cbbe4e816caf6873bd340b605e8180e7c9563908 (diff) | |
| download | samba-f62a70fe54c1b1f6172d1d3fbc8b34c03dd96b86.tar.gz samba-f62a70fe54c1b1f6172d1d3fbc8b34c03dd96b86.tar.bz2 samba-f62a70fe54c1b1f6172d1d3fbc8b34c03dd96b86.zip | |
r7988: Store the KVNO for the machine account, and set it up in the provision.
Andrew Bartlett
(This used to be commit 90e94a4630c24282cd93ee05e258877b38e24a57)
| -rw-r--r-- | source4/include/credentials.h | 1 | ||||
| -rw-r--r-- | source4/lib/credentials.c | 22 | ||||
| -rw-r--r-- | source4/setup/provision.ldif | 1 | ||||
| -rw-r--r-- | source4/setup/secrets.ldif | 2 |
4 files changed, 25 insertions, 1 deletions
diff --git a/source4/include/credentials.h b/source4/include/credentials.h index 511b775795..58cc4767ad 100644 --- a/source4/include/credentials.h +++ b/source4/include/credentials.h @@ -58,6 +58,7 @@ struct cli_credentials { struct creds_CredentialState *netlogon_creds; enum netr_SchannelType secure_channel_type; + int kvno; /* We are flagged to get machine account details from the * secrets.ldb when we are asked for a username or password */ diff --git a/source4/lib/credentials.c b/source4/lib/credentials.c index aaaa2cf05d..58a1b8c0e3 100644 --- a/source4/lib/credentials.c +++ b/source4/lib/credentials.c @@ -504,6 +504,7 @@ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred) "realm", "secureChannelType", "ntPwdHash", + "msDS-KeyVersionNumber", NULL }; @@ -594,6 +595,8 @@ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred) cli_credentials_set_password(cred, password, CRED_SPECIFIED); } + cli_credentials_set_kvno(cred, ldb_msg_find_int(msgs[0], "msDS-KeyVersionNumber", 0)); + talloc_free(mem_ctx); return NT_STATUS_OK; @@ -651,6 +654,25 @@ enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_creden return cred->secure_channel_type; } +/** + * Set Kerberos KVNO + */ + +void cli_credentials_set_kvno(struct cli_credentials *cred, + int kvno) +{ + cred->kvno = kvno; +} + +/** + * Return Kerberos KVNO + */ + +int cli_credentials_get_kvno(struct cli_credentials *cred) +{ + return cred->kvno; +} + /** * Fill in a credentials structure as the anonymous user */ diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif index c3968495e4..8ff93dde80 100644 --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -617,6 +617,7 @@ isCriticalSystemObject: TRUE unicodePwd: ${JOINPASS} servicePrincipalName: HOST/${DNSNAME} servicePrincipalName: HOST/${NETBIOSNAME} +msDS-KeyVersionNumber: 1 dn: CN=krbtgt,CN=Users,${BASEDN} objectClass: top diff --git a/source4/setup/secrets.ldif b/source4/setup/secrets.ldif index 69360f6bf2..15005163dc 100644 --- a/source4/setup/secrets.ldif +++ b/source4/setup/secrets.ldif @@ -28,4 +28,4 @@ secureChannelType: 6 sAMAccountName: ${NETBIOSNAME}$ whenCreated: ${LDAPTIME} whenChanged: ${LDAPTIME} - +msDS-KeyVersionNumber: 1 |