summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/libnet/libnet_join.c55
1 files changed, 55 insertions, 0 deletions
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 454c1f29fb..d139fa04a1 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -438,6 +438,57 @@ static bool libnet_join_create_keytab(TALLOC_CTX *mem_ctx,
return true;
}
+#ifdef HAVE_LDAP
+
+/****************************************************************
+****************************************************************/
+
+static bool libnet_join_derive_salting_principal(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r)
+{
+ uint32_t domain_func;
+ ADS_STATUS status;
+ const char *salt = NULL;
+ char *std_salt = NULL;
+
+ status = ads_domain_func_level(r->in.ads, &domain_func);
+ if (!ADS_ERR_OK(status)) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "Failed to determine domain functional level!\n");
+ return false;
+ }
+
+ std_salt = kerberos_standard_des_salt();
+ if (!std_salt) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "failed to obtain standard DES salt\n");
+ return false;
+ }
+
+ salt = talloc_strdup(mem_ctx, std_salt);
+ if (!salt) {
+ return false;
+ }
+
+ SAFE_FREE(std_salt);
+
+ if (domain_func == DS_DOMAIN_FUNCTION_2000) {
+ char *upn;
+
+ upn = ads_get_upn(r->in.ads, mem_ctx,
+ r->in.machine_name);
+ if (upn) {
+ salt = talloc_strdup(mem_ctx, upn);
+ if (!salt) {
+ return false;
+ }
+ }
+ }
+
+ return kerberos_secrets_store_des_salt(salt);
+}
+#endif
+
/****************************************************************
****************************************************************/
@@ -1020,6 +1071,10 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
ads_errstr(ads_status));
return WERR_GENERAL_FAILURE;
}
+
+ if (!libnet_join_derive_salting_principal(mem_ctx, r)) {
+ return WERR_GENERAL_FAILURE;
+ }
#endif
if (!libnet_join_create_keytab(mem_ctx, r)) {
libnet_join_set_error_string(mem_ctx, r,