s3:libnet:libnet_join: fill in output enctypes and only modify when necessary.

Guenther

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11755

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 86191a12783bfb7753db7bce71d5beb8be43d560..9e2ed98805f46896c4b26656e23413ea2b5bddce 100644 (file)
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -1344,7 +1344,7 @@ char *ads_parent_dn(const char *dn)
 {
        ADS_STATUS status;
        char *expr;
-       const char *attrs[] = {"*", "nTSecurityDescriptor", NULL};
+       const char *attrs[] = {"*", "msDS-SupportedEncryptionTypes", "nTSecurityDescriptor", NULL};
 
        *res = NULL;
 

diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index c72172ad97b223b384804dc21ae9f7d2b2549966..ac7e3efdbde62e875ef90d0b96d6e623d02f4ab6 100644 (file)
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -417,6 +417,11 @@ static ADS_STATUS libnet_join_find_machine_acct(TALLOC_CTX *mem_ctx,
                goto done;
        }
 
+       if (!ads_pull_uint32(r->in.ads, res, "msDS-SupportedEncryptionTypes",
+                            &r->out.set_encryption_types)) {
+               r->out.set_encryption_types = 0;
+       }
+
  done:
        ads_msgfree(r->in.ads, res);
        TALLOC_FREE(dn);
@@ -700,6 +705,10 @@ static ADS_STATUS libnet_join_set_etypes(TALLOC_CTX *mem_ctx,
                return status;
        }
 
+       if (r->in.desired_encryption_types == r->out.set_encryption_types) {
+               return ADS_SUCCESS;
+       }
+
        /* now do the mods */
 
        mods = ads_init_mods(mem_ctx);
@@ -713,7 +722,14 @@ static ADS_STATUS libnet_join_set_etypes(TALLOC_CTX *mem_ctx,
                return status;
        }
 
-       return ads_gen_mod(r->in.ads, r->out.dn, mods);
+       status = ads_gen_mod(r->in.ads, r->out.dn, mods);
+       if (!ADS_ERR_OK(status)) {
+               return status;
+       }
+
+       r->out.set_encryption_types = r->in.desired_encryption_types;
+
+       return ADS_SUCCESS;
 }
 #endif
 /****************************************************************