credentials: Set secure_channel_type from secrets.tdb in cli_credentials_set_machine_...

This should ensure more parts of the source4 code can work with a
password set in secrets.tdb.

Andrew Bartlett

Change-Id: I4a890a719246b073898333d2e04841904c6e1a5d
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit adb3eb79ea828b6e6e1858c3d1b8b5ffe868f8ed)

diff --git a/auth/credentials/credentials_secrets.c b/auth/credentials/credentials_secrets.c
index 625ce2028388d7b389474fe85b91189ec828a0a7..4f2aeb585c08bd53657ebe945deebf82ebd4e804 100644 (file)
--- a/auth/credentials/credentials_secrets.c
+++ b/auth/credentials/credentials_secrets.c
@@ -239,6 +239,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
        time_t secrets_tdb_lct = 0;
        char *secrets_tdb_password = NULL;
        char *secrets_tdb_old_password = NULL;
+       uint32_t secrets_tdb_secure_channel_type = SEC_CHAN_NULL;
        char *keystr;
        char *keystr_upper = NULL;
        char *secrets_tdb;
@@ -287,6 +288,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
                if (NT_STATUS_IS_OK(status)) {
                        secrets_tdb_password = (char *)dbuf.dptr;
                }
+
                keystr = talloc_asprintf(tmp_ctx, "%s/%s",
                                         SECRETS_MACHINE_PASSWORD_PREV,
                                         domain);
@@ -296,6 +298,16 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
                if (NT_STATUS_IS_OK(status)) {
                        secrets_tdb_old_password = (char *)dbuf.dptr;
                }
+
+               keystr = talloc_asprintf(tmp_ctx, "%s/%s",
+                                        SECRETS_MACHINE_SEC_CHANNEL_TYPE,
+                                        domain);
+               keystr_upper = strupper_talloc(tmp_ctx, keystr);
+               status = dbwrap_fetch(db_ctx, tmp_ctx, string_tdb_data(keystr_upper),
+                                     &dbuf);
+               if (NT_STATUS_IS_OK(status) && dbuf.dsize == 4) {
+                       secrets_tdb_secure_channel_type = IVAL(dbuf.dptr,0);
+               }
        }
 
        filter = talloc_asprintf(cred, SECRETS_PRIMARY_DOMAIN_FILTER, 
@@ -323,6 +335,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
                cli_credentials_set_domain(cred, domain, CRED_SPECIFIED);
                cli_credentials_set_username(cred, machine_account, CRED_SPECIFIED);
                cli_credentials_set_password_last_changed_time(cred, secrets_tdb_lct);
+               cli_credentials_set_secure_channel_type(cred, secrets_tdb_secure_channel_type);
                status = NT_STATUS_OK;
        } else if (!NT_STATUS_IS_OK(status)) {
                if (db_ctx) {