From 0c202e403f72ccb1c7081197e83094498fa390b0 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Matthias=20Dieter=20Walln=C3=B6fer?= Date: Sun, 13 Sep 2009 12:37:41 +0200 Subject: [PATCH] s4/domain behaviour flags: Fix them up in various locations Additional notes: - Bump the level to Windows Server 2008 R2 (we should support always the latest version - if we provision ourself) - In "descriptor.c" the check for the "domainFunctionality" level shouldn't be needed: ACL owner groups (not owner user) are supported since Windows 2000 Server (first AD edition) - I took the argument from: http://support.microsoft.com/kb/329194 --- source4/dsdb/samdb/ldb_modules/descriptor.c | 10 +--------- source4/dsdb/samdb/ldb_modules/password_hash.c | 3 ++- source4/libnet/libnet_become_dc.c | 2 +- source4/scripting/python/samba/provision.py | 11 ++++++----- 4 files changed, 10 insertions(+), 16 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c index a22cce76a1c..2a72d32ddfb 100644 --- a/source4/dsdb/samdb/ldb_modules/descriptor.c +++ b/source4/dsdb/samdb/ldb_modules/descriptor.c @@ -134,15 +134,7 @@ static struct dom_sid *get_default_group(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct dom_sid *dag) { - int *domainFunctionality; - - domainFunctionality = talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int); - - if (*domainFunctionality && (*domainFunctionality >= DS_BEHAVIOR_WIN2008)){ - return dag; - } - - return NULL; + return dag; } static DATA_BLOB *get_new_descriptor(struct ldb_module *module, diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index c7fa636aa80..a04e52469d5 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1068,7 +1068,8 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) /* Per MS-SAMR 3.1.1.8.11.6 we create AES keys if our domain functionality level is 2008 or higher */ domainFunctionality = talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int); - do_newer_keys = *domainFunctionality && (*domainFunctionality >= DS_BEHAVIOR_WIN2008); + do_newer_keys = *domainFunctionality && + (*domainFunctionality >= DS_DOMAIN_FUNCTION_2008); if (io->domain->store_cleartext && (io->u.user_account_control & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)) { diff --git a/source4/libnet/libnet_become_dc.c b/source4/libnet/libnet_become_dc.c index 9ba801bb6f5..94b639c5eed 100644 --- a/source4/libnet/libnet_become_dc.c +++ b/source4/libnet/libnet_become_dc.c @@ -2101,7 +2101,7 @@ static void becomeDC_drsuapi1_add_entry_send(struct libnet_BecomeDC_state *s) vd[0] = data_blob_talloc(vd, NULL, 4); if (composite_nomem(vd[0].data, c)) return; - SIVAL(vd[0].data, 0, DS_BEHAVIOR_WIN2008); + SIVAL(vd[0].data, 0, DS_DC_FUNCTION_2008_R2); vs[0].blob = &vd[0]; diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 8fef50ca37f..cbb747b64f2 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -42,8 +42,9 @@ import ldb import shutil from credentials import Credentials, DONT_USE_KERBEROS from auth import system_session, admin_session -from samba import version, Ldb, substitute_var, valid_netbios_name, check_all_substituted, \ - DS_BEHAVIOR_WIN2008 +from samba import version, Ldb, substitute_var, valid_netbios_name +from samba import check_all_substituted +from samba import DS_DOMAIN_FUNCTION_2008_R2, DS_DC_FUNCTION_2008_R2 from samba.samdb import SamDB from samba.idmap import IDmapDB from samba.dcerpc import security @@ -834,9 +835,9 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, :note: This will wipe the main SAM database file! """ - domainFunctionality = DS_BEHAVIOR_WIN2008 - forestFunctionality = DS_BEHAVIOR_WIN2008 - domainControllerFunctionality = DS_BEHAVIOR_WIN2008 + domainFunctionality = DS_DOMAIN_FUNCTION_2008_R2 + forestFunctionality = DS_DOMAIN_FUNCTION_2008_R2 + domainControllerFunctionality = DS_DC_FUNCTION_2008_R2 # Also wipes the database setup_samdb_partitions(path, setup_path, message=message, lp=lp, -- 2.34.1