diff options
author | Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> | 2009-09-13 12:37:41 +0200 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> | 2009-09-17 12:40:33 +0200 |
commit | 0c202e403f72ccb1c7081197e83094498fa390b0 (patch) | |
tree | fa2464fefbab77a3e7b53150348a377d3b1ebbf0 | |
parent | bfb3eaabe7f716ade5821b6bc1e176171600e2a8 (diff) | |
download | samba-0c202e403f72ccb1c7081197e83094498fa390b0.tar.gz samba-0c202e403f72ccb1c7081197e83094498fa390b0.tar.bz2 samba-0c202e403f72ccb1c7081197e83094498fa390b0.zip |
s4/domain behaviour flags: Fix them up in various locations
Additional notes:
- Bump the level to Windows Server 2008 R2 (we should support always the latest
version - if we provision ourself)
- In "descriptor.c" the check for the "domainFunctionality" level shouldn't be
needed: ACL owner groups (not owner user) are supported since Windows 2000
Server (first AD edition)
- I took the argument from: http://support.microsoft.com/kb/329194
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/descriptor.c | 10 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/password_hash.c | 3 | ||||
-rw-r--r-- | source4/libnet/libnet_become_dc.c | 2 | ||||
-rw-r--r-- | source4/scripting/python/samba/provision.py | 11 |
4 files changed, 10 insertions, 16 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c index a22cce76a1..2a72d32ddf 100644 --- a/source4/dsdb/samdb/ldb_modules/descriptor.c +++ b/source4/dsdb/samdb/ldb_modules/descriptor.c @@ -134,15 +134,7 @@ static struct dom_sid *get_default_group(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct dom_sid *dag) { - int *domainFunctionality; - - domainFunctionality = talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int); - - if (*domainFunctionality && (*domainFunctionality >= DS_BEHAVIOR_WIN2008)){ - return dag; - } - - return NULL; + return dag; } static DATA_BLOB *get_new_descriptor(struct ldb_module *module, diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index c7fa636aa8..a04e52469d 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1068,7 +1068,8 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) /* Per MS-SAMR 3.1.1.8.11.6 we create AES keys if our domain functionality level is 2008 or higher */ domainFunctionality = talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int); - do_newer_keys = *domainFunctionality && (*domainFunctionality >= DS_BEHAVIOR_WIN2008); + do_newer_keys = *domainFunctionality && + (*domainFunctionality >= DS_DOMAIN_FUNCTION_2008); if (io->domain->store_cleartext && (io->u.user_account_control & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)) { diff --git a/source4/libnet/libnet_become_dc.c b/source4/libnet/libnet_become_dc.c index 9ba801bb6f..94b639c5ee 100644 --- a/source4/libnet/libnet_become_dc.c +++ b/source4/libnet/libnet_become_dc.c @@ -2101,7 +2101,7 @@ static void becomeDC_drsuapi1_add_entry_send(struct libnet_BecomeDC_state *s) vd[0] = data_blob_talloc(vd, NULL, 4); if (composite_nomem(vd[0].data, c)) return; - SIVAL(vd[0].data, 0, DS_BEHAVIOR_WIN2008); + SIVAL(vd[0].data, 0, DS_DC_FUNCTION_2008_R2); vs[0].blob = &vd[0]; diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 8fef50ca37..cbb747b64f 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -42,8 +42,9 @@ import ldb import shutil from credentials import Credentials, DONT_USE_KERBEROS from auth import system_session, admin_session -from samba import version, Ldb, substitute_var, valid_netbios_name, check_all_substituted, \ - DS_BEHAVIOR_WIN2008 +from samba import version, Ldb, substitute_var, valid_netbios_name +from samba import check_all_substituted +from samba import DS_DOMAIN_FUNCTION_2008_R2, DS_DC_FUNCTION_2008_R2 from samba.samdb import SamDB from samba.idmap import IDmapDB from samba.dcerpc import security @@ -834,9 +835,9 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, :note: This will wipe the main SAM database file! """ - domainFunctionality = DS_BEHAVIOR_WIN2008 - forestFunctionality = DS_BEHAVIOR_WIN2008 - domainControllerFunctionality = DS_BEHAVIOR_WIN2008 + domainFunctionality = DS_DOMAIN_FUNCTION_2008_R2 + forestFunctionality = DS_DOMAIN_FUNCTION_2008_R2 + domainControllerFunctionality = DS_DC_FUNCTION_2008_R2 # Also wipes the database setup_samdb_partitions(path, setup_path, message=message, lp=lp, |