summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mwallnoefer@yahoo.de>2009-09-13 12:37:41 +0200
committerMatthias Dieter Wallnöfer <mwallnoefer@yahoo.de>2009-09-17 12:40:33 +0200
commit0c202e403f72ccb1c7081197e83094498fa390b0 (patch)
treefa2464fefbab77a3e7b53150348a377d3b1ebbf0
parentbfb3eaabe7f716ade5821b6bc1e176171600e2a8 (diff)
downloadsamba-0c202e403f72ccb1c7081197e83094498fa390b0.tar.gz
samba-0c202e403f72ccb1c7081197e83094498fa390b0.tar.bz2
samba-0c202e403f72ccb1c7081197e83094498fa390b0.zip
s4/domain behaviour flags: Fix them up in various locations
Additional notes: - Bump the level to Windows Server 2008 R2 (we should support always the latest version - if we provision ourself) - In "descriptor.c" the check for the "domainFunctionality" level shouldn't be needed: ACL owner groups (not owner user) are supported since Windows 2000 Server (first AD edition) - I took the argument from: http://support.microsoft.com/kb/329194
-rw-r--r--source4/dsdb/samdb/ldb_modules/descriptor.c10
-rw-r--r--source4/dsdb/samdb/ldb_modules/password_hash.c3
-rw-r--r--source4/libnet/libnet_become_dc.c2
-rw-r--r--source4/scripting/python/samba/provision.py11
4 files changed, 10 insertions, 16 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index a22cce76a1..2a72d32ddf 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -134,15 +134,7 @@ static struct dom_sid *get_default_group(TALLOC_CTX *mem_ctx,
struct ldb_context *ldb,
struct dom_sid *dag)
{
- int *domainFunctionality;
-
- domainFunctionality = talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int);
-
- if (*domainFunctionality && (*domainFunctionality >= DS_BEHAVIOR_WIN2008)){
- return dag;
- }
-
- return NULL;
+ return dag;
}
static DATA_BLOB *get_new_descriptor(struct ldb_module *module,
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index c7fa636aa8..a04e52469d 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -1068,7 +1068,8 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
/* Per MS-SAMR 3.1.1.8.11.6 we create AES keys if our domain functionality level is 2008 or higher */
domainFunctionality = talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int);
- do_newer_keys = *domainFunctionality && (*domainFunctionality >= DS_BEHAVIOR_WIN2008);
+ do_newer_keys = *domainFunctionality &&
+ (*domainFunctionality >= DS_DOMAIN_FUNCTION_2008);
if (io->domain->store_cleartext &&
(io->u.user_account_control & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)) {
diff --git a/source4/libnet/libnet_become_dc.c b/source4/libnet/libnet_become_dc.c
index 9ba801bb6f..94b639c5ee 100644
--- a/source4/libnet/libnet_become_dc.c
+++ b/source4/libnet/libnet_become_dc.c
@@ -2101,7 +2101,7 @@ static void becomeDC_drsuapi1_add_entry_send(struct libnet_BecomeDC_state *s)
vd[0] = data_blob_talloc(vd, NULL, 4);
if (composite_nomem(vd[0].data, c)) return;
- SIVAL(vd[0].data, 0, DS_BEHAVIOR_WIN2008);
+ SIVAL(vd[0].data, 0, DS_DC_FUNCTION_2008_R2);
vs[0].blob = &vd[0];
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 8fef50ca37..cbb747b64f 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -42,8 +42,9 @@ import ldb
import shutil
from credentials import Credentials, DONT_USE_KERBEROS
from auth import system_session, admin_session
-from samba import version, Ldb, substitute_var, valid_netbios_name, check_all_substituted, \
- DS_BEHAVIOR_WIN2008
+from samba import version, Ldb, substitute_var, valid_netbios_name
+from samba import check_all_substituted
+from samba import DS_DOMAIN_FUNCTION_2008_R2, DS_DC_FUNCTION_2008_R2
from samba.samdb import SamDB
from samba.idmap import IDmapDB
from samba.dcerpc import security
@@ -834,9 +835,9 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
:note: This will wipe the main SAM database file!
"""
- domainFunctionality = DS_BEHAVIOR_WIN2008
- forestFunctionality = DS_BEHAVIOR_WIN2008
- domainControllerFunctionality = DS_BEHAVIOR_WIN2008
+ domainFunctionality = DS_DOMAIN_FUNCTION_2008_R2
+ forestFunctionality = DS_DOMAIN_FUNCTION_2008_R2
+ domainControllerFunctionality = DS_DC_FUNCTION_2008_R2
# Also wipes the database
setup_samdb_partitions(path, setup_path, message=message, lp=lp,