summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/cldap_server/netlogon.c4
-rw-r--r--source4/dsdb/common/util.c16
-rw-r--r--source4/dsdb/samdb/ldb_modules/descriptor.c8
-rw-r--r--source4/dsdb/samdb/ldb_modules/password_hash.c6
-rw-r--r--source4/dsdb/samdb/ldb_modules/rootdse.c5
5 files changed, 21 insertions, 18 deletions
diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c
index c565f2fb1a..049b0085b3 100644
--- a/source4/cldap_server/netlogon.c
+++ b/source4/cldap_server/netlogon.c
@@ -215,10 +215,8 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
#endif
if (samdb_is_pdc(sam_ctx)) {
- int *domainFunctionality;
server_type |= DS_SERVER_PDC;
- domainFunctionality = talloc_get_type(ldb_get_opaque(sam_ctx, "domainFunctionality"), int);
- if (domainFunctionality && *domainFunctionality >= DS_DOMAIN_FUNCTION_2008) {
+ if (dsdb_functional_level(sam_ctx) >= DS_DOMAIN_FUNCTION_2008) {
server_type |= DS_SERVER_FULL_SECRET_DOMAIN_6;
}
}
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index d9e03cec3e..512230f63c 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -2705,3 +2705,19 @@ const char *samdb_cn_to_lDAPDisplayName(TALLOC_CTX *mem_ctx, const char *cn)
return ret;
}
+
+/*
+ return domain functional level
+ returns DS_DOMAIN_FUNCTION_*
+ */
+int dsdb_functional_level(struct ldb_context *ldb)
+{
+ int *domainFunctionality =
+ talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int);
+ if (!domainFunctionality) {
+ DEBUG(0,(__location__ ": WARNING: domainFunctionality not setup\n"));
+ return DS_DOMAIN_FUNCTION_2000;
+ }
+ return *domainFunctionality;
+}
+
diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c
index da80ee540e..03cb1ff3e3 100644
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@@ -141,13 +141,7 @@ static struct dom_sid *get_default_group(TALLOC_CTX *mem_ctx,
struct ldb_context *ldb,
struct dom_sid *dag)
{
- int *domainFunctionality;
-
- domainFunctionality = talloc_get_type(
- ldb_get_opaque(ldb, "domainFunctionality"), int);
-
- if (*domainFunctionality
- && (*domainFunctionality >= DS_DOMAIN_FUNCTION_2008)) {
+ if (dsdb_functional_level(ldb) >= DS_DOMAIN_FUNCTION_2008) {
return dag;
}
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 8791db2bc4..4d4f500e87 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -1025,7 +1025,6 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
uint8_t zero16[16];
bool do_newer_keys = false;
bool do_cleartext = false;
- int *domainFunctionality;
ZERO_STRUCT(zero16);
ZERO_STRUCT(names);
@@ -1065,10 +1064,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
}
}
/* Per MS-SAMR 3.1.1.8.11.6 we create AES keys if our domain functionality level is 2008 or higher */
- domainFunctionality = talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int);
-
- do_newer_keys = *domainFunctionality &&
- (*domainFunctionality >= DS_DOMAIN_FUNCTION_2008);
+ do_newer_keys = (dsdb_functional_level(ldb) >= DS_DOMAIN_FUNCTION_2008);
if (io->domain->store_cleartext &&
(io->u.user_account_control & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)) {
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index 661060d755..045b507ffd 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -322,10 +322,9 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms
}
}
- if (priv && do_attribute(attrs, "domainFunctionality")
- && (val = talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int))) {
+ if (priv && do_attribute(attrs, "domainFunctionality")) {
if (ldb_msg_add_fmt(msg, "domainFunctionality",
- "%d", *val) != 0) {
+ "%d", dsdb_functional_level(ldb)) != 0) {
goto failed;
}
}