diff options
Diffstat (limited to 'source4')
-rw-r--r-- | source4/cldap_server/netlogon.c | 4 | ||||
-rw-r--r-- | source4/dsdb/common/util.c | 16 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/descriptor.c | 8 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/password_hash.c | 6 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/rootdse.c | 5 |
5 files changed, 21 insertions, 18 deletions
diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index c565f2fb1a..049b0085b3 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -215,10 +215,8 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, #endif if (samdb_is_pdc(sam_ctx)) { - int *domainFunctionality; server_type |= DS_SERVER_PDC; - domainFunctionality = talloc_get_type(ldb_get_opaque(sam_ctx, "domainFunctionality"), int); - if (domainFunctionality && *domainFunctionality >= DS_DOMAIN_FUNCTION_2008) { + if (dsdb_functional_level(sam_ctx) >= DS_DOMAIN_FUNCTION_2008) { server_type |= DS_SERVER_FULL_SECRET_DOMAIN_6; } } diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index d9e03cec3e..512230f63c 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -2705,3 +2705,19 @@ const char *samdb_cn_to_lDAPDisplayName(TALLOC_CTX *mem_ctx, const char *cn) return ret; } + +/* + return domain functional level + returns DS_DOMAIN_FUNCTION_* + */ +int dsdb_functional_level(struct ldb_context *ldb) +{ + int *domainFunctionality = + talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int); + if (!domainFunctionality) { + DEBUG(0,(__location__ ": WARNING: domainFunctionality not setup\n")); + return DS_DOMAIN_FUNCTION_2000; + } + return *domainFunctionality; +} + diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c index da80ee540e..03cb1ff3e3 100644 --- a/source4/dsdb/samdb/ldb_modules/descriptor.c +++ b/source4/dsdb/samdb/ldb_modules/descriptor.c @@ -141,13 +141,7 @@ static struct dom_sid *get_default_group(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct dom_sid *dag) { - int *domainFunctionality; - - domainFunctionality = talloc_get_type( - ldb_get_opaque(ldb, "domainFunctionality"), int); - - if (*domainFunctionality - && (*domainFunctionality >= DS_DOMAIN_FUNCTION_2008)) { + if (dsdb_functional_level(ldb) >= DS_DOMAIN_FUNCTION_2008) { return dag; } diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 8791db2bc4..4d4f500e87 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1025,7 +1025,6 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) uint8_t zero16[16]; bool do_newer_keys = false; bool do_cleartext = false; - int *domainFunctionality; ZERO_STRUCT(zero16); ZERO_STRUCT(names); @@ -1065,10 +1064,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) } } /* Per MS-SAMR 3.1.1.8.11.6 we create AES keys if our domain functionality level is 2008 or higher */ - domainFunctionality = talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int); - - do_newer_keys = *domainFunctionality && - (*domainFunctionality >= DS_DOMAIN_FUNCTION_2008); + do_newer_keys = (dsdb_functional_level(ldb) >= DS_DOMAIN_FUNCTION_2008); if (io->domain->store_cleartext && (io->u.user_account_control & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)) { diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 661060d755..045b507ffd 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -322,10 +322,9 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms } } - if (priv && do_attribute(attrs, "domainFunctionality") - && (val = talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int))) { + if (priv && do_attribute(attrs, "domainFunctionality")) { if (ldb_msg_add_fmt(msg, "domainFunctionality", - "%d", *val) != 0) { + "%d", dsdb_functional_level(ldb)) != 0) { goto failed; } } |