From 0c202e403f72ccb1c7081197e83094498fa390b0 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Sun, 13 Sep 2009 12:37:41 +0200 Subject: s4/domain behaviour flags: Fix them up in various locations Additional notes: - Bump the level to Windows Server 2008 R2 (we should support always the latest version - if we provision ourself) - In "descriptor.c" the check for the "domainFunctionality" level shouldn't be needed: ACL owner groups (not owner user) are supported since Windows 2000 Server (first AD edition) - I took the argument from: http://support.microsoft.com/kb/329194 --- source4/dsdb/samdb/ldb_modules/descriptor.c | 10 +--------- source4/dsdb/samdb/ldb_modules/password_hash.c | 3 ++- 2 files changed, 3 insertions(+), 10 deletions(-) (limited to 'source4/dsdb') diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c index a22cce76a1..2a72d32ddf 100644 --- a/source4/dsdb/samdb/ldb_modules/descriptor.c +++ b/source4/dsdb/samdb/ldb_modules/descriptor.c @@ -134,15 +134,7 @@ static struct dom_sid *get_default_group(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct dom_sid *dag) { - int *domainFunctionality; - - domainFunctionality = talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int); - - if (*domainFunctionality && (*domainFunctionality >= DS_BEHAVIOR_WIN2008)){ - return dag; - } - - return NULL; + return dag; } static DATA_BLOB *get_new_descriptor(struct ldb_module *module, diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index c7fa636aa8..a04e52469d 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1068,7 +1068,8 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) /* Per MS-SAMR 3.1.1.8.11.6 we create AES keys if our domain functionality level is 2008 or higher */ domainFunctionality = talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int); - do_newer_keys = *domainFunctionality && (*domainFunctionality >= DS_BEHAVIOR_WIN2008); + do_newer_keys = *domainFunctionality && + (*domainFunctionality >= DS_DOMAIN_FUNCTION_2008); if (io->domain->store_cleartext && (io->u.user_account_control & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)) { -- cgit