sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-03 04:22:09 +03:00
Code Activity

s4/domain behaviour flags: Fix them up in various locations

Browse Source 
Additional notes:
- Bump the level to Windows Server 2008 R2 (we should support always the latest
  version - if we provision ourself)
- In "descriptor.c" the check for the "domainFunctionality" level shouldn't be
  needed: ACL owner groups (not owner user) are supported since Windows 2000
  Server (first AD edition)
  - I took the argument from: http://support.microsoft.com/kb/329194
This commit is contained in:
Matthias Dieter Wallnöfer
2009-09-13 12:37:41 +02:00
parent bfb3eaabe7
commit 0c202e403f
4 changed files with 10 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
source4/dsdb/samdb/ldb_modules/descriptor.c
View File

@ -134,15 +134,7 @@ static struct dom_sid *get_default_group(TALLOC_CTX *mem_ctx,
struct ldb_context *ldb,
struct dom_sid *dag)
{
int *domainFunctionality;
domainFunctionality = talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int);
if (*domainFunctionality && (*domainFunctionality >= DS_BEHAVIOR_WIN2008)){
return dag;
}
return NULL;
return dag;
}
static DATA_BLOB *get_new_descriptor(struct ldb_module *module,

3
source4/dsdb/samdb/ldb_modules/password_hash.c
View File

@ -1068,7 +1068,8 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
/* Per MS-SAMR 3.1.1.8.11.6 we create AES keys if our domain functionality level is 2008 or higher */
domainFunctionality = talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int);
do_newer_keys = *domainFunctionality && (*domainFunctionality >= DS_BEHAVIOR_WIN2008);
do_newer_keys = *domainFunctionality &&
(*domainFunctionality >= DS_DOMAIN_FUNCTION_2008);
if (io->domain->store_cleartext &&
(io->u.user_account_control & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)) {

2
source4/libnet/libnet_become_dc.c
View File

@ -2101,7 +2101,7 @@ static void becomeDC_drsuapi1_add_entry_send(struct libnet_BecomeDC_state *s)
vd[0] = data_blob_talloc(vd, NULL, 4);
if (composite_nomem(vd[0].data, c)) return;
SIVAL(vd[0].data, 0, DS_BEHAVIOR_WIN2008);
SIVAL(vd[0].data, 0, DS_DC_FUNCTION_2008_R2);
vs[0].blob = &vd[0];

11
source4/scripting/python/samba/provision.py
View File

@ -42,8 +42,9 @@ import ldb
import shutil
from credentials import Credentials, DONT_USE_KERBEROS
from auth import system_session, admin_session
from samba import version, Ldb, substitute_var, valid_netbios_name, check_all_substituted, \
DS_BEHAVIOR_WIN2008
from samba import version, Ldb, substitute_var, valid_netbios_name
from samba import check_all_substituted
from samba import DS_DOMAIN_FUNCTION_2008_R2, DS_DC_FUNCTION_2008_R2
from samba.samdb import SamDB
from samba.idmap import IDmapDB
from samba.dcerpc import security
@ -834,9 +835,9 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
:note: This will wipe the main SAM database file!
"""
domainFunctionality = DS_BEHAVIOR_WIN2008
forestFunctionality = DS_BEHAVIOR_WIN2008
domainControllerFunctionality = DS_BEHAVIOR_WIN2008
domainFunctionality = DS_DOMAIN_FUNCTION_2008_R2
forestFunctionality = DS_DOMAIN_FUNCTION_2008_R2
domainControllerFunctionality = DS_DC_FUNCTION_2008_R2
# Also wipes the database
setup_samdb_partitions(path, setup_path, message=message, lp=lp,