2025-01-25 06:04:04 +03:00 · 2009-12-09 15:18:37 +11:00 · 2009-12-09 15:18:37 +11:00 · 0fca76e577
commit 0fca76e577
parent 732c701c52
5 changed files with 21 additions and 18 deletions
--- a/source4/cldap_server/netlogon.c
+++ b/source4/cldap_server/netlogon.c
@ -215,10 +215,8 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
 #endif
 	if (samdb_is_pdc(sam_ctx)) {
 		int *domainFunctionality;
 		server_type |= DS_SERVER_PDC;
-		domainFunctionality = talloc_get_type(ldb_get_opaque(sam_ctx, "domainFunctionality"), int);
+		if (dsdb_functional_level(sam_ctx) >= DS_DOMAIN_FUNCTION_2008) {
 		if (domainFunctionality && *domainFunctionality >= DS_DOMAIN_FUNCTION_2008) {
 			server_type |= DS_SERVER_FULL_SECRET_DOMAIN_6;
 		}
 	}
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@ -2705,3 +2705,19 @@ const char *samdb_cn_to_lDAPDisplayName(TALLOC_CTX *mem_ctx, const char *cn)
 	return ret;
 }
 /*
  return domain functional level
  returns DS_DOMAIN_FUNCTION_*
 */
 int dsdb_functional_level(struct ldb_context *ldb)
 {
 	int *domainFunctionality =
 		talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int);
 	if (!domainFunctionality) {
 		DEBUG(0,(__location__ ": WARNING: domainFunctionality not setup\n"));
 		return DS_DOMAIN_FUNCTION_2000;
 	}
 	return *domainFunctionality;
 }
--- a/source4/dsdb/samdb/ldb_modules/descriptor.c
+++ b/source4/dsdb/samdb/ldb_modules/descriptor.c
@ -141,13 +141,7 @@ static struct dom_sid *get_default_group(TALLOC_CTX *mem_ctx,
 					 struct ldb_context *ldb,
 					 struct dom_sid *dag)
 {
-	int *domainFunctionality;
+	if (dsdb_functional_level(ldb) >= DS_DOMAIN_FUNCTION_2008) {
 	domainFunctionality = talloc_get_type(
 		ldb_get_opaque(ldb, "domainFunctionality"), int);
 	if (*domainFunctionality
 			&& (*domainFunctionality >= DS_DOMAIN_FUNCTION_2008)) {
 		return dag;
 	}
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@ -1025,7 +1025,6 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
 	uint8_t zero16[16];
 	bool do_newer_keys = false;
 	bool do_cleartext = false;
 	int *domainFunctionality;
 	ZERO_STRUCT(zero16);
 	ZERO_STRUCT(names);
@ -1065,10 +1064,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io)
 		}
 	}
 	/* Per MS-SAMR 3.1.1.8.11.6 we create AES keys if our domain functionality level is 2008 or higher */
-	domainFunctionality = talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int);
+	do_newer_keys = (dsdb_functional_level(ldb) >= DS_DOMAIN_FUNCTION_2008);
 	do_newer_keys = *domainFunctionality &&
 		(*domainFunctionality >= DS_DOMAIN_FUNCTION_2008);
 	if (io->domain->store_cleartext &&
 	    (io->u.user_account_control & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)) {
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@ -322,10 +322,9 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms
 		}
 	}
-	if (priv && do_attribute(attrs, "domainFunctionality")
+	if (priv && do_attribute(attrs, "domainFunctionality")) {
 	    && (val = talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int))) {
 		if (ldb_msg_add_fmt(msg, "domainFunctionality", 
-				    "%d", *val) != 0) {
+				    "%d", dsdb_functional_level(ldb)) != 0) {
 			goto failed;
 		}
 	}