struct ldb_context *ldb,
struct dom_sid *dag)
{
- int *domainFunctionality;
-
- domainFunctionality = talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int);
-
- if (*domainFunctionality && (*domainFunctionality >= DS_BEHAVIOR_WIN2008)){
- return dag;
- }
-
- return NULL;
+ return dag;
}
static DATA_BLOB *get_new_descriptor(struct ldb_module *module,
/* Per MS-SAMR 3.1.1.8.11.6 we create AES keys if our domain functionality level is 2008 or higher */
domainFunctionality = talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int);
- do_newer_keys = *domainFunctionality && (*domainFunctionality >= DS_BEHAVIOR_WIN2008);
+ do_newer_keys = *domainFunctionality &&
+ (*domainFunctionality >= DS_DOMAIN_FUNCTION_2008);
if (io->domain->store_cleartext &&
(io->u.user_account_control & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)) {
vd[0] = data_blob_talloc(vd, NULL, 4);
if (composite_nomem(vd[0].data, c)) return;
- SIVAL(vd[0].data, 0, DS_BEHAVIOR_WIN2008);
+ SIVAL(vd[0].data, 0, DS_DC_FUNCTION_2008_R2);
vs[0].blob = &vd[0];
import shutil
from credentials import Credentials, DONT_USE_KERBEROS
from auth import system_session, admin_session
-from samba import version, Ldb, substitute_var, valid_netbios_name, check_all_substituted, \
- DS_BEHAVIOR_WIN2008
+from samba import version, Ldb, substitute_var, valid_netbios_name
+from samba import check_all_substituted
+from samba import DS_DOMAIN_FUNCTION_2008_R2, DS_DC_FUNCTION_2008_R2
from samba.samdb import SamDB
from samba.idmap import IDmapDB
from samba.dcerpc import security
:note: This will wipe the main SAM database file!
"""
- domainFunctionality = DS_BEHAVIOR_WIN2008
- forestFunctionality = DS_BEHAVIOR_WIN2008
- domainControllerFunctionality = DS_BEHAVIOR_WIN2008
+ domainFunctionality = DS_DOMAIN_FUNCTION_2008_R2
+ forestFunctionality = DS_DOMAIN_FUNCTION_2008_R2
+ domainControllerFunctionality = DS_DC_FUNCTION_2008_R2
# Also wipes the database
setup_samdb_partitions(path, setup_path, message=message, lp=lp,