From: Andrew Tridgell Date: Wed, 9 Dec 2009 04:18:37 +0000 (+1100) Subject: s4-dsdb: added dsdb_functional_level() helper function X-Git-Tag: samba-4.0.0alpha11~688 X-Git-Url: http://git.samba.org/samba.git/?a=commitdiff_plain;h=0fca76e5775e46dd69153eee93e92b1937df29b5;p=samba.git s4-dsdb: added dsdb_functional_level() helper function --- diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index c565f2fb1ad..049b0085b33 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -215,10 +215,8 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, #endif if (samdb_is_pdc(sam_ctx)) { - int *domainFunctionality; server_type |= DS_SERVER_PDC; - domainFunctionality = talloc_get_type(ldb_get_opaque(sam_ctx, "domainFunctionality"), int); - if (domainFunctionality && *domainFunctionality >= DS_DOMAIN_FUNCTION_2008) { + if (dsdb_functional_level(sam_ctx) >= DS_DOMAIN_FUNCTION_2008) { server_type |= DS_SERVER_FULL_SECRET_DOMAIN_6; } } diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index d9e03cec3ef..512230f63c0 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -2705,3 +2705,19 @@ const char *samdb_cn_to_lDAPDisplayName(TALLOC_CTX *mem_ctx, const char *cn) return ret; } + +/* + return domain functional level + returns DS_DOMAIN_FUNCTION_* + */ +int dsdb_functional_level(struct ldb_context *ldb) +{ + int *domainFunctionality = + talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int); + if (!domainFunctionality) { + DEBUG(0,(__location__ ": WARNING: domainFunctionality not setup\n")); + return DS_DOMAIN_FUNCTION_2000; + } + return *domainFunctionality; +} + diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c index da80ee540ed..03cb1ff3e33 100644 --- a/source4/dsdb/samdb/ldb_modules/descriptor.c +++ b/source4/dsdb/samdb/ldb_modules/descriptor.c @@ -141,13 +141,7 @@ static struct dom_sid *get_default_group(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct dom_sid *dag) { - int *domainFunctionality; - - domainFunctionality = talloc_get_type( - ldb_get_opaque(ldb, "domainFunctionality"), int); - - if (*domainFunctionality - && (*domainFunctionality >= DS_DOMAIN_FUNCTION_2008)) { + if (dsdb_functional_level(ldb) >= DS_DOMAIN_FUNCTION_2008) { return dag; } diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 8791db2bc4f..4d4f500e875 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1025,7 +1025,6 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) uint8_t zero16[16]; bool do_newer_keys = false; bool do_cleartext = false; - int *domainFunctionality; ZERO_STRUCT(zero16); ZERO_STRUCT(names); @@ -1065,10 +1064,7 @@ static int setup_supplemental_field(struct setup_password_fields_io *io) } } /* Per MS-SAMR 3.1.1.8.11.6 we create AES keys if our domain functionality level is 2008 or higher */ - domainFunctionality = talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int); - - do_newer_keys = *domainFunctionality && - (*domainFunctionality >= DS_DOMAIN_FUNCTION_2008); + do_newer_keys = (dsdb_functional_level(ldb) >= DS_DOMAIN_FUNCTION_2008); if (io->domain->store_cleartext && (io->u.user_account_control & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)) { diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 661060d7552..045b507ffd9 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -322,10 +322,9 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms } } - if (priv && do_attribute(attrs, "domainFunctionality") - && (val = talloc_get_type(ldb_get_opaque(ldb, "domainFunctionality"), int))) { + if (priv && do_attribute(attrs, "domainFunctionality")) { if (ldb_msg_add_fmt(msg, "domainFunctionality", - "%d", *val) != 0) { + "%d", dsdb_functional_level(ldb)) != 0) { goto failed; } }