The branch, master has been updated
via 44c891a s4-sam: added DOMAIN_RID_ENTERPRISE_READONLY_DCS for RODCs
in the PAC
via 9a58cd1 libds: added more UF_ -> ACB_ flags mappings
from 77d959f midltests: add midltests-pipe-sync-ndr32-downgrade-02.idl
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 44c891a35acae620566901bb6e038df45f411e02
Author: Andrew Tridgell <tri...@samba.org>
Date: Tue Sep 28 23:19:26 2010 -0700
s4-sam: added DOMAIN_RID_ENTERPRISE_READONLY_DCS for RODCs in the PAC
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
commit 9a58cd12b4fd1956a1472072b294309b55de01fa
Author: Andrew Tridgell <tri...@samba.org>
Date: Tue Sep 28 23:18:47 2010 -0700
libds: added more UF_ -> ACB_ flags mappings
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
Pair-Programmed-With: Stefan Metzmacher <me...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
libds/common/flag_mapping.c | 5 ++++-
libds/common/flags.h | 2 +-
source4/auth/sam.c | 16 ++++++++++++++++
3 files changed, 21 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libds/common/flag_mapping.c b/libds/common/flag_mapping.c
index cf63327..99421ed 100644
--- a/libds/common/flag_mapping.c
+++ b/libds/common/flag_mapping.c
@@ -50,7 +50,10 @@ static const struct {
{ UF_USE_DES_KEY_ONLY, ACB_USE_DES_KEY_ONLY},
{ UF_DONT_REQUIRE_PREAUTH, ACB_DONT_REQUIRE_PREAUTH },
{ UF_PASSWORD_EXPIRED, ACB_PW_EXPIRED },
- { UF_NO_AUTH_DATA_REQUIRED, ACB_NO_AUTH_DATA_REQD }
+ { UF_NO_AUTH_DATA_REQUIRED, ACB_NO_AUTH_DATA_REQD },
+ { UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION,
ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION },
+ { UF_PARTIAL_SECRETS_ACCOUNT, ACB_PARTIAL_SECRETS_ACCOUNT },
+ { UF_USE_AES_KEYS, ACB_USE_AES_KEYS }
};
uint32_t ds_acb2uf(uint32_t acb)
diff --git a/libds/common/flags.h b/libds/common/flags.h
index 0fc159a..44a5014 100644
--- a/libds/common/flags.h
+++ b/libds/common/flags.h
@@ -48,10 +48,10 @@
#define UF_USE_DES_KEY_ONLY 0x00200000
#define UF_DONT_REQUIRE_PREAUTH 0x00400000
#define UF_PASSWORD_EXPIRED 0x00800000
-
#define UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 0x01000000
#define UF_NO_AUTH_DATA_REQUIRED 0x02000000
#define UF_PARTIAL_SECRETS_ACCOUNT 0x04000000
+#define UF_USE_AES_KEYS 0x08000000
#define UF_MACHINE_ACCOUNT_MASK (\
UF_INTERDOMAIN_TRUST_ACCOUNT |\
diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index ad7fe0a..de794cc 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -575,6 +575,22 @@ _PUBLIC_ NTSTATUS authsam_make_server_info(TALLOC_CTX
*mem_ctx,
server_info->n_domain_groups++;
}
+ if ((server_info->acct_flags & (ACB_PARTIAL_SECRETS_ACCOUNT |
ACB_WSTRUST)) ==
+ (ACB_PARTIAL_SECRETS_ACCOUNT | ACB_WSTRUST)) {
+ /* the DOMAIN_RID_ENTERPRISE_READONLY_DCS PAC */
+ server_info->domain_groups = talloc_realloc(server_info,
+
server_info->domain_groups,
+ struct dom_sid *,
+
server_info->n_domain_groups+1);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->domain_groups,
server_info);
+ server_info->domain_groups[server_info->n_domain_groups] =
+ dom_sid_add_rid(server_info->domain_groups, domain_sid,
+ DOMAIN_RID_ENTERPRISE_READONLY_DCS);
+
NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->domain_groups[server_info->n_domain_groups],
+ server_info);
+ server_info->n_domain_groups++;
+ }
+
server_info->authenticated = true;
talloc_free(tmp_ctx);
--
Samba Shared Repository
