The branch, master has been updated via 44c891a s4-sam: added DOMAIN_RID_ENTERPRISE_READONLY_DCS for RODCs in the PAC via 9a58cd1 libds: added more UF_ -> ACB_ flags mappings from 77d959f midltests: add midltests-pipe-sync-ndr32-downgrade-02.idl
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 44c891a35acae620566901bb6e038df45f411e02 Author: Andrew Tridgell <tri...@samba.org> Date: Tue Sep 28 23:19:26 2010 -0700 s4-sam: added DOMAIN_RID_ENTERPRISE_READONLY_DCS for RODCs in the PAC Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> commit 9a58cd12b4fd1956a1472072b294309b55de01fa Author: Andrew Tridgell <tri...@samba.org> Date: Tue Sep 28 23:18:47 2010 -0700 libds: added more UF_ -> ACB_ flags mappings Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> Pair-Programmed-With: Stefan Metzmacher <me...@samba.org> ----------------------------------------------------------------------- Summary of changes: libds/common/flag_mapping.c | 5 ++++- libds/common/flags.h | 2 +- source4/auth/sam.c | 16 ++++++++++++++++ 3 files changed, 21 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/libds/common/flag_mapping.c b/libds/common/flag_mapping.c index cf63327..99421ed 100644 --- a/libds/common/flag_mapping.c +++ b/libds/common/flag_mapping.c @@ -50,7 +50,10 @@ static const struct { { UF_USE_DES_KEY_ONLY, ACB_USE_DES_KEY_ONLY}, { UF_DONT_REQUIRE_PREAUTH, ACB_DONT_REQUIRE_PREAUTH }, { UF_PASSWORD_EXPIRED, ACB_PW_EXPIRED }, - { UF_NO_AUTH_DATA_REQUIRED, ACB_NO_AUTH_DATA_REQD } + { UF_NO_AUTH_DATA_REQUIRED, ACB_NO_AUTH_DATA_REQD }, + { UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION, ACB_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION }, + { UF_PARTIAL_SECRETS_ACCOUNT, ACB_PARTIAL_SECRETS_ACCOUNT }, + { UF_USE_AES_KEYS, ACB_USE_AES_KEYS } }; uint32_t ds_acb2uf(uint32_t acb) diff --git a/libds/common/flags.h b/libds/common/flags.h index 0fc159a..44a5014 100644 --- a/libds/common/flags.h +++ b/libds/common/flags.h @@ -48,10 +48,10 @@ #define UF_USE_DES_KEY_ONLY 0x00200000 #define UF_DONT_REQUIRE_PREAUTH 0x00400000 #define UF_PASSWORD_EXPIRED 0x00800000 - #define UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 0x01000000 #define UF_NO_AUTH_DATA_REQUIRED 0x02000000 #define UF_PARTIAL_SECRETS_ACCOUNT 0x04000000 +#define UF_USE_AES_KEYS 0x08000000 #define UF_MACHINE_ACCOUNT_MASK (\ UF_INTERDOMAIN_TRUST_ACCOUNT |\ diff --git a/source4/auth/sam.c b/source4/auth/sam.c index ad7fe0a..de794cc 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -575,6 +575,22 @@ _PUBLIC_ NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, server_info->n_domain_groups++; } + if ((server_info->acct_flags & (ACB_PARTIAL_SECRETS_ACCOUNT | ACB_WSTRUST)) == + (ACB_PARTIAL_SECRETS_ACCOUNT | ACB_WSTRUST)) { + /* the DOMAIN_RID_ENTERPRISE_READONLY_DCS PAC */ + server_info->domain_groups = talloc_realloc(server_info, + server_info->domain_groups, + struct dom_sid *, + server_info->n_domain_groups+1); + NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->domain_groups, server_info); + server_info->domain_groups[server_info->n_domain_groups] = + dom_sid_add_rid(server_info->domain_groups, domain_sid, + DOMAIN_RID_ENTERPRISE_READONLY_DCS); + NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->domain_groups[server_info->n_domain_groups], + server_info); + server_info->n_domain_groups++; + } + server_info->authenticated = true; talloc_free(tmp_ctx); -- Samba Shared Repository