[Patch] Make samba4 return a correct Supported Encryption

Andrew Bartlett abartlet at samba.org
Tue Sep 8 07:00:38 MDT 2009 

On Tue, 2009-09-08 at 12:28 +0200, Stefan (metze) Metzmacher wrote:
> Matthieu Patou schrieb:
> > 
> > On 09/08/2009 02:26 AM, Andrew Bartlett wrote:
> >> On Mon, 2009-09-07 at 23:40 +0400, Matthieu Patou wrote:
> >>   
> >>> On 09/07/2009 04:51 PM, Stefan (metze) Metzmacher wrote:
> >>>     
> >>>> Hi Matthieu,
> >>>>
> >>>>
> >>>>       
> >>>>> Please Find attached a patch that allow S4 to return correctly the
> >>>>> SupportedEncryption in the getDomainInfo RPC.
> >>>>>
> >>>>> This patch make the assumption that by default if the
> >>>>> msDS-SupportedEncryptionTypes is not populated then the workstation
> >>>>> support all the encryption up to RC4 (same assumption as Windows 2008
> >>>>> and upper do).
> >>>>>
> >>>>>          
> >>>> Can you resend the patch using:
> >>>> - tab indentation
> >>>> - using the same type 'uint32_t' in all places,
> >>>>     currently you're mixing uint32_t, int and samdb_search_int64()
> >>>>
> >>>> Thanks!
> >>>> metze
> >>>>
> >>>>
> >>>>        
> >>> Hi metze,
> >>> Sorry for the tabs, about 32/64 I didn't find the samdb_search_int32
> >>> function and I've seen in the code of samba4 that it's done like this
> >>> (ie. samdb_result_force_password_change in dsdb/common/util.c).
> >>> Maybe it will be more cleaner to create a samdb_search_int32() ?
> >>>
> >>> In any case here is the updated patch I also attached a variant just
> >>> with 64 bit ints ...
> >>>      
> >> We need to avoid magic things like 0xf in the code.  Can you a bitmap of
> >> constants to the netlogon.idl and use them?
> >>
> >>    
> > Metze, Andrew,
> > 
> > Find attached the version that use the IDL (good point because it
> > allowed me to realize that we should return 0x07 in fact ...) with int32
> > and a silent cast from samdb_search_int64.
> 
> I just noticed that we already do a samdb_search_string(),
> which would mean we do 2 ldb searches for the same object.
> I think we should use only one search, maybe using gendb_search_dn()
> and ldb_msg_find_attr_as_uint().

I've pushed the patch, but I agree. 

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090908/67e47b3f/attachment.pgp>

More information about the samba-technical mailing list