diff options
author | Matthieu Patou <mat@matws.net> | 2012-09-26 11:44:58 -0700 |
---|---|---|
committer | Matthieu Patou <mat@matws.net> | 2012-10-07 21:51:02 -0700 |
commit | 8dbba524bfc2bbf8117f51f3dffd2a08835d485d (patch) | |
tree | 1df9aa2bf36d1d11ebc2b085d42438fbac40ec2d | |
parent | 2eae16102a583c8057f9f5a089ba0e5e97fb56d0 (diff) | |
download | samba-8dbba524bfc2bbf8117f51f3dffd2a08835d485d.tar.gz samba-8dbba524bfc2bbf8117f51f3dffd2a08835d485d.tar.bz2 samba-8dbba524bfc2bbf8117f51f3dffd2a08835d485d.zip |
s4-drs: EXOP_REPL_SECRETS can be called by RW DC as well
-rw-r--r-- | source4/rpc_server/drsuapi/getncchanges.c | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index f65fa2c094..871fc6867e 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -882,7 +882,8 @@ static WERROR getncchanges_repl_secret(struct drsuapi_bind_state *b_state, TALLOC_CTX *mem_ctx, struct drsuapi_DsGetNCChangesRequest10 *req10, struct dom_sid *user_sid, - struct drsuapi_DsGetNCChangesCtr6 *ctr6) + struct drsuapi_DsGetNCChangesCtr6 *ctr6, + bool has_get_all_changes) { struct drsuapi_DsReplicaObjectIdentifier *ncRoot = req10->naming_context; struct ldb_dn *obj_dn, *rodc_dn, *krbtgt_link_dn; @@ -897,7 +898,7 @@ static WERROR getncchanges_repl_secret(struct drsuapi_bind_state *b_state, drs_ObjectIdentifier_to_string(mem_ctx, ncRoot))); /* - * we need to work out if we will allow this RODC to + * we need to work out if we will allow this DC to * replicate the secrets for this object * * see 4.1.10.5.14 GetRevealSecretsPolicyForUser for details @@ -981,20 +982,21 @@ static WERROR getncchanges_repl_secret(struct drsuapi_bind_state *b_state, /* default deny */ denied: - DEBUG(2,(__location__ ": Denied RODC secret replication for %s by RODC %s\n", + DEBUG(2,(__location__ ": Denied single object with secret replication for %s by RODC %s\n", ldb_dn_get_linearized(obj_dn), ldb_dn_get_linearized(rodc_res->msgs[0]->dn))); ctr6->extended_ret = DRSUAPI_EXOP_ERR_NONE; return WERR_DS_DRA_ACCESS_DENIED; allowed: - DEBUG(2,(__location__ ": Allowed RODC secret replication for %s by RODC %s\n", - ldb_dn_get_linearized(obj_dn), ldb_dn_get_linearized(rodc_res->msgs[0]->dn))); + DEBUG(2,(__location__ ": Allowed single object with secret replication for %s by %s %s\n", + ldb_dn_get_linearized(obj_dn), has_get_all_changes?"RWDC":"RODC", + ldb_dn_get_linearized(rodc_res->msgs[0]->dn))); ctr6->extended_ret = DRSUAPI_EXOP_ERR_SUCCESS; req10->highwatermark.highest_usn = 0; return WERR_OK; failed: - DEBUG(2,(__location__ ": Failed RODC secret replication for %s by RODC %s\n", + DEBUG(2,(__location__ ": Failed single secret replication for %s by RODC %s\n", ldb_dn_get_linearized(obj_dn), dom_sid_string(mem_ctx, user_sid))); ctr6->extended_ret = DRSUAPI_EXOP_ERR_NONE; return WERR_DS_DRA_BAD_DN; @@ -1437,6 +1439,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ time_t max_wait; time_t start = time(NULL); bool max_wait_reached = false; + bool has_get_all_changes = false; DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE); b_state = h->data; @@ -1538,6 +1541,8 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ GUID_DRS_GET_ALL_CHANGES); if (!W_ERROR_IS_OK(werr)) { return werr; + } else { + has_get_all_changes = true; } } @@ -1605,7 +1610,10 @@ allowed: search_dn = ldb_get_default_basedn(sam_ctx); break; case DRSUAPI_EXOP_REPL_SECRET: - werr = getncchanges_repl_secret(b_state, mem_ctx, req10, user_sid, &r->out.ctr->ctr6); + werr = getncchanges_repl_secret(b_state, mem_ctx, req10, + user_sid, + &r->out.ctr->ctr6, + has_get_all_changes); r->out.result = werr; W_ERROR_NOT_OK_RETURN(werr); break; |