diff options
author | Andrew Tridgell <tridge@samba.org> | 2010-08-19 13:06:08 +1000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2010-08-20 20:34:11 +1000 |
commit | f1c6bab60e52624f5f3188689eb9452a0fdc9221 (patch) | |
tree | 3f66c600350823f21bbe2c1e8357e1a8d4e2c28d | |
parent | 4cc6b5a69b1f94d96a73ac15d58ff71d2e4febfd (diff) | |
download | samba-f1c6bab60e52624f5f3188689eb9452a0fdc9221.tar.gz samba-f1c6bab60e52624f5f3188689eb9452a0fdc9221.tar.bz2 samba-f1c6bab60e52624f5f3188689eb9452a0fdc9221.zip |
s4-drs: fixed the error code for EXOP_REPL_SECRET getncchanges calls
when we deny a EXOP_REPL_SECRET call we should set the exop error code
to NONE, and the main return code to WERR_DS_DRA_ACCESS_DENIED (based
on observing windows server behaviour)
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
-rw-r--r-- | source4/rpc_server/drsuapi/getncchanges.c | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index 796bc2dd62..8648d5dafa 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -884,8 +884,8 @@ static WERROR getncchanges_repl_secret(struct drsuapi_bind_state *b_state, denied: DEBUG(2,(__location__ ": Denied RODC secret replication for %s by RODC %s\n", ncRoot->dn, ldb_dn_get_linearized(rodc_res->msgs[0]->dn))); - ctr6->extended_ret = DRSUAPI_EXOP_ERR_ACCESS_DENIED; - return WERR_ACCESS_DENIED; + ctr6->extended_ret = DRSUAPI_EXOP_ERR_NONE; + return WERR_DS_DRA_ACCESS_DENIED; allowed: DEBUG(2,(__location__ ": Allowed RODC secret replication for %s by RODC %s\n", @@ -897,8 +897,8 @@ allowed: failed: DEBUG(2,(__location__ ": Failed RODC secret replication for %s by RODC %s\n", ncRoot->dn, dom_sid_string(mem_ctx, user_sid))); - ctr6->extended_ret = DRSUAPI_EXOP_ERR_DIR_ERROR; - return WERR_DS_DRA_SOURCE_DISABLED; + ctr6->extended_ret = DRSUAPI_EXOP_ERR_NONE; + return WERR_DS_DRA_BAD_DN; } @@ -1053,11 +1053,9 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ case DRSUAPI_EXOP_REPL_SECRET: werr = getncchanges_repl_secret(b_state, mem_ctx, req8, user_sid, &r->out.ctr->ctr6); - if (W_ERROR_EQUAL(werr, WERR_ACCESS_DENIED)) { - null_scope = true; - } else { - W_ERROR_NOT_OK_RETURN(werr); - } + r->out.result = werr; + NDR_PRINT_FUNCTION_DEBUG(drsuapi_DsGetNCChanges, NDR_BOTH, r); + W_ERROR_NOT_OK_RETURN(werr); break; case DRSUAPI_EXOP_FSMO_REQ_ROLE: @@ -1379,7 +1377,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ link_given, link_total)); #if 0 - if (!r->out.ctr->ctr6.more_data) { + if (!r->out.ctr->ctr6.more_data && req8->extended_op != DRSUAPI_EXOP_NONE) { NDR_PRINT_FUNCTION_DEBUG(drsuapi_DsGetNCChanges, NDR_BOTH, r); } #endif |