r12818: When denying an operation, include what we think the username is in

the error message.

Andrew Bartlett
(This used to be commit 36c1f67f12d5ac83a7a205c0ec152a79c4a8ba4b)

1 files changed, 16 insertions, 1 deletions

diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c
index 56b2d4b398..4153456aa1 100644
--- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c
+++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c
@@ -79,6 +79,20 @@ static enum user_is what_is_user(struct ldb_module *module)
 	return ANONYMOUS;
 }
 
+static const char *user_name(TALLOC_CTX *mem_ctx, struct ldb_module *module) 
+{
+	struct auth_session_info *session_info
+		= ldb_get_opaque(module->ldb, "sessionInfo");
+	if (!session_info) {
+		return "UNKNOWN (NULL)";
+	}
+	
+	return talloc_asprintf(mem_ctx, "%s\\%s",
+			       session_info->server_info->domain_name,
+			       session_info->server_info->account_name);
+	return ANONYMOUS;
+}
+
 /* search */
 static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req)
 {
@@ -123,7 +137,8 @@ static int kludge_acl_change(struct ldb_module *module, struct ldb_request *req)
 	default:
 		ldb_set_errstring(module, 
 				  talloc_asprintf(req, "kludge_acl_change: "
-						  "attempted database modify not permitted. User is not SYSTEM or an administrator"));
+						  "attempted database modify not permitted. User %s is not SYSTEM or an administrator",
+						  user_name(req, module)));
 		return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
 	}
 }