summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2010-04-22 16:48:01 +1000
committerAndrew Tridgell <tridge@samba.org>2010-04-22 19:36:16 +1000
commitbb1ba4ff76eb90d0d62dd3edbe288f45cf7a0a1e (patch)
tree8fd3704eb6819063b1916c78bb1893ba16c7fe72 /source4/dsdb/samdb
parentec0bb2f46b855d44cccb71a5511c2acb7d8eae09 (diff)
downloadsamba-bb1ba4ff76eb90d0d62dd3edbe288f45cf7a0a1e.tar.gz
samba-bb1ba4ff76eb90d0d62dd3edbe288f45cf7a0a1e.tar.bz2
samba-bb1ba4ff76eb90d0d62dd3edbe288f45cf7a0a1e.zip
s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER level
This is used for allowing operations by RODCs, and denying them operations that should only be allowed for a full DC This required a new domain_sid argument to security_session_user_level() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Rusty Russell <rusty@samba.org>
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/kludge_acl.c2
-rw-r--r--source4/dsdb/samdb/ldb_modules/repl_meta_data.c2
-rw-r--r--source4/dsdb/samdb/ldb_modules/rootdse.c2
-rw-r--r--source4/dsdb/samdb/ldb_modules/util.c2
4 files changed, 4 insertions, 4 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c
index 72863adebd..42f0a306f4 100644
--- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c
+++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c
@@ -56,7 +56,7 @@ static enum security_user_level what_is_user(struct ldb_module *module)
struct ldb_context *ldb = ldb_module_get_ctx(module);
struct auth_session_info *session_info
= (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
- return security_session_user_level(session_info);
+ return security_session_user_level(session_info, NULL);
}
static const char *user_name(TALLOC_CTX *mem_ctx, struct ldb_module *module)
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index 75aed6ae7e..efb44bfd4c 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -2402,7 +2402,7 @@ static int replmd_delete(struct ldb_module *module, struct ldb_request *req)
if (next_deletion_state == OBJECT_REMOVED) {
struct auth_session_info *session_info =
(struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
- if (security_session_user_level(session_info) != SECURITY_SYSTEM) {
+ if (security_session_user_level(session_info, NULL) != SECURITY_SYSTEM) {
ldb_asprintf_errstring(ldb, "Refusing to delete deleted object %s",
ldb_dn_get_linearized(old_msg->dn));
return LDB_ERR_UNWILLING_TO_PERFORM;
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index f10a125eb6..5fffef7c86 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -884,7 +884,7 @@ static int rootdse_enableoptionalfeature(struct ldb_module *module, struct ldb_r
int ret;
const char *guid_string;
- if (security_session_user_level(session_info) != SECURITY_SYSTEM) {
+ if (security_session_user_level(session_info, NULL) != SECURITY_SYSTEM) {
ldb_asprintf_errstring(ldb, "rootdse: Insufficient rights for enableoptionalfeature");
return LDB_ERR_UNWILLING_TO_PERFORM;
}
diff --git a/source4/dsdb/samdb/ldb_modules/util.c b/source4/dsdb/samdb/ldb_modules/util.c
index fe0ff7510b..7913ac8049 100644
--- a/source4/dsdb/samdb/ldb_modules/util.c
+++ b/source4/dsdb/samdb/ldb_modules/util.c
@@ -799,7 +799,7 @@ bool dsdb_module_am_system(struct ldb_module *module)
struct ldb_context *ldb = ldb_module_get_ctx(module);
struct auth_session_info *session_info
= (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
- return security_session_user_level(session_info) == SECURITY_SYSTEM;
+ return security_session_user_level(session_info, NULL) == SECURITY_SYSTEM;
}
/*