diff options
author | Andrew Tridgell <tridge@samba.org> | 2010-04-22 16:48:01 +1000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2010-04-22 19:36:16 +1000 |
commit | bb1ba4ff76eb90d0d62dd3edbe288f45cf7a0a1e (patch) | |
tree | 8fd3704eb6819063b1916c78bb1893ba16c7fe72 /source4/dsdb | |
parent | ec0bb2f46b855d44cccb71a5511c2acb7d8eae09 (diff) | |
download | samba-bb1ba4ff76eb90d0d62dd3edbe288f45cf7a0a1e.tar.gz samba-bb1ba4ff76eb90d0d62dd3edbe288f45cf7a0a1e.tar.bz2 samba-bb1ba4ff76eb90d0d62dd3edbe288f45cf7a0a1e.zip |
s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER level
This is used for allowing operations by RODCs, and denying them
operations that should only be allowed for a full DC
This required a new domain_sid argument to
security_session_user_level()
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Rusty Russell <rusty@samba.org>
Diffstat (limited to 'source4/dsdb')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/kludge_acl.c | 2 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 2 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/rootdse.c | 2 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/util.c | 2 |
4 files changed, 4 insertions, 4 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 72863adebd..42f0a306f4 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -56,7 +56,7 @@ static enum security_user_level what_is_user(struct ldb_module *module) struct ldb_context *ldb = ldb_module_get_ctx(module); struct auth_session_info *session_info = (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo"); - return security_session_user_level(session_info); + return security_session_user_level(session_info, NULL); } static const char *user_name(TALLOC_CTX *mem_ctx, struct ldb_module *module) diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 75aed6ae7e..efb44bfd4c 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -2402,7 +2402,7 @@ static int replmd_delete(struct ldb_module *module, struct ldb_request *req) if (next_deletion_state == OBJECT_REMOVED) { struct auth_session_info *session_info = (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo"); - if (security_session_user_level(session_info) != SECURITY_SYSTEM) { + if (security_session_user_level(session_info, NULL) != SECURITY_SYSTEM) { ldb_asprintf_errstring(ldb, "Refusing to delete deleted object %s", ldb_dn_get_linearized(old_msg->dn)); return LDB_ERR_UNWILLING_TO_PERFORM; diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index f10a125eb6..5fffef7c86 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -884,7 +884,7 @@ static int rootdse_enableoptionalfeature(struct ldb_module *module, struct ldb_r int ret; const char *guid_string; - if (security_session_user_level(session_info) != SECURITY_SYSTEM) { + if (security_session_user_level(session_info, NULL) != SECURITY_SYSTEM) { ldb_asprintf_errstring(ldb, "rootdse: Insufficient rights for enableoptionalfeature"); return LDB_ERR_UNWILLING_TO_PERFORM; } diff --git a/source4/dsdb/samdb/ldb_modules/util.c b/source4/dsdb/samdb/ldb_modules/util.c index fe0ff7510b..7913ac8049 100644 --- a/source4/dsdb/samdb/ldb_modules/util.c +++ b/source4/dsdb/samdb/ldb_modules/util.c @@ -799,7 +799,7 @@ bool dsdb_module_am_system(struct ldb_module *module) struct ldb_context *ldb = ldb_module_get_ctx(module); struct auth_session_info *session_info = (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo"); - return security_session_user_level(session_info) == SECURITY_SYSTEM; + return security_session_user_level(session_info, NULL) == SECURITY_SYSTEM; } /* |