diff options
author | Andrew Tridgell <tridge@samba.org> | 2010-04-22 16:48:01 +1000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2010-04-22 19:36:16 +1000 |
commit | bb1ba4ff76eb90d0d62dd3edbe288f45cf7a0a1e (patch) | |
tree | 8fd3704eb6819063b1916c78bb1893ba16c7fe72 /source4/rpc_server/drsuapi/dcesrv_drsuapi.c | |
parent | ec0bb2f46b855d44cccb71a5511c2acb7d8eae09 (diff) | |
download | samba-bb1ba4ff76eb90d0d62dd3edbe288f45cf7a0a1e.tar.gz samba-bb1ba4ff76eb90d0d62dd3edbe288f45cf7a0a1e.tar.bz2 samba-bb1ba4ff76eb90d0d62dd3edbe288f45cf7a0a1e.zip |
s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER level
This is used for allowing operations by RODCs, and denying them
operations that should only be allowed for a full DC
This required a new domain_sid argument to
security_session_user_level()
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Rusty Russell <rusty@samba.org>
Diffstat (limited to 'source4/rpc_server/drsuapi/dcesrv_drsuapi.c')
-rw-r--r-- | source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c index 270c716d46..5d3c513f3f 100644 --- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c +++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c @@ -65,7 +65,7 @@ static WERROR dcesrv_drsuapi_DsBind(struct dcesrv_call_state *dce_call, TALLOC_C W_ERROR_HAVE_NO_MEMORY(b_state); /* if this is a DC connecting, give them system level access */ - werr = drs_security_level_check(dce_call, NULL); + werr = drs_security_level_check(dce_call, NULL, SECURITY_DOMAIN_CONTROLLER); if (W_ERROR_IS_OK(werr)) { DEBUG(3,(__location__ ": doing DsBind with system_session\n")); auth_info = system_session(dce_call->conn->dce_ctx->lp_ctx); @@ -247,7 +247,7 @@ static WERROR dcesrv_drsuapi_DsReplicaSync(struct dcesrv_call_state *dce_call, T { WERROR status; - status = drs_security_level_check(dce_call, "DsReplicaSync"); + status = drs_security_level_check(dce_call, "DsReplicaSync", SECURITY_DOMAIN_CONTROLLER); if (!W_ERROR_IS_OK(status)) { return status; } @@ -401,7 +401,7 @@ static WERROR dcesrv_drsuapi_DsRemoveDSServer(struct dcesrv_call_state *dce_call *r->out.level_out = 1; - status = drs_security_level_check(dce_call, "DsRemoveDSServer"); + status = drs_security_level_check(dce_call, "DsRemoveDSServer", SECURITY_DOMAIN_CONTROLLER); if (!W_ERROR_IS_OK(status)) { return status; } @@ -726,7 +726,7 @@ static WERROR dcesrv_drsuapi_DsExecuteKCC(struct dcesrv_call_state *dce_call, TA struct drsuapi_DsExecuteKCC *r) { WERROR status; - status = drs_security_level_check(dce_call, "DsExecuteKCC"); + status = drs_security_level_check(dce_call, "DsExecuteKCC", SECURITY_DOMAIN_CONTROLLER); if (!W_ERROR_IS_OK(status)) { return status; @@ -748,7 +748,7 @@ static WERROR dcesrv_drsuapi_DsReplicaGetInfo(struct dcesrv_call_state *dce_call if (!lp_parm_bool(dce_call->conn->dce_ctx->lp_ctx, NULL, "drs", "disable_sec_check", false)) { - level = security_session_user_level(dce_call->conn->auth_state.session_info); + level = security_session_user_level(dce_call->conn->auth_state.session_info, NULL); if (level < SECURITY_ADMINISTRATOR) { DEBUG(1,(__location__ ": Administrator access required for DsReplicaGetInfo\n")); security_token_debug(2, dce_call->conn->auth_state.session_info->security_token); |