diff options
author | Andrew Tridgell <tridge@samba.org> | 2009-10-06 18:58:13 +1100 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2009-10-06 18:58:13 +1100 |
commit | a021d5513846968c54d6e065dbcb25948418676f (patch) | |
tree | 105fcb62bea94ea52fb6ae6023ea2c91ead6faf9 /source4/rpc_server/drsuapi | |
parent | 9c1e230bc217e7d1ce0ef713a17982a8536584a1 (diff) | |
download | samba-a021d5513846968c54d6e065dbcb25948418676f.tar.gz samba-a021d5513846968c54d6e065dbcb25948418676f.tar.bz2 samba-a021d5513846968c54d6e065dbcb25948418676f.zip |
s4-drs: open samdb with system credentials when authorised
When a DC connects to DRS, open the samdb with system session
credentials, so that we don't have to re-open it each time on other
calls.
Diffstat (limited to 'source4/rpc_server/drsuapi')
-rw-r--r-- | source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c index 9903f08746..f11cc232f0 100644 --- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c +++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c @@ -27,6 +27,7 @@ #include "dsdb/samdb/samdb.h" #include "rpc_server/drsuapi/dcesrv_drsuapi.h" #include "libcli/security/security.h" +#include "auth/auth.h" /* drsuapi_DsBind @@ -47,6 +48,8 @@ static WERROR dcesrv_drsuapi_DsBind(struct dcesrv_call_state *dce_call, TALLOC_C uint32_t pid; uint32_t repl_epoch; int ret; + struct auth_session_info *auth_info; + WERROR werr; r->out.bind_info = NULL; ZERO_STRUCTP(r->out.bind_handle); @@ -54,10 +57,20 @@ static WERROR dcesrv_drsuapi_DsBind(struct dcesrv_call_state *dce_call, TALLOC_C b_state = talloc_zero(mem_ctx, struct drsuapi_bind_state); W_ERROR_HAVE_NO_MEMORY(b_state); + /* if this is a DC connecting, give them system level access */ + werr = drs_security_level_check(dce_call, NULL); + if (W_ERROR_IS_OK(werr)) { + DEBUG(0,(__location__ ": doing DsBind with system_session\n")); + auth_info = system_session(b_state, dce_call->conn->dce_ctx->lp_ctx); + } else { + auth_info = dce_call->conn->auth_state.session_info; + } + /* * connect to the samdb */ - b_state->sam_ctx = samdb_connect(b_state, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info); + b_state->sam_ctx = samdb_connect(b_state, dce_call->event_ctx, + dce_call->conn->dce_ctx->lp_ctx, auth_info); if (!b_state->sam_ctx) { return WERR_FOOBAR; } |