summaryrefslogtreecommitdiff
path: root/source4/rpc_server/drsuapi
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2009-10-06 18:58:13 +1100
committerAndrew Tridgell <tridge@samba.org>2009-10-06 18:58:13 +1100
commita021d5513846968c54d6e065dbcb25948418676f (patch)
tree105fcb62bea94ea52fb6ae6023ea2c91ead6faf9 /source4/rpc_server/drsuapi
parent9c1e230bc217e7d1ce0ef713a17982a8536584a1 (diff)
downloadsamba-a021d5513846968c54d6e065dbcb25948418676f.tar.gz
samba-a021d5513846968c54d6e065dbcb25948418676f.tar.bz2
samba-a021d5513846968c54d6e065dbcb25948418676f.zip
s4-drs: open samdb with system credentials when authorised
When a DC connects to DRS, open the samdb with system session credentials, so that we don't have to re-open it each time on other calls.
Diffstat (limited to 'source4/rpc_server/drsuapi')
-rw-r--r--source4/rpc_server/drsuapi/dcesrv_drsuapi.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
index 9903f08746..f11cc232f0 100644
--- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
@@ -27,6 +27,7 @@
#include "dsdb/samdb/samdb.h"
#include "rpc_server/drsuapi/dcesrv_drsuapi.h"
#include "libcli/security/security.h"
+#include "auth/auth.h"
/*
drsuapi_DsBind
@@ -47,6 +48,8 @@ static WERROR dcesrv_drsuapi_DsBind(struct dcesrv_call_state *dce_call, TALLOC_C
uint32_t pid;
uint32_t repl_epoch;
int ret;
+ struct auth_session_info *auth_info;
+ WERROR werr;
r->out.bind_info = NULL;
ZERO_STRUCTP(r->out.bind_handle);
@@ -54,10 +57,20 @@ static WERROR dcesrv_drsuapi_DsBind(struct dcesrv_call_state *dce_call, TALLOC_C
b_state = talloc_zero(mem_ctx, struct drsuapi_bind_state);
W_ERROR_HAVE_NO_MEMORY(b_state);
+ /* if this is a DC connecting, give them system level access */
+ werr = drs_security_level_check(dce_call, NULL);
+ if (W_ERROR_IS_OK(werr)) {
+ DEBUG(0,(__location__ ": doing DsBind with system_session\n"));
+ auth_info = system_session(b_state, dce_call->conn->dce_ctx->lp_ctx);
+ } else {
+ auth_info = dce_call->conn->auth_state.session_info;
+ }
+
/*
* connect to the samdb
*/
- b_state->sam_ctx = samdb_connect(b_state, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info);
+ b_state->sam_ctx = samdb_connect(b_state, dce_call->event_ctx,
+ dce_call->conn->dce_ctx->lp_ctx, auth_info);
if (!b_state->sam_ctx) {
return WERR_FOOBAR;
}