summaryrefslogtreecommitdiff
path: root/source4/rpc_server/drsuapi
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2010-01-16 10:36:40 +1100
committerAndrew Tridgell <tridge@samba.org>2010-01-16 14:10:42 +1100
commit3a9b33b4876349165e7e16777fa283b128d525be (patch)
tree6a6723b55c31a2ad21e163692c5455f60b6b3324 /source4/rpc_server/drsuapi
parent5efff3ad6a7fdfe71101b2debe7d79678432c5c4 (diff)
downloadsamba-3a9b33b4876349165e7e16777fa283b128d525be.tar.gz
samba-3a9b33b4876349165e7e16777fa283b128d525be.tar.bz2
samba-3a9b33b4876349165e7e16777fa283b128d525be.zip
s4-drs: better debug info when security checks fail
show the security token of the user at debug level 2
Diffstat (limited to 'source4/rpc_server/drsuapi')
-rw-r--r--source4/rpc_server/drsuapi/drsutil.c11
1 files changed, 8 insertions, 3 deletions
diff --git a/source4/rpc_server/drsuapi/drsutil.c b/source4/rpc_server/drsuapi/drsutil.c
index 0a8a576d60..28ec7bb848 100644
--- a/source4/rpc_server/drsuapi/drsutil.c
+++ b/source4/rpc_server/drsuapi/drsutil.c
@@ -24,6 +24,7 @@
#include "dsdb/samdb/samdb.h"
#include "libcli/security/security.h"
#include "param/param.h"
+#include "auth/session.h"
/*
format a drsuapi_DsReplicaObjectIdentifier naming context as a string
@@ -102,15 +103,19 @@ int drsuapi_search_with_extended_dn(struct ldb_context *ldb,
WERROR drs_security_level_check(struct dcesrv_call_state *dce_call, const char* call)
{
+ enum security_user_level level;
+
if (lp_parm_bool(dce_call->conn->dce_ctx->lp_ctx, NULL,
"drs", "disable_sec_check", false)) {
return WERR_OK;
}
- if (security_session_user_level(dce_call->conn->auth_state.session_info) <
- SECURITY_DOMAIN_CONTROLLER) {
+ level = security_session_user_level(dce_call->conn->auth_state.session_info);
+ if (level < SECURITY_DOMAIN_CONTROLLER) {
if (call) {
- DEBUG(0,("%s refused for security token\n", call));
+ DEBUG(0,("%s refused for security token (level=%u)\n",
+ call, (unsigned)level));
+ security_token_debug(2, dce_call->conn->auth_state.session_info->security_token);
}
return WERR_DS_DRA_ACCESS_DENIED;
}