diff options
author | Andrew Tridgell <tridge@samba.org> | 2010-04-22 16:48:01 +1000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2010-04-22 19:36:16 +1000 |
commit | bb1ba4ff76eb90d0d62dd3edbe288f45cf7a0a1e (patch) | |
tree | 8fd3704eb6819063b1916c78bb1893ba16c7fe72 /source4/rpc_server/lsa | |
parent | ec0bb2f46b855d44cccb71a5511c2acb7d8eae09 (diff) | |
download | samba-bb1ba4ff76eb90d0d62dd3edbe288f45cf7a0a1e.tar.gz samba-bb1ba4ff76eb90d0d62dd3edbe288f45cf7a0a1e.tar.bz2 samba-bb1ba4ff76eb90d0d62dd3edbe288f45cf7a0a1e.zip |
s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER level
This is used for allowing operations by RODCs, and denying them
operations that should only be allowed for a full DC
This required a new domain_sid argument to
security_session_user_level()
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Rusty Russell <rusty@samba.org>
Diffstat (limited to 'source4/rpc_server/lsa')
-rw-r--r-- | source4/rpc_server/lsa/dcesrv_lsa.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index aaa0f7baa2..8ab3cbfe6b 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -180,7 +180,7 @@ static NTSTATUS dcesrv_lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALL struct lsa_secret_state *secret_state = h->data; /* Ensure user is permitted to delete this... */ - switch (security_session_user_level(dce_call->conn->auth_state.session_info)) + switch (security_session_user_level(dce_call->conn->auth_state.session_info, NULL)) { case SECURITY_SYSTEM: case SECURITY_ADMINISTRATOR: @@ -2577,7 +2577,7 @@ static NTSTATUS dcesrv_lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_ struct lsa_EnumAccountRights r2; char *dnstr; - if (security_session_user_level(dce_call->conn->auth_state.session_info) < + if (security_session_user_level(dce_call->conn->auth_state.session_info, NULL) < SECURITY_ADMINISTRATOR) { DEBUG(0,("lsa_AddRemoveAccount refused for supplied security token\n")); return NT_STATUS_ACCESS_DENIED; @@ -2870,7 +2870,7 @@ static NTSTATUS dcesrv_lsa_CreateSecret(struct dcesrv_call_state *dce_call, TALL DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY); ZERO_STRUCTP(r->out.sec_handle); - switch (security_session_user_level(dce_call->conn->auth_state.session_info)) + switch (security_session_user_level(dce_call->conn->auth_state.session_info, NULL)) { case SECURITY_SYSTEM: case SECURITY_ADMINISTRATOR: @@ -3019,7 +3019,7 @@ static NTSTATUS dcesrv_lsa_OpenSecret(struct dcesrv_call_state *dce_call, TALLOC return NT_STATUS_INVALID_PARAMETER; } - switch (security_session_user_level(dce_call->conn->auth_state.session_info)) + switch (security_session_user_level(dce_call->conn->auth_state.session_info, NULL)) { case SECURITY_SYSTEM: case SECURITY_ADMINISTRATOR: @@ -3299,7 +3299,7 @@ static NTSTATUS dcesrv_lsa_QuerySecret(struct dcesrv_call_state *dce_call, TALLO DCESRV_PULL_HANDLE(h, r->in.sec_handle, LSA_HANDLE_SECRET); /* Ensure user is permitted to read this... */ - switch (security_session_user_level(dce_call->conn->auth_state.session_info)) + switch (security_session_user_level(dce_call->conn->auth_state.session_info, NULL)) { case SECURITY_SYSTEM: case SECURITY_ADMINISTRATOR: |