s4-drs: open samdb with system credentials when authorised

When a DC connects to DRS, open the samdb with system session credentials, so that we don't have to re-open it each time on other calls.
author: Andrew Tridgell <tridge@samba.org> 2009-10-06 18:58:13 +1100
committer: Andrew Tridgell <tridge@samba.org> 2009-10-06 18:58:13 +1100
commit: a021d5513846968c54d6e065dbcb25948418676f (patch)
tree: 105fcb62bea94ea52fb6ae6023ea2c91ead6faf9 /source4/rpc_server
parent: 9c1e230bc217e7d1ce0ef713a17982a8536584a1 (diff)
download: samba-a021d5513846968c54d6e065dbcb25948418676f.tar.gz
samba-a021d5513846968c54d6e065dbcb25948418676f.tar.bz2
samba-a021d5513846968c54d6e065dbcb25948418676f.zip
1 files changed, 14 insertions, 1 deletions
diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
index 9903f08746..f11cc232f0 100644
--- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
@@ -27,6 +27,7 @@
 #include "dsdb/samdb/samdb.h"
 #include "rpc_server/drsuapi/dcesrv_drsuapi.h"
 #include "libcli/security/security.h"
+#include "auth/auth.h"
 
 /* 
   drsuapi_DsBind 
@@ -47,6 +48,8 @@ static WERROR dcesrv_drsuapi_DsBind(struct dcesrv_call_state *dce_call, TALLOC_C
 	uint32_t pid;
 	uint32_t repl_epoch;
 	int ret;
+	struct auth_session_info *auth_info;
+	WERROR werr;
 
 	r->out.bind_info = NULL;
 	ZERO_STRUCTP(r->out.bind_handle);
@@ -54,10 +57,20 @@ static WERROR dcesrv_drsuapi_DsBind(struct dcesrv_call_state *dce_call, TALLOC_C
 	b_state = talloc_zero(mem_ctx, struct drsuapi_bind_state);
 	W_ERROR_HAVE_NO_MEMORY(b_state);
 
+	/* if this is a DC connecting, give them system level access */
+	werr = drs_security_level_check(dce_call, NULL);
+	if (W_ERROR_IS_OK(werr)) {
+		DEBUG(0,(__location__ ": doing DsBind with system_session\n"));
+		auth_info = system_session(b_state, dce_call->conn->dce_ctx->lp_ctx);
+	} else {
+		auth_info = dce_call->conn->auth_state.session_info;
+	}
+
 	/*
 	 * connect to the samdb
 	 */
-	b_state->sam_ctx = samdb_connect(b_state, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info); 
+	b_state->sam_ctx = samdb_connect(b_state, dce_call->event_ctx, 
+					 dce_call->conn->dce_ctx->lp_ctx, auth_info); 
 	if (!b_state->sam_ctx) {
 		return WERR_FOOBAR;
 	}
author	Andrew Tridgell <tridge@samba.org>	2009-10-06 18:58:13 +1100
committer	Andrew Tridgell <tridge@samba.org>	2009-10-06 18:58:13 +1100
commit	a021d5513846968c54d6e065dbcb25948418676f (patch)
tree	105fcb62bea94ea52fb6ae6023ea2c91ead6faf9 /source4/rpc_server
parent	9c1e230bc217e7d1ce0ef713a17982a8536584a1 (diff)
download	samba-a021d5513846968c54d6e065dbcb25948418676f.tar.gz samba-a021d5513846968c54d6e065dbcb25948418676f.tar.bz2 samba-a021d5513846968c54d6e065dbcb25948418676f.zip