summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2010-01-17 06:52:14 +1100
committerAndrew Tridgell <tridge@samba.org>2010-01-17 10:52:31 +1100
commitdde836adbdb5c04cb43774c65fa1af713d9cdb7a (patch)
treeb3f3c6d26127fb13f92bc3a9bc52152eecae3418 /source4
parent2985aeb8c930b3b2e4d4bba080b3d6ec0722c7d3 (diff)
downloadsamba-dde836adbdb5c04cb43774c65fa1af713d9cdb7a.tar.gz
samba-dde836adbdb5c04cb43774c65fa1af713d9cdb7a.tar.bz2
samba-dde836adbdb5c04cb43774c65fa1af713d9cdb7a.zip
s4-drs: allow for security bypass for DsReplicaGetInfo
Use --option=drs:disable_sec_check=true until the group membership bug with the PAC is fixed.
Diffstat (limited to 'source4')
-rw-r--r--source4/rpc_server/drsuapi/dcesrv_drsuapi.c14
1 files changed, 9 insertions, 5 deletions
diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
index ae70fbc18f..b5088bb1d7 100644
--- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
@@ -28,6 +28,7 @@
#include "rpc_server/drsuapi/dcesrv_drsuapi.h"
#include "libcli/security/security.h"
#include "auth/auth.h"
+#include "param/param.h"
#define DRSUAPI_UNSUPPORTED(fname) do { \
DEBUG(1,(__location__ ": Unsupported DRS call %s\n", #fname)); \
@@ -745,11 +746,14 @@ static WERROR dcesrv_drsuapi_DsReplicaGetInfo(struct dcesrv_call_state *dce_call
{
enum security_user_level level;
- level = security_session_user_level(dce_call->conn->auth_state.session_info);
- if (level < SECURITY_ADMINISTRATOR) {
- DEBUG(1,(__location__ ": Administrator access required for DsReplicaGetInfo\n"));
- security_token_debug(2, dce_call->conn->auth_state.session_info->security_token);
- return WERR_DS_DRA_ACCESS_DENIED;
+ if (!lp_parm_bool(dce_call->conn->dce_ctx->lp_ctx, NULL,
+ "drs", "disable_sec_check", false)) {
+ level = security_session_user_level(dce_call->conn->auth_state.session_info);
+ if (level < SECURITY_ADMINISTRATOR) {
+ DEBUG(1,(__location__ ": Administrator access required for DsReplicaGetInfo\n"));
+ security_token_debug(2, dce_call->conn->auth_state.session_info->security_token);
+ return WERR_DS_DRA_ACCESS_DENIED;
+ }
}
dcesrv_irpc_forward_rpc_call(dce_call, mem_ctx, r, NDR_DRSUAPI_DSREPLICAGETINFO,