summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_lsa.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_server/srv_lsa.c')
-rw-r--r--source3/rpc_server/srv_lsa.c17
1 files changed, 15 insertions, 2 deletions
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
index 7bd300dc7c..1c4ef6c8e6 100644
--- a/source3/rpc_server/srv_lsa.c
+++ b/source3/rpc_server/srv_lsa.c
@@ -794,13 +794,26 @@ NTSTATUS rpc_lsa_init(void)
{ "LSA_ADDPRIVS" , LSA_ADDPRIVS , api_lsa_addprivs },
{ "LSA_REMOVEPRIVS" , LSA_REMOVEPRIVS , api_lsa_removeprivs },
{ "LSA_QUERYSECOBJ" , LSA_QUERYSECOBJ , api_lsa_query_secobj },
- { "LSA_QUERYINFO2" , LSA_QUERYINFO2 , api_lsa_query_info2 },
{ "LSA_ENUMACCTRIGHTS" , LSA_ENUMACCTRIGHTS , api_lsa_enum_acct_rights },
{ "LSA_ENUMACCTWITHRIGHT", LSA_ENUMACCTWITHRIGHT, api_lsa_enum_acct_with_right },
{ "LSA_ADDACCTRIGHTS" , LSA_ADDACCTRIGHTS , api_lsa_add_acct_rights },
{ "LSA_REMOVEACCTRIGHTS", LSA_REMOVEACCTRIGHTS, api_lsa_remove_acct_rights},
+ /* be careful of the adding of new RPC's. See commentrs below about
+ * ADS DC capabilities */
+ { "LSA_QUERYINFO2" , LSA_QUERYINFO2 , api_lsa_query_info2 },
};
+/*
+ * NOTE: Certain calls can not be enabled if we aren't an ADS DC. Make sure
+ * these calls are always last and that you decrement by the amount of calls
+ * to disable.
+ */
+ int funcs = sizeof(api_lsa_cmds) / sizeof(struct api_struct);
+
+ if (!(SEC_ADS == lp_security() && ROLE_DOMAIN_PDC == lp_server_role())) {
+ funcs -= 1;
+ }
+
return rpc_pipe_register_commands(SMB_RPC_INTERFACE_VERSION, "lsarpc", "lsass", api_lsa_cmds,
- sizeof(api_lsa_cmds) / sizeof(struct api_struct));
+ funcs);
}
generated by cgit (git 2.34.1) at 2024-11-10 15:24:00 +0000