summaryrefslogtreecommitdiff
path: root/source4/rpc_server/drsuapi
diff options
context:
space:
mode:
Diffstat (limited to 'source4/rpc_server/drsuapi')
-rw-r--r--source4/rpc_server/drsuapi/drsutil.c11
1 files changed, 8 insertions, 3 deletions
diff --git a/source4/rpc_server/drsuapi/drsutil.c b/source4/rpc_server/drsuapi/drsutil.c
index 0a8a576d60..28ec7bb848 100644
--- a/source4/rpc_server/drsuapi/drsutil.c
+++ b/source4/rpc_server/drsuapi/drsutil.c
@@ -24,6 +24,7 @@
#include "dsdb/samdb/samdb.h"
#include "libcli/security/security.h"
#include "param/param.h"
+#include "auth/session.h"
/*
format a drsuapi_DsReplicaObjectIdentifier naming context as a string
@@ -102,15 +103,19 @@ int drsuapi_search_with_extended_dn(struct ldb_context *ldb,
WERROR drs_security_level_check(struct dcesrv_call_state *dce_call, const char* call)
{
+ enum security_user_level level;
+
if (lp_parm_bool(dce_call->conn->dce_ctx->lp_ctx, NULL,
"drs", "disable_sec_check", false)) {
return WERR_OK;
}
- if (security_session_user_level(dce_call->conn->auth_state.session_info) <
- SECURITY_DOMAIN_CONTROLLER) {
+ level = security_session_user_level(dce_call->conn->auth_state.session_info);
+ if (level < SECURITY_DOMAIN_CONTROLLER) {
if (call) {
- DEBUG(0,("%s refused for security token\n", call));
+ DEBUG(0,("%s refused for security token (level=%u)\n",
+ call, (unsigned)level));
+ security_token_debug(2, dce_call->conn->auth_state.session_info->security_token);
}
return WERR_DS_DRA_ACCESS_DENIED;
}