diff options
Diffstat (limited to 'source4/rpc_server')
-rw-r--r-- | source4/rpc_server/drsuapi/drsutil.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/source4/rpc_server/drsuapi/drsutil.c b/source4/rpc_server/drsuapi/drsutil.c index 0a8a576d60..28ec7bb848 100644 --- a/source4/rpc_server/drsuapi/drsutil.c +++ b/source4/rpc_server/drsuapi/drsutil.c @@ -24,6 +24,7 @@ #include "dsdb/samdb/samdb.h" #include "libcli/security/security.h" #include "param/param.h" +#include "auth/session.h" /* format a drsuapi_DsReplicaObjectIdentifier naming context as a string @@ -102,15 +103,19 @@ int drsuapi_search_with_extended_dn(struct ldb_context *ldb, WERROR drs_security_level_check(struct dcesrv_call_state *dce_call, const char* call) { + enum security_user_level level; + if (lp_parm_bool(dce_call->conn->dce_ctx->lp_ctx, NULL, "drs", "disable_sec_check", false)) { return WERR_OK; } - if (security_session_user_level(dce_call->conn->auth_state.session_info) < - SECURITY_DOMAIN_CONTROLLER) { + level = security_session_user_level(dce_call->conn->auth_state.session_info); + if (level < SECURITY_DOMAIN_CONTROLLER) { if (call) { - DEBUG(0,("%s refused for security token\n", call)); + DEBUG(0,("%s refused for security token (level=%u)\n", + call, (unsigned)level)); + security_token_debug(2, dce_call->conn->auth_state.session_info->security_token); } return WERR_DS_DRA_ACCESS_DENIED; } |