summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/rpc_server/drsuapi/dcesrv_drsuapi.c19
-rw-r--r--source4/rpc_server/drsuapi/dcesrv_drsuapi.h1
2 files changed, 20 insertions, 0 deletions
diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
index a46937b3ea..95113dd18d 100644
--- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
@@ -57,6 +57,7 @@ static WERROR dcesrv_drsuapi_DsBind(struct dcesrv_call_state *dce_call, TALLOC_C
int ret;
struct auth_session_info *auth_info;
WERROR werr;
+ bool connected_as_system = false;
r->out.bind_info = NULL;
ZERO_STRUCTP(r->out.bind_handle);
@@ -69,6 +70,7 @@ static WERROR dcesrv_drsuapi_DsBind(struct dcesrv_call_state *dce_call, TALLOC_C
if (W_ERROR_IS_OK(werr)) {
DEBUG(3,(__location__ ": doing DsBind with system_session\n"));
auth_info = system_session(dce_call->conn->dce_ctx->lp_ctx);
+ connected_as_system = true;
} else {
auth_info = dce_call->conn->auth_state.session_info;
}
@@ -82,6 +84,23 @@ static WERROR dcesrv_drsuapi_DsBind(struct dcesrv_call_state *dce_call, TALLOC_C
return WERR_FOOBAR;
}
+ if (connected_as_system) {
+ b_state->sam_ctx_system = b_state->sam_ctx;
+ } else {
+ /* an RODC also needs system samdb access for secret
+ attribute replication */
+ werr = drs_security_level_check(dce_call, NULL, SECURITY_RO_DOMAIN_CONTROLLER,
+ samdb_domain_sid(b_state->sam_ctx));
+ if (W_ERROR_IS_OK(werr)) {
+ b_state->sam_ctx_system = samdb_connect(b_state, dce_call->event_ctx,
+ dce_call->conn->dce_ctx->lp_ctx,
+ system_session(dce_call->conn->dce_ctx->lp_ctx));
+ if (!b_state->sam_ctx_system) {
+ return WERR_FOOBAR;
+ }
+ }
+ }
+
/*
* find out the guid of our own site
*/
diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.h b/source4/rpc_server/drsuapi/dcesrv_drsuapi.h
index 04bb3db984..818813ed57 100644
--- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.h
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.h
@@ -31,6 +31,7 @@ enum drsuapi_handle {
*/
struct drsuapi_bind_state {
struct ldb_context *sam_ctx;
+ struct ldb_context *sam_ctx_system;
struct GUID remote_bind_guid;
struct drsuapi_DsBindInfo28 remote_info28;
struct drsuapi_DsBindInfo28 local_info28;
generated by cgit (git 2.34.1) at 2024-11-23 18:36:54 +0000