From 91077a06184211d6720dd485c3432f833682177d Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Thu, 22 May 2003 15:27:27 +0000
Subject: fixes bugs 85 & 99 (XP domain logons); don't enable the
 lsa_query_info2 unless we are trying to be an ADS DC (This used to be commit
 bf20976e5a993f4cfa05c1e0a9ecab2c7da99263)

---
 source3/rpc_server/srv_lsa.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'source3/rpc_server')

diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
index 384e8e9094..679cfb73bb 100644
--- a/source3/rpc_server/srv_lsa.c
+++ b/source3/rpc_server/srv_lsa.c
@@ -668,9 +668,21 @@ static const struct api_struct api_lsa_cmds[] =
 	{ "LSA_ADDPRIVS"        , LSA_ADDPRIVS        , api_lsa_addprivs         },
 	{ "LSA_REMOVEPRIVS"     , LSA_REMOVEPRIVS     , api_lsa_removeprivs      },
 	{ "LSA_QUERYSECOBJ"     , LSA_QUERYSECOBJ     , api_lsa_query_secobj     },
+	/* be careful of the adding of new RPC's.  See commentrs below about
+	   ADS DC capabilities                                               */
 	{ "LSA_QUERYINFO2"      , LSA_QUERYINFO2      , api_lsa_query_info2      }
 };
+/*
+ * NOTE: Certain calls can not be enabled if we aren't an ADS DC.  Make sure
+ * these calls are always last and that you decrement by the amount of calls
+ * to disable.
+ */
+  int funcs = sizeof(api_lsa_cmds) / sizeof(struct api_struct);
+
+  if (!(SEC_ADS == lp_security() && ROLE_DOMAIN_PDC == lp_server_role())) {
+	  funcs -= 1;
+  }
 
   return rpc_pipe_register_commands(SMB_RPC_INTERFACE_VERSION, "lsarpc", "lsass", api_lsa_cmds, 
-				    sizeof(api_lsa_cmds) / sizeof(struct api_struct));
+				    funcs);
 }
-- 
cgit