From bb1ba4ff76eb90d0d62dd3edbe288f45cf7a0a1e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 22 Apr 2010 16:48:01 +1000 Subject: s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER level This is used for allowing operations by RODCs, and denying them operations that should only be allowed for a full DC This required a new domain_sid argument to security_session_user_level() Pair-Programmed-With: Andrew Bartlett Pair-Programmed-With: Rusty Russell --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 2 +- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 2 +- source4/dsdb/samdb/ldb_modules/rootdse.c | 2 +- source4/dsdb/samdb/ldb_modules/util.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) (limited to 'source4/dsdb/samdb/ldb_modules') diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 72863adebd..42f0a306f4 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -56,7 +56,7 @@ static enum security_user_level what_is_user(struct ldb_module *module) struct ldb_context *ldb = ldb_module_get_ctx(module); struct auth_session_info *session_info = (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo"); - return security_session_user_level(session_info); + return security_session_user_level(session_info, NULL); } static const char *user_name(TALLOC_CTX *mem_ctx, struct ldb_module *module) diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 75aed6ae7e..efb44bfd4c 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -2402,7 +2402,7 @@ static int replmd_delete(struct ldb_module *module, struct ldb_request *req) if (next_deletion_state == OBJECT_REMOVED) { struct auth_session_info *session_info = (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo"); - if (security_session_user_level(session_info) != SECURITY_SYSTEM) { + if (security_session_user_level(session_info, NULL) != SECURITY_SYSTEM) { ldb_asprintf_errstring(ldb, "Refusing to delete deleted object %s", ldb_dn_get_linearized(old_msg->dn)); return LDB_ERR_UNWILLING_TO_PERFORM; diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index f10a125eb6..5fffef7c86 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -884,7 +884,7 @@ static int rootdse_enableoptionalfeature(struct ldb_module *module, struct ldb_r int ret; const char *guid_string; - if (security_session_user_level(session_info) != SECURITY_SYSTEM) { + if (security_session_user_level(session_info, NULL) != SECURITY_SYSTEM) { ldb_asprintf_errstring(ldb, "rootdse: Insufficient rights for enableoptionalfeature"); return LDB_ERR_UNWILLING_TO_PERFORM; } diff --git a/source4/dsdb/samdb/ldb_modules/util.c b/source4/dsdb/samdb/ldb_modules/util.c index fe0ff7510b..7913ac8049 100644 --- a/source4/dsdb/samdb/ldb_modules/util.c +++ b/source4/dsdb/samdb/ldb_modules/util.c @@ -799,7 +799,7 @@ bool dsdb_module_am_system(struct ldb_module *module) struct ldb_context *ldb = ldb_module_get_ctx(module); struct auth_session_info *session_info = (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo"); - return security_session_user_level(session_info) == SECURITY_SYSTEM; + return security_session_user_level(session_info, NULL) == SECURITY_SYSTEM; } /* -- cgit