From 0285d568c55410f3e2a5cfda5693873be2841151 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 6 Oct 2009 18:59:30 +1100
Subject: s4-drs: take advantage of system session auth in dsbind

Now that the bind opens samdb with the right credentials, we no longer
need the re-open in updaterefs and getncchanges
---
 source4/rpc_server/drsuapi/updaterefs.c | 29 +++++++++++------------------
 1 file changed, 11 insertions(+), 18 deletions(-)

(limited to 'source4/rpc_server/drsuapi/updaterefs.c')

diff --git a/source4/rpc_server/drsuapi/updaterefs.c b/source4/rpc_server/drsuapi/updaterefs.c
index e12be6f058..d01fabf575 100644
--- a/source4/rpc_server/drsuapi/updaterefs.c
+++ b/source4/rpc_server/drsuapi/updaterefs.c
@@ -101,9 +101,13 @@ WERROR dcesrv_drsuapi_DsReplicaUpdateRefs(struct dcesrv_call_state *dce_call, TA
 					  struct drsuapi_DsReplicaUpdateRefs *r)
 {
 	struct drsuapi_DsReplicaUpdateRefsRequest1 *req;
-	struct ldb_context *sam_ctx;
 	WERROR werr;
 	struct ldb_dn *dn;
+	struct dcesrv_handle *h;
+	struct drsuapi_bind_state *b_state;
+
+	DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
+	b_state = h->data;
 
 	werr = drs_security_level_check(dce_call, "DsReplicaUpdateRefs");
 	if (!W_ERROR_IS_OK(werr)) {
@@ -121,27 +125,18 @@ WERROR dcesrv_drsuapi_DsReplicaUpdateRefs(struct dcesrv_call_state *dce_call, TA
 		 req->options,
 		 drs_ObjectIdentifier_to_string(mem_ctx, req->naming_context)));
 
-	/* TODO: We need to authenticate this operation pretty carefully */
-	sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, 
-				system_session(mem_ctx, dce_call->conn->dce_ctx->lp_ctx));
-	if (!sam_ctx) {
-		return WERR_DS_DRA_INTERNAL_ERROR;		
-	}
-
-	dn = ldb_dn_new(mem_ctx, sam_ctx, req->naming_context->dn);
+	dn = ldb_dn_new(mem_ctx, b_state->sam_ctx, req->naming_context->dn);
 	if (dn == NULL) {
-		talloc_free(sam_ctx);		
 		return WERR_DS_INVALID_DN_SYNTAX;
 	}
 
-	if (ldb_transaction_start(sam_ctx) != LDB_SUCCESS) {
+	if (ldb_transaction_start(b_state->sam_ctx) != LDB_SUCCESS) {
 		DEBUG(0,(__location__ ": Failed to start transaction on samdb\n"));
-		talloc_free(sam_ctx);
 		return WERR_DS_DRA_INTERNAL_ERROR;		
 	}
 
 	if (req->options & DRSUAPI_DS_REPLICA_UPDATE_DELETE_REFERENCE) {
-		werr = uref_del_dest(sam_ctx, mem_ctx, dn, &req->dest_dsa_guid);
+		werr = uref_del_dest(b_state->sam_ctx, mem_ctx, dn, &req->dest_dsa_guid);
 		if (!W_ERROR_IS_OK(werr)) {
 			DEBUG(0,("Failed to delete repsTo for %s\n",
 				 GUID_string(dce_call, &req->dest_dsa_guid)));
@@ -161,7 +156,7 @@ WERROR dcesrv_drsuapi_DsReplicaUpdateRefs(struct dcesrv_call_state *dce_call, TA
 		dest.source_dsa_obj_guid = req->dest_dsa_guid;
 		dest.replica_flags       = req->options;
 
-		werr = uref_add_dest(sam_ctx, mem_ctx, dn, &dest);
+		werr = uref_add_dest(b_state->sam_ctx, mem_ctx, dn, &dest);
 		if (!W_ERROR_IS_OK(werr)) {
 			DEBUG(0,("Failed to delete repsTo for %s\n",
 				 GUID_string(dce_call, &dest.source_dsa_obj_guid)));
@@ -169,16 +164,14 @@ WERROR dcesrv_drsuapi_DsReplicaUpdateRefs(struct dcesrv_call_state *dce_call, TA
 		}
 	}
 
-	if (ldb_transaction_commit(sam_ctx) != LDB_SUCCESS) {
+	if (ldb_transaction_commit(b_state->sam_ctx) != LDB_SUCCESS) {
 		DEBUG(0,(__location__ ": Failed to commit transaction on samdb\n"));
 		return WERR_DS_DRA_INTERNAL_ERROR;		
 	}
 
-	talloc_free(sam_ctx);
 	return WERR_OK;
 
 failed:
-	ldb_transaction_cancel(sam_ctx);
-	talloc_free(sam_ctx);
+	ldb_transaction_cancel(b_state->sam_ctx);
 	return werr;
 }
-- 
cgit