From a021d5513846968c54d6e065dbcb25948418676f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 6 Oct 2009 18:58:13 +1100 Subject: s4-drs: open samdb with system credentials when authorised When a DC connects to DRS, open the samdb with system session credentials, so that we don't have to re-open it each time on other calls. --- source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'source4/rpc_server/drsuapi') diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c index 9903f08746..f11cc232f0 100644 --- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c +++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c @@ -27,6 +27,7 @@ #include "dsdb/samdb/samdb.h" #include "rpc_server/drsuapi/dcesrv_drsuapi.h" #include "libcli/security/security.h" +#include "auth/auth.h" /* drsuapi_DsBind @@ -47,6 +48,8 @@ static WERROR dcesrv_drsuapi_DsBind(struct dcesrv_call_state *dce_call, TALLOC_C uint32_t pid; uint32_t repl_epoch; int ret; + struct auth_session_info *auth_info; + WERROR werr; r->out.bind_info = NULL; ZERO_STRUCTP(r->out.bind_handle); @@ -54,10 +57,20 @@ static WERROR dcesrv_drsuapi_DsBind(struct dcesrv_call_state *dce_call, TALLOC_C b_state = talloc_zero(mem_ctx, struct drsuapi_bind_state); W_ERROR_HAVE_NO_MEMORY(b_state); + /* if this is a DC connecting, give them system level access */ + werr = drs_security_level_check(dce_call, NULL); + if (W_ERROR_IS_OK(werr)) { + DEBUG(0,(__location__ ": doing DsBind with system_session\n")); + auth_info = system_session(b_state, dce_call->conn->dce_ctx->lp_ctx); + } else { + auth_info = dce_call->conn->auth_state.session_info; + } + /* * connect to the samdb */ - b_state->sam_ctx = samdb_connect(b_state, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info); + b_state->sam_ctx = samdb_connect(b_state, dce_call->event_ctx, + dce_call->conn->dce_ctx->lp_ctx, auth_info); if (!b_state->sam_ctx) { return WERR_FOOBAR; } -- cgit