sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code

s4-drs: allow for security bypass for DsReplicaGetInfo

Browse Source 
Use --option=drs:disable_sec_check=true until the group membership bug
with the PAC is fixed.
This commit is contained in:
Andrew Tridgell 2010-01-17 06:52:14 +11:00
parent 2985aeb8c9
commit dde836adbd
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
source4/rpc_server/drsuapi/dcesrv_drsuapi.c
View File

@ -28,6 +28,7 @@
#include "rpc_server/drsuapi/dcesrv_drsuapi.h"
#include "libcli/security/security.h"
#include "auth/auth.h"
#include "param/param.h"
#define DRSUAPI_UNSUPPORTED(fname) do { \
DEBUG(1,(__location__ ": Unsupported DRS call %s\n", #fname)); \
@ -745,11 +746,14 @@ static WERROR dcesrv_drsuapi_DsReplicaGetInfo(struct dcesrv_call_state *dce_call
{
enum security_user_level level;
level = security_session_user_level(dce_call->conn->auth_state.session_info);
if (level < SECURITY_ADMINISTRATOR) {
DEBUG(1,(__location__ ": Administrator access required for DsReplicaGetInfo\n"));
security_token_debug(2, dce_call->conn->auth_state.session_info->security_token);
return WERR_DS_DRA_ACCESS_DENIED;
if (!lp_parm_bool(dce_call->conn->dce_ctx->lp_ctx, NULL,
"drs", "disable_sec_check", false)) {
level = security_session_user_level(dce_call->conn->auth_state.session_info);
if (level < SECURITY_ADMINISTRATOR) {
DEBUG(1,(__location__ ": Administrator access required for DsReplicaGetInfo\n"));
security_token_debug(2, dce_call->conn->auth_state.session_info->security_token);
return WERR_DS_DRA_ACCESS_DENIED;
}
}
dcesrv_irpc_forward_rpc_call(dce_call, mem_ctx, r, NDR_DRSUAPI_DSREPLICAGETINFO,