auth_info = system_session(dce_call->conn->dce_ctx->lp_ctx);
connected_as_system = true;
} else {
- auth_info = dce_call->conn->auth_state.session_info;
+ auth_info = dcesrv_call_session_info(dce_call);
}
/*
static WERROR dcesrv_drsuapi_DsReplicaGetInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct drsuapi_DsReplicaGetInfo *r)
{
+ struct auth_session_info *session_info =
+ dcesrv_call_session_info(dce_call);
enum security_user_level level;
if (!lpcfg_parm_bool(dce_call->conn->dce_ctx->lp_ctx, NULL,
"drs", "disable_sec_check", false)) {
- level = security_session_user_level(dce_call->conn->auth_state.session_info, NULL);
+ level = security_session_user_level(session_info, NULL);
if (level < SECURITY_DOMAIN_CONTROLLER) {
DEBUG(1,(__location__ ": Administrator access required for DsReplicaGetInfo\n"));
security_token_debug(DBGC_DRS_REPL, 2,
- dce_call->conn->auth_state.session_info->security_token);
+ session_info->security_token);
return WERR_DS_DRA_ACCESS_DENIED;
}
}
enum security_user_level minimum_level,
const struct dom_sid *domain_sid)
{
+ struct auth_session_info *session_info =
+ dcesrv_call_session_info(dce_call);
enum security_user_level level;
if (lpcfg_parm_bool(dce_call->conn->dce_ctx->lp_ctx, NULL,
return WERR_OK;
}
- level = security_session_user_level(dce_call->conn->auth_state.session_info, domain_sid);
+ level = security_session_user_level(session_info, domain_sid);
if (level < minimum_level) {
if (call) {
DEBUG(0,("%s refused for security token (level=%u)\n",
call, (unsigned)level));
- security_token_debug(DBGC_DRS_REPL, 2, dce_call->conn->auth_state.session_info->security_token);
+ security_token_debug(DBGC_DRS_REPL, 2, session_info->security_token);
}
return WERR_DS_DRA_ACCESS_DENIED;
}
WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct drsuapi_DsGetNCChanges *r)
{
+ struct auth_session_info *session_info =
+ dcesrv_call_session_info(dce_call);
struct drsuapi_DsReplicaObjectIdentifier *ncRoot;
int ret;
uint32_t i, k;
return WERR_DS_DRA_SOURCE_DISABLED;
}
- user_sid = &dce_call->conn->auth_state.session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
+ user_sid = &session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
/* all clients must have GUID_DRS_GET_CHANGES */
werr = drs_security_access_check_nc_root(sam_ctx,
mem_ctx,
- dce_call->conn->auth_state.session_info->security_token,
+ session_info->security_token,
req10->naming_context,
GUID_DRS_GET_CHANGES);
if (!W_ERROR_IS_OK(werr)) {
if (is_gc_pas_request) {
werr = drs_security_access_check_nc_root(sam_ctx,
mem_ctx,
- dce_call->conn->auth_state.session_info->security_token,
+ session_info->security_token,
req10->naming_context,
GUID_DRS_GET_FILTERED_ATTRIBUTES);
if (W_ERROR_IS_OK(werr)) {
if (is_secret_request) {
werr = drs_security_access_check_nc_root(sam_ctx,
mem_ctx,
- dce_call->conn->auth_state.session_info->security_token,
+ session_info->security_token,
req10->naming_context,
GUID_DRS_GET_ALL_CHANGES);
if (!W_ERROR_IS_OK(werr)) {
allowed:
/* for non-administrator replications, check that they have
given the correct source_dsa_invocation_id */
- security_level = security_session_user_level(dce_call->conn->auth_state.session_info,
+ security_level = security_session_user_level(session_info,
samdb_domain_sid(sam_ctx));
if (security_level == SECURITY_RO_DOMAIN_CONTROLLER) {
if (req10->replica_flags & DRSUAPI_DRS_WRIT_REP) {
WERROR dcesrv_drsuapi_DsReplicaUpdateRefs(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct drsuapi_DsReplicaUpdateRefs *r)
{
+ struct auth_session_info *session_info =
+ dcesrv_call_session_info(dce_call);
struct dcesrv_handle *h;
struct drsuapi_bind_state *b_state;
struct drsuapi_DsReplicaUpdateRefsRequest1 *req;
req = &r->in.req.req1;
werr = drs_security_access_check(b_state->sam_ctx,
mem_ctx,
- dce_call->conn->auth_state.session_info->security_token,
+ session_info->security_token,
req->naming_context,
GUID_DRS_MANAGE_TOPOLOGY);
return werr;
}
- security_level = security_session_user_level(dce_call->conn->auth_state.session_info, NULL);
+ security_level = security_session_user_level(session_info, NULL);
if (security_level < SECURITY_ADMINISTRATOR) {
/* check that they are using an DSA objectGUID that they own */
ret = dsdb_validate_dsa_guid(b_state->sam_ctx,
&req->dest_dsa_guid,
- &dce_call->conn->auth_state.session_info->security_token->sids[PRIMARY_USER_SID_INDEX]);
+ &session_info->security_token->sids[PRIMARY_USER_SID_INDEX]);
if (ret != LDB_SUCCESS) {
DEBUG(0,(__location__ ": Refusing DsReplicaUpdateRefs for sid %s with GUID %s\n",
dom_sid_string(mem_ctx,
- &dce_call->conn->auth_state.session_info->security_token->sids[PRIMARY_USER_SID_INDEX]),
+ &session_info->security_token->sids[PRIMARY_USER_SID_INDEX]),
GUID_string(mem_ctx, &req->dest_dsa_guid)));
return WERR_DS_DRA_ACCESS_DENIED;
}
* 1) they are on the clients own account object
* 2) they are of the form SERVICE/dnshostname
*/
+ struct auth_session_info *session_info =
+ dcesrv_call_session_info(dce_call);
struct dom_sid *user_sid, *sid;
TALLOC_CTX *tmp_ctx = talloc_new(dce_call);
struct ldb_result *res;
return false;
}
- user_sid = &dce_call->conn->auth_state.session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
+ user_sid = &session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
sid = samdb_result_dom_sid(tmp_ctx, res->msgs[0], "objectSid");
if (sid == NULL) {
talloc_free(tmp_ctx);
git.samba.org / samba.git / commitdiff