diff options
author | Garming Sam <garming@catalyst.net.nz> | 2017-03-08 17:12:27 +1300 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2017-03-13 05:10:11 +0100 |
commit | c91c237963a8410732fe5dfb829dd14a0bb2f3c3 (patch) | |
tree | c4c42a1d1b7af75c1e909f6f512a11b8c6a9578e /source4/rpc_server | |
parent | 380b56e38adeef705d8767ccca28b3d0ebf00bc4 (diff) | |
download | samba-c91c237963a8410732fe5dfb829dd14a0bb2f3c3.tar.gz |
getncchanges: Let security of RWDC+ manually replicate secrets to RODCs
This correctly passes has_get_all_changes through to repl_secrets.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Bob Campbell <bobcampbell@catalyst.net.nz>
Diffstat (limited to 'source4/rpc_server')
-rw-r--r-- | source4/rpc_server/drsuapi/getncchanges.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index 6fbebd51fc4..efad0c9aa5e 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -1962,14 +1962,17 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ if (!W_ERROR_IS_OK(werr)) { return werr; } - if (is_secret_request && req10->extended_op != DRSUAPI_EXOP_REPL_SECRET) { + if (is_secret_request) { werr = drs_security_access_check_nc_root(b_state->sam_ctx, mem_ctx, dce_call->conn->auth_state.session_info->security_token, req10->naming_context, GUID_DRS_GET_ALL_CHANGES); if (!W_ERROR_IS_OK(werr)) { - return werr; + /* Only bail if this is not a EXOP_REPL_SECRET */ + if (req10->extended_op != DRSUAPI_EXOP_REPL_SECRET) { + return werr; + } } else { has_get_all_changes = true; } |