svn commit: samba r13721 - in trunk/source/rpc_server: .

[idra at samba.org]

Author: idra
Date: 2006-02-27 16:40:00 +0000 (Mon, 27 Feb 2006)
New Revision: 13721

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13721

Log:

Add some debugging so that admins might hopefully get a clue about what's happening


Modified:
   trunk/source/rpc_server/srv_lsa_nt.c


Changeset:
Modified: trunk/source/rpc_server/srv_lsa_nt.c
===================================================================
--- trunk/source/rpc_server/srv_lsa_nt.c	2006-02-27 16:39:56 UTC (rev 13720)
+++ trunk/source/rpc_server/srv_lsa_nt.c	2006-02-27 16:40:00 UTC (rev 13721)
@@ -1535,17 +1535,23 @@
 	 * I don't know if it's the right one. not documented.
 	 * but guessed with rpcclient.
 	 */
-	if (!(handle->access & POLICY_GET_PRIVATE_INFORMATION))
+	if (!(handle->access & POLICY_GET_PRIVATE_INFORMATION)) {
+		DEBUG(10, ("_lsa_create_account: No POLICY_GET_PRIVATE_INFORMATION access right!\n"));
 		return NT_STATUS_ACCESS_DENIED;
+	}
 
 	/* check to see if the pipe_user is a Domain Admin since 
 	   account_pol.tdb was already opened as root, this is all we have */
 	   
-	if ( !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
+	if ( !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) {
+		DEBUG(10, ("_lsa_create_account: The use is not a Domain Admin, deny access!\n"));
 		return NT_STATUS_ACCESS_DENIED;
+	}
 		
-	if ( is_privileged_sid( &q_u->sid.sid ) )
+	if ( is_privileged_sid( &q_u->sid.sid ) ) {
+		DEBUG(10, ("_lsa_create_account: Policy account already exists!\n"));
 		return NT_STATUS_OBJECT_NAME_COLLISION;
+	}
 
 	/* associate the user/group SID with the (unique) handle. */
 	
@@ -1560,6 +1566,7 @@
 	if (!create_policy_hnd(p, &r_u->pol, free_lsa_info, (void *)info))
 		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
 
+	DEBUG(10, ("_lsa_create_account: call privileges code to create an account\n"));
 	return privilege_create_account( &info->sid );
 }