svn commit: samba r13721 - in trunk/source/rpc_server: .
idra at samba.org
idra at samba.org
Mon Feb 27 16:40:04 GMT 2006
Author: idra
Date: 2006-02-27 16:40:00 +0000 (Mon, 27 Feb 2006)
New Revision: 13721
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13721
Log:
Add some debugging so that admins might hopefully get a clue about what's happening
Modified:
trunk/source/rpc_server/srv_lsa_nt.c
Changeset:
Modified: trunk/source/rpc_server/srv_lsa_nt.c
===================================================================
--- trunk/source/rpc_server/srv_lsa_nt.c 2006-02-27 16:39:56 UTC (rev 13720)
+++ trunk/source/rpc_server/srv_lsa_nt.c 2006-02-27 16:40:00 UTC (rev 13721)
@@ -1535,17 +1535,23 @@
* I don't know if it's the right one. not documented.
* but guessed with rpcclient.
*/
- if (!(handle->access & POLICY_GET_PRIVATE_INFORMATION))
+ if (!(handle->access & POLICY_GET_PRIVATE_INFORMATION)) {
+ DEBUG(10, ("_lsa_create_account: No POLICY_GET_PRIVATE_INFORMATION access right!\n"));
return NT_STATUS_ACCESS_DENIED;
+ }
/* check to see if the pipe_user is a Domain Admin since
account_pol.tdb was already opened as root, this is all we have */
- if ( !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
+ if ( !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) {
+ DEBUG(10, ("_lsa_create_account: The use is not a Domain Admin, deny access!\n"));
return NT_STATUS_ACCESS_DENIED;
+ }
- if ( is_privileged_sid( &q_u->sid.sid ) )
+ if ( is_privileged_sid( &q_u->sid.sid ) ) {
+ DEBUG(10, ("_lsa_create_account: Policy account already exists!\n"));
return NT_STATUS_OBJECT_NAME_COLLISION;
+ }
/* associate the user/group SID with the (unique) handle. */
@@ -1560,6 +1566,7 @@
if (!create_policy_hnd(p, &r_u->pol, free_lsa_info, (void *)info))
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ DEBUG(10, ("_lsa_create_account: call privileges code to create an account\n"));
return privilege_create_account( &info->sid );
}
More information about the samba-cvs
mailing list