From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 21 May 2018 01:53:01 +0000 (+1200)
Subject: s4-drsuapi: Call security_token_debug() with DBGC_DRS_REPL and a proper log level
X-Git-Tag: ldb-1.4.0~114
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8cd905d5751457de35010285793a191d10ecdb04;p=thirdparty%2Fsamba.git

s4-drsuapi: Call security_token_debug() with DBGC_DRS_REPL and a proper log level

Selftest logs are full of calls to security_token_debug() with no context
and this is never a log level 0 event, so tidy it up.

The RODC would trigger this each time there is an attempted preload
of a user in the Denied RODC replication group.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---

diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
index 250b4c74c76..eac96a3aa12 100644
--- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
@@ -1018,7 +1018,8 @@ static WERROR dcesrv_drsuapi_DsReplicaGetInfo(struct dcesrv_call_state *dce_call
 		level = security_session_user_level(dce_call->conn->auth_state.session_info, NULL);
 		if (level < SECURITY_DOMAIN_CONTROLLER) {
 			DEBUG(1,(__location__ ": Administrator access required for DsReplicaGetInfo\n"));
-			security_token_debug(0, 2, dce_call->conn->auth_state.session_info->security_token);
+			security_token_debug(DBGC_DRS_REPL, 2,
+					     dce_call->conn->auth_state.session_info->security_token);
 			return WERR_DS_DRA_ACCESS_DENIED;
 		}
 	}
diff --git a/source4/rpc_server/drsuapi/drsutil.c b/source4/rpc_server/drsuapi/drsutil.c
index 53bcb16bd8e..6fe254ac96c 100644
--- a/source4/rpc_server/drsuapi/drsutil.c
+++ b/source4/rpc_server/drsuapi/drsutil.c
@@ -107,7 +107,7 @@ WERROR drs_security_level_check(struct dcesrv_call_state *dce_call,
 		if (call) {
 			DEBUG(0,("%s refused for security token (level=%u)\n",
 				 call, (unsigned)level));
-			security_token_debug(0, 2, dce_call->conn->auth_state.session_info->security_token);
+			security_token_debug(DBGC_DRS_REPL, 2, dce_call->conn->auth_state.session_info->security_token);
 		}
 		return WERR_DS_DRA_ACCESS_DENIED;
 	}
@@ -170,7 +170,7 @@ static WERROR drs_security_access_check_log(struct ldb_context *sam_ctx,
 	if (ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
 		DEBUG(3,("%s refused for security token on %s\n",
 			 ext_right, ldb_dn_get_linearized(dn)));
-		security_token_debug(2, 0, token);
+		security_token_debug(DBGC_DRS_REPL, 3, token);
 		return WERR_DS_DRA_ACCESS_DENIED;
 	} else if (ret != LDB_SUCCESS) {
 		DEBUG(1,("Failed to perform access check on %s: %s\n", ldb_dn_get_linearized(dn), ldb_strerror(ret)));