summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNadezhda Ivanova <nivanova@samba.org>2010-09-26 21:16:47 -0700
committerAndrew Tridgell <tridge@samba.org>2010-09-28 11:36:40 -0700
commit8045b35b1bda15f619238fac943c604cfe851c94 (patch)
treed2f61310004cdc41098f1e28a12c87ee11ed73d4
parent440cee48b93936bfb9b1376e55e457a721bdcc19 (diff)
downloadsamba-8045b35b1bda15f619238fac943c604cfe851c94.tar.gz
samba-8045b35b1bda15f619238fac943c604cfe851c94.tar.bz2
samba-8045b35b1bda15f619238fac943c604cfe851c94.zip
s4-drs: Added check for drs-manage-topology to updateRefs.
-rw-r--r--source4/rpc_server/drsuapi/updaterefs.c16
1 files changed, 9 insertions, 7 deletions
diff --git a/source4/rpc_server/drsuapi/updaterefs.c b/source4/rpc_server/drsuapi/updaterefs.c
index 3863ac7c98..d628388849 100644
--- a/source4/rpc_server/drsuapi/updaterefs.c
+++ b/source4/rpc_server/drsuapi/updaterefs.c
@@ -203,18 +203,20 @@ WERROR dcesrv_drsuapi_DsReplicaUpdateRefs(struct dcesrv_call_state *dce_call, TA
DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
b_state = h->data;
- werr = drs_security_level_check(dce_call, "DsReplicaUpdateRefs", SECURITY_RO_DOMAIN_CONTROLLER,
- samdb_domain_sid(b_state->sam_ctx));
- if (!W_ERROR_IS_OK(werr)) {
- return werr;
- }
-
if (r->in.level != 1) {
DEBUG(0,("DrReplicUpdateRefs - unsupported level %u\n", r->in.level));
return WERR_DS_DRA_INVALID_PARAMETER;
}
-
req = &r->in.req.req1;
+ werr = drs_security_access_check(b_state->sam_ctx,
+ mem_ctx,
+ dce_call->conn->auth_state.session_info->security_token,
+ req->naming_context,
+ GUID_DRS_MANAGE_TOPOLOGY);
+
+ if (!W_ERROR_IS_OK(werr)) {
+ return werr;
+ }
security_level = security_session_user_level(dce_call->conn->auth_state.session_info, NULL);
if (security_level < SECURITY_ADMINISTRATOR) {