summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2010-01-16 10:36:06 +1100
committerAndrew Tridgell <tridge@samba.org>2010-01-16 14:10:42 +1100
commit5efff3ad6a7fdfe71101b2debe7d79678432c5c4 (patch)
treec4de1dd61b65de54ad33e0efa61b3fb0c3348fdc
parent5bfeed89da6177adf9dfa49471adcbc25c7d0e7a (diff)
downloadsamba-5efff3ad6a7fdfe71101b2debe7d79678432c5c4.tar.gz
samba-5efff3ad6a7fdfe71101b2debe7d79678432c5c4.tar.bz2
samba-5efff3ad6a7fdfe71101b2debe7d79678432c5c4.zip
s4-dsdb: require admin access for DsReplicaGetInfo
-rw-r--r--source4/rpc_server/drsuapi/dcesrv_drsuapi.c12
1 files changed, 7 insertions, 5 deletions
diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
index 38d043c4e4..ae70fbc18f 100644
--- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
@@ -743,15 +743,17 @@ static WERROR dcesrv_drsuapi_DsExecuteKCC(struct dcesrv_call_state *dce_call, TA
static WERROR dcesrv_drsuapi_DsReplicaGetInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct drsuapi_DsReplicaGetInfo *r)
{
- WERROR status;
- status = drs_security_level_check(dce_call, "DsReplicaGetInfo");
+ enum security_user_level level;
- if (!W_ERROR_IS_OK(status)) {
- return status;
+ level = security_session_user_level(dce_call->conn->auth_state.session_info);
+ if (level < SECURITY_ADMINISTRATOR) {
+ DEBUG(1,(__location__ ": Administrator access required for DsReplicaGetInfo\n"));
+ security_token_debug(2, dce_call->conn->auth_state.session_info->security_token);
+ return WERR_DS_DRA_ACCESS_DENIED;
}
dcesrv_irpc_forward_rpc_call(dce_call, mem_ctx, r, NDR_DRSUAPI_DSREPLICAGETINFO,
- &ndr_table_drsuapi, "kccsrv", "DsReplicaGetInfo");
+ &ndr_table_drsuapi, "kccsrv", "DsReplicaGetInfo");
return WERR_OK;
}