diff options
author | Andrew Tridgell <tridge@samba.org> | 2010-01-16 10:36:06 +1100 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2010-01-16 14:10:42 +1100 |
commit | 5efff3ad6a7fdfe71101b2debe7d79678432c5c4 (patch) | |
tree | c4de1dd61b65de54ad33e0efa61b3fb0c3348fdc | |
parent | 5bfeed89da6177adf9dfa49471adcbc25c7d0e7a (diff) | |
download | samba-5efff3ad6a7fdfe71101b2debe7d79678432c5c4.tar.gz samba-5efff3ad6a7fdfe71101b2debe7d79678432c5c4.tar.bz2 samba-5efff3ad6a7fdfe71101b2debe7d79678432c5c4.zip |
s4-dsdb: require admin access for DsReplicaGetInfo
-rw-r--r-- | source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c index 38d043c4e4..ae70fbc18f 100644 --- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c +++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c @@ -743,15 +743,17 @@ static WERROR dcesrv_drsuapi_DsExecuteKCC(struct dcesrv_call_state *dce_call, TA static WERROR dcesrv_drsuapi_DsReplicaGetInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct drsuapi_DsReplicaGetInfo *r) { - WERROR status; - status = drs_security_level_check(dce_call, "DsReplicaGetInfo"); + enum security_user_level level; - if (!W_ERROR_IS_OK(status)) { - return status; + level = security_session_user_level(dce_call->conn->auth_state.session_info); + if (level < SECURITY_ADMINISTRATOR) { + DEBUG(1,(__location__ ": Administrator access required for DsReplicaGetInfo\n")); + security_token_debug(2, dce_call->conn->auth_state.session_info->security_token); + return WERR_DS_DRA_ACCESS_DENIED; } dcesrv_irpc_forward_rpc_call(dce_call, mem_ctx, r, NDR_DRSUAPI_DSREPLICAGETINFO, - &ndr_table_drsuapi, "kccsrv", "DsReplicaGetInfo"); + &ndr_table_drsuapi, "kccsrv", "DsReplicaGetInfo"); return WERR_OK; } |