summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/rpc_server/drsuapi/updaterefs.c16
1 files changed, 9 insertions, 7 deletions
diff --git a/source4/rpc_server/drsuapi/updaterefs.c b/source4/rpc_server/drsuapi/updaterefs.c
index 3863ac7c98..d628388849 100644
--- a/source4/rpc_server/drsuapi/updaterefs.c
+++ b/source4/rpc_server/drsuapi/updaterefs.c
@@ -203,18 +203,20 @@ WERROR dcesrv_drsuapi_DsReplicaUpdateRefs(struct dcesrv_call_state *dce_call, TA
DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
b_state = h->data;
- werr = drs_security_level_check(dce_call, "DsReplicaUpdateRefs", SECURITY_RO_DOMAIN_CONTROLLER,
- samdb_domain_sid(b_state->sam_ctx));
- if (!W_ERROR_IS_OK(werr)) {
- return werr;
- }
-
if (r->in.level != 1) {
DEBUG(0,("DrReplicUpdateRefs - unsupported level %u\n", r->in.level));
return WERR_DS_DRA_INVALID_PARAMETER;
}
-
req = &r->in.req.req1;
+ werr = drs_security_access_check(b_state->sam_ctx,
+ mem_ctx,
+ dce_call->conn->auth_state.session_info->security_token,
+ req->naming_context,
+ GUID_DRS_MANAGE_TOPOLOGY);
+
+ if (!W_ERROR_IS_OK(werr)) {
+ return werr;
+ }
security_level = security_session_user_level(dce_call->conn->auth_state.session_info, NULL);
if (security_level < SECURITY_ADMINISTRATOR) {