summaryrefslogtreecommitdiff
path: root/source4/rpc_server/drsuapi/addentry.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/rpc_server/drsuapi/addentry.c')
-rw-r--r--source4/rpc_server/drsuapi/addentry.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/source4/rpc_server/drsuapi/addentry.c b/source4/rpc_server/drsuapi/addentry.c
index ae478027a6..edf46aa5fb 100644
--- a/source4/rpc_server/drsuapi/addentry.c
+++ b/source4/rpc_server/drsuapi/addentry.c
@@ -30,6 +30,7 @@
#include "librpc/gen_ndr/ndr_drsblobs.h"
#include "auth/auth.h"
#include "rpc_server/drsuapi/dcesrv_drsuapi.h"
+#include "libcli/security/security.h"
/*
@@ -149,6 +150,12 @@ WERROR dcesrv_drsuapi_DsAddEntry(struct dcesrv_call_state *dce_call, TALLOC_CTX
DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
b_state = h->data;
+ if (security_session_user_level(dce_call->conn->auth_state.session_info) <
+ SECURITY_DOMAIN_CONTROLLER) {
+ DEBUG(0,("DsAddEntry refused for security token\n"));
+ return WERR_DS_DRA_ACCESS_DENIED;
+ }
+
switch (r->in.level) {
case 2:
ret = ldb_transaction_start(b_state->sam_ctx);
generated by cgit (git 2.34.1) at 2024-12-27 14:12:24 +0000