summaryrefslogtreecommitdiff
path: root/source4/rpc_server/drsuapi/updaterefs.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/rpc_server/drsuapi/updaterefs.c')
-rw-r--r--source4/rpc_server/drsuapi/updaterefs.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/source4/rpc_server/drsuapi/updaterefs.c b/source4/rpc_server/drsuapi/updaterefs.c
index 45244c7801..34ff0caa14 100644
--- a/source4/rpc_server/drsuapi/updaterefs.c
+++ b/source4/rpc_server/drsuapi/updaterefs.c
@@ -29,6 +29,7 @@
#include "librpc/gen_ndr/ndr_drsblobs.h"
#include "auth/auth.h"
#include "rpc_server/drsuapi/dcesrv_drsuapi.h"
+#include "libcli/security/security.h"
struct repsTo {
uint32_t count;
@@ -109,6 +110,12 @@ WERROR dcesrv_drsuapi_DsReplicaUpdateRefs(struct dcesrv_call_state *dce_call, TA
WERROR werr;
struct ldb_dn *dn;
+ if (security_session_user_level(dce_call->conn->auth_state.session_info) <
+ SECURITY_DOMAIN_CONTROLLER) {
+ DEBUG(0,("DsReplicaUpdateRefs refused for security token\n"));
+ return WERR_DS_DRA_ACCESS_DENIED;
+ }
+
if (r->in.level != 1) {
DEBUG(0,("DrReplicUpdateRefs - unsupported level %u\n", r->in.level));
return WERR_DS_DRA_INVALID_PARAMETER;
generated by cgit (git 2.34.1) at 2024-06-30 22:36:14 +0000