summaryrefslogtreecommitdiff
path: root/source4/rpc_server
diff options
context:
space:
mode:
Diffstat (limited to 'source4/rpc_server')
-rw-r--r--source4/rpc_server/lsa/dcesrv_lsa.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 0a5fc54d68..0e6a55ec2f 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -1939,6 +1939,12 @@ static NTSTATUS dcesrv_lsa_AddRemoveAccountRights(struct dcesrv_call_state *dce_
struct lsa_EnumAccountRights r2;
char *dnstr;
+ if (security_session_user_level(dce_call->conn->auth_state.session_info) <
+ SECURITY_ADMINISTRATOR) {
+ DEBUG(0,("lsa_AddRemoveAccount refused for supplied security token\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
msg = ldb_msg_new(mem_ctx);
if (msg == NULL) {
return NT_STATUS_NO_MEMORY;
generated by cgit (git 2.34.1) at 2024-11-23 05:03:16 +0000