From 5efff3ad6a7fdfe71101b2debe7d79678432c5c4 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Sat, 16 Jan 2010 10:36:06 +1100
Subject: s4-dsdb: require admin access for DsReplicaGetInfo

---
 source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'source4/rpc_server/drsuapi/dcesrv_drsuapi.c')

diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
index 38d043c4e4..ae70fbc18f 100644
--- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
@@ -743,15 +743,17 @@ static WERROR dcesrv_drsuapi_DsExecuteKCC(struct dcesrv_call_state *dce_call, TA
 static WERROR dcesrv_drsuapi_DsReplicaGetInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
 		       struct drsuapi_DsReplicaGetInfo *r)
 {
-	WERROR status;
-	status = drs_security_level_check(dce_call, "DsReplicaGetInfo");
+	enum security_user_level level;
 
-	if (!W_ERROR_IS_OK(status)) {
-		return status;
+	level = security_session_user_level(dce_call->conn->auth_state.session_info);
+	if (level < SECURITY_ADMINISTRATOR) {
+		DEBUG(1,(__location__ ": Administrator access required for DsReplicaGetInfo\n"));
+		security_token_debug(2, dce_call->conn->auth_state.session_info->security_token);
+		return WERR_DS_DRA_ACCESS_DENIED;
 	}
 
 	dcesrv_irpc_forward_rpc_call(dce_call, mem_ctx, r, NDR_DRSUAPI_DSREPLICAGETINFO,
-								&ndr_table_drsuapi, "kccsrv", "DsReplicaGetInfo");
+				     &ndr_table_drsuapi, "kccsrv", "DsReplicaGetInfo");
 
 	return WERR_OK;
 }
-- 
cgit