From 8045b35b1bda15f619238fac943c604cfe851c94 Mon Sep 17 00:00:00 2001 From: Nadezhda Ivanova Date: Sun, 26 Sep 2010 21:16:47 -0700 Subject: s4-drs: Added check for drs-manage-topology to updateRefs. --- source4/rpc_server/drsuapi/updaterefs.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'source4') diff --git a/source4/rpc_server/drsuapi/updaterefs.c b/source4/rpc_server/drsuapi/updaterefs.c index 3863ac7c98..d628388849 100644 --- a/source4/rpc_server/drsuapi/updaterefs.c +++ b/source4/rpc_server/drsuapi/updaterefs.c @@ -203,18 +203,20 @@ WERROR dcesrv_drsuapi_DsReplicaUpdateRefs(struct dcesrv_call_state *dce_call, TA DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE); b_state = h->data; - werr = drs_security_level_check(dce_call, "DsReplicaUpdateRefs", SECURITY_RO_DOMAIN_CONTROLLER, - samdb_domain_sid(b_state->sam_ctx)); - if (!W_ERROR_IS_OK(werr)) { - return werr; - } - if (r->in.level != 1) { DEBUG(0,("DrReplicUpdateRefs - unsupported level %u\n", r->in.level)); return WERR_DS_DRA_INVALID_PARAMETER; } - req = &r->in.req.req1; + werr = drs_security_access_check(b_state->sam_ctx, + mem_ctx, + dce_call->conn->auth_state.session_info->security_token, + req->naming_context, + GUID_DRS_MANAGE_TOPOLOGY); + + if (!W_ERROR_IS_OK(werr)) { + return werr; + } security_level = security_session_user_level(dce_call->conn->auth_state.session_info, NULL); if (security_level < SECURITY_ADMINISTRATOR) { -- cgit