DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
b_state = h->data;
- status = drs_security_level_check(dce_call, "DsAddEntry", SECURITY_DOMAIN_CONTROLLER);
+ status = drs_security_level_check(dce_call, "DsAddEntry", SECURITY_DOMAIN_CONTROLLER, NULL);
if (!W_ERROR_IS_OK(status)) {
return status;
}
W_ERROR_HAVE_NO_MEMORY(b_state);
/* if this is a DC connecting, give them system level access */
- werr = drs_security_level_check(dce_call, NULL, SECURITY_DOMAIN_CONTROLLER);
+ werr = drs_security_level_check(dce_call, NULL, SECURITY_DOMAIN_CONTROLLER, NULL);
if (W_ERROR_IS_OK(werr)) {
DEBUG(3,(__location__ ": doing DsBind with system_session\n"));
auth_info = system_session(dce_call->conn->dce_ctx->lp_ctx);
{
WERROR status;
- status = drs_security_level_check(dce_call, "DsReplicaSync", SECURITY_DOMAIN_CONTROLLER);
+ status = drs_security_level_check(dce_call, "DsReplicaSync", SECURITY_DOMAIN_CONTROLLER, NULL);
if (!W_ERROR_IS_OK(status)) {
return status;
}
*r->out.level_out = 1;
- status = drs_security_level_check(dce_call, "DsRemoveDSServer", SECURITY_DOMAIN_CONTROLLER);
+ status = drs_security_level_check(dce_call, "DsRemoveDSServer", SECURITY_DOMAIN_CONTROLLER, NULL);
if (!W_ERROR_IS_OK(status)) {
return status;
}
struct drsuapi_DsExecuteKCC *r)
{
WERROR status;
- status = drs_security_level_check(dce_call, "DsExecuteKCC", SECURITY_DOMAIN_CONTROLLER);
+ status = drs_security_level_check(dce_call, "DsExecuteKCC", SECURITY_DOMAIN_CONTROLLER, NULL);
if (!W_ERROR_IS_OK(status)) {
return status;
enum security_user_level;
WERROR drs_security_level_check(struct dcesrv_call_state *dce_call,
- const char* call, enum security_user_level minimum_level);
+ const char* call, enum security_user_level minimum_level,
+ const struct dom_sid *domain_sid);
void drsuapi_process_secret_attribute(struct drsuapi_DsReplicaAttribute *attr,
struct drsuapi_DsReplicaMetaData *meta_data);
WERROR drs_security_level_check(struct dcesrv_call_state *dce_call,
const char* call,
- enum security_user_level minimum_level)
+ enum security_user_level minimum_level,
+ const struct dom_sid *domain_sid)
{
enum security_user_level level;
return WERR_OK;
}
- level = security_session_user_level(dce_call->conn->auth_state.session_info, NULL);
+ level = security_session_user_level(dce_call->conn->auth_state.session_info, domain_sid);
if (level < minimum_level) {
if (call) {
DEBUG(0,("%s refused for security token (level=%u)\n",
return WERR_DS_DRA_SOURCE_DISABLED;
}
- werr = drs_security_level_check(dce_call, "DsGetNCChanges", SECURITY_RO_DOMAIN_CONTROLLER);
+ werr = drs_security_level_check(dce_call, "DsGetNCChanges", SECURITY_RO_DOMAIN_CONTROLLER,
+ samdb_domain_sid(b_state->sam_ctx));
if (!W_ERROR_IS_OK(werr)) {
return werr;
}
DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
b_state = h->data;
- werr = drs_security_level_check(dce_call, "DsReplicaUpdateRefs", SECURITY_RO_DOMAIN_CONTROLLER);
+ werr = drs_security_level_check(dce_call, "DsReplicaUpdateRefs", SECURITY_RO_DOMAIN_CONTROLLER,
+ samdb_domain_sid(b_state->sam_ctx));
if (!W_ERROR_IS_OK(werr)) {
return werr;
}