From bb1ba4ff76eb90d0d62dd3edbe288f45cf7a0a1e Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Thu, 22 Apr 2010 16:48:01 +1000
Subject: s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER level

This is used for allowing operations by RODCs, and denying them
operations that should only be allowed for a full DC

This required a new domain_sid argument to
security_session_user_level()

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Rusty Russell <rusty@samba.org>
---
 source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'source4/dsdb/samdb/ldb_modules/repl_meta_data.c')

diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index 75aed6ae7e..efb44bfd4c 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -2402,7 +2402,7 @@ static int replmd_delete(struct ldb_module *module, struct ldb_request *req)
 	if (next_deletion_state == OBJECT_REMOVED) {
 		struct auth_session_info *session_info =
 				(struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
-		if (security_session_user_level(session_info) != SECURITY_SYSTEM) {
+		if (security_session_user_level(session_info, NULL) != SECURITY_SYSTEM) {
 			ldb_asprintf_errstring(ldb, "Refusing to delete deleted object %s",
 					ldb_dn_get_linearized(old_msg->dn));
 			return LDB_ERR_UNWILLING_TO_PERFORM;
-- 
cgit