From bb1ba4ff76eb90d0d62dd3edbe288f45cf7a0a1e Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Thu, 22 Apr 2010 16:48:01 +1000
Subject: s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER level

This is used for allowing operations by RODCs, and denying them
operations that should only be allowed for a full DC

This required a new domain_sid argument to
security_session_user_level()

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Rusty Russell <rusty@samba.org>
---
 source4/rpc_server/drsuapi/addentry.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'source4/rpc_server/drsuapi/addentry.c')

diff --git a/source4/rpc_server/drsuapi/addentry.c b/source4/rpc_server/drsuapi/addentry.c
index cfddd80fe4..e87c940597 100644
--- a/source4/rpc_server/drsuapi/addentry.c
+++ b/source4/rpc_server/drsuapi/addentry.c
@@ -27,7 +27,7 @@
 #include "param/param.h"
 #include "rpc_server/drsuapi/dcesrv_drsuapi.h"
 #include "librpc/gen_ndr/ndr_drsuapi.h"
-
+#include "libcli/security/security.h"
 
 /*
   add special SPNs needed for DRS replication to machine accounts when
@@ -171,7 +171,7 @@ WERROR dcesrv_drsuapi_DsAddEntry(struct dcesrv_call_state *dce_call, TALLOC_CTX
 	DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
 	b_state = h->data;
 
-	status = drs_security_level_check(dce_call, "DsAddEntry");
+	status = drs_security_level_check(dce_call, "DsAddEntry", SECURITY_DOMAIN_CONTROLLER);
 	if (!W_ERROR_IS_OK(status)) {
 		return status;
 	}
-- 
cgit