From 45a2b408ba16ebabedc519a7235b05c104dede6b Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 17 Aug 2010 14:12:21 +1000
Subject: s4-drs: added domain_sid to DRS security checks

we need the domain_sid to determine if the account is a RODC for our
domain

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
---
 source4/rpc_server/drsuapi/updaterefs.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'source4/rpc_server/drsuapi/updaterefs.c')

diff --git a/source4/rpc_server/drsuapi/updaterefs.c b/source4/rpc_server/drsuapi/updaterefs.c
index d52a77959a..daf057d6d6 100644
--- a/source4/rpc_server/drsuapi/updaterefs.c
+++ b/source4/rpc_server/drsuapi/updaterefs.c
@@ -197,7 +197,8 @@ WERROR dcesrv_drsuapi_DsReplicaUpdateRefs(struct dcesrv_call_state *dce_call, TA
 	DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
 	b_state = h->data;
 
-	werr = drs_security_level_check(dce_call, "DsReplicaUpdateRefs", SECURITY_RO_DOMAIN_CONTROLLER);
+	werr = drs_security_level_check(dce_call, "DsReplicaUpdateRefs", SECURITY_RO_DOMAIN_CONTROLLER,
+					samdb_domain_sid(b_state->sam_ctx));
 	if (!W_ERROR_IS_OK(werr)) {
 		return werr;
 	}
-- 
cgit