s4-drs: added domain_sid to DRS security checks

[samba.git] / source4 / rpc_server / drsuapi / drsutil.c

diff --git a/source4/rpc_server/drsuapi/drsutil.c b/source4/rpc_server/drsuapi/drsutil.c
index e29c14dbc11e128fcb3c03aa1cac25325acb742b..f20082f6bb384530205fe89f244df8346d2cd0da 100644 (file)
--- a/source4/rpc_server/drsuapi/drsutil.c
+++ b/source4/rpc_server/drsuapi/drsutil.c
@@ -103,7 +103,8 @@ int drsuapi_search_with_extended_dn(struct ldb_context *ldb,
 
 WERROR drs_security_level_check(struct dcesrv_call_state *dce_call,
                                const char* call,
-                               enum security_user_level minimum_level)
+                               enum security_user_level minimum_level,
+                               const struct dom_sid *domain_sid)
 {
        enum security_user_level level;
 
@@ -112,7 +113,7 @@ WERROR drs_security_level_check(struct dcesrv_call_state *dce_call,
                return WERR_OK;
        }
 
-       level = security_session_user_level(dce_call->conn->auth_state.session_info, NULL);
+       level = security_session_user_level(dce_call->conn->auth_state.session_info, domain_sid);
        if (level < minimum_level) {
                if (call) {
                        DEBUG(0,("%s refused for security token (level=%u)\n",