#include "dsdb/samdb/samdb.h"
#include "libcli/security/security.h"
#include "param/param.h"
+#include "auth/session.h"
/*
format a drsuapi_DsReplicaObjectIdentifier naming context as a string
WERROR drs_security_level_check(struct dcesrv_call_state *dce_call, const char* call)
{
+ enum security_user_level level;
+
if (lp_parm_bool(dce_call->conn->dce_ctx->lp_ctx, NULL,
"drs", "disable_sec_check", false)) {
return WERR_OK;
}
- if (security_session_user_level(dce_call->conn->auth_state.session_info) <
- SECURITY_DOMAIN_CONTROLLER) {
+ level = security_session_user_level(dce_call->conn->auth_state.session_info);
+ if (level < SECURITY_DOMAIN_CONTROLLER) {
if (call) {
- DEBUG(0,("%s refused for security token\n", call));
+ DEBUG(0,("%s refused for security token (level=%u)\n",
+ call, (unsigned)level));
+ security_token_debug(2, dce_call->conn->auth_state.session_info->security_token);
}
return WERR_DS_DRA_ACCESS_DENIED;
}