diff options
author | Nadezhda Ivanova <nivanova@samba.org> | 2010-09-26 21:12:48 -0700 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2010-09-28 11:36:40 -0700 |
commit | 6caa5128150da5c585957b34e8a9c40396877452 (patch) | |
tree | d68c21a25232ccd5ad140a51b28475a4e723805a | |
parent | 4be269664451f3df82a8b4939ffcf5d4274d02ed (diff) | |
download | samba-6caa5128150da5c585957b34e8a9c40396877452.tar.gz samba-6caa5128150da5c585957b34e8a9c40396877452.tar.bz2 samba-6caa5128150da5c585957b34e8a9c40396877452.zip |
s4-dsdb: adapted check_access_on_dn for use in drs.
-rw-r--r-- | source4/dsdb/common/dsdb_access.c | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/source4/dsdb/common/dsdb_access.c b/source4/dsdb/common/dsdb_access.c index c7d8610c50..ebbe4f43b1 100644 --- a/source4/dsdb/common/dsdb_access.c +++ b/source4/dsdb/common/dsdb_access.c @@ -35,6 +35,7 @@ #include "param/param.h" #include "auth/auth.h" #include "dsdb/samdb/samdb.h" +#include "dsdb/common/util.h" void dsdb_acl_debug(struct security_descriptor *sd, struct security_token *token, @@ -135,24 +136,24 @@ int dsdb_check_access_on_dn_internal(struct ldb_context *ldb, int dsdb_check_access_on_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_dn *dn, + struct security_token *token, uint32_t access, - const struct GUID *guid) + const char *ext_right) { int ret; + struct GUID guid; struct ldb_result *acl_res; static const char *acl_attrs[] = { "nTSecurityDescriptor", "objectSid", NULL }; - - struct auth_session_info *session_info - = (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo"); - if(!session_info) { - return ldb_operr(ldb); + NTSTATUS status = GUID_from_string(ext_right, &guid); + if (!NT_STATUS_IS_OK(status)) { + return LDB_ERR_OPERATIONS_ERROR; } - ret = ldb_search(ldb, mem_ctx, &acl_res, dn, LDB_SCOPE_BASE, acl_attrs, NULL); + ret = dsdb_search_dn(ldb, mem_ctx, &acl_res, dn, acl_attrs, DSDB_SEARCH_SHOW_DELETED); if (ret != LDB_SUCCESS) { DEBUG(10,("access_check: failed to find object %s\n", ldb_dn_get_linearized(dn))); return ret; @@ -160,9 +161,9 @@ int dsdb_check_access_on_dn(struct ldb_context *ldb, return dsdb_check_access_on_dn_internal(ldb, acl_res, mem_ctx, - session_info->security_token, + token, dn, access, - guid); + &guid); } |