summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNadezhda Ivanova <nivanova@samba.org>2010-09-26 21:12:48 -0700
committerAndrew Tridgell <tridge@samba.org>2010-09-28 11:36:40 -0700
commit6caa5128150da5c585957b34e8a9c40396877452 (patch)
treed68c21a25232ccd5ad140a51b28475a4e723805a
parent4be269664451f3df82a8b4939ffcf5d4274d02ed (diff)
downloadsamba-6caa5128150da5c585957b34e8a9c40396877452.tar.gz
samba-6caa5128150da5c585957b34e8a9c40396877452.tar.bz2
samba-6caa5128150da5c585957b34e8a9c40396877452.zip
s4-dsdb: adapted check_access_on_dn for use in drs.
-rw-r--r--source4/dsdb/common/dsdb_access.c19
1 files changed, 10 insertions, 9 deletions
diff --git a/source4/dsdb/common/dsdb_access.c b/source4/dsdb/common/dsdb_access.c
index c7d8610c50..ebbe4f43b1 100644
--- a/source4/dsdb/common/dsdb_access.c
+++ b/source4/dsdb/common/dsdb_access.c
@@ -35,6 +35,7 @@
#include "param/param.h"
#include "auth/auth.h"
#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
void dsdb_acl_debug(struct security_descriptor *sd,
struct security_token *token,
@@ -135,24 +136,24 @@ int dsdb_check_access_on_dn_internal(struct ldb_context *ldb,
int dsdb_check_access_on_dn(struct ldb_context *ldb,
TALLOC_CTX *mem_ctx,
struct ldb_dn *dn,
+ struct security_token *token,
uint32_t access,
- const struct GUID *guid)
+ const char *ext_right)
{
int ret;
+ struct GUID guid;
struct ldb_result *acl_res;
static const char *acl_attrs[] = {
"nTSecurityDescriptor",
"objectSid",
NULL
};
-
- struct auth_session_info *session_info
- = (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
- if(!session_info) {
- return ldb_operr(ldb);
+ NTSTATUS status = GUID_from_string(ext_right, &guid);
+ if (!NT_STATUS_IS_OK(status)) {
+ return LDB_ERR_OPERATIONS_ERROR;
}
- ret = ldb_search(ldb, mem_ctx, &acl_res, dn, LDB_SCOPE_BASE, acl_attrs, NULL);
+ ret = dsdb_search_dn(ldb, mem_ctx, &acl_res, dn, acl_attrs, DSDB_SEARCH_SHOW_DELETED);
if (ret != LDB_SUCCESS) {
DEBUG(10,("access_check: failed to find object %s\n", ldb_dn_get_linearized(dn)));
return ret;
@@ -160,9 +161,9 @@ int dsdb_check_access_on_dn(struct ldb_context *ldb,
return dsdb_check_access_on_dn_internal(ldb, acl_res,
mem_ctx,
- session_info->security_token,
+ token,
dn,
access,
- guid);
+ &guid);
}