diff options
author | Nadezhda Ivanova <nivanova@samba.org> | 2010-09-26 11:32:22 -0700 |
---|---|---|
committer | Nadezhda Ivanova <nivanova@samba.org> | 2010-09-26 15:36:09 -0700 |
commit | dc9991ab0e191fe5b7dadbcf1d9e57b9ecbd7958 (patch) | |
tree | 297bf57208565ee84cbaad85da9a496c95832913 /source4/dsdb/samdb | |
parent | 4d3f528411301d0bc48110921a1ecb4b4f752b1e (diff) | |
download | samba-dc9991ab0e191fe5b7dadbcf1d9e57b9ecbd7958.tar.gz samba-dc9991ab0e191fe5b7dadbcf1d9e57b9ecbd7958.tar.bz2 samba-dc9991ab0e191fe5b7dadbcf1d9e57b9ecbd7958.zip |
s4-dsdb: Added a function to check access on a particular object by its guid
Similar to dsdb_check_access_on_dn, only it searches by guid.
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl_util.c | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl_util.c b/source4/dsdb/samdb/ldb_modules/acl_util.c index 27d7fa8cdd..6873e56abd 100644 --- a/source4/dsdb/samdb/ldb_modules/acl_util.c +++ b/source4/dsdb/samdb/ldb_modules/acl_util.c @@ -86,6 +86,43 @@ int dsdb_module_check_access_on_dn(struct ldb_module *module, guid); } +int dsdb_module_check_access_on_guid(struct ldb_module *module, + TALLOC_CTX *mem_ctx, + struct GUID *guid, + uint32_t access, + const struct GUID *oc_guid) +{ + int ret; + struct ldb_result *acl_res; + static const char *acl_attrs[] = { + "nTSecurityDescriptor", + "objectSid", + NULL + }; + struct ldb_context *ldb = ldb_module_get_ctx(module); + struct auth_session_info *session_info + = (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo"); + if(!session_info) { + return ldb_operr(ldb); + } + ret = dsdb_module_search(module, mem_ctx, &acl_res, NULL, LDB_SCOPE_SUBTREE, + acl_attrs, + DSDB_FLAG_NEXT_MODULE | + DSDB_SEARCH_SHOW_DELETED, + "objectGUID=%s", GUID_string(mem_ctx, guid)); + + if (ret != LDB_SUCCESS || acl_res->count == 0) { + DEBUG(0,("access_check: failed to find object %s\n", GUID_string(mem_ctx, guid))); + return ret; + } + return dsdb_check_access_on_dn_internal(ldb, acl_res, + mem_ctx, + session_info->security_token, + acl_res->msgs[0]->dn, + access, + oc_guid); +} + int acl_check_access_on_attribute(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct security_descriptor *sd, |