diff options
-rw-r--r-- | source4/dsdb/common/dsdb_access.c | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/source4/dsdb/common/dsdb_access.c b/source4/dsdb/common/dsdb_access.c index c7d8610c50..ebbe4f43b1 100644 --- a/source4/dsdb/common/dsdb_access.c +++ b/source4/dsdb/common/dsdb_access.c @@ -35,6 +35,7 @@ #include "param/param.h" #include "auth/auth.h" #include "dsdb/samdb/samdb.h" +#include "dsdb/common/util.h" void dsdb_acl_debug(struct security_descriptor *sd, struct security_token *token, @@ -135,24 +136,24 @@ int dsdb_check_access_on_dn_internal(struct ldb_context *ldb, int dsdb_check_access_on_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_dn *dn, + struct security_token *token, uint32_t access, - const struct GUID *guid) + const char *ext_right) { int ret; + struct GUID guid; struct ldb_result *acl_res; static const char *acl_attrs[] = { "nTSecurityDescriptor", "objectSid", NULL }; - - struct auth_session_info *session_info - = (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo"); - if(!session_info) { - return ldb_operr(ldb); + NTSTATUS status = GUID_from_string(ext_right, &guid); + if (!NT_STATUS_IS_OK(status)) { + return LDB_ERR_OPERATIONS_ERROR; } - ret = ldb_search(ldb, mem_ctx, &acl_res, dn, LDB_SCOPE_BASE, acl_attrs, NULL); + ret = dsdb_search_dn(ldb, mem_ctx, &acl_res, dn, acl_attrs, DSDB_SEARCH_SHOW_DELETED); if (ret != LDB_SUCCESS) { DEBUG(10,("access_check: failed to find object %s\n", ldb_dn_get_linearized(dn))); return ret; @@ -160,9 +161,9 @@ int dsdb_check_access_on_dn(struct ldb_context *ldb, return dsdb_check_access_on_dn_internal(ldb, acl_res, mem_ctx, - session_info->security_token, + token, dn, access, - guid); + &guid); } |