diff options
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/acl_util.c | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl_util.c b/source4/dsdb/samdb/ldb_modules/acl_util.c index 27d7fa8cdd..6873e56abd 100644 --- a/source4/dsdb/samdb/ldb_modules/acl_util.c +++ b/source4/dsdb/samdb/ldb_modules/acl_util.c @@ -86,6 +86,43 @@ int dsdb_module_check_access_on_dn(struct ldb_module *module, guid); } +int dsdb_module_check_access_on_guid(struct ldb_module *module, + TALLOC_CTX *mem_ctx, + struct GUID *guid, + uint32_t access, + const struct GUID *oc_guid) +{ + int ret; + struct ldb_result *acl_res; + static const char *acl_attrs[] = { + "nTSecurityDescriptor", + "objectSid", + NULL + }; + struct ldb_context *ldb = ldb_module_get_ctx(module); + struct auth_session_info *session_info + = (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo"); + if(!session_info) { + return ldb_operr(ldb); + } + ret = dsdb_module_search(module, mem_ctx, &acl_res, NULL, LDB_SCOPE_SUBTREE, + acl_attrs, + DSDB_FLAG_NEXT_MODULE | + DSDB_SEARCH_SHOW_DELETED, + "objectGUID=%s", GUID_string(mem_ctx, guid)); + + if (ret != LDB_SUCCESS || acl_res->count == 0) { + DEBUG(0,("access_check: failed to find object %s\n", GUID_string(mem_ctx, guid))); + return ret; + } + return dsdb_check_access_on_dn_internal(ldb, acl_res, + mem_ctx, + session_info->security_token, + acl_res->msgs[0]->dn, + access, + oc_guid); +} + int acl_check_access_on_attribute(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct security_descriptor *sd, |