summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/dsdb/samdb/ldb_modules/acl_util.c37
1 files changed, 37 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl_util.c b/source4/dsdb/samdb/ldb_modules/acl_util.c
index 27d7fa8cdd..6873e56abd 100644
--- a/source4/dsdb/samdb/ldb_modules/acl_util.c
+++ b/source4/dsdb/samdb/ldb_modules/acl_util.c
@@ -86,6 +86,43 @@ int dsdb_module_check_access_on_dn(struct ldb_module *module,
guid);
}
+int dsdb_module_check_access_on_guid(struct ldb_module *module,
+ TALLOC_CTX *mem_ctx,
+ struct GUID *guid,
+ uint32_t access,
+ const struct GUID *oc_guid)
+{
+ int ret;
+ struct ldb_result *acl_res;
+ static const char *acl_attrs[] = {
+ "nTSecurityDescriptor",
+ "objectSid",
+ NULL
+ };
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+ struct auth_session_info *session_info
+ = (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
+ if(!session_info) {
+ return ldb_operr(ldb);
+ }
+ ret = dsdb_module_search(module, mem_ctx, &acl_res, NULL, LDB_SCOPE_SUBTREE,
+ acl_attrs,
+ DSDB_FLAG_NEXT_MODULE |
+ DSDB_SEARCH_SHOW_DELETED,
+ "objectGUID=%s", GUID_string(mem_ctx, guid));
+
+ if (ret != LDB_SUCCESS || acl_res->count == 0) {
+ DEBUG(0,("access_check: failed to find object %s\n", GUID_string(mem_ctx, guid)));
+ return ret;
+ }
+ return dsdb_check_access_on_dn_internal(ldb, acl_res,
+ mem_ctx,
+ session_info->security_token,
+ acl_res->msgs[0]->dn,
+ access,
+ oc_guid);
+}
+
int acl_check_access_on_attribute(struct ldb_module *module,
TALLOC_CTX *mem_ctx,
struct security_descriptor *sd,