summaryrefslogtreecommitdiff
path: root/source4/dsdb
diff options
context:
space:
mode:
Diffstat (limited to 'source4/dsdb')
-rw-r--r--source4/dsdb/common/dsdb_access.c19
1 files changed, 10 insertions, 9 deletions
diff --git a/source4/dsdb/common/dsdb_access.c b/source4/dsdb/common/dsdb_access.c
index c7d8610c50..ebbe4f43b1 100644
--- a/source4/dsdb/common/dsdb_access.c
+++ b/source4/dsdb/common/dsdb_access.c
@@ -35,6 +35,7 @@
#include "param/param.h"
#include "auth/auth.h"
#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
void dsdb_acl_debug(struct security_descriptor *sd,
struct security_token *token,
@@ -135,24 +136,24 @@ int dsdb_check_access_on_dn_internal(struct ldb_context *ldb,
int dsdb_check_access_on_dn(struct ldb_context *ldb,
TALLOC_CTX *mem_ctx,
struct ldb_dn *dn,
+ struct security_token *token,
uint32_t access,
- const struct GUID *guid)
+ const char *ext_right)
{
int ret;
+ struct GUID guid;
struct ldb_result *acl_res;
static const char *acl_attrs[] = {
"nTSecurityDescriptor",
"objectSid",
NULL
};
-
- struct auth_session_info *session_info
- = (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
- if(!session_info) {
- return ldb_operr(ldb);
+ NTSTATUS status = GUID_from_string(ext_right, &guid);
+ if (!NT_STATUS_IS_OK(status)) {
+ return LDB_ERR_OPERATIONS_ERROR;
}
- ret = ldb_search(ldb, mem_ctx, &acl_res, dn, LDB_SCOPE_BASE, acl_attrs, NULL);
+ ret = dsdb_search_dn(ldb, mem_ctx, &acl_res, dn, acl_attrs, DSDB_SEARCH_SHOW_DELETED);
if (ret != LDB_SUCCESS) {
DEBUG(10,("access_check: failed to find object %s\n", ldb_dn_get_linearized(dn)));
return ret;
@@ -160,9 +161,9 @@ int dsdb_check_access_on_dn(struct ldb_context *ldb,
return dsdb_check_access_on_dn_internal(ldb, acl_res,
mem_ctx,
- session_info->security_token,
+ token,
dn,
access,
- guid);
+ &guid);
}