1 files changed, 10 insertions, 9 deletions

diff --git a/source4/dsdb/common/dsdb_access.c b/source4/dsdb/common/dsdb_access.c
index c7d8610c50..ebbe4f43b1 100644
--- a/source4/dsdb/common/dsdb_access.c
+++ b/source4/dsdb/common/dsdb_access.c
@@ -35,6 +35,7 @@
 #include "param/param.h"
 #include "auth/auth.h"
 #include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
 
 void dsdb_acl_debug(struct security_descriptor *sd,
 		      struct security_token *token,
@@ -135,24 +136,24 @@ int dsdb_check_access_on_dn_internal(struct ldb_context *ldb,
 int dsdb_check_access_on_dn(struct ldb_context *ldb,
 			    TALLOC_CTX *mem_ctx,
 			    struct ldb_dn *dn,
+			    struct security_token *token,
 			    uint32_t access,
-			    const struct GUID *guid)
+			    const char *ext_right)
 {
 	int ret;
+	struct GUID guid;
 	struct ldb_result *acl_res;
 	static const char *acl_attrs[] = {
 		"nTSecurityDescriptor",
 		"objectSid",
 		NULL
 	};
-
-	struct auth_session_info *session_info
-		= (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
-	if(!session_info) {
-		return ldb_operr(ldb);
+	NTSTATUS status = GUID_from_string(ext_right, &guid);
+	if (!NT_STATUS_IS_OK(status)) {
+		return LDB_ERR_OPERATIONS_ERROR;
 	}
 
-	ret = ldb_search(ldb, mem_ctx, &acl_res, dn, LDB_SCOPE_BASE, acl_attrs, NULL);
+	ret = dsdb_search_dn(ldb, mem_ctx, &acl_res, dn, acl_attrs, DSDB_SEARCH_SHOW_DELETED);
 	if (ret != LDB_SUCCESS) {
 		DEBUG(10,("access_check: failed to find object %s\n", ldb_dn_get_linearized(dn)));
 		return ret;
@@ -160,9 +161,9 @@ int dsdb_check_access_on_dn(struct ldb_context *ldb,
 
 	return dsdb_check_access_on_dn_internal(ldb, acl_res,
 						mem_ctx,
-						session_info->security_token,
+						token,
 						dn,
 						access,
-						guid);
+						&guid);
 }