From dc9991ab0e191fe5b7dadbcf1d9e57b9ecbd7958 Mon Sep 17 00:00:00 2001
From: Nadezhda Ivanova <nivanova@samba.org>
Date: Sun, 26 Sep 2010 11:32:22 -0700
Subject: s4-dsdb: Added a function to check access on a particular object by
 its guid

Similar to dsdb_check_access_on_dn, only it searches by guid.
---
 source4/dsdb/samdb/ldb_modules/acl_util.c | 37 +++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

(limited to 'source4/dsdb/samdb')

diff --git a/source4/dsdb/samdb/ldb_modules/acl_util.c b/source4/dsdb/samdb/ldb_modules/acl_util.c
index 27d7fa8cdd..6873e56abd 100644
--- a/source4/dsdb/samdb/ldb_modules/acl_util.c
+++ b/source4/dsdb/samdb/ldb_modules/acl_util.c
@@ -86,6 +86,43 @@ int dsdb_module_check_access_on_dn(struct ldb_module *module,
 						guid);
 }
 
+int dsdb_module_check_access_on_guid(struct ldb_module *module,
+				     TALLOC_CTX *mem_ctx,
+				     struct GUID *guid,
+				     uint32_t access,
+				     const struct GUID *oc_guid)
+{
+	int ret;
+	struct ldb_result *acl_res;
+	static const char *acl_attrs[] = {
+		"nTSecurityDescriptor",
+		"objectSid",
+		NULL
+	};
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	struct auth_session_info *session_info
+		= (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
+	if(!session_info) {
+		return ldb_operr(ldb);
+	}
+	ret = dsdb_module_search(module, mem_ctx, &acl_res, NULL, LDB_SCOPE_SUBTREE,
+				 acl_attrs,
+				 DSDB_FLAG_NEXT_MODULE |
+				 DSDB_SEARCH_SHOW_DELETED,
+				 "objectGUID=%s", GUID_string(mem_ctx, guid));
+
+	if (ret != LDB_SUCCESS || acl_res->count == 0) {
+		DEBUG(0,("access_check: failed to find object %s\n", GUID_string(mem_ctx, guid)));
+		return ret;
+	}
+	return dsdb_check_access_on_dn_internal(ldb, acl_res,
+						mem_ctx,
+						session_info->security_token,
+						acl_res->msgs[0]->dn,
+						access,
+						oc_guid);
+}
+
 int acl_check_access_on_attribute(struct ldb_module *module,
 				  TALLOC_CTX *mem_ctx,
 				  struct security_descriptor *sd,
-- 
cgit