#include "param/param.h"
#include "auth/auth.h"
#include "dsdb/samdb/samdb.h"
+#include "dsdb/common/util.h"
void dsdb_acl_debug(struct security_descriptor *sd,
struct security_token *token,
int dsdb_check_access_on_dn(struct ldb_context *ldb,
TALLOC_CTX *mem_ctx,
struct ldb_dn *dn,
+ struct security_token *token,
uint32_t access,
- const struct GUID *guid)
+ const char *ext_right)
{
int ret;
+ struct GUID guid;
struct ldb_result *acl_res;
static const char *acl_attrs[] = {
"nTSecurityDescriptor",
"objectSid",
NULL
};
-
- struct auth_session_info *session_info
- = (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
- if(!session_info) {
- return ldb_operr(ldb);
+ NTSTATUS status = GUID_from_string(ext_right, &guid);
+ if (!NT_STATUS_IS_OK(status)) {
+ return LDB_ERR_OPERATIONS_ERROR;
}
- ret = ldb_search(ldb, mem_ctx, &acl_res, dn, LDB_SCOPE_BASE, acl_attrs, NULL);
+ ret = dsdb_search_dn(ldb, mem_ctx, &acl_res, dn, acl_attrs, DSDB_SEARCH_SHOW_DELETED);
if (ret != LDB_SUCCESS) {
DEBUG(10,("access_check: failed to find object %s\n", ldb_dn_get_linearized(dn)));
return ret;
return dsdb_check_access_on_dn_internal(ldb, acl_res,
mem_ctx,
- session_info->security_token,
+ token,
dn,
access,
- guid);
+ &guid);
}