#include "libcli/ldap/ldap_ndr.h"
#include "param/param.h"
#include "auth/auth.h"
+#include "dsdb/samdb/samdb.h"
void dsdb_acl_debug(struct security_descriptor *sd,
struct security_token *token,
return LDB_SUCCESS;
}
-int dsdb_get_dom_sid_from_ldb_message(TALLOC_CTX *mem_ctx,
- struct ldb_message *acl_res,
- struct dom_sid **sid)
-{
- struct ldb_message_element *sid_element;
- enum ndr_err_code ndr_err;
-
- sid_element = ldb_msg_find_element(acl_res, "objectSid");
- if (!sid_element) {
- *sid = NULL;
- return LDB_SUCCESS;
- }
- *sid = talloc(mem_ctx, struct dom_sid);
- if(!*sid) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
- ndr_err = ndr_pull_struct_blob(&sid_element->values[0], *sid, NULL, *sid,
- (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
-
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- return LDB_SUCCESS;
-}
-
int dsdb_check_access_on_dn_internal(struct ldb_result *acl_res,
TALLOC_CTX *mem_ctx,
struct security_token *token,
if (!sd) {
return LDB_SUCCESS;
}
- ret = dsdb_get_dom_sid_from_ldb_message(mem_ctx, acl_res->msgs[0], &sid);
- if (ret != LDB_SUCCESS) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
+ sid = samdb_result_dom_sid(mem_ctx, acl_res->msgs[0], "objectSid");
if (guid) {
if (!insert_in_object_tree(mem_ctx, guid, access, &root, &new_node)) {
return LDB_ERR_OPERATIONS_ERROR;
if (ret != LDB_SUCCESS) {
return ret;
}
- ret = dsdb_get_dom_sid_from_ldb_message(mem_ctx, sd_msg, &sid);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
+ sid = samdb_result_dom_sid(mem_ctx, sd_msg, "objectSid");
for (i=0; attr_list && attr_list[i]; i++) {
const struct dsdb_attribute *attr = dsdb_attribute_by_lDAPDisplayName(schema,
attr_list[i]);
if (ret != LDB_SUCCESS) {
return ret;
}
- ret = dsdb_get_dom_sid_from_ldb_message(msg, sd_msg, &sid);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
+ sid = samdb_result_dom_sid(msg, sd_msg, "objectSid");
for (i=0; oc_el && i < oc_el->num_values; i++) {
sclass = dsdb_class_by_lDAPDisplayName_ldb_val(schema, &oc_el->values[i]);
if (!sclass) {
if (ret != LDB_SUCCESS) {
return ret;
}
- ret = dsdb_get_dom_sid_from_ldb_message(msg, sd_msg, &sid);
-
- if (ret != LDB_SUCCESS) {
- return ret;
- }
+ sid = samdb_result_dom_sid(msg, sd_msg, "objectSid");
ret = acl_check_access_on_attribute(module,
msg,
sd,
DEBUG(10, ("acl_modify: cannot get guid\n"));
goto fail;
}
-
- ret = dsdb_get_dom_sid_from_ldb_message(req, acl_res->msgs[0], &sid);
- if (ret != LDB_SUCCESS) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
+ sid = samdb_result_dom_sid(req, acl_res->msgs[0], "objectSid");
if (!insert_in_object_tree(tmp_ctx, guid, SEC_ADS_WRITE_PROP,
&root, &new_node)) {
DEBUG(10, ("acl_modify: cannot add to object tree\n"));
if (!sd) {
return LDB_SUCCESS;
}
- ret = dsdb_get_dom_sid_from_ldb_message(req, acl_res->msgs[0], &sid);
- if (ret != LDB_SUCCESS) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
+ sid = samdb_result_dom_sid(req, acl_res->msgs[0], "objectSid");
status = sec_access_check_ds(sd, acl_user_token(module),
SEC_ADS_WRITE_PROP,
&access_granted,