1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

s4-dsdb: Added a function to check access on a particular object by its guid

Similar to dsdb_check_access_on_dn, only it searches by guid.
This commit is contained in:
Nadezhda Ivanova 2010-09-26 11:32:22 -07:00
parent 4d3f528411
commit dc9991ab0e

View File

@ -86,6 +86,43 @@ int dsdb_module_check_access_on_dn(struct ldb_module *module,
guid);
}
int dsdb_module_check_access_on_guid(struct ldb_module *module,
TALLOC_CTX *mem_ctx,
struct GUID *guid,
uint32_t access,
const struct GUID *oc_guid)
{
int ret;
struct ldb_result *acl_res;
static const char *acl_attrs[] = {
"nTSecurityDescriptor",
"objectSid",
NULL
};
struct ldb_context *ldb = ldb_module_get_ctx(module);
struct auth_session_info *session_info
= (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
if(!session_info) {
return ldb_operr(ldb);
}
ret = dsdb_module_search(module, mem_ctx, &acl_res, NULL, LDB_SCOPE_SUBTREE,
acl_attrs,
DSDB_FLAG_NEXT_MODULE |
DSDB_SEARCH_SHOW_DELETED,
"objectGUID=%s", GUID_string(mem_ctx, guid));
if (ret != LDB_SUCCESS || acl_res->count == 0) {
DEBUG(0,("access_check: failed to find object %s\n", GUID_string(mem_ctx, guid)));
return ret;
}
return dsdb_check_access_on_dn_internal(ldb, acl_res,
mem_ctx,
session_info->security_token,
acl_res->msgs[0]->dn,
access,
oc_guid);
}
int acl_check_access_on_attribute(struct ldb_module *module,
TALLOC_CTX *mem_ctx,
struct security_descriptor *sd,