mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
s4-dsdb: Added a function to check access on a particular object by its guid
Similar to dsdb_check_access_on_dn, only it searches by guid.
This commit is contained in:
parent
4d3f528411
commit
dc9991ab0e
@ -86,6 +86,43 @@ int dsdb_module_check_access_on_dn(struct ldb_module *module,
|
||||
guid);
|
||||
}
|
||||
|
||||
int dsdb_module_check_access_on_guid(struct ldb_module *module,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
struct GUID *guid,
|
||||
uint32_t access,
|
||||
const struct GUID *oc_guid)
|
||||
{
|
||||
int ret;
|
||||
struct ldb_result *acl_res;
|
||||
static const char *acl_attrs[] = {
|
||||
"nTSecurityDescriptor",
|
||||
"objectSid",
|
||||
NULL
|
||||
};
|
||||
struct ldb_context *ldb = ldb_module_get_ctx(module);
|
||||
struct auth_session_info *session_info
|
||||
= (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
|
||||
if(!session_info) {
|
||||
return ldb_operr(ldb);
|
||||
}
|
||||
ret = dsdb_module_search(module, mem_ctx, &acl_res, NULL, LDB_SCOPE_SUBTREE,
|
||||
acl_attrs,
|
||||
DSDB_FLAG_NEXT_MODULE |
|
||||
DSDB_SEARCH_SHOW_DELETED,
|
||||
"objectGUID=%s", GUID_string(mem_ctx, guid));
|
||||
|
||||
if (ret != LDB_SUCCESS || acl_res->count == 0) {
|
||||
DEBUG(0,("access_check: failed to find object %s\n", GUID_string(mem_ctx, guid)));
|
||||
return ret;
|
||||
}
|
||||
return dsdb_check_access_on_dn_internal(ldb, acl_res,
|
||||
mem_ctx,
|
||||
session_info->security_token,
|
||||
acl_res->msgs[0]->dn,
|
||||
access,
|
||||
oc_guid);
|
||||
}
|
||||
|
||||
int acl_check_access_on_attribute(struct ldb_module *module,
|
||||
TALLOC_CTX *mem_ctx,
|
||||
struct security_descriptor *sd,
|
||||
|
Loading…
Reference in New Issue
Block a user