int dsdb_module_check_access_on_dn(struct ldb_module *module,
TALLOC_CTX *mem_ctx,
struct ldb_dn *dn,
- uint32_t access,
- const struct GUID *guid)
+ uint32_t access_mask,
+ const struct GUID *guid,
+ struct ldb_request *parent)
{
int ret;
struct ldb_result *acl_res;
ret = dsdb_module_search_dn(module, mem_ctx, &acl_res, dn,
acl_attrs,
DSDB_FLAG_NEXT_MODULE |
- DSDB_SEARCH_SHOW_DELETED);
+ DSDB_SEARCH_SHOW_RECYCLED,
+ parent);
if (ret != LDB_SUCCESS) {
- DEBUG(0,("access_check: failed to find object %s\n", ldb_dn_get_linearized(dn)));
+ ldb_asprintf_errstring(ldb_module_get_ctx(module),
+ "access_check: failed to find object %s\n",
+ ldb_dn_get_linearized(dn));
return ret;
}
return dsdb_check_access_on_dn_internal(ldb, acl_res,
mem_ctx,
session_info->security_token,
dn,
- access,
+ access_mask,
guid);
}
TALLOC_CTX *mem_ctx,
struct security_descriptor *sd,
struct dom_sid *rp_sid,
- uint32_t access,
+ uint32_t access_mask,
const struct dsdb_attribute *attr)
{
int ret;
if (attr) {
if (!GUID_all_zero(&attr->attributeSecurityGUID)) {
if (!insert_in_object_tree(tmp_ctx,
- &attr->attributeSecurityGUID, access,
- &root, &new_node)) {
+ &attr->attributeSecurityGUID,
+ access_mask, &root,
+ &new_node)) {
DEBUG(10, ("acl_search: cannot add to object tree securityGUID\n"));
goto fail;
}
if (!insert_in_object_tree(tmp_ctx,
- &attr->schemaIDGUID, access, &new_node, &new_node)) {
+ &attr->schemaIDGUID,
+ access_mask, &new_node,
+ &new_node)) {
DEBUG(10, ("acl_search: cannot add to object tree attributeGUID\n"));
goto fail;
}
}
else {
if (!insert_in_object_tree(tmp_ctx,
- &attr->schemaIDGUID, access, &root, &new_node)) {
+ &attr->schemaIDGUID,
+ access_mask, &root,
+ &new_node)) {
DEBUG(10, ("acl_search: cannot add to object tree attributeGUID\n"));
goto fail;
}
}
}
status = sec_access_check_ds(sd, token,
- access,
+ access_mask,
&access_granted,
root,
rp_sid);
return ldb_operr(ldb_module_get_ctx(module));
}
-int acl_check_access_on_class(struct ldb_module *module,
- const struct dsdb_schema *schema,
- TALLOC_CTX *mem_ctx,
- struct security_descriptor *sd,
- struct dom_sid *rp_sid,
- uint32_t access,
- const char *class_name)
-{
- int ret;
- NTSTATUS status;
- uint32_t access_granted;
- struct object_tree *root = NULL;
- struct object_tree *new_node = NULL;
- const struct GUID *guid;
- TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
- struct security_token *token = acl_user_token(module);
- if (class_name) {
- guid = class_schemaid_guid_by_lDAPDisplayName(schema, class_name);
- if (!guid) {
- DEBUG(10, ("acl_search: cannot find class %s\n",
- class_name));
- goto fail;
- }
- if (!insert_in_object_tree(tmp_ctx,
- guid, access,
- &root, &new_node)) {
- DEBUG(10, ("acl_search: cannot add to object tree guid\n"));
- goto fail;
- }
- }
- status = sec_access_check_ds(sd, token,
- access,
- &access_granted,
- root,
- rp_sid);
- if (!NT_STATUS_IS_OK(status)) {
- ret = LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
- }
- else {
- ret = LDB_SUCCESS;
- }
- return ret;
-fail:
- return ldb_operr(ldb_module_get_ctx(module));
-}
-
-const struct GUID *get_oc_guid_from_message(struct ldb_module *module,
- const struct dsdb_schema *schema,
- struct ldb_message *msg)
-{
- struct ldb_message_element *oc_el;
-
- oc_el = ldb_msg_find_element(msg, "objectClass");
- if (!oc_el) {
- return NULL;
- }
-
- return class_schemaid_guid_by_lDAPDisplayName(schema,
- (char *)oc_el->values[oc_el->num_values-1].data);
-}
-
/* checks for validated writes */
int acl_check_extended_right(TALLOC_CTX *mem_ctx,
}
return talloc_asprintf(mem_ctx, "%s\\%s",
- session_info->server_info->domain_name,
- session_info->server_info->account_name);
+ session_info->info->domain_name,
+ session_info->info->account_name);
}
git.samba.org / amitay / samba.git / blobdiff