summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAmitay Isaacs <amitay@gmail.com>2011-07-15 11:25:36 +1000
committerAndrew Tridgell <tridge@samba.org>2011-07-28 15:20:51 +1000
commitef5e9ec3e309d033ad3916ca95daa0f2a96d95b7 (patch)
tree80c529d2686841a2abc28dea71d47f90a8b5f372
parent197996c3df81cc82bb12ee87118f112de9921813 (diff)
downloadsamba-ef5e9ec3e309d033ad3916ca95daa0f2a96d95b7.tar.gz
samba-ef5e9ec3e309d033ad3916ca95daa0f2a96d95b7.tar.bz2
samba-ef5e9ec3e309d033ad3916ca95daa0f2a96d95b7.zip
ldb-samba: Allow --show-binary flag on defaultSecurityDescriptor
This allows users to display defaultSecurityDescriptor in fully expanded form. Pair-Programmed-With: Andrew Tridgell <tridge@samba.org> Signed-off-by: Andrew Tridgell <tridge@samba.org>
-rw-r--r--lib/ldb-samba/ldif_handlers.c30
-rw-r--r--lib/ldb-samba/ldif_handlers.h1
2 files changed, 31 insertions, 0 deletions
diff --git a/lib/ldb-samba/ldif_handlers.c b/lib/ldb-samba/ldif_handlers.c
index af3c4b46e1..bb5232a8f5 100644
--- a/lib/ldb-samba/ldif_handlers.c
+++ b/lib/ldb-samba/ldif_handlers.c
@@ -426,6 +426,28 @@ static int ldif_write_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ct
return 0;
}
+/*
+ convert a string formatted SDDL to a ldif formatted ntSecurityDescriptor (SDDL format)
+*/
+static int ldif_write_sddlSecurityDescriptor(struct ldb_context *ldb, void *mem_ctx,
+ const struct ldb_val *in, struct ldb_val *out)
+{
+ if (ldb_get_flags(ldb) & LDB_FLG_SHOW_BINARY) {
+ struct security_descriptor *sd;
+ const struct dom_sid *sid = samdb_domain_sid(ldb);
+
+ sd = sddl_decode(mem_ctx, (const char *)in->data, sid);
+ out->data = (uint8_t *)ndr_print_struct_string(mem_ctx,
+ (ndr_print_fn_t)ndr_print_security_descriptor,
+ "SDDL", sd);
+ out->length = strlen((const char *)out->data);
+ talloc_free(sd);
+ return 0;
+ }
+
+ return ldb_handler_copy(ldb, mem_ctx, in, out);
+}
+
/*
canonicalise an objectCategory. We use the short form as the canonical form:
cn=Person,cn=Schema,cn=Configuration,<basedn> becomes 'person'
@@ -1123,6 +1145,13 @@ static const struct ldb_schema_syntax samba_syntaxes[] = {
.comparison_fn = ldb_comparison_binary,
.operator_fn = samba_syntax_operator_fn
},{
+ .name = LDB_SYNTAX_SAMBA_SDDL_SECURITY_DESCRIPTOR,
+ .ldif_read_fn = ldb_handler_copy,
+ .ldif_write_fn = ldif_write_sddlSecurityDescriptor,
+ .canonicalise_fn = ldb_handler_fold,
+ .comparison_fn = ldb_comparison_fold,
+ .operator_fn = samba_syntax_operator_fn
+ },{
.name = LDB_SYNTAX_SAMBA_GUID,
.ldif_read_fn = ldif_read_objectGUID,
.ldif_write_fn = ldif_write_objectGUID,
@@ -1297,6 +1326,7 @@ static const struct {
{ "rIDAllocationPool", LDB_SYNTAX_SAMBA_RANGE64 },
{ "rIDPreviousAllocationPool", LDB_SYNTAX_SAMBA_RANGE64 },
{ "rIDAvailablePool", LDB_SYNTAX_SAMBA_RANGE64 },
+ { "defaultSecurityDescriptor", LDB_SYNTAX_SAMBA_SDDL_SECURITY_DESCRIPTOR },
/*
* these are extracted by searching
diff --git a/lib/ldb-samba/ldif_handlers.h b/lib/ldb-samba/ldif_handlers.h
index 62903c4a96..75ae7bd74c 100644
--- a/lib/ldb-samba/ldif_handlers.h
+++ b/lib/ldb-samba/ldif_handlers.h
@@ -14,6 +14,7 @@
#define LDB_SYNTAX_SAMBA_RANGE64 "LDB_SYNTAX_SAMBA_RANGE64"
#define LDB_SYNTAX_SAMBA_DNSRECORD "LDB_SYNTAX_SAMBA_DNSRECORD"
#define LDB_SYNTAX_SAMBA_SUPPLEMENTALCREDENTIALS "LDB_SYNTAX_SAMBA_SUPPLEMENTALCREDENTIALS"
+#define LDB_SYNTAX_SAMBA_SDDL_SECURITY_DESCRIPTOR "LDB_SYNTAX_SAMBA_SDDL"
#include "lib/ldb-samba/ldif_handlers_proto.h"
#undef _PRINTF_ATTRIBUTE