diff options
author | Tim Potter <tpot@samba.org> | 2000-12-13 12:53:42 +0000 |
---|---|---|
committer | Tim Potter <tpot@samba.org> | 2000-12-13 12:53:42 +0000 |
commit | 56ee3e2e2f19164e7d0f873a43be2cfb5970d2f3 (patch) | |
tree | b2b9a6fd82c62b5754620309560f88d5086e7afe /source3/utils | |
parent | 16e05346e56edac2fc85243a36e7b9047c2d8b58 (diff) | |
download | samba-56ee3e2e2f19164e7d0f873a43be2cfb5970d2f3.tar.gz samba-56ee3e2e2f19164e7d0f873a43be2cfb5970d2f3.tar.bz2 samba-56ee3e2e2f19164e7d0f873a43be2cfb5970d2f3.zip |
Convert names to sids when modifying ACLs. Convert sids to names when
displaying ACLs.
(This used to be commit 5001bbc64be62af1597eb334e5b530b415d62a6b)
Diffstat (limited to 'source3/utils')
-rw-r--r-- | source3/utils/smbcacls.c | 78 |
1 files changed, 68 insertions, 10 deletions
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c index ae852b3e3c..1ffd7495d0 100644 --- a/source3/utils/smbcacls.c +++ b/source3/utils/smbcacls.c @@ -24,6 +24,7 @@ static fstring password; static fstring username; +static fstring server; static int got_pass; static int test_args; @@ -60,27 +61,85 @@ static struct perm_value standard_values[] = { /* convert a SID to a string, either numeric or username/group */ static void SidToString(fstring str, DOM_SID *sid) { - if (numeric) { + struct cli_state cli; + POLICY_HND pol; + struct ntuser_creds creds; + char **names; + uint32 *types; + int num_names; + + ZERO_STRUCT(creds); + ZERO_STRUCT(cli); + ZERO_STRUCT(pol); + + creds.pwd.null_pwd = 1; + + if (numeric || !cli_lsa_initialise(&cli, server, &creds) || + cli_lsa_open_policy(&cli, True, SEC_RIGHTS_MAXIMUM_ALLOWED, + &pol) != NT_STATUS_NOPROBLEMO || + cli_lsa_lookup_sids(&cli, &pol, 1, sid, &names, &types, + &num_names) != NT_STATUS_NOPROBLEMO) { sid_to_string(str, sid); - } else { + goto done; + } - /* Need to add LSA lookups */ + fstrcpy(str, names[0]); - sid_to_string(str, sid); + safe_free(names[0]); + safe_free(names); + safe_free(types); + + done: + if (cli.initialised) { + cli_lsa_close(&cli, &pol); + cli_lsa_shutdown(&cli); } } /* convert a string to a SID, either numeric or username/group */ static BOOL StringToSid(DOM_SID *sid, fstring str) { - if (strncmp(str,"S-", 2) == 0) { + uint32 *types; + struct cli_state cli; + struct ntuser_creds creds; + POLICY_HND pol; + int num_sids; + BOOL result = True; + DOM_SID *sids; + + /* Short cut */ + + if (strncmp(str, "S-", 2) == 0) { return string_to_sid(sid, str); - } else { + } - /* Need to add LSA lookups */ + ZERO_STRUCT(creds); + ZERO_STRUCT(cli); + ZERO_STRUCT(pol); - return string_to_sid(sid, str); + creds.pwd.null_pwd = 1; + + if (!cli_lsa_initialise(&cli, server, &creds) || + cli_lsa_open_policy(&cli, True, SEC_RIGHTS_MAXIMUM_ALLOWED, + &pol) != NT_STATUS_NOPROBLEMO || + cli_lsa_lookup_names(&cli, &pol, 1, &str, &sids, &types, + &num_sids) != NT_STATUS_NOPROBLEMO) { + result = string_to_sid(sid, str); + goto done; + } + + sid_copy(sid, &sids[0]); + + safe_free(sids); + safe_free(types); + + done: + if (cli.initialised) { + cli_lsa_close(&cli, &pol); + cli_lsa_shutdown(&cli); } + + return result; } @@ -178,7 +237,7 @@ static BOOL parse_ace(SEC_ACE *ace, char *str) /* Try to parse text form */ - if (!string_to_sid(&sid, str)) { + if (!StringToSid(&sid, str)) { return False; } @@ -516,7 +575,6 @@ struct cli_state *connect_one(char *share) struct cli_state *c; struct nmb_name called, calling; char *server_n; - fstring server; struct in_addr ip; extern struct in_addr ipzero; extern pstring global_myname; |