diff options
author | Günther Deschner <gd@samba.org> | 2007-07-11 13:41:04 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:28:33 -0500 |
commit | 34d091f1c6867ac6bc6925fb99dd00724cf3c289 (patch) | |
tree | 4e1f0cb54e289169d56909dce7a01ef4c6db6c63 /source3 | |
parent | b62ade20d0721c694785fdd2882ea28b129bb0f1 (diff) | |
download | samba-34d091f1c6867ac6bc6925fb99dd00724cf3c289.tar.gz samba-34d091f1c6867ac6bc6925fb99dd00724cf3c289.tar.bz2 samba-34d091f1c6867ac6bc6925fb99dd00724cf3c289.zip |
r23839: Try to get the attribute name from schema GUIDs or the display name from
extended rights GUID from ad while dumping the security descriptors's aces.
This would perform much better with a guid cache, but for the rare cases where
it is used
net ads search cn=mymachine ntSecurityDescriptor -U user%pass
it should be ok for now.
Guenther
(This used to be commit b36913433eb74203b29f2b7d412a86e60591ea22)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/libads/disp_sec.c | 53 | ||||
-rw-r--r-- | source3/libads/ldap_schema.c | 2 |
2 files changed, 48 insertions, 7 deletions
diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c index 9ea332858f..4b9a9de23a 100644 --- a/source3/libads/disp_sec.c +++ b/source3/libads/disp_sec.c @@ -80,17 +80,45 @@ static void ads_disp_perms(uint32 type) puts(""); } -static void ads_disp_sec_ace_object(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct security_ace_object *object) +static const char *ads_interprete_guid_from_object(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + const struct GUID *guid) +{ + const char *ret = NULL; + + ret = ads_get_attrname_by_guid(ads, ads->config.schema_path, + mem_ctx, guid); + if (ret) { + return talloc_asprintf(mem_ctx, "LDAP attribute: \"%s\"", ret); + } + + ret = ads_get_extended_right_name_by_guid(ads, ads->config.config_path, + mem_ctx, guid); + + if (ret) { + return talloc_asprintf(mem_ctx, "Extended right: \"%s\"", ret); + } + + return ret; +} + +static void ads_disp_sec_ace_object(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + struct security_ace_object *object) { if (object->flags & SEC_ACE_OBJECT_PRESENT) { printf("Object type: SEC_ACE_OBJECT_PRESENT\n"); - printf("Object GUID: %s\n", smb_uuid_string_static( - object->type.type)); + printf("Object GUID: %s (%s)\n", smb_uuid_string_static( + object->type.type), + ads_interprete_guid_from_object(ads, mem_ctx, + &object->type.type)); } if (object->flags & SEC_ACE_OBJECT_INHERITED_PRESENT) { printf("Object type: SEC_ACE_OBJECT_INHERITED_PRESENT\n"); - printf("Object GUID: %s\n", smb_uuid_string_static( - object->inherited_type.inherited_type)); + printf("Object GUID: %s (%s)\n", smb_uuid_string_static( + object->inherited_type.inherited_type), + ads_interprete_guid_from_object(ads, mem_ctx, + &object->inherited_type.inherited_type)); } } @@ -156,7 +184,20 @@ static void ads_disp_acl(SEC_ACL *sec_acl, const char *type) void ads_disp_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, SEC_DESC *sd) { int i; - + char *tmp_path = NULL; + + if (!ads->config.schema_path) { + if (ADS_ERR_OK(ads_schema_path(ads, mem_ctx, &tmp_path))) { + ads->config.schema_path = SMB_STRDUP(tmp_path); + } + } + + if (!ads->config.config_path) { + if (ADS_ERR_OK(ads_config_path(ads, mem_ctx, &tmp_path))) { + ads->config.config_path = SMB_STRDUP(tmp_path); + } + } + printf("-------------- Security Descriptor (revision: %d, type: 0x%02x)\n", sd->revision, sd->type); diff --git a/source3/libads/ldap_schema.c b/source3/libads/ldap_schema.c index 1cdd51faca..170ee65df7 100644 --- a/source3/libads/ldap_schema.c +++ b/source3/libads/ldap_schema.c @@ -195,7 +195,7 @@ failed: /********************************************************************* *********************************************************************/ -static ADS_STATUS ads_schema_path(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, char **schema_path) +ADS_STATUS ads_schema_path(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, char **schema_path) { ADS_STATUS status; LDAPMessage *res; |