summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2007-07-11 13:41:04 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:28:33 -0500
commit34d091f1c6867ac6bc6925fb99dd00724cf3c289 (patch)
tree4e1f0cb54e289169d56909dce7a01ef4c6db6c63 /source3
parentb62ade20d0721c694785fdd2882ea28b129bb0f1 (diff)
downloadsamba-34d091f1c6867ac6bc6925fb99dd00724cf3c289.tar.gz
samba-34d091f1c6867ac6bc6925fb99dd00724cf3c289.tar.bz2
samba-34d091f1c6867ac6bc6925fb99dd00724cf3c289.zip
r23839: Try to get the attribute name from schema GUIDs or the display name from
extended rights GUID from ad while dumping the security descriptors's aces. This would perform much better with a guid cache, but for the rare cases where it is used net ads search cn=mymachine ntSecurityDescriptor -U user%pass it should be ok for now. Guenther (This used to be commit b36913433eb74203b29f2b7d412a86e60591ea22)
Diffstat (limited to 'source3')
-rw-r--r--source3/libads/disp_sec.c53
-rw-r--r--source3/libads/ldap_schema.c2
2 files changed, 48 insertions, 7 deletions
diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c
index 9ea332858f..4b9a9de23a 100644
--- a/source3/libads/disp_sec.c
+++ b/source3/libads/disp_sec.c
@@ -80,17 +80,45 @@ static void ads_disp_perms(uint32 type)
puts("");
}
-static void ads_disp_sec_ace_object(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct security_ace_object *object)
+static const char *ads_interprete_guid_from_object(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ const struct GUID *guid)
+{
+ const char *ret = NULL;
+
+ ret = ads_get_attrname_by_guid(ads, ads->config.schema_path,
+ mem_ctx, guid);
+ if (ret) {
+ return talloc_asprintf(mem_ctx, "LDAP attribute: \"%s\"", ret);
+ }
+
+ ret = ads_get_extended_right_name_by_guid(ads, ads->config.config_path,
+ mem_ctx, guid);
+
+ if (ret) {
+ return talloc_asprintf(mem_ctx, "Extended right: \"%s\"", ret);
+ }
+
+ return ret;
+}
+
+static void ads_disp_sec_ace_object(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ struct security_ace_object *object)
{
if (object->flags & SEC_ACE_OBJECT_PRESENT) {
printf("Object type: SEC_ACE_OBJECT_PRESENT\n");
- printf("Object GUID: %s\n", smb_uuid_string_static(
- object->type.type));
+ printf("Object GUID: %s (%s)\n", smb_uuid_string_static(
+ object->type.type),
+ ads_interprete_guid_from_object(ads, mem_ctx,
+ &object->type.type));
}
if (object->flags & SEC_ACE_OBJECT_INHERITED_PRESENT) {
printf("Object type: SEC_ACE_OBJECT_INHERITED_PRESENT\n");
- printf("Object GUID: %s\n", smb_uuid_string_static(
- object->inherited_type.inherited_type));
+ printf("Object GUID: %s (%s)\n", smb_uuid_string_static(
+ object->inherited_type.inherited_type),
+ ads_interprete_guid_from_object(ads, mem_ctx,
+ &object->inherited_type.inherited_type));
}
}
@@ -156,7 +184,20 @@ static void ads_disp_acl(SEC_ACL *sec_acl, const char *type)
void ads_disp_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, SEC_DESC *sd)
{
int i;
-
+ char *tmp_path = NULL;
+
+ if (!ads->config.schema_path) {
+ if (ADS_ERR_OK(ads_schema_path(ads, mem_ctx, &tmp_path))) {
+ ads->config.schema_path = SMB_STRDUP(tmp_path);
+ }
+ }
+
+ if (!ads->config.config_path) {
+ if (ADS_ERR_OK(ads_config_path(ads, mem_ctx, &tmp_path))) {
+ ads->config.config_path = SMB_STRDUP(tmp_path);
+ }
+ }
+
printf("-------------- Security Descriptor (revision: %d, type: 0x%02x)\n",
sd->revision,
sd->type);
diff --git a/source3/libads/ldap_schema.c b/source3/libads/ldap_schema.c
index 1cdd51faca..170ee65df7 100644
--- a/source3/libads/ldap_schema.c
+++ b/source3/libads/ldap_schema.c
@@ -195,7 +195,7 @@ failed:
/*********************************************************************
*********************************************************************/
-static ADS_STATUS ads_schema_path(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, char **schema_path)
+ADS_STATUS ads_schema_path(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, char **schema_path)
{
ADS_STATUS status;
LDAPMessage *res;