diff options
| author | Andrew Tridgell <tridge@samba.org> | 2005-12-09 23:43:02 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:47:16 -0500 |
| commit | d811ea17bb3a487b8bdcd2f9aa8dc4ba5cb2ab01 (patch) | |
| tree | 128dae49d8b57ee988e72b4b1217798484672344 /source4/lib | |
| parent | 7b090b06bf494bcc9bbd080ec2f8761659d8cc6b (diff) | |
| download | samba-d811ea17bb3a487b8bdcd2f9aa8dc4ba5cb2ab01.tar.gz samba-d811ea17bb3a487b8bdcd2f9aa8dc4ba5cb2ab01.tar.bz2 samba-d811ea17bb3a487b8bdcd2f9aa8dc4ba5cb2ab01.zip | |
r12158: added ldif handlers for the ntSecurityDescriptor attribute, so when
displaying security descriptors in ldbsearch or ldbedit you can see
the SDDL version.
This also allows us to specify security descriptors in our
setup/*.ldif files in SDDL format, which is much more convenient than
the NDR binary format!
(This used to be commit 8185731c1846412c1b3366824cdb3d05b2d50b73)
Diffstat (limited to 'source4/lib')
| -rw-r--r-- | source4/lib/ldb/samba/ldif_handlers.c | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/source4/lib/ldb/samba/ldif_handlers.c b/source4/lib/ldb/samba/ldif_handlers.c index dab3552b01..6d2e4349cf 100644 --- a/source4/lib/ldb/samba/ldif_handlers.c +++ b/source4/lib/ldb/samba/ldif_handlers.c @@ -214,6 +214,65 @@ static int ldb_canonicalise_objectGUID(struct ldb_context *ldb, void *mem_ctx, return ldb_handler_copy(ldb, mem_ctx, in, out); } + +/* + convert a ldif (SDDL) formatted ntSecurityDescriptor to a NDR formatted blob +*/ +static int ldif_read_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *in, struct ldb_val *out) +{ + struct security_descriptor *sd; + NTSTATUS status; + const struct dom_sid *domain_sid = samdb_domain_sid(ldb); + if (domain_sid == NULL) { + return ldb_handler_copy(ldb, mem_ctx, in, out); + } + sd = sddl_decode(mem_ctx, (const char *)in->data, domain_sid); + if (sd == NULL) { + return -1; + } + status = ndr_push_struct_blob(out, mem_ctx, sd, + (ndr_push_flags_fn_t)ndr_push_security_descriptor); + talloc_free(sd); + if (!NT_STATUS_IS_OK(status)) { + return -1; + } + return 0; +} + +/* + convert a NDR formatted blob to a ldif formatted ntSecurityDescriptor (SDDL format) +*/ +static int ldif_write_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *in, struct ldb_val *out) +{ + struct security_descriptor *sd; + NTSTATUS status; + const struct dom_sid *domain_sid = samdb_domain_sid(ldb); + + if (domain_sid == NULL) { + return ldb_handler_copy(ldb, mem_ctx, in, out); + } + + sd = talloc(mem_ctx, struct security_descriptor); + if (sd == NULL) { + return -1; + } + status = ndr_pull_struct_blob(in, sd, sd, + (ndr_pull_flags_fn_t)ndr_pull_security_descriptor); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(sd); + return -1; + } + out->data = (uint8_t *)sddl_encode(mem_ctx, sd, domain_sid); + talloc_free(sd); + if (out->data == NULL) { + return -1; + } + out->length = strlen((const char *)out->data); + return 0; +} + static const struct ldb_attrib_handler samba_handlers[] = { { .attr = "objectSid", @@ -232,6 +291,14 @@ static const struct ldb_attrib_handler samba_handlers[] = { .comparison_fn = ldb_comparison_objectSid }, { + .attr = "ntSecurityDescriptor", + .flags = 0, + .ldif_read_fn = ldif_read_ntSecurityDescriptor, + .ldif_write_fn = ldif_write_ntSecurityDescriptor, + .canonicalise_fn = ldb_handler_copy, + .comparison_fn = ldb_comparison_binary + }, + { .attr = "objectGUID", .flags = 0, .ldif_read_fn = ldif_read_objectGUID, |