diff options
-rw-r--r-- | source3/lib/display_sec.c | 34 | ||||
-rw-r--r-- | source3/utils/net_rpc_registry.c | 6 |
2 files changed, 36 insertions, 4 deletions
diff --git a/source3/lib/display_sec.c b/source3/lib/display_sec.c index 487ac8f4a0..8e92c84f3c 100644 --- a/source3/lib/display_sec.c +++ b/source3/lib/display_sec.c @@ -66,6 +66,31 @@ void display_sec_access(SEC_ACCESS *info) } /**************************************************************************** + display sec_ace flags + ****************************************************************************/ +void display_sec_ace_flags(uint8_t flags) +{ + if (flags & SEC_ACE_FLAG_OBJECT_INHERIT) + printf("SEC_ACE_FLAG_OBJECT_INHERIT "); + if (flags & SEC_ACE_FLAG_CONTAINER_INHERIT) + printf(" SEC_ACE_FLAG_CONTAINER_INHERIT "); + if (flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) + printf("SEC_ACE_FLAG_NO_PROPAGATE_INHERIT "); + if (flags & SEC_ACE_FLAG_INHERIT_ONLY) + printf("SEC_ACE_FLAG_INHERIT_ONLY "); + if (flags & SEC_ACE_FLAG_INHERITED_ACE) + printf("SEC_ACE_FLAG_INHERITED_ACE "); +/* if (flags & SEC_ACE_FLAG_VALID_INHERIT) + printf("SEC_ACE_FLAG_VALID_INHERIT "); */ + if (flags & SEC_ACE_FLAG_SUCCESSFUL_ACCESS) + printf("SEC_ACE_FLAG_SUCCESSFUL_ACCESS "); + if (flags & SEC_ACE_FLAG_FAILED_ACCESS) + printf("SEC_ACE_FLAG_FAILED_ACCESS "); + + printf("\n"); +} + +/**************************************************************************** display sec_ace object ****************************************************************************/ static void disp_sec_ace_object(struct security_ace_object *object) @@ -123,7 +148,8 @@ void display_sec_ace(SEC_ACE *ace) break; } - printf(" (%d) flags: %d\n", ace->type, ace->flags); + printf(" (%d) flags: 0x%02x ", ace->type, ace->flags); + display_sec_ace_flags(ace->flags); display_sec_access(&ace->access_mask); sid_to_string(sid_str, &ace->trustee); printf("\t\tSID: %s\n\n", sid_str); @@ -145,9 +171,11 @@ void display_sec_acl(SEC_ACL *sec_acl) sec_acl->num_aces, sec_acl->revision); printf("\t---\n"); - if (sec_acl->size != 0 && sec_acl->num_aces != 0) - for (i = 0; i < sec_acl->num_aces; i++) + if (sec_acl->size != 0 && sec_acl->num_aces != 0) { + for (i = 0; i < sec_acl->num_aces; i++) { display_sec_ace(&sec_acl->aces[i]); + } + } } void display_acl_type(uint16 type) diff --git a/source3/utils/net_rpc_registry.c b/source3/utils/net_rpc_registry.c index 915ce5f9aa..e1d65fb06b 100644 --- a/source3/utils/net_rpc_registry.c +++ b/source3/utils/net_rpc_registry.c @@ -990,6 +990,9 @@ static NTSTATUS rpc_registry_getsd_internal(const DOM_SID *domain_sid, uint32_t sec_info; DATA_BLOB blob; struct security_descriptor sec_desc; + uint32_t access_mask = REG_KEY_READ | + SEC_RIGHT_MAXIMUM_ALLOWED | + SEC_RIGHT_SYSTEM_SECURITY; if (argc <1 || argc > 2) { d_printf("Usage: net rpc registry getsd <path> <secinfo>\n"); @@ -997,7 +1000,8 @@ static NTSTATUS rpc_registry_getsd_internal(const DOM_SID *domain_sid, return NT_STATUS_OK; } - status = registry_openkey(mem_ctx, pipe_hnd, argv[0], REG_KEY_READ, + status = registry_openkey(mem_ctx, pipe_hnd, argv[0], + access_mask, &pol_hive, &pol_key); if (!NT_STATUS_IS_OK(status)) { d_fprintf(stderr, "registry_openkey failed: %s\n", |