summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/lib/display_sec.c34
-rw-r--r--source3/utils/net_rpc_registry.c6
2 files changed, 36 insertions, 4 deletions
diff --git a/source3/lib/display_sec.c b/source3/lib/display_sec.c
index 487ac8f4a0..8e92c84f3c 100644
--- a/source3/lib/display_sec.c
+++ b/source3/lib/display_sec.c
@@ -66,6 +66,31 @@ void display_sec_access(SEC_ACCESS *info)
}
/****************************************************************************
+ display sec_ace flags
+ ****************************************************************************/
+void display_sec_ace_flags(uint8_t flags)
+{
+ if (flags & SEC_ACE_FLAG_OBJECT_INHERIT)
+ printf("SEC_ACE_FLAG_OBJECT_INHERIT ");
+ if (flags & SEC_ACE_FLAG_CONTAINER_INHERIT)
+ printf(" SEC_ACE_FLAG_CONTAINER_INHERIT ");
+ if (flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)
+ printf("SEC_ACE_FLAG_NO_PROPAGATE_INHERIT ");
+ if (flags & SEC_ACE_FLAG_INHERIT_ONLY)
+ printf("SEC_ACE_FLAG_INHERIT_ONLY ");
+ if (flags & SEC_ACE_FLAG_INHERITED_ACE)
+ printf("SEC_ACE_FLAG_INHERITED_ACE ");
+/* if (flags & SEC_ACE_FLAG_VALID_INHERIT)
+ printf("SEC_ACE_FLAG_VALID_INHERIT "); */
+ if (flags & SEC_ACE_FLAG_SUCCESSFUL_ACCESS)
+ printf("SEC_ACE_FLAG_SUCCESSFUL_ACCESS ");
+ if (flags & SEC_ACE_FLAG_FAILED_ACCESS)
+ printf("SEC_ACE_FLAG_FAILED_ACCESS ");
+
+ printf("\n");
+}
+
+/****************************************************************************
display sec_ace object
****************************************************************************/
static void disp_sec_ace_object(struct security_ace_object *object)
@@ -123,7 +148,8 @@ void display_sec_ace(SEC_ACE *ace)
break;
}
- printf(" (%d) flags: %d\n", ace->type, ace->flags);
+ printf(" (%d) flags: 0x%02x ", ace->type, ace->flags);
+ display_sec_ace_flags(ace->flags);
display_sec_access(&ace->access_mask);
sid_to_string(sid_str, &ace->trustee);
printf("\t\tSID: %s\n\n", sid_str);
@@ -145,9 +171,11 @@ void display_sec_acl(SEC_ACL *sec_acl)
sec_acl->num_aces, sec_acl->revision);
printf("\t---\n");
- if (sec_acl->size != 0 && sec_acl->num_aces != 0)
- for (i = 0; i < sec_acl->num_aces; i++)
+ if (sec_acl->size != 0 && sec_acl->num_aces != 0) {
+ for (i = 0; i < sec_acl->num_aces; i++) {
display_sec_ace(&sec_acl->aces[i]);
+ }
+ }
}
void display_acl_type(uint16 type)
diff --git a/source3/utils/net_rpc_registry.c b/source3/utils/net_rpc_registry.c
index 915ce5f9aa..e1d65fb06b 100644
--- a/source3/utils/net_rpc_registry.c
+++ b/source3/utils/net_rpc_registry.c
@@ -990,6 +990,9 @@ static NTSTATUS rpc_registry_getsd_internal(const DOM_SID *domain_sid,
uint32_t sec_info;
DATA_BLOB blob;
struct security_descriptor sec_desc;
+ uint32_t access_mask = REG_KEY_READ |
+ SEC_RIGHT_MAXIMUM_ALLOWED |
+ SEC_RIGHT_SYSTEM_SECURITY;
if (argc <1 || argc > 2) {
d_printf("Usage: net rpc registry getsd <path> <secinfo>\n");
@@ -997,7 +1000,8 @@ static NTSTATUS rpc_registry_getsd_internal(const DOM_SID *domain_sid,
return NT_STATUS_OK;
}
- status = registry_openkey(mem_ctx, pipe_hnd, argv[0], REG_KEY_READ,
+ status = registry_openkey(mem_ctx, pipe_hnd, argv[0],
+ access_mask,
&pol_hive, &pol_key);
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, "registry_openkey failed: %s\n",