From a212c1dedb749b98d17c67db4278d1f1bb66d468 Mon Sep 17 00:00:00 2001
From: Nadezhda Ivanova <nadezhda.ivanova@postpath.com>
Date: Tue, 16 Mar 2010 13:06:08 +0200
Subject: Added a net acl ds command for modification of ACLs on directory
 objects

At present the command supports only addition of control access rigts, done
so DRS access checks can be tested. It will be expanded to deal with most
ways to modify and view a DS ACL.
Shifted commands a bit. What used to be net acl is now "net acl nt" as apposed
to this, which is "net acl ds"

./bin/net acl ds set --help
Usage: set --objectdn=objectdn --car=control right --action=[deny|allow] --trusteedn=trustee-dn

Options:
  -h, --help            show this help message and exit
  --host=HOST           LDB URL for database or target server
  --car=CAR              The access control right to allow or deny
  --action=ACTION       Deny or allow access
  --objectdn=OBJECTDN   DN of the object whose SD to modify
  --trusteedn=TRUSTEEDN
                        DN of the entity that gets access

  Samba Common Options:
    -s FILE, --configfile=FILE
                        Configuration file

  Credentials Options:
    --simple-bind-dn=DN
                        DN to use for a simple bind
    --password=PASSWORD
                        Password
    -U USERNAME, --username=USERNAME
                        Username
    -W WORKGROUP, --workgroup=WORKGROUP
                        Workgroup
    -N, --no-pass       Don't ask for a password
    -k KERBEROS, --kerberos=KERBEROS
                        Use Kerberos
---
 librpc/idl/security.idl | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

(limited to 'librpc')

diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index 186c2bcb6a..e7ae8541cc 100644
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -479,4 +479,21 @@ interface security
 		SEC_OWNER_FROM_PARENT                = 0x00000008,
 		SEC_GROUP_FROM_PARENT                = 0x00000010
 	} security_autoinherit;
-}
+
+	/***************************************************************/
+	/* Extended right guids */
+
+	const string GUID_DRS_ALLOCATE_RIDS           = "1abd7cf8-0a99-11d1-adbb-00c04fd8d5cd";
+	const string GUID_DRS_CHANGE_DOMAIN_MASTER    = "014bf69c-7b3b-11d1-85f6-08002be74fab";
+	const string GUID_DRS_CHANGE_INFR_MASTER      = "cc17b1fb-33d9-11d2-97d4-00c04fd8d5cd";
+	const string GUID_DRS_CHANGE_PDC              = "bae50096-4752-11d1-9052-00c04fc2d4cf";
+	const string GUID_DRS_CHANGE_RID_MASTER       = "d58d5f36-0a98-11d1-adbb-00c04fd8d5cd";
+	const string GUID_DRS_CHANGE_SCHEMA_MASTER    = "e12b56b6-0a95-11d1-adbb-00c04fd8d5cd";
+	const string GUID_DRS_GET_CHANGES             = "1131f6aa-9c07-11d1-f79f-00c04fc2dcd2";
+	const string GUID_DRS_GET_ALL_CHANGES         = "1131f6ad-9c07-11d1-f79f-00c04fc2dcd2";
+	const string GUID_DRS_GET_FILTERED_ATTRIBUTES = "89e95b76-444d-4c62-991a-0facbeda640c";
+	const string GUID_DRS_MANAGE_TOPOLOGY         = "1131f6ac-9c07-11d1-f79f-00c04fc2dcd2";
+	const string GUID_DRS_MONITOR_TOPOLOGY        = "f98340fb-7c5b-4cdb-a00b-2ebdfa115a96";
+	const string GUID_DRS_REPL_SYNCRONIZE         = "1131f6ab-9c07-11d1-f79f-00c04fc2dcd2";
+	const string GUID_DRS_RO_REPL_SECRET_SYNC     = "1131f6ae-9c07-11d1-f79f-00c04fc2dcd2";
+}
\ No newline at end of file
-- 
cgit