diff options
author | Amitay Isaacs <amitay@gmail.com> | 2011-07-15 11:25:36 +1000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2011-07-28 15:20:51 +1000 |
commit | ef5e9ec3e309d033ad3916ca95daa0f2a96d95b7 (patch) | |
tree | 80c529d2686841a2abc28dea71d47f90a8b5f372 | |
parent | 197996c3df81cc82bb12ee87118f112de9921813 (diff) | |
download | samba-ef5e9ec3e309d033ad3916ca95daa0f2a96d95b7.tar.gz samba-ef5e9ec3e309d033ad3916ca95daa0f2a96d95b7.tar.xz samba-ef5e9ec3e309d033ad3916ca95daa0f2a96d95b7.zip |
ldb-samba: Allow --show-binary flag on defaultSecurityDescriptor
This allows users to display defaultSecurityDescriptor in fully expanded form.
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
Signed-off-by: Andrew Tridgell <tridge@samba.org>
-rw-r--r-- | lib/ldb-samba/ldif_handlers.c | 30 | ||||
-rw-r--r-- | lib/ldb-samba/ldif_handlers.h | 1 |
2 files changed, 31 insertions, 0 deletions
diff --git a/lib/ldb-samba/ldif_handlers.c b/lib/ldb-samba/ldif_handlers.c index af3c4b46e1..bb5232a8f5 100644 --- a/lib/ldb-samba/ldif_handlers.c +++ b/lib/ldb-samba/ldif_handlers.c @@ -426,6 +426,28 @@ static int ldif_write_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ct return 0; } +/* + convert a string formatted SDDL to a ldif formatted ntSecurityDescriptor (SDDL format) +*/ +static int ldif_write_sddlSecurityDescriptor(struct ldb_context *ldb, void *mem_ctx, + const struct ldb_val *in, struct ldb_val *out) +{ + if (ldb_get_flags(ldb) & LDB_FLG_SHOW_BINARY) { + struct security_descriptor *sd; + const struct dom_sid *sid = samdb_domain_sid(ldb); + + sd = sddl_decode(mem_ctx, (const char *)in->data, sid); + out->data = (uint8_t *)ndr_print_struct_string(mem_ctx, + (ndr_print_fn_t)ndr_print_security_descriptor, + "SDDL", sd); + out->length = strlen((const char *)out->data); + talloc_free(sd); + return 0; + } + + return ldb_handler_copy(ldb, mem_ctx, in, out); +} + /* canonicalise an objectCategory. We use the short form as the canonical form: cn=Person,cn=Schema,cn=Configuration,<basedn> becomes 'person' @@ -1123,6 +1145,13 @@ static const struct ldb_schema_syntax samba_syntaxes[] = { .comparison_fn = ldb_comparison_binary, .operator_fn = samba_syntax_operator_fn },{ + .name = LDB_SYNTAX_SAMBA_SDDL_SECURITY_DESCRIPTOR, + .ldif_read_fn = ldb_handler_copy, + .ldif_write_fn = ldif_write_sddlSecurityDescriptor, + .canonicalise_fn = ldb_handler_fold, + .comparison_fn = ldb_comparison_fold, + .operator_fn = samba_syntax_operator_fn + },{ .name = LDB_SYNTAX_SAMBA_GUID, .ldif_read_fn = ldif_read_objectGUID, .ldif_write_fn = ldif_write_objectGUID, @@ -1297,6 +1326,7 @@ static const struct { { "rIDAllocationPool", LDB_SYNTAX_SAMBA_RANGE64 }, { "rIDPreviousAllocationPool", LDB_SYNTAX_SAMBA_RANGE64 }, { "rIDAvailablePool", LDB_SYNTAX_SAMBA_RANGE64 }, + { "defaultSecurityDescriptor", LDB_SYNTAX_SAMBA_SDDL_SECURITY_DESCRIPTOR }, /* * these are extracted by searching diff --git a/lib/ldb-samba/ldif_handlers.h b/lib/ldb-samba/ldif_handlers.h index 62903c4a96..75ae7bd74c 100644 --- a/lib/ldb-samba/ldif_handlers.h +++ b/lib/ldb-samba/ldif_handlers.h @@ -14,6 +14,7 @@ #define LDB_SYNTAX_SAMBA_RANGE64 "LDB_SYNTAX_SAMBA_RANGE64" #define LDB_SYNTAX_SAMBA_DNSRECORD "LDB_SYNTAX_SAMBA_DNSRECORD" #define LDB_SYNTAX_SAMBA_SUPPLEMENTALCREDENTIALS "LDB_SYNTAX_SAMBA_SUPPLEMENTALCREDENTIALS" +#define LDB_SYNTAX_SAMBA_SDDL_SECURITY_DESCRIPTOR "LDB_SYNTAX_SAMBA_SDDL" #include "lib/ldb-samba/ldif_handlers_proto.h" #undef _PRINTF_ATTRIBUTE |