svn commit: samba r23839 - in branches: SAMBA_3_2/source/libads SAMBA_3_2_0/source/libads

gd at samba.org gd at samba.org
Wed Jul 11 13:41:04 GMT 2007 

Author: gd
Date: 2007-07-11 13:41:04 +0000 (Wed, 11 Jul 2007)
New Revision: 23839

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=23839

Log:
Try to get the attribute name from schema GUIDs or the display name from
extended rights GUID from ad while dumping the security descriptors's aces.

This would perform much better with a guid cache, but for the rare cases where
it is used 

	net ads search cn=mymachine ntSecurityDescriptor -U user%pass

it should be ok for now.

Guenther

Modified:
   branches/SAMBA_3_2/source/libads/disp_sec.c
   branches/SAMBA_3_2/source/libads/ldap_schema.c
   branches/SAMBA_3_2_0/source/libads/disp_sec.c
   branches/SAMBA_3_2_0/source/libads/ldap_schema.c


Changeset:
Modified: branches/SAMBA_3_2/source/libads/disp_sec.c
===================================================================
--- branches/SAMBA_3_2/source/libads/disp_sec.c	2007-07-11 13:32:57 UTC (rev 23838)
+++ branches/SAMBA_3_2/source/libads/disp_sec.c	2007-07-11 13:41:04 UTC (rev 23839)
@@ -80,17 +80,45 @@
 	puts("");
 }
 
-static void ads_disp_sec_ace_object(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct security_ace_object *object)
+static const char *ads_interprete_guid_from_object(ADS_STRUCT *ads, 
+						   TALLOC_CTX *mem_ctx, 
+						   const struct GUID *guid)
 {
+	const char *ret = NULL;
+
+	ret = ads_get_attrname_by_guid(ads, ads->config.schema_path, 
+				       mem_ctx, guid);
+	if (ret) {
+		return talloc_asprintf(mem_ctx, "LDAP attribute: \"%s\"", ret);
+	}
+
+	ret = ads_get_extended_right_name_by_guid(ads, ads->config.config_path,
+						  mem_ctx, guid);
+
+	if (ret) {
+		return talloc_asprintf(mem_ctx, "Extended right: \"%s\"", ret);
+	}
+
+	return ret;
+}
+
+static void ads_disp_sec_ace_object(ADS_STRUCT *ads, 
+				    TALLOC_CTX *mem_ctx, 
+				    struct security_ace_object *object)
+{
 	if (object->flags & SEC_ACE_OBJECT_PRESENT) {
 		printf("Object type: SEC_ACE_OBJECT_PRESENT\n");
-		printf("Object GUID: %s\n", smb_uuid_string_static(
-			object->type.type));
+		printf("Object GUID: %s (%s)\n", smb_uuid_string_static(
+			object->type.type), 
+			ads_interprete_guid_from_object(ads, mem_ctx, 
+				&object->type.type));
 	}
 	if (object->flags & SEC_ACE_OBJECT_INHERITED_PRESENT) {
 		printf("Object type: SEC_ACE_OBJECT_INHERITED_PRESENT\n");
-		printf("Object GUID: %s\n", smb_uuid_string_static(
-			object->inherited_type.inherited_type));
+		printf("Object GUID: %s (%s)\n", smb_uuid_string_static(
+			object->inherited_type.inherited_type),
+			ads_interprete_guid_from_object(ads, mem_ctx, 
+				&object->inherited_type.inherited_type));
 	}
 }
 
@@ -156,7 +184,20 @@
 void ads_disp_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, SEC_DESC *sd)
 {
 	int i;
-	
+	char *tmp_path = NULL;
+
+	if (!ads->config.schema_path) {
+		if (ADS_ERR_OK(ads_schema_path(ads, mem_ctx, &tmp_path))) {
+			ads->config.schema_path = SMB_STRDUP(tmp_path);
+		}
+	}
+
+	if (!ads->config.config_path) {
+		if (ADS_ERR_OK(ads_config_path(ads, mem_ctx, &tmp_path))) {
+			ads->config.config_path = SMB_STRDUP(tmp_path);
+		}
+	}
+
 	printf("-------------- Security Descriptor (revision: %d, type: 0x%02x)\n", 
                sd->revision,
                sd->type);

Modified: branches/SAMBA_3_2/source/libads/ldap_schema.c
===================================================================
--- branches/SAMBA_3_2/source/libads/ldap_schema.c	2007-07-11 13:32:57 UTC (rev 23838)
+++ branches/SAMBA_3_2/source/libads/ldap_schema.c	2007-07-11 13:41:04 UTC (rev 23839)
@@ -195,7 +195,7 @@
 /*********************************************************************
 *********************************************************************/
 
-static ADS_STATUS ads_schema_path(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, char **schema_path)
+ADS_STATUS ads_schema_path(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, char **schema_path)
 {
 	ADS_STATUS status;
 	LDAPMessage *res;

Modified: branches/SAMBA_3_2_0/source/libads/disp_sec.c
===================================================================
--- branches/SAMBA_3_2_0/source/libads/disp_sec.c	2007-07-11 13:32:57 UTC (rev 23838)
+++ branches/SAMBA_3_2_0/source/libads/disp_sec.c	2007-07-11 13:41:04 UTC (rev 23839)
@@ -80,17 +80,45 @@
 	puts("");
 }
 
-static void ads_disp_sec_ace_object(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct security_ace_object *object)
+static const char *ads_interprete_guid_from_object(ADS_STRUCT *ads, 
+						   TALLOC_CTX *mem_ctx, 
+						   const struct GUID *guid)
 {
+	const char *ret = NULL;
+
+	ret = ads_get_attrname_by_guid(ads, ads->config.schema_path, 
+				       mem_ctx, guid);
+	if (ret) {
+		return talloc_asprintf(mem_ctx, "LDAP attribute: \"%s\"", ret);
+	}
+
+	ret = ads_get_extended_right_name_by_guid(ads, ads->config.config_path,
+						  mem_ctx, guid);
+
+	if (ret) {
+		return talloc_asprintf(mem_ctx, "Extended right: \"%s\"", ret);
+	}
+
+	return ret;
+}
+
+static void ads_disp_sec_ace_object(ADS_STRUCT *ads, 
+				    TALLOC_CTX *mem_ctx, 
+				    struct security_ace_object *object)
+{
 	if (object->flags & SEC_ACE_OBJECT_PRESENT) {
 		printf("Object type: SEC_ACE_OBJECT_PRESENT\n");
-		printf("Object GUID: %s\n", smb_uuid_string_static(
-			object->type.type));
+		printf("Object GUID: %s (%s)\n", smb_uuid_string_static(
+			object->type.type), 
+			ads_interprete_guid_from_object(ads, mem_ctx, 
+				&object->type.type));
 	}
 	if (object->flags & SEC_ACE_OBJECT_INHERITED_PRESENT) {
 		printf("Object type: SEC_ACE_OBJECT_INHERITED_PRESENT\n");
-		printf("Object GUID: %s\n", smb_uuid_string_static(
-			object->inherited_type.inherited_type));
+		printf("Object GUID: %s (%s)\n", smb_uuid_string_static(
+			object->inherited_type.inherited_type),
+			ads_interprete_guid_from_object(ads, mem_ctx, 
+				&object->inherited_type.inherited_type));
 	}
 }
 
@@ -156,7 +184,20 @@
 void ads_disp_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, SEC_DESC *sd)
 {
 	int i;
-	
+	char *tmp_path = NULL;
+
+	if (!ads->config.schema_path) {
+		if (ADS_ERR_OK(ads_schema_path(ads, mem_ctx, &tmp_path))) {
+			ads->config.schema_path = SMB_STRDUP(tmp_path);
+		}
+	}
+
+	if (!ads->config.config_path) {
+		if (ADS_ERR_OK(ads_config_path(ads, mem_ctx, &tmp_path))) {
+			ads->config.config_path = SMB_STRDUP(tmp_path);
+		}
+	}
+
 	printf("-------------- Security Descriptor (revision: %d, type: 0x%02x)\n", 
                sd->revision,
                sd->type);

Modified: branches/SAMBA_3_2_0/source/libads/ldap_schema.c
===================================================================
--- branches/SAMBA_3_2_0/source/libads/ldap_schema.c	2007-07-11 13:32:57 UTC (rev 23838)
+++ branches/SAMBA_3_2_0/source/libads/ldap_schema.c	2007-07-11 13:41:04 UTC (rev 23839)
@@ -195,7 +195,7 @@
 /*********************************************************************
 *********************************************************************/
 
-static ADS_STATUS ads_schema_path(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, char **schema_path)
+ADS_STATUS ads_schema_path(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, char **schema_path)
 {
 	ADS_STATUS status;
 	LDAPMessage *res;

More information about the samba-cvs mailing list