[PATCH] samba-tool schema attribute query_oc

William Brown william at blackhats.net.au
Fri May 18 06:32:32 UTC 2018 

> 
> > > Also, on the show command, do the reverse mapping back to the
> > > string
> > > flags.
> > 
> > That's quite a bit more invasive, but can be done.
> 
> Most mortals don't do hex bitmasks in their heads nearly as well as a
> computer can :-)
> 
> For both get and set, unknown flags can still be represented in hex,
> but I don't fancy the support enquiries about flags our tools support
> but our server ignores. 
> 

Hey mate,

I've decided not to do this. I think it's extremely complicated, and
can not be done cleanly.

This stems from two issues.

First we could make the change in write_ldif, but then we need a way in
reading an ldif to transform these flags back into an int. Not nice,
and also really hacking in write_ldif.

We could parse each msg element, and print them all, but then we are
basically re-writing write-ldif but in python as we need to understand
all the binary decode cases so we can do ndr_unpack etc. Again, a huge
amount of effort, and really not nice.

Another other solution is "use write_ldif and then string manipulate
the output". This is the cleanest solution, and that says something
given how absolutely hacky it is. Either we'd replace the values in the
string output, or add "another attribute" like searchFlagsDecoded: and
put the values in that. But this is just as horrible.

The last option (which I think is actually the best) is a patch to LDB
to support generating these flags to the actual object itself so you
can just see them with plain ldapsearch. Then we don't need special
handling in the cli at all, and any ldap viewer will see these flags.
But that's also the most controversial change too :) 

Today, having something to show schema is already 100x better than we
were a month ago. Even if it's not perfect doing the decode, it's still
a huge jump. So that's why I'm not going to implement this (today). I'm
happy to leave it in my mind and come back to it when we have a proper,
clean way to do this. 

> > > 
> > > Finally, you seem to be looking for ldb.get_schema_basedn() with
> > > your
> > > patch to samdb.py.
> > 
> > Ahhhhhh okay. I'll check this and update soon. 
> > 

Fixed,

Updated patches attached.


Thanks,

William
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-python-samba-netcmd-dsacl.py-support-display-and-rem.patch
Type: text/x-patch
Size: 18788 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180518/5932e01b/0001-python-samba-netcmd-dsacl.py-support-display-and-rem-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-python-samba-netcmd-forest.py-main.py-add-configurat.patch
Type: text/x-patch
Size: 11919 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180518/5932e01b/0002-python-samba-netcmd-forest.py-main.py-add-configurat-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-python-samba-netcmd-domain.py-add-configuration-cont.patch
Type: text/x-patch
Size: 10028 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180518/5932e01b/0003-python-samba-netcmd-domain.py-add-configuration-cont-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-python-samba-netcmd-group.py-add-group-show.patch
Type: text/x-patch
Size: 6027 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180518/5932e01b/0004-python-samba-netcmd-group.py-add-group-show-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0005-python-samba-netcmd-schema.py-add-schema-query-and-m.patch
Type: text/x-patch
Size: 17837 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180518/5932e01b/0005-python-samba-netcmd-schema.py-add-schema-query-and-m-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0006-python-samba-netcmd-schema.py-add-schema-show_oc-for.patch
Type: text/x-patch
Size: 5096 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180518/5932e01b/0006-python-samba-netcmd-schema.py-add-schema-show_oc-for-0001.bin>

More information about the samba-technical mailing list