ldb-samba: Allow --show-binary flag on defaultSecurityDescriptor

This allows users to display defaultSecurityDescriptor in fully expanded form.

Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>

Signed-off-by: Andrew Tridgell <tridge@samba.org>

diff --git a/lib/ldb-samba/ldif_handlers.c b/lib/ldb-samba/ldif_handlers.c
index af3c4b46e17f5fe4c8b5ac4e2937608dc5617328..bb5232a8f59a6fad1dcf86c69ffece053e0ce860 100644 (file)
--- a/lib/ldb-samba/ldif_handlers.c
+++ b/lib/ldb-samba/ldif_handlers.c
@@ -426,6 +426,28 @@ static int ldif_write_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ct
        return 0;
 }
 
+/*
+  convert a string formatted SDDL to a ldif formatted ntSecurityDescriptor (SDDL format)
+*/
+static int ldif_write_sddlSecurityDescriptor(struct ldb_context *ldb, void *mem_ctx,
+                                          const struct ldb_val *in, struct ldb_val *out)
+{
+       if (ldb_get_flags(ldb) & LDB_FLG_SHOW_BINARY) {
+               struct security_descriptor *sd;
+               const struct dom_sid *sid = samdb_domain_sid(ldb);
+
+               sd = sddl_decode(mem_ctx, (const char *)in->data, sid);
+               out->data = (uint8_t *)ndr_print_struct_string(mem_ctx,
+                                       (ndr_print_fn_t)ndr_print_security_descriptor,
+                                       "SDDL", sd);
+               out->length = strlen((const char *)out->data);
+               talloc_free(sd);
+               return 0;
+       }
+
+       return ldb_handler_copy(ldb, mem_ctx, in, out);
+}
+
 /* 
    canonicalise an objectCategory.  We use the short form as the canonical form:
    cn=Person,cn=Schema,cn=Configuration,<basedn> becomes 'person'
@@ -1122,6 +1144,13 @@ static const struct ldb_schema_syntax samba_syntaxes[] = {
                .canonicalise_fn  = ldb_handler_copy,
                .comparison_fn    = ldb_comparison_binary,
                .operator_fn      = samba_syntax_operator_fn
+       },{
+               .name             = LDB_SYNTAX_SAMBA_SDDL_SECURITY_DESCRIPTOR,
+               .ldif_read_fn     = ldb_handler_copy,
+               .ldif_write_fn    = ldif_write_sddlSecurityDescriptor,
+               .canonicalise_fn  = ldb_handler_fold,
+               .comparison_fn    = ldb_comparison_fold,
+               .operator_fn      = samba_syntax_operator_fn
        },{
                .name             = LDB_SYNTAX_SAMBA_GUID,
                .ldif_read_fn     = ldif_read_objectGUID,
@@ -1297,6 +1326,7 @@ static const struct {
        { "rIDAllocationPool",          LDB_SYNTAX_SAMBA_RANGE64 },
        { "rIDPreviousAllocationPool",  LDB_SYNTAX_SAMBA_RANGE64 },
        { "rIDAvailablePool",           LDB_SYNTAX_SAMBA_RANGE64 },
+       { "defaultSecurityDescriptor",  LDB_SYNTAX_SAMBA_SDDL_SECURITY_DESCRIPTOR },
 
        /*
         * these are extracted by searching

diff --git a/lib/ldb-samba/ldif_handlers.h b/lib/ldb-samba/ldif_handlers.h
index 62903c4a964c2b617b81a445787077ab0c35aef6..75ae7bd74ccb1ea23bcfcfa3555807cfadb5c31e 100644 (file)
--- a/lib/ldb-samba/ldif_handlers.h
+++ b/lib/ldb-samba/ldif_handlers.h
@@ -14,6 +14,7 @@
 #define LDB_SYNTAX_SAMBA_RANGE64               "LDB_SYNTAX_SAMBA_RANGE64"
 #define LDB_SYNTAX_SAMBA_DNSRECORD             "LDB_SYNTAX_SAMBA_DNSRECORD"
 #define LDB_SYNTAX_SAMBA_SUPPLEMENTALCREDENTIALS "LDB_SYNTAX_SAMBA_SUPPLEMENTALCREDENTIALS"
+#define LDB_SYNTAX_SAMBA_SDDL_SECURITY_DESCRIPTOR "LDB_SYNTAX_SAMBA_SDDL"
 #include "lib/ldb-samba/ldif_handlers_proto.h"
 
 #undef _PRINTF_ATTRIBUTE