# adssearch.pl - query an Active Directory server and
# display objects in a human readable format
#
-# Copyright (C) Guenther Deschner <gd@samba.org> 2003-2007
+# Copyright (C) Guenther Deschner <gd@samba.org> 2003-2008
#
# TODO: add range retrieval
# write sddl-converter, decode userParameters
my %ads_ds_func = (
"DS_BEHAVIOR_WIN2000" => 0, # untested
"DS_BEHAVIOR_WIN2003" => 2,
+"DS_BEHAVIOR_WIN2008" => 3,
);
my %ads_instance_type = (
"ACCOUNT_LOCKED_OUT" => 0x800010, # 8388624
);
+my %ads_enctypes = (
+ "DES-CBC-CRC" => 0x01,
+ "DES-CBC-MD5" => 0x02,
+ "RC4_HMAC_MD5" => 0x04,
+ "AES128_CTS_HMAC_SHA1_96" => 0x08,
+ "AES128_CTS_HMAC_SHA1_128" => 0x10,
+);
+
my %ads_gpoptions = (
"GPOPTIONS_INHERIT" => 0,
"GPOPTIONS_BLOCK_INHERITANCE" => 1,
"modifyTimeStamp" => \&dump_timestr,
"msDS-Behavior-Version" => \&dump_ds_func, #unsure
"msDS-User-Account-Control-Computed" => \&dump_uacc,
+ "msDS-SupportedEncryptionTypes" => \&dump_enctypes,
"mS-DS-CreatorSID" => \&dump_sid,
# "msRADIUSFramedIPAddress" => \&dump_ipaddr,
# "msRASSavedFramedIPAddress" => \&dump_ipaddr,
my $server = shift || "";
$dse = shift || get_dse($server,$async_ldap_hd) || return -1;
- return $dse->get_value('defaultNamingContext');
+ return $dse->get_value($opt_dump_schema ? 'schemaNamingContext':
+ 'defaultNamingContext');
}
sub get_realm_from_rootdse {
return dump_bitmask_equal(@_,%ads_uacc);
}
+sub dump_enctypes {
+ return dump_bitmask_and(@_,%ads_enctypes);
+}
+
sub dump_uf {
return dump_bitmask_and(@_,%ads_uf);
}
critical => 'true',
value => "");
- if (defined($opt_paging)) {
+ if (defined($opt_paging) || $opt_dump_schema) {
push(@ctrls, $ctl_paged);
push(@ctrls_s, "LDAP_PAGED_RESULT_OID_STRING" );
}
if ($opt_dump_schema) {
print "Dumping Schema:\n";
- my $ads_schema = $async_ldap_hd->schema;
- $ads_schema->dump;
- exit 0;
+# my $ads_schema = $async_ldap_hd->schema;
+# $ads_schema->dump;
+# exit 0;
}
while (1) {