#define CREATE_ACCESS_READ READ_CONTROL_ACCESS
-/* numeric is set when the user wants numeric SIDs and ACEs rather
- than going via LSA calls to resolve them */
-static int numeric;
-
static int sddl;
static int query_sec_info = -1;
static int set_sec_info = -1;
/* convert a SID to a string, either numeric or username/group */
-static void SidToString(struct cli_state *cli, fstring str, const struct dom_sid *sid)
+static void SidToString(struct cli_state *cli, fstring str,
+ const struct dom_sid *sid, bool numeric)
{
char *domain = NULL;
char *name = NULL;
}
/* print an ACE on a FILE, using either numeric or ascii representation */
-static void print_ace(struct cli_state *cli, FILE *f, struct security_ace *ace)
+static void print_ace(struct cli_state *cli, FILE *f, struct security_ace *ace,
+ bool numeric)
{
const struct perm_value *v;
fstring sidstr;
int do_print = 0;
uint32 got_mask;
- SidToString(cli, sidstr, &ace->trustee);
+ SidToString(cli, sidstr, &ace->trustee, numeric);
fprintf(f, "%s:", sidstr);
{SEC_DESC_SELF_RELATIVE , "SR", "Self Relative"},
};
-static void print_acl_ctrl(FILE *file, uint16_t ctrl)
+static void print_acl_ctrl(FILE *file, uint16_t ctrl, bool numeric)
{
int i;
const char* separator = "";
}
/* print a ascii version of a security descriptor on a FILE handle */
-static void sec_desc_print(struct cli_state *cli, FILE *f, struct security_descriptor *sd)
+static void sec_desc_print(struct cli_state *cli, FILE *f,
+ struct security_descriptor *sd, bool numeric)
{
fstring sidstr;
uint32 i;
fprintf(f, "REVISION:%d\n", sd->revision);
- print_acl_ctrl(f, sd->type);
+ print_acl_ctrl(f, sd->type, numeric);
/* Print owner and group sid */
if (sd->owner_sid) {
- SidToString(cli, sidstr, sd->owner_sid);
+ SidToString(cli, sidstr, sd->owner_sid, numeric);
} else {
fstrcpy(sidstr, "");
}
fprintf(f, "OWNER:%s\n", sidstr);
if (sd->group_sid) {
- SidToString(cli, sidstr, sd->group_sid);
+ SidToString(cli, sidstr, sd->group_sid, numeric);
} else {
fstrcpy(sidstr, "");
}
for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) {
struct security_ace *ace = &sd->dacl->aces[i];
fprintf(f, "ACL:");
- print_ace(cli, f, ace);
+ print_ace(cli, f, ace, numeric);
fprintf(f, "\n");
}
/*****************************************************
dump the acls for a file
*******************************************************/
-static int cacl_dump(struct cli_state *cli, const char *filename)
+static int cacl_dump(struct cli_state *cli, const char *filename, bool numeric)
{
struct security_descriptor *sd;
printf("%s\n", str);
TALLOC_FREE(str);
} else {
- sec_desc_print(cli, stdout, sd);
+ sec_desc_print(cli, stdout, sd, numeric);
}
return EXIT_OK;
*******************************************************/
static int cacl_set(struct cli_state *cli, const char *filename,
- char *the_acl, enum acl_mode mode)
+ char *the_acl, enum acl_mode mode, bool numeric)
{
struct security_descriptor *sd, *old;
uint32 i, j;
if (!found) {
printf("ACL for ACE:");
- print_ace(cli, stdout, &sd->dacl->aces[i]);
+ print_ace(cli, stdout, &sd->dacl->aces[i],
+ numeric);
printf(" not found\n");
}
}
fstring str;
SidToString(cli, str,
- &sd->dacl->aces[i].trustee);
+ &sd->dacl->aces[i].trustee,
+ numeric);
printf("ACL for SID %s not found\n", str);
}
}
char *path;
char *filename = NULL;
poptContext pc;
+ /* numeric is set when the user wants numeric SIDs and ACEs rather
+ than going via LSA calls to resolve them */
+ int numeric;
+
struct poptOption long_options[] = {
POPT_AUTOHELP
{ "delete", 'D', POPT_ARG_STRING, NULL, 'D', "Delete an acl", "ACL" },
} else if (change_mode != REQUEST_NONE) {
result = owner_set(cli, change_mode, filename, owner_username);
} else if (the_acl) {
- result = cacl_set(cli, filename, the_acl, mode);
+ result = cacl_set(cli, filename, the_acl, mode, numeric);
} else {
- result = cacl_dump(cli, filename);
+ result = cacl_dump(cli, filename, numeric);
}
TALLOC_FREE(frame);