Merge commit 'origin/v3-2-test' into branches/upstream

(This used to be commit d0bf0ad2ae9a2bff4cec8c7e801a22c624b874ae)

diff --git a/source3/lib/display_sec.c b/source3/lib/display_sec.c
index 487ac8f4a0babe4659f96111c4f9f498186f2290..8e92c84f3cd53a750fd72bfdc6f9a86b588b7d55 100644 (file)
--- a/source3/lib/display_sec.c
+++ b/source3/lib/display_sec.c
@@ -65,6 +65,31 @@ void display_sec_access(SEC_ACCESS *info)
        printf("\t\tPermissions: 0x%x: %s\n", *info, get_sec_mask_str(*info));
 }
 
+/****************************************************************************
+ display sec_ace flags
+ ****************************************************************************/
+void display_sec_ace_flags(uint8_t flags)
+{
+       if (flags & SEC_ACE_FLAG_OBJECT_INHERIT)
+               printf("SEC_ACE_FLAG_OBJECT_INHERIT ");
+       if (flags & SEC_ACE_FLAG_CONTAINER_INHERIT)
+               printf(" SEC_ACE_FLAG_CONTAINER_INHERIT ");
+       if (flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)
+               printf("SEC_ACE_FLAG_NO_PROPAGATE_INHERIT ");
+       if (flags & SEC_ACE_FLAG_INHERIT_ONLY)
+               printf("SEC_ACE_FLAG_INHERIT_ONLY ");
+       if (flags & SEC_ACE_FLAG_INHERITED_ACE)
+               printf("SEC_ACE_FLAG_INHERITED_ACE ");
+/*     if (flags & SEC_ACE_FLAG_VALID_INHERIT)
+               printf("SEC_ACE_FLAG_VALID_INHERIT "); */
+       if (flags & SEC_ACE_FLAG_SUCCESSFUL_ACCESS)
+               printf("SEC_ACE_FLAG_SUCCESSFUL_ACCESS ");
+       if (flags & SEC_ACE_FLAG_FAILED_ACCESS)
+               printf("SEC_ACE_FLAG_FAILED_ACCESS ");
+
+       printf("\n");
+}
+
 /****************************************************************************
  display sec_ace object
  ****************************************************************************/
@@ -123,7 +148,8 @@ void display_sec_ace(SEC_ACE *ace)
                        break;
        }
 
-       printf(" (%d) flags: %d\n", ace->type, ace->flags);
+       printf(" (%d) flags: 0x%02x ", ace->type, ace->flags);
+       display_sec_ace_flags(ace->flags);
        display_sec_access(&ace->access_mask);
        sid_to_string(sid_str, &ace->trustee);
        printf("\t\tSID: %s\n\n", sid_str);
@@ -145,9 +171,11 @@ void display_sec_acl(SEC_ACL *sec_acl)
                         sec_acl->num_aces, sec_acl->revision); 
        printf("\t---\n");
 
-       if (sec_acl->size != 0 && sec_acl->num_aces != 0)
-               for (i = 0; i < sec_acl->num_aces; i++)
+       if (sec_acl->size != 0 && sec_acl->num_aces != 0) {
+               for (i = 0; i < sec_acl->num_aces; i++) {
                        display_sec_ace(&sec_acl->aces[i]);
+               }
+       }
 }
 
 void display_acl_type(uint16 type)

diff --git a/source3/utils/net_rpc_registry.c b/source3/utils/net_rpc_registry.c
index 915ce5f9aa9a2bc733982080efd49fcd16bbb238..e1d65fb06b0916d6df6c75b54f2d9a70e19ebfbd 100644 (file)
--- a/source3/utils/net_rpc_registry.c
+++ b/source3/utils/net_rpc_registry.c
@@ -990,6 +990,9 @@ static NTSTATUS rpc_registry_getsd_internal(const DOM_SID *domain_sid,
        uint32_t sec_info;
        DATA_BLOB blob;
        struct security_descriptor sec_desc;
+       uint32_t access_mask = REG_KEY_READ |
+                              SEC_RIGHT_MAXIMUM_ALLOWED |
+                              SEC_RIGHT_SYSTEM_SECURITY;
 
        if (argc <1 || argc > 2) {
                d_printf("Usage:    net rpc registry getsd <path> <secinfo>\n");
@@ -997,7 +1000,8 @@ static NTSTATUS rpc_registry_getsd_internal(const DOM_SID *domain_sid,
                return NT_STATUS_OK;
        }
 
-       status = registry_openkey(mem_ctx, pipe_hnd, argv[0], REG_KEY_READ,
+       status = registry_openkey(mem_ctx, pipe_hnd, argv[0],
+                                 access_mask,
                                  &pol_hive, &pol_key);
        if (!NT_STATUS_IS_OK(status)) {
                d_fprintf(stderr, "registry_openkey failed: %s\n",