2000-07-07 10:18:00 +04:00
/*
2002-01-30 09:08:46 +03:00
Unix SMB / CIFS implementation .
2000-07-07 10:18:00 +04:00
Samba utility functions
Copyright ( C ) Andrew Tridgell 1992 - 1999
Copyright ( C ) Luke Kenneth Casson Leighton 1996 - 1999
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
the Free Software Foundation ; either version 3 of the License , or
2000-07-07 10:18:00 +04:00
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
2007-07-10 04:52:41 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2000-07-07 10:18:00 +04:00
*/
# include "includes.h"
2009-03-25 23:29:13 +03:00
# include "librpc/gen_ndr/security.h"
# include "libcli/security/secace.h"
# include "libcli/security/dom_sid.h"
# include "librpc/ndr/libndr.h"
2000-07-07 10:18:00 +04:00
/****************************************************************************
convert a security permissions into a string
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-12-18 05:32:27 +03:00
2009-03-15 19:14:25 +03:00
char * get_sec_mask_str ( TALLOC_CTX * ctx , uint32_t type )
2000-07-07 10:18:00 +04:00
{
2007-12-18 05:32:27 +03:00
char * typestr = talloc_strdup ( ctx , " " ) ;
2000-07-07 10:18:00 +04:00
2007-12-18 05:32:27 +03:00
if ( ! typestr ) {
return NULL ;
}
2000-07-07 10:18:00 +04:00
2009-03-25 23:29:13 +03:00
if ( type & SEC_GENERIC_ALL ) {
2007-12-18 05:32:27 +03:00
typestr = talloc_asprintf_append ( typestr ,
" Generic all access " ) ;
if ( ! typestr ) {
return NULL ;
}
}
2009-03-25 23:29:13 +03:00
if ( type & SEC_GENERIC_EXECUTE ) {
2007-12-18 05:32:27 +03:00
typestr = talloc_asprintf_append ( typestr ,
" Generic execute access " ) ;
if ( ! typestr ) {
return NULL ;
}
}
2009-03-25 23:29:13 +03:00
if ( type & SEC_GENERIC_WRITE ) {
2007-12-18 05:32:27 +03:00
typestr = talloc_asprintf_append ( typestr ,
" Generic write access " ) ;
if ( ! typestr ) {
return NULL ;
}
}
2009-03-25 23:29:13 +03:00
if ( type & SEC_GENERIC_READ ) {
2007-12-18 05:32:27 +03:00
typestr = talloc_asprintf_append ( typestr ,
" Generic read access " ) ;
if ( ! typestr ) {
return NULL ;
}
}
2009-03-25 23:29:13 +03:00
if ( type & SEC_FLAG_MAXIMUM_ALLOWED ) {
2007-12-18 05:32:27 +03:00
typestr = talloc_asprintf_append ( typestr ,
" MAXIMUM_ALLOWED_ACCESS " ) ;
if ( ! typestr ) {
return NULL ;
}
}
2009-03-25 23:29:13 +03:00
if ( type & SEC_FLAG_SYSTEM_SECURITY ) {
2007-12-18 05:32:27 +03:00
typestr = talloc_asprintf_append ( typestr ,
" SYSTEM_SECURITY_ACCESS " ) ;
if ( ! typestr ) {
return NULL ;
}
}
2009-03-25 23:29:13 +03:00
if ( type & SEC_STD_SYNCHRONIZE ) {
2007-12-18 05:32:27 +03:00
typestr = talloc_asprintf_append ( typestr ,
" SYNCHRONIZE_ACCESS " ) ;
if ( ! typestr ) {
return NULL ;
}
}
2009-03-25 23:29:13 +03:00
if ( type & SEC_STD_WRITE_OWNER ) {
2007-12-18 05:32:27 +03:00
typestr = talloc_asprintf_append ( typestr ,
" WRITE_OWNER_ACCESS " ) ;
if ( ! typestr ) {
return NULL ;
}
}
2009-03-25 23:29:13 +03:00
if ( type & SEC_STD_WRITE_DAC ) {
2007-12-18 05:32:27 +03:00
typestr = talloc_asprintf_append ( typestr ,
" WRITE_DAC_ACCESS " ) ;
if ( ! typestr ) {
return NULL ;
}
}
2009-03-25 23:29:13 +03:00
if ( type & SEC_STD_READ_CONTROL ) {
2007-12-18 05:32:27 +03:00
typestr = talloc_asprintf_append ( typestr ,
" READ_CONTROL_ACCESS " ) ;
if ( ! typestr ) {
return NULL ;
}
}
2009-03-25 23:29:13 +03:00
if ( type & SEC_STD_DELETE ) {
2007-12-18 05:32:27 +03:00
typestr = talloc_asprintf_append ( typestr ,
" DELETE_ACCESS " ) ;
if ( ! typestr ) {
return NULL ;
}
}
2001-12-11 05:17:26 +03:00
2009-03-25 23:29:13 +03:00
printf ( " \t \t Specific bits: 0x%lx \n " , ( unsigned long ) type & SEC_MASK_SPECIFIC ) ;
2000-07-07 10:18:00 +04:00
return typestr ;
}
/****************************************************************************
display sec_access structure
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-10-09 20:49:03 +04:00
void display_sec_access ( uint32_t * info )
2000-07-07 10:18:00 +04:00
{
2007-12-18 05:32:27 +03:00
char * mask_str = get_sec_mask_str ( NULL , * info ) ;
printf ( " \t \t Permissions: 0x%x: %s \n " , * info , mask_str ? mask_str : " " ) ;
2009-03-15 19:14:25 +03:00
talloc_free ( mask_str ) ;
2000-07-07 10:18:00 +04:00
}
2007-10-26 14:58:01 +04:00
/****************************************************************************
display sec_ace flags
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
void display_sec_ace_flags ( uint8_t flags )
{
if ( flags & SEC_ACE_FLAG_OBJECT_INHERIT )
printf ( " SEC_ACE_FLAG_OBJECT_INHERIT " ) ;
if ( flags & SEC_ACE_FLAG_CONTAINER_INHERIT )
printf ( " SEC_ACE_FLAG_CONTAINER_INHERIT " ) ;
if ( flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT )
printf ( " SEC_ACE_FLAG_NO_PROPAGATE_INHERIT " ) ;
if ( flags & SEC_ACE_FLAG_INHERIT_ONLY )
printf ( " SEC_ACE_FLAG_INHERIT_ONLY " ) ;
if ( flags & SEC_ACE_FLAG_INHERITED_ACE )
printf ( " SEC_ACE_FLAG_INHERITED_ACE " ) ;
/* if (flags & SEC_ACE_FLAG_VALID_INHERIT)
printf ( " SEC_ACE_FLAG_VALID_INHERIT " ) ; */
if ( flags & SEC_ACE_FLAG_SUCCESSFUL_ACCESS )
printf ( " SEC_ACE_FLAG_SUCCESSFUL_ACCESS " ) ;
if ( flags & SEC_ACE_FLAG_FAILED_ACCESS )
printf ( " SEC_ACE_FLAG_FAILED_ACCESS " ) ;
printf ( " \n " ) ;
}
2007-10-11 04:25:44 +04:00
/****************************************************************************
display sec_ace object
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static void disp_sec_ace_object ( struct security_ace_object * object )
{
2010-06-21 14:33:57 +04:00
char * str ;
2009-03-01 06:59:07 +03:00
if ( object - > flags & SEC_ACE_OBJECT_TYPE_PRESENT ) {
2010-06-21 14:33:57 +04:00
str = GUID_string ( NULL , & object - > type . type ) ;
if ( str = = NULL ) return ;
2009-03-01 06:59:07 +03:00
printf ( " Object type: SEC_ACE_OBJECT_TYPE_PRESENT \n " ) ;
2010-06-21 14:33:57 +04:00
printf ( " Object GUID: %s \n " , str ) ;
talloc_free ( str ) ;
2007-10-11 04:25:44 +04:00
}
2009-03-01 06:59:07 +03:00
if ( object - > flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT ) {
2010-06-21 14:33:57 +04:00
str = GUID_string ( NULL , & object - > inherited_type . inherited_type ) ;
if ( str = = NULL ) return ;
2009-03-01 06:59:07 +03:00
printf ( " Object type: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT \n " ) ;
2010-06-21 14:33:57 +04:00
printf ( " Object GUID: %s \n " , str ) ;
talloc_free ( str ) ;
2007-10-11 04:25:44 +04:00
}
}
2000-07-07 10:18:00 +04:00
/****************************************************************************
display sec_ace structure
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2009-03-25 23:29:13 +03:00
void display_sec_ace ( struct security_ace * ace )
2000-07-07 10:18:00 +04:00
{
2009-03-25 23:29:13 +03:00
char * sid_str ;
2001-12-11 05:17:26 +03:00
printf ( " \t ACE \n \t \t type: " ) ;
switch ( ace - > type ) {
case SEC_ACE_TYPE_ACCESS_ALLOWED :
printf ( " ACCESS ALLOWED " ) ;
break ;
case SEC_ACE_TYPE_ACCESS_DENIED :
printf ( " ACCESS DENIED " ) ;
2000-07-07 10:18:00 +04:00
break ;
2001-12-11 05:17:26 +03:00
case SEC_ACE_TYPE_SYSTEM_AUDIT :
printf ( " SYSTEM AUDIT " ) ;
break ;
case SEC_ACE_TYPE_SYSTEM_ALARM :
printf ( " SYSTEM ALARM " ) ;
break ;
2007-10-11 04:25:44 +04:00
case SEC_ACE_TYPE_ALLOWED_COMPOUND :
printf ( " SEC_ACE_TYPE_ALLOWED_COMPOUND " ) ;
break ;
case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT :
printf ( " SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT " ) ;
break ;
case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT :
printf ( " SEC_ACE_TYPE_ACCESS_DENIED_OBJECT " ) ;
break ;
case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT :
printf ( " SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT " ) ;
break ;
case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT :
printf ( " SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT " ) ;
break ;
2001-12-11 05:17:26 +03:00
default :
printf ( " ???? " ) ;
2000-07-07 10:18:00 +04:00
break ;
}
2007-10-11 04:25:44 +04:00
2007-10-26 14:58:01 +04:00
printf ( " (%d) flags: 0x%02x " , ace - > type , ace - > flags ) ;
display_sec_ace_flags ( ace - > flags ) ;
2006-09-21 02:23:12 +04:00
display_sec_access ( & ace - > access_mask ) ;
2009-03-25 23:29:13 +03:00
sid_str = dom_sid_string ( NULL , & ace - > trustee ) ;
2001-12-11 05:17:26 +03:00
printf ( " \t \t SID: %s \n \n " , sid_str ) ;
2009-03-25 23:29:13 +03:00
talloc_free ( sid_str ) ;
2007-10-11 04:25:44 +04:00
if ( sec_ace_object ( ace - > type ) ) {
disp_sec_ace_object ( & ace - > object . object ) ;
}
2000-07-07 10:18:00 +04:00
}
/****************************************************************************
display sec_acl structure
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2009-03-25 23:29:13 +03:00
void display_sec_acl ( struct security_acl * sec_acl )
2000-07-07 10:18:00 +04:00
{
2001-12-11 05:17:26 +03:00
int i ;
2000-07-07 10:18:00 +04:00
2001-12-11 05:17:26 +03:00
printf ( " \t ACL \t Num ACEs: \t %d \t revision: \t %x \n " ,
sec_acl - > num_aces , sec_acl - > revision ) ;
printf ( " \t --- \n " ) ;
2007-10-26 14:58:01 +04:00
if ( sec_acl - > size ! = 0 & & sec_acl - > num_aces ! = 0 ) {
for ( i = 0 ; i < sec_acl - > num_aces ; i + + ) {
2006-09-21 02:23:12 +04:00
display_sec_ace ( & sec_acl - > aces [ i ] ) ;
2007-10-26 14:58:01 +04:00
}
}
2000-07-07 10:18:00 +04:00
}
2009-03-15 19:14:25 +03:00
void display_acl_type ( uint16_t type )
2006-03-06 18:22:00 +03:00
{
2009-03-25 23:29:13 +03:00
printf ( " type: 0x%04x: " , type ) ;
2006-03-06 18:22:00 +03:00
if ( type & SEC_DESC_OWNER_DEFAULTED ) /* 0x0001 */
2009-03-25 23:29:13 +03:00
printf ( " SEC_DESC_OWNER_DEFAULTED " ) ;
2006-03-06 18:22:00 +03:00
if ( type & SEC_DESC_GROUP_DEFAULTED ) /* 0x0002 */
2009-03-25 23:29:13 +03:00
printf ( " SEC_DESC_GROUP_DEFAULTED " ) ;
2006-03-06 18:22:00 +03:00
if ( type & SEC_DESC_DACL_PRESENT ) /* 0x0004 */
2009-03-25 23:29:13 +03:00
printf ( " SEC_DESC_DACL_PRESENT " ) ;
2006-03-06 18:22:00 +03:00
if ( type & SEC_DESC_DACL_DEFAULTED ) /* 0x0008 */
2009-03-25 23:29:13 +03:00
printf ( " SEC_DESC_DACL_DEFAULTED " ) ;
2006-03-06 18:22:00 +03:00
if ( type & SEC_DESC_SACL_PRESENT ) /* 0x0010 */
2009-03-25 23:29:13 +03:00
printf ( " SEC_DESC_SACL_PRESENT " ) ;
2006-03-06 18:22:00 +03:00
if ( type & SEC_DESC_SACL_DEFAULTED ) /* 0x0020 */
2009-03-25 23:29:13 +03:00
printf ( " SEC_DESC_SACL_DEFAULTED " ) ;
2006-03-06 18:22:00 +03:00
if ( type & SEC_DESC_DACL_TRUSTED ) /* 0x0040 */
2009-03-25 23:29:13 +03:00
printf ( " SEC_DESC_DACL_TRUSTED " ) ;
2006-03-06 18:22:00 +03:00
if ( type & SEC_DESC_SERVER_SECURITY ) /* 0x0080 */
2009-03-25 23:29:13 +03:00
printf ( " SEC_DESC_SERVER_SECURITY " ) ;
2007-07-11 19:23:51 +04:00
if ( type & SEC_DESC_DACL_AUTO_INHERIT_REQ ) /* 0x0100 */
2009-03-25 23:29:13 +03:00
printf ( " SEC_DESC_DACL_AUTO_INHERIT_REQ " ) ;
2007-07-11 19:23:51 +04:00
if ( type & SEC_DESC_SACL_AUTO_INHERIT_REQ ) /* 0x0200 */
2009-03-25 23:29:13 +03:00
printf ( " SEC_DESC_SACL_AUTO_INHERIT_REQ " ) ;
2007-07-11 19:23:51 +04:00
if ( type & SEC_DESC_DACL_AUTO_INHERITED ) /* 0x0400 */
2009-03-25 23:29:13 +03:00
printf ( " SEC_DESC_DACL_AUTO_INHERITED " ) ;
2007-07-11 19:23:51 +04:00
if ( type & SEC_DESC_SACL_AUTO_INHERITED ) /* 0x0800 */
2009-03-25 23:29:13 +03:00
printf ( " SEC_DESC_SACL_AUTO_INHERITED " ) ;
2007-07-11 19:23:51 +04:00
if ( type & SEC_DESC_DACL_PROTECTED ) /* 0x1000 */
2009-03-25 23:29:13 +03:00
printf ( " SEC_DESC_DACL_PROTECTED " ) ;
2007-07-11 19:23:51 +04:00
if ( type & SEC_DESC_SACL_PROTECTED ) /* 0x2000 */
2009-03-25 23:29:13 +03:00
printf ( " SEC_DESC_SACL_PROTECTED " ) ;
2007-07-11 19:23:51 +04:00
if ( type & SEC_DESC_RM_CONTROL_VALID ) /* 0x4000 */
2009-03-25 23:29:13 +03:00
printf ( " SEC_DESC_RM_CONTROL_VALID " ) ;
2006-03-06 18:22:00 +03:00
if ( type & SEC_DESC_SELF_RELATIVE ) /* 0x8000 */
2009-03-25 23:29:13 +03:00
printf ( " SEC_DESC_SELF_RELATIVE " ) ;
2006-03-06 18:22:00 +03:00
2009-03-25 23:29:13 +03:00
printf ( " \n " ) ;
2006-03-06 18:22:00 +03:00
}
2000-07-07 10:18:00 +04:00
/****************************************************************************
display sec_desc structure
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2009-03-25 23:29:13 +03:00
void display_sec_desc ( struct security_descriptor * sec )
2000-07-07 10:18:00 +04:00
{
2009-03-25 23:29:13 +03:00
char * sid_str ;
2000-07-07 10:18:00 +04:00
2006-03-06 18:22:00 +03:00
if ( ! sec ) {
printf ( " NULL \n " ) ;
return ;
}
printf ( " revision: %d \n " , sec - > revision ) ;
display_acl_type ( sec - > type ) ;
2002-03-07 07:22:16 +03:00
if ( sec - > sacl ) {
printf ( " SACL \n " ) ;
2001-12-11 05:17:26 +03:00
display_sec_acl ( sec - > sacl ) ;
}
2002-03-07 07:22:16 +03:00
if ( sec - > dacl ) {
printf ( " DACL \n " ) ;
2001-12-11 05:17:26 +03:00
display_sec_acl ( sec - > dacl ) ;
2000-07-07 10:18:00 +04:00
}
2002-03-07 07:22:16 +03:00
if ( sec - > owner_sid ) {
2009-03-25 23:29:13 +03:00
sid_str = dom_sid_string ( NULL , sec - > owner_sid ) ;
2001-12-11 05:17:26 +03:00
printf ( " \t Owner SID: \t %s \n " , sid_str ) ;
2009-03-25 23:29:13 +03:00
talloc_free ( sid_str ) ;
2001-12-11 05:17:26 +03:00
}
2006-09-21 02:23:12 +04:00
if ( sec - > group_sid ) {
2009-03-25 23:29:13 +03:00
sid_str = dom_sid_string ( NULL , sec - > group_sid ) ;
2007-10-11 04:25:44 +04:00
printf ( " \t Group SID: \t %s \n " , sid_str ) ;
2009-03-25 23:29:13 +03:00
talloc_free ( sid_str ) ;
2001-12-11 05:17:26 +03:00
}
}