2002-03-10 09:56:59 +03:00
/*
2002-03-22 09:24:38 +03:00
Unix SMB / CIFS implementation .
2002-03-10 09:56:59 +03:00
Samba utility functions . ADS stuff
Copyright ( C ) Alexey Kotovich 2002
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
the Free Software Foundation ; either version 3 of the License , or
2002-03-10 09:56:59 +03:00
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
2007-07-10 04:52:41 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2002-03-10 09:56:59 +03:00
*/
# include "includes.h"
static struct perm_mask_str {
uint32 mask ;
2003-01-03 11:28:12 +03:00
const char * str ;
2002-03-10 09:56:59 +03:00
} perms [ ] = {
{ SEC_RIGHTS_FULL_CTRL , " [Full Control] " } ,
{ SEC_RIGHTS_LIST_CONTENTS , " [List Contents] " } ,
{ SEC_RIGHTS_LIST_OBJECT , " [List Object] " } ,
{ SEC_RIGHTS_READ_ALL_PROP , " [Read All Properties] " } ,
{ SEC_RIGHTS_READ_PERMS , " [Read Permissions] " } ,
{ SEC_RIGHTS_WRITE_ALL_VALID , " [All validate writes] " } ,
{ SEC_RIGHTS_WRITE_ALL_PROP , " [Write All Properties] " } ,
{ SEC_RIGHTS_MODIFY_PERMS , " [Modify Permissions] " } ,
{ SEC_RIGHTS_MODIFY_OWNER , " [Modify Owner] " } ,
{ SEC_RIGHTS_CREATE_CHILD , " [Create All Child Objects] " } ,
{ SEC_RIGHTS_DELETE , " [Delete] " } ,
{ SEC_RIGHTS_DELETE_SUBTREE , " [Delete Subtree] " } ,
{ SEC_RIGHTS_DELETE_CHILD , " [Delete All Child Objects] " } ,
{ SEC_RIGHTS_CHANGE_PASSWD , " [Change Password] " } ,
{ SEC_RIGHTS_RESET_PASSWD , " [Reset Password] " } ,
2007-05-11 16:59:16 +04:00
2002-03-10 09:56:59 +03:00
{ 0 , 0 }
} ;
/* convert a security permissions into a string */
2002-07-15 14:35:28 +04:00
static void ads_disp_perms ( uint32 type )
2002-03-10 09:56:59 +03:00
{
int i = 0 ;
int j = 0 ;
printf ( " Permissions: " ) ;
if ( type = = SEC_RIGHTS_FULL_CTRL ) {
printf ( " %s \n " , perms [ j ] . str ) ;
return ;
}
for ( i = 0 ; i < 32 ; i + + ) {
if ( type & ( 1 < < i ) ) {
for ( j = 1 ; perms [ j ] . str ; j + + ) {
if ( perms [ j ] . mask = = ( ( ( unsigned ) 1 ) < < i ) ) {
2007-05-11 16:59:16 +04:00
printf ( " \n \t %s (0x%08x) " , perms [ j ] . str , perms [ j ] . mask ) ;
2002-03-10 09:56:59 +03:00
}
}
type & = ~ ( 1 < < i ) ;
}
}
/* remaining bits get added on as-is */
if ( type ! = 0 ) {
printf ( " [%08x] " , type ) ;
}
puts ( " " ) ;
}
2007-07-11 01:04:57 +04:00
static void ads_disp_sec_ace_object ( struct security_ace_object * object )
{
if ( object - > flags & SEC_ACE_OBJECT_PRESENT ) {
printf ( " Object type: SEC_ACE_OBJECT_PRESENT \n " ) ;
printf ( " Object GUID: %s \n " , smb_uuid_string_static (
object - > type . type ) ) ;
}
if ( object - > flags & SEC_ACE_OBJECT_INHERITED_PRESENT ) {
printf ( " Object type: SEC_ACE_OBJECT_INHERITED_PRESENT \n " ) ;
printf ( " Object GUID: %s \n " , smb_uuid_string_static (
object - > inherited_type . inherited_type ) ) ;
}
}
2002-03-10 09:56:59 +03:00
/* display ACE */
2002-07-15 14:35:28 +04:00
static void ads_disp_ace ( SEC_ACE * sec_ace )
2002-03-10 09:56:59 +03:00
{
2003-01-03 11:28:12 +03:00
const char * access_type = " UNKNOWN " ;
2002-03-10 09:56:59 +03:00
if ( ! sec_ace_object ( sec_ace - > type ) ) {
printf ( " ------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x) \n " ,
sec_ace - > type ,
sec_ace - > flags ,
sec_ace - > size ,
2006-09-21 02:23:12 +04:00
sec_ace - > access_mask ) ;
2002-03-10 09:56:59 +03:00
} else {
printf ( " ------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x, object flags: 0x%x) \n " ,
sec_ace - > type ,
sec_ace - > flags ,
sec_ace - > size ,
2006-09-21 02:23:12 +04:00
sec_ace - > access_mask ,
sec_ace - > object . object . flags ) ;
2002-03-10 09:56:59 +03:00
}
if ( sec_ace - > type = = SEC_ACE_TYPE_ACCESS_ALLOWED ) {
access_type = " ALLOWED " ;
} else if ( sec_ace - > type = = SEC_ACE_TYPE_ACCESS_DENIED ) {
access_type = " DENIED " ;
} else if ( sec_ace - > type = = SEC_ACE_TYPE_SYSTEM_AUDIT ) {
access_type = " SYSTEM AUDIT " ;
} else if ( sec_ace - > type = = SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ) {
access_type = " ALLOWED OBJECT " ;
} else if ( sec_ace - > type = = SEC_ACE_TYPE_ACCESS_DENIED_OBJECT ) {
2002-07-15 14:35:28 +04:00
access_type = " DENIED OBJECT " ;
2002-03-10 09:56:59 +03:00
} else if ( sec_ace - > type = = SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT ) {
access_type = " AUDIT OBJECT " ;
}
printf ( " access SID: %s \n access type: %s \n " ,
sid_string_static ( & sec_ace - > trustee ) , access_type ) ;
2007-07-11 01:04:57 +04:00
if ( sec_ace_object ( sec_ace - > type ) ) {
ads_disp_sec_ace_object ( & sec_ace - > object . object ) ;
}
2006-09-21 02:23:12 +04:00
ads_disp_perms ( sec_ace - > access_mask ) ;
2002-03-10 09:56:59 +03:00
}
/* display ACL */
2003-01-03 11:28:12 +03:00
static void ads_disp_acl ( SEC_ACL * sec_acl , const char * type )
2002-03-10 09:56:59 +03:00
{
if ( ! sec_acl )
printf ( " ------- (%s) ACL not present \n " , type ) ;
else {
printf ( " ------- (%s) ACL (revision: %d, size: %d, number of ACEs: %d) \n " ,
type ,
sec_acl - > revision ,
sec_acl - > size ,
sec_acl - > num_aces ) ;
}
}
/* display SD */
void ads_disp_sd ( SEC_DESC * sd )
{
int i ;
printf ( " -------------- Security Descriptor (revision: %d, type: 0x%02x) \n " ,
sd - > revision ,
sd - > type ) ;
printf ( " owner SID: %s \n " , sid_string_static ( sd - > owner_sid ) ) ;
2006-09-21 02:23:12 +04:00
printf ( " group SID: %s \n " , sid_string_static ( sd - > group_sid ) ) ;
2002-03-10 09:56:59 +03:00
ads_disp_acl ( sd - > sacl , " system " ) ;
for ( i = 0 ; i < sd - > sacl - > num_aces ; i + + )
2006-09-21 02:23:12 +04:00
ads_disp_ace ( & sd - > sacl - > aces [ i ] ) ;
2002-03-10 09:56:59 +03:00
ads_disp_acl ( sd - > dacl , " user " ) ;
for ( i = 0 ; i < sd - > dacl - > num_aces ; i + + )
2006-09-21 02:23:12 +04:00
ads_disp_ace ( & sd - > dacl - > aces [ i ] ) ;
2002-03-10 09:56:59 +03:00
printf ( " -------------- End Of Security Descriptor \n " ) ;
}