1/*
2   Unix SMB/CIFS implementation.
3   Samba utility functions. ADS stuff
4   Copyright (C) Alexey Kotovich 2002
5
6   This program is free software; you can redistribute it and/or modify
7   it under the terms of the GNU General Public License as published by
8   the Free Software Foundation; either version 2 of the License, or
9   (at your option) any later version.
10
11   This program is distributed in the hope that it will be useful,
12   but WITHOUT ANY WARRANTY; without even the implied warranty of
13   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14   GNU General Public License for more details.
15
16   You should have received a copy of the GNU General Public License
17   along with this program; if not, write to the Free Software
18   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19*/
20
21#include "includes.h"
22
23static struct perm_mask_str {
24	uint32  mask;
25	const char   *str;
26} perms[] = {
27	{SEC_RIGHTS_FULL_CTRL,		"[Full Control]"},
28
29	{SEC_RIGHTS_LIST_CONTENTS,	"[List Contents]"},
30	{SEC_RIGHTS_LIST_OBJECT,	"[List Object]"},
31
32	{SEC_RIGHTS_READ_ALL_PROP,	"[Read All Properties]"},
33	{SEC_RIGHTS_READ_PERMS,		"[Read Permissions]"},
34
35	{SEC_RIGHTS_WRITE_ALL_VALID,	"[All validate writes]"},
36	{SEC_RIGHTS_WRITE_ALL_PROP,  	"[Write All Properties]"},
37
38	{SEC_RIGHTS_MODIFY_PERMS,	"[Modify Permissions]"},
39	{SEC_RIGHTS_MODIFY_OWNER,	"[Modify Owner]"},
40
41	{SEC_RIGHTS_CREATE_CHILD,	"[Create All Child Objects]"},
42
43	{SEC_RIGHTS_DELETE,		"[Delete]"},
44	{SEC_RIGHTS_DELETE_SUBTREE,	"[Delete Subtree]"},
45	{SEC_RIGHTS_DELETE_CHILD,	"[Delete All Child Objects]"},
46
47	{SEC_RIGHTS_CHANGE_PASSWD,	"[Change Password]"},
48	{SEC_RIGHTS_RESET_PASSWD,	"[Reset Password]"},
49	{0,				0}
50};
51
52/* convert a security permissions into a string */
53static void ads_disp_perms(uint32 type)
54{
55	int i = 0;
56	int j = 0;
57
58	printf("Permissions: ");
59
60	if (type == SEC_RIGHTS_FULL_CTRL) {
61		printf("%s\n", perms[j].str);
62		return;
63	}
64
65	for (i = 0; i < 32; i++) {
66		if (type & (1 << i)) {
67			for (j = 1; perms[j].str; j ++) {
68				if (perms[j].mask == (((unsigned) 1) << i)) {
69					printf("\n\t%s", perms[j].str);
70				}
71			}
72			type &= ~(1 << i);
73		}
74	}
75
76	/* remaining bits get added on as-is */
77	if (type != 0) {
78		printf("[%08x]", type);
79	}
80	puts("");
81}
82
83/* display ACE */
84static void ads_disp_ace(SEC_ACE *sec_ace)
85{
86	const char *access_type = "UNKNOWN";
87
88	if (!sec_ace_object(sec_ace->type)) {
89		printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x)\n",
90		  sec_ace->type,
91		  sec_ace->flags,
92		  sec_ace->size,
93		  sec_ace->info.mask);
94	} else {
95		printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x, object flags: 0x%x)\n",
96		  sec_ace->type,
97		  sec_ace->flags,
98		  sec_ace->size,
99		  sec_ace->info.mask,
100		  sec_ace->obj_flags);
101	}
102
103	if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) {
104		access_type = "ALLOWED";
105	} else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED) {
106		access_type = "DENIED";
107	} else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT) {
108		access_type = "SYSTEM AUDIT";
109	} else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) {
110		access_type = "ALLOWED OBJECT";
111	} else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT) {
112		access_type = "DENIED OBJECT";
113	} else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT) {
114		access_type = "AUDIT OBJECT";
115	}
116
117	printf("access SID:  %s\naccess type: %s\n",
118               sid_string_static(&sec_ace->trustee), access_type);
119
120	ads_disp_perms(sec_ace->info.mask);
121}
122
123/* display ACL */
124static void ads_disp_acl(SEC_ACL *sec_acl, const char *type)
125{
126        if (!sec_acl)
127		printf("------- (%s) ACL not present\n", type);
128	else {
129		printf("------- (%s) ACL (revision: %d, size: %d, number of ACEs: %d)\n",
130    	    	       type,
131        	       sec_acl->revision,
132	               sec_acl->size,
133    		       sec_acl->num_aces);
134	}
135}
136
137/* display SD */
138void ads_disp_sd(SEC_DESC *sd)
139{
140	int i;
141
142	printf("-------------- Security Descriptor (revision: %d, type: 0x%02x)\n",
143               sd->revision,
144               sd->type);
145	printf("owner SID: %s\n", sid_string_static(sd->owner_sid));
146	printf("group SID: %s\n", sid_string_static(sd->grp_sid));
147
148	ads_disp_acl(sd->sacl, "system");
149	for (i = 0; i < sd->sacl->num_aces; i ++)
150		ads_disp_ace(&sd->sacl->ace[i]);
151
152	ads_disp_acl(sd->dacl, "user");
153	for (i = 0; i < sd->dacl->num_aces; i ++)
154		ads_disp_ace(&sd->dacl->ace[i]);
155
156	printf("-------------- End Of Security Descriptor\n");
157}
158
159
160