1/* 2 Unix SMB/CIFS implementation. 3 Samba utility functions. ADS stuff 4 Copyright (C) Alexey Kotovich 2002 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License as published by 8 the Free Software Foundation; either version 2 of the License, or 9 (at your option) any later version. 10 11 This program is distributed in the hope that it will be useful, 12 but WITHOUT ANY WARRANTY; without even the implied warranty of 13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 GNU General Public License for more details. 15 16 You should have received a copy of the GNU General Public License 17 along with this program; if not, write to the Free Software 18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 19*/ 20 21#include "includes.h" 22 23static struct perm_mask_str { 24 uint32 mask; 25 const char *str; 26} perms[] = { 27 {SEC_RIGHTS_FULL_CTRL, "[Full Control]"}, 28 29 {SEC_RIGHTS_LIST_CONTENTS, "[List Contents]"}, 30 {SEC_RIGHTS_LIST_OBJECT, "[List Object]"}, 31 32 {SEC_RIGHTS_READ_ALL_PROP, "[Read All Properties]"}, 33 {SEC_RIGHTS_READ_PERMS, "[Read Permissions]"}, 34 35 {SEC_RIGHTS_WRITE_ALL_VALID, "[All validate writes]"}, 36 {SEC_RIGHTS_WRITE_ALL_PROP, "[Write All Properties]"}, 37 38 {SEC_RIGHTS_MODIFY_PERMS, "[Modify Permissions]"}, 39 {SEC_RIGHTS_MODIFY_OWNER, "[Modify Owner]"}, 40 41 {SEC_RIGHTS_CREATE_CHILD, "[Create All Child Objects]"}, 42 43 {SEC_RIGHTS_DELETE, "[Delete]"}, 44 {SEC_RIGHTS_DELETE_SUBTREE, "[Delete Subtree]"}, 45 {SEC_RIGHTS_DELETE_CHILD, "[Delete All Child Objects]"}, 46 47 {SEC_RIGHTS_CHANGE_PASSWD, "[Change Password]"}, 48 {SEC_RIGHTS_RESET_PASSWD, "[Reset Password]"}, 49 {0, 0} 50}; 51 52/* convert a security permissions into a string */ 53static void ads_disp_perms(uint32 type) 54{ 55 int i = 0; 56 int j = 0; 57 58 printf("Permissions: "); 59 60 if (type == SEC_RIGHTS_FULL_CTRL) { 61 printf("%s\n", perms[j].str); 62 return; 63 } 64 65 for (i = 0; i < 32; i++) { 66 if (type & (1 << i)) { 67 for (j = 1; perms[j].str; j ++) { 68 if (perms[j].mask == (((unsigned) 1) << i)) { 69 printf("\n\t%s", perms[j].str); 70 } 71 } 72 type &= ~(1 << i); 73 } 74 } 75 76 /* remaining bits get added on as-is */ 77 if (type != 0) { 78 printf("[%08x]", type); 79 } 80 puts(""); 81} 82 83/* display ACE */ 84static void ads_disp_ace(SEC_ACE *sec_ace) 85{ 86 const char *access_type = "UNKNOWN"; 87 88 if (!sec_ace_object(sec_ace->type)) { 89 printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x)\n", 90 sec_ace->type, 91 sec_ace->flags, 92 sec_ace->size, 93 sec_ace->info.mask); 94 } else { 95 printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x, object flags: 0x%x)\n", 96 sec_ace->type, 97 sec_ace->flags, 98 sec_ace->size, 99 sec_ace->info.mask, 100 sec_ace->obj_flags); 101 } 102 103 if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) { 104 access_type = "ALLOWED"; 105 } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED) { 106 access_type = "DENIED"; 107 } else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT) { 108 access_type = "SYSTEM AUDIT"; 109 } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) { 110 access_type = "ALLOWED OBJECT"; 111 } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT) { 112 access_type = "DENIED OBJECT"; 113 } else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT) { 114 access_type = "AUDIT OBJECT"; 115 } 116 117 printf("access SID: %s\naccess type: %s\n", 118 sid_string_static(&sec_ace->trustee), access_type); 119 120 ads_disp_perms(sec_ace->info.mask); 121} 122 123/* display ACL */ 124static void ads_disp_acl(SEC_ACL *sec_acl, const char *type) 125{ 126 if (!sec_acl) 127 printf("------- (%s) ACL not present\n", type); 128 else { 129 printf("------- (%s) ACL (revision: %d, size: %d, number of ACEs: %d)\n", 130 type, 131 sec_acl->revision, 132 sec_acl->size, 133 sec_acl->num_aces); 134 } 135} 136 137/* display SD */ 138void ads_disp_sd(SEC_DESC *sd) 139{ 140 int i; 141 142 printf("-------------- Security Descriptor (revision: %d, type: 0x%02x)\n", 143 sd->revision, 144 sd->type); 145 printf("owner SID: %s\n", sid_string_static(sd->owner_sid)); 146 printf("group SID: %s\n", sid_string_static(sd->grp_sid)); 147 148 ads_disp_acl(sd->sacl, "system"); 149 for (i = 0; i < sd->sacl->num_aces; i ++) 150 ads_disp_ace(&sd->sacl->ace[i]); 151 152 ads_disp_acl(sd->dacl, "user"); 153 for (i = 0; i < sd->dacl->num_aces; i ++) 154 ads_disp_ace(&sd->dacl->ace[i]); 155 156 printf("-------------- End Of Security Descriptor\n"); 157} 158 159 160