summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/libads/disp_sec.c175
1 files changed, 175 insertions, 0 deletions
diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c
new file mode 100644
index 0000000000..c6fe0862c9
--- /dev/null
+++ b/source3/libads/disp_sec.c
@@ -0,0 +1,175 @@
+/*
+ Unix SMB/Netbios implementation.
+ Version 3.0.
+ Samba utility functions. ADS stuff
+ Copyright (C) Alexey Kotovich 2002
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#ifdef HAVE_ADS
+
+static struct perm_mask_str {
+ uint32 mask;
+ char *str;
+} perms[] = {
+ {SEC_RIGHTS_FULL_CTRL, "[Full Control]"},
+
+ {SEC_RIGHTS_LIST_CONTENTS, "[List Contents]"},
+ {SEC_RIGHTS_LIST_OBJECT, "[List Object]"},
+
+ {SEC_RIGHTS_READ_ALL_PROP, "[Read All Properties]"},
+ {SEC_RIGHTS_READ_PERMS, "[Read Permissions]"},
+
+ {SEC_RIGHTS_WRITE_ALL_VALID, "[All validate writes]"},
+ {SEC_RIGHTS_WRITE_ALL_PROP, "[Write All Properties]"},
+
+ {SEC_RIGHTS_MODIFY_PERMS, "[Modify Permissions]"},
+ {SEC_RIGHTS_MODIFY_OWNER, "[Modify Owner]"},
+
+ {SEC_RIGHTS_CREATE_CHILD, "[Create All Child Objects]"},
+
+ {SEC_RIGHTS_DELETE, "[Delete]"},
+ {SEC_RIGHTS_DELETE_SUBTREE, "[Delete Subtree]"},
+ {SEC_RIGHTS_DELETE_CHILD, "[Delete All Child Objects]"},
+
+ {SEC_RIGHTS_CHANGE_PASSWD, "[Change Password]"},
+ {SEC_RIGHTS_RESET_PASSWD, "[Reset Password]"},
+ {0, 0}
+};
+
+/* convert a security permissions into a string */
+void ads_disp_perms(uint32 type)
+{
+ int i = 0;
+ int j = 0;
+
+ printf("Permissions: ");
+
+ if (type == SEC_RIGHTS_FULL_CTRL) {
+ printf("%s\n", perms[j].str);
+ return;
+ }
+
+ for (i = 0; i < 32; i++) {
+ if (type & (1 << i)) {
+ for (j = 1; perms[j].str; j ++) {
+ if (perms[j].mask == (((unsigned) 1) << i)) {
+ printf("\n\t%s", perms[j].str);
+ }
+ }
+ type &= ~(1 << i);
+ }
+ }
+
+ /* remaining bits get added on as-is */
+ if (type != 0) {
+ printf("[%08x]", type);
+ }
+ puts("");
+}
+
+/* Check if ACE has OBJECT type */
+BOOL ads_ace_object(uint8 type)
+{
+ if (type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
+ type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT ||
+ type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT ||
+ type == SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT) {
+ return True;
+ }
+ return False;
+}
+
+/* display ACE */
+void ads_disp_ace(SEC_ACE *sec_ace)
+{
+ char *access_type = "UNKNOWN";
+
+ if (!sec_ace_object(sec_ace->type)) {
+ printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x)\n",
+ sec_ace->type,
+ sec_ace->flags,
+ sec_ace->size,
+ sec_ace->info.mask);
+ } else {
+ printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x, object flags: 0x%x)\n",
+ sec_ace->type,
+ sec_ace->flags,
+ sec_ace->size,
+ sec_ace->info.mask,
+ sec_ace->obj_flags);
+ }
+
+ if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) {
+ access_type = "ALLOWED";
+ } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED) {
+ access_type = "DENIED";
+ } else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT) {
+ access_type = "SYSTEM AUDIT";
+ } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) {
+ access_type = "ALLOWED OBJECT";
+ } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT) {
+ access_type = "DEINED OBJECT";
+ } else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT) {
+ access_type = "AUDIT OBJECT";
+ }
+
+ printf("access SID: %s\naccess type: %s\n",
+ sid_string_static(&sec_ace->trustee), access_type);
+
+ ads_disp_perms(sec_ace->info.mask);
+}
+
+/* display ACL */
+void ads_disp_acl(SEC_ACL *sec_acl, char *type)
+{
+ if (!sec_acl)
+ printf("------- (%s) ACL not present\n", type);
+ else {
+ printf("------- (%s) ACL (revision: %d, size: %d, number of ACEs: %d)\n",
+ type,
+ sec_acl->revision,
+ sec_acl->size,
+ sec_acl->num_aces);
+ }
+}
+
+/* display SD */
+void ads_disp_sd(SEC_DESC *sd)
+{
+ int i;
+
+ printf("-------------- Security Descriptor (revision: %d, type: 0x%02x)\n",
+ sd->revision,
+ sd->type);
+ printf("owner SID: %s\n", sid_string_static(sd->owner_sid));
+ printf("group SID: %s\n", sid_string_static(sd->grp_sid));
+
+ ads_disp_acl(sd->sacl, "system");
+ for (i = 0; i < sd->sacl->num_aces; i ++)
+ ads_disp_ace(&sd->sacl->ace[i]);
+
+ ads_disp_acl(sd->dacl, "user");
+ for (i = 0; i < sd->dacl->num_aces; i ++)
+ ads_disp_ace(&sd->dacl->ace[i]);
+
+ printf("-------------- End Of Security Descriptor\n");
+}
+
+#endif
+