From 1975b3e4a2318ca79aacae0f03dcbc68bdaeee45 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 10 Mar 2002 06:56:59 +0000 Subject: forgotten file, oops (This used to be commit 98196e79b733e029341578b382bdfabf3f9a0bdc) --- source3/libads/disp_sec.c | 175 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 175 insertions(+) create mode 100644 source3/libads/disp_sec.c (limited to 'source3/libads/disp_sec.c') diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c new file mode 100644 index 0000000000..c6fe0862c9 --- /dev/null +++ b/source3/libads/disp_sec.c @@ -0,0 +1,175 @@ +/* + Unix SMB/Netbios implementation. + Version 3.0. + Samba utility functions. ADS stuff + Copyright (C) Alexey Kotovich 2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +#ifdef HAVE_ADS + +static struct perm_mask_str { + uint32 mask; + char *str; +} perms[] = { + {SEC_RIGHTS_FULL_CTRL, "[Full Control]"}, + + {SEC_RIGHTS_LIST_CONTENTS, "[List Contents]"}, + {SEC_RIGHTS_LIST_OBJECT, "[List Object]"}, + + {SEC_RIGHTS_READ_ALL_PROP, "[Read All Properties]"}, + {SEC_RIGHTS_READ_PERMS, "[Read Permissions]"}, + + {SEC_RIGHTS_WRITE_ALL_VALID, "[All validate writes]"}, + {SEC_RIGHTS_WRITE_ALL_PROP, "[Write All Properties]"}, + + {SEC_RIGHTS_MODIFY_PERMS, "[Modify Permissions]"}, + {SEC_RIGHTS_MODIFY_OWNER, "[Modify Owner]"}, + + {SEC_RIGHTS_CREATE_CHILD, "[Create All Child Objects]"}, + + {SEC_RIGHTS_DELETE, "[Delete]"}, + {SEC_RIGHTS_DELETE_SUBTREE, "[Delete Subtree]"}, + {SEC_RIGHTS_DELETE_CHILD, "[Delete All Child Objects]"}, + + {SEC_RIGHTS_CHANGE_PASSWD, "[Change Password]"}, + {SEC_RIGHTS_RESET_PASSWD, "[Reset Password]"}, + {0, 0} +}; + +/* convert a security permissions into a string */ +void ads_disp_perms(uint32 type) +{ + int i = 0; + int j = 0; + + printf("Permissions: "); + + if (type == SEC_RIGHTS_FULL_CTRL) { + printf("%s\n", perms[j].str); + return; + } + + for (i = 0; i < 32; i++) { + if (type & (1 << i)) { + for (j = 1; perms[j].str; j ++) { + if (perms[j].mask == (((unsigned) 1) << i)) { + printf("\n\t%s", perms[j].str); + } + } + type &= ~(1 << i); + } + } + + /* remaining bits get added on as-is */ + if (type != 0) { + printf("[%08x]", type); + } + puts(""); +} + +/* Check if ACE has OBJECT type */ +BOOL ads_ace_object(uint8 type) +{ + if (type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT || + type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT || + type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT || + type == SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT) { + return True; + } + return False; +} + +/* display ACE */ +void ads_disp_ace(SEC_ACE *sec_ace) +{ + char *access_type = "UNKNOWN"; + + if (!sec_ace_object(sec_ace->type)) { + printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x)\n", + sec_ace->type, + sec_ace->flags, + sec_ace->size, + sec_ace->info.mask); + } else { + printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x, object flags: 0x%x)\n", + sec_ace->type, + sec_ace->flags, + sec_ace->size, + sec_ace->info.mask, + sec_ace->obj_flags); + } + + if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) { + access_type = "ALLOWED"; + } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED) { + access_type = "DENIED"; + } else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT) { + access_type = "SYSTEM AUDIT"; + } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) { + access_type = "ALLOWED OBJECT"; + } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT) { + access_type = "DEINED OBJECT"; + } else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT) { + access_type = "AUDIT OBJECT"; + } + + printf("access SID: %s\naccess type: %s\n", + sid_string_static(&sec_ace->trustee), access_type); + + ads_disp_perms(sec_ace->info.mask); +} + +/* display ACL */ +void ads_disp_acl(SEC_ACL *sec_acl, char *type) +{ + if (!sec_acl) + printf("------- (%s) ACL not present\n", type); + else { + printf("------- (%s) ACL (revision: %d, size: %d, number of ACEs: %d)\n", + type, + sec_acl->revision, + sec_acl->size, + sec_acl->num_aces); + } +} + +/* display SD */ +void ads_disp_sd(SEC_DESC *sd) +{ + int i; + + printf("-------------- Security Descriptor (revision: %d, type: 0x%02x)\n", + sd->revision, + sd->type); + printf("owner SID: %s\n", sid_string_static(sd->owner_sid)); + printf("group SID: %s\n", sid_string_static(sd->grp_sid)); + + ads_disp_acl(sd->sacl, "system"); + for (i = 0; i < sd->sacl->num_aces; i ++) + ads_disp_ace(&sd->sacl->ace[i]); + + ads_disp_acl(sd->dacl, "user"); + for (i = 0; i < sd->dacl->num_aces; i ++) + ads_disp_ace(&sd->dacl->ace[i]); + + printf("-------------- End Of Security Descriptor\n"); +} + +#endif + -- cgit From ce236d1dbf2673e2ff921683554cee41fca33249 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Fri, 22 Mar 2002 06:24:38 +0000 Subject: Stomped on some header file version numbers that have crept back in. (This used to be commit e66bdf1229ba84f64c19e817e2c4081dbbf0bee8) --- source3/libads/disp_sec.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/libads/disp_sec.c') diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c index c6fe0862c9..ab8ceecb0c 100644 --- a/source3/libads/disp_sec.c +++ b/source3/libads/disp_sec.c @@ -1,6 +1,5 @@ /* - Unix SMB/Netbios implementation. - Version 3.0. + Unix SMB/CIFS implementation. Samba utility functions. ADS stuff Copyright (C) Alexey Kotovich 2002 -- cgit From e90b65284812aaa5ff9e9935ce9bbad7791cbbcd Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 15 Jul 2002 10:35:28 +0000 Subject: updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce) --- source3/libads/disp_sec.c | 20 ++++---------------- 1 file changed, 4 insertions(+), 16 deletions(-) (limited to 'source3/libads/disp_sec.c') diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c index ab8ceecb0c..a930fd6fe0 100644 --- a/source3/libads/disp_sec.c +++ b/source3/libads/disp_sec.c @@ -52,7 +52,7 @@ static struct perm_mask_str { }; /* convert a security permissions into a string */ -void ads_disp_perms(uint32 type) +static void ads_disp_perms(uint32 type) { int i = 0; int j = 0; @@ -82,20 +82,8 @@ void ads_disp_perms(uint32 type) puts(""); } -/* Check if ACE has OBJECT type */ -BOOL ads_ace_object(uint8 type) -{ - if (type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT || - type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT || - type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT || - type == SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT) { - return True; - } - return False; -} - /* display ACE */ -void ads_disp_ace(SEC_ACE *sec_ace) +static void ads_disp_ace(SEC_ACE *sec_ace) { char *access_type = "UNKNOWN"; @@ -123,7 +111,7 @@ void ads_disp_ace(SEC_ACE *sec_ace) } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) { access_type = "ALLOWED OBJECT"; } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT) { - access_type = "DEINED OBJECT"; + access_type = "DENIED OBJECT"; } else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT) { access_type = "AUDIT OBJECT"; } @@ -135,7 +123,7 @@ void ads_disp_ace(SEC_ACE *sec_ace) } /* display ACL */ -void ads_disp_acl(SEC_ACL *sec_acl, char *type) +static void ads_disp_acl(SEC_ACL *sec_acl, char *type) { if (!sec_acl) printf("------- (%s) ACL not present\n", type); -- cgit From f2d1f19a66ebaf9b88d23c0faa2412536cc74cda Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 1 Oct 2002 18:26:00 +0000 Subject: syncing up with HEAD. Seems to be a lot of differences creeping in (i ignored the new SAMBA stuff, but the rest of this looks like it should have been merged already). (This used to be commit 3de09e5cf1f667e410ee8b9516a956860ce7290f) --- source3/libads/disp_sec.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'source3/libads/disp_sec.c') diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c index a930fd6fe0..a7b0bf6f07 100644 --- a/source3/libads/disp_sec.c +++ b/source3/libads/disp_sec.c @@ -20,8 +20,6 @@ #include "includes.h" -#ifdef HAVE_ADS - static struct perm_mask_str { uint32 mask; char *str; @@ -158,5 +156,4 @@ void ads_disp_sd(SEC_DESC *sd) printf("-------------- End Of Security Descriptor\n"); } -#endif -- cgit From 634c54310c92c48dd4eceec602e230a021bdcfc5 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 3 Jan 2003 08:28:12 +0000 Subject: Merge from HEAD - make Samba compile with -Wwrite-strings without additional warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c) --- source3/libads/disp_sec.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/libads/disp_sec.c') diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c index a7b0bf6f07..c9de447e69 100644 --- a/source3/libads/disp_sec.c +++ b/source3/libads/disp_sec.c @@ -22,7 +22,7 @@ static struct perm_mask_str { uint32 mask; - char *str; + const char *str; } perms[] = { {SEC_RIGHTS_FULL_CTRL, "[Full Control]"}, @@ -83,7 +83,7 @@ static void ads_disp_perms(uint32 type) /* display ACE */ static void ads_disp_ace(SEC_ACE *sec_ace) { - char *access_type = "UNKNOWN"; + const char *access_type = "UNKNOWN"; if (!sec_ace_object(sec_ace->type)) { printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x)\n", @@ -121,7 +121,7 @@ static void ads_disp_ace(SEC_ACE *sec_ace) } /* display ACL */ -static void ads_disp_acl(SEC_ACL *sec_acl, char *type) +static void ads_disp_acl(SEC_ACL *sec_acl, const char *type) { if (!sec_acl) printf("------- (%s) ACL not present\n", type); -- cgit From 4db7642caa99c1b054322a8971c4b673556487ce Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 20 Sep 2006 22:23:12 +0000 Subject: r18745: Use the Samba4 data structures for security descriptors and security descriptor buffers. Make security access masks simply a uint32 rather than a structure with a uint32 in it. (This used to be commit b41c52b9db5fc4a553b20a7a5a051a4afced9366) --- source3/libads/disp_sec.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'source3/libads/disp_sec.c') diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c index c9de447e69..a768ba08f3 100644 --- a/source3/libads/disp_sec.c +++ b/source3/libads/disp_sec.c @@ -90,14 +90,14 @@ static void ads_disp_ace(SEC_ACE *sec_ace) sec_ace->type, sec_ace->flags, sec_ace->size, - sec_ace->info.mask); + sec_ace->access_mask); } else { printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x, object flags: 0x%x)\n", sec_ace->type, sec_ace->flags, sec_ace->size, - sec_ace->info.mask, - sec_ace->obj_flags); + sec_ace->access_mask, + sec_ace->object.object.flags); } if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) { @@ -117,7 +117,7 @@ static void ads_disp_ace(SEC_ACE *sec_ace) printf("access SID: %s\naccess type: %s\n", sid_string_static(&sec_ace->trustee), access_type); - ads_disp_perms(sec_ace->info.mask); + ads_disp_perms(sec_ace->access_mask); } /* display ACL */ @@ -143,15 +143,15 @@ void ads_disp_sd(SEC_DESC *sd) sd->revision, sd->type); printf("owner SID: %s\n", sid_string_static(sd->owner_sid)); - printf("group SID: %s\n", sid_string_static(sd->grp_sid)); + printf("group SID: %s\n", sid_string_static(sd->group_sid)); ads_disp_acl(sd->sacl, "system"); for (i = 0; i < sd->sacl->num_aces; i ++) - ads_disp_ace(&sd->sacl->ace[i]); + ads_disp_ace(&sd->sacl->aces[i]); ads_disp_acl(sd->dacl, "user"); for (i = 0; i < sd->dacl->num_aces; i ++) - ads_disp_ace(&sd->dacl->ace[i]); + ads_disp_ace(&sd->dacl->aces[i]); printf("-------------- End Of Security Descriptor\n"); } -- cgit From 46c5da2fd668ceecf0009374b508f3cf0d1c3e3e Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 11 May 2007 12:59:16 +0000 Subject: r22798: Add the "apply group policy" access bit (as seen in type 0x05 ALLOWED OBJECT ACEs). Guenther (This used to be commit e138cbc876e50ae25cb15c5109a42bc8b800c1ba) --- source3/libads/disp_sec.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source3/libads/disp_sec.c') diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c index a768ba08f3..1e62eb8551 100644 --- a/source3/libads/disp_sec.c +++ b/source3/libads/disp_sec.c @@ -46,6 +46,9 @@ static struct perm_mask_str { {SEC_RIGHTS_CHANGE_PASSWD, "[Change Password]"}, {SEC_RIGHTS_RESET_PASSWD, "[Reset Password]"}, + + {SEC_RIGHTS_APPLY_GROUP_POLICY, "[Apply Group Policy]"}, + {0, 0} }; @@ -66,7 +69,7 @@ static void ads_disp_perms(uint32 type) if (type & (1 << i)) { for (j = 1; perms[j].str; j ++) { if (perms[j].mask == (((unsigned) 1) << i)) { - printf("\n\t%s", perms[j].str); + printf("\n\t%s (0x%08x)", perms[j].str, perms[j].mask); } } type &= ~(1 << i); -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/libads/disp_sec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libads/disp_sec.c') diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c index 1e62eb8551..6f3f2cd015 100644 --- a/source3/libads/disp_sec.c +++ b/source3/libads/disp_sec.c @@ -5,7 +5,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, -- cgit From 5e54558c6dea67b56bbfaba5698f3a434d3dffb6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 00:52:41 +0000 Subject: r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07) --- source3/libads/disp_sec.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/libads/disp_sec.c') diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c index 6f3f2cd015..60749dbb21 100644 --- a/source3/libads/disp_sec.c +++ b/source3/libads/disp_sec.c @@ -14,8 +14,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" -- cgit From 6d0141c17e996cf1c0fb4aa69ab7a1c506657e0d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 10 Jul 2007 21:04:57 +0000 Subject: r23820: Display security_ace_object in LDAP security descriptors for debugging. Guenther (This used to be commit 3925e85812b2aded356866925382b1beb718cd44) --- source3/libads/disp_sec.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'source3/libads/disp_sec.c') diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c index 60749dbb21..1f5eb4166a 100644 --- a/source3/libads/disp_sec.c +++ b/source3/libads/disp_sec.c @@ -82,6 +82,20 @@ static void ads_disp_perms(uint32 type) puts(""); } +static void ads_disp_sec_ace_object(struct security_ace_object *object) +{ + if (object->flags & SEC_ACE_OBJECT_PRESENT) { + printf("Object type: SEC_ACE_OBJECT_PRESENT\n"); + printf("Object GUID: %s\n", smb_uuid_string_static( + object->type.type)); + } + if (object->flags & SEC_ACE_OBJECT_INHERITED_PRESENT) { + printf("Object type: SEC_ACE_OBJECT_INHERITED_PRESENT\n"); + printf("Object GUID: %s\n", smb_uuid_string_static( + object->inherited_type.inherited_type)); + } +} + /* display ACE */ static void ads_disp_ace(SEC_ACE *sec_ace) { @@ -119,6 +133,10 @@ static void ads_disp_ace(SEC_ACE *sec_ace) printf("access SID: %s\naccess type: %s\n", sid_string_static(&sec_ace->trustee), access_type); + if (sec_ace_object(sec_ace->type)) { + ads_disp_sec_ace_object(&sec_ace->object.object); + } + ads_disp_perms(sec_ace->access_mask); } -- cgit From 1c957f9559880712acd335c9df11191df0386df0 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 11 Jul 2007 09:39:08 +0000 Subject: r23826: Fix gpo security filtering by matching the security descriptor ace's for the extended apply group policy right. Guenther (This used to be commit d832014a6fef657f484412372b5d09047552b183) --- source3/libads/disp_sec.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/libads/disp_sec.c') diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c index 1f5eb4166a..516f204ed6 100644 --- a/source3/libads/disp_sec.c +++ b/source3/libads/disp_sec.c @@ -46,8 +46,6 @@ static struct perm_mask_str { {SEC_RIGHTS_CHANGE_PASSWD, "[Change Password]"}, {SEC_RIGHTS_RESET_PASSWD, "[Reset Password]"}, - {SEC_RIGHTS_APPLY_GROUP_POLICY, "[Apply Group Policy]"}, - {0, 0} }; -- cgit From 9d6f8ed5e7ece2a6bf7a9f51c7dc183932539ff5 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 11 Jul 2007 13:30:38 +0000 Subject: r23837: Pass ADS_STRUCT and TALLOC_CTX down to ads_disp_sd. Guenther (This used to be commit ad0a6d5703c35d48ab5bbfa8d6506d42e0cfb61d) --- source3/libads/disp_sec.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/libads/disp_sec.c') diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c index 516f204ed6..9ea332858f 100644 --- a/source3/libads/disp_sec.c +++ b/source3/libads/disp_sec.c @@ -80,7 +80,7 @@ static void ads_disp_perms(uint32 type) puts(""); } -static void ads_disp_sec_ace_object(struct security_ace_object *object) +static void ads_disp_sec_ace_object(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct security_ace_object *object) { if (object->flags & SEC_ACE_OBJECT_PRESENT) { printf("Object type: SEC_ACE_OBJECT_PRESENT\n"); @@ -95,7 +95,7 @@ static void ads_disp_sec_ace_object(struct security_ace_object *object) } /* display ACE */ -static void ads_disp_ace(SEC_ACE *sec_ace) +static void ads_disp_ace(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, SEC_ACE *sec_ace) { const char *access_type = "UNKNOWN"; @@ -132,7 +132,7 @@ static void ads_disp_ace(SEC_ACE *sec_ace) sid_string_static(&sec_ace->trustee), access_type); if (sec_ace_object(sec_ace->type)) { - ads_disp_sec_ace_object(&sec_ace->object.object); + ads_disp_sec_ace_object(ads, mem_ctx, &sec_ace->object.object); } ads_disp_perms(sec_ace->access_mask); @@ -153,7 +153,7 @@ static void ads_disp_acl(SEC_ACL *sec_acl, const char *type) } /* display SD */ -void ads_disp_sd(SEC_DESC *sd) +void ads_disp_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, SEC_DESC *sd) { int i; @@ -165,11 +165,11 @@ void ads_disp_sd(SEC_DESC *sd) ads_disp_acl(sd->sacl, "system"); for (i = 0; i < sd->sacl->num_aces; i ++) - ads_disp_ace(&sd->sacl->aces[i]); + ads_disp_ace(ads, mem_ctx, &sd->sacl->aces[i]); ads_disp_acl(sd->dacl, "user"); for (i = 0; i < sd->dacl->num_aces; i ++) - ads_disp_ace(&sd->dacl->aces[i]); + ads_disp_ace(ads, mem_ctx, &sd->dacl->aces[i]); printf("-------------- End Of Security Descriptor\n"); } -- cgit From 34d091f1c6867ac6bc6925fb99dd00724cf3c289 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 11 Jul 2007 13:41:04 +0000 Subject: r23839: Try to get the attribute name from schema GUIDs or the display name from extended rights GUID from ad while dumping the security descriptors's aces. This would perform much better with a guid cache, but for the rare cases where it is used net ads search cn=mymachine ntSecurityDescriptor -U user%pass it should be ok for now. Guenther (This used to be commit b36913433eb74203b29f2b7d412a86e60591ea22) --- source3/libads/disp_sec.c | 53 +++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 47 insertions(+), 6 deletions(-) (limited to 'source3/libads/disp_sec.c') diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c index 9ea332858f..4b9a9de23a 100644 --- a/source3/libads/disp_sec.c +++ b/source3/libads/disp_sec.c @@ -80,17 +80,45 @@ static void ads_disp_perms(uint32 type) puts(""); } -static void ads_disp_sec_ace_object(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct security_ace_object *object) +static const char *ads_interprete_guid_from_object(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + const struct GUID *guid) +{ + const char *ret = NULL; + + ret = ads_get_attrname_by_guid(ads, ads->config.schema_path, + mem_ctx, guid); + if (ret) { + return talloc_asprintf(mem_ctx, "LDAP attribute: \"%s\"", ret); + } + + ret = ads_get_extended_right_name_by_guid(ads, ads->config.config_path, + mem_ctx, guid); + + if (ret) { + return talloc_asprintf(mem_ctx, "Extended right: \"%s\"", ret); + } + + return ret; +} + +static void ads_disp_sec_ace_object(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + struct security_ace_object *object) { if (object->flags & SEC_ACE_OBJECT_PRESENT) { printf("Object type: SEC_ACE_OBJECT_PRESENT\n"); - printf("Object GUID: %s\n", smb_uuid_string_static( - object->type.type)); + printf("Object GUID: %s (%s)\n", smb_uuid_string_static( + object->type.type), + ads_interprete_guid_from_object(ads, mem_ctx, + &object->type.type)); } if (object->flags & SEC_ACE_OBJECT_INHERITED_PRESENT) { printf("Object type: SEC_ACE_OBJECT_INHERITED_PRESENT\n"); - printf("Object GUID: %s\n", smb_uuid_string_static( - object->inherited_type.inherited_type)); + printf("Object GUID: %s (%s)\n", smb_uuid_string_static( + object->inherited_type.inherited_type), + ads_interprete_guid_from_object(ads, mem_ctx, + &object->inherited_type.inherited_type)); } } @@ -156,7 +184,20 @@ static void ads_disp_acl(SEC_ACL *sec_acl, const char *type) void ads_disp_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, SEC_DESC *sd) { int i; - + char *tmp_path = NULL; + + if (!ads->config.schema_path) { + if (ADS_ERR_OK(ads_schema_path(ads, mem_ctx, &tmp_path))) { + ads->config.schema_path = SMB_STRDUP(tmp_path); + } + } + + if (!ads->config.config_path) { + if (ADS_ERR_OK(ads_config_path(ads, mem_ctx, &tmp_path))) { + ads->config.config_path = SMB_STRDUP(tmp_path); + } + } + printf("-------------- Security Descriptor (revision: %d, type: 0x%02x)\n", sd->revision, sd->type); -- cgit From 8d786a4e2bf23feaeb041f95bb346fbfd0434853 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 11 Jul 2007 15:46:01 +0000 Subject: r23842: Attempt to fix the build with LDAP. Guenther (This used to be commit efd817ae118da51058106ae97854572547e113d3) --- source3/libads/disp_sec.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/libads/disp_sec.c') diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c index 4b9a9de23a..135eeffac7 100644 --- a/source3/libads/disp_sec.c +++ b/source3/libads/disp_sec.c @@ -19,6 +19,8 @@ #include "includes.h" +#ifdef HAVE_LDAP + static struct perm_mask_str { uint32 mask; const char *str; @@ -215,4 +217,4 @@ void ads_disp_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, SEC_DESC *sd) printf("-------------- End Of Security Descriptor\n"); } - +#endif -- cgit From 28041b6064f3a61c15357eff2baabbe812dcf1f4 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 13 Jul 2007 23:26:55 +0000 Subject: r23869: Protect against partial security descriptors. Guenther (This used to be commit 0a96a11f01dd8c0d29fff1d97c3d666c32b33b59) --- source3/libads/disp_sec.c | 33 +++++++++++++++++++++++++-------- 1 file changed, 25 insertions(+), 8 deletions(-) (limited to 'source3/libads/disp_sec.c') diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c index 135eeffac7..e85809635f 100644 --- a/source3/libads/disp_sec.c +++ b/source3/libads/disp_sec.c @@ -88,6 +88,10 @@ static const char *ads_interprete_guid_from_object(ADS_STRUCT *ads, { const char *ret = NULL; + if (!ads || !mem_ctx) { + return NULL; + } + ret = ads_get_attrname_by_guid(ads, ads->config.schema_path, mem_ctx, guid); if (ret) { @@ -188,13 +192,17 @@ void ads_disp_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, SEC_DESC *sd) int i; char *tmp_path = NULL; - if (!ads->config.schema_path) { + if (!sd) { + return; + } + + if (ads && !ads->config.schema_path) { if (ADS_ERR_OK(ads_schema_path(ads, mem_ctx, &tmp_path))) { ads->config.schema_path = SMB_STRDUP(tmp_path); } } - if (!ads->config.config_path) { + if (ads && !ads->config.config_path) { if (ADS_ERR_OK(ads_config_path(ads, mem_ctx, &tmp_path))) { ads->config.config_path = SMB_STRDUP(tmp_path); } @@ -203,16 +211,25 @@ void ads_disp_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, SEC_DESC *sd) printf("-------------- Security Descriptor (revision: %d, type: 0x%02x)\n", sd->revision, sd->type); - printf("owner SID: %s\n", sid_string_static(sd->owner_sid)); - printf("group SID: %s\n", sid_string_static(sd->group_sid)); + + printf("owner SID: %s\n", sd->owner_sid ? + sid_string_static(sd->owner_sid) : "(null)"); + printf("group SID: %s\n", sd->group_sid ? + sid_string_static(sd->group_sid) : "(null)"); ads_disp_acl(sd->sacl, "system"); - for (i = 0; i < sd->sacl->num_aces; i ++) - ads_disp_ace(ads, mem_ctx, &sd->sacl->aces[i]); + if (sd->sacl) { + for (i = 0; i < sd->sacl->num_aces; i ++) { + ads_disp_ace(ads, mem_ctx, &sd->sacl->aces[i]); + } + } ads_disp_acl(sd->dacl, "user"); - for (i = 0; i < sd->dacl->num_aces; i ++) - ads_disp_ace(ads, mem_ctx, &sd->dacl->aces[i]); + if (sd->dacl) { + for (i = 0; i < sd->dacl->num_aces; i ++) { + ads_disp_ace(ads, mem_ctx, &sd->dacl->aces[i]); + } + } printf("-------------- End Of Security Descriptor\n"); } -- cgit From 1011b32678c7b32472a909b9f515698947d2a389 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 25 Nov 2007 10:10:52 +0100 Subject: Remove some statics (This used to be commit 1fab16ffb888cd4ec18e52d9da33976a67a5d104) --- source3/libads/disp_sec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libads/disp_sec.c') diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c index e85809635f..e211ef69e4 100644 --- a/source3/libads/disp_sec.c +++ b/source3/libads/disp_sec.c @@ -114,14 +114,14 @@ static void ads_disp_sec_ace_object(ADS_STRUCT *ads, { if (object->flags & SEC_ACE_OBJECT_PRESENT) { printf("Object type: SEC_ACE_OBJECT_PRESENT\n"); - printf("Object GUID: %s (%s)\n", smb_uuid_string_static( + printf("Object GUID: %s (%s)\n", smb_uuid_string(mem_ctx, object->type.type), ads_interprete_guid_from_object(ads, mem_ctx, &object->type.type)); } if (object->flags & SEC_ACE_OBJECT_INHERITED_PRESENT) { printf("Object type: SEC_ACE_OBJECT_INHERITED_PRESENT\n"); - printf("Object GUID: %s (%s)\n", smb_uuid_string_static( + printf("Object GUID: %s (%s)\n", smb_uuid_string(mem_ctx, object->inherited_type.inherited_type), ads_interprete_guid_from_object(ads, mem_ctx, &object->inherited_type.inherited_type)); -- cgit From 54ae9dfcbce727ae3107f21eee68762502acda60 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 15 Dec 2007 21:49:15 +0100 Subject: Use sid_string_talloc where we have a tmp talloc ctx (This used to be commit 0a911d38b8f4be382a9df60f9c6de0c500464b3a) --- source3/libads/disp_sec.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/libads/disp_sec.c') diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c index e211ef69e4..f4c68638df 100644 --- a/source3/libads/disp_sec.c +++ b/source3/libads/disp_sec.c @@ -163,7 +163,7 @@ static void ads_disp_ace(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, SEC_ACE *sec_ace) } printf("access SID: %s\naccess type: %s\n", - sid_string_static(&sec_ace->trustee), access_type); + sid_string_talloc(mem_ctx, &sec_ace->trustee), access_type); if (sec_ace_object(sec_ace->type)) { ads_disp_sec_ace_object(ads, mem_ctx, &sec_ace->object.object); @@ -213,9 +213,9 @@ void ads_disp_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, SEC_DESC *sd) sd->type); printf("owner SID: %s\n", sd->owner_sid ? - sid_string_static(sd->owner_sid) : "(null)"); + sid_string_talloc(mem_ctx, sd->owner_sid) : "(null)"); printf("group SID: %s\n", sd->group_sid ? - sid_string_static(sd->group_sid) : "(null)"); + sid_string_talloc(mem_ctx, sd->group_sid) : "(null)"); ads_disp_acl(sd->sacl, "system"); if (sd->sacl) { -- cgit