From 1975b3e4a2318ca79aacae0f03dcbc68bdaeee45 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Sun, 10 Mar 2002 06:56:59 +0000
Subject: forgotten file, oops (This used to be commit
 98196e79b733e029341578b382bdfabf3f9a0bdc)

---
 source3/libads/disp_sec.c | 175 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 175 insertions(+)
 create mode 100644 source3/libads/disp_sec.c

(limited to 'source3')

diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c
new file mode 100644
index 0000000000..c6fe0862c9
--- /dev/null
+++ b/source3/libads/disp_sec.c
@@ -0,0 +1,175 @@
+/* 
+   Unix SMB/Netbios implementation.
+   Version 3.0.
+   Samba utility functions. ADS stuff
+   Copyright (C) Alexey Kotovich 2002
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful, 
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#ifdef HAVE_ADS
+
+static struct perm_mask_str {
+	uint32  mask;
+	char   *str;
+} perms[] = {
+	{SEC_RIGHTS_FULL_CTRL,		"[Full Control]"},
+
+	{SEC_RIGHTS_LIST_CONTENTS,	"[List Contents]"},
+	{SEC_RIGHTS_LIST_OBJECT,	"[List Object]"},
+
+	{SEC_RIGHTS_READ_ALL_PROP,	"[Read All Properties]"},	
+	{SEC_RIGHTS_READ_PERMS,		"[Read Permissions]"},	
+
+	{SEC_RIGHTS_WRITE_ALL_VALID,	"[All validate writes]"},
+	{SEC_RIGHTS_WRITE_ALL_PROP,  	"[Write All Properties]"},
+
+	{SEC_RIGHTS_MODIFY_PERMS,	"[Modify Permissions]"},
+	{SEC_RIGHTS_MODIFY_OWNER,	"[Modify Owner]"},
+
+	{SEC_RIGHTS_CREATE_CHILD,	"[Create All Child Objects]"},
+
+	{SEC_RIGHTS_DELETE,		"[Delete]"},
+	{SEC_RIGHTS_DELETE_SUBTREE,	"[Delete Subtree]"},
+	{SEC_RIGHTS_DELETE_CHILD,	"[Delete All Child Objects]"},
+
+	{SEC_RIGHTS_CHANGE_PASSWD,	"[Change Password]"},	
+	{SEC_RIGHTS_RESET_PASSWD,	"[Reset Password]"},
+	{0,				0}
+};
+
+/* convert a security permissions into a string */
+void ads_disp_perms(uint32 type)
+{
+	int i = 0;
+	int j = 0;
+
+	printf("Permissions: ");
+	
+	if (type == SEC_RIGHTS_FULL_CTRL) {
+		printf("%s\n", perms[j].str);
+		return;
+	}
+
+	for (i = 0; i < 32; i++) {
+		if (type & (1 << i)) {
+			for (j = 1; perms[j].str; j ++) {
+				if (perms[j].mask == (((unsigned) 1) << i)) {
+					printf("\n\t%s", perms[j].str);
+				}	
+			}
+			type &= ~(1 << i);
+		}
+	}
+
+	/* remaining bits get added on as-is */
+	if (type != 0) {
+		printf("[%08x]", type);
+	}
+	puts("");
+}
+
+/* Check if ACE has OBJECT type */
+BOOL ads_ace_object(uint8 type)
+{
+	if (type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
+            type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT ||
+            type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT ||
+            type == SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT) {
+		return True;
+	}
+	return False;
+}
+
+/* display ACE */
+void ads_disp_ace(SEC_ACE *sec_ace)
+{
+	char *access_type = "UNKNOWN";
+
+	if (!sec_ace_object(sec_ace->type)) {
+		printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x)\n", 
+		  sec_ace->type,
+		  sec_ace->flags,
+		  sec_ace->size,
+		  sec_ace->info.mask);			
+	} else {
+		printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x, object flags: 0x%x)\n", 
+		  sec_ace->type,
+		  sec_ace->flags,
+		  sec_ace->size,
+		  sec_ace->info.mask,
+		  sec_ace->obj_flags);
+	}
+	
+	if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) {
+		access_type = "ALLOWED";
+	} else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED) {
+		access_type = "DENIED";
+	} else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT) {
+		access_type = "SYSTEM AUDIT";
+	} else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) {
+		access_type = "ALLOWED OBJECT";
+	} else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT) {
+		access_type = "DEINED OBJECT";
+	} else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT) {
+		access_type = "AUDIT OBJECT";
+	}
+
+	printf("access SID:  %s\naccess type: %s\n", 
+               sid_string_static(&sec_ace->trustee), access_type);
+
+	ads_disp_perms(sec_ace->info.mask);
+}
+
+/* display ACL */
+void ads_disp_acl(SEC_ACL *sec_acl, char *type)
+{
+        if (!sec_acl)
+		printf("------- (%s) ACL not present\n", type);
+	else {
+		printf("------- (%s) ACL (revision: %d, size: %d, number of ACEs: %d)\n", 
+    	    	       type,
+        	       sec_acl->revision,
+	               sec_acl->size,
+    		       sec_acl->num_aces);			
+	}
+}
+
+/* display SD */
+void ads_disp_sd(SEC_DESC *sd)
+{
+	int i;
+	
+	printf("-------------- Security Descriptor (revision: %d, type: 0x%02x)\n", 
+               sd->revision,
+               sd->type);
+	printf("owner SID: %s\n", sid_string_static(sd->owner_sid));
+	printf("group SID: %s\n", sid_string_static(sd->grp_sid));
+
+	ads_disp_acl(sd->sacl, "system");
+	for (i = 0; i < sd->sacl->num_aces; i ++)
+		ads_disp_ace(&sd->sacl->ace[i]);
+	
+	ads_disp_acl(sd->dacl, "user");
+	for (i = 0; i < sd->dacl->num_aces; i ++)
+		ads_disp_ace(&sd->dacl->ace[i]);
+
+	printf("-------------- End Of Security Descriptor\n");
+}
+
+#endif
+
-- 
cgit