2 Unix SMB/CIFS implementation.
3 Samba utility functions
4 Copyright (C) Andrew Tridgell 1992-1999
5 Copyright (C) Luke Kenneth Casson Leighton 1996 - 1999
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "libcli/security/security.h"
23 #include "librpc/ndr/libndr.h"
25 /****************************************************************************
26 convert a security permissions into a string
27 ****************************************************************************/
29 char *get_sec_mask_str(TALLOC_CTX *ctx, uint32_t type)
31 char *typestr = talloc_strdup(ctx, "");
37 if (type & SEC_GENERIC_ALL) {
38 typestr = talloc_asprintf_append(typestr,
39 "Generic all access ");
44 if (type & SEC_GENERIC_EXECUTE) {
45 typestr = talloc_asprintf_append(typestr,
46 "Generic execute access");
51 if (type & SEC_GENERIC_WRITE) {
52 typestr = talloc_asprintf_append(typestr,
53 "Generic write access ");
58 if (type & SEC_GENERIC_READ) {
59 typestr = talloc_asprintf_append(typestr,
60 "Generic read access ");
65 if (type & SEC_FLAG_MAXIMUM_ALLOWED) {
66 typestr = talloc_asprintf_append(typestr,
67 "MAXIMUM_ALLOWED_ACCESS ");
72 if (type & SEC_FLAG_SYSTEM_SECURITY) {
73 typestr = talloc_asprintf_append(typestr,
74 "SYSTEM_SECURITY_ACCESS ");
79 if (type & SEC_STD_SYNCHRONIZE) {
80 typestr = talloc_asprintf_append(typestr,
81 "SYNCHRONIZE_ACCESS ");
86 if (type & SEC_STD_WRITE_OWNER) {
87 typestr = talloc_asprintf_append(typestr,
88 "WRITE_OWNER_ACCESS ");
93 if (type & SEC_STD_WRITE_DAC) {
94 typestr = talloc_asprintf_append(typestr,
100 if (type & SEC_STD_READ_CONTROL) {
101 typestr = talloc_asprintf_append(typestr,
102 "READ_CONTROL_ACCESS ");
107 if (type & SEC_STD_DELETE) {
108 typestr = talloc_asprintf_append(typestr,
115 printf("\t\tSpecific bits: 0x%lx\n", (unsigned long)type&SEC_MASK_SPECIFIC);
120 /****************************************************************************
121 display sec_access structure
122 ****************************************************************************/
123 void display_sec_access(uint32_t *info)
125 char *mask_str = get_sec_mask_str(NULL, *info);
126 printf("\t\tPermissions: 0x%x: %s\n", *info, mask_str ? mask_str : "");
127 talloc_free(mask_str);
130 /****************************************************************************
131 display sec_ace flags
132 ****************************************************************************/
133 void display_sec_ace_flags(uint8_t flags)
135 if (flags & SEC_ACE_FLAG_OBJECT_INHERIT)
136 printf("SEC_ACE_FLAG_OBJECT_INHERIT ");
137 if (flags & SEC_ACE_FLAG_CONTAINER_INHERIT)
138 printf(" SEC_ACE_FLAG_CONTAINER_INHERIT ");
139 if (flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)
140 printf("SEC_ACE_FLAG_NO_PROPAGATE_INHERIT ");
141 if (flags & SEC_ACE_FLAG_INHERIT_ONLY)
142 printf("SEC_ACE_FLAG_INHERIT_ONLY ");
143 if (flags & SEC_ACE_FLAG_INHERITED_ACE)
144 printf("SEC_ACE_FLAG_INHERITED_ACE ");
145 /* if (flags & SEC_ACE_FLAG_VALID_INHERIT)
146 printf("SEC_ACE_FLAG_VALID_INHERIT "); */
147 if (flags & SEC_ACE_FLAG_SUCCESSFUL_ACCESS)
148 printf("SEC_ACE_FLAG_SUCCESSFUL_ACCESS ");
149 if (flags & SEC_ACE_FLAG_FAILED_ACCESS)
150 printf("SEC_ACE_FLAG_FAILED_ACCESS ");
155 /****************************************************************************
156 display sec_ace object
157 ****************************************************************************/
158 static void disp_sec_ace_object(struct security_ace_object *object)
161 if (object->flags & SEC_ACE_OBJECT_TYPE_PRESENT) {
162 str = GUID_string(NULL, &object->type.type);
163 if (str == NULL) return;
164 printf("Object type: SEC_ACE_OBJECT_TYPE_PRESENT\n");
165 printf("Object GUID: %s\n", str);
168 if (object->flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT) {
169 str = GUID_string(NULL, &object->inherited_type.inherited_type);
170 if (str == NULL) return;
171 printf("Object type: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT\n");
172 printf("Object GUID: %s\n", str);
177 /****************************************************************************
178 display sec_ace structure
179 ****************************************************************************/
180 void display_sec_ace(struct security_ace *ace)
184 printf("\tACE\n\t\ttype: ");
186 case SEC_ACE_TYPE_ACCESS_ALLOWED:
187 printf("ACCESS ALLOWED");
189 case SEC_ACE_TYPE_ACCESS_DENIED:
190 printf("ACCESS DENIED");
192 case SEC_ACE_TYPE_SYSTEM_AUDIT:
193 printf("SYSTEM AUDIT");
195 case SEC_ACE_TYPE_SYSTEM_ALARM:
196 printf("SYSTEM ALARM");
198 case SEC_ACE_TYPE_ALLOWED_COMPOUND:
199 printf("SEC_ACE_TYPE_ALLOWED_COMPOUND");
201 case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
202 printf("SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT");
204 case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
205 printf("SEC_ACE_TYPE_ACCESS_DENIED_OBJECT");
207 case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
208 printf("SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT");
210 case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
211 printf("SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT");
218 printf(" (%d) flags: 0x%02x ", ace->type, ace->flags);
219 display_sec_ace_flags(ace->flags);
220 display_sec_access(&ace->access_mask);
221 sid_str = dom_sid_string(NULL, &ace->trustee);
222 printf("\t\tSID: %s\n\n", sid_str);
223 talloc_free(sid_str);
225 if (sec_ace_object(ace->type)) {
226 disp_sec_ace_object(&ace->object.object);
231 /****************************************************************************
232 display sec_acl structure
233 ****************************************************************************/
234 void display_sec_acl(struct security_acl *sec_acl)
238 printf("\tACL\tNum ACEs:\t%d\trevision:\t%x\n",
239 sec_acl->num_aces, sec_acl->revision);
242 if (sec_acl->size != 0 && sec_acl->num_aces != 0) {
243 for (i = 0; i < sec_acl->num_aces; i++) {
244 display_sec_ace(&sec_acl->aces[i]);
249 void display_acl_type(uint16_t type)
251 printf("type: 0x%04x: ", type);
253 if (type & SEC_DESC_OWNER_DEFAULTED) /* 0x0001 */
254 printf("SEC_DESC_OWNER_DEFAULTED ");
255 if (type & SEC_DESC_GROUP_DEFAULTED) /* 0x0002 */
256 printf("SEC_DESC_GROUP_DEFAULTED ");
257 if (type & SEC_DESC_DACL_PRESENT) /* 0x0004 */
258 printf("SEC_DESC_DACL_PRESENT ");
259 if (type & SEC_DESC_DACL_DEFAULTED) /* 0x0008 */
260 printf("SEC_DESC_DACL_DEFAULTED ");
261 if (type & SEC_DESC_SACL_PRESENT) /* 0x0010 */
262 printf("SEC_DESC_SACL_PRESENT ");
263 if (type & SEC_DESC_SACL_DEFAULTED) /* 0x0020 */
264 printf("SEC_DESC_SACL_DEFAULTED ");
265 if (type & SEC_DESC_DACL_TRUSTED) /* 0x0040 */
266 printf("SEC_DESC_DACL_TRUSTED ");
267 if (type & SEC_DESC_SERVER_SECURITY) /* 0x0080 */
268 printf("SEC_DESC_SERVER_SECURITY ");
269 if (type & SEC_DESC_DACL_AUTO_INHERIT_REQ) /* 0x0100 */
270 printf("SEC_DESC_DACL_AUTO_INHERIT_REQ ");
271 if (type & SEC_DESC_SACL_AUTO_INHERIT_REQ) /* 0x0200 */
272 printf("SEC_DESC_SACL_AUTO_INHERIT_REQ ");
273 if (type & SEC_DESC_DACL_AUTO_INHERITED) /* 0x0400 */
274 printf("SEC_DESC_DACL_AUTO_INHERITED ");
275 if (type & SEC_DESC_SACL_AUTO_INHERITED) /* 0x0800 */
276 printf("SEC_DESC_SACL_AUTO_INHERITED ");
277 if (type & SEC_DESC_DACL_PROTECTED) /* 0x1000 */
278 printf("SEC_DESC_DACL_PROTECTED ");
279 if (type & SEC_DESC_SACL_PROTECTED) /* 0x2000 */
280 printf("SEC_DESC_SACL_PROTECTED ");
281 if (type & SEC_DESC_RM_CONTROL_VALID) /* 0x4000 */
282 printf("SEC_DESC_RM_CONTROL_VALID ");
283 if (type & SEC_DESC_SELF_RELATIVE) /* 0x8000 */
284 printf("SEC_DESC_SELF_RELATIVE ");
289 /****************************************************************************
290 display sec_desc structure
291 ****************************************************************************/
292 void display_sec_desc(struct security_descriptor *sec)
301 printf("revision: %d\n", sec->revision);
302 display_acl_type(sec->type);
306 display_sec_acl(sec->sacl);
311 display_sec_acl(sec->dacl);
314 if (sec->owner_sid) {
315 sid_str = dom_sid_string(NULL, sec->owner_sid);
316 printf("\tOwner SID:\t%s\n", sid_str);
317 talloc_free(sid_str);
320 if (sec->group_sid) {
321 sid_str = dom_sid_string(NULL, sec->group_sid);
322 printf("\tGroup SID:\t%s\n", sid_str);
323 talloc_free(sid_str);