2 Unix SMB/CIFS implementation.
3 Samba utility functions. ADS stuff
4 Copyright (C) Alexey Kotovich 2002
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 static struct perm_mask_str {
29 {SEC_RIGHTS_FULL_CTRL, "[Full Control]"},
31 {SEC_RIGHTS_LIST_CONTENTS, "[List Contents]"},
32 {SEC_RIGHTS_LIST_OBJECT, "[List Object]"},
34 {SEC_RIGHTS_READ_ALL_PROP, "[Read All Properties]"},
35 {SEC_RIGHTS_READ_PERMS, "[Read Permissions]"},
37 {SEC_RIGHTS_WRITE_ALL_VALID, "[All validate writes]"},
38 {SEC_RIGHTS_WRITE_ALL_PROP, "[Write All Properties]"},
40 {SEC_RIGHTS_MODIFY_PERMS, "[Modify Permissions]"},
41 {SEC_RIGHTS_MODIFY_OWNER, "[Modify Owner]"},
43 {SEC_RIGHTS_CREATE_CHILD, "[Create All Child Objects]"},
45 {SEC_RIGHTS_DELETE, "[Delete]"},
46 {SEC_RIGHTS_DELETE_SUBTREE, "[Delete Subtree]"},
47 {SEC_RIGHTS_DELETE_CHILD, "[Delete All Child Objects]"},
49 {SEC_RIGHTS_CHANGE_PASSWD, "[Change Password]"},
50 {SEC_RIGHTS_RESET_PASSWD, "[Reset Password]"},
54 /* convert a security permissions into a string */
55 void ads_disp_perms(uint32 type)
60 printf("Permissions: ");
62 if (type == SEC_RIGHTS_FULL_CTRL) {
63 printf("%s\n", perms[j].str);
67 for (i = 0; i < 32; i++) {
68 if (type & (1 << i)) {
69 for (j = 1; perms[j].str; j ++) {
70 if (perms[j].mask == (((unsigned) 1) << i)) {
71 printf("\n\t%s", perms[j].str);
78 /* remaining bits get added on as-is */
80 printf("[%08x]", type);
85 /* Check if ACE has OBJECT type */
86 BOOL ads_ace_object(uint8 type)
88 if (type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
89 type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT ||
90 type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT ||
91 type == SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT) {
98 void ads_disp_ace(SEC_ACE *sec_ace)
100 char *access_type = "UNKNOWN";
102 if (!sec_ace_object(sec_ace->type)) {
103 printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x)\n",
109 printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x, object flags: 0x%x)\n",
117 if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) {
118 access_type = "ALLOWED";
119 } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED) {
120 access_type = "DENIED";
121 } else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT) {
122 access_type = "SYSTEM AUDIT";
123 } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) {
124 access_type = "ALLOWED OBJECT";
125 } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT) {
126 access_type = "DEINED OBJECT";
127 } else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT) {
128 access_type = "AUDIT OBJECT";
131 printf("access SID: %s\naccess type: %s\n",
132 sid_string_static(&sec_ace->trustee), access_type);
134 ads_disp_perms(sec_ace->info.mask);
138 void ads_disp_acl(SEC_ACL *sec_acl, char *type)
141 printf("------- (%s) ACL not present\n", type);
143 printf("------- (%s) ACL (revision: %d, size: %d, number of ACEs: %d)\n",
152 void ads_disp_sd(SEC_DESC *sd)
156 printf("-------------- Security Descriptor (revision: %d, type: 0x%02x)\n",
159 printf("owner SID: %s\n", sid_string_static(sd->owner_sid));
160 printf("group SID: %s\n", sid_string_static(sd->grp_sid));
162 ads_disp_acl(sd->sacl, "system");
163 for (i = 0; i < sd->sacl->num_aces; i ++)
164 ads_disp_ace(&sd->sacl->ace[i]);
166 ads_disp_acl(sd->dacl, "user");
167 for (i = 0; i < sd->dacl->num_aces; i ++)
168 ads_disp_ace(&sd->dacl->ace[i]);
170 printf("-------------- End Of Security Descriptor\n");