Merge branch 'master' of ssh://git.samba.org/data/git/samba into displaysec
[samba.git] / source3 / lib / display_sec.c
1 /* 
2    Unix SMB/CIFS implementation.
3    Samba utility functions
4    Copyright (C) Andrew Tridgell 1992-1999
5    Copyright (C) Luke Kenneth Casson Leighton 1996 - 1999
6    
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License as published by
9    the Free Software Foundation; either version 3 of the License, or
10    (at your option) any later version.
11    
12    This program is distributed in the hope that it will be useful, 
13    but WITHOUT ANY WARRANTY; without even the implied warranty of
14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15    GNU General Public License for more details.
16    
17    You should have received a copy of the GNU General Public License
18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22
23 /****************************************************************************
24 convert a security permissions into a string
25 ****************************************************************************/
26
27 char *get_sec_mask_str(TALLOC_CTX *ctx, uint32_t type)
28 {
29         char *typestr = talloc_strdup(ctx, "");
30
31         if (!typestr) {
32                 return NULL;
33         }
34
35         if (type & GENERIC_ALL_ACCESS) {
36                 typestr = talloc_asprintf_append(typestr,
37                                 "Generic all access ");
38                 if (!typestr) {
39                         return NULL;
40                 }
41         }
42         if (type & GENERIC_EXECUTE_ACCESS) {
43                 typestr = talloc_asprintf_append(typestr,
44                                 "Generic execute access");
45                 if (!typestr) {
46                         return NULL;
47                 }
48         }
49         if (type & GENERIC_WRITE_ACCESS) {
50                 typestr = talloc_asprintf_append(typestr,
51                                 "Generic write access ");
52                 if (!typestr) {
53                         return NULL;
54                 }
55         }
56         if (type & GENERIC_READ_ACCESS) {
57                 typestr = talloc_asprintf_append(typestr,
58                                 "Generic read access ");
59                 if (!typestr) {
60                         return NULL;
61                 }
62         }
63         if (type & MAXIMUM_ALLOWED_ACCESS) {
64                 typestr = talloc_asprintf_append(typestr,
65                                 "MAXIMUM_ALLOWED_ACCESS ");
66                 if (!typestr) {
67                         return NULL;
68                 }
69         }
70         if (type & SYSTEM_SECURITY_ACCESS) {
71                 typestr = talloc_asprintf_append(typestr,
72                                 "SYSTEM_SECURITY_ACCESS ");
73                 if (!typestr) {
74                         return NULL;
75                 }
76         }
77         if (type & SYNCHRONIZE_ACCESS) {
78                 typestr = talloc_asprintf_append(typestr,
79                                 "SYNCHRONIZE_ACCESS ");
80                 if (!typestr) {
81                         return NULL;
82                 }
83         }
84         if (type & WRITE_OWNER_ACCESS) {
85                 typestr = talloc_asprintf_append(typestr,
86                                 "WRITE_OWNER_ACCESS ");
87                 if (!typestr) {
88                         return NULL;
89                 }
90         }
91         if (type & WRITE_DAC_ACCESS) {
92                 typestr = talloc_asprintf_append(typestr,
93                                 "WRITE_DAC_ACCESS ");
94                 if (!typestr) {
95                         return NULL;
96                 }
97         }
98         if (type & READ_CONTROL_ACCESS) {
99                 typestr = talloc_asprintf_append(typestr,
100                                 "READ_CONTROL_ACCESS ");
101                 if (!typestr) {
102                         return NULL;
103                 }
104         }
105         if (type & DELETE_ACCESS) {
106                 typestr = talloc_asprintf_append(typestr,
107                                 "DELETE_ACCESS ");
108                 if (!typestr) {
109                         return NULL;
110                 }
111         }
112
113         printf("\t\tSpecific bits: 0x%lx\n", (unsigned long)type&SPECIFIC_RIGHTS_MASK);
114
115         return typestr;
116 }
117
118 /****************************************************************************
119  display sec_access structure
120  ****************************************************************************/
121 void display_sec_access(uint32_t *info)
122 {
123         char *mask_str = get_sec_mask_str(NULL, *info);
124         printf("\t\tPermissions: 0x%x: %s\n", *info, mask_str ? mask_str : "");
125         talloc_free(mask_str);
126 }
127
128 /****************************************************************************
129  display sec_ace flags
130  ****************************************************************************/
131 void display_sec_ace_flags(uint8_t flags)
132 {
133         if (flags & SEC_ACE_FLAG_OBJECT_INHERIT)
134                 printf("SEC_ACE_FLAG_OBJECT_INHERIT ");
135         if (flags & SEC_ACE_FLAG_CONTAINER_INHERIT)
136                 printf(" SEC_ACE_FLAG_CONTAINER_INHERIT ");
137         if (flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)
138                 printf("SEC_ACE_FLAG_NO_PROPAGATE_INHERIT ");
139         if (flags & SEC_ACE_FLAG_INHERIT_ONLY)
140                 printf("SEC_ACE_FLAG_INHERIT_ONLY ");
141         if (flags & SEC_ACE_FLAG_INHERITED_ACE)
142                 printf("SEC_ACE_FLAG_INHERITED_ACE ");
143 /*      if (flags & SEC_ACE_FLAG_VALID_INHERIT)
144                 printf("SEC_ACE_FLAG_VALID_INHERIT "); */
145         if (flags & SEC_ACE_FLAG_SUCCESSFUL_ACCESS)
146                 printf("SEC_ACE_FLAG_SUCCESSFUL_ACCESS ");
147         if (flags & SEC_ACE_FLAG_FAILED_ACCESS)
148                 printf("SEC_ACE_FLAG_FAILED_ACCESS ");
149
150         printf("\n");
151 }
152
153 /****************************************************************************
154  display sec_ace object
155  ****************************************************************************/
156 static void disp_sec_ace_object(struct security_ace_object *object)
157 {
158         if (object->flags & SEC_ACE_OBJECT_TYPE_PRESENT) {
159                 printf("Object type: SEC_ACE_OBJECT_TYPE_PRESENT\n");
160                 printf("Object GUID: %s\n", GUID_string(talloc_tos(),
161                         &object->type.type));
162         }
163         if (object->flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT) {
164                 printf("Object type: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT\n");
165                 printf("Object GUID: %s\n", GUID_string(talloc_tos(), 
166                         &object->inherited_type.inherited_type));
167         }
168 }
169
170 /****************************************************************************
171  display sec_ace structure
172  ****************************************************************************/
173 void display_sec_ace(SEC_ACE *ace)
174 {
175         fstring sid_str;
176
177         printf("\tACE\n\t\ttype: ");
178         switch (ace->type) {
179                 case SEC_ACE_TYPE_ACCESS_ALLOWED:
180                         printf("ACCESS ALLOWED");
181                         break;
182                 case SEC_ACE_TYPE_ACCESS_DENIED:
183                         printf("ACCESS DENIED");
184                         break;
185                 case SEC_ACE_TYPE_SYSTEM_AUDIT:
186                         printf("SYSTEM AUDIT");
187                         break;
188                 case SEC_ACE_TYPE_SYSTEM_ALARM:
189                         printf("SYSTEM ALARM");
190                         break;
191                 case SEC_ACE_TYPE_ALLOWED_COMPOUND:
192                         printf("SEC_ACE_TYPE_ALLOWED_COMPOUND");
193                         break;
194                 case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
195                         printf("SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT");
196                         break;
197                 case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
198                         printf("SEC_ACE_TYPE_ACCESS_DENIED_OBJECT");
199                         break;
200                 case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
201                         printf("SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT");
202                         break;
203                 case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
204                         printf("SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT");
205                         break;
206                 default:
207                         printf("????");
208                         break;
209         }
210
211         printf(" (%d) flags: 0x%02x ", ace->type, ace->flags);
212         display_sec_ace_flags(ace->flags);
213         display_sec_access(&ace->access_mask);
214         sid_to_fstring(sid_str, &ace->trustee);
215         printf("\t\tSID: %s\n\n", sid_str);
216
217         if (sec_ace_object(ace->type)) {
218                 disp_sec_ace_object(&ace->object.object);
219         }
220
221 }
222
223 /****************************************************************************
224  display sec_acl structure
225  ****************************************************************************/
226 void display_sec_acl(SEC_ACL *sec_acl)
227 {
228         int i;
229
230         printf("\tACL\tNum ACEs:\t%d\trevision:\t%x\n",
231                          sec_acl->num_aces, sec_acl->revision); 
232         printf("\t---\n");
233
234         if (sec_acl->size != 0 && sec_acl->num_aces != 0) {
235                 for (i = 0; i < sec_acl->num_aces; i++) {
236                         display_sec_ace(&sec_acl->aces[i]);
237                 }
238         }
239 }
240
241 void display_acl_type(uint16_t type)
242 {
243         fstring typestr="";
244
245         typestr[0] = 0;
246
247         if (type & SEC_DESC_OWNER_DEFAULTED)    /* 0x0001 */
248                 fstrcat(typestr, "SEC_DESC_OWNER_DEFAULTED ");
249         if (type & SEC_DESC_GROUP_DEFAULTED)    /* 0x0002 */
250                 fstrcat(typestr, "SEC_DESC_GROUP_DEFAULTED ");
251         if (type & SEC_DESC_DACL_PRESENT)       /* 0x0004 */
252                 fstrcat(typestr, "SEC_DESC_DACL_PRESENT ");
253         if (type & SEC_DESC_DACL_DEFAULTED)     /* 0x0008 */
254                 fstrcat(typestr, "SEC_DESC_DACL_DEFAULTED ");
255         if (type & SEC_DESC_SACL_PRESENT)       /* 0x0010 */
256                 fstrcat(typestr, "SEC_DESC_SACL_PRESENT ");
257         if (type & SEC_DESC_SACL_DEFAULTED)     /* 0x0020 */
258                 fstrcat(typestr, "SEC_DESC_SACL_DEFAULTED ");
259         if (type & SEC_DESC_DACL_TRUSTED)       /* 0x0040 */
260                 fstrcat(typestr, "SEC_DESC_DACL_TRUSTED ");
261         if (type & SEC_DESC_SERVER_SECURITY)    /* 0x0080 */
262                 fstrcat(typestr, "SEC_DESC_SERVER_SECURITY ");
263         if (type & SEC_DESC_DACL_AUTO_INHERIT_REQ) /* 0x0100 */
264                 fstrcat(typestr, "SEC_DESC_DACL_AUTO_INHERIT_REQ ");
265         if (type & SEC_DESC_SACL_AUTO_INHERIT_REQ) /* 0x0200 */
266                 fstrcat(typestr, "SEC_DESC_SACL_AUTO_INHERIT_REQ ");
267         if (type & SEC_DESC_DACL_AUTO_INHERITED) /* 0x0400 */
268                 fstrcat(typestr, "SEC_DESC_DACL_AUTO_INHERITED ");
269         if (type & SEC_DESC_SACL_AUTO_INHERITED) /* 0x0800 */
270                 fstrcat(typestr, "SEC_DESC_SACL_AUTO_INHERITED ");
271         if (type & SEC_DESC_DACL_PROTECTED)     /* 0x1000 */
272                 fstrcat(typestr, "SEC_DESC_DACL_PROTECTED ");
273         if (type & SEC_DESC_SACL_PROTECTED)     /* 0x2000 */
274                 fstrcat(typestr, "SEC_DESC_SACL_PROTECTED ");
275         if (type & SEC_DESC_RM_CONTROL_VALID)   /* 0x4000 */
276                 fstrcat(typestr, "SEC_DESC_RM_CONTROL_VALID ");
277         if (type & SEC_DESC_SELF_RELATIVE)      /* 0x8000 */
278                 fstrcat(typestr, "SEC_DESC_SELF_RELATIVE ");
279         
280         printf("type: 0x%04x: %s\n", type, typestr);
281 }
282
283 /****************************************************************************
284  display sec_desc structure
285  ****************************************************************************/
286 void display_sec_desc(SEC_DESC *sec)
287 {
288         fstring sid_str;
289
290         if (!sec) {
291                 printf("NULL\n");
292                 return;
293         }
294
295         printf("revision: %d\n", sec->revision);
296         display_acl_type(sec->type);
297
298         if (sec->sacl) {
299                 printf("SACL\n");
300                 display_sec_acl(sec->sacl);
301         }
302
303         if (sec->dacl) {
304                 printf("DACL\n");
305                 display_sec_acl(sec->dacl);
306         }
307
308         if (sec->owner_sid) {
309                 sid_to_fstring(sid_str, sec->owner_sid);
310                 printf("\tOwner SID:\t%s\n", sid_str);
311         }
312
313         if (sec->group_sid) {
314                 sid_to_fstring(sid_str, sec->group_sid);
315                 printf("\tGroup SID:\t%s\n", sid_str);
316         }
317 }