import HEAD into svn+ssh://svn.samba.org/home/svn/samba/trunk
[metze/old/v3-2-winbind-ndr.git] / source / libads / disp_sec.c
1 /* 
2    Unix SMB/CIFS implementation.
3    Samba utility functions. ADS stuff
4    Copyright (C) Alexey Kotovich 2002
5    
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License as published by
8    the Free Software Foundation; either version 2 of the License, or
9    (at your option) any later version.
10    
11    This program is distributed in the hope that it will be useful, 
12    but WITHOUT ANY WARRANTY; without even the implied warranty of
13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14    GNU General Public License for more details.
15    
16    You should have received a copy of the GNU General Public License
17    along with this program; if not, write to the Free Software
18    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19 */
20
21 #include "includes.h"
22
23 static struct perm_mask_str {
24         uint32  mask;
25         const char   *str;
26 } perms[] = {
27         {SEC_RIGHTS_FULL_CTRL,          "[Full Control]"},
28
29         {SEC_RIGHTS_LIST_CONTENTS,      "[List Contents]"},
30         {SEC_RIGHTS_LIST_OBJECT,        "[List Object]"},
31
32         {SEC_RIGHTS_READ_ALL_PROP,      "[Read All Properties]"},       
33         {SEC_RIGHTS_READ_PERMS,         "[Read Permissions]"},  
34
35         {SEC_RIGHTS_WRITE_ALL_VALID,    "[All validate writes]"},
36         {SEC_RIGHTS_WRITE_ALL_PROP,     "[Write All Properties]"},
37
38         {SEC_RIGHTS_MODIFY_PERMS,       "[Modify Permissions]"},
39         {SEC_RIGHTS_MODIFY_OWNER,       "[Modify Owner]"},
40
41         {SEC_RIGHTS_CREATE_CHILD,       "[Create All Child Objects]"},
42
43         {SEC_RIGHTS_DELETE,             "[Delete]"},
44         {SEC_RIGHTS_DELETE_SUBTREE,     "[Delete Subtree]"},
45         {SEC_RIGHTS_DELETE_CHILD,       "[Delete All Child Objects]"},
46
47         {SEC_RIGHTS_CHANGE_PASSWD,      "[Change Password]"},   
48         {SEC_RIGHTS_RESET_PASSWD,       "[Reset Password]"},
49         {0,                             0}
50 };
51
52 /* convert a security permissions into a string */
53 static void ads_disp_perms(uint32 type)
54 {
55         int i = 0;
56         int j = 0;
57
58         printf("Permissions: ");
59         
60         if (type == SEC_RIGHTS_FULL_CTRL) {
61                 printf("%s\n", perms[j].str);
62                 return;
63         }
64
65         for (i = 0; i < 32; i++) {
66                 if (type & (1 << i)) {
67                         for (j = 1; perms[j].str; j ++) {
68                                 if (perms[j].mask == (((unsigned) 1) << i)) {
69                                         printf("\n\t%s", perms[j].str);
70                                 }       
71                         }
72                         type &= ~(1 << i);
73                 }
74         }
75
76         /* remaining bits get added on as-is */
77         if (type != 0) {
78                 printf("[%08x]", type);
79         }
80         puts("");
81 }
82
83 /* display ACE */
84 static void ads_disp_ace(SEC_ACE *sec_ace)
85 {
86         const char *access_type = "UNKNOWN";
87
88         if (!sec_ace_object(sec_ace->type)) {
89                 printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x)\n", 
90                   sec_ace->type,
91                   sec_ace->flags,
92                   sec_ace->size,
93                   sec_ace->info.mask);                  
94         } else {
95                 printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x, object flags: 0x%x)\n", 
96                   sec_ace->type,
97                   sec_ace->flags,
98                   sec_ace->size,
99                   sec_ace->info.mask,
100                   sec_ace->obj_flags);
101         }
102         
103         if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) {
104                 access_type = "ALLOWED";
105         } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED) {
106                 access_type = "DENIED";
107         } else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT) {
108                 access_type = "SYSTEM AUDIT";
109         } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) {
110                 access_type = "ALLOWED OBJECT";
111         } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT) {
112                 access_type = "DENIED OBJECT";
113         } else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT) {
114                 access_type = "AUDIT OBJECT";
115         }
116
117         printf("access SID:  %s\naccess type: %s\n", 
118                sid_string_static(&sec_ace->trustee), access_type);
119
120         ads_disp_perms(sec_ace->info.mask);
121 }
122
123 /* display ACL */
124 static void ads_disp_acl(SEC_ACL *sec_acl, const char *type)
125 {
126         if (!sec_acl)
127                 printf("------- (%s) ACL not present\n", type);
128         else {
129                 printf("------- (%s) ACL (revision: %d, size: %d, number of ACEs: %d)\n", 
130                        type,
131                        sec_acl->revision,
132                        sec_acl->size,
133                        sec_acl->num_aces);                      
134         }
135 }
136
137 /* display SD */
138 void ads_disp_sd(SEC_DESC *sd)
139 {
140         int i;
141         
142         printf("-------------- Security Descriptor (revision: %d, type: 0x%02x)\n", 
143                sd->revision,
144                sd->type);
145         printf("owner SID: %s\n", sid_string_static(sd->owner_sid));
146         printf("group SID: %s\n", sid_string_static(sd->grp_sid));
147
148         ads_disp_acl(sd->sacl, "system");
149         for (i = 0; i < sd->sacl->num_aces; i ++)
150                 ads_disp_ace(&sd->sacl->ace[i]);
151         
152         ads_disp_acl(sd->dacl, "user");
153         for (i = 0; i < sd->dacl->num_aces; i ++)
154                 ads_disp_ace(&sd->dacl->ace[i]);
155
156         printf("-------------- End Of Security Descriptor\n");
157 }
158
159