root/source3/libads/disp_sec.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. ads_disp_perms
  2. ads_interprete_guid_from_object
  3. ads_disp_sec_ace_object
  4. ads_disp_ace
  5. ads_disp_acl
  6. ads_disp_sd

   1 /* 
   2    Unix SMB/CIFS implementation.
   3    Samba utility functions. ADS stuff
   4    Copyright (C) Alexey Kotovich 2002
   5    
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 3 of the License, or
   9    (at your option) any later version.
  10    
  11    This program is distributed in the hope that it will be useful, 
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15    
  16    You should have received a copy of the GNU General Public License
  17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18 */
  19 
  20 #include "includes.h"
  21 
  22 #ifdef HAVE_LDAP
  23 
  24 static struct perm_mask_str {
  25         uint32  mask;
  26         const char   *str;
  27 } perms[] = {
  28         {SEC_RIGHTS_FULL_CTRL,          "[Full Control]"},
  29 
  30         {SEC_RIGHTS_LIST_CONTENTS,      "[List Contents]"},
  31         {SEC_RIGHTS_LIST_OBJECT,        "[List Object]"},
  32 
  33         {SEC_RIGHTS_READ_ALL_PROP,      "[Read All Properties]"},       
  34         {SEC_RIGHTS_READ_PERMS,         "[Read Permissions]"},  
  35 
  36         {SEC_RIGHTS_WRITE_ALL_VALID,    "[All validate writes]"},
  37         {SEC_RIGHTS_WRITE_ALL_PROP,     "[Write All Properties]"},
  38 
  39         {SEC_RIGHTS_MODIFY_PERMS,       "[Modify Permissions]"},
  40         {SEC_RIGHTS_MODIFY_OWNER,       "[Modify Owner]"},
  41 
  42         {SEC_RIGHTS_CREATE_CHILD,       "[Create All Child Objects]"},
  43 
  44         {SEC_RIGHTS_DELETE,             "[Delete]"},
  45         {SEC_RIGHTS_DELETE_SUBTREE,     "[Delete Subtree]"},
  46         {SEC_RIGHTS_DELETE_CHILD,       "[Delete All Child Objects]"},
  47 
  48         {SEC_RIGHTS_CHANGE_PASSWD,      "[Change Password]"},   
  49         {SEC_RIGHTS_RESET_PASSWD,       "[Reset Password]"},
  50 
  51         {0,                             0}
  52 };
  53 
  54 /* convert a security permissions into a string */
  55 static void ads_disp_perms(uint32 type)
     /* [<][>][^][v][top][bottom][index][help] */
  56 {
  57         int i = 0;
  58         int j = 0;
  59 
  60         printf("Permissions: ");
  61         
  62         if (type == SEC_RIGHTS_FULL_CTRL) {
  63                 printf("%s\n", perms[j].str);
  64                 return;
  65         }
  66 
  67         for (i = 0; i < 32; i++) {
  68                 if (type & (1 << i)) {
  69                         for (j = 1; perms[j].str; j ++) {
  70                                 if (perms[j].mask == (((unsigned) 1) << i)) {
  71                                         printf("\n\t%s (0x%08x)", perms[j].str, perms[j].mask);
  72                                 }       
  73                         }
  74                         type &= ~(1 << i);
  75                 }
  76         }
  77 
  78         /* remaining bits get added on as-is */
  79         if (type != 0) {
  80                 printf("[%08x]", type);
  81         }
  82         puts("");
  83 }
  84 
  85 static const char *ads_interprete_guid_from_object(ADS_STRUCT *ads, 
     /* [<][>][^][v][top][bottom][index][help] */
  86                                                    TALLOC_CTX *mem_ctx, 
  87                                                    const struct GUID *guid)
  88 {
  89         const char *ret = NULL;
  90 
  91         if (!ads || !mem_ctx) {
  92                 return NULL;
  93         }
  94 
  95         ret = ads_get_attrname_by_guid(ads, ads->config.schema_path, 
  96                                        mem_ctx, guid);
  97         if (ret) {
  98                 return talloc_asprintf(mem_ctx, "LDAP attribute: \"%s\"", ret);
  99         }
 100 
 101         ret = ads_get_extended_right_name_by_guid(ads, ads->config.config_path,
 102                                                   mem_ctx, guid);
 103 
 104         if (ret) {
 105                 return talloc_asprintf(mem_ctx, "Extended right: \"%s\"", ret);
 106         }
 107 
 108         return ret;
 109 }
 110 
 111 static void ads_disp_sec_ace_object(ADS_STRUCT *ads, 
     /* [<][>][^][v][top][bottom][index][help] */
 112                                     TALLOC_CTX *mem_ctx, 
 113                                     struct security_ace_object *object)
 114 {
 115         if (object->flags & SEC_ACE_OBJECT_TYPE_PRESENT) {
 116                 printf("Object type: SEC_ACE_OBJECT_TYPE_PRESENT\n");
 117                 printf("Object GUID: %s (%s)\n", GUID_string(mem_ctx, 
 118                         &object->type.type), 
 119                         ads_interprete_guid_from_object(ads, mem_ctx, 
 120                                 &object->type.type));
 121         }
 122         if (object->flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT) {
 123                 printf("Object type: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT\n");
 124                 printf("Object GUID: %s (%s)\n", GUID_string(mem_ctx,
 125                         &object->inherited_type.inherited_type),
 126                         ads_interprete_guid_from_object(ads, mem_ctx, 
 127                                 &object->inherited_type.inherited_type));
 128         }
 129 }
 130 
 131 /* display ACE */
 132 static void ads_disp_ace(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, SEC_ACE *sec_ace)
     /* [<][>][^][v][top][bottom][index][help] */
 133 {
 134         const char *access_type = "UNKNOWN";
 135 
 136         if (!sec_ace_object(sec_ace->type)) {
 137                 printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x)\n", 
 138                   sec_ace->type,
 139                   sec_ace->flags,
 140                   sec_ace->size,
 141                   sec_ace->access_mask);                        
 142         } else {
 143                 printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x, object flags: 0x%x)\n", 
 144                   sec_ace->type,
 145                   sec_ace->flags,
 146                   sec_ace->size,
 147                   sec_ace->access_mask,
 148                   sec_ace->object.object.flags);
 149         }
 150         
 151         if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) {
 152                 access_type = "ALLOWED";
 153         } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED) {
 154                 access_type = "DENIED";
 155         } else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT) {
 156                 access_type = "SYSTEM AUDIT";
 157         } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) {
 158                 access_type = "ALLOWED OBJECT";
 159         } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT) {
 160                 access_type = "DENIED OBJECT";
 161         } else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT) {
 162                 access_type = "AUDIT OBJECT";
 163         }
 164 
 165         printf("access SID:  %s\naccess type: %s\n", 
 166                sid_string_talloc(mem_ctx, &sec_ace->trustee), access_type);
 167 
 168         if (sec_ace_object(sec_ace->type)) {
 169                 ads_disp_sec_ace_object(ads, mem_ctx, &sec_ace->object.object);
 170         }
 171 
 172         ads_disp_perms(sec_ace->access_mask);
 173 }
 174 
 175 /* display ACL */
 176 static void ads_disp_acl(SEC_ACL *sec_acl, const char *type)
     /* [<][>][^][v][top][bottom][index][help] */
 177 {
 178         if (!sec_acl)
 179                 printf("------- (%s) ACL not present\n", type);
 180         else {
 181                 printf("------- (%s) ACL (revision: %d, size: %d, number of ACEs: %d)\n", 
 182                        type,
 183                        sec_acl->revision,
 184                        sec_acl->size,
 185                        sec_acl->num_aces);                      
 186         }
 187 }
 188 
 189 /* display SD */
 190 void ads_disp_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, SEC_DESC *sd)
     /* [<][>][^][v][top][bottom][index][help] */
 191 {
 192         int i;
 193         char *tmp_path = NULL;
 194 
 195         if (!sd) {
 196                 return;
 197         }
 198 
 199         if (ads && !ads->config.schema_path) {
 200                 if (ADS_ERR_OK(ads_schema_path(ads, mem_ctx, &tmp_path))) {
 201                         ads->config.schema_path = SMB_STRDUP(tmp_path);
 202                 }
 203         }
 204 
 205         if (ads && !ads->config.config_path) {
 206                 if (ADS_ERR_OK(ads_config_path(ads, mem_ctx, &tmp_path))) {
 207                         ads->config.config_path = SMB_STRDUP(tmp_path);
 208                 }
 209         }
 210 
 211         printf("-------------- Security Descriptor (revision: %d, type: 0x%02x)\n", 
 212                sd->revision,
 213                sd->type);
 214 
 215         printf("owner SID: %s\n", sd->owner_sid ? 
 216                 sid_string_talloc(mem_ctx, sd->owner_sid) : "(null)");
 217         printf("group SID: %s\n", sd->group_sid ?
 218                 sid_string_talloc(mem_ctx, sd->group_sid) : "(null)");
 219 
 220         ads_disp_acl(sd->sacl, "system");
 221         if (sd->sacl) {
 222                 for (i = 0; i < sd->sacl->num_aces; i ++) {
 223                         ads_disp_ace(ads, mem_ctx, &sd->sacl->aces[i]);
 224                 }
 225         }
 226         
 227         ads_disp_acl(sd->dacl, "user");
 228         if (sd->dacl) {
 229                 for (i = 0; i < sd->dacl->num_aces; i ++) {
 230                         ads_disp_ace(ads, mem_ctx, &sd->dacl->aces[i]);
 231                 }
 232         }
 233 
 234         printf("-------------- End Of Security Descriptor\n");
 235 }
 236 
 237 #endif

/* [<][>][^][v][top][bottom][index][help] */