root/source3/lib/display_sec.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. get_sec_mask_str
  2. display_sec_access
  3. display_sec_ace_flags
  4. disp_sec_ace_object
  5. display_sec_ace
  6. display_sec_acl
  7. display_acl_type
  8. display_sec_desc

   1 /* 
   2    Unix SMB/CIFS implementation.
   3    Samba utility functions
   4    Copyright (C) Andrew Tridgell 1992-1999
   5    Copyright (C) Luke Kenneth Casson Leighton 1996 - 1999
   6    
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 3 of the License, or
  10    (at your option) any later version.
  11    
  12    This program is distributed in the hope that it will be useful, 
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16    
  17    You should have received a copy of the GNU General Public License
  18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19 */
  20 
  21 #include "includes.h"
  22 
  23 /****************************************************************************
  24 convert a security permissions into a string
  25 ****************************************************************************/
  26 
  27 char *get_sec_mask_str(TALLOC_CTX *ctx, uint32 type)
     /* [<][>][^][v][top][bottom][index][help] */
  28 {
  29         char *typestr = talloc_strdup(ctx, "");
  30 
  31         if (!typestr) {
  32                 return NULL;
  33         }
  34 
  35         if (type & GENERIC_ALL_ACCESS) {
  36                 typestr = talloc_asprintf_append(typestr,
  37                                 "Generic all access ");
  38                 if (!typestr) {
  39                         return NULL;
  40                 }
  41         }
  42         if (type & GENERIC_EXECUTE_ACCESS) {
  43                 typestr = talloc_asprintf_append(typestr,
  44                                 "Generic execute access");
  45                 if (!typestr) {
  46                         return NULL;
  47                 }
  48         }
  49         if (type & GENERIC_WRITE_ACCESS) {
  50                 typestr = talloc_asprintf_append(typestr,
  51                                 "Generic write access ");
  52                 if (!typestr) {
  53                         return NULL;
  54                 }
  55         }
  56         if (type & GENERIC_READ_ACCESS) {
  57                 typestr = talloc_asprintf_append(typestr,
  58                                 "Generic read access ");
  59                 if (!typestr) {
  60                         return NULL;
  61                 }
  62         }
  63         if (type & MAXIMUM_ALLOWED_ACCESS) {
  64                 typestr = talloc_asprintf_append(typestr,
  65                                 "MAXIMUM_ALLOWED_ACCESS ");
  66                 if (!typestr) {
  67                         return NULL;
  68                 }
  69         }
  70         if (type & SYSTEM_SECURITY_ACCESS) {
  71                 typestr = talloc_asprintf_append(typestr,
  72                                 "SYSTEM_SECURITY_ACCESS ");
  73                 if (!typestr) {
  74                         return NULL;
  75                 }
  76         }
  77         if (type & SYNCHRONIZE_ACCESS) {
  78                 typestr = talloc_asprintf_append(typestr,
  79                                 "SYNCHRONIZE_ACCESS ");
  80                 if (!typestr) {
  81                         return NULL;
  82                 }
  83         }
  84         if (type & WRITE_OWNER_ACCESS) {
  85                 typestr = talloc_asprintf_append(typestr,
  86                                 "WRITE_OWNER_ACCESS ");
  87                 if (!typestr) {
  88                         return NULL;
  89                 }
  90         }
  91         if (type & WRITE_DAC_ACCESS) {
  92                 typestr = talloc_asprintf_append(typestr,
  93                                 "WRITE_DAC_ACCESS ");
  94                 if (!typestr) {
  95                         return NULL;
  96                 }
  97         }
  98         if (type & READ_CONTROL_ACCESS) {
  99                 typestr = talloc_asprintf_append(typestr,
 100                                 "READ_CONTROL_ACCESS ");
 101                 if (!typestr) {
 102                         return NULL;
 103                 }
 104         }
 105         if (type & DELETE_ACCESS) {
 106                 typestr = talloc_asprintf_append(typestr,
 107                                 "DELETE_ACCESS ");
 108                 if (!typestr) {
 109                         return NULL;
 110                 }
 111         }
 112 
 113         printf("\t\tSpecific bits: 0x%lx\n", (unsigned long)type&SPECIFIC_RIGHTS_MASK);
 114 
 115         return typestr;
 116 }
 117 
 118 /****************************************************************************
 119  display sec_access structure
 120  ****************************************************************************/
 121 void display_sec_access(uint32_t *info)
     /* [<][>][^][v][top][bottom][index][help] */
 122 {
 123         char *mask_str = get_sec_mask_str(NULL, *info);
 124         printf("\t\tPermissions: 0x%x: %s\n", *info, mask_str ? mask_str : "");
 125         TALLOC_FREE(mask_str);
 126 }
 127 
 128 /****************************************************************************
 129  display sec_ace flags
 130  ****************************************************************************/
 131 void display_sec_ace_flags(uint8_t flags)
     /* [<][>][^][v][top][bottom][index][help] */
 132 {
 133         if (flags & SEC_ACE_FLAG_OBJECT_INHERIT)
 134                 printf("SEC_ACE_FLAG_OBJECT_INHERIT ");
 135         if (flags & SEC_ACE_FLAG_CONTAINER_INHERIT)
 136                 printf(" SEC_ACE_FLAG_CONTAINER_INHERIT ");
 137         if (flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)
 138                 printf("SEC_ACE_FLAG_NO_PROPAGATE_INHERIT ");
 139         if (flags & SEC_ACE_FLAG_INHERIT_ONLY)
 140                 printf("SEC_ACE_FLAG_INHERIT_ONLY ");
 141         if (flags & SEC_ACE_FLAG_INHERITED_ACE)
 142                 printf("SEC_ACE_FLAG_INHERITED_ACE ");
 143 /*      if (flags & SEC_ACE_FLAG_VALID_INHERIT)
 144                 printf("SEC_ACE_FLAG_VALID_INHERIT "); */
 145         if (flags & SEC_ACE_FLAG_SUCCESSFUL_ACCESS)
 146                 printf("SEC_ACE_FLAG_SUCCESSFUL_ACCESS ");
 147         if (flags & SEC_ACE_FLAG_FAILED_ACCESS)
 148                 printf("SEC_ACE_FLAG_FAILED_ACCESS ");
 149 
 150         printf("\n");
 151 }
 152 
 153 /****************************************************************************
 154  display sec_ace object
 155  ****************************************************************************/
 156 static void disp_sec_ace_object(struct security_ace_object *object)
     /* [<][>][^][v][top][bottom][index][help] */
 157 {
 158         if (object->flags & SEC_ACE_OBJECT_TYPE_PRESENT) {
 159                 printf("Object type: SEC_ACE_OBJECT_TYPE_PRESENT\n");
 160                 printf("Object GUID: %s\n", GUID_string(talloc_tos(),
 161                         &object->type.type));
 162         }
 163         if (object->flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT) {
 164                 printf("Object type: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT\n");
 165                 printf("Object GUID: %s\n", GUID_string(talloc_tos(), 
 166                         &object->inherited_type.inherited_type));
 167         }
 168 }
 169 
 170 /****************************************************************************
 171  display sec_ace structure
 172  ****************************************************************************/
 173 void display_sec_ace(SEC_ACE *ace)
     /* [<][>][^][v][top][bottom][index][help] */
 174 {
 175         fstring sid_str;
 176 
 177         printf("\tACE\n\t\ttype: ");
 178         switch (ace->type) {
 179                 case SEC_ACE_TYPE_ACCESS_ALLOWED:
 180                         printf("ACCESS ALLOWED");
 181                         break;
 182                 case SEC_ACE_TYPE_ACCESS_DENIED:
 183                         printf("ACCESS DENIED");
 184                         break;
 185                 case SEC_ACE_TYPE_SYSTEM_AUDIT:
 186                         printf("SYSTEM AUDIT");
 187                         break;
 188                 case SEC_ACE_TYPE_SYSTEM_ALARM:
 189                         printf("SYSTEM ALARM");
 190                         break;
 191                 case SEC_ACE_TYPE_ALLOWED_COMPOUND:
 192                         printf("SEC_ACE_TYPE_ALLOWED_COMPOUND");
 193                         break;
 194                 case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
 195                         printf("SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT");
 196                         break;
 197                 case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
 198                         printf("SEC_ACE_TYPE_ACCESS_DENIED_OBJECT");
 199                         break;
 200                 case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
 201                         printf("SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT");
 202                         break;
 203                 case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
 204                         printf("SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT");
 205                         break;
 206                 default:
 207                         printf("????");
 208                         break;
 209         }
 210 
 211         printf(" (%d) flags: 0x%02x ", ace->type, ace->flags);
 212         display_sec_ace_flags(ace->flags);
 213         display_sec_access(&ace->access_mask);
 214         sid_to_fstring(sid_str, &ace->trustee);
 215         printf("\t\tSID: %s\n\n", sid_str);
 216 
 217         if (sec_ace_object(ace->type)) {
 218                 disp_sec_ace_object(&ace->object.object);
 219         }
 220 
 221 }
 222 
 223 /****************************************************************************
 224  display sec_acl structure
 225  ****************************************************************************/
 226 void display_sec_acl(SEC_ACL *sec_acl)
     /* [<][>][^][v][top][bottom][index][help] */
 227 {
 228         int i;
 229 
 230         printf("\tACL\tNum ACEs:\t%d\trevision:\t%x\n",
 231                          sec_acl->num_aces, sec_acl->revision); 
 232         printf("\t---\n");
 233 
 234         if (sec_acl->size != 0 && sec_acl->num_aces != 0) {
 235                 for (i = 0; i < sec_acl->num_aces; i++) {
 236                         display_sec_ace(&sec_acl->aces[i]);
 237                 }
 238         }
 239 }
 240 
 241 void display_acl_type(uint16 type)
     /* [<][>][^][v][top][bottom][index][help] */
 242 {
 243         fstring typestr="";
 244 
 245         typestr[0] = 0;
 246 
 247         if (type & SEC_DESC_OWNER_DEFAULTED)    /* 0x0001 */
 248                 fstrcat(typestr, "SEC_DESC_OWNER_DEFAULTED ");
 249         if (type & SEC_DESC_GROUP_DEFAULTED)    /* 0x0002 */
 250                 fstrcat(typestr, "SEC_DESC_GROUP_DEFAULTED ");
 251         if (type & SEC_DESC_DACL_PRESENT)       /* 0x0004 */
 252                 fstrcat(typestr, "SEC_DESC_DACL_PRESENT ");
 253         if (type & SEC_DESC_DACL_DEFAULTED)     /* 0x0008 */
 254                 fstrcat(typestr, "SEC_DESC_DACL_DEFAULTED ");
 255         if (type & SEC_DESC_SACL_PRESENT)       /* 0x0010 */
 256                 fstrcat(typestr, "SEC_DESC_SACL_PRESENT ");
 257         if (type & SEC_DESC_SACL_DEFAULTED)     /* 0x0020 */
 258                 fstrcat(typestr, "SEC_DESC_SACL_DEFAULTED ");
 259         if (type & SEC_DESC_DACL_TRUSTED)       /* 0x0040 */
 260                 fstrcat(typestr, "SEC_DESC_DACL_TRUSTED ");
 261         if (type & SEC_DESC_SERVER_SECURITY)    /* 0x0080 */
 262                 fstrcat(typestr, "SEC_DESC_SERVER_SECURITY ");
 263         if (type & SEC_DESC_DACL_AUTO_INHERIT_REQ) /* 0x0100 */
 264                 fstrcat(typestr, "SEC_DESC_DACL_AUTO_INHERIT_REQ ");
 265         if (type & SEC_DESC_SACL_AUTO_INHERIT_REQ) /* 0x0200 */
 266                 fstrcat(typestr, "SEC_DESC_SACL_AUTO_INHERIT_REQ ");
 267         if (type & SEC_DESC_DACL_AUTO_INHERITED) /* 0x0400 */
 268                 fstrcat(typestr, "SEC_DESC_DACL_AUTO_INHERITED ");
 269         if (type & SEC_DESC_SACL_AUTO_INHERITED) /* 0x0800 */
 270                 fstrcat(typestr, "SEC_DESC_SACL_AUTO_INHERITED ");
 271         if (type & SEC_DESC_DACL_PROTECTED)     /* 0x1000 */
 272                 fstrcat(typestr, "SEC_DESC_DACL_PROTECTED ");
 273         if (type & SEC_DESC_SACL_PROTECTED)     /* 0x2000 */
 274                 fstrcat(typestr, "SEC_DESC_SACL_PROTECTED ");
 275         if (type & SEC_DESC_RM_CONTROL_VALID)   /* 0x4000 */
 276                 fstrcat(typestr, "SEC_DESC_RM_CONTROL_VALID ");
 277         if (type & SEC_DESC_SELF_RELATIVE)      /* 0x8000 */
 278                 fstrcat(typestr, "SEC_DESC_SELF_RELATIVE ");
 279         
 280         printf("type: 0x%04x: %s\n", type, typestr);
 281 }
 282 
 283 /****************************************************************************
 284  display sec_desc structure
 285  ****************************************************************************/
 286 void display_sec_desc(SEC_DESC *sec)
     /* [<][>][^][v][top][bottom][index][help] */
 287 {
 288         fstring sid_str;
 289 
 290         if (!sec) {
 291                 printf("NULL\n");
 292                 return;
 293         }
 294 
 295         printf("revision: %d\n", sec->revision);
 296         display_acl_type(sec->type);
 297 
 298         if (sec->sacl) {
 299                 printf("SACL\n");
 300                 display_sec_acl(sec->sacl);
 301         }
 302 
 303         if (sec->dacl) {
 304                 printf("DACL\n");
 305                 display_sec_acl(sec->dacl);
 306         }
 307 
 308         if (sec->owner_sid) {
 309                 sid_to_fstring(sid_str, sec->owner_sid);
 310                 printf("\tOwner SID:\t%s\n", sid_str);
 311         }
 312 
 313         if (sec->group_sid) {
 314                 sid_to_fstring(sid_str, sec->group_sid);
 315                 printf("\tGroup SID:\t%s\n", sid_str);
 316         }
 317 }

/* [<][>][^][v][top][bottom][index][help] */