search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3: re-run make samba3-idl.
[Samba/cd1.git] / source3 / libads / disp_sec.c
blob3bf0b6f7a7d9cff1926048510e35216fa392a15e
1 /*
2 Unix SMB/CIFS implementation.
3 Samba utility functions. ADS stuff
4 Copyright (C) Alexey Kotovich 2002
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21
22 #ifdef HAVE_LDAP
23
24 static struct perm_mask_str {
25 uint32 mask;
26 const char *str;
27 } perms[] = {
28 {SEC_RIGHTS_FULL_CTRL, "[Full Control]"},
29
30 {SEC_RIGHTS_LIST_CONTENTS, "[List Contents]"},
31 {SEC_RIGHTS_LIST_OBJECT, "[List Object]"},
32
33 {SEC_RIGHTS_READ_ALL_PROP, "[Read All Properties]"},
34 {SEC_RIGHTS_READ_PERMS, "[Read Permissions]"},
35
36 {SEC_RIGHTS_WRITE_ALL_VALID, "[All validate writes]"},
37 {SEC_RIGHTS_WRITE_ALL_PROP, "[Write All Properties]"},
38
39 {SEC_RIGHTS_MODIFY_PERMS, "[Modify Permissions]"},
40 {SEC_RIGHTS_MODIFY_OWNER, "[Modify Owner]"},
41
42 {SEC_RIGHTS_CREATE_CHILD, "[Create All Child Objects]"},
43
44 {SEC_RIGHTS_DELETE, "[Delete]"},
45 {SEC_RIGHTS_DELETE_SUBTREE, "[Delete Subtree]"},
46 {SEC_RIGHTS_DELETE_CHILD, "[Delete All Child Objects]"},
47
48 {SEC_RIGHTS_CHANGE_PASSWD, "[Change Password]"},
49 {SEC_RIGHTS_RESET_PASSWD, "[Reset Password]"},
50
51 {0, 0}
52 };
53
54 /* convert a security permissions into a string */
55 static void ads_disp_perms(uint32 type)
56 {
57 int i = 0;
58 int j = 0;
59
60 printf("Permissions: ");
61
62 if (type == SEC_RIGHTS_FULL_CTRL) {
63 printf("%s\n", perms[j].str);
64 return;
65 }
66
67 for (i = 0; i < 32; i++) {
68 if (type & (1 << i)) {
69 for (j = 1; perms[j].str; j ++) {
70 if (perms[j].mask == (((unsigned) 1) << i)) {
71 printf("\n\t%s (0x%08x)", perms[j].str, perms[j].mask);
72 }
73 }
74 type &= ~(1 << i);
75 }
76 }
77
78 /* remaining bits get added on as-is */
79 if (type != 0) {
80 printf("[%08x]", type);
81 }
82 puts("");
83 }
84
85 static const char *ads_interprete_guid_from_object(ADS_STRUCT *ads,
86 TALLOC_CTX *mem_ctx,
87 const struct GUID *guid)
88 {
89 const char *ret = NULL;
90
91 if (!ads || !mem_ctx) {
92 return NULL;
93 }
94
95 ret = ads_get_attrname_by_guid(ads, ads->config.schema_path,
96 mem_ctx, guid);
97 if (ret) {
98 return talloc_asprintf(mem_ctx, "LDAP attribute: \"%s\"", ret);
99 }
100
101 ret = ads_get_extended_right_name_by_guid(ads, ads->config.config_path,
102 mem_ctx, guid);
103
104 if (ret) {
105 return talloc_asprintf(mem_ctx, "Extended right: \"%s\"", ret);
106 }
107
108 return ret;
109 }
110
111 static void ads_disp_sec_ace_object(ADS_STRUCT *ads,
112 TALLOC_CTX *mem_ctx,
113 struct security_ace_object *object)
114 {
115 if (object->flags & SEC_ACE_OBJECT_TYPE_PRESENT) {
116 printf("Object type: SEC_ACE_OBJECT_TYPE_PRESENT\n");
117 printf("Object GUID: %s (%s)\n", GUID_string(mem_ctx,
118 &object->type.type),
119 ads_interprete_guid_from_object(ads, mem_ctx,
120 &object->type.type));
121 }
122 if (object->flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT) {
123 printf("Object type: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT\n");
124 printf("Object GUID: %s (%s)\n", GUID_string(mem_ctx,
125 &object->inherited_type.inherited_type),
126 ads_interprete_guid_from_object(ads, mem_ctx,
127 &object->inherited_type.inherited_type));
128 }
129 }
130
131 /* display ACE */
132 static void ads_disp_ace(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, SEC_ACE *sec_ace)
133 {
134 const char *access_type = "UNKNOWN";
135
136 if (!sec_ace_object(sec_ace->type)) {
137 printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x)\n",
138 sec_ace->type,
139 sec_ace->flags,
140 sec_ace->size,
141 sec_ace->access_mask);
142 } else {
143 printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x, object flags: 0x%x)\n",
144 sec_ace->type,
145 sec_ace->flags,
146 sec_ace->size,
147 sec_ace->access_mask,
148 sec_ace->object.object.flags);
149 }
150
151 if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) {
152 access_type = "ALLOWED";
153 } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED) {
154 access_type = "DENIED";
155 } else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT) {
156 access_type = "SYSTEM AUDIT";
157 } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) {
158 access_type = "ALLOWED OBJECT";
159 } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT) {
160 access_type = "DENIED OBJECT";
161 } else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT) {
162 access_type = "AUDIT OBJECT";
163 }
164
165 printf("access SID: %s\naccess type: %s\n",
166 sid_string_talloc(mem_ctx, &sec_ace->trustee), access_type);
167
168 if (sec_ace_object(sec_ace->type)) {
169 ads_disp_sec_ace_object(ads, mem_ctx, &sec_ace->object.object);
170 }
171
172 ads_disp_perms(sec_ace->access_mask);
173 }
174
175 /* display ACL */
176 static void ads_disp_acl(SEC_ACL *sec_acl, const char *type)
177 {
178 if (!sec_acl)
179 printf("------- (%s) ACL not present\n", type);
180 else {
181 printf("------- (%s) ACL (revision: %d, size: %d, number of ACEs: %d)\n",
182 type,
183 sec_acl->revision,
184 sec_acl->size,
185 sec_acl->num_aces);
186 }
187 }
188
189 /* display SD */
190 void ads_disp_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, SEC_DESC *sd)
191 {
192 int i;
193 char *tmp_path = NULL;
194
195 if (!sd) {
196 return;
197 }
198
199 if (ads && !ads->config.schema_path) {
200 if (ADS_ERR_OK(ads_schema_path(ads, mem_ctx, &tmp_path))) {
201 ads->config.schema_path = SMB_STRDUP(tmp_path);
202 }
203 }
204
205 if (ads && !ads->config.config_path) {
206 if (ADS_ERR_OK(ads_config_path(ads, mem_ctx, &tmp_path))) {
207 ads->config.config_path = SMB_STRDUP(tmp_path);
208 }
209 }
210
211 printf("-------------- Security Descriptor (revision: %d, type: 0x%02x)\n",
212 sd->revision,
213 sd->type);
214
215 printf("owner SID: %s\n", sd->owner_sid ?
216 sid_string_talloc(mem_ctx, sd->owner_sid) : "(null)");
217 printf("group SID: %s\n", sd->group_sid ?
218 sid_string_talloc(mem_ctx, sd->group_sid) : "(null)");
219
220 ads_disp_acl(sd->sacl, "system");
221 if (sd->sacl) {
222 for (i = 0; i < sd->sacl->num_aces; i ++) {
223 ads_disp_ace(ads, mem_ctx, &sd->sacl->aces[i]);
224 }
225 }
226
227 ads_disp_acl(sd->dacl, "user");
228 if (sd->dacl) {
229 for (i = 0; i < sd->dacl->num_aces; i ++) {
230 ads_disp_ace(ads, mem_ctx, &sd->dacl->aces[i]);
231 }
232 }
233
234 printf("-------------- End Of Security Descriptor\n");
235 }
236
237 #endif
Crístian's Samba branch