2 Unix SMB/CIFS implementation.
3 Samba utility functions. ADS stuff
4 Copyright (C) Alexey Kotovich 2002
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 static struct perm_mask_str
{
27 {SEC_RIGHTS_FULL_CTRL
, "[Full Control]"},
29 {SEC_RIGHTS_LIST_CONTENTS
, "[List Contents]"},
30 {SEC_RIGHTS_LIST_OBJECT
, "[List Object]"},
32 {SEC_RIGHTS_READ_ALL_PROP
, "[Read All Properties]"},
33 {SEC_RIGHTS_READ_PERMS
, "[Read Permissions]"},
35 {SEC_RIGHTS_WRITE_ALL_VALID
, "[All validate writes]"},
36 {SEC_RIGHTS_WRITE_ALL_PROP
, "[Write All Properties]"},
38 {SEC_RIGHTS_MODIFY_PERMS
, "[Modify Permissions]"},
39 {SEC_RIGHTS_MODIFY_OWNER
, "[Modify Owner]"},
41 {SEC_RIGHTS_CREATE_CHILD
, "[Create All Child Objects]"},
43 {SEC_RIGHTS_DELETE
, "[Delete]"},
44 {SEC_RIGHTS_DELETE_SUBTREE
, "[Delete Subtree]"},
45 {SEC_RIGHTS_DELETE_CHILD
, "[Delete All Child Objects]"},
47 {SEC_RIGHTS_CHANGE_PASSWD
, "[Change Password]"},
48 {SEC_RIGHTS_RESET_PASSWD
, "[Reset Password]"},
50 {SEC_RIGHTS_APPLY_GROUP_POLICY
, "[Apply Group Policy]"},
55 /* convert a security permissions into a string */
56 static void ads_disp_perms(uint32 type
)
61 printf("Permissions: ");
63 if (type
== SEC_RIGHTS_FULL_CTRL
) {
64 printf("%s\n", perms
[j
].str
);
68 for (i
= 0; i
< 32; i
++) {
69 if (type
& (1 << i
)) {
70 for (j
= 1; perms
[j
].str
; j
++) {
71 if (perms
[j
].mask
== (((unsigned) 1) << i
)) {
72 printf("\n\t%s (0x%08x)", perms
[j
].str
, perms
[j
].mask
);
79 /* remaining bits get added on as-is */
81 printf("[%08x]", type
);
87 static void ads_disp_ace(SEC_ACE
*sec_ace
)
89 const char *access_type
= "UNKNOWN";
91 if (!sec_ace_object(sec_ace
->type
)) {
92 printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x)\n",
96 sec_ace
->access_mask
);
98 printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x, object flags: 0x%x)\n",
102 sec_ace
->access_mask
,
103 sec_ace
->object
.object
.flags
);
106 if (sec_ace
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED
) {
107 access_type
= "ALLOWED";
108 } else if (sec_ace
->type
== SEC_ACE_TYPE_ACCESS_DENIED
) {
109 access_type
= "DENIED";
110 } else if (sec_ace
->type
== SEC_ACE_TYPE_SYSTEM_AUDIT
) {
111 access_type
= "SYSTEM AUDIT";
112 } else if (sec_ace
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT
) {
113 access_type
= "ALLOWED OBJECT";
114 } else if (sec_ace
->type
== SEC_ACE_TYPE_ACCESS_DENIED_OBJECT
) {
115 access_type
= "DENIED OBJECT";
116 } else if (sec_ace
->type
== SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT
) {
117 access_type
= "AUDIT OBJECT";
120 printf("access SID: %s\naccess type: %s\n",
121 sid_string_static(&sec_ace
->trustee
), access_type
);
123 ads_disp_perms(sec_ace
->access_mask
);
127 static void ads_disp_acl(SEC_ACL
*sec_acl
, const char *type
)
130 printf("------- (%s) ACL not present\n", type
);
132 printf("------- (%s) ACL (revision: %d, size: %d, number of ACEs: %d)\n",
141 void ads_disp_sd(SEC_DESC
*sd
)
145 printf("-------------- Security Descriptor (revision: %d, type: 0x%02x)\n",
148 printf("owner SID: %s\n", sid_string_static(sd
->owner_sid
));
149 printf("group SID: %s\n", sid_string_static(sd
->group_sid
));
151 ads_disp_acl(sd
->sacl
, "system");
152 for (i
= 0; i
< sd
->sacl
->num_aces
; i
++)
153 ads_disp_ace(&sd
->sacl
->aces
[i
]);
155 ads_disp_acl(sd
->dacl
, "user");
156 for (i
= 0; i
< sd
->dacl
->num_aces
; i
++)
157 ads_disp_ace(&sd
->dacl
->aces
[i
]);
159 printf("-------------- End Of Security Descriptor\n");