2 Unix SMB/CIFS implementation.
3 Samba utility functions
4 Copyright (C) Andrew Tridgell 1992-1999
5 Copyright (C) Luke Kenneth Casson Leighton 1996 - 1999
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 /****************************************************************************
24 convert a security permissions into a string
25 ****************************************************************************/
27 char *get_sec_mask_str(TALLOC_CTX
*ctx
, uint32 type
)
29 char *typestr
= talloc_strdup(ctx
, "");
35 if (type
& GENERIC_ALL_ACCESS
) {
36 typestr
= talloc_asprintf_append(typestr
,
37 "Generic all access ");
42 if (type
& GENERIC_EXECUTE_ACCESS
) {
43 typestr
= talloc_asprintf_append(typestr
,
44 "Generic execute access");
49 if (type
& GENERIC_WRITE_ACCESS
) {
50 typestr
= talloc_asprintf_append(typestr
,
51 "Generic write access ");
56 if (type
& GENERIC_READ_ACCESS
) {
57 typestr
= talloc_asprintf_append(typestr
,
58 "Generic read access ");
63 if (type
& MAXIMUM_ALLOWED_ACCESS
) {
64 typestr
= talloc_asprintf_append(typestr
,
65 "MAXIMUM_ALLOWED_ACCESS ");
70 if (type
& SYSTEM_SECURITY_ACCESS
) {
71 typestr
= talloc_asprintf_append(typestr
,
72 "SYSTEM_SECURITY_ACCESS ");
77 if (type
& SYNCHRONIZE_ACCESS
) {
78 typestr
= talloc_asprintf_append(typestr
,
79 "SYNCHRONIZE_ACCESS ");
84 if (type
& WRITE_OWNER_ACCESS
) {
85 typestr
= talloc_asprintf_append(typestr
,
86 "WRITE_OWNER_ACCESS ");
91 if (type
& WRITE_DAC_ACCESS
) {
92 typestr
= talloc_asprintf_append(typestr
,
98 if (type
& READ_CONTROL_ACCESS
) {
99 typestr
= talloc_asprintf_append(typestr
,
100 "READ_CONTROL_ACCESS ");
105 if (type
& DELETE_ACCESS
) {
106 typestr
= talloc_asprintf_append(typestr
,
113 printf("\t\tSpecific bits: 0x%lx\n", (unsigned long)type
&SPECIFIC_RIGHTS_MASK
);
118 /****************************************************************************
119 display sec_access structure
120 ****************************************************************************/
121 void display_sec_access(uint32_t *info
)
123 char *mask_str
= get_sec_mask_str(NULL
, *info
);
124 printf("\t\tPermissions: 0x%x: %s\n", *info
, mask_str
? mask_str
: "");
125 TALLOC_FREE(mask_str
);
128 /****************************************************************************
129 display sec_ace flags
130 ****************************************************************************/
131 void display_sec_ace_flags(uint8_t flags
)
133 if (flags
& SEC_ACE_FLAG_OBJECT_INHERIT
)
134 printf("SEC_ACE_FLAG_OBJECT_INHERIT ");
135 if (flags
& SEC_ACE_FLAG_CONTAINER_INHERIT
)
136 printf(" SEC_ACE_FLAG_CONTAINER_INHERIT ");
137 if (flags
& SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
)
138 printf("SEC_ACE_FLAG_NO_PROPAGATE_INHERIT ");
139 if (flags
& SEC_ACE_FLAG_INHERIT_ONLY
)
140 printf("SEC_ACE_FLAG_INHERIT_ONLY ");
141 if (flags
& SEC_ACE_FLAG_INHERITED_ACE
)
142 printf("SEC_ACE_FLAG_INHERITED_ACE ");
143 /* if (flags & SEC_ACE_FLAG_VALID_INHERIT)
144 printf("SEC_ACE_FLAG_VALID_INHERIT "); */
145 if (flags
& SEC_ACE_FLAG_SUCCESSFUL_ACCESS
)
146 printf("SEC_ACE_FLAG_SUCCESSFUL_ACCESS ");
147 if (flags
& SEC_ACE_FLAG_FAILED_ACCESS
)
148 printf("SEC_ACE_FLAG_FAILED_ACCESS ");
153 /****************************************************************************
154 display sec_ace object
155 ****************************************************************************/
156 static void disp_sec_ace_object(struct security_ace_object
*object
)
158 if (object
->flags
& SEC_ACE_OBJECT_PRESENT
) {
159 printf("Object type: SEC_ACE_OBJECT_PRESENT\n");
160 printf("Object GUID: %s\n", GUID_string(talloc_tos(),
161 &object
->type
.type
));
163 if (object
->flags
& SEC_ACE_OBJECT_INHERITED_PRESENT
) {
164 printf("Object type: SEC_ACE_OBJECT_INHERITED_PRESENT\n");
165 printf("Object GUID: %s\n", GUID_string(talloc_tos(),
166 &object
->inherited_type
.inherited_type
));
170 /****************************************************************************
171 display sec_ace structure
172 ****************************************************************************/
173 void display_sec_ace(SEC_ACE
*ace
)
177 printf("\tACE\n\t\ttype: ");
179 case SEC_ACE_TYPE_ACCESS_ALLOWED
:
180 printf("ACCESS ALLOWED");
182 case SEC_ACE_TYPE_ACCESS_DENIED
:
183 printf("ACCESS DENIED");
185 case SEC_ACE_TYPE_SYSTEM_AUDIT
:
186 printf("SYSTEM AUDIT");
188 case SEC_ACE_TYPE_SYSTEM_ALARM
:
189 printf("SYSTEM ALARM");
191 case SEC_ACE_TYPE_ALLOWED_COMPOUND
:
192 printf("SEC_ACE_TYPE_ALLOWED_COMPOUND");
194 case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT
:
195 printf("SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT");
197 case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT
:
198 printf("SEC_ACE_TYPE_ACCESS_DENIED_OBJECT");
200 case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT
:
201 printf("SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT");
203 case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT
:
204 printf("SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT");
211 printf(" (%d) flags: 0x%02x ", ace
->type
, ace
->flags
);
212 display_sec_ace_flags(ace
->flags
);
213 display_sec_access(&ace
->access_mask
);
214 sid_to_fstring(sid_str
, &ace
->trustee
);
215 printf("\t\tSID: %s\n\n", sid_str
);
217 if (sec_ace_object(ace
->type
)) {
218 disp_sec_ace_object(&ace
->object
.object
);
223 /****************************************************************************
224 display sec_acl structure
225 ****************************************************************************/
226 void display_sec_acl(SEC_ACL
*sec_acl
)
230 printf("\tACL\tNum ACEs:\t%d\trevision:\t%x\n",
231 sec_acl
->num_aces
, sec_acl
->revision
);
234 if (sec_acl
->size
!= 0 && sec_acl
->num_aces
!= 0) {
235 for (i
= 0; i
< sec_acl
->num_aces
; i
++) {
236 display_sec_ace(&sec_acl
->aces
[i
]);
241 void display_acl_type(uint16 type
)
243 static fstring typestr
="";
247 if (type
& SEC_DESC_OWNER_DEFAULTED
) /* 0x0001 */
248 fstrcat(typestr
, "SEC_DESC_OWNER_DEFAULTED ");
249 if (type
& SEC_DESC_GROUP_DEFAULTED
) /* 0x0002 */
250 fstrcat(typestr
, "SEC_DESC_GROUP_DEFAULTED ");
251 if (type
& SEC_DESC_DACL_PRESENT
) /* 0x0004 */
252 fstrcat(typestr
, "SEC_DESC_DACL_PRESENT ");
253 if (type
& SEC_DESC_DACL_DEFAULTED
) /* 0x0008 */
254 fstrcat(typestr
, "SEC_DESC_DACL_DEFAULTED ");
255 if (type
& SEC_DESC_SACL_PRESENT
) /* 0x0010 */
256 fstrcat(typestr
, "SEC_DESC_SACL_PRESENT ");
257 if (type
& SEC_DESC_SACL_DEFAULTED
) /* 0x0020 */
258 fstrcat(typestr
, "SEC_DESC_SACL_DEFAULTED ");
259 if (type
& SEC_DESC_DACL_TRUSTED
) /* 0x0040 */
260 fstrcat(typestr
, "SEC_DESC_DACL_TRUSTED ");
261 if (type
& SEC_DESC_SERVER_SECURITY
) /* 0x0080 */
262 fstrcat(typestr
, "SEC_DESC_SERVER_SECURITY ");
263 if (type
& SEC_DESC_DACL_AUTO_INHERIT_REQ
) /* 0x0100 */
264 fstrcat(typestr
, "SEC_DESC_DACL_AUTO_INHERIT_REQ ");
265 if (type
& SEC_DESC_SACL_AUTO_INHERIT_REQ
) /* 0x0200 */
266 fstrcat(typestr
, "SEC_DESC_SACL_AUTO_INHERIT_REQ ");
267 if (type
& SEC_DESC_DACL_AUTO_INHERITED
) /* 0x0400 */
268 fstrcat(typestr
, "SEC_DESC_DACL_AUTO_INHERITED ");
269 if (type
& SEC_DESC_SACL_AUTO_INHERITED
) /* 0x0800 */
270 fstrcat(typestr
, "SEC_DESC_SACL_AUTO_INHERITED ");
271 if (type
& SEC_DESC_DACL_PROTECTED
) /* 0x1000 */
272 fstrcat(typestr
, "SEC_DESC_DACL_PROTECTED ");
273 if (type
& SEC_DESC_SACL_PROTECTED
) /* 0x2000 */
274 fstrcat(typestr
, "SEC_DESC_SACL_PROTECTED ");
275 if (type
& SEC_DESC_RM_CONTROL_VALID
) /* 0x4000 */
276 fstrcat(typestr
, "SEC_DESC_RM_CONTROL_VALID ");
277 if (type
& SEC_DESC_SELF_RELATIVE
) /* 0x8000 */
278 fstrcat(typestr
, "SEC_DESC_SELF_RELATIVE ");
280 printf("type: 0x%04x: %s\n", type
, typestr
);
283 /****************************************************************************
284 display sec_desc structure
285 ****************************************************************************/
286 void display_sec_desc(SEC_DESC
*sec
)
295 printf("revision: %d\n", sec
->revision
);
296 display_acl_type(sec
->type
);
300 display_sec_acl(sec
->sacl
);
305 display_sec_acl(sec
->dacl
);
308 if (sec
->owner_sid
) {
309 sid_to_fstring(sid_str
, sec
->owner_sid
);
310 printf("\tOwner SID:\t%s\n", sid_str
);
313 if (sec
->group_sid
) {
314 sid_to_fstring(sid_str
, sec
->group_sid
);
315 printf("\tGroup SID:\t%s\n", sid_str
);