Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : Samba utility functions
4 : Copyright (C) Andrew Tridgell 1992-1999
5 : Copyright (C) Luke Kenneth Casson Leighton 1996 - 1999
6 :
7 : This program is free software; you can redistribute it and/or modify
8 : it under the terms of the GNU General Public License as published by
9 : the Free Software Foundation; either version 3 of the License, or
10 : (at your option) any later version.
11 :
12 : This program is distributed in the hope that it will be useful,
13 : but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : GNU General Public License for more details.
16 :
17 : You should have received a copy of the GNU General Public License
18 : along with this program. If not, see <http://www.gnu.org/licenses/>.
19 : */
20 :
21 : #include "includes.h"
22 : #include "libcli/security/security.h"
23 : #include "librpc/ndr/libndr.h"
24 : #include "libcli/security/display_sec.h"
25 :
26 : /****************************************************************************
27 : convert a security permissions into a string
28 : ****************************************************************************/
29 :
30 5 : char *get_sec_mask_str(TALLOC_CTX *ctx, uint32_t type)
31 : {
32 5 : char *typestr = talloc_strdup(ctx, "");
33 :
34 5 : if (type & SEC_GENERIC_ALL) {
35 0 : talloc_asprintf_addbuf(&typestr, "Generic all access ");
36 : }
37 5 : if (type & SEC_GENERIC_EXECUTE) {
38 0 : talloc_asprintf_addbuf(&typestr, "Generic execute access");
39 : }
40 5 : if (type & SEC_GENERIC_WRITE) {
41 0 : talloc_asprintf_addbuf(&typestr, "Generic write access ");
42 : }
43 5 : if (type & SEC_GENERIC_READ) {
44 0 : talloc_asprintf_addbuf(&typestr, "Generic read access ");
45 : }
46 5 : if (type & SEC_FLAG_MAXIMUM_ALLOWED) {
47 0 : talloc_asprintf_addbuf(&typestr, "MAXIMUM_ALLOWED_ACCESS ");
48 : }
49 5 : if (type & SEC_FLAG_SYSTEM_SECURITY) {
50 0 : talloc_asprintf_addbuf(&typestr, "SYSTEM_SECURITY_ACCESS ");
51 : }
52 5 : if (type & SEC_STD_SYNCHRONIZE) {
53 5 : talloc_asprintf_addbuf(&typestr, "SYNCHRONIZE_ACCESS ");
54 : }
55 5 : if (type & SEC_STD_WRITE_OWNER) {
56 4 : talloc_asprintf_addbuf(&typestr, "WRITE_OWNER_ACCESS ");
57 : }
58 5 : if (type & SEC_STD_WRITE_DAC) {
59 4 : talloc_asprintf_addbuf(&typestr, "WRITE_DAC_ACCESS ");
60 : }
61 5 : if (type & SEC_STD_READ_CONTROL) {
62 4 : talloc_asprintf_addbuf(&typestr, "READ_CONTROL_ACCESS ");
63 : }
64 5 : if (type & SEC_STD_DELETE) {
65 4 : talloc_asprintf_addbuf(&typestr, "DELETE_ACCESS ");
66 : }
67 :
68 5 : printf("\t\tSpecific bits: 0x%lx\n", (unsigned long)type&SEC_MASK_SPECIFIC);
69 :
70 5 : return typestr;
71 : }
72 :
73 : /****************************************************************************
74 : display sec_access structure
75 : ****************************************************************************/
76 4 : void display_sec_access(uint32_t *info)
77 : {
78 4 : char *mask_str = get_sec_mask_str(NULL, *info);
79 4 : printf("\t\tPermissions: 0x%x: %s\n", *info, mask_str ? mask_str : "");
80 4 : talloc_free(mask_str);
81 4 : }
82 :
83 : /****************************************************************************
84 : display sec_ace flags
85 : ****************************************************************************/
86 4 : void display_sec_ace_flags(uint8_t flags)
87 : {
88 4 : if (flags & SEC_ACE_FLAG_OBJECT_INHERIT)
89 0 : printf("SEC_ACE_FLAG_OBJECT_INHERIT ");
90 4 : if (flags & SEC_ACE_FLAG_CONTAINER_INHERIT)
91 0 : printf(" SEC_ACE_FLAG_CONTAINER_INHERIT ");
92 4 : if (flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)
93 0 : printf("SEC_ACE_FLAG_NO_PROPAGATE_INHERIT ");
94 4 : if (flags & SEC_ACE_FLAG_INHERIT_ONLY)
95 0 : printf("SEC_ACE_FLAG_INHERIT_ONLY ");
96 4 : if (flags & SEC_ACE_FLAG_INHERITED_ACE)
97 0 : printf("SEC_ACE_FLAG_INHERITED_ACE ");
98 : /* if (flags & SEC_ACE_FLAG_VALID_INHERIT)
99 : printf("SEC_ACE_FLAG_VALID_INHERIT "); */
100 4 : if (flags & SEC_ACE_FLAG_SUCCESSFUL_ACCESS)
101 0 : printf("SEC_ACE_FLAG_SUCCESSFUL_ACCESS ");
102 4 : if (flags & SEC_ACE_FLAG_FAILED_ACCESS)
103 0 : printf("SEC_ACE_FLAG_FAILED_ACCESS ");
104 :
105 4 : printf("\n");
106 4 : }
107 :
108 : /****************************************************************************
109 : display sec_ace object
110 : ****************************************************************************/
111 0 : static void disp_sec_ace_object(struct security_ace_object *object)
112 : {
113 : char *str;
114 0 : if (object->flags & SEC_ACE_OBJECT_TYPE_PRESENT) {
115 0 : str = GUID_string(NULL, &object->type.type);
116 0 : if (str == NULL) return;
117 0 : printf("Object type: SEC_ACE_OBJECT_TYPE_PRESENT\n");
118 0 : printf("Object GUID: %s\n", str);
119 0 : talloc_free(str);
120 : }
121 0 : if (object->flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT) {
122 0 : str = GUID_string(NULL, &object->inherited_type.inherited_type);
123 0 : if (str == NULL) return;
124 0 : printf("Object type: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT\n");
125 0 : printf("Object GUID: %s\n", str);
126 0 : talloc_free(str);
127 : }
128 : }
129 :
130 : /****************************************************************************
131 : display sec_ace structure
132 : ****************************************************************************/
133 4 : void display_sec_ace(struct security_ace *ace)
134 : {
135 : struct dom_sid_buf sid_str;
136 :
137 4 : printf("\tACE\n\t\ttype: ");
138 4 : switch (ace->type) {
139 4 : case SEC_ACE_TYPE_ACCESS_ALLOWED:
140 4 : printf("ACCESS ALLOWED");
141 4 : break;
142 0 : case SEC_ACE_TYPE_ACCESS_DENIED:
143 0 : printf("ACCESS DENIED");
144 0 : break;
145 0 : case SEC_ACE_TYPE_SYSTEM_AUDIT:
146 0 : printf("SYSTEM AUDIT");
147 0 : break;
148 0 : case SEC_ACE_TYPE_SYSTEM_ALARM:
149 0 : printf("SYSTEM ALARM");
150 0 : break;
151 0 : case SEC_ACE_TYPE_ALLOWED_COMPOUND:
152 0 : printf("SEC_ACE_TYPE_ALLOWED_COMPOUND");
153 0 : break;
154 0 : case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
155 0 : printf("SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT");
156 0 : break;
157 0 : case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
158 0 : printf("SEC_ACE_TYPE_ACCESS_DENIED_OBJECT");
159 0 : break;
160 0 : case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
161 0 : printf("SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT");
162 0 : break;
163 0 : case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
164 0 : printf("SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT");
165 0 : break;
166 0 : default:
167 0 : printf("????");
168 0 : break;
169 : }
170 :
171 4 : printf(" (%d) flags: 0x%02x ", ace->type, ace->flags);
172 4 : display_sec_ace_flags(ace->flags);
173 4 : display_sec_access(&ace->access_mask);
174 4 : printf("\t\tSID: %s\n\n", dom_sid_str_buf(&ace->trustee, &sid_str));
175 :
176 4 : if (sec_ace_object(ace->type)) {
177 0 : disp_sec_ace_object(&ace->object.object);
178 : }
179 :
180 4 : }
181 :
182 : /****************************************************************************
183 : display sec_acl structure
184 : ****************************************************************************/
185 4 : void display_sec_acl(struct security_acl *sec_acl)
186 : {
187 : uint32_t i;
188 :
189 4 : printf("\tACL\tNum ACEs:\t%u\trevision:\t%x\n",
190 4 : sec_acl->num_aces, sec_acl->revision);
191 4 : printf("\t---\n");
192 :
193 4 : if (sec_acl->size != 0 && sec_acl->num_aces != 0) {
194 8 : for (i = 0; i < sec_acl->num_aces; i++) {
195 4 : display_sec_ace(&sec_acl->aces[i]);
196 : }
197 : }
198 4 : }
199 :
200 4 : void display_acl_type(uint16_t type)
201 : {
202 4 : printf("type: 0x%04x: ", type);
203 :
204 4 : if (type & SEC_DESC_OWNER_DEFAULTED) /* 0x0001 */
205 0 : printf("SEC_DESC_OWNER_DEFAULTED ");
206 4 : if (type & SEC_DESC_GROUP_DEFAULTED) /* 0x0002 */
207 0 : printf("SEC_DESC_GROUP_DEFAULTED ");
208 4 : if (type & SEC_DESC_DACL_PRESENT) /* 0x0004 */
209 4 : printf("SEC_DESC_DACL_PRESENT ");
210 4 : if (type & SEC_DESC_DACL_DEFAULTED) /* 0x0008 */
211 0 : printf("SEC_DESC_DACL_DEFAULTED ");
212 4 : if (type & SEC_DESC_SACL_PRESENT) /* 0x0010 */
213 0 : printf("SEC_DESC_SACL_PRESENT ");
214 4 : if (type & SEC_DESC_SACL_DEFAULTED) /* 0x0020 */
215 0 : printf("SEC_DESC_SACL_DEFAULTED ");
216 4 : if (type & SEC_DESC_DACL_TRUSTED) /* 0x0040 */
217 0 : printf("SEC_DESC_DACL_TRUSTED ");
218 4 : if (type & SEC_DESC_SERVER_SECURITY) /* 0x0080 */
219 0 : printf("SEC_DESC_SERVER_SECURITY ");
220 4 : if (type & SEC_DESC_DACL_AUTO_INHERIT_REQ) /* 0x0100 */
221 0 : printf("SEC_DESC_DACL_AUTO_INHERIT_REQ ");
222 4 : if (type & SEC_DESC_SACL_AUTO_INHERIT_REQ) /* 0x0200 */
223 0 : printf("SEC_DESC_SACL_AUTO_INHERIT_REQ ");
224 4 : if (type & SEC_DESC_DACL_AUTO_INHERITED) /* 0x0400 */
225 0 : printf("SEC_DESC_DACL_AUTO_INHERITED ");
226 4 : if (type & SEC_DESC_SACL_AUTO_INHERITED) /* 0x0800 */
227 0 : printf("SEC_DESC_SACL_AUTO_INHERITED ");
228 4 : if (type & SEC_DESC_DACL_PROTECTED) /* 0x1000 */
229 0 : printf("SEC_DESC_DACL_PROTECTED ");
230 4 : if (type & SEC_DESC_SACL_PROTECTED) /* 0x2000 */
231 0 : printf("SEC_DESC_SACL_PROTECTED ");
232 4 : if (type & SEC_DESC_RM_CONTROL_VALID) /* 0x4000 */
233 0 : printf("SEC_DESC_RM_CONTROL_VALID ");
234 4 : if (type & SEC_DESC_SELF_RELATIVE) /* 0x8000 */
235 4 : printf("SEC_DESC_SELF_RELATIVE ");
236 :
237 4 : printf("\n");
238 4 : }
239 :
240 : /****************************************************************************
241 : display sec_desc structure
242 : ****************************************************************************/
243 4 : void display_sec_desc(struct security_descriptor *sec)
244 : {
245 : struct dom_sid_buf sid_str;
246 :
247 4 : if (!sec) {
248 0 : printf("NULL\n");
249 0 : return;
250 : }
251 :
252 4 : printf("revision: %d\n", sec->revision);
253 4 : display_acl_type(sec->type);
254 :
255 4 : if (sec->sacl) {
256 0 : printf("SACL\n");
257 0 : display_sec_acl(sec->sacl);
258 : }
259 :
260 4 : if (sec->dacl) {
261 4 : printf("DACL\n");
262 4 : display_sec_acl(sec->dacl);
263 : }
264 :
265 4 : if (sec->owner_sid) {
266 0 : printf("\tOwner SID:\t%s\n",
267 0 : dom_sid_str_buf(sec->owner_sid, &sid_str));
268 : }
269 :
270 4 : if (sec->group_sid) {
271 0 : printf("\tGroup SID:\t%s\n",
272 0 : dom_sid_str_buf(sec->group_sid, &sid_str));
273 : }
274 : }
|
