00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021 #include "includes.h"
00022
00023 static struct perm_mask_str {
00024 uint32 mask;
00025 const char *str;
00026 } perms[] = {
00027 {SEC_RIGHTS_FULL_CTRL, "[Full Control]"},
00028
00029 {SEC_RIGHTS_LIST_CONTENTS, "[List Contents]"},
00030 {SEC_RIGHTS_LIST_OBJECT, "[List Object]"},
00031
00032 {SEC_RIGHTS_READ_ALL_PROP, "[Read All Properties]"},
00033 {SEC_RIGHTS_READ_PERMS, "[Read Permissions]"},
00034
00035 {SEC_RIGHTS_WRITE_ALL_VALID, "[All validate writes]"},
00036 {SEC_RIGHTS_WRITE_ALL_PROP, "[Write All Properties]"},
00037
00038 {SEC_RIGHTS_MODIFY_PERMS, "[Modify Permissions]"},
00039 {SEC_RIGHTS_MODIFY_OWNER, "[Modify Owner]"},
00040
00041 {SEC_RIGHTS_CREATE_CHILD, "[Create All Child Objects]"},
00042
00043 {SEC_RIGHTS_DELETE, "[Delete]"},
00044 {SEC_RIGHTS_DELETE_SUBTREE, "[Delete Subtree]"},
00045 {SEC_RIGHTS_DELETE_CHILD, "[Delete All Child Objects]"},
00046
00047 {SEC_RIGHTS_CHANGE_PASSWD, "[Change Password]"},
00048 {SEC_RIGHTS_RESET_PASSWD, "[Reset Password]"},
00049 {0, 0}
00050 };
00051
00052
00053 static void ads_disp_perms(uint32 type)
00054 {
00055 int i = 0;
00056 int j = 0;
00057
00058 printf("Permissions: ");
00059
00060 if (type == SEC_RIGHTS_FULL_CTRL) {
00061 printf("%s\n", perms[j].str);
00062 return;
00063 }
00064
00065 for (i = 0; i < 32; i++) {
00066 if (type & (1 << i)) {
00067 for (j = 1; perms[j].str; j ++) {
00068 if (perms[j].mask == (((unsigned) 1) << i)) {
00069 printf("\n\t%s", perms[j].str);
00070 }
00071 }
00072 type &= ~(1 << i);
00073 }
00074 }
00075
00076
00077 if (type != 0) {
00078 printf("[%08x]", type);
00079 }
00080 puts("");
00081 }
00082
00083
00084 static void ads_disp_ace(SEC_ACE *sec_ace)
00085 {
00086 const char *access_type = "UNKNOWN";
00087
00088 if (!sec_ace_object(sec_ace->type)) {
00089 printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x)\n",
00090 sec_ace->type,
00091 sec_ace->flags,
00092 sec_ace->size,
00093 sec_ace->access_mask);
00094 } else {
00095 printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x, object flags: 0x%x)\n",
00096 sec_ace->type,
00097 sec_ace->flags,
00098 sec_ace->size,
00099 sec_ace->access_mask,
00100 sec_ace->obj_flags);
00101 }
00102
00103 if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) {
00104 access_type = "ALLOWED";
00105 } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED) {
00106 access_type = "DENIED";
00107 } else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT) {
00108 access_type = "SYSTEM AUDIT";
00109 } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) {
00110 access_type = "ALLOWED OBJECT";
00111 } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT) {
00112 access_type = "DENIED OBJECT";
00113 } else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT) {
00114 access_type = "AUDIT OBJECT";
00115 }
00116
00117 printf("access SID: %s\naccess type: %s\n",
00118 sid_string_static(&sec_ace->trustee), access_type);
00119
00120 ads_disp_perms(sec_ace->access_mask);
00121 }
00122
00123
00124 static void ads_disp_acl(SEC_ACL *sec_acl, const char *type)
00125 {
00126 if (!sec_acl)
00127 printf("------- (%s) ACL not present\n", type);
00128 else {
00129 printf("------- (%s) ACL (revision: %d, size: %d, number of ACEs: %d)\n",
00130 type,
00131 sec_acl->revision,
00132 sec_acl->size,
00133 sec_acl->num_aces);
00134 }
00135 }
00136
00137
00138 void ads_disp_sd(SEC_DESC *sd)
00139 {
00140 int i;
00141
00142 printf("-------------- Security Descriptor (revision: %d, type: 0x%02x)\n",
00143 sd->revision,
00144 sd->type);
00145 printf("owner SID: %s\n", sid_string_static(sd->owner_sid));
00146 printf("group SID: %s\n", sid_string_static(sd->group_sid));
00147
00148 ads_disp_acl(sd->sacl, "system");
00149 for (i = 0; i < sd->sacl->num_aces; i ++)
00150 ads_disp_ace(&sd->sacl->aces[i]);
00151
00152 ads_disp_acl(sd->dacl, "user");
00153 for (i = 0; i < sd->dacl->num_aces; i ++)
00154 ads_disp_ace(&sd->dacl->aces[i]);
00155
00156 printf("-------------- End Of Security Descriptor\n");
00157 }
00158
00159