static bool gpo_sd_check_agp_object(const struct security_ace *ace)
{
if (!sec_ace_object(ace->type)) {
return false;
}
return gpo_sd_check_agp_object_guid(&ace->object.object);
}
/* display ACE */
static void ads_disp_ace(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct security_ace *sec_ace)
{
const char *access_type = "UNKNOWN";
if (!sec_ace_object(sec_ace->type)) {
printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x)\n",
sec_ace->type,
sec_ace->flags,
sec_ace->size,
sec_ace->access_mask);
} else {
printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x, object flags: 0x%x)\n",
sec_ace->type,
sec_ace->flags,
sec_ace->size,
sec_ace->access_mask,
sec_ace->object.object.flags);
}
if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) {
access_type = "ALLOWED";
} else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED) {
access_type = "DENIED";
} else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT) {
access_type = "SYSTEM AUDIT";
} else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) {
access_type = "ALLOWED OBJECT";
} else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT) {
access_type = "DENIED OBJECT";
} else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT) {
access_type = "AUDIT OBJECT";
}
printf("access SID: %s\naccess type: %s\n",
sid_string_talloc(mem_ctx, &sec_ace->trustee), access_type);
if (sec_ace_object(sec_ace->type)) {
ads_disp_sec_ace_object(ads, mem_ctx, &sec_ace->object.object);
}
ads_disp_perms(sec_ace->access_mask);
}
/****************************************************************************
display sec_ace structure
****************************************************************************/
void display_sec_ace(struct security_ace *ace)
{
char *sid_str;
printf("\tACE\n\t\ttype: ");
switch (ace->type) {
case SEC_ACE_TYPE_ACCESS_ALLOWED:
printf("ACCESS ALLOWED");
break;
case SEC_ACE_TYPE_ACCESS_DENIED:
printf("ACCESS DENIED");
break;
case SEC_ACE_TYPE_SYSTEM_AUDIT:
printf("SYSTEM AUDIT");
break;
case SEC_ACE_TYPE_SYSTEM_ALARM:
printf("SYSTEM ALARM");
break;
case SEC_ACE_TYPE_ALLOWED_COMPOUND:
printf("SEC_ACE_TYPE_ALLOWED_COMPOUND");
break;
case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
printf("SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT");
break;
case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
printf("SEC_ACE_TYPE_ACCESS_DENIED_OBJECT");
break;
case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
printf("SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT");
break;
case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
printf("SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT");
break;
default:
printf("????");
break;
}
printf(" (%d) flags: 0x%02x ", ace->type, ace->flags);
display_sec_ace_flags(ace->flags);
display_sec_access(&ace->access_mask);
sid_str = dom_sid_string(NULL, &ace->trustee);
printf("\t\tSID: %s\n\n", sid_str);
talloc_free(sid_str);
if (sec_ace_object(ace->type)) {
disp_sec_ace_object(&ace->object.object);
}
}
BOOL sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth)
{
uint32 old_offset;
uint32 offset_ace_size;
if (psa == NULL)
return False;
prs_debug(ps, depth, desc, "sec_io_ace");
depth++;
old_offset = prs_offset(ps);
if(!prs_uint8("type ", ps, depth, &psa->type))
return False;
if(!prs_uint8("flags", ps, depth, &psa->flags))
return False;
if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_ace_size))
return False;
if(!sec_io_access("info ", &psa->info, ps, depth))
return False;
/* check whether object access is present */
if (!sec_ace_object(psa->type)) {
if (!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth))
return False;
} else {
if (!prs_uint32("obj_flags", ps, depth, &psa->obj_flags))
return False;
if (psa->obj_flags & SEC_ACE_OBJECT_PRESENT)
if (!smb_io_uuid("obj_guid", &psa->obj_guid, ps,depth))
return False;
if (psa->obj_flags & SEC_ACE_OBJECT_INHERITED_PRESENT)
if (!smb_io_uuid("inh_guid", &psa->inh_guid, ps,depth))
return False;
if(!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth))
return False;
}
if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_ace_size, old_offset))
return False;
return True;
}