Пример #1
0
static bool gpo_sd_check_agp_object(const struct security_ace *ace)
{
	if (!sec_ace_object(ace->type)) {
		return false;
	}

	return gpo_sd_check_agp_object_guid(&ace->object.object);
}
Пример #2
0
/* display ACE */
static void ads_disp_ace(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct security_ace *sec_ace)
{
	const char *access_type = "UNKNOWN";

	if (!sec_ace_object(sec_ace->type)) {
		printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x)\n", 
		  sec_ace->type,
		  sec_ace->flags,
		  sec_ace->size,
		  sec_ace->access_mask);			
	} else {
		printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x, object flags: 0x%x)\n", 
		  sec_ace->type,
		  sec_ace->flags,
		  sec_ace->size,
		  sec_ace->access_mask,
		  sec_ace->object.object.flags);
	}
	
	if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) {
		access_type = "ALLOWED";
	} else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED) {
		access_type = "DENIED";
	} else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT) {
		access_type = "SYSTEM AUDIT";
	} else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) {
		access_type = "ALLOWED OBJECT";
	} else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT) {
		access_type = "DENIED OBJECT";
	} else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT) {
		access_type = "AUDIT OBJECT";
	}

	printf("access SID:  %s\naccess type: %s\n", 
               sid_string_talloc(mem_ctx, &sec_ace->trustee), access_type);

	if (sec_ace_object(sec_ace->type)) {
		ads_disp_sec_ace_object(ads, mem_ctx, &sec_ace->object.object);
	}

	ads_disp_perms(sec_ace->access_mask);
}
Пример #3
0
/****************************************************************************
 display sec_ace structure
 ****************************************************************************/
void display_sec_ace(struct security_ace *ace)
{
	char *sid_str;

	printf("\tACE\n\t\ttype: ");
	switch (ace->type) {
		case SEC_ACE_TYPE_ACCESS_ALLOWED:
			printf("ACCESS ALLOWED");
			break;
		case SEC_ACE_TYPE_ACCESS_DENIED:
			printf("ACCESS DENIED");
			break;
		case SEC_ACE_TYPE_SYSTEM_AUDIT:
			printf("SYSTEM AUDIT");
			break;
		case SEC_ACE_TYPE_SYSTEM_ALARM:
			printf("SYSTEM ALARM");
			break;
		case SEC_ACE_TYPE_ALLOWED_COMPOUND:
			printf("SEC_ACE_TYPE_ALLOWED_COMPOUND");
			break;
		case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
			printf("SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT");
			break;
		case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
			printf("SEC_ACE_TYPE_ACCESS_DENIED_OBJECT");
			break;
		case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
			printf("SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT");
			break;
		case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
			printf("SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT");
			break;
		default:
			printf("????");
			break;
	}

	printf(" (%d) flags: 0x%02x ", ace->type, ace->flags);
	display_sec_ace_flags(ace->flags);
	display_sec_access(&ace->access_mask);
	sid_str = dom_sid_string(NULL, &ace->trustee);
	printf("\t\tSID: %s\n\n", sid_str);
	talloc_free(sid_str);

	if (sec_ace_object(ace->type)) {
		disp_sec_ace_object(&ace->object.object);
	}

}
Пример #4
0
BOOL sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth)
{
	uint32 old_offset;
	uint32 offset_ace_size;

	if (psa == NULL)
		return False;

	prs_debug(ps, depth, desc, "sec_io_ace");
	depth++;
	
	old_offset = prs_offset(ps);

	if(!prs_uint8("type ", ps, depth, &psa->type))
		return False;

	if(!prs_uint8("flags", ps, depth, &psa->flags))
		return False;

	if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_ace_size))
		return False;

	if(!sec_io_access("info ", &psa->info, ps, depth))
		return False;

	/* check whether object access is present */
	if (!sec_ace_object(psa->type)) {
		if (!smb_io_dom_sid("trustee  ", &psa->trustee , ps, depth))
			return False;
	} else {
		if (!prs_uint32("obj_flags", ps, depth, &psa->obj_flags))
			return False;

		if (psa->obj_flags & SEC_ACE_OBJECT_PRESENT)
			if (!smb_io_uuid("obj_guid", &psa->obj_guid, ps,depth))
				return False;

		if (psa->obj_flags & SEC_ACE_OBJECT_INHERITED_PRESENT)
			if (!smb_io_uuid("inh_guid", &psa->inh_guid, ps,depth))
				return False;

		if(!smb_io_dom_sid("trustee  ", &psa->trustee , ps, depth))
			return False;
	}

	if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_ace_size, old_offset))
		return False;
	return True;
}