source: branches/samba-3.3.x/source/utils/sharesec.c@ 342

Last change on this file since 342 was 221, checked in by Herwig Bauernfeind, 17 years ago

Update Samba 3.3 to 3.3.1
File size: 14.9 KB
Line 
1/*
2 * Unix SMB/Netbios implementation.
3 * Utility for managing share permissions
4 *
5 * Copyright (C) Tim Potter 2000
6 * Copyright (C) Jeremy Allison 2000
7 * Copyright (C) Jelmer Vernooij 2003
8 * Copyright (C) Gerald (Jerry) Carter 2005.
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 3 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, see <http://www.gnu.org/licenses/>.
22 */
23
24
25#include "includes.h"
26
27static TALLOC_CTX *ctx;
28
29enum acl_mode {SMB_ACL_DELETE, SMB_ACL_MODIFY, SMB_ACL_ADD, SMB_ACL_SET, SMB_ACL_VIEW };
30
31struct perm_value {
32 const char *perm;
33 uint32 mask;
34};
35
36/* These values discovered by inspection */
37
38static const struct perm_value special_values[] = {
39 { "R", SEC_RIGHTS_FILE_READ },
40 { "W", SEC_RIGHTS_FILE_WRITE },
41 { "X", SEC_RIGHTS_FILE_EXECUTE },
42 { "D", SEC_STD_DELETE },
43 { "P", SEC_STD_WRITE_DAC },
44 { "O", SEC_STD_WRITE_OWNER },
45 { NULL, 0 },
46};
47
48#define SEC_RIGHTS_DIR_CHANGE ( SEC_RIGHTS_DIR_READ|SEC_STD_DELETE|SEC_RIGHTS_DIR_WRITE|SEC_DIR_TRAVERSE )
49
50static const struct perm_value standard_values[] = {
51 { "READ", SEC_RIGHTS_DIR_READ|SEC_DIR_TRAVERSE },
52 { "CHANGE", SEC_RIGHTS_DIR_CHANGE },
53 { "FULL", SEC_RIGHTS_DIR_ALL },
54 { NULL, 0 },
55};
56
57/********************************************************************
58 print an ACE on a FILE
59********************************************************************/
60
61static void print_ace(FILE *f, SEC_ACE *ace)
62{
63 const struct perm_value *v;
64 int do_print = 0;
65 uint32 got_mask;
66
67 fprintf(f, "%s:", sid_string_tos(&ace->trustee));
68
69 /* Ace type */
70
71 if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) {
72 fprintf(f, "ALLOWED");
73 } else if (ace->type == SEC_ACE_TYPE_ACCESS_DENIED) {
74 fprintf(f, "DENIED");
75 } else {
76 fprintf(f, "%d", ace->type);
77 }
78
79 /* Not sure what flags can be set in a file ACL */
80
81 fprintf(f, "/%d/", ace->flags);
82
83 /* Standard permissions */
84
85 for (v = standard_values; v->perm; v++) {
86 if (ace->access_mask == v->mask) {
87 fprintf(f, "%s", v->perm);
88 return;
89 }
90 }
91
92 /* Special permissions. Print out a hex value if we have
93 leftover bits in the mask. */
94
95 got_mask = ace->access_mask;
96
97 again:
98 for (v = special_values; v->perm; v++) {
99 if ((ace->access_mask & v->mask) == v->mask) {
100 if (do_print) {
101 fprintf(f, "%s", v->perm);
102 }
103 got_mask &= ~v->mask;
104 }
105 }
106
107 if (!do_print) {
108 if (got_mask != 0) {
109 fprintf(f, "0x%08x", ace->access_mask);
110 } else {
111 do_print = 1;
112 goto again;
113 }
114 }
115}
116
117/********************************************************************
118 print a ascii version of a security descriptor on a FILE handle
119********************************************************************/
120
121static void sec_desc_print(FILE *f, SEC_DESC *sd)
122{
123 uint32 i;
124
125 fprintf(f, "REVISION:%d\n", sd->revision);
126
127 /* Print owner and group sid */
128