printf("\t\tPermissions: 0x%x: %s\n", *info, get_sec_mask_str(*info));
}
+/****************************************************************************
+ display sec_ace flags
+ ****************************************************************************/
+void display_sec_ace_flags(uint8_t flags)
+{
+ if (flags & SEC_ACE_FLAG_OBJECT_INHERIT)
+ printf("SEC_ACE_FLAG_OBJECT_INHERIT ");
+ if (flags & SEC_ACE_FLAG_CONTAINER_INHERIT)
+ printf(" SEC_ACE_FLAG_CONTAINER_INHERIT ");
+ if (flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)
+ printf("SEC_ACE_FLAG_NO_PROPAGATE_INHERIT ");
+ if (flags & SEC_ACE_FLAG_INHERIT_ONLY)
+ printf("SEC_ACE_FLAG_INHERIT_ONLY ");
+ if (flags & SEC_ACE_FLAG_INHERITED_ACE)
+ printf("SEC_ACE_FLAG_INHERITED_ACE ");
+/* if (flags & SEC_ACE_FLAG_VALID_INHERIT)
+ printf("SEC_ACE_FLAG_VALID_INHERIT "); */
+ if (flags & SEC_ACE_FLAG_SUCCESSFUL_ACCESS)
+ printf("SEC_ACE_FLAG_SUCCESSFUL_ACCESS ");
+ if (flags & SEC_ACE_FLAG_FAILED_ACCESS)
+ printf("SEC_ACE_FLAG_FAILED_ACCESS ");
+
+ printf("\n");
+}
+
/****************************************************************************
display sec_ace object
****************************************************************************/
break;
}
- printf(" (%d) flags: %d\n", ace->type, ace->flags);
+ printf(" (%d) flags: 0x%02x ", ace->type, ace->flags);
+ display_sec_ace_flags(ace->flags);
display_sec_access(&ace->access_mask);
sid_to_string(sid_str, &ace->trustee);
printf("\t\tSID: %s\n\n", sid_str);
sec_acl->num_aces, sec_acl->revision);
printf("\t---\n");
- if (sec_acl->size != 0 && sec_acl->num_aces != 0)
- for (i = 0; i < sec_acl->num_aces; i++)
+ if (sec_acl->size != 0 && sec_acl->num_aces != 0) {
+ for (i = 0; i < sec_acl->num_aces; i++) {
display_sec_ace(&sec_acl->aces[i]);
+ }
+ }
}
void display_acl_type(uint16 type)
uint32_t sec_info;
DATA_BLOB blob;
struct security_descriptor sec_desc;
+ uint32_t access_mask = REG_KEY_READ |
+ SEC_RIGHT_MAXIMUM_ALLOWED |
+ SEC_RIGHT_SYSTEM_SECURITY;
if (argc <1 || argc > 2) {
d_printf("Usage: net rpc registry getsd <path> <secinfo>\n");
return NT_STATUS_OK;
}
- status = registry_openkey(mem_ctx, pipe_hnd, argv[0], REG_KEY_READ,
+ status = registry_openkey(mem_ctx, pipe_hnd, argv[0],
+ access_mask,
&pol_hive, &pol_key);
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, "registry_openkey failed: %s\n",