207
207
* Sep 2013, version 1.4.1
208
208
* - silenced an aliasing warning by gcc >= 4.8
210
* May 2014, version 1.4.2
211
* - decoded GENERIC_ALL permissions
212
* - decoded more "well-known" and generic SIDs
213
* - showed Windows ownership in verbose situations
214
* - fixed apparent const violations
229
235
* General parameters which may have to be adapted to needs
232
#define AUDT_VERSION "1.4.1"
238
#define AUDT_VERSION "1.4.2"
234
240
#define GET_FILE_SECURITY "ntfs_get_file_security"
235
241
#define SET_FILE_SECURITY "ntfs_set_file_security"
452
460
void showsid(const char*, int, const char*, int);
453
461
void showusid(const char*, int);
454
462
void showgsid(const char*, int);
463
void showownership(const char*);
455
464
void showheader(const char*, int);
456
465
void showace(const char*, int, int, int);
457
466
void showacl(const char*, int, int, int);
1449
1458
switch (first) {
1461
printf("%*cDialup SID\n",-level,marker);
1465
printf("%*cNetwork SID\n",-level,marker);
1469
printf("%*cBatch SID\n",-level,marker);
1473
printf("%*cInteractive SID\n",-level,marker);
1477
printf("%*cService SID\n",-level,marker);
1452
1481
printf("%*cAnonymous logon SID\n",-level,marker);
1502
1531
if (first == 21) {
1535
printf("%*cSystem admin SID\n",-level,marker);
1538
printf("%*cGuest SID\n",-level,marker);
1507
1541
printf("%*cLocal admins SID\n",-level,marker);
1566
1600
showsid(attr,off,"G:",level+4);
1603
void showownership(const char *attr)
1606
char account[ACCOUNTSIZE];
1609
unsigned long accountsz;
1610
unsigned long domainsz;
1612
enum { SHOWOWN, SHOWGRP, SHOWINT } shown;
1620
for (shown=SHOWOWN; shown<=SHOWINT; shown++) {
1623
off = get4l(attr,4);
1625
prefix = "Windows owner";
1628
off = get4l(attr,8);
1630
prefix = "Windows group";
1634
off = get4l(attr,4);
1635
prefix = "Interpreted owner";
1636
sid = (const char*)ntfs_acl_owner((const char*)attr);
1637
if (ntfs_same_sid((const SID*)sid,
1638
(const SID*)&attr[off]))
1639
sid = (const char*)NULL;
1643
sid = (const char*)NULL;
1644
prefix = (const char*)NULL;
1649
auth = get6h(sid,2);
1651
printf("# %s S-%d-",prefix,sid[0] & 255);
1653
printf("%s S-%d-",prefix,sid[0] & 255);
1654
printf("%llu",auth);
1655
for (i=0; i<cnt; i++)
1656
printf("-%lu",get4l(sid,8+4*i));
1658
memcpy(sidcopy,sid,ntfs_sid_size((const SID*)sid));
1659
accountsz = ACCOUNTSIZE;
1660
domainsz = ACCOUNTSIZE;
1661
if (LookupAccountSidA((const char*)NULL, sidcopy,
1662
account, &accountsz,
1663
(char*)NULL, &domainsz, &use))
1664
printf(" (%s)", account);
1569
1671
void showheader(const char *attr, int level)
2298
2400
/* TODO : check whether the device can store acls */
2299
2401
strcpy(mapfile,"x:\\" MAPDIR "\\" MAPFILE);
2300
if (((le16*)usermap_path)[1] == ':')
2402
if (((const le16*)usermap_path)[1] == ':')
2301
2403
mapfile[0] = usermap_path[0];
2303
2405
GetModuleFileName(NULL, currpath, 261);
2750
/* const missing from stupid prototype */
2647
2751
bad = !SetFileSecurityW((LPCWSTR)fullname,
2648
selection, (char*)curattr);
2752
selection, (PSECURITY_DESCRIPTOR)(LONG_PTR)curattr);
2650
2754
switch (GetLastError()) {
2654
2758
printname(stdout,fullname);
2655
2759
printf(", retrying with no owner or SACL setting\n");
2761
/* const missing from stupid prototype */
2657
2762
bad = !SetFileSecurityW((LPCWSTR)fullname,
2658
2763
selection & ~OWNER_SECURITY_INFORMATION
2659
& ~SACL_SECURITY_INFORMATION, (char*)curattr);
2764
& ~SACL_SECURITY_INFORMATION,
2765
(PSECURITY_DESCRIPTOR)
4942
5050
uid = linux_owner(attr);
4943
5051
gid = linux_group(attr);
5053
showownership(attr);
4945
5054
printf("# Interpreted Unix owner %d, group %d, mode 0%03o\n",
4946
5055
(int)uid,(int)gid,mode);
5057
showownership(attr);
4948
5058
printf("Interpreted Unix owner %d, group %d, mode 0%03o\n",
4949
5059
(int)uid,(int)gid,mode);
5288
5398
uid = linux_owner(attr);
5289
5399
gid = linux_group(attr);
5401
showownership(attr);
5291
5402
printf("# Interpreted Unix owner %d, group %d, mode 0%03o\n",
5292
5403
(int)uid,(int)gid,mode);
5405
showownership(attr);
5294
5406
printf("Interpreted Unix owner %d, group %d, mode 0%03o\n",
5295
5407
(int)uid,(int)gid,mode);
6164
6277
showgsid(&attr[20],0);
6165
6278
showdacl(&attr[20],isdir,0);
6166
6279
showsacl(&attr[20],isdir,0);
6280
showownership(&attr[20]);
6167
6281
mode = linux_permissions(
6168
6282
&attr[20],isdir);
6169
6283
printf("Interpreted Unix mode 0%03o\n",mode);