secaudit : prefixed owner and group SID in ACL display

edge.strict_endians
Jean-Pierre André 2011-11-10 21:33:06 +01:00
parent 1df34a6056
commit 2fb7a43638
1 changed files with 13 additions and 10 deletions

View File

@ -1,7 +1,7 @@
/* /*
* Display and audit security attributes in an NTFS volume * Display and audit security attributes in an NTFS volume
* *
* Copyright (c) 2007-2010 Jean-Pierre Andre * Copyright (c) 2007-2011 Jean-Pierre Andre
* *
* Options : * Options :
* -a auditing security data * -a auditing security data
@ -187,6 +187,9 @@
* *
* Jun 2011, version 1.3.21 * Jun 2011, version 1.3.21
* - cleaned a few unneeded variables * - cleaned a few unneeded variables
*
* Nov 2011, version 1.3.22
* - added a distinctive prefix to owner and group SID
*/ */
/* /*
@ -210,7 +213,7 @@
* General parameters which may have to be adapted to needs * General parameters which may have to be adapted to needs
*/ */
#define AUDT_VERSION "1.3.21" #define AUDT_VERSION "1.3.22"
#define GET_FILE_SECURITY "ntfs_get_file_security" #define GET_FILE_SECURITY "ntfs_get_file_security"
#define SET_FILE_SECURITY "ntfs_set_file_security" #define SET_FILE_SECURITY "ntfs_set_file_security"
@ -430,7 +433,7 @@ unsigned int utf16len(const char*);
void printname(FILE*, const char*); void printname(FILE*, const char*);
void printerror(FILE*); void printerror(FILE*);
BOOL guess_dir(const char*); BOOL guess_dir(const char*);
void showsid(const char*, int, int); void showsid(const char*, int, const char*, int);
void showusid(const char*, int); void showusid(const char*, int);
void showgsid(const char*, int); void showgsid(const char*, int);
void showheader(const char*, int); void showheader(const char*, int);
@ -1339,7 +1342,7 @@ BOOL guess_dir(const char *attr)
* See http://msdn2.microsoft.com/en-us/library/aa379649.aspx * See http://msdn2.microsoft.com/en-us/library/aa379649.aspx
*/ */
void showsid(const char *attr, int off, int level) void showsid(const char *attr, int off, const char *prefix, int level)
{ {
int cnt; int cnt;
int i; int i;
@ -1466,12 +1469,12 @@ void showsid(const char *attr, int off, int level)
} }
if (!known) if (!known)
printf("%*cUnknown SID\n",-level,marker); printf("%*cUnknown SID\n",-level,marker);
printf("%*chex S-%d-",-level,marker,attr[off] & 255); printf("%*c%shex S-%d-",-level,marker,prefix,attr[off] & 255);
printf("%llx",auth); printf("%llx",auth);
for (i=0; i<cnt; i++) for (i=0; i<cnt; i++)
printf("-%lx",get4l(attr,off+8+4*i)); printf("-%lx",get4l(attr,off+8+4*i));
printf("\n"); printf("\n");
printf("%*cdec S-%d-",-level,marker,attr[off] & 255); printf("%*c%sdec S-%d-",-level,marker,prefix,attr[off] & 255);
printf("%llu",auth); printf("%llu",auth);
for (i=0; i<cnt; i++) for (i=0; i<cnt; i++)
printf("-%lu",get4l(attr,off+8+4*i)); printf("-%lu",get4l(attr,off+8+4*i));
@ -1489,9 +1492,9 @@ void showusid(const char *attr, int level)
marker = ' '; marker = ' ';
if (level) if (level)
printf("%*c",-level,marker); printf("%*c",-level,marker);
printf("User SID\n"); printf("Owner SID\n");
off = get4l(attr,4); off = get4l(attr,4);
showsid(attr,off,level+4); showsid(attr,off,"O:",level+4);
} }
void showgsid(const char *attr, int level) void showgsid(const char *attr, int level)
@ -1507,7 +1510,7 @@ void showgsid(const char *attr, int level)
printf("%*c",-level,marker); printf("%*c",-level,marker);
printf("Group SID\n"); printf("Group SID\n");
off = get4l(attr,8); off = get4l(attr,8);
showsid(attr,off,level+4); showsid(attr,off,"G:",level+4);
} }
void showheader(const char *attr, int level) void showheader(const char *attr, int level)
@ -1667,7 +1670,7 @@ void showace(const char *attr, int off, int isdir, int level)
printf("%*cGeneric read\n",-level-4,marker); printf("%*cGeneric read\n",-level-4,marker);
printf("%*cSID at 0x%x\n",-level,marker,off+8); printf("%*cSID at 0x%x\n",-level,marker,off+8);
showsid(attr,off+8,level+4); showsid(attr,off+8,"",level+4);
printf("%*cSummary :",-level,marker); printf("%*cSummary :",-level,marker);
if (attr[off] == 0) if (attr[off] == 0)
printf(" grant"); printf(" grant");