Context Navigation

source: trunk/include/winsec.h @ 201

Last change on this file since 201 was 201, checked in by tim, 14 years ago
changed symbol visibility to hidden by default and explicitly exported API functions
Property svn:keywords set to `Id`
File size: 7.0 KB

Rev	Line
[169]	1	/*
	2	* Copyright (C) 2005,2009-2010 Timothy D. Morgan
[132]	3	* Copyright (C) 1992-2005 Samba development team
[133]	4	*
[132]	5	* This program is free software; you can redistribute it and/or modify
	6	* it under the terms of the GNU General Public License as published by
	7	* the Free Software Foundation; version 3 of the License.
	8	*
	9	* This program is distributed in the hope that it will be useful,
	10	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	* GNU General Public License for more details.
	13	*
	14	* You should have received a copy of the GNU General Public License
	15	* along with this program; if not, write to the Free Software
	16	* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
	17	*
[133]	18	* $Id: winsec.h 201 2010-06-05 04:45:05Z tim $
[132]	19	*/
	20
[169]	21	/**
	22	* @file
	23	*
	24	* A small library for interpreting Windows Security Descriptors.
	25	* This library was originally based on Samba source from:
	26	* http://websvn.samba.org/cgi-bin/viewcvs.cgi/trunk/source/
	27	*
	28	* The library has been heavily rewritten and improved based on information
	29	* provided by Microsoft at:
	30	* http://msdn.microsoft.com/en-us/library/cc230366%28PROT.10%29.aspx
	31	*/
	32
[134]	33	#ifndef _WINSEC_H
	34	#define _WINSEC_H
	35
[132]	36	#include <stdlib.h>
	37	#include <stdbool.h>
[134]	38	#include <stdint.h>
[132]	39	#include <stdio.h>
	40	#include <string.h>
	41	#include <errno.h>
	42	#include <fcntl.h>
	43	#include <sys/stat.h>
	44	#include <sys/types.h>
	45	#include <unistd.h>
[201]	46	#include <talloc.h>
[132]	47
[168]	48	#include "byteorder.h"
[132]	49
[201]	50	/* GCC-specific macro for library exports */
	51	#ifdef _EXPORT
	52	#undef _EXPORT
	53	#endif
	54	#define _EXPORT __attribute__((visibility("default")))
[132]	55
[201]	56
[134]	57	/* This is the maximum number of subauths in a SID, as defined here:
	58	* http://msdn.microsoft.com/en-us/library/cc230371(PROT.10).aspx
	59	*/
	60	#define WINSEC_MAX_SUBAUTHS 15
[132]	61
[134]	62	#define WINSEC_DESC_HEADER_SIZE (5 * sizeof(uint32_t))
	63	#define WINSEC_ACL_HEADER_SIZE (2 * sizeof(uint32_t))
	64	#define WINSEC_ACE_MIN_SIZE 16
[133]	65
[148]	66	/* XXX: Fill in definitions of other flags */
	67	/* This self relative flag means offsets contained in the descriptor are relative
	68	* to the descriptor's offset. This had better be true in the registry.
[134]	69	*/
	70	#define WINSEC_DESC_SELF_RELATIVE 0x8000
	71	#define WINSEC_DESC_SACL_PRESENT 0x0010
	72	#define WINSEC_DESC_DACL_PRESENT 0x0004
[133]	73
[134]	74	#define WINSEC_ACE_OBJECT_PRESENT 0x00000001
	75	#define WINSEC_ACE_OBJECT_INHERITED_PRESENT 0x00000002
	76	#define WINSEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT 0x5
	77	#define WINSEC_ACE_TYPE_ACCESS_DENIED_OBJECT 0x6
	78	#define WINSEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT 0x7
	79	#define WINSEC_ACE_TYPE_SYSTEM_ALARM_OBJECT 0x8
[133]	80
[134]	81
[169]	82	/** XXX: document this. */
[148]	83	typedef struct _winsec_uuid
[132]	84	{
[169]	85	/** XXX: document this. */
	86	uint32_t time_low;
	87
	88	/** XXX: document this. */
	89	uint16_t time_mid;
	90
	91	/** XXX: document this. */
	92	uint16_t time_hi_and_version;
	93
	94	/** XXX: document this. */
	95	uint8_t clock_seq[2];
	96
	97	/** XXX: document this. */
	98	uint8_t node[6];
[134]	99	} WINSEC_UUID;
	100
	101
[169]	102	/** XXX: document this. */
[134]	103	typedef struct _winsec_sid
	104	{
[169]	105	/** SID revision number */
	106	uint8_t sid_rev_num;
	107
	108	/** Number of sub-authorities */
	109	uint8_t num_auths;
	110
	111	/** Identifier Authority */
	112	uint8_t id_auth[6];
	113
	114	/** Pointer to sub-authorities.
	115	*
[134]	116	* @note The values in these uint32_t's are in native byteorder, not
[132]	117	* neccessarily little-endian...... JRA.
	118	*/
[169]	119	uint32_t sub_auths[WINSEC_MAX_SUBAUTHS]; /* XXX: Make this dynamically allocated? */
[134]	120	} WINSEC_DOM_SID;
[132]	121
	122
[169]	123	/** XXX: document this. */
[134]	124	typedef struct _winsec_ace
[132]	125	{
[169]	126	/** xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc */
	127	uint8_t type;
[132]	128
[169]	129	/** xxxx_INHERIT_xxxx - e.g OBJECT_INHERIT_ACE */
	130	uint8_t flags;
[132]	131
[169]	132	/** XXX: finish documenting */
	133	uint16_t size;
[132]	134
[169]	135	/** XXX: finish documenting */
	136	uint32_t access_mask;
	137
	138	/* This stuff may be present when type is XXXX_TYPE_XXXX_OBJECT */
	139
	140	/** xxxx_ACE_OBJECT_xxxx e.g present/inherited present etc */
	141	uint32_t obj_flags;
	142
	143	/** Object GUID */
	144	WINSEC_UUID* obj_guid;
	145
	146	/** Inherited object GUID */
	147	WINSEC_UUID* inh_guid;
	148
	149	/* eof object stuff */
	150
	151	/** XXX: finish documenting */
	152	WINSEC_DOM_SID* trustee;
	153
[134]	154	} WINSEC_ACE;
[132]	155
[169]	156
	157	/** XXX: document this. */
[134]	158	typedef struct _winsec_acl
[132]	159	{
[169]	160	/** 0x0003 */
	161	uint16_t revision;
[132]	162
[169]	163	/** Size, in bytes, of the entire ACL structure */
	164	uint16_t size;
[132]	165
[169]	166	/** Number of Access Control Entries */
	167	uint32_t num_aces;
	168
	169	/** XXX: document this. */
	170	WINSEC_ACE** aces;
	171
[134]	172	} WINSEC_ACL;
[132]	173
[169]	174
	175	/** XXX: document this. */
[134]	176	typedef struct _winsec_desc
[132]	177	{
[169]	178	/** 0x01 */
	179	uint8_t revision;
[132]	180
[169]	181	/** XXX: better explain this
	182	*
	183	* "If the Control field has the RM flag set, then this field contains the
	184	* resource manager (RM) control value. ... Otherwise, this field is reserved
	185	* and MUST be set to zero." -- Microsoft.
	186	* See:
	187	* http://msdn.microsoft.com/en-us/library/cc230371%28PROT.10%29.aspx
	188	*/
	189	uint8_t sbz1;
[132]	190
[169]	191	/** WINSEC_DESC_* flags */
	192	uint16_t control;
	193
	194	/** Offset to owner sid */
	195	uint32_t off_owner_sid;
[132]	196
[169]	197	/** Offset to group sid */
	198	uint32_t off_grp_sid;
	199
	200	/** Offset to system list of permissions */
	201	uint32_t off_sacl;
	202
	203	/** Offset to list of permissions */
	204	uint32_t off_dacl;
	205
	206	/** XXX: document this */
	207	WINSEC_DOM_SID* owner_sid;
	208
	209	/** XXX: document this */
	210	WINSEC_DOM_SID* grp_sid;
	211
	212	/** System ACL */
	213	WINSEC_ACL* sacl;
	214
	215	/** User ACL */
	216	WINSEC_ACL* dacl;
	217
[134]	218	} WINSEC_DESC;
[132]	219
[169]	220
	221	/**
	222	*
	223	* XXX: finish documenting
	224	*/
[201]	225	_EXPORT
[147]	226	WINSEC_DESC* winsec_parse_descriptor(const uint8_t* buf, uint32_t buf_len);
[169]	227
	228
	229	/**
	230	*
	231	* XXX: finish documenting
	232	*/
[201]	233	_EXPORT
[147]	234	void winsec_free_descriptor(WINSEC_DESC* desc);
[132]	235
[169]	236	/**
	237	*
	238	* XXX: finish documenting
	239	*/
[201]	240	_EXPORT
[147]	241	WINSEC_DESC* winsec_parse_desc(void* talloc_ctx,
	242	const uint8_t* buf, uint32_t buf_len);
[169]	243
	244	/**
	245	*
	246	* XXX: finish documenting
	247	*/
[201]	248	_EXPORT
[147]	249	WINSEC_ACL* winsec_parse_acl(void* talloc_ctx,
	250	const uint8_t* buf, uint32_t buf_len);
[169]	251
	252	/**
	253	*
	254	* XXX: finish documenting
	255	*/
[201]	256	_EXPORT
[147]	257	WINSEC_ACE* winsec_parse_ace(void* talloc_ctx,
	258	const uint8_t* buf, uint32_t buf_len);
[169]	259
	260	/**
	261	*
	262	* XXX: finish documenting
	263	*/
[201]	264	_EXPORT
[147]	265	WINSEC_DOM_SID* winsec_parse_dom_sid(void* talloc_ctx,
	266	const uint8_t* buf, uint32_t buf_len);
[169]	267
	268	/**
	269	*
	270	* XXX: finish documenting
	271	*/
[201]	272	_EXPORT
[147]	273	WINSEC_UUID* winsec_parse_uuid(void* talloc_ctx,
	274	const uint8_t* buf, uint32_t buf_len);
[132]	275
[169]	276
	277	/**
	278	*
	279	* XXX: finish documenting
	280	*/
[201]	281	_EXPORT
[134]	282	size_t winsec_sid_size(const WINSEC_DOM_SID* sid);
[169]	283
	284	/**
	285	*
	286	* XXX: finish documenting
	287	*/
[201]	288	_EXPORT
[134]	289	int winsec_sid_compare_auth(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
[169]	290
	291	/**
	292	*
	293	* XXX: finish documenting
	294	*/
[201]	295	_EXPORT
[134]	296	int winsec_sid_compare(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
[169]	297
	298	/**
	299	*
	300	* XXX: finish documenting
	301	*/
[201]	302	_EXPORT
[134]	303	bool winsec_sid_equal(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
[169]	304
	305	/**
	306	*
	307	* XXX: finish documenting
	308	*/
[201]	309	_EXPORT
[134]	310	bool winsec_desc_equal(WINSEC_DESC* s1, WINSEC_DESC* s2);
[169]	311
	312	/**
	313	*
	314	* XXX: finish documenting
	315	*/
[201]	316	_EXPORT
[134]	317	bool winsec_acl_equal(WINSEC_ACL* s1, WINSEC_ACL* s2);
[169]	318
	319	/**
	320	*
	321	* XXX: finish documenting
	322	*/
[201]	323	_EXPORT
[134]	324	bool winsec_ace_equal(WINSEC_ACE* s1, WINSEC_ACE* s2);
[169]	325
	326	/**
	327	*
	328	* XXX: finish documenting
	329	*/
[201]	330	_EXPORT
[134]	331	bool winsec_ace_object(uint8_t type);
[132]	332
[134]	333	#endif /* _WINSEC_H */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: