source: trunk/include/winsec.h @ 217

Last change on this file since 217 was 201, checked in by tim, 14 years ago

changed symbol visibility to hidden by default and explicitly exported API functions

  • Property svn:keywords set to Id
File size: 7.0 KB
RevLine 
[169]1/*
2 * Copyright (C) 2005,2009-2010 Timothy D. Morgan
[132]3 * Copyright (C) 1992-2005 Samba development team
[133]4 *
[132]5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; version 3 of the License.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
17 *
[133]18 * $Id: winsec.h 201 2010-06-05 04:45:05Z tim $
[132]19 */
20
[169]21/**
22 * @file
23 *
24 * A small library for interpreting Windows Security Descriptors.
25 * This library was originally based on Samba source from:
26 *   http://websvn.samba.org/cgi-bin/viewcvs.cgi/trunk/source/
27 *
28 * The library has been heavily rewritten and improved based on information
29 * provided by Microsoft at:
30 *    http://msdn.microsoft.com/en-us/library/cc230366%28PROT.10%29.aspx
31 */
32
[134]33#ifndef _WINSEC_H
34#define _WINSEC_H
35
[132]36#include <stdlib.h>
37#include <stdbool.h>
[134]38#include <stdint.h>
[132]39#include <stdio.h>
40#include <string.h>
41#include <errno.h>
42#include <fcntl.h>
43#include <sys/stat.h>
44#include <sys/types.h>
45#include <unistd.h>
[201]46#include <talloc.h>
[132]47
[168]48#include "byteorder.h"
[132]49
[201]50/* GCC-specific macro for library exports */
51#ifdef _EXPORT
52#undef _EXPORT
53#endif
54#define _EXPORT __attribute__((visibility("default")))
[132]55
[201]56
[134]57/* This is the maximum number of subauths in a SID, as defined here:
58 *   http://msdn.microsoft.com/en-us/library/cc230371(PROT.10).aspx
59 */
60#define WINSEC_MAX_SUBAUTHS 15
[132]61
[134]62#define WINSEC_DESC_HEADER_SIZE     (5 * sizeof(uint32_t))
63#define WINSEC_ACL_HEADER_SIZE      (2 * sizeof(uint32_t))
64#define WINSEC_ACE_MIN_SIZE         16
[133]65
[148]66/* XXX: Fill in definitions of other flags */
67/* This self relative flag means offsets contained in the descriptor are relative
68 * to the descriptor's offset.  This had better be true in the registry.
[134]69 */
70#define WINSEC_DESC_SELF_RELATIVE   0x8000
71#define WINSEC_DESC_SACL_PRESENT    0x0010
72#define WINSEC_DESC_DACL_PRESENT    0x0004
[133]73
[134]74#define WINSEC_ACE_OBJECT_PRESENT              0x00000001
75#define WINSEC_ACE_OBJECT_INHERITED_PRESENT    0x00000002
76#define WINSEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT  0x5
77#define WINSEC_ACE_TYPE_ACCESS_DENIED_OBJECT   0x6
78#define WINSEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT    0x7
79#define WINSEC_ACE_TYPE_SYSTEM_ALARM_OBJECT    0x8
[133]80
[134]81
[169]82/** XXX: document this. */
[148]83typedef struct _winsec_uuid
[132]84{
[169]85  /** XXX: document this. */
86  uint32_t time_low;
87
88  /** XXX: document this. */
89  uint16_t time_mid;
90
91  /** XXX: document this. */
92  uint16_t time_hi_and_version;
93
94  /** XXX: document this. */
95  uint8_t  clock_seq[2];
96
97  /** XXX: document this. */
98  uint8_t  node[6];
[134]99} WINSEC_UUID;
100
101
[169]102/** XXX: document this. */
[134]103typedef struct _winsec_sid
104{
[169]105  /** SID revision number */
106  uint8_t  sid_rev_num;
107
108  /** Number of sub-authorities */
109  uint8_t  num_auths;
110
111  /** Identifier Authority */
112  uint8_t  id_auth[6];
113
114  /** Pointer to sub-authorities.
115   *
[134]116   * @note The values in these uint32_t's are in *native* byteorder, not
[132]117   * neccessarily little-endian...... JRA.
118   */
[169]119  uint32_t sub_auths[WINSEC_MAX_SUBAUTHS];   /* XXX: Make this dynamically allocated? */
[134]120} WINSEC_DOM_SID;
[132]121
122
[169]123/** XXX: document this. */
[134]124typedef struct _winsec_ace
[132]125{
[169]126  /** xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc */
127  uint8_t type;
[132]128
[169]129  /** xxxx_INHERIT_xxxx - e.g OBJECT_INHERIT_ACE */
130  uint8_t flags;
[132]131
[169]132  /** XXX: finish documenting */
133  uint16_t size;
[132]134
[169]135  /** XXX: finish documenting */
136  uint32_t access_mask;
137 
138  /* This stuff may be present when type is XXXX_TYPE_XXXX_OBJECT */
139
140  /** xxxx_ACE_OBJECT_xxxx e.g present/inherited present etc */
141  uint32_t  obj_flags;
142
143  /** Object GUID */
144  WINSEC_UUID* obj_guid;
145
146  /** Inherited object GUID */
147  WINSEC_UUID* inh_guid;
148
149  /* eof object stuff */
150 
151  /** XXX: finish documenting */
152  WINSEC_DOM_SID* trustee;
153
[134]154} WINSEC_ACE;
[132]155
[169]156
157/** XXX: document this. */
[134]158typedef struct _winsec_acl
[132]159{
[169]160  /** 0x0003 */
161  uint16_t revision;
[132]162
[169]163  /** Size, in bytes, of the entire ACL structure */
164  uint16_t size;
[132]165
[169]166  /** Number of Access Control Entries */
167  uint32_t num_aces;
168 
169  /** XXX: document this. */
170  WINSEC_ACE** aces;
171
[134]172} WINSEC_ACL;
[132]173
[169]174
175/** XXX: document this. */
[134]176typedef struct _winsec_desc
[132]177{
[169]178  /** 0x01 */
179  uint8_t revision;
[132]180
[169]181  /** XXX: better explain this
182   *
183   * "If the Control field has the RM flag set, then this field contains the
184   *  resource manager (RM) control value. ... Otherwise, this field is reserved
185   *  and MUST be set to zero." -- Microsoft.
186   *  See:
187   *   http://msdn.microsoft.com/en-us/library/cc230371%28PROT.10%29.aspx
188   */
189  uint8_t sbz1;
[132]190
[169]191  /** WINSEC_DESC_* flags */
192  uint16_t control;
193 
194  /** Offset to owner sid */
195  uint32_t off_owner_sid;
[132]196
[169]197  /** Offset to group sid */
198  uint32_t off_grp_sid;
199
200  /** Offset to system list of permissions */
201  uint32_t off_sacl;
202
203  /** Offset to list of permissions */
204  uint32_t off_dacl;
205
206  /** XXX: document this */
207  WINSEC_DOM_SID* owner_sid; 
208
209  /** XXX: document this */
210  WINSEC_DOM_SID* grp_sid;
211
212  /** System ACL */
213  WINSEC_ACL* sacl;
214
215  /** User ACL */
216  WINSEC_ACL* dacl;
217
[134]218} WINSEC_DESC;
[132]219
[169]220
221/**
222 *
223 * XXX: finish documenting
224 */
[201]225_EXPORT
[147]226WINSEC_DESC* winsec_parse_descriptor(const uint8_t* buf, uint32_t buf_len);
[169]227
228
229/**
230 *
231 * XXX: finish documenting
232 */
[201]233_EXPORT
[147]234void winsec_free_descriptor(WINSEC_DESC* desc);
[132]235
[169]236/**
237 *
238 * XXX: finish documenting
239 */
[201]240_EXPORT
[147]241WINSEC_DESC* winsec_parse_desc(void* talloc_ctx,
242                               const uint8_t* buf, uint32_t buf_len);
[169]243
244/**
245 *
246 * XXX: finish documenting
247 */
[201]248_EXPORT
[147]249WINSEC_ACL* winsec_parse_acl(void* talloc_ctx, 
250                             const uint8_t* buf, uint32_t buf_len);
[169]251
252/**
253 *
254 * XXX: finish documenting
255 */
[201]256_EXPORT
[147]257WINSEC_ACE* winsec_parse_ace(void* talloc_ctx, 
258                             const uint8_t* buf, uint32_t buf_len);
[169]259
260/**
261 *
262 * XXX: finish documenting
263 */
[201]264_EXPORT
[147]265WINSEC_DOM_SID* winsec_parse_dom_sid(void* talloc_ctx, 
266                                     const uint8_t* buf, uint32_t buf_len);
[169]267
268/**
269 *
270 * XXX: finish documenting
271 */
[201]272_EXPORT
[147]273WINSEC_UUID* winsec_parse_uuid(void* talloc_ctx, 
274                               const uint8_t* buf, uint32_t buf_len);
[132]275
[169]276
277/**
278 *
279 * XXX: finish documenting
280 */
[201]281_EXPORT
[134]282size_t winsec_sid_size(const WINSEC_DOM_SID* sid);
[169]283
284/**
285 *
286 * XXX: finish documenting
287 */
[201]288_EXPORT
[134]289int winsec_sid_compare_auth(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
[169]290
291/**
292 *
293 * XXX: finish documenting
294 */
[201]295_EXPORT
[134]296int winsec_sid_compare(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
[169]297
298/**
299 *
300 * XXX: finish documenting
301 */
[201]302_EXPORT
[134]303bool winsec_sid_equal(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
[169]304
305/**
306 *
307 * XXX: finish documenting
308 */
[201]309_EXPORT
[134]310bool winsec_desc_equal(WINSEC_DESC* s1, WINSEC_DESC* s2);
[169]311
312/**
313 *
314 * XXX: finish documenting
315 */
[201]316_EXPORT
[134]317bool winsec_acl_equal(WINSEC_ACL* s1, WINSEC_ACL* s2);
[169]318
319/**
320 *
321 * XXX: finish documenting
322 */
[201]323_EXPORT
[134]324bool winsec_ace_equal(WINSEC_ACE* s1, WINSEC_ACE* s2);
[169]325
326/**
327 *
328 * XXX: finish documenting
329 */
[201]330_EXPORT
[134]331bool winsec_ace_object(uint8_t type);
[132]332
[134]333#endif /* _WINSEC_H */
Note: See TracBrowser for help on using the repository browser.