source: trunk/include/winsec.h @ 294

Last change on this file since 294 was 261, checked in by tim, 13 years ago

readded windows file descriptor hack
copyright notices

  • Property svn:keywords set to Id
File size: 7.0 KB
RevLine 
[169]1/*
[261]2 * Copyright (C) 2005,2009-2011 Timothy D. Morgan
[132]3 * Copyright (C) 1992-2005 Samba development team
[133]4 *
[132]5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; version 3 of the License.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
17 *
[133]18 * $Id: winsec.h 261 2011-06-17 00:55:49Z tim $
[132]19 */
20
[169]21/**
22 * @file
23 *
24 * A small library for interpreting Windows Security Descriptors.
25 * This library was originally based on Samba source from:
26 *   http://websvn.samba.org/cgi-bin/viewcvs.cgi/trunk/source/
27 *
28 * The library has been heavily rewritten and improved based on information
29 * provided by Microsoft at:
30 *    http://msdn.microsoft.com/en-us/library/cc230366%28PROT.10%29.aspx
31 */
32
[134]33#ifndef _WINSEC_H
34#define _WINSEC_H
35
[132]36#include <stdlib.h>
37#include <stdbool.h>
[134]38#include <stdint.h>
[132]39#include <stdio.h>
40#include <string.h>
41#include <errno.h>
42#include <fcntl.h>
43#include <sys/stat.h>
44#include <sys/types.h>
45#include <unistd.h>
[201]46#include <talloc.h>
[132]47
[253]48#include "compat.h"
[168]49#include "byteorder.h"
[132]50
51
[134]52/* This is the maximum number of subauths in a SID, as defined here:
53 *   http://msdn.microsoft.com/en-us/library/cc230371(PROT.10).aspx
54 */
55#define WINSEC_MAX_SUBAUTHS 15
[132]56
[134]57#define WINSEC_DESC_HEADER_SIZE     (5 * sizeof(uint32_t))
58#define WINSEC_ACL_HEADER_SIZE      (2 * sizeof(uint32_t))
59#define WINSEC_ACE_MIN_SIZE         16
[133]60
[148]61/* XXX: Fill in definitions of other flags */
62/* This self relative flag means offsets contained in the descriptor are relative
63 * to the descriptor's offset.  This had better be true in the registry.
[134]64 */
65#define WINSEC_DESC_SELF_RELATIVE   0x8000
66#define WINSEC_DESC_SACL_PRESENT    0x0010
67#define WINSEC_DESC_DACL_PRESENT    0x0004
[133]68
[134]69#define WINSEC_ACE_OBJECT_PRESENT              0x00000001
70#define WINSEC_ACE_OBJECT_INHERITED_PRESENT    0x00000002
71#define WINSEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT  0x5
72#define WINSEC_ACE_TYPE_ACCESS_DENIED_OBJECT   0x6
73#define WINSEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT    0x7
74#define WINSEC_ACE_TYPE_SYSTEM_ALARM_OBJECT    0x8
[133]75
[134]76
[169]77/** XXX: document this. */
[148]78typedef struct _winsec_uuid
[132]79{
[169]80  /** XXX: document this. */
81  uint32_t time_low;
82
83  /** XXX: document this. */
84  uint16_t time_mid;
85
86  /** XXX: document this. */
87  uint16_t time_hi_and_version;
88
89  /** XXX: document this. */
90  uint8_t  clock_seq[2];
91
92  /** XXX: document this. */
93  uint8_t  node[6];
[134]94} WINSEC_UUID;
95
96
[169]97/** XXX: document this. */
[134]98typedef struct _winsec_sid
99{
[169]100  /** SID revision number */
101  uint8_t  sid_rev_num;
102
103  /** Number of sub-authorities */
104  uint8_t  num_auths;
105
106  /** Identifier Authority */
107  uint8_t  id_auth[6];
108
109  /** Pointer to sub-authorities.
110   *
[134]111   * @note The values in these uint32_t's are in *native* byteorder, not
[132]112   * neccessarily little-endian...... JRA.
113   */
[169]114  uint32_t sub_auths[WINSEC_MAX_SUBAUTHS];   /* XXX: Make this dynamically allocated? */
[134]115} WINSEC_DOM_SID;
[132]116
117
[169]118/** XXX: document this. */
[134]119typedef struct _winsec_ace
[132]120{
[169]121  /** xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc */
122  uint8_t type;
[132]123
[169]124  /** xxxx_INHERIT_xxxx - e.g OBJECT_INHERIT_ACE */
125  uint8_t flags;
[132]126
[169]127  /** XXX: finish documenting */
128  uint16_t size;
[132]129
[169]130  /** XXX: finish documenting */
131  uint32_t access_mask;
132 
133  /* This stuff may be present when type is XXXX_TYPE_XXXX_OBJECT */
134
135  /** xxxx_ACE_OBJECT_xxxx e.g present/inherited present etc */
136  uint32_t  obj_flags;
137
138  /** Object GUID */
139  WINSEC_UUID* obj_guid;
140
141  /** Inherited object GUID */
142  WINSEC_UUID* inh_guid;
143
144  /* eof object stuff */
145 
146  /** XXX: finish documenting */
147  WINSEC_DOM_SID* trustee;
148
[134]149} WINSEC_ACE;
[132]150
[169]151
152/** XXX: document this. */
[134]153typedef struct _winsec_acl
[132]154{
[169]155  /** 0x0003 */
156  uint16_t revision;
[132]157
[169]158  /** Size, in bytes, of the entire ACL structure */
159  uint16_t size;
[132]160
[169]161  /** Number of Access Control Entries */
162  uint32_t num_aces;
163 
164  /** XXX: document this. */
165  WINSEC_ACE** aces;
166
[134]167} WINSEC_ACL;
[132]168
[169]169
170/** XXX: document this. */
[134]171typedef struct _winsec_desc
[132]172{
[169]173  /** 0x01 */
174  uint8_t revision;
[132]175
[169]176  /** XXX: better explain this
177   *
178   * "If the Control field has the RM flag set, then this field contains the
179   *  resource manager (RM) control value. ... Otherwise, this field is reserved
180   *  and MUST be set to zero." -- Microsoft.
181   *  See:
182   *   http://msdn.microsoft.com/en-us/library/cc230371%28PROT.10%29.aspx
183   */
184  uint8_t sbz1;
[132]185
[169]186  /** WINSEC_DESC_* flags */
187  uint16_t control;
188 
189  /** Offset to owner sid */
190  uint32_t off_owner_sid;
[132]191
[169]192  /** Offset to group sid */
193  uint32_t off_grp_sid;
194
195  /** Offset to system list of permissions */
196  uint32_t off_sacl;
197
198  /** Offset to list of permissions */
199  uint32_t off_dacl;
200
201  /** XXX: document this */
202  WINSEC_DOM_SID* owner_sid; 
203
204  /** XXX: document this */
205  WINSEC_DOM_SID* grp_sid;
206
207  /** System ACL */
208  WINSEC_ACL* sacl;
209
210  /** User ACL */
211  WINSEC_ACL* dacl;
212
[134]213} WINSEC_DESC;
[132]214
[169]215
216/**
217 *
218 * XXX: finish documenting
219 */
[253]220_EXPORT()
[147]221WINSEC_DESC* winsec_parse_descriptor(const uint8_t* buf, uint32_t buf_len);
[169]222
223
224/**
225 *
226 * XXX: finish documenting
227 */
[253]228_EXPORT()
[147]229void winsec_free_descriptor(WINSEC_DESC* desc);
[132]230
[169]231/**
232 *
233 * XXX: finish documenting
234 */
[253]235_EXPORT()
[147]236WINSEC_DESC* winsec_parse_desc(void* talloc_ctx,
237                               const uint8_t* buf, uint32_t buf_len);
[169]238
239/**
240 *
241 * XXX: finish documenting
242 */
[253]243_EXPORT()
[147]244WINSEC_ACL* winsec_parse_acl(void* talloc_ctx, 
245                             const uint8_t* buf, uint32_t buf_len);
[169]246
247/**
248 *
249 * XXX: finish documenting
250 */
[253]251_EXPORT()
[147]252WINSEC_ACE* winsec_parse_ace(void* talloc_ctx, 
253                             const uint8_t* buf, uint32_t buf_len);
[169]254
255/**
256 *
257 * XXX: finish documenting
258 */
[253]259_EXPORT()
[147]260WINSEC_DOM_SID* winsec_parse_dom_sid(void* talloc_ctx, 
261                                     const uint8_t* buf, uint32_t buf_len);
[169]262
263/**
264 *
265 * XXX: finish documenting
266 */
[253]267_EXPORT()
[147]268WINSEC_UUID* winsec_parse_uuid(void* talloc_ctx, 
269                               const uint8_t* buf, uint32_t buf_len);
[132]270
[169]271
272/**
273 *
274 * XXX: finish documenting
275 */
[253]276_EXPORT()
[134]277size_t winsec_sid_size(const WINSEC_DOM_SID* sid);
[169]278
279/**
280 *
281 * XXX: finish documenting
282 */
[253]283_EXPORT()
[134]284int winsec_sid_compare_auth(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
[169]285
286/**
287 *
288 * XXX: finish documenting
289 */
[253]290_EXPORT()
[134]291int winsec_sid_compare(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
[169]292
293/**
294 *
295 * XXX: finish documenting
296 */
[253]297_EXPORT()
[134]298bool winsec_sid_equal(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
[169]299
300/**
301 *
302 * XXX: finish documenting
303 */
[253]304_EXPORT()
305char* winsec_sid2str(const WINSEC_DOM_SID* sid);
306
307/**
308 *
309 * XXX: finish documenting
310 */
311_EXPORT()
[134]312bool winsec_desc_equal(WINSEC_DESC* s1, WINSEC_DESC* s2);
[169]313
314/**
315 *
316 * XXX: finish documenting
317 */
[253]318_EXPORT()
[134]319bool winsec_acl_equal(WINSEC_ACL* s1, WINSEC_ACL* s2);
[169]320
321/**
322 *
323 * XXX: finish documenting
324 */
[253]325_EXPORT()
[134]326bool winsec_ace_equal(WINSEC_ACE* s1, WINSEC_ACE* s2);
[169]327
328/**
329 *
330 * XXX: finish documenting
331 */
[253]332_EXPORT()
[134]333bool winsec_ace_object(uint8_t type);
[132]334
[134]335#endif /* _WINSEC_H */
Note: See TracBrowser for help on using the repository browser.