source: trunk/include/winsec.h @ 275

Last change on this file since 275 was 261, checked in by tim, 13 years ago

readded windows file descriptor hack
copyright notices

  • Property svn:keywords set to Id
File size: 7.0 KB
Line 
1/*
2 * Copyright (C) 2005,2009-2011 Timothy D. Morgan
3 * Copyright (C) 1992-2005 Samba development team
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; version 3 of the License.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
17 *
18 * $Id: winsec.h 261 2011-06-17 00:55:49Z tim $
19 */
20
21/**
22 * @file
23 *
24 * A small library for interpreting Windows Security Descriptors.
25 * This library was originally based on Samba source from:
26 *   http://websvn.samba.org/cgi-bin/viewcvs.cgi/trunk/source/
27 *
28 * The library has been heavily rewritten and improved based on information
29 * provided by Microsoft at:
30 *    http://msdn.microsoft.com/en-us/library/cc230366%28PROT.10%29.aspx
31 */
32
33#ifndef _WINSEC_H
34#define _WINSEC_H
35
36#include <stdlib.h>
37#include <stdbool.h>
38#include <stdint.h>
39#include <stdio.h>
40#include <string.h>
41#include <errno.h>
42#include <fcntl.h>
43#include <sys/stat.h>
44#include <sys/types.h>
45#include <unistd.h>
46#include <talloc.h>
47
48#include "compat.h"
49#include "byteorder.h"
50
51
52/* This is the maximum number of subauths in a SID, as defined here:
53 *   http://msdn.microsoft.com/en-us/library/cc230371(PROT.10).aspx
54 */
55#define WINSEC_MAX_SUBAUTHS 15
56
57#define WINSEC_DESC_HEADER_SIZE     (5 * sizeof(uint32_t))
58#define WINSEC_ACL_HEADER_SIZE      (2 * sizeof(uint32_t))
59#define WINSEC_ACE_MIN_SIZE         16
60
61/* XXX: Fill in definitions of other flags */
62/* This self relative flag means offsets contained in the descriptor are relative
63 * to the descriptor's offset.  This had better be true in the registry.
64 */
65#define WINSEC_DESC_SELF_RELATIVE   0x8000
66#define WINSEC_DESC_SACL_PRESENT    0x0010
67#define WINSEC_DESC_DACL_PRESENT    0x0004
68
69#define WINSEC_ACE_OBJECT_PRESENT              0x00000001
70#define WINSEC_ACE_OBJECT_INHERITED_PRESENT    0x00000002
71#define WINSEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT  0x5
72#define WINSEC_ACE_TYPE_ACCESS_DENIED_OBJECT   0x6
73#define WINSEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT    0x7
74#define WINSEC_ACE_TYPE_SYSTEM_ALARM_OBJECT    0x8
75
76
77/** XXX: document this. */
78typedef struct _winsec_uuid
79{
80  /** XXX: document this. */
81  uint32_t time_low;
82
83  /** XXX: document this. */
84  uint16_t time_mid;
85
86  /** XXX: document this. */
87  uint16_t time_hi_and_version;
88
89  /** XXX: document this. */
90  uint8_t  clock_seq[2];
91
92  /** XXX: document this. */
93  uint8_t  node[6];
94} WINSEC_UUID;
95
96
97/** XXX: document this. */
98typedef struct _winsec_sid
99{
100  /** SID revision number */
101  uint8_t  sid_rev_num;
102
103  /** Number of sub-authorities */
104  uint8_t  num_auths;
105
106  /** Identifier Authority */
107  uint8_t  id_auth[6];
108
109  /** Pointer to sub-authorities.
110   *
111   * @note The values in these uint32_t's are in *native* byteorder, not
112   * neccessarily little-endian...... JRA.
113   */
114  uint32_t sub_auths[WINSEC_MAX_SUBAUTHS];   /* XXX: Make this dynamically allocated? */
115} WINSEC_DOM_SID;
116
117
118/** XXX: document this. */
119typedef struct _winsec_ace
120{
121  /** xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc */
122  uint8_t type;
123
124  /** xxxx_INHERIT_xxxx - e.g OBJECT_INHERIT_ACE */
125  uint8_t flags;
126
127  /** XXX: finish documenting */
128  uint16_t size;
129
130  /** XXX: finish documenting */
131  uint32_t access_mask;
132 
133  /* This stuff may be present when type is XXXX_TYPE_XXXX_OBJECT */
134
135  /** xxxx_ACE_OBJECT_xxxx e.g present/inherited present etc */
136  uint32_t  obj_flags;
137
138  /** Object GUID */
139  WINSEC_UUID* obj_guid;
140
141  /** Inherited object GUID */
142  WINSEC_UUID* inh_guid;
143
144  /* eof object stuff */
145 
146  /** XXX: finish documenting */
147  WINSEC_DOM_SID* trustee;
148
149} WINSEC_ACE;
150
151
152/** XXX: document this. */
153typedef struct _winsec_acl
154{
155  /** 0x0003 */
156  uint16_t revision;
157
158  /** Size, in bytes, of the entire ACL structure */
159  uint16_t size;
160
161  /** Number of Access Control Entries */
162  uint32_t num_aces;
163 
164  /** XXX: document this. */
165  WINSEC_ACE** aces;
166
167} WINSEC_ACL;
168
169
170/** XXX: document this. */
171typedef struct _winsec_desc
172{
173  /** 0x01 */
174  uint8_t revision;
175
176  /** XXX: better explain this
177   *
178   * "If the Control field has the RM flag set, then this field contains the
179   *  resource manager (RM) control value. ... Otherwise, this field is reserved
180   *  and MUST be set to zero." -- Microsoft.
181   *  See:
182   *   http://msdn.microsoft.com/en-us/library/cc230371%28PROT.10%29.aspx
183   */
184  uint8_t sbz1;
185
186  /** WINSEC_DESC_* flags */
187  uint16_t control;
188 
189  /** Offset to owner sid */
190  uint32_t off_owner_sid;
191
192  /** Offset to group sid */
193  uint32_t off_grp_sid;
194
195  /** Offset to system list of permissions */
196  uint32_t off_sacl;
197
198  /** Offset to list of permissions */
199  uint32_t off_dacl;
200
201  /** XXX: document this */
202  WINSEC_DOM_SID* owner_sid; 
203
204  /** XXX: document this */
205  WINSEC_DOM_SID* grp_sid;
206
207  /** System ACL */
208  WINSEC_ACL* sacl;
209
210  /** User ACL */
211  WINSEC_ACL* dacl;
212
213} WINSEC_DESC;
214
215
216/**
217 *
218 * XXX: finish documenting
219 */
220_EXPORT()
221WINSEC_DESC* winsec_parse_descriptor(const uint8_t* buf, uint32_t buf_len);
222
223
224/**
225 *
226 * XXX: finish documenting
227 */
228_EXPORT()
229void winsec_free_descriptor(WINSEC_DESC* desc);
230
231/**
232 *
233 * XXX: finish documenting
234 */
235_EXPORT()
236WINSEC_DESC* winsec_parse_desc(void* talloc_ctx,
237                               const uint8_t* buf, uint32_t buf_len);
238
239/**
240 *
241 * XXX: finish documenting
242 */
243_EXPORT()
244WINSEC_ACL* winsec_parse_acl(void* talloc_ctx, 
245                             const uint8_t* buf, uint32_t buf_len);
246
247/**
248 *
249 * XXX: finish documenting
250 */
251_EXPORT()
252WINSEC_ACE* winsec_parse_ace(void* talloc_ctx, 
253                             const uint8_t* buf, uint32_t buf_len);
254
255/**
256 *
257 * XXX: finish documenting
258 */
259_EXPORT()
260WINSEC_DOM_SID* winsec_parse_dom_sid(void* talloc_ctx, 
261                                     const uint8_t* buf, uint32_t buf_len);
262
263/**
264 *
265 * XXX: finish documenting
266 */
267_EXPORT()
268WINSEC_UUID* winsec_parse_uuid(void* talloc_ctx, 
269                               const uint8_t* buf, uint32_t buf_len);
270
271
272/**
273 *
274 * XXX: finish documenting
275 */
276_EXPORT()
277size_t winsec_sid_size(const WINSEC_DOM_SID* sid);
278
279/**
280 *
281 * XXX: finish documenting
282 */
283_EXPORT()
284int winsec_sid_compare_auth(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
285
286/**
287 *
288 * XXX: finish documenting
289 */
290_EXPORT()
291int winsec_sid_compare(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
292
293/**
294 *
295 * XXX: finish documenting
296 */
297_EXPORT()
298bool winsec_sid_equal(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
299
300/**
301 *
302 * XXX: finish documenting
303 */
304_EXPORT()
305char* winsec_sid2str(const WINSEC_DOM_SID* sid);
306
307/**
308 *
309 * XXX: finish documenting
310 */
311_EXPORT()
312bool winsec_desc_equal(WINSEC_DESC* s1, WINSEC_DESC* s2);
313
314/**
315 *
316 * XXX: finish documenting
317 */
318_EXPORT()
319bool winsec_acl_equal(WINSEC_ACL* s1, WINSEC_ACL* s2);
320
321/**
322 *
323 * XXX: finish documenting
324 */
325_EXPORT()
326bool winsec_ace_equal(WINSEC_ACE* s1, WINSEC_ACE* s2);
327
328/**
329 *
330 * XXX: finish documenting
331 */
332_EXPORT()
333bool winsec_ace_object(uint8_t type);
334
335#endif /* _WINSEC_H */
Note: See TracBrowser for help on using the repository browser.