source: trunk/include/winsec.h @ 217

Last change on this file since 217 was 201, checked in by tim, 14 years ago

changed symbol visibility to hidden by default and explicitly exported API functions

  • Property svn:keywords set to Id
File size: 7.0 KB
Line 
1/*
2 * Copyright (C) 2005,2009-2010 Timothy D. Morgan
3 * Copyright (C) 1992-2005 Samba development team
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; version 3 of the License.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
17 *
18 * $Id: winsec.h 201 2010-06-05 04:45:05Z tim $
19 */
20
21/**
22 * @file
23 *
24 * A small library for interpreting Windows Security Descriptors.
25 * This library was originally based on Samba source from:
26 *   http://websvn.samba.org/cgi-bin/viewcvs.cgi/trunk/source/
27 *
28 * The library has been heavily rewritten and improved based on information
29 * provided by Microsoft at:
30 *    http://msdn.microsoft.com/en-us/library/cc230366%28PROT.10%29.aspx
31 */
32
33#ifndef _WINSEC_H
34#define _WINSEC_H
35
36#include <stdlib.h>
37#include <stdbool.h>
38#include <stdint.h>
39#include <stdio.h>
40#include <string.h>
41#include <errno.h>
42#include <fcntl.h>
43#include <sys/stat.h>
44#include <sys/types.h>
45#include <unistd.h>
46#include <talloc.h>
47
48#include "byteorder.h"
49
50/* GCC-specific macro for library exports */
51#ifdef _EXPORT
52#undef _EXPORT
53#endif
54#define _EXPORT __attribute__((visibility("default")))
55
56
57/* This is the maximum number of subauths in a SID, as defined here:
58 *   http://msdn.microsoft.com/en-us/library/cc230371(PROT.10).aspx
59 */
60#define WINSEC_MAX_SUBAUTHS 15
61
62#define WINSEC_DESC_HEADER_SIZE     (5 * sizeof(uint32_t))
63#define WINSEC_ACL_HEADER_SIZE      (2 * sizeof(uint32_t))
64#define WINSEC_ACE_MIN_SIZE         16
65
66/* XXX: Fill in definitions of other flags */
67/* This self relative flag means offsets contained in the descriptor are relative
68 * to the descriptor's offset.  This had better be true in the registry.
69 */
70#define WINSEC_DESC_SELF_RELATIVE   0x8000
71#define WINSEC_DESC_SACL_PRESENT    0x0010
72#define WINSEC_DESC_DACL_PRESENT    0x0004
73
74#define WINSEC_ACE_OBJECT_PRESENT              0x00000001
75#define WINSEC_ACE_OBJECT_INHERITED_PRESENT    0x00000002
76#define WINSEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT  0x5
77#define WINSEC_ACE_TYPE_ACCESS_DENIED_OBJECT   0x6
78#define WINSEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT    0x7
79#define WINSEC_ACE_TYPE_SYSTEM_ALARM_OBJECT    0x8
80
81
82/** XXX: document this. */
83typedef struct _winsec_uuid
84{
85  /** XXX: document this. */
86  uint32_t time_low;
87
88  /** XXX: document this. */
89  uint16_t time_mid;
90
91  /** XXX: document this. */
92  uint16_t time_hi_and_version;
93
94  /** XXX: document this. */
95  uint8_t  clock_seq[2];
96
97  /** XXX: document this. */
98  uint8_t  node[6];
99} WINSEC_UUID;
100
101
102/** XXX: document this. */
103typedef struct _winsec_sid
104{
105  /** SID revision number */
106  uint8_t  sid_rev_num;
107
108  /** Number of sub-authorities */
109  uint8_t  num_auths;
110
111  /** Identifier Authority */
112  uint8_t  id_auth[6];
113
114  /** Pointer to sub-authorities.
115   *
116   * @note The values in these uint32_t's are in *native* byteorder, not
117   * neccessarily little-endian...... JRA.
118   */
119  uint32_t sub_auths[WINSEC_MAX_SUBAUTHS];   /* XXX: Make this dynamically allocated? */
120} WINSEC_DOM_SID;
121
122
123/** XXX: document this. */
124typedef struct _winsec_ace
125{
126  /** xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc */
127  uint8_t type;
128
129  /** xxxx_INHERIT_xxxx - e.g OBJECT_INHERIT_ACE */
130  uint8_t flags;
131
132  /** XXX: finish documenting */
133  uint16_t size;
134
135  /** XXX: finish documenting */
136  uint32_t access_mask;
137 
138  /* This stuff may be present when type is XXXX_TYPE_XXXX_OBJECT */
139
140  /** xxxx_ACE_OBJECT_xxxx e.g present/inherited present etc */
141  uint32_t  obj_flags;
142
143  /** Object GUID */
144  WINSEC_UUID* obj_guid;
145
146  /** Inherited object GUID */
147  WINSEC_UUID* inh_guid;
148
149  /* eof object stuff */
150 
151  /** XXX: finish documenting */
152  WINSEC_DOM_SID* trustee;
153
154} WINSEC_ACE;
155
156
157/** XXX: document this. */
158typedef struct _winsec_acl
159{
160  /** 0x0003 */
161  uint16_t revision;
162
163  /** Size, in bytes, of the entire ACL structure */
164  uint16_t size;
165
166  /** Number of Access Control Entries */
167  uint32_t num_aces;
168 
169  /** XXX: document this. */
170  WINSEC_ACE** aces;
171
172} WINSEC_ACL;
173
174
175/** XXX: document this. */
176typedef struct _winsec_desc
177{
178  /** 0x01 */
179  uint8_t revision;
180
181  /** XXX: better explain this
182   *
183   * "If the Control field has the RM flag set, then this field contains the
184   *  resource manager (RM) control value. ... Otherwise, this field is reserved
185   *  and MUST be set to zero." -- Microsoft.
186   *  See:
187   *   http://msdn.microsoft.com/en-us/library/cc230371%28PROT.10%29.aspx
188   */
189  uint8_t sbz1;
190
191  /** WINSEC_DESC_* flags */
192  uint16_t control;
193 
194  /** Offset to owner sid */
195  uint32_t off_owner_sid;
196
197  /** Offset to group sid */
198  uint32_t off_grp_sid;
199
200  /** Offset to system list of permissions */
201  uint32_t off_sacl;
202
203  /** Offset to list of permissions */
204  uint32_t off_dacl;
205
206  /** XXX: document this */
207  WINSEC_DOM_SID* owner_sid; 
208
209  /** XXX: document this */
210  WINSEC_DOM_SID* grp_sid;
211
212  /** System ACL */
213  WINSEC_ACL* sacl;
214
215  /** User ACL */
216  WINSEC_ACL* dacl;
217
218} WINSEC_DESC;
219
220
221/**
222 *
223 * XXX: finish documenting
224 */
225_EXPORT
226WINSEC_DESC* winsec_parse_descriptor(const uint8_t* buf, uint32_t buf_len);
227
228
229/**
230 *
231 * XXX: finish documenting
232 */
233_EXPORT
234void winsec_free_descriptor(WINSEC_DESC* desc);
235
236/**
237 *
238 * XXX: finish documenting
239 */
240_EXPORT
241WINSEC_DESC* winsec_parse_desc(void* talloc_ctx,
242                               const uint8_t* buf, uint32_t buf_len);
243
244/**
245 *
246 * XXX: finish documenting
247 */
248_EXPORT
249WINSEC_ACL* winsec_parse_acl(void* talloc_ctx, 
250                             const uint8_t* buf, uint32_t buf_len);
251
252/**
253 *
254 * XXX: finish documenting
255 */
256_EXPORT
257WINSEC_ACE* winsec_parse_ace(void* talloc_ctx, 
258                             const uint8_t* buf, uint32_t buf_len);
259
260/**
261 *
262 * XXX: finish documenting
263 */
264_EXPORT
265WINSEC_DOM_SID* winsec_parse_dom_sid(void* talloc_ctx, 
266                                     const uint8_t* buf, uint32_t buf_len);
267
268/**
269 *
270 * XXX: finish documenting
271 */
272_EXPORT
273WINSEC_UUID* winsec_parse_uuid(void* talloc_ctx, 
274                               const uint8_t* buf, uint32_t buf_len);
275
276
277/**
278 *
279 * XXX: finish documenting
280 */
281_EXPORT
282size_t winsec_sid_size(const WINSEC_DOM_SID* sid);
283
284/**
285 *
286 * XXX: finish documenting
287 */
288_EXPORT
289int winsec_sid_compare_auth(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
290
291/**
292 *
293 * XXX: finish documenting
294 */
295_EXPORT
296int winsec_sid_compare(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
297
298/**
299 *
300 * XXX: finish documenting
301 */
302_EXPORT
303bool winsec_sid_equal(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
304
305/**
306 *
307 * XXX: finish documenting
308 */
309_EXPORT
310bool winsec_desc_equal(WINSEC_DESC* s1, WINSEC_DESC* s2);
311
312/**
313 *
314 * XXX: finish documenting
315 */
316_EXPORT
317bool winsec_acl_equal(WINSEC_ACL* s1, WINSEC_ACL* s2);
318
319/**
320 *
321 * XXX: finish documenting
322 */
323_EXPORT
324bool winsec_ace_equal(WINSEC_ACE* s1, WINSEC_ACE* s2);
325
326/**
327 *
328 * XXX: finish documenting
329 */
330_EXPORT
331bool winsec_ace_object(uint8_t type);
332
333#endif /* _WINSEC_H */
Note: See TracBrowser for help on using the repository browser.