1 | /* |
---|
2 | * This file contains refactored Samba code used to interpret Windows |
---|
3 | * Security Descriptors. See: |
---|
4 | * http://websvn.samba.org/cgi-bin/viewcvs.cgi/trunk/source/ |
---|
5 | * |
---|
6 | * Copyright (C) 2005,2009 Timothy D. Morgan |
---|
7 | * Copyright (C) 1992-2005 Samba development team |
---|
8 | * |
---|
9 | * This program is free software; you can redistribute it and/or modify |
---|
10 | * it under the terms of the GNU General Public License as published by |
---|
11 | * the Free Software Foundation; version 3 of the License. |
---|
12 | * |
---|
13 | * This program is distributed in the hope that it will be useful, |
---|
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
16 | * GNU General Public License for more details. |
---|
17 | * |
---|
18 | * You should have received a copy of the GNU General Public License |
---|
19 | * along with this program; if not, write to the Free Software |
---|
20 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
---|
21 | * |
---|
22 | * $Id: winsec.h 133 2009-01-12 17:07:58Z tim $ |
---|
23 | */ |
---|
24 | |
---|
25 | #include <stdlib.h> |
---|
26 | #include <stdbool.h> |
---|
27 | #include <stdio.h> |
---|
28 | #include <string.h> |
---|
29 | #include <errno.h> |
---|
30 | #include <fcntl.h> |
---|
31 | #include <sys/stat.h> |
---|
32 | #include <sys/types.h> |
---|
33 | #include <unistd.h> |
---|
34 | |
---|
35 | #include "smb_deps.h" |
---|
36 | |
---|
37 | |
---|
38 | #define MAXSUBAUTHS 15 |
---|
39 | |
---|
40 | #define SEC_DESC_HEADER_SIZE (2 * sizeof(uint16) + 4 * sizeof(uint32)) |
---|
41 | /*thanks for Jim McDonough <jmcd@us.ibm.com>*/ |
---|
42 | #define SEC_DESC_DACL_PRESENT 0x0004 |
---|
43 | #define SEC_DESC_SACL_PRESENT 0x0010 |
---|
44 | |
---|
45 | #define SEC_ACE_OBJECT_PRESENT 0x00000001 |
---|
46 | #define SEC_ACE_OBJECT_INHERITED_PRESENT 0x00000002 |
---|
47 | #define SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT 0x5 |
---|
48 | #define SEC_ACE_TYPE_ACCESS_DENIED_OBJECT 0x6 |
---|
49 | #define SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT 0x7 |
---|
50 | #define SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT 0x8 |
---|
51 | |
---|
52 | |
---|
53 | typedef struct sid_info |
---|
54 | { |
---|
55 | uint8 sid_rev_num; /**< SID revision number */ |
---|
56 | uint8 num_auths; /**< Number of sub-authorities */ |
---|
57 | uint8 id_auth[6]; /**< Identifier Authority */ |
---|
58 | /* |
---|
59 | * Pointer to sub-authorities. |
---|
60 | * |
---|
61 | * @note The values in these uint32's are in *native* byteorder, not |
---|
62 | * neccessarily little-endian...... JRA. |
---|
63 | */ |
---|
64 | uint32 sub_auths[MAXSUBAUTHS]; |
---|
65 | } DOM_SID; |
---|
66 | |
---|
67 | |
---|
68 | typedef struct security_info_info |
---|
69 | { |
---|
70 | uint32 mask; |
---|
71 | |
---|
72 | } SEC_ACCESS; |
---|
73 | |
---|
74 | typedef struct security_ace_info |
---|
75 | { |
---|
76 | uint8 type; /* xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc */ |
---|
77 | uint8 flags; /* xxxx_INHERIT_xxxx - e.g OBJECT_INHERIT_ACE */ |
---|
78 | uint16 size; |
---|
79 | |
---|
80 | SEC_ACCESS info; |
---|
81 | |
---|
82 | /* this stuff may be present when type is XXXX_TYPE_XXXX_OBJECT */ |
---|
83 | uint32 obj_flags; /* xxxx_ACE_OBJECT_xxxx e.g present/inherited present etc */ |
---|
84 | struct uuid obj_guid; /* object GUID */ |
---|
85 | struct uuid inh_guid; /* inherited object GUID */ |
---|
86 | /* eof object stuff */ |
---|
87 | |
---|
88 | DOM_SID trustee; |
---|
89 | |
---|
90 | } SEC_ACE; |
---|
91 | |
---|
92 | typedef struct security_acl_info |
---|
93 | { |
---|
94 | uint16 revision; /* 0x0003 */ |
---|
95 | uint16 size; /* size in bytes of the entire ACL structure */ |
---|
96 | uint32 num_aces; /* number of Access Control Entries */ |
---|
97 | |
---|
98 | SEC_ACE *ace; |
---|
99 | |
---|
100 | } SEC_ACL; |
---|
101 | |
---|
102 | typedef struct security_descriptor_info |
---|
103 | { |
---|
104 | uint16 revision; /* 0x0001 */ |
---|
105 | uint16 type; /* SEC_DESC_xxxx flags */ |
---|
106 | |
---|
107 | uint32 off_owner_sid; /* offset to owner sid */ |
---|
108 | uint32 off_grp_sid ; /* offset to group sid */ |
---|
109 | uint32 off_sacl ; /* offset to system list of permissions */ |
---|
110 | uint32 off_dacl ; /* offset to list of permissions */ |
---|
111 | |
---|
112 | SEC_ACL *dacl; /* user ACL */ |
---|
113 | SEC_ACL *sacl; /* system ACL */ |
---|
114 | DOM_SID *owner_sid; |
---|
115 | DOM_SID *grp_sid; |
---|
116 | |
---|
117 | } SEC_DESC; |
---|
118 | |
---|
119 | |
---|
120 | |
---|
121 | bool smb_io_dom_sid(const char *desc, DOM_SID *sid, prs_struct *ps, int depth); |
---|
122 | bool sec_io_access(const char *desc, SEC_ACCESS *t, prs_struct *ps, int depth); |
---|
123 | bool sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth); |
---|
124 | bool sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth); |
---|
125 | bool sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth); |
---|
126 | |
---|
127 | size_t sid_size(const DOM_SID *sid); |
---|
128 | int sid_compare_auth(const DOM_SID *sid1, const DOM_SID *sid2); |
---|
129 | int sid_compare(const DOM_SID *sid1, const DOM_SID *sid2); |
---|
130 | bool sec_ace_equal(SEC_ACE *s1, SEC_ACE *s2); |
---|
131 | bool sec_acl_equal(SEC_ACL *s1, SEC_ACL *s2); |
---|
132 | bool sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2); |
---|
133 | bool sid_equal(const DOM_SID *sid1, const DOM_SID *sid2); |
---|
134 | bool sec_ace_object(uint8 type); |
---|