source: trunk/include/winsec.h @ 134

Last change on this file since 134 was 134, checked in by tim, 16 years ago

rewrote winsec library, stripping out Samba dependencies

eliminated remaining Samba prs functions

added support for 'li' subkey list records

  • Property svn:keywords set to Id
File size: 5.3 KB
Line 
1/*
2 * This file contains refactored Samba code used to interpret Windows
3 * Security Descriptors. See:
4 *   http://websvn.samba.org/cgi-bin/viewcvs.cgi/trunk/source/
5 *
6 * Revisions have been made based on information provided by Microsoft
7 * at:
8 *    http://msdn.microsoft.com/en-us/library/cc230366(PROT.10).aspx
9 *
10 * Copyright (C) 2005,2009 Timothy D. Morgan
11 * Copyright (C) 1992-2005 Samba development team
12 *
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; version 3 of the License.
16 *
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
20 * GNU General Public License for more details.
21 *
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 *
26 * $Id: winsec.h 134 2009-01-16 18:36:04Z tim $
27 */
28
29#ifndef _WINSEC_H
30#define _WINSEC_H
31
32#include <stdlib.h>
33#include <stdbool.h>
34#include <stdint.h>
35#include <stdio.h>
36#include <string.h>
37#include <errno.h>
38#include <fcntl.h>
39#include <sys/stat.h>
40#include <sys/types.h>
41#include <unistd.h>
42
43#include "smb_deps.h"
44
45
46/* This is the maximum number of subauths in a SID, as defined here:
47 *   http://msdn.microsoft.com/en-us/library/cc230371(PROT.10).aspx
48 */
49#define WINSEC_MAX_SUBAUTHS 15
50
51#define WINSEC_DESC_HEADER_SIZE     (5 * sizeof(uint32_t))
52#define WINSEC_ACL_HEADER_SIZE      (2 * sizeof(uint32_t))
53#define WINSEC_ACE_MIN_SIZE         16
54
55/* TODO: Fill in definitions of other flags */
56/* This means offsets contained in the descriptor are relative to the
57 * descriptor's offset.  This had better be true in the registry.
58 */
59#define WINSEC_DESC_SELF_RELATIVE   0x8000
60#define WINSEC_DESC_SACL_PRESENT    0x0010
61#define WINSEC_DESC_DACL_PRESENT    0x0004
62
63#define WINSEC_ACE_OBJECT_PRESENT              0x00000001
64#define WINSEC_ACE_OBJECT_INHERITED_PRESENT    0x00000002
65#define WINSEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT  0x5
66#define WINSEC_ACE_TYPE_ACCESS_DENIED_OBJECT   0x6
67#define WINSEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT    0x7
68#define WINSEC_ACE_TYPE_SYSTEM_ALARM_OBJECT    0x8
69
70
71typedef struct _winsec_uuid
72{
73       uint32 time_low;
74       uint16 time_mid;
75       uint16 time_hi_and_version;
76       uint8  clock_seq[2];
77       uint8  node[6];
78} WINSEC_UUID;
79
80
81typedef struct _winsec_sid
82{
83  uint8_t  sid_rev_num;             /* SID revision number */
84  uint8_t  num_auths;               /* Number of sub-authorities */
85  uint8_t  id_auth[6];              /* Identifier Authority */
86  /*
87   *  Pointer to sub-authorities.
88   *
89   * @note The values in these uint32_t's are in *native* byteorder, not
90   * neccessarily little-endian...... JRA.
91   */
92  /* XXX: Make this dynamically allocated? */
93  uint32_t sub_auths[WINSEC_MAX_SUBAUTHS];
94} WINSEC_DOM_SID;
95
96
97typedef struct _winsec_ace
98{
99        uint8_t type;  /* xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc */
100        uint8_t flags; /* xxxx_INHERIT_xxxx - e.g OBJECT_INHERIT_ACE */
101        uint16_t size;
102        uint32_t access_mask;
103
104        /* this stuff may be present when type is XXXX_TYPE_XXXX_OBJECT */
105        uint32_t  obj_flags;   /* xxxx_ACE_OBJECT_xxxx e.g present/inherited present etc */
106        WINSEC_UUID* obj_guid;  /* object GUID */
107        WINSEC_UUID* inh_guid;  /* inherited object GUID */             
108        /* eof object stuff */
109
110        WINSEC_DOM_SID* trustee;
111
112} WINSEC_ACE;
113
114typedef struct _winsec_acl
115{
116        uint16_t revision; /* 0x0003 */
117        uint16_t size;     /* size in bytes of the entire ACL structure */
118        uint32_t num_aces; /* number of Access Control Entries */
119
120        WINSEC_ACE** aces;
121
122} WINSEC_ACL;
123
124typedef struct _winsec_desc
125{
126        uint8_t revision; /* 0x01 */
127        uint8_t sbz1;     /* "If the Control field has the RM flag set,
128                           *  then this field contains the resource
129                           *  manager (RM) control value. ... Otherwise,
130                           *  this field is reserved and MUST be set to
131                           *  zero." -- Microsoft.  See reference above.
132                           */
133        uint16_t control; /* WINSEC_DESC_* flags */
134
135        uint32_t off_owner_sid; /* offset to owner sid */
136        uint32_t off_grp_sid  ; /* offset to group sid */
137        uint32_t off_sacl     ; /* offset to system list of permissions */
138        uint32_t off_dacl     ; /* offset to list of permissions */
139
140        WINSEC_DOM_SID* owner_sid; 
141        WINSEC_DOM_SID* grp_sid;
142        WINSEC_ACL* sacl;       /* system ACL */
143        WINSEC_ACL* dacl;       /* user ACL */
144
145} WINSEC_DESC;
146
147
148/* XXX: Need API functions to deallocate these structures */
149WINSEC_DESC* winsec_parse_desc(const uint8_t* buf, uint32_t buf_len);
150WINSEC_ACL* winsec_parse_acl(const uint8_t* buf, uint32_t buf_len);
151WINSEC_ACE* winsec_parse_ace(const uint8_t* buf, uint32_t buf_len);
152WINSEC_DOM_SID* winsec_parse_dom_sid(const uint8_t* buf, uint32_t buf_len);
153WINSEC_UUID* winsec_parse_uuid(const uint8_t* buf, uint32_t buf_len);
154
155size_t winsec_sid_size(const WINSEC_DOM_SID* sid);
156int winsec_sid_compare_auth(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
157int winsec_sid_compare(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
158bool winsec_sid_equal(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
159bool winsec_desc_equal(WINSEC_DESC* s1, WINSEC_DESC* s2);
160bool winsec_acl_equal(WINSEC_ACL* s1, WINSEC_ACL* s2);
161bool winsec_ace_equal(WINSEC_ACE* s1, WINSEC_ACE* s2);
162bool winsec_ace_object(uint8_t type);
163
164#endif /* _WINSEC_H */
Note: See TracBrowser for help on using the repository browser.