source: trunk/include/winsec.h @ 147

Last change on this file since 147 was 147, checked in by tim, 16 years ago

added talloc library

incorporated talloc into winsec and lru_cache modules

introduced talloc into SK caching system

  • Property svn:keywords set to Id
File size: 5.6 KB
Line 
1/*
2 * This file contains refactored Samba code used to interpret Windows
3 * Security Descriptors. See:
4 *   http://websvn.samba.org/cgi-bin/viewcvs.cgi/trunk/source/
5 *
6 * Revisions have been made based on information provided by Microsoft
7 * at:
8 *    http://msdn.microsoft.com/en-us/library/cc230366(PROT.10).aspx
9 *
10 * Copyright (C) 2005,2009 Timothy D. Morgan
11 * Copyright (C) 1992-2005 Samba development team
12 *
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; version 3 of the License.
16 *
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
20 * GNU General Public License for more details.
21 *
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 *
26 * $Id: winsec.h 147 2009-02-22 19:31:52Z tim $
27 */
28
29#ifndef _WINSEC_H
30#define _WINSEC_H
31
32#include <stdlib.h>
33#include <stdbool.h>
34#include <stdint.h>
35#include <stdio.h>
36#include <string.h>
37#include <errno.h>
38#include <fcntl.h>
39#include <sys/stat.h>
40#include <sys/types.h>
41#include <unistd.h>
42
43#include "smb_deps.h"
44#include "talloc.h"
45
46
47/* This is the maximum number of subauths in a SID, as defined here:
48 *   http://msdn.microsoft.com/en-us/library/cc230371(PROT.10).aspx
49 */
50#define WINSEC_MAX_SUBAUTHS 15
51
52#define WINSEC_DESC_HEADER_SIZE     (5 * sizeof(uint32_t))
53#define WINSEC_ACL_HEADER_SIZE      (2 * sizeof(uint32_t))
54#define WINSEC_ACE_MIN_SIZE         16
55
56/* TODO: Fill in definitions of other flags */
57/* This means offsets contained in the descriptor are relative to the
58 * descriptor's offset.  This had better be true in the registry.
59 */
60#define WINSEC_DESC_SELF_RELATIVE   0x8000
61#define WINSEC_DESC_SACL_PRESENT    0x0010
62#define WINSEC_DESC_DACL_PRESENT    0x0004
63
64#define WINSEC_ACE_OBJECT_PRESENT              0x00000001
65#define WINSEC_ACE_OBJECT_INHERITED_PRESENT    0x00000002
66#define WINSEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT  0x5
67#define WINSEC_ACE_TYPE_ACCESS_DENIED_OBJECT   0x6
68#define WINSEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT    0x7
69#define WINSEC_ACE_TYPE_SYSTEM_ALARM_OBJECT    0x8
70
71
72typedef struct _winsec_uuid
73{
74       uint32 time_low;
75       uint16 time_mid;
76       uint16 time_hi_and_version;
77       uint8  clock_seq[2];
78       uint8  node[6];
79} WINSEC_UUID;
80
81
82typedef struct _winsec_sid
83{
84  uint8_t  sid_rev_num;             /* SID revision number */
85  uint8_t  num_auths;               /* Number of sub-authorities */
86  uint8_t  id_auth[6];              /* Identifier Authority */
87  /*
88   *  Pointer to sub-authorities.
89   *
90   * @note The values in these uint32_t's are in *native* byteorder, not
91   * neccessarily little-endian...... JRA.
92   */
93  /* XXX: Make this dynamically allocated? */
94  uint32_t sub_auths[WINSEC_MAX_SUBAUTHS];
95} WINSEC_DOM_SID;
96
97
98typedef struct _winsec_ace
99{
100        uint8_t type;  /* xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc */
101        uint8_t flags; /* xxxx_INHERIT_xxxx - e.g OBJECT_INHERIT_ACE */
102        uint16_t size;
103        uint32_t access_mask;
104
105        /* this stuff may be present when type is XXXX_TYPE_XXXX_OBJECT */
106        uint32_t  obj_flags;   /* xxxx_ACE_OBJECT_xxxx e.g present/inherited present etc */
107        WINSEC_UUID* obj_guid;  /* object GUID */
108        WINSEC_UUID* inh_guid;  /* inherited object GUID */             
109        /* eof object stuff */
110
111        WINSEC_DOM_SID* trustee;
112
113} WINSEC_ACE;
114
115typedef struct _winsec_acl
116{
117        uint16_t revision; /* 0x0003 */
118        uint16_t size;     /* size in bytes of the entire ACL structure */
119        uint32_t num_aces; /* number of Access Control Entries */
120
121        WINSEC_ACE** aces;
122
123} WINSEC_ACL;
124
125typedef struct _winsec_desc
126{
127        uint8_t revision; /* 0x01 */
128        uint8_t sbz1;     /* "If the Control field has the RM flag set,
129                           *  then this field contains the resource
130                           *  manager (RM) control value. ... Otherwise,
131                           *  this field is reserved and MUST be set to
132                           *  zero." -- Microsoft.  See reference above.
133                           */
134        uint16_t control; /* WINSEC_DESC_* flags */
135
136        uint32_t off_owner_sid; /* offset to owner sid */
137        uint32_t off_grp_sid  ; /* offset to group sid */
138        uint32_t off_sacl     ; /* offset to system list of permissions */
139        uint32_t off_dacl     ; /* offset to list of permissions */
140
141        WINSEC_DOM_SID* owner_sid; 
142        WINSEC_DOM_SID* grp_sid;
143        WINSEC_ACL* sacl;       /* system ACL */
144        WINSEC_ACL* dacl;       /* user ACL */
145
146} WINSEC_DESC;
147
148WINSEC_DESC* winsec_parse_descriptor(const uint8_t* buf, uint32_t buf_len);
149void winsec_free_descriptor(WINSEC_DESC* desc);
150
151WINSEC_DESC* winsec_parse_desc(void* talloc_ctx,
152                               const uint8_t* buf, uint32_t buf_len);
153WINSEC_ACL* winsec_parse_acl(void* talloc_ctx, 
154                             const uint8_t* buf, uint32_t buf_len);
155WINSEC_ACE* winsec_parse_ace(void* talloc_ctx, 
156                             const uint8_t* buf, uint32_t buf_len);
157WINSEC_DOM_SID* winsec_parse_dom_sid(void* talloc_ctx, 
158                                     const uint8_t* buf, uint32_t buf_len);
159WINSEC_UUID* winsec_parse_uuid(void* talloc_ctx, 
160                               const uint8_t* buf, uint32_t buf_len);
161
162size_t winsec_sid_size(const WINSEC_DOM_SID* sid);
163int winsec_sid_compare_auth(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
164int winsec_sid_compare(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
165bool winsec_sid_equal(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
166bool winsec_desc_equal(WINSEC_DESC* s1, WINSEC_DESC* s2);
167bool winsec_acl_equal(WINSEC_ACL* s1, WINSEC_ACL* s2);
168bool winsec_ace_equal(WINSEC_ACE* s1, WINSEC_ACE* s2);
169bool winsec_ace_object(uint8_t type);
170
171#endif /* _WINSEC_H */
Note: See TracBrowser for help on using the repository browser.