Context Navigation

winsec.c @ 146

Last change on this file since 146 was 134, checked in by tim, 16 years ago

rewrote winsec library, stripping out Samba dependencies

eliminated remaining Samba prs functions

added support for 'li' subkey list records

Property svn:keywords set to Id

File size: 13.6 KB

Rev	Line
[132]	1	/*
[133]	2	* This file contains refactored Samba code used to interpret Windows
	3	* Security Descriptors. See:
[132]	4	* http://websvn.samba.org/cgi-bin/viewcvs.cgi/trunk/source/
	5	*
	6	* Copyright (C) 2005-2006,2009 Timothy D. Morgan
	7	* Copyright (C) 1992-2005 Samba development team
	8	* (see individual files under Subversion for details.)
	9	*
	10	* This program is free software; you can redistribute it and/or modify
	11	* it under the terms of the GNU General Public License as published by
	12	* the Free Software Foundation; version 3 of the License.
	13	*
	14	* This program is distributed in the hope that it will be useful,
	15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	17	* GNU General Public License for more details.
	18	*
	19	* You should have received a copy of the GNU General Public License
	20	* along with this program; if not, write to the Free Software
	21	* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
	22	*
[133]	23	* $Id: winsec.c 134 2009-01-16 18:36:04Z tim $
[132]	24	*/
	25
	26	#include "../include/winsec.h"
	27
	28
	29
[134]	30	/******************************************************************************
	31	* Parses a WINSEC_DESC structure and substructures.
	32	******************************************************************************/
	33	WINSEC_DESC* winsec_parse_desc(const uint8_t* buf, uint32_t buf_len)
[132]	34	{
[134]	35	WINSEC_DESC* ret_val;
[132]	36
[134]	37	if (buf == NULL \|\| buf_len < WINSEC_DESC_HEADER_SIZE)
	38	return NULL;
[133]	39
[134]	40	if((ret_val = (WINSEC_DESC*)zalloc(sizeof(WINSEC_DESC))) == NULL)
	41	return NULL;
[133]	42
[134]	43	ret_val->revision = buf[0];
	44	ret_val->sbz1 = buf[1];
	45	ret_val->control = SVAL(buf, 0x2);
[133]	46
[134]	47	if(!(ret_val->control & WINSEC_DESC_SELF_RELATIVE))
	48	fprintf(stderr, "DEBUG: NOT self-relative!\n");
[132]	49
[134]	50	ret_val->off_owner_sid = IVAL(buf, 0x4);
	51	ret_val->off_grp_sid = IVAL(buf, 0x8);
	52	ret_val->off_sacl = IVAL(buf, 0xC);
	53	ret_val->off_dacl = IVAL(buf, 0x10);
[133]	54
[134]	55	/* A basic sanity check to ensure our offsets are within our buffer.
	56	* Additional length checking is done in secondary parsing functions.
	57	*/
	58	if((ret_val->off_owner_sid >= buf_len)
	59	\|\| (ret_val->off_grp_sid >= buf_len)
	60	\|\| (ret_val->off_sacl >= buf_len)
	61	\|\| (ret_val->off_dacl >= buf_len))
[133]	62	{
[134]	63	free(ret_val);
	64	return NULL;
[133]	65	}
[132]	66
[134]	67	if(ret_val->off_owner_sid != 0)
[133]	68	{
[134]	69	ret_val->owner_sid = winsec_parse_dom_sid(buf + ret_val->off_owner_sid,
	70	buf_len - ret_val->off_owner_sid);
	71	if(ret_val->owner_sid == NULL)
[133]	72	{
[134]	73	free(ret_val);
	74	return NULL;
[133]	75	}
	76	}
[132]	77
[134]	78	if (ret_val->off_grp_sid != 0)
[133]	79	{
[134]	80	ret_val->grp_sid = winsec_parse_dom_sid(buf + ret_val->off_grp_sid,
	81	buf_len - ret_val->off_grp_sid);
	82	if(ret_val->grp_sid == NULL)
[133]	83	{
[134]	84	if(ret_val->owner_sid != NULL)
	85	free(ret_val->owner_sid);
	86	free(ret_val);
	87	return NULL;
[133]	88	}
	89	}
[132]	90
[134]	91	if ((ret_val->control & WINSEC_DESC_SACL_PRESENT) && ret_val->off_sacl)
[133]	92	{
[134]	93	ret_val->sacl = winsec_parse_acl(buf + ret_val->off_sacl,
	94	buf_len - ret_val->off_sacl);
	95	if(ret_val->sacl == NULL)
[133]	96	{
[134]	97	if(ret_val->owner_sid != NULL)
	98	free(ret_val->owner_sid);
	99	if(ret_val->grp_sid != NULL)
	100	free(ret_val->grp_sid);
	101	free(ret_val);
	102	return NULL;
[133]	103	}
	104	}
[132]	105
[134]	106	if ((ret_val->control & WINSEC_DESC_DACL_PRESENT) && ret_val->off_dacl != 0)
[133]	107	{
[134]	108	ret_val->dacl = winsec_parse_acl(buf + ret_val->off_dacl,
	109	buf_len - ret_val->off_dacl);
	110	if(ret_val->dacl == NULL)
[133]	111	{
[134]	112	if(ret_val->owner_sid != NULL)
	113	free(ret_val->owner_sid);
	114	if(ret_val->grp_sid != NULL)
	115	free(ret_val->grp_sid);
	116	if(ret_val->sacl != NULL)
	117	free(ret_val->sacl);
	118	free(ret_val);
	119	return NULL;
[133]	120	}
	121	}
[132]	122
[134]	123	return ret_val;
[132]	124	}
	125
	126
[134]	127	/******************************************************************************
	128	* Parses a WINSEC_ACL structure and all substructures.
	129	******************************************************************************/
	130	WINSEC_ACL* winsec_parse_acl(const uint8_t* buf, uint32_t buf_len)
[132]	131	{
[134]	132	uint32_t i, offset;
	133	WINSEC_ACL* ret_val;
[132]	134
[134]	135	/*
	136	* Note that the size is always a multiple of 4 bytes due to the
	137	* nature of the data structure.
	138	*/
	139	if (buf == NULL \|\| buf_len < 8)
	140	return NULL;
[132]	141
[134]	142	if((ret_val = (WINSEC_ACL*)zalloc(sizeof(WINSEC_ACL))) == NULL)
	143	return NULL;
	144
	145	ret_val->revision = SVAL(buf, 0x0);
	146	ret_val->size = SVAL(buf, 0x2);
	147	ret_val->num_aces = IVAL(buf, 0x4);
[132]	148
[134]	149	/* The num_aces can be at most around 4k because anything greater
	150	* wouldn't fit in the 16 bit size even if every ace was as small as
	151	* possible.
	152	*/
	153	if((ret_val->size > buf_len) \|\| (ret_val->num_aces > 4095))
	154	{
	155	free(ret_val);
	156	return NULL;
	157	}
[132]	158
[134]	159	/* Even if the num_aces is zero, allocate memory as there's a difference
	160	* between a non-present DACL (allow all access) and a DACL with no ACE's
	161	* (allow no access).
	162	*/
	163	if((ret_val->aces = (WINSEC_ACE*)zcalloc(sizeof(WINSEC_ACE),
	164	ret_val->num_aces+1)) == NULL)
[133]	165	{
[134]	166	free(ret_val);
	167	return NULL;
[133]	168	}
[132]	169
[134]	170	offset = 8;
	171	for(i=0; i < ret_val->num_aces; i++)
	172	{
	173	ret_val->aces[i] = winsec_parse_ace(buf+offset, buf_len-offset);
	174	if(ret_val->aces[i] == NULL)
	175	{
	176	free(ret_val->aces);
	177	free(ret_val);
	178	return NULL;
	179	}
[132]	180
[134]	181	offset += ret_val->aces[i]->size;
	182	if(offset > buf_len)
	183	{
	184	free(ret_val->aces);
	185	free(ret_val);
	186	return NULL;
	187	}
	188	}
[132]	189
[134]	190	return ret_val;
[132]	191	}
	192
	193
[134]	194	/******************************************************************************
	195	* Parses a WINSEC_ACE structure and all substructures.
	196	******************************************************************************/
	197	WINSEC_ACE* winsec_parse_ace(const uint8_t* buf, uint32_t buf_len)
[132]	198	{
[134]	199	uint32_t offset;
	200	WINSEC_ACE* ret_val;
[132]	201
[134]	202	if(buf == NULL \|\| buf_len < WINSEC_ACE_MIN_SIZE)
	203	return NULL;
[132]	204
[134]	205	if((ret_val = (WINSEC_ACE*)zalloc(sizeof(WINSEC_ACE))) == NULL)
	206	return NULL;
[132]	207
[134]	208	ret_val->type = buf[0];
	209	ret_val->flags = buf[1];
	210	ret_val->size = SVAL(buf, 0x2);
	211	ret_val->access_mask = IVAL(buf, 0x4);
[132]	212
[134]	213	offset = 0x8;
[132]	214
	215	/* check whether object access is present */
[134]	216	if (winsec_ace_object(ret_val->type))
[132]	217	{
[134]	218	ret_val->obj_flags = IVAL(buf, offset);
	219	offset += 4;
[132]	220
[134]	221	if(ret_val->obj_flags & WINSEC_ACE_OBJECT_PRESENT)
	222	{
	223	ret_val->obj_guid = winsec_parse_uuid(buf+offset, buf_len-offset);
	224	if(ret_val->obj_guid == NULL)
	225	{
	226	free(ret_val);
	227	return NULL;
	228	}
	229	offset += sizeof(WINSEC_UUID);
	230	}
[132]	231
[134]	232	if(ret_val->obj_flags & WINSEC_ACE_OBJECT_INHERITED_PRESENT)
	233	{
	234	ret_val->inh_guid = winsec_parse_uuid(buf+offset, buf_len-offset);
	235	if(ret_val->inh_guid == NULL)
	236	{
	237	if(ret_val->obj_guid != NULL)
	238	free(ret_val->obj_guid);
	239	free(ret_val);
	240	return NULL;
	241	}
	242	offset += sizeof(WINSEC_UUID);
	243	}
	244	}
[132]	245
[134]	246	ret_val->trustee = winsec_parse_dom_sid(buf+offset, buf_len-offset);
	247	if(ret_val->trustee == NULL)
	248	{
	249	if(ret_val->obj_guid != NULL)
	250	free(ret_val->obj_guid);
	251	if(ret_val->inh_guid != NULL)
	252	free(ret_val->inh_guid);
	253	free(ret_val);
	254	return NULL;
[132]	255	}
[134]	256
	257	return ret_val;
[132]	258	}
	259
	260
[134]	261	/******************************************************************************
	262	* Parses a WINSEC_DOM_SID structure.
	263	******************************************************************************/
	264	WINSEC_DOM_SID* winsec_parse_dom_sid(const uint8_t* buf, uint32_t buf_len)
[132]	265	{
[134]	266	uint32_t i;
	267	WINSEC_DOM_SID* ret_val;
[132]	268
[134]	269	if(buf == NULL \|\| buf_len < 8)
	270	return NULL;
[132]	271
[134]	272	if((ret_val = (WINSEC_DOM_SID*)zalloc(sizeof(WINSEC_DOM_SID))) == NULL)
	273	return NULL;
[132]	274
[134]	275	ret_val->sid_rev_num = buf[0];
	276	ret_val->num_auths = buf[1];
	277	memcpy(ret_val->id_auth, buf+2, 6);
[132]	278
[134]	279	/* XXX: should really issue a warning here... */
	280	if (ret_val->num_auths > WINSEC_MAX_SUBAUTHS)
	281	ret_val->num_auths = WINSEC_MAX_SUBAUTHS;
	282
	283	if(buf_len < ret_val->num_auths*sizeof(uint32_t)+8)
[132]	284	{
[134]	285	free(ret_val);
	286	return NULL;
[132]	287	}
[134]	288
	289	for(i=0; i < ret_val->num_auths; i++)
	290	ret_val->sub_auths[i] = IVAL(buf, 8+i*sizeof(uint32_t));
[132]	291
[134]	292	return ret_val;
	293	}
[132]	294
	295
[134]	296	/******************************************************************************
	297	* Parses a WINSEC_UUID struct.
	298	******************************************************************************/
	299	WINSEC_UUID* winsec_parse_uuid(const uint8_t* buf, uint32_t buf_len)
	300	{
	301	WINSEC_UUID* ret_val;
	302
	303	if(buf == NULL \|\| buf_len < sizeof(WINSEC_UUID))
[133]	304	return false;
[132]	305
[134]	306	if((ret_val = (WINSEC_UUID*)zalloc(sizeof(WINSEC_UUID))) == NULL)
	307	return NULL;
	308
	309	ret_val->time_low = IVAL(buf, 0x0);
	310	ret_val->time_mid = SVAL(buf, 0x4);
	311	ret_val->time_hi_and_version = SVAL(buf, 0x6);
	312
	313	memcpy(ret_val->clock_seq, buf+0x8, 2);
	314	memcpy(ret_val->node, buf+0xB, 6);
[132]	315
[134]	316	return ret_val;
[132]	317	}
	318
	319
[134]	320	/******************************************************************************
	321	* Calculates the size of a SID.
	322	******************************************************************************/
	323	/size_t sid_size(const WINSEC_DOM_SID sid)*/
	324	size_t winsec_sid_size(const WINSEC_DOM_SID* sid)
[132]	325	{
[133]	326	if (sid == NULL)
	327	return 0;
[132]	328
[134]	329	return sid->num_auths * sizeof(uint32_t) + 8;
[133]	330	}
[132]	331
	332
[134]	333	/******************************************************************************
	334	* Compare the auth portion of two SIDs.
	335	******************************************************************************/
	336	/int sid_compare_auth(const WINSEC_DOM_SID sid1, const WINSEC_DOM_SID sid2)/
	337	int winsec_sid_compare_auth(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2)
[133]	338	{
	339	int i;
[132]	340
[133]	341	if (sid1 == sid2)
	342	return 0;
	343	if (!sid1)
	344	return -1;
	345	if (!sid2)
	346	return 1;
[132]	347
[133]	348	if (sid1->sid_rev_num != sid2->sid_rev_num)
	349	return sid1->sid_rev_num - sid2->sid_rev_num;
[132]	350
[133]	351	for (i = 0; i < 6; i++)
	352	if (sid1->id_auth[i] != sid2->id_auth[i])
	353	return sid1->id_auth[i] - sid2->id_auth[i];
[132]	354
[133]	355	return 0;
	356	}
[132]	357
	358
[134]	359	/******************************************************************************
	360	* Compare two SIDs.
	361	******************************************************************************/
	362	/int sid_compare(const WINSEC_DOM_SID sid1, const WINSEC_DOM_SID sid2)/
	363	int winsec_sid_compare(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2)
[133]	364	{
	365	int i;
[132]	366
[133]	367	if (sid1 == sid2)
	368	return 0;
	369	if (!sid1)
	370	return -1;
	371	if (!sid2)
	372	return 1;
[132]	373
[133]	374	/* Compare most likely different rids, first: i.e start at end */
	375	if (sid1->num_auths != sid2->num_auths)
	376	return sid1->num_auths - sid2->num_auths;
[132]	377
[133]	378	for (i = sid1->num_auths-1; i >= 0; --i)
	379	if (sid1->sub_auths[i] != sid2->sub_auths[i])
	380	return sid1->sub_auths[i] - sid2->sub_auths[i];
[132]	381
[134]	382	return winsec_sid_compare_auth(sid1, sid2);
[133]	383	}
[132]	384
	385
[134]	386	/******************************************************************************
	387	* Compare two SIDs.
	388	******************************************************************************/
	389	bool winsec_sid_equal(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2)
[133]	390	{
[134]	391	return winsec_sid_compare(sid1, sid2) == 0;
[133]	392	}
[132]	393
	394
[134]	395	/******************************************************************************
	396	* Compares two WINSEC_DESC structures.
	397	******************************************************************************/
	398	bool winsec_desc_equal(WINSEC_DESC* s1, WINSEC_DESC* s2)
[133]	399	{
[134]	400	/* Trivial cases */
	401	if (!s1 && !s2)
[133]	402	return true;
[134]	403	if (!s1 \|\| !s2)
	404	return false;
[132]	405
[134]	406	/* Check top level stuff */
	407	if (s1->revision != s2->revision)
	408	return false;
[132]	409
[134]	410	if (s1->control != s2->control)
[132]	411	return false;
	412
[134]	413	/* Check owner and group */
	414	if (!winsec_sid_equal(s1->owner_sid, s2->owner_sid))
	415	return false;
	416
	417	if (!winsec_sid_equal(s1->grp_sid, s2->grp_sid))
	418	return false;
	419
	420	/* Check ACLs present in one but not the other */
	421	if ((s1->dacl && !s2->dacl) \|\| (!s1->dacl && s2->dacl) \|\|
	422	(s1->sacl && !s2->sacl) \|\| (!s1->sacl && s2->sacl))
[132]	423	{ return false; }
	424
[134]	425	/* Sigh - we have to do it the hard way by iterating over all
	426	the ACEs in the ACLs */
	427	if(!winsec_acl_equal(s1->dacl, s2->dacl) \|\| !winsec_acl_equal(s1->sacl, s2->sacl))
[132]	428	return false;
	429
	430	return true;
	431	}
	432
	433
[134]	434
	435	/******************************************************************************
	436	* Compares two WINSEC_ACL structures.
	437	******************************************************************************/
	438	bool winsec_acl_equal(WINSEC_ACL* s1, WINSEC_ACL* s2)
[132]	439	{
	440	unsigned int i, j;
	441
	442	/* Trivial cases */
	443	if (!s1 && !s2)
	444	return true;
	445	if (!s1 \|\| !s2)
	446	return false;
	447
	448	/* Check top level stuff */
	449	if (s1->revision != s2->revision)
	450	return false;
	451
	452	if (s1->num_aces != s2->num_aces)
	453	return false;
	454
	455	/* The ACEs could be in any order so check each ACE in s1 against
	456	each ACE in s2. */
	457
[134]	458	for (i = 0; i < s1->num_aces; i++)
[132]	459	{
	460	bool found = false;
	461
	462	for (j = 0; j < s2->num_aces; j++)
	463	{
[134]	464	if (winsec_ace_equal(s1->aces[i], s2->aces[j]))
[132]	465	{
	466	found = true;
	467	break;
	468	}
	469	}
	470
	471	if (!found)
	472	return false;
	473	}
	474
	475	return true;
	476	}
	477
	478
[134]	479	/******************************************************************************
	480	* Compares two WINSEC_ACE structures.
	481	******************************************************************************/
	482	bool winsec_ace_equal(WINSEC_ACE* s1, WINSEC_ACE* s2)
[132]	483	{
	484	/* Trivial cases */
[134]	485	if (!s1 && !s2)
[132]	486	return true;
[134]	487	if (!s1 \|\| !s2)
[132]	488	return false;
	489
	490	/* Check top level stuff */
[134]	491	if (s1->type != s2->type \|\| s1->flags != s2->flags \|\|
	492	s1->access_mask != s2->access_mask)
	493	{ return false; }
[132]	494
[134]	495	/* Check SID */
	496	if (!winsec_sid_equal(s1->trustee, s2->trustee))
[132]	497	return false;
	498
[134]	499	return true;
	500	}
[132]	501
	502
[134]	503	/******************************************************************************
	504	* Check if ACE has OBJECT type.
	505	******************************************************************************/
	506	bool winsec_ace_object(uint8_t type)
	507	{
	508	if (type == WINSEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT \|\|
	509	type == WINSEC_ACE_TYPE_ACCESS_DENIED_OBJECT \|\|
	510	type == WINSEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT \|\|
	511	type == WINSEC_ACE_TYPE_SYSTEM_ALARM_OBJECT)
	512	{ return true; }
[132]	513
[134]	514	return false;
[132]	515	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/lib/winsec.c @ 146

Download in other formats: