Changeset 134 for trunk/include/winsec.h

Timestamp:

01/16/09 13:36:04 (15 years ago)

Author:

tim

Message:

rewrote winsec library, stripping out Samba dependencies

eliminated remaining Samba prs functions

added support for 'li' subkey list records

File:

• trunk/include/winsec.h (modified) (3 diffs)

trunk/include/winsec.h

@@ -3 +3 @@
  * Security Descriptors. See:
  *   http://websvn.samba.org/cgi-bin/viewcvs.cgi/trunk/source/
+ *
+ * Revisions have been made based on information provided by Microsoft
+ * at: 
+ *    http://msdn.microsoft.com/en-us/library/cc230366(PROT.10).aspx
  *
  * Copyright (C) 2005,2009 Timothy D. Morgan
@@ -23 +27 @@
  */
 
+#ifndef _WINSEC_H
+#define _WINSEC_H
+
 #include <stdlib.h>
 #include <stdbool.h>
+#include <stdint.h>
 #include <stdio.h>
 #include <string.h>
@@ -36 +44 @@
 
 
-#define MAXSUBAUTHS 15
+/* This is the maximum number of subauths in a SID, as defined here:
+ *   http://msdn.microsoft.com/en-us/library/cc230371(PROT.10).aspx
+ */
+#define WINSEC_MAX_SUBAUTHS 15
 
-#define SEC_DESC_HEADER_SIZE     (2 * sizeof(uint16) + 4 * sizeof(uint32))
-                                 /*thanks for Jim McDonough <jmcd@us.ibm.com>*/
-#define SEC_DESC_DACL_PRESENT    0x0004
-#define SEC_DESC_SACL_PRESENT    0x0010
+#define WINSEC_DESC_HEADER_SIZE     (5 * sizeof(uint32_t))
+#define WINSEC_ACL_HEADER_SIZE      (2 * sizeof(uint32_t))
+#define WINSEC_ACE_MIN_SIZE         16
 
-#define SEC_ACE_OBJECT_PRESENT              0x00000001 
-#define SEC_ACE_OBJECT_INHERITED_PRESENT    0x00000002
-#define SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT  0x5
-#define SEC_ACE_TYPE_ACCESS_DENIED_OBJECT   0x6
-#define SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT    0x7
-#define SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT    0x8
+/* TODO: Fill in definitions of other flags */
+/* This means offsets contained in the descriptor are relative to the
+ * descriptor's offset.  This had better be true in the registry. 
+ */
+#define WINSEC_DESC_SELF_RELATIVE   0x8000
+#define WINSEC_DESC_SACL_PRESENT    0x0010
+#define WINSEC_DESC_DACL_PRESENT    0x0004
+
+#define WINSEC_ACE_OBJECT_PRESENT              0x00000001 
+#define WINSEC_ACE_OBJECT_INHERITED_PRESENT    0x00000002
+#define WINSEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT  0x5
+#define WINSEC_ACE_TYPE_ACCESS_DENIED_OBJECT   0x6
+#define WINSEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT    0x7
+#define WINSEC_ACE_TYPE_SYSTEM_ALARM_OBJECT    0x8
 
 
-typedef struct sid_info
+typedef struct _winsec_uuid 
 {
-  uint8  sid_rev_num;             /**< SID revision number */
-  uint8  num_auths;               /**< Number of sub-authorities */
-  uint8  id_auth[6];              /**< Identifier Authority */
+       uint32 time_low;
+       uint16 time_mid;
+       uint16 time_hi_and_version;
+       uint8  clock_seq[2];
+       uint8  node[6];
+} WINSEC_UUID;
+
+
+typedef struct _winsec_sid
+{
+  uint8_t  sid_rev_num;             /* SID revision number */
+  uint8_t  num_auths;               /* Number of sub-authorities */
+  uint8_t  id_auth[6];              /* Identifier Authority */
   /*
    *  Pointer to sub-authorities.
    *
-   * @note The values in these uint32's are in *native* byteorder, not
+   * @note The values in these uint32_t's are in *native* byteorder, not
    * neccessarily little-endian...... JRA.
    */
-  uint32 sub_auths[MAXSUBAUTHS];
-} DOM_SID;
+  /* XXX: Make this dynamically allocated? */
+  uint32_t sub_auths[WINSEC_MAX_SUBAUTHS];
+} WINSEC_DOM_SID;
 
 
-typedef struct security_info_info
+typedef struct _winsec_ace
 {
-        uint32 mask;
-
-} SEC_ACCESS;
-
-typedef struct security_ace_info
-{
-        uint8 type;  /* xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc */
-        uint8 flags; /* xxxx_INHERIT_xxxx - e.g OBJECT_INHERIT_ACE */
-        uint16 size;
-
-        SEC_ACCESS info;
+        uint8_t type;  /* xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc */
+        uint8_t flags; /* xxxx_INHERIT_xxxx - e.g OBJECT_INHERIT_ACE */
+        uint16_t size;
+        uint32_t access_mask;
 
         /* this stuff may be present when type is XXXX_TYPE_XXXX_OBJECT */
-        uint32  obj_flags; /* xxxx_ACE_OBJECT_xxxx e.g present/inherited present etc */
-        struct uuid obj_guid;  /* object GUID */
-        struct uuid inh_guid;  /* inherited object GUID */              
+        uint32_t  obj_flags;   /* xxxx_ACE_OBJECT_xxxx e.g present/inherited present etc */
+        WINSEC_UUID* obj_guid;  /* object GUID */
+        WINSEC_UUID* inh_guid;  /* inherited object GUID */             
         /* eof object stuff */
 
-        DOM_SID trustee;
+        WINSEC_DOM_SID* trustee;
 
-} SEC_ACE;
+} WINSEC_ACE;
 
-typedef struct security_acl_info
+typedef struct _winsec_acl
 {
-        uint16 revision; /* 0x0003 */
-        uint16 size; /* size in bytes of the entire ACL structure */
-        uint32 num_aces; /* number of Access Control Entries */
+        uint16_t revision; /* 0x0003 */
+        uint16_t size;     /* size in bytes of the entire ACL structure */
+        uint32_t num_aces; /* number of Access Control Entries */
 
-        SEC_ACE *ace;
+        WINSEC_ACE** aces;
 
-} SEC_ACL;
+} WINSEC_ACL;
 
-typedef struct security_descriptor_info
+typedef struct _winsec_desc
 {
-        uint16 revision; /* 0x0001 */
-        uint16 type;     /* SEC_DESC_xxxx flags */
+        uint8_t revision; /* 0x01 */
+        uint8_t sbz1;     /* "If the Control field has the RM flag set,
+                           *  then this field contains the resource
+                           *  manager (RM) control value. ... Otherwise,
+                           *  this field is reserved and MUST be set to
+                           *  zero." -- Microsoft.  See reference above.
+                           */
+        uint16_t control; /* WINSEC_DESC_* flags */
 
-        uint32 off_owner_sid; /* offset to owner sid */
-        uint32 off_grp_sid  ; /* offset to group sid */
-        uint32 off_sacl     ; /* offset to system list of permissions */
-        uint32 off_dacl     ; /* offset to list of permissions */
+        uint32_t off_owner_sid; /* offset to owner sid */
+        uint32_t off_grp_sid  ; /* offset to group sid */
+        uint32_t off_sacl     ; /* offset to system list of permissions */
+        uint32_t off_dacl     ; /* offset to list of permissions */
 
-        SEC_ACL *dacl; /* user ACL */
-        SEC_ACL *sacl; /* system ACL */
-        DOM_SID *owner_sid; 
-        DOM_SID *grp_sid;
+        WINSEC_DOM_SID* owner_sid; 
+        WINSEC_DOM_SID* grp_sid;
+        WINSEC_ACL* sacl;       /* system ACL */
+        WINSEC_ACL* dacl;       /* user ACL */
 
-} SEC_DESC;
+} WINSEC_DESC;
 
 
+/* XXX: Need API functions to deallocate these structures */
+WINSEC_DESC* winsec_parse_desc(const uint8_t* buf, uint32_t buf_len);
+WINSEC_ACL* winsec_parse_acl(const uint8_t* buf, uint32_t buf_len);
+WINSEC_ACE* winsec_parse_ace(const uint8_t* buf, uint32_t buf_len);
+WINSEC_DOM_SID* winsec_parse_dom_sid(const uint8_t* buf, uint32_t buf_len);
+WINSEC_UUID* winsec_parse_uuid(const uint8_t* buf, uint32_t buf_len);
 
-bool smb_io_dom_sid(const char *desc, DOM_SID *sid, prs_struct *ps, int depth);
-bool sec_io_access(const char *desc, SEC_ACCESS *t, prs_struct *ps, int depth);
-bool sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth);
-bool sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth);
-bool sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth);
+size_t winsec_sid_size(const WINSEC_DOM_SID* sid);
+int winsec_sid_compare_auth(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
+int winsec_sid_compare(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
+bool winsec_sid_equal(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
+bool winsec_desc_equal(WINSEC_DESC* s1, WINSEC_DESC* s2);
+bool winsec_acl_equal(WINSEC_ACL* s1, WINSEC_ACL* s2);
+bool winsec_ace_equal(WINSEC_ACE* s1, WINSEC_ACE* s2);
+bool winsec_ace_object(uint8_t type);
 
-size_t sid_size(const DOM_SID *sid);
-int sid_compare_auth(const DOM_SID *sid1, const DOM_SID *sid2);
-int sid_compare(const DOM_SID *sid1, const DOM_SID *sid2);
-bool sec_ace_equal(SEC_ACE *s1, SEC_ACE *s2);
-bool sec_acl_equal(SEC_ACL *s1, SEC_ACL *s2);
-bool sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2);
-bool sid_equal(const DOM_SID *sid1, const DOM_SID *sid2);
-bool sec_ace_object(uint8 type);
+#endif /* _WINSEC_H */