Changeset 134 for trunk/include/winsec.h
- Timestamp:
- 01/16/09 13:36:04 (16 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/include/winsec.h
r133 r134 3 3 * Security Descriptors. See: 4 4 * http://websvn.samba.org/cgi-bin/viewcvs.cgi/trunk/source/ 5 * 6 * Revisions have been made based on information provided by Microsoft 7 * at: 8 * http://msdn.microsoft.com/en-us/library/cc230366(PROT.10).aspx 5 9 * 6 10 * Copyright (C) 2005,2009 Timothy D. Morgan … … 23 27 */ 24 28 29 #ifndef _WINSEC_H 30 #define _WINSEC_H 31 25 32 #include <stdlib.h> 26 33 #include <stdbool.h> 34 #include <stdint.h> 27 35 #include <stdio.h> 28 36 #include <string.h> … … 36 44 37 45 38 #define MAXSUBAUTHS 15 46 /* This is the maximum number of subauths in a SID, as defined here: 47 * http://msdn.microsoft.com/en-us/library/cc230371(PROT.10).aspx 48 */ 49 #define WINSEC_MAX_SUBAUTHS 15 39 50 40 #define SEC_DESC_HEADER_SIZE (2 * sizeof(uint16) + 4 * sizeof(uint32)) 41 /*thanks for Jim McDonough <jmcd@us.ibm.com>*/ 42 #define SEC_DESC_DACL_PRESENT 0x0004 43 #define SEC_DESC_SACL_PRESENT 0x0010 51 #define WINSEC_DESC_HEADER_SIZE (5 * sizeof(uint32_t)) 52 #define WINSEC_ACL_HEADER_SIZE (2 * sizeof(uint32_t)) 53 #define WINSEC_ACE_MIN_SIZE 16 44 54 45 #define SEC_ACE_OBJECT_PRESENT 0x00000001 46 #define SEC_ACE_OBJECT_INHERITED_PRESENT 0x00000002 47 #define SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT 0x5 48 #define SEC_ACE_TYPE_ACCESS_DENIED_OBJECT 0x6 49 #define SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT 0x7 50 #define SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT 0x8 55 /* TODO: Fill in definitions of other flags */ 56 /* This means offsets contained in the descriptor are relative to the 57 * descriptor's offset. This had better be true in the registry. 58 */ 59 #define WINSEC_DESC_SELF_RELATIVE 0x8000 60 #define WINSEC_DESC_SACL_PRESENT 0x0010 61 #define WINSEC_DESC_DACL_PRESENT 0x0004 62 63 #define WINSEC_ACE_OBJECT_PRESENT 0x00000001 64 #define WINSEC_ACE_OBJECT_INHERITED_PRESENT 0x00000002 65 #define WINSEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT 0x5 66 #define WINSEC_ACE_TYPE_ACCESS_DENIED_OBJECT 0x6 67 #define WINSEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT 0x7 68 #define WINSEC_ACE_TYPE_SYSTEM_ALARM_OBJECT 0x8 51 69 52 70 53 typedef struct sid_info71 typedef struct _winsec_uuid 54 72 { 55 uint8 sid_rev_num; /**< SID revision number */ 56 uint8 num_auths; /**< Number of sub-authorities */ 57 uint8 id_auth[6]; /**< Identifier Authority */ 73 uint32 time_low; 74 uint16 time_mid; 75 uint16 time_hi_and_version; 76 uint8 clock_seq[2]; 77 uint8 node[6]; 78 } WINSEC_UUID; 79 80 81 typedef struct _winsec_sid 82 { 83 uint8_t sid_rev_num; /* SID revision number */ 84 uint8_t num_auths; /* Number of sub-authorities */ 85 uint8_t id_auth[6]; /* Identifier Authority */ 58 86 /* 59 87 * Pointer to sub-authorities. 60 88 * 61 * @note The values in these uint32 's are in *native* byteorder, not89 * @note The values in these uint32_t's are in *native* byteorder, not 62 90 * neccessarily little-endian...... JRA. 63 91 */ 64 uint32 sub_auths[MAXSUBAUTHS]; 65 } DOM_SID; 92 /* XXX: Make this dynamically allocated? */ 93 uint32_t sub_auths[WINSEC_MAX_SUBAUTHS]; 94 } WINSEC_DOM_SID; 66 95 67 96 68 typedef struct security_info_info97 typedef struct _winsec_ace 69 98 { 70 uint32 mask; 71 72 } SEC_ACCESS; 73 74 typedef struct security_ace_info 75 { 76 uint8 type; /* xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc */ 77 uint8 flags; /* xxxx_INHERIT_xxxx - e.g OBJECT_INHERIT_ACE */ 78 uint16 size; 79 80 SEC_ACCESS info; 99 uint8_t type; /* xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc */ 100 uint8_t flags; /* xxxx_INHERIT_xxxx - e.g OBJECT_INHERIT_ACE */ 101 uint16_t size; 102 uint32_t access_mask; 81 103 82 104 /* this stuff may be present when type is XXXX_TYPE_XXXX_OBJECT */ 83 uint32 obj_flags;/* xxxx_ACE_OBJECT_xxxx e.g present/inherited present etc */84 struct uuidobj_guid; /* object GUID */85 struct uuidinh_guid; /* inherited object GUID */105 uint32_t obj_flags; /* xxxx_ACE_OBJECT_xxxx e.g present/inherited present etc */ 106 WINSEC_UUID* obj_guid; /* object GUID */ 107 WINSEC_UUID* inh_guid; /* inherited object GUID */ 86 108 /* eof object stuff */ 87 109 88 DOM_SIDtrustee;110 WINSEC_DOM_SID* trustee; 89 111 90 } SEC_ACE;112 } WINSEC_ACE; 91 113 92 typedef struct security_acl_info114 typedef struct _winsec_acl 93 115 { 94 uint16 revision; /* 0x0003 */95 uint16 size;/* size in bytes of the entire ACL structure */96 uint32 num_aces; /* number of Access Control Entries */116 uint16_t revision; /* 0x0003 */ 117 uint16_t size; /* size in bytes of the entire ACL structure */ 118 uint32_t num_aces; /* number of Access Control Entries */ 97 119 98 SEC_ACE *ace;120 WINSEC_ACE** aces; 99 121 100 } SEC_ACL;122 } WINSEC_ACL; 101 123 102 typedef struct security_descriptor_info124 typedef struct _winsec_desc 103 125 { 104 uint16 revision; /* 0x0001 */ 105 uint16 type; /* SEC_DESC_xxxx flags */ 126 uint8_t revision; /* 0x01 */ 127 uint8_t sbz1; /* "If the Control field has the RM flag set, 128 * then this field contains the resource 129 * manager (RM) control value. ... Otherwise, 130 * this field is reserved and MUST be set to 131 * zero." -- Microsoft. See reference above. 132 */ 133 uint16_t control; /* WINSEC_DESC_* flags */ 106 134 107 uint32 off_owner_sid; /* offset to owner sid */108 uint32 off_grp_sid ; /* offset to group sid */109 uint32 off_sacl ; /* offset to system list of permissions */110 uint32 off_dacl ; /* offset to list of permissions */135 uint32_t off_owner_sid; /* offset to owner sid */ 136 uint32_t off_grp_sid ; /* offset to group sid */ 137 uint32_t off_sacl ; /* offset to system list of permissions */ 138 uint32_t off_dacl ; /* offset to list of permissions */ 111 139 112 SEC_ACL *dacl; /* user ACL */113 SEC_ACL *sacl; /* system ACL */114 DOM_SID *owner_sid;115 DOM_SID *grp_sid;140 WINSEC_DOM_SID* owner_sid; 141 WINSEC_DOM_SID* grp_sid; 142 WINSEC_ACL* sacl; /* system ACL */ 143 WINSEC_ACL* dacl; /* user ACL */ 116 144 117 } SEC_DESC;145 } WINSEC_DESC; 118 146 119 147 148 /* XXX: Need API functions to deallocate these structures */ 149 WINSEC_DESC* winsec_parse_desc(const uint8_t* buf, uint32_t buf_len); 150 WINSEC_ACL* winsec_parse_acl(const uint8_t* buf, uint32_t buf_len); 151 WINSEC_ACE* winsec_parse_ace(const uint8_t* buf, uint32_t buf_len); 152 WINSEC_DOM_SID* winsec_parse_dom_sid(const uint8_t* buf, uint32_t buf_len); 153 WINSEC_UUID* winsec_parse_uuid(const uint8_t* buf, uint32_t buf_len); 120 154 121 bool smb_io_dom_sid(const char *desc, DOM_SID *sid, prs_struct *ps, int depth); 122 bool sec_io_access(const char *desc, SEC_ACCESS *t, prs_struct *ps, int depth); 123 bool sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth); 124 bool sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth); 125 bool sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth); 155 size_t winsec_sid_size(const WINSEC_DOM_SID* sid); 156 int winsec_sid_compare_auth(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2); 157 int winsec_sid_compare(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2); 158 bool winsec_sid_equal(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2); 159 bool winsec_desc_equal(WINSEC_DESC* s1, WINSEC_DESC* s2); 160 bool winsec_acl_equal(WINSEC_ACL* s1, WINSEC_ACL* s2); 161 bool winsec_ace_equal(WINSEC_ACE* s1, WINSEC_ACE* s2); 162 bool winsec_ace_object(uint8_t type); 126 163 127 size_t sid_size(const DOM_SID *sid); 128 int sid_compare_auth(const DOM_SID *sid1, const DOM_SID *sid2); 129 int sid_compare(const DOM_SID *sid1, const DOM_SID *sid2); 130 bool sec_ace_equal(SEC_ACE *s1, SEC_ACE *s2); 131 bool sec_acl_equal(SEC_ACL *s1, SEC_ACL *s2); 132 bool sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2); 133 bool sid_equal(const DOM_SID *sid1, const DOM_SID *sid2); 134 bool sec_ace_object(uint8 type); 164 #endif /* _WINSEC_H */
Note: See TracChangeset
for help on using the changeset viewer.