reglookup-doc/regfi/winsec_8h_source.html

 /*

  * Copyright (C) 2005,2009-2011 Timothy D. Morgan

  * Copyright (C) 1992-2005 Samba development team

  *

  * This program is free software; you can redistribute it and/or modify

  * it under the terms of the GNU General Public License as published by

  * the Free Software Foundation; version 3 of the License.

  *

  * This program is distributed in the hope that it will be useful,

  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  * GNU General Public License for more details.

  *

  * You should have received a copy of the GNU General Public License

  * along with this program; if not, write to the Free Software

  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

  *

  * $Id$

  */


 #ifndef _WINSEC_H

 #define _WINSEC_H


 #include <stdlib.h>

 #include <stdbool.h>

 #include <stdint.h>

 #include <stdio.h>

 #include <string.h>

 #include <errno.h>

 #include <fcntl.h>

 #include <sys/stat.h>

 #include <sys/types.h>

 #include <unistd.h>

 #include <talloc.h>


 #include "compat.h"

 #include "byteorder.h"


 /* This is the maximum number of subauths in a SID, as defined here:

  *   http://msdn.microsoft.com/en-us/library/cc230371(PROT.10).aspx

  */

 #define WINSEC_MAX_SUBAUTHS 15


 #define WINSEC_DESC_HEADER_SIZE     (5 * sizeof(uint32_t))

 #define WINSEC_ACL_HEADER_SIZE      (2 * sizeof(uint32_t))

 #define WINSEC_ACE_MIN_SIZE         16


 /* XXX: Fill in definitions of other flags */

 /* This self relative flag means offsets contained in the descriptor are relative

  * to the descriptor's offset.  This had better be true in the registry.

  */

 #define WINSEC_DESC_SELF_RELATIVE   0x8000

 #define WINSEC_DESC_SACL_PRESENT    0x0010

 #define WINSEC_DESC_DACL_PRESENT    0x0004


 #define WINSEC_ACE_OBJECT_PRESENT              0x00000001

 #define WINSEC_ACE_OBJECT_INHERITED_PRESENT    0x00000002

 #define WINSEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT  0x5

 #define WINSEC_ACE_TYPE_ACCESS_DENIED_OBJECT   0x6

 #define WINSEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT    0x7

 #define WINSEC_ACE_TYPE_SYSTEM_ALARM_OBJECT    0x8


 typedef struct _winsec_uuid

 {

   uint32_t time_low;


   uint16_t time_mid;


   uint16_t time_hi_and_version;


   uint8_t  clock_seq[2];


   uint8_t  node[6];

 } WINSEC_UUID;


 typedef struct _winsec_sid

 {

   uint8_t  sid_rev_num;


   uint8_t  num_auths;


   uint8_t  id_auth[6];


   uint32_t sub_auths[WINSEC_MAX_SUBAUTHS];   /* XXX: Make this dynamically allocated? */

 } WINSEC_DOM_SID;


 typedef struct _winsec_ace

 {

   uint8_t type;


   uint8_t flags;


   uint16_t size;


   uint32_t access_mask;


   /* This stuff may be present when type is XXXX_TYPE_XXXX_OBJECT */


   uint32_t  obj_flags;


   WINSEC_UUID* obj_guid;


   WINSEC_UUID* inh_guid;


   /* eof object stuff */


   WINSEC_DOM_SID* trustee;


 } WINSEC_ACE;


 typedef struct _winsec_acl

 {

   uint16_t revision;


   uint16_t size;


   uint32_t num_aces;


   WINSEC_ACE** aces;


 } WINSEC_ACL;


 typedef struct _winsec_desc

 {

   uint8_t revision;


   uint8_t sbz1;


   uint16_t control;


   uint32_t off_owner_sid;


   uint32_t off_grp_sid;


   uint32_t off_sacl;


   uint32_t off_dacl;


   WINSEC_DOM_SID* owner_sid;


   WINSEC_DOM_SID* grp_sid;


   WINSEC_ACL* sacl;


   WINSEC_ACL* dacl;


 } WINSEC_DESC;


 _EXPORT()

 WINSEC_DESC* winsec_parse_descriptor(const uint8_t* buf, uint32_t buf_len);


 _EXPORT()

 void winsec_free_descriptor(WINSEC_DESC* desc);


 _EXPORT()

 WINSEC_DESC* winsec_parse_desc(void* talloc_ctx,

                                const uint8_t* buf, uint32_t buf_len);


 _EXPORT()

 WINSEC_ACL* winsec_parse_acl(void* talloc_ctx,

                              const uint8_t* buf, uint32_t buf_len);


 _EXPORT()

 WINSEC_ACE* winsec_parse_ace(void* talloc_ctx,

                              const uint8_t* buf, uint32_t buf_len);


 _EXPORT()

 WINSEC_DOM_SID* winsec_parse_dom_sid(void* talloc_ctx,

                                      const uint8_t* buf, uint32_t buf_len);


 _EXPORT()

 WINSEC_UUID* winsec_parse_uuid(void* talloc_ctx,

                                const uint8_t* buf, uint32_t buf_len);


 _EXPORT()

 size_t winsec_sid_size(const WINSEC_DOM_SID* sid);


 _EXPORT()

 int winsec_sid_compare_auth(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);


 _EXPORT()

 int winsec_sid_compare(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);


 _EXPORT()

 bool winsec_sid_equal(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);


 _EXPORT()

 char* winsec_sid2str(const WINSEC_DOM_SID* sid);


 _EXPORT()

 bool winsec_desc_equal(WINSEC_DESC* s1, WINSEC_DESC* s2);


 _EXPORT()

 bool winsec_acl_equal(WINSEC_ACL* s1, WINSEC_ACL* s2);


 _EXPORT()

 bool winsec_ace_equal(WINSEC_ACE* s1, WINSEC_ACE* s2);


 _EXPORT()

 bool winsec_ace_object(uint8_t type);


 #endif /* _WINSEC_H */

byteorder.h
This file implements macros for machine independent short and int manipulation.

WINSEC_ACE
XXX: document this.
Definition: winsec.h:120

WINSEC_ACE::flags
uint8_t flags
xxxx_INHERIT_xxxx - e.g OBJECT_INHERIT_ACE
Definition: winsec.h:125

WINSEC_ACE::size
uint16_t size
XXX: finish documenting.
Definition: winsec.h:128

WINSEC_ACE::type
uint8_t type
xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc
Definition: winsec.h:122

WINSEC_ACE::obj_guid
WINSEC_UUID * obj_guid
Object GUID.
Definition: winsec.h:139

WINSEC_ACE::obj_flags
uint32_t obj_flags
xxxx_ACE_OBJECT_xxxx e.g present/inherited present etc
Definition: winsec.h:136

WINSEC_ACE::inh_guid
WINSEC_UUID * inh_guid
Inherited object GUID.
Definition: winsec.h:142

WINSEC_ACE::trustee
WINSEC_DOM_SID * trustee
XXX: finish documenting.
Definition: winsec.h:147

WINSEC_ACE::access_mask
uint32_t access_mask
XXX: finish documenting.
Definition: winsec.h:131

WINSEC_ACL
XXX: document this.
Definition: winsec.h:154

WINSEC_ACL::aces
WINSEC_ACE ** aces
XXX: document this.
Definition: winsec.h:165

WINSEC_ACL::size
uint16_t size
Size, in bytes, of the entire ACL structure.
Definition: winsec.h:159

WINSEC_ACL::num_aces
uint32_t num_aces
Number of Access Control Entries.
Definition: winsec.h:162

WINSEC_ACL::revision
uint16_t revision
0x0003
Definition: winsec.h:156

WINSEC_DESC
XXX: document this.
Definition: winsec.h:172

WINSEC_DESC::sbz1
uint8_t sbz1
XXX: better explain this.
Definition: winsec.h:184

WINSEC_DESC::revision
uint8_t revision
0x01
Definition: winsec.h:174

WINSEC_DESC::off_sacl
uint32_t off_sacl
Offset to system list of permissions.
Definition: winsec.h:196

WINSEC_DESC::dacl
WINSEC_ACL * dacl
User ACL.
Definition: winsec.h:211

WINSEC_DESC::control
uint16_t control
WINSEC_DESC_* flags.
Definition: winsec.h:187

WINSEC_DESC::off_grp_sid
uint32_t off_grp_sid
Offset to group sid.
Definition: winsec.h:193

WINSEC_DESC::sacl
WINSEC_ACL * sacl
System ACL.
Definition: winsec.h:208

WINSEC_DESC::grp_sid
WINSEC_DOM_SID * grp_sid
XXX: document this.
Definition: winsec.h:205

WINSEC_DESC::off_owner_sid
uint32_t off_owner_sid
Offset to owner sid.
Definition: winsec.h:190

WINSEC_DESC::off_dacl
uint32_t off_dacl
Offset to list of permissions.
Definition: winsec.h:199

WINSEC_DESC::owner_sid
WINSEC_DOM_SID * owner_sid
XXX: document this.
Definition: winsec.h:202

WINSEC_DOM_SID
XXX: document this.
Definition: winsec.h:99

WINSEC_DOM_SID::num_auths
uint8_t num_auths
Number of sub-authorities.
Definition: winsec.h:104

WINSEC_DOM_SID::sid_rev_num
uint8_t sid_rev_num
SID revision number.
Definition: winsec.h:101

WINSEC_UUID
XXX: document this.
Definition: winsec.h:79

WINSEC_UUID::time_mid
uint16_t time_mid
XXX: document this.
Definition: winsec.h:84

WINSEC_UUID::time_low
uint32_t time_low
XXX: document this.
Definition: winsec.h:81

WINSEC_UUID::time_hi_and_version
uint16_t time_hi_and_version
XXX: document this.
Definition: winsec.h:87

winsec_free_descriptor
void winsec_free_descriptor(WINSEC_DESC *desc)
XXX: finish documenting.
Definition: winsec.c:39

winsec_parse_uuid
WINSEC_UUID * winsec_parse_uuid(void *talloc_ctx, const uint8_t *buf, uint32_t buf_len)
XXX: finish documenting.
Definition: winsec.c:315

winsec_ace_equal
bool winsec_ace_equal(WINSEC_ACE *s1, WINSEC_ACE *s2)
XXX: finish documenting.
Definition: winsec.c:525

winsec_sid_compare
int winsec_sid_compare(const WINSEC_DOM_SID *sid1, const WINSEC_DOM_SID *sid2)
XXX: finish documenting.
Definition: winsec.c:377

winsec_parse_dom_sid
WINSEC_DOM_SID * winsec_parse_dom_sid(void *talloc_ctx, const uint8_t *buf, uint32_t buf_len)
XXX: finish documenting.
Definition: winsec.c:278

winsec_ace_object
bool winsec_ace_object(uint8_t type)
XXX: finish documenting.
Definition: winsec.c:549

winsec_acl_equal
bool winsec_acl_equal(WINSEC_ACL *s1, WINSEC_ACL *s2)
XXX: finish documenting.
Definition: winsec.c:481

winsec_sid_size
size_t winsec_sid_size(const WINSEC_DOM_SID *sid)
XXX: finish documenting.
Definition: winsec.c:340

winsec_sid_equal
bool winsec_sid_equal(const WINSEC_DOM_SID *sid1, const WINSEC_DOM_SID *sid2)
XXX: finish documenting.
Definition: winsec.c:403

winsec_parse_acl
WINSEC_ACL * winsec_parse_acl(void *talloc_ctx, const uint8_t *buf, uint32_t buf_len)
XXX: finish documenting.
Definition: winsec.c:144

winsec_sid_compare_auth
int winsec_sid_compare_auth(const WINSEC_DOM_SID *sid1, const WINSEC_DOM_SID *sid2)
XXX: finish documenting.
Definition: winsec.c:352

winsec_parse_descriptor
WINSEC_DESC * winsec_parse_descriptor(const uint8_t *buf, uint32_t buf_len)
XXX: finish documenting.
Definition: winsec.c:30

winsec_parse_ace
WINSEC_ACE * winsec_parse_ace(void *talloc_ctx, const uint8_t *buf, uint32_t buf_len)
XXX: finish documenting.
Definition: winsec.c:212

winsec_sid2str
char * winsec_sid2str(const WINSEC_DOM_SID *sid)
XXX: finish documenting.
Definition: winsec.c:411

winsec_desc_equal
bool winsec_desc_equal(WINSEC_DESC *s1, WINSEC_DESC *s2)
XXX: finish documenting.
Definition: winsec.c:441

winsec_parse_desc
WINSEC_DESC * winsec_parse_desc(void *talloc_ctx, const uint8_t *buf, uint32_t buf_len)
XXX: finish documenting.
Definition: winsec.c:48