regfi
Loading...
Searching...
No Matches
winsec.h
Go to the documentation of this file.
1/*
2 * Copyright (C) 2005,2009-2011 Timothy D. Morgan
3 * Copyright (C) 1992-2005 Samba development team
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; version 3 of the License.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
17 *
18 * $Id: winsec.h 261 2011-06-17 00:55:49Z tim $
19 */
20
33#ifndef _WINSEC_H
34#define _WINSEC_H
35
36#include <stdlib.h>
37#include <stdbool.h>
38#include <stdint.h>
39#include <stdio.h>
40#include <string.h>
41#include <errno.h>
42#include <fcntl.h>
43#include <sys/stat.h>
44#include <sys/types.h>
45#include <unistd.h>
46#include <talloc.h>
47
48#include "compat.h"
49#include "byteorder.h"
50
51
52/* This is the maximum number of subauths in a SID, as defined here:
53 * http://msdn.microsoft.com/en-us/library/cc230371(PROT.10).aspx
54 */
55#define WINSEC_MAX_SUBAUTHS 15
56
57#define WINSEC_DESC_HEADER_SIZE (5 * sizeof(uint32_t))
58#define WINSEC_ACL_HEADER_SIZE (2 * sizeof(uint32_t))
59#define WINSEC_ACE_MIN_SIZE 16
60
61/* XXX: Fill in definitions of other flags */
62/* This self relative flag means offsets contained in the descriptor are relative
63 * to the descriptor's offset. This had better be true in the registry.
64 */
65#define WINSEC_DESC_SELF_RELATIVE 0x8000
66#define WINSEC_DESC_SACL_PRESENT 0x0010
67#define WINSEC_DESC_DACL_PRESENT 0x0004
68
69#define WINSEC_ACE_OBJECT_PRESENT 0x00000001
70#define WINSEC_ACE_OBJECT_INHERITED_PRESENT 0x00000002
71#define WINSEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT 0x5
72#define WINSEC_ACE_TYPE_ACCESS_DENIED_OBJECT 0x6
73#define WINSEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT 0x7
74#define WINSEC_ACE_TYPE_SYSTEM_ALARM_OBJECT 0x8
75
76
78typedef struct _winsec_uuid
79{
81 uint32_t time_low;
82
84 uint16_t time_mid;
85
88
90 uint8_t clock_seq[2];
91
93 uint8_t node[6];
95
96
98typedef struct _winsec_sid
99{
101 uint8_t sid_rev_num;
102
104 uint8_t num_auths;
105
107 uint8_t id_auth[6];
108
114 uint32_t sub_auths[WINSEC_MAX_SUBAUTHS]; /* XXX: Make this dynamically allocated? */
116
117
119typedef struct _winsec_ace
120{
122 uint8_t type;
123
125 uint8_t flags;
126
128 uint16_t size;
129
131 uint32_t access_mask;
132
133 /* This stuff may be present when type is XXXX_TYPE_XXXX_OBJECT */
134
136 uint32_t obj_flags;
137
140
143
144 /* eof object stuff */
145
148
149} WINSEC_ACE;
150
151
153typedef struct _winsec_acl
154{
156 uint16_t revision;
157
159 uint16_t size;
160
162 uint32_t num_aces;
163
166
167} WINSEC_ACL;
168
169
171typedef struct _winsec_desc
172{
174 uint8_t revision;
175
184 uint8_t sbz1;
185
187 uint16_t control;
188
191
193 uint32_t off_grp_sid;
194
196 uint32_t off_sacl;
197
199 uint32_t off_dacl;
200
203
206
209
212
214
215
220_EXPORT()
221WINSEC_DESC* winsec_parse_descriptor(const uint8_t* buf, uint32_t buf_len);
222
223
228_EXPORT()
230
235_EXPORT()
236WINSEC_DESC* winsec_parse_desc(void* talloc_ctx,
237 const uint8_t* buf, uint32_t buf_len);
238
243_EXPORT()
244WINSEC_ACL* winsec_parse_acl(void* talloc_ctx,
245 const uint8_t* buf, uint32_t buf_len);
246
251_EXPORT()
252WINSEC_ACE* winsec_parse_ace(void* talloc_ctx,
253 const uint8_t* buf, uint32_t buf_len);
254
259_EXPORT()
260WINSEC_DOM_SID* winsec_parse_dom_sid(void* talloc_ctx,
261 const uint8_t* buf, uint32_t buf_len);
262
267_EXPORT()
268WINSEC_UUID* winsec_parse_uuid(void* talloc_ctx,
269 const uint8_t* buf, uint32_t buf_len);
270
271
276_EXPORT()
277size_t winsec_sid_size(const WINSEC_DOM_SID* sid);
278
283_EXPORT()
284int winsec_sid_compare_auth(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
285
290_EXPORT()
291int winsec_sid_compare(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
292
297_EXPORT()
298bool winsec_sid_equal(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
299
304_EXPORT()
305char* winsec_sid2str(const WINSEC_DOM_SID* sid);
306
311_EXPORT()
313
318_EXPORT()
320
325_EXPORT()
327
332_EXPORT()
333bool winsec_ace_object(uint8_t type);
334
335#endif /* _WINSEC_H */
This file implements macros for machine independent short and int manipulation.
XXX: document this.
Definition winsec.h:120
uint8_t flags
xxxx_INHERIT_xxxx - e.g OBJECT_INHERIT_ACE
Definition winsec.h:125
uint16_t size
XXX: finish documenting.
Definition winsec.h:128
uint8_t type
xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc
Definition winsec.h:122
WINSEC_UUID * obj_guid
Object GUID.
Definition winsec.h:139
uint32_t obj_flags
xxxx_ACE_OBJECT_xxxx e.g present/inherited present etc
Definition winsec.h:136
WINSEC_UUID * inh_guid
Inherited object GUID.
Definition winsec.h:142
WINSEC_DOM_SID * trustee
XXX: finish documenting.
Definition winsec.h:147
uint32_t access_mask
XXX: finish documenting.
Definition winsec.h:131
XXX: document this.
Definition winsec.h:154
WINSEC_ACE ** aces
XXX: document this.
Definition winsec.h:165
uint16_t size
Size, in bytes, of the entire ACL structure.
Definition winsec.h:159
uint32_t num_aces
Number of Access Control Entries.
Definition winsec.h:162
uint16_t revision
0x0003
Definition winsec.h:156
XXX: document this.
Definition winsec.h:172
uint8_t sbz1
XXX: better explain this.
Definition winsec.h:184
uint8_t revision
0x01
Definition winsec.h:174
uint32_t off_sacl
Offset to system list of permissions.
Definition winsec.h:196
WINSEC_ACL * dacl
User ACL.
Definition winsec.h:211
uint16_t control
WINSEC_DESC_* flags.
Definition winsec.h:187
uint32_t off_grp_sid
Offset to group sid.
Definition winsec.h:193
WINSEC_ACL * sacl
System ACL.
Definition winsec.h:208
WINSEC_DOM_SID * grp_sid
XXX: document this.
Definition winsec.h:205
uint32_t off_owner_sid
Offset to owner sid.
Definition winsec.h:190
uint32_t off_dacl
Offset to list of permissions.
Definition winsec.h:199
WINSEC_DOM_SID * owner_sid
XXX: document this.
Definition winsec.h:202
XXX: document this.
Definition winsec.h:99
uint8_t num_auths
Number of sub-authorities.
Definition winsec.h:104
uint8_t sid_rev_num
SID revision number.
Definition winsec.h:101
XXX: document this.
Definition winsec.h:79
uint16_t time_mid
XXX: document this.
Definition winsec.h:84
uint32_t time_low
XXX: document this.
Definition winsec.h:81
uint16_t time_hi_and_version
XXX: document this.
Definition winsec.h:87
void winsec_free_descriptor(WINSEC_DESC *desc)
XXX: finish documenting.
Definition winsec.c:39
WINSEC_DESC * winsec_parse_desc(void *talloc_ctx, const uint8_t *buf, uint32_t buf_len)
XXX: finish documenting.
Definition winsec.c:48
bool winsec_ace_equal(WINSEC_ACE *s1, WINSEC_ACE *s2)
XXX: finish documenting.
Definition winsec.c:525
WINSEC_ACL * winsec_parse_acl(void *talloc_ctx, const uint8_t *buf, uint32_t buf_len)
XXX: finish documenting.
Definition winsec.c:144
int winsec_sid_compare(const WINSEC_DOM_SID *sid1, const WINSEC_DOM_SID *sid2)
XXX: finish documenting.
Definition winsec.c:377
bool winsec_ace_object(uint8_t type)
XXX: finish documenting.
Definition winsec.c:549
bool winsec_acl_equal(WINSEC_ACL *s1, WINSEC_ACL *s2)
XXX: finish documenting.
Definition winsec.c:481
size_t winsec_sid_size(const WINSEC_DOM_SID *sid)
XXX: finish documenting.
Definition winsec.c:340
bool winsec_sid_equal(const WINSEC_DOM_SID *sid1, const WINSEC_DOM_SID *sid2)
XXX: finish documenting.
Definition winsec.c:403
char * winsec_sid2str(const WINSEC_DOM_SID *sid)
XXX: finish documenting.
Definition winsec.c:411
WINSEC_ACE * winsec_parse_ace(void *talloc_ctx, const uint8_t *buf, uint32_t buf_len)
XXX: finish documenting.
Definition winsec.c:212
int winsec_sid_compare_auth(const WINSEC_DOM_SID *sid1, const WINSEC_DOM_SID *sid2)
XXX: finish documenting.
Definition winsec.c:352
WINSEC_UUID * winsec_parse_uuid(void *talloc_ctx, const uint8_t *buf, uint32_t buf_len)
XXX: finish documenting.
Definition winsec.c:315
WINSEC_DOM_SID * winsec_parse_dom_sid(void *talloc_ctx, const uint8_t *buf, uint32_t buf_len)
XXX: finish documenting.
Definition winsec.c:278
WINSEC_DESC * winsec_parse_descriptor(const uint8_t *buf, uint32_t buf_len)
XXX: finish documenting.
Definition winsec.c:30
bool winsec_desc_equal(WINSEC_DESC *s1, WINSEC_DESC *s2)
XXX: finish documenting.
Definition winsec.c:441