regfi
 All Data Structures Files Functions Variables Groups Pages
winsec.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2005,2009-2011 Timothy D. Morgan
3  * Copyright (C) 1992-2005 Samba development team
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License as published by
7  * the Free Software Foundation; version 3 of the License.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
17  *
18  * $Id: winsec.h 261 2011-06-17 00:55:49Z tim $
19  */
20 
33 #ifndef _WINSEC_H
34 #define _WINSEC_H
35 
36 #include <stdlib.h>
37 #include <stdbool.h>
38 #include <stdint.h>
39 #include <stdio.h>
40 #include <string.h>
41 #include <errno.h>
42 #include <fcntl.h>
43 #include <sys/stat.h>
44 #include <sys/types.h>
45 #include <unistd.h>
46 #include <talloc.h>
47 
48 #include "compat.h"
49 #include "byteorder.h"
50 
51 
52 /* This is the maximum number of subauths in a SID, as defined here:
53  * http://msdn.microsoft.com/en-us/library/cc230371(PROT.10).aspx
54  */
55 #define WINSEC_MAX_SUBAUTHS 15
56 
57 #define WINSEC_DESC_HEADER_SIZE (5 * sizeof(uint32_t))
58 #define WINSEC_ACL_HEADER_SIZE (2 * sizeof(uint32_t))
59 #define WINSEC_ACE_MIN_SIZE 16
60 
61 /* XXX: Fill in definitions of other flags */
62 /* This self relative flag means offsets contained in the descriptor are relative
63  * to the descriptor's offset. This had better be true in the registry.
64  */
65 #define WINSEC_DESC_SELF_RELATIVE 0x8000
66 #define WINSEC_DESC_SACL_PRESENT 0x0010
67 #define WINSEC_DESC_DACL_PRESENT 0x0004
68 
69 #define WINSEC_ACE_OBJECT_PRESENT 0x00000001
70 #define WINSEC_ACE_OBJECT_INHERITED_PRESENT 0x00000002
71 #define WINSEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT 0x5
72 #define WINSEC_ACE_TYPE_ACCESS_DENIED_OBJECT 0x6
73 #define WINSEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT 0x7
74 #define WINSEC_ACE_TYPE_SYSTEM_ALARM_OBJECT 0x8
75 
76 
78 typedef struct _winsec_uuid
79 {
81  uint32_t time_low;
82 
84  uint16_t time_mid;
85 
88 
90  uint8_t clock_seq[2];
91 
93  uint8_t node[6];
94 } WINSEC_UUID;
95 
96 
98 typedef struct _winsec_sid
99 {
101  uint8_t sid_rev_num;
102 
104  uint8_t num_auths;
105 
107  uint8_t id_auth[6];
108 
114  uint32_t sub_auths[WINSEC_MAX_SUBAUTHS]; /* XXX: Make this dynamically allocated? */
116 
117 
119 typedef struct _winsec_ace
120 {
122  uint8_t type;
123 
125  uint8_t flags;
126 
128  uint16_t size;
129 
131  uint32_t access_mask;
132 
133  /* This stuff may be present when type is XXXX_TYPE_XXXX_OBJECT */
134 
136  uint32_t obj_flags;
137 
140 
143 
144  /* eof object stuff */
145 
148 
149 } WINSEC_ACE;
150 
151 
153 typedef struct _winsec_acl
154 {
156  uint16_t revision;
157 
159  uint16_t size;
160 
162  uint32_t num_aces;
163 
166 
167 } WINSEC_ACL;
168 
169 
171 typedef struct _winsec_desc
172 {
174  uint8_t revision;
175 
184  uint8_t sbz1;
185 
187  uint16_t control;
188 
190  uint32_t off_owner_sid;
191 
193  uint32_t off_grp_sid;
194 
196  uint32_t off_sacl;
197 
199  uint32_t off_dacl;
200 
203 
206 
209 
212 
213 } WINSEC_DESC;
214 
215 
220 _EXPORT()
221 WINSEC_DESC* winsec_parse_descriptor(const uint8_t* buf, uint32_t buf_len);
222 
223 
228 _EXPORT()
230 
235 _EXPORT()
236 WINSEC_DESC* winsec_parse_desc(void* talloc_ctx,
237  const uint8_t* buf, uint32_t buf_len);
238 
243 _EXPORT()
244 WINSEC_ACL* winsec_parse_acl(void* talloc_ctx,
245  const uint8_t* buf, uint32_t buf_len);
246 
251 _EXPORT()
252 WINSEC_ACE* winsec_parse_ace(void* talloc_ctx,
253  const uint8_t* buf, uint32_t buf_len);
254 
259 _EXPORT()
260 WINSEC_DOM_SID* winsec_parse_dom_sid(void* talloc_ctx,
261  const uint8_t* buf, uint32_t buf_len);
262 
267 _EXPORT()
268 WINSEC_UUID* winsec_parse_uuid(void* talloc_ctx,
269  const uint8_t* buf, uint32_t buf_len);
270 
271 
276 _EXPORT()
277 size_t winsec_sid_size(const WINSEC_DOM_SID* sid);
278 
283 _EXPORT()
284 int winsec_sid_compare_auth(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
285 
290 _EXPORT()
291 int winsec_sid_compare(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
292 
297 _EXPORT()
298 bool winsec_sid_equal(const WINSEC_DOM_SID* sid1, const WINSEC_DOM_SID* sid2);
299 
304 _EXPORT()
305 char* winsec_sid2str(const WINSEC_DOM_SID* sid);
306 
311 _EXPORT()
313 
318 _EXPORT()
319 bool winsec_acl_equal(WINSEC_ACL* s1, WINSEC_ACL* s2);
320 
325 _EXPORT()
326 bool winsec_ace_equal(WINSEC_ACE* s1, WINSEC_ACE* s2);
327 
332 _EXPORT()
333 bool winsec_ace_object(uint8_t type);
334 
335 #endif /* _WINSEC_H */