193 files changed, 80411 insertions, 44563 deletions

diff --git a/ntfsprogs/sd.c b/ntfsprogs/sd.c
new file mode 100755
index 0000000..4e3af97
--- a/dev/null
+++ b/ntfsprogs/sd.c
@@ -0,0 +1,607 @@
+#include "types.h"
+#include "layout.h"
+#include "sd.h"
+
+/**
+ * init_system_file_sd -
+ *
+ * NTFS 3.1 - System files security decriptors
+ * =====================================================
+ *
+ * Create the security descriptor for system file number @sys_file_no and
+ * return a pointer to the descriptor.
+ *
+ * Note the root directory system file (".") is very different and handled by a
+ * different function.
+ *
+ * The sd is returned in *@sd_val and has length *@sd_val_len.
+ *
+ * Do NOT free *@sd_val as it is static memory. This also means that you can
+ * only use *@sd_val until the next call to this function.
+ */
+void init_system_file_sd(int sys_file_no, u8 **sd_val, int *sd_val_len)
+{
+	static u8 sd_array[0x68];
+	SECURITY_DESCRIPTOR_RELATIVE *sd;
+	ACL *acl;
+	ACCESS_ALLOWED_ACE *aa_ace;
+	SID *sid;
+	le32 *sub_authorities;
+
+	if (sys_file_no < 0) {
+		*sd_val = NULL;
+		*sd_val_len = 0;
+		return;
+	}
+	*sd_val = sd_array;
+	sd = (SECURITY_DESCRIPTOR_RELATIVE*)&sd_array;
+	sd->revision = 1;
+	sd->alignment = 0;
+	sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT;
+	*sd_val_len = 0x64;
+	sd->owner = const_cpu_to_le32(0x48);
+	sd->group = const_cpu_to_le32(0x54);
+	sd->sacl = const_cpu_to_le32(0);
+	sd->dacl = const_cpu_to_le32(0x14);
+	/*
+	 * Now at offset 0x14, as specified in the security descriptor, we have
+	 * the DACL.
+	 */
+	acl = (ACL*)((char*)sd + le32_to_cpu(sd->dacl));
+	acl->revision = 2;
+	acl->alignment1 = 0;
+	acl->size = const_cpu_to_le16(0x34);
+	acl->ace_count = const_cpu_to_le16(2);
+	acl->alignment2 = const_cpu_to_le16(0);
+	/*
+	 * Now at offset 0x1c, just after the DACL's ACL, we have the first
+	 * ACE of the DACL. The type of the ACE is access allowed.
+	 */
+	aa_ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL));
+	aa_ace->type = ACCESS_ALLOWED_ACE_TYPE;
+	aa_ace->flags = 0;
+	aa_ace->size = const_cpu_to_le16(0x14);
+	switch (sys_file_no) {
+	case FILE_AttrDef:
+	case FILE_Boot:
+		aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ |
+			FILE_READ_ATTRIBUTES | FILE_READ_EA | FILE_READ_DATA;
+		break;
+	default:
+		aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_WRITE |
+			FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES |
+			FILE_WRITE_EA | FILE_READ_EA | FILE_APPEND_DATA |
+			FILE_WRITE_DATA | FILE_READ_DATA;
+		break;
+	}
+	aa_ace->sid.revision = 1;
+	aa_ace->sid.sub_authority_count = 1;
+	aa_ace->sid.identifier_authority.value[0] = 0;
+	aa_ace->sid.identifier_authority.value[1] = 0;
+	aa_ace->sid.identifier_authority.value[2] = 0;
+	aa_ace->sid.identifier_authority.value[3] = 0;
+	aa_ace->sid.identifier_authority.value[4] = 0;
+	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
+	aa_ace->sid.identifier_authority.value[5] = 5;
+	aa_ace->sid.sub_authority[0] =
+			const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
+	/*
+	 * Now at offset 0x30 within security descriptor, just after the first
+	 * ACE of the DACL. All system files, except the root directory, have
+	 * a second ACE.
+	 */
+	/* The second ACE of the DACL. Type is access allowed. */
+	aa_ace = (ACCESS_ALLOWED_ACE*)((char*)aa_ace +
+			le16_to_cpu(aa_ace->size));
+	aa_ace->type = ACCESS_ALLOWED_ACE_TYPE;
+	aa_ace->flags = 0;
+	aa_ace->size = const_cpu_to_le16(0x18);
+	/* Only $AttrDef and $Boot behave differently to everything else. */
+	switch (sys_file_no) {
+	case FILE_AttrDef:
+	case FILE_Boot:
+		aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ |
+				FILE_READ_ATTRIBUTES | FILE_READ_EA |
+				FILE_READ_DATA;
+		break;
+	default:
+		aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ |
+				FILE_WRITE_ATTRIBUTES |
+				FILE_READ_ATTRIBUTES | FILE_WRITE_EA |
+				FILE_READ_EA | FILE_APPEND_DATA |
+				FILE_WRITE_DATA | FILE_READ_DATA;
+		break;
+	}
+	aa_ace->sid.revision = 1;
+	aa_ace->sid.sub_authority_count = 2;
+	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
+	aa_ace->sid.identifier_authority.value[0] = 0;
+	aa_ace->sid.identifier_authority.value[1] = 0;
+	aa_ace->sid.identifier_authority.value[2] = 0;
+	aa_ace->sid.identifier_authority.value[3] = 0;
+	aa_ace->sid.identifier_authority.value[4] = 0;
+	aa_ace->sid.identifier_authority.value[5] = 5;
+	sub_authorities = aa_ace->sid.sub_authority;
+	*sub_authorities++ =
+			const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
+	*sub_authorities =
+			const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
+	/*
+	 * Now at offset 0x48 into the security descriptor, as specified in the
+	 * security descriptor, we now have the owner SID.
+	 */
+	sid = (SID*)((char*)sd + le32_to_cpu(sd->owner));
+	sid->revision = 1;
+	sid->sub_authority_count = 1;
+	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
+	sid->identifier_authority.value[0] = 0;
+	sid->identifier_authority.value[1] = 0;
+	sid->identifier_authority.value[2] = 0;
+	sid->identifier_authority.value[3] = 0;
+	sid->identifier_authority.value[4] = 0;
+	sid->identifier_authority.value[5] = 5;
+	sid->sub_authority[0] = const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
+	/*
+	 * Now at offset 0x54 into the security descriptor, as specified in the
+	 * security descriptor, we have the group SID.
+	 */
+	sid = (SID*)((char*)sd + le32_to_cpu(sd->group));
+	sid->revision = 1;
+	sid->sub_authority_count = 2;
+	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
+	sid->identifier_authority.value[0] = 0;
+	sid->identifier_authority.value[1] = 0;
+	sid->identifier_authority.value[2] = 0;
+	sid->identifier_authority.value[3] = 0;
+	sid->identifier_authority.value[4] = 0;
+	sid->identifier_authority.value[5] = 5;
+	sub_authorities = sid->sub_authority;
+	*sub_authorities++ = const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
+	*sub_authorities = const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
+}
+
+/**
+ * init_root_sd -
+ *
+ * Creates the security_descriptor for the root folder on ntfs 3.1 as created
+ * by Windows Vista (when the format is done from the disk management MMC
+ * snap-in, note this is different from the format done from the disk
+ * properties in Windows Explorer).
+ */
+void init_root_sd(u8 **sd_val, int *sd_val_len)
+{
+	SECURITY_DESCRIPTOR_RELATIVE *sd;
+	ACL *acl;
+	ACCESS_ALLOWED_ACE *ace;
+	SID *sid;
+	le32 *sub_authorities;
+
+	static char sd_array[0x102c];
+	*sd_val_len = 0x102c;
+	*sd_val = (u8*)&sd_array;
+
+	//security descriptor relative
+	sd = (SECURITY_DESCRIPTOR_RELATIVE*)sd_array;
+	sd->revision = SECURITY_DESCRIPTOR_REVISION;
+	sd->alignment = 0;
+	sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT;
+	sd->owner = const_cpu_to_le32(0x1014);
+	sd->group = const_cpu_to_le32(0x1020);
+	sd->sacl = 0;
+	sd->dacl = const_cpu_to_le32(sizeof(SECURITY_DESCRIPTOR_RELATIVE));
+
+	//acl
+	acl = (ACL*)((u8*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE));
+	acl->revision = ACL_REVISION;
+	acl->alignment1 = 0;
+	acl->size = const_cpu_to_le16(0x1000);
+	acl->ace_count = const_cpu_to_le16(0x08);
+	acl->alignment2 = 0;
+
+	//ace1
+	ace = (ACCESS_ALLOWED_ACE*)((u8*)acl + sizeof(ACL));
+	ace->type = ACCESS_ALLOWED_ACE_TYPE;
+	ace->flags = 0;
+	ace->size = const_cpu_to_le16(0x18);
+	ace->mask = STANDARD_RIGHTS_ALL | FILE_WRITE_ATTRIBUTES |
+			 FILE_LIST_DIRECTORY | FILE_WRITE_DATA |
+			 FILE_ADD_SUBDIRECTORY | FILE_READ_EA | FILE_WRITE_EA |
+			 FILE_TRAVERSE | FILE_DELETE_CHILD |
+			 FILE_READ_ATTRIBUTES;
+	ace->sid.revision = SID_REVISION;
+	ace->sid.sub_authority_count = 0x02;
+	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
+	ace->sid.identifier_authority.value[0] = 0;
+	ace->sid.identifier_authority.value[1] = 0;
+	ace->sid.identifier_authority.value[2] = 0;
+	ace->sid.identifier_authority.value[3] = 0;
+	ace->sid.identifier_authority.value[4] = 0;
+	ace->sid.identifier_authority.value[5] = 5;
+	sub_authorities = ace->sid.sub_authority;
+	*sub_authorities++ =
+			const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
+	*sub_authorities = const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
+
+	//ace2
+	ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
+	ace->type = ACCESS_ALLOWED_ACE_TYPE;
+	ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE |
+			INHERIT_ONLY_ACE;
+	ace->size = const_cpu_to_le16(0x18);
+	ace->mask = GENERIC_ALL;
+	ace->sid.revision = SID_REVISION;
+	ace->sid.sub_authority_count = 0x02;
+	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
+	ace->sid.identifier_authority.value[0] = 0;
+	ace->sid.identifier_authority.value[1] = 0;
+	ace->sid.identifier_authority.value[2] = 0;
+	ace->sid.identifier_authority.value[3] = 0;
+	ace->sid.identifier_authority.value[4] = 0;
+	ace->sid.identifier_authority.value[5] = 5;
+	sub_authorities = ace->sid.sub_authority;
+	*sub_authorities++ =
+			const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
+	*sub_authorities = const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
+
+	//ace3
+	ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
+	ace->type = ACCESS_ALLOWED_ACE_TYPE;
+	ace->flags = 0;
+	ace->size = const_cpu_to_le16(0x14);
+	ace->mask = STANDARD_RIGHTS_ALL | FILE_WRITE_ATTRIBUTES |
+			 FILE_LIST_DIRECTORY | FILE_WRITE_DATA |
+			 FILE_ADD_SUBDIRECTORY | FILE_READ_EA | FILE_WRITE_EA |
+			 FILE_TRAVERSE | FILE_DELETE_CHILD |
+			 FILE_READ_ATTRIBUTES;
+	ace->sid.revision = SID_REVISION;
+	ace->sid.sub_authority_count = 0x01;
+	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
+	ace->sid.identifier_authority.value[0] = 0;
+	ace->sid.identifier_authority.value[1] = 0;
+	ace->sid.identifier_authority.value[2] = 0;
+	ace->sid.identifier_authority.value[3] = 0;
+	ace->sid.identifier_authority.value[4] = 0;
+	ace->sid.identifier_authority.value[5] = 5;
+	ace->sid.sub_authority[0] =
+			const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
+
+	//ace4
+	ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
+	ace->type = ACCESS_ALLOWED_ACE_TYPE;
+	ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE |
+			INHERIT_ONLY_ACE;
+	ace->size = const_cpu_to_le16(0x14);
+	ace->mask = GENERIC_ALL;
+	ace->sid.revision = SID_REVISION;
+	ace->sid.sub_authority_count = 0x01;
+	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
+	ace->sid.identifier_authority.value[0] = 0;
+	ace->sid.identifier_authority.value[1] = 0;
+	ace->sid.identifier_authority.value[2] = 0;
+	ace->sid.identifier_authority.value[3] = 0;
+	ace->sid.identifier_authority.value[4] = 0;
+	ace->sid.identifier_authority.value[5] = 5;
+	ace->sid.sub_authority[0] =
+			const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
+
+	//ace5
+	ace = (ACCESS_ALLOWED_ACE*)((char*)ace + le16_to_cpu(ace->size));
+	ace->type = ACCESS_ALLOWED_ACE_TYPE;
+	ace->flags = 0;
+	ace->size = const_cpu_to_le16(0x14);
+	ace->mask = SYNCHRONIZE | READ_CONTROL | DELETE |
+			FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES |
+			FILE_TRAVERSE | FILE_WRITE_EA | FILE_READ_EA |
+			FILE_ADD_SUBDIRECTORY | FILE_ADD_FILE |
+			FILE_LIST_DIRECTORY;
+	ace->sid.revision = SID_REVISION;
+	ace->sid.sub_authority_count = 0x01;
+	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
+	ace->sid.identifier_authority.value[0] = 0;
+	ace->sid.identifier_authority.value[1] = 0;
+	ace->sid.identifier_authority.value[2] = 0;
+	ace->sid.identifier_authority.value[3] = 0;
+	ace->sid.identifier_authority.value[4] = 0;
+	ace->sid.identifier_authority.value[5] = 5;
+	ace->sid.sub_authority[0] =
+			const_cpu_to_le32(SECURITY_AUTHENTICATED_USER_RID);
+
+	//ace6
+	ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
+	ace->type = ACCESS_ALLOWED_ACE_TYPE;
+	ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE |
+			INHERIT_ONLY_ACE;
+	ace->size = const_cpu_to_le16(0x14);
+	ace->mask = GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | DELETE;
+	ace->sid.revision = SID_REVISION;
+	ace->sid.sub_authority_count = 0x01;
+	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
+	ace->sid.identifier_authority.value[0] = 0;
+	ace->sid.identifier_authority.value[1] = 0;
+	ace->sid.identifier_authority.value[2] = 0;
+	ace->sid.identifier_authority.value[3] = 0;
+	ace->sid.identifier_authority.value[4] = 0;
+	ace->sid.identifier_authority.value[5] = 5;
+	ace->sid.sub_authority[0] =
+			const_cpu_to_le32(SECURITY_AUTHENTICATED_USER_RID);
+
+	//ace7
+	ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
+	ace->type = ACCESS_ALLOWED_ACE_TYPE;
+	ace->flags = 0;
+	ace->size = const_cpu_to_le16(0x18);
+	ace->mask = SYNCHRONIZE | READ_CONTROL | FILE_READ_ATTRIBUTES |
+			FILE_TRAVERSE | FILE_READ_EA | FILE_LIST_DIRECTORY;
+	ace->sid.revision = SID_REVISION;
+	ace->sid.sub_authority_count = 0x02;
+	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
+	ace->sid.identifier_authority.value[0] = 0;
+	ace->sid.identifier_authority.value[1] = 0;
+	ace->sid.identifier_authority.value[2] = 0;
+	ace->sid.identifier_authority.value[3] = 0;
+	ace->sid.identifier_authority.value[4] = 0;
+	ace->sid.identifier_authority.value[5] = 5;
+	sub_authorities = ace->sid.sub_authority;
+	*sub_authorities++ =
+			const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
+	*sub_authorities = const_cpu_to_le32(DOMAIN_ALIAS_RID_USERS);
+
+	//ace8
+	ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
+	ace->type = ACCESS_ALLOWED_ACE_TYPE;
+	ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE |
+			INHERIT_ONLY_ACE;
+	ace->size = const_cpu_to_le16(0x18);
+	ace->mask = GENERIC_READ | GENERIC_EXECUTE;
+	ace->sid.revision = SID_REVISION;
+	ace->sid.sub_authority_count = 0x02;
+	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
+	ace->sid.identifier_authority.value[0] = 0;
+	ace->sid.identifier_authority.value[1] = 0;
+	ace->sid.identifier_authority.value[2] = 0;
+	ace->sid.identifier_authority.value[3] = 0;
+	ace->sid.identifier_authority.value[4] = 0;
+	ace->sid.identifier_authority.value[5] = 5;
+	sub_authorities = ace->sid.sub_authority;
+	*sub_authorities++ =
+			const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
+	*sub_authorities = const_cpu_to_le32(DOMAIN_ALIAS_RID_USERS);
+
+	//owner sid
+	sid = (SID*)((char*)sd + le32_to_cpu(sd->owner));
+	sid->revision = 0x01;
+	sid->sub_authority_count = 0x01;
+	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
+	sid->identifier_authority.value[0] = 0;
+	sid->identifier_authority.value[1] = 0;
+	sid->identifier_authority.value[2] = 0;
+	sid->identifier_authority.value[3] = 0;
+	sid->identifier_authority.value[4] = 0;
+	sid->identifier_authority.value[5] = 5;
+	sid->sub_authority[0] = const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
+
+	//group sid
+	sid = (SID*)((char*)sd + le32_to_cpu(sd->group));
+	sid->revision = 0x01;
+	sid->sub_authority_count = 0x01;
+	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
+	sid->identifier_authority.value[0] = 0;
+	sid->identifier_authority.value[1] = 0;
+	sid->identifier_authority.value[2] = 0;
+	sid->identifier_authority.value[3] = 0;
+	sid->identifier_authority.value[4] = 0;
+	sid->identifier_authority.value[5] = 5;
+	sid->sub_authority[0] = const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
+}
+
+/**
+ * init_secure_sds -
+ *
+ * NTFS 3.1 - System files security decriptors
+ * ===========================================
+ * Create the security descriptor entries in $SDS data stream like they
+ * are in a partition, newly formatted with windows 2003
+ */
+void init_secure_sds(char *sd_val)
+{
+	SECURITY_DESCRIPTOR_HEADER *sds;
+	SECURITY_DESCRIPTOR_RELATIVE *sd;
+	ACL *acl;
+	ACCESS_ALLOWED_ACE *ace;
+	SID *sid;
+
+/*
+ * security descriptor #1
+ */
+	//header
+	sds = (SECURITY_DESCRIPTOR_HEADER*)((char*)sd_val);
+	sds->hash = const_cpu_to_le32(0xF80312F0);
+	sds->security_id = const_cpu_to_le32(0x0100);
+	sds->offset = const_cpu_to_le64(0x00);
+	sds->length = const_cpu_to_le32(0x7C);
+	//security descriptor relative
+	sd = (SECURITY_DESCRIPTOR_RELATIVE*)((char*)sds +
+			sizeof(SECURITY_DESCRIPTOR_HEADER));
+	sd->revision = 0x01;
+	sd->alignment = 0x00;
+	sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT;
+	sd->owner = const_cpu_to_le32(0x48);
+	sd->group = const_cpu_to_le32(0x58);
+	sd->sacl = const_cpu_to_le32(0x00);
+	sd->dacl = const_cpu_to_le32(0x14);
+
+	//acl
+	acl = (ACL*)((char*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE));
+	acl->revision = 0x02;
+	acl->alignment1 = 0x00;
+	acl->size = const_cpu_to_le16(0x34);
+	acl->ace_count = const_cpu_to_le16(0x02);
+	acl->alignment2 = 0x00;
+
+	//ace1
+	ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL));
+	ace->type = 0x00;
+	ace->flags = 0x00;
+	ace->size = const_cpu_to_le16(0x14);
+	ace->mask = const_cpu_to_le32(0x120089);
+	ace->sid.revision = 0x01;
+	ace->sid.sub_authority_count = 0x01;
+	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
+	ace->sid.identifier_authority.value[0] = 0;
+	ace->sid.identifier_authority.value[1] = 0;
+	ace->sid.identifier_authority.value[2] = 0;
+	ace->sid.identifier_authority.value[3] = 0;
+	ace->sid.identifier_authority.value[4] = 0;
+	ace->sid.identifier_authority.value[5] = 5;
+	ace->sid.sub_authority[0] =
+			const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
+	//ace2
+	ace = (ACCESS_ALLOWED_ACE*)((char*)ace + le16_to_cpu(ace->size));
+	ace->type = 0x00;
+	ace->flags = 0x00;
+	ace->size = const_cpu_to_le16(0x18);
+	ace->mask = const_cpu_to_le32(0x120089);
+	ace->sid.revision = 0x01;
+	ace->sid.sub_authority_count = 0x02;
+	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
+	ace->sid.identifier_authority.value[0] = 0;
+	ace->sid.identifier_authority.value[1] = 0;
+	ace->sid.identifier_authority.value[2] = 0;
+	ace->sid.identifier_authority.value[3] = 0;
+	ace->sid.identifier_authority.value[4] = 0;
+	ace->sid.identifier_authority.value[5] = 5;
+	ace->sid.sub_authority[0] =
+		const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
+	ace->sid.sub_authority[1] =
+		const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
+
+	//owner sid
+	sid = (SID*)((char*)sd + le32_to_cpu(sd->owner));
+	sid->revision = 0x01;
+	sid->sub_authority_count = 0x02;
+	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
+	sid->identifier_authority.value[0] = 0;
+	sid->identifier_authority.value[1] = 0;
+	sid->identifier_authority.value[2] = 0;
+	sid->identifier_authority.value[3] = 0;
+	sid->identifier_authority.value[4] = 0;
+	sid->identifier_authority.value[5] = 5;
+	sid->sub_authority[0] =
+		const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
+	sid->sub_authority[1] =
+		const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
+	//group sid
+	sid = (SID*)((char*)sd + le32_to_cpu(sd->group));
+	sid->revision = 0x01;
+	sid->sub_authority_count = 0x02;
+	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
+	sid->identifier_authority.value[0] = 0;
+	sid->identifier_authority.value[1] = 0;
+	sid->identifier_authority.value[2] = 0;
+	sid->identifier_authority.value[3] = 0;
+	sid->identifier_authority.value[4] = 0;
+	sid->identifier_authority.value[5] = 5;
+	sid->sub_authority[0] =
+		const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
+	sid->sub_authority[1] =
+		const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
+/*
+ * security descriptor #2
+ */
+	//header
+	sds = (SECURITY_DESCRIPTOR_HEADER*)((char*)sd_val + 0x80);
+	sds->hash = const_cpu_to_le32(0xB32451);
+	sds->security_id = const_cpu_to_le32(0x0101);
+	sds->offset = const_cpu_to_le64(0x80);
+	sds->length = const_cpu_to_le32(0x7C);
+
+	//security descriptor relative
+	sd = (SECURITY_DESCRIPTOR_RELATIVE*)((char*)sds +
+		 sizeof(SECURITY_DESCRIPTOR_HEADER));
+	sd->revision = 0x01;
+	sd->alignment = 0x00;
+	sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT;
+	sd->owner = const_cpu_to_le32(0x48);
+	sd->group = const_cpu_to_le32(0x58);
+	sd->sacl = const_cpu_to_le32(0x00);
+	sd->dacl = const_cpu_to_le32(0x14);
+
+	//acl
+	acl = (ACL*)((char*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE));
+	acl->revision = 0x02;
+	acl->alignment1 = 0x00;
+	acl->size = const_cpu_to_le16(0x34);
+	acl->ace_count = const_cpu_to_le16(0x02);
+	acl->alignment2 = 0x00;
+
+	//ace1
+	ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL));
+	ace->type = 0x00;
+	ace->flags = 0x00;
+	ace->size = const_cpu_to_le16(0x14);
+	ace->mask = const_cpu_to_le32(0x12019F);
+	ace->sid.revision = 0x01;
+	ace->sid.sub_authority_count = 0x01;
+	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
+	ace->sid.identifier_authority.value[0] = 0;
+	ace->sid.identifier_authority.value[1] = 0;
+	ace->sid.identifier_authority.value[2] = 0;
+	ace->sid.identifier_authority.value[3] = 0;
+	ace->sid.identifier_authority.value[4] = 0;
+	ace->sid.identifier_authority.value[5] = 5;
+	ace->sid.sub_authority[0] =
+		const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
+	//ace2
+	ace = (ACCESS_ALLOWED_ACE*)((char*)ace + le16_to_cpu(ace->size));
+	ace->type = 0x00;
+	ace->flags = 0x00;
+	ace->size = const_cpu_to_le16(0x18);
+	ace->mask = const_cpu_to_le32(0x12019F);
+	ace->sid.revision = 0x01;
+	ace->sid.sub_authority_count = 0x02;
+	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
+	ace->sid.identifier_authority.value[0] = 0;
+	ace->sid.identifier_authority.value[1] = 0;
+	ace->sid.identifier_authority.value[2] = 0;
+	ace->sid.identifier_authority.value[3] = 0;
+	ace->sid.identifier_authority.value[4] = 0;
+	ace->sid.identifier_authority.value[5] = 5;
+	ace->sid.sub_authority[0] =
+		const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
+	ace->sid.sub_authority[1] =
+		const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
+
+	//owner sid
+	sid = (SID*)((char*)sd + le32_to_cpu(sd->owner));
+	sid->revision = 0x01;
+	sid->sub_authority_count = 0x02;
+	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
+	sid->identifier_authority.value[0] = 0;
+	sid->identifier_authority.value[1] = 0;
+	sid->identifier_authority.value[2] = 0;
+	sid->identifier_authority.value[3] = 0;
+	sid->identifier_authority.value[4] = 0;
+	sid->identifier_authority.value[5] = 5;
+	sid->sub_authority[0] =
+		const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
+	sid->sub_authority[1] =
+		const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
+
+	//group sid
+	sid = (SID*)((char*)sd + le32_to_cpu(sd->group));
+	sid->revision = 0x01;
+	sid->sub_authority_count = 0x02;
+	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
+	sid->identifier_authority.value[0] = 0;
+	sid->identifier_authority.value[1] = 0;
+	sid->identifier_authority.value[2] = 0;
+	sid->identifier_authority.value[3] = 0;
+	sid->identifier_authority.value[4] = 0;
+	sid->identifier_authority.value[5] = 5;
+	sid->sub_authority[0] =
+		const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
+	sid->sub_authority[1] =
+		const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
+
+	return;
+}