148 files changed, 141286 insertions, 0 deletions

diff --git a/src/secaudit.h b/src/secaudit.h
new file mode 100755
index 0000000..7f0d6da
--- a/dev/null
+++ b/src/secaudit.h
@@ -0,0 +1,731 @@
+/*
+ *		General declarations for secaudit
+ *
+ *	These declarations are organized to enable code sharing with ntfs-3g
+ *	library, but should only be used to build tools runnable both
+ *	on Linux (dynamic linking) and Windows (static linking)
+ *
+ * Copyright (c) 2007-2009 Jean-Pierre Andre
+ *
+ */
+
+/*
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program (in the main directory of the NTFS-3G
+ * distribution in the file COPYING); if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/*
+ *		General parameters which may have to be adapted to needs
+ */
+
+#define SELFTESTS 1 /* include code for self-testing */
+#define POSIXACLS 0 /* include code for processing Posix ACLs */
+#define NOREVBOM 0 /* temporary */
+
+#define OWNERFROMACL 1 /* must match option in security.c */
+
+#define MAXATTRSZ 65536 /* Max sec attr size (16448 met for WinXP) */
+#define MAXSECURID 262144
+#define SECBLKSZ 8
+#define MAXFILENAME 4096
+#define FORCEMASK 0 /* Special (dangerous) option -m to force a mask */
+#define MAXLINE 80 /* maximum processed size of a line */
+#define BUFSZ 1024		/* buffer size to read mapping file */
+#define LINESZ 120              /* maximum useful size of a mapping line */
+
+/*
+ *		     Definitions for Linux
+ *	Use explicit or implicit dynamic linking
+ */
+
+#ifdef HAVE_CONFIG_H
+#undef POSIXACLS   /* override default by configure option */
+#define USESTUBS 1 /* API stubs generated at link time */
+#else
+#define USESTUBS 0 /* direct calls to API, based on following definitions */
+#define ENVNTFS3G "NTFS3G"
+#define LIBFILE64 "/lib64/libntfs-3g.so.4921"
+#define LIBFILE "/lib/libntfs-3g.so.4921"
+#endif
+
+#define MAPDIR ".NTFS-3G"
+#define MAPFILE "UserMapping"
+#define MAGIC_API 0x09042009
+
+#ifndef _NTFS_ENDIANS_H
+
+typedef char s8;
+typedef short s16;
+typedef long long s64;
+typedef unsigned char u8;
+typedef unsigned short le16, be16, u16;
+typedef unsigned long long u64;
+#ifdef STSC
+typedef long s32;
+typedef unsigned long le32, be32, u32;
+#else
+typedef int s32;
+typedef unsigned int le32, be32, u32;
+#endif
+
+#ifdef STSC
+#define endian_rev16(x) ((((x) & 255L) << 8) + (((x) >> 8) & 255L))
+#define endian_rev32(x) ((((x) & 255L) << 24) + (((x) & 0xff00L) << 8) \
+		       + (((x) >> 8) & 0xff00L) + (((x) >> 24) & 255L))
+#else
+#define endian_rev16(x) ((((x) & 255) << 8) + (((x) >> 8) & 255))
+#define endian_rev32(x) ((((x) & 255) << 24) + (((x) & 0xff00) << 8) \
+		       + (((x) >> 8) & 0xff00) + (((x) >> 24) & 255))
+#endif
+#define endian_rev64(x) ((((x) & 255LL) << 56) + (((x) & 0xff00LL) << 40) \
+		       + (((x) & 0xff0000LL) << 24) + (((x) & 0xff000000LL) << 8) \
+		       + (((x) >> 8) & 0xff000000LL) + (((x) >> 24) & 0xff0000LL) \
+		       + (((x) >> 40) & 0xff00LL) + (((x) >> 56) & 255LL))
+
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+
+#define cpu_to_be16(x) endian_rev16(x)
+#define cpu_to_be32(x) endian_rev32(x)
+#define cpu_to_le16(x) (x)
+#define cpu_to_le32(x) (x)
+#define cpu_to_le64(x) (x)
+#define le16_to_cpu(x) (x)
+#define le32_to_cpu(x) (x)
+#define le64_to_cpu(x) (x)
+
+#else
+
+#define cpu_to_be16(x) (x)
+#define cpu_to_be32(x) (x)
+#define cpu_to_le16(x) endian_rev16(x)
+#define cpu_to_le32(x) endian_rev32(x)
+#define cpu_to_le64(x) endian_rev64(x)
+#define le16_to_cpu(x) endian_rev16(x)
+#define le32_to_cpu(x) endian_rev32(x)
+#define le64_to_cpu(x) endian_rev64(x)
+
+#endif
+
+#define const_le16_to_cpu(x) le16_to_cpu(x)
+#define const_cpu_to_le16(x) cpu_to_le16(x)
+#define const_cpu_to_le32(x) cpu_to_le32(x)
+#define const_cpu_to_be16(x) cpu_to_be16(x)
+#define const_cpu_to_be32(x) cpu_to_be32(x)
+
+#endif /* _NTFS_ENDIANS_H */
+
+#ifndef FALSE
+enum { FALSE, TRUE } ;
+#endif /* FALSE */
+
+#ifdef WIN32
+
+typedef unsigned short uid_t;
+typedef unsigned short gid_t;
+
+#define UNICODE(c) ((unsigned short)(c))
+
+#define __attribute__(x)
+
+#else
+
+#ifndef BOOL
+typedef int BOOL;   /* Already defined in windows.h */
+#endif /* BOOL */
+
+#ifdef STSC
+
+#define ENOTSUP 95
+
+#endif /* STSC */
+
+typedef u32 DWORD; /* must be 32 bits whatever the platform */
+typedef DWORD *LPDWORD;
+
+#define MS_NONE 0    /* no flag for mounting the device */
+#define MS_RDONLY 1  /* flag for mounting the device read-only */
+
+#endif /* WIN32 */
+
+#if defined(WIN32) | defined(STSC)
+
+/*
+ *	On non-Linux computers, there is no mount and the user mapping
+ *	if fetched from a real file (or a dummy one for self tests)
+ */
+
+#define NTFS_FIND_USID(map,uid,buf) ntfs_find_usid(map,uid,buf)
+#define NTFS_FIND_GSID(map,gid,buf) ntfs_find_gsid(map,gid,buf)
+#define NTFS_FIND_USER(map,usid) ntfs_find_user(map,usid)
+#define NTFS_FIND_GROUP(map,gsid) ntfs_find_group(map,gsid)
+
+#else
+
+/*
+ *	On Linux computers, there is a mount and the user mapping
+ *	if either obtained through the mount process or fetched
+ *	from a dummy file for self-tests
+ */
+
+#define NTFS_FIND_USID(map,uid,buf) (mappingtype != MAPEXTERN ? \
+		ntfs_find_usid(map,uid,buf) : relay_find_usid(map,uid,buf))
+#define NTFS_FIND_GSID(map,gid,buf) (mappingtype != MAPEXTERN ? \
+		ntfs_find_gsid(map,gid,buf) : relay_find_gsid(map,gid,buf))
+#define NTFS_FIND_USER(map,usid) (mappingtype != MAPEXTERN ? \
+		ntfs_find_user(map,usid) : relay_find_user(map,usid))
+#define NTFS_FIND_GROUP(map,gsid) (mappingtype != MAPEXTERN ? \
+		ntfs_find_group(map,gsid) : relay_find_group(map,gsid))
+
+#endif
+
+/*
+ *		A few name hijackings or definitions
+ *	needed for using code from ntfs-3g
+ */
+
+#ifdef WIN32
+#define ACL MY_ACL
+#define SID MY_SID
+#define ACCESS_ALLOWED_ACE MY_ACCESS_ALLOWED_ACE
+#define ACCESS_DENIED_ACE MY_ACCESS_DENIED_ACE
+#define FILE_ATTRIBUTE_REPARSE_POINT 0x400
+#define IO_REPARSE_TAG_MOUNT_POINT 0xa0000003
+#define IO_REPARSE_TAG_SYMLINK     0xa000000c
+#else
+#define SE_OWNER_DEFAULTED  const_cpu_to_le16(1)
+#define SE_GROUP_DEFAULTED  const_cpu_to_le16(2)
+#define SE_DACL_PRESENT     const_cpu_to_le16(4)
+#define SE_SACL_PRESENT     const_cpu_to_le16(0x10)
+#define SE_DACL_DEFAULTED   const_cpu_to_le16(8)
+#define SE_SELF_RELATIVE    const_cpu_to_le16(0x8000)
+#define SID_REVISION 1
+#endif /* WIN32 */
+#define SE_DACL_PROTECTED   const_cpu_to_le16(0x1000)
+#define SE_SACL_PROTECTED   const_cpu_to_le16(0x2000)
+#define SE_DACL_AUTO_INHERITED   const_cpu_to_le16(0x400)
+#define SE_SACL_AUTO_INHERITED   const_cpu_to_le16(0x800)
+#define SE_DACL_AUTO_INHERIT_REQ   cpu_to_le16(0x100)
+#define SE_SACL_AUTO_INHERIT_REQ   cpu_to_le16(0x200)
+
+typedef le16 ntfschar;
+
+typedef struct {
+	le32 a;
+	le16 b,c;
+	struct {
+		le16 m,n,o,p,  q,r,s,t;
+	} ;
+} GUID;
+
+#define ntfs_log_error(args...) do { printf("** " args); if (!isatty(1)) fprintf(stderr,args); } while(0)
+
+/*
+ *		Struct to hold the input mapping file
+ *	(private to this module)
+ */
+
+struct MAPLIST {
+	struct MAPLIST *next;
+	char *uidstr;		/* uid text from the same record */
+	char *gidstr;		/* gid text from the same record */
+	char *sidstr;		/* sid text from the same record */
+	char maptext[LINESZ + 1];
+};
+
+/*
+ *		A few dummy declarations needed for using code from security.c
+ */
+
+#define MFT_RECORD_IS_DIRECTORY const_cpu_to_le16(1)
+
+struct SECURITY_DATA {
+	u64 offset;
+	char *attr;
+	u32 hash;
+	u32 length;
+	unsigned int filecount:16;
+	unsigned int mode:12;
+	unsigned int flags:4;
+} ;
+
+#define AUTH1 3141592653U
+#define AUTH2 589793238
+#define AUTH3 462843383
+#define OWNERID 1016
+#define GROUPID 513
+
+
+#define INSDS1 1
+#define INSDS2 2
+#define INSII 4
+#define INSDH 8
+
+#ifdef WIN32
+
+typedef enum { RECSHOW, RECSET, RECSETPOSIX } RECURSE; 
+
+#endif
+
+/*
+ *		A type large enough to hold any SID
+ */
+
+typedef char BIGSID[40];
+
+/*
+ *		Declarations for memory allocation checks
+ */
+
+struct CHKALLOC
+   {
+   struct CHKALLOC *next;
+   void *alloc;
+   const char *file;
+   int line;
+   size_t size;
+   } ;
+
+#if defined(WIN32) | defined(STSC)
+
+#define S_ISVTX 01000
+#define S_ISGID 02000
+#define S_ISUID 04000
+#define S_IXUSR 0100
+#define S_IWUSR 0200
+#define S_IRUSR 0400
+#define S_IXGRP 010
+#define S_IWGRP 020
+#define S_IRGRP 040
+#define S_IXOTH 001
+#define S_IWOTH 002
+#define S_IROTH 004
+
+#endif
+
+#ifdef WIN32
+#else
+/*
+ *
+ *   See http://msdn2.microsoft.com/en-us/library/aa379649.aspx
+ */
+
+typedef enum {
+	DACL_SECURITY_INFORMATION = 4, // The DACL of the object is being referenced.
+	SACL_SECURITY_INFORMATION = 8, // The SACL of the object is being referenced.
+	LABEL_SECURITY_INFORMATION = 8, // The mandatory integrity label is being referenced.
+	GROUP_SECURITY_INFORMATION = 2, // The primary group identifier of the object is being referenced.
+	OWNER_SECURITY_INFORMATION = 1, // The owner identifier of the object is being referenced.
+} SECURITY_INFORMATION;
+
+#define STANDARD_RIGHTS_READ	  cpu_to_le32(0x20000)
+#define STANDARD_RIGHTS_WRITE	  cpu_to_le32(0x20000)
+#define STANDARD_RIGHTS_EXECUTE   cpu_to_le32(0x20000)
+#define STANDARD_RIGHTS_REQUIRED  cpu_to_le32(0xf0000)
+
+#endif
+
+typedef struct SECHEAD {
+	s8 revision;
+	s8 alignment;
+	le16 control;
+	le32 owner;
+	le32 group;
+	le32 sacl;
+	le32 dacl;
+} SECURITY_DESCRIPTOR_RELATIVE;
+
+typedef struct ACL {
+	s8 revision;
+	s8 alignment1;
+	le16 size;
+	le16 ace_count;
+	le16 alignment2;
+} ACL;
+
+typedef struct {
+	union {
+		struct {
+			unsigned char revision;
+			unsigned char sub_authority_count;
+		} ;
+		struct {
+			/* evade an alignment problem when a 4 byte field  */
+			/* in a struct implies alignment of the struct */
+			le16 dummy;
+			be16 high_part;
+			be32 low_part;
+		} identifier_authority;
+	} ;
+	le32 sub_authority[1];
+} SID;
+
+typedef u8 ACE_FLAGS;
+
+typedef struct ACE {
+	u8 type;
+	u8 flags;
+	le16 size;
+	le32 mask;
+	SID sid;
+} ACCESS_ALLOWED_ACE, ACCESS_DENIED_ACE;
+
+
+/*
+ *          item in the mapping list
+ */
+
+struct MAPPING {
+	struct MAPPING *next;
+	int xid;		/* linux id : uid or gid */
+	SID *sid;		/* Windows id : usid or gsid */
+	int grcnt;		/* group count (for users only) */
+	gid_t *groups;		/* groups which the user is member of */
+};
+
+/*
+ *		       Posix ACL structures
+ */
+
+struct POSIX_ACE {
+	u16 tag;
+	u16 perms;
+	s32 id;
+} ;
+
+struct POSIX_ACL {
+	u8 version;
+	u8 flags;
+	u16 filler;
+	struct POSIX_ACE ace[0];
+} ;
+
+struct POSIX_SECURITY {
+	mode_t mode;
+	int acccnt;
+	int defcnt;
+	int firstdef;
+	u16 tagsset;
+	struct POSIX_ACL acl;
+} ;
+
+/*
+ *		Posix tags, cpu-endian 16 bits
+ */
+
+enum {
+	POSIX_ACL_USER_OBJ =	1,
+	POSIX_ACL_USER =	2,
+	POSIX_ACL_GROUP_OBJ =	4,
+	POSIX_ACL_GROUP =	8,
+	POSIX_ACL_MASK =	16,
+	POSIX_ACL_OTHER =	32,
+	POSIX_ACL_SPECIAL =	64  /* internal use only */
+} ;
+
+/*
+ *		Posix permissions, cpu-endian 16 bits
+ */
+
+enum {
+	POSIX_PERM_X =		1,
+	POSIX_PERM_W =		2,
+	POSIX_PERM_R =		4,
+	POSIX_PERM_DENIAL =	64 /* internal use only */
+} ;
+
+#define POSIX_VERSION 2
+
+/*
+ *		 A few definitions adapted from winnt.h
+ *	    (Windows version uses actual definitions from winnt.h, which are
+ *	     not compatible with code from security.c on a big-endian computer)
+ */
+
+#ifndef WIN32
+
+#define DELETE				 cpu_to_le32(0x00010000L)
+#define READ_CONTROL			 cpu_to_le32(0x00020000L)
+#define WRITE_DAC			 cpu_to_le32(0x00040000L)
+#define WRITE_OWNER			 cpu_to_le32(0x00080000L)
+#define SYNCHRONIZE			 cpu_to_le32(0x00100000L)
+
+
+#define FILE_READ_DATA		  cpu_to_le32( 0x0001 )    // file & pipe
+#define FILE_LIST_DIRECTORY	  cpu_to_le32( 0x0001 )    // directory
+
+#define FILE_WRITE_DATA 	  cpu_to_le32( 0x0002 )    // file & pipe
+#define FILE_ADD_FILE		  cpu_to_le32( 0x0002 )    // directory
+
+#define FILE_APPEND_DATA	  cpu_to_le32( 0x0004 )    // file
+#define FILE_ADD_SUBDIRECTORY	  cpu_to_le32( 0x0004 )    // directory
+#define FILE_CREATE_PIPE_INSTANCE cpu_to_le32( 0x0004 )    // named pipe
+
+
+#define FILE_READ_EA		  cpu_to_le32( 0x0008 )    // file & directory
+
+#define FILE_WRITE_EA		  cpu_to_le32( 0x0010 )    // file & directory
+
+#define FILE_EXECUTE		  cpu_to_le32( 0x0020 )    // file
+#define FILE_TRAVERSE		  cpu_to_le32( 0x0020 )    // directory
+
+#define FILE_DELETE_CHILD	  cpu_to_le32( 0x0040 )    // directory
+
+#define FILE_READ_ATTRIBUTES	  cpu_to_le32( 0x0080 )    // all
+
+#define FILE_WRITE_ATTRIBUTES	  cpu_to_le32( 0x0100 )    // all
+
+#define FILE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
+				 cpu_to_le32(0x1FF))
+
+#define FILE_GENERIC_READ	  (STANDARD_RIGHTS_READ     |\
+				   FILE_READ_DATA	    |\
+				   FILE_READ_ATTRIBUTES     |\
+				   FILE_READ_EA 	    |\
+				   SYNCHRONIZE)
+
+
+#define FILE_GENERIC_WRITE	  (STANDARD_RIGHTS_WRITE    |\
+				   FILE_WRITE_DATA	    |\
+				   FILE_WRITE_ATTRIBUTES    |\
+				   FILE_WRITE_EA	    |\
+				   FILE_APPEND_DATA	    |\
+				   SYNCHRONIZE)
+
+
+#define FILE_GENERIC_EXECUTE	  (STANDARD_RIGHTS_EXECUTE  |\
+				   FILE_READ_ATTRIBUTES     |\
+				   FILE_EXECUTE 	    |\
+				   SYNCHRONIZE)
+
+#define GENERIC_READ			 cpu_to_le32(0x80000000L)
+#define GENERIC_WRITE			 cpu_to_le32(0x40000000L)
+#define GENERIC_EXECUTE 		 cpu_to_le32(0x20000000L)
+#define GENERIC_ALL	 		 cpu_to_le32(0x10000000L)
+
+
+#define OBJECT_INHERIT_ACE		  (0x1)
+#define CONTAINER_INHERIT_ACE		  (0x2)
+#define NO_PROPAGATE_INHERIT_ACE	  (0x4)
+#define INHERIT_ONLY_ACE		  (0x8)
+#define VALID_INHERIT_FLAGS		  (0xF)
+
+/*
+ *	     Other useful definitions
+ */
+
+#define ACL_REVISION 2
+#define ACCESS_ALLOWED_ACE_TYPE 0
+#define ACCESS_DENIED_ACE_TYPE 1
+#define SECURITY_DESCRIPTOR_REVISION 1
+
+#endif /* !WIN32 */
+
+#ifndef ACL_REVISION_DS	/* not always defined in <windows.h> */
+#define ACL_REVISION_DS 4
+#endif
+
+/*
+ *		Matching of ntfs permissions to Linux permissions
+ *	these constants are adapted to endianness
+ *	when setting, set them all
+ *	when checking, check one is present
+ */
+
+          /* flags which are set to mean exec, write or read */
+
+#define FILE_READ (FILE_READ_DATA)
+#define FILE_WRITE (FILE_WRITE_DATA | FILE_APPEND_DATA \
+		| READ_CONTROL | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA)
+#define FILE_EXEC (FILE_EXECUTE)
+#define DIR_READ FILE_LIST_DIRECTORY
+#define DIR_WRITE (FILE_ADD_FILE | FILE_ADD_SUBDIRECTORY | FILE_DELETE_CHILD \
+	 	| READ_CONTROL | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA)
+#define DIR_EXEC (FILE_TRAVERSE)
+
+          /* flags tested for meaning exec, write or read */
+	  /* tests for write allow for interpretation of a sticky bit */
+
+#define FILE_GREAD (FILE_READ_DATA | GENERIC_READ)
+#define FILE_GWRITE (FILE_WRITE_DATA | FILE_APPEND_DATA | GENERIC_WRITE)
+#define FILE_GEXEC (FILE_EXECUTE | GENERIC_EXECUTE)
+#define DIR_GREAD (FILE_LIST_DIRECTORY | GENERIC_READ)
+#define DIR_GWRITE (FILE_ADD_FILE | FILE_ADD_SUBDIRECTORY | GENERIC_WRITE)
+#define DIR_GEXEC (FILE_TRAVERSE | GENERIC_EXECUTE)
+
+	/* standard owner (and administrator) rights */
+
+#define OWNER_RIGHTS (DELETE | READ_CONTROL | WRITE_DAC | WRITE_OWNER \
+			| SYNCHRONIZE \
+			| FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES \
+			| FILE_READ_EA | FILE_WRITE_EA)
+
+	/* standard world rights */
+
+#define WORLD_RIGHTS (READ_CONTROL | FILE_READ_ATTRIBUTES | FILE_READ_EA \
+			| SYNCHRONIZE)
+
+          /* inheritance flags for files and directories */
+
+#define FILE_INHERITANCE NO_PROPAGATE_INHERIT_ACE
+#define DIR_INHERITANCE (OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE)
+
+/*
+ *		To identify NTFS ACL meaning Posix ACL granted to root
+ *	we use rights always granted to anybody, so they have no impact
+ *	either on Windows or on Linux.
+ */
+
+#define ROOT_OWNER_UNMARK SYNCHRONIZE	/* ACL granted to root as owner */
+#define ROOT_GROUP_UNMARK FILE_READ_EA	/* ACL granted to root as group */
+
+
+struct SII {		/* this is an image of an $SII index entry */
+	le16 offs;
+	le16 size;
+	le32 fill1;
+	le16 indexsz;
+	le16 indexksz;
+	le16 flags;
+	le16 fill2;
+	le32 keysecurid;
+
+	/* did not find official description for the following */
+	le32 hash;
+	le32 securid;
+	le32 dataoffsl;	/* documented as badly aligned */
+	le32 dataoffsh;
+	le32 datasize;
+} ;
+
+struct SDH {		/* this is an image of an $SDH index entry */
+	le16 offs;
+	le16 size;
+	le32 fill1;
+	le16 indexsz;
+	le16 indexksz;
+	le16 flags;
+	le16 fill2;
+	le32 keyhash;
+	le32 keysecurid;
+
+	/* did not find official description for the following */
+	le32 hash;
+	le32 securid;
+	le32 dataoffsl;
+	le32 dataoffsh;
+	le32 datasize;
+	le32 fill3;
+	} ;
+
+#ifndef INVALID_FILE_ATTRIBUTES     /* not defined in old windows.h */
+#define INVALID_FILE_ATTRIBUTES (-1)
+#endif
+
+enum { MAPUSERS, MAPGROUPS, MAPCOUNT } ;
+
+struct SECURITY_CONTEXT {
+	struct MAPPING *mapping[MAPCOUNT];
+} ;
+
+typedef enum { MAPNONE, MAPEXTERN, MAPLOCAL, MAPDUMMY } MAPTYPE;
+
+
+
+struct passwd {
+	uid_t pw_uid;
+} ;
+
+struct group {
+	gid_t gr_gid;
+} ;
+
+typedef int (*FILEREADER)(void *fileid, char *buf, size_t size, off_t pos);
+
+/*
+ *		Data defined in secaudit.c
+ */
+
+extern MAPTYPE mappingtype;
+
+/*
+ *		Functions defined in acls.c
+ */
+
+BOOL ntfs_valid_descr(const char *securattr, unsigned int attrsz);
+BOOL ntfs_valid_posix(const struct POSIX_SECURITY *pxdesc);
+BOOL ntfs_valid_pattern(const SID *sid);
+BOOL ntfs_same_sid(const SID *first, const SID *second);
+
+
+int ntfs_sid_size(const SID * sid);
+unsigned int ntfs_attr_size(const char *attr);
+
+const SID *ntfs_find_usid(const struct MAPPING *usermapping,
+			uid_t uid, SID *pdefsid);
+const SID *ntfs_find_gsid(const struct MAPPING *groupmapping,
+			gid_t gid, SID *pdefsid);
+uid_t ntfs_find_user(const struct MAPPING *usermapping, const SID *usid);
+gid_t ntfs_find_group(const struct MAPPING *groupmapping, const SID * gsid);
+const SID *ntfs_acl_owner(const char *secattr);
+
+void ntfs_sort_posix(struct POSIX_SECURITY *pxdesc);
+int ntfs_merge_mode_posix(struct POSIX_SECURITY *pxdesc, mode_t mode);
+
+
+struct POSIX_SECURITY *ntfs_build_permissions_posix(
+			struct MAPPING* const mapping[],
+			const char *securattr,
+			const SID *usid, const SID *gsid, BOOL isdir);
+int ntfs_build_permissions(const char *securattr,
+			const SID *usid, const SID *gsid, BOOL isdir);
+struct MAPLIST *ntfs_read_mapping(FILEREADER reader, void *fileid);
+struct MAPPING *ntfs_do_user_mapping(struct MAPLIST *firstitem);
+struct MAPPING *ntfs_do_group_mapping(struct MAPLIST *firstitem);
+void ntfs_free_mapping(struct MAPPING *mapping[]);
+
+struct POSIX_SECURITY *ntfs_merge_descr_posix(const struct POSIX_SECURITY *first,
+			const struct POSIX_SECURITY *second);
+char *ntfs_build_descr_posix(struct MAPPING* const mapping[],
+			struct POSIX_SECURITY *pxdesc,
+			int isdir, const SID *usid, const SID *gsid);
+char *ntfs_build_descr(mode_t mode,
+			int isdir, const SID * usid, const SID * gsid);
+
+/*
+ *		Functions defined in secaudit.c
+ */
+
+void *chkmalloc(size_t, const char*, int);
+void *chkcalloc(size_t, size_t, const char *, int);
+void chkfree(void*, const char*, int);
+BOOL chkisalloc(void*, const char*, int);
+void dumpalloc(const char*);
+
+#define malloc(sz) chkmalloc(sz, __FILE__, __LINE__)
+#define calloc(cnt,sz) chkcalloc(cnt, sz, __FILE__, __LINE__)
+#define free(ptr) chkfree(ptr, __FILE__, __LINE__)
+#define isalloc(ptr) chkisalloc(ptr, __FILE__, __LINE__)
+#define ntfs_malloc(sz) chkmalloc(sz, __FILE__, __LINE__)
+
+struct passwd *getpwnam(const char *user);
+struct group *getgrnam(const char *group);
+
+const SID *relay_find_usid(const struct MAPPING *usermapping,
+			uid_t uid, SID *pdefsid);
+const SID *relay_find_gsid(const struct MAPPING *groupmapping,
+			gid_t gid, SID *pdefsid);
+uid_t relay_find_user(const struct MAPPING *usermapping, const SID *usid);
+gid_t relay_find_group(const struct MAPPING *groupmapping, const SID * gsid);
+