blob: 4e3af97801bf5df8c93ea9d643d3ab8719f99eb1
| 1 | #include "types.h" |
| 2 | #include "layout.h" |
| 3 | #include "sd.h" |
| 4 | |
| 5 | /** |
| 6 | * init_system_file_sd - |
| 7 | * |
| 8 | * NTFS 3.1 - System files security decriptors |
| 9 | * ===================================================== |
| 10 | * |
| 11 | * Create the security descriptor for system file number @sys_file_no and |
| 12 | * return a pointer to the descriptor. |
| 13 | * |
| 14 | * Note the root directory system file (".") is very different and handled by a |
| 15 | * different function. |
| 16 | * |
| 17 | * The sd is returned in *@sd_val and has length *@sd_val_len. |
| 18 | * |
| 19 | * Do NOT free *@sd_val as it is static memory. This also means that you can |
| 20 | * only use *@sd_val until the next call to this function. |
| 21 | */ |
| 22 | void init_system_file_sd(int sys_file_no, u8 **sd_val, int *sd_val_len) |
| 23 | { |
| 24 | static u8 sd_array[0x68]; |
| 25 | SECURITY_DESCRIPTOR_RELATIVE *sd; |
| 26 | ACL *acl; |
| 27 | ACCESS_ALLOWED_ACE *aa_ace; |
| 28 | SID *sid; |
| 29 | le32 *sub_authorities; |
| 30 | |
| 31 | if (sys_file_no < 0) { |
| 32 | *sd_val = NULL; |
| 33 | *sd_val_len = 0; |
| 34 | return; |
| 35 | } |
| 36 | *sd_val = sd_array; |
| 37 | sd = (SECURITY_DESCRIPTOR_RELATIVE*)&sd_array; |
| 38 | sd->revision = 1; |
| 39 | sd->alignment = 0; |
| 40 | sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT; |
| 41 | *sd_val_len = 0x64; |
| 42 | sd->owner = const_cpu_to_le32(0x48); |
| 43 | sd->group = const_cpu_to_le32(0x54); |
| 44 | sd->sacl = const_cpu_to_le32(0); |
| 45 | sd->dacl = const_cpu_to_le32(0x14); |
| 46 | /* |
| 47 | * Now at offset 0x14, as specified in the security descriptor, we have |
| 48 | * the DACL. |
| 49 | */ |
| 50 | acl = (ACL*)((char*)sd + le32_to_cpu(sd->dacl)); |
| 51 | acl->revision = 2; |
| 52 | acl->alignment1 = 0; |
| 53 | acl->size = const_cpu_to_le16(0x34); |
| 54 | acl->ace_count = const_cpu_to_le16(2); |
| 55 | acl->alignment2 = const_cpu_to_le16(0); |
| 56 | /* |
| 57 | * Now at offset 0x1c, just after the DACL's ACL, we have the first |
| 58 | * ACE of the DACL. The type of the ACE is access allowed. |
| 59 | */ |
| 60 | aa_ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL)); |
| 61 | aa_ace->type = ACCESS_ALLOWED_ACE_TYPE; |
| 62 | aa_ace->flags = 0; |
| 63 | aa_ace->size = const_cpu_to_le16(0x14); |
| 64 | switch (sys_file_no) { |
| 65 | case FILE_AttrDef: |
| 66 | case FILE_Boot: |
| 67 | aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ | |
| 68 | FILE_READ_ATTRIBUTES | FILE_READ_EA | FILE_READ_DATA; |
| 69 | break; |
| 70 | default: |
| 71 | aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_WRITE | |
| 72 | FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES | |
| 73 | FILE_WRITE_EA | FILE_READ_EA | FILE_APPEND_DATA | |
| 74 | FILE_WRITE_DATA | FILE_READ_DATA; |
| 75 | break; |
| 76 | } |
| 77 | aa_ace->sid.revision = 1; |
| 78 | aa_ace->sid.sub_authority_count = 1; |
| 79 | aa_ace->sid.identifier_authority.value[0] = 0; |
| 80 | aa_ace->sid.identifier_authority.value[1] = 0; |
| 81 | aa_ace->sid.identifier_authority.value[2] = 0; |
| 82 | aa_ace->sid.identifier_authority.value[3] = 0; |
| 83 | aa_ace->sid.identifier_authority.value[4] = 0; |
| 84 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
| 85 | aa_ace->sid.identifier_authority.value[5] = 5; |
| 86 | aa_ace->sid.sub_authority[0] = |
| 87 | const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); |
| 88 | /* |
| 89 | * Now at offset 0x30 within security descriptor, just after the first |
| 90 | * ACE of the DACL. All system files, except the root directory, have |
| 91 | * a second ACE. |
| 92 | */ |
| 93 | /* The second ACE of the DACL. Type is access allowed. */ |
| 94 | aa_ace = (ACCESS_ALLOWED_ACE*)((char*)aa_ace + |
| 95 | le16_to_cpu(aa_ace->size)); |
| 96 | aa_ace->type = ACCESS_ALLOWED_ACE_TYPE; |
| 97 | aa_ace->flags = 0; |
| 98 | aa_ace->size = const_cpu_to_le16(0x18); |
| 99 | /* Only $AttrDef and $Boot behave differently to everything else. */ |
| 100 | switch (sys_file_no) { |
| 101 | case FILE_AttrDef: |
| 102 | case FILE_Boot: |
| 103 | aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ | |
| 104 | FILE_READ_ATTRIBUTES | FILE_READ_EA | |
| 105 | FILE_READ_DATA; |
| 106 | break; |
| 107 | default: |
| 108 | aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ | |
| 109 | FILE_WRITE_ATTRIBUTES | |
| 110 | FILE_READ_ATTRIBUTES | FILE_WRITE_EA | |
| 111 | FILE_READ_EA | FILE_APPEND_DATA | |
| 112 | FILE_WRITE_DATA | FILE_READ_DATA; |
| 113 | break; |
| 114 | } |
| 115 | aa_ace->sid.revision = 1; |
| 116 | aa_ace->sid.sub_authority_count = 2; |
| 117 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
| 118 | aa_ace->sid.identifier_authority.value[0] = 0; |
| 119 | aa_ace->sid.identifier_authority.value[1] = 0; |
| 120 | aa_ace->sid.identifier_authority.value[2] = 0; |
| 121 | aa_ace->sid.identifier_authority.value[3] = 0; |
| 122 | aa_ace->sid.identifier_authority.value[4] = 0; |
| 123 | aa_ace->sid.identifier_authority.value[5] = 5; |
| 124 | sub_authorities = aa_ace->sid.sub_authority; |
| 125 | *sub_authorities++ = |
| 126 | const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); |
| 127 | *sub_authorities = |
| 128 | const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); |
| 129 | /* |
| 130 | * Now at offset 0x48 into the security descriptor, as specified in the |
| 131 | * security descriptor, we now have the owner SID. |
| 132 | */ |
| 133 | sid = (SID*)((char*)sd + le32_to_cpu(sd->owner)); |
| 134 | sid->revision = 1; |
| 135 | sid->sub_authority_count = 1; |
| 136 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
| 137 | sid->identifier_authority.value[0] = 0; |
| 138 | sid->identifier_authority.value[1] = 0; |
| 139 | sid->identifier_authority.value[2] = 0; |
| 140 | sid->identifier_authority.value[3] = 0; |
| 141 | sid->identifier_authority.value[4] = 0; |
| 142 | sid->identifier_authority.value[5] = 5; |
| 143 | sid->sub_authority[0] = const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); |
| 144 | /* |
| 145 | * Now at offset 0x54 into the security descriptor, as specified in the |
| 146 | * security descriptor, we have the group SID. |
| 147 | */ |
| 148 | sid = (SID*)((char*)sd + le32_to_cpu(sd->group)); |
| 149 | sid->revision = 1; |
| 150 | sid->sub_authority_count = 2; |
| 151 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
| 152 | sid->identifier_authority.value[0] = 0; |
| 153 | sid->identifier_authority.value[1] = 0; |
| 154 | sid->identifier_authority.value[2] = 0; |
| 155 | sid->identifier_authority.value[3] = 0; |
| 156 | sid->identifier_authority.value[4] = 0; |
| 157 | sid->identifier_authority.value[5] = 5; |
| 158 | sub_authorities = sid->sub_authority; |
| 159 | *sub_authorities++ = const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); |
| 160 | *sub_authorities = const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); |
| 161 | } |
| 162 | |
| 163 | /** |
| 164 | * init_root_sd - |
| 165 | * |
| 166 | * Creates the security_descriptor for the root folder on ntfs 3.1 as created |
| 167 | * by Windows Vista (when the format is done from the disk management MMC |
| 168 | * snap-in, note this is different from the format done from the disk |
| 169 | * properties in Windows Explorer). |
| 170 | */ |
| 171 | void init_root_sd(u8 **sd_val, int *sd_val_len) |
| 172 | { |
| 173 | SECURITY_DESCRIPTOR_RELATIVE *sd; |
| 174 | ACL *acl; |
| 175 | ACCESS_ALLOWED_ACE *ace; |
| 176 | SID *sid; |
| 177 | le32 *sub_authorities; |
| 178 | |
| 179 | static char sd_array[0x102c]; |
| 180 | *sd_val_len = 0x102c; |
| 181 | *sd_val = (u8*)&sd_array; |
| 182 | |
| 183 | //security descriptor relative |
| 184 | sd = (SECURITY_DESCRIPTOR_RELATIVE*)sd_array; |
| 185 | sd->revision = SECURITY_DESCRIPTOR_REVISION; |
| 186 | sd->alignment = 0; |
| 187 | sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT; |
| 188 | sd->owner = const_cpu_to_le32(0x1014); |
| 189 | sd->group = const_cpu_to_le32(0x1020); |
| 190 | sd->sacl = 0; |
| 191 | sd->dacl = const_cpu_to_le32(sizeof(SECURITY_DESCRIPTOR_RELATIVE)); |
| 192 | |
| 193 | //acl |
| 194 | acl = (ACL*)((u8*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE)); |
| 195 | acl->revision = ACL_REVISION; |
| 196 | acl->alignment1 = 0; |
| 197 | acl->size = const_cpu_to_le16(0x1000); |
| 198 | acl->ace_count = const_cpu_to_le16(0x08); |
| 199 | acl->alignment2 = 0; |
| 200 | |
| 201 | //ace1 |
| 202 | ace = (ACCESS_ALLOWED_ACE*)((u8*)acl + sizeof(ACL)); |
| 203 | ace->type = ACCESS_ALLOWED_ACE_TYPE; |
| 204 | ace->flags = 0; |
| 205 | ace->size = const_cpu_to_le16(0x18); |
| 206 | ace->mask = STANDARD_RIGHTS_ALL | FILE_WRITE_ATTRIBUTES | |
| 207 | FILE_LIST_DIRECTORY | FILE_WRITE_DATA | |
| 208 | FILE_ADD_SUBDIRECTORY | FILE_READ_EA | FILE_WRITE_EA | |
| 209 | FILE_TRAVERSE | FILE_DELETE_CHILD | |
| 210 | FILE_READ_ATTRIBUTES; |
| 211 | ace->sid.revision = SID_REVISION; |
| 212 | ace->sid.sub_authority_count = 0x02; |
| 213 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
| 214 | ace->sid.identifier_authority.value[0] = 0; |
| 215 | ace->sid.identifier_authority.value[1] = 0; |
| 216 | ace->sid.identifier_authority.value[2] = 0; |
| 217 | ace->sid.identifier_authority.value[3] = 0; |
| 218 | ace->sid.identifier_authority.value[4] = 0; |
| 219 | ace->sid.identifier_authority.value[5] = 5; |
| 220 | sub_authorities = ace->sid.sub_authority; |
| 221 | *sub_authorities++ = |
| 222 | const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); |
| 223 | *sub_authorities = const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); |
| 224 | |
| 225 | //ace2 |
| 226 | ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size)); |
| 227 | ace->type = ACCESS_ALLOWED_ACE_TYPE; |
| 228 | ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | |
| 229 | INHERIT_ONLY_ACE; |
| 230 | ace->size = const_cpu_to_le16(0x18); |
| 231 | ace->mask = GENERIC_ALL; |
| 232 | ace->sid.revision = SID_REVISION; |
| 233 | ace->sid.sub_authority_count = 0x02; |
| 234 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
| 235 | ace->sid.identifier_authority.value[0] = 0; |
| 236 | ace->sid.identifier_authority.value[1] = 0; |
| 237 | ace->sid.identifier_authority.value[2] = 0; |
| 238 | ace->sid.identifier_authority.value[3] = 0; |
| 239 | ace->sid.identifier_authority.value[4] = 0; |
| 240 | ace->sid.identifier_authority.value[5] = 5; |
| 241 | sub_authorities = ace->sid.sub_authority; |
| 242 | *sub_authorities++ = |
| 243 | const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); |
| 244 | *sub_authorities = const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); |
| 245 | |
| 246 | //ace3 |
| 247 | ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size)); |
| 248 | ace->type = ACCESS_ALLOWED_ACE_TYPE; |
| 249 | ace->flags = 0; |
| 250 | ace->size = const_cpu_to_le16(0x14); |
| 251 | ace->mask = STANDARD_RIGHTS_ALL | FILE_WRITE_ATTRIBUTES | |
| 252 | FILE_LIST_DIRECTORY | FILE_WRITE_DATA | |
| 253 | FILE_ADD_SUBDIRECTORY | FILE_READ_EA | FILE_WRITE_EA | |
| 254 | FILE_TRAVERSE | FILE_DELETE_CHILD | |
| 255 | FILE_READ_ATTRIBUTES; |
| 256 | ace->sid.revision = SID_REVISION; |
| 257 | ace->sid.sub_authority_count = 0x01; |
| 258 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
| 259 | ace->sid.identifier_authority.value[0] = 0; |
| 260 | ace->sid.identifier_authority.value[1] = 0; |
| 261 | ace->sid.identifier_authority.value[2] = 0; |
| 262 | ace->sid.identifier_authority.value[3] = 0; |
| 263 | ace->sid.identifier_authority.value[4] = 0; |
| 264 | ace->sid.identifier_authority.value[5] = 5; |
| 265 | ace->sid.sub_authority[0] = |
| 266 | const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); |
| 267 | |
| 268 | //ace4 |
| 269 | ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size)); |
| 270 | ace->type = ACCESS_ALLOWED_ACE_TYPE; |
| 271 | ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | |
| 272 | INHERIT_ONLY_ACE; |
| 273 | ace->size = const_cpu_to_le16(0x14); |
| 274 | ace->mask = GENERIC_ALL; |
| 275 | ace->sid.revision = SID_REVISION; |
| 276 | ace->sid.sub_authority_count = 0x01; |
| 277 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
| 278 | ace->sid.identifier_authority.value[0] = 0; |
| 279 | ace->sid.identifier_authority.value[1] = 0; |
| 280 | ace->sid.identifier_authority.value[2] = 0; |
| 281 | ace->sid.identifier_authority.value[3] = 0; |
| 282 | ace->sid.identifier_authority.value[4] = 0; |
| 283 | ace->sid.identifier_authority.value[5] = 5; |
| 284 | ace->sid.sub_authority[0] = |
| 285 | const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); |
| 286 | |
| 287 | //ace5 |
| 288 | ace = (ACCESS_ALLOWED_ACE*)((char*)ace + le16_to_cpu(ace->size)); |
| 289 | ace->type = ACCESS_ALLOWED_ACE_TYPE; |
| 290 | ace->flags = 0; |
| 291 | ace->size = const_cpu_to_le16(0x14); |
| 292 | ace->mask = SYNCHRONIZE | READ_CONTROL | DELETE | |
| 293 | FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES | |
| 294 | FILE_TRAVERSE | FILE_WRITE_EA | FILE_READ_EA | |
| 295 | FILE_ADD_SUBDIRECTORY | FILE_ADD_FILE | |
| 296 | FILE_LIST_DIRECTORY; |
| 297 | ace->sid.revision = SID_REVISION; |
| 298 | ace->sid.sub_authority_count = 0x01; |
| 299 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
| 300 | ace->sid.identifier_authority.value[0] = 0; |
| 301 | ace->sid.identifier_authority.value[1] = 0; |
| 302 | ace->sid.identifier_authority.value[2] = 0; |
| 303 | ace->sid.identifier_authority.value[3] = 0; |
| 304 | ace->sid.identifier_authority.value[4] = 0; |
| 305 | ace->sid.identifier_authority.value[5] = 5; |
| 306 | ace->sid.sub_authority[0] = |
| 307 | const_cpu_to_le32(SECURITY_AUTHENTICATED_USER_RID); |
| 308 | |
| 309 | //ace6 |
| 310 | ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size)); |
| 311 | ace->type = ACCESS_ALLOWED_ACE_TYPE; |
| 312 | ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | |
| 313 | INHERIT_ONLY_ACE; |
| 314 | ace->size = const_cpu_to_le16(0x14); |
| 315 | ace->mask = GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | DELETE; |
| 316 | ace->sid.revision = SID_REVISION; |
| 317 | ace->sid.sub_authority_count = 0x01; |
| 318 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
| 319 | ace->sid.identifier_authority.value[0] = 0; |
| 320 | ace->sid.identifier_authority.value[1] = 0; |
| 321 | ace->sid.identifier_authority.value[2] = 0; |
| 322 | ace->sid.identifier_authority.value[3] = 0; |
| 323 | ace->sid.identifier_authority.value[4] = 0; |
| 324 | ace->sid.identifier_authority.value[5] = 5; |
| 325 | ace->sid.sub_authority[0] = |
| 326 | const_cpu_to_le32(SECURITY_AUTHENTICATED_USER_RID); |
| 327 | |
| 328 | //ace7 |
| 329 | ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size)); |
| 330 | ace->type = ACCESS_ALLOWED_ACE_TYPE; |
| 331 | ace->flags = 0; |
| 332 | ace->size = const_cpu_to_le16(0x18); |
| 333 | ace->mask = SYNCHRONIZE | READ_CONTROL | FILE_READ_ATTRIBUTES | |
| 334 | FILE_TRAVERSE | FILE_READ_EA | FILE_LIST_DIRECTORY; |
| 335 | ace->sid.revision = SID_REVISION; |
| 336 | ace->sid.sub_authority_count = 0x02; |
| 337 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
| 338 | ace->sid.identifier_authority.value[0] = 0; |
| 339 | ace->sid.identifier_authority.value[1] = 0; |
| 340 | ace->sid.identifier_authority.value[2] = 0; |
| 341 | ace->sid.identifier_authority.value[3] = 0; |
| 342 | ace->sid.identifier_authority.value[4] = 0; |
| 343 | ace->sid.identifier_authority.value[5] = 5; |
| 344 | sub_authorities = ace->sid.sub_authority; |
| 345 | *sub_authorities++ = |
| 346 | const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); |
| 347 | *sub_authorities = const_cpu_to_le32(DOMAIN_ALIAS_RID_USERS); |
| 348 | |
| 349 | //ace8 |
| 350 | ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size)); |
| 351 | ace->type = ACCESS_ALLOWED_ACE_TYPE; |
| 352 | ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | |
| 353 | INHERIT_ONLY_ACE; |
| 354 | ace->size = const_cpu_to_le16(0x18); |
| 355 | ace->mask = GENERIC_READ | GENERIC_EXECUTE; |
| 356 | ace->sid.revision = SID_REVISION; |
| 357 | ace->sid.sub_authority_count = 0x02; |
| 358 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
| 359 | ace->sid.identifier_authority.value[0] = 0; |
| 360 | ace->sid.identifier_authority.value[1] = 0; |
| 361 | ace->sid.identifier_authority.value[2] = 0; |
| 362 | ace->sid.identifier_authority.value[3] = 0; |
| 363 | ace->sid.identifier_authority.value[4] = 0; |
| 364 | ace->sid.identifier_authority.value[5] = 5; |
| 365 | sub_authorities = ace->sid.sub_authority; |
| 366 | *sub_authorities++ = |
| 367 | const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); |
| 368 | *sub_authorities = const_cpu_to_le32(DOMAIN_ALIAS_RID_USERS); |
| 369 | |
| 370 | //owner sid |
| 371 | sid = (SID*)((char*)sd + le32_to_cpu(sd->owner)); |
| 372 | sid->revision = 0x01; |
| 373 | sid->sub_authority_count = 0x01; |
| 374 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
| 375 | sid->identifier_authority.value[0] = 0; |
| 376 | sid->identifier_authority.value[1] = 0; |
| 377 | sid->identifier_authority.value[2] = 0; |
| 378 | sid->identifier_authority.value[3] = 0; |
| 379 | sid->identifier_authority.value[4] = 0; |
| 380 | sid->identifier_authority.value[5] = 5; |
| 381 | sid->sub_authority[0] = const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); |
| 382 | |
| 383 | //group sid |
| 384 | sid = (SID*)((char*)sd + le32_to_cpu(sd->group)); |
| 385 | sid->revision = 0x01; |
| 386 | sid->sub_authority_count = 0x01; |
| 387 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
| 388 | sid->identifier_authority.value[0] = 0; |
| 389 | sid->identifier_authority.value[1] = 0; |
| 390 | sid->identifier_authority.value[2] = 0; |
| 391 | sid->identifier_authority.value[3] = 0; |
| 392 | sid->identifier_authority.value[4] = 0; |
| 393 | sid->identifier_authority.value[5] = 5; |
| 394 | sid->sub_authority[0] = const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); |
| 395 | } |
| 396 | |
| 397 | /** |
| 398 | * init_secure_sds - |
| 399 | * |
| 400 | * NTFS 3.1 - System files security decriptors |
| 401 | * =========================================== |
| 402 | * Create the security descriptor entries in $SDS data stream like they |
| 403 | * are in a partition, newly formatted with windows 2003 |
| 404 | */ |
| 405 | void init_secure_sds(char *sd_val) |
| 406 | { |
| 407 | SECURITY_DESCRIPTOR_HEADER *sds; |
| 408 | SECURITY_DESCRIPTOR_RELATIVE *sd; |
| 409 | ACL *acl; |
| 410 | ACCESS_ALLOWED_ACE *ace; |
| 411 | SID *sid; |
| 412 | |
| 413 | /* |
| 414 | * security descriptor #1 |
| 415 | */ |
| 416 | //header |
| 417 | sds = (SECURITY_DESCRIPTOR_HEADER*)((char*)sd_val); |
| 418 | sds->hash = const_cpu_to_le32(0xF80312F0); |
| 419 | sds->security_id = const_cpu_to_le32(0x0100); |
| 420 | sds->offset = const_cpu_to_le64(0x00); |
| 421 | sds->length = const_cpu_to_le32(0x7C); |
| 422 | //security descriptor relative |
| 423 | sd = (SECURITY_DESCRIPTOR_RELATIVE*)((char*)sds + |
| 424 | sizeof(SECURITY_DESCRIPTOR_HEADER)); |
| 425 | sd->revision = 0x01; |
| 426 | sd->alignment = 0x00; |
| 427 | sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT; |
| 428 | sd->owner = const_cpu_to_le32(0x48); |
| 429 | sd->group = const_cpu_to_le32(0x58); |
| 430 | sd->sacl = const_cpu_to_le32(0x00); |
| 431 | sd->dacl = const_cpu_to_le32(0x14); |
| 432 | |
| 433 | //acl |
| 434 | acl = (ACL*)((char*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE)); |
| 435 | acl->revision = 0x02; |
| 436 | acl->alignment1 = 0x00; |
| 437 | acl->size = const_cpu_to_le16(0x34); |
| 438 | acl->ace_count = const_cpu_to_le16(0x02); |
| 439 | acl->alignment2 = 0x00; |
| 440 | |
| 441 | //ace1 |
| 442 | ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL)); |
| 443 | ace->type = 0x00; |
| 444 | ace->flags = 0x00; |
| 445 | ace->size = const_cpu_to_le16(0x14); |
| 446 | ace->mask = const_cpu_to_le32(0x120089); |
| 447 | ace->sid.revision = 0x01; |
| 448 | ace->sid.sub_authority_count = 0x01; |
| 449 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
| 450 | ace->sid.identifier_authority.value[0] = 0; |
| 451 | ace->sid.identifier_authority.value[1] = 0; |
| 452 | ace->sid.identifier_authority.value[2] = 0; |
| 453 | ace->sid.identifier_authority.value[3] = 0; |
| 454 | ace->sid.identifier_authority.value[4] = 0; |
| 455 | ace->sid.identifier_authority.value[5] = 5; |
| 456 | ace->sid.sub_authority[0] = |
| 457 | const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); |
| 458 | //ace2 |
| 459 | ace = (ACCESS_ALLOWED_ACE*)((char*)ace + le16_to_cpu(ace->size)); |
| 460 | ace->type = 0x00; |
| 461 | ace->flags = 0x00; |
| 462 | ace->size = const_cpu_to_le16(0x18); |
| 463 | ace->mask = const_cpu_to_le32(0x120089); |
| 464 | ace->sid.revision = 0x01; |
| 465 | ace->sid.sub_authority_count = 0x02; |
| 466 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
| 467 | ace->sid.identifier_authority.value[0] = 0; |
| 468 | ace->sid.identifier_authority.value[1] = 0; |
| 469 | ace->sid.identifier_authority.value[2] = 0; |
| 470 | ace->sid.identifier_authority.value[3] = 0; |
| 471 | ace->sid.identifier_authority.value[4] = 0; |
| 472 | ace->sid.identifier_authority.value[5] = 5; |
| 473 | ace->sid.sub_authority[0] = |
| 474 | const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); |
| 475 | ace->sid.sub_authority[1] = |
| 476 | const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); |
| 477 | |
| 478 | //owner sid |
| 479 | sid = (SID*)((char*)sd + le32_to_cpu(sd->owner)); |
| 480 | sid->revision = 0x01; |
| 481 | sid->sub_authority_count = 0x02; |
| 482 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
| 483 | sid->identifier_authority.value[0] = 0; |
| 484 | sid->identifier_authority.value[1] = 0; |
| 485 | sid->identifier_authority.value[2] = 0; |
| 486 | sid->identifier_authority.value[3] = 0; |
| 487 | sid->identifier_authority.value[4] = 0; |
| 488 | sid->identifier_authority.value[5] = 5; |
| 489 | sid->sub_authority[0] = |
| 490 | const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); |
| 491 | sid->sub_authority[1] = |
| 492 | const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); |
| 493 | //group sid |
| 494 | sid = (SID*)((char*)sd + le32_to_cpu(sd->group)); |
| 495 | sid->revision = 0x01; |
| 496 | sid->sub_authority_count = 0x02; |
| 497 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
| 498 | sid->identifier_authority.value[0] = 0; |
| 499 | sid->identifier_authority.value[1] = 0; |
| 500 | sid->identifier_authority.value[2] = 0; |
| 501 | sid->identifier_authority.value[3] = 0; |
| 502 | sid->identifier_authority.value[4] = 0; |
| 503 | sid->identifier_authority.value[5] = 5; |
| 504 | sid->sub_authority[0] = |
| 505 | const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); |
| 506 | sid->sub_authority[1] = |
| 507 | const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); |
| 508 | /* |
| 509 | * security descriptor #2 |
| 510 | */ |
| 511 | //header |
| 512 | sds = (SECURITY_DESCRIPTOR_HEADER*)((char*)sd_val + 0x80); |
| 513 | sds->hash = const_cpu_to_le32(0xB32451); |
| 514 | sds->security_id = const_cpu_to_le32(0x0101); |
| 515 | sds->offset = const_cpu_to_le64(0x80); |
| 516 | sds->length = const_cpu_to_le32(0x7C); |
| 517 | |
| 518 | //security descriptor relative |
| 519 | sd = (SECURITY_DESCRIPTOR_RELATIVE*)((char*)sds + |
| 520 | sizeof(SECURITY_DESCRIPTOR_HEADER)); |
| 521 | sd->revision = 0x01; |
| 522 | sd->alignment = 0x00; |
| 523 | sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT; |
| 524 | sd->owner = const_cpu_to_le32(0x48); |
| 525 | sd->group = const_cpu_to_le32(0x58); |
| 526 | sd->sacl = const_cpu_to_le32(0x00); |
| 527 | sd->dacl = const_cpu_to_le32(0x14); |
| 528 | |
| 529 | //acl |
| 530 | acl = (ACL*)((char*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE)); |
| 531 | acl->revision = 0x02; |
| 532 | acl->alignment1 = 0x00; |
| 533 | acl->size = const_cpu_to_le16(0x34); |
| 534 | acl->ace_count = const_cpu_to_le16(0x02); |
| 535 | acl->alignment2 = 0x00; |
| 536 | |
| 537 | //ace1 |
| 538 | ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL)); |
| 539 | ace->type = 0x00; |
| 540 | ace->flags = 0x00; |
| 541 | ace->size = const_cpu_to_le16(0x14); |
| 542 | ace->mask = const_cpu_to_le32(0x12019F); |
| 543 | ace->sid.revision = 0x01; |
| 544 | ace->sid.sub_authority_count = 0x01; |
| 545 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
| 546 | ace->sid.identifier_authority.value[0] = 0; |
| 547 | ace->sid.identifier_authority.value[1] = 0; |
| 548 | ace->sid.identifier_authority.value[2] = 0; |
| 549 | ace->sid.identifier_authority.value[3] = 0; |
| 550 | ace->sid.identifier_authority.value[4] = 0; |
| 551 | ace->sid.identifier_authority.value[5] = 5; |
| 552 | ace->sid.sub_authority[0] = |
| 553 | const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); |
| 554 | //ace2 |
| 555 | ace = (ACCESS_ALLOWED_ACE*)((char*)ace + le16_to_cpu(ace->size)); |
| 556 | ace->type = 0x00; |
| 557 | ace->flags = 0x00; |
| 558 | ace->size = const_cpu_to_le16(0x18); |
| 559 | ace->mask = const_cpu_to_le32(0x12019F); |
| 560 | ace->sid.revision = 0x01; |
| 561 | ace->sid.sub_authority_count = 0x02; |
| 562 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
| 563 | ace->sid.identifier_authority.value[0] = 0; |
| 564 | ace->sid.identifier_authority.value[1] = 0; |
| 565 | ace->sid.identifier_authority.value[2] = 0; |
| 566 | ace->sid.identifier_authority.value[3] = 0; |
| 567 | ace->sid.identifier_authority.value[4] = 0; |
| 568 | ace->sid.identifier_authority.value[5] = 5; |
| 569 | ace->sid.sub_authority[0] = |
| 570 | const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); |
| 571 | ace->sid.sub_authority[1] = |
| 572 | const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); |
| 573 | |
| 574 | //owner sid |
| 575 | sid = (SID*)((char*)sd + le32_to_cpu(sd->owner)); |
| 576 | sid->revision = 0x01; |
| 577 | sid->sub_authority_count = 0x02; |
| 578 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
| 579 | sid->identifier_authority.value[0] = 0; |
| 580 | sid->identifier_authority.value[1] = 0; |
| 581 | sid->identifier_authority.value[2] = 0; |
| 582 | sid->identifier_authority.value[3] = 0; |
| 583 | sid->identifier_authority.value[4] = 0; |
| 584 | sid->identifier_authority.value[5] = 5; |
| 585 | sid->sub_authority[0] = |
| 586 | const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); |
| 587 | sid->sub_authority[1] = |
| 588 | const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); |
| 589 | |
| 590 | //group sid |
| 591 | sid = (SID*)((char*)sd + le32_to_cpu(sd->group)); |
| 592 | sid->revision = 0x01; |
| 593 | sid->sub_authority_count = 0x02; |
| 594 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
| 595 | sid->identifier_authority.value[0] = 0; |
| 596 | sid->identifier_authority.value[1] = 0; |
| 597 | sid->identifier_authority.value[2] = 0; |
| 598 | sid->identifier_authority.value[3] = 0; |
| 599 | sid->identifier_authority.value[4] = 0; |
| 600 | sid->identifier_authority.value[5] = 5; |
| 601 | sid->sub_authority[0] = |
| 602 | const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); |
| 603 | sid->sub_authority[1] = |
| 604 | const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); |
| 605 | |
| 606 | return; |
| 607 | } |
| 608 |