blob: 4e3af97801bf5df8c93ea9d643d3ab8719f99eb1
1 | #include "types.h" |
2 | #include "layout.h" |
3 | #include "sd.h" |
4 | |
5 | /** |
6 | * init_system_file_sd - |
7 | * |
8 | * NTFS 3.1 - System files security decriptors |
9 | * ===================================================== |
10 | * |
11 | * Create the security descriptor for system file number @sys_file_no and |
12 | * return a pointer to the descriptor. |
13 | * |
14 | * Note the root directory system file (".") is very different and handled by a |
15 | * different function. |
16 | * |
17 | * The sd is returned in *@sd_val and has length *@sd_val_len. |
18 | * |
19 | * Do NOT free *@sd_val as it is static memory. This also means that you can |
20 | * only use *@sd_val until the next call to this function. |
21 | */ |
22 | void init_system_file_sd(int sys_file_no, u8 **sd_val, int *sd_val_len) |
23 | { |
24 | static u8 sd_array[0x68]; |
25 | SECURITY_DESCRIPTOR_RELATIVE *sd; |
26 | ACL *acl; |
27 | ACCESS_ALLOWED_ACE *aa_ace; |
28 | SID *sid; |
29 | le32 *sub_authorities; |
30 | |
31 | if (sys_file_no < 0) { |
32 | *sd_val = NULL; |
33 | *sd_val_len = 0; |
34 | return; |
35 | } |
36 | *sd_val = sd_array; |
37 | sd = (SECURITY_DESCRIPTOR_RELATIVE*)&sd_array; |
38 | sd->revision = 1; |
39 | sd->alignment = 0; |
40 | sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT; |
41 | *sd_val_len = 0x64; |
42 | sd->owner = const_cpu_to_le32(0x48); |
43 | sd->group = const_cpu_to_le32(0x54); |
44 | sd->sacl = const_cpu_to_le32(0); |
45 | sd->dacl = const_cpu_to_le32(0x14); |
46 | /* |
47 | * Now at offset 0x14, as specified in the security descriptor, we have |
48 | * the DACL. |
49 | */ |
50 | acl = (ACL*)((char*)sd + le32_to_cpu(sd->dacl)); |
51 | acl->revision = 2; |
52 | acl->alignment1 = 0; |
53 | acl->size = const_cpu_to_le16(0x34); |
54 | acl->ace_count = const_cpu_to_le16(2); |
55 | acl->alignment2 = const_cpu_to_le16(0); |
56 | /* |
57 | * Now at offset 0x1c, just after the DACL's ACL, we have the first |
58 | * ACE of the DACL. The type of the ACE is access allowed. |
59 | */ |
60 | aa_ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL)); |
61 | aa_ace->type = ACCESS_ALLOWED_ACE_TYPE; |
62 | aa_ace->flags = 0; |
63 | aa_ace->size = const_cpu_to_le16(0x14); |
64 | switch (sys_file_no) { |
65 | case FILE_AttrDef: |
66 | case FILE_Boot: |
67 | aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ | |
68 | FILE_READ_ATTRIBUTES | FILE_READ_EA | FILE_READ_DATA; |
69 | break; |
70 | default: |
71 | aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_WRITE | |
72 | FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES | |
73 | FILE_WRITE_EA | FILE_READ_EA | FILE_APPEND_DATA | |
74 | FILE_WRITE_DATA | FILE_READ_DATA; |
75 | break; |
76 | } |
77 | aa_ace->sid.revision = 1; |
78 | aa_ace->sid.sub_authority_count = 1; |
79 | aa_ace->sid.identifier_authority.value[0] = 0; |
80 | aa_ace->sid.identifier_authority.value[1] = 0; |
81 | aa_ace->sid.identifier_authority.value[2] = 0; |
82 | aa_ace->sid.identifier_authority.value[3] = 0; |
83 | aa_ace->sid.identifier_authority.value[4] = 0; |
84 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
85 | aa_ace->sid.identifier_authority.value[5] = 5; |
86 | aa_ace->sid.sub_authority[0] = |
87 | const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); |
88 | /* |
89 | * Now at offset 0x30 within security descriptor, just after the first |
90 | * ACE of the DACL. All system files, except the root directory, have |
91 | * a second ACE. |
92 | */ |
93 | /* The second ACE of the DACL. Type is access allowed. */ |
94 | aa_ace = (ACCESS_ALLOWED_ACE*)((char*)aa_ace + |
95 | le16_to_cpu(aa_ace->size)); |
96 | aa_ace->type = ACCESS_ALLOWED_ACE_TYPE; |
97 | aa_ace->flags = 0; |
98 | aa_ace->size = const_cpu_to_le16(0x18); |
99 | /* Only $AttrDef and $Boot behave differently to everything else. */ |
100 | switch (sys_file_no) { |
101 | case FILE_AttrDef: |
102 | case FILE_Boot: |
103 | aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ | |
104 | FILE_READ_ATTRIBUTES | FILE_READ_EA | |
105 | FILE_READ_DATA; |
106 | break; |
107 | default: |
108 | aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ | |
109 | FILE_WRITE_ATTRIBUTES | |
110 | FILE_READ_ATTRIBUTES | FILE_WRITE_EA | |
111 | FILE_READ_EA | FILE_APPEND_DATA | |
112 | FILE_WRITE_DATA | FILE_READ_DATA; |
113 | break; |
114 | } |
115 | aa_ace->sid.revision = 1; |
116 | aa_ace->sid.sub_authority_count = 2; |
117 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
118 | aa_ace->sid.identifier_authority.value[0] = 0; |
119 | aa_ace->sid.identifier_authority.value[1] = 0; |
120 | aa_ace->sid.identifier_authority.value[2] = 0; |
121 | aa_ace->sid.identifier_authority.value[3] = 0; |
122 | aa_ace->sid.identifier_authority.value[4] = 0; |
123 | aa_ace->sid.identifier_authority.value[5] = 5; |
124 | sub_authorities = aa_ace->sid.sub_authority; |
125 | *sub_authorities++ = |
126 | const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); |
127 | *sub_authorities = |
128 | const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); |
129 | /* |
130 | * Now at offset 0x48 into the security descriptor, as specified in the |
131 | * security descriptor, we now have the owner SID. |
132 | */ |
133 | sid = (SID*)((char*)sd + le32_to_cpu(sd->owner)); |
134 | sid->revision = 1; |
135 | sid->sub_authority_count = 1; |
136 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
137 | sid->identifier_authority.value[0] = 0; |
138 | sid->identifier_authority.value[1] = 0; |
139 | sid->identifier_authority.value[2] = 0; |
140 | sid->identifier_authority.value[3] = 0; |
141 | sid->identifier_authority.value[4] = 0; |
142 | sid->identifier_authority.value[5] = 5; |
143 | sid->sub_authority[0] = const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); |
144 | /* |
145 | * Now at offset 0x54 into the security descriptor, as specified in the |
146 | * security descriptor, we have the group SID. |
147 | */ |
148 | sid = (SID*)((char*)sd + le32_to_cpu(sd->group)); |
149 | sid->revision = 1; |
150 | sid->sub_authority_count = 2; |
151 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
152 | sid->identifier_authority.value[0] = 0; |
153 | sid->identifier_authority.value[1] = 0; |
154 | sid->identifier_authority.value[2] = 0; |
155 | sid->identifier_authority.value[3] = 0; |
156 | sid->identifier_authority.value[4] = 0; |
157 | sid->identifier_authority.value[5] = 5; |
158 | sub_authorities = sid->sub_authority; |
159 | *sub_authorities++ = const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); |
160 | *sub_authorities = const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); |
161 | } |
162 | |
163 | /** |
164 | * init_root_sd - |
165 | * |
166 | * Creates the security_descriptor for the root folder on ntfs 3.1 as created |
167 | * by Windows Vista (when the format is done from the disk management MMC |
168 | * snap-in, note this is different from the format done from the disk |
169 | * properties in Windows Explorer). |
170 | */ |
171 | void init_root_sd(u8 **sd_val, int *sd_val_len) |
172 | { |
173 | SECURITY_DESCRIPTOR_RELATIVE *sd; |
174 | ACL *acl; |
175 | ACCESS_ALLOWED_ACE *ace; |
176 | SID *sid; |
177 | le32 *sub_authorities; |
178 | |
179 | static char sd_array[0x102c]; |
180 | *sd_val_len = 0x102c; |
181 | *sd_val = (u8*)&sd_array; |
182 | |
183 | //security descriptor relative |
184 | sd = (SECURITY_DESCRIPTOR_RELATIVE*)sd_array; |
185 | sd->revision = SECURITY_DESCRIPTOR_REVISION; |
186 | sd->alignment = 0; |
187 | sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT; |
188 | sd->owner = const_cpu_to_le32(0x1014); |
189 | sd->group = const_cpu_to_le32(0x1020); |
190 | sd->sacl = 0; |
191 | sd->dacl = const_cpu_to_le32(sizeof(SECURITY_DESCRIPTOR_RELATIVE)); |
192 | |
193 | //acl |
194 | acl = (ACL*)((u8*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE)); |
195 | acl->revision = ACL_REVISION; |
196 | acl->alignment1 = 0; |
197 | acl->size = const_cpu_to_le16(0x1000); |
198 | acl->ace_count = const_cpu_to_le16(0x08); |
199 | acl->alignment2 = 0; |
200 | |
201 | //ace1 |
202 | ace = (ACCESS_ALLOWED_ACE*)((u8*)acl + sizeof(ACL)); |
203 | ace->type = ACCESS_ALLOWED_ACE_TYPE; |
204 | ace->flags = 0; |
205 | ace->size = const_cpu_to_le16(0x18); |
206 | ace->mask = STANDARD_RIGHTS_ALL | FILE_WRITE_ATTRIBUTES | |
207 | FILE_LIST_DIRECTORY | FILE_WRITE_DATA | |
208 | FILE_ADD_SUBDIRECTORY | FILE_READ_EA | FILE_WRITE_EA | |
209 | FILE_TRAVERSE | FILE_DELETE_CHILD | |
210 | FILE_READ_ATTRIBUTES; |
211 | ace->sid.revision = SID_REVISION; |
212 | ace->sid.sub_authority_count = 0x02; |
213 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
214 | ace->sid.identifier_authority.value[0] = 0; |
215 | ace->sid.identifier_authority.value[1] = 0; |
216 | ace->sid.identifier_authority.value[2] = 0; |
217 | ace->sid.identifier_authority.value[3] = 0; |
218 | ace->sid.identifier_authority.value[4] = 0; |
219 | ace->sid.identifier_authority.value[5] = 5; |
220 | sub_authorities = ace->sid.sub_authority; |
221 | *sub_authorities++ = |
222 | const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); |
223 | *sub_authorities = const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); |
224 | |
225 | //ace2 |
226 | ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size)); |
227 | ace->type = ACCESS_ALLOWED_ACE_TYPE; |
228 | ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | |
229 | INHERIT_ONLY_ACE; |
230 | ace->size = const_cpu_to_le16(0x18); |
231 | ace->mask = GENERIC_ALL; |
232 | ace->sid.revision = SID_REVISION; |
233 | ace->sid.sub_authority_count = 0x02; |
234 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
235 | ace->sid.identifier_authority.value[0] = 0; |
236 | ace->sid.identifier_authority.value[1] = 0; |
237 | ace->sid.identifier_authority.value[2] = 0; |
238 | ace->sid.identifier_authority.value[3] = 0; |
239 | ace->sid.identifier_authority.value[4] = 0; |
240 | ace->sid.identifier_authority.value[5] = 5; |
241 | sub_authorities = ace->sid.sub_authority; |
242 | *sub_authorities++ = |
243 | const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); |
244 | *sub_authorities = const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); |
245 | |
246 | //ace3 |
247 | ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size)); |
248 | ace->type = ACCESS_ALLOWED_ACE_TYPE; |
249 | ace->flags = 0; |
250 | ace->size = const_cpu_to_le16(0x14); |
251 | ace->mask = STANDARD_RIGHTS_ALL | FILE_WRITE_ATTRIBUTES | |
252 | FILE_LIST_DIRECTORY | FILE_WRITE_DATA | |
253 | FILE_ADD_SUBDIRECTORY | FILE_READ_EA | FILE_WRITE_EA | |
254 | FILE_TRAVERSE | FILE_DELETE_CHILD | |
255 | FILE_READ_ATTRIBUTES; |
256 | ace->sid.revision = SID_REVISION; |
257 | ace->sid.sub_authority_count = 0x01; |
258 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
259 | ace->sid.identifier_authority.value[0] = 0; |
260 | ace->sid.identifier_authority.value[1] = 0; |
261 | ace->sid.identifier_authority.value[2] = 0; |
262 | ace->sid.identifier_authority.value[3] = 0; |
263 | ace->sid.identifier_authority.value[4] = 0; |
264 | ace->sid.identifier_authority.value[5] = 5; |
265 | ace->sid.sub_authority[0] = |
266 | const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); |
267 | |
268 | //ace4 |
269 | ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size)); |
270 | ace->type = ACCESS_ALLOWED_ACE_TYPE; |
271 | ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | |
272 | INHERIT_ONLY_ACE; |
273 | ace->size = const_cpu_to_le16(0x14); |
274 | ace->mask = GENERIC_ALL; |
275 | ace->sid.revision = SID_REVISION; |
276 | ace->sid.sub_authority_count = 0x01; |
277 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
278 | ace->sid.identifier_authority.value[0] = 0; |
279 | ace->sid.identifier_authority.value[1] = 0; |
280 | ace->sid.identifier_authority.value[2] = 0; |
281 | ace->sid.identifier_authority.value[3] = 0; |
282 | ace->sid.identifier_authority.value[4] = 0; |
283 | ace->sid.identifier_authority.value[5] = 5; |
284 | ace->sid.sub_authority[0] = |
285 | const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); |
286 | |
287 | //ace5 |
288 | ace = (ACCESS_ALLOWED_ACE*)((char*)ace + le16_to_cpu(ace->size)); |
289 | ace->type = ACCESS_ALLOWED_ACE_TYPE; |
290 | ace->flags = 0; |
291 | ace->size = const_cpu_to_le16(0x14); |
292 | ace->mask = SYNCHRONIZE | READ_CONTROL | DELETE | |
293 | FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES | |
294 | FILE_TRAVERSE | FILE_WRITE_EA | FILE_READ_EA | |
295 | FILE_ADD_SUBDIRECTORY | FILE_ADD_FILE | |
296 | FILE_LIST_DIRECTORY; |
297 | ace->sid.revision = SID_REVISION; |
298 | ace->sid.sub_authority_count = 0x01; |
299 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
300 | ace->sid.identifier_authority.value[0] = 0; |
301 | ace->sid.identifier_authority.value[1] = 0; |
302 | ace->sid.identifier_authority.value[2] = 0; |
303 | ace->sid.identifier_authority.value[3] = 0; |
304 | ace->sid.identifier_authority.value[4] = 0; |
305 | ace->sid.identifier_authority.value[5] = 5; |
306 | ace->sid.sub_authority[0] = |
307 | const_cpu_to_le32(SECURITY_AUTHENTICATED_USER_RID); |
308 | |
309 | //ace6 |
310 | ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size)); |
311 | ace->type = ACCESS_ALLOWED_ACE_TYPE; |
312 | ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | |
313 | INHERIT_ONLY_ACE; |
314 | ace->size = const_cpu_to_le16(0x14); |
315 | ace->mask = GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | DELETE; |
316 | ace->sid.revision = SID_REVISION; |
317 | ace->sid.sub_authority_count = 0x01; |
318 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
319 | ace->sid.identifier_authority.value[0] = 0; |
320 | ace->sid.identifier_authority.value[1] = 0; |
321 | ace->sid.identifier_authority.value[2] = 0; |
322 | ace->sid.identifier_authority.value[3] = 0; |
323 | ace->sid.identifier_authority.value[4] = 0; |
324 | ace->sid.identifier_authority.value[5] = 5; |
325 | ace->sid.sub_authority[0] = |
326 | const_cpu_to_le32(SECURITY_AUTHENTICATED_USER_RID); |
327 | |
328 | //ace7 |
329 | ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size)); |
330 | ace->type = ACCESS_ALLOWED_ACE_TYPE; |
331 | ace->flags = 0; |
332 | ace->size = const_cpu_to_le16(0x18); |
333 | ace->mask = SYNCHRONIZE | READ_CONTROL | FILE_READ_ATTRIBUTES | |
334 | FILE_TRAVERSE | FILE_READ_EA | FILE_LIST_DIRECTORY; |
335 | ace->sid.revision = SID_REVISION; |
336 | ace->sid.sub_authority_count = 0x02; |
337 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
338 | ace->sid.identifier_authority.value[0] = 0; |
339 | ace->sid.identifier_authority.value[1] = 0; |
340 | ace->sid.identifier_authority.value[2] = 0; |
341 | ace->sid.identifier_authority.value[3] = 0; |
342 | ace->sid.identifier_authority.value[4] = 0; |
343 | ace->sid.identifier_authority.value[5] = 5; |
344 | sub_authorities = ace->sid.sub_authority; |
345 | *sub_authorities++ = |
346 | const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); |
347 | *sub_authorities = const_cpu_to_le32(DOMAIN_ALIAS_RID_USERS); |
348 | |
349 | //ace8 |
350 | ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size)); |
351 | ace->type = ACCESS_ALLOWED_ACE_TYPE; |
352 | ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | |
353 | INHERIT_ONLY_ACE; |
354 | ace->size = const_cpu_to_le16(0x18); |
355 | ace->mask = GENERIC_READ | GENERIC_EXECUTE; |
356 | ace->sid.revision = SID_REVISION; |
357 | ace->sid.sub_authority_count = 0x02; |
358 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
359 | ace->sid.identifier_authority.value[0] = 0; |
360 | ace->sid.identifier_authority.value[1] = 0; |
361 | ace->sid.identifier_authority.value[2] = 0; |
362 | ace->sid.identifier_authority.value[3] = 0; |
363 | ace->sid.identifier_authority.value[4] = 0; |
364 | ace->sid.identifier_authority.value[5] = 5; |
365 | sub_authorities = ace->sid.sub_authority; |
366 | *sub_authorities++ = |
367 | const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); |
368 | *sub_authorities = const_cpu_to_le32(DOMAIN_ALIAS_RID_USERS); |
369 | |
370 | //owner sid |
371 | sid = (SID*)((char*)sd + le32_to_cpu(sd->owner)); |
372 | sid->revision = 0x01; |
373 | sid->sub_authority_count = 0x01; |
374 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
375 | sid->identifier_authority.value[0] = 0; |
376 | sid->identifier_authority.value[1] = 0; |
377 | sid->identifier_authority.value[2] = 0; |
378 | sid->identifier_authority.value[3] = 0; |
379 | sid->identifier_authority.value[4] = 0; |
380 | sid->identifier_authority.value[5] = 5; |
381 | sid->sub_authority[0] = const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); |
382 | |
383 | //group sid |
384 | sid = (SID*)((char*)sd + le32_to_cpu(sd->group)); |
385 | sid->revision = 0x01; |
386 | sid->sub_authority_count = 0x01; |
387 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
388 | sid->identifier_authority.value[0] = 0; |
389 | sid->identifier_authority.value[1] = 0; |
390 | sid->identifier_authority.value[2] = 0; |
391 | sid->identifier_authority.value[3] = 0; |
392 | sid->identifier_authority.value[4] = 0; |
393 | sid->identifier_authority.value[5] = 5; |
394 | sid->sub_authority[0] = const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); |
395 | } |
396 | |
397 | /** |
398 | * init_secure_sds - |
399 | * |
400 | * NTFS 3.1 - System files security decriptors |
401 | * =========================================== |
402 | * Create the security descriptor entries in $SDS data stream like they |
403 | * are in a partition, newly formatted with windows 2003 |
404 | */ |
405 | void init_secure_sds(char *sd_val) |
406 | { |
407 | SECURITY_DESCRIPTOR_HEADER *sds; |
408 | SECURITY_DESCRIPTOR_RELATIVE *sd; |
409 | ACL *acl; |
410 | ACCESS_ALLOWED_ACE *ace; |
411 | SID *sid; |
412 | |
413 | /* |
414 | * security descriptor #1 |
415 | */ |
416 | //header |
417 | sds = (SECURITY_DESCRIPTOR_HEADER*)((char*)sd_val); |
418 | sds->hash = const_cpu_to_le32(0xF80312F0); |
419 | sds->security_id = const_cpu_to_le32(0x0100); |
420 | sds->offset = const_cpu_to_le64(0x00); |
421 | sds->length = const_cpu_to_le32(0x7C); |
422 | //security descriptor relative |
423 | sd = (SECURITY_DESCRIPTOR_RELATIVE*)((char*)sds + |
424 | sizeof(SECURITY_DESCRIPTOR_HEADER)); |
425 | sd->revision = 0x01; |
426 | sd->alignment = 0x00; |
427 | sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT; |
428 | sd->owner = const_cpu_to_le32(0x48); |
429 | sd->group = const_cpu_to_le32(0x58); |
430 | sd->sacl = const_cpu_to_le32(0x00); |
431 | sd->dacl = const_cpu_to_le32(0x14); |
432 | |
433 | //acl |
434 | acl = (ACL*)((char*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE)); |
435 | acl->revision = 0x02; |
436 | acl->alignment1 = 0x00; |
437 | acl->size = const_cpu_to_le16(0x34); |
438 | acl->ace_count = const_cpu_to_le16(0x02); |
439 | acl->alignment2 = 0x00; |
440 | |
441 | //ace1 |
442 | ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL)); |
443 | ace->type = 0x00; |
444 | ace->flags = 0x00; |
445 | ace->size = const_cpu_to_le16(0x14); |
446 | ace->mask = const_cpu_to_le32(0x120089); |
447 | ace->sid.revision = 0x01; |
448 | ace->sid.sub_authority_count = 0x01; |
449 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
450 | ace->sid.identifier_authority.value[0] = 0; |
451 | ace->sid.identifier_authority.value[1] = 0; |
452 | ace->sid.identifier_authority.value[2] = 0; |
453 | ace->sid.identifier_authority.value[3] = 0; |
454 | ace->sid.identifier_authority.value[4] = 0; |
455 | ace->sid.identifier_authority.value[5] = 5; |
456 | ace->sid.sub_authority[0] = |
457 | const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); |
458 | //ace2 |
459 | ace = (ACCESS_ALLOWED_ACE*)((char*)ace + le16_to_cpu(ace->size)); |
460 | ace->type = 0x00; |
461 | ace->flags = 0x00; |
462 | ace->size = const_cpu_to_le16(0x18); |
463 | ace->mask = const_cpu_to_le32(0x120089); |
464 | ace->sid.revision = 0x01; |
465 | ace->sid.sub_authority_count = 0x02; |
466 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
467 | ace->sid.identifier_authority.value[0] = 0; |
468 | ace->sid.identifier_authority.value[1] = 0; |
469 | ace->sid.identifier_authority.value[2] = 0; |
470 | ace->sid.identifier_authority.value[3] = 0; |
471 | ace->sid.identifier_authority.value[4] = 0; |
472 | ace->sid.identifier_authority.value[5] = 5; |
473 | ace->sid.sub_authority[0] = |
474 | const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); |
475 | ace->sid.sub_authority[1] = |
476 | const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); |
477 | |
478 | //owner sid |
479 | sid = (SID*)((char*)sd + le32_to_cpu(sd->owner)); |
480 | sid->revision = 0x01; |
481 | sid->sub_authority_count = 0x02; |
482 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
483 | sid->identifier_authority.value[0] = 0; |
484 | sid->identifier_authority.value[1] = 0; |
485 | sid->identifier_authority.value[2] = 0; |
486 | sid->identifier_authority.value[3] = 0; |
487 | sid->identifier_authority.value[4] = 0; |
488 | sid->identifier_authority.value[5] = 5; |
489 | sid->sub_authority[0] = |
490 | const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); |
491 | sid->sub_authority[1] = |
492 | const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); |
493 | //group sid |
494 | sid = (SID*)((char*)sd + le32_to_cpu(sd->group)); |
495 | sid->revision = 0x01; |
496 | sid->sub_authority_count = 0x02; |
497 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
498 | sid->identifier_authority.value[0] = 0; |
499 | sid->identifier_authority.value[1] = 0; |
500 | sid->identifier_authority.value[2] = 0; |
501 | sid->identifier_authority.value[3] = 0; |
502 | sid->identifier_authority.value[4] = 0; |
503 | sid->identifier_authority.value[5] = 5; |
504 | sid->sub_authority[0] = |
505 | const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); |
506 | sid->sub_authority[1] = |
507 | const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); |
508 | /* |
509 | * security descriptor #2 |
510 | */ |
511 | //header |
512 | sds = (SECURITY_DESCRIPTOR_HEADER*)((char*)sd_val + 0x80); |
513 | sds->hash = const_cpu_to_le32(0xB32451); |
514 | sds->security_id = const_cpu_to_le32(0x0101); |
515 | sds->offset = const_cpu_to_le64(0x80); |
516 | sds->length = const_cpu_to_le32(0x7C); |
517 | |
518 | //security descriptor relative |
519 | sd = (SECURITY_DESCRIPTOR_RELATIVE*)((char*)sds + |
520 | sizeof(SECURITY_DESCRIPTOR_HEADER)); |
521 | sd->revision = 0x01; |
522 | sd->alignment = 0x00; |
523 | sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT; |
524 | sd->owner = const_cpu_to_le32(0x48); |
525 | sd->group = const_cpu_to_le32(0x58); |
526 | sd->sacl = const_cpu_to_le32(0x00); |
527 | sd->dacl = const_cpu_to_le32(0x14); |
528 | |
529 | //acl |
530 | acl = (ACL*)((char*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE)); |
531 | acl->revision = 0x02; |
532 | acl->alignment1 = 0x00; |
533 | acl->size = const_cpu_to_le16(0x34); |
534 | acl->ace_count = const_cpu_to_le16(0x02); |
535 | acl->alignment2 = 0x00; |
536 | |
537 | //ace1 |
538 | ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL)); |
539 | ace->type = 0x00; |
540 | ace->flags = 0x00; |
541 | ace->size = const_cpu_to_le16(0x14); |
542 | ace->mask = const_cpu_to_le32(0x12019F); |
543 | ace->sid.revision = 0x01; |
544 | ace->sid.sub_authority_count = 0x01; |
545 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
546 | ace->sid.identifier_authority.value[0] = 0; |
547 | ace->sid.identifier_authority.value[1] = 0; |
548 | ace->sid.identifier_authority.value[2] = 0; |
549 | ace->sid.identifier_authority.value[3] = 0; |
550 | ace->sid.identifier_authority.value[4] = 0; |
551 | ace->sid.identifier_authority.value[5] = 5; |
552 | ace->sid.sub_authority[0] = |
553 | const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); |
554 | //ace2 |
555 | ace = (ACCESS_ALLOWED_ACE*)((char*)ace + le16_to_cpu(ace->size)); |
556 | ace->type = 0x00; |
557 | ace->flags = 0x00; |
558 | ace->size = const_cpu_to_le16(0x18); |
559 | ace->mask = const_cpu_to_le32(0x12019F); |
560 | ace->sid.revision = 0x01; |
561 | ace->sid.sub_authority_count = 0x02; |
562 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
563 | ace->sid.identifier_authority.value[0] = 0; |
564 | ace->sid.identifier_authority.value[1] = 0; |
565 | ace->sid.identifier_authority.value[2] = 0; |
566 | ace->sid.identifier_authority.value[3] = 0; |
567 | ace->sid.identifier_authority.value[4] = 0; |
568 | ace->sid.identifier_authority.value[5] = 5; |
569 | ace->sid.sub_authority[0] = |
570 | const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); |
571 | ace->sid.sub_authority[1] = |
572 | const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); |
573 | |
574 | //owner sid |
575 | sid = (SID*)((char*)sd + le32_to_cpu(sd->owner)); |
576 | sid->revision = 0x01; |
577 | sid->sub_authority_count = 0x02; |
578 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
579 | sid->identifier_authority.value[0] = 0; |
580 | sid->identifier_authority.value[1] = 0; |
581 | sid->identifier_authority.value[2] = 0; |
582 | sid->identifier_authority.value[3] = 0; |
583 | sid->identifier_authority.value[4] = 0; |
584 | sid->identifier_authority.value[5] = 5; |
585 | sid->sub_authority[0] = |
586 | const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); |
587 | sid->sub_authority[1] = |
588 | const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); |
589 | |
590 | //group sid |
591 | sid = (SID*)((char*)sd + le32_to_cpu(sd->group)); |
592 | sid->revision = 0x01; |
593 | sid->sub_authority_count = 0x02; |
594 | /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ |
595 | sid->identifier_authority.value[0] = 0; |
596 | sid->identifier_authority.value[1] = 0; |
597 | sid->identifier_authority.value[2] = 0; |
598 | sid->identifier_authority.value[3] = 0; |
599 | sid->identifier_authority.value[4] = 0; |
600 | sid->identifier_authority.value[5] = 5; |
601 | sid->sub_authority[0] = |
602 | const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); |
603 | sid->sub_authority[1] = |
604 | const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); |
605 | |
606 | return; |
607 | } |
608 |