path: root/src/secaudit.h (plain)
blob: 7f0d6da27cd330f58569d4460777dced85d32473

1	/*
2	* General declarations for secaudit
3	*
4	* These declarations are organized to enable code sharing with ntfs-3g
5	* library, but should only be used to build tools runnable both
6	* on Linux (dynamic linking) and Windows (static linking)
7	*
8	* Copyright (c) 2007-2009 Jean-Pierre Andre
9	*
10	*/
11
12	/*
13	* This program is free software; you can redistribute it and/or modify
14	* it under the terms of the GNU General Public License as published by
15	* the Free Software Foundation; either version 2 of the License, or
16	* (at your option) any later version.
17	*
18	* This program is distributed in the hope that it will be useful,
19	* but WITHOUT ANY WARRANTY; without even the implied warranty of
20	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21	* GNU General Public License for more details.
22	*
23	* You should have received a copy of the GNU General Public License
24	* along with this program (in the main directory of the NTFS-3G
25	* distribution in the file COPYING); if not, write to the Free Software
26	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
27	*/
28
29	/*
30	* General parameters which may have to be adapted to needs
31	*/
32
33	#define SELFTESTS 1 /* include code for self-testing */
34	#define POSIXACLS 0 /* include code for processing Posix ACLs */
35	#define NOREVBOM 0 /* temporary */
36
37	#define OWNERFROMACL 1 /* must match option in security.c */
38
39	#define MAXATTRSZ 65536 /* Max sec attr size (16448 met for WinXP) */
40	#define MAXSECURID 262144
41	#define SECBLKSZ 8
42	#define MAXFILENAME 4096
43	#define FORCEMASK 0 /* Special (dangerous) option -m to force a mask */
44	#define MAXLINE 80 /* maximum processed size of a line */
45	#define BUFSZ 1024 /* buffer size to read mapping file */
46	#define LINESZ 120 /* maximum useful size of a mapping line */
47
48	/*
49	* Definitions for Linux
50	* Use explicit or implicit dynamic linking
51	*/
52
53	#ifdef HAVE_CONFIG_H
54	#undef POSIXACLS /* override default by configure option */
55	#define USESTUBS 1 /* API stubs generated at link time */
56	#else
57	#define USESTUBS 0 /* direct calls to API, based on following definitions */
58	#define ENVNTFS3G "NTFS3G"
59	#define LIBFILE64 "/lib64/libntfs-3g.so.4921"
60	#define LIBFILE "/lib/libntfs-3g.so.4921"
61	#endif
62
63	#define MAPDIR ".NTFS-3G"
64	#define MAPFILE "UserMapping"
65	#define MAGIC_API 0x09042009
66
67	#ifndef _NTFS_ENDIANS_H
68
69	typedef char s8;
70	typedef short s16;
71	typedef long long s64;
72	typedef unsigned char u8;
73	typedef unsigned short le16, be16, u16;
74	typedef unsigned long long u64;
75	#ifdef STSC
76	typedef long s32;
77	typedef unsigned long le32, be32, u32;
78	#else
79	typedef int s32;
80	typedef unsigned int le32, be32, u32;
81	#endif
82
83	#ifdef STSC
84	#define endian_rev16(x) ((((x) & 255L) << 8) + (((x) >> 8) & 255L))
85	#define endian_rev32(x) ((((x) & 255L) << 24) + (((x) & 0xff00L) << 8) \
86	+ (((x) >> 8) & 0xff00L) + (((x) >> 24) & 255L))
87	#else
88	#define endian_rev16(x) ((((x) & 255) << 8) + (((x) >> 8) & 255))
89	#define endian_rev32(x) ((((x) & 255) << 24) + (((x) & 0xff00) << 8) \
90	+ (((x) >> 8) & 0xff00) + (((x) >> 24) & 255))
91	#endif
92	#define endian_rev64(x) ((((x) & 255LL) << 56) + (((x) & 0xff00LL) << 40) \
93	+ (((x) & 0xff0000LL) << 24) + (((x) & 0xff000000LL) << 8) \
94	+ (((x) >> 8) & 0xff000000LL) + (((x) >> 24) & 0xff0000LL) \
95	+ (((x) >> 40) & 0xff00LL) + (((x) >> 56) & 255LL))
96
97	#if __BYTE_ORDER == __LITTLE_ENDIAN
98
99	#define cpu_to_be16(x) endian_rev16(x)
100	#define cpu_to_be32(x) endian_rev32(x)
101	#define cpu_to_le16(x) (x)
102	#define cpu_to_le32(x) (x)
103	#define cpu_to_le64(x) (x)
104	#define le16_to_cpu(x) (x)
105	#define le32_to_cpu(x) (x)
106	#define le64_to_cpu(x) (x)
107
108	#else
109
110	#define cpu_to_be16(x) (x)
111	#define cpu_to_be32(x) (x)
112	#define cpu_to_le16(x) endian_rev16(x)
113	#define cpu_to_le32(x) endian_rev32(x)
114	#define cpu_to_le64(x) endian_rev64(x)
115	#define le16_to_cpu(x) endian_rev16(x)
116	#define le32_to_cpu(x) endian_rev32(x)
117	#define le64_to_cpu(x) endian_rev64(x)
118
119	#endif
120
121	#define const_le16_to_cpu(x) le16_to_cpu(x)
122	#define const_cpu_to_le16(x) cpu_to_le16(x)
123	#define const_cpu_to_le32(x) cpu_to_le32(x)
124	#define const_cpu_to_be16(x) cpu_to_be16(x)
125	#define const_cpu_to_be32(x) cpu_to_be32(x)
126
127	#endif /* _NTFS_ENDIANS_H */
128
129	#ifndef FALSE
130	enum { FALSE, TRUE } ;
131	#endif /* FALSE */
132
133	#ifdef WIN32
134
135	typedef unsigned short uid_t;
136	typedef unsigned short gid_t;
137
138	#define UNICODE(c) ((unsigned short)(c))
139
140	#define __attribute__(x)
141
142	#else
143
144	#ifndef BOOL
145	typedef int BOOL; /* Already defined in windows.h */
146	#endif /* BOOL */
147
148	#ifdef STSC
149
150	#define ENOTSUP 95
151
152	#endif /* STSC */
153
154	typedef u32 DWORD; /* must be 32 bits whatever the platform */
155	typedef DWORD *LPDWORD;
156
157	#define MS_NONE 0 /* no flag for mounting the device */
158	#define MS_RDONLY 1 /* flag for mounting the device read-only */
159
160	#endif /* WIN32 */
161
162	#if defined(WIN32) | defined(STSC)
163
164	/*
165	* On non-Linux computers, there is no mount and the user mapping
166	* if fetched from a real file (or a dummy one for self tests)
167	*/
168
169	#define NTFS_FIND_USID(map,uid,buf) ntfs_find_usid(map,uid,buf)
170	#define NTFS_FIND_GSID(map,gid,buf) ntfs_find_gsid(map,gid,buf)
171	#define NTFS_FIND_USER(map,usid) ntfs_find_user(map,usid)
172	#define NTFS_FIND_GROUP(map,gsid) ntfs_find_group(map,gsid)
173
174	#else
175
176	/*
177	* On Linux computers, there is a mount and the user mapping
178	* if either obtained through the mount process or fetched
179	* from a dummy file for self-tests
180	*/
181
182	#define NTFS_FIND_USID(map,uid,buf) (mappingtype != MAPEXTERN ? \
183	ntfs_find_usid(map,uid,buf) : relay_find_usid(map,uid,buf))
184	#define NTFS_FIND_GSID(map,gid,buf) (mappingtype != MAPEXTERN ? \
185	ntfs_find_gsid(map,gid,buf) : relay_find_gsid(map,gid,buf))
186	#define NTFS_FIND_USER(map,usid) (mappingtype != MAPEXTERN ? \
187	ntfs_find_user(map,usid) : relay_find_user(map,usid))
188	#define NTFS_FIND_GROUP(map,gsid) (mappingtype != MAPEXTERN ? \
189	ntfs_find_group(map,gsid) : relay_find_group(map,gsid))
190
191	#endif
192
193	/*
194	* A few name hijackings or definitions
195	* needed for using code from ntfs-3g
196	*/
197
198	#ifdef WIN32
199	#define ACL MY_ACL
200	#define SID MY_SID
201	#define ACCESS_ALLOWED_ACE MY_ACCESS_ALLOWED_ACE
202	#define ACCESS_DENIED_ACE MY_ACCESS_DENIED_ACE
203	#define FILE_ATTRIBUTE_REPARSE_POINT 0x400
204	#define IO_REPARSE_TAG_MOUNT_POINT 0xa0000003
205	#define IO_REPARSE_TAG_SYMLINK 0xa000000c
206	#else
207	#define SE_OWNER_DEFAULTED const_cpu_to_le16(1)
208	#define SE_GROUP_DEFAULTED const_cpu_to_le16(2)
209	#define SE_DACL_PRESENT const_cpu_to_le16(4)
210	#define SE_SACL_PRESENT const_cpu_to_le16(0x10)
211	#define SE_DACL_DEFAULTED const_cpu_to_le16(8)
212	#define SE_SELF_RELATIVE const_cpu_to_le16(0x8000)
213	#define SID_REVISION 1
214	#endif /* WIN32 */
215	#define SE_DACL_PROTECTED const_cpu_to_le16(0x1000)
216	#define SE_SACL_PROTECTED const_cpu_to_le16(0x2000)
217	#define SE_DACL_AUTO_INHERITED const_cpu_to_le16(0x400)
218	#define SE_SACL_AUTO_INHERITED const_cpu_to_le16(0x800)
219	#define SE_DACL_AUTO_INHERIT_REQ cpu_to_le16(0x100)
220	#define SE_SACL_AUTO_INHERIT_REQ cpu_to_le16(0x200)
221
222	typedef le16 ntfschar;
223
224	typedef struct {
225	le32 a;
226	le16 b,c;
227	struct {
228	le16 m,n,o,p, q,r,s,t;
229	} ;
230	} GUID;
231
232	#define ntfs_log_error(args...) do { printf("** " args); if (!isatty(1)) fprintf(stderr,args); } while(0)
233
234	/*
235	* Struct to hold the input mapping file
236	* (private to this module)
237	*/
238
239	struct MAPLIST {
240	struct MAPLIST *next;
241	char *uidstr; /* uid text from the same record */
242	char *gidstr; /* gid text from the same record */
243	char *sidstr; /* sid text from the same record */
244	char maptext[LINESZ + 1];
245	};
246
247	/*
248	* A few dummy declarations needed for using code from security.c
249	*/
250
251	#define MFT_RECORD_IS_DIRECTORY const_cpu_to_le16(1)
252
253	struct SECURITY_DATA {
254	u64 offset;
255	char *attr;
256	u32 hash;
257	u32 length;
258	unsigned int filecount:16;
259	unsigned int mode:12;
260	unsigned int flags:4;
261	} ;
262
263	#define AUTH1 3141592653U
264	#define AUTH2 589793238
265	#define AUTH3 462843383
266	#define OWNERID 1016
267	#define GROUPID 513
268
269
270	#define INSDS1 1
271	#define INSDS2 2
272	#define INSII 4
273	#define INSDH 8
274
275	#ifdef WIN32
276
277	typedef enum { RECSHOW, RECSET, RECSETPOSIX } RECURSE;
278
279	#endif
280
281	/*
282	* A type large enough to hold any SID
283	*/
284
285	typedef char BIGSID[40];
286
287	/*
288	* Declarations for memory allocation checks
289	*/
290
291	struct CHKALLOC
292	{
293	struct CHKALLOC *next;
294	void *alloc;
295	const char *file;
296	int line;
297	size_t size;
298	} ;
299
300	#if defined(WIN32) | defined(STSC)
301
302	#define S_ISVTX 01000
303	#define S_ISGID 02000
304	#define S_ISUID 04000
305	#define S_IXUSR 0100
306	#define S_IWUSR 0200
307	#define S_IRUSR 0400
308	#define S_IXGRP 010
309	#define S_IWGRP 020
310	#define S_IRGRP 040
311	#define S_IXOTH 001
312	#define S_IWOTH 002
313	#define S_IROTH 004
314
315	#endif
316
317	#ifdef WIN32
318	#else
319	/*
320	*
321	* See http://msdn2.microsoft.com/en-us/library/aa379649.aspx
322	*/
323
324	typedef enum {
325	DACL_SECURITY_INFORMATION = 4, // The DACL of the object is being referenced.
326	SACL_SECURITY_INFORMATION = 8, // The SACL of the object is being referenced.
327	LABEL_SECURITY_INFORMATION = 8, // The mandatory integrity label is being referenced.
328	GROUP_SECURITY_INFORMATION = 2, // The primary group identifier of the object is being referenced.
329	OWNER_SECURITY_INFORMATION = 1, // The owner identifier of the object is being referenced.
330	} SECURITY_INFORMATION;
331
332	#define STANDARD_RIGHTS_READ cpu_to_le32(0x20000)
333	#define STANDARD_RIGHTS_WRITE cpu_to_le32(0x20000)
334	#define STANDARD_RIGHTS_EXECUTE cpu_to_le32(0x20000)
335	#define STANDARD_RIGHTS_REQUIRED cpu_to_le32(0xf0000)
336
337	#endif
338
339	typedef struct SECHEAD {
340	s8 revision;
341	s8 alignment;
342	le16 control;
343	le32 owner;
344	le32 group;
345	le32 sacl;
346	le32 dacl;
347	} SECURITY_DESCRIPTOR_RELATIVE;
348
349	typedef struct ACL {
350	s8 revision;
351	s8 alignment1;
352	le16 size;
353	le16 ace_count;
354	le16 alignment2;
355	} ACL;
356
357	typedef struct {
358	union {
359	struct {
360	unsigned char revision;
361	unsigned char sub_authority_count;
362	} ;
363	struct {
364	/* evade an alignment problem when a 4 byte field */
365	/* in a struct implies alignment of the struct */
366	le16 dummy;
367	be16 high_part;
368	be32 low_part;
369	} identifier_authority;
370	} ;
371	le32 sub_authority[1];
372	} SID;
373
374	typedef u8 ACE_FLAGS;
375
376	typedef struct ACE {
377	u8 type;
378	u8 flags;
379	le16 size;
380	le32 mask;
381	SID sid;
382	} ACCESS_ALLOWED_ACE, ACCESS_DENIED_ACE;
383
384
385	/*
386	* item in the mapping list
387	*/
388
389	struct MAPPING {
390	struct MAPPING *next;
391	int xid; /* linux id : uid or gid */
392	SID *sid; /* Windows id : usid or gsid */
393	int grcnt; /* group count (for users only) */
394	gid_t *groups; /* groups which the user is member of */
395	};
396
397	/*
398	* Posix ACL structures
399	*/
400
401	struct POSIX_ACE {
402	u16 tag;
403	u16 perms;
404	s32 id;
405	} ;
406
407	struct POSIX_ACL {
408	u8 version;
409	u8 flags;
410	u16 filler;
411	struct POSIX_ACE ace[0];
412	} ;
413
414	struct POSIX_SECURITY {
415	mode_t mode;
416	int acccnt;
417	int defcnt;
418	int firstdef;
419	u16 tagsset;
420	struct POSIX_ACL acl;
421	} ;
422
423	/*
424	* Posix tags, cpu-endian 16 bits
425	*/
426
427	enum {
428	POSIX_ACL_USER_OBJ = 1,
429	POSIX_ACL_USER = 2,
430	POSIX_ACL_GROUP_OBJ = 4,
431	POSIX_ACL_GROUP = 8,
432	POSIX_ACL_MASK = 16,
433	POSIX_ACL_OTHER = 32,
434	POSIX_ACL_SPECIAL = 64 /* internal use only */
435	} ;
436
437	/*
438	* Posix permissions, cpu-endian 16 bits
439	*/
440
441	enum {
442	POSIX_PERM_X = 1,
443	POSIX_PERM_W = 2,
444	POSIX_PERM_R = 4,
445	POSIX_PERM_DENIAL = 64 /* internal use only */
446	} ;
447
448	#define POSIX_VERSION 2
449
450	/*
451	* A few definitions adapted from winnt.h
452	* (Windows version uses actual definitions from winnt.h, which are
453	* not compatible with code from security.c on a big-endian computer)
454	*/
455
456	#ifndef WIN32
457
458	#define DELETE cpu_to_le32(0x00010000L)
459	#define READ_CONTROL cpu_to_le32(0x00020000L)
460	#define WRITE_DAC cpu_to_le32(0x00040000L)
461	#define WRITE_OWNER cpu_to_le32(0x00080000L)
462	#define SYNCHRONIZE cpu_to_le32(0x00100000L)
463
464
465	#define FILE_READ_DATA cpu_to_le32( 0x0001 ) // file & pipe
466	#define FILE_LIST_DIRECTORY cpu_to_le32( 0x0001 ) // directory
467
468	#define FILE_WRITE_DATA cpu_to_le32( 0x0002 ) // file & pipe
469	#define FILE_ADD_FILE cpu_to_le32( 0x0002 ) // directory
470
471	#define FILE_APPEND_DATA cpu_to_le32( 0x0004 ) // file
472	#define FILE_ADD_SUBDIRECTORY cpu_to_le32( 0x0004 ) // directory
473	#define FILE_CREATE_PIPE_INSTANCE cpu_to_le32( 0x0004 ) // named pipe
474
475
476	#define FILE_READ_EA cpu_to_le32( 0x0008 ) // file & directory
477
478	#define FILE_WRITE_EA cpu_to_le32( 0x0010 ) // file & directory
479
480	#define FILE_EXECUTE cpu_to_le32( 0x0020 ) // file
481	#define FILE_TRAVERSE cpu_to_le32( 0x0020 ) // directory
482
483	#define FILE_DELETE_CHILD cpu_to_le32( 0x0040 ) // directory
484
485	#define FILE_READ_ATTRIBUTES cpu_to_le32( 0x0080 ) // all
486
487	#define FILE_WRITE_ATTRIBUTES cpu_to_le32( 0x0100 ) // all
488
489	#define FILE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
490	cpu_to_le32(0x1FF))
491
492	#define FILE_GENERIC_READ (STANDARD_RIGHTS_READ |\
493	FILE_READ_DATA |\
494	FILE_READ_ATTRIBUTES |\
495	FILE_READ_EA |\
496	SYNCHRONIZE)
497
498
499	#define FILE_GENERIC_WRITE (STANDARD_RIGHTS_WRITE |\
500	FILE_WRITE_DATA |\
501	FILE_WRITE_ATTRIBUTES |\
502	FILE_WRITE_EA |\
503	FILE_APPEND_DATA |\
504	SYNCHRONIZE)
505
506
507	#define FILE_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE |\
508	FILE_READ_ATTRIBUTES |\
509	FILE_EXECUTE |\
510	SYNCHRONIZE)
511
512	#define GENERIC_READ cpu_to_le32(0x80000000L)
513	#define GENERIC_WRITE cpu_to_le32(0x40000000L)
514	#define GENERIC_EXECUTE cpu_to_le32(0x20000000L)
515	#define GENERIC_ALL cpu_to_le32(0x10000000L)
516
517
518	#define OBJECT_INHERIT_ACE (0x1)
519	#define CONTAINER_INHERIT_ACE (0x2)
520	#define NO_PROPAGATE_INHERIT_ACE (0x4)
521	#define INHERIT_ONLY_ACE (0x8)
522	#define VALID_INHERIT_FLAGS (0xF)
523
524	/*
525	* Other useful definitions
526	*/
527
528	#define ACL_REVISION 2
529	#define ACCESS_ALLOWED_ACE_TYPE 0
530	#define ACCESS_DENIED_ACE_TYPE 1
531	#define SECURITY_DESCRIPTOR_REVISION 1
532
533	#endif /* !WIN32 */
534
535	#ifndef ACL_REVISION_DS /* not always defined in <windows.h> */
536	#define ACL_REVISION_DS 4
537	#endif
538
539	/*
540	* Matching of ntfs permissions to Linux permissions
541	* these constants are adapted to endianness
542	* when setting, set them all
543	* when checking, check one is present
544	*/
545
546	/* flags which are set to mean exec, write or read */
547
548	#define FILE_READ (FILE_READ_DATA)
549	#define FILE_WRITE (FILE_WRITE_DATA | FILE_APPEND_DATA \
550	| READ_CONTROL | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA)
551	#define FILE_EXEC (FILE_EXECUTE)
552	#define DIR_READ FILE_LIST_DIRECTORY
553	#define DIR_WRITE (FILE_ADD_FILE | FILE_ADD_SUBDIRECTORY | FILE_DELETE_CHILD \
554	| READ_CONTROL | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA)
555	#define DIR_EXEC (FILE_TRAVERSE)
556
557	/* flags tested for meaning exec, write or read */
558	/* tests for write allow for interpretation of a sticky bit */
559
560	#define FILE_GREAD (FILE_READ_DATA | GENERIC_READ)
561	#define FILE_GWRITE (FILE_WRITE_DATA | FILE_APPEND_DATA | GENERIC_WRITE)
562	#define FILE_GEXEC (FILE_EXECUTE | GENERIC_EXECUTE)
563	#define DIR_GREAD (FILE_LIST_DIRECTORY | GENERIC_READ)
564	#define DIR_GWRITE (FILE_ADD_FILE | FILE_ADD_SUBDIRECTORY | GENERIC_WRITE)
565	#define DIR_GEXEC (FILE_TRAVERSE | GENERIC_EXECUTE)
566
567	/* standard owner (and administrator) rights */
568
569	#define OWNER_RIGHTS (DELETE | READ_CONTROL | WRITE_DAC | WRITE_OWNER \
570	| SYNCHRONIZE \
571	| FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES \
572	| FILE_READ_EA | FILE_WRITE_EA)
573
574	/* standard world rights */
575
576	#define WORLD_RIGHTS (READ_CONTROL | FILE_READ_ATTRIBUTES | FILE_READ_EA \
577	| SYNCHRONIZE)
578
579	/* inheritance flags for files and directories */
580
581	#define FILE_INHERITANCE NO_PROPAGATE_INHERIT_ACE
582	#define DIR_INHERITANCE (OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE)
583
584	/*
585	* To identify NTFS ACL meaning Posix ACL granted to root
586	* we use rights always granted to anybody, so they have no impact
587	* either on Windows or on Linux.
588	*/
589
590	#define ROOT_OWNER_UNMARK SYNCHRONIZE /* ACL granted to root as owner */
591	#define ROOT_GROUP_UNMARK FILE_READ_EA /* ACL granted to root as group */
592
593
594	struct SII { /* this is an image of an $SII index entry */
595	le16 offs;
596	le16 size;
597	le32 fill1;
598	le16 indexsz;
599	le16 indexksz;
600	le16 flags;
601	le16 fill2;
602	le32 keysecurid;
603
604	/* did not find official description for the following */
605	le32 hash;
606	le32 securid;
607	le32 dataoffsl; /* documented as badly aligned */
608	le32 dataoffsh;
609	le32 datasize;
610	} ;
611
612	struct SDH { /* this is an image of an $SDH index entry */
613	le16 offs;
614	le16 size;
615	le32 fill1;
616	le16 indexsz;
617	le16 indexksz;
618	le16 flags;
619	le16 fill2;
620	le32 keyhash;
621	le32 keysecurid;
622
623	/* did not find official description for the following */
624	le32 hash;
625	le32 securid;
626	le32 dataoffsl;
627	le32 dataoffsh;
628	le32 datasize;
629	le32 fill3;
630	} ;
631
632	#ifndef INVALID_FILE_ATTRIBUTES /* not defined in old windows.h */
633	#define INVALID_FILE_ATTRIBUTES (-1)
634	#endif
635
636	enum { MAPUSERS, MAPGROUPS, MAPCOUNT } ;
637
638	struct SECURITY_CONTEXT {
639	struct MAPPING *mapping[MAPCOUNT];
640	} ;
641
642	typedef enum { MAPNONE, MAPEXTERN, MAPLOCAL, MAPDUMMY } MAPTYPE;
643
644
645
646	struct passwd {
647	uid_t pw_uid;
648	} ;
649
650	struct group {
651	gid_t gr_gid;
652	} ;
653
654	typedef int (*FILEREADER)(void *fileid, char *buf, size_t size, off_t pos);
655
656	/*
657	* Data defined in secaudit.c
658	*/
659
660	extern MAPTYPE mappingtype;
661
662	/*
663	* Functions defined in acls.c
664	*/
665
666	BOOL ntfs_valid_descr(const char *securattr, unsigned int attrsz);
667	BOOL ntfs_valid_posix(const struct POSIX_SECURITY *pxdesc);
668	BOOL ntfs_valid_pattern(const SID *sid);
669	BOOL ntfs_same_sid(const SID *first, const SID *second);
670
671
672	int ntfs_sid_size(const SID * sid);
673	unsigned int ntfs_attr_size(const char *attr);
674
675	const SID *ntfs_find_usid(const struct MAPPING *usermapping,
676	uid_t uid, SID *pdefsid);
677	const SID *ntfs_find_gsid(const struct MAPPING *groupmapping,
678	gid_t gid, SID *pdefsid);
679	uid_t ntfs_find_user(const struct MAPPING *usermapping, const SID *usid);
680	gid_t ntfs_find_group(const struct MAPPING *groupmapping, const SID * gsid);
681	const SID *ntfs_acl_owner(const char *secattr);
682
683	void ntfs_sort_posix(struct POSIX_SECURITY *pxdesc);
684	int ntfs_merge_mode_posix(struct POSIX_SECURITY *pxdesc, mode_t mode);
685
686
687	struct POSIX_SECURITY *ntfs_build_permissions_posix(
688	struct MAPPING* const mapping[],
689	const char *securattr,
690	const SID *usid, const SID *gsid, BOOL isdir);
691	int ntfs_build_permissions(const char *securattr,
692	const SID *usid, const SID *gsid, BOOL isdir);
693	struct MAPLIST *ntfs_read_mapping(FILEREADER reader, void *fileid);
694	struct MAPPING *ntfs_do_user_mapping(struct MAPLIST *firstitem);
695	struct MAPPING *ntfs_do_group_mapping(struct MAPLIST *firstitem);
696	void ntfs_free_mapping(struct MAPPING *mapping[]);
697
698	struct POSIX_SECURITY *ntfs_merge_descr_posix(const struct POSIX_SECURITY *first,
699	const struct POSIX_SECURITY *second);
700	char *ntfs_build_descr_posix(struct MAPPING* const mapping[],
701	struct POSIX_SECURITY *pxdesc,
702	int isdir, const SID *usid, const SID *gsid);
703	char *ntfs_build_descr(mode_t mode,
704	int isdir, const SID * usid, const SID * gsid);
705
706	/*
707	* Functions defined in secaudit.c
708	*/
709
710	void *chkmalloc(size_t, const char*, int);
711	void *chkcalloc(size_t, size_t, const char *, int);
712	void chkfree(void*, const char*, int);
713	BOOL chkisalloc(void*, const char*, int);
714	void dumpalloc(const char*);
715
716	#define malloc(sz) chkmalloc(sz, __FILE__, __LINE__)
717	#define calloc(cnt,sz) chkcalloc(cnt, sz, __FILE__, __LINE__)
718	#define free(ptr) chkfree(ptr, __FILE__, __LINE__)
719	#define isalloc(ptr) chkisalloc(ptr, __FILE__, __LINE__)
720	#define ntfs_malloc(sz) chkmalloc(sz, __FILE__, __LINE__)
721
722	struct passwd *getpwnam(const char *user);
723	struct group *getgrnam(const char *group);
724
725	const SID *relay_find_usid(const struct MAPPING *usermapping,
726	uid_t uid, SID *pdefsid);
727	const SID *relay_find_gsid(const struct MAPPING *groupmapping,
728	gid_t gid, SID *pdefsid);
729	uid_t relay_find_user(const struct MAPPING *usermapping, const SID *usid);
730	gid_t relay_find_group(const struct MAPPING *groupmapping, const SID * gsid);
731
732