blob: 7f0d6da27cd330f58569d4460777dced85d32473
1 | /* |
2 | * General declarations for secaudit |
3 | * |
4 | * These declarations are organized to enable code sharing with ntfs-3g |
5 | * library, but should only be used to build tools runnable both |
6 | * on Linux (dynamic linking) and Windows (static linking) |
7 | * |
8 | * Copyright (c) 2007-2009 Jean-Pierre Andre |
9 | * |
10 | */ |
11 | |
12 | /* |
13 | * This program is free software; you can redistribute it and/or modify |
14 | * it under the terms of the GNU General Public License as published by |
15 | * the Free Software Foundation; either version 2 of the License, or |
16 | * (at your option) any later version. |
17 | * |
18 | * This program is distributed in the hope that it will be useful, |
19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
21 | * GNU General Public License for more details. |
22 | * |
23 | * You should have received a copy of the GNU General Public License |
24 | * along with this program (in the main directory of the NTFS-3G |
25 | * distribution in the file COPYING); if not, write to the Free Software |
26 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
27 | */ |
28 | |
29 | /* |
30 | * General parameters which may have to be adapted to needs |
31 | */ |
32 | |
33 | #define SELFTESTS 1 /* include code for self-testing */ |
34 | #define POSIXACLS 0 /* include code for processing Posix ACLs */ |
35 | #define NOREVBOM 0 /* temporary */ |
36 | |
37 | #define OWNERFROMACL 1 /* must match option in security.c */ |
38 | |
39 | #define MAXATTRSZ 65536 /* Max sec attr size (16448 met for WinXP) */ |
40 | #define MAXSECURID 262144 |
41 | #define SECBLKSZ 8 |
42 | #define MAXFILENAME 4096 |
43 | #define FORCEMASK 0 /* Special (dangerous) option -m to force a mask */ |
44 | #define MAXLINE 80 /* maximum processed size of a line */ |
45 | #define BUFSZ 1024 /* buffer size to read mapping file */ |
46 | #define LINESZ 120 /* maximum useful size of a mapping line */ |
47 | |
48 | /* |
49 | * Definitions for Linux |
50 | * Use explicit or implicit dynamic linking |
51 | */ |
52 | |
53 | #ifdef HAVE_CONFIG_H |
54 | #undef POSIXACLS /* override default by configure option */ |
55 | #define USESTUBS 1 /* API stubs generated at link time */ |
56 | #else |
57 | #define USESTUBS 0 /* direct calls to API, based on following definitions */ |
58 | #define ENVNTFS3G "NTFS3G" |
59 | #define LIBFILE64 "/lib64/libntfs-3g.so.4921" |
60 | #define LIBFILE "/lib/libntfs-3g.so.4921" |
61 | #endif |
62 | |
63 | #define MAPDIR ".NTFS-3G" |
64 | #define MAPFILE "UserMapping" |
65 | #define MAGIC_API 0x09042009 |
66 | |
67 | #ifndef _NTFS_ENDIANS_H |
68 | |
69 | typedef char s8; |
70 | typedef short s16; |
71 | typedef long long s64; |
72 | typedef unsigned char u8; |
73 | typedef unsigned short le16, be16, u16; |
74 | typedef unsigned long long u64; |
75 | #ifdef STSC |
76 | typedef long s32; |
77 | typedef unsigned long le32, be32, u32; |
78 | #else |
79 | typedef int s32; |
80 | typedef unsigned int le32, be32, u32; |
81 | #endif |
82 | |
83 | #ifdef STSC |
84 | #define endian_rev16(x) ((((x) & 255L) << 8) + (((x) >> 8) & 255L)) |
85 | #define endian_rev32(x) ((((x) & 255L) << 24) + (((x) & 0xff00L) << 8) \ |
86 | + (((x) >> 8) & 0xff00L) + (((x) >> 24) & 255L)) |
87 | #else |
88 | #define endian_rev16(x) ((((x) & 255) << 8) + (((x) >> 8) & 255)) |
89 | #define endian_rev32(x) ((((x) & 255) << 24) + (((x) & 0xff00) << 8) \ |
90 | + (((x) >> 8) & 0xff00) + (((x) >> 24) & 255)) |
91 | #endif |
92 | #define endian_rev64(x) ((((x) & 255LL) << 56) + (((x) & 0xff00LL) << 40) \ |
93 | + (((x) & 0xff0000LL) << 24) + (((x) & 0xff000000LL) << 8) \ |
94 | + (((x) >> 8) & 0xff000000LL) + (((x) >> 24) & 0xff0000LL) \ |
95 | + (((x) >> 40) & 0xff00LL) + (((x) >> 56) & 255LL)) |
96 | |
97 | #if __BYTE_ORDER == __LITTLE_ENDIAN |
98 | |
99 | #define cpu_to_be16(x) endian_rev16(x) |
100 | #define cpu_to_be32(x) endian_rev32(x) |
101 | #define cpu_to_le16(x) (x) |
102 | #define cpu_to_le32(x) (x) |
103 | #define cpu_to_le64(x) (x) |
104 | #define le16_to_cpu(x) (x) |
105 | #define le32_to_cpu(x) (x) |
106 | #define le64_to_cpu(x) (x) |
107 | |
108 | #else |
109 | |
110 | #define cpu_to_be16(x) (x) |
111 | #define cpu_to_be32(x) (x) |
112 | #define cpu_to_le16(x) endian_rev16(x) |
113 | #define cpu_to_le32(x) endian_rev32(x) |
114 | #define cpu_to_le64(x) endian_rev64(x) |
115 | #define le16_to_cpu(x) endian_rev16(x) |
116 | #define le32_to_cpu(x) endian_rev32(x) |
117 | #define le64_to_cpu(x) endian_rev64(x) |
118 | |
119 | #endif |
120 | |
121 | #define const_le16_to_cpu(x) le16_to_cpu(x) |
122 | #define const_cpu_to_le16(x) cpu_to_le16(x) |
123 | #define const_cpu_to_le32(x) cpu_to_le32(x) |
124 | #define const_cpu_to_be16(x) cpu_to_be16(x) |
125 | #define const_cpu_to_be32(x) cpu_to_be32(x) |
126 | |
127 | #endif /* _NTFS_ENDIANS_H */ |
128 | |
129 | #ifndef FALSE |
130 | enum { FALSE, TRUE } ; |
131 | #endif /* FALSE */ |
132 | |
133 | #ifdef WIN32 |
134 | |
135 | typedef unsigned short uid_t; |
136 | typedef unsigned short gid_t; |
137 | |
138 | #define UNICODE(c) ((unsigned short)(c)) |
139 | |
140 | #define __attribute__(x) |
141 | |
142 | #else |
143 | |
144 | #ifndef BOOL |
145 | typedef int BOOL; /* Already defined in windows.h */ |
146 | #endif /* BOOL */ |
147 | |
148 | #ifdef STSC |
149 | |
150 | #define ENOTSUP 95 |
151 | |
152 | #endif /* STSC */ |
153 | |
154 | typedef u32 DWORD; /* must be 32 bits whatever the platform */ |
155 | typedef DWORD *LPDWORD; |
156 | |
157 | #define MS_NONE 0 /* no flag for mounting the device */ |
158 | #define MS_RDONLY 1 /* flag for mounting the device read-only */ |
159 | |
160 | #endif /* WIN32 */ |
161 | |
162 | #if defined(WIN32) | defined(STSC) |
163 | |
164 | /* |
165 | * On non-Linux computers, there is no mount and the user mapping |
166 | * if fetched from a real file (or a dummy one for self tests) |
167 | */ |
168 | |
169 | #define NTFS_FIND_USID(map,uid,buf) ntfs_find_usid(map,uid,buf) |
170 | #define NTFS_FIND_GSID(map,gid,buf) ntfs_find_gsid(map,gid,buf) |
171 | #define NTFS_FIND_USER(map,usid) ntfs_find_user(map,usid) |
172 | #define NTFS_FIND_GROUP(map,gsid) ntfs_find_group(map,gsid) |
173 | |
174 | #else |
175 | |
176 | /* |
177 | * On Linux computers, there is a mount and the user mapping |
178 | * if either obtained through the mount process or fetched |
179 | * from a dummy file for self-tests |
180 | */ |
181 | |
182 | #define NTFS_FIND_USID(map,uid,buf) (mappingtype != MAPEXTERN ? \ |
183 | ntfs_find_usid(map,uid,buf) : relay_find_usid(map,uid,buf)) |
184 | #define NTFS_FIND_GSID(map,gid,buf) (mappingtype != MAPEXTERN ? \ |
185 | ntfs_find_gsid(map,gid,buf) : relay_find_gsid(map,gid,buf)) |
186 | #define NTFS_FIND_USER(map,usid) (mappingtype != MAPEXTERN ? \ |
187 | ntfs_find_user(map,usid) : relay_find_user(map,usid)) |
188 | #define NTFS_FIND_GROUP(map,gsid) (mappingtype != MAPEXTERN ? \ |
189 | ntfs_find_group(map,gsid) : relay_find_group(map,gsid)) |
190 | |
191 | #endif |
192 | |
193 | /* |
194 | * A few name hijackings or definitions |
195 | * needed for using code from ntfs-3g |
196 | */ |
197 | |
198 | #ifdef WIN32 |
199 | #define ACL MY_ACL |
200 | #define SID MY_SID |
201 | #define ACCESS_ALLOWED_ACE MY_ACCESS_ALLOWED_ACE |
202 | #define ACCESS_DENIED_ACE MY_ACCESS_DENIED_ACE |
203 | #define FILE_ATTRIBUTE_REPARSE_POINT 0x400 |
204 | #define IO_REPARSE_TAG_MOUNT_POINT 0xa0000003 |
205 | #define IO_REPARSE_TAG_SYMLINK 0xa000000c |
206 | #else |
207 | #define SE_OWNER_DEFAULTED const_cpu_to_le16(1) |
208 | #define SE_GROUP_DEFAULTED const_cpu_to_le16(2) |
209 | #define SE_DACL_PRESENT const_cpu_to_le16(4) |
210 | #define SE_SACL_PRESENT const_cpu_to_le16(0x10) |
211 | #define SE_DACL_DEFAULTED const_cpu_to_le16(8) |
212 | #define SE_SELF_RELATIVE const_cpu_to_le16(0x8000) |
213 | #define SID_REVISION 1 |
214 | #endif /* WIN32 */ |
215 | #define SE_DACL_PROTECTED const_cpu_to_le16(0x1000) |
216 | #define SE_SACL_PROTECTED const_cpu_to_le16(0x2000) |
217 | #define SE_DACL_AUTO_INHERITED const_cpu_to_le16(0x400) |
218 | #define SE_SACL_AUTO_INHERITED const_cpu_to_le16(0x800) |
219 | #define SE_DACL_AUTO_INHERIT_REQ cpu_to_le16(0x100) |
220 | #define SE_SACL_AUTO_INHERIT_REQ cpu_to_le16(0x200) |
221 | |
222 | typedef le16 ntfschar; |
223 | |
224 | typedef struct { |
225 | le32 a; |
226 | le16 b,c; |
227 | struct { |
228 | le16 m,n,o,p, q,r,s,t; |
229 | } ; |
230 | } GUID; |
231 | |
232 | #define ntfs_log_error(args...) do { printf("** " args); if (!isatty(1)) fprintf(stderr,args); } while(0) |
233 | |
234 | /* |
235 | * Struct to hold the input mapping file |
236 | * (private to this module) |
237 | */ |
238 | |
239 | struct MAPLIST { |
240 | struct MAPLIST *next; |
241 | char *uidstr; /* uid text from the same record */ |
242 | char *gidstr; /* gid text from the same record */ |
243 | char *sidstr; /* sid text from the same record */ |
244 | char maptext[LINESZ + 1]; |
245 | }; |
246 | |
247 | /* |
248 | * A few dummy declarations needed for using code from security.c |
249 | */ |
250 | |
251 | #define MFT_RECORD_IS_DIRECTORY const_cpu_to_le16(1) |
252 | |
253 | struct SECURITY_DATA { |
254 | u64 offset; |
255 | char *attr; |
256 | u32 hash; |
257 | u32 length; |
258 | unsigned int filecount:16; |
259 | unsigned int mode:12; |
260 | unsigned int flags:4; |
261 | } ; |
262 | |
263 | #define AUTH1 3141592653U |
264 | #define AUTH2 589793238 |
265 | #define AUTH3 462843383 |
266 | #define OWNERID 1016 |
267 | #define GROUPID 513 |
268 | |
269 | |
270 | #define INSDS1 1 |
271 | #define INSDS2 2 |
272 | #define INSII 4 |
273 | #define INSDH 8 |
274 | |
275 | #ifdef WIN32 |
276 | |
277 | typedef enum { RECSHOW, RECSET, RECSETPOSIX } RECURSE; |
278 | |
279 | #endif |
280 | |
281 | /* |
282 | * A type large enough to hold any SID |
283 | */ |
284 | |
285 | typedef char BIGSID[40]; |
286 | |
287 | /* |
288 | * Declarations for memory allocation checks |
289 | */ |
290 | |
291 | struct CHKALLOC |
292 | { |
293 | struct CHKALLOC *next; |
294 | void *alloc; |
295 | const char *file; |
296 | int line; |
297 | size_t size; |
298 | } ; |
299 | |
300 | #if defined(WIN32) | defined(STSC) |
301 | |
302 | #define S_ISVTX 01000 |
303 | #define S_ISGID 02000 |
304 | #define S_ISUID 04000 |
305 | #define S_IXUSR 0100 |
306 | #define S_IWUSR 0200 |
307 | #define S_IRUSR 0400 |
308 | #define S_IXGRP 010 |
309 | #define S_IWGRP 020 |
310 | #define S_IRGRP 040 |
311 | #define S_IXOTH 001 |
312 | #define S_IWOTH 002 |
313 | #define S_IROTH 004 |
314 | |
315 | #endif |
316 | |
317 | #ifdef WIN32 |
318 | #else |
319 | /* |
320 | * |
321 | * See http://msdn2.microsoft.com/en-us/library/aa379649.aspx |
322 | */ |
323 | |
324 | typedef enum { |
325 | DACL_SECURITY_INFORMATION = 4, // The DACL of the object is being referenced. |
326 | SACL_SECURITY_INFORMATION = 8, // The SACL of the object is being referenced. |
327 | LABEL_SECURITY_INFORMATION = 8, // The mandatory integrity label is being referenced. |
328 | GROUP_SECURITY_INFORMATION = 2, // The primary group identifier of the object is being referenced. |
329 | OWNER_SECURITY_INFORMATION = 1, // The owner identifier of the object is being referenced. |
330 | } SECURITY_INFORMATION; |
331 | |
332 | #define STANDARD_RIGHTS_READ cpu_to_le32(0x20000) |
333 | #define STANDARD_RIGHTS_WRITE cpu_to_le32(0x20000) |
334 | #define STANDARD_RIGHTS_EXECUTE cpu_to_le32(0x20000) |
335 | #define STANDARD_RIGHTS_REQUIRED cpu_to_le32(0xf0000) |
336 | |
337 | #endif |
338 | |
339 | typedef struct SECHEAD { |
340 | s8 revision; |
341 | s8 alignment; |
342 | le16 control; |
343 | le32 owner; |
344 | le32 group; |
345 | le32 sacl; |
346 | le32 dacl; |
347 | } SECURITY_DESCRIPTOR_RELATIVE; |
348 | |
349 | typedef struct ACL { |
350 | s8 revision; |
351 | s8 alignment1; |
352 | le16 size; |
353 | le16 ace_count; |
354 | le16 alignment2; |
355 | } ACL; |
356 | |
357 | typedef struct { |
358 | union { |
359 | struct { |
360 | unsigned char revision; |
361 | unsigned char sub_authority_count; |
362 | } ; |
363 | struct { |
364 | /* evade an alignment problem when a 4 byte field */ |
365 | /* in a struct implies alignment of the struct */ |
366 | le16 dummy; |
367 | be16 high_part; |
368 | be32 low_part; |
369 | } identifier_authority; |
370 | } ; |
371 | le32 sub_authority[1]; |
372 | } SID; |
373 | |
374 | typedef u8 ACE_FLAGS; |
375 | |
376 | typedef struct ACE { |
377 | u8 type; |
378 | u8 flags; |
379 | le16 size; |
380 | le32 mask; |
381 | SID sid; |
382 | } ACCESS_ALLOWED_ACE, ACCESS_DENIED_ACE; |
383 | |
384 | |
385 | /* |
386 | * item in the mapping list |
387 | */ |
388 | |
389 | struct MAPPING { |
390 | struct MAPPING *next; |
391 | int xid; /* linux id : uid or gid */ |
392 | SID *sid; /* Windows id : usid or gsid */ |
393 | int grcnt; /* group count (for users only) */ |
394 | gid_t *groups; /* groups which the user is member of */ |
395 | }; |
396 | |
397 | /* |
398 | * Posix ACL structures |
399 | */ |
400 | |
401 | struct POSIX_ACE { |
402 | u16 tag; |
403 | u16 perms; |
404 | s32 id; |
405 | } ; |
406 | |
407 | struct POSIX_ACL { |
408 | u8 version; |
409 | u8 flags; |
410 | u16 filler; |
411 | struct POSIX_ACE ace[0]; |
412 | } ; |
413 | |
414 | struct POSIX_SECURITY { |
415 | mode_t mode; |
416 | int acccnt; |
417 | int defcnt; |
418 | int firstdef; |
419 | u16 tagsset; |
420 | struct POSIX_ACL acl; |
421 | } ; |
422 | |
423 | /* |
424 | * Posix tags, cpu-endian 16 bits |
425 | */ |
426 | |
427 | enum { |
428 | POSIX_ACL_USER_OBJ = 1, |
429 | POSIX_ACL_USER = 2, |
430 | POSIX_ACL_GROUP_OBJ = 4, |
431 | POSIX_ACL_GROUP = 8, |
432 | POSIX_ACL_MASK = 16, |
433 | POSIX_ACL_OTHER = 32, |
434 | POSIX_ACL_SPECIAL = 64 /* internal use only */ |
435 | } ; |
436 | |
437 | /* |
438 | * Posix permissions, cpu-endian 16 bits |
439 | */ |
440 | |
441 | enum { |
442 | POSIX_PERM_X = 1, |
443 | POSIX_PERM_W = 2, |
444 | POSIX_PERM_R = 4, |
445 | POSIX_PERM_DENIAL = 64 /* internal use only */ |
446 | } ; |
447 | |
448 | #define POSIX_VERSION 2 |
449 | |
450 | /* |
451 | * A few definitions adapted from winnt.h |
452 | * (Windows version uses actual definitions from winnt.h, which are |
453 | * not compatible with code from security.c on a big-endian computer) |
454 | */ |
455 | |
456 | #ifndef WIN32 |
457 | |
458 | #define DELETE cpu_to_le32(0x00010000L) |
459 | #define READ_CONTROL cpu_to_le32(0x00020000L) |
460 | #define WRITE_DAC cpu_to_le32(0x00040000L) |
461 | #define WRITE_OWNER cpu_to_le32(0x00080000L) |
462 | #define SYNCHRONIZE cpu_to_le32(0x00100000L) |
463 | |
464 | |
465 | #define FILE_READ_DATA cpu_to_le32( 0x0001 ) // file & pipe |
466 | #define FILE_LIST_DIRECTORY cpu_to_le32( 0x0001 ) // directory |
467 | |
468 | #define FILE_WRITE_DATA cpu_to_le32( 0x0002 ) // file & pipe |
469 | #define FILE_ADD_FILE cpu_to_le32( 0x0002 ) // directory |
470 | |
471 | #define FILE_APPEND_DATA cpu_to_le32( 0x0004 ) // file |
472 | #define FILE_ADD_SUBDIRECTORY cpu_to_le32( 0x0004 ) // directory |
473 | #define FILE_CREATE_PIPE_INSTANCE cpu_to_le32( 0x0004 ) // named pipe |
474 | |
475 | |
476 | #define FILE_READ_EA cpu_to_le32( 0x0008 ) // file & directory |
477 | |
478 | #define FILE_WRITE_EA cpu_to_le32( 0x0010 ) // file & directory |
479 | |
480 | #define FILE_EXECUTE cpu_to_le32( 0x0020 ) // file |
481 | #define FILE_TRAVERSE cpu_to_le32( 0x0020 ) // directory |
482 | |
483 | #define FILE_DELETE_CHILD cpu_to_le32( 0x0040 ) // directory |
484 | |
485 | #define FILE_READ_ATTRIBUTES cpu_to_le32( 0x0080 ) // all |
486 | |
487 | #define FILE_WRITE_ATTRIBUTES cpu_to_le32( 0x0100 ) // all |
488 | |
489 | #define FILE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \ |
490 | cpu_to_le32(0x1FF)) |
491 | |
492 | #define FILE_GENERIC_READ (STANDARD_RIGHTS_READ |\ |
493 | FILE_READ_DATA |\ |
494 | FILE_READ_ATTRIBUTES |\ |
495 | FILE_READ_EA |\ |
496 | SYNCHRONIZE) |
497 | |
498 | |
499 | #define FILE_GENERIC_WRITE (STANDARD_RIGHTS_WRITE |\ |
500 | FILE_WRITE_DATA |\ |
501 | FILE_WRITE_ATTRIBUTES |\ |
502 | FILE_WRITE_EA |\ |
503 | FILE_APPEND_DATA |\ |
504 | SYNCHRONIZE) |
505 | |
506 | |
507 | #define FILE_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE |\ |
508 | FILE_READ_ATTRIBUTES |\ |
509 | FILE_EXECUTE |\ |
510 | SYNCHRONIZE) |
511 | |
512 | #define GENERIC_READ cpu_to_le32(0x80000000L) |
513 | #define GENERIC_WRITE cpu_to_le32(0x40000000L) |
514 | #define GENERIC_EXECUTE cpu_to_le32(0x20000000L) |
515 | #define GENERIC_ALL cpu_to_le32(0x10000000L) |
516 | |
517 | |
518 | #define OBJECT_INHERIT_ACE (0x1) |
519 | #define CONTAINER_INHERIT_ACE (0x2) |
520 | #define NO_PROPAGATE_INHERIT_ACE (0x4) |
521 | #define INHERIT_ONLY_ACE (0x8) |
522 | #define VALID_INHERIT_FLAGS (0xF) |
523 | |
524 | /* |
525 | * Other useful definitions |
526 | */ |
527 | |
528 | #define ACL_REVISION 2 |
529 | #define ACCESS_ALLOWED_ACE_TYPE 0 |
530 | #define ACCESS_DENIED_ACE_TYPE 1 |
531 | #define SECURITY_DESCRIPTOR_REVISION 1 |
532 | |
533 | #endif /* !WIN32 */ |
534 | |
535 | #ifndef ACL_REVISION_DS /* not always defined in <windows.h> */ |
536 | #define ACL_REVISION_DS 4 |
537 | #endif |
538 | |
539 | /* |
540 | * Matching of ntfs permissions to Linux permissions |
541 | * these constants are adapted to endianness |
542 | * when setting, set them all |
543 | * when checking, check one is present |
544 | */ |
545 | |
546 | /* flags which are set to mean exec, write or read */ |
547 | |
548 | #define FILE_READ (FILE_READ_DATA) |
549 | #define FILE_WRITE (FILE_WRITE_DATA | FILE_APPEND_DATA \ |
550 | | READ_CONTROL | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA) |
551 | #define FILE_EXEC (FILE_EXECUTE) |
552 | #define DIR_READ FILE_LIST_DIRECTORY |
553 | #define DIR_WRITE (FILE_ADD_FILE | FILE_ADD_SUBDIRECTORY | FILE_DELETE_CHILD \ |
554 | | READ_CONTROL | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA) |
555 | #define DIR_EXEC (FILE_TRAVERSE) |
556 | |
557 | /* flags tested for meaning exec, write or read */ |
558 | /* tests for write allow for interpretation of a sticky bit */ |
559 | |
560 | #define FILE_GREAD (FILE_READ_DATA | GENERIC_READ) |
561 | #define FILE_GWRITE (FILE_WRITE_DATA | FILE_APPEND_DATA | GENERIC_WRITE) |
562 | #define FILE_GEXEC (FILE_EXECUTE | GENERIC_EXECUTE) |
563 | #define DIR_GREAD (FILE_LIST_DIRECTORY | GENERIC_READ) |
564 | #define DIR_GWRITE (FILE_ADD_FILE | FILE_ADD_SUBDIRECTORY | GENERIC_WRITE) |
565 | #define DIR_GEXEC (FILE_TRAVERSE | GENERIC_EXECUTE) |
566 | |
567 | /* standard owner (and administrator) rights */ |
568 | |
569 | #define OWNER_RIGHTS (DELETE | READ_CONTROL | WRITE_DAC | WRITE_OWNER \ |
570 | | SYNCHRONIZE \ |
571 | | FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES \ |
572 | | FILE_READ_EA | FILE_WRITE_EA) |
573 | |
574 | /* standard world rights */ |
575 | |
576 | #define WORLD_RIGHTS (READ_CONTROL | FILE_READ_ATTRIBUTES | FILE_READ_EA \ |
577 | | SYNCHRONIZE) |
578 | |
579 | /* inheritance flags for files and directories */ |
580 | |
581 | #define FILE_INHERITANCE NO_PROPAGATE_INHERIT_ACE |
582 | #define DIR_INHERITANCE (OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE) |
583 | |
584 | /* |
585 | * To identify NTFS ACL meaning Posix ACL granted to root |
586 | * we use rights always granted to anybody, so they have no impact |
587 | * either on Windows or on Linux. |
588 | */ |
589 | |
590 | #define ROOT_OWNER_UNMARK SYNCHRONIZE /* ACL granted to root as owner */ |
591 | #define ROOT_GROUP_UNMARK FILE_READ_EA /* ACL granted to root as group */ |
592 | |
593 | |
594 | struct SII { /* this is an image of an $SII index entry */ |
595 | le16 offs; |
596 | le16 size; |
597 | le32 fill1; |
598 | le16 indexsz; |
599 | le16 indexksz; |
600 | le16 flags; |
601 | le16 fill2; |
602 | le32 keysecurid; |
603 | |
604 | /* did not find official description for the following */ |
605 | le32 hash; |
606 | le32 securid; |
607 | le32 dataoffsl; /* documented as badly aligned */ |
608 | le32 dataoffsh; |
609 | le32 datasize; |
610 | } ; |
611 | |
612 | struct SDH { /* this is an image of an $SDH index entry */ |
613 | le16 offs; |
614 | le16 size; |
615 | le32 fill1; |
616 | le16 indexsz; |
617 | le16 indexksz; |
618 | le16 flags; |
619 | le16 fill2; |
620 | le32 keyhash; |
621 | le32 keysecurid; |
622 | |
623 | /* did not find official description for the following */ |
624 | le32 hash; |
625 | le32 securid; |
626 | le32 dataoffsl; |
627 | le32 dataoffsh; |
628 | le32 datasize; |
629 | le32 fill3; |
630 | } ; |
631 | |
632 | #ifndef INVALID_FILE_ATTRIBUTES /* not defined in old windows.h */ |
633 | #define INVALID_FILE_ATTRIBUTES (-1) |
634 | #endif |
635 | |
636 | enum { MAPUSERS, MAPGROUPS, MAPCOUNT } ; |
637 | |
638 | struct SECURITY_CONTEXT { |
639 | struct MAPPING *mapping[MAPCOUNT]; |
640 | } ; |
641 | |
642 | typedef enum { MAPNONE, MAPEXTERN, MAPLOCAL, MAPDUMMY } MAPTYPE; |
643 | |
644 | |
645 | |
646 | struct passwd { |
647 | uid_t pw_uid; |
648 | } ; |
649 | |
650 | struct group { |
651 | gid_t gr_gid; |
652 | } ; |
653 | |
654 | typedef int (*FILEREADER)(void *fileid, char *buf, size_t size, off_t pos); |
655 | |
656 | /* |
657 | * Data defined in secaudit.c |
658 | */ |
659 | |
660 | extern MAPTYPE mappingtype; |
661 | |
662 | /* |
663 | * Functions defined in acls.c |
664 | */ |
665 | |
666 | BOOL ntfs_valid_descr(const char *securattr, unsigned int attrsz); |
667 | BOOL ntfs_valid_posix(const struct POSIX_SECURITY *pxdesc); |
668 | BOOL ntfs_valid_pattern(const SID *sid); |
669 | BOOL ntfs_same_sid(const SID *first, const SID *second); |
670 | |
671 | |
672 | int ntfs_sid_size(const SID * sid); |
673 | unsigned int ntfs_attr_size(const char *attr); |
674 | |
675 | const SID *ntfs_find_usid(const struct MAPPING *usermapping, |
676 | uid_t uid, SID *pdefsid); |
677 | const SID *ntfs_find_gsid(const struct MAPPING *groupmapping, |
678 | gid_t gid, SID *pdefsid); |
679 | uid_t ntfs_find_user(const struct MAPPING *usermapping, const SID *usid); |
680 | gid_t ntfs_find_group(const struct MAPPING *groupmapping, const SID * gsid); |
681 | const SID *ntfs_acl_owner(const char *secattr); |
682 | |
683 | void ntfs_sort_posix(struct POSIX_SECURITY *pxdesc); |
684 | int ntfs_merge_mode_posix(struct POSIX_SECURITY *pxdesc, mode_t mode); |
685 | |
686 | |
687 | struct POSIX_SECURITY *ntfs_build_permissions_posix( |
688 | struct MAPPING* const mapping[], |
689 | const char *securattr, |
690 | const SID *usid, const SID *gsid, BOOL isdir); |
691 | int ntfs_build_permissions(const char *securattr, |
692 | const SID *usid, const SID *gsid, BOOL isdir); |
693 | struct MAPLIST *ntfs_read_mapping(FILEREADER reader, void *fileid); |
694 | struct MAPPING *ntfs_do_user_mapping(struct MAPLIST *firstitem); |
695 | struct MAPPING *ntfs_do_group_mapping(struct MAPLIST *firstitem); |
696 | void ntfs_free_mapping(struct MAPPING *mapping[]); |
697 | |
698 | struct POSIX_SECURITY *ntfs_merge_descr_posix(const struct POSIX_SECURITY *first, |
699 | const struct POSIX_SECURITY *second); |
700 | char *ntfs_build_descr_posix(struct MAPPING* const mapping[], |
701 | struct POSIX_SECURITY *pxdesc, |
702 | int isdir, const SID *usid, const SID *gsid); |
703 | char *ntfs_build_descr(mode_t mode, |
704 | int isdir, const SID * usid, const SID * gsid); |
705 | |
706 | /* |
707 | * Functions defined in secaudit.c |
708 | */ |
709 | |
710 | void *chkmalloc(size_t, const char*, int); |
711 | void *chkcalloc(size_t, size_t, const char *, int); |
712 | void chkfree(void*, const char*, int); |
713 | BOOL chkisalloc(void*, const char*, int); |
714 | void dumpalloc(const char*); |
715 | |
716 | #define malloc(sz) chkmalloc(sz, __FILE__, __LINE__) |
717 | #define calloc(cnt,sz) chkcalloc(cnt, sz, __FILE__, __LINE__) |
718 | #define free(ptr) chkfree(ptr, __FILE__, __LINE__) |
719 | #define isalloc(ptr) chkisalloc(ptr, __FILE__, __LINE__) |
720 | #define ntfs_malloc(sz) chkmalloc(sz, __FILE__, __LINE__) |
721 | |
722 | struct passwd *getpwnam(const char *user); |
723 | struct group *getgrnam(const char *group); |
724 | |
725 | const SID *relay_find_usid(const struct MAPPING *usermapping, |
726 | uid_t uid, SID *pdefsid); |
727 | const SID *relay_find_gsid(const struct MAPPING *groupmapping, |
728 | gid_t gid, SID *pdefsid); |
729 | uid_t relay_find_user(const struct MAPPING *usermapping, const SID *usid); |
730 | gid_t relay_find_group(const struct MAPPING *groupmapping, const SID * gsid); |
731 | |
732 |