path: root/src/secaudit.h (plain)
blob: ce59d6836a7f2e5f041269aead74d0860e686587

1	/*
2	* General declarations for secaudit
3	*
4	* These declarations are organized to enable code sharing with ntfs-3g
5	* library, but should only be used to build tools runnable both
6	* on Linux (dynamic linking) and Windows (static linking)
7	*
8	* Copyright (c) 2007-2009 Jean-Pierre Andre
9	*
10	*/
11
12	/*
13	* This program is free software; you can redistribute it and/or modify
14	* it under the terms of the GNU General Public License as published by
15	* the Free Software Foundation; either version 2 of the License, or
16	* (at your option) any later version.
17	*
18	* This program is distributed in the hope that it will be useful,
19	* but WITHOUT ANY WARRANTY; without even the implied warranty of
20	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21	* GNU General Public License for more details.
22	*
23	* You should have received a copy of the GNU General Public License
24	* along with this program (in the main directory of the NTFS-3G
25	* distribution in the file COPYING); if not, write to the Free Software
26	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
27	*/
28
29	/*
30	* General parameters which may have to be adapted to needs
31	*/
32
33	#define SELFTESTS 1 /* include code for self-testing */
34	#define POSIXACLS 0 /* include code for processing Posix ACLs */
35	#define NOREVBOM 0 /* temporary */
36
37	#define OWNERFROMACL 1 /* must match option in security.c */
38
39	#define MAXATTRSZ 65536 /* Max sec attr size (16448 met for WinXP) */
40	#define MAXSECURID 262144
41	#define SECBLKSZ 8
42	#define MAXFILENAME 4096
43	#define FORCEMASK 0 /* Special (dangerous) option -m to force a mask */
44	#define MAXLINE 80 /* maximum processed size of a line */
45	#define BUFSZ 1024 /* buffer size to read mapping file */
46	#define LINESZ 120 /* maximum useful size of a mapping line */
47
48	/*
49	* Definitions for Linux
50	* Use explicit or implicit dynamic linking
51	*/
52
53	#ifdef HAVE_CONFIG_H
54	#undef POSIXACLS /* override default by configure option */
55	#define USESTUBS 1 /* API stubs generated at link time */
56	#else
57	#define USESTUBS 0 /* direct calls to API, based on following definitions */
58	#define ENVNTFS3G "NTFS3G"
59	#define LIBFILE64 "/lib64/libntfs-3g.so.4921"
60	#define LIBFILE "/lib/libntfs-3g.so.4921"
61	#endif
62
63	#define MAPDIR ".NTFS-3G"
64	#define MAPFILE "UserMapping"
65	#define MAGIC_API 0x09042009
66
67	#ifndef _NTFS_ENDIANS_H
68
69	typedef char s8;
70	typedef short s16;
71	typedef long long s64;
72	typedef unsigned char u8;
73	typedef unsigned short le16, be16, u16;
74	typedef unsigned long long u64;
75	#ifdef STSC
76	typedef long s32;
77	typedef unsigned long le32, be32, u32;
78	#else
79	typedef int s32;
80	typedef unsigned int le32, be32, u32;
81	#endif
82
83	#ifdef STSC
84	#define endian_rev16(x) ((((x) & 255L) << 8) + (((x) >> 8) & 255L))
85	#define endian_rev32(x) ((((x) & 255L) << 24) + (((x) & 0xff00L) << 8) \
86	+ (((x) >> 8) & 0xff00L) + (((x) >> 24) & 255L))
87	#else
88	#define endian_rev16(x) ((((x) & 255) << 8) + (((x) >> 8) & 255))
89	#define endian_rev32(x) ((((x) & 255) << 24) + (((x) & 0xff00) << 8) \
90	+ (((x) >> 8) & 0xff00) + (((x) >> 24) & 255))
91	#endif
92	#define endian_rev64(x) ((((x) & 255LL) << 56) + (((x) & 0xff00LL) << 40) \
93	+ (((x) & 0xff0000LL) << 24) + (((x) & 0xff000000LL) << 8) \
94	+ (((x) >> 8) & 0xff000000LL) + (((x) >> 24) & 0xff0000LL) \
95	+ (((x) >> 40) & 0xff00LL) + (((x) >> 56) & 255LL))
96
97	#if __BYTE_ORDER == __LITTLE_ENDIAN
98
99	#define cpu_to_be16(x) endian_rev16(x)
100	#define cpu_to_be32(x) endian_rev32(x)
101	#define cpu_to_le16(x) (x)
102	#define cpu_to_le32(x) (x)
103	#define cpu_to_le64(x) (x)
104	#define le16_to_cpu(x) (x)
105	#define le32_to_cpu(x) (x)
106	#define le64_to_cpu(x) (x)
107
108	#else
109
110	#define cpu_to_be16(x) (x)
111	#define cpu_to_be32(x) (x)
112	#define cpu_to_le16(x) endian_rev16(x)
113	#define cpu_to_le32(x) endian_rev32(x)
114	#define cpu_to_le64(x) endian_rev64(x)
115	#define le16_to_cpu(x) endian_rev16(x)
116	#define le32_to_cpu(x) endian_rev32(x)
117	#define le64_to_cpu(x) endian_rev64(x)
118
119	#endif
120
121	#define const_le16_to_cpu(x) le16_to_cpu(x)
122	#define const_cpu_to_le16(x) cpu_to_le16(x)
123	#define const_cpu_to_le32(x) cpu_to_le32(x)
124	#define const_cpu_to_be16(x) cpu_to_be16(x)
125	#define const_cpu_to_be32(x) cpu_to_be32(x)
126
127	#endif /* _NTFS_ENDIANS_H */
128
129	#ifndef FALSE
130	enum { FALSE, TRUE } ;
131	#endif /* FALSE */
132
133	#ifdef WIN32
134
135	typedef unsigned short uid_t;
136	typedef unsigned short gid_t;
137
138	#define UNICODE(c) ((unsigned short)(c))
139
140	#define __attribute__(x)
141
142	#else
143
144	#ifndef BOOL
145	typedef int BOOL; /* Already defined in windows.h */
146	#endif /* BOOL */
147
148	#ifdef STSC
149
150	#define ENOTSUP 95
151
152	#endif /* STSC */
153
154	typedef u32 DWORD; /* must be 32 bits whatever the platform */
155	typedef DWORD *LPDWORD;
156
157	#define NTFS_MNT_NONE 0 /* no flag for mounting the device */
158	#define NTFS_MNT_RDONLY 1 /* flag for mounting the device read-only */
159
160	#endif /* WIN32 */
161
162	#if defined(WIN32) | defined(STSC)
163
164	/*
165	* On non-Linux computers, there is no mount and the user mapping
166	* if fetched from a real file (or a dummy one for self tests)
167	*/
168
169	#define NTFS_FIND_USID(map,uid,buf) ntfs_find_usid(map,uid,buf)
170	#define NTFS_FIND_GSID(map,gid,buf) ntfs_find_gsid(map,gid,buf)
171	#define NTFS_FIND_USER(map,usid) ntfs_find_user(map,usid)
172	#define NTFS_FIND_GROUP(map,gsid) ntfs_find_group(map,gsid)
173
174	#else
175
176	/*
177	* On Linux computers, there is a mount and the user mapping
178	* if either obtained through the mount process or fetched
179	* from a dummy file for self-tests
180	*/
181
182	#define NTFS_FIND_USID(map,uid,buf) (mappingtype != MAPEXTERN ? \
183	ntfs_find_usid(map,uid,buf) : relay_find_usid(map,uid,buf))
184	#define NTFS_FIND_GSID(map,gid,buf) (mappingtype != MAPEXTERN ? \
185	ntfs_find_gsid(map,gid,buf) : relay_find_gsid(map,gid,buf))
186	#define NTFS_FIND_USER(map,usid) (mappingtype != MAPEXTERN ? \
187	ntfs_find_user(map,usid) : relay_find_user(map,usid))
188	#define NTFS_FIND_GROUP(map,gsid) (mappingtype != MAPEXTERN ? \
189	ntfs_find_group(map,gsid) : relay_find_group(map,gsid))
190
191	#endif
192
193	/*
194	* A few name hijackings or definitions
195	* needed for using code from ntfs-3g
196	*/
197
198	#ifdef WIN32
199	#define ACL MY_ACL
200	#define SID MY_SID
201	#define ACCESS_ALLOWED_ACE MY_ACCESS_ALLOWED_ACE
202	#define ACCESS_DENIED_ACE MY_ACCESS_DENIED_ACE
203	#define FILE_ATTRIBUTE_REPARSE_POINT 0x400
204	#define IO_REPARSE_TAG_MOUNT_POINT 0xa0000003
205	#define IO_REPARSE_TAG_SYMLINK 0xa000000c
206	#else
207	#define SE_OWNER_DEFAULTED const_cpu_to_le16(1)
208	#define SE_GROUP_DEFAULTED const_cpu_to_le16(2)
209	#define SE_DACL_PRESENT const_cpu_to_le16(4)
210	#define SE_SACL_PRESENT const_cpu_to_le16(0x10)
211	#define SE_DACL_DEFAULTED const_cpu_to_le16(8)
212	#define SE_SELF_RELATIVE const_cpu_to_le16(0x8000)
213	#define SID_REVISION 1
214	#endif /* WIN32 */
215	#define SE_DACL_PROTECTED const_cpu_to_le16(0x1000)
216	#define SE_SACL_PROTECTED const_cpu_to_le16(0x2000)
217	#define SE_DACL_AUTO_INHERITED const_cpu_to_le16(0x400)
218	#define SE_SACL_AUTO_INHERITED const_cpu_to_le16(0x800)
219	#define SE_DACL_AUTO_INHERIT_REQ cpu_to_le16(0x100)
220	#define SE_SACL_AUTO_INHERIT_REQ cpu_to_le16(0x200)
221
222	typedef le16 ntfschar;
223
224	#define ntfs_log_error(args...) do { printf("** " args); if (!isatty(1)) fprintf(stderr,args); } while(0)
225
226	/*
227	* Struct to hold the input mapping file
228	* (private to this module)
229	*/
230
231	struct MAPLIST {
232	struct MAPLIST *next;
233	char *uidstr; /* uid text from the same record */
234	char *gidstr; /* gid text from the same record */
235	char *sidstr; /* sid text from the same record */
236	char maptext[LINESZ + 1];
237	};
238
239	/*
240	* A few dummy declarations needed for using code from security.c
241	*/
242
243	#define MFT_RECORD_IS_DIRECTORY const_cpu_to_le16(1)
244
245	struct SECURITY_DATA {
246	u64 offset;
247	char *attr;
248	u32 hash;
249	u32 length;
250	unsigned int filecount:16;
251	unsigned int mode:12;
252	unsigned int flags:4;
253	} ;
254
255	/* default security sub-authorities */
256	enum {
257	DEFSECAUTH1 = -1153374643, /* 3141592653 */
258	DEFSECAUTH2 = 589793238,
259	DEFSECAUTH3 = 462843383,
260	DEFSECBASE = 10000
261	};
262
263	#define OWNERID 1016
264	#define GROUPID 513
265
266
267	#define INSDS1 1
268	#define INSDS2 2
269	#define INSII 4
270	#define INSDH 8
271
272	#ifdef WIN32
273
274	typedef enum { RECSHOW, RECSET, RECSETPOSIX } RECURSE;
275
276	#endif
277
278	/*
279	* A type large enough to hold any SID
280	*/
281
282	typedef char BIGSID[40];
283
284	/*
285	* Declarations for memory allocation checks
286	*/
287
288	struct CHKALLOC
289	{
290	struct CHKALLOC *next;
291	void *alloc;
292	const char *file;
293	int line;
294	size_t size;
295	} ;
296
297	#if defined(WIN32) | defined(STSC)
298
299	#define S_ISVTX 01000
300	#define S_ISGID 02000
301	#define S_ISUID 04000
302	#define S_IXUSR 0100
303	#define S_IWUSR 0200
304	#define S_IRUSR 0400
305	#define S_IXGRP 010
306	#define S_IWGRP 020
307	#define S_IRGRP 040
308	#define S_IXOTH 001
309	#define S_IWOTH 002
310	#define S_IROTH 004
311
312	#endif
313
314	#ifdef WIN32
315	#else
316	/*
317	*
318	* See http://msdn2.microsoft.com/en-us/library/aa379649.aspx
319	*/
320
321	typedef enum {
322	DACL_SECURITY_INFORMATION = 4, // The DACL of the object is being referenced.
323	SACL_SECURITY_INFORMATION = 8, // The SACL of the object is being referenced.
324	LABEL_SECURITY_INFORMATION = 8, // The mandatory integrity label is being referenced.
325	GROUP_SECURITY_INFORMATION = 2, // The primary group identifier of the object is being referenced.
326	OWNER_SECURITY_INFORMATION = 1, // The owner identifier of the object is being referenced.
327	} SECURITY_INFORMATION;
328
329	#define STANDARD_RIGHTS_READ cpu_to_le32(0x20000)
330	#define STANDARD_RIGHTS_WRITE cpu_to_le32(0x20000)
331	#define STANDARD_RIGHTS_EXECUTE cpu_to_le32(0x20000)
332	#define STANDARD_RIGHTS_REQUIRED cpu_to_le32(0xf0000)
333
334	#endif
335
336	typedef struct SECHEAD {
337	s8 revision;
338	s8 alignment;
339	le16 control;
340	le32 owner;
341	le32 group;
342	le32 sacl;
343	le32 dacl;
344	} SECURITY_DESCRIPTOR_RELATIVE;
345
346	typedef struct ACL {
347	s8 revision;
348	s8 alignment1;
349	le16 size;
350	le16 ace_count;
351	le16 alignment2;
352	} ACL;
353
354	typedef struct {
355	union {
356	struct {
357	unsigned char revision;
358	unsigned char sub_authority_count;
359	} ;
360	struct {
361	/* evade an alignment problem when a 4 byte field */
362	/* in a struct implies alignment of the struct */
363	le16 dummy;
364	be16 high_part;
365	be32 low_part;
366	} identifier_authority;
367	} ;
368	le32 sub_authority[1];
369	} SID;
370
371	typedef u8 ACE_FLAGS;
372
373	typedef struct ACE {
374	u8 type;
375	u8 flags;
376	le16 size;
377	le32 mask;
378	SID sid;
379	} ACCESS_ALLOWED_ACE, ACCESS_DENIED_ACE;
380
381
382	/*
383	* item in the mapping list
384	*/
385
386	struct MAPPING {
387	struct MAPPING *next;
388	int xid; /* linux id : uid or gid */
389	SID *sid; /* Windows id : usid or gsid */
390	int grcnt; /* group count (for users only) */
391	gid_t *groups; /* groups which the user is member of */
392	};
393
394	/*
395	* Posix ACL structures
396	*/
397
398	struct POSIX_ACE {
399	u16 tag;
400	u16 perms;
401	s32 id;
402	} ;
403
404	struct POSIX_ACL {
405	u8 version;
406	u8 flags;
407	u16 filler;
408	struct POSIX_ACE ace[0];
409	} ;
410
411	struct POSIX_SECURITY {
412	mode_t mode;
413	int acccnt;
414	int defcnt;
415	int firstdef;
416	u16 tagsset;
417	struct POSIX_ACL acl;
418	} ;
419
420	/*
421	* Posix tags, cpu-endian 16 bits
422	*/
423
424	enum {
425	POSIX_ACL_USER_OBJ = 1,
426	POSIX_ACL_USER = 2,
427	POSIX_ACL_GROUP_OBJ = 4,
428	POSIX_ACL_GROUP = 8,
429	POSIX_ACL_MASK = 16,
430	POSIX_ACL_OTHER = 32,
431	POSIX_ACL_SPECIAL = 64 /* internal use only */
432	} ;
433
434	/*
435	* Posix permissions, cpu-endian 16 bits
436	*/
437
438	enum {
439	POSIX_PERM_X = 1,
440	POSIX_PERM_W = 2,
441	POSIX_PERM_R = 4,
442	POSIX_PERM_DENIAL = 64 /* internal use only */
443	} ;
444
445	#define POSIX_VERSION 2
446
447	/*
448	* A few definitions adapted from winnt.h
449	* (Windows version uses actual definitions from winnt.h, which are
450	* not compatible with code from security.c on a big-endian computer)
451	*/
452
453	#ifndef WIN32
454
455	#define DELETE cpu_to_le32(0x00010000L)
456	#define READ_CONTROL cpu_to_le32(0x00020000L)
457	#define WRITE_DAC cpu_to_le32(0x00040000L)
458	#define WRITE_OWNER cpu_to_le32(0x00080000L)
459	#define SYNCHRONIZE cpu_to_le32(0x00100000L)
460
461
462	#define FILE_READ_DATA cpu_to_le32( 0x0001 ) // file & pipe
463	#define FILE_LIST_DIRECTORY cpu_to_le32( 0x0001 ) // directory
464
465	#define FILE_WRITE_DATA cpu_to_le32( 0x0002 ) // file & pipe
466	#define FILE_ADD_FILE cpu_to_le32( 0x0002 ) // directory
467
468	#define FILE_APPEND_DATA cpu_to_le32( 0x0004 ) // file
469	#define FILE_ADD_SUBDIRECTORY cpu_to_le32( 0x0004 ) // directory
470	#define FILE_CREATE_PIPE_INSTANCE cpu_to_le32( 0x0004 ) // named pipe
471
472
473	#define FILE_READ_EA cpu_to_le32( 0x0008 ) // file & directory
474
475	#define FILE_WRITE_EA cpu_to_le32( 0x0010 ) // file & directory
476
477	#define FILE_EXECUTE cpu_to_le32( 0x0020 ) // file
478	#define FILE_TRAVERSE cpu_to_le32( 0x0020 ) // directory
479
480	#define FILE_DELETE_CHILD cpu_to_le32( 0x0040 ) // directory
481
482	#define FILE_READ_ATTRIBUTES cpu_to_le32( 0x0080 ) // all
483
484	#define FILE_WRITE_ATTRIBUTES cpu_to_le32( 0x0100 ) // all
485
486	#define FILE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
487	cpu_to_le32(0x1FF))
488
489	#define FILE_GENERIC_READ (STANDARD_RIGHTS_READ |\
490	FILE_READ_DATA |\
491	FILE_READ_ATTRIBUTES |\
492	FILE_READ_EA |\
493	SYNCHRONIZE)
494
495
496	#define FILE_GENERIC_WRITE (STANDARD_RIGHTS_WRITE |\
497	FILE_WRITE_DATA |\
498	FILE_WRITE_ATTRIBUTES |\
499	FILE_WRITE_EA |\
500	FILE_APPEND_DATA |\
501	SYNCHRONIZE)
502
503
504	#define FILE_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE |\
505	FILE_READ_ATTRIBUTES |\
506	FILE_EXECUTE |\
507	SYNCHRONIZE)
508
509	#define GENERIC_READ cpu_to_le32(0x80000000L)
510	#define GENERIC_WRITE cpu_to_le32(0x40000000L)
511	#define GENERIC_EXECUTE cpu_to_le32(0x20000000L)
512	#define GENERIC_ALL cpu_to_le32(0x10000000L)
513
514
515	#define OBJECT_INHERIT_ACE (0x1)
516	#define CONTAINER_INHERIT_ACE (0x2)
517	#define NO_PROPAGATE_INHERIT_ACE (0x4)
518	#define INHERIT_ONLY_ACE (0x8)
519	#define INHERITED_ACE (0x10)
520	#define VALID_INHERIT_FLAGS (0x1F)
521
522	/*
523	* Other useful definitions
524	*/
525
526	#define ACL_REVISION 2
527	#define ACCESS_ALLOWED_ACE_TYPE 0
528	#define ACCESS_DENIED_ACE_TYPE 1
529	#define SECURITY_DESCRIPTOR_REVISION 1
530
531	#endif /* !WIN32 */
532
533	#ifndef ACL_REVISION_DS /* not always defined in <windows.h> */
534	#define ACL_REVISION_DS 4
535	#endif
536
537	#ifndef INHERITED_ACE /* not always defined in <windows.h> */
538	#define INHERITED_ACE (0x10)
539	#undef VALID_INHERIT_FLAGS
540	#define VALID_INHERIT_FLAGS (0x1F)
541	#endif
542
543	/*
544	* Matching of ntfs permissions to Linux permissions
545	* these constants are adapted to endianness
546	* when setting, set them all
547	* when checking, check one is present
548	*/
549
550	/* flags which are set to mean exec, write or read */
551
552	#define FILE_READ (FILE_READ_DATA)
553	#define FILE_WRITE (FILE_WRITE_DATA | FILE_APPEND_DATA \
554	| READ_CONTROL | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA)
555	#define FILE_EXEC (FILE_EXECUTE)
556	#define DIR_READ FILE_LIST_DIRECTORY
557	#define DIR_WRITE (FILE_ADD_FILE | FILE_ADD_SUBDIRECTORY | FILE_DELETE_CHILD \
558	| READ_CONTROL | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA)
559	#define DIR_EXEC (FILE_TRAVERSE)
560
561	/* flags tested for meaning exec, write or read */
562	/* tests for write allow for interpretation of a sticky bit */
563
564	#define FILE_GREAD (FILE_READ_DATA | GENERIC_READ)
565	#define FILE_GWRITE (FILE_WRITE_DATA | FILE_APPEND_DATA | GENERIC_WRITE)
566	#define FILE_GEXEC (FILE_EXECUTE | GENERIC_EXECUTE)
567	#define DIR_GREAD (FILE_LIST_DIRECTORY | GENERIC_READ)
568	#define DIR_GWRITE (FILE_ADD_FILE | FILE_ADD_SUBDIRECTORY | GENERIC_WRITE)
569	#define DIR_GEXEC (FILE_TRAVERSE | GENERIC_EXECUTE)
570
571	/* standard owner (and administrator) rights */
572
573	#define OWNER_RIGHTS (DELETE | READ_CONTROL | WRITE_DAC | WRITE_OWNER \
574	| SYNCHRONIZE \
575	| FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES \
576	| FILE_READ_EA | FILE_WRITE_EA)
577
578	/* standard world rights */
579
580	#define WORLD_RIGHTS (READ_CONTROL | FILE_READ_ATTRIBUTES | FILE_READ_EA \
581	| SYNCHRONIZE)
582
583	/* inheritance flags for files and directories */
584
585	#define FILE_INHERITANCE NO_PROPAGATE_INHERIT_ACE
586	#define DIR_INHERITANCE (OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE)
587
588	/*
589	* To identify NTFS ACL meaning Posix ACL granted to root
590	* we use rights always granted to anybody, so they have no impact
591	* either on Windows or on Linux.
592	*/
593
594	#define ROOT_OWNER_UNMARK SYNCHRONIZE /* ACL granted to root as owner */
595	#define ROOT_GROUP_UNMARK FILE_READ_EA /* ACL granted to root as group */
596
597
598	struct SII { /* this is an image of an $SII index entry */
599	le16 offs;
600	le16 size;
601	le32 fill1;
602	le16 indexsz;
603	le16 indexksz;
604	le16 flags;
605	le16 fill2;
606	le32 keysecurid;
607
608	/* did not find official description for the following */
609	le32 hash;
610	le32 securid;
611	le32 dataoffsl; /* documented as badly aligned */
612	le32 dataoffsh;
613	le32 datasize;
614	} ;
615
616	struct SDH { /* this is an image of an $SDH index entry */
617	le16 offs;
618	le16 size;
619	le32 fill1;
620	le16 indexsz;
621	le16 indexksz;
622	le16 flags;
623	le16 fill2;
624	le32 keyhash;
625	le32 keysecurid;
626
627	/* did not find official description for the following */
628	le32 hash;
629	le32 securid;
630	le32 dataoffsl;
631	le32 dataoffsh;
632	le32 datasize;
633	le32 fill3;
634	} ;
635
636	#ifndef INVALID_FILE_ATTRIBUTES /* not defined in old windows.h */
637	#define INVALID_FILE_ATTRIBUTES (-1)
638	#endif
639
640	enum { MAPUSERS, MAPGROUPS, MAPCOUNT } ;
641
642	struct SECURITY_CONTEXT {
643	struct MAPPING *mapping[MAPCOUNT];
644	} ;
645
646	typedef enum { MAPNONE, MAPEXTERN, MAPLOCAL, MAPDUMMY } MAPTYPE;
647
648
649
650	struct passwd {
651	uid_t pw_uid;
652	} ;
653
654	struct group {
655	gid_t gr_gid;
656	} ;
657
658	typedef int (*FILEREADER)(void *fileid, char *buf, size_t size, off_t pos);
659
660	/*
661	* Data defined in secaudit.c
662	*/
663
664	extern MAPTYPE mappingtype;
665
666	/*
667	* Functions defined in acls.c
668	*/
669
670	BOOL ntfs_valid_descr(const char *securattr, unsigned int attrsz);
671	BOOL ntfs_valid_posix(const struct POSIX_SECURITY *pxdesc);
672	BOOL ntfs_valid_pattern(const SID *sid);
673	BOOL ntfs_same_sid(const SID *first, const SID *second);
674
675
676	int ntfs_sid_size(const SID * sid);
677	unsigned int ntfs_attr_size(const char *attr);
678
679	const SID *ntfs_find_usid(const struct MAPPING *usermapping,
680	uid_t uid, SID *pdefsid);
681	const SID *ntfs_find_gsid(const struct MAPPING *groupmapping,
682	gid_t gid, SID *pdefsid);
683	uid_t ntfs_find_user(const struct MAPPING *usermapping, const SID *usid);
684	gid_t ntfs_find_group(const struct MAPPING *groupmapping, const SID * gsid);
685	const SID *ntfs_acl_owner(const char *secattr);
686
687	void ntfs_sort_posix(struct POSIX_SECURITY *pxdesc);
688	int ntfs_merge_mode_posix(struct POSIX_SECURITY *pxdesc, mode_t mode);
689
690
691	struct POSIX_SECURITY *ntfs_build_permissions_posix(
692	struct MAPPING* const mapping[],
693	const char *securattr,
694	const SID *usid, const SID *gsid, BOOL isdir);
695	int ntfs_build_permissions(const char *securattr,
696	const SID *usid, const SID *gsid, BOOL isdir);
697	struct MAPLIST *ntfs_read_mapping(FILEREADER reader, void *fileid);
698	struct MAPPING *ntfs_do_user_mapping(struct MAPLIST *firstitem);
699	struct MAPPING *ntfs_do_group_mapping(struct MAPLIST *firstitem);
700	void ntfs_free_mapping(struct MAPPING *mapping[]);
701
702	struct POSIX_SECURITY *ntfs_merge_descr_posix(const struct POSIX_SECURITY *first,
703	const struct POSIX_SECURITY *second);
704	char *ntfs_build_descr_posix(struct MAPPING* const mapping[],
705	struct POSIX_SECURITY *pxdesc,
706	int isdir, const SID *usid, const SID *gsid);
707	char *ntfs_build_descr(mode_t mode,
708	int isdir, const SID * usid, const SID * gsid);
709
710	/*
711	* Functions defined in secaudit.c
712	*/
713
714	void *chkmalloc(size_t, const char*, int);
715	void *chkcalloc(size_t, size_t, const char *, int);
716	void chkfree(void*, const char*, int);
717	BOOL chkisalloc(void*, const char*, int);
718	void dumpalloc(const char*);
719
720	#define malloc(sz) chkmalloc(sz, __FILE__, __LINE__)
721	#define calloc(cnt,sz) chkcalloc(cnt, sz, __FILE__, __LINE__)
722	#define free(ptr) chkfree(ptr, __FILE__, __LINE__)
723	#define isalloc(ptr) chkisalloc(ptr, __FILE__, __LINE__)
724	#define ntfs_malloc(sz) chkmalloc(sz, __FILE__, __LINE__)
725
726	struct passwd *getpwnam(const char *user);
727	struct group *getgrnam(const char *group);
728
729	const SID *relay_find_usid(const struct MAPPING *usermapping,
730	uid_t uid, SID *pdefsid);
731	const SID *relay_find_gsid(const struct MAPPING *groupmapping,
732	gid_t gid, SID *pdefsid);
733	uid_t relay_find_user(const struct MAPPING *usermapping, const SID *usid);
734	gid_t relay_find_group(const struct MAPPING *groupmapping, const SID * gsid);
735
736