Gitiles
Code Review Sign In
review.blissroms.org / platform_external_ntfs-3g / refs/heads/n-mr2 / . / ntfsprogs / sd.c
blob: a60a8288d01a63eaacbf12f506f5528f71aaca79 [file] [log] [blame]
Steve Kondik2111ad72013-07-07 12:07:44 -0700[diff] [blame]1#include "types.h"
2#include "layout.h"
3#include "sd.h"
4
5/**
6 * init_system_file_sd -
7 *
8 * NTFS 3.1 - System files security decriptors
9 * =====================================================
10 *
11 * Create the security descriptor for system file number @sys_file_no and
12 * return a pointer to the descriptor.
13 *
14 * Note the root directory system file (".") is very different and handled by a
15 * different function.
16 *
17 * The sd is returned in *@sd_val and has length *@sd_val_len.
18 *
19 * Do NOT free *@sd_val as it is static memory. This also means that you can
20 * only use *@sd_val until the next call to this function.
21 */
22void init_system_file_sd(int sys_file_no, u8 **sd_val, int *sd_val_len)
23{
24 static u8 sd_array[0x68];
25 SECURITY_DESCRIPTOR_RELATIVE *sd;
26 ACL *acl;
27 ACCESS_ALLOWED_ACE *aa_ace;
28 SID *sid;
29 le32 *sub_authorities;
30
31 if (sys_file_no < 0) {
32 *sd_val = NULL;
33 *sd_val_len = 0;
34 return;
35 }
36 *sd_val = sd_array;
37 sd = (SECURITY_DESCRIPTOR_RELATIVE*)&sd_array;
38 sd->revision = 1;
39 sd->alignment = 0;
40 sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT;
41 *sd_val_len = 0x64;
42 sd->owner = const_cpu_to_le32(0x48);
43 sd->group = const_cpu_to_le32(0x54);
44 sd->sacl = const_cpu_to_le32(0);
45 sd->dacl = const_cpu_to_le32(0x14);
46 /*
47 * Now at offset 0x14, as specified in the security descriptor, we have
48 * the DACL.
49 */
50 acl = (ACL*)((char*)sd + le32_to_cpu(sd->dacl));
51 acl->revision = 2;
52 acl->alignment1 = 0;
53 acl->size = const_cpu_to_le16(0x34);
54 acl->ace_count = const_cpu_to_le16(2);
55 acl->alignment2 = const_cpu_to_le16(0);
56 /*
57 * Now at offset 0x1c, just after the DACL's ACL, we have the first
58 * ACE of the DACL. The type of the ACE is access allowed.
59 */
60 aa_ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL));
61 aa_ace->type = ACCESS_ALLOWED_ACE_TYPE;
62 aa_ace->flags = 0;
63 aa_ace->size = const_cpu_to_le16(0x14);
64 switch (sys_file_no) {
65 case FILE_AttrDef:
66 case FILE_Boot:
67 aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ |
68 FILE_READ_ATTRIBUTES | FILE_READ_EA | FILE_READ_DATA;
69 break;
70 default:
71 aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_WRITE |
72 FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES |
73 FILE_WRITE_EA | FILE_READ_EA | FILE_APPEND_DATA |
74 FILE_WRITE_DATA | FILE_READ_DATA;
75 break;
76 }
77 aa_ace->sid.revision = 1;
78 aa_ace->sid.sub_authority_count = 1;
79 aa_ace->sid.identifier_authority.value[0] = 0;
80 aa_ace->sid.identifier_authority.value[1] = 0;
81 aa_ace->sid.identifier_authority.value[2] = 0;
82 aa_ace->sid.identifier_authority.value[3] = 0;
83 aa_ace->sid.identifier_authority.value[4] = 0;
84 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
85 aa_ace->sid.identifier_authority.value[5] = 5;
86 aa_ace->sid.sub_authority[0] =
87 const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
88 /*
89 * Now at offset 0x30 within security descriptor, just after the first
90 * ACE of the DACL. All system files, except the root directory, have
91 * a second ACE.
92 */
93 /* The second ACE of the DACL. Type is access allowed. */
94 aa_ace = (ACCESS_ALLOWED_ACE*)((char*)aa_ace +
95 le16_to_cpu(aa_ace->size));
96 aa_ace->type = ACCESS_ALLOWED_ACE_TYPE;
97 aa_ace->flags = 0;
98 aa_ace->size = const_cpu_to_le16(0x18);
99 /* Only $AttrDef and $Boot behave differently to everything else. */
100 switch (sys_file_no) {
101 case FILE_AttrDef:
102 case FILE_Boot:
103 aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ |
104 FILE_READ_ATTRIBUTES | FILE_READ_EA |
105 FILE_READ_DATA;
106 break;
107 default:
108 aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ |
109 FILE_WRITE_ATTRIBUTES |
110 FILE_READ_ATTRIBUTES | FILE_WRITE_EA |
111 FILE_READ_EA | FILE_APPEND_DATA |
112 FILE_WRITE_DATA | FILE_READ_DATA;
113 break;
114 }
115 aa_ace->sid.revision = 1;
116 aa_ace->sid.sub_authority_count = 2;
117 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
118 aa_ace->sid.identifier_authority.value[0] = 0;
119 aa_ace->sid.identifier_authority.value[1] = 0;
120 aa_ace->sid.identifier_authority.value[2] = 0;
121 aa_ace->sid.identifier_authority.value[3] = 0;
122 aa_ace->sid.identifier_authority.value[4] = 0;
123 aa_ace->sid.identifier_authority.value[5] = 5;
124 sub_authorities = aa_ace->sid.sub_authority;
125 *sub_authorities++ =
126 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
127 *sub_authorities =
128 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
129 /*
130 * Now at offset 0x48 into the security descriptor, as specified in the
131 * security descriptor, we now have the owner SID.
132 */
133 sid = (SID*)((char*)sd + le32_to_cpu(sd->owner));
134 sid->revision = 1;
135 sid->sub_authority_count = 1;
136 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
137 sid->identifier_authority.value[0] = 0;
138 sid->identifier_authority.value[1] = 0;
139 sid->identifier_authority.value[2] = 0;
140 sid->identifier_authority.value[3] = 0;
141 sid->identifier_authority.value[4] = 0;
142 sid->identifier_authority.value[5] = 5;
143 sid->sub_authority[0] = const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
144 /*
145 * Now at offset 0x54 into the security descriptor, as specified in the
146 * security descriptor, we have the group SID.
147 */
148 sid = (SID*)((char*)sd + le32_to_cpu(sd->group));
149 sid->revision = 1;
150 sid->sub_authority_count = 2;
151 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
152 sid->identifier_authority.value[0] = 0;
153 sid->identifier_authority.value[1] = 0;
154 sid->identifier_authority.value[2] = 0;
155 sid->identifier_authority.value[3] = 0;
156 sid->identifier_authority.value[4] = 0;
157 sid->identifier_authority.value[5] = 5;
158 sub_authorities = sid->sub_authority;
159 *sub_authorities++ = const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
160 *sub_authorities = const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
161}
162
163/**
164 * init_root_sd -
165 *
166 * Creates the security_descriptor for the root folder on ntfs 3.1 as created
167 * by Windows Vista (when the format is done from the disk management MMC
168 * snap-in, note this is different from the format done from the disk
169 * properties in Windows Explorer).
170 */
171void init_root_sd(u8 **sd_val, int *sd_val_len)
172{
173 SECURITY_DESCRIPTOR_RELATIVE *sd;
174 ACL *acl;
175 ACCESS_ALLOWED_ACE *ace;
176 SID *sid;
177 le32 *sub_authorities;
178
179 static char sd_array[0x102c];
180 *sd_val_len = 0x102c;
181 *sd_val = (u8*)&sd_array;
182
183 //security descriptor relative
184 sd = (SECURITY_DESCRIPTOR_RELATIVE*)sd_array;
185 sd->revision = SECURITY_DESCRIPTOR_REVISION;
186 sd->alignment = 0;
187 sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT;
188 sd->owner = const_cpu_to_le32(0x1014);
189 sd->group = const_cpu_to_le32(0x1020);
Steve Kondike68cb602016-08-28 00:45:36 -0700[diff] [blame]190 sd->sacl = const_cpu_to_le32(0);
Steve Kondik2111ad72013-07-07 12:07:44 -0700[diff] [blame]191 sd->dacl = const_cpu_to_le32(sizeof(SECURITY_DESCRIPTOR_RELATIVE));
192
193 //acl
194 acl = (ACL*)((u8*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE));
195 acl->revision = ACL_REVISION;
196 acl->alignment1 = 0;
197 acl->size = const_cpu_to_le16(0x1000);
198 acl->ace_count = const_cpu_to_le16(0x08);
Steve Kondike68cb602016-08-28 00:45:36 -0700[diff] [blame]199 acl->alignment2 = const_cpu_to_le16(0);
Steve Kondik2111ad72013-07-07 12:07:44 -0700[diff] [blame]200
201 //ace1
202 ace = (ACCESS_ALLOWED_ACE*)((u8*)acl + sizeof(ACL));
203 ace->type = ACCESS_ALLOWED_ACE_TYPE;
204 ace->flags = 0;
205 ace->size = const_cpu_to_le16(0x18);
206 ace->mask = STANDARD_RIGHTS_ALL | FILE_WRITE_ATTRIBUTES |
207 FILE_LIST_DIRECTORY | FILE_WRITE_DATA |
208 FILE_ADD_SUBDIRECTORY | FILE_READ_EA | FILE_WRITE_EA |
209 FILE_TRAVERSE | FILE_DELETE_CHILD |
210 FILE_READ_ATTRIBUTES;
211 ace->sid.revision = SID_REVISION;
212 ace->sid.sub_authority_count = 0x02;
213 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
214 ace->sid.identifier_authority.value[0] = 0;
215 ace->sid.identifier_authority.value[1] = 0;
216 ace->sid.identifier_authority.value[2] = 0;
217 ace->sid.identifier_authority.value[3] = 0;
218 ace->sid.identifier_authority.value[4] = 0;
219 ace->sid.identifier_authority.value[5] = 5;
220 sub_authorities = ace->sid.sub_authority;
221 *sub_authorities++ =
222 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
223 *sub_authorities = const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
224
225 //ace2
226 ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
227 ace->type = ACCESS_ALLOWED_ACE_TYPE;
228 ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE |
229 INHERIT_ONLY_ACE;
230 ace->size = const_cpu_to_le16(0x18);
231 ace->mask = GENERIC_ALL;
232 ace->sid.revision = SID_REVISION;
233 ace->sid.sub_authority_count = 0x02;
234 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
235 ace->sid.identifier_authority.value[0] = 0;
236 ace->sid.identifier_authority.value[1] = 0;
237 ace->sid.identifier_authority.value[2] = 0;
238 ace->sid.identifier_authority.value[3] = 0;
239 ace->sid.identifier_authority.value[4] = 0;
240 ace->sid.identifier_authority.value[5] = 5;
241 sub_authorities = ace->sid.sub_authority;
242 *sub_authorities++ =
243 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
244 *sub_authorities = const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
245
246 //ace3
247 ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
248 ace->type = ACCESS_ALLOWED_ACE_TYPE;
249 ace->flags = 0;
250 ace->size = const_cpu_to_le16(0x14);
251 ace->mask = STANDARD_RIGHTS_ALL | FILE_WRITE_ATTRIBUTES |
252 FILE_LIST_DIRECTORY | FILE_WRITE_DATA |
253 FILE_ADD_SUBDIRECTORY | FILE_READ_EA | FILE_WRITE_EA |
254 FILE_TRAVERSE | FILE_DELETE_CHILD |
255 FILE_READ_ATTRIBUTES;
256 ace->sid.revision = SID_REVISION;
257 ace->sid.sub_authority_count = 0x01;
258 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
259 ace->sid.identifier_authority.value[0] = 0;
260 ace->sid.identifier_authority.value[1] = 0;
261 ace->sid.identifier_authority.value[2] = 0;
262 ace->sid.identifier_authority.value[3] = 0;
263 ace->sid.identifier_authority.value[4] = 0;
264 ace->sid.identifier_authority.value[5] = 5;
265 ace->sid.sub_authority[0] =
266 const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
267
268 //ace4
269 ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
270 ace->type = ACCESS_ALLOWED_ACE_TYPE;
271 ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE |
272 INHERIT_ONLY_ACE;
273 ace->size = const_cpu_to_le16(0x14);
274 ace->mask = GENERIC_ALL;
275 ace->sid.revision = SID_REVISION;
276 ace->sid.sub_authority_count = 0x01;
277 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
278 ace->sid.identifier_authority.value[0] = 0;
279 ace->sid.identifier_authority.value[1] = 0;
280 ace->sid.identifier_authority.value[2] = 0;
281 ace->sid.identifier_authority.value[3] = 0;
282 ace->sid.identifier_authority.value[4] = 0;
283 ace->sid.identifier_authority.value[5] = 5;
284 ace->sid.sub_authority[0] =
285 const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
286
287 //ace5
288 ace = (ACCESS_ALLOWED_ACE*)((char*)ace + le16_to_cpu(ace->size));
289 ace->type = ACCESS_ALLOWED_ACE_TYPE;
290 ace->flags = 0;
291 ace->size = const_cpu_to_le16(0x14);
292 ace->mask = SYNCHRONIZE | READ_CONTROL | DELETE |
293 FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES |
294 FILE_TRAVERSE | FILE_WRITE_EA | FILE_READ_EA |
295 FILE_ADD_SUBDIRECTORY | FILE_ADD_FILE |
296 FILE_LIST_DIRECTORY;
297 ace->sid.revision = SID_REVISION;
298 ace->sid.sub_authority_count = 0x01;
299 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
300 ace->sid.identifier_authority.value[0] = 0;
301 ace->sid.identifier_authority.value[1] = 0;
302 ace->sid.identifier_authority.value[2] = 0;
303 ace->sid.identifier_authority.value[3] = 0;
304 ace->sid.identifier_authority.value[4] = 0;
305 ace->sid.identifier_authority.value[5] = 5;
306 ace->sid.sub_authority[0] =
307 const_cpu_to_le32(SECURITY_AUTHENTICATED_USER_RID);
308
309 //ace6
310 ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
311 ace->type = ACCESS_ALLOWED_ACE_TYPE;
312 ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE |
313 INHERIT_ONLY_ACE;
314 ace->size = const_cpu_to_le16(0x14);
315 ace->mask = GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | DELETE;
316 ace->sid.revision = SID_REVISION;
317 ace->sid.sub_authority_count = 0x01;
318 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
319 ace->sid.identifier_authority.value[0] = 0;
320 ace->sid.identifier_authority.value[1] = 0;
321 ace->sid.identifier_authority.value[2] = 0;
322 ace->sid.identifier_authority.value[3] = 0;
323 ace->sid.identifier_authority.value[4] = 0;
324 ace->sid.identifier_authority.value[5] = 5;
325 ace->sid.sub_authority[0] =
326 const_cpu_to_le32(SECURITY_AUTHENTICATED_USER_RID);
327
328 //ace7
329 ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
330 ace->type = ACCESS_ALLOWED_ACE_TYPE;
331 ace->flags = 0;
332 ace->size = const_cpu_to_le16(0x18);
333 ace->mask = SYNCHRONIZE | READ_CONTROL | FILE_READ_ATTRIBUTES |
334 FILE_TRAVERSE | FILE_READ_EA | FILE_LIST_DIRECTORY;
335 ace->sid.revision = SID_REVISION;
336 ace->sid.sub_authority_count = 0x02;
337 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
338 ace->sid.identifier_authority.value[0] = 0;
339 ace->sid.identifier_authority.value[1] = 0;
340 ace->sid.identifier_authority.value[2] = 0;
341 ace->sid.identifier_authority.value[3] = 0;
342 ace->sid.identifier_authority.value[4] = 0;
343 ace->sid.identifier_authority.value[5] = 5;
344 sub_authorities = ace->sid.sub_authority;
345 *sub_authorities++ =
346 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
347 *sub_authorities = const_cpu_to_le32(DOMAIN_ALIAS_RID_USERS);
348
349 //ace8
350 ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
351 ace->type = ACCESS_ALLOWED_ACE_TYPE;
352 ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE |
353 INHERIT_ONLY_ACE;
354 ace->size = const_cpu_to_le16(0x18);
355 ace->mask = GENERIC_READ | GENERIC_EXECUTE;
356 ace->sid.revision = SID_REVISION;
357 ace->sid.sub_authority_count = 0x02;
358 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
359 ace->sid.identifier_authority.value[0] = 0;
360 ace->sid.identifier_authority.value[1] = 0;
361 ace->sid.identifier_authority.value[2] = 0;
362 ace->sid.identifier_authority.value[3] = 0;
363 ace->sid.identifier_authority.value[4] = 0;
364 ace->sid.identifier_authority.value[5] = 5;
365 sub_authorities = ace->sid.sub_authority;
366 *sub_authorities++ =
367 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
368 *sub_authorities = const_cpu_to_le32(DOMAIN_ALIAS_RID_USERS);
369
370 //owner sid
371 sid = (SID*)((char*)sd + le32_to_cpu(sd->owner));
372 sid->revision = 0x01;
373 sid->sub_authority_count = 0x01;
374 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
375 sid->identifier_authority.value[0] = 0;
376 sid->identifier_authority.value[1] = 0;
377 sid->identifier_authority.value[2] = 0;
378 sid->identifier_authority.value[3] = 0;
379 sid->identifier_authority.value[4] = 0;
380 sid->identifier_authority.value[5] = 5;
381 sid->sub_authority[0] = const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
382
383 //group sid
384 sid = (SID*)((char*)sd + le32_to_cpu(sd->group));
385 sid->revision = 0x01;
386 sid->sub_authority_count = 0x01;
387 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
388 sid->identifier_authority.value[0] = 0;
389 sid->identifier_authority.value[1] = 0;
390 sid->identifier_authority.value[2] = 0;
391 sid->identifier_authority.value[3] = 0;
392 sid->identifier_authority.value[4] = 0;
393 sid->identifier_authority.value[5] = 5;
394 sid->sub_authority[0] = const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
395}
396
397/**
398 * init_secure_sds -
399 *
400 * NTFS 3.1 - System files security decriptors
401 * ===========================================
402 * Create the security descriptor entries in $SDS data stream like they
403 * are in a partition, newly formatted with windows 2003
404 */
405void init_secure_sds(char *sd_val)
406{
407 SECURITY_DESCRIPTOR_HEADER *sds;
408 SECURITY_DESCRIPTOR_RELATIVE *sd;
409 ACL *acl;
410 ACCESS_ALLOWED_ACE *ace;
411 SID *sid;
412
413/*
414 * security descriptor #1
415 */
416 //header
417 sds = (SECURITY_DESCRIPTOR_HEADER*)((char*)sd_val);
418 sds->hash = const_cpu_to_le32(0xF80312F0);
419 sds->security_id = const_cpu_to_le32(0x0100);
420 sds->offset = const_cpu_to_le64(0x00);
421 sds->length = const_cpu_to_le32(0x7C);
422 //security descriptor relative
423 sd = (SECURITY_DESCRIPTOR_RELATIVE*)((char*)sds +
424 sizeof(SECURITY_DESCRIPTOR_HEADER));
425 sd->revision = 0x01;
426 sd->alignment = 0x00;
427 sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT;
428 sd->owner = const_cpu_to_le32(0x48);
429 sd->group = const_cpu_to_le32(0x58);
430 sd->sacl = const_cpu_to_le32(0x00);
431 sd->dacl = const_cpu_to_le32(0x14);
432
433 //acl
434 acl = (ACL*)((char*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE));
435 acl->revision = 0x02;
436 acl->alignment1 = 0x00;
437 acl->size = const_cpu_to_le16(0x34);
438 acl->ace_count = const_cpu_to_le16(0x02);
Steve Kondike68cb602016-08-28 00:45:36 -0700[diff] [blame]439 acl->alignment2 = const_cpu_to_le16(0x00);
Steve Kondik2111ad72013-07-07 12:07:44 -0700[diff] [blame]440
441 //ace1
442 ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL));
443 ace->type = 0x00;
444 ace->flags = 0x00;
445 ace->size = const_cpu_to_le16(0x14);
446 ace->mask = const_cpu_to_le32(0x120089);
447 ace->sid.revision = 0x01;
448 ace->sid.sub_authority_count = 0x01;
449 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
450 ace->sid.identifier_authority.value[0] = 0;
451 ace->sid.identifier_authority.value[1] = 0;
452 ace->sid.identifier_authority.value[2] = 0;
453 ace->sid.identifier_authority.value[3] = 0;
454 ace->sid.identifier_authority.value[4] = 0;
455 ace->sid.identifier_authority.value[5] = 5;
456 ace->sid.sub_authority[0] =
457 const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
458 //ace2
459 ace = (ACCESS_ALLOWED_ACE*)((char*)ace + le16_to_cpu(ace->size));
460 ace->type = 0x00;
461 ace->flags = 0x00;
462 ace->size = const_cpu_to_le16(0x18);
463 ace->mask = const_cpu_to_le32(0x120089);
464 ace->sid.revision = 0x01;
465 ace->sid.sub_authority_count = 0x02;
466 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
467 ace->sid.identifier_authority.value[0] = 0;
468 ace->sid.identifier_authority.value[1] = 0;
469 ace->sid.identifier_authority.value[2] = 0;
470 ace->sid.identifier_authority.value[3] = 0;
471 ace->sid.identifier_authority.value[4] = 0;
472 ace->sid.identifier_authority.value[5] = 5;
473 ace->sid.sub_authority[0] =
474 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
475 ace->sid.sub_authority[1] =
476 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
477
478 //owner sid
479 sid = (SID*)((char*)sd + le32_to_cpu(sd->owner));
480 sid->revision = 0x01;
481 sid->sub_authority_count = 0x02;
482 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
483 sid->identifier_authority.value[0] = 0;
484 sid->identifier_authority.value[1] = 0;
485 sid->identifier_authority.value[2] = 0;
486 sid->identifier_authority.value[3] = 0;
487 sid->identifier_authority.value[4] = 0;
488 sid->identifier_authority.value[5] = 5;
489 sid->sub_authority[0] =
490 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
491 sid->sub_authority[1] =
492 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
493 //group sid
494 sid = (SID*)((char*)sd + le32_to_cpu(sd->group));
495 sid->revision = 0x01;
496 sid->sub_authority_count = 0x02;
497 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
498 sid->identifier_authority.value[0] = 0;
499 sid->identifier_authority.value[1] = 0;
500 sid->identifier_authority.value[2] = 0;
501 sid->identifier_authority.value[3] = 0;
502 sid->identifier_authority.value[4] = 0;
503 sid->identifier_authority.value[5] = 5;
504 sid->sub_authority[0] =
505 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
506 sid->sub_authority[1] =
507 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
508/*
509 * security descriptor #2
510 */
511 //header
512 sds = (SECURITY_DESCRIPTOR_HEADER*)((char*)sd_val + 0x80);
513 sds->hash = const_cpu_to_le32(0xB32451);
514 sds->security_id = const_cpu_to_le32(0x0101);
515 sds->offset = const_cpu_to_le64(0x80);
516 sds->length = const_cpu_to_le32(0x7C);
517
518 //security descriptor relative
519 sd = (SECURITY_DESCRIPTOR_RELATIVE*)((char*)sds +
520 sizeof(SECURITY_DESCRIPTOR_HEADER));
521 sd->revision = 0x01;
522 sd->alignment = 0x00;
523 sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT;
524 sd->owner = const_cpu_to_le32(0x48);
525 sd->group = const_cpu_to_le32(0x58);
526 sd->sacl = const_cpu_to_le32(0x00);
527 sd->dacl = const_cpu_to_le32(0x14);
528
529 //acl
530 acl = (ACL*)((char*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE));
531 acl->revision = 0x02;
532 acl->alignment1 = 0x00;
533 acl->size = const_cpu_to_le16(0x34);
534 acl->ace_count = const_cpu_to_le16(0x02);
Steve Kondike68cb602016-08-28 00:45:36 -0700[diff] [blame]535 acl->alignment2 = const_cpu_to_le16(0x00);
Steve Kondik2111ad72013-07-07 12:07:44 -0700[diff] [blame]536
537 //ace1
538 ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL));
539 ace->type = 0x00;
540 ace->flags = 0x00;
541 ace->size = const_cpu_to_le16(0x14);
542 ace->mask = const_cpu_to_le32(0x12019F);
543 ace->sid.revision = 0x01;
544 ace->sid.sub_authority_count = 0x01;
545 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
546 ace->sid.identifier_authority.value[0] = 0;
547 ace->sid.identifier_authority.value[1] = 0;
548 ace->sid.identifier_authority.value[2] = 0;
549 ace->sid.identifier_authority.value[3] = 0;
550 ace->sid.identifier_authority.value[4] = 0;
551 ace->sid.identifier_authority.value[5] = 5;
552 ace->sid.sub_authority[0] =
553 const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
554 //ace2
555 ace = (ACCESS_ALLOWED_ACE*)((char*)ace + le16_to_cpu(ace->size));
556 ace->type = 0x00;
557 ace->flags = 0x00;
558 ace->size = const_cpu_to_le16(0x18);
559 ace->mask = const_cpu_to_le32(0x12019F);
560 ace->sid.revision = 0x01;
561 ace->sid.sub_authority_count = 0x02;
562 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
563 ace->sid.identifier_authority.value[0] = 0;
564 ace->sid.identifier_authority.value[1] = 0;
565 ace->sid.identifier_authority.value[2] = 0;
566 ace->sid.identifier_authority.value[3] = 0;
567 ace->sid.identifier_authority.value[4] = 0;
568 ace->sid.identifier_authority.value[5] = 5;
569 ace->sid.sub_authority[0] =
570 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
571 ace->sid.sub_authority[1] =
572 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
573
574 //owner sid
575 sid = (SID*)((char*)sd + le32_to_cpu(sd->owner));
576 sid->revision = 0x01;
577 sid->sub_authority_count = 0x02;
578 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
579 sid->identifier_authority.value[0] = 0;
580 sid->identifier_authority.value[1] = 0;
581 sid->identifier_authority.value[2] = 0;
582 sid->identifier_authority.value[3] = 0;
583 sid->identifier_authority.value[4] = 0;
584 sid->identifier_authority.value[5] = 5;
585 sid->sub_authority[0] =
586 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
587 sid->sub_authority[1] =
588 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
589
590 //group sid
591 sid = (SID*)((char*)sd + le32_to_cpu(sd->group));
592 sid->revision = 0x01;
593 sid->sub_authority_count = 0x02;
594 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
595 sid->identifier_authority.value[0] = 0;
596 sid->identifier_authority.value[1] = 0;
597 sid->identifier_authority.value[2] = 0;
598 sid->identifier_authority.value[3] = 0;
599 sid->identifier_authority.value[4] = 0;
600 sid->identifier_authority.value[5] = 5;
601 sid->sub_authority[0] =
602 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
603 sid->sub_authority[1] =
604 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
605
606 return;
607}