← Back to branch summary

~ubuntu-branches/ubuntu/warty/linux-ntfs/warty

« back to all changes in this revision

Viewing changes to ntfstools/sd.c

  • Committer: Bazaar Package Importer
  • Author(s): David Martínez Moreno
  • Date: 2004-03-12 00:03:30 UTC
  • mfrom: (1.1.1 upstream)
  • Revision ID: james.westby@ubuntu.com-20040312000330-xv94ve7yg6bwplwu
Tags: 1.9.0-1
http://bugs.debian.org/226989
* New upstream release:
  - Merged Debian diff with upstream.
  - Fixed mkntfs for large volumes.
  - Add relocation support to ntfsresize. This modifies the command line
    options a little as well as the returned output so applications using
    ntfsresize might need modifications before they will work with the
    updated ntfsresize.
  - Revamped the build system completely.
  - Provide always own byteswap constant versions in order to avoid the mess
    that some architectures define only some of them (read m68k, ppc,
    mips...).
  - Made the warnings on 64 bit architectures go away.
  - Fixed lots of typos in the documentation.
  - Lots of fixes in general.
* Resolved several FTBFS (Fail To Build From Source) bugs (closes: #226989,
  #234104). With this, all the architectures go in sync again.

Show diffs side-by-side

added added

removed removed

Lines of Context:
ntfstools/sd.c
1
 
#include "types.h"
2
 
 
3
 
/*
4
 
 * NTFS 1.2 - System files security decriptors
5
 
 * ===========================================
6
 
 * 
7
 
 * Create the security descriptor for system file number @sys_file_no and
8
 
 * return a pointer to the descriptor.
9
 
 *
10
 
 * $MFT, $MFTMirr, $LogFile, $AttrDef, $Bitmap, $Boot, $BadClus, and $UpCase
11
 
 * are the same.
12
 
 *
13
 
 * $Volume, $Quota, and system files 0xb-0xf are the same. They are almost the
14
 
 * same as the above, the only difference being that the two SIDs present in
15
 
 * the DACL grant GENERIC_WRITE and GENERIC_READ equivalent priviledges while
16
 
 * the above only grant GENERIC_READ equivalent priviledges. (For some reason
17
 
 * the flags for GENERIC_READ/GENERIC_WRITE are not set by NT4, even though
18
 
 * the permissions are equivalent, so we comply.
19
 
 *
20
 
 * Root directory system file (".") is different altogether.
21
 
 *
22
 
 * The sd is recturned in *@sd_val and has length *@sd_val_len.
23
 
 *
24
 
 * Do NOT free *@sd_val as it is static memory. This also means that you can
25
 
 * only use *@sd_val until the next call to this function.
26
 
 *
27
 
 */
28
 
void init_system_file_sd(int sys_file_no, char **sd_val, int *sd_val_len)
29
 
{
30
 
        static char sd_array[0x68];
31
 
        SECURITY_DESCRIPTOR_RELATIVE *sd;
32
 
        ACL *acl;
33
 
        ACE_HEADER *ace_hdr;
34
 
        ACCESS_ALLOWED_ACE *aa_ace;
35
 
        SID *sid;
36
 
 
37
 
        if (sys_file_no < 0 || sys_file_no > 0xf) {
38
 
                *sd_val = NULL;
39
 
                *sd_val_len = 0;
40
 
                return;
41
 
        }
42
 
        *sd_val = (char*)&sd_array;
43
 
        sd = (SECURITY_DESCRIPTOR_RELATIVE*)&sd_array;
44
 
        sd->revision = 1;
45
 
        sd->alignment = 0;
46
 
        sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT;
47
 
        if (sys_file_no == FILE_$root) {
48
 
                *sd_val_len = 0x50;
49
 
                sd->owner = cpu_to_le32(0x30);
50
 
                sd->group = cpu_to_le32(0x40);
51
 
        } else {
52
 
                *sd_val_len = 0x68;
53
 
                sd->owner = cpu_to_le32(0x48);
54
 
                sd->group = cpu_to_le32(0x58);
55
 
        }
56
 
        sd->sacl = cpu_to_le32(0);
57
 
        sd->dacl = cpu_to_le32(0x14);
58
 
        /* 
59
 
         * Now at offset 0x14, as specified in the security descriptor, we have
60
 
         * the DACL.
61
 
         */
62
 
        acl = (ACL*)((char*)sd + le32_to_cpu(sd->dacl));
63
 
        acl->revision = 2;
64
 
        acl->alignment1 = 0;
65
 
        if (sys_file_no == FILE_$root) {
66
 
                acl->size = cpu_to_le16(0x1c);
67
 
                acl->ace_count = cpu_to_le16(1);
68
 
        } else {
69
 
                acl->size = cpu_to_le16(0x34);
70
 
                acl->ace_count = cpu_to_le16(2);
71
 
        }
72
 
        acl->alignment2 = cpu_to_le16(0);
73
 
        /*
74
 
         * Now at offset 0x1c, just after the DACL's ACL, we have the first
75
 
         * ACE of the DACL. The type of the ACE is access allowed.
76
 
         */
77
 
        aa_ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL));
78
 
        aa_ace->type = ACCESS_ALLOWED_ACE_TYPE;
79
 
        if (sys_file_no == FILE_$root)
80
 
                aa_ace->flags = CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE;
81
 
        else
82
 
                aa_ace->flags = 0;
83
 
        aa_ace->size = cpu_to_le16(0x14);
84
 
        switch (sys_file_no) {
85
 
        case FILE_$MFT:         case FILE_$MFTMirr:     case FILE_$LogFile:
86
 
        case FILE_$AttrDef:     case FILE_$Bitmap:      case FILE_$Boot:
87
 
        case FILE_$BadClus:     case FILE_$UpCase:
88
 
                aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ |
89
 
                        FILE_READ_ATTRIBUTES | FILE_READ_EA | FILE_READ_DATA;
90
 
                break;
91
 
        case FILE_$Volume:      case FILE_$Secure:      case 0xb ... 0xf:
92
 
                aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_WRITE |
93
 
                        FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES |
94
 
                        FILE_WRITE_EA | FILE_READ_EA | FILE_APPEND_DATA |
95
 
                        FILE_WRITE_DATA | FILE_READ_DATA;
96
 
                break;
97
 
        case FILE_$root:
98
 
                aa_ace->mask = STANDARD_RIGHTS_ALL | FILE_WRITE_ATTRIBUTES |
99
 
                        FILE_READ_ATTRIBUTES | FILE_DELETE_CHILD |
100
 
                        FILE_TRAVERSE | FILE_WRITE_EA | FILE_READ_EA |
101
 
                        FILE_ADD_SUBDIRECTORY | FILE_ADD_FILE |
102
 
                        FILE_LIST_DIRECTORY;
103
 
                break;
104
 
        }
105
 
        aa_ace->sid.revision = 1;
106
 
        aa_ace->sid.sub_authority_count = 1;
107
 
        aa_ace->sid.identifier_authority.value[0] = 0;
108
 
        aa_ace->sid.identifier_authority.value[1] = 0;
109
 
        aa_ace->sid.identifier_authority.value[2] = 0;
110
 
        aa_ace->sid.identifier_authority.value[3] = 0;
111
 
        aa_ace->sid.identifier_authority.value[4] = 0;
112
 
        if (sys_file_no == FILE_$root) {
113
 
                /* SECURITY_WORLD_SID_AUTHORITY (S-1-1) */
114
 
                aa_ace->sid.identifier_authority.value[5] = 1;
115
 
                aa_ace->sid.sub_authority[0] =
116
 
                                cpu_to_le32(SECURITY_WORLD_RID);
117
 
                /* This is S-1-1-0, the WORLD_SID. */
118
 
        } else {
119
 
                /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
120
 
                aa_ace->sid.identifier_authority.value[5] = 5;
121
 
                aa_ace->sid.sub_authority[0] =
122
 
                                cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
123
 
        }
124
 
        /*
125
 
         * Now at offset 0x30 within security descriptor, just after the first
126
 
         * ACE of the DACL. All system files, except the root directory, have
127
 
         * a second ACE.
128
 
         */
129
 
        if (sys_file_no != FILE_$root) {
130
 
                /* The second ACE of the DACL. Type is access allowed. */
131
 
                aa_ace = (ACCESS_ALLOWED_ACE*)((char*)aa_ace +
132
 
                                le16_to_cpu(aa_ace->size));
133
 
                aa_ace->type = ACCESS_ALLOWED_ACE_TYPE;
134
 
                aa_ace->flags = 0;
135
 
                aa_ace->size = cpu_to_le16(0x18);
136
 
                switch (sys_file_no) {
137
 
                case FILE_$MFT:         case FILE_$MFTMirr:
138
 
                case FILE_$LogFile:     case FILE_$AttrDef:
139
 
                case FILE_$Bitmap:      case FILE_$Boot:
140
 
                case FILE_$BadClus:     case FILE_$UpCase:
141
 
                        aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ |
142
 
                                        FILE_READ_ATTRIBUTES | FILE_READ_EA |
143
 
                                        FILE_READ_DATA;
144
 
                        break;
145
 
                case FILE_$Volume:      case FILE_$Secure:
146
 
                case 0xb ... 0xf:
147
 
                        aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ |
148
 
                                        FILE_WRITE_ATTRIBUTES |
149
 
                                        FILE_READ_ATTRIBUTES | FILE_WRITE_EA |
150
 
                                        FILE_READ_EA | FILE_APPEND_DATA |
151
 
                                        FILE_WRITE_DATA | FILE_READ_DATA;
152
 
                        break;
153
 
                }
154
 
                aa_ace->sid.revision = 1;
155
 
                aa_ace->sid.sub_authority_count = 2;
156
 
                /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
157
 
                aa_ace->sid.identifier_authority.value[0] = 0;
158
 
                aa_ace->sid.identifier_authority.value[1] = 0;
159
 
                aa_ace->sid.identifier_authority.value[2] = 0;
160
 
                aa_ace->sid.identifier_authority.value[3] = 0;
161
 
                aa_ace->sid.identifier_authority.value[4] = 0;
162
 
                aa_ace->sid.identifier_authority.value[5] = 5;
163
 
                aa_ace->sid.sub_authority[0] =
164
 
                                cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
165
 
                aa_ace->sid.sub_authority[1] =
166
 
                                cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
167
 
                /* Now at offset 0x48 into the security descriptor. */
168
 
        }
169
 
        /* As specified in the security descriptor, we now have the owner SID.*/
170
 
        sid = (SID*)((char*)sd + le32_to_cpu(sd->owner));
171
 
        sid->revision = 1;
172
 
        sid->sub_authority_count = 2;
173
 
        /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
174
 
        sid->identifier_authority.value[0] = 0;
175
 
        sid->identifier_authority.value[1] = 0;
176
 
        sid->identifier_authority.value[2] = 0;
177
 
        sid->identifier_authority.value[3] = 0;
178
 
        sid->identifier_authority.value[4] = 0;
179
 
        sid->identifier_authority.value[5] = 5;
180
 
        sid->sub_authority[0] = cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
181
 
        sid->sub_authority[1] = cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
182
 
        /*
183
 
         * Now at offset 0x40 or 0x58 (root directory and the other system
184
 
         * files, respectively) into the security descriptor, as specified in
185
 
         * the security descriptor, we have the group SID.
186
 
         */
187
 
        sid = (SID*)((char*)sd + le32_to_cpu(sd->group));
188
 
        sid->revision = 1;
189
 
        sid->sub_authority_count = 2;
190
 
        /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
191
 
        sid->identifier_authority.value[0] = 0;
192
 
        sid->identifier_authority.value[1] = 0;
193
 
        sid->identifier_authority.value[2] = 0;
194
 
        sid->identifier_authority.value[3] = 0;
195
 
        sid->identifier_authority.value[4] = 0;
196
 
        sid->identifier_authority.value[5] = 5;
197
 
        sid->sub_authority[0] = cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
198
 
        sid->sub_authority[1] = cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
199
 
}
200