From e35207f28de89cb3da88b47f4e70224e6b7f78e9 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 11 Nov 1998 21:44:02 +0000 Subject: security descriptor info, provided by jean-francois (This used to be commit 719382a5579e8798812bbccd14a4c1ffd9003f7a) --- source3/include/proto.h | 2 +- source3/include/rpc_reg.h | 22 +++++++++++ source3/include/rpc_secdes.h | 53 ++++++++++++++++++++------ source3/rpc_parse/parse_reg.c | 5 +-- source3/rpc_parse/parse_sec.c | 89 +++++++++++++++++++++++++++++++------------ 5 files changed, 129 insertions(+), 42 deletions(-) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index 1ed983d1a0..cce55a47cd 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1923,7 +1923,7 @@ void samr_io_r_chgpasswd_user(char *desc, SAMR_R_CHGPASSWD_USER *r_u, prs_struct void sec_io_info(char *desc, SEC_INFO *t, prs_struct *ps, int depth); void sec_io_ace(char *desc, SEC_ACE *t, prs_struct *ps, int depth); void sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth); -void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth); +void make_sec_desc_buf(SEC_DESC_BUF *buf, int len, SEC_DESC *data); void sec_io_desc_buf(char *desc, SEC_DESC_BUF *sec, prs_struct *ps, int depth); /*The following definitions come from rpc_parse/parse_srv.c */ diff --git a/source3/include/rpc_reg.h b/source3/include/rpc_reg.h index 4eff16c3f4..59f3fb6f05 100644 --- a/source3/include/rpc_reg.h +++ b/source3/include/rpc_reg.h @@ -37,6 +37,7 @@ #define REG_DELETE_VALUE 0x08 #define REG_CREATE_VALUE 0x16 #define REG_GET_KEY_SEC 0x0c +#define REG_SET_KEY_SEC 0x15 #define REG_ENUM_VALUE 0x0a #define REG_OPEN_ENTRY 0x0f #define REG_INFO 0x11 @@ -98,6 +99,27 @@ typedef struct r_reg_open_flush_key_info } REG_R_FLUSH_KEY; +/* REG_Q_SET_KEY_SEC */ +typedef struct q_reg_set_key_sec_info +{ + POLICY_HND pol; /* policy handle */ + + uint32 unknown; /* 0x0000 0004 */ + + uint32 ptr; /* pointer */ + BUFHDR hdr_sec; /* header for security data */ + SEC_DESC_BUF *data; /* security data */ + +} REG_Q_SET_KEY_SEC; + +/* REG_R_SET_KEY_SEC */ +typedef struct r_reg_set_key_sec_info +{ + uint32 status; + +} REG_R_SET_KEY_SEC; + + /* REG_Q_GET_KEY_SEC */ typedef struct q_reg_get_key_sec_info { diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h index 1b438d3dfe..b317ead5e1 100644 --- a/source3/include/rpc_secdes.h +++ b/source3/include/rpc_secdes.h @@ -38,6 +38,31 @@ #define SEC_RIGHTS_READ 0x00020019 #define SEC_RIGHTS_FULL_CONTROL 0x000f003f + +#define SEC_ACE_TYPE_ACCESS_ALLOWED 0x0 +#define SEC_ACE_TYPE_ACCESS_DENIED 0x1 +#define SEC_ACE_TYPE_SYSTEM_AUDIT 0x2 +#define SEC_ACE_TYPE_SYSTEM_ALARM 0x3 + +#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1 +#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2 +#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4 +#define SEC_ACE_FLAG_INHERIT_ONLY 0x8 +#define SEC_ACE_FLAG_VALID_INHERIT 0xf +#define SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0x40 +#define SEC_ACE_FLAG_FAILED_ACCESS 0x80 + +#define SEC_DESC_OWNER_DEFAULTED 0x0001 +#define SEC_DESC_GROUP_DEFAULTED 0x0002 +#define SEC_DESC_DACL_PRESENT 0x0004 +#define SEC_DESC_DACL_DEFAULTED 0x0008 +#define SEC_DESC_SACL_PRESENT 0x0010 +#define SEC_DESC_SACL_DEFAULTED 0x0020 +#define SEC_DESC_SELF_RELATIVE 0x8000 + + + + /* SEC_INFO */ typedef struct security_info_info { @@ -48,8 +73,9 @@ typedef struct security_info_info /* SEC_ACE */ typedef struct security_ace_info { - uint16 unknown_1; /* 0x2000 */ - uint16 ace_size; + uint8 type; + uint8 flags; + uint16 size; SEC_INFO info; DOM_SID sid; @@ -62,27 +88,30 @@ typedef struct security_ace_info /* SEC_ACL */ typedef struct security_acl_info { - uint16 unknown_1; /* 0x0002 */ - uint16 acl_size; /* size in bytes of the entire ACL structure */ + uint16 revision; /* 0x0002 */ + uint16 size; /* size in bytes of the entire ACL structure */ uint32 num_aces; /* number of Access Control Entries */ SEC_ACE ace[MAX_SEC_ACES]; } SEC_ACL; + /* SEC_DESC */ typedef struct security_descriptor_info { - uint32 unknown_1; /* 0x8004 0001 */ + uint16 revision; /* 0x0001 */ + uint16 type; /* SEC_DESC_xxxx flags */ uint32 off_owner_sid; /* offset to owner sid */ - uint32 off_pnt_sid ; /* offset to parent? sid */ - uint32 off_unknown ; /* 0x0000 0000 */ - uint32 off_acl ; /* offset to list of permissions */ - - SEC_ACL acl; - DOM_SID owner_sid; - DOM_SID parent_sid; + uint32 off_grp_sid ; /* offset to group sid */ + uint32 off_sacl ; /* offset to system list of permissions */ + uint32 off_dacl ; /* offset to list of permissions */ + + SEC_ACL dacl; /* user ACL */ + SEC_ACL sacl; /* system ACL */ + DOM_SID owner_sid; + DOM_SID grp_sid; } SEC_DESC; diff --git a/source3/rpc_parse/parse_reg.c b/source3/rpc_parse/parse_reg.c index b650847b80..57de5f8968 100644 --- a/source3/rpc_parse/parse_reg.c +++ b/source3/rpc_parse/parse_reg.c @@ -559,10 +559,7 @@ void make_reg_q_get_key_sec(REG_Q_GET_KEY_SEC *q_i, POLICY_HND *pol, if (sec_buf != NULL) { make_buf_hdr(&(q_i->hdr_sec), buf_len, 0); - q_i->data->max_len = buf_len; - q_i->data->undoc = 0; - q_i->data->len = 0; - q_i->data->sec = NULL; + make_sec_desc_buf(q_i->data, buf_len, NULL); } } diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index af5da93bfb..e94a2a32dd 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -59,14 +59,15 @@ void sec_io_ace(char *desc, SEC_ACE *t, prs_struct *ps, int depth) old_offset = ps->offset; - prs_uint16("unknown_1", ps, depth, &(t->unknown_1)); - prs_uint16_pre("ace_size ", ps, depth, &(t->ace_size ), &offset_ace_size); + prs_uint8 ("type ", ps, depth, &(t->type)); + prs_uint8 ("flags", ps, depth, &(t->flags)); + prs_uint16_pre("size ", ps, depth, &(t->size ), &offset_ace_size); - sec_io_info ("info", &t->info, ps, depth); + sec_io_info ("info ", &t->info, ps, depth); prs_align(ps); - smb_io_dom_sid("sid ", &t->sid , ps, depth); + smb_io_dom_sid("sid ", &t->sid , ps, depth); - prs_uint16_post("ace_size ", ps, depth, &t->ace_size, offset_ace_size, old_offset); + prs_uint16_post("size ", ps, depth, &t->size, offset_ace_size, old_offset); } /******************************************************************* @@ -88,8 +89,8 @@ void sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth) old_offset = ps->offset; - prs_uint16("unknown_1", ps, depth, &(t->unknown_1)); - prs_uint16_pre("acl_size ", ps, depth, &(t->acl_size ), &offset_acl_size); + prs_uint16("revision", ps, depth, &(t->revision)); + prs_uint16_pre("size ", ps, depth, &(t->size ), &offset_acl_size); prs_uint32("num_aces ", ps, depth, &(t->num_aces )); for (i = 0; i < MIN(t->num_aces, MAX_SEC_ACES); i++) @@ -101,19 +102,19 @@ void sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth) prs_align(ps); - prs_uint16_post("acl_size ", ps, depth, &t->acl_size, offset_acl_size, old_offset); + prs_uint16_post("size ", ps, depth, &t->size , offset_acl_size, old_offset); } /******************************************************************* reads or writes a structure. ********************************************************************/ -void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) +static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) { uint32 off_owner_sid; - uint32 off_pnt_sid ; - uint32 off_unknown ; - uint32 off_acl ; + uint32 off_grp_sid ; + uint32 off_sacl ; + uint32 off_dacl ; uint32 old_offset; if (t == NULL) return; @@ -126,28 +127,66 @@ void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) /* start of security descriptor stored for back-calc offset purposes */ old_offset = ps->offset; - prs_uint32("unknown_1", ps, depth, &(t->unknown_1)); + prs_uint16("revision ", ps, depth, &(t->revision )); + prs_uint16("type ", ps, depth, &(t->type )); prs_uint32_pre("off_owner_sid", ps, depth, &(t->off_owner_sid), &off_owner_sid); - prs_uint32_pre("off_pnt_sid ", ps, depth, &(t->off_pnt_sid ), &off_pnt_sid ); - prs_uint32_pre("off_unknown ", ps, depth, &(t->off_unknown ), &off_unknown ); - prs_uint32_pre("off_acl ", ps, depth, &(t->off_acl ), &off_acl ); + prs_uint32_pre("off_grp_sid ", ps, depth, &(t->off_grp_sid ), &off_grp_sid ); + prs_uint32_pre("off_sacl ", ps, depth, &(t->off_sacl ), &off_sacl ); + prs_uint32_pre("off_dacl ", ps, depth, &(t->off_dacl ), &off_dacl ); - prs_uint32_post("off_acl ", ps, depth, &(t->off_acl ), off_acl , old_offset); - sec_io_acl ("acl" , &t->acl , ps, depth); - prs_align(ps); + if (IS_BITS_SET_ALL(t->type, SEC_DESC_DACL_PRESENT)) + { + prs_uint32_post("off_dacl ", ps, depth, &(t->off_dacl ), off_dacl , old_offset); + sec_io_acl ("dacl" , &t->dacl , ps, depth); + prs_align(ps); + } + else + { + prs_uint32_post("off_dacl ", ps, depth, &(t->off_dacl ), off_dacl , old_offset); + } - prs_uint32_post("off_unknown ", ps, depth, &(t->off_unknown ), off_unknown , ps->offset); + if (IS_BITS_SET_ALL(t->type, SEC_DESC_SACL_PRESENT)) + { + prs_uint32_post("off_sacl ", ps, depth, &(t->off_sacl ), off_sacl , old_offset); + sec_io_acl ("sacl" , &t->sacl , ps, depth); + prs_align(ps); + } + else + { + prs_uint32_post("off_sacl ", ps, depth, &(t->off_sacl ), off_sacl , ps->offset); + } prs_uint32_post("off_owner_sid", ps, depth, &(t->off_owner_sid), off_owner_sid, old_offset); - smb_io_dom_sid("owner_sid ", &t->owner_sid , ps, depth); - prs_align(ps); + if (t->off_owner_sid != 0) + { + smb_io_dom_sid("owner_sid ", &t->owner_sid , ps, depth); + prs_align(ps); + } - prs_uint32_post("off_pnt_sid ", ps, depth, &(t->off_pnt_sid ), off_pnt_sid , old_offset); - smb_io_dom_sid("parent_sid", &t->parent_sid, ps, depth); - prs_align(ps); + prs_uint32_post("off_grp_sid ", ps, depth, &(t->off_grp_sid ), off_grp_sid , old_offset); + if (t->off_grp_sid != 0) + { + smb_io_dom_sid("grp_sid", &t->grp_sid, ps, depth); + prs_align(ps); + } } +/******************************************************************* +creates a SEC_DESC_BUF structure. +********************************************************************/ +void make_sec_desc_buf(SEC_DESC_BUF *buf, int len, SEC_DESC *data) +{ + ZERO_STRUCTP(buf); + + /* max buffer size (allocated size) */ + buf->max_len = len; + buf->undoc = 0; + buf->len = data != NULL ? len : 0; + buf->sec = data; +} + + /******************************************************************* reads or writes a SEC_DESC_BUF structure. ********************************************************************/ -- cgit