sd.c revision 9663:ace9a2ac3683
1#include "types.h" 2#include "layout.h" 3#include "sd.h" 4 5/** 6 * init_system_file_sd - 7 * 8 * NTFS 3.1 - System files security decriptors 9 * ===================================================== 10 * 11 * Create the security descriptor for system file number @sys_file_no and 12 * return a pointer to the descriptor. 13 * 14 * Note the root directory system file (".") is very different and handled by a 15 * different function. 16 * 17 * The sd is returned in *@sd_val and has length *@sd_val_len. 18 * 19 * Do NOT free *@sd_val as it is static memory. This also means that you can 20 * only use *@sd_val until the next call to this function. 21 */ 22void init_system_file_sd(int sys_file_no, u8 **sd_val, int *sd_val_len) 23{ 24 static u8 sd_array[0x68]; 25 SECURITY_DESCRIPTOR_RELATIVE *sd; 26 ACL *acl; 27 ACCESS_ALLOWED_ACE *aa_ace; 28 SID *sid; 29 30 if (sys_file_no < 0) { 31 *sd_val = NULL; 32 *sd_val_len = 0; 33 return; 34 } 35 *sd_val = sd_array; 36 sd = (SECURITY_DESCRIPTOR_RELATIVE*)&sd_array; 37 sd->revision = 1; 38 sd->alignment = 0; 39 sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT; 40 *sd_val_len = 0x64; 41 sd->owner = const_cpu_to_le32(0x48); 42 sd->group = const_cpu_to_le32(0x54); 43 sd->sacl = const_cpu_to_le32(0); 44 sd->dacl = const_cpu_to_le32(0x14); 45 /* 46 * Now at offset 0x14, as specified in the security descriptor, we have 47 * the DACL. 48 */ 49 acl = (ACL*)((char*)sd + le32_to_cpu(sd->dacl)); 50 acl->revision = 2; 51 acl->alignment1 = 0; 52 acl->size = const_cpu_to_le16(0x34); 53 acl->ace_count = const_cpu_to_le16(2); 54 acl->alignment2 = const_cpu_to_le16(0); 55 /* 56 * Now at offset 0x1c, just after the DACL's ACL, we have the first 57 * ACE of the DACL. The type of the ACE is access allowed. 58 */ 59 aa_ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL)); 60 aa_ace->type = ACCESS_ALLOWED_ACE_TYPE; 61 aa_ace->flags = 0; 62 aa_ace->size = const_cpu_to_le16(0x14); 63 switch (sys_file_no) { 64 case FILE_AttrDef: 65 case FILE_Boot: 66 aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ | 67 FILE_READ_ATTRIBUTES | FILE_READ_EA | FILE_READ_DATA; 68 break; 69 default: 70 aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_WRITE | 71 FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES | 72 FILE_WRITE_EA | FILE_READ_EA | FILE_APPEND_DATA | 73 FILE_WRITE_DATA | FILE_READ_DATA; 74 break; 75 } 76 aa_ace->sid.revision = 1; 77 aa_ace->sid.sub_authority_count = 1; 78 aa_ace->sid.identifier_authority.value[0] = 0; 79 aa_ace->sid.identifier_authority.value[1] = 0; 80 aa_ace->sid.identifier_authority.value[2] = 0; 81 aa_ace->sid.identifier_authority.value[3] = 0; 82 aa_ace->sid.identifier_authority.value[4] = 0; 83 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 84 aa_ace->sid.identifier_authority.value[5] = 5; 85 aa_ace->sid.sub_authority[0] = 86 const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); 87 /* 88 * Now at offset 0x30 within security descriptor, just after the first 89 * ACE of the DACL. All system files, except the root directory, have 90 * a second ACE. 91 */ 92 /* The second ACE of the DACL. Type is access allowed. */ 93 aa_ace = (ACCESS_ALLOWED_ACE*)((char*)aa_ace + 94 le16_to_cpu(aa_ace->size)); 95 aa_ace->type = ACCESS_ALLOWED_ACE_TYPE; 96 aa_ace->flags = 0; 97 aa_ace->size = const_cpu_to_le16(0x18); 98 /* Only $AttrDef and $Boot behave differently to everything else. */ 99 switch (sys_file_no) { 100 case FILE_AttrDef: 101 case FILE_Boot: 102 aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ | 103 FILE_READ_ATTRIBUTES | FILE_READ_EA | 104 FILE_READ_DATA; 105 break; 106 default: 107 aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ | 108 FILE_WRITE_ATTRIBUTES | 109 FILE_READ_ATTRIBUTES | FILE_WRITE_EA | 110 FILE_READ_EA | FILE_APPEND_DATA | 111 FILE_WRITE_DATA | FILE_READ_DATA; 112 break; 113 } 114 aa_ace->sid.revision = 1; 115 aa_ace->sid.sub_authority_count = 2; 116 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 117 aa_ace->sid.identifier_authority.value[0] = 0; 118 aa_ace->sid.identifier_authority.value[1] = 0; 119 aa_ace->sid.identifier_authority.value[2] = 0; 120 aa_ace->sid.identifier_authority.value[3] = 0; 121 aa_ace->sid.identifier_authority.value[4] = 0; 122 aa_ace->sid.identifier_authority.value[5] = 5; 123 aa_ace->sid.sub_authority[0] = 124 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); 125 aa_ace->sid.sub_authority[1] = 126 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); 127 /* 128 * Now at offset 0x48 into the security descriptor, as specified in the 129 * security descriptor, we now have the owner SID. 130 */ 131 sid = (SID*)((char*)sd + le32_to_cpu(sd->owner)); 132 sid->revision = 1; 133 sid->sub_authority_count = 1; 134 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 135 sid->identifier_authority.value[0] = 0; 136 sid->identifier_authority.value[1] = 0; 137 sid->identifier_authority.value[2] = 0; 138 sid->identifier_authority.value[3] = 0; 139 sid->identifier_authority.value[4] = 0; 140 sid->identifier_authority.value[5] = 5; 141 sid->sub_authority[0] = const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); 142 /* 143 * Now at offset 0x54 into the security descriptor, as specified in the 144 * security descriptor, we have the group SID. 145 */ 146 sid = (SID*)((char*)sd + le32_to_cpu(sd->group)); 147 sid->revision = 1; 148 sid->sub_authority_count = 2; 149 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 150 sid->identifier_authority.value[0] = 0; 151 sid->identifier_authority.value[1] = 0; 152 sid->identifier_authority.value[2] = 0; 153 sid->identifier_authority.value[3] = 0; 154 sid->identifier_authority.value[4] = 0; 155 sid->identifier_authority.value[5] = 5; 156 sid->sub_authority[0] = const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); 157 sid->sub_authority[1] = const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); 158} 159 160/** 161 * init_root_sd - 162 * 163 * Creates the security_descriptor for the root folder on ntfs 3.1 as created 164 * by Windows Vista (when the format is done from the disk management MMC 165 * snap-in, note this is different from the format done from the disk 166 * properties in Windows Explorer). 167 */ 168void init_root_sd(u8 **sd_val, int *sd_val_len) 169{ 170 SECURITY_DESCRIPTOR_RELATIVE *sd; 171 ACL *acl; 172 ACCESS_ALLOWED_ACE *ace; 173 SID *sid; 174 175 static char sd_array[0x102c]; 176 *sd_val_len = 0x102c; 177 *sd_val = (u8*)&sd_array; 178 179 //security descriptor relative 180 sd = (SECURITY_DESCRIPTOR_RELATIVE*)sd_array; 181 sd->revision = SECURITY_DESCRIPTOR_REVISION; 182 sd->alignment = 0; 183 sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT; 184 sd->owner = const_cpu_to_le32(0x1014); 185 sd->group = const_cpu_to_le32(0x1020); 186 sd->sacl = 0; 187 sd->dacl = const_cpu_to_le32(sizeof(SECURITY_DESCRIPTOR_RELATIVE)); 188 189 //acl 190 acl = (ACL*)((u8*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE)); 191 acl->revision = ACL_REVISION; 192 acl->alignment1 = 0; 193 acl->size = const_cpu_to_le16(0x1000); 194 acl->ace_count = const_cpu_to_le16(0x08); 195 acl->alignment2 = 0; 196 197 //ace1 198 ace = (ACCESS_ALLOWED_ACE*)((u8*)acl + sizeof(ACL)); 199 ace->type = ACCESS_ALLOWED_ACE_TYPE; 200 ace->flags = 0; 201 ace->size = const_cpu_to_le16(0x18); 202 ace->mask = STANDARD_RIGHTS_ALL | FILE_WRITE_ATTRIBUTES | 203 FILE_LIST_DIRECTORY | FILE_WRITE_DATA | 204 FILE_ADD_SUBDIRECTORY | FILE_READ_EA | FILE_WRITE_EA | 205 FILE_TRAVERSE | FILE_DELETE_CHILD | 206 FILE_READ_ATTRIBUTES; 207 ace->sid.revision = SID_REVISION; 208 ace->sid.sub_authority_count = 0x02; 209 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 210 ace->sid.identifier_authority.value[0] = 0; 211 ace->sid.identifier_authority.value[1] = 0; 212 ace->sid.identifier_authority.value[2] = 0; 213 ace->sid.identifier_authority.value[3] = 0; 214 ace->sid.identifier_authority.value[4] = 0; 215 ace->sid.identifier_authority.value[5] = 5; 216 ace->sid.sub_authority[0] = 217 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); 218 ace->sid.sub_authority[1] = const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); 219 220 //ace2 221 ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size)); 222 ace->type = ACCESS_ALLOWED_ACE_TYPE; 223 ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | 224 INHERIT_ONLY_ACE; 225 ace->size = const_cpu_to_le16(0x18); 226 ace->mask = GENERIC_ALL; 227 ace->sid.revision = SID_REVISION; 228 ace->sid.sub_authority_count = 0x02; 229 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 230 ace->sid.identifier_authority.value[0] = 0; 231 ace->sid.identifier_authority.value[1] = 0; 232 ace->sid.identifier_authority.value[2] = 0; 233 ace->sid.identifier_authority.value[3] = 0; 234 ace->sid.identifier_authority.value[4] = 0; 235 ace->sid.identifier_authority.value[5] = 5; 236 ace->sid.sub_authority[0] = 237 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); 238 ace->sid.sub_authority[1] = const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); 239 240 //ace3 241 ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size)); 242 ace->type = ACCESS_ALLOWED_ACE_TYPE; 243 ace->flags = 0; 244 ace->size = const_cpu_to_le16(0x14); 245 ace->mask = STANDARD_RIGHTS_ALL | FILE_WRITE_ATTRIBUTES | 246 FILE_LIST_DIRECTORY | FILE_WRITE_DATA | 247 FILE_ADD_SUBDIRECTORY | FILE_READ_EA | FILE_WRITE_EA | 248 FILE_TRAVERSE | FILE_DELETE_CHILD | 249 FILE_READ_ATTRIBUTES; 250 ace->sid.revision = SID_REVISION; 251 ace->sid.sub_authority_count = 0x01; 252 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 253 ace->sid.identifier_authority.value[0] = 0; 254 ace->sid.identifier_authority.value[1] = 0; 255 ace->sid.identifier_authority.value[2] = 0; 256 ace->sid.identifier_authority.value[3] = 0; 257 ace->sid.identifier_authority.value[4] = 0; 258 ace->sid.identifier_authority.value[5] = 5; 259 ace->sid.sub_authority[0] = 260 const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); 261 262 //ace4 263 ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size)); 264 ace->type = ACCESS_ALLOWED_ACE_TYPE; 265 ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | 266 INHERIT_ONLY_ACE; 267 ace->size = const_cpu_to_le16(0x14); 268 ace->mask = GENERIC_ALL; 269 ace->sid.revision = SID_REVISION; 270 ace->sid.sub_authority_count = 0x01; 271 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 272 ace->sid.identifier_authority.value[0] = 0; 273 ace->sid.identifier_authority.value[1] = 0; 274 ace->sid.identifier_authority.value[2] = 0; 275 ace->sid.identifier_authority.value[3] = 0; 276 ace->sid.identifier_authority.value[4] = 0; 277 ace->sid.identifier_authority.value[5] = 5; 278 ace->sid.sub_authority[0] = 279 const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); 280 281 //ace5 282 ace = (ACCESS_ALLOWED_ACE*)((char*)ace + le16_to_cpu(ace->size)); 283 ace->type = ACCESS_ALLOWED_ACE_TYPE; 284 ace->flags = 0; 285 ace->size = const_cpu_to_le16(0x14); 286 ace->mask = SYNCHRONIZE | READ_CONTROL | DELETE | 287 FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES | 288 FILE_TRAVERSE | FILE_WRITE_EA | FILE_READ_EA | 289 FILE_ADD_SUBDIRECTORY | FILE_ADD_FILE | 290 FILE_LIST_DIRECTORY; 291 ace->sid.revision = SID_REVISION; 292 ace->sid.sub_authority_count = 0x01; 293 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 294 ace->sid.identifier_authority.value[0] = 0; 295 ace->sid.identifier_authority.value[1] = 0; 296 ace->sid.identifier_authority.value[2] = 0; 297 ace->sid.identifier_authority.value[3] = 0; 298 ace->sid.identifier_authority.value[4] = 0; 299 ace->sid.identifier_authority.value[5] = 5; 300 ace->sid.sub_authority[0] = 301 const_cpu_to_le32(SECURITY_AUTHENTICATED_USER_RID); 302 303 //ace6 304 ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size)); 305 ace->type = ACCESS_ALLOWED_ACE_TYPE; 306 ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | 307 INHERIT_ONLY_ACE; 308 ace->size = const_cpu_to_le16(0x14); 309 ace->mask = GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | DELETE; 310 ace->sid.revision = SID_REVISION; 311 ace->sid.sub_authority_count = 0x01; 312 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 313 ace->sid.identifier_authority.value[0] = 0; 314 ace->sid.identifier_authority.value[1] = 0; 315 ace->sid.identifier_authority.value[2] = 0; 316 ace->sid.identifier_authority.value[3] = 0; 317 ace->sid.identifier_authority.value[4] = 0; 318 ace->sid.identifier_authority.value[5] = 5; 319 ace->sid.sub_authority[0] = 320 const_cpu_to_le32(SECURITY_AUTHENTICATED_USER_RID); 321 322 //ace7 323 ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size)); 324 ace->type = ACCESS_ALLOWED_ACE_TYPE; 325 ace->flags = 0; 326 ace->size = const_cpu_to_le16(0x18); 327 ace->mask = SYNCHRONIZE | READ_CONTROL | FILE_READ_ATTRIBUTES | 328 FILE_TRAVERSE | FILE_READ_EA | FILE_LIST_DIRECTORY; 329 ace->sid.revision = SID_REVISION; 330 ace->sid.sub_authority_count = 0x02; 331 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 332 ace->sid.identifier_authority.value[0] = 0; 333 ace->sid.identifier_authority.value[1] = 0; 334 ace->sid.identifier_authority.value[2] = 0; 335 ace->sid.identifier_authority.value[3] = 0; 336 ace->sid.identifier_authority.value[4] = 0; 337 ace->sid.identifier_authority.value[5] = 5; 338 ace->sid.sub_authority[0] = 339 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); 340 ace->sid.sub_authority[1] = const_cpu_to_le32(DOMAIN_ALIAS_RID_USERS); 341 342 //ace8 343 ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size)); 344 ace->type = ACCESS_ALLOWED_ACE_TYPE; 345 ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | 346 INHERIT_ONLY_ACE; 347 ace->size = const_cpu_to_le16(0x18); 348 ace->mask = GENERIC_READ | GENERIC_EXECUTE; 349 ace->sid.revision = SID_REVISION; 350 ace->sid.sub_authority_count = 0x02; 351 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 352 ace->sid.identifier_authority.value[0] = 0; 353 ace->sid.identifier_authority.value[1] = 0; 354 ace->sid.identifier_authority.value[2] = 0; 355 ace->sid.identifier_authority.value[3] = 0; 356 ace->sid.identifier_authority.value[4] = 0; 357 ace->sid.identifier_authority.value[5] = 5; 358 ace->sid.sub_authority[0] = 359 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); 360 ace->sid.sub_authority[1] = const_cpu_to_le32(DOMAIN_ALIAS_RID_USERS); 361 362 //owner sid 363 sid = (SID*)((char*)sd + le32_to_cpu(sd->owner)); 364 sid->revision = 0x01; 365 sid->sub_authority_count = 0x01; 366 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 367 sid->identifier_authority.value[0] = 0; 368 sid->identifier_authority.value[1] = 0; 369 sid->identifier_authority.value[2] = 0; 370 sid->identifier_authority.value[3] = 0; 371 sid->identifier_authority.value[4] = 0; 372 sid->identifier_authority.value[5] = 5; 373 sid->sub_authority[0] = const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); 374 375 //group sid 376 sid = (SID*)((char*)sd + le32_to_cpu(sd->group)); 377 sid->revision = 0x01; 378 sid->sub_authority_count = 0x01; 379 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 380 sid->identifier_authority.value[0] = 0; 381 sid->identifier_authority.value[1] = 0; 382 sid->identifier_authority.value[2] = 0; 383 sid->identifier_authority.value[3] = 0; 384 sid->identifier_authority.value[4] = 0; 385 sid->identifier_authority.value[5] = 5; 386 sid->sub_authority[0] = const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); 387} 388 389/** 390 * init_secure_sds - 391 * 392 * NTFS 3.1 - System files security decriptors 393 * =========================================== 394 * Create the security descriptor entries in $SDS data stream like they 395 * are in a partition, newly formatted with windows 2003 396 */ 397void init_secure_sds(char *sd_val) 398{ 399 SECURITY_DESCRIPTOR_HEADER *sds; 400 SECURITY_DESCRIPTOR_RELATIVE *sd; 401 ACL *acl; 402 ACCESS_ALLOWED_ACE *ace; 403 SID *sid; 404 405/* 406 * security descriptor #1 407 */ 408 //header 409 sds = (SECURITY_DESCRIPTOR_HEADER*)((char*)sd_val); 410 sds->hash = const_cpu_to_le32(0xF80312F0); 411 sds->security_id = const_cpu_to_le32(0x0100); 412 sds->offset = const_cpu_to_le64(0x00); 413 sds->length = const_cpu_to_le32(0x7C); 414 //security descriptor relative 415 sd = (SECURITY_DESCRIPTOR_RELATIVE*)((char*)sds + 416 sizeof(SECURITY_DESCRIPTOR_HEADER)); 417 sd->revision = 0x01; 418 sd->alignment = 0x00; 419 sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT; 420 sd->owner = const_cpu_to_le32(0x48); 421 sd->group = const_cpu_to_le32(0x58); 422 sd->sacl = const_cpu_to_le32(0x00); 423 sd->dacl = const_cpu_to_le32(0x14); 424 425 //acl 426 acl = (ACL*)((char*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE)); 427 acl->revision = 0x02; 428 acl->alignment1 = 0x00; 429 acl->size = const_cpu_to_le16(0x34); 430 acl->ace_count = const_cpu_to_le16(0x02); 431 acl->alignment2 = 0x00; 432 433 //ace1 434 ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL)); 435 ace->type = 0x00; 436 ace->flags = 0x00; 437 ace->size = const_cpu_to_le16(0x14); 438 ace->mask = const_cpu_to_le32(0x120089); 439 ace->sid.revision = 0x01; 440 ace->sid.sub_authority_count = 0x01; 441 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 442 ace->sid.identifier_authority.value[0] = 0; 443 ace->sid.identifier_authority.value[1] = 0; 444 ace->sid.identifier_authority.value[2] = 0; 445 ace->sid.identifier_authority.value[3] = 0; 446 ace->sid.identifier_authority.value[4] = 0; 447 ace->sid.identifier_authority.value[5] = 5; 448 ace->sid.sub_authority[0] = 449 const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); 450 //ace2 451 ace = (ACCESS_ALLOWED_ACE*)((char*)ace + le16_to_cpu(ace->size)); 452 ace->type = 0x00; 453 ace->flags = 0x00; 454 ace->size = const_cpu_to_le16(0x18); 455 ace->mask = const_cpu_to_le32(0x120089); 456 ace->sid.revision = 0x01; 457 ace->sid.sub_authority_count = 0x02; 458 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 459 ace->sid.identifier_authority.value[0] = 0; 460 ace->sid.identifier_authority.value[1] = 0; 461 ace->sid.identifier_authority.value[2] = 0; 462 ace->sid.identifier_authority.value[3] = 0; 463 ace->sid.identifier_authority.value[4] = 0; 464 ace->sid.identifier_authority.value[5] = 5; 465 ace->sid.sub_authority[0] = 466 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); 467 ace->sid.sub_authority[1] = 468 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); 469 470 //owner sid 471 sid = (SID*)((char*)sd + le32_to_cpu(sd->owner)); 472 sid->revision = 0x01; 473 sid->sub_authority_count = 0x02; 474 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 475 sid->identifier_authority.value[0] = 0; 476 sid->identifier_authority.value[1] = 0; 477 sid->identifier_authority.value[2] = 0; 478 sid->identifier_authority.value[3] = 0; 479 sid->identifier_authority.value[4] = 0; 480 sid->identifier_authority.value[5] = 5; 481 sid->sub_authority[0] = 482 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); 483 sid->sub_authority[1] = 484 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); 485 //group sid 486 sid = (SID*)((char*)sd + le32_to_cpu(sd->group)); 487 sid->revision = 0x01; 488 sid->sub_authority_count = 0x02; 489 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 490 sid->identifier_authority.value[0] = 0; 491 sid->identifier_authority.value[1] = 0; 492 sid->identifier_authority.value[2] = 0; 493 sid->identifier_authority.value[3] = 0; 494 sid->identifier_authority.value[4] = 0; 495 sid->identifier_authority.value[5] = 5; 496 sid->sub_authority[0] = 497 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); 498 sid->sub_authority[1] = 499 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); 500/* 501 * security descriptor #2 502 */ 503 //header 504 sds = (SECURITY_DESCRIPTOR_HEADER*)((char*)sd_val + 0x80); 505 sds->hash = const_cpu_to_le32(0xB32451); 506 sds->security_id = const_cpu_to_le32(0x0101); 507 sds->offset = const_cpu_to_le64(0x80); 508 sds->length = const_cpu_to_le32(0x7C); 509 510 //security descriptor relative 511 sd = (SECURITY_DESCRIPTOR_RELATIVE*)((char*)sds + 512 sizeof(SECURITY_DESCRIPTOR_HEADER)); 513 sd->revision = 0x01; 514 sd->alignment = 0x00; 515 sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT; 516 sd->owner = const_cpu_to_le32(0x48); 517 sd->group = const_cpu_to_le32(0x58); 518 sd->sacl = const_cpu_to_le32(0x00); 519 sd->dacl = const_cpu_to_le32(0x14); 520 521 //acl 522 acl = (ACL*)((char*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE)); 523 acl->revision = 0x02; 524 acl->alignment1 = 0x00; 525 acl->size = const_cpu_to_le16(0x34); 526 acl->ace_count = const_cpu_to_le16(0x02); 527 acl->alignment2 = 0x00; 528 529 //ace1 530 ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL)); 531 ace->type = 0x00; 532 ace->flags = 0x00; 533 ace->size = const_cpu_to_le16(0x14); 534 ace->mask = const_cpu_to_le32(0x12019F); 535 ace->sid.revision = 0x01; 536 ace->sid.sub_authority_count = 0x01; 537 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 538 ace->sid.identifier_authority.value[0] = 0; 539 ace->sid.identifier_authority.value[1] = 0; 540 ace->sid.identifier_authority.value[2] = 0; 541 ace->sid.identifier_authority.value[3] = 0; 542 ace->sid.identifier_authority.value[4] = 0; 543 ace->sid.identifier_authority.value[5] = 5; 544 ace->sid.sub_authority[0] = 545 const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); 546 //ace2 547 ace = (ACCESS_ALLOWED_ACE*)((char*)ace + le16_to_cpu(ace->size)); 548 ace->type = 0x00; 549 ace->flags = 0x00; 550 ace->size = const_cpu_to_le16(0x18); 551 ace->mask = const_cpu_to_le32(0x12019F); 552 ace->sid.revision = 0x01; 553 ace->sid.sub_authority_count = 0x02; 554 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 555 ace->sid.identifier_authority.value[0] = 0; 556 ace->sid.identifier_authority.value[1] = 0; 557 ace->sid.identifier_authority.value[2] = 0; 558 ace->sid.identifier_authority.value[3] = 0; 559 ace->sid.identifier_authority.value[4] = 0; 560 ace->sid.identifier_authority.value[5] = 5; 561 ace->sid.sub_authority[0] = 562 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); 563 ace->sid.sub_authority[1] = 564 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); 565 566 //owner sid 567 sid = (SID*)((char*)sd + le32_to_cpu(sd->owner)); 568 sid->revision = 0x01; 569 sid->sub_authority_count = 0x02; 570 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 571 sid->identifier_authority.value[0] = 0; 572 sid->identifier_authority.value[1] = 0; 573 sid->identifier_authority.value[2] = 0; 574 sid->identifier_authority.value[3] = 0; 575 sid->identifier_authority.value[4] = 0; 576 sid->identifier_authority.value[5] = 5; 577 sid->sub_authority[0] = 578 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); 579 sid->sub_authority[1] = 580 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); 581 582 //group sid 583 sid = (SID*)((char*)sd + le32_to_cpu(sd->group)); 584 sid->revision = 0x01; 585 sid->sub_authority_count = 0x02; 586 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 587 sid->identifier_authority.value[0] = 0; 588 sid->identifier_authority.value[1] = 0; 589 sid->identifier_authority.value[2] = 0; 590 sid->identifier_authority.value[3] = 0; 591 sid->identifier_authority.value[4] = 0; 592 sid->identifier_authority.value[5] = 5; 593 sid->sub_authority[0] = 594 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); 595 sid->sub_authority[1] = 596 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); 597 598 return; 599} 600