1 #include "compat.h" 2 #include "types.h" 3 #include "layout.h" 4 #include "sd.h" 5 6 /** 7 * init_system_file_sd - 8 * 9 * NTFS 3.1 - System files security decriptors 10 * ===================================================== 11 * 12 * Create the security descriptor for system file number @sys_file_no and 13 * return a pointer to the descriptor. 14 * 15 * Note the root directory system file (".") is very different and handled by a 16 * different function. 17 * 18 * The sd is returned in *@sd_val and has length *@sd_val_len. 19 * 20 * Do NOT free *@sd_val as it is static memory. This also means that you can 21 * only use *@sd_val until the next call to this function. 22 */ 23 void init_system_file_sd(int sys_file_no, u8 **sd_val, int *sd_val_len) 24 { 25 static u8 sd_array[0x68]; 26 SECURITY_DESCRIPTOR_RELATIVE *sd; 27 ACL *acl; 28 ACCESS_ALLOWED_ACE *aa_ace; 29 SID *sid; 30 31 if (sys_file_no < 0) { 32 *sd_val = NULL; 33 *sd_val_len = 0; 34 return; 35 } 36 *sd_val = sd_array; 37 sd = (SECURITY_DESCRIPTOR_RELATIVE*)&sd_array; 38 sd->revision = 1; 39 sd->alignment = 0; 40 sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT; 41 *sd_val_len = 0x64; 42 sd->owner = const_cpu_to_le32(0x48); 43 sd->group = const_cpu_to_le32(0x54); 44 sd->sacl = const_cpu_to_le32(0); 45 sd->dacl = const_cpu_to_le32(0x14); 46 /* 47 * Now at offset 0x14, as specified in the security descriptor, we have 48 * the DACL. 49 */ 50 acl = (ACL*)((char*)sd + le32_to_cpu(sd->dacl)); 51 acl->revision = 2; 52 acl->alignment1 = 0; 53 acl->size = const_cpu_to_le16(0x34); 54 acl->ace_count = const_cpu_to_le16(2); 55 acl->alignment2 = const_cpu_to_le16(0); 56 /* 57 * Now at offset 0x1c, just after the DACL's ACL, we have the first 58 * ACE of the DACL. The type of the ACE is access allowed. 59 */ 60 aa_ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL)); 61 aa_ace->type = ACCESS_ALLOWED_ACE_TYPE; 62 aa_ace->flags = 0; 63 aa_ace->size = const_cpu_to_le16(0x14); 64 switch (sys_file_no) { 65 case FILE_AttrDef: 66 case FILE_Boot: 67 aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ | 68 FILE_READ_ATTRIBUTES | FILE_READ_EA | FILE_READ_DATA; 69 break; 70 default: 71 aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_WRITE | 72 FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES | 73 FILE_WRITE_EA | FILE_READ_EA | FILE_APPEND_DATA | 74 FILE_WRITE_DATA | FILE_READ_DATA; 75 break; 76 } 77 aa_ace->sid.revision = 1; 78 aa_ace->sid.sub_authority_count = 1; 79 aa_ace->sid.identifier_authority.value[0] = 0; 80 aa_ace->sid.identifier_authority.value[1] = 0; 81 aa_ace->sid.identifier_authority.value[2] = 0; 82 aa_ace->sid.identifier_authority.value[3] = 0; 83 aa_ace->sid.identifier_authority.value[4] = 0; 84 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 85 aa_ace->sid.identifier_authority.value[5] = 5; 86 aa_ace->sid.sub_authority[0] = 87 const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); 88 /* 89 * Now at offset 0x30 within security descriptor, just after the first 90 * ACE of the DACL. All system files, except the root directory, have 91 * a second ACE. 92 */ 93 /* The second ACE of the DACL. Type is access allowed. */ 94 aa_ace = (ACCESS_ALLOWED_ACE*)((char*)aa_ace + 95 le16_to_cpu(aa_ace->size)); 96 aa_ace->type = ACCESS_ALLOWED_ACE_TYPE; 97 aa_ace->flags = 0; 98 aa_ace->size = const_cpu_to_le16(0x18); 99 /* Only $AttrDef and $Boot behave differently to everything else. */ 100 switch (sys_file_no) { 101 case FILE_AttrDef: 102 case FILE_Boot: 103 aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ | 104 FILE_READ_ATTRIBUTES | FILE_READ_EA | 105 FILE_READ_DATA; 106 break; 107 default: 108 aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ | 109 FILE_WRITE_ATTRIBUTES | 110 FILE_READ_ATTRIBUTES | FILE_WRITE_EA | 111 FILE_READ_EA | FILE_APPEND_DATA | 112 FILE_WRITE_DATA | FILE_READ_DATA; 113 break; 114 } 115 aa_ace->sid.revision = 1; 116 aa_ace->sid.sub_authority_count = 2; 117 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 118 aa_ace->sid.identifier_authority.value[0] = 0; 119 aa_ace->sid.identifier_authority.value[1] = 0; 120 aa_ace->sid.identifier_authority.value[2] = 0; 121 aa_ace->sid.identifier_authority.value[3] = 0; 122 aa_ace->sid.identifier_authority.value[4] = 0; 123 aa_ace->sid.identifier_authority.value[5] = 5; 124 aa_ace->sid.sub_authority[0] = 125 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); 126 aa_ace->sid.sub_authority[1] = 127 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); 128 /* 129 * Now at offset 0x48 into the security descriptor, as specified in the 130 * security descriptor, we now have the owner SID. 131 */ 132 sid = (SID*)((char*)sd + le32_to_cpu(sd->owner)); 133 sid->revision = 1; 134 sid->sub_authority_count = 1; 135 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 136 sid->identifier_authority.value[0] = 0; 137 sid->identifier_authority.value[1] = 0; 138 sid->identifier_authority.value[2] = 0; 139 sid->identifier_authority.value[3] = 0; 140 sid->identifier_authority.value[4] = 0; 141 sid->identifier_authority.value[5] = 5; 142 sid->sub_authority[0] = const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); 143 /* 144 * Now at offset 0x54 into the security descriptor, as specified in the 145 * security descriptor, we have the group SID. 146 */ 147 sid = (SID*)((char*)sd + le32_to_cpu(sd->group)); 148 sid->revision = 1; 149 sid->sub_authority_count = 2; 150 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 151 sid->identifier_authority.value[0] = 0; 152 sid->identifier_authority.value[1] = 0; 153 sid->identifier_authority.value[2] = 0; 154 sid->identifier_authority.value[3] = 0; 155 sid->identifier_authority.value[4] = 0; 156 sid->identifier_authority.value[5] = 5; 157 sid->sub_authority[0] = const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); 158 sid->sub_authority[1] = const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); 159 } 160 161 /** 162 * init_root_sd - 163 * 164 * Creates the security_descriptor for the root folder on ntfs 3.1 as created 165 * by Windows Vista (when the format is done from the disk management MMC 166 * snap-in, note this is different from the format done from the disk 167 * properties in Windows Explorer). 168 */ 169 void init_root_sd(u8 **sd_val, int *sd_val_len) 170 { 171 SECURITY_DESCRIPTOR_RELATIVE *sd; 172 ACL *acl; 173 ACCESS_ALLOWED_ACE *ace; 174 SID *sid; 175 176 static char sd_array[0x102c]; 177 *sd_val_len = 0x102c; 178 *sd_val = (u8*)&sd_array; 179 180 //security descriptor relative 181 sd = (SECURITY_DESCRIPTOR_RELATIVE*)sd_array; 182 sd->revision = SECURITY_DESCRIPTOR_REVISION; 183 sd->alignment = 0; 184 sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT; 185 sd->owner = const_cpu_to_le32(0x1014); 186 sd->group = const_cpu_to_le32(0x1020); 187 sd->sacl = 0; 188 sd->dacl = const_cpu_to_le32(sizeof(SECURITY_DESCRIPTOR_RELATIVE)); 189 190 //acl 191 acl = (ACL*)((u8*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE)); 192 acl->revision = ACL_REVISION; 193 acl->alignment1 = 0; 194 acl->size = const_cpu_to_le16(0x1000); 195 acl->ace_count = const_cpu_to_le16(0x08); 196 acl->alignment2 = 0; 197 198 //ace1 199 ace = (ACCESS_ALLOWED_ACE*)((u8*)acl + sizeof(ACL)); 200 ace->type = ACCESS_ALLOWED_ACE_TYPE; 201 ace->flags = 0; 202 ace->size = const_cpu_to_le16(0x18); 203 ace->mask = STANDARD_RIGHTS_ALL | FILE_WRITE_ATTRIBUTES | 204 FILE_LIST_DIRECTORY | FILE_WRITE_DATA | 205 FILE_ADD_SUBDIRECTORY | FILE_READ_EA | FILE_WRITE_EA | 206 FILE_TRAVERSE | FILE_DELETE_CHILD | 207 FILE_READ_ATTRIBUTES; 208 ace->sid.revision = SID_REVISION; 209 ace->sid.sub_authority_count = 0x02; 210 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 211 ace->sid.identifier_authority.value[0] = 0; 212 ace->sid.identifier_authority.value[1] = 0; 213 ace->sid.identifier_authority.value[2] = 0; 214 ace->sid.identifier_authority.value[3] = 0; 215 ace->sid.identifier_authority.value[4] = 0; 216 ace->sid.identifier_authority.value[5] = 5; 217 ace->sid.sub_authority[0] = 218 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); 219 ace->sid.sub_authority[1] = const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); 220 221 //ace2 222 ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size)); 223 ace->type = ACCESS_ALLOWED_ACE_TYPE; 224 ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | 225 INHERIT_ONLY_ACE; 226 ace->size = const_cpu_to_le16(0x18); 227 ace->mask = GENERIC_ALL; 228 ace->sid.revision = SID_REVISION; 229 ace->sid.sub_authority_count = 0x02; 230 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 231 ace->sid.identifier_authority.value[0] = 0; 232 ace->sid.identifier_authority.value[1] = 0; 233 ace->sid.identifier_authority.value[2] = 0; 234 ace->sid.identifier_authority.value[3] = 0; 235 ace->sid.identifier_authority.value[4] = 0; 236 ace->sid.identifier_authority.value[5] = 5; 237 ace->sid.sub_authority[0] = 238 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); 239 ace->sid.sub_authority[1] = const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); 240 241 //ace3 242 ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size)); 243 ace->type = ACCESS_ALLOWED_ACE_TYPE; 244 ace->flags = 0; 245 ace->size = const_cpu_to_le16(0x14); 246 ace->mask = STANDARD_RIGHTS_ALL | FILE_WRITE_ATTRIBUTES | 247 FILE_LIST_DIRECTORY | FILE_WRITE_DATA | 248 FILE_ADD_SUBDIRECTORY | FILE_READ_EA | FILE_WRITE_EA | 249 FILE_TRAVERSE | FILE_DELETE_CHILD | 250 FILE_READ_ATTRIBUTES; 251 ace->sid.revision = SID_REVISION; 252 ace->sid.sub_authority_count = 0x01; 253 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 254 ace->sid.identifier_authority.value[0] = 0; 255 ace->sid.identifier_authority.value[1] = 0; 256 ace->sid.identifier_authority.value[2] = 0; 257 ace->sid.identifier_authority.value[3] = 0; 258 ace->sid.identifier_authority.value[4] = 0; 259 ace->sid.identifier_authority.value[5] = 5; 260 ace->sid.sub_authority[0] = 261 const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); 262 263 //ace4 264 ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size)); 265 ace->type = ACCESS_ALLOWED_ACE_TYPE; 266 ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | 267 INHERIT_ONLY_ACE; 268 ace->size = const_cpu_to_le16(0x14); 269 ace->mask = GENERIC_ALL; 270 ace->sid.revision = SID_REVISION; 271 ace->sid.sub_authority_count = 0x01; 272 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 273 ace->sid.identifier_authority.value[0] = 0; 274 ace->sid.identifier_authority.value[1] = 0; 275 ace->sid.identifier_authority.value[2] = 0; 276 ace->sid.identifier_authority.value[3] = 0; 277 ace->sid.identifier_authority.value[4] = 0; 278 ace->sid.identifier_authority.value[5] = 5; 279 ace->sid.sub_authority[0] = 280 const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); 281 282 //ace5 283 ace = (ACCESS_ALLOWED_ACE*)((char*)ace + le16_to_cpu(ace->size)); 284 ace->type = ACCESS_ALLOWED_ACE_TYPE; 285 ace->flags = 0; 286 ace->size = const_cpu_to_le16(0x14); 287 ace->mask = SYNCHRONIZE | READ_CONTROL | DELETE | 288 FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES | 289 FILE_TRAVERSE | FILE_WRITE_EA | FILE_READ_EA | 290 FILE_ADD_SUBDIRECTORY | FILE_ADD_FILE | 291 FILE_LIST_DIRECTORY; 292 ace->sid.revision = SID_REVISION; 293 ace->sid.sub_authority_count = 0x01; 294 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 295 ace->sid.identifier_authority.value[0] = 0; 296 ace->sid.identifier_authority.value[1] = 0; 297 ace->sid.identifier_authority.value[2] = 0; 298 ace->sid.identifier_authority.value[3] = 0; 299 ace->sid.identifier_authority.value[4] = 0; 300 ace->sid.identifier_authority.value[5] = 5; 301 ace->sid.sub_authority[0] = 302 const_cpu_to_le32(SECURITY_AUTHENTICATED_USER_RID); 303 304 //ace6 305 ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size)); 306 ace->type = ACCESS_ALLOWED_ACE_TYPE; 307 ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | 308 INHERIT_ONLY_ACE; 309 ace->size = const_cpu_to_le16(0x14); 310 ace->mask = GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | DELETE; 311 ace->sid.revision = SID_REVISION; 312 ace->sid.sub_authority_count = 0x01; 313 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 314 ace->sid.identifier_authority.value[0] = 0; 315 ace->sid.identifier_authority.value[1] = 0; 316 ace->sid.identifier_authority.value[2] = 0; 317 ace->sid.identifier_authority.value[3] = 0; 318 ace->sid.identifier_authority.value[4] = 0; 319 ace->sid.identifier_authority.value[5] = 5; 320 ace->sid.sub_authority[0] = 321 const_cpu_to_le32(SECURITY_AUTHENTICATED_USER_RID); 322 323 //ace7 324 ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size)); 325 ace->type = ACCESS_ALLOWED_ACE_TYPE; 326 ace->flags = 0; 327 ace->size = const_cpu_to_le16(0x18); 328 ace->mask = SYNCHRONIZE | READ_CONTROL | FILE_READ_ATTRIBUTES | 329 FILE_TRAVERSE | FILE_READ_EA | FILE_LIST_DIRECTORY; 330 ace->sid.revision = SID_REVISION; 331 ace->sid.sub_authority_count = 0x02; 332 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 333 ace->sid.identifier_authority.value[0] = 0; 334 ace->sid.identifier_authority.value[1] = 0; 335 ace->sid.identifier_authority.value[2] = 0; 336 ace->sid.identifier_authority.value[3] = 0; 337 ace->sid.identifier_authority.value[4] = 0; 338 ace->sid.identifier_authority.value[5] = 5; 339 ace->sid.sub_authority[0] = 340 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); 341 ace->sid.sub_authority[1] = const_cpu_to_le32(DOMAIN_ALIAS_RID_USERS); 342 343 //ace8 344 ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size)); 345 ace->type = ACCESS_ALLOWED_ACE_TYPE; 346 ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | 347 INHERIT_ONLY_ACE; 348 ace->size = const_cpu_to_le16(0x18); 349 ace->mask = GENERIC_READ | GENERIC_EXECUTE; 350 ace->sid.revision = SID_REVISION; 351 ace->sid.sub_authority_count = 0x02; 352 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 353 ace->sid.identifier_authority.value[0] = 0; 354 ace->sid.identifier_authority.value[1] = 0; 355 ace->sid.identifier_authority.value[2] = 0; 356 ace->sid.identifier_authority.value[3] = 0; 357 ace->sid.identifier_authority.value[4] = 0; 358 ace->sid.identifier_authority.value[5] = 5; 359 ace->sid.sub_authority[0] = 360 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); 361 ace->sid.sub_authority[1] = const_cpu_to_le32(DOMAIN_ALIAS_RID_USERS); 362 363 //owner sid 364 sid = (SID*)((char*)sd + le32_to_cpu(sd->owner)); 365 sid->revision = 0x01; 366 sid->sub_authority_count = 0x01; 367 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 368 sid->identifier_authority.value[0] = 0; 369 sid->identifier_authority.value[1] = 0; 370 sid->identifier_authority.value[2] = 0; 371 sid->identifier_authority.value[3] = 0; 372 sid->identifier_authority.value[4] = 0; 373 sid->identifier_authority.value[5] = 5; 374 sid->sub_authority[0] = const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); 375 376 //group sid 377 sid = (SID*)((char*)sd + le32_to_cpu(sd->group)); 378 sid->revision = 0x01; 379 sid->sub_authority_count = 0x01; 380 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 381 sid->identifier_authority.value[0] = 0; 382 sid->identifier_authority.value[1] = 0; 383 sid->identifier_authority.value[2] = 0; 384 sid->identifier_authority.value[3] = 0; 385 sid->identifier_authority.value[4] = 0; 386 sid->identifier_authority.value[5] = 5; 387 sid->sub_authority[0] = const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); 388 } 389 390 /** 391 * init_secure_sds - 392 * 393 * NTFS 3.1 - System files security decriptors 394 * =========================================== 395 * Create the security descriptor entries in $SDS data stream like they 396 * are in a partition, newly formatted with windows 2003 397 */ 398 void init_secure_sds(char *sd_val) 399 { 400 SECURITY_DESCRIPTOR_HEADER *sds; 401 SECURITY_DESCRIPTOR_RELATIVE *sd; 402 ACL *acl; 403 ACCESS_ALLOWED_ACE *ace; 404 SID *sid; 405 406 /* 407 * security descriptor #1 408 */ 409 //header 410 sds = (SECURITY_DESCRIPTOR_HEADER*)((char*)sd_val); 411 sds->hash = const_cpu_to_le32(0xF80312F0); 412 sds->security_id = const_cpu_to_le32(0x0100); 413 sds->offset = const_cpu_to_le64(0x00); 414 sds->length = const_cpu_to_le32(0x7C); 415 //security descriptor relative 416 sd = (SECURITY_DESCRIPTOR_RELATIVE*)((char*)sds + 417 sizeof(SECURITY_DESCRIPTOR_HEADER)); 418 sd->revision = 0x01; 419 sd->alignment = 0x00; 420 sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT; 421 sd->owner = const_cpu_to_le32(0x48); 422 sd->group = const_cpu_to_le32(0x58); 423 sd->sacl = const_cpu_to_le32(0x00); 424 sd->dacl = const_cpu_to_le32(0x14); 425 426 //acl 427 acl = (ACL*)((char*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE)); 428 acl->revision = 0x02; 429 acl->alignment1 = 0x00; 430 acl->size = const_cpu_to_le16(0x34); 431 acl->ace_count = const_cpu_to_le16(0x02); 432 acl->alignment2 = 0x00; 433 434 //ace1 435 ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL)); 436 ace->type = 0x00; 437 ace->flags = 0x00; 438 ace->size = const_cpu_to_le16(0x14); 439 ace->mask = const_cpu_to_le32(0x120089); 440 ace->sid.revision = 0x01; 441 ace->sid.sub_authority_count = 0x01; 442 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 443 ace->sid.identifier_authority.value[0] = 0; 444 ace->sid.identifier_authority.value[1] = 0; 445 ace->sid.identifier_authority.value[2] = 0; 446 ace->sid.identifier_authority.value[3] = 0; 447 ace->sid.identifier_authority.value[4] = 0; 448 ace->sid.identifier_authority.value[5] = 5; 449 ace->sid.sub_authority[0] = 450 const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); 451 //ace2 452 ace = (ACCESS_ALLOWED_ACE*)((char*)ace + le16_to_cpu(ace->size)); 453 ace->type = 0x00; 454 ace->flags = 0x00; 455 ace->size = const_cpu_to_le16(0x18); 456 ace->mask = const_cpu_to_le32(0x120089); 457 ace->sid.revision = 0x01; 458 ace->sid.sub_authority_count = 0x02; 459 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 460 ace->sid.identifier_authority.value[0] = 0; 461 ace->sid.identifier_authority.value[1] = 0; 462 ace->sid.identifier_authority.value[2] = 0; 463 ace->sid.identifier_authority.value[3] = 0; 464 ace->sid.identifier_authority.value[4] = 0; 465 ace->sid.identifier_authority.value[5] = 5; 466 ace->sid.sub_authority[0] = 467 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); 468 ace->sid.sub_authority[1] = 469 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); 470 471 //owner sid 472 sid = (SID*)((char*)sd + le32_to_cpu(sd->owner)); 473 sid->revision = 0x01; 474 sid->sub_authority_count = 0x02; 475 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 476 sid->identifier_authority.value[0] = 0; 477 sid->identifier_authority.value[1] = 0; 478 sid->identifier_authority.value[2] = 0; 479 sid->identifier_authority.value[3] = 0; 480 sid->identifier_authority.value[4] = 0; 481 sid->identifier_authority.value[5] = 5; 482 sid->sub_authority[0] = 483 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); 484 sid->sub_authority[1] = 485 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); 486 //group sid 487 sid = (SID*)((char*)sd + le32_to_cpu(sd->group)); 488 sid->revision = 0x01; 489 sid->sub_authority_count = 0x02; 490 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 491 sid->identifier_authority.value[0] = 0; 492 sid->identifier_authority.value[1] = 0; 493 sid->identifier_authority.value[2] = 0; 494 sid->identifier_authority.value[3] = 0; 495 sid->identifier_authority.value[4] = 0; 496 sid->identifier_authority.value[5] = 5; 497 sid->sub_authority[0] = 498 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); 499 sid->sub_authority[1] = 500 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); 501 /* 502 * security descriptor #2 503 */ 504 //header 505 sds = (SECURITY_DESCRIPTOR_HEADER*)((char*)sd_val + 0x80); 506 sds->hash = const_cpu_to_le32(0xB32451); 507 sds->security_id = const_cpu_to_le32(0x0101); 508 sds->offset = const_cpu_to_le64(0x80); 509 sds->length = const_cpu_to_le32(0x7C); 510 511 //security descriptor relative 512 sd = (SECURITY_DESCRIPTOR_RELATIVE*)((char*)sds + 513 sizeof(SECURITY_DESCRIPTOR_HEADER)); 514 sd->revision = 0x01; 515 sd->alignment = 0x00; 516 sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT; 517 sd->owner = const_cpu_to_le32(0x48); 518 sd->group = const_cpu_to_le32(0x58); 519 sd->sacl = const_cpu_to_le32(0x00); 520 sd->dacl = const_cpu_to_le32(0x14); 521 522 //acl 523 acl = (ACL*)((char*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE)); 524 acl->revision = 0x02; 525 acl->alignment1 = 0x00; 526 acl->size = const_cpu_to_le16(0x34); 527 acl->ace_count = const_cpu_to_le16(0x02); 528 acl->alignment2 = 0x00; 529 530 //ace1 531 ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL)); 532 ace->type = 0x00; 533 ace->flags = 0x00; 534 ace->size = const_cpu_to_le16(0x14); 535 ace->mask = const_cpu_to_le32(0x12019F); 536 ace->sid.revision = 0x01; 537 ace->sid.sub_authority_count = 0x01; 538 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 539 ace->sid.identifier_authority.value[0] = 0; 540 ace->sid.identifier_authority.value[1] = 0; 541 ace->sid.identifier_authority.value[2] = 0; 542 ace->sid.identifier_authority.value[3] = 0; 543 ace->sid.identifier_authority.value[4] = 0; 544 ace->sid.identifier_authority.value[5] = 5; 545 ace->sid.sub_authority[0] = 546 const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID); 547 //ace2 548 ace = (ACCESS_ALLOWED_ACE*)((char*)ace + le16_to_cpu(ace->size)); 549 ace->type = 0x00; 550 ace->flags = 0x00; 551 ace->size = const_cpu_to_le16(0x18); 552 ace->mask = const_cpu_to_le32(0x12019F); 553 ace->sid.revision = 0x01; 554 ace->sid.sub_authority_count = 0x02; 555 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 556 ace->sid.identifier_authority.value[0] = 0; 557 ace->sid.identifier_authority.value[1] = 0; 558 ace->sid.identifier_authority.value[2] = 0; 559 ace->sid.identifier_authority.value[3] = 0; 560 ace->sid.identifier_authority.value[4] = 0; 561 ace->sid.identifier_authority.value[5] = 5; 562 ace->sid.sub_authority[0] = 563 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); 564 ace->sid.sub_authority[1] = 565 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); 566 567 //owner sid 568 sid = (SID*)((char*)sd + le32_to_cpu(sd->owner)); 569 sid->revision = 0x01; 570 sid->sub_authority_count = 0x02; 571 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 572 sid->identifier_authority.value[0] = 0; 573 sid->identifier_authority.value[1] = 0; 574 sid->identifier_authority.value[2] = 0; 575 sid->identifier_authority.value[3] = 0; 576 sid->identifier_authority.value[4] = 0; 577 sid->identifier_authority.value[5] = 5; 578 sid->sub_authority[0] = 579 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); 580 sid->sub_authority[1] = 581 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); 582 583 //group sid 584 sid = (SID*)((char*)sd + le32_to_cpu(sd->group)); 585 sid->revision = 0x01; 586 sid->sub_authority_count = 0x02; 587 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */ 588 sid->identifier_authority.value[0] = 0; 589 sid->identifier_authority.value[1] = 0; 590 sid->identifier_authority.value[2] = 0; 591 sid->identifier_authority.value[3] = 0; 592 sid->identifier_authority.value[4] = 0; 593 sid->identifier_authority.value[5] = 5; 594 sid->sub_authority[0] = 595 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID); 596 sid->sub_authority[1] = 597 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS); 598 599 return; 600 }