1 #include "compat.h"
   2 #include "types.h"
   3 #include "layout.h"
   4 #include "sd.h"
   5 
   6 /**
   7  * init_system_file_sd -
   8  *
   9  * NTFS 3.1 - System files security decriptors
  10  * =====================================================
  11  *
  12  * Create the security descriptor for system file number @sys_file_no and
  13  * return a pointer to the descriptor.
  14  *
  15  * Note the root directory system file (".") is very different and handled by a
  16  * different function.
  17  *
  18  * The sd is returned in *@sd_val and has length *@sd_val_len.
  19  *
  20  * Do NOT free *@sd_val as it is static memory. This also means that you can
  21  * only use *@sd_val until the next call to this function.
  22  */
  23 void init_system_file_sd(int sys_file_no, u8 **sd_val, int *sd_val_len)
  24 {
  25         static u8 sd_array[0x68];
  26         SECURITY_DESCRIPTOR_RELATIVE *sd;
  27         ACL *acl;
  28         ACCESS_ALLOWED_ACE *aa_ace;
  29         SID *sid;
  30 
  31         if (sys_file_no < 0) {
  32                 *sd_val = NULL;
  33                 *sd_val_len = 0;
  34                 return;
  35         }
  36         *sd_val = sd_array;
  37         sd = (SECURITY_DESCRIPTOR_RELATIVE*)&sd_array;
  38         sd->revision = 1;
  39         sd->alignment = 0;
  40         sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT;
  41         *sd_val_len = 0x64;
  42         sd->owner = const_cpu_to_le32(0x48);
  43         sd->group = const_cpu_to_le32(0x54);
  44         sd->sacl = const_cpu_to_le32(0);
  45         sd->dacl = const_cpu_to_le32(0x14);
  46         /*
  47          * Now at offset 0x14, as specified in the security descriptor, we have
  48          * the DACL.
  49          */
  50         acl = (ACL*)((char*)sd + le32_to_cpu(sd->dacl));
  51         acl->revision = 2;
  52         acl->alignment1 = 0;
  53         acl->size = const_cpu_to_le16(0x34);
  54         acl->ace_count = const_cpu_to_le16(2);
  55         acl->alignment2 = const_cpu_to_le16(0);
  56         /*
  57          * Now at offset 0x1c, just after the DACL's ACL, we have the first
  58          * ACE of the DACL. The type of the ACE is access allowed.
  59          */
  60         aa_ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL));
  61         aa_ace->type = ACCESS_ALLOWED_ACE_TYPE;
  62         aa_ace->flags = 0;
  63         aa_ace->size = const_cpu_to_le16(0x14);
  64         switch (sys_file_no) {
  65         case FILE_AttrDef:
  66         case FILE_Boot:
  67                 aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ |
  68                         FILE_READ_ATTRIBUTES | FILE_READ_EA | FILE_READ_DATA;
  69                 break;
  70         default:
  71                 aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_WRITE |
  72                         FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES |
  73                         FILE_WRITE_EA | FILE_READ_EA | FILE_APPEND_DATA |
  74                         FILE_WRITE_DATA | FILE_READ_DATA;
  75                 break;
  76         }
  77         aa_ace->sid.revision = 1;
  78         aa_ace->sid.sub_authority_count = 1;
  79         aa_ace->sid.identifier_authority.value[0] = 0;
  80         aa_ace->sid.identifier_authority.value[1] = 0;
  81         aa_ace->sid.identifier_authority.value[2] = 0;
  82         aa_ace->sid.identifier_authority.value[3] = 0;
  83         aa_ace->sid.identifier_authority.value[4] = 0;
  84         /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
  85         aa_ace->sid.identifier_authority.value[5] = 5;
  86         aa_ace->sid.sub_authority[0] =
  87                         const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
  88         /*
  89          * Now at offset 0x30 within security descriptor, just after the first
  90          * ACE of the DACL. All system files, except the root directory, have
  91          * a second ACE.
  92          */
  93         /* The second ACE of the DACL. Type is access allowed. */
  94         aa_ace = (ACCESS_ALLOWED_ACE*)((char*)aa_ace +
  95                         le16_to_cpu(aa_ace->size));
  96         aa_ace->type = ACCESS_ALLOWED_ACE_TYPE;
  97         aa_ace->flags = 0;
  98         aa_ace->size = const_cpu_to_le16(0x18);
  99         /* Only $AttrDef and $Boot behave differently to everything else. */
 100         switch (sys_file_no) {
 101         case FILE_AttrDef:
 102         case FILE_Boot:
 103                 aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ |
 104                                 FILE_READ_ATTRIBUTES | FILE_READ_EA |
 105                                 FILE_READ_DATA;
 106                 break;
 107         default:
 108                 aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ |
 109                                 FILE_WRITE_ATTRIBUTES |
 110                                 FILE_READ_ATTRIBUTES | FILE_WRITE_EA |
 111                                 FILE_READ_EA | FILE_APPEND_DATA |
 112                                 FILE_WRITE_DATA | FILE_READ_DATA;
 113                 break;
 114         }
 115         aa_ace->sid.revision = 1;
 116         aa_ace->sid.sub_authority_count = 2;
 117         /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
 118         aa_ace->sid.identifier_authority.value[0] = 0;
 119         aa_ace->sid.identifier_authority.value[1] = 0;
 120         aa_ace->sid.identifier_authority.value[2] = 0;
 121         aa_ace->sid.identifier_authority.value[3] = 0;
 122         aa_ace->sid.identifier_authority.value[4] = 0;
 123         aa_ace->sid.identifier_authority.value[5] = 5;
 124         aa_ace->sid.sub_authority[0] =
 125                         const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
 126         aa_ace->sid.sub_authority[1] =
 127                         const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
 128         /*
 129          * Now at offset 0x48 into the security descriptor, as specified in the
 130          * security descriptor, we now have the owner SID.
 131          */
 132         sid = (SID*)((char*)sd + le32_to_cpu(sd->owner));
 133         sid->revision = 1;
 134         sid->sub_authority_count = 1;
 135         /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
 136         sid->identifier_authority.value[0] = 0;
 137         sid->identifier_authority.value[1] = 0;
 138         sid->identifier_authority.value[2] = 0;
 139         sid->identifier_authority.value[3] = 0;
 140         sid->identifier_authority.value[4] = 0;
 141         sid->identifier_authority.value[5] = 5;
 142         sid->sub_authority[0] = const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
 143         /*
 144          * Now at offset 0x54 into the security descriptor, as specified in the
 145          * security descriptor, we have the group SID.
 146          */
 147         sid = (SID*)((char*)sd + le32_to_cpu(sd->group));
 148         sid->revision = 1;
 149         sid->sub_authority_count = 2;
 150         /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
 151         sid->identifier_authority.value[0] = 0;
 152         sid->identifier_authority.value[1] = 0;
 153         sid->identifier_authority.value[2] = 0;
 154         sid->identifier_authority.value[3] = 0;
 155         sid->identifier_authority.value[4] = 0;
 156         sid->identifier_authority.value[5] = 5;
 157         sid->sub_authority[0] = const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
 158         sid->sub_authority[1] = const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
 159 }
 160 
 161 /**
 162  * init_root_sd -
 163  *
 164  * Creates the security_descriptor for the root folder on ntfs 3.1 as created
 165  * by Windows Vista (when the format is done from the disk management MMC
 166  * snap-in, note this is different from the format done from the disk
 167  * properties in Windows Explorer).
 168  */
 169 void init_root_sd(u8 **sd_val, int *sd_val_len)
 170 {
 171         SECURITY_DESCRIPTOR_RELATIVE *sd;
 172         ACL *acl;
 173         ACCESS_ALLOWED_ACE *ace;
 174         SID *sid;
 175 
 176         static char sd_array[0x102c];
 177         *sd_val_len = 0x102c;
 178         *sd_val = (u8*)&sd_array;
 179 
 180         //security descriptor relative
 181         sd = (SECURITY_DESCRIPTOR_RELATIVE*)sd_array;
 182         sd->revision = SECURITY_DESCRIPTOR_REVISION;
 183         sd->alignment = 0;
 184         sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT;
 185         sd->owner = const_cpu_to_le32(0x1014);
 186         sd->group = const_cpu_to_le32(0x1020);
 187         sd->sacl = 0;
 188         sd->dacl = const_cpu_to_le32(sizeof(SECURITY_DESCRIPTOR_RELATIVE));
 189 
 190         //acl
 191         acl = (ACL*)((u8*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE));
 192         acl->revision = ACL_REVISION;
 193         acl->alignment1 = 0;
 194         acl->size = const_cpu_to_le16(0x1000);
 195         acl->ace_count = const_cpu_to_le16(0x08);
 196         acl->alignment2 = 0;
 197 
 198         //ace1
 199         ace = (ACCESS_ALLOWED_ACE*)((u8*)acl + sizeof(ACL));
 200         ace->type = ACCESS_ALLOWED_ACE_TYPE;
 201         ace->flags = 0;
 202         ace->size = const_cpu_to_le16(0x18);
 203         ace->mask = STANDARD_RIGHTS_ALL | FILE_WRITE_ATTRIBUTES |
 204                          FILE_LIST_DIRECTORY | FILE_WRITE_DATA |
 205                          FILE_ADD_SUBDIRECTORY | FILE_READ_EA | FILE_WRITE_EA |
 206                          FILE_TRAVERSE | FILE_DELETE_CHILD |
 207                          FILE_READ_ATTRIBUTES;
 208         ace->sid.revision = SID_REVISION;
 209         ace->sid.sub_authority_count = 0x02;
 210         /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
 211         ace->sid.identifier_authority.value[0] = 0;
 212         ace->sid.identifier_authority.value[1] = 0;
 213         ace->sid.identifier_authority.value[2] = 0;
 214         ace->sid.identifier_authority.value[3] = 0;
 215         ace->sid.identifier_authority.value[4] = 0;
 216         ace->sid.identifier_authority.value[5] = 5;
 217         ace->sid.sub_authority[0] =
 218                         const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
 219         ace->sid.sub_authority[1] = const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
 220 
 221         //ace2
 222         ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
 223         ace->type = ACCESS_ALLOWED_ACE_TYPE;
 224         ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE |
 225                         INHERIT_ONLY_ACE;
 226         ace->size = const_cpu_to_le16(0x18);
 227         ace->mask = GENERIC_ALL;
 228         ace->sid.revision = SID_REVISION;
 229         ace->sid.sub_authority_count = 0x02;
 230         /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
 231         ace->sid.identifier_authority.value[0] = 0;
 232         ace->sid.identifier_authority.value[1] = 0;
 233         ace->sid.identifier_authority.value[2] = 0;
 234         ace->sid.identifier_authority.value[3] = 0;
 235         ace->sid.identifier_authority.value[4] = 0;
 236         ace->sid.identifier_authority.value[5] = 5;
 237         ace->sid.sub_authority[0] =
 238                         const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
 239         ace->sid.sub_authority[1] = const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
 240 
 241         //ace3
 242         ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
 243         ace->type = ACCESS_ALLOWED_ACE_TYPE;
 244         ace->flags = 0;
 245         ace->size = const_cpu_to_le16(0x14);
 246         ace->mask = STANDARD_RIGHTS_ALL | FILE_WRITE_ATTRIBUTES |
 247                          FILE_LIST_DIRECTORY | FILE_WRITE_DATA |
 248                          FILE_ADD_SUBDIRECTORY | FILE_READ_EA | FILE_WRITE_EA |
 249                          FILE_TRAVERSE | FILE_DELETE_CHILD |
 250                          FILE_READ_ATTRIBUTES;
 251         ace->sid.revision = SID_REVISION;
 252         ace->sid.sub_authority_count = 0x01;
 253         /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
 254         ace->sid.identifier_authority.value[0] = 0;
 255         ace->sid.identifier_authority.value[1] = 0;
 256         ace->sid.identifier_authority.value[2] = 0;
 257         ace->sid.identifier_authority.value[3] = 0;
 258         ace->sid.identifier_authority.value[4] = 0;
 259         ace->sid.identifier_authority.value[5] = 5;
 260         ace->sid.sub_authority[0] =
 261                         const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
 262 
 263         //ace4
 264         ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
 265         ace->type = ACCESS_ALLOWED_ACE_TYPE;
 266         ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE |
 267                         INHERIT_ONLY_ACE;
 268         ace->size = const_cpu_to_le16(0x14);
 269         ace->mask = GENERIC_ALL;
 270         ace->sid.revision = SID_REVISION;
 271         ace->sid.sub_authority_count = 0x01;
 272         /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
 273         ace->sid.identifier_authority.value[0] = 0;
 274         ace->sid.identifier_authority.value[1] = 0;
 275         ace->sid.identifier_authority.value[2] = 0;
 276         ace->sid.identifier_authority.value[3] = 0;
 277         ace->sid.identifier_authority.value[4] = 0;
 278         ace->sid.identifier_authority.value[5] = 5;
 279         ace->sid.sub_authority[0] =
 280                         const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
 281 
 282         //ace5
 283         ace = (ACCESS_ALLOWED_ACE*)((char*)ace + le16_to_cpu(ace->size));
 284         ace->type = ACCESS_ALLOWED_ACE_TYPE;
 285         ace->flags = 0;
 286         ace->size = const_cpu_to_le16(0x14);
 287         ace->mask = SYNCHRONIZE | READ_CONTROL | DELETE |
 288                         FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES |
 289                         FILE_TRAVERSE | FILE_WRITE_EA | FILE_READ_EA |
 290                         FILE_ADD_SUBDIRECTORY | FILE_ADD_FILE |
 291                         FILE_LIST_DIRECTORY;
 292         ace->sid.revision = SID_REVISION;
 293         ace->sid.sub_authority_count = 0x01;
 294         /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
 295         ace->sid.identifier_authority.value[0] = 0;
 296         ace->sid.identifier_authority.value[1] = 0;
 297         ace->sid.identifier_authority.value[2] = 0;
 298         ace->sid.identifier_authority.value[3] = 0;
 299         ace->sid.identifier_authority.value[4] = 0;
 300         ace->sid.identifier_authority.value[5] = 5;
 301         ace->sid.sub_authority[0] =
 302                         const_cpu_to_le32(SECURITY_AUTHENTICATED_USER_RID);
 303 
 304         //ace6
 305         ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
 306         ace->type = ACCESS_ALLOWED_ACE_TYPE;
 307         ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE |
 308                         INHERIT_ONLY_ACE;
 309         ace->size = const_cpu_to_le16(0x14);
 310         ace->mask = GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | DELETE;
 311         ace->sid.revision = SID_REVISION;
 312         ace->sid.sub_authority_count = 0x01;
 313         /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
 314         ace->sid.identifier_authority.value[0] = 0;
 315         ace->sid.identifier_authority.value[1] = 0;
 316         ace->sid.identifier_authority.value[2] = 0;
 317         ace->sid.identifier_authority.value[3] = 0;
 318         ace->sid.identifier_authority.value[4] = 0;
 319         ace->sid.identifier_authority.value[5] = 5;
 320         ace->sid.sub_authority[0] =
 321                         const_cpu_to_le32(SECURITY_AUTHENTICATED_USER_RID);
 322 
 323         //ace7
 324         ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
 325         ace->type = ACCESS_ALLOWED_ACE_TYPE;
 326         ace->flags = 0;
 327         ace->size = const_cpu_to_le16(0x18);
 328         ace->mask = SYNCHRONIZE | READ_CONTROL | FILE_READ_ATTRIBUTES |
 329                         FILE_TRAVERSE | FILE_READ_EA | FILE_LIST_DIRECTORY;
 330         ace->sid.revision = SID_REVISION;
 331         ace->sid.sub_authority_count = 0x02;
 332         /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
 333         ace->sid.identifier_authority.value[0] = 0;
 334         ace->sid.identifier_authority.value[1] = 0;
 335         ace->sid.identifier_authority.value[2] = 0;
 336         ace->sid.identifier_authority.value[3] = 0;
 337         ace->sid.identifier_authority.value[4] = 0;
 338         ace->sid.identifier_authority.value[5] = 5;
 339         ace->sid.sub_authority[0] =
 340                         const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
 341         ace->sid.sub_authority[1] = const_cpu_to_le32(DOMAIN_ALIAS_RID_USERS);
 342 
 343         //ace8
 344         ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
 345         ace->type = ACCESS_ALLOWED_ACE_TYPE;
 346         ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE |
 347                         INHERIT_ONLY_ACE;
 348         ace->size = const_cpu_to_le16(0x18);
 349         ace->mask = GENERIC_READ | GENERIC_EXECUTE;
 350         ace->sid.revision = SID_REVISION;
 351         ace->sid.sub_authority_count = 0x02;
 352         /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
 353         ace->sid.identifier_authority.value[0] = 0;
 354         ace->sid.identifier_authority.value[1] = 0;
 355         ace->sid.identifier_authority.value[2] = 0;
 356         ace->sid.identifier_authority.value[3] = 0;
 357         ace->sid.identifier_authority.value[4] = 0;
 358         ace->sid.identifier_authority.value[5] = 5;
 359         ace->sid.sub_authority[0] =
 360                         const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
 361         ace->sid.sub_authority[1] = const_cpu_to_le32(DOMAIN_ALIAS_RID_USERS);
 362 
 363         //owner sid
 364         sid = (SID*)((char*)sd + le32_to_cpu(sd->owner));
 365         sid->revision = 0x01;
 366         sid->sub_authority_count = 0x01;
 367         /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
 368         sid->identifier_authority.value[0] = 0;
 369         sid->identifier_authority.value[1] = 0;
 370         sid->identifier_authority.value[2] = 0;
 371         sid->identifier_authority.value[3] = 0;
 372         sid->identifier_authority.value[4] = 0;
 373         sid->identifier_authority.value[5] = 5;
 374         sid->sub_authority[0] = const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
 375 
 376         //group sid
 377         sid = (SID*)((char*)sd + le32_to_cpu(sd->group));
 378         sid->revision = 0x01;
 379         sid->sub_authority_count = 0x01;
 380         /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
 381         sid->identifier_authority.value[0] = 0;
 382         sid->identifier_authority.value[1] = 0;
 383         sid->identifier_authority.value[2] = 0;
 384         sid->identifier_authority.value[3] = 0;
 385         sid->identifier_authority.value[4] = 0;
 386         sid->identifier_authority.value[5] = 5;
 387         sid->sub_authority[0] = const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
 388 }
 389 
 390 /**
 391  * init_secure_sds -
 392  *
 393  * NTFS 3.1 - System files security decriptors
 394  * ===========================================
 395  * Create the security descriptor entries in $SDS data stream like they
 396  * are in a partition, newly formatted with windows 2003
 397  */
 398 void init_secure_sds(char *sd_val)
 399 {
 400         SECURITY_DESCRIPTOR_HEADER *sds;
 401         SECURITY_DESCRIPTOR_RELATIVE *sd;
 402         ACL *acl;
 403         ACCESS_ALLOWED_ACE *ace;
 404         SID *sid;
 405 
 406 /*
 407  * security descriptor #1
 408  */
 409         //header
 410         sds = (SECURITY_DESCRIPTOR_HEADER*)((char*)sd_val);
 411         sds->hash = const_cpu_to_le32(0xF80312F0);
 412         sds->security_id = const_cpu_to_le32(0x0100);
 413         sds->offset = const_cpu_to_le64(0x00);
 414         sds->length = const_cpu_to_le32(0x7C);
 415         //security descriptor relative
 416         sd = (SECURITY_DESCRIPTOR_RELATIVE*)((char*)sds +
 417                         sizeof(SECURITY_DESCRIPTOR_HEADER));
 418         sd->revision = 0x01;
 419         sd->alignment = 0x00;
 420         sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT;
 421         sd->owner = const_cpu_to_le32(0x48);
 422         sd->group = const_cpu_to_le32(0x58);
 423         sd->sacl = const_cpu_to_le32(0x00);
 424         sd->dacl = const_cpu_to_le32(0x14);
 425 
 426         //acl
 427         acl = (ACL*)((char*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE));
 428         acl->revision = 0x02;
 429         acl->alignment1 = 0x00;
 430         acl->size = const_cpu_to_le16(0x34);
 431         acl->ace_count = const_cpu_to_le16(0x02);
 432         acl->alignment2 = 0x00;
 433 
 434         //ace1
 435         ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL));
 436         ace->type = 0x00;
 437         ace->flags = 0x00;
 438         ace->size = const_cpu_to_le16(0x14);
 439         ace->mask = const_cpu_to_le32(0x120089);
 440         ace->sid.revision = 0x01;
 441         ace->sid.sub_authority_count = 0x01;
 442         /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
 443         ace->sid.identifier_authority.value[0] = 0;
 444         ace->sid.identifier_authority.value[1] = 0;
 445         ace->sid.identifier_authority.value[2] = 0;
 446         ace->sid.identifier_authority.value[3] = 0;
 447         ace->sid.identifier_authority.value[4] = 0;
 448         ace->sid.identifier_authority.value[5] = 5;
 449         ace->sid.sub_authority[0] =
 450                         const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
 451         //ace2
 452         ace = (ACCESS_ALLOWED_ACE*)((char*)ace + le16_to_cpu(ace->size));
 453         ace->type = 0x00;
 454         ace->flags = 0x00;
 455         ace->size = const_cpu_to_le16(0x18);
 456         ace->mask = const_cpu_to_le32(0x120089);
 457         ace->sid.revision = 0x01;
 458         ace->sid.sub_authority_count = 0x02;
 459         /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
 460         ace->sid.identifier_authority.value[0] = 0;
 461         ace->sid.identifier_authority.value[1] = 0;
 462         ace->sid.identifier_authority.value[2] = 0;
 463         ace->sid.identifier_authority.value[3] = 0;
 464         ace->sid.identifier_authority.value[4] = 0;
 465         ace->sid.identifier_authority.value[5] = 5;
 466         ace->sid.sub_authority[0] =
 467                 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
 468         ace->sid.sub_authority[1] =
 469                 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
 470 
 471         //owner sid
 472         sid = (SID*)((char*)sd + le32_to_cpu(sd->owner));
 473         sid->revision = 0x01;
 474         sid->sub_authority_count = 0x02;
 475         /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
 476         sid->identifier_authority.value[0] = 0;
 477         sid->identifier_authority.value[1] = 0;
 478         sid->identifier_authority.value[2] = 0;
 479         sid->identifier_authority.value[3] = 0;
 480         sid->identifier_authority.value[4] = 0;
 481         sid->identifier_authority.value[5] = 5;
 482         sid->sub_authority[0] =
 483                 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
 484         sid->sub_authority[1] =
 485                 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
 486         //group sid
 487         sid = (SID*)((char*)sd + le32_to_cpu(sd->group));
 488         sid->revision = 0x01;
 489         sid->sub_authority_count = 0x02;
 490         /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
 491         sid->identifier_authority.value[0] = 0;
 492         sid->identifier_authority.value[1] = 0;
 493         sid->identifier_authority.value[2] = 0;
 494         sid->identifier_authority.value[3] = 0;
 495         sid->identifier_authority.value[4] = 0;
 496         sid->identifier_authority.value[5] = 5;
 497         sid->sub_authority[0] =
 498                 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
 499         sid->sub_authority[1] =
 500                 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
 501 /*
 502  * security descriptor #2
 503  */
 504         //header
 505         sds = (SECURITY_DESCRIPTOR_HEADER*)((char*)sd_val + 0x80);
 506         sds->hash = const_cpu_to_le32(0xB32451);
 507         sds->security_id = const_cpu_to_le32(0x0101);
 508         sds->offset = const_cpu_to_le64(0x80);
 509         sds->length = const_cpu_to_le32(0x7C);
 510 
 511         //security descriptor relative
 512         sd = (SECURITY_DESCRIPTOR_RELATIVE*)((char*)sds +
 513                  sizeof(SECURITY_DESCRIPTOR_HEADER));
 514         sd->revision = 0x01;
 515         sd->alignment = 0x00;
 516         sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT;
 517         sd->owner = const_cpu_to_le32(0x48);
 518         sd->group = const_cpu_to_le32(0x58);
 519         sd->sacl = const_cpu_to_le32(0x00);
 520         sd->dacl = const_cpu_to_le32(0x14);
 521 
 522         //acl
 523         acl = (ACL*)((char*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE));
 524         acl->revision = 0x02;
 525         acl->alignment1 = 0x00;
 526         acl->size = const_cpu_to_le16(0x34);
 527         acl->ace_count = const_cpu_to_le16(0x02);
 528         acl->alignment2 = 0x00;
 529 
 530         //ace1
 531         ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL));
 532         ace->type = 0x00;
 533         ace->flags = 0x00;
 534         ace->size = const_cpu_to_le16(0x14);
 535         ace->mask = const_cpu_to_le32(0x12019F);
 536         ace->sid.revision = 0x01;
 537         ace->sid.sub_authority_count = 0x01;
 538         /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
 539         ace->sid.identifier_authority.value[0] = 0;
 540         ace->sid.identifier_authority.value[1] = 0;
 541         ace->sid.identifier_authority.value[2] = 0;
 542         ace->sid.identifier_authority.value[3] = 0;
 543         ace->sid.identifier_authority.value[4] = 0;
 544         ace->sid.identifier_authority.value[5] = 5;
 545         ace->sid.sub_authority[0] =
 546                 const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
 547         //ace2
 548         ace = (ACCESS_ALLOWED_ACE*)((char*)ace + le16_to_cpu(ace->size));
 549         ace->type = 0x00;
 550         ace->flags = 0x00;
 551         ace->size = const_cpu_to_le16(0x18);
 552         ace->mask = const_cpu_to_le32(0x12019F);
 553         ace->sid.revision = 0x01;
 554         ace->sid.sub_authority_count = 0x02;
 555         /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
 556         ace->sid.identifier_authority.value[0] = 0;
 557         ace->sid.identifier_authority.value[1] = 0;
 558         ace->sid.identifier_authority.value[2] = 0;
 559         ace->sid.identifier_authority.value[3] = 0;
 560         ace->sid.identifier_authority.value[4] = 0;
 561         ace->sid.identifier_authority.value[5] = 5;
 562         ace->sid.sub_authority[0] =
 563                 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
 564         ace->sid.sub_authority[1] =
 565                 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
 566 
 567         //owner sid
 568         sid = (SID*)((char*)sd + le32_to_cpu(sd->owner));
 569         sid->revision = 0x01;
 570         sid->sub_authority_count = 0x02;
 571         /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
 572         sid->identifier_authority.value[0] = 0;
 573         sid->identifier_authority.value[1] = 0;
 574         sid->identifier_authority.value[2] = 0;
 575         sid->identifier_authority.value[3] = 0;
 576         sid->identifier_authority.value[4] = 0;
 577         sid->identifier_authority.value[5] = 5;
 578         sid->sub_authority[0] =
 579                 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
 580         sid->sub_authority[1] =
 581                 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
 582 
 583         //group sid
 584         sid = (SID*)((char*)sd + le32_to_cpu(sd->group));
 585         sid->revision = 0x01;
 586         sid->sub_authority_count = 0x02;
 587         /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
 588         sid->identifier_authority.value[0] = 0;
 589         sid->identifier_authority.value[1] = 0;
 590         sid->identifier_authority.value[2] = 0;
 591         sid->identifier_authority.value[3] = 0;
 592         sid->identifier_authority.value[4] = 0;
 593         sid->identifier_authority.value[5] = 5;
 594         sid->sub_authority[0] =
 595                 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
 596         sid->sub_authority[1] =
 597                 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
 598 
 599         return;
 600 }