1 #include "compat.h"
2 #include "types.h"
3 #include "layout.h"
4 #include "sd.h"
5
6 /**
7 * init_system_file_sd -
8 *
9 * NTFS 3.1 - System files security decriptors
10 * =====================================================
11 *
12 * Create the security descriptor for system file number @sys_file_no and
13 * return a pointer to the descriptor.
14 *
15 * Note the root directory system file (".") is very different and handled by a
16 * different function.
17 *
18 * The sd is returned in *@sd_val and has length *@sd_val_len.
19 *
20 * Do NOT free *@sd_val as it is static memory. This also means that you can
21 * only use *@sd_val until the next call to this function.
22 */
23 void init_system_file_sd(int sys_file_no, u8 **sd_val, int *sd_val_len)
24 {
25 static u8 sd_array[0x68];
26 SECURITY_DESCRIPTOR_RELATIVE *sd;
27 ACL *acl;
28 ACCESS_ALLOWED_ACE *aa_ace;
29 SID *sid;
30
31 if (sys_file_no < 0) {
32 *sd_val = NULL;
33 *sd_val_len = 0;
34 return;
35 }
36 *sd_val = sd_array;
37 sd = (SECURITY_DESCRIPTOR_RELATIVE*)&sd_array;
38 sd->revision = 1;
39 sd->alignment = 0;
40 sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT;
41 *sd_val_len = 0x64;
42 sd->owner = const_cpu_to_le32(0x48);
43 sd->group = const_cpu_to_le32(0x54);
44 sd->sacl = const_cpu_to_le32(0);
45 sd->dacl = const_cpu_to_le32(0x14);
46 /*
47 * Now at offset 0x14, as specified in the security descriptor, we have
48 * the DACL.
49 */
50 acl = (ACL*)((char*)sd + le32_to_cpu(sd->dacl));
51 acl->revision = 2;
52 acl->alignment1 = 0;
53 acl->size = const_cpu_to_le16(0x34);
54 acl->ace_count = const_cpu_to_le16(2);
55 acl->alignment2 = const_cpu_to_le16(0);
56 /*
57 * Now at offset 0x1c, just after the DACL's ACL, we have the first
58 * ACE of the DACL. The type of the ACE is access allowed.
59 */
60 aa_ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL));
61 aa_ace->type = ACCESS_ALLOWED_ACE_TYPE;
62 aa_ace->flags = 0;
63 aa_ace->size = const_cpu_to_le16(0x14);
64 switch (sys_file_no) {
65 case FILE_AttrDef:
66 case FILE_Boot:
67 aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ |
68 FILE_READ_ATTRIBUTES | FILE_READ_EA | FILE_READ_DATA;
69 break;
70 default:
71 aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_WRITE |
72 FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES |
73 FILE_WRITE_EA | FILE_READ_EA | FILE_APPEND_DATA |
74 FILE_WRITE_DATA | FILE_READ_DATA;
75 break;
76 }
77 aa_ace->sid.revision = 1;
78 aa_ace->sid.sub_authority_count = 1;
79 aa_ace->sid.identifier_authority.value[0] = 0;
80 aa_ace->sid.identifier_authority.value[1] = 0;
81 aa_ace->sid.identifier_authority.value[2] = 0;
82 aa_ace->sid.identifier_authority.value[3] = 0;
83 aa_ace->sid.identifier_authority.value[4] = 0;
84 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
85 aa_ace->sid.identifier_authority.value[5] = 5;
86 aa_ace->sid.sub_authority[0] =
87 const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
88 /*
89 * Now at offset 0x30 within security descriptor, just after the first
90 * ACE of the DACL. All system files, except the root directory, have
91 * a second ACE.
92 */
93 /* The second ACE of the DACL. Type is access allowed. */
94 aa_ace = (ACCESS_ALLOWED_ACE*)((char*)aa_ace +
95 le16_to_cpu(aa_ace->size));
96 aa_ace->type = ACCESS_ALLOWED_ACE_TYPE;
97 aa_ace->flags = 0;
98 aa_ace->size = const_cpu_to_le16(0x18);
99 /* Only $AttrDef and $Boot behave differently to everything else. */
100 switch (sys_file_no) {
101 case FILE_AttrDef:
102 case FILE_Boot:
103 aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ |
104 FILE_READ_ATTRIBUTES | FILE_READ_EA |
105 FILE_READ_DATA;
106 break;
107 default:
108 aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ |
109 FILE_WRITE_ATTRIBUTES |
110 FILE_READ_ATTRIBUTES | FILE_WRITE_EA |
111 FILE_READ_EA | FILE_APPEND_DATA |
112 FILE_WRITE_DATA | FILE_READ_DATA;
113 break;
114 }
115 aa_ace->sid.revision = 1;
116 aa_ace->sid.sub_authority_count = 2;
117 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
118 aa_ace->sid.identifier_authority.value[0] = 0;
119 aa_ace->sid.identifier_authority.value[1] = 0;
120 aa_ace->sid.identifier_authority.value[2] = 0;
121 aa_ace->sid.identifier_authority.value[3] = 0;
122 aa_ace->sid.identifier_authority.value[4] = 0;
123 aa_ace->sid.identifier_authority.value[5] = 5;
124 aa_ace->sid.sub_authority[0] =
125 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
126 aa_ace->sid.sub_authority[1] =
127 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
128 /*
129 * Now at offset 0x48 into the security descriptor, as specified in the
130 * security descriptor, we now have the owner SID.
131 */
132 sid = (SID*)((char*)sd + le32_to_cpu(sd->owner));
133 sid->revision = 1;
134 sid->sub_authority_count = 1;
135 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
136 sid->identifier_authority.value[0] = 0;
137 sid->identifier_authority.value[1] = 0;
138 sid->identifier_authority.value[2] = 0;
139 sid->identifier_authority.value[3] = 0;
140 sid->identifier_authority.value[4] = 0;
141 sid->identifier_authority.value[5] = 5;
142 sid->sub_authority[0] = const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
143 /*
144 * Now at offset 0x54 into the security descriptor, as specified in the
145 * security descriptor, we have the group SID.
146 */
147 sid = (SID*)((char*)sd + le32_to_cpu(sd->group));
148 sid->revision = 1;
149 sid->sub_authority_count = 2;
150 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
151 sid->identifier_authority.value[0] = 0;
152 sid->identifier_authority.value[1] = 0;
153 sid->identifier_authority.value[2] = 0;
154 sid->identifier_authority.value[3] = 0;
155 sid->identifier_authority.value[4] = 0;
156 sid->identifier_authority.value[5] = 5;
157 sid->sub_authority[0] = const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
158 sid->sub_authority[1] = const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
159 }
160
161 /**
162 * init_root_sd -
163 *
164 * Creates the security_descriptor for the root folder on ntfs 3.1 as created
165 * by Windows Vista (when the format is done from the disk management MMC
166 * snap-in, note this is different from the format done from the disk
167 * properties in Windows Explorer).
168 */
169 void init_root_sd(u8 **sd_val, int *sd_val_len)
170 {
171 SECURITY_DESCRIPTOR_RELATIVE *sd;
172 ACL *acl;
173 ACCESS_ALLOWED_ACE *ace;
174 SID *sid;
175
176 static char sd_array[0x102c];
177 *sd_val_len = 0x102c;
178 *sd_val = (u8*)&sd_array;
179
180 //security descriptor relative
181 sd = (SECURITY_DESCRIPTOR_RELATIVE*)sd_array;
182 sd->revision = SECURITY_DESCRIPTOR_REVISION;
183 sd->alignment = 0;
184 sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT;
185 sd->owner = const_cpu_to_le32(0x1014);
186 sd->group = const_cpu_to_le32(0x1020);
187 sd->sacl = 0;
188 sd->dacl = const_cpu_to_le32(sizeof(SECURITY_DESCRIPTOR_RELATIVE));
189
190 //acl
191 acl = (ACL*)((u8*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE));
192 acl->revision = ACL_REVISION;
193 acl->alignment1 = 0;
194 acl->size = const_cpu_to_le16(0x1000);
195 acl->ace_count = const_cpu_to_le16(0x08);
196 acl->alignment2 = 0;
197
198 //ace1
199 ace = (ACCESS_ALLOWED_ACE*)((u8*)acl + sizeof(ACL));
200 ace->type = ACCESS_ALLOWED_ACE_TYPE;
201 ace->flags = 0;
202 ace->size = const_cpu_to_le16(0x18);
203 ace->mask = STANDARD_RIGHTS_ALL | FILE_WRITE_ATTRIBUTES |
204 FILE_LIST_DIRECTORY | FILE_WRITE_DATA |
205 FILE_ADD_SUBDIRECTORY | FILE_READ_EA | FILE_WRITE_EA |
206 FILE_TRAVERSE | FILE_DELETE_CHILD |
207 FILE_READ_ATTRIBUTES;
208 ace->sid.revision = SID_REVISION;
209 ace->sid.sub_authority_count = 0x02;
210 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
211 ace->sid.identifier_authority.value[0] = 0;
212 ace->sid.identifier_authority.value[1] = 0;
213 ace->sid.identifier_authority.value[2] = 0;
214 ace->sid.identifier_authority.value[3] = 0;
215 ace->sid.identifier_authority.value[4] = 0;
216 ace->sid.identifier_authority.value[5] = 5;
217 ace->sid.sub_authority[0] =
218 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
219 ace->sid.sub_authority[1] = const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
220
221 //ace2
222 ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
223 ace->type = ACCESS_ALLOWED_ACE_TYPE;
224 ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE |
225 INHERIT_ONLY_ACE;
226 ace->size = const_cpu_to_le16(0x18);
227 ace->mask = GENERIC_ALL;
228 ace->sid.revision = SID_REVISION;
229 ace->sid.sub_authority_count = 0x02;
230 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
231 ace->sid.identifier_authority.value[0] = 0;
232 ace->sid.identifier_authority.value[1] = 0;
233 ace->sid.identifier_authority.value[2] = 0;
234 ace->sid.identifier_authority.value[3] = 0;
235 ace->sid.identifier_authority.value[4] = 0;
236 ace->sid.identifier_authority.value[5] = 5;
237 ace->sid.sub_authority[0] =
238 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
239 ace->sid.sub_authority[1] = const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
240
241 //ace3
242 ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
243 ace->type = ACCESS_ALLOWED_ACE_TYPE;
244 ace->flags = 0;
245 ace->size = const_cpu_to_le16(0x14);
246 ace->mask = STANDARD_RIGHTS_ALL | FILE_WRITE_ATTRIBUTES |
247 FILE_LIST_DIRECTORY | FILE_WRITE_DATA |
248 FILE_ADD_SUBDIRECTORY | FILE_READ_EA | FILE_WRITE_EA |
249 FILE_TRAVERSE | FILE_DELETE_CHILD |
250 FILE_READ_ATTRIBUTES;
251 ace->sid.revision = SID_REVISION;
252 ace->sid.sub_authority_count = 0x01;
253 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
254 ace->sid.identifier_authority.value[0] = 0;
255 ace->sid.identifier_authority.value[1] = 0;
256 ace->sid.identifier_authority.value[2] = 0;
257 ace->sid.identifier_authority.value[3] = 0;
258 ace->sid.identifier_authority.value[4] = 0;
259 ace->sid.identifier_authority.value[5] = 5;
260 ace->sid.sub_authority[0] =
261 const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
262
263 //ace4
264 ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
265 ace->type = ACCESS_ALLOWED_ACE_TYPE;
266 ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE |
267 INHERIT_ONLY_ACE;
268 ace->size = const_cpu_to_le16(0x14);
269 ace->mask = GENERIC_ALL;
270 ace->sid.revision = SID_REVISION;
271 ace->sid.sub_authority_count = 0x01;
272 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
273 ace->sid.identifier_authority.value[0] = 0;
274 ace->sid.identifier_authority.value[1] = 0;
275 ace->sid.identifier_authority.value[2] = 0;
276 ace->sid.identifier_authority.value[3] = 0;
277 ace->sid.identifier_authority.value[4] = 0;
278 ace->sid.identifier_authority.value[5] = 5;
279 ace->sid.sub_authority[0] =
280 const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
281
282 //ace5
283 ace = (ACCESS_ALLOWED_ACE*)((char*)ace + le16_to_cpu(ace->size));
284 ace->type = ACCESS_ALLOWED_ACE_TYPE;
285 ace->flags = 0;
286 ace->size = const_cpu_to_le16(0x14);
287 ace->mask = SYNCHRONIZE | READ_CONTROL | DELETE |
288 FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES |
289 FILE_TRAVERSE | FILE_WRITE_EA | FILE_READ_EA |
290 FILE_ADD_SUBDIRECTORY | FILE_ADD_FILE |
291 FILE_LIST_DIRECTORY;
292 ace->sid.revision = SID_REVISION;
293 ace->sid.sub_authority_count = 0x01;
294 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
295 ace->sid.identifier_authority.value[0] = 0;
296 ace->sid.identifier_authority.value[1] = 0;
297 ace->sid.identifier_authority.value[2] = 0;
298 ace->sid.identifier_authority.value[3] = 0;
299 ace->sid.identifier_authority.value[4] = 0;
300 ace->sid.identifier_authority.value[5] = 5;
301 ace->sid.sub_authority[0] =
302 const_cpu_to_le32(SECURITY_AUTHENTICATED_USER_RID);
303
304 //ace6
305 ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
306 ace->type = ACCESS_ALLOWED_ACE_TYPE;
307 ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE |
308 INHERIT_ONLY_ACE;
309 ace->size = const_cpu_to_le16(0x14);
310 ace->mask = GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | DELETE;
311 ace->sid.revision = SID_REVISION;
312 ace->sid.sub_authority_count = 0x01;
313 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
314 ace->sid.identifier_authority.value[0] = 0;
315 ace->sid.identifier_authority.value[1] = 0;
316 ace->sid.identifier_authority.value[2] = 0;
317 ace->sid.identifier_authority.value[3] = 0;
318 ace->sid.identifier_authority.value[4] = 0;
319 ace->sid.identifier_authority.value[5] = 5;
320 ace->sid.sub_authority[0] =
321 const_cpu_to_le32(SECURITY_AUTHENTICATED_USER_RID);
322
323 //ace7
324 ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
325 ace->type = ACCESS_ALLOWED_ACE_TYPE;
326 ace->flags = 0;
327 ace->size = const_cpu_to_le16(0x18);
328 ace->mask = SYNCHRONIZE | READ_CONTROL | FILE_READ_ATTRIBUTES |
329 FILE_TRAVERSE | FILE_READ_EA | FILE_LIST_DIRECTORY;
330 ace->sid.revision = SID_REVISION;
331 ace->sid.sub_authority_count = 0x02;
332 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
333 ace->sid.identifier_authority.value[0] = 0;
334 ace->sid.identifier_authority.value[1] = 0;
335 ace->sid.identifier_authority.value[2] = 0;
336 ace->sid.identifier_authority.value[3] = 0;
337 ace->sid.identifier_authority.value[4] = 0;
338 ace->sid.identifier_authority.value[5] = 5;
339 ace->sid.sub_authority[0] =
340 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
341 ace->sid.sub_authority[1] = const_cpu_to_le32(DOMAIN_ALIAS_RID_USERS);
342
343 //ace8
344 ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
345 ace->type = ACCESS_ALLOWED_ACE_TYPE;
346 ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE |
347 INHERIT_ONLY_ACE;
348 ace->size = const_cpu_to_le16(0x18);
349 ace->mask = GENERIC_READ | GENERIC_EXECUTE;
350 ace->sid.revision = SID_REVISION;
351 ace->sid.sub_authority_count = 0x02;
352 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
353 ace->sid.identifier_authority.value[0] = 0;
354 ace->sid.identifier_authority.value[1] = 0;
355 ace->sid.identifier_authority.value[2] = 0;
356 ace->sid.identifier_authority.value[3] = 0;
357 ace->sid.identifier_authority.value[4] = 0;
358 ace->sid.identifier_authority.value[5] = 5;
359 ace->sid.sub_authority[0] =
360 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
361 ace->sid.sub_authority[1] = const_cpu_to_le32(DOMAIN_ALIAS_RID_USERS);
362
363 //owner sid
364 sid = (SID*)((char*)sd + le32_to_cpu(sd->owner));
365 sid->revision = 0x01;
366 sid->sub_authority_count = 0x01;
367 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
368 sid->identifier_authority.value[0] = 0;
369 sid->identifier_authority.value[1] = 0;
370 sid->identifier_authority.value[2] = 0;
371 sid->identifier_authority.value[3] = 0;
372 sid->identifier_authority.value[4] = 0;
373 sid->identifier_authority.value[5] = 5;
374 sid->sub_authority[0] = const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
375
376 //group sid
377 sid = (SID*)((char*)sd + le32_to_cpu(sd->group));
378 sid->revision = 0x01;
379 sid->sub_authority_count = 0x01;
380 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
381 sid->identifier_authority.value[0] = 0;
382 sid->identifier_authority.value[1] = 0;
383 sid->identifier_authority.value[2] = 0;
384 sid->identifier_authority.value[3] = 0;
385 sid->identifier_authority.value[4] = 0;
386 sid->identifier_authority.value[5] = 5;
387 sid->sub_authority[0] = const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
388 }
389
390 /**
391 * init_secure_sds -
392 *
393 * NTFS 3.1 - System files security decriptors
394 * ===========================================
395 * Create the security descriptor entries in $SDS data stream like they
396 * are in a partition, newly formatted with windows 2003
397 */
398 void init_secure_sds(char *sd_val)
399 {
400 SECURITY_DESCRIPTOR_HEADER *sds;
401 SECURITY_DESCRIPTOR_RELATIVE *sd;
402 ACL *acl;
403 ACCESS_ALLOWED_ACE *ace;
404 SID *sid;
405
406 /*
407 * security descriptor #1
408 */
409 //header
410 sds = (SECURITY_DESCRIPTOR_HEADER*)((char*)sd_val);
411 sds->hash = const_cpu_to_le32(0xF80312F0);
412 sds->security_id = const_cpu_to_le32(0x0100);
413 sds->offset = const_cpu_to_le64(0x00);
414 sds->length = const_cpu_to_le32(0x7C);
415 //security descriptor relative
416 sd = (SECURITY_DESCRIPTOR_RELATIVE*)((char*)sds +
417 sizeof(SECURITY_DESCRIPTOR_HEADER));
418 sd->revision = 0x01;
419 sd->alignment = 0x00;
420 sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT;
421 sd->owner = const_cpu_to_le32(0x48);
422 sd->group = const_cpu_to_le32(0x58);
423 sd->sacl = const_cpu_to_le32(0x00);
424 sd->dacl = const_cpu_to_le32(0x14);
425
426 //acl
427 acl = (ACL*)((char*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE));
428 acl->revision = 0x02;
429 acl->alignment1 = 0x00;
430 acl->size = const_cpu_to_le16(0x34);
431 acl->ace_count = const_cpu_to_le16(0x02);
432 acl->alignment2 = 0x00;
433
434 //ace1
435 ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL));
436 ace->type = 0x00;
437 ace->flags = 0x00;
438 ace->size = const_cpu_to_le16(0x14);
439 ace->mask = const_cpu_to_le32(0x120089);
440 ace->sid.revision = 0x01;
441 ace->sid.sub_authority_count = 0x01;
442 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
443 ace->sid.identifier_authority.value[0] = 0;
444 ace->sid.identifier_authority.value[1] = 0;
445 ace->sid.identifier_authority.value[2] = 0;
446 ace->sid.identifier_authority.value[3] = 0;
447 ace->sid.identifier_authority.value[4] = 0;
448 ace->sid.identifier_authority.value[5] = 5;
449 ace->sid.sub_authority[0] =
450 const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
451 //ace2
452 ace = (ACCESS_ALLOWED_ACE*)((char*)ace + le16_to_cpu(ace->size));
453 ace->type = 0x00;
454 ace->flags = 0x00;
455 ace->size = const_cpu_to_le16(0x18);
456 ace->mask = const_cpu_to_le32(0x120089);
457 ace->sid.revision = 0x01;
458 ace->sid.sub_authority_count = 0x02;
459 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
460 ace->sid.identifier_authority.value[0] = 0;
461 ace->sid.identifier_authority.value[1] = 0;
462 ace->sid.identifier_authority.value[2] = 0;
463 ace->sid.identifier_authority.value[3] = 0;
464 ace->sid.identifier_authority.value[4] = 0;
465 ace->sid.identifier_authority.value[5] = 5;
466 ace->sid.sub_authority[0] =
467 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
468 ace->sid.sub_authority[1] =
469 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
470
471 //owner sid
472 sid = (SID*)((char*)sd + le32_to_cpu(sd->owner));
473 sid->revision = 0x01;
474 sid->sub_authority_count = 0x02;
475 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
476 sid->identifier_authority.value[0] = 0;
477 sid->identifier_authority.value[1] = 0;
478 sid->identifier_authority.value[2] = 0;
479 sid->identifier_authority.value[3] = 0;
480 sid->identifier_authority.value[4] = 0;
481 sid->identifier_authority.value[5] = 5;
482 sid->sub_authority[0] =
483 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
484 sid->sub_authority[1] =
485 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
486 //group sid
487 sid = (SID*)((char*)sd + le32_to_cpu(sd->group));
488 sid->revision = 0x01;
489 sid->sub_authority_count = 0x02;
490 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
491 sid->identifier_authority.value[0] = 0;
492 sid->identifier_authority.value[1] = 0;
493 sid->identifier_authority.value[2] = 0;
494 sid->identifier_authority.value[3] = 0;
495 sid->identifier_authority.value[4] = 0;
496 sid->identifier_authority.value[5] = 5;
497 sid->sub_authority[0] =
498 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
499 sid->sub_authority[1] =
500 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
501 /*
502 * security descriptor #2
503 */
504 //header
505 sds = (SECURITY_DESCRIPTOR_HEADER*)((char*)sd_val + 0x80);
506 sds->hash = const_cpu_to_le32(0xB32451);
507 sds->security_id = const_cpu_to_le32(0x0101);
508 sds->offset = const_cpu_to_le64(0x80);
509 sds->length = const_cpu_to_le32(0x7C);
510
511 //security descriptor relative
512 sd = (SECURITY_DESCRIPTOR_RELATIVE*)((char*)sds +
513 sizeof(SECURITY_DESCRIPTOR_HEADER));
514 sd->revision = 0x01;
515 sd->alignment = 0x00;
516 sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT;
517 sd->owner = const_cpu_to_le32(0x48);
518 sd->group = const_cpu_to_le32(0x58);
519 sd->sacl = const_cpu_to_le32(0x00);
520 sd->dacl = const_cpu_to_le32(0x14);
521
522 //acl
523 acl = (ACL*)((char*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE));
524 acl->revision = 0x02;
525 acl->alignment1 = 0x00;
526 acl->size = const_cpu_to_le16(0x34);
527 acl->ace_count = const_cpu_to_le16(0x02);
528 acl->alignment2 = 0x00;
529
530 //ace1
531 ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL));
532 ace->type = 0x00;
533 ace->flags = 0x00;
534 ace->size = const_cpu_to_le16(0x14);
535 ace->mask = const_cpu_to_le32(0x12019F);
536 ace->sid.revision = 0x01;
537 ace->sid.sub_authority_count = 0x01;
538 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
539 ace->sid.identifier_authority.value[0] = 0;
540 ace->sid.identifier_authority.value[1] = 0;
541 ace->sid.identifier_authority.value[2] = 0;
542 ace->sid.identifier_authority.value[3] = 0;
543 ace->sid.identifier_authority.value[4] = 0;
544 ace->sid.identifier_authority.value[5] = 5;
545 ace->sid.sub_authority[0] =
546 const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
547 //ace2
548 ace = (ACCESS_ALLOWED_ACE*)((char*)ace + le16_to_cpu(ace->size));
549 ace->type = 0x00;
550 ace->flags = 0x00;
551 ace->size = const_cpu_to_le16(0x18);
552 ace->mask = const_cpu_to_le32(0x12019F);
553 ace->sid.revision = 0x01;
554 ace->sid.sub_authority_count = 0x02;
555 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
556 ace->sid.identifier_authority.value[0] = 0;
557 ace->sid.identifier_authority.value[1] = 0;
558 ace->sid.identifier_authority.value[2] = 0;
559 ace->sid.identifier_authority.value[3] = 0;
560 ace->sid.identifier_authority.value[4] = 0;
561 ace->sid.identifier_authority.value[5] = 5;
562 ace->sid.sub_authority[0] =
563 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
564 ace->sid.sub_authority[1] =
565 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
566
567 //owner sid
568 sid = (SID*)((char*)sd + le32_to_cpu(sd->owner));
569 sid->revision = 0x01;
570 sid->sub_authority_count = 0x02;
571 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
572 sid->identifier_authority.value[0] = 0;
573 sid->identifier_authority.value[1] = 0;
574 sid->identifier_authority.value[2] = 0;
575 sid->identifier_authority.value[3] = 0;
576 sid->identifier_authority.value[4] = 0;
577 sid->identifier_authority.value[5] = 5;
578 sid->sub_authority[0] =
579 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
580 sid->sub_authority[1] =
581 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
582
583 //group sid
584 sid = (SID*)((char*)sd + le32_to_cpu(sd->group));
585 sid->revision = 0x01;
586 sid->sub_authority_count = 0x02;
587 /* SECURITY_NT_SID_AUTHORITY (S-1-5) */
588 sid->identifier_authority.value[0] = 0;
589 sid->identifier_authority.value[1] = 0;
590 sid->identifier_authority.value[2] = 0;
591 sid->identifier_authority.value[3] = 0;
592 sid->identifier_authority.value[4] = 0;
593 sid->identifier_authority.value[5] = 5;
594 sid->sub_authority[0] =
595 const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
596 sid->sub_authority[1] =
597 const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
598
599 return;
600 }