示例#1
0
static int set_reparse_index(ntfs_inode *ni, ntfs_index_context *xr,
			le32 reparse_tag)
{
	struct REPARSE_INDEX indx;
	u64 file_id_cpu;
	le64 file_id;
	le16 seqn;

	seqn = ni->mrec->sequence_number;
	file_id_cpu = MK_MREF(ni->mft_no,le16_to_cpu(seqn));
	file_id = cpu_to_le64(file_id_cpu);
	indx.header.data_offset = const_cpu_to_le16(
					sizeof(INDEX_ENTRY_HEADER)
					+ sizeof(REPARSE_INDEX_KEY));
	indx.header.data_length = const_cpu_to_le16(0);
	indx.header.reservedV = const_cpu_to_le32(0);
	indx.header.length = const_cpu_to_le16(
					sizeof(struct REPARSE_INDEX));
	indx.header.key_length = const_cpu_to_le16(
					sizeof(REPARSE_INDEX_KEY));
	indx.header.flags = const_cpu_to_le16(0);
	indx.header.reserved = const_cpu_to_le16(0);
	indx.key.reparse_tag = reparse_tag;
		/* danger on processors which require proper alignment ! */
	memcpy(&indx.key.file_id, &file_id, 8);
	indx.filling = const_cpu_to_le32(0);
	ntfs_index_ctx_reinit(xr);
	return (ntfs_ie_add(xr,(INDEX_ENTRY*)&indx));
}
示例#2
0
static int set_object_id_index(ntfs_inode *ni, ntfs_index_context *xo,
			const OBJECT_ID_ATTR *object_id)
{
	struct OBJECT_ID_INDEX indx;
	u64 file_id_cpu;
	le64 file_id;
	le16 seqn;

	seqn = ni->mrec->sequence_number;
	file_id_cpu = MK_MREF(ni->mft_no,le16_to_cpu(seqn));
	file_id = cpu_to_le64(file_id_cpu);
	indx.header.data_offset = const_cpu_to_le16(
					sizeof(INDEX_ENTRY_HEADER)
					+ sizeof(OBJECT_ID_INDEX_KEY));
	indx.header.data_length = const_cpu_to_le16(
					sizeof(OBJECT_ID_INDEX_DATA));
	indx.header.reservedV = const_cpu_to_le32(0);
	indx.header.length = const_cpu_to_le16(
					sizeof(struct OBJECT_ID_INDEX));
	indx.header.key_length = const_cpu_to_le16(
					sizeof(OBJECT_ID_INDEX_KEY));
	indx.header.flags = const_cpu_to_le16(0);
	indx.header.reserved = const_cpu_to_le16(0);

	memcpy(&indx.key.object_id,object_id,sizeof(GUID));

	indx.data.file_id = file_id;
	memcpy(&indx.data.birth_volume_id,
			&object_id->birth_volume_id,sizeof(GUID));
	memcpy(&indx.data.birth_object_id,
			&object_id->birth_object_id,sizeof(GUID));
	memcpy(&indx.data.domain_id,
			&object_id->domain_id,sizeof(GUID));
	ntfs_index_ctx_reinit(xo);
	return (ntfs_ie_add(xo,(INDEX_ENTRY*)&indx));
}
示例#3
0
int ntfs_fuse_listxattr_common(ntfs_inode *ni, ntfs_attr_search_ctx *actx,
			char *list, size_t size, BOOL prefixing)
{
	int ret = 0;
	char *to = list;
#ifdef XATTR_MAPPINGS
	BOOL accepted;
	const struct XATTRMAPPING *item;
#endif /* XATTR_MAPPINGS */

		/* first list the regular user attributes (ADS) */
	while (!ntfs_attr_lookup(AT_DATA, NULL, 0, CASE_SENSITIVE,
				0, NULL, 0, actx)) {
		char *tmp_name = NULL;
		int tmp_name_len;

		if (!actx->attr->name_length)
			continue;
		tmp_name_len = ntfs_ucstombs(
			(ntfschar *)((u8*)actx->attr +
				le16_to_cpu(actx->attr->name_offset)),
			actx->attr->name_length, &tmp_name, 0);
		if (tmp_name_len < 0) {
			ret = -errno;
			goto exit;
		}
				/*
				 * When using name spaces, do not return
				 * security, trusted or system attributes
				 * (filtered elsewhere anyway)
				 * otherwise insert "user." prefix
				 */
		if (prefixing) {
			if ((strlen(tmp_name) > sizeof(xattr_ntfs_3g))
			  && !strncmp(tmp_name,xattr_ntfs_3g,
				sizeof(xattr_ntfs_3g)-1))
				tmp_name_len = 0;
			else
				ret += tmp_name_len
					 + nf_ns_user_prefix_len + 1;
		} else
			ret += tmp_name_len + 1;
		if (size && tmp_name_len) {
			if ((size_t)ret <= size) {
				if (prefixing) {
					strcpy(to, nf_ns_user_prefix);
					to += nf_ns_user_prefix_len;
				}
				strncpy(to, tmp_name, tmp_name_len);
				to += tmp_name_len;
				*to = 0;
				to++;
			} else {
				free(tmp_name);
				ret = -ERANGE;
				goto exit;
			}
		}
		free(tmp_name);
	}
#ifdef XATTR_MAPPINGS
		/* now append the system attributes mapped to user space */
	for (item=ni->vol->xattr_mapping; item; item=item->next) {
		switch (item->xattr) {
		case XATTR_NTFS_EFSINFO :
			accepted = ni->vol->efs_raw
				&& (ni->flags & FILE_ATTR_ENCRYPTED);
			break;
		case XATTR_NTFS_REPARSE_DATA :
			accepted = (ni->flags & FILE_ATTR_REPARSE_POINT)
					!= const_cpu_to_le32(0);
			break;
// TODO : we are supposed to only return xattrs which are set
// this is more complex for OBJECT_ID and DOS_NAME
		default : accepted = TRUE;
			break;
		}
		if (accepted) {
			ret += strlen(item->name) + 1;
			if (size) {
				if ((size_t)ret <= size) {
					strcpy(to, item->name);
					to += strlen(item->name);
					*to++ = 0;
				} else {
					ret = -ERANGE;
					goto exit;
				}
			}
#else /* XATTR_MAPPINGS */
		/* List efs info xattr for encrypted files */
	if (ni->vol->efs_raw && (ni->flags & FILE_ATTR_ENCRYPTED)) {
		ret += sizeof(nf_ns_alt_xattr_efsinfo);
		if ((size_t)ret <= size) {
			memcpy(to, nf_ns_alt_xattr_efsinfo,
				sizeof(nf_ns_alt_xattr_efsinfo));
			to += sizeof(nf_ns_alt_xattr_efsinfo);
#endif /* XATTR_MAPPINGS */
		}
	}
exit :
	return (ret);
}
示例#4
0
文件: sd.c 项目: AllardJ/Tomato
/**
 * init_secure_sds -
 *
 * NTFS 3.1 - System files security decriptors
 * ===========================================
 * Create the security descriptor entries in $SDS data stream like they
 * are in a partition, newly formatted with windows 2003
 */
void init_secure_sds(char *sd_val)
{
	SECURITY_DESCRIPTOR_HEADER *sds;
	SECURITY_DESCRIPTOR_RELATIVE *sd;
	ACL *acl;
	ACCESS_ALLOWED_ACE *ace;
	SID *sid;

/*
 * security descriptor #1
 */
	//header
	sds = (SECURITY_DESCRIPTOR_HEADER*)((char*)sd_val);
	sds->hash = const_cpu_to_le32(0xF80312F0);
	sds->security_id = const_cpu_to_le32(0x0100);
	sds->offset = const_cpu_to_le64(0x00);
	sds->length = const_cpu_to_le32(0x7C);
	//security descriptor relative
	sd = (SECURITY_DESCRIPTOR_RELATIVE*)((char*)sds +
			sizeof(SECURITY_DESCRIPTOR_HEADER));
	sd->revision = 0x01;
	sd->alignment = 0x00;
	sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT;
	sd->owner = const_cpu_to_le32(0x48);
	sd->group = const_cpu_to_le32(0x58);
	sd->sacl = const_cpu_to_le32(0x00);
	sd->dacl = const_cpu_to_le32(0x14);

	//acl
	acl = (ACL*)((char*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE));
	acl->revision = 0x02;
	acl->alignment1 = 0x00;
	acl->size = const_cpu_to_le16(0x34);
	acl->ace_count = const_cpu_to_le16(0x02);
	acl->alignment2 = 0x00;

	//ace1
	ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL));
	ace->type = 0x00;
	ace->flags = 0x00;
	ace->size = const_cpu_to_le16(0x14);
	ace->mask = const_cpu_to_le32(0x120089);
	ace->sid.revision = 0x01;
	ace->sid.sub_authority_count = 0x01;
	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
	ace->sid.identifier_authority.value[0] = 0;
	ace->sid.identifier_authority.value[1] = 0;
	ace->sid.identifier_authority.value[2] = 0;
	ace->sid.identifier_authority.value[3] = 0;
	ace->sid.identifier_authority.value[4] = 0;
	ace->sid.identifier_authority.value[5] = 5;
	ace->sid.sub_authority[0] =
			const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
	//ace2
	ace = (ACCESS_ALLOWED_ACE*)((char*)ace + le16_to_cpu(ace->size));
	ace->type = 0x00;
	ace->flags = 0x00;
	ace->size = const_cpu_to_le16(0x18);
	ace->mask = const_cpu_to_le32(0x120089);
	ace->sid.revision = 0x01;
	ace->sid.sub_authority_count = 0x02;
	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
	ace->sid.identifier_authority.value[0] = 0;
	ace->sid.identifier_authority.value[1] = 0;
	ace->sid.identifier_authority.value[2] = 0;
	ace->sid.identifier_authority.value[3] = 0;
	ace->sid.identifier_authority.value[4] = 0;
	ace->sid.identifier_authority.value[5] = 5;
	ace->sid.sub_authority[0] =
		const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
	ace->sid.sub_authority[1] =
		const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);

	//owner sid
	sid = (SID*)((char*)sd + le32_to_cpu(sd->owner));
	sid->revision = 0x01;
	sid->sub_authority_count = 0x02;
	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
	sid->identifier_authority.value[0] = 0;
	sid->identifier_authority.value[1] = 0;
	sid->identifier_authority.value[2] = 0;
	sid->identifier_authority.value[3] = 0;
	sid->identifier_authority.value[4] = 0;
	sid->identifier_authority.value[5] = 5;
	sid->sub_authority[0] =
		const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
	sid->sub_authority[1] =
		const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
	//group sid
	sid = (SID*)((char*)sd + le32_to_cpu(sd->group));
	sid->revision = 0x01;
	sid->sub_authority_count = 0x02;
	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
	sid->identifier_authority.value[0] = 0;
	sid->identifier_authority.value[1] = 0;
	sid->identifier_authority.value[2] = 0;
	sid->identifier_authority.value[3] = 0;
	sid->identifier_authority.value[4] = 0;
	sid->identifier_authority.value[5] = 5;
	sid->sub_authority[0] =
		const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
	sid->sub_authority[1] =
		const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
/*
 * security descriptor #2
 */
	//header
	sds = (SECURITY_DESCRIPTOR_HEADER*)((char*)sd_val + 0x80);
	sds->hash = const_cpu_to_le32(0xB32451);
	sds->security_id = const_cpu_to_le32(0x0101);
	sds->offset = const_cpu_to_le64(0x80);
	sds->length = const_cpu_to_le32(0x7C);

	//security descriptor relative
	sd = (SECURITY_DESCRIPTOR_RELATIVE*)((char*)sds +
		 sizeof(SECURITY_DESCRIPTOR_HEADER));
	sd->revision = 0x01;
	sd->alignment = 0x00;
	sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT;
	sd->owner = const_cpu_to_le32(0x48);
	sd->group = const_cpu_to_le32(0x58);
	sd->sacl = const_cpu_to_le32(0x00);
	sd->dacl = const_cpu_to_le32(0x14);

	//acl
	acl = (ACL*)((char*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE));
	acl->revision = 0x02;
	acl->alignment1 = 0x00;
	acl->size = const_cpu_to_le16(0x34);
	acl->ace_count = const_cpu_to_le16(0x02);
	acl->alignment2 = 0x00;

	//ace1
	ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL));
	ace->type = 0x00;
	ace->flags = 0x00;
	ace->size = const_cpu_to_le16(0x14);
	ace->mask = const_cpu_to_le32(0x12019F);
	ace->sid.revision = 0x01;
	ace->sid.sub_authority_count = 0x01;
	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
	ace->sid.identifier_authority.value[0] = 0;
	ace->sid.identifier_authority.value[1] = 0;
	ace->sid.identifier_authority.value[2] = 0;
	ace->sid.identifier_authority.value[3] = 0;
	ace->sid.identifier_authority.value[4] = 0;
	ace->sid.identifier_authority.value[5] = 5;
	ace->sid.sub_authority[0] =
		const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
	//ace2
	ace = (ACCESS_ALLOWED_ACE*)((char*)ace + le16_to_cpu(ace->size));
	ace->type = 0x00;
	ace->flags = 0x00;
	ace->size = const_cpu_to_le16(0x18);
	ace->mask = const_cpu_to_le32(0x12019F);
	ace->sid.revision = 0x01;
	ace->sid.sub_authority_count = 0x02;
	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
	ace->sid.identifier_authority.value[0] = 0;
	ace->sid.identifier_authority.value[1] = 0;
	ace->sid.identifier_authority.value[2] = 0;
	ace->sid.identifier_authority.value[3] = 0;
	ace->sid.identifier_authority.value[4] = 0;
	ace->sid.identifier_authority.value[5] = 5;
	ace->sid.sub_authority[0] =
		const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
	ace->sid.sub_authority[1] =
		const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);

	//owner sid
	sid = (SID*)((char*)sd + le32_to_cpu(sd->owner));
	sid->revision = 0x01;
	sid->sub_authority_count = 0x02;
	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
	sid->identifier_authority.value[0] = 0;
	sid->identifier_authority.value[1] = 0;
	sid->identifier_authority.value[2] = 0;
	sid->identifier_authority.value[3] = 0;
	sid->identifier_authority.value[4] = 0;
	sid->identifier_authority.value[5] = 5;
	sid->sub_authority[0] =
		const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
	sid->sub_authority[1] =
		const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);

	//group sid
	sid = (SID*)((char*)sd + le32_to_cpu(sd->group));
	sid->revision = 0x01;
	sid->sub_authority_count = 0x02;
	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
	sid->identifier_authority.value[0] = 0;
	sid->identifier_authority.value[1] = 0;
	sid->identifier_authority.value[2] = 0;
	sid->identifier_authority.value[3] = 0;
	sid->identifier_authority.value[4] = 0;
	sid->identifier_authority.value[5] = 5;
	sid->sub_authority[0] =
		const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
	sid->sub_authority[1] =
		const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);

	return;
}
示例#5
0
文件: sd.c 项目: AllardJ/Tomato
/**
 * init_system_file_sd -
 *
 * NTFS 3.1 - System files security decriptors
 * =====================================================
 *
 * Create the security descriptor for system file number @sys_file_no and
 * return a pointer to the descriptor.
 *
 * Note the root directory system file (".") is very different and handled by a
 * different function.
 *
 * The sd is returned in *@sd_val and has length *@sd_val_len.
 *
 * Do NOT free *@sd_val as it is static memory. This also means that you can
 * only use *@sd_val until the next call to this function.
 */
void init_system_file_sd(int sys_file_no, u8 **sd_val, int *sd_val_len)
{
	static u8 sd_array[0x68];
	SECURITY_DESCRIPTOR_RELATIVE *sd;
	ACL *acl;
	ACCESS_ALLOWED_ACE *aa_ace;
	SID *sid;
	le32 *sub_authorities;

	if (sys_file_no < 0) {
		*sd_val = NULL;
		*sd_val_len = 0;
		return;
	}
	*sd_val = sd_array;
	sd = (SECURITY_DESCRIPTOR_RELATIVE*)&sd_array;
	sd->revision = 1;
	sd->alignment = 0;
	sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT;
	*sd_val_len = 0x64;
	sd->owner = const_cpu_to_le32(0x48);
	sd->group = const_cpu_to_le32(0x54);
	sd->sacl = const_cpu_to_le32(0);
	sd->dacl = const_cpu_to_le32(0x14);
	/*
	 * Now at offset 0x14, as specified in the security descriptor, we have
	 * the DACL.
	 */
	acl = (ACL*)((char*)sd + le32_to_cpu(sd->dacl));
	acl->revision = 2;
	acl->alignment1 = 0;
	acl->size = const_cpu_to_le16(0x34);
	acl->ace_count = const_cpu_to_le16(2);
	acl->alignment2 = const_cpu_to_le16(0);
	/*
	 * Now at offset 0x1c, just after the DACL's ACL, we have the first
	 * ACE of the DACL. The type of the ACE is access allowed.
	 */
	aa_ace = (ACCESS_ALLOWED_ACE*)((char*)acl + sizeof(ACL));
	aa_ace->type = ACCESS_ALLOWED_ACE_TYPE;
	aa_ace->flags = 0;
	aa_ace->size = const_cpu_to_le16(0x14);
	switch (sys_file_no) {
	case FILE_AttrDef:
	case FILE_Boot:
		aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ |
			FILE_READ_ATTRIBUTES | FILE_READ_EA | FILE_READ_DATA;
		break;
	default:
		aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_WRITE |
			FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES |
			FILE_WRITE_EA | FILE_READ_EA | FILE_APPEND_DATA |
			FILE_WRITE_DATA | FILE_READ_DATA;
		break;
	}
	aa_ace->sid.revision = 1;
	aa_ace->sid.sub_authority_count = 1;
	aa_ace->sid.identifier_authority.value[0] = 0;
	aa_ace->sid.identifier_authority.value[1] = 0;
	aa_ace->sid.identifier_authority.value[2] = 0;
	aa_ace->sid.identifier_authority.value[3] = 0;
	aa_ace->sid.identifier_authority.value[4] = 0;
	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
	aa_ace->sid.identifier_authority.value[5] = 5;
	aa_ace->sid.sub_authority[0] =
			const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
	/*
	 * Now at offset 0x30 within security descriptor, just after the first
	 * ACE of the DACL. All system files, except the root directory, have
	 * a second ACE.
	 */
	/* The second ACE of the DACL. Type is access allowed. */
	aa_ace = (ACCESS_ALLOWED_ACE*)((char*)aa_ace +
			le16_to_cpu(aa_ace->size));
	aa_ace->type = ACCESS_ALLOWED_ACE_TYPE;
	aa_ace->flags = 0;
	aa_ace->size = const_cpu_to_le16(0x18);
	/* Only $AttrDef and $Boot behave differently to everything else. */
	switch (sys_file_no) {
	case FILE_AttrDef:
	case FILE_Boot:
		aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ |
				FILE_READ_ATTRIBUTES | FILE_READ_EA |
				FILE_READ_DATA;
		break;
	default:
		aa_ace->mask = SYNCHRONIZE | STANDARD_RIGHTS_READ |
				FILE_WRITE_ATTRIBUTES |
				FILE_READ_ATTRIBUTES | FILE_WRITE_EA |
				FILE_READ_EA | FILE_APPEND_DATA |
				FILE_WRITE_DATA | FILE_READ_DATA;
		break;
	}
	aa_ace->sid.revision = 1;
	aa_ace->sid.sub_authority_count = 2;
	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
	aa_ace->sid.identifier_authority.value[0] = 0;
	aa_ace->sid.identifier_authority.value[1] = 0;
	aa_ace->sid.identifier_authority.value[2] = 0;
	aa_ace->sid.identifier_authority.value[3] = 0;
	aa_ace->sid.identifier_authority.value[4] = 0;
	aa_ace->sid.identifier_authority.value[5] = 5;
	sub_authorities = aa_ace->sid.sub_authority;
	*sub_authorities++ =
			const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
	*sub_authorities =
			const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
	/*
	 * Now at offset 0x48 into the security descriptor, as specified in the
	 * security descriptor, we now have the owner SID.
	 */
	sid = (SID*)((char*)sd + le32_to_cpu(sd->owner));
	sid->revision = 1;
	sid->sub_authority_count = 1;
	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
	sid->identifier_authority.value[0] = 0;
	sid->identifier_authority.value[1] = 0;
	sid->identifier_authority.value[2] = 0;
	sid->identifier_authority.value[3] = 0;
	sid->identifier_authority.value[4] = 0;
	sid->identifier_authority.value[5] = 5;
	sid->sub_authority[0] = const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
	/*
	 * Now at offset 0x54 into the security descriptor, as specified in the
	 * security descriptor, we have the group SID.
	 */
	sid = (SID*)((char*)sd + le32_to_cpu(sd->group));
	sid->revision = 1;
	sid->sub_authority_count = 2;
	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
	sid->identifier_authority.value[0] = 0;
	sid->identifier_authority.value[1] = 0;
	sid->identifier_authority.value[2] = 0;
	sid->identifier_authority.value[3] = 0;
	sid->identifier_authority.value[4] = 0;
	sid->identifier_authority.value[5] = 5;
	sub_authorities = sid->sub_authority;
	*sub_authorities++ = const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
	*sub_authorities = const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);
}
示例#6
0
文件: sd.c 项目: AllardJ/Tomato
/**
 * init_root_sd -
 *
 * Creates the security_descriptor for the root folder on ntfs 3.1 as created
 * by Windows Vista (when the format is done from the disk management MMC
 * snap-in, note this is different from the format done from the disk
 * properties in Windows Explorer).
 */
void init_root_sd(u8 **sd_val, int *sd_val_len)
{
	SECURITY_DESCRIPTOR_RELATIVE *sd;
	ACL *acl;
	ACCESS_ALLOWED_ACE *ace;
	SID *sid;
	le32 *sub_authorities;

	static char sd_array[0x102c];
	*sd_val_len = 0x102c;
	*sd_val = (u8*)&sd_array;

	//security descriptor relative
	sd = (SECURITY_DESCRIPTOR_RELATIVE*)sd_array;
	sd->revision = SECURITY_DESCRIPTOR_REVISION;
	sd->alignment = 0;
	sd->control = SE_SELF_RELATIVE | SE_DACL_PRESENT;
	sd->owner = const_cpu_to_le32(0x1014);
	sd->group = const_cpu_to_le32(0x1020);
	sd->sacl = 0;
	sd->dacl = const_cpu_to_le32(sizeof(SECURITY_DESCRIPTOR_RELATIVE));

	//acl
	acl = (ACL*)((u8*)sd + sizeof(SECURITY_DESCRIPTOR_RELATIVE));
	acl->revision = ACL_REVISION;
	acl->alignment1 = 0;
	acl->size = const_cpu_to_le16(0x1000);
	acl->ace_count = const_cpu_to_le16(0x08);
	acl->alignment2 = 0;

	//ace1
	ace = (ACCESS_ALLOWED_ACE*)((u8*)acl + sizeof(ACL));
	ace->type = ACCESS_ALLOWED_ACE_TYPE;
	ace->flags = 0;
	ace->size = const_cpu_to_le16(0x18);
	ace->mask = STANDARD_RIGHTS_ALL | FILE_WRITE_ATTRIBUTES |
			 FILE_LIST_DIRECTORY | FILE_WRITE_DATA |
			 FILE_ADD_SUBDIRECTORY | FILE_READ_EA | FILE_WRITE_EA |
			 FILE_TRAVERSE | FILE_DELETE_CHILD |
			 FILE_READ_ATTRIBUTES;
	ace->sid.revision = SID_REVISION;
	ace->sid.sub_authority_count = 0x02;
	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
	ace->sid.identifier_authority.value[0] = 0;
	ace->sid.identifier_authority.value[1] = 0;
	ace->sid.identifier_authority.value[2] = 0;
	ace->sid.identifier_authority.value[3] = 0;
	ace->sid.identifier_authority.value[4] = 0;
	ace->sid.identifier_authority.value[5] = 5;
	sub_authorities = ace->sid.sub_authority;
	*sub_authorities++ =
			const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
	*sub_authorities = const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);

	//ace2
	ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
	ace->type = ACCESS_ALLOWED_ACE_TYPE;
	ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE |
			INHERIT_ONLY_ACE;
	ace->size = const_cpu_to_le16(0x18);
	ace->mask = GENERIC_ALL;
	ace->sid.revision = SID_REVISION;
	ace->sid.sub_authority_count = 0x02;
	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
	ace->sid.identifier_authority.value[0] = 0;
	ace->sid.identifier_authority.value[1] = 0;
	ace->sid.identifier_authority.value[2] = 0;
	ace->sid.identifier_authority.value[3] = 0;
	ace->sid.identifier_authority.value[4] = 0;
	ace->sid.identifier_authority.value[5] = 5;
	sub_authorities = ace->sid.sub_authority;
	*sub_authorities++ =
			const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
	*sub_authorities = const_cpu_to_le32(DOMAIN_ALIAS_RID_ADMINS);

	//ace3
	ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
	ace->type = ACCESS_ALLOWED_ACE_TYPE;
	ace->flags = 0;
	ace->size = const_cpu_to_le16(0x14);
	ace->mask = STANDARD_RIGHTS_ALL | FILE_WRITE_ATTRIBUTES |
			 FILE_LIST_DIRECTORY | FILE_WRITE_DATA |
			 FILE_ADD_SUBDIRECTORY | FILE_READ_EA | FILE_WRITE_EA |
			 FILE_TRAVERSE | FILE_DELETE_CHILD |
			 FILE_READ_ATTRIBUTES;
	ace->sid.revision = SID_REVISION;
	ace->sid.sub_authority_count = 0x01;
	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
	ace->sid.identifier_authority.value[0] = 0;
	ace->sid.identifier_authority.value[1] = 0;
	ace->sid.identifier_authority.value[2] = 0;
	ace->sid.identifier_authority.value[3] = 0;
	ace->sid.identifier_authority.value[4] = 0;
	ace->sid.identifier_authority.value[5] = 5;
	ace->sid.sub_authority[0] =
			const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);

	//ace4
	ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
	ace->type = ACCESS_ALLOWED_ACE_TYPE;
	ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE |
			INHERIT_ONLY_ACE;
	ace->size = const_cpu_to_le16(0x14);
	ace->mask = GENERIC_ALL;
	ace->sid.revision = SID_REVISION;
	ace->sid.sub_authority_count = 0x01;
	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
	ace->sid.identifier_authority.value[0] = 0;
	ace->sid.identifier_authority.value[1] = 0;
	ace->sid.identifier_authority.value[2] = 0;
	ace->sid.identifier_authority.value[3] = 0;
	ace->sid.identifier_authority.value[4] = 0;
	ace->sid.identifier_authority.value[5] = 5;
	ace->sid.sub_authority[0] =
			const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);

	//ace5
	ace = (ACCESS_ALLOWED_ACE*)((char*)ace + le16_to_cpu(ace->size));
	ace->type = ACCESS_ALLOWED_ACE_TYPE;
	ace->flags = 0;
	ace->size = const_cpu_to_le16(0x14);
	ace->mask = SYNCHRONIZE | READ_CONTROL | DELETE |
			FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES |
			FILE_TRAVERSE | FILE_WRITE_EA | FILE_READ_EA |
			FILE_ADD_SUBDIRECTORY | FILE_ADD_FILE |
			FILE_LIST_DIRECTORY;
	ace->sid.revision = SID_REVISION;
	ace->sid.sub_authority_count = 0x01;
	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
	ace->sid.identifier_authority.value[0] = 0;
	ace->sid.identifier_authority.value[1] = 0;
	ace->sid.identifier_authority.value[2] = 0;
	ace->sid.identifier_authority.value[3] = 0;
	ace->sid.identifier_authority.value[4] = 0;
	ace->sid.identifier_authority.value[5] = 5;
	ace->sid.sub_authority[0] =
			const_cpu_to_le32(SECURITY_AUTHENTICATED_USER_RID);

	//ace6
	ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
	ace->type = ACCESS_ALLOWED_ACE_TYPE;
	ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE |
			INHERIT_ONLY_ACE;
	ace->size = const_cpu_to_le16(0x14);
	ace->mask = GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | DELETE;
	ace->sid.revision = SID_REVISION;
	ace->sid.sub_authority_count = 0x01;
	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
	ace->sid.identifier_authority.value[0] = 0;
	ace->sid.identifier_authority.value[1] = 0;
	ace->sid.identifier_authority.value[2] = 0;
	ace->sid.identifier_authority.value[3] = 0;
	ace->sid.identifier_authority.value[4] = 0;
	ace->sid.identifier_authority.value[5] = 5;
	ace->sid.sub_authority[0] =
			const_cpu_to_le32(SECURITY_AUTHENTICATED_USER_RID);

	//ace7
	ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
	ace->type = ACCESS_ALLOWED_ACE_TYPE;
	ace->flags = 0;
	ace->size = const_cpu_to_le16(0x18);
	ace->mask = SYNCHRONIZE | READ_CONTROL | FILE_READ_ATTRIBUTES |
			FILE_TRAVERSE | FILE_READ_EA | FILE_LIST_DIRECTORY;
	ace->sid.revision = SID_REVISION;
	ace->sid.sub_authority_count = 0x02;
	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
	ace->sid.identifier_authority.value[0] = 0;
	ace->sid.identifier_authority.value[1] = 0;
	ace->sid.identifier_authority.value[2] = 0;
	ace->sid.identifier_authority.value[3] = 0;
	ace->sid.identifier_authority.value[4] = 0;
	ace->sid.identifier_authority.value[5] = 5;
	sub_authorities = ace->sid.sub_authority;
	*sub_authorities++ =
			const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
	*sub_authorities = const_cpu_to_le32(DOMAIN_ALIAS_RID_USERS);

	//ace8
	ace = (ACCESS_ALLOWED_ACE*)((u8*)ace + le16_to_cpu(ace->size));
	ace->type = ACCESS_ALLOWED_ACE_TYPE;
	ace->flags = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE |
			INHERIT_ONLY_ACE;
	ace->size = const_cpu_to_le16(0x18);
	ace->mask = GENERIC_READ | GENERIC_EXECUTE;
	ace->sid.revision = SID_REVISION;
	ace->sid.sub_authority_count = 0x02;
	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
	ace->sid.identifier_authority.value[0] = 0;
	ace->sid.identifier_authority.value[1] = 0;
	ace->sid.identifier_authority.value[2] = 0;
	ace->sid.identifier_authority.value[3] = 0;
	ace->sid.identifier_authority.value[4] = 0;
	ace->sid.identifier_authority.value[5] = 5;
	sub_authorities = ace->sid.sub_authority;
	*sub_authorities++ =
			const_cpu_to_le32(SECURITY_BUILTIN_DOMAIN_RID);
	*sub_authorities = const_cpu_to_le32(DOMAIN_ALIAS_RID_USERS);

	//owner sid
	sid = (SID*)((char*)sd + le32_to_cpu(sd->owner));
	sid->revision = 0x01;
	sid->sub_authority_count = 0x01;
	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
	sid->identifier_authority.value[0] = 0;
	sid->identifier_authority.value[1] = 0;
	sid->identifier_authority.value[2] = 0;
	sid->identifier_authority.value[3] = 0;
	sid->identifier_authority.value[4] = 0;
	sid->identifier_authority.value[5] = 5;
	sid->sub_authority[0] = const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);

	//group sid
	sid = (SID*)((char*)sd + le32_to_cpu(sd->group));
	sid->revision = 0x01;
	sid->sub_authority_count = 0x01;
	/* SECURITY_NT_SID_AUTHORITY (S-1-5) */
	sid->identifier_authority.value[0] = 0;
	sid->identifier_authority.value[1] = 0;
	sid->identifier_authority.value[2] = 0;
	sid->identifier_authority.value[3] = 0;
	sid->identifier_authority.value[4] = 0;
	sid->identifier_authority.value[5] = 5;
	sid->sub_authority[0] = const_cpu_to_le32(SECURITY_LOCAL_SYSTEM_RID);
}
示例#7
0
/**
 * enum NTFS_CRYPTO_ALGORITHMS - List of crypto algorithms used by EFS (32 bit)
 *
 * To choose which one is used in Windows, create or set the REG_DWORD registry
 * key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS\
 * AlgorithmID to the value of your chosen crypto algorithm, e.g. to use DesX,
 * set AlgorithmID to 0x6604.
 *
 * Note that the Windows versions I have tried so far (all are high crypto
 * enabled) ignore the AlgorithmID value if it is not one of CALG_3DES,
 * CALG_DESX, or CALG_AES_256, i.e. you cannot select CALG_DES at all using
 * this registry key.  It would be interesting to check out encryption on one
 * of the "crippled" crypto Windows versions...
 */
typedef enum {
    CALG_DES	= const_cpu_to_le32(0x6601),
    /* If not one of the below three, fall back to standard Des. */
    CALG_3DES	= const_cpu_to_le32(0x6603),
    CALG_DESX	= const_cpu_to_le32(0x6604),
    CALG_AES_256	= const_cpu_to_le32(0x6610),
} NTFS_CRYPTO_ALGORITHMS;

typedef struct {
    u64 in_whitening, out_whitening;
    u8 des_key[8];
} ntfs_desx_ctx;

/**
 * struct ntfs_fek - Decrypted, in-memory file encryption key.
 */
示例#8
0
文件: security.c 项目: geocar/winback
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>

#include "types.h"
#include "layout.h"
#include "attrib.h"
#include "security.h"
#include "misc.h"
#include "bitmap.h"

/*
 * The zero GUID.
 */
static const GUID __zero_guid = { const_cpu_to_le32(0), const_cpu_to_le16(0),
		const_cpu_to_le16(0), { 0, 0, 0, 0, 0, 0, 0, 0 } };
const GUID *const zero_guid = &__zero_guid;

/**
 * ntfs_guid_is_zero - check if a GUID is zero
 * @guid:	[IN] guid to check
 *
 * Return TRUE if @guid is a valid pointer to a GUID and it is the zero GUID
 * and FALSE otherwise.
 */
BOOL ntfs_guid_is_zero(const GUID *guid)
{
	return (memcmp(guid, zero_guid, sizeof(*zero_guid)));
}
示例#9
0
/**
 * ntfs_inode_open - open an inode ready for access
 * @vol:	volume to get the inode from
 * @mref:	inode number / mft record number to open
 *
 * Allocate an ntfs_inode structure and initialize it for the given inode
 * specified by @mref. @mref specifies the inode number / mft record to read,
 * including the sequence number, which can be 0 if no sequence number checking
 * is to be performed.
 *
 * Then, allocate a buffer for the mft record, read the mft record from the
 * volume @vol, and attach it to the ntfs_inode structure (->mrec). The
 * mft record is mst deprotected and sanity checked for validity and we abort
 * if deprotection or checks fail.
 *
 * Finally, search for an attribute list attribute in the mft record and if one
 * is found, load the attribute list attribute value and attach it to the
 * ntfs_inode structure (->attr_list). Also set the NI_AttrList bit to indicate
 * this.
 *
 * Return a pointer to the ntfs_inode structure on success or NULL on error,
 * with errno set to the error code.
 */
static ntfs_inode *ntfs_inode_real_open(ntfs_volume *vol, const MFT_REF mref)
{
	s64 l;
	ntfs_inode *ni = NULL;
	ntfs_attr_search_ctx *ctx;
	STANDARD_INFORMATION *std_info;
	le32 lthle;
	int olderrno;

	ntfs_log_enter("Entering for inode %lld\n", (long long)MREF(mref));
	if (!vol) {
		errno = EINVAL;
		goto out;
	}
	ni = __ntfs_inode_allocate(vol);
	if (!ni)
		goto out;
	if (ntfs_file_record_read(vol, mref, &ni->mrec, NULL))
		goto err_out;
	if (!(ni->mrec->flags & MFT_RECORD_IN_USE)) {
		errno = ENOENT;
		goto err_out;
	}
	ni->mft_no = MREF(mref);
	ctx = ntfs_attr_get_search_ctx(ni, NULL);
	if (!ctx)
		goto err_out;
	/* Receive some basic information about inode. */
	if (ntfs_attr_lookup(AT_STANDARD_INFORMATION, AT_UNNAMED,
				0, CASE_SENSITIVE, 0, NULL, 0, ctx)) {
		if (!ni->mrec->base_mft_record)
			ntfs_log_perror("No STANDARD_INFORMATION in base record"
					" %lld", (long long)MREF(mref));
		goto put_err_out;
	}
	std_info = (STANDARD_INFORMATION *)((u8 *)ctx->attr +
			le16_to_cpu(ctx->attr->value_offset));
	ni->flags = std_info->file_attributes;
	ni->creation_time = std_info->creation_time;
	ni->last_data_change_time = std_info->last_data_change_time;
	ni->last_mft_change_time = std_info->last_mft_change_time;
	ni->last_access_time = std_info->last_access_time;
  		/* JPA insert v3 extensions if present */
                /* length may be seen as 72 (v1.x) or 96 (v3.x) */
	lthle = ctx->attr->length;
	if (le32_to_cpu(lthle) > sizeof(STANDARD_INFORMATION)) {
		set_nino_flag(ni, v3_Extensions);
		ni->owner_id = std_info->owner_id;
		ni->security_id = std_info->security_id;
		ni->quota_charged = std_info->quota_charged;
		ni->usn = std_info->usn;
	} else {
		clear_nino_flag(ni, v3_Extensions);
		ni->owner_id = const_cpu_to_le32(0);
		ni->security_id = const_cpu_to_le32(0);
	}
	/* Set attribute list information. */
	olderrno = errno;
	if (ntfs_attr_lookup(AT_ATTRIBUTE_LIST, AT_UNNAMED, 0,
			CASE_SENSITIVE, 0, NULL, 0, ctx)) {
		if (errno != ENOENT)
			goto put_err_out;
		/* Attribute list attribute does not present. */
		/* restore previous errno to avoid misinterpretation */
		errno = olderrno;
		goto get_size;
	}
	NInoSetAttrList(ni);
	l = ntfs_get_attribute_value_length(ctx->attr);
	if (!l)
		goto put_err_out;
	if (l > 0x40000) {
		errno = EIO;
		ntfs_log_perror("Too large attrlist attribute (%lld), inode "
				"%lld", (long long)l, (long long)MREF(mref));
		goto put_err_out;
	}
	ni->attr_list_size = l;
	ni->attr_list = ntfs_malloc(ni->attr_list_size);
	if (!ni->attr_list)
		goto put_err_out;
	l = ntfs_get_attribute_value(vol, ctx->attr, ni->attr_list);
	if (!l)
		goto put_err_out;
	if (l != ni->attr_list_size) {
		errno = EIO;
		ntfs_log_perror("Unexpected attrlist size (%lld <> %u), inode "
				"%lld", (long long)l, ni->attr_list_size,
				(long long)MREF(mref));
		goto put_err_out;
	}
get_size:
	olderrno = errno;
	if (ntfs_attr_lookup(AT_DATA, AT_UNNAMED, 0, 0, 0, NULL, 0, ctx)) {
		if (errno != ENOENT)
			goto put_err_out;
		/* Directory or special file. */
		/* restore previous errno to avoid misinterpretation */
		errno = olderrno;
		ni->data_size = ni->allocated_size = 0;
	} else {
		if (ctx->attr->non_resident) {
			ni->data_size = sle64_to_cpu(ctx->attr->data_size);
			if (ctx->attr->flags &
					(ATTR_IS_COMPRESSED | ATTR_IS_SPARSE))
				ni->allocated_size = sle64_to_cpu(
						ctx->attr->compressed_size);
			else
				ni->allocated_size = sle64_to_cpu(
						ctx->attr->allocated_size);
		} else {
			ni->data_size = le32_to_cpu(ctx->attr->value_length);
			ni->allocated_size = (ni->data_size + 7) & ~7;
		}
		set_nino_flag(ni,KnownSize);
	}
	ntfs_attr_put_search_ctx(ctx);
out:
	ntfs_log_leave("\n");
	return ni;

put_err_out:
	ntfs_attr_put_search_ctx(ctx);
err_out:
	__ntfs_inode_release(ni);
	ni = NULL;
	goto out;
}
示例#10
0
char *ntfs_make_symlink(ntfs_inode *ni, const char *mnt_point,
			int *pattr_size)
{
	s64 attr_size = 0;
	char *target;
	unsigned int offs;
	unsigned int lth;
	ntfs_volume *vol;
	REPARSE_POINT *reparse_attr;
	struct MOUNT_POINT_REPARSE_DATA *mount_point_data;
	struct SYMLINK_REPARSE_DATA *symlink_data;
	enum { FULL_TARGET, ABS_TARGET, REL_TARGET } kind;
	ntfschar *p;
	BOOL bad;
	BOOL isdir;

	target = (char*)NULL;
	bad = TRUE;
	isdir = (ni->mrec->flags & MFT_RECORD_IS_DIRECTORY)
			 != const_cpu_to_le16(0);
	vol = ni->vol;
	reparse_attr = (REPARSE_POINT*)ntfs_attr_readall(ni,
			AT_REPARSE_POINT,(ntfschar*)NULL, 0, &attr_size);
	if (reparse_attr && attr_size
			&& valid_reparse_data(ni, reparse_attr, attr_size)) {
		switch (reparse_attr->reparse_tag) {
		case IO_REPARSE_TAG_MOUNT_POINT :
			mount_point_data = (struct MOUNT_POINT_REPARSE_DATA*)
						reparse_attr->reparse_data;
			offs = le16_to_cpu(mount_point_data->subst_name_offset);
			lth = le16_to_cpu(mount_point_data->subst_name_length);
				/* reparse data consistency has been checked */
			target = ntfs_get_fulllink(vol,
				(ntfschar*)&mount_point_data->path_buffer[offs],
				lth/2, mnt_point, isdir);
			if (target)
				bad = FALSE;
			break;
		case IO_REPARSE_TAG_SYMLINK :
			symlink_data = (struct SYMLINK_REPARSE_DATA*)
						reparse_attr->reparse_data;
			offs = le16_to_cpu(symlink_data->subst_name_offset);
			lth = le16_to_cpu(symlink_data->subst_name_length);
			p = (ntfschar*)&symlink_data->path_buffer[offs];
				/*
				 * Predetermine the kind of target,
				 * the called function has to make a full check
				 */
			if (*p++ == const_cpu_to_le16('\\')) {
				if ((*p == const_cpu_to_le16('?'))
				    || (*p == const_cpu_to_le16('\\')))
					kind = FULL_TARGET;
				else
					kind = ABS_TARGET;
			} else
				if (*p == const_cpu_to_le16(':'))
					kind = ABS_TARGET;
				else
					kind = REL_TARGET;
			p--;
				/* reparse data consistency has been checked */
			switch (kind) {
			case FULL_TARGET :
				if (!(symlink_data->flags
				   & const_cpu_to_le32(1))) {
					target = ntfs_get_fulllink(vol,
						p, lth/2,
						mnt_point, isdir);
					if (target)
						bad = FALSE;
				}
				break;
			case ABS_TARGET :
				if (symlink_data->flags
				   & const_cpu_to_le32(1)) {
					target = ntfs_get_abslink(vol,
						p, lth/2,
						mnt_point, isdir);
					if (target)
						bad = FALSE;
				}
				break;
			case REL_TARGET :
				if (symlink_data->flags
				   & const_cpu_to_le32(1)) {
					target = ntfs_get_rellink(ni,
						p, lth/2);
					if (target)
						bad = FALSE;
				}
				break;
			}
			break;
		}
		free(reparse_attr);
	}
	*pattr_size = attr_size;
	if (bad)
		errno = EOPNOTSUPP;
	return (target);
}