2 * security_descriptor.h - declarations for Windows security descriptor format
4 * Copyright 2022 Eric Biggers
6 * Permission is hereby granted, free of charge, to any person
7 * obtaining a copy of this software and associated documentation
8 * files (the "Software"), to deal in the Software without
9 * restriction, including without limitation the rights to use,
10 * copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the
12 * Software is furnished to do so, subject to the following
15 * The above copyright notice and this permission notice shall be
16 * included in all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
19 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
20 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
21 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
22 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
23 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
24 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
25 * OTHER DEALINGS IN THE SOFTWARE.
28 #ifndef _WIMLIB_SECURITY_DESCRIPTOR_H
29 #define _WIMLIB_SECURITY_DESCRIPTOR_H
31 #include "wimlib/compiler.h"
32 #include "wimlib/types.h"
34 /* Note: the data types in this header are prefixed with wimlib_ to avoid
35 * conflicts with the same types being defined in the libntfs-3g headers. */
37 /* Windows NT security descriptor, in self-relative format */
39 /* Security descriptor revision; should be 1 */
45 /* Bitwise OR of flags defined below, such as SE_DACL_PRESENT */
48 /* Offset of owenr SID structure in the security descriptor */
51 /* Offset of group SID structure in the security descriptor */
54 /* Offset of System Access Control List (SACL) in security descriptor,
55 * or 0 if no SACL is present */
58 /* Offset of Discretionary Access Control List (DACL) in security
59 * descriptor, or 0 if no DACL is present */
61 } __attribute__((packed)) wimlib_SECURITY_DESCRIPTOR_RELATIVE;
63 #define wimlib_SE_OWNER_DEFAULTED 0x0001
64 #define wimlib_SE_GROUP_DEFAULTED 0x0002
65 #define wimlib_SE_DACL_PRESENT 0x0004
66 #define wimlib_SE_DACL_DEFAULTED 0x0008
67 #define wimlib_SE_SACL_PRESENT 0x0010
68 #define wimlib_SE_SACL_DEFAULTED 0x0020
69 #define wimlib_SE_DACL_AUTO_INHERIT_REQ 0x0100
70 #define wimlib_SE_SACL_AUTO_INHERIT_REQ 0x0200
71 #define wimlib_SE_DACL_AUTO_INHERITED 0x0400
72 #define wimlib_SE_SACL_AUTO_INHERITED 0x0800
73 #define wimlib_SE_DACL_PROTECTED 0x1000
74 #define wimlib_SE_SACL_PROTECTED 0x2000
75 #define wimlib_SE_RM_CONTROL_VALID 0x4000
76 #define wimlib_SE_SELF_RELATIVE 0x8000
78 /* Windows NT security identifier (user or group) */
82 u8 sub_authority_count;
84 /* Identifies the authority that issued the SID */
85 u8 identifier_authority[6];
88 } __attribute__((packed)) wimlib_SID;
90 /* Header of a Windows NT access control list */
92 /* ACL_REVISION or ACL_REVISION_DS */
98 /* Total size of the ACL, including all access control entries */
101 /* Number of access control entry structures that follow the ACL
107 } __attribute__((packed)) wimlib_ACL;
109 #define wimlib_ACCESS_ALLOWED_ACE_TYPE 0
110 #define wimlib_ACCESS_DENIED_ACE_TYPE 1
111 #define wimlib_SYSTEM_AUDIT_ACE_TYPE 2
113 /* Header of a Windows NT access control entry */
118 /* Bitwise OR of inherit ACE flags */
121 /* Size of the access control entry, including this header */
123 } __attribute__((packed)) wimlib_ACE_HEADER;
125 /* Windows NT access control entry to grant rights to a user or group */
127 wimlib_ACE_HEADER hdr;
130 } __attribute__((packed)) wimlib_ACCESS_ALLOWED_ACE;
132 /* Windows NT access control entry to deny rights to a user or group */
134 wimlib_ACE_HEADER hdr;
137 } __attribute__((packed)) wimlib_ACCESS_DENIED_ACE;
139 /* Windows NT access control entry to audit access to the object */
141 wimlib_ACE_HEADER hdr;
144 } __attribute__((packed)) wimlib_SYSTEM_AUDIT_ACE;
146 #endif /* _WIMLIB_SECURITY_DESCRIPTOR_H */