secure.html

这是NTFS文件0.5版本技术文件

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!-- http://linux-ntfs.sourceforge.net/ntfs/files/secure.html -->

<html lang="en">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
    <meta name="description" content="NTFS Documentation">
    <link rel="stylesheet" type="text/css" href="../style/ntfsdoc.css">
    <link rel="start" type="text/html" href="../index.html" title="NTFS Documentation">
    <title>$Secure (9) - File - NTFS Documentation</title>
  </head>

  <body>
    <table border="0" class="toolbar" summary="" cellspacing="0">
      <tr>
        <td class="toolbar"><a accesskey="1" class="toolbar" href="../index.html">Home</a></td>
        <td class="toolbar">&nbsp;</td>
        <td class="toolbar"><a accesskey="2" class="toolbar" href="../files/index.html">Files</a></td>
        <td class="toolbar">&nbsp;</td>
        <td class="toolbar"><a accesskey="3" class="toolbar" href="../attributes/index.html">Attributes</a></td>
        <td class="toolbar">&nbsp;</td>
        <td class="toolbar"><a accesskey="4" class="toolbar" href="../concepts/index.html">Concepts</a></td>
        <td class="toolbar">&nbsp;</td>
        <td class="toolbar"><a accesskey="5" class="toolbar" href="../help/glossary.html">Glossary</a></td>
        <td class="toolbar">&nbsp;</td>
        <td class="toolbar"><a accesskey="6" class="toolbar" href="../help/index.html">Help</a></td>
      </tr>
    </table>

    <h1>File - $Secure (9)</h1>
    <a class="prevnext" accesskey="," href="badclus.html">Previous</a>
    <a class="prevnext" accesskey="." href="upcase.html">Next</a> 

    <h2>Overview</h2>

    <p>
    In NTFS v1.2, every file had a
    <a href="../attributes/security_descriptor.html">$SECURITY_DESCRIPTOR
    Attribute</a>.  It was inefficient to read and check these for every
    file access and most of them were the same.  NTFS v3.0 introduced a
    new Metadata File $Secure.
    </p>

    <p>
    A new field in <a href="../attributes/standard_information.html">
    $STANDARD_INFORMATION</a>, the Security Id, is a index into $Secure.
    There is a Data Stream, $SDS, and two indexes $SII and $SDH.  The
    Data Stream has a copy of every 
    <a href="../attributes/security_descriptor.html">$SECURITY_DESCRIPTOR
    Attribute</a> on the volume, and the indexes cross-reference everything.
    </p>

    <h2><a class="heading" href="../attributes/index.html">Attributes</a></h2>

    <table border="1" summary="" cellspacing="0">
      <tr>
        <th class="numeric">Type</th>
        <th>Description</th>
        <th>Name</th>
      </tr>
      <tr>
        <td class="numeric"><a class="numeric" href="../attributes/standard_information.html">0x10</a></td>
        <td><a href="../attributes/standard_information.html">$STANDARD_INFORMATION</a></td>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td class="numeric"><a class="numeric" href="../attributes/file_name.html">0x30</a></td>
        <td><a href="../attributes/file_name.html">$FILE_NAME</a></td>
        <td>$Secure</td>
      </tr>
      <tr>
        <td class="numeric"><a class="numeric" href="../attributes/data.html">0x80</a></td>
        <td><a href="../attributes/data.html">$DATA</a></td>
        <td>$SDS</td>
      </tr>
      <tr>
        <td class="numeric"><a class="numeric" href="../attributes/index_root.html">0x90</a></td>
        <td><a href="../attributes/index_root.html">$INDEX_ROOT</a></td>
        <td>$SDH</td>
      </tr>
      <tr>
        <td class="numeric"><a class="numeric" href="../attributes/index_root.html">0x90</a></td>
        <td><a href="../attributes/index_root.html">$INDEX_ROOT</a></td>
        <td>$SII</td>
      </tr>
      <tr>
        <td class="numeric"><a class="numeric" href="../attributes/index_allocation.html">0xA0</a></td>
        <td><a href="../attributes/index_allocation.html">$INDEX_ALLOCATION</a></td>
        <td>$SDH</td>
      </tr>
      <tr>
        <td class="numeric"><a class="numeric" href="../attributes/index_allocation.html">0xA0</a></td>
        <td><a href="../attributes/index_allocation.html">$INDEX_ALLOCATION</a></td>
        <td>$SII</td>
      </tr>
      <tr>
        <td class="numeric"><a class="numeric" href="../attributes/bitmap.html">0xB0</a></td>
        <td><a href="../attributes/bitmap.html">$BITMAP</a></td>
        <td>$SDH</td>
      </tr>
      <tr>
        <td class="numeric"><a class="numeric" href="../attributes/bitmap.html">0xB0</a></td>
        <td><a href="../attributes/bitmap.html">$BITMAP</a></td>
        <td>$SII</td>
      </tr>
    </table>

    <h2>Layout of the File</h2>

    <a name="sds"></a>
    <h3>$SDS Data Stream</h3>

    <p>
    The Security Descriptor Stream ($SDS) contains a list of all the
    Security Descriptors on the volume.
    Each entry is padded to a 16 byte boundary and has a hash for indexing purposes.
    </p>

    <table border="1" summary="" cellspacing="0">
      <tr>
        <th class="numeric">Offset</th>
        <th class="numeric">Size</th>
        <th colspan="2">Description</th>
      </tr>
      <tr>
        <td class="numeric">0x00</td>
        <td class="numeric">4</td>
        <td colspan="2">Hash of Security Descriptor</td>
      </tr>
      <tr>
        <td class="numeric">0x04</td>
        <td class="numeric">4</td>
        <td colspan="2">Security Id</td>
      </tr>
      <tr>
        <td class="numeric">0x08</td>
        <td class="numeric">8</td>
        <td colspan="2">Offset of this entry in this file</td>
      </tr>
      <tr>
        <td class="numeric">0x10</td>
        <td class="numeric">4</td>
        <td colspan="2">Size of this entry</td>
      </tr>
      <tr>
        <td class="numeric">0x04</td>
        <td class="numeric">V</td>
        <td colspan="2">Self-relative Security Descriptor</td>
      </tr>
      <tr>
        <td class="numeric">V+0x04</td>
        <td class="numeric">P16</td>
        <td colspan="2">Padding</td>
      </tr>
    </table>

    <pre>
    sorted by security id
    Self-relative? == has 2 * SID
    generally a large file, not all used
    there may be missing entries -- test
    large block of ids at start, then junk, then another block at 256KB
    </pre>

    <h3>$SDH Index</h3>

    <p>
    The Security Descriptor Hash ($SDH) Index
    </p>

    <table border="1" summary="" cellspacing="0">
      <tr>
        <th class="numeric">Offset</th>
        <th class="numeric">Size</th>
        <th class="numeric">Value</th>
        <th colspan="2">Description</th>
      </tr>
      <tr>
        <td class="numeric">~</td>
        <td class="numeric">~</td>
        <td class="numeric">~</td>
        <td colspan="2"><a href="../concepts/index_header.html">Standard Index Header</a></td>
      </tr>
      <tr>
        <td class="numeric">0x00</td>
        <td class="numeric">2</td>
        <td class="numeric">0x18</td>
        <td colspan="2">Offset to data</td>
      </tr>
      <tr>
        <td class="numeric">0x02</td>
        <td class="numeric">2</td>
        <td class="numeric">0x14</td>
        <td colspan="2">Size of data</td>
      </tr>
      <tr>
        <td class="numeric">0x04</td>
        <td class="numeric">4</td>
        <td class="numeric">0x00</td>
        <td colspan="2">Padding</td>
      </tr>
      <tr>
        <td class="numeric">0x08</td>
        <td class="numeric">2</td>
        <td class="numeric">0x30</td>
        <td colspan="2">Size of Index Entry</td>
      </tr>
      <tr>
        <td class="numeric">0x0A</td>
        <td class="numeric">2</td>
        <td class="numeric">0x08</td>
        <td colspan="2">Size of Index Key</td>
      </tr>
      <tr>
        <td class="numeric">0x0C</td>
        <td class="numeric">2</td>
        <td class="numeric">&nbsp;</td>
        <td colspan="2">Flags</td>
      </tr>
      <tr>
        <td class="numeric">0x0E</td>
        <td class="numeric">2</td>
        <td class="numeric">0x00</td>
        <td colspan="2">Padding</td>
      </tr>
      <tr>
        <td class="numeric">0x10</td>
        <td class="numeric">4</td>
        <td class="numeric">&nbsp;</td>
        <td>Key</td>
        <td>Hash of Security Descriptor</td>
      </tr>
      <tr>
        <td class="numeric">0x14</td>
        <td class="numeric">4</td>
        <td class="numeric">&nbsp;</td>
        <td>Key</td>
        <td>Security Id</td>
      </tr>
      <tr>
        <td class="numeric">0x18</td>
        <td class="numeric">4</td>
        <td class="numeric">&nbsp;</td>
        <td>Data</td>
        <td>Hash of Security Descriptor</td>
      </tr>
      <tr>
        <td class="numeric">0x1C</td>
        <td class="numeric">4</td>
        <td class="numeric">&nbsp;</td>
        <td>Data</td>
        <td>Security Id</td>
      </tr>
      <tr>
        <td class="numeric">0x20</td>
        <td class="numeric">8</td>
        <td class="numeric">&nbsp;</td>
        <td>Data</td>
        <td>Offset to Security Descriptor (in $SDS)</td>
      </tr>
      <tr>
        <td class="numeric">0x28</td>
        <td class="numeric">4</td>
        <td class="numeric">&nbsp;</td>
        <td>Data</td>
        <td>Size of Security Descriptor (in $SDS)</td>
      </tr>
      <tr>
        <td class="numeric">0x2C</td>
        <td class="numeric">P8</td>
        <td class="numeric">&nbsp;</td>
        <td>Data</td>
        <td>Padding</td>
      </tr>
    </table>

    <pre>
    Last padding is always 4 bytes and always appears
    to be the Unicode string "II".
    </pre>

    <h3>$SII Index</h3>

    <pre>
    The Security Id Index ($SII)
    </pre>


    <table border="1" summary="" cellspacing="0">
      <tr>
        <th class="numeric">Offset</th>
        <th class="numeric">Size</th>
        <th class="numeric">Value</th>
        <th colspan="2">Description</th>
      </tr>
      <tr>
        <td class="numeric">~</td>
        <td class="numeric">~</td>
        <td class="numeric">~</td>
        <td colspan="2"><a href="../concepts/index_header.html">Standard Index Header</a></td>
      </tr>
      <tr>
        <td class="numeric">0x00</td>
        <td class="numeric">2</td>
        <td class="numeric">0x14</td>
        <td colspan="2">Offset to data</td>
      </tr>
      <tr>
        <td class="numeric">0x02</td>
        <td class="numeric">2</td>
        <td class="numeric">0x14</td>
        <td colspan="2">Size of data</td>
      </tr>
      <tr>
        <td class="numeric">0x04</td>
        <td class="numeric">4</td>
        <td class="numeric">0x00</td>
        <td colspan="2">Padding</td>
      </tr>
      <tr>
        <td class="numeric">0x08</td>
        <td class="numeric">2</td>
        <td class="numeric">0x28</td>
        <td colspan="2">Size of Index Entry</td>
      </tr>
      <tr>
        <td class="numeric">0x0A</td>
        <td class="numeric">2</td>
        <td class="numeric">0x04</td>
        <td colspan="2">Size of Index Key</td>
      </tr>
      <tr>
        <td class="numeric">0x0C</td>
        <td class="numeric">2</td>
        <td class="numeric">&nbsp;</td>
        <td colspan="2">Flags</td>
      </tr>
      <tr>
        <td class="numeric">0x0E</td>
        <td class="numeric">2</td>
        <td class="numeric">0x00</td>
        <td colspan="2">Padding</td>
      </tr>
      <tr>
        <td class="numeric">0x10</td>
        <td class="numeric">4</td>
        <td class="numeric">&nbsp;</td>
        <td>Key</td>
        <td>Security Id</td>
      </tr>
      <tr>
        <td class="numeric">0x14</td>
        <td class="numeric">4</td>
        <td class="numeric">&nbsp;</td>
        <td>Data</td>
        <td>Hash of Security Descriptor</td>
      </tr>
      <tr>
        <td class="numeric">0x18</td>
        <td class="numeric">4</td>
        <td class="numeric">&nbsp;</td>
        <td>Data</td>
        <td>Security Id</td>
      </tr>
      <tr>
        <td class="numeric">0x1C</td>
        <td class="numeric">8</td>
        <td class="numeric">&nbsp;</td>
        <td>Data</td>
        <td>Offset to Security Descriptor (in $SDS)</td>
      </tr>
      <tr>
        <td class="numeric">0x24</td>
        <td class="numeric">4</td>
        <td class="numeric">&nbsp;</td>
        <td>Data</td>
        <td>Size of Security Descriptor (in $SDS)</td>
      </tr>
    </table>

    <pre>
    This file is sorted by the hash.
    The security descriptors are stored in the $SDS data stream.
    surprisingly the offset (64 bit isn't 8 byte aligned)
    </pre>


    <h2>Notes</h2>

    <h3>Questions</h3>

    <ul>
      <li>Why do some files still have a $SECURITY_DESCRIPTOR Attribute?</li>
      <li>How is the Security Hash generated?</li>
    </ul>

    <br>
    <a class="contact" href="http://linux-ntfs.sourceforge.net/ntfs/files/secure.html">Online</a>
    <!-- The two validators will only work if this page is visible on the web -->
    <a class="contact" href="http://validator.w3.org/check/referer">Validate HTML</a>
    <a class="contact" href="http://jigsaw.w3.org/css-validator/check/referer">Validate CSS</a>
    <a class="contact" href="mailto:webmaster@flatcap.org">$Id: secure.html,v 1.12 2001/07/11 11:04:05 flatcap Exp $</a>
  </body>
</html>