📄 layout.h
字号:
ACCESS_MAX_MS_V4_ACE_TYPE = 8,
/* This one is for WinNT&2k. */
ACCESS_MAX_MS_ACE_TYPE = 8,
} __attribute__ ((__packed__)) ACE_TYPES;
/*
* The ACE flags (8-bit) for audit and inheritance (see below).
*
* SUCCESSFUL_ACCESS_ACE_FLAG is only used with system audit and alarm ACE
* types to indicate that a message is generated (in Windows!) for successful
* accesses.
*
* FAILED_ACCESS_ACE_FLAG is only used with system audit and alarm ACE types
* to indicate that a message is generated (in Windows!) for failed accesses.
*/
typedef enum {
/* The inheritance flags. */
OBJECT_INHERIT_ACE = 0x01,
CONTAINER_INHERIT_ACE = 0x02,
NO_PROPAGATE_INHERIT_ACE = 0x04,
INHERIT_ONLY_ACE = 0x08,
INHERITED_ACE = 0x10, /* Win2k only. */
VALID_INHERIT_FLAGS = 0x1f,
/* The audit flags. */
SUCCESSFUL_ACCESS_ACE_FLAG = 0x40,
FAILED_ACCESS_ACE_FLAG = 0x80,
} __attribute__ ((__packed__)) ACE_FLAGS;
/*
* An ACE is an access-control entry in an access-control list (ACL).
* An ACE defines access to an object for a specific user or group or defines
* the types of access that generate system-administration messages or alarms
* for a specific user or group. The user or group is identified by a security
* identifier (SID).
*
* Each ACE starts with an ACE_HEADER structure (aligned on 4-byte boundary),
* which specifies the type and size of the ACE. The format of the subsequent
* data depends on the ACE type.
*/
typedef struct {
/*Ofs*/
/* 0*/ ACE_TYPES type; /* Type of the ACE. */
/* 1*/ ACE_FLAGS flags; /* Flags describing the ACE. */
/* 2*/ u16 size; /* Size in bytes of the ACE. */
} __attribute__ ((__packed__)) ACE_HEADER;
/*
* The access mask (32-bit). Defines the access rights.
*/
typedef enum {
/*
* The specific rights (bits 0 to 15). Depend on the type of the
* object being secured by the ACE.
*/
/* Specific rights for files and directories are as follows: */
/* Right to read data from the file. (FILE) */
FILE_READ_DATA = const_cpu_to_le32(0x00000001),
/* Right to list contents of a directory. (DIRECTORY) */
FILE_LIST_DIRECTORY = const_cpu_to_le32(0x00000001),
/* Right to write data to the file. (FILE) */
FILE_WRITE_DATA = const_cpu_to_le32(0x00000002),
/* Right to create a file in the directory. (DIRECTORY) */
FILE_ADD_FILE = const_cpu_to_le32(0x00000002),
/* Right to append data to the file. (FILE) */
FILE_APPEND_DATA = const_cpu_to_le32(0x00000004),
/* Right to create a subdirectory. (DIRECTORY) */
FILE_ADD_SUBDIRECTORY = const_cpu_to_le32(0x00000004),
/* Right to read extended attributes. (FILE/DIRECTORY) */
FILE_READ_EA = const_cpu_to_le32(0x00000008),
/* Right to write extended attributes. (FILE/DIRECTORY) */
FILE_WRITE_EA = const_cpu_to_le32(0x00000010),
/* Right to execute a file. (FILE) */
FILE_EXECUTE = const_cpu_to_le32(0x00000020),
/* Right to traverse the directory. (DIRECTORY) */
FILE_TRAVERSE = const_cpu_to_le32(0x00000020),
/*
* Right to delete a directory and all the files it contains (its
* children), even if the files are read-only. (DIRECTORY)
*/
FILE_DELETE_CHILD = const_cpu_to_le32(0x00000040),
/* Right to read file attributes. (FILE/DIRECTORY) */
FILE_READ_ATTRIBUTES = const_cpu_to_le32(0x00000080),
/* Right to change file attributes. (FILE/DIRECTORY) */
FILE_WRITE_ATTRIBUTES = const_cpu_to_le32(0x00000100),
/*
* The standard rights (bits 16 to 23). Are independent of the type of
* object being secured.
*/
/* Right to delete the object. */
DELETE = const_cpu_to_le32(0x00010000),
/*
* Right to read the information in the object's security descriptor,
* not including the information in the SACL. I.e. right to read the
* security descriptor and owner.
*/
READ_CONTROL = const_cpu_to_le32(0x00020000),
/* Right to modify the DACL in the object's security descriptor. */
WRITE_DAC = const_cpu_to_le32(0x00040000),
/* Right to change the owner in the object's security descriptor. */
WRITE_OWNER = const_cpu_to_le32(0x00080000),
/*
* Right to use the object for synchronization. Enables a process to
* wait until the object is in the signalled state. Some object types
* do not support this access right.
*/
SYNCHRONIZE = const_cpu_to_le32(0x00100000),
/*
* The following STANDARD_RIGHTS_* are combinations of the above for
* convenience and are defined by the Win32 API.
*/
/* These are currently defined to READ_CONTROL. */
STANDARD_RIGHTS_READ = const_cpu_to_le32(0x00020000),
STANDARD_RIGHTS_WRITE = const_cpu_to_le32(0x00020000),
STANDARD_RIGHTS_EXECUTE = const_cpu_to_le32(0x00020000),
/* Combines DELETE, READ_CONTROL, WRITE_DAC, and WRITE_OWNER access. */
STANDARD_RIGHTS_REQUIRED = const_cpu_to_le32(0x000f0000),
/*
* Combines DELETE, READ_CONTROL, WRITE_DAC, WRITE_OWNER, and
* SYNCHRONIZE access.
*/
STANDARD_RIGHTS_ALL = const_cpu_to_le32(0x001f0000),
/*
* The access system ACL and maximum allowed access types (bits 24 to
* 25, bits 26 to 27 are reserved).
*/
ACCESS_SYSTEM_SECURITY = const_cpu_to_le32(0x01000000),
MAXIMUM_ALLOWED = const_cpu_to_le32(0x02000000),
/*
* The generic rights (bits 28 to 31). These map onto the standard and
* specific rights.
*/
/* Read, write, and execute access. */
GENERIC_ALL = const_cpu_to_le32(0x10000000),
/* Execute access. */
GENERIC_EXECUTE = const_cpu_to_le32(0x20000000),
/*
* Write access. For files, this maps onto:
* FILE_APPEND_DATA | FILE_WRITE_ATTRIBUTES | FILE_WRITE_DATA |
* FILE_WRITE_EA | STANDARD_RIGHTS_WRITE | SYNCHRONIZE
* For directories, the mapping has the same numberical value. See
* above for the descriptions of the rights granted.
*/
GENERIC_WRITE = const_cpu_to_le32(0x40000000),
/*
* Read access. For files, this maps onto:
* FILE_READ_ATTRIBUTES | FILE_READ_DATA | FILE_READ_EA |
* STANDARD_RIGHTS_READ | SYNCHRONIZE
* For directories, the mapping has the same numberical value. See
* above for the descriptions of the rights granted.
*/
GENERIC_READ = const_cpu_to_le32(0x80000000),
} ACCESS_MASK;
/*
* The generic mapping array. Used to denote the mapping of each generic
* access right to a specific access mask.
*
* FIXME: What exactly is this and what is it for? (AIA)
*/
typedef struct {
ACCESS_MASK generic_read;
ACCESS_MASK generic_write;
ACCESS_MASK generic_execute;
ACCESS_MASK generic_all;
} __attribute__ ((__packed__)) GENERIC_MAPPING;
/*
* The predefined ACE type structures are as defined below.
*/
/*
* ACCESS_ALLOWED_ACE, ACCESS_DENIED_ACE, SYSTEM_AUDIT_ACE, SYSTEM_ALARM_ACE
*/
typedef struct {
/* 0 ACE_HEADER; -- Unfolded here as gcc doesn't like unnamed structs. */
ACE_TYPES type; /* Type of the ACE. */
ACE_FLAGS flags; /* Flags describing the ACE. */
u16 size; /* Size in bytes of the ACE. */
/* 4*/ ACCESS_MASK mask; /* Access mask associated with the ACE. */
/* 8*/ SID sid; /* The SID associated with the ACE. */
} __attribute__ ((__packed__)) ACCESS_ALLOWED_ACE, ACCESS_DENIED_ACE,
SYSTEM_AUDIT_ACE, SYSTEM_ALARM_ACE;
/*
* The object ACE flags (32-bit).
*/
typedef enum {
ACE_OBJECT_TYPE_PRESENT = const_cpu_to_le32(1),
ACE_INHERITED_OBJECT_TYPE_PRESENT = const_cpu_to_le32(2),
} OBJECT_ACE_FLAGS;
typedef struct {
/* 0 ACE_HEADER; -- Unfolded here as gcc doesn't like unnamed structs. */
ACE_TYPES type; /* Type of the ACE. */
ACE_FLAGS flags; /* Flags describing the ACE. */
u16 size; /* Size in bytes of the ACE. */
/* 4*/ ACCESS_MASK mask; /* Access mask associated with the ACE. */
/* 8*/ OBJECT_ACE_FLAGS object_flags; /* Flags describing the object ACE. */
/* 12*/ GUID object_type;
/* 28*/ GUID inherited_object_type;
/* 44*/ SID sid; /* The SID associated with the ACE. */
} __attribute__ ((__packed__)) ACCESS_ALLOWED_OBJECT_ACE,
ACCESS_DENIED_OBJECT_ACE,
SYSTEM_AUDIT_OBJECT_ACE,
SYSTEM_ALARM_OBJECT_ACE;
/*
* An ACL is an access-control list (ACL).
* An ACL starts with an ACL header structure, which specifies the size of
* the ACL and the number of ACEs it contains. The ACL header is followed by
* zero or more access control entries (ACEs). The ACL as well as each ACE
* are aligned on 4-byte boundaries.
*/
typedef struct {
u8 revision; /* Revision of this ACL. */
u8 alignment1;
u16 size; /* Allocated space in bytes for ACL. Includes this
header, the ACEs and the remaining free space. */
u16 ace_count; /* Number of ACEs in the ACL. */
u16 alignment2;
/* sizeof() = 8 bytes */
} __attribute__ ((__packed__)) ACL;
/*
* Current constants for ACLs.
*/
typedef enum {
/* Current revision. */
ACL_REVISION = 2,
ACL_REVISION_DS = 4,
/* History of revisions. */
ACL_REVISION1 = 1,
MIN_ACL_REVISION = 2,
ACL_REVISION2 = 2,
ACL_REVISION3 = 3,
ACL_REVISION4 = 4,
MAX_ACL_REVISION = 4,
} ACL_CONSTANTS;
/*
* The security descriptor control flags (16-bit).
*
* SE_OWNER_DEFAULTED - This boolean flag, when set, indicates that the
* SID pointed to by the Owner field was provided by a
* defaulting mechanism rather than explicitly provided by the
* original provider of the security descriptor. This may
* affect the treatment of the SID with respect to inheritence
* of an owner.
*
* SE_GROUP_DEFAULTED - This boolean flag, when set, indicates that the
* SID in the Group field was provided by a defaulting mechanism
* rather than explicitly provided by the original provider of
* the security descriptor. This may affect the treatment of
* the SID with respect to inheritence of a primary group.
*
* SE_DACL_PRESENT - This boolean flag, when set, indicates that the
* security descriptor contains a discretionary ACL. If this
* flag is set and the Dacl field of the SECURITY_DESCRIPTOR is
* null, then a null ACL is explicitly being specified.
*
* SE_DACL_DEFAULTED - This boolean flag, when set, indicates that the
* ACL pointed to by the Dacl field was provided by a defaulting
* mechanism rather than explicitly provided by the original
* provider of the security descriptor. This may affect the
* treatment of the ACL with respect to inheritence of an ACL.
* This flag is ignored if the DaclPresent flag is not set.
*
* SE_SACL_PRESENT - This boolean flag, when set, indicates that the
* security descriptor contains a system ACL pointed to by the
* Sacl field. If this flag is set and the Sacl field of the
* SECURITY_DESCRIPTOR is null, then an empty (but present)
* ACL is being specified.
*
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -