3 Copyright (c) Alex Ionescu. All rights reserved.
11 Type definitions for the security manager.
15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
30 #define SECURITY_INTERNETSITE_AUTHORITY {0,0,0,0,0,7}
34 // Privilege constants
36 #define SE_MIN_WELL_KNOWN_PRIVILEGE (2L)
37 #define SE_CREATE_TOKEN_PRIVILEGE (2L)
38 #define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE (3L)
39 #define SE_LOCK_MEMORY_PRIVILEGE (4L)
40 #define SE_INCREASE_QUOTA_PRIVILEGE (5L)
41 #define SE_UNSOLICITED_INPUT_PRIVILEGE (6L)
42 #define SE_MACHINE_ACCOUNT_PRIVILEGE (6L)
43 #define SE_TCB_PRIVILEGE (7L)
44 #define SE_SECURITY_PRIVILEGE (8L)
45 #define SE_TAKE_OWNERSHIP_PRIVILEGE (9L)
46 #define SE_LOAD_DRIVER_PRIVILEGE (10L)
47 #define SE_SYSTEM_PROFILE_PRIVILEGE (11L)
48 #define SE_SYSTEMTIME_PRIVILEGE (12L)
49 #define SE_PROF_SINGLE_PROCESS_PRIVILEGE (13L)
50 #define SE_INC_BASE_PRIORITY_PRIVILEGE (14L)
51 #define SE_CREATE_PAGEFILE_PRIVILEGE (15L)
52 #define SE_CREATE_PERMANENT_PRIVILEGE (16L)
53 #define SE_BACKUP_PRIVILEGE (17L)
54 #define SE_RESTORE_PRIVILEGE (18L)
55 #define SE_SHUTDOWN_PRIVILEGE (19L)
56 #define SE_DEBUG_PRIVILEGE (20L)
57 #define SE_AUDIT_PRIVILEGE (21L)
58 #define SE_SYSTEM_ENVIRONMENT_PRIVILEGE (22L)
59 #define SE_CHANGE_NOTIFY_PRIVILEGE (23L)
60 #define SE_REMOTE_SHUTDOWN_PRIVILEGE (24L)
61 #define SE_UNDOCK_PRIVILEGE (25L)
62 #define SE_SYNC_AGENT_PRIVILEGE (26L)
63 #define SE_ENABLE_DELEGATION_PRIVILEGE (27L)
64 #define SE_MANAGE_VOLUME_PRIVILEGE (28L)
65 #define SE_IMPERSONATE_PRIVILEGE (29L)
66 #define SE_CREATE_GLOBAL_PRIVILEGE (30L)
67 #define SE_MAX_WELL_KNOWN_PRIVILEGE (SE_CREATE_GLOBAL_PRIVILEGE)
69 typedef struct _TOKEN_MANDATORY_POLICY
{
71 } TOKEN_MANDATORY_POLICY
, *PTOKEN_MANDATORY_POLICY
;
73 typedef struct _TOKEN_ACCESS_INFORMATION
75 struct _SID_AND_ATTRIBUTES_HASH
*SidHash
;
76 struct _SID_AND_ATTRIBUTES_HASH
*RestrictedSidHash
;
77 struct _TOKEN_PRIVILEGES
*Privileges
;
78 LUID AuthenticationId
;
80 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
81 TOKEN_MANDATORY_POLICY MandatoryPolicy
;
83 } TOKEN_ACCESS_INFORMATION
, *PTOKEN_ACCESS_INFORMATION
;
88 // User and Group-related SID Attributes
90 #define SE_GROUP_MANDATORY 0x00000001
91 #define SE_GROUP_ENABLED_BY_DEFAULT 0x00000002
92 #define SE_GROUP_ENABLED 0x00000004
93 #define SE_GROUP_OWNER 0x00000008
94 #define SE_GROUP_USE_FOR_DENY_ONLY 0x00000010
95 #define SE_GROUP_INTEGRITY 0x00000020
96 #define SE_GROUP_INTEGRITY_ENABLED 0x00000040
97 #define SE_GROUP_RESOURCE 0x20000000
98 #define SE_GROUP_LOGON_ID 0xC0000000
100 #define SE_GROUP_VALID_ATTRIBUTES \
101 (SE_GROUP_MANDATORY | \
102 SE_GROUP_ENABLED_BY_DEFAULT | \
105 SE_GROUP_USE_FOR_DENY_ONLY | \
106 SE_GROUP_LOGON_ID | \
107 SE_GROUP_RESOURCE | \
108 SE_GROUP_INTEGRITY | \
109 SE_GROUP_INTEGRITY_ENABLED)
112 // Audit and Policy Structures
114 typedef struct _SEP_AUDIT_POLICY_CATEGORIES
118 UCHAR ObjectAccess
:4;
119 UCHAR PrivilegeUse
:4;
120 UCHAR DetailedTracking
:4;
121 UCHAR PolicyChange
:4;
122 UCHAR AccountManagement
:4;
123 UCHAR DirectoryServiceAccess
:4;
124 UCHAR AccountLogon
:4;
125 } SEP_AUDIT_POLICY_CATEGORIES
, *PSEP_AUDIT_POLICY_CATEGORIES
;
127 typedef struct _SEP_AUDIT_POLICY_OVERLAY
129 ULONGLONG PolicyBits
:36;
131 } SEP_AUDIT_POLICY_OVERLAY
, *PSEP_AUDIT_POLICY_OVERLAY
;
133 typedef struct _SEP_AUDIT_POLICY
137 SEP_AUDIT_POLICY_CATEGORIES PolicyElements
;
138 SEP_AUDIT_POLICY_OVERLAY PolicyOverlay
;
141 } SEP_AUDIT_POLICY
, *PSEP_AUDIT_POLICY
;
143 typedef struct _SE_AUDIT_PROCESS_CREATION_INFO
145 POBJECT_NAME_INFORMATION ImageFileName
;
146 } SE_AUDIT_PROCESS_CREATION_INFO
, *PSE_AUDIT_PROCESS_CREATION_INFO
;
149 // Token and auxiliary data
151 typedef struct _TOKEN
153 TOKEN_SOURCE TokenSource
; /* 0x00 */
154 LUID TokenId
; /* 0x10 */
155 LUID AuthenticationId
; /* 0x18 */
156 LUID ParentTokenId
; /* 0x20 */
157 LARGE_INTEGER ExpirationTime
; /* 0x28 */
158 struct _ERESOURCE
*TokenLock
; /* 0x30 */
159 SEP_AUDIT_POLICY AuditPolicy
; /* 0x38 */
160 LUID ModifiedId
; /* 0x40 */
161 ULONG SessionId
; /* 0x48 */
162 ULONG UserAndGroupCount
; /* 0x4C */
163 ULONG RestrictedSidCount
; /* 0x50 */
164 ULONG PrivilegeCount
; /* 0x54 */
165 ULONG VariableLength
; /* 0x58 */
166 ULONG DynamicCharged
; /* 0x5C */
167 ULONG DynamicAvailable
; /* 0x60 */
168 ULONG DefaultOwnerIndex
; /* 0x64 */
169 PSID_AND_ATTRIBUTES UserAndGroups
; /* 0x68 */
170 PSID_AND_ATTRIBUTES RestrictedSids
; /* 0x6C */
171 PSID PrimaryGroup
; /* 0x70 */
172 PLUID_AND_ATTRIBUTES Privileges
; /* 0x74 */
173 PULONG DynamicPart
; /* 0x78 */
174 PACL DefaultDacl
; /* 0x7C */
175 TOKEN_TYPE TokenType
; /* 0x80 */
176 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
; /* 0x84 */
177 ULONG TokenFlags
; /* 0x88 */
178 BOOLEAN TokenInUse
; /* 0x8C */
179 PVOID ProxyData
; /* 0x90 */
180 PVOID AuditData
; /* 0x94 */
181 LUID OriginatingLogonSession
; /* 0x98 */
182 ULONG VariablePart
; /* 0xA0 */
185 typedef struct _AUX_ACCESS_DATA
187 PPRIVILEGE_SET PrivilegeSet
;
188 GENERIC_MAPPING GenericMapping
;
190 } AUX_ACCESS_DATA
, *PAUX_ACCESS_DATA
;
195 extern PACL NTSYSAPI SePublicDefaultDacl
;
196 extern PACL NTSYSAPI SeSystemDefaultDacl
;