projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Sync with trunk head (part 1 or 2)
[reactos.git] / include / xdk / setypes.h
1 /******************************************************************************
2 * Security Manager Types *
3 ******************************************************************************/
4 $if (_WDMDDK_)
5
6 /* Simple types */
7 typedef PVOID PSECURITY_DESCRIPTOR;
8 typedef ULONG SECURITY_INFORMATION, *PSECURITY_INFORMATION;
9 typedef ULONG ACCESS_MASK, *PACCESS_MASK;
10 typedef PVOID PACCESS_TOKEN;
11 typedef PVOID PSID;
12
13 #define DELETE 0x00010000L
14 #define READ_CONTROL 0x00020000L
15 #define WRITE_DAC 0x00040000L
16 #define WRITE_OWNER 0x00080000L
17 #define SYNCHRONIZE 0x00100000L
18 #define STANDARD_RIGHTS_REQUIRED 0x000F0000L
19 #define STANDARD_RIGHTS_READ READ_CONTROL
20 #define STANDARD_RIGHTS_WRITE READ_CONTROL
21 #define STANDARD_RIGHTS_EXECUTE READ_CONTROL
22 #define STANDARD_RIGHTS_ALL 0x001F0000L
23 #define SPECIFIC_RIGHTS_ALL 0x0000FFFFL
24 #define ACCESS_SYSTEM_SECURITY 0x01000000L
25 #define MAXIMUM_ALLOWED 0x02000000L
26 #define GENERIC_READ 0x80000000L
27 #define GENERIC_WRITE 0x40000000L
28 #define GENERIC_EXECUTE 0x20000000L
29 #define GENERIC_ALL 0x10000000L
30
31 typedef struct _GENERIC_MAPPING {
32 ACCESS_MASK GenericRead;
33 ACCESS_MASK GenericWrite;
34 ACCESS_MASK GenericExecute;
35 ACCESS_MASK GenericAll;
36 } GENERIC_MAPPING, *PGENERIC_MAPPING;
37
38 #define ACL_REVISION 2
39 #define ACL_REVISION_DS 4
40
41 #define ACL_REVISION1 1
42 #define ACL_REVISION2 2
43 #define ACL_REVISION3 3
44 #define ACL_REVISION4 4
45 #define MIN_ACL_REVISION ACL_REVISION2
46 #define MAX_ACL_REVISION ACL_REVISION4
47
48 typedef struct _ACL {
49 UCHAR AclRevision;
50 UCHAR Sbz1;
51 USHORT AclSize;
52 USHORT AceCount;
53 USHORT Sbz2;
54 } ACL, *PACL;
55
56 /* Current security descriptor revision value */
57 #define SECURITY_DESCRIPTOR_REVISION (1)
58 #define SECURITY_DESCRIPTOR_REVISION1 (1)
59
60 /* Privilege attributes */
61 #define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x00000001L)
62 #define SE_PRIVILEGE_ENABLED (0x00000002L)
63 #define SE_PRIVILEGE_REMOVED (0X00000004L)
64 #define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
65
66 #define SE_PRIVILEGE_VALID_ATTRIBUTES (SE_PRIVILEGE_ENABLED_BY_DEFAULT | \
67 SE_PRIVILEGE_ENABLED | \
68 SE_PRIVILEGE_REMOVED | \
69 SE_PRIVILEGE_USED_FOR_ACCESS)
70
71 #include <pshpack4.h>
72 typedef struct _LUID_AND_ATTRIBUTES {
73 LUID Luid;
74 ULONG Attributes;
75 } LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
76 #include <poppack.h>
77
78 typedef LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
79 typedef LUID_AND_ATTRIBUTES_ARRAY *PLUID_AND_ATTRIBUTES_ARRAY;
80
81 /* Privilege sets */
82 #define PRIVILEGE_SET_ALL_NECESSARY (1)
83
84 typedef struct _PRIVILEGE_SET {
85 ULONG PrivilegeCount;
86 ULONG Control;
87 LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY];
88 } PRIVILEGE_SET,*PPRIVILEGE_SET;
89
90 typedef enum _SECURITY_IMPERSONATION_LEVEL {
91 SecurityAnonymous,
92 SecurityIdentification,
93 SecurityImpersonation,
94 SecurityDelegation
95 } SECURITY_IMPERSONATION_LEVEL, * PSECURITY_IMPERSONATION_LEVEL;
96
97 #define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation
98 #define SECURITY_MIN_IMPERSONATION_LEVEL SecurityAnonymous
99 #define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation
100 #define VALID_IMPERSONATION_LEVEL(Level) (((Level) >= SECURITY_MIN_IMPERSONATION_LEVEL) && ((Level) <= SECURITY_MAX_IMPERSONATION_LEVEL))
101
102 #define SECURITY_DYNAMIC_TRACKING (TRUE)
103 #define SECURITY_STATIC_TRACKING (FALSE)
104
105 typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE, *PSECURITY_CONTEXT_TRACKING_MODE;
106
107 typedef struct _SECURITY_QUALITY_OF_SERVICE {
108 ULONG Length;
109 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
110 SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode;
111 BOOLEAN EffectiveOnly;
112 } SECURITY_QUALITY_OF_SERVICE, *PSECURITY_QUALITY_OF_SERVICE;
113
114 typedef struct _SE_IMPERSONATION_STATE {
115 PACCESS_TOKEN Token;
116 BOOLEAN CopyOnOpen;
117 BOOLEAN EffectiveOnly;
118 SECURITY_IMPERSONATION_LEVEL Level;
119 } SE_IMPERSONATION_STATE, *PSE_IMPERSONATION_STATE;
120
121 #define OWNER_SECURITY_INFORMATION (0x00000001L)
122 #define GROUP_SECURITY_INFORMATION (0x00000002L)
123 #define DACL_SECURITY_INFORMATION (0x00000004L)
124 #define SACL_SECURITY_INFORMATION (0x00000008L)
125 #define LABEL_SECURITY_INFORMATION (0x00000010L)
126
127 #define PROTECTED_DACL_SECURITY_INFORMATION (0x80000000L)
128 #define PROTECTED_SACL_SECURITY_INFORMATION (0x40000000L)
129 #define UNPROTECTED_DACL_SECURITY_INFORMATION (0x20000000L)
130 #define UNPROTECTED_SACL_SECURITY_INFORMATION (0x10000000L)
131
132 typedef enum _SECURITY_OPERATION_CODE {
133 SetSecurityDescriptor,
134 QuerySecurityDescriptor,
135 DeleteSecurityDescriptor,
136 AssignSecurityDescriptor
137 } SECURITY_OPERATION_CODE, *PSECURITY_OPERATION_CODE;
138
139 #define INITIAL_PRIVILEGE_COUNT 3
140
141 typedef struct _INITIAL_PRIVILEGE_SET {
142 ULONG PrivilegeCount;
143 ULONG Control;
144 LUID_AND_ATTRIBUTES Privilege[INITIAL_PRIVILEGE_COUNT];
145 } INITIAL_PRIVILEGE_SET, * PINITIAL_PRIVILEGE_SET;
146
147 #define SE_MIN_WELL_KNOWN_PRIVILEGE 2
148 #define SE_CREATE_TOKEN_PRIVILEGE 2
149 #define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE 3
150 #define SE_LOCK_MEMORY_PRIVILEGE 4
151 #define SE_INCREASE_QUOTA_PRIVILEGE 5
152 #define SE_MACHINE_ACCOUNT_PRIVILEGE 6
153 #define SE_TCB_PRIVILEGE 7
154 #define SE_SECURITY_PRIVILEGE 8
155 #define SE_TAKE_OWNERSHIP_PRIVILEGE 9
156 #define SE_LOAD_DRIVER_PRIVILEGE 10
157 #define SE_SYSTEM_PROFILE_PRIVILEGE 11
158 #define SE_SYSTEMTIME_PRIVILEGE 12
159 #define SE_PROF_SINGLE_PROCESS_PRIVILEGE 13
160 #define SE_INC_BASE_PRIORITY_PRIVILEGE 14
161 #define SE_CREATE_PAGEFILE_PRIVILEGE 15
162 #define SE_CREATE_PERMANENT_PRIVILEGE 16
163 #define SE_BACKUP_PRIVILEGE 17
164 #define SE_RESTORE_PRIVILEGE 18
165 #define SE_SHUTDOWN_PRIVILEGE 19
166 #define SE_DEBUG_PRIVILEGE 20
167 #define SE_AUDIT_PRIVILEGE 21
168 #define SE_SYSTEM_ENVIRONMENT_PRIVILEGE 22
169 #define SE_CHANGE_NOTIFY_PRIVILEGE 23
170 #define SE_REMOTE_SHUTDOWN_PRIVILEGE 24
171 #define SE_UNDOCK_PRIVILEGE 25
172 #define SE_SYNC_AGENT_PRIVILEGE 26
173 #define SE_ENABLE_DELEGATION_PRIVILEGE 27
174 #define SE_MANAGE_VOLUME_PRIVILEGE 28
175 #define SE_IMPERSONATE_PRIVILEGE 29
176 #define SE_CREATE_GLOBAL_PRIVILEGE 30
177 #define SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE 31
178 #define SE_RELABEL_PRIVILEGE 32
179 #define SE_INC_WORKING_SET_PRIVILEGE 33
180 #define SE_TIME_ZONE_PRIVILEGE 34
181 #define SE_CREATE_SYMBOLIC_LINK_PRIVILEGE 35
182 #define SE_MAX_WELL_KNOWN_PRIVILEGE SE_CREATE_SYMBOLIC_LINK_PRIVILEGE
183
184 typedef struct _SECURITY_SUBJECT_CONTEXT {
185 PACCESS_TOKEN ClientToken;
186 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
187 PACCESS_TOKEN PrimaryToken;
188 PVOID ProcessAuditId;
189 } SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT;
190
191 typedef struct _ACCESS_STATE {
192 LUID OperationID;
193 BOOLEAN SecurityEvaluated;
194 BOOLEAN GenerateAudit;
195 BOOLEAN GenerateOnClose;
196 BOOLEAN PrivilegesAllocated;
197 ULONG Flags;
198 ACCESS_MASK RemainingDesiredAccess;
199 ACCESS_MASK PreviouslyGrantedAccess;
200 ACCESS_MASK OriginalDesiredAccess;
201 SECURITY_SUBJECT_CONTEXT SubjectSecurityContext;
202 PSECURITY_DESCRIPTOR SecurityDescriptor;
203 PVOID AuxData;
204 union {
205 INITIAL_PRIVILEGE_SET InitialPrivilegeSet;
206 PRIVILEGE_SET PrivilegeSet;
207 } Privileges;
208 BOOLEAN AuditPrivileges;
209 UNICODE_STRING ObjectName;
210 UNICODE_STRING ObjectTypeName;
211 } ACCESS_STATE, *PACCESS_STATE;
212
213 typedef VOID
214 (NTAPI *PNTFS_DEREF_EXPORTED_SECURITY_DESCRIPTOR)(
215 IN PVOID Vcb,
216 IN PSECURITY_DESCRIPTOR SecurityDescriptor);
217
218 #ifndef _NTLSA_IFS_
219
220 #ifndef _NTLSA_AUDIT_
221 #define _NTLSA_AUDIT_
222
223 #define SE_MAX_AUDIT_PARAMETERS 32
224 #define SE_MAX_GENERIC_AUDIT_PARAMETERS 28
225
226 #define SE_ADT_OBJECT_ONLY 0x1
227
228 #define SE_ADT_PARAMETERS_SELF_RELATIVE 0x00000001
229 #define SE_ADT_PARAMETERS_SEND_TO_LSA 0x00000002
230 #define SE_ADT_PARAMETER_EXTENSIBLE_AUDIT 0x00000004
231 #define SE_ADT_PARAMETER_GENERIC_AUDIT 0x00000008
232 #define SE_ADT_PARAMETER_WRITE_SYNCHRONOUS 0x00000010
233
234 #define LSAP_SE_ADT_PARAMETER_ARRAY_TRUE_SIZE(Parameters) \
235 ( sizeof(SE_ADT_PARAMETER_ARRAY) - sizeof(SE_ADT_PARAMETER_ARRAY_ENTRY) * \
236 (SE_MAX_AUDIT_PARAMETERS - Parameters->ParameterCount) )
237
238 typedef enum _SE_ADT_PARAMETER_TYPE {
239 SeAdtParmTypeNone = 0,
240 SeAdtParmTypeString,
241 SeAdtParmTypeFileSpec,
242 SeAdtParmTypeUlong,
243 SeAdtParmTypeSid,
244 SeAdtParmTypeLogonId,
245 SeAdtParmTypeNoLogonId,
246 SeAdtParmTypeAccessMask,
247 SeAdtParmTypePrivs,
248 SeAdtParmTypeObjectTypes,
249 SeAdtParmTypeHexUlong,
250 SeAdtParmTypePtr,
251 SeAdtParmTypeTime,
252 SeAdtParmTypeGuid,
253 SeAdtParmTypeLuid,
254 SeAdtParmTypeHexInt64,
255 SeAdtParmTypeStringList,
256 SeAdtParmTypeSidList,
257 SeAdtParmTypeDuration,
258 SeAdtParmTypeUserAccountControl,
259 SeAdtParmTypeNoUac,
260 SeAdtParmTypeMessage,
261 SeAdtParmTypeDateTime,
262 SeAdtParmTypeSockAddr,
263 SeAdtParmTypeSD,
264 SeAdtParmTypeLogonHours,
265 SeAdtParmTypeLogonIdNoSid,
266 SeAdtParmTypeUlongNoConv,
267 SeAdtParmTypeSockAddrNoPort,
268 SeAdtParmTypeAccessReason
269 } SE_ADT_PARAMETER_TYPE, *PSE_ADT_PARAMETER_TYPE;
270
271 typedef struct _SE_ADT_OBJECT_TYPE {
272 GUID ObjectType;
273 USHORT Flags;
274 USHORT Level;
275 ACCESS_MASK AccessMask;
276 } SE_ADT_OBJECT_TYPE, *PSE_ADT_OBJECT_TYPE;
277
278 typedef struct _SE_ADT_PARAMETER_ARRAY_ENTRY {
279 SE_ADT_PARAMETER_TYPE Type;
280 ULONG Length;
281 ULONG_PTR Data[2];
282 PVOID Address;
283 } SE_ADT_PARAMETER_ARRAY_ENTRY, *PSE_ADT_PARAMETER_ARRAY_ENTRY;
284
285 typedef struct _SE_ADT_ACCESS_REASON {
286 ACCESS_MASK AccessMask;
287 ULONG AccessReasons[32];
288 ULONG ObjectTypeIndex;
289 ULONG AccessGranted;
290 PSECURITY_DESCRIPTOR SecurityDescriptor;
291 } SE_ADT_ACCESS_REASON, *PSE_ADT_ACCESS_REASON;
292
293 typedef struct _SE_ADT_PARAMETER_ARRAY {
294 ULONG CategoryId;
295 ULONG AuditId;
296 ULONG ParameterCount;
297 ULONG Length;
298 USHORT FlatSubCategoryId;
299 USHORT Type;
300 ULONG Flags;
301 SE_ADT_PARAMETER_ARRAY_ENTRY Parameters[ SE_MAX_AUDIT_PARAMETERS ];
302 } SE_ADT_PARAMETER_ARRAY, *PSE_ADT_PARAMETER_ARRAY;
303
304 #endif /* !_NTLSA_AUDIT_ */
305 #endif /* !_NTLSA_IFS_ */
306 $endif
307 $if (_NTDDK_)
308 #define SE_UNSOLICITED_INPUT_PRIVILEGE 6
309
310 typedef enum _WELL_KNOWN_SID_TYPE {
311 WinNullSid = 0,
312 WinWorldSid = 1,
313 WinLocalSid = 2,
314 WinCreatorOwnerSid = 3,
315 WinCreatorGroupSid = 4,
316 WinCreatorOwnerServerSid = 5,
317 WinCreatorGroupServerSid = 6,
318 WinNtAuthoritySid = 7,
319 WinDialupSid = 8,
320 WinNetworkSid = 9,
321 WinBatchSid = 10,
322 WinInteractiveSid = 11,
323 WinServiceSid = 12,
324 WinAnonymousSid = 13,
325 WinProxySid = 14,
326 WinEnterpriseControllersSid = 15,
327 WinSelfSid = 16,
328 WinAuthenticatedUserSid = 17,
329 WinRestrictedCodeSid = 18,
330 WinTerminalServerSid = 19,
331 WinRemoteLogonIdSid = 20,
332 WinLogonIdsSid = 21,
333 WinLocalSystemSid = 22,
334 WinLocalServiceSid = 23,
335 WinNetworkServiceSid = 24,
336 WinBuiltinDomainSid = 25,
337 WinBuiltinAdministratorsSid = 26,
338 WinBuiltinUsersSid = 27,
339 WinBuiltinGuestsSid = 28,
340 WinBuiltinPowerUsersSid = 29,
341 WinBuiltinAccountOperatorsSid = 30,
342 WinBuiltinSystemOperatorsSid = 31,
343 WinBuiltinPrintOperatorsSid = 32,
344 WinBuiltinBackupOperatorsSid = 33,
345 WinBuiltinReplicatorSid = 34,
346 WinBuiltinPreWindows2000CompatibleAccessSid = 35,
347 WinBuiltinRemoteDesktopUsersSid = 36,
348 WinBuiltinNetworkConfigurationOperatorsSid = 37,
349 WinAccountAdministratorSid = 38,
350 WinAccountGuestSid = 39,
351 WinAccountKrbtgtSid = 40,
352 WinAccountDomainAdminsSid = 41,
353 WinAccountDomainUsersSid = 42,
354 WinAccountDomainGuestsSid = 43,
355 WinAccountComputersSid = 44,
356 WinAccountControllersSid = 45,
357 WinAccountCertAdminsSid = 46,
358 WinAccountSchemaAdminsSid = 47,
359 WinAccountEnterpriseAdminsSid = 48,
360 WinAccountPolicyAdminsSid = 49,
361 WinAccountRasAndIasServersSid = 50,
362 WinNTLMAuthenticationSid = 51,
363 WinDigestAuthenticationSid = 52,
364 WinSChannelAuthenticationSid = 53,
365 WinThisOrganizationSid = 54,
366 WinOtherOrganizationSid = 55,
367 WinBuiltinIncomingForestTrustBuildersSid = 56,
368 WinBuiltinPerfMonitoringUsersSid = 57,
369 WinBuiltinPerfLoggingUsersSid = 58,
370 WinBuiltinAuthorizationAccessSid = 59,
371 WinBuiltinTerminalServerLicenseServersSid = 60,
372 WinBuiltinDCOMUsersSid = 61,
373 WinBuiltinIUsersSid = 62,
374 WinIUserSid = 63,
375 WinBuiltinCryptoOperatorsSid = 64,
376 WinUntrustedLabelSid = 65,
377 WinLowLabelSid = 66,
378 WinMediumLabelSid = 67,
379 WinHighLabelSid = 68,
380 WinSystemLabelSid = 69,
381 WinWriteRestrictedCodeSid = 70,
382 WinCreatorOwnerRightsSid = 71,
383 WinCacheablePrincipalsGroupSid = 72,
384 WinNonCacheablePrincipalsGroupSid = 73,
385 WinEnterpriseReadonlyControllersSid = 74,
386 WinAccountReadonlyControllersSid = 75,
387 WinBuiltinEventLogReadersGroup = 76,
388 WinNewEnterpriseReadonlyControllersSid = 77,
389 WinBuiltinCertSvcDComAccessGroup = 78,
390 WinMediumPlusLabelSid = 79,
391 WinLocalLogonSid = 80,
392 WinConsoleLogonSid = 81,
393 WinThisOrganizationCertificateSid = 82,
394 } WELL_KNOWN_SID_TYPE;
395 $endif
396 $if (_NTIFS_)
397 #ifndef SID_IDENTIFIER_AUTHORITY_DEFINED
398 #define SID_IDENTIFIER_AUTHORITY_DEFINED
399 typedef struct _SID_IDENTIFIER_AUTHORITY {
400 UCHAR Value[6];
401 } SID_IDENTIFIER_AUTHORITY,*PSID_IDENTIFIER_AUTHORITY,*LPSID_IDENTIFIER_AUTHORITY;
402 #endif
403
404 #ifndef SID_DEFINED
405 #define SID_DEFINED
406 typedef struct _SID {
407 UCHAR Revision;
408 UCHAR SubAuthorityCount;
409 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
410 ULONG SubAuthority[ANYSIZE_ARRAY];
411 } SID, *PISID;
412 #endif
413
414 #define SID_REVISION 1
415 #define SID_MAX_SUB_AUTHORITIES 15
416 #define SID_RECOMMENDED_SUB_AUTHORITIES 1
417
418 typedef enum _SID_NAME_USE {
419 SidTypeUser = 1,
420 SidTypeGroup,
421 SidTypeDomain,
422 SidTypeAlias,
423 SidTypeWellKnownGroup,
424 SidTypeDeletedAccount,
425 SidTypeInvalid,
426 SidTypeUnknown,
427 SidTypeComputer,
428 SidTypeLabel
429 } SID_NAME_USE, *PSID_NAME_USE;
430
431 typedef struct _SID_AND_ATTRIBUTES {
432 PSID Sid;
433 ULONG Attributes;
434 } SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
435 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
436 typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
437
438 #define SID_HASH_SIZE 32
439 typedef ULONG_PTR SID_HASH_ENTRY, *PSID_HASH_ENTRY;
440
441 typedef struct _SID_AND_ATTRIBUTES_HASH {
442 ULONG SidCount;
443 PSID_AND_ATTRIBUTES SidAttr;
444 SID_HASH_ENTRY Hash[SID_HASH_SIZE];
445 } SID_AND_ATTRIBUTES_HASH, *PSID_AND_ATTRIBUTES_HASH;
446
447 /* Universal well-known SIDs */
448
449 #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
450 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
451 #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
452 #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
453 #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
454 #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
455
456 #define SECURITY_NULL_RID (0x00000000L)
457 #define SECURITY_WORLD_RID (0x00000000L)
458 #define SECURITY_LOCAL_RID (0x00000000L)
459 #define SECURITY_LOCAL_LOGON_RID (0x00000001L)
460
461 #define SECURITY_CREATOR_OWNER_RID (0x00000000L)
462 #define SECURITY_CREATOR_GROUP_RID (0x00000001L)
463 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
464 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
465 #define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
466
467 /* NT well-known SIDs */
468
469 #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
470
471 #define SECURITY_DIALUP_RID (0x00000001L)
472 #define SECURITY_NETWORK_RID (0x00000002L)
473 #define SECURITY_BATCH_RID (0x00000003L)
474 #define SECURITY_INTERACTIVE_RID (0x00000004L)
475 #define SECURITY_LOGON_IDS_RID (0x00000005L)
476 #define SECURITY_LOGON_IDS_RID_COUNT (3L)
477 #define SECURITY_SERVICE_RID (0x00000006L)
478 #define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
479 #define SECURITY_PROXY_RID (0x00000008L)
480 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
481 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
482 #define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
483 #define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
484 #define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
485 #define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
486 #define SECURITY_REMOTE_LOGON_RID (0x0000000EL)
487 #define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL)
488 #define SECURITY_IUSER_RID (0x00000011L)
489 #define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
490 #define SECURITY_LOCAL_SERVICE_RID (0x00000013L)
491 #define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
492 #define SECURITY_NT_NON_UNIQUE (0x00000015L)
493 #define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
494 #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
495
496 #define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
497 #define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
498
499
500 #define SECURITY_PACKAGE_BASE_RID (0x00000040L)
501 #define SECURITY_PACKAGE_RID_COUNT (2L)
502 #define SECURITY_PACKAGE_NTLM_RID (0x0000000AL)
503 #define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
504 #define SECURITY_PACKAGE_DIGEST_RID (0x00000015L)
505
506 #define SECURITY_CRED_TYPE_BASE_RID (0x00000041L)
507 #define SECURITY_CRED_TYPE_RID_COUNT (2L)
508 #define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L)
509
510 #define SECURITY_MIN_BASE_RID (0x00000050L)
511 #define SECURITY_SERVICE_ID_BASE_RID (0x00000050L)
512 #define SECURITY_SERVICE_ID_RID_COUNT (6L)
513 #define SECURITY_RESERVED_ID_BASE_RID (0x00000051L)
514 #define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L)
515 #define SECURITY_APPPOOL_ID_RID_COUNT (6L)
516 #define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L)
517 #define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L)
518 #define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L)
519 #define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L)
520 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID (0x00000055L)
521 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L)
522 #define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L)
523 #define SECURITY_WMIHOST_ID_RID_COUNT (6L)
524 #define SECURITY_TASK_ID_BASE_RID (0x00000057L)
525 #define SECURITY_NFS_ID_BASE_RID (0x00000058L)
526 #define SECURITY_COM_ID_BASE_RID (0x00000059L)
527 #define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L)
528
529 #define SECURITY_MAX_BASE_RID (0x0000006FL)
530
531 #define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
532 #define SECURITY_MIN_NEVER_FILTERED (0x000003E8L)
533
534 #define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
535
536 #define SECURITY_WINDOWSMOBILE_ID_BASE_RID (0x00000070L)
537
538 /* Well-known domain relative sub-authority values (RIDs) */
539
540 #define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
541
542 #define FOREST_USER_RID_MAX (0x000001F3L)
543
544 /* Well-known users */
545
546 #define DOMAIN_USER_RID_ADMIN (0x000001F4L)
547 #define DOMAIN_USER_RID_GUEST (0x000001F5L)
548 #define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
549
550 #define DOMAIN_USER_RID_MAX (0x000003E7L)
551
552 /* Well-known groups */
553
554 #define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
555 #define DOMAIN_GROUP_RID_USERS (0x00000201L)
556 #define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
557 #define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L)
558 #define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)
559 #define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)
560 #define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
561 #define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
562 #define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
563 #define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L)
564
565 /* Well-known aliases */
566
567 #define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
568 #define DOMAIN_ALIAS_RID_USERS (0x00000221L)
569 #define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
570 #define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
571
572 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
573 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
574 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
575 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
576
577 #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
578 #define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
579 #define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL)
580 #define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL)
581 #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL)
582 #define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
583
584 #define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL)
585 #define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL)
586 #define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
587 #define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L)
588 #define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L)
589 #define DOMAIN_ALIAS_RID_IUSERS (0x00000238L)
590 #define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L)
591 #define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL)
592 #define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL)
593 #define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL)
594 #define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL)
595
596 #define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
597 #define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L)
598 #define SECURITY_MANDATORY_LOW_RID (0x00001000L)
599 #define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L)
600 #define SECURITY_MANDATORY_HIGH_RID (0x00003000L)
601 #define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L)
602 #define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
603
604 /* SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that
605 can be set by a usermode caller.*/
606
607 #define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
608
609 #define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
610
611 /* Allocate the System Luid. The first 1000 LUIDs are reserved.
612 Use #999 here (0x3e7 = 999) */
613
614 #define SYSTEM_LUID { 0x3e7, 0x0 }
615 #define ANONYMOUS_LOGON_LUID { 0x3e6, 0x0 }
616 #define LOCALSERVICE_LUID { 0x3e5, 0x0 }
617 #define NETWORKSERVICE_LUID { 0x3e4, 0x0 }
618 #define IUSER_LUID { 0x3e3, 0x0 }
619
620 typedef struct _ACE_HEADER {
621 UCHAR AceType;
622 UCHAR AceFlags;
623 USHORT AceSize;
624 } ACE_HEADER, *PACE_HEADER;
625
626 /* also in winnt.h */
627 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
628 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
629 #define ACCESS_DENIED_ACE_TYPE (0x1)
630 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
631 #define SYSTEM_ALARM_ACE_TYPE (0x3)
632 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
633 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
634 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
635 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
636 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
637 #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
638 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
639 #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
640 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
641 #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
642 #define ACCESS_MAX_MS_ACE_TYPE (0x8)
643 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
644 #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
645 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
646 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
647 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
648 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
649 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
650 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
651 #define ACCESS_MAX_MS_V5_ACE_TYPE (0x11)
652 #define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11)
653
654 /* The following are the inherit flags that go into the AceFlags field
655 of an Ace header. */
656
657 #define OBJECT_INHERIT_ACE (0x1)
658 #define CONTAINER_INHERIT_ACE (0x2)
659 #define NO_PROPAGATE_INHERIT_ACE (0x4)
660 #define INHERIT_ONLY_ACE (0x8)
661 #define INHERITED_ACE (0x10)
662 #define VALID_INHERIT_FLAGS (0x1F)
663
664 #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
665 #define FAILED_ACCESS_ACE_FLAG (0x80)
666
667 typedef struct _ACCESS_ALLOWED_ACE {
668 ACE_HEADER Header;
669 ACCESS_MASK Mask;
670 ULONG SidStart;
671 } ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE;
672
673 typedef struct _ACCESS_DENIED_ACE {
674 ACE_HEADER Header;
675 ACCESS_MASK Mask;
676 ULONG SidStart;
677 } ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE;
678
679 typedef struct _SYSTEM_AUDIT_ACE {
680 ACE_HEADER Header;
681 ACCESS_MASK Mask;
682 ULONG SidStart;
683 } SYSTEM_AUDIT_ACE, *PSYSTEM_AUDIT_ACE;
684
685 typedef struct _SYSTEM_ALARM_ACE {
686 ACE_HEADER Header;
687 ACCESS_MASK Mask;
688 ULONG SidStart;
689 } SYSTEM_ALARM_ACE, *PSYSTEM_ALARM_ACE;
690
691 typedef struct _SYSTEM_MANDATORY_LABEL_ACE {
692 ACE_HEADER Header;
693 ACCESS_MASK Mask;
694 ULONG SidStart;
695 } SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;
696
697 #define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1
698 #define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2
699 #define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
700 #define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \
701 SYSTEM_MANDATORY_LABEL_NO_READ_UP | \
702 SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
703
704 #define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
705
706 typedef USHORT SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL;
707
708 #define SE_OWNER_DEFAULTED 0x0001
709 #define SE_GROUP_DEFAULTED 0x0002
710 #define SE_DACL_PRESENT 0x0004
711 #define SE_DACL_DEFAULTED 0x0008
712 #define SE_SACL_PRESENT 0x0010
713 #define SE_SACL_DEFAULTED 0x0020
714 #define SE_DACL_UNTRUSTED 0x0040
715 #define SE_SERVER_SECURITY 0x0080
716 #define SE_DACL_AUTO_INHERIT_REQ 0x0100
717 #define SE_SACL_AUTO_INHERIT_REQ 0x0200
718 #define SE_DACL_AUTO_INHERITED 0x0400
719 #define SE_SACL_AUTO_INHERITED 0x0800
720 #define SE_DACL_PROTECTED 0x1000
721 #define SE_SACL_PROTECTED 0x2000
722 #define SE_RM_CONTROL_VALID 0x4000
723 #define SE_SELF_RELATIVE 0x8000
724
725 typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
726 UCHAR Revision;
727 UCHAR Sbz1;
728 SECURITY_DESCRIPTOR_CONTROL Control;
729 ULONG Owner;
730 ULONG Group;
731 ULONG Sacl;
732 ULONG Dacl;
733 } SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
734
735 typedef struct _SECURITY_DESCRIPTOR {
736 UCHAR Revision;
737 UCHAR Sbz1;
738 SECURITY_DESCRIPTOR_CONTROL Control;
739 PSID Owner;
740 PSID Group;
741 PACL Sacl;
742 PACL Dacl;
743 } SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
744
745 typedef struct _OBJECT_TYPE_LIST {
746 USHORT Level;
747 USHORT Sbz;
748 GUID *ObjectType;
749 } OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST;
750
751 #define ACCESS_OBJECT_GUID 0
752 #define ACCESS_PROPERTY_SET_GUID 1
753 #define ACCESS_PROPERTY_GUID 2
754 #define ACCESS_MAX_LEVEL 4
755
756 typedef enum _AUDIT_EVENT_TYPE {
757 AuditEventObjectAccess,
758 AuditEventDirectoryServiceAccess
759 } AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
760
761 #define AUDIT_ALLOW_NO_PRIVILEGE 0x1
762
763 #define ACCESS_DS_SOURCE_A "DS"
764 #define ACCESS_DS_SOURCE_W L"DS"
765 #define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object"
766 #define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object"
767
768 #define ACCESS_REASON_TYPE_MASK 0xffff0000
769 #define ACCESS_REASON_DATA_MASK 0x0000ffff
770
771 typedef enum _ACCESS_REASON_TYPE {
772 AccessReasonNone = 0x00000000,
773 AccessReasonAllowedAce = 0x00010000,
774 AccessReasonDeniedAce = 0x00020000,
775 AccessReasonAllowedParentAce = 0x00030000,
776 AccessReasonDeniedParentAce = 0x00040000,
777 AccessReasonMissingPrivilege = 0x00100000,
778 AccessReasonFromPrivilege = 0x00200000,
779 AccessReasonIntegrityLevel = 0x00300000,
780 AccessReasonOwnership = 0x00400000,
781 AccessReasonNullDacl = 0x00500000,
782 AccessReasonEmptyDacl = 0x00600000,
783 AccessReasonNoSD = 0x00700000,
784 AccessReasonNoGrant = 0x00800000
785 } ACCESS_REASON_TYPE;
786
787 typedef ULONG ACCESS_REASON;
788
789 typedef struct _ACCESS_REASONS {
790 ACCESS_REASON Data[32];
791 } ACCESS_REASONS, *PACCESS_REASONS;
792
793 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_OWNER_ACE 0x00000001
794 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_LABEL_ACE 0x00000002
795 #define SE_SECURITY_DESCRIPTOR_VALID_FLAGS 0x00000003
796
797 typedef struct _SE_SECURITY_DESCRIPTOR {
798 ULONG Size;
799 ULONG Flags;
800 PSECURITY_DESCRIPTOR SecurityDescriptor;
801 } SE_SECURITY_DESCRIPTOR, *PSE_SECURITY_DESCRIPTOR;
802
803 typedef struct _SE_ACCESS_REQUEST {
804 ULONG Size;
805 PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor;
806 ACCESS_MASK DesiredAccess;
807 ACCESS_MASK PreviouslyGrantedAccess;
808 PSID PrincipalSelfSid;
809 PGENERIC_MAPPING GenericMapping;
810 ULONG ObjectTypeListCount;
811 POBJECT_TYPE_LIST ObjectTypeList;
812 } SE_ACCESS_REQUEST, *PSE_ACCESS_REQUEST;
813
814 typedef struct _SE_ACCESS_REPLY {
815 ULONG Size;
816 ULONG ResultListCount;
817 PACCESS_MASK GrantedAccess;
818 PNTSTATUS AccessStatus;
819 PACCESS_REASONS AccessReason;
820 PPRIVILEGE_SET* Privileges;
821 } SE_ACCESS_REPLY, *PSE_ACCESS_REPLY;
822
823 typedef enum _SE_AUDIT_OPERATION {
824 AuditPrivilegeObject,
825 AuditPrivilegeService,
826 AuditAccessCheck,
827 AuditOpenObject,
828 AuditOpenObjectWithTransaction,
829 AuditCloseObject,
830 AuditDeleteObject,
831 AuditOpenObjectForDelete,
832 AuditOpenObjectForDeleteWithTransaction,
833 AuditCloseNonObject,
834 AuditOpenNonObject,
835 AuditObjectReference,
836 AuditHandleCreation,
837 } SE_AUDIT_OPERATION, *PSE_AUDIT_OPERATION;
838
839 typedef struct _SE_AUDIT_INFO {
840 ULONG Size;
841 AUDIT_EVENT_TYPE AuditType;
842 SE_AUDIT_OPERATION AuditOperation;
843 ULONG AuditFlags;
844 UNICODE_STRING SubsystemName;
845 UNICODE_STRING ObjectTypeName;
846 UNICODE_STRING ObjectName;
847 PVOID HandleId;
848 GUID* TransactionId;
849 LUID* OperationId;
850 BOOLEAN ObjectCreation;
851 BOOLEAN GenerateOnClose;
852 } SE_AUDIT_INFO, *PSE_AUDIT_INFO;
853
854 #define TOKEN_ASSIGN_PRIMARY (0x0001)
855 #define TOKEN_DUPLICATE (0x0002)
856 #define TOKEN_IMPERSONATE (0x0004)
857 #define TOKEN_QUERY (0x0008)
858 #define TOKEN_QUERY_SOURCE (0x0010)
859 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
860 #define TOKEN_ADJUST_GROUPS (0x0040)
861 #define TOKEN_ADJUST_DEFAULT (0x0080)
862 #define TOKEN_ADJUST_SESSIONID (0x0100)
863
864 #define TOKEN_ALL_ACCESS_P (STANDARD_RIGHTS_REQUIRED |\
865 TOKEN_ASSIGN_PRIMARY |\
866 TOKEN_DUPLICATE |\
867 TOKEN_IMPERSONATE |\
868 TOKEN_QUERY |\
869 TOKEN_QUERY_SOURCE |\
870 TOKEN_ADJUST_PRIVILEGES |\
871 TOKEN_ADJUST_GROUPS |\
872 TOKEN_ADJUST_DEFAULT )
873
874 #if ((defined(_WIN32_WINNT) && (_WIN32_WINNT > 0x0400)) || (!defined(_WIN32_WINNT)))
875 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P |\
876 TOKEN_ADJUST_SESSIONID )
877 #else
878 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P)
879 #endif
880
881 #define TOKEN_READ (STANDARD_RIGHTS_READ |\
882 TOKEN_QUERY)
883
884 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
885 TOKEN_ADJUST_PRIVILEGES |\
886 TOKEN_ADJUST_GROUPS |\
887 TOKEN_ADJUST_DEFAULT)
888
889 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
890
891 typedef enum _TOKEN_TYPE {
892 TokenPrimary = 1,
893 TokenImpersonation
894 } TOKEN_TYPE,*PTOKEN_TYPE;
895
896 typedef enum _TOKEN_INFORMATION_CLASS {
897 TokenUser = 1,
898 TokenGroups,
899 TokenPrivileges,
900 TokenOwner,
901 TokenPrimaryGroup,
902 TokenDefaultDacl,
903 TokenSource,
904 TokenType,
905 TokenImpersonationLevel,
906 TokenStatistics,
907 TokenRestrictedSids,
908 TokenSessionId,
909 TokenGroupsAndPrivileges,
910 TokenSessionReference,
911 TokenSandBoxInert,
912 TokenAuditPolicy,
913 TokenOrigin,
914 TokenElevationType,
915 TokenLinkedToken,
916 TokenElevation,
917 TokenHasRestrictions,
918 TokenAccessInformation,
919 TokenVirtualizationAllowed,
920 TokenVirtualizationEnabled,
921 TokenIntegrityLevel,
922 TokenUIAccess,
923 TokenMandatoryPolicy,
924 TokenLogonSid,
925 MaxTokenInfoClass
926 } TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS;
927
928 typedef struct _TOKEN_USER {
929 SID_AND_ATTRIBUTES User;
930 } TOKEN_USER, *PTOKEN_USER;
931
932 typedef struct _TOKEN_GROUPS {
933 ULONG GroupCount;
934 SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
935 } TOKEN_GROUPS,*PTOKEN_GROUPS,*LPTOKEN_GROUPS;
936
937 typedef struct _TOKEN_PRIVILEGES {
938 ULONG PrivilegeCount;
939 LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
940 } TOKEN_PRIVILEGES,*PTOKEN_PRIVILEGES,*LPTOKEN_PRIVILEGES;
941
942 typedef struct _TOKEN_OWNER {
943 PSID Owner;
944 } TOKEN_OWNER,*PTOKEN_OWNER;
945
946 typedef struct _TOKEN_PRIMARY_GROUP {
947 PSID PrimaryGroup;
948 } TOKEN_PRIMARY_GROUP,*PTOKEN_PRIMARY_GROUP;
949
950 typedef struct _TOKEN_DEFAULT_DACL {
951 PACL DefaultDacl;
952 } TOKEN_DEFAULT_DACL,*PTOKEN_DEFAULT_DACL;
953
954 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES {
955 ULONG SidCount;
956 ULONG SidLength;
957 PSID_AND_ATTRIBUTES Sids;
958 ULONG RestrictedSidCount;
959 ULONG RestrictedSidLength;
960 PSID_AND_ATTRIBUTES RestrictedSids;
961 ULONG PrivilegeCount;
962 ULONG PrivilegeLength;
963 PLUID_AND_ATTRIBUTES Privileges;
964 LUID AuthenticationId;
965 } TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES;
966
967 typedef struct _TOKEN_LINKED_TOKEN {
968 HANDLE LinkedToken;
969 } TOKEN_LINKED_TOKEN, *PTOKEN_LINKED_TOKEN;
970
971 typedef struct _TOKEN_ELEVATION {
972 ULONG TokenIsElevated;
973 } TOKEN_ELEVATION, *PTOKEN_ELEVATION;
974
975 typedef struct _TOKEN_MANDATORY_LABEL {
976 SID_AND_ATTRIBUTES Label;
977 } TOKEN_MANDATORY_LABEL, *PTOKEN_MANDATORY_LABEL;
978
979 #define TOKEN_MANDATORY_POLICY_OFF 0x0
980 #define TOKEN_MANDATORY_POLICY_NO_WRITE_UP 0x1
981 #define TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN 0x2
982
983 #define TOKEN_MANDATORY_POLICY_VALID_MASK (TOKEN_MANDATORY_POLICY_NO_WRITE_UP | \
984 TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN)
985
986 typedef struct _TOKEN_MANDATORY_POLICY {
987 ULONG Policy;
988 } TOKEN_MANDATORY_POLICY, *PTOKEN_MANDATORY_POLICY;
989
990 typedef struct _TOKEN_ACCESS_INFORMATION {
991 PSID_AND_ATTRIBUTES_HASH SidHash;
992 PSID_AND_ATTRIBUTES_HASH RestrictedSidHash;
993 PTOKEN_PRIVILEGES Privileges;
994 LUID AuthenticationId;
995 TOKEN_TYPE TokenType;
996 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
997 TOKEN_MANDATORY_POLICY MandatoryPolicy;
998 ULONG Flags;
999 } TOKEN_ACCESS_INFORMATION, *PTOKEN_ACCESS_INFORMATION;
1000
1001 #define POLICY_AUDIT_SUBCATEGORY_COUNT (53)
1002
1003 typedef struct _TOKEN_AUDIT_POLICY {
1004 UCHAR PerUserPolicy[((POLICY_AUDIT_SUBCATEGORY_COUNT) >> 1) + 1];
1005 } TOKEN_AUDIT_POLICY, *PTOKEN_AUDIT_POLICY;
1006
1007 #define TOKEN_SOURCE_LENGTH 8
1008
1009 typedef struct _TOKEN_SOURCE {
1010 CHAR SourceName[TOKEN_SOURCE_LENGTH];
1011 LUID SourceIdentifier;
1012 } TOKEN_SOURCE,*PTOKEN_SOURCE;
1013
1014 typedef struct _TOKEN_STATISTICS {
1015 LUID TokenId;
1016 LUID AuthenticationId;
1017 LARGE_INTEGER ExpirationTime;
1018 TOKEN_TYPE TokenType;
1019 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
1020 ULONG DynamicCharged;
1021 ULONG DynamicAvailable;
1022 ULONG GroupCount;
1023 ULONG PrivilegeCount;
1024 LUID ModifiedId;
1025 } TOKEN_STATISTICS, *PTOKEN_STATISTICS;
1026
1027 typedef struct _TOKEN_CONTROL {
1028 LUID TokenId;
1029 LUID AuthenticationId;
1030 LUID ModifiedId;
1031 TOKEN_SOURCE TokenSource;
1032 } TOKEN_CONTROL,*PTOKEN_CONTROL;
1033
1034 typedef struct _TOKEN_ORIGIN {
1035 LUID OriginatingLogonSession;
1036 } TOKEN_ORIGIN, *PTOKEN_ORIGIN;
1037
1038 typedef enum _MANDATORY_LEVEL {
1039 MandatoryLevelUntrusted = 0,
1040 MandatoryLevelLow,
1041 MandatoryLevelMedium,
1042 MandatoryLevelHigh,
1043 MandatoryLevelSystem,
1044 MandatoryLevelSecureProcess,
1045 MandatoryLevelCount
1046 } MANDATORY_LEVEL, *PMANDATORY_LEVEL;
1047
1048 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x0001
1049 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x0002
1050 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x0004
1051 #define TOKEN_WRITE_RESTRICTED 0x0008
1052 #define TOKEN_IS_RESTRICTED 0x0010
1053 #define TOKEN_SESSION_NOT_REFERENCED 0x0020
1054 #define TOKEN_SANDBOX_INERT 0x0040
1055 #define TOKEN_HAS_IMPERSONATE_PRIVILEGE 0x0080
1056 #define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
1057 #define TOKEN_VIRTUALIZE_ALLOWED 0x0200
1058 #define TOKEN_VIRTUALIZE_ENABLED 0x0400
1059 #define TOKEN_IS_FILTERED 0x0800
1060 #define TOKEN_UIACCESS 0x1000
1061 #define TOKEN_NOT_LOW 0x2000
1062
1063 typedef struct _SE_EXPORTS {
1064 LUID SeCreateTokenPrivilege;
1065 LUID SeAssignPrimaryTokenPrivilege;
1066 LUID SeLockMemoryPrivilege;
1067 LUID SeIncreaseQuotaPrivilege;
1068 LUID SeUnsolicitedInputPrivilege;
1069 LUID SeTcbPrivilege;
1070 LUID SeSecurityPrivilege;
1071 LUID SeTakeOwnershipPrivilege;
1072 LUID SeLoadDriverPrivilege;
1073 LUID SeCreatePagefilePrivilege;
1074 LUID SeIncreaseBasePriorityPrivilege;
1075 LUID SeSystemProfilePrivilege;
1076 LUID SeSystemtimePrivilege;
1077 LUID SeProfileSingleProcessPrivilege;
1078 LUID SeCreatePermanentPrivilege;
1079 LUID SeBackupPrivilege;
1080 LUID SeRestorePrivilege;
1081 LUID SeShutdownPrivilege;
1082 LUID SeDebugPrivilege;
1083 LUID SeAuditPrivilege;
1084 LUID SeSystemEnvironmentPrivilege;
1085 LUID SeChangeNotifyPrivilege;
1086 LUID SeRemoteShutdownPrivilege;
1087 PSID SeNullSid;
1088 PSID SeWorldSid;
1089 PSID SeLocalSid;
1090 PSID SeCreatorOwnerSid;
1091 PSID SeCreatorGroupSid;
1092 PSID SeNtAuthoritySid;
1093 PSID SeDialupSid;
1094 PSID SeNetworkSid;
1095 PSID SeBatchSid;
1096 PSID SeInteractiveSid;
1097 PSID SeLocalSystemSid;
1098 PSID SeAliasAdminsSid;
1099 PSID SeAliasUsersSid;
1100 PSID SeAliasGuestsSid;
1101 PSID SeAliasPowerUsersSid;
1102 PSID SeAliasAccountOpsSid;
1103 PSID SeAliasSystemOpsSid;
1104 PSID SeAliasPrintOpsSid;
1105 PSID SeAliasBackupOpsSid;
1106 PSID SeAuthenticatedUsersSid;
1107 PSID SeRestrictedSid;
1108 PSID SeAnonymousLogonSid;
1109 LUID SeUndockPrivilege;
1110 LUID SeSyncAgentPrivilege;
1111 LUID SeEnableDelegationPrivilege;
1112 PSID SeLocalServiceSid;
1113 PSID SeNetworkServiceSid;
1114 LUID SeManageVolumePrivilege;
1115 LUID SeImpersonatePrivilege;
1116 LUID SeCreateGlobalPrivilege;
1117 LUID SeTrustedCredManAccessPrivilege;
1118 LUID SeRelabelPrivilege;
1119 LUID SeIncreaseWorkingSetPrivilege;
1120 LUID SeTimeZonePrivilege;
1121 LUID SeCreateSymbolicLinkPrivilege;
1122 PSID SeIUserSid;
1123 PSID SeUntrustedMandatorySid;
1124 PSID SeLowMandatorySid;
1125 PSID SeMediumMandatorySid;
1126 PSID SeHighMandatorySid;
1127 PSID SeSystemMandatorySid;
1128 PSID SeOwnerRightsSid;
1129 } SE_EXPORTS, *PSE_EXPORTS;
1130
1131 typedef NTSTATUS
1132 (NTAPI *PSE_LOGON_SESSION_TERMINATED_ROUTINE)(
1133 IN PLUID LogonId);
1134 $endif (_NTIFS_)
A free Windows-compatible Operating System