projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[DDK]
[reactos.git] / include / xdk / setypes.h
1 /******************************************************************************
2 * Security Manager Types *
3 ******************************************************************************/
4 $if (_NTDDK_)
5 #define SE_UNSOLICITED_INPUT_PRIVILEGE 6
6
7 typedef enum _WELL_KNOWN_SID_TYPE {
8 WinNullSid = 0,
9 WinWorldSid = 1,
10 WinLocalSid = 2,
11 WinCreatorOwnerSid = 3,
12 WinCreatorGroupSid = 4,
13 WinCreatorOwnerServerSid = 5,
14 WinCreatorGroupServerSid = 6,
15 WinNtAuthoritySid = 7,
16 WinDialupSid = 8,
17 WinNetworkSid = 9,
18 WinBatchSid = 10,
19 WinInteractiveSid = 11,
20 WinServiceSid = 12,
21 WinAnonymousSid = 13,
22 WinProxySid = 14,
23 WinEnterpriseControllersSid = 15,
24 WinSelfSid = 16,
25 WinAuthenticatedUserSid = 17,
26 WinRestrictedCodeSid = 18,
27 WinTerminalServerSid = 19,
28 WinRemoteLogonIdSid = 20,
29 WinLogonIdsSid = 21,
30 WinLocalSystemSid = 22,
31 WinLocalServiceSid = 23,
32 WinNetworkServiceSid = 24,
33 WinBuiltinDomainSid = 25,
34 WinBuiltinAdministratorsSid = 26,
35 WinBuiltinUsersSid = 27,
36 WinBuiltinGuestsSid = 28,
37 WinBuiltinPowerUsersSid = 29,
38 WinBuiltinAccountOperatorsSid = 30,
39 WinBuiltinSystemOperatorsSid = 31,
40 WinBuiltinPrintOperatorsSid = 32,
41 WinBuiltinBackupOperatorsSid = 33,
42 WinBuiltinReplicatorSid = 34,
43 WinBuiltinPreWindows2000CompatibleAccessSid = 35,
44 WinBuiltinRemoteDesktopUsersSid = 36,
45 WinBuiltinNetworkConfigurationOperatorsSid = 37,
46 WinAccountAdministratorSid = 38,
47 WinAccountGuestSid = 39,
48 WinAccountKrbtgtSid = 40,
49 WinAccountDomainAdminsSid = 41,
50 WinAccountDomainUsersSid = 42,
51 WinAccountDomainGuestsSid = 43,
52 WinAccountComputersSid = 44,
53 WinAccountControllersSid = 45,
54 WinAccountCertAdminsSid = 46,
55 WinAccountSchemaAdminsSid = 47,
56 WinAccountEnterpriseAdminsSid = 48,
57 WinAccountPolicyAdminsSid = 49,
58 WinAccountRasAndIasServersSid = 50,
59 WinNTLMAuthenticationSid = 51,
60 WinDigestAuthenticationSid = 52,
61 WinSChannelAuthenticationSid = 53,
62 WinThisOrganizationSid = 54,
63 WinOtherOrganizationSid = 55,
64 WinBuiltinIncomingForestTrustBuildersSid = 56,
65 WinBuiltinPerfMonitoringUsersSid = 57,
66 WinBuiltinPerfLoggingUsersSid = 58,
67 WinBuiltinAuthorizationAccessSid = 59,
68 WinBuiltinTerminalServerLicenseServersSid = 60,
69 WinBuiltinDCOMUsersSid = 61,
70 WinBuiltinIUsersSid = 62,
71 WinIUserSid = 63,
72 WinBuiltinCryptoOperatorsSid = 64,
73 WinUntrustedLabelSid = 65,
74 WinLowLabelSid = 66,
75 WinMediumLabelSid = 67,
76 WinHighLabelSid = 68,
77 WinSystemLabelSid = 69,
78 WinWriteRestrictedCodeSid = 70,
79 WinCreatorOwnerRightsSid = 71,
80 WinCacheablePrincipalsGroupSid = 72,
81 WinNonCacheablePrincipalsGroupSid = 73,
82 WinEnterpriseReadonlyControllersSid = 74,
83 WinAccountReadonlyControllersSid = 75,
84 WinBuiltinEventLogReadersGroup = 76,
85 WinNewEnterpriseReadonlyControllersSid = 77,
86 WinBuiltinCertSvcDComAccessGroup = 78,
87 WinMediumPlusLabelSid = 79,
88 WinLocalLogonSid = 80,
89 WinConsoleLogonSid = 81,
90 WinThisOrganizationCertificateSid = 82,
91 } WELL_KNOWN_SID_TYPE;
92 $endif
93
94 $if (_WDMDDK_)
95 /* Simple types */
96 typedef PVOID PSECURITY_DESCRIPTOR;
97 typedef ULONG SECURITY_INFORMATION, *PSECURITY_INFORMATION;
98 typedef ULONG ACCESS_MASK, *PACCESS_MASK;
99 typedef PVOID PACCESS_TOKEN;
100 typedef PVOID PSID;
101
102 #define DELETE 0x00010000L
103 #define READ_CONTROL 0x00020000L
104 #define WRITE_DAC 0x00040000L
105 #define WRITE_OWNER 0x00080000L
106 #define SYNCHRONIZE 0x00100000L
107 #define STANDARD_RIGHTS_REQUIRED 0x000F0000L
108 #define STANDARD_RIGHTS_READ READ_CONTROL
109 #define STANDARD_RIGHTS_WRITE READ_CONTROL
110 #define STANDARD_RIGHTS_EXECUTE READ_CONTROL
111 #define STANDARD_RIGHTS_ALL 0x001F0000L
112 #define SPECIFIC_RIGHTS_ALL 0x0000FFFFL
113 #define ACCESS_SYSTEM_SECURITY 0x01000000L
114 #define MAXIMUM_ALLOWED 0x02000000L
115 #define GENERIC_READ 0x80000000L
116 #define GENERIC_WRITE 0x40000000L
117 #define GENERIC_EXECUTE 0x20000000L
118 #define GENERIC_ALL 0x10000000L
119
120 typedef struct _GENERIC_MAPPING {
121 ACCESS_MASK GenericRead;
122 ACCESS_MASK GenericWrite;
123 ACCESS_MASK GenericExecute;
124 ACCESS_MASK GenericAll;
125 } GENERIC_MAPPING, *PGENERIC_MAPPING;
126
127 #define ACL_REVISION 2
128 #define ACL_REVISION_DS 4
129
130 #define ACL_REVISION1 1
131 #define ACL_REVISION2 2
132 #define ACL_REVISION3 3
133 #define ACL_REVISION4 4
134 #define MIN_ACL_REVISION ACL_REVISION2
135 #define MAX_ACL_REVISION ACL_REVISION4
136
137 typedef struct _ACL {
138 UCHAR AclRevision;
139 UCHAR Sbz1;
140 USHORT AclSize;
141 USHORT AceCount;
142 USHORT Sbz2;
143 } ACL, *PACL;
144
145 /* Current security descriptor revision value */
146 #define SECURITY_DESCRIPTOR_REVISION (1)
147 #define SECURITY_DESCRIPTOR_REVISION1 (1)
148
149 /* Privilege attributes */
150 #define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x00000001L)
151 #define SE_PRIVILEGE_ENABLED (0x00000002L)
152 #define SE_PRIVILEGE_REMOVED (0X00000004L)
153 #define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
154
155 #define SE_PRIVILEGE_VALID_ATTRIBUTES (SE_PRIVILEGE_ENABLED_BY_DEFAULT | \
156 SE_PRIVILEGE_ENABLED | \
157 SE_PRIVILEGE_REMOVED | \
158 SE_PRIVILEGE_USED_FOR_ACCESS)
159
160 #include <pshpack4.h>
161 typedef struct _LUID_AND_ATTRIBUTES {
162 LUID Luid;
163 ULONG Attributes;
164 } LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
165 #include <poppack.h>
166
167 typedef LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
168 typedef LUID_AND_ATTRIBUTES_ARRAY *PLUID_AND_ATTRIBUTES_ARRAY;
169
170 /* Privilege sets */
171 #define PRIVILEGE_SET_ALL_NECESSARY (1)
172
173 typedef struct _PRIVILEGE_SET {
174 ULONG PrivilegeCount;
175 ULONG Control;
176 LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY];
177 } PRIVILEGE_SET,*PPRIVILEGE_SET;
178
179 typedef enum _SECURITY_IMPERSONATION_LEVEL {
180 SecurityAnonymous,
181 SecurityIdentification,
182 SecurityImpersonation,
183 SecurityDelegation
184 } SECURITY_IMPERSONATION_LEVEL, * PSECURITY_IMPERSONATION_LEVEL;
185
186 #define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation
187 #define SECURITY_MIN_IMPERSONATION_LEVEL SecurityAnonymous
188 #define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation
189 #define VALID_IMPERSONATION_LEVEL(Level) (((Level) >= SECURITY_MIN_IMPERSONATION_LEVEL) && ((Level) <= SECURITY_MAX_IMPERSONATION_LEVEL))
190
191 #define SECURITY_DYNAMIC_TRACKING (TRUE)
192 #define SECURITY_STATIC_TRACKING (FALSE)
193
194 typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE, *PSECURITY_CONTEXT_TRACKING_MODE;
195
196 typedef struct _SECURITY_QUALITY_OF_SERVICE {
197 ULONG Length;
198 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
199 SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode;
200 BOOLEAN EffectiveOnly;
201 } SECURITY_QUALITY_OF_SERVICE, *PSECURITY_QUALITY_OF_SERVICE;
202
203 typedef struct _SE_IMPERSONATION_STATE {
204 PACCESS_TOKEN Token;
205 BOOLEAN CopyOnOpen;
206 BOOLEAN EffectiveOnly;
207 SECURITY_IMPERSONATION_LEVEL Level;
208 } SE_IMPERSONATION_STATE, *PSE_IMPERSONATION_STATE;
209
210 #define OWNER_SECURITY_INFORMATION (0x00000001L)
211 #define GROUP_SECURITY_INFORMATION (0x00000002L)
212 #define DACL_SECURITY_INFORMATION (0x00000004L)
213 #define SACL_SECURITY_INFORMATION (0x00000008L)
214 #define LABEL_SECURITY_INFORMATION (0x00000010L)
215
216 #define PROTECTED_DACL_SECURITY_INFORMATION (0x80000000L)
217 #define PROTECTED_SACL_SECURITY_INFORMATION (0x40000000L)
218 #define UNPROTECTED_DACL_SECURITY_INFORMATION (0x20000000L)
219 #define UNPROTECTED_SACL_SECURITY_INFORMATION (0x10000000L)
220
221 typedef enum _SECURITY_OPERATION_CODE {
222 SetSecurityDescriptor,
223 QuerySecurityDescriptor,
224 DeleteSecurityDescriptor,
225 AssignSecurityDescriptor
226 } SECURITY_OPERATION_CODE, *PSECURITY_OPERATION_CODE;
227
228 #define INITIAL_PRIVILEGE_COUNT 3
229
230 typedef struct _INITIAL_PRIVILEGE_SET {
231 ULONG PrivilegeCount;
232 ULONG Control;
233 LUID_AND_ATTRIBUTES Privilege[INITIAL_PRIVILEGE_COUNT];
234 } INITIAL_PRIVILEGE_SET, * PINITIAL_PRIVILEGE_SET;
235
236 #define SE_MIN_WELL_KNOWN_PRIVILEGE 2
237 #define SE_CREATE_TOKEN_PRIVILEGE 2
238 #define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE 3
239 #define SE_LOCK_MEMORY_PRIVILEGE 4
240 #define SE_INCREASE_QUOTA_PRIVILEGE 5
241 #define SE_MACHINE_ACCOUNT_PRIVILEGE 6
242 #define SE_TCB_PRIVILEGE 7
243 #define SE_SECURITY_PRIVILEGE 8
244 #define SE_TAKE_OWNERSHIP_PRIVILEGE 9
245 #define SE_LOAD_DRIVER_PRIVILEGE 10
246 #define SE_SYSTEM_PROFILE_PRIVILEGE 11
247 #define SE_SYSTEMTIME_PRIVILEGE 12
248 #define SE_PROF_SINGLE_PROCESS_PRIVILEGE 13
249 #define SE_INC_BASE_PRIORITY_PRIVILEGE 14
250 #define SE_CREATE_PAGEFILE_PRIVILEGE 15
251 #define SE_CREATE_PERMANENT_PRIVILEGE 16
252 #define SE_BACKUP_PRIVILEGE 17
253 #define SE_RESTORE_PRIVILEGE 18
254 #define SE_SHUTDOWN_PRIVILEGE 19
255 #define SE_DEBUG_PRIVILEGE 20
256 #define SE_AUDIT_PRIVILEGE 21
257 #define SE_SYSTEM_ENVIRONMENT_PRIVILEGE 22
258 #define SE_CHANGE_NOTIFY_PRIVILEGE 23
259 #define SE_REMOTE_SHUTDOWN_PRIVILEGE 24
260 #define SE_UNDOCK_PRIVILEGE 25
261 #define SE_SYNC_AGENT_PRIVILEGE 26
262 #define SE_ENABLE_DELEGATION_PRIVILEGE 27
263 #define SE_MANAGE_VOLUME_PRIVILEGE 28
264 #define SE_IMPERSONATE_PRIVILEGE 29
265 #define SE_CREATE_GLOBAL_PRIVILEGE 30
266 #define SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE 31
267 #define SE_RELABEL_PRIVILEGE 32
268 #define SE_INC_WORKING_SET_PRIVILEGE 33
269 #define SE_TIME_ZONE_PRIVILEGE 34
270 #define SE_CREATE_SYMBOLIC_LINK_PRIVILEGE 35
271 #define SE_MAX_WELL_KNOWN_PRIVILEGE SE_CREATE_SYMBOLIC_LINK_PRIVILEGE
272
273 typedef struct _SECURITY_SUBJECT_CONTEXT {
274 PACCESS_TOKEN ClientToken;
275 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
276 PACCESS_TOKEN PrimaryToken;
277 PVOID ProcessAuditId;
278 } SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT;
279
280 typedef struct _ACCESS_STATE {
281 LUID OperationID;
282 BOOLEAN SecurityEvaluated;
283 BOOLEAN GenerateAudit;
284 BOOLEAN GenerateOnClose;
285 BOOLEAN PrivilegesAllocated;
286 ULONG Flags;
287 ACCESS_MASK RemainingDesiredAccess;
288 ACCESS_MASK PreviouslyGrantedAccess;
289 ACCESS_MASK OriginalDesiredAccess;
290 SECURITY_SUBJECT_CONTEXT SubjectSecurityContext;
291 PSECURITY_DESCRIPTOR SecurityDescriptor;
292 PVOID AuxData;
293 union {
294 INITIAL_PRIVILEGE_SET InitialPrivilegeSet;
295 PRIVILEGE_SET PrivilegeSet;
296 } Privileges;
297 BOOLEAN AuditPrivileges;
298 UNICODE_STRING ObjectName;
299 UNICODE_STRING ObjectTypeName;
300 } ACCESS_STATE, *PACCESS_STATE;
301
302 typedef VOID
303 (NTAPI *PNTFS_DEREF_EXPORTED_SECURITY_DESCRIPTOR)(
304 IN PVOID Vcb,
305 IN PSECURITY_DESCRIPTOR SecurityDescriptor);
306
307 #ifndef _NTLSA_IFS_
308
309 #ifndef _NTLSA_AUDIT_
310 #define _NTLSA_AUDIT_
311
312 #define SE_MAX_AUDIT_PARAMETERS 32
313 #define SE_MAX_GENERIC_AUDIT_PARAMETERS 28
314
315 #define SE_ADT_OBJECT_ONLY 0x1
316
317 #define SE_ADT_PARAMETERS_SELF_RELATIVE 0x00000001
318 #define SE_ADT_PARAMETERS_SEND_TO_LSA 0x00000002
319 #define SE_ADT_PARAMETER_EXTENSIBLE_AUDIT 0x00000004
320 #define SE_ADT_PARAMETER_GENERIC_AUDIT 0x00000008
321 #define SE_ADT_PARAMETER_WRITE_SYNCHRONOUS 0x00000010
322
323 #define LSAP_SE_ADT_PARAMETER_ARRAY_TRUE_SIZE(Parameters) \
324 ( sizeof(SE_ADT_PARAMETER_ARRAY) - sizeof(SE_ADT_PARAMETER_ARRAY_ENTRY) * \
325 (SE_MAX_AUDIT_PARAMETERS - Parameters->ParameterCount) )
326
327 typedef enum _SE_ADT_PARAMETER_TYPE {
328 SeAdtParmTypeNone = 0,
329 SeAdtParmTypeString,
330 SeAdtParmTypeFileSpec,
331 SeAdtParmTypeUlong,
332 SeAdtParmTypeSid,
333 SeAdtParmTypeLogonId,
334 SeAdtParmTypeNoLogonId,
335 SeAdtParmTypeAccessMask,
336 SeAdtParmTypePrivs,
337 SeAdtParmTypeObjectTypes,
338 SeAdtParmTypeHexUlong,
339 SeAdtParmTypePtr,
340 SeAdtParmTypeTime,
341 SeAdtParmTypeGuid,
342 SeAdtParmTypeLuid,
343 SeAdtParmTypeHexInt64,
344 SeAdtParmTypeStringList,
345 SeAdtParmTypeSidList,
346 SeAdtParmTypeDuration,
347 SeAdtParmTypeUserAccountControl,
348 SeAdtParmTypeNoUac,
349 SeAdtParmTypeMessage,
350 SeAdtParmTypeDateTime,
351 SeAdtParmTypeSockAddr,
352 SeAdtParmTypeSD,
353 SeAdtParmTypeLogonHours,
354 SeAdtParmTypeLogonIdNoSid,
355 SeAdtParmTypeUlongNoConv,
356 SeAdtParmTypeSockAddrNoPort,
357 SeAdtParmTypeAccessReason
358 } SE_ADT_PARAMETER_TYPE, *PSE_ADT_PARAMETER_TYPE;
359
360 typedef struct _SE_ADT_OBJECT_TYPE {
361 GUID ObjectType;
362 USHORT Flags;
363 USHORT Level;
364 ACCESS_MASK AccessMask;
365 } SE_ADT_OBJECT_TYPE, *PSE_ADT_OBJECT_TYPE;
366
367 typedef struct _SE_ADT_PARAMETER_ARRAY_ENTRY {
368 SE_ADT_PARAMETER_TYPE Type;
369 ULONG Length;
370 ULONG_PTR Data[2];
371 PVOID Address;
372 } SE_ADT_PARAMETER_ARRAY_ENTRY, *PSE_ADT_PARAMETER_ARRAY_ENTRY;
373
374 typedef struct _SE_ADT_ACCESS_REASON {
375 ACCESS_MASK AccessMask;
376 ULONG AccessReasons[32];
377 ULONG ObjectTypeIndex;
378 ULONG AccessGranted;
379 PSECURITY_DESCRIPTOR SecurityDescriptor;
380 } SE_ADT_ACCESS_REASON, *PSE_ADT_ACCESS_REASON;
381
382 typedef struct _SE_ADT_PARAMETER_ARRAY {
383 ULONG CategoryId;
384 ULONG AuditId;
385 ULONG ParameterCount;
386 ULONG Length;
387 USHORT FlatSubCategoryId;
388 USHORT Type;
389 ULONG Flags;
390 SE_ADT_PARAMETER_ARRAY_ENTRY Parameters[ SE_MAX_AUDIT_PARAMETERS ];
391 } SE_ADT_PARAMETER_ARRAY, *PSE_ADT_PARAMETER_ARRAY;
392
393 #endif /* !_NTLSA_AUDIT_ */
394 #endif /* !_NTLSA_IFS_ */
395 $endif
396
A free Windows-compatible Operating System