include/xdk/setypes.h

   1 /******************************************************************************
   2  *                            Security Manager Types                          *
   3  ******************************************************************************/
   4
   5 /* Simple types */
   6 typedef PVOID PSECURITY_DESCRIPTOR;
   7 typedef ULONG SECURITY_INFORMATION, *PSECURITY_INFORMATION;
   8 typedef ULONG ACCESS_MASK, *PACCESS_MASK;
   9 typedef PVOID PACCESS_TOKEN;
  10 typedef PVOID PSID;
  11
  12 #define DELETE                           0x00010000L
  13 #define READ_CONTROL                     0x00020000L
  14 #define WRITE_DAC                        0x00040000L
  15 #define WRITE_OWNER                      0x00080000L
  16 #define SYNCHRONIZE                      0x00100000L
  17 #define STANDARD_RIGHTS_REQUIRED         0x000F0000L
  18 #define STANDARD_RIGHTS_READ             READ_CONTROL
  19 #define STANDARD_RIGHTS_WRITE            READ_CONTROL
  20 #define STANDARD_RIGHTS_EXECUTE          READ_CONTROL
  21 #define STANDARD_RIGHTS_ALL              0x001F0000L
  22 #define SPECIFIC_RIGHTS_ALL              0x0000FFFFL
  23 #define ACCESS_SYSTEM_SECURITY           0x01000000L
  24 #define MAXIMUM_ALLOWED                  0x02000000L
  25 #define GENERIC_READ                     0x80000000L
  26 #define GENERIC_WRITE                    0x40000000L
  27 #define GENERIC_EXECUTE                  0x20000000L
  28 #define GENERIC_ALL                      0x10000000L
  29
  30 typedef struct _GENERIC_MAPPING {
  31   ACCESS_MASK GenericRead;
  32   ACCESS_MASK GenericWrite;
  33   ACCESS_MASK GenericExecute;
  34   ACCESS_MASK GenericAll;
  35 } GENERIC_MAPPING, *PGENERIC_MAPPING;
  36
  37 #define ACL_REVISION                      2
  38 #define ACL_REVISION_DS                   4
  39
  40 #define ACL_REVISION1                     1
  41 #define ACL_REVISION2                     2
  42 #define ACL_REVISION3                     3
  43 #define ACL_REVISION4                     4
  44 #define MIN_ACL_REVISION                  ACL_REVISION2
  45 #define MAX_ACL_REVISION                  ACL_REVISION4
  46
  47 typedef struct _ACL {
  48   UCHAR AclRevision;
  49   UCHAR Sbz1;
  50   USHORT AclSize;
  51   USHORT AceCount;
  52   USHORT Sbz2;
  53 } ACL, *PACL;
  54
  55 /* Current security descriptor revision value */
  56 #define SECURITY_DESCRIPTOR_REVISION     (1)
  57 #define SECURITY_DESCRIPTOR_REVISION1    (1)
  58
  59 /* Privilege attributes */
  60 #define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x00000001L)
  61 #define SE_PRIVILEGE_ENABLED            (0x00000002L)
  62 #define SE_PRIVILEGE_REMOVED            (0X00000004L)
  63 #define SE_PRIVILEGE_USED_FOR_ACCESS    (0x80000000L)
  64
  65 #define SE_PRIVILEGE_VALID_ATTRIBUTES   (SE_PRIVILEGE_ENABLED_BY_DEFAULT | \
  66                                          SE_PRIVILEGE_ENABLED            | \
  67                                          SE_PRIVILEGE_REMOVED            | \
  68                                          SE_PRIVILEGE_USED_FOR_ACCESS)
  69
  70 #include <pshpack4.h>
  71 typedef struct _LUID_AND_ATTRIBUTES {
  72   LUID Luid;
  73   ULONG Attributes;
  74 } LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
  75 #include <poppack.h>
  76
  77 typedef LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
  78 typedef LUID_AND_ATTRIBUTES_ARRAY *PLUID_AND_ATTRIBUTES_ARRAY;
  79
  80 /* Privilege sets */
  81 #define PRIVILEGE_SET_ALL_NECESSARY (1)
  82
  83 typedef struct _PRIVILEGE_SET {
  84   ULONG PrivilegeCount;
  85   ULONG Control;
  86   LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY];
  87 } PRIVILEGE_SET,*PPRIVILEGE_SET;
  88
  89 typedef enum _SECURITY_IMPERSONATION_LEVEL {
  90   SecurityAnonymous,
  91   SecurityIdentification,
  92   SecurityImpersonation,
  93   SecurityDelegation
  94 } SECURITY_IMPERSONATION_LEVEL, * PSECURITY_IMPERSONATION_LEVEL;
  95
  96 #define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation
  97 #define SECURITY_MIN_IMPERSONATION_LEVEL SecurityAnonymous
  98 #define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation
  99 #define VALID_IMPERSONATION_LEVEL(Level) (((Level) >= SECURITY_MIN_IMPERSONATION_LEVEL) && ((Level) <= SECURITY_MAX_IMPERSONATION_LEVEL))
 100
 101 #define SECURITY_DYNAMIC_TRACKING (TRUE)
 102 #define SECURITY_STATIC_TRACKING (FALSE)
 103
 104 typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE, *PSECURITY_CONTEXT_TRACKING_MODE;
 105
 106 typedef struct _SECURITY_QUALITY_OF_SERVICE {
 107   ULONG Length;
 108   SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
 109   SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode;
 110   BOOLEAN EffectiveOnly;
 111 } SECURITY_QUALITY_OF_SERVICE, *PSECURITY_QUALITY_OF_SERVICE;
 112
 113 typedef struct _SE_IMPERSONATION_STATE {
 114   PACCESS_TOKEN Token;
 115   BOOLEAN CopyOnOpen;
 116   BOOLEAN EffectiveOnly;
 117   SECURITY_IMPERSONATION_LEVEL Level;
 118 } SE_IMPERSONATION_STATE, *PSE_IMPERSONATION_STATE;
 119
 120 #define OWNER_SECURITY_INFORMATION       (0x00000001L)
 121 #define GROUP_SECURITY_INFORMATION       (0x00000002L)
 122 #define DACL_SECURITY_INFORMATION        (0x00000004L)
 123 #define SACL_SECURITY_INFORMATION        (0x00000008L)
 124 #define LABEL_SECURITY_INFORMATION       (0x00000010L)
 125
 126 #define PROTECTED_DACL_SECURITY_INFORMATION     (0x80000000L)
 127 #define PROTECTED_SACL_SECURITY_INFORMATION     (0x40000000L)
 128 #define UNPROTECTED_DACL_SECURITY_INFORMATION   (0x20000000L)
 129 #define UNPROTECTED_SACL_SECURITY_INFORMATION   (0x10000000L)
 130
 131 typedef enum _SECURITY_OPERATION_CODE {
 132   SetSecurityDescriptor,
 133   QuerySecurityDescriptor,
 134   DeleteSecurityDescriptor,
 135   AssignSecurityDescriptor
 136 } SECURITY_OPERATION_CODE, *PSECURITY_OPERATION_CODE;
 137
 138 #define INITIAL_PRIVILEGE_COUNT           3
 139
 140 typedef struct _INITIAL_PRIVILEGE_SET {
 141   ULONG PrivilegeCount;
 142   ULONG Control;
 143   LUID_AND_ATTRIBUTES Privilege[INITIAL_PRIVILEGE_COUNT];
 144 } INITIAL_PRIVILEGE_SET, * PINITIAL_PRIVILEGE_SET;
 145
 146 #define SE_MIN_WELL_KNOWN_PRIVILEGE         2
 147 #define SE_CREATE_TOKEN_PRIVILEGE           2
 148 #define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE     3
 149 #define SE_LOCK_MEMORY_PRIVILEGE            4
 150 #define SE_INCREASE_QUOTA_PRIVILEGE         5
 151 #define SE_MACHINE_ACCOUNT_PRIVILEGE        6
 152 #define SE_TCB_PRIVILEGE                    7
 153 #define SE_SECURITY_PRIVILEGE               8
 154 #define SE_TAKE_OWNERSHIP_PRIVILEGE         9
 155 #define SE_LOAD_DRIVER_PRIVILEGE            10
 156 #define SE_SYSTEM_PROFILE_PRIVILEGE         11
 157 #define SE_SYSTEMTIME_PRIVILEGE             12
 158 #define SE_PROF_SINGLE_PROCESS_PRIVILEGE    13
 159 #define SE_INC_BASE_PRIORITY_PRIVILEGE      14
 160 #define SE_CREATE_PAGEFILE_PRIVILEGE        15
 161 #define SE_CREATE_PERMANENT_PRIVILEGE       16
 162 #define SE_BACKUP_PRIVILEGE                 17
 163 #define SE_RESTORE_PRIVILEGE                18
 164 #define SE_SHUTDOWN_PRIVILEGE               19
 165 #define SE_DEBUG_PRIVILEGE                  20
 166 #define SE_AUDIT_PRIVILEGE                  21
 167 #define SE_SYSTEM_ENVIRONMENT_PRIVILEGE     22
 168 #define SE_CHANGE_NOTIFY_PRIVILEGE          23
 169 #define SE_REMOTE_SHUTDOWN_PRIVILEGE        24
 170 #define SE_UNDOCK_PRIVILEGE                 25
 171 #define SE_SYNC_AGENT_PRIVILEGE             26
 172 #define SE_ENABLE_DELEGATION_PRIVILEGE      27
 173 #define SE_MANAGE_VOLUME_PRIVILEGE          28
 174 #define SE_IMPERSONATE_PRIVILEGE            29
 175 #define SE_CREATE_GLOBAL_PRIVILEGE          30
 176 #define SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE 31
 177 #define SE_RELABEL_PRIVILEGE                32
 178 #define SE_INC_WORKING_SET_PRIVILEGE        33
 179 #define SE_TIME_ZONE_PRIVILEGE              34
 180 #define SE_CREATE_SYMBOLIC_LINK_PRIVILEGE   35
 181 #define SE_MAX_WELL_KNOWN_PRIVILEGE         SE_CREATE_SYMBOLIC_LINK_PRIVILEGE
 182
 183 typedef struct _SECURITY_SUBJECT_CONTEXT {
 184   PACCESS_TOKEN ClientToken;
 185   SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
 186   PACCESS_TOKEN PrimaryToken;
 187   PVOID ProcessAuditId;
 188 } SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT;
 189
 190 typedef struct _ACCESS_STATE {
 191   LUID OperationID;
 192   BOOLEAN SecurityEvaluated;
 193   BOOLEAN GenerateAudit;
 194   BOOLEAN GenerateOnClose;
 195   BOOLEAN PrivilegesAllocated;
 196   ULONG Flags;
 197   ACCESS_MASK RemainingDesiredAccess;
 198   ACCESS_MASK PreviouslyGrantedAccess;
 199   ACCESS_MASK OriginalDesiredAccess;
 200   SECURITY_SUBJECT_CONTEXT SubjectSecurityContext;
 201   PSECURITY_DESCRIPTOR SecurityDescriptor;
 202   PVOID AuxData;
 203   union {
 204     INITIAL_PRIVILEGE_SET InitialPrivilegeSet;
 205     PRIVILEGE_SET PrivilegeSet;
 206   } Privileges;
 207   BOOLEAN AuditPrivileges;
 208   UNICODE_STRING ObjectName;
 209   UNICODE_STRING ObjectTypeName;
 210 } ACCESS_STATE, *PACCESS_STATE;
 211
 212 #ifndef _NTLSA_IFS_
 213
 214 #ifndef _NTLSA_AUDIT_
 215 #define _NTLSA_AUDIT_
 216
 217 #define SE_MAX_AUDIT_PARAMETERS 32
 218 #define SE_MAX_GENERIC_AUDIT_PARAMETERS 28
 219
 220 #define SE_ADT_OBJECT_ONLY 0x1
 221
 222 #define SE_ADT_PARAMETERS_SELF_RELATIVE    0x00000001
 223 #define SE_ADT_PARAMETERS_SEND_TO_LSA      0x00000002
 224 #define SE_ADT_PARAMETER_EXTENSIBLE_AUDIT  0x00000004
 225 #define SE_ADT_PARAMETER_GENERIC_AUDIT     0x00000008
 226 #define SE_ADT_PARAMETER_WRITE_SYNCHRONOUS 0x00000010
 227
 228 #define LSAP_SE_ADT_PARAMETER_ARRAY_TRUE_SIZE(Parameters) \
 229   ( sizeof(SE_ADT_PARAMETER_ARRAY) - sizeof(SE_ADT_PARAMETER_ARRAY_ENTRY) * \
 230     (SE_MAX_AUDIT_PARAMETERS - Parameters->ParameterCount) )
 231
 232 typedef enum _SE_ADT_PARAMETER_TYPE {
 233   SeAdtParmTypeNone = 0,
 234   SeAdtParmTypeString,
 235   SeAdtParmTypeFileSpec,
 236   SeAdtParmTypeUlong,
 237   SeAdtParmTypeSid,
 238   SeAdtParmTypeLogonId,
 239   SeAdtParmTypeNoLogonId,
 240   SeAdtParmTypeAccessMask,
 241   SeAdtParmTypePrivs,
 242   SeAdtParmTypeObjectTypes,
 243   SeAdtParmTypeHexUlong,
 244   SeAdtParmTypePtr,
 245   SeAdtParmTypeTime,
 246   SeAdtParmTypeGuid,
 247   SeAdtParmTypeLuid,
 248   SeAdtParmTypeHexInt64,
 249   SeAdtParmTypeStringList,
 250   SeAdtParmTypeSidList,
 251   SeAdtParmTypeDuration,
 252   SeAdtParmTypeUserAccountControl,
 253   SeAdtParmTypeNoUac,
 254   SeAdtParmTypeMessage,
 255   SeAdtParmTypeDateTime,
 256   SeAdtParmTypeSockAddr,
 257   SeAdtParmTypeSD,
 258   SeAdtParmTypeLogonHours,
 259   SeAdtParmTypeLogonIdNoSid,
 260   SeAdtParmTypeUlongNoConv,
 261   SeAdtParmTypeSockAddrNoPort,
 262   SeAdtParmTypeAccessReason
 263 } SE_ADT_PARAMETER_TYPE, *PSE_ADT_PARAMETER_TYPE;
 264
 265 typedef struct _SE_ADT_OBJECT_TYPE {
 266   GUID ObjectType;
 267   USHORT Flags;
 268   USHORT Level;
 269   ACCESS_MASK AccessMask;
 270 } SE_ADT_OBJECT_TYPE, *PSE_ADT_OBJECT_TYPE;
 271
 272 typedef struct _SE_ADT_PARAMETER_ARRAY_ENTRY {
 273   SE_ADT_PARAMETER_TYPE Type;
 274   ULONG Length;
 275   ULONG_PTR Data[2];
 276   PVOID Address;
 277 } SE_ADT_PARAMETER_ARRAY_ENTRY, *PSE_ADT_PARAMETER_ARRAY_ENTRY;
 278
 279 typedef struct _SE_ADT_ACCESS_REASON {
 280   ACCESS_MASK AccessMask;
 281   ULONG AccessReasons[32];
 282   ULONG ObjectTypeIndex;
 283   ULONG AccessGranted;
 284   PSECURITY_DESCRIPTOR SecurityDescriptor;
 285 } SE_ADT_ACCESS_REASON, *PSE_ADT_ACCESS_REASON;
 286
 287 typedef struct _SE_ADT_PARAMETER_ARRAY {
 288   ULONG CategoryId;
 289   ULONG AuditId;
 290   ULONG ParameterCount;
 291   ULONG Length;
 292   USHORT FlatSubCategoryId;
 293   USHORT Type;
 294   ULONG Flags;
 295   SE_ADT_PARAMETER_ARRAY_ENTRY Parameters[ SE_MAX_AUDIT_PARAMETERS ];
 296 } SE_ADT_PARAMETER_ARRAY, *PSE_ADT_PARAMETER_ARRAY;
 297
 298 #endif /* !_NTLSA_AUDIT_ */
 299 #endif /* !_NTLSA_IFS_ */
 300
 301