reactos/include/ddk/setypes.h

   1 /* $Id$
   2  *
   3  * COPYRIGHT:         See COPYING in the top level directory for details
   4  * PROJECT:           ReactOS kernel
   5  * FILE:              include/ddk/setypes.h
   6  * PURPOSE:           Security manager types
   7  * REVISION HISTORY:
   8  *                 ??/??/??:    Created with empty stubs by David Welch
   9  *                 29/08/98:    ACCESS_TOKEN definition from Boudewijn Dekker
  10  */
  11
  12 #ifndef __INCLUDE_DDK_SETYPES_H
  13 #define __INCLUDE_DDK_SETYPES_H
  14
  15 #include <ntos/security.h>
  16
  17 /* TOKEN_GROUPS structure */
  18 #define SE_GROUP_MANDATORY                (0x1L)
  19 #define SE_GROUP_ENABLED_BY_DEFAULT       (0x2L)
  20 #define SE_GROUP_ENABLED                  (0x4L)
  21 #define SE_GROUP_OWNER                    (0x8L)
  22 #define SE_GROUP_LOGON_ID                 (0xC0000000L)
  23
  24 /* ACL Defines */
  25 #define ACL_REVISION1     (1)
  26 #define ACL_REVISION2     (2)
  27 #define ACL_REVISION3     (3)
  28 #define MIN_ACL_REVISION  ACL_REVISION2
  29 #define MAX_ACL_REVISION  ACL_REVISION3
  30
  31 #define ACL_REVISION    (2)
  32
  33 /* ACE_HEADER structure */
  34 #define ACCESS_MIN_MS_ACE_TYPE            (0x0)
  35 #define ACCESS_ALLOWED_ACE_TYPE           (0x0)
  36 #define ACCESS_DENIED_ACE_TYPE            (0x1)
  37 #define SYSTEM_AUDIT_ACE_TYPE             (0x2)
  38 #define SYSTEM_ALARM_ACE_TYPE             (0x3)
  39 #define ACCESS_MAX_MS_V2_ACE_TYPE         (0x3)
  40 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE  (0x4)
  41 #define ACCESS_MAX_MS_V3_ACE_TYPE         (0x4)
  42 #define ACCESS_MAX_MS_ACE_TYPE            (0x4)
  43
  44 /* ACE flags in the ACE_HEADER structure */
  45 #define OBJECT_INHERIT_ACE           (0x1)
  46 #define CONTAINER_INHERIT_ACE        (0x2)
  47 #define NO_PROPAGATE_INHERIT_ACE     (0x4)
  48 #define INHERIT_ONLY_ACE             (0x8)
  49 #define SUCCESSFUL_ACCESS_ACE_FLAG   (0x40)
  50 #define FAILED_ACCESS_ACE_FLAG       (0x80)
  51
  52 /* SECURITY_DESCRIPTOR_CONTROL */
  53 #define SECURITY_DESCRIPTOR_REVISION    (1)
  54 #define SECURITY_DESCRIPTOR_REVISION1   (1)
  55 #define SECURITY_DESCRIPTOR_MIN_LENGTH  (20)
  56 #define SE_OWNER_DEFAULTED              (0x0001)
  57 #define SE_GROUP_DEFAULTED              (0x0002)
  58 #define SE_DACL_PRESENT                 (0x0004)
  59 #define SE_DACL_DEFAULTED               (0x0008)
  60 #define SE_SACL_PRESENT                 (0x0010)
  61 #define SE_SACL_DEFAULTED               (0x0020)
  62 #define SE_RM_CONTROL_VALID             (0x4000)
  63 #define SE_SELF_RELATIVE                (0x8000)
  64
  65 /* PRIVILEGE_SET */
  66 #define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x1L)
  67 #define SE_PRIVILEGE_ENABLED            (0x2L)
  68 #define SE_PRIVILEGE_USED_FOR_ACCESS    (0x80000000L)
  69 #define PRIVILEGE_SET_ALL_NECESSARY     (0x1)
  70
  71 /* SID */
  72 #define SID_REVISION            (1)
  73 #define SID_MAX_SUB_AUTHORITIES (15)
  74
  75 typedef struct _SEP_AUDIT_POLICY_CATEGORIES {
  76     UCHAR System:4;
  77     UCHAR Logon:4;
  78     UCHAR ObjectAccess:4;
  79     UCHAR PrivilegeUse:4;
  80     UCHAR DetailedTracking:4;
  81     UCHAR PolicyChange:4;
  82     UCHAR AccountManagement:4;
  83     UCHAR DirectoryServiceAccess:4;
  84     UCHAR AccountLogon:4;
  85 } SEP_AUDIT_POLICY_CATEGORIES, *PSEP_AUDIT_POLICY_CATEGORIES;
  86
  87 typedef struct _SEP_AUDIT_POLICY_OVERLAY {
  88     ULONGLONG PolicyBits:36;
  89     UCHAR SetBit:1;
  90 } SEP_AUDIT_POLICY_OVERLAY, *PSEP_AUDIT_POLICY_OVERLAY;
  91
  92 typedef struct _SEP_AUDIT_POLICY {
  93     union {
  94         SEP_AUDIT_POLICY_CATEGORIES PolicyElements;
  95         SEP_AUDIT_POLICY_OVERLAY PolicyOverlay;
  96         ULONGLONG Overlay;
  97     };
  98 } SEP_AUDIT_POLICY, *PSEP_AUDIT_POLICY;
  99
 100 typedef struct _TOKEN {
 101   TOKEN_SOURCE TokenSource;                         /* 0x00 */
 102   LUID TokenId;                                     /* 0x10 */
 103   LUID AuthenticationId;                            /* 0x18 */
 104   LUID ParentTokenId;                               /* 0x20 */
 105   LARGE_INTEGER ExpirationTime;                     /* 0x28 */
 106   struct _ERESOURCE *TokenLock;                     /* 0x30 */
 107   SEP_AUDIT_POLICY  AuditPolicy;                    /* 0x38 */
 108   LUID ModifiedId;                                  /* 0x40 */
 109   ULONG SessionId;                                  /* 0x48 */
 110   ULONG UserAndGroupCount;                          /* 0x4C */
 111   ULONG RestrictedSidCount;                         /* 0x50 */
 112   ULONG PrivilegeCount;                             /* 0x54 */
 113   ULONG VariableLength;                             /* 0x58 */
 114   ULONG DynamicCharged;                             /* 0x5C */
 115   ULONG DynamicAvailable;                           /* 0x60 */
 116   ULONG DefaultOwnerIndex;                          /* 0x64 */
 117   PSID_AND_ATTRIBUTES UserAndGroups;                /* 0x68 */
 118   PSID_AND_ATTRIBUTES RestrictedSids;               /* 0x6C */
 119   PSID PrimaryGroup;                                /* 0x70 */
 120   PLUID_AND_ATTRIBUTES Privileges;                  /* 0x74 */
 121   PULONG DynamicPart;                               /* 0x78 */
 122   PACL DefaultDacl;                                 /* 0x7C */
 123   TOKEN_TYPE TokenType;                             /* 0x80 */
 124   SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;  /* 0x84 */
 125   ULONG TokenFlags;                                 /* 0x88 */
 126   BOOLEAN TokenInUse;                               /* 0x8C */
 127   PVOID ProxyData;                                  /* 0x90 */
 128   PVOID AuditData;                                  /* 0x94 */
 129   LUID OriginatingLogonSession;                     /* 0x98 */
 130   ULONG VariablePart;                               /* 0xA0 */
 131 } TOKEN, *PTOKEN;
 132
 133 typedef PVOID PACCESS_TOKEN;
 134
 135 typedef struct _SECURITY_SUBJECT_CONTEXT
 136 {
 137   PACCESS_TOKEN ClientToken;                              /* 0x0 */
 138   SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;        /* 0x4 */
 139   PACCESS_TOKEN PrimaryToken;                             /* 0x8 */
 140   PVOID ProcessAuditId;                                   /* 0xC */
 141 } SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT;
 142
 143
 144 typedef struct _SECURITY_CLIENT_CONTEXT
 145 {
 146     SECURITY_QUALITY_OF_SERVICE SecurityQos;
 147     PACCESS_TOKEN               ClientToken;
 148     BOOLEAN                     DirectlyAccessClientToken;
 149     BOOLEAN                     DirectAccessEffectiveOnly;
 150     BOOLEAN                     ServerIsRemote;
 151     TOKEN_CONTROL               ClientTokenControl;
 152 } SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
 153
 154 #ifndef __USE_W32API
 155 typedef struct _SE_AUDIT_PROCESS_CREATION_INFO
 156 {
 157     struct _OBJECT_NAME_INFORMATION *ImageFileName;
 158 } SE_AUDIT_PROCESS_CREATION_INFO, *PSE_AUDIT_PROCESS_CREATION_INFO;
 159 #endif
 160
 161 typedef struct _SE_EXPORTS
 162 {
 163   /* Privilege values */
 164   LUID SeCreateTokenPrivilege;
 165   LUID SeAssignPrimaryTokenPrivilege;
 166   LUID SeLockMemoryPrivilege;
 167   LUID SeIncreaseQuotaPrivilege;
 168   LUID SeUnsolicitedInputPrivilege;
 169   LUID SeTcbPrivilege;
 170   LUID SeSecurityPrivilege;
 171   LUID SeTakeOwnershipPrivilege;
 172   LUID SeLoadDriverPrivilege;
 173   LUID SeCreatePagefilePrivilege;
 174   LUID SeIncreaseBasePriorityPrivilege;
 175   LUID SeSystemProfilePrivilege;
 176   LUID SeSystemtimePrivilege;
 177   LUID SeProfileSingleProcessPrivilege;
 178   LUID SeCreatePermanentPrivilege;
 179   LUID SeBackupPrivilege;
 180   LUID SeRestorePrivilege;
 181   LUID SeShutdownPrivilege;
 182   LUID SeDebugPrivilege;
 183   LUID SeAuditPrivilege;
 184   LUID SeSystemEnvironmentPrivilege;
 185   LUID SeChangeNotifyPrivilege;
 186   LUID SeRemoteShutdownPrivilege;
 187
 188   /* Universally defined SIDs */
 189   PSID SeNullSid;
 190   PSID SeWorldSid;
 191   PSID SeLocalSid;
 192   PSID SeCreatorOwnerSid;
 193   PSID SeCreatorGroupSid;
 194
 195   /* Nt defined SIDs */
 196   PSID SeNtAuthoritySid;
 197   PSID SeDialupSid;
 198   PSID SeNetworkSid;
 199   PSID SeBatchSid;
 200   PSID SeInteractiveSid;
 201   PSID SeLocalSystemSid;
 202   PSID SeAliasAdminsSid;
 203   PSID SeAliasUsersSid;
 204   PSID SeAliasGuestsSid;
 205   PSID SeAliasPowerUsersSid;
 206   PSID SeAliasAccountOpsSid;
 207   PSID SeAliasSystemOpsSid;
 208   PSID SeAliasPrintOpsSid;
 209   PSID SeAliasBackupOpsSid;
 210 } SE_EXPORTS, *PSE_EXPORTS;
 211
 212
 213 typedef NTSTATUS STDCALL_FUNC
 214 (*PSE_LOGON_SESSION_TERMINATED_ROUTINE)(IN PLUID LogonId);
 215
 216
 217 typedef enum _SECURITY_OPERATION_CODE
 218 {
 219   SetSecurityDescriptor,
 220   QuerySecurityDescriptor,
 221   DeleteSecurityDescriptor,
 222   AssignSecurityDescriptor
 223 } SECURITY_OPERATION_CODE, *PSECURITY_OPERATION_CODE;
 224
 225 typedef struct _ACCESS_STATE
 226 {
 227   LUID OperationID;
 228   BOOLEAN SecurityEvaluated;
 229   BOOLEAN GenerateAudit;
 230   BOOLEAN GenerateClose;
 231   BOOLEAN PrivilegesAllocated;
 232   ULONG Flags;
 233   ACCESS_MASK RemainingDesiredAccess;
 234   ACCESS_MASK PreviouslyGrantedAccess;
 235   ACCESS_MASK OriginallyDesiredAccess;
 236   SECURITY_SUBJECT_CONTEXT SubjectSecurityContext; /* 0x1C */
 237   PSECURITY_DESCRIPTOR SecurityDescriptor; /* 0x2C */
 238   PVOID AuxData; /* 0x30 */
 239   union
 240   {
 241     INITIAL_PRIVILEGE_SET InitialPrivilegeSet;
 242     PRIVILEGE_SET PrivilegeSet;
 243   } Privileges;
 244   BOOLEAN AuditPrivileges;
 245   UNICODE_STRING ObjectName;
 246   UNICODE_STRING ObjectTypeName;
 247 } ACCESS_STATE, *PACCESS_STATE;
 248
 249 typedef struct _SE_IMPERSONATION_STATE {
 250         PVOID           Token;
 251         BOOLEAN         CopyOnOpen;
 252         BOOLEAN         EffectiveOnly;
 253         SECURITY_IMPERSONATION_LEVEL Level;
 254 } SE_IMPERSONATION_STATE, *PSE_IMPERSONATION_STATE;
 255
 256 #endif
 257
 258 /* EOF */