3 * COPYRIGHT: See COPYING in the top level directory for details
4 * PROJECT: ReactOS kernel
5 * FILE: include/ddk/setypes.h
6 * PURPOSE: Security manager types
8 * ??/??/??: Created with empty stubs by David Welch
9 * 29/08/98: ACCESS_TOKEN definition from Boudewijn Dekker
12 #ifndef __INCLUDE_DDK_SETYPES_H
13 #define __INCLUDE_DDK_SETYPES_H
15 #include <ntos/security.h>
17 /* TOKEN_GROUPS structure */
18 #define SE_GROUP_MANDATORY (0x1L)
19 #define SE_GROUP_ENABLED_BY_DEFAULT (0x2L)
20 #define SE_GROUP_ENABLED (0x4L)
21 #define SE_GROUP_OWNER (0x8L)
22 #define SE_GROUP_LOGON_ID (0xC0000000L)
25 #define ACL_REVISION1 (1)
26 #define ACL_REVISION2 (2)
27 #define ACL_REVISION3 (3)
28 #define MIN_ACL_REVISION ACL_REVISION2
29 #define MAX_ACL_REVISION ACL_REVISION3
31 #define ACL_REVISION (2)
33 /* ACE_HEADER structure */
34 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
35 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
36 #define ACCESS_DENIED_ACE_TYPE (0x1)
37 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
38 #define SYSTEM_ALARM_ACE_TYPE (0x3)
39 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
40 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
41 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
42 #define ACCESS_MAX_MS_ACE_TYPE (0x4)
44 /* ACE flags in the ACE_HEADER structure */
45 #define OBJECT_INHERIT_ACE (0x1)
46 #define CONTAINER_INHERIT_ACE (0x2)
47 #define NO_PROPAGATE_INHERIT_ACE (0x4)
48 #define INHERIT_ONLY_ACE (0x8)
49 #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
50 #define FAILED_ACCESS_ACE_FLAG (0x80)
52 /* SECURITY_DESCRIPTOR_CONTROL */
53 #define SECURITY_DESCRIPTOR_REVISION (1)
54 #define SECURITY_DESCRIPTOR_REVISION1 (1)
55 #define SECURITY_DESCRIPTOR_MIN_LENGTH (20)
56 #define SE_OWNER_DEFAULTED (0x0001)
57 #define SE_GROUP_DEFAULTED (0x0002)
58 #define SE_DACL_PRESENT (0x0004)
59 #define SE_DACL_DEFAULTED (0x0008)
60 #define SE_SACL_PRESENT (0x0010)
61 #define SE_SACL_DEFAULTED (0x0020)
62 #define SE_RM_CONTROL_VALID (0x4000)
63 #define SE_SELF_RELATIVE (0x8000)
66 #define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x1L)
67 #define SE_PRIVILEGE_ENABLED (0x2L)
68 #define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
69 #define PRIVILEGE_SET_ALL_NECESSARY (0x1)
72 #define SID_REVISION (1)
73 #define SID_MAX_SUB_AUTHORITIES (15)
75 typedef struct _SEP_AUDIT_POLICY_CATEGORIES
{
80 UCHAR DetailedTracking
:4;
82 UCHAR AccountManagement
:4;
83 UCHAR DirectoryServiceAccess
:4;
85 } SEP_AUDIT_POLICY_CATEGORIES
, *PSEP_AUDIT_POLICY_CATEGORIES
;
87 typedef struct _SEP_AUDIT_POLICY_OVERLAY
{
88 ULONGLONG PolicyBits
:36;
90 } SEP_AUDIT_POLICY_OVERLAY
, *PSEP_AUDIT_POLICY_OVERLAY
;
92 typedef struct _SEP_AUDIT_POLICY
{
94 SEP_AUDIT_POLICY_CATEGORIES PolicyElements
;
95 SEP_AUDIT_POLICY_OVERLAY PolicyOverlay
;
98 } SEP_AUDIT_POLICY
, *PSEP_AUDIT_POLICY
;
100 typedef struct _TOKEN
{
101 TOKEN_SOURCE TokenSource
; /* 0x00 */
102 LUID TokenId
; /* 0x10 */
103 LUID AuthenticationId
; /* 0x18 */
104 LUID ParentTokenId
; /* 0x20 */
105 LARGE_INTEGER ExpirationTime
; /* 0x28 */
106 struct _ERESOURCE
*TokenLock
; /* 0x30 */
107 SEP_AUDIT_POLICY AuditPolicy
; /* 0x38 */
108 LUID ModifiedId
; /* 0x40 */
109 ULONG SessionId
; /* 0x48 */
110 ULONG UserAndGroupCount
; /* 0x4C */
111 ULONG RestrictedSidCount
; /* 0x50 */
112 ULONG PrivilegeCount
; /* 0x54 */
113 ULONG VariableLength
; /* 0x58 */
114 ULONG DynamicCharged
; /* 0x5C */
115 ULONG DynamicAvailable
; /* 0x60 */
116 ULONG DefaultOwnerIndex
; /* 0x64 */
117 PSID_AND_ATTRIBUTES UserAndGroups
; /* 0x68 */
118 PSID_AND_ATTRIBUTES RestrictedSids
; /* 0x6C */
119 PSID PrimaryGroup
; /* 0x70 */
120 PLUID_AND_ATTRIBUTES Privileges
; /* 0x74 */
121 PULONG DynamicPart
; /* 0x78 */
122 PACL DefaultDacl
; /* 0x7C */
123 TOKEN_TYPE TokenType
; /* 0x80 */
124 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
; /* 0x84 */
125 ULONG TokenFlags
; /* 0x88 */
126 BOOLEAN TokenInUse
; /* 0x8C */
127 PVOID ProxyData
; /* 0x90 */
128 PVOID AuditData
; /* 0x94 */
129 LUID OriginatingLogonSession
; /* 0x98 */
130 ULONG VariablePart
; /* 0xA0 */
133 typedef PVOID PACCESS_TOKEN
;
135 typedef struct _SECURITY_SUBJECT_CONTEXT
137 PACCESS_TOKEN ClientToken
; /* 0x0 */
138 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
; /* 0x4 */
139 PACCESS_TOKEN PrimaryToken
; /* 0x8 */
140 PVOID ProcessAuditId
; /* 0xC */
141 } SECURITY_SUBJECT_CONTEXT
, *PSECURITY_SUBJECT_CONTEXT
;
144 typedef struct _SECURITY_CLIENT_CONTEXT
146 SECURITY_QUALITY_OF_SERVICE SecurityQos
;
147 PACCESS_TOKEN ClientToken
;
148 BOOLEAN DirectlyAccessClientToken
;
149 BOOLEAN DirectAccessEffectiveOnly
;
150 BOOLEAN ServerIsRemote
;
151 TOKEN_CONTROL ClientTokenControl
;
152 } SECURITY_CLIENT_CONTEXT
, *PSECURITY_CLIENT_CONTEXT
;
155 typedef struct _SE_AUDIT_PROCESS_CREATION_INFO
157 struct _OBJECT_NAME_INFORMATION
*ImageFileName
;
158 } SE_AUDIT_PROCESS_CREATION_INFO
, *PSE_AUDIT_PROCESS_CREATION_INFO
;
161 typedef struct _SE_EXPORTS
163 /* Privilege values */
164 LUID SeCreateTokenPrivilege
;
165 LUID SeAssignPrimaryTokenPrivilege
;
166 LUID SeLockMemoryPrivilege
;
167 LUID SeIncreaseQuotaPrivilege
;
168 LUID SeUnsolicitedInputPrivilege
;
170 LUID SeSecurityPrivilege
;
171 LUID SeTakeOwnershipPrivilege
;
172 LUID SeLoadDriverPrivilege
;
173 LUID SeCreatePagefilePrivilege
;
174 LUID SeIncreaseBasePriorityPrivilege
;
175 LUID SeSystemProfilePrivilege
;
176 LUID SeSystemtimePrivilege
;
177 LUID SeProfileSingleProcessPrivilege
;
178 LUID SeCreatePermanentPrivilege
;
179 LUID SeBackupPrivilege
;
180 LUID SeRestorePrivilege
;
181 LUID SeShutdownPrivilege
;
182 LUID SeDebugPrivilege
;
183 LUID SeAuditPrivilege
;
184 LUID SeSystemEnvironmentPrivilege
;
185 LUID SeChangeNotifyPrivilege
;
186 LUID SeRemoteShutdownPrivilege
;
188 /* Universally defined SIDs */
192 PSID SeCreatorOwnerSid
;
193 PSID SeCreatorGroupSid
;
195 /* Nt defined SIDs */
196 PSID SeNtAuthoritySid
;
200 PSID SeInteractiveSid
;
201 PSID SeLocalSystemSid
;
202 PSID SeAliasAdminsSid
;
203 PSID SeAliasUsersSid
;
204 PSID SeAliasGuestsSid
;
205 PSID SeAliasPowerUsersSid
;
206 PSID SeAliasAccountOpsSid
;
207 PSID SeAliasSystemOpsSid
;
208 PSID SeAliasPrintOpsSid
;
209 PSID SeAliasBackupOpsSid
;
210 } SE_EXPORTS
, *PSE_EXPORTS
;
213 typedef NTSTATUS STDCALL_FUNC
214 (*PSE_LOGON_SESSION_TERMINATED_ROUTINE
)(IN PLUID LogonId
);
217 typedef enum _SECURITY_OPERATION_CODE
219 SetSecurityDescriptor
,
220 QuerySecurityDescriptor
,
221 DeleteSecurityDescriptor
,
222 AssignSecurityDescriptor
223 } SECURITY_OPERATION_CODE
, *PSECURITY_OPERATION_CODE
;
225 typedef struct _ACCESS_STATE
228 BOOLEAN SecurityEvaluated
;
229 BOOLEAN GenerateAudit
;
230 BOOLEAN GenerateClose
;
231 BOOLEAN PrivilegesAllocated
;
233 ACCESS_MASK RemainingDesiredAccess
;
234 ACCESS_MASK PreviouslyGrantedAccess
;
235 ACCESS_MASK OriginallyDesiredAccess
;
236 SECURITY_SUBJECT_CONTEXT SubjectSecurityContext
; /* 0x1C */
237 PSECURITY_DESCRIPTOR SecurityDescriptor
; /* 0x2C */
238 PVOID AuxData
; /* 0x30 */
241 INITIAL_PRIVILEGE_SET InitialPrivilegeSet
;
242 PRIVILEGE_SET PrivilegeSet
;
244 BOOLEAN AuditPrivileges
;
245 UNICODE_STRING ObjectName
;
246 UNICODE_STRING ObjectTypeName
;
247 } ACCESS_STATE
, *PACCESS_STATE
;
249 typedef struct _SE_IMPERSONATION_STATE
{
252 BOOLEAN EffectiveOnly
;
253 SECURITY_IMPERSONATION_LEVEL Level
;
254 } SE_IMPERSONATION_STATE
, *PSE_IMPERSONATION_STATE
;