Thomas Weidenmueller <w3seek@reactos.com>
[reactos.git] / reactos / include / ddk / setypes.h
1 /* $Id$
2 *
3 * COPYRIGHT: See COPYING in the top level directory for details
4 * PROJECT: ReactOS kernel
5 * FILE: include/ddk/setypes.h
6 * PURPOSE: Security manager types
7 * REVISION HISTORY:
8 * ??/??/??: Created with empty stubs by David Welch
9 * 29/08/98: ACCESS_TOKEN definition from Boudewijn Dekker
10 */
11
12 #ifndef __INCLUDE_DDK_SETYPES_H
13 #define __INCLUDE_DDK_SETYPES_H
14
15 #include <ntos/security.h>
16
17 /* TOKEN_GROUPS structure */
18 #define SE_GROUP_MANDATORY (0x1L)
19 #define SE_GROUP_ENABLED_BY_DEFAULT (0x2L)
20 #define SE_GROUP_ENABLED (0x4L)
21 #define SE_GROUP_OWNER (0x8L)
22 #define SE_GROUP_LOGON_ID (0xC0000000L)
23
24 /* ACL Defines */
25 #define ACL_REVISION1 (1)
26 #define ACL_REVISION2 (2)
27 #define ACL_REVISION3 (3)
28 #define MIN_ACL_REVISION ACL_REVISION2
29 #define MAX_ACL_REVISION ACL_REVISION3
30
31 #define ACL_REVISION (2)
32
33 /* ACE_HEADER structure */
34 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
35 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
36 #define ACCESS_DENIED_ACE_TYPE (0x1)
37 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
38 #define SYSTEM_ALARM_ACE_TYPE (0x3)
39 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
40 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
41 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
42 #define ACCESS_MAX_MS_ACE_TYPE (0x4)
43
44 /* ACE flags in the ACE_HEADER structure */
45 #define OBJECT_INHERIT_ACE (0x1)
46 #define CONTAINER_INHERIT_ACE (0x2)
47 #define NO_PROPAGATE_INHERIT_ACE (0x4)
48 #define INHERIT_ONLY_ACE (0x8)
49 #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
50 #define FAILED_ACCESS_ACE_FLAG (0x80)
51
52 /* SECURITY_DESCRIPTOR_CONTROL */
53 #define SECURITY_DESCRIPTOR_REVISION (1)
54 #define SECURITY_DESCRIPTOR_REVISION1 (1)
55 #define SECURITY_DESCRIPTOR_MIN_LENGTH (20)
56 #define SE_OWNER_DEFAULTED (0x0001)
57 #define SE_GROUP_DEFAULTED (0x0002)
58 #define SE_DACL_PRESENT (0x0004)
59 #define SE_DACL_DEFAULTED (0x0008)
60 #define SE_SACL_PRESENT (0x0010)
61 #define SE_SACL_DEFAULTED (0x0020)
62 #define SE_RM_CONTROL_VALID (0x4000)
63 #define SE_SELF_RELATIVE (0x8000)
64
65 /* PRIVILEGE_SET */
66 #define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x1L)
67 #define SE_PRIVILEGE_ENABLED (0x2L)
68 #define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
69 #define PRIVILEGE_SET_ALL_NECESSARY (0x1)
70
71 /* SID */
72 #define SID_REVISION (1)
73 #define SID_MAX_SUB_AUTHORITIES (15)
74
75 typedef struct _SEP_AUDIT_POLICY_CATEGORIES {
76 UCHAR System:4;
77 UCHAR Logon:4;
78 UCHAR ObjectAccess:4;
79 UCHAR PrivilegeUse:4;
80 UCHAR DetailedTracking:4;
81 UCHAR PolicyChange:4;
82 UCHAR AccountManagement:4;
83 UCHAR DirectoryServiceAccess:4;
84 UCHAR AccountLogon:4;
85 } SEP_AUDIT_POLICY_CATEGORIES, *PSEP_AUDIT_POLICY_CATEGORIES;
86
87 typedef struct _SEP_AUDIT_POLICY_OVERLAY {
88 ULONGLONG PolicyBits:36;
89 UCHAR SetBit:1;
90 } SEP_AUDIT_POLICY_OVERLAY, *PSEP_AUDIT_POLICY_OVERLAY;
91
92 typedef struct _SEP_AUDIT_POLICY {
93 union {
94 SEP_AUDIT_POLICY_CATEGORIES PolicyElements;
95 SEP_AUDIT_POLICY_OVERLAY PolicyOverlay;
96 ULONGLONG Overlay;
97 };
98 } SEP_AUDIT_POLICY, *PSEP_AUDIT_POLICY;
99
100 typedef struct _TOKEN {
101 TOKEN_SOURCE TokenSource; /* 0x00 */
102 LUID TokenId; /* 0x10 */
103 LUID AuthenticationId; /* 0x18 */
104 LUID ParentTokenId; /* 0x20 */
105 LARGE_INTEGER ExpirationTime; /* 0x28 */
106 struct _ERESOURCE *TokenLock; /* 0x30 */
107 SEP_AUDIT_POLICY AuditPolicy; /* 0x38 */
108 LUID ModifiedId; /* 0x40 */
109 ULONG SessionId; /* 0x48 */
110 ULONG UserAndGroupCount; /* 0x4C */
111 ULONG RestrictedSidCount; /* 0x50 */
112 ULONG PrivilegeCount; /* 0x54 */
113 ULONG VariableLength; /* 0x58 */
114 ULONG DynamicCharged; /* 0x5C */
115 ULONG DynamicAvailable; /* 0x60 */
116 ULONG DefaultOwnerIndex; /* 0x64 */
117 PSID_AND_ATTRIBUTES UserAndGroups; /* 0x68 */
118 PSID_AND_ATTRIBUTES RestrictedSids; /* 0x6C */
119 PSID PrimaryGroup; /* 0x70 */
120 PLUID_AND_ATTRIBUTES Privileges; /* 0x74 */
121 PULONG DynamicPart; /* 0x78 */
122 PACL DefaultDacl; /* 0x7C */
123 TOKEN_TYPE TokenType; /* 0x80 */
124 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; /* 0x84 */
125 ULONG TokenFlags; /* 0x88 */
126 BOOLEAN TokenInUse; /* 0x8C */
127 PVOID ProxyData; /* 0x90 */
128 PVOID AuditData; /* 0x94 */
129 LUID OriginatingLogonSession; /* 0x98 */
130 ULONG VariablePart; /* 0xA0 */
131 } TOKEN, *PTOKEN;
132
133 typedef PVOID PACCESS_TOKEN;
134
135 typedef struct _SECURITY_SUBJECT_CONTEXT
136 {
137 PACCESS_TOKEN ClientToken; /* 0x0 */
138 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; /* 0x4 */
139 PACCESS_TOKEN PrimaryToken; /* 0x8 */
140 PVOID ProcessAuditId; /* 0xC */
141 } SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT;
142
143
144 typedef struct _SECURITY_CLIENT_CONTEXT
145 {
146 SECURITY_QUALITY_OF_SERVICE SecurityQos;
147 PACCESS_TOKEN ClientToken;
148 BOOLEAN DirectlyAccessClientToken;
149 BOOLEAN DirectAccessEffectiveOnly;
150 BOOLEAN ServerIsRemote;
151 TOKEN_CONTROL ClientTokenControl;
152 } SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
153
154
155 typedef struct _SE_EXPORTS
156 {
157 /* Privilege values */
158 LUID SeCreateTokenPrivilege;
159 LUID SeAssignPrimaryTokenPrivilege;
160 LUID SeLockMemoryPrivilege;
161 LUID SeIncreaseQuotaPrivilege;
162 LUID SeUnsolicitedInputPrivilege;
163 LUID SeTcbPrivilege;
164 LUID SeSecurityPrivilege;
165 LUID SeTakeOwnershipPrivilege;
166 LUID SeLoadDriverPrivilege;
167 LUID SeCreatePagefilePrivilege;
168 LUID SeIncreaseBasePriorityPrivilege;
169 LUID SeSystemProfilePrivilege;
170 LUID SeSystemtimePrivilege;
171 LUID SeProfileSingleProcessPrivilege;
172 LUID SeCreatePermanentPrivilege;
173 LUID SeBackupPrivilege;
174 LUID SeRestorePrivilege;
175 LUID SeShutdownPrivilege;
176 LUID SeDebugPrivilege;
177 LUID SeAuditPrivilege;
178 LUID SeSystemEnvironmentPrivilege;
179 LUID SeChangeNotifyPrivilege;
180 LUID SeRemoteShutdownPrivilege;
181
182 /* Universally defined SIDs */
183 PSID SeNullSid;
184 PSID SeWorldSid;
185 PSID SeLocalSid;
186 PSID SeCreatorOwnerSid;
187 PSID SeCreatorGroupSid;
188
189 /* Nt defined SIDs */
190 PSID SeNtAuthoritySid;
191 PSID SeDialupSid;
192 PSID SeNetworkSid;
193 PSID SeBatchSid;
194 PSID SeInteractiveSid;
195 PSID SeLocalSystemSid;
196 PSID SeAliasAdminsSid;
197 PSID SeAliasUsersSid;
198 PSID SeAliasGuestsSid;
199 PSID SeAliasPowerUsersSid;
200 PSID SeAliasAccountOpsSid;
201 PSID SeAliasSystemOpsSid;
202 PSID SeAliasPrintOpsSid;
203 PSID SeAliasBackupOpsSid;
204 } SE_EXPORTS, *PSE_EXPORTS;
205
206
207 typedef NTSTATUS STDCALL_FUNC
208 (*PSE_LOGON_SESSION_TERMINATED_ROUTINE)(IN PLUID LogonId);
209
210
211 typedef enum _SECURITY_OPERATION_CODE
212 {
213 SetSecurityDescriptor,
214 QuerySecurityDescriptor,
215 DeleteSecurityDescriptor,
216 AssignSecurityDescriptor
217 } SECURITY_OPERATION_CODE, *PSECURITY_OPERATION_CODE;
218
219 typedef struct _ACCESS_STATE
220 {
221 LUID OperationID;
222 BOOLEAN SecurityEvaluated;
223 BOOLEAN GenerateAudit;
224 BOOLEAN GenerateClose;
225 BOOLEAN PrivilegesAllocated;
226 ULONG Flags;
227 ACCESS_MASK RemainingDesiredAccess;
228 ACCESS_MASK PreviouslyGrantedAccess;
229 ACCESS_MASK OriginallyDesiredAccess;
230 SECURITY_SUBJECT_CONTEXT SubjectSecurityContext; /* 0x1C */
231 PSECURITY_DESCRIPTOR SecurityDescriptor; /* 0x2C */
232 PVOID AuxData; /* 0x30 */
233 union
234 {
235 INITIAL_PRIVILEGE_SET InitialPrivilegeSet;
236 PRIVILEGE_SET PrivilegeSet;
237 } Privileges;
238 BOOLEAN AuditPrivileges;
239 UNICODE_STRING ObjectName;
240 UNICODE_STRING ObjectTypeName;
241 } ACCESS_STATE, *PACCESS_STATE;
242
243 typedef struct _SE_IMPERSONATION_STATE {
244 PVOID Token;
245 BOOLEAN CopyOnOpen;
246 BOOLEAN EffectiveOnly;
247 SECURITY_IMPERSONATION_LEVEL Level;
248 } SE_IMPERSONATION_STATE, *PSE_IMPERSONATION_STATE;
249
250 #endif
251
252 /* EOF */