Add missing security constants.
[reactos.git] / reactos / include / ddk / setypes.h
1 /* $Id: setypes.h,v 1.15 2004/07/11 16:09:37 ekohl Exp $
2 *
3 * COPYRIGHT: See COPYING in the top level directory for details
4 * PROJECT: ReactOS kernel
5 * FILE: include/ddk/setypes.h
6 * PURPOSE: Security manager types
7 * REVISION HISTORY:
8 * ??/??/??: Created with empty stubs by David Welch
9 * 29/08/98: ACCESS_TOKEN definition from Boudewijn Dekker
10 */
11
12 #ifndef __INCLUDE_DDK_SETYPES_H
13 #define __INCLUDE_DDK_SETYPES_H
14
15 #include <ntos/security.h>
16
17 /* TOKEN_GROUPS structure */
18 #define SE_GROUP_MANDATORY (0x1L)
19 #define SE_GROUP_ENABLED_BY_DEFAULT (0x2L)
20 #define SE_GROUP_ENABLED (0x4L)
21 #define SE_GROUP_OWNER (0x8L)
22 #define SE_GROUP_LOGON_ID (0xC0000000L)
23
24 /* ACL Defines */
25 #define ACL_REVISION1 (1)
26 #define ACL_REVISION2 (2)
27 #define ACL_REVISION3 (3)
28 #define MIN_ACL_REVISION ACL_REVISION2
29 #define MAX_ACL_REVISION ACL_REVISION3
30
31 #define ACL_REVISION (2)
32
33 /* ACE_HEADER structure */
34 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
35 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
36 #define ACCESS_DENIED_ACE_TYPE (0x1)
37 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
38 #define SYSTEM_ALARM_ACE_TYPE (0x3)
39 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
40 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
41 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
42 #define ACCESS_MAX_MS_ACE_TYPE (0x4)
43
44 /* ACE flags in the ACE_HEADER structure */
45 #define OBJECT_INHERIT_ACE (0x1)
46 #define CONTAINER_INHERIT_ACE (0x2)
47 #define NO_PROPAGATE_INHERIT_ACE (0x4)
48 #define INHERIT_ONLY_ACE (0x8)
49 #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
50 #define FAILED_ACCESS_ACE_FLAG (0x80)
51
52 /* SECURITY_DESCRIPTOR_CONTROL */
53 #define SECURITY_DESCRIPTOR_REVISION (1)
54 #define SECURITY_DESCRIPTOR_REVISION1 (1)
55 #define SECURITY_DESCRIPTOR_MIN_LENGTH (20)
56 #define SE_OWNER_DEFAULTED (1)
57 #define SE_GROUP_DEFAULTED (2)
58 #define SE_DACL_PRESENT (4)
59 #define SE_DACL_DEFAULTED (8)
60 #define SE_SACL_PRESENT (16)
61 #define SE_SACL_DEFAULTED (32)
62 #define SE_SELF_RELATIVE (32768)
63
64 /* PRIVILEGE_SET */
65 #define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x1L)
66 #define SE_PRIVILEGE_ENABLED (0x2L)
67 #define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
68 #define PRIVILEGE_SET_ALL_NECESSARY (0x1)
69
70 /* SID */
71 #define SID_REVISION (1)
72 #define SID_MAX_SUB_AUTHORITIES (15)
73
74 typedef struct _ACCESS_TOKEN
75 {
76 TOKEN_SOURCE TokenSource; /* 0x00 */
77 LUID TokenId; /* 0x10 */
78 LUID AuthenticationId; /* 0x18 */
79 LARGE_INTEGER ExpirationTime; /* 0x20 */
80 LUID ModifiedId; /* 0x28 */
81 ULONG UserAndGroupCount; /* 0x30 */
82 ULONG PrivilegeCount; /* 0x34 */
83 ULONG VariableLength; /* 0x38 */
84 ULONG DynamicCharged; /* 0x3C */
85 ULONG DynamicAvailable; /* 0x40 */
86 ULONG DefaultOwnerIndex; /* 0x44 */
87 PSID_AND_ATTRIBUTES UserAndGroups; /* 0x48 */
88 PSID PrimaryGroup; /* 0x4C */
89 PLUID_AND_ATTRIBUTES Privileges; /* 0x50 */
90 ULONG Unknown1; /* 0x54 */
91 PACL DefaultDacl; /* 0x58 */
92 TOKEN_TYPE TokenType; /* 0x5C */
93 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; /* 0x60 */
94 UCHAR TokenFlags; /* 0x64 */
95 UCHAR TokenInUse; /* 0x65 */
96 UCHAR Unused[2]; /* 0x66 */
97 PVOID ProxyData; /* 0x68 */
98 PVOID AuditData; /* 0x6c */
99 UCHAR VariablePart[0]; /* 0x70 */
100 } ACCESS_TOKEN, *PACCESS_TOKEN;
101
102
103 typedef struct _SECURITY_SUBJECT_CONTEXT
104 {
105 PACCESS_TOKEN ClientToken; /* 0x0 */
106 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; /* 0x4 */
107 PACCESS_TOKEN PrimaryToken; /* 0x8 */
108 PVOID ProcessAuditId; /* 0xC */
109 } SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT;
110
111
112 typedef struct _SECURITY_CLIENT_CONTEXT
113 {
114 SECURITY_QUALITY_OF_SERVICE SecurityQos; /* 0x00 */
115 PACCESS_TOKEN Token; /* 0x0C */
116 BOOLEAN DirectlyAccessClientToken; /* 0x10 */
117 BOOLEAN DirectAccessEffectiveOnly; /* 0x11 */
118 BOOLEAN ServerIsRemote; /* 0x12 */
119 TOKEN_CONTROL ClientTokenControl; /* 0x14 */
120 } SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
121
122
123 typedef struct _SE_EXPORTS
124 {
125 /* Privilege values */
126 LUID SeCreateTokenPrivilege;
127 LUID SeAssignPrimaryTokenPrivilege;
128 LUID SeLockMemoryPrivilege;
129 LUID SeIncreaseQuotaPrivilege;
130 LUID SeUnsolicitedInputPrivilege;
131 LUID SeTcbPrivilege;
132 LUID SeSecurityPrivilege;
133 LUID SeTakeOwnershipPrivilege;
134 LUID SeLoadDriverPrivilege;
135 LUID SeCreatePagefilePrivilege;
136 LUID SeIncreaseBasePriorityPrivilege;
137 LUID SeSystemProfilePrivilege;
138 LUID SeSystemtimePrivilege;
139 LUID SeProfileSingleProcessPrivilege;
140 LUID SeCreatePermanentPrivilege;
141 LUID SeBackupPrivilege;
142 LUID SeRestorePrivilege;
143 LUID SeShutdownPrivilege;
144 LUID SeDebugPrivilege;
145 LUID SeAuditPrivilege;
146 LUID SeSystemEnvironmentPrivilege;
147 LUID SeChangeNotifyPrivilege;
148 LUID SeRemoteShutdownPrivilege;
149
150 /* Universally defined SIDs */
151 PSID SeNullSid;
152 PSID SeWorldSid;
153 PSID SeLocalSid;
154 PSID SeCreatorOwnerSid;
155 PSID SeCreatorGroupSid;
156
157 /* Nt defined SIDs */
158 PSID SeNtAuthoritySid;
159 PSID SeDialupSid;
160 PSID SeNetworkSid;
161 PSID SeBatchSid;
162 PSID SeInteractiveSid;
163 PSID SeLocalSystemSid;
164 PSID SeAliasAdminsSid;
165 PSID SeAliasUsersSid;
166 PSID SeAliasGuestsSid;
167 PSID SeAliasPowerUsersSid;
168 PSID SeAliasAccountOpsSid;
169 PSID SeAliasSystemOpsSid;
170 PSID SeAliasPrintOpsSid;
171 PSID SeAliasBackupOpsSid;
172 } SE_EXPORTS, *PSE_EXPORTS;
173
174
175 typedef NTSTATUS STDCALL_FUNC
176 (*PSE_LOGON_SESSION_TERMINATED_ROUTINE)(IN PLUID LogonId);
177
178
179 typedef enum _SECURITY_OPERATION_CODE
180 {
181 SetSecurityDescriptor,
182 QuerySecurityDescriptor,
183 DeleteSecurityDescriptor,
184 AssignSecurityDescriptor
185 } SECURITY_OPERATION_CODE, *PSECURITY_OPERATION_CODE;
186
187 typedef struct _ACCESS_STATE
188 {
189 LUID OperationID;
190 BOOLEAN SecurityEvaluated;
191 BOOLEAN GenerateAudit;
192 BOOLEAN GenerateClose;
193 BOOLEAN PrivilegesAllocated;
194 ULONG Flags;
195 ACCESS_MASK RemainingDesiredAccess;
196 ACCESS_MASK PreviouslyGrantedAccess;
197 ACCESS_MASK OriginallyDesiredAccess;
198 SECURITY_SUBJECT_CONTEXT SubjectSecurityContext; /* 0x1C */
199 PSECURITY_DESCRIPTOR SecurityDescriptor; /* 0x2C */
200 PVOID AuxData; /* 0x30 */
201 union
202 {
203 INITIAL_PRIVILEGE_SET InitialPrivilegeSet;
204 PRIVILEGE_SET PrivilegeSet;
205 } Privileges;
206 BOOLEAN AuditPrivileges;
207 UNICODE_STRING ObjectName;
208 UNICODE_STRING ObjectTypeName;
209 } ACCESS_STATE, *PACCESS_STATE;
210
211 #endif
212
213 /* EOF */