projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Implement RtlGetSecurityDescriptorRMControl, RtlSetSecurityDescriptorRMControl, SetSe...
[reactos.git] / reactos / include / ddk / setypes.h
1 /* $Id$
2 *
3 * COPYRIGHT: See COPYING in the top level directory for details
4 * PROJECT: ReactOS kernel
5 * FILE: include/ddk/setypes.h
6 * PURPOSE: Security manager types
7 * REVISION HISTORY:
8 * ??/??/??: Created with empty stubs by David Welch
9 * 29/08/98: ACCESS_TOKEN definition from Boudewijn Dekker
10 */
11
12 #ifndef __INCLUDE_DDK_SETYPES_H
13 #define __INCLUDE_DDK_SETYPES_H
14
15 #include <ntos/security.h>
16
17 /* TOKEN_GROUPS structure */
18 #define SE_GROUP_MANDATORY (0x1L)
19 #define SE_GROUP_ENABLED_BY_DEFAULT (0x2L)
20 #define SE_GROUP_ENABLED (0x4L)
21 #define SE_GROUP_OWNER (0x8L)
22 #define SE_GROUP_LOGON_ID (0xC0000000L)
23
24 /* ACL Defines */
25 #define ACL_REVISION1 (1)
26 #define ACL_REVISION2 (2)
27 #define ACL_REVISION3 (3)
28 #define MIN_ACL_REVISION ACL_REVISION2
29 #define MAX_ACL_REVISION ACL_REVISION3
30
31 #define ACL_REVISION (2)
32
33 /* ACE_HEADER structure */
34 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
35 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
36 #define ACCESS_DENIED_ACE_TYPE (0x1)
37 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
38 #define SYSTEM_ALARM_ACE_TYPE (0x3)
39 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
40 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
41 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
42 #define ACCESS_MAX_MS_ACE_TYPE (0x4)
43
44 /* ACE flags in the ACE_HEADER structure */
45 #define OBJECT_INHERIT_ACE (0x1)
46 #define CONTAINER_INHERIT_ACE (0x2)
47 #define NO_PROPAGATE_INHERIT_ACE (0x4)
48 #define INHERIT_ONLY_ACE (0x8)
49 #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
50 #define FAILED_ACCESS_ACE_FLAG (0x80)
51
52 /* SECURITY_DESCRIPTOR_CONTROL */
53 #define SECURITY_DESCRIPTOR_REVISION (1)
54 #define SECURITY_DESCRIPTOR_REVISION1 (1)
55 #define SECURITY_DESCRIPTOR_MIN_LENGTH (20)
56 #define SE_OWNER_DEFAULTED (0x0001)
57 #define SE_GROUP_DEFAULTED (0x0002)
58 #define SE_DACL_PRESENT (0x0004)
59 #define SE_DACL_DEFAULTED (0x0008)
60 #define SE_SACL_PRESENT (0x0010)
61 #define SE_SACL_DEFAULTED (0x0020)
62 #define SE_RM_CONTROL_VALID (0x4000)
63 #define SE_SELF_RELATIVE (0x8000)
64
65 /* PRIVILEGE_SET */
66 #define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x1L)
67 #define SE_PRIVILEGE_ENABLED (0x2L)
68 #define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
69 #define PRIVILEGE_SET_ALL_NECESSARY (0x1)
70
71 /* SID */
72 #define SID_REVISION (1)
73 #define SID_MAX_SUB_AUTHORITIES (15)
74
75 typedef struct _SEP_AUDIT_POLICY_CATEGORIES {
76 UCHAR System:4;
77 UCHAR Logon:4;
78 UCHAR ObjectAccess:4;
79 UCHAR PrivilegeUse:4;
80 UCHAR DetailedTracking:4;
81 UCHAR PolicyChange:4;
82 UCHAR AccountManagement:4;
83 UCHAR DirectoryServiceAccess:4;
84 UCHAR AccountLogon:4;
85 } SEP_AUDIT_POLICY_CATEGORIES, *PSEP_AUDIT_POLICY_CATEGORIES;
86
87 typedef struct _SEP_AUDIT_POLICY_OVERLAY {
88 ULONGLONG PolicyBits:36;
89 UCHAR SetBit:1;
90 } SEP_AUDIT_POLICY_OVERLAY, *PSEP_AUDIT_POLICY_OVERLAY;
91
92 typedef struct _SEP_AUDIT_POLICY {
93 union {
94 SEP_AUDIT_POLICY_CATEGORIES PolicyElements;
95 SEP_AUDIT_POLICY_OVERLAY PolicyOverlay;
96 ULONGLONG Overlay;
97 };
98 } SEP_AUDIT_POLICY, *PSEP_AUDIT_POLICY;
99
100 typedef struct _TOKEN {
101 TOKEN_SOURCE TokenSource; /* 0x00 */
102 LUID TokenId; /* 0x10 */
103 LUID AuthenticationId; /* 0x18 */
104 LUID ParentTokenId; /* 0x20 */
105 LARGE_INTEGER ExpirationTime; /* 0x28 */
106 struct _ERESOURCE *TokenLock; /* 0x30 */
107 ULONG Padding; /* 0x34 */
108 SEP_AUDIT_POLICY AuditPolicy; /* 0x38 */
109 LUID ModifiedId; /* 0x40 */
110 ULONG SessionId; /* 0x48 */
111 ULONG UserAndGroupCount; /* 0x4C */
112 ULONG RestrictedSidCount; /* 0x50 */
113 ULONG PrivilegeCount; /* 0x54 */
114 ULONG VariableLength; /* 0x58 */
115 ULONG DynamicCharged; /* 0x5C */
116 ULONG DynamicAvailable; /* 0x60 */
117 ULONG DefaultOwnerIndex; /* 0x64 */
118 PSID_AND_ATTRIBUTES UserAndGroups; /* 0x68 */
119 PSID_AND_ATTRIBUTES RestrictedSids; /* 0x6C */
120 PSID PrimaryGroup; /* 0x70 */
121 PLUID_AND_ATTRIBUTES Privileges; /* 0x74 */
122 PULONG DynamicPart; /* 0x78 */
123 PACL DefaultDacl; /* 0x7C */
124 TOKEN_TYPE TokenType; /* 0x80 */
125 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; /* 0x84 */
126 ULONG TokenFlags; /* 0x88 */
127 ULONG TokenInUse; /* 0x8C */
128 PVOID ProxyData; /* 0x90 */
129 PVOID AuditData; /* 0x94 */
130 LUID OriginatingLogonSession; /* 0x98 */
131 UCHAR VariablePart[1]; /* 0xA0 */
132 } TOKEN, *PTOKEN;
133
134 typedef PVOID PACCESS_TOKEN;
135
136 typedef struct _SECURITY_SUBJECT_CONTEXT
137 {
138 PACCESS_TOKEN ClientToken; /* 0x0 */
139 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; /* 0x4 */
140 PACCESS_TOKEN PrimaryToken; /* 0x8 */
141 PVOID ProcessAuditId; /* 0xC */
142 } SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT;
143
144
145 typedef struct _SECURITY_CLIENT_CONTEXT
146 {
147 SECURITY_QUALITY_OF_SERVICE SecurityQos;
148 PACCESS_TOKEN ClientToken;
149 BOOLEAN DirectlyAccessClientToken;
150 BOOLEAN DirectAccessEffectiveOnly;
151 BOOLEAN ServerIsRemote;
152 TOKEN_CONTROL ClientTokenControl;
153 } SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
154
155
156 typedef struct _SE_EXPORTS
157 {
158 /* Privilege values */
159 LUID SeCreateTokenPrivilege;
160 LUID SeAssignPrimaryTokenPrivilege;
161 LUID SeLockMemoryPrivilege;
162 LUID SeIncreaseQuotaPrivilege;
163 LUID SeUnsolicitedInputPrivilege;
164 LUID SeTcbPrivilege;
165 LUID SeSecurityPrivilege;
166 LUID SeTakeOwnershipPrivilege;
167 LUID SeLoadDriverPrivilege;
168 LUID SeCreatePagefilePrivilege;
169 LUID SeIncreaseBasePriorityPrivilege;
170 LUID SeSystemProfilePrivilege;
171 LUID SeSystemtimePrivilege;
172 LUID SeProfileSingleProcessPrivilege;
173 LUID SeCreatePermanentPrivilege;
174 LUID SeBackupPrivilege;
175 LUID SeRestorePrivilege;
176 LUID SeShutdownPrivilege;
177 LUID SeDebugPrivilege;
178 LUID SeAuditPrivilege;
179 LUID SeSystemEnvironmentPrivilege;
180 LUID SeChangeNotifyPrivilege;
181 LUID SeRemoteShutdownPrivilege;
182
183 /* Universally defined SIDs */
184 PSID SeNullSid;
185 PSID SeWorldSid;
186 PSID SeLocalSid;
187 PSID SeCreatorOwnerSid;
188 PSID SeCreatorGroupSid;
189
190 /* Nt defined SIDs */
191 PSID SeNtAuthoritySid;
192 PSID SeDialupSid;
193 PSID SeNetworkSid;
194 PSID SeBatchSid;
195 PSID SeInteractiveSid;
196 PSID SeLocalSystemSid;
197 PSID SeAliasAdminsSid;
198 PSID SeAliasUsersSid;
199 PSID SeAliasGuestsSid;
200 PSID SeAliasPowerUsersSid;
201 PSID SeAliasAccountOpsSid;
202 PSID SeAliasSystemOpsSid;
203 PSID SeAliasPrintOpsSid;
204 PSID SeAliasBackupOpsSid;
205 } SE_EXPORTS, *PSE_EXPORTS;
206
207
208 typedef NTSTATUS STDCALL_FUNC
209 (*PSE_LOGON_SESSION_TERMINATED_ROUTINE)(IN PLUID LogonId);
210
211
212 typedef enum _SECURITY_OPERATION_CODE
213 {
214 SetSecurityDescriptor,
215 QuerySecurityDescriptor,
216 DeleteSecurityDescriptor,
217 AssignSecurityDescriptor
218 } SECURITY_OPERATION_CODE, *PSECURITY_OPERATION_CODE;
219
220 typedef struct _ACCESS_STATE
221 {
222 LUID OperationID;
223 BOOLEAN SecurityEvaluated;
224 BOOLEAN GenerateAudit;
225 BOOLEAN GenerateClose;
226 BOOLEAN PrivilegesAllocated;
227 ULONG Flags;
228 ACCESS_MASK RemainingDesiredAccess;
229 ACCESS_MASK PreviouslyGrantedAccess;
230 ACCESS_MASK OriginallyDesiredAccess;
231 SECURITY_SUBJECT_CONTEXT SubjectSecurityContext; /* 0x1C */
232 PSECURITY_DESCRIPTOR SecurityDescriptor; /* 0x2C */
233 PVOID AuxData; /* 0x30 */
234 union
235 {
236 INITIAL_PRIVILEGE_SET InitialPrivilegeSet;
237 PRIVILEGE_SET PrivilegeSet;
238 } Privileges;
239 BOOLEAN AuditPrivileges;
240 UNICODE_STRING ObjectName;
241 UNICODE_STRING ObjectTypeName;
242 } ACCESS_STATE, *PACCESS_STATE;
243
244 typedef struct _SE_IMPERSONATION_STATE {
245 PVOID Token;
246 BOOLEAN CopyOnOpen;
247 BOOLEAN EffectiveOnly;
248 SECURITY_IMPERSONATION_LEVEL Level;
249 } SE_IMPERSONATION_STATE, *PSE_IMPERSONATION_STATE;
250
251 #endif
252
253 /* EOF */
A free Windows-compatible Operating System