1 /* $Id: setypes.h,v 1.13 2004/02/02 12:03:43 ekohl Exp $
3 * COPYRIGHT: See COPYING in the top level directory for details
4 * PROJECT: ReactOS kernel
5 * FILE: include/ddk/setypes.h
6 * PURPOSE: Security manager types
8 * ??/??/??: Created with empty stubs by David Welch
9 * 29/08/98: ACCESS_TOKEN definition from Boudewijn Dekker
12 #ifndef __INCLUDE_DDK_SETYPES_H
13 #define __INCLUDE_DDK_SETYPES_H
15 #include <ntos/security.h>
17 /* TOKEN_GROUPS structure */
18 #define SE_GROUP_MANDATORY (0x1L)
19 #define SE_GROUP_ENABLED_BY_DEFAULT (0x2L)
20 #define SE_GROUP_ENABLED (0x4L)
21 #define SE_GROUP_OWNER (0x8L)
22 #define SE_GROUP_LOGON_ID (0xC0000000L)
25 #define ACL_REVISION1 (1)
26 #define ACL_REVISION2 (2)
27 #define ACL_REVISION3 (3)
28 #define MIN_ACL_REVISION ACL_REVISION2
29 #define MAX_ACL_REVISION ACL_REVISION3
31 #define ACL_REVISION (2)
33 /* ACE_HEADER structure */
34 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
35 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
36 #define ACCESS_DENIED_ACE_TYPE (0x1)
37 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
38 #define SYSTEM_ALARM_ACE_TYPE (0x3)
39 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
40 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
41 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
42 #define ACCESS_MAX_MS_ACE_TYPE (0x4)
44 /* ACE flags in the ACE_HEADER structure */
45 #define OBJECT_INHERIT_ACE (0x1)
46 #define CONTAINER_INHERIT_ACE (0x2)
47 #define NO_PROPAGATE_INHERIT_ACE (0x4)
48 #define INHERIT_ONLY_ACE (0x8)
49 #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
50 #define FAILED_ACCESS_ACE_FLAG (0x80)
52 /* SECURITY_DESCRIPTOR_CONTROL */
53 #define SECURITY_DESCRIPTOR_REVISION (1)
54 #define SECURITY_DESCRIPTOR_MIN_LENGTH (20)
55 #define SE_OWNER_DEFAULTED (1)
56 #define SE_GROUP_DEFAULTED (2)
57 #define SE_DACL_PRESENT (4)
58 #define SE_DACL_DEFAULTED (8)
59 #define SE_SACL_PRESENT (16)
60 #define SE_SACL_DEFAULTED (32)
61 #define SE_SELF_RELATIVE (32768)
64 #define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x1L)
65 #define SE_PRIVILEGE_ENABLED (0x2L)
66 #define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
67 #define PRIVILEGE_SET_ALL_NECESSARY (0x1)
69 typedef struct _ACCESS_TOKEN
71 TOKEN_SOURCE TokenSource
; /* 0x00 */
72 LUID TokenId
; /* 0x10 */
73 LUID AuthenticationId
; /* 0x18 */
74 LARGE_INTEGER ExpirationTime
; /* 0x20 */
75 LUID ModifiedId
; /* 0x28 */
76 ULONG UserAndGroupCount
; /* 0x30 */
77 ULONG PrivilegeCount
; /* 0x34 */
78 ULONG VariableLength
; /* 0x38 */
79 ULONG DynamicCharged
; /* 0x3C */
80 ULONG DynamicAvailable
; /* 0x40 */
81 ULONG DefaultOwnerIndex
; /* 0x44 */
82 PSID_AND_ATTRIBUTES UserAndGroups
; /* 0x48 */
83 PSID PrimaryGroup
; /* 0x4C */
84 PLUID_AND_ATTRIBUTES Privileges
; /* 0x50 */
85 ULONG Unknown1
; /* 0x54 */
86 PACL DefaultDacl
; /* 0x58 */
87 TOKEN_TYPE TokenType
; /* 0x5C */
88 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
; /* 0x60 */
89 UCHAR TokenFlags
; /* 0x64 */
90 UCHAR TokenInUse
; /* 0x65 */
91 UCHAR Unused
[2]; /* 0x66 */
92 PVOID ProxyData
; /* 0x68 */
93 PVOID AuditData
; /* 0x6c */
94 UCHAR VariablePart
[0]; /* 0x70 */
95 } ACCESS_TOKEN
, *PACCESS_TOKEN
;
98 typedef struct _SECURITY_SUBJECT_CONTEXT
100 PACCESS_TOKEN ClientToken
; /* 0x0 */
101 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
; /* 0x4 */
102 PACCESS_TOKEN PrimaryToken
; /* 0x8 */
103 PVOID ProcessAuditId
; /* 0xC */
104 } SECURITY_SUBJECT_CONTEXT
, *PSECURITY_SUBJECT_CONTEXT
;
107 typedef struct _SECURITY_CLIENT_CONTEXT
109 SECURITY_QUALITY_OF_SERVICE SecurityQos
; /* 0x00 */
110 PACCESS_TOKEN Token
; /* 0x0C */
111 BOOLEAN DirectlyAccessClientToken
; /* 0x10 */
112 BOOLEAN DirectAccessEffectiveOnly
; /* 0x11 */
113 BOOLEAN ServerIsRemote
; /* 0x12 */
114 TOKEN_CONTROL ClientTokenControl
; /* 0x14 */
115 } SECURITY_CLIENT_CONTEXT
, *PSECURITY_CLIENT_CONTEXT
;
118 typedef struct _SE_EXPORTS
120 /* Privilege values */
121 LUID SeCreateTokenPrivilege
;
122 LUID SeAssignPrimaryTokenPrivilege
;
123 LUID SeLockMemoryPrivilege
;
124 LUID SeIncreaseQuotaPrivilege
;
125 LUID SeUnsolicitedInputPrivilege
;
127 LUID SeSecurityPrivilege
;
128 LUID SeTakeOwnershipPrivilege
;
129 LUID SeLoadDriverPrivilege
;
130 LUID SeCreatePagefilePrivilege
;
131 LUID SeIncreaseBasePriorityPrivilege
;
132 LUID SeSystemProfilePrivilege
;
133 LUID SeSystemtimePrivilege
;
134 LUID SeProfileSingleProcessPrivilege
;
135 LUID SeCreatePermanentPrivilege
;
136 LUID SeBackupPrivilege
;
137 LUID SeRestorePrivilege
;
138 LUID SeShutdownPrivilege
;
139 LUID SeDebugPrivilege
;
140 LUID SeAuditPrivilege
;
141 LUID SeSystemEnvironmentPrivilege
;
142 LUID SeChangeNotifyPrivilege
;
143 LUID SeRemoteShutdownPrivilege
;
145 /* Universally defined SIDs */
149 PSID SeCreatorOwnerSid
;
150 PSID SeCreatorGroupSid
;
152 /* Nt defined SIDs */
153 PSID SeNtAuthoritySid
;
157 PSID SeInteractiveSid
;
158 PSID SeLocalSystemSid
;
159 PSID SeAliasAdminsSid
;
160 PSID SeAliasUsersSid
;
161 PSID SeAliasGuestsSid
;
162 PSID SeAliasPowerUsersSid
;
163 PSID SeAliasAccountOpsSid
;
164 PSID SeAliasSystemOpsSid
;
165 PSID SeAliasPrintOpsSid
;
166 PSID SeAliasBackupOpsSid
;
167 } SE_EXPORTS
, *PSE_EXPORTS
;
170 typedef NTSTATUS STDCALL_FUNC
171 (*PSE_LOGON_SESSION_TERMINATED_ROUTINE
)(IN PLUID LogonId
);
174 typedef enum _SECURITY_OPERATION_CODE
176 SetSecurityDescriptor
,
177 QuerySecurityDescriptor
,
178 DeleteSecurityDescriptor
,
179 AssignSecurityDescriptor
180 } SECURITY_OPERATION_CODE
, *PSECURITY_OPERATION_CODE
;