3 * COPYRIGHT: See COPYING in the top level directory for details
4 * PROJECT: ReactOS kernel
5 * FILE: include/ddk/setypes.h
6 * PURPOSE: Security manager types
8 * ??/??/??: Created with empty stubs by David Welch
9 * 29/08/98: ACCESS_TOKEN definition from Boudewijn Dekker
12 #ifndef __INCLUDE_DDK_SETYPES_H
13 #define __INCLUDE_DDK_SETYPES_H
15 #include <ntos/security.h>
17 /* TOKEN_GROUPS structure */
18 #define SE_GROUP_MANDATORY (0x1L)
19 #define SE_GROUP_ENABLED_BY_DEFAULT (0x2L)
20 #define SE_GROUP_ENABLED (0x4L)
21 #define SE_GROUP_OWNER (0x8L)
22 #define SE_GROUP_LOGON_ID (0xC0000000L)
25 #define ACL_REVISION1 (1)
26 #define ACL_REVISION2 (2)
27 #define ACL_REVISION3 (3)
28 #define MIN_ACL_REVISION ACL_REVISION2
29 #define MAX_ACL_REVISION ACL_REVISION3
31 #define ACL_REVISION (2)
33 /* ACE_HEADER structure */
34 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
35 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
36 #define ACCESS_DENIED_ACE_TYPE (0x1)
37 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
38 #define SYSTEM_ALARM_ACE_TYPE (0x3)
39 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
40 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
41 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
42 #define ACCESS_MAX_MS_ACE_TYPE (0x4)
44 /* ACE flags in the ACE_HEADER structure */
45 #define OBJECT_INHERIT_ACE (0x1)
46 #define CONTAINER_INHERIT_ACE (0x2)
47 #define NO_PROPAGATE_INHERIT_ACE (0x4)
48 #define INHERIT_ONLY_ACE (0x8)
49 #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
50 #define FAILED_ACCESS_ACE_FLAG (0x80)
52 /* SECURITY_DESCRIPTOR_CONTROL */
53 #define SECURITY_DESCRIPTOR_REVISION (1)
54 #define SECURITY_DESCRIPTOR_REVISION1 (1)
55 #define SECURITY_DESCRIPTOR_MIN_LENGTH (20)
56 #define SE_OWNER_DEFAULTED (1)
57 #define SE_GROUP_DEFAULTED (2)
58 #define SE_DACL_PRESENT (4)
59 #define SE_DACL_DEFAULTED (8)
60 #define SE_SACL_PRESENT (16)
61 #define SE_SACL_DEFAULTED (32)
62 #define SE_SELF_RELATIVE (32768)
65 #define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x1L)
66 #define SE_PRIVILEGE_ENABLED (0x2L)
67 #define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
68 #define PRIVILEGE_SET_ALL_NECESSARY (0x1)
71 #define SID_REVISION (1)
72 #define SID_MAX_SUB_AUTHORITIES (15)
74 typedef struct _SEP_AUDIT_POLICY_CATEGORIES
{
79 UCHAR DetailedTracking
:4;
81 UCHAR AccountManagement
:4;
82 UCHAR DirectoryServiceAccess
:4;
84 } SEP_AUDIT_POLICY_CATEGORIES
, *PSEP_AUDIT_POLICY_CATEGORIES
;
86 typedef struct _SEP_AUDIT_POLICY_OVERLAY
{
87 ULONGLONG PolicyBits
:36;
89 } SEP_AUDIT_POLICY_OVERLAY
, *PSEP_AUDIT_POLICY_OVERLAY
;
91 typedef struct _SEP_AUDIT_POLICY
{
93 SEP_AUDIT_POLICY_CATEGORIES PolicyElements
;
94 SEP_AUDIT_POLICY_OVERLAY PolicyOverlay
;
97 } SEP_AUDIT_POLICY
, *PSEP_AUDIT_POLICY
;
99 typedef struct _TOKEN
{
100 TOKEN_SOURCE TokenSource
; /* 0x00 */
101 LUID TokenId
; /* 0x10 */
102 LUID AuthenticationId
; /* 0x18 */
103 LUID ParentTokenId
; /* 0x20 */
104 LARGE_INTEGER ExpirationTime
; /* 0x28 */
105 struct _ERESOURCE
*TokenLock
; /* 0x30 */
106 ULONG Padding
; /* 0x34 */
107 SEP_AUDIT_POLICY AuditPolicy
; /* 0x38 */
108 LUID ModifiedId
; /* 0x40 */
109 ULONG SessionId
; /* 0x48 */
110 ULONG UserAndGroupCount
; /* 0x4C */
111 ULONG RestrictedSidCount
; /* 0x50 */
112 ULONG PrivilegeCount
; /* 0x54 */
113 ULONG VariableLength
; /* 0x58 */
114 ULONG DynamicCharged
; /* 0x5C */
115 ULONG DynamicAvailable
; /* 0x60 */
116 ULONG DefaultOwnerIndex
; /* 0x64 */
117 PSID_AND_ATTRIBUTES UserAndGroups
; /* 0x68 */
118 PSID_AND_ATTRIBUTES RestrictedSids
; /* 0x6C */
119 PSID PrimaryGroup
; /* 0x70 */
120 PLUID_AND_ATTRIBUTES Privileges
; /* 0x74 */
121 PULONG DynamicPart
; /* 0x78 */
122 PACL DefaultDacl
; /* 0x7C */
123 TOKEN_TYPE TokenType
; /* 0x80 */
124 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
; /* 0x84 */
125 ULONG TokenFlags
; /* 0x88 */
126 ULONG TokenInUse
; /* 0x8C */
127 PVOID ProxyData
; /* 0x90 */
128 PVOID AuditData
; /* 0x94 */
129 LUID OriginatingLogonSession
; /* 0x98 */
130 UCHAR VariablePart
[1]; /* 0xA0 */
133 typedef PVOID PACCESS_TOKEN
;
135 typedef struct _SECURITY_SUBJECT_CONTEXT
137 PACCESS_TOKEN ClientToken
; /* 0x0 */
138 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
; /* 0x4 */
139 PACCESS_TOKEN PrimaryToken
; /* 0x8 */
140 PVOID ProcessAuditId
; /* 0xC */
141 } SECURITY_SUBJECT_CONTEXT
, *PSECURITY_SUBJECT_CONTEXT
;
144 typedef struct _SECURITY_CLIENT_CONTEXT
146 SECURITY_QUALITY_OF_SERVICE SecurityQos
; /* 0x00 */
147 PACCESS_TOKEN Token
; /* 0x0C */
148 BOOLEAN DirectlyAccessClientToken
; /* 0x10 */
149 BOOLEAN DirectAccessEffectiveOnly
; /* 0x11 */
150 BOOLEAN ServerIsRemote
; /* 0x12 */
151 TOKEN_CONTROL ClientTokenControl
; /* 0x14 */
152 } SECURITY_CLIENT_CONTEXT
, *PSECURITY_CLIENT_CONTEXT
;
155 typedef struct _SE_EXPORTS
157 /* Privilege values */
158 LUID SeCreateTokenPrivilege
;
159 LUID SeAssignPrimaryTokenPrivilege
;
160 LUID SeLockMemoryPrivilege
;
161 LUID SeIncreaseQuotaPrivilege
;
162 LUID SeUnsolicitedInputPrivilege
;
164 LUID SeSecurityPrivilege
;
165 LUID SeTakeOwnershipPrivilege
;
166 LUID SeLoadDriverPrivilege
;
167 LUID SeCreatePagefilePrivilege
;
168 LUID SeIncreaseBasePriorityPrivilege
;
169 LUID SeSystemProfilePrivilege
;
170 LUID SeSystemtimePrivilege
;
171 LUID SeProfileSingleProcessPrivilege
;
172 LUID SeCreatePermanentPrivilege
;
173 LUID SeBackupPrivilege
;
174 LUID SeRestorePrivilege
;
175 LUID SeShutdownPrivilege
;
176 LUID SeDebugPrivilege
;
177 LUID SeAuditPrivilege
;
178 LUID SeSystemEnvironmentPrivilege
;
179 LUID SeChangeNotifyPrivilege
;
180 LUID SeRemoteShutdownPrivilege
;
182 /* Universally defined SIDs */
186 PSID SeCreatorOwnerSid
;
187 PSID SeCreatorGroupSid
;
189 /* Nt defined SIDs */
190 PSID SeNtAuthoritySid
;
194 PSID SeInteractiveSid
;
195 PSID SeLocalSystemSid
;
196 PSID SeAliasAdminsSid
;
197 PSID SeAliasUsersSid
;
198 PSID SeAliasGuestsSid
;
199 PSID SeAliasPowerUsersSid
;
200 PSID SeAliasAccountOpsSid
;
201 PSID SeAliasSystemOpsSid
;
202 PSID SeAliasPrintOpsSid
;
203 PSID SeAliasBackupOpsSid
;
204 } SE_EXPORTS
, *PSE_EXPORTS
;
207 typedef NTSTATUS STDCALL_FUNC
208 (*PSE_LOGON_SESSION_TERMINATED_ROUTINE
)(IN PLUID LogonId
);
211 typedef enum _SECURITY_OPERATION_CODE
213 SetSecurityDescriptor
,
214 QuerySecurityDescriptor
,
215 DeleteSecurityDescriptor
,
216 AssignSecurityDescriptor
217 } SECURITY_OPERATION_CODE
, *PSECURITY_OPERATION_CODE
;
219 typedef struct _ACCESS_STATE
222 BOOLEAN SecurityEvaluated
;
223 BOOLEAN GenerateAudit
;
224 BOOLEAN GenerateClose
;
225 BOOLEAN PrivilegesAllocated
;
227 ACCESS_MASK RemainingDesiredAccess
;
228 ACCESS_MASK PreviouslyGrantedAccess
;
229 ACCESS_MASK OriginallyDesiredAccess
;
230 SECURITY_SUBJECT_CONTEXT SubjectSecurityContext
; /* 0x1C */
231 PSECURITY_DESCRIPTOR SecurityDescriptor
; /* 0x2C */
232 PVOID AuxData
; /* 0x30 */
235 INITIAL_PRIVILEGE_SET InitialPrivilegeSet
;
236 PRIVILEGE_SET PrivilegeSet
;
238 BOOLEAN AuditPrivileges
;
239 UNICODE_STRING ObjectName
;
240 UNICODE_STRING ObjectTypeName
;
241 } ACCESS_STATE
, *PACCESS_STATE
;
243 typedef struct _SE_IMPERSONATION_STATE
{
246 BOOLEAN EffectiveOnly
;
247 SECURITY_IMPERSONATION_LEVEL Level
;
248 } SE_IMPERSONATION_STATE
, *PSE_IMPERSONATION_STATE
;