e4b76e917e2e5fd2dc2780142383fd874d5d8709
[reactos.git] / reactos / include / ntos / security.h
1 #ifndef __INCLUDE_SECURITY_H
2 #define __INCLUDE_SECURITY_H
3
4 #include <ntos/ntdef.h>
5 #include <ntos/types.h>
6
7 /* Privileges */
8 #define SE_MIN_WELL_KNOWN_PRIVILEGE (2L)
9 #define SE_CREATE_TOKEN_PRIVILEGE (2L)
10 #define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE (3L)
11 #define SE_LOCK_MEMORY_PRIVILEGE (4L)
12 #define SE_INCREASE_QUOTA_PRIVILEGE (5L)
13 #define SE_UNSOLICITED_INPUT_PRIVILEGE (6L) /* unused */
14 #define SE_MACHINE_ACCOUNT_PRIVILEGE (6L)
15 #define SE_TCB_PRIVILEGE (7L)
16 #define SE_SECURITY_PRIVILEGE (8L)
17 #define SE_TAKE_OWNERSHIP_PRIVILEGE (9L)
18 #define SE_LOAD_DRIVER_PRIVILEGE (10L)
19 #define SE_SYSTEM_PROFILE_PRIVILEGE (11L)
20 #define SE_SYSTEMTIME_PRIVILEGE (12L)
21 #define SE_PROF_SINGLE_PROCESS_PRIVILEGE (13L)
22 #define SE_INC_BASE_PRIORITY_PRIVILEGE (14L)
23 #define SE_CREATE_PAGEFILE_PRIVILEGE (15L)
24 #define SE_CREATE_PERMANENT_PRIVILEGE (16L)
25 #define SE_BACKUP_PRIVILEGE (17L)
26 #define SE_RESTORE_PRIVILEGE (18L)
27 #define SE_SHUTDOWN_PRIVILEGE (19L)
28 #define SE_DEBUG_PRIVILEGE (20L)
29 #define SE_AUDIT_PRIVILEGE (21L)
30 #define SE_SYSTEM_ENVIRONMENT_PRIVILEGE (22L)
31 #define SE_CHANGE_NOTIFY_PRIVILEGE (23L)
32 #define SE_REMOTE_SHUTDOWN_PRIVILEGE (24L)
33 #define SE_MAX_WELL_KNOWN_PRIVILEGE SE_REMOTE_SHUTDOWN_PRIVILEGE
34
35 #if 0
36 /* Security descriptor control. */
37 #define SECURITY_DESCRIPTOR_REVISION (1)
38 #define SECURITY_DESCRIPTOR_MIN_LENGTH (20)
39 #define SE_OWNER_DEFAULTED (0x0001)
40 #define SE_GROUP_DEFAULTED (0x0002)
41 #define SE_DACL_PRESENT (0x0004)
42 #define SE_DACL_DEFAULTED (0x0008)
43 #define SE_SACL_PRESENT (0x0010)
44 #define SE_SACL_DEFAULTED (0x0020)
45 #define SE_RM_CONTROL_VALID (0x4000)
46 #define SE_SELF_RELATIVE (0x8000)
47 #endif
48
49 /* This is defined in the Win 32 API headers as something else: */
50 #if defined(__NTOSKRNL__) || defined(__NTDRIVER__) || defined(__NTHAL__) || defined(__NTDLL__) || defined(__NTAPP__)
51 typedef ULONG ACCESS_MODE, *PACCESS_MODE;
52 #endif
53
54 #if 0
55 typedef struct _ACE_HEADER
56 {
57 CHAR AceType;
58 CHAR AceFlags;
59 USHORT AceSize;
60 ACCESS_MASK AccessMask;
61 } ACE_HEADER, *PACE_HEADER;
62
63 typedef struct
64 {
65 ACE_HEADER Header;
66 } ACE, *PACE;
67 #endif
68
69 #ifdef __GNU__
70 typedef struct _SECURITY_DESCRIPTOR_CONTEXT
71 {
72 } SECURITY_DESCRIPTOR_CONTEXT, *PSECURITY_DESCRIPTOR_CONTEXT;
73 #endif
74
75
76 #ifndef __USE_W32API
77
78 #define SYSTEM_LUID { 0x3E7, 0x0 }
79 #define ANONYMOUS_LOGON_LUID { 0x3e6, 0x0 }
80 #define LOCALSERVICE_LUID { 0x3e5, 0x0 }
81 #define NETWORKSERVICE_LUID { 0x3e4, 0x0 }
82
83 /* SID Auhority */
84 #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
85 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
86 #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
87 #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
88 #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
89 #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
90
91 /* SID */
92 #define SECURITY_NULL_RID (0L)
93 #define SECURITY_WORLD_RID (0L)
94 #define SECURITY_LOCAL_RID (0L)
95 #define SECURITY_CREATOR_OWNER_RID (0L)
96 #define SECURITY_CREATOR_GROUP_RID (0x1L)
97 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x2L)
98 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x3L)
99 #define SECURITY_DIALUP_RID (0x1L)
100 #define SECURITY_NETWORK_RID (0x2L)
101 #define SECURITY_BATCH_RID (0x3L)
102 #define SECURITY_INTERACTIVE_RID (0x4L)
103 #define SECURITY_LOGON_IDS_RID (0x5L)
104 #define SECURITY_LOGON_IDS_RID_COUNT (0x3L)
105 #define SECURITY_SERVICE_RID (0x6L)
106 #define SECURITY_ANONYMOUS_LOGON_RID (0x7L)
107 #define SECURITY_PROXY_RID (0x8L)
108 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x9L)
109 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
110 #define SECURITY_PRINCIPAL_SELF_RID (0xAL)
111 #define SECURITY_AUTHENTICATED_USER_RID (0xBL)
112 #define SECURITY_RESTRICTED_CODE_RID (0xCL)
113 #define SECURITY_LOCAL_SYSTEM_RID (0x12L)
114 #define SECURITY_NT_NON_UNIQUE_RID (0x15L)
115 #define SECURITY_BUILTIN_DOMAIN_RID (0x20L)
116 #define DOMAIN_USER_RID_ADMIN (0x1F4L)
117 #define DOMAIN_USER_RID_GUEST (0x1F5L)
118 #define DOMAIN_GROUP_RID_ADMINS (0x200L)
119 #define DOMAIN_GROUP_RID_USERS (0x201L)
120 #define DOMAIN_ALIAS_RID_ADMINS (0x220L)
121 #define DOMAIN_ALIAS_RID_USERS (0x221L)
122 #define DOMAIN_ALIAS_RID_GUESTS (0x222L)
123 #define DOMAIN_ALIAS_RID_POWER_USERS (0x223L)
124 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x224L)
125 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x225L)
126 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x226L)
127 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x227L)
128 #define DOMAIN_ALIAS_RID_REPLICATOR (0x228L)
129
130 /* ACCESS_MASK */
131 /* Generic rights */
132 #define GENERIC_READ (0x80000000L)
133 #define GENERIC_WRITE (0x40000000L)
134 #define GENERIC_EXECUTE (0x20000000L)
135 #define GENERIC_ALL (0x10000000L)
136 #define MAXIMUM_ALLOWED (0x02000000L)
137 #define ACCESS_SYSTEM_SECURITY (0x01000000L)
138
139 /* Standard rights */
140 #define STANDARD_RIGHTS_REQUIRED (0x000f0000L)
141 #define STANDARD_RIGHTS_WRITE (0x00020000L)
142 #define STANDARD_RIGHTS_READ (0x00020000L)
143 #define STANDARD_RIGHTS_EXECUTE (0x00020000L)
144 #define STANDARD_RIGHTS_ALL (0x001f0000L)
145 #define SPECIFIC_RIGHTS_ALL (0x0000ffffL)
146
147 /* Token rights */
148 #define TOKEN_ASSIGN_PRIMARY (0x0001L)
149 #define TOKEN_DUPLICATE (0x0002L)
150 #define TOKEN_IMPERSONATE (0x0004L)
151 #define TOKEN_QUERY (0x0008L)
152 #define TOKEN_QUERY_SOURCE (0x0010L)
153 #define TOKEN_ADJUST_PRIVILEGES (0x0020L)
154 #define TOKEN_ADJUST_GROUPS (0x0040L)
155 #define TOKEN_ADJUST_DEFAULT (0x0080L)
156
157 #define TOKEN_ALL_ACCESS (0xf00ffL)
158 #define TOKEN_READ (0x20008L)
159 #define TOKEN_WRITE (0x200e0L)
160 #define TOKEN_EXECUTE (0x20000L)
161
162 typedef BOOL SECURITY_CONTEXT_TRACKING_MODE;
163
164 #define SECURITY_STATIC_TRACKING (0)
165 #define SECURITY_DYNAMIC_TRACKING (1)
166
167 typedef ULONG SECURITY_INFORMATION, *PSECURITY_INFORMATION;
168
169 #define OWNER_SECURITY_INFORMATION (0x1L)
170 #define GROUP_SECURITY_INFORMATION (0x2L)
171 #define DACL_SECURITY_INFORMATION (0x4L)
172 #define SACL_SECURITY_INFORMATION (0x8L)
173
174 typedef enum _TOKEN_INFORMATION_CLASS
175 {
176 TokenUser = 1,
177 TokenGroups,
178 TokenPrivileges,
179 TokenOwner,
180 TokenPrimaryGroup,
181 TokenDefaultDacl,
182 TokenSource,
183 TokenType,
184 TokenImpersonationLevel,
185 TokenStatistics,
186 TokenRestrictedSids,
187 TokenSessionId,
188 TokenGroupsAndPrivileges,
189 TokenSessionReference,
190 TokenSandBoxInert,
191 TokenAuditPolicy,
192 TokenOrigin
193 } TOKEN_INFORMATION_CLASS;
194
195 typedef ULONG SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL;
196
197 #define SecurityAnonymous ((SECURITY_IMPERSONATION_LEVEL)0)
198 #define SecurityIdentification ((SECURITY_IMPERSONATION_LEVEL)1)
199 #define SecurityImpersonation ((SECURITY_IMPERSONATION_LEVEL)2)
200 #define SecurityDelegation ((SECURITY_IMPERSONATION_LEVEL)3)
201
202 typedef ULONG ACCESS_MASK, *PACCESS_MASK;
203 typedef ULONG TOKEN_TYPE, *PTOKEN_TYPE;
204
205 #define TokenPrimary ((TOKEN_TYPE)1)
206 #define TokenImpersonation ((TOKEN_TYPE)2)
207
208 typedef struct _SECURITY_QUALITY_OF_SERVICE
209 {
210 ULONG Length;
211 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
212 SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode;
213 BOOLEAN EffectiveOnly;
214 } SECURITY_QUALITY_OF_SERVICE;
215
216 typedef SECURITY_QUALITY_OF_SERVICE* PSECURITY_QUALITY_OF_SERVICE;
217
218 typedef struct _ACE_HEADER
219 {
220 BYTE AceType;
221 BYTE AceFlags;
222 WORD AceSize;
223 } ACE_HEADER, *PACE_HEADER;
224
225 typedef struct _SID_IDENTIFIER_AUTHORITY
226 {
227 BYTE Value[6];
228 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
229
230 typedef struct _SID
231 {
232 UCHAR Revision;
233 UCHAR SubAuthorityCount;
234 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
235 ULONG SubAuthority[1];
236 } SID, *PISID;
237
238 typedef PVOID PSID;
239
240 typedef struct _ACL
241 {
242 UCHAR AclRevision;
243 UCHAR Sbz1;
244 USHORT AclSize;
245 USHORT AceCount;
246 USHORT Sbz2;
247 } ACL, *PACL;
248
249 typedef struct _ACL_REVISION_INFORMATION
250 {
251 ULONG AclRevision;
252 } ACL_REVISION_INFORMATION, *PACL_REVISION_INFORMATION;
253
254 typedef struct _ACL_SIZE_INFORMATION
255 {
256 ULONG AceCount;
257 ULONG AclBytesInUse;
258 ULONG AclBytesFree;
259 } ACL_SIZE_INFORMATION, *PACL_SIZE_INFORMATION;
260
261 typedef enum _ACL_INFORMATION_CLASS
262 {
263 AclRevisionInformation = 1,
264 AclSizeInformation
265 } ACL_INFORMATION_CLASS;
266
267 typedef USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
268
269 typedef struct _LUID
270 {
271 ULONG LowPart;
272 LONG HighPart;
273 } LUID, *PLUID;
274
275 typedef struct _SECURITY_DESCRIPTOR
276 {
277 UCHAR Revision;
278 UCHAR Sbz1;
279 SECURITY_DESCRIPTOR_CONTROL Control;
280 PSID Owner;
281 PSID Group;
282 PACL Sacl;
283 PACL Dacl;
284 } SECURITY_DESCRIPTOR, *PSECURITY_DESCRIPTOR;
285
286 typedef struct _SECURITY_DESCRIPTOR_RELATIVE
287 {
288 UCHAR Revision;
289 UCHAR Sbz1;
290 SECURITY_DESCRIPTOR_CONTROL Control;
291 ULONG Owner;
292 ULONG Group;
293 ULONG Sacl;
294 ULONG Dacl;
295 } SECURITY_DESCRIPTOR_RELATIVE, *PSECURITY_DESCRIPTOR_RELATIVE;
296
297 typedef struct _LUID_AND_ATTRIBUTES
298 {
299 LUID Luid;
300 ULONG Attributes;
301 } LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
302
303 typedef struct _TOKEN_SOURCE
304 {
305 CHAR SourceName[8];
306 LUID SourceIdentifier;
307 } TOKEN_SOURCE, *PTOKEN_SOURCE;
308
309 typedef struct _TOKEN_CONTROL
310 {
311 LUID TokenId;
312 LUID AuthenticationId;
313 LUID ModifiedId;
314 TOKEN_SOURCE TokenSource;
315 } TOKEN_CONTROL, *PTOKEN_CONTROL;
316
317 typedef struct _SID_AND_ATTRIBUTES
318 {
319 PSID Sid;
320 DWORD Attributes;
321 } SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
322
323 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
324 typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
325
326 typedef struct _TOKEN_USER
327 {
328 SID_AND_ATTRIBUTES User;
329 } TOKEN_USER, *PTOKEN_USER;
330
331 typedef struct _TOKEN_PRIMARY_GROUP
332 {
333 PSID PrimaryGroup;
334 } TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
335
336 typedef struct _TOKEN_GROUPS
337 {
338 DWORD GroupCount;
339 SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
340 } TOKEN_GROUPS, *PTOKEN_GROUPS, *LPTOKEN_GROUPS;
341
342 typedef struct _TOKEN_PRIVILEGES
343 {
344 DWORD PrivilegeCount;
345 LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
346 } TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES, *LPTOKEN_PRIVILEGES;
347
348 typedef struct _TOKEN_OWNER
349 {
350 PSID Owner;
351 } TOKEN_OWNER, *PTOKEN_OWNER;
352
353 typedef struct _TOKEN_DEFAULT_DACL
354 {
355 PACL DefaultDacl;
356 } TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
357
358 typedef struct _TOKEN_STATISTICS
359 {
360 LUID TokenId;
361 LUID AuthenticationId;
362 LARGE_INTEGER ExpirationTime;
363 TOKEN_TYPE TokenType;
364 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
365 DWORD DynamicCharged;
366 DWORD DynamicAvailable;
367 DWORD GroupCount;
368 DWORD PrivilegeCount;
369 LUID ModifiedId;
370 } TOKEN_STATISTICS, *PTOKEN_STATISTICS;
371
372 typedef struct _TOKEN_ORIGIN {
373 LUID OriginatingLogonSession;
374 } TOKEN_ORIGIN, *PTOKEN_ORIGIN;
375
376 typedef struct _GENERIC_MAPPING
377 {
378 ACCESS_MASK GenericRead;
379 ACCESS_MASK GenericWrite;
380 ACCESS_MASK GenericExecute;
381 ACCESS_MASK GenericAll;
382 } GENERIC_MAPPING, *PGENERIC_MAPPING;
383
384 typedef struct _PRIVILEGE_SET
385 {
386 DWORD PrivilegeCount;
387 DWORD Control;
388 LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY];
389 } PRIVILEGE_SET, *PPRIVILEGE_SET, *LPPRIVILEGE_SET;
390
391 #define INITIAL_PRIVILEGE_COUNT 3
392
393 typedef struct _INITIAL_PRIVILEGE_SET
394 {
395 ULONG PrivilegeCount;
396 ULONG Control;
397 LUID_AND_ATTRIBUTES Privilege[INITIAL_PRIVILEGE_COUNT];
398 } INITIAL_PRIVILEGE_SET, *PINITIAL_PRIVILEGE_SET;
399
400 typedef struct _SECURITY_ATTRIBUTES
401 {
402 DWORD nLength;
403 LPVOID lpSecurityDescriptor;
404 BOOL bInheritHandle;
405 } SECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES;
406
407 #endif /* !__USE_W32API */
408
409 typedef struct
410 {
411 ACE_HEADER Header;
412 ACCESS_MASK AccessMask;
413 } ACE, *PACE;
414
415 #endif /* __INCLUDE_SECURITY_H */