projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Thomas Weidenmueller <w3seek@reactos.com>
[reactos.git] / reactos / include / ntos / security.h
1 #ifndef __INCLUDE_SECURITY_H
2 #define __INCLUDE_SECURITY_H
3
4 #include <ntos/ntdef.h>
5 #include <ntos/types.h>
6
7 /* Privileges */
8 #define SE_MIN_WELL_KNOWN_PRIVILEGE (2L)
9 #define SE_CREATE_TOKEN_PRIVILEGE (2L)
10 #define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE (3L)
11 #define SE_LOCK_MEMORY_PRIVILEGE (4L)
12 #define SE_INCREASE_QUOTA_PRIVILEGE (5L)
13 #define SE_UNSOLICITED_INPUT_PRIVILEGE (6L) /* unused */
14 #define SE_MACHINE_ACCOUNT_PRIVILEGE (6L)
15 #define SE_TCB_PRIVILEGE (7L)
16 #define SE_SECURITY_PRIVILEGE (8L)
17 #define SE_TAKE_OWNERSHIP_PRIVILEGE (9L)
18 #define SE_LOAD_DRIVER_PRIVILEGE (10L)
19 #define SE_SYSTEM_PROFILE_PRIVILEGE (11L)
20 #define SE_SYSTEMTIME_PRIVILEGE (12L)
21 #define SE_PROF_SINGLE_PROCESS_PRIVILEGE (13L)
22 #define SE_INC_BASE_PRIORITY_PRIVILEGE (14L)
23 #define SE_CREATE_PAGEFILE_PRIVILEGE (15L)
24 #define SE_CREATE_PERMANENT_PRIVILEGE (16L)
25 #define SE_BACKUP_PRIVILEGE (17L)
26 #define SE_RESTORE_PRIVILEGE (18L)
27 #define SE_SHUTDOWN_PRIVILEGE (19L)
28 #define SE_DEBUG_PRIVILEGE (20L)
29 #define SE_AUDIT_PRIVILEGE (21L)
30 #define SE_SYSTEM_ENVIRONMENT_PRIVILEGE (22L)
31 #define SE_CHANGE_NOTIFY_PRIVILEGE (23L)
32 #define SE_REMOTE_SHUTDOWN_PRIVILEGE (24L)
33 #define SE_MAX_WELL_KNOWN_PRIVILEGE SE_REMOTE_SHUTDOWN_PRIVILEGE
34
35 #if 0
36 /* Security descriptor control. */
37 #define SECURITY_DESCRIPTOR_REVISION (1)
38 #define SECURITY_DESCRIPTOR_MIN_LENGTH (20)
39 #define SE_OWNER_DEFAULTED (0x0001)
40 #define SE_GROUP_DEFAULTED (0x0002)
41 #define SE_DACL_PRESENT (0x0004)
42 #define SE_DACL_DEFAULTED (0x0008)
43 #define SE_SACL_PRESENT (0x0010)
44 #define SE_SACL_DEFAULTED (0x0020)
45 #define SE_RM_CONTROL_VALID (0x4000)
46 #define SE_SELF_RELATIVE (0x8000)
47 #endif
48
49 /* This is defined in the Win 32 API headers as something else: */
50 #if defined(__NTOSKRNL__) || defined(__NTDRIVER__) || defined(__NTHAL__) || defined(__NTDLL__) || defined(__NTAPP__)
51 typedef ULONG ACCESS_MODE, *PACCESS_MODE;
52 #endif
53
54 #if 0
55 typedef struct _ACE_HEADER
56 {
57 CHAR AceType;
58 CHAR AceFlags;
59 USHORT AceSize;
60 ACCESS_MASK AccessMask;
61 } ACE_HEADER, *PACE_HEADER;
62
63 typedef struct
64 {
65 ACE_HEADER Header;
66 } ACE, *PACE;
67 #endif
68
69 #ifdef __GNU__
70 typedef struct _SECURITY_DESCRIPTOR_CONTEXT
71 {
72 } SECURITY_DESCRIPTOR_CONTEXT, *PSECURITY_DESCRIPTOR_CONTEXT;
73 #endif
74
75
76 #ifndef __USE_W32API
77
78 #define SYSTEM_LUID { 0x3E7, 0x0 }
79 #define ANONYMOUS_LOGON_LUID { 0x3e6, 0x0 }
80 #define LOCALSERVICE_LUID { 0x3e5, 0x0 }
81 #define NETWORKSERVICE_LUID { 0x3e4, 0x0 }
82
83 /* SID Auhority */
84 #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
85 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
86 #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
87 #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
88 #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
89 #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
90
91 /* SID */
92 #define SECURITY_NULL_RID (0L)
93 #define SECURITY_WORLD_RID (0L)
94 #define SECURITY_LOCAL_RID (0L)
95 #define SECURITY_CREATOR_OWNER_RID (0L)
96 #define SECURITY_CREATOR_GROUP_RID (0x1L)
97 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x2L)
98 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x3L)
99 #define SECURITY_DIALUP_RID (0x1L)
100 #define SECURITY_NETWORK_RID (0x2L)
101 #define SECURITY_BATCH_RID (0x3L)
102 #define SECURITY_INTERACTIVE_RID (0x4L)
103 #define SECURITY_LOGON_IDS_RID (0x5L)
104 #define SECURITY_LOGON_IDS_RID_COUNT (0x3L)
105 #define SECURITY_SERVICE_RID (0x6L)
106 #define SECURITY_ANONYMOUS_LOGON_RID (0x7L)
107 #define SECURITY_PROXY_RID (0x8L)
108 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x9L)
109 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
110 #define SECURITY_PRINCIPAL_SELF_RID (0xAL)
111 #define SECURITY_AUTHENTICATED_USER_RID (0xBL)
112 #define SECURITY_RESTRICTED_CODE_RID (0xCL)
113 #define SECURITY_LOCAL_SYSTEM_RID (0x12L)
114 #define SECURITY_NT_NON_UNIQUE_RID (0x15L)
115 #define SECURITY_BUILTIN_DOMAIN_RID (0x20L)
116 #define DOMAIN_USER_RID_ADMIN (0x1F4L)
117 #define DOMAIN_USER_RID_GUEST (0x1F5L)
118 #define DOMAIN_GROUP_RID_ADMINS (0x200L)
119 #define DOMAIN_GROUP_RID_USERS (0x201L)
120 #define DOMAIN_ALIAS_RID_ADMINS (0x220L)
121 #define DOMAIN_ALIAS_RID_USERS (0x221L)
122 #define DOMAIN_ALIAS_RID_GUESTS (0x222L)
123 #define DOMAIN_ALIAS_RID_POWER_USERS (0x223L)
124 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x224L)
125 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x225L)
126 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x226L)
127 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x227L)
128 #define DOMAIN_ALIAS_RID_REPLICATOR (0x228L)
129
130 /* ACCESS_MASK */
131 /* Generic rights */
132 #define GENERIC_READ (0x80000000L)
133 #define GENERIC_WRITE (0x40000000L)
134 #define GENERIC_EXECUTE (0x20000000L)
135 #define GENERIC_ALL (0x10000000L)
136 #define MAXIMUM_ALLOWED (0x02000000L)
137 #define ACCESS_SYSTEM_SECURITY (0x01000000L)
138
139 /* Standard rights */
140 #define STANDARD_RIGHTS_REQUIRED (0x000f0000L)
141 #define STANDARD_RIGHTS_WRITE (0x00020000L)
142 #define STANDARD_RIGHTS_READ (0x00020000L)
143 #define STANDARD_RIGHTS_EXECUTE (0x00020000L)
144 #define STANDARD_RIGHTS_ALL (0x001f0000L)
145 #define SPECIFIC_RIGHTS_ALL (0x0000ffffL)
146
147 /* Token rights */
148 #define TOKEN_ASSIGN_PRIMARY (0x0001L)
149 #define TOKEN_DUPLICATE (0x0002L)
150 #define TOKEN_IMPERSONATE (0x0004L)
151 #define TOKEN_QUERY (0x0008L)
152 #define TOKEN_QUERY_SOURCE (0x0010L)
153 #define TOKEN_ADJUST_PRIVILEGES (0x0020L)
154 #define TOKEN_ADJUST_GROUPS (0x0040L)
155 #define TOKEN_ADJUST_DEFAULT (0x0080L)
156 #define TOKEN_ADJUST_SESSIONID (0x0100L)
157
158 #define TOKEN_ALL_ACCESS (0xf01ffL)
159 #define TOKEN_READ (0x20008L)
160 #define TOKEN_WRITE (0x200e0L)
161 #define TOKEN_EXECUTE (0x20000L)
162
163 typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE, *PSECURITY_CONTEXT_TRACKING_MODE;
164
165 #define SECURITY_STATIC_TRACKING (0)
166 #define SECURITY_DYNAMIC_TRACKING (1)
167
168 typedef ULONG SECURITY_INFORMATION, *PSECURITY_INFORMATION;
169
170 #define OWNER_SECURITY_INFORMATION (0x1L)
171 #define GROUP_SECURITY_INFORMATION (0x2L)
172 #define DACL_SECURITY_INFORMATION (0x4L)
173 #define SACL_SECURITY_INFORMATION (0x8L)
174
175 typedef enum _TOKEN_INFORMATION_CLASS
176 {
177 TokenUser = 1,
178 TokenGroups,
179 TokenPrivileges,
180 TokenOwner,
181 TokenPrimaryGroup,
182 TokenDefaultDacl,
183 TokenSource,
184 TokenType,
185 TokenImpersonationLevel,
186 TokenStatistics,
187 TokenRestrictedSids,
188 TokenSessionId,
189 TokenGroupsAndPrivileges,
190 TokenSessionReference,
191 TokenSandBoxInert,
192 TokenAuditPolicy,
193 TokenOrigin
194 } TOKEN_INFORMATION_CLASS;
195
196 typedef enum _SECURITY_IMPERSONATION_LEVEL
197 {
198 SecurityAnonymous,
199 SecurityIdentification,
200 SecurityImpersonation,
201 SecurityDelegation
202 } SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL;
203
204 typedef ULONG ACCESS_MASK, *PACCESS_MASK;
205 typedef ULONG TOKEN_TYPE, *PTOKEN_TYPE;
206
207 #define TokenPrimary ((TOKEN_TYPE)1)
208 #define TokenImpersonation ((TOKEN_TYPE)2)
209
210 typedef struct _SECURITY_QUALITY_OF_SERVICE
211 {
212 ULONG Length;
213 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
214 SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode;
215 BOOLEAN EffectiveOnly;
216 } SECURITY_QUALITY_OF_SERVICE;
217
218 typedef SECURITY_QUALITY_OF_SERVICE* PSECURITY_QUALITY_OF_SERVICE;
219
220 typedef struct _ACE_HEADER
221 {
222 BYTE AceType;
223 BYTE AceFlags;
224 WORD AceSize;
225 } ACE_HEADER, *PACE_HEADER;
226
227 typedef struct _SID_IDENTIFIER_AUTHORITY
228 {
229 BYTE Value[6];
230 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
231
232 typedef struct _SID
233 {
234 UCHAR Revision;
235 UCHAR SubAuthorityCount;
236 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
237 ULONG SubAuthority[1];
238 } SID, *PISID;
239
240 typedef PVOID PSID;
241
242 typedef struct _ACL
243 {
244 UCHAR AclRevision;
245 UCHAR Sbz1;
246 USHORT AclSize;
247 USHORT AceCount;
248 USHORT Sbz2;
249 } ACL, *PACL;
250
251 typedef struct _ACL_REVISION_INFORMATION
252 {
253 ULONG AclRevision;
254 } ACL_REVISION_INFORMATION, *PACL_REVISION_INFORMATION;
255
256 typedef struct _ACL_SIZE_INFORMATION
257 {
258 ULONG AceCount;
259 ULONG AclBytesInUse;
260 ULONG AclBytesFree;
261 } ACL_SIZE_INFORMATION, *PACL_SIZE_INFORMATION;
262
263 typedef enum _ACL_INFORMATION_CLASS
264 {
265 AclRevisionInformation = 1,
266 AclSizeInformation
267 } ACL_INFORMATION_CLASS;
268
269 typedef USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
270
271 typedef struct _LUID
272 {
273 ULONG LowPart;
274 LONG HighPart;
275 } LUID, *PLUID;
276
277 typedef struct _SECURITY_DESCRIPTOR
278 {
279 UCHAR Revision;
280 UCHAR Sbz1;
281 SECURITY_DESCRIPTOR_CONTROL Control;
282 PSID Owner;
283 PSID Group;
284 PACL Sacl;
285 PACL Dacl;
286 } SECURITY_DESCRIPTOR, *PSECURITY_DESCRIPTOR;
287
288 typedef struct _SECURITY_DESCRIPTOR_RELATIVE
289 {
290 UCHAR Revision;
291 UCHAR Sbz1;
292 SECURITY_DESCRIPTOR_CONTROL Control;
293 ULONG Owner;
294 ULONG Group;
295 ULONG Sacl;
296 ULONG Dacl;
297 } SECURITY_DESCRIPTOR_RELATIVE, *PSECURITY_DESCRIPTOR_RELATIVE;
298
299 typedef struct _LUID_AND_ATTRIBUTES
300 {
301 LUID Luid;
302 ULONG Attributes;
303 } LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
304
305 typedef struct _TOKEN_SOURCE
306 {
307 CHAR SourceName[8];
308 LUID SourceIdentifier;
309 } TOKEN_SOURCE, *PTOKEN_SOURCE;
310
311 typedef struct _TOKEN_CONTROL
312 {
313 LUID TokenId;
314 LUID AuthenticationId;
315 LUID ModifiedId;
316 TOKEN_SOURCE TokenSource;
317 } TOKEN_CONTROL, *PTOKEN_CONTROL;
318
319 typedef struct _SID_AND_ATTRIBUTES
320 {
321 PSID Sid;
322 DWORD Attributes;
323 } SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
324
325 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
326 typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
327
328 typedef struct _TOKEN_USER
329 {
330 SID_AND_ATTRIBUTES User;
331 } TOKEN_USER, *PTOKEN_USER;
332
333 typedef struct _TOKEN_PRIMARY_GROUP
334 {
335 PSID PrimaryGroup;
336 } TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
337
338 typedef struct _TOKEN_GROUPS
339 {
340 DWORD GroupCount;
341 SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
342 } TOKEN_GROUPS, *PTOKEN_GROUPS, *LPTOKEN_GROUPS;
343
344 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES
345 {
346 ULONG SidCount;
347 ULONG SidLength;
348 PSID_AND_ATTRIBUTES Sids;
349 ULONG RestrictedSidCount;
350 ULONG RestrictedSidLength;
351 PSID_AND_ATTRIBUTES RestrictedSids;
352 ULONG PrivilegeCount;
353 ULONG PrivilegeLength;
354 PLUID_AND_ATTRIBUTES Privileges;
355 LUID AuthenticationId;
356 } TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES;
357
358 typedef struct _TOKEN_PRIVILEGES
359 {
360 DWORD PrivilegeCount;
361 LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
362 } TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES, *LPTOKEN_PRIVILEGES;
363
364 typedef struct _TOKEN_OWNER
365 {
366 PSID Owner;
367 } TOKEN_OWNER, *PTOKEN_OWNER;
368
369 typedef struct _TOKEN_DEFAULT_DACL
370 {
371 PACL DefaultDacl;
372 } TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
373
374 typedef struct _TOKEN_STATISTICS
375 {
376 LUID TokenId;
377 LUID AuthenticationId;
378 LARGE_INTEGER ExpirationTime;
379 TOKEN_TYPE TokenType;
380 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
381 DWORD DynamicCharged;
382 DWORD DynamicAvailable;
383 DWORD GroupCount;
384 DWORD PrivilegeCount;
385 LUID ModifiedId;
386 } TOKEN_STATISTICS, *PTOKEN_STATISTICS;
387
388 typedef struct _TOKEN_ORIGIN {
389 LUID OriginatingLogonSession;
390 } TOKEN_ORIGIN, *PTOKEN_ORIGIN;
391
392 typedef struct _GENERIC_MAPPING
393 {
394 ACCESS_MASK GenericRead;
395 ACCESS_MASK GenericWrite;
396 ACCESS_MASK GenericExecute;
397 ACCESS_MASK GenericAll;
398 } GENERIC_MAPPING, *PGENERIC_MAPPING;
399
400 typedef struct _PRIVILEGE_SET
401 {
402 DWORD PrivilegeCount;
403 DWORD Control;
404 LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY];
405 } PRIVILEGE_SET, *PPRIVILEGE_SET, *LPPRIVILEGE_SET;
406
407 #define INITIAL_PRIVILEGE_COUNT 3
408
409 typedef struct _INITIAL_PRIVILEGE_SET
410 {
411 ULONG PrivilegeCount;
412 ULONG Control;
413 LUID_AND_ATTRIBUTES Privilege[INITIAL_PRIVILEGE_COUNT];
414 } INITIAL_PRIVILEGE_SET, *PINITIAL_PRIVILEGE_SET;
415
416 typedef struct _SECURITY_ATTRIBUTES
417 {
418 DWORD nLength;
419 LPVOID lpSecurityDescriptor;
420 BOOL bInheritHandle;
421 } SECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES;
422
423 #endif /* !__USE_W32API */
424
425 typedef struct
426 {
427 ACE_HEADER Header;
428 ACCESS_MASK AccessMask;
429 } ACE, *PACE;
430
431 #endif /* __INCLUDE_SECURITY_H */
A free Windows-compatible Operating System