1 #ifndef __INCLUDE_SECURITY_H
2 #define __INCLUDE_SECURITY_H
4 #include <ntos/ntdef.h>
5 #include <ntos/types.h>
8 #define SE_MIN_WELL_KNOWN_PRIVILEGE (2L)
9 #define SE_CREATE_TOKEN_PRIVILEGE (2L)
10 #define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE (3L)
11 #define SE_LOCK_MEMORY_PRIVILEGE (4L)
12 #define SE_INCREASE_QUOTA_PRIVILEGE (5L)
13 #define SE_UNSOLICITED_INPUT_PRIVILEGE (6L) /* unused */
14 #define SE_MACHINE_ACCOUNT_PRIVILEGE (6L)
15 #define SE_TCB_PRIVILEGE (7L)
16 #define SE_SECURITY_PRIVILEGE (8L)
17 #define SE_TAKE_OWNERSHIP_PRIVILEGE (9L)
18 #define SE_LOAD_DRIVER_PRIVILEGE (10L)
19 #define SE_SYSTEM_PROFILE_PRIVILEGE (11L)
20 #define SE_SYSTEMTIME_PRIVILEGE (12L)
21 #define SE_PROF_SINGLE_PROCESS_PRIVILEGE (13L)
22 #define SE_INC_BASE_PRIORITY_PRIVILEGE (14L)
23 #define SE_CREATE_PAGEFILE_PRIVILEGE (15L)
24 #define SE_CREATE_PERMANENT_PRIVILEGE (16L)
25 #define SE_BACKUP_PRIVILEGE (17L)
26 #define SE_RESTORE_PRIVILEGE (18L)
27 #define SE_SHUTDOWN_PRIVILEGE (19L)
28 #define SE_DEBUG_PRIVILEGE (20L)
29 #define SE_AUDIT_PRIVILEGE (21L)
30 #define SE_SYSTEM_ENVIRONMENT_PRIVILEGE (22L)
31 #define SE_CHANGE_NOTIFY_PRIVILEGE (23L)
32 #define SE_REMOTE_SHUTDOWN_PRIVILEGE (24L)
33 #define SE_MAX_WELL_KNOWN_PRIVILEGE SE_REMOTE_SHUTDOWN_PRIVILEGE
36 /* Security descriptor control. */
37 #define SECURITY_DESCRIPTOR_REVISION (1)
38 #define SECURITY_DESCRIPTOR_MIN_LENGTH (20)
39 #define SE_OWNER_DEFAULTED (0x0001)
40 #define SE_GROUP_DEFAULTED (0x0002)
41 #define SE_DACL_PRESENT (0x0004)
42 #define SE_DACL_DEFAULTED (0x0008)
43 #define SE_SACL_PRESENT (0x0010)
44 #define SE_SACL_DEFAULTED (0x0020)
45 #define SE_RM_CONTROL_VALID (0x4000)
46 #define SE_SELF_RELATIVE (0x8000)
49 /* This is defined in the Win 32 API headers as something else: */
50 #if defined(__NTOSKRNL__) || defined(__NTDRIVER__) || defined(__NTHAL__) || defined(__NTDLL__) || defined(__NTAPP__)
51 typedef ULONG ACCESS_MODE
, *PACCESS_MODE
;
55 typedef struct _ACE_HEADER
60 ACCESS_MASK AccessMask
;
61 } ACE_HEADER
, *PACE_HEADER
;
70 typedef struct _SECURITY_DESCRIPTOR_CONTEXT
72 } SECURITY_DESCRIPTOR_CONTEXT
, *PSECURITY_DESCRIPTOR_CONTEXT
;
78 #define SYSTEM_LUID { 0x3E7, 0x0 }
79 #define ANONYMOUS_LOGON_LUID { 0x3e6, 0x0 }
80 #define LOCALSERVICE_LUID { 0x3e5, 0x0 }
81 #define NETWORKSERVICE_LUID { 0x3e4, 0x0 }
84 #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
85 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
86 #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
87 #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
88 #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
89 #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
92 #define SECURITY_NULL_RID (0L)
93 #define SECURITY_WORLD_RID (0L)
94 #define SECURITY_LOCAL_RID (0L)
95 #define SECURITY_CREATOR_OWNER_RID (0L)
96 #define SECURITY_CREATOR_GROUP_RID (0x1L)
97 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x2L)
98 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x3L)
99 #define SECURITY_DIALUP_RID (0x1L)
100 #define SECURITY_NETWORK_RID (0x2L)
101 #define SECURITY_BATCH_RID (0x3L)
102 #define SECURITY_INTERACTIVE_RID (0x4L)
103 #define SECURITY_LOGON_IDS_RID (0x5L)
104 #define SECURITY_LOGON_IDS_RID_COUNT (0x3L)
105 #define SECURITY_SERVICE_RID (0x6L)
106 #define SECURITY_ANONYMOUS_LOGON_RID (0x7L)
107 #define SECURITY_PROXY_RID (0x8L)
108 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x9L)
109 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
110 #define SECURITY_PRINCIPAL_SELF_RID (0xAL)
111 #define SECURITY_AUTHENTICATED_USER_RID (0xBL)
112 #define SECURITY_RESTRICTED_CODE_RID (0xCL)
113 #define SECURITY_LOCAL_SYSTEM_RID (0x12L)
114 #define SECURITY_NT_NON_UNIQUE_RID (0x15L)
115 #define SECURITY_BUILTIN_DOMAIN_RID (0x20L)
116 #define DOMAIN_USER_RID_ADMIN (0x1F4L)
117 #define DOMAIN_USER_RID_GUEST (0x1F5L)
118 #define DOMAIN_GROUP_RID_ADMINS (0x200L)
119 #define DOMAIN_GROUP_RID_USERS (0x201L)
120 #define DOMAIN_ALIAS_RID_ADMINS (0x220L)
121 #define DOMAIN_ALIAS_RID_USERS (0x221L)
122 #define DOMAIN_ALIAS_RID_GUESTS (0x222L)
123 #define DOMAIN_ALIAS_RID_POWER_USERS (0x223L)
124 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x224L)
125 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x225L)
126 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x226L)
127 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x227L)
128 #define DOMAIN_ALIAS_RID_REPLICATOR (0x228L)
132 #define GENERIC_READ (0x80000000L)
133 #define GENERIC_WRITE (0x40000000L)
134 #define GENERIC_EXECUTE (0x20000000L)
135 #define GENERIC_ALL (0x10000000L)
136 #define MAXIMUM_ALLOWED (0x02000000L)
137 #define ACCESS_SYSTEM_SECURITY (0x01000000L)
139 /* Standard rights */
140 #define STANDARD_RIGHTS_REQUIRED (0x000f0000L)
141 #define STANDARD_RIGHTS_WRITE (0x00020000L)
142 #define STANDARD_RIGHTS_READ (0x00020000L)
143 #define STANDARD_RIGHTS_EXECUTE (0x00020000L)
144 #define STANDARD_RIGHTS_ALL (0x001f0000L)
145 #define SPECIFIC_RIGHTS_ALL (0x0000ffffL)
148 #define TOKEN_ASSIGN_PRIMARY (0x0001L)
149 #define TOKEN_DUPLICATE (0x0002L)
150 #define TOKEN_IMPERSONATE (0x0004L)
151 #define TOKEN_QUERY (0x0008L)
152 #define TOKEN_QUERY_SOURCE (0x0010L)
153 #define TOKEN_ADJUST_PRIVILEGES (0x0020L)
154 #define TOKEN_ADJUST_GROUPS (0x0040L)
155 #define TOKEN_ADJUST_DEFAULT (0x0080L)
156 #define TOKEN_ADJUST_SESSIONID (0x0100L)
158 #define TOKEN_ALL_ACCESS (0xf01ffL)
159 #define TOKEN_READ (0x20008L)
160 #define TOKEN_WRITE (0x200e0L)
161 #define TOKEN_EXECUTE (0x20000L)
163 typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE
, *PSECURITY_CONTEXT_TRACKING_MODE
;
165 #define SECURITY_STATIC_TRACKING (0)
166 #define SECURITY_DYNAMIC_TRACKING (1)
168 typedef ULONG SECURITY_INFORMATION
, *PSECURITY_INFORMATION
;
170 #define OWNER_SECURITY_INFORMATION (0x1L)
171 #define GROUP_SECURITY_INFORMATION (0x2L)
172 #define DACL_SECURITY_INFORMATION (0x4L)
173 #define SACL_SECURITY_INFORMATION (0x8L)
175 typedef enum _TOKEN_INFORMATION_CLASS
185 TokenImpersonationLevel
,
189 TokenGroupsAndPrivileges
,
190 TokenSessionReference
,
194 } TOKEN_INFORMATION_CLASS
;
196 typedef enum _SECURITY_IMPERSONATION_LEVEL
199 SecurityIdentification
,
200 SecurityImpersonation
,
202 } SECURITY_IMPERSONATION_LEVEL
, *PSECURITY_IMPERSONATION_LEVEL
;
204 typedef ULONG ACCESS_MASK
, *PACCESS_MASK
;
205 typedef ULONG TOKEN_TYPE
, *PTOKEN_TYPE
;
207 #define TokenPrimary ((TOKEN_TYPE)1)
208 #define TokenImpersonation ((TOKEN_TYPE)2)
210 typedef struct _SECURITY_QUALITY_OF_SERVICE
213 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
214 SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode
;
215 BOOLEAN EffectiveOnly
;
216 } SECURITY_QUALITY_OF_SERVICE
;
218 typedef SECURITY_QUALITY_OF_SERVICE
* PSECURITY_QUALITY_OF_SERVICE
;
220 typedef struct _ACE_HEADER
225 } ACE_HEADER
, *PACE_HEADER
;
227 typedef struct _SID_IDENTIFIER_AUTHORITY
230 } SID_IDENTIFIER_AUTHORITY
, *PSID_IDENTIFIER_AUTHORITY
;
235 UCHAR SubAuthorityCount
;
236 SID_IDENTIFIER_AUTHORITY IdentifierAuthority
;
237 ULONG SubAuthority
[1];
251 typedef struct _ACL_REVISION_INFORMATION
254 } ACL_REVISION_INFORMATION
, *PACL_REVISION_INFORMATION
;
256 typedef struct _ACL_SIZE_INFORMATION
261 } ACL_SIZE_INFORMATION
, *PACL_SIZE_INFORMATION
;
263 typedef enum _ACL_INFORMATION_CLASS
265 AclRevisionInformation
= 1,
267 } ACL_INFORMATION_CLASS
;
269 typedef USHORT SECURITY_DESCRIPTOR_CONTROL
, *PSECURITY_DESCRIPTOR_CONTROL
;
277 typedef struct _SECURITY_DESCRIPTOR
281 SECURITY_DESCRIPTOR_CONTROL Control
;
286 } SECURITY_DESCRIPTOR
, *PSECURITY_DESCRIPTOR
;
288 typedef struct _SECURITY_DESCRIPTOR_RELATIVE
292 SECURITY_DESCRIPTOR_CONTROL Control
;
297 } SECURITY_DESCRIPTOR_RELATIVE
, *PSECURITY_DESCRIPTOR_RELATIVE
;
299 typedef struct _LUID_AND_ATTRIBUTES
303 } LUID_AND_ATTRIBUTES
, *PLUID_AND_ATTRIBUTES
;
305 typedef struct _TOKEN_SOURCE
308 LUID SourceIdentifier
;
309 } TOKEN_SOURCE
, *PTOKEN_SOURCE
;
311 typedef struct _TOKEN_CONTROL
314 LUID AuthenticationId
;
316 TOKEN_SOURCE TokenSource
;
317 } TOKEN_CONTROL
, *PTOKEN_CONTROL
;
319 typedef struct _SID_AND_ATTRIBUTES
323 } SID_AND_ATTRIBUTES
, *PSID_AND_ATTRIBUTES
;
325 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY
[ANYSIZE_ARRAY
];
326 typedef SID_AND_ATTRIBUTES_ARRAY
*PSID_AND_ATTRIBUTES_ARRAY
;
328 typedef struct _TOKEN_USER
330 SID_AND_ATTRIBUTES User
;
331 } TOKEN_USER
, *PTOKEN_USER
;
333 typedef struct _TOKEN_PRIMARY_GROUP
336 } TOKEN_PRIMARY_GROUP
, *PTOKEN_PRIMARY_GROUP
;
338 typedef struct _TOKEN_GROUPS
341 SID_AND_ATTRIBUTES Groups
[ANYSIZE_ARRAY
];
342 } TOKEN_GROUPS
, *PTOKEN_GROUPS
, *LPTOKEN_GROUPS
;
344 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES
348 PSID_AND_ATTRIBUTES Sids
;
349 ULONG RestrictedSidCount
;
350 ULONG RestrictedSidLength
;
351 PSID_AND_ATTRIBUTES RestrictedSids
;
352 ULONG PrivilegeCount
;
353 ULONG PrivilegeLength
;
354 PLUID_AND_ATTRIBUTES Privileges
;
355 LUID AuthenticationId
;
356 } TOKEN_GROUPS_AND_PRIVILEGES
, *PTOKEN_GROUPS_AND_PRIVILEGES
;
358 typedef struct _TOKEN_PRIVILEGES
360 DWORD PrivilegeCount
;
361 LUID_AND_ATTRIBUTES Privileges
[ANYSIZE_ARRAY
];
362 } TOKEN_PRIVILEGES
, *PTOKEN_PRIVILEGES
, *LPTOKEN_PRIVILEGES
;
364 typedef struct _TOKEN_OWNER
367 } TOKEN_OWNER
, *PTOKEN_OWNER
;
369 typedef struct _TOKEN_DEFAULT_DACL
372 } TOKEN_DEFAULT_DACL
, *PTOKEN_DEFAULT_DACL
;
374 typedef struct _TOKEN_STATISTICS
377 LUID AuthenticationId
;
378 LARGE_INTEGER ExpirationTime
;
379 TOKEN_TYPE TokenType
;
380 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
381 DWORD DynamicCharged
;
382 DWORD DynamicAvailable
;
384 DWORD PrivilegeCount
;
386 } TOKEN_STATISTICS
, *PTOKEN_STATISTICS
;
388 typedef struct _TOKEN_ORIGIN
{
389 LUID OriginatingLogonSession
;
390 } TOKEN_ORIGIN
, *PTOKEN_ORIGIN
;
392 typedef struct _GENERIC_MAPPING
394 ACCESS_MASK GenericRead
;
395 ACCESS_MASK GenericWrite
;
396 ACCESS_MASK GenericExecute
;
397 ACCESS_MASK GenericAll
;
398 } GENERIC_MAPPING
, *PGENERIC_MAPPING
;
400 typedef struct _PRIVILEGE_SET
402 DWORD PrivilegeCount
;
404 LUID_AND_ATTRIBUTES Privilege
[ANYSIZE_ARRAY
];
405 } PRIVILEGE_SET
, *PPRIVILEGE_SET
, *LPPRIVILEGE_SET
;
407 #define INITIAL_PRIVILEGE_COUNT 3
409 typedef struct _INITIAL_PRIVILEGE_SET
411 ULONG PrivilegeCount
;
413 LUID_AND_ATTRIBUTES Privilege
[INITIAL_PRIVILEGE_COUNT
];
414 } INITIAL_PRIVILEGE_SET
, *PINITIAL_PRIVILEGE_SET
;
416 typedef struct _SECURITY_ATTRIBUTES
419 LPVOID lpSecurityDescriptor
;
421 } SECURITY_ATTRIBUTES
, *LPSECURITY_ATTRIBUTES
;
423 #endif /* !__USE_W32API */
428 ACCESS_MASK AccessMask
;
431 #endif /* __INCLUDE_SECURITY_H */