1 #ifndef __INCLUDE_SECURITY_H
2 #define __INCLUDE_SECURITY_H
4 #include <ntos/ntdef.h>
5 #include <ntos/types.h>
8 #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
9 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
10 #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
11 #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
12 #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
13 #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
16 #define SECURITY_NULL_RID (0L)
17 #define SECURITY_WORLD_RID (0L)
18 #define SECURITY_LOCAL_RID (0L)
19 #define SECURITY_CREATOR_OWNER_RID (0L)
20 #define SECURITY_CREATOR_GROUP_RID (0x1L)
21 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x2L)
22 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x3L)
23 #define SECURITY_DIALUP_RID (0x1L)
24 #define SECURITY_NETWORK_RID (0x2L)
25 #define SECURITY_BATCH_RID (0x3L)
26 #define SECURITY_INTERACTIVE_RID (0x4L)
27 #define SECURITY_LOGON_IDS_RID (0x5L)
28 #define SECURITY_LOGON_IDS_RID_COUNT (0x3L)
29 #define SECURITY_SERVICE_RID (0x6L)
30 #define SECURITY_ANONYMOUS_LOGON_RID (0x7L)
31 #define SECURITY_PROXY_RID (0x8L)
32 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x9L)
33 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
34 #define SECURITY_PRINCIPAL_SELF_RID (0xAL)
35 #define SECURITY_AUTHENTICATED_USER_RID (0xBL)
36 #define SECURITY_RESTRICTED_CODE_RID (0xCL)
37 #define SECURITY_LOCAL_SYSTEM_RID (0x12L)
38 #define SECURITY_NT_NON_UNIQUE_RID (0x15L)
39 #define SECURITY_BUILTIN_DOMAIN_RID (0x20L)
40 #define DOMAIN_USER_RID_ADMIN (0x1F4L)
41 #define DOMAIN_USER_RID_GUEST (0x1F5L)
42 #define DOMAIN_GROUP_RID_ADMINS (0x200L)
43 #define DOMAIN_GROUP_RID_USERS (0x201L)
44 #define DOMAIN_ALIAS_RID_ADMINS (0x220L)
45 #define DOMAIN_ALIAS_RID_USERS (0x221L)
46 #define DOMAIN_ALIAS_RID_GUESTS (0x222L)
47 #define DOMAIN_ALIAS_RID_POWER_USERS (0x223L)
48 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x224L)
49 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x225L)
50 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x226L)
51 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x227L)
52 #define DOMAIN_ALIAS_RID_REPLICATOR (0x228L)
55 #define SE_MIN_WELL_KNOWN_PRIVILEGE (2L)
56 #define SE_CREATE_TOKEN_PRIVILEGE (2L)
57 #define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE (3L)
58 #define SE_LOCK_MEMORY_PRIVILEGE (4L)
59 #define SE_INCREASE_QUOTA_PRIVILEGE (5L)
60 #define SE_UNSOLICITED_INPUT_PRIVILEGE (6L) /* unused */
61 #define SE_MACHINE_ACCOUNT_PRIVILEGE (6L)
62 #define SE_TCB_PRIVILEGE (7L)
63 #define SE_SECURITY_PRIVILEGE (8L)
64 #define SE_TAKE_OWNERSHIP_PRIVILEGE (9L)
65 #define SE_LOAD_DRIVER_PRIVILEGE (10L)
66 #define SE_SYSTEM_PROFILE_PRIVILEGE (11L)
67 #define SE_SYSTEMTIME_PRIVILEGE (12L)
68 #define SE_PROF_SINGLE_PROCESS_PRIVILEGE (13L)
69 #define SE_INC_BASE_PRIORITY_PRIVILEGE (14L)
70 #define SE_CREATE_PAGEFILE_PRIVILEGE (15L)
71 #define SE_CREATE_PERMANENT_PRIVILEGE (16L)
72 #define SE_BACKUP_PRIVILEGE (17L)
73 #define SE_RESTORE_PRIVILEGE (18L)
74 #define SE_SHUTDOWN_PRIVILEGE (19L)
75 #define SE_DEBUG_PRIVILEGE (20L)
76 #define SE_AUDIT_PRIVILEGE (21L)
77 #define SE_SYSTEM_ENVIRONMENT_PRIVILEGE (22L)
78 #define SE_CHANGE_NOTIFY_PRIVILEGE (23L)
79 #define SE_REMOTE_SHUTDOWN_PRIVILEGE (24L)
80 #define SE_MAX_WELL_KNOWN_PRIVILEGE SE_REMOTE_SHUTDOWN_PRIVILEGE
83 /* Security descriptor control. */
84 #define SECURITY_DESCRIPTOR_REVISION (1)
85 #define SECURITY_DESCRIPTOR_MIN_LENGTH (20)
86 #define SE_OWNER_DEFAULTED (1)
87 #define SE_GROUP_DEFAULTED (2)
88 #define SE_DACL_PRESENT (4)
89 #define SE_DACL_DEFAULTED (8)
90 #define SE_SACL_PRESENT (16)
91 #define SE_SACL_DEFAULTED (32)
92 #define SE_SELF_RELATIVE (32768)
96 #define MAXIMUM_ALLOWED (0x2000000L)
97 #define GENERIC_ALL (0x10000000L)
98 #define GENERIC_EXECUTE (0x20000000L)
100 #define SECURITY_STATIC_TRACKING (0)
101 #define SECURITY_DYNAMIC_TRACKING (1)
103 /* Standard rights */
104 #define STANDARD_RIGHTS_REQUIRED (0xf0000L)
105 #define STANDARD_RIGHTS_WRITE (0x20000L)
106 #define STANDARD_RIGHTS_READ (0x20000L)
107 #define STANDARD_RIGHTS_EXECUTE (0x20000L)
108 #define STANDARD_RIGHTS_ALL (0x1f0000L)
109 #define SPECIFIC_RIGHTS_ALL (0xffffL)
112 #define TOKEN_ASSIGN_PRIMARY (0x0001L)
113 #define TOKEN_DUPLICATE (0x0002L)
114 #define TOKEN_IMPERSONATE (0x0004L)
115 #define TOKEN_QUERY (0x0008L)
116 #define TOKEN_QUERY_SOURCE (0x0010L)
117 #define TOKEN_ADJUST_PRIVILEGES (0x0020L)
118 #define TOKEN_ADJUST_GROUPS (0x0040L)
119 #define TOKEN_ADJUST_DEFAULT (0x0080L)
121 #define TOKEN_ALL_ACCESS (0xf00ffL)
122 #define TOKEN_READ (0x20008L)
123 #define TOKEN_WRITE (0x200e0L)
124 #define TOKEN_EXECUTE (0x20000L)
126 typedef BOOL SECURITY_CONTEXT_TRACKING_MODE
;
128 typedef ULONG SECURITY_INFORMATION
, *PSECURITY_INFORMATION
;
130 typedef enum _TOKEN_INFORMATION_CLASS
140 TokenImpersonationLevel
,
142 } TOKEN_INFORMATION_CLASS
;
144 typedef ULONG SECURITY_IMPERSONATION_LEVEL
, *PSECURITY_IMPERSONATION_LEVEL
;
146 #define SecurityAnonymous ((SECURITY_IMPERSONATION_LEVEL)1)
147 #define SecurityIdentification ((SECURITY_IMPERSONATION_LEVEL)2)
148 #define SecurityImpersonation ((SECURITY_IMPERSONATION_LEVEL)3)
149 #define SecurityDelegation ((SECURITY_IMPERSONATION_LEVEL)4)
151 typedef ULONG TOKEN_TYPE
, *PTOKEN_TYPE
;
153 #define TokenPrimary ((TOKEN_TYPE)1)
154 #define TokenImpersonation ((TOKEN_TYPE)2)
156 //typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE, *PSECURITY_CONTEXT_TRACKING_MODE;
158 //#define SECURITY_DYNAMIC_TRACKING (TRUE)
159 //#define SECURITY_STATIC_TRACKING (FALSE)
161 typedef ULONG ACCESS_MASK
, *PACCESS_MASK
;
162 typedef ULONG ACCESS_MODE
, *PACCESS_MODE
;
164 typedef struct _SECURITY_QUALITY_OF_SERVICE
167 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
168 SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode
;
169 BOOLEAN EffectiveOnly
;
170 } SECURITY_QUALITY_OF_SERVICE
;
172 typedef SECURITY_QUALITY_OF_SERVICE
* PSECURITY_QUALITY_OF_SERVICE
;
174 typedef struct _ACE_HEADER
179 ACCESS_MASK AccessMask
;
180 } ACE_HEADER
, *PACE_HEADER
;
187 typedef struct _SID_IDENTIFIER_AUTHORITY
190 } SID_IDENTIFIER_AUTHORITY
, *PSID_IDENTIFIER_AUTHORITY
;
195 UCHAR SubAuthorityCount
;
196 SID_IDENTIFIER_AUTHORITY IdentifierAuthority
;
197 ULONG SubAuthority
[1];
209 typedef struct _ACL_REVISION_INFORMATION
212 } ACL_REVISION_INFORMATION
, *PACL_REVISION_INFORMATION
;
214 typedef struct _ACL_SIZE_INFORMATION
219 } ACL_SIZE_INFORMATION
, *PACL_SIZE_INFORMATION
;
221 typedef enum _ACL_INFORMATION_CLASS
223 AclRevisionInformation
= 1,
225 } ACL_INFORMATION_CLASS
;
227 typedef USHORT SECURITY_DESCRIPTOR_CONTROL
, *PSECURITY_DESCRIPTOR_CONTROL
;
229 typedef struct _SECURITY_DESCRIPTOR_CONTEXT
231 } SECURITY_DESCRIPTOR_CONTEXT
, *PSECURITY_DESCRIPTOR_CONTEXT
;
233 typedef LARGE_INTEGER LUID
, *PLUID
;
235 typedef struct _SECURITY_DESCRIPTOR
239 SECURITY_DESCRIPTOR_CONTROL Control
;
244 } SECURITY_DESCRIPTOR
, *PSECURITY_DESCRIPTOR
;
246 typedef struct _LUID_AND_ATTRIBUTES
250 } LUID_AND_ATTRIBUTES
, *PLUID_AND_ATTRIBUTES
;
252 typedef struct _TOKEN_SOURCE
255 LUID SourceIdentifier
;
256 } TOKEN_SOURCE
, *PTOKEN_SOURCE
;
258 typedef struct _TOKEN_CONTROL
261 LUID AuthenticationId
;
263 TOKEN_SOURCE TokenSource
;
264 } TOKEN_CONTROL
, *PTOKEN_CONTROL
;
266 typedef struct _SID_AND_ATTRIBUTES
270 } SID_AND_ATTRIBUTES
, *PSID_AND_ATTRIBUTES
;
272 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY
[ANYSIZE_ARRAY
];
273 typedef SID_AND_ATTRIBUTES_ARRAY
*PSID_AND_ATTRIBUTES_ARRAY
;
275 typedef struct _TOKEN_USER
277 SID_AND_ATTRIBUTES User
;
278 } TOKEN_USER
, *PTOKEN_USER
;
280 typedef struct _TOKEN_PRIMARY_GROUP
283 } TOKEN_PRIMARY_GROUP
, *PTOKEN_PRIMARY_GROUP
;
285 typedef struct _TOKEN_GROUPS
288 SID_AND_ATTRIBUTES Groups
[ANYSIZE_ARRAY
];
289 } TOKEN_GROUPS
, *PTOKEN_GROUPS
, *LPTOKEN_GROUPS
;
291 typedef struct _TOKEN_PRIVILEGES
293 DWORD PrivilegeCount
;
294 LUID_AND_ATTRIBUTES Privileges
[ANYSIZE_ARRAY
];
295 } TOKEN_PRIVILEGES
, *PTOKEN_PRIVILEGES
, *LPTOKEN_PRIVILEGES
;
297 typedef struct _TOKEN_OWNER
300 } TOKEN_OWNER
, *PTOKEN_OWNER
;
302 typedef struct _TOKEN_DEFAULT_DACL
305 } TOKEN_DEFAULT_DACL
, *PTOKEN_DEFAULT_DACL
;
307 typedef struct _TOKEN_STATISTICS
310 LUID AuthenticationId
;
311 LARGE_INTEGER ExpirationTime
;
312 TOKEN_TYPE TokenType
;
313 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
314 DWORD DynamicCharged
;
315 DWORD DynamicAvailable
;
317 DWORD PrivilegeCount
;
319 } TOKEN_STATISTICS
, *PTOKEN_STATISTICS
;
321 typedef struct _GENERIC_MAPPING
323 ACCESS_MASK GenericRead
;
324 ACCESS_MASK GenericWrite
;
325 ACCESS_MASK GenericExecute
;
326 ACCESS_MASK GenericAll
;
327 } GENERIC_MAPPING
, *PGENERIC_MAPPING
;
329 typedef struct _PRIVILEGE_SET
331 DWORD PrivilegeCount
;
333 LUID_AND_ATTRIBUTES Privilege
[ANYSIZE_ARRAY
];
334 } PRIVILEGE_SET
, *PPRIVILEGE_SET
, *LPPRIVILEGE_SET
;
336 typedef struct _SECURITY_ATTRIBUTES
339 LPVOID lpSecurityDescriptor
;
341 } SECURITY_ATTRIBUTES
, *LPSECURITY_ATTRIBUTES
;
344 #endif /* __INCLUDE_SECURITY_H */