1 #ifndef __INCLUDE_SECURITY_H
2 #define __INCLUDE_SECURITY_H
4 #include <ntos/ntdef.h>
5 #include <ntos/types.h>
8 #define SE_MIN_WELL_KNOWN_PRIVILEGE (2L)
9 #define SE_CREATE_TOKEN_PRIVILEGE (2L)
10 #define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE (3L)
11 #define SE_LOCK_MEMORY_PRIVILEGE (4L)
12 #define SE_INCREASE_QUOTA_PRIVILEGE (5L)
13 #define SE_UNSOLICITED_INPUT_PRIVILEGE (6L) /* unused */
14 #define SE_MACHINE_ACCOUNT_PRIVILEGE (6L)
15 #define SE_TCB_PRIVILEGE (7L)
16 #define SE_SECURITY_PRIVILEGE (8L)
17 #define SE_TAKE_OWNERSHIP_PRIVILEGE (9L)
18 #define SE_LOAD_DRIVER_PRIVILEGE (10L)
19 #define SE_SYSTEM_PROFILE_PRIVILEGE (11L)
20 #define SE_SYSTEMTIME_PRIVILEGE (12L)
21 #define SE_PROF_SINGLE_PROCESS_PRIVILEGE (13L)
22 #define SE_INC_BASE_PRIORITY_PRIVILEGE (14L)
23 #define SE_CREATE_PAGEFILE_PRIVILEGE (15L)
24 #define SE_CREATE_PERMANENT_PRIVILEGE (16L)
25 #define SE_BACKUP_PRIVILEGE (17L)
26 #define SE_RESTORE_PRIVILEGE (18L)
27 #define SE_SHUTDOWN_PRIVILEGE (19L)
28 #define SE_DEBUG_PRIVILEGE (20L)
29 #define SE_AUDIT_PRIVILEGE (21L)
30 #define SE_SYSTEM_ENVIRONMENT_PRIVILEGE (22L)
31 #define SE_CHANGE_NOTIFY_PRIVILEGE (23L)
32 #define SE_REMOTE_SHUTDOWN_PRIVILEGE (24L)
33 #define SE_MAX_WELL_KNOWN_PRIVILEGE SE_REMOTE_SHUTDOWN_PRIVILEGE
36 /* Security descriptor control. */
37 #define SECURITY_DESCRIPTOR_REVISION (1)
38 #define SECURITY_DESCRIPTOR_MIN_LENGTH (20)
39 #define SE_OWNER_DEFAULTED (1)
40 #define SE_GROUP_DEFAULTED (2)
41 #define SE_DACL_PRESENT (4)
42 #define SE_DACL_DEFAULTED (8)
43 #define SE_SACL_PRESENT (16)
44 #define SE_SACL_DEFAULTED (32)
45 #define SE_SELF_RELATIVE (32768)
48 // This is defined in W32API:
49 // typedef ULONG ACCESS_MODE, *PACCESS_MODE;
52 typedef struct _ACE_HEADER
57 ACCESS_MASK AccessMask
;
58 } ACE_HEADER
, *PACE_HEADER
;
67 typedef struct _SECURITY_DESCRIPTOR_CONTEXT
69 } SECURITY_DESCRIPTOR_CONTEXT
, *PSECURITY_DESCRIPTOR_CONTEXT
;
76 #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
77 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
78 #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
79 #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
80 #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
81 #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
84 #define SECURITY_NULL_RID (0L)
85 #define SECURITY_WORLD_RID (0L)
86 #define SECURITY_LOCAL_RID (0L)
87 #define SECURITY_CREATOR_OWNER_RID (0L)
88 #define SECURITY_CREATOR_GROUP_RID (0x1L)
89 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x2L)
90 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x3L)
91 #define SECURITY_DIALUP_RID (0x1L)
92 #define SECURITY_NETWORK_RID (0x2L)
93 #define SECURITY_BATCH_RID (0x3L)
94 #define SECURITY_INTERACTIVE_RID (0x4L)
95 #define SECURITY_LOGON_IDS_RID (0x5L)
96 #define SECURITY_LOGON_IDS_RID_COUNT (0x3L)
97 #define SECURITY_SERVICE_RID (0x6L)
98 #define SECURITY_ANONYMOUS_LOGON_RID (0x7L)
99 #define SECURITY_PROXY_RID (0x8L)
100 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x9L)
101 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
102 #define SECURITY_PRINCIPAL_SELF_RID (0xAL)
103 #define SECURITY_AUTHENTICATED_USER_RID (0xBL)
104 #define SECURITY_RESTRICTED_CODE_RID (0xCL)
105 #define SECURITY_LOCAL_SYSTEM_RID (0x12L)
106 #define SECURITY_NT_NON_UNIQUE_RID (0x15L)
107 #define SECURITY_BUILTIN_DOMAIN_RID (0x20L)
108 #define DOMAIN_USER_RID_ADMIN (0x1F4L)
109 #define DOMAIN_USER_RID_GUEST (0x1F5L)
110 #define DOMAIN_GROUP_RID_ADMINS (0x200L)
111 #define DOMAIN_GROUP_RID_USERS (0x201L)
112 #define DOMAIN_ALIAS_RID_ADMINS (0x220L)
113 #define DOMAIN_ALIAS_RID_USERS (0x221L)
114 #define DOMAIN_ALIAS_RID_GUESTS (0x222L)
115 #define DOMAIN_ALIAS_RID_POWER_USERS (0x223L)
116 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x224L)
117 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x225L)
118 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x226L)
119 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x227L)
120 #define DOMAIN_ALIAS_RID_REPLICATOR (0x228L)
123 #define MAXIMUM_ALLOWED (0x2000000L)
124 #define GENERIC_ALL (0x10000000L)
125 #define GENERIC_EXECUTE (0x20000000L)
127 #define SECURITY_STATIC_TRACKING (0)
128 #define SECURITY_DYNAMIC_TRACKING (1)
130 /* Standard rights */
131 #define STANDARD_RIGHTS_REQUIRED (0xf0000L)
132 #define STANDARD_RIGHTS_WRITE (0x20000L)
133 #define STANDARD_RIGHTS_READ (0x20000L)
134 #define STANDARD_RIGHTS_EXECUTE (0x20000L)
135 #define STANDARD_RIGHTS_ALL (0x1f0000L)
136 #define SPECIFIC_RIGHTS_ALL (0xffffL)
139 #define TOKEN_ASSIGN_PRIMARY (0x0001L)
140 #define TOKEN_DUPLICATE (0x0002L)
141 #define TOKEN_IMPERSONATE (0x0004L)
142 #define TOKEN_QUERY (0x0008L)
143 #define TOKEN_QUERY_SOURCE (0x0010L)
144 #define TOKEN_ADJUST_PRIVILEGES (0x0020L)
145 #define TOKEN_ADJUST_GROUPS (0x0040L)
146 #define TOKEN_ADJUST_DEFAULT (0x0080L)
148 #define TOKEN_ALL_ACCESS (0xf00ffL)
149 #define TOKEN_READ (0x20008L)
150 #define TOKEN_WRITE (0x200e0L)
151 #define TOKEN_EXECUTE (0x20000L)
153 typedef BOOL SECURITY_CONTEXT_TRACKING_MODE
;
155 typedef ULONG SECURITY_INFORMATION
, *PSECURITY_INFORMATION
;
157 typedef enum _TOKEN_INFORMATION_CLASS
167 TokenImpersonationLevel
,
169 } TOKEN_INFORMATION_CLASS
;
171 typedef ULONG SECURITY_IMPERSONATION_LEVEL
, *PSECURITY_IMPERSONATION_LEVEL
;
173 #define SecurityAnonymous ((SECURITY_IMPERSONATION_LEVEL)1)
174 #define SecurityIdentification ((SECURITY_IMPERSONATION_LEVEL)2)
175 #define SecurityImpersonation ((SECURITY_IMPERSONATION_LEVEL)3)
176 #define SecurityDelegation ((SECURITY_IMPERSONATION_LEVEL)4)
178 typedef ULONG ACCESS_MASK
, *PACCESS_MASK
;
179 typedef ULONG TOKEN_TYPE
, *PTOKEN_TYPE
;
181 #define TokenPrimary ((TOKEN_TYPE)1)
182 #define TokenImpersonation ((TOKEN_TYPE)2)
184 typedef struct _SECURITY_QUALITY_OF_SERVICE
187 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
188 SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode
;
189 BOOLEAN EffectiveOnly
;
190 } SECURITY_QUALITY_OF_SERVICE
;
192 typedef SECURITY_QUALITY_OF_SERVICE
* PSECURITY_QUALITY_OF_SERVICE
;
194 typedef struct _ACE_HEADER
199 } ACE_HEADER
, *PACE_HEADER
;
201 typedef struct _SID_IDENTIFIER_AUTHORITY
204 } SID_IDENTIFIER_AUTHORITY
, *PSID_IDENTIFIER_AUTHORITY
;
209 UCHAR SubAuthorityCount
;
210 SID_IDENTIFIER_AUTHORITY IdentifierAuthority
;
211 ULONG SubAuthority
[1];
223 typedef struct _ACL_REVISION_INFORMATION
226 } ACL_REVISION_INFORMATION
, *PACL_REVISION_INFORMATION
;
228 typedef struct _ACL_SIZE_INFORMATION
233 } ACL_SIZE_INFORMATION
, *PACL_SIZE_INFORMATION
;
235 typedef enum _ACL_INFORMATION_CLASS
237 AclRevisionInformation
= 1,
239 } ACL_INFORMATION_CLASS
;
241 typedef USHORT SECURITY_DESCRIPTOR_CONTROL
, *PSECURITY_DESCRIPTOR_CONTROL
;
249 typedef struct _SECURITY_DESCRIPTOR
253 SECURITY_DESCRIPTOR_CONTROL Control
;
258 } SECURITY_DESCRIPTOR
, *PSECURITY_DESCRIPTOR
;
260 typedef struct _LUID_AND_ATTRIBUTES
264 } LUID_AND_ATTRIBUTES
, *PLUID_AND_ATTRIBUTES
;
266 typedef struct _TOKEN_SOURCE
269 LUID SourceIdentifier
;
270 } TOKEN_SOURCE
, *PTOKEN_SOURCE
;
272 typedef struct _TOKEN_CONTROL
275 LUID AuthenticationId
;
277 TOKEN_SOURCE TokenSource
;
278 } TOKEN_CONTROL
, *PTOKEN_CONTROL
;
280 typedef struct _SID_AND_ATTRIBUTES
284 } SID_AND_ATTRIBUTES
, *PSID_AND_ATTRIBUTES
;
286 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY
[ANYSIZE_ARRAY
];
287 typedef SID_AND_ATTRIBUTES_ARRAY
*PSID_AND_ATTRIBUTES_ARRAY
;
289 typedef struct _TOKEN_USER
291 SID_AND_ATTRIBUTES User
;
292 } TOKEN_USER
, *PTOKEN_USER
;
294 typedef struct _TOKEN_PRIMARY_GROUP
297 } TOKEN_PRIMARY_GROUP
, *PTOKEN_PRIMARY_GROUP
;
299 typedef struct _TOKEN_GROUPS
302 SID_AND_ATTRIBUTES Groups
[ANYSIZE_ARRAY
];
303 } TOKEN_GROUPS
, *PTOKEN_GROUPS
, *LPTOKEN_GROUPS
;
305 typedef struct _TOKEN_PRIVILEGES
307 DWORD PrivilegeCount
;
308 LUID_AND_ATTRIBUTES Privileges
[ANYSIZE_ARRAY
];
309 } TOKEN_PRIVILEGES
, *PTOKEN_PRIVILEGES
, *LPTOKEN_PRIVILEGES
;
311 typedef struct _TOKEN_OWNER
314 } TOKEN_OWNER
, *PTOKEN_OWNER
;
316 typedef struct _TOKEN_DEFAULT_DACL
319 } TOKEN_DEFAULT_DACL
, *PTOKEN_DEFAULT_DACL
;
321 typedef struct _TOKEN_STATISTICS
324 LUID AuthenticationId
;
325 LARGE_INTEGER ExpirationTime
;
326 TOKEN_TYPE TokenType
;
327 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
328 DWORD DynamicCharged
;
329 DWORD DynamicAvailable
;
331 DWORD PrivilegeCount
;
333 } TOKEN_STATISTICS
, *PTOKEN_STATISTICS
;
335 typedef struct _GENERIC_MAPPING
337 ACCESS_MASK GenericRead
;
338 ACCESS_MASK GenericWrite
;
339 ACCESS_MASK GenericExecute
;
340 ACCESS_MASK GenericAll
;
341 } GENERIC_MAPPING
, *PGENERIC_MAPPING
;
343 typedef struct _PRIVILEGE_SET
345 DWORD PrivilegeCount
;
347 LUID_AND_ATTRIBUTES Privilege
[ANYSIZE_ARRAY
];
348 } PRIVILEGE_SET
, *PPRIVILEGE_SET
, *LPPRIVILEGE_SET
;
350 typedef struct _SECURITY_ATTRIBUTES
353 LPVOID lpSecurityDescriptor
;
355 } SECURITY_ATTRIBUTES
, *LPSECURITY_ATTRIBUTES
;
357 #endif /* !__USE_W32API */
362 ACCESS_MASK AccessMask
;
365 #endif /* __INCLUDE_SECURITY_H */