reactos/include/ntos/security.h

   1 #ifndef __INCLUDE_SECURITY_H
   2 #define __INCLUDE_SECURITY_H
   3
   4 #include <ntos/ntdef.h>
   5 #include <ntos/types.h>
   6
   7 /* Privileges */
   8 #define SE_MIN_WELL_KNOWN_PRIVILEGE             (2L)
   9 #define SE_CREATE_TOKEN_PRIVILEGE               (2L)
  10 #define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE         (3L)
  11 #define SE_LOCK_MEMORY_PRIVILEGE                (4L)
  12 #define SE_INCREASE_QUOTA_PRIVILEGE             (5L)
  13 #define SE_UNSOLICITED_INPUT_PRIVILEGE          (6L)  /* unused */
  14 #define SE_MACHINE_ACCOUNT_PRIVILEGE            (6L)
  15 #define SE_TCB_PRIVILEGE                        (7L)
  16 #define SE_SECURITY_PRIVILEGE                   (8L)
  17 #define SE_TAKE_OWNERSHIP_PRIVILEGE             (9L)
  18 #define SE_LOAD_DRIVER_PRIVILEGE                (10L)
  19 #define SE_SYSTEM_PROFILE_PRIVILEGE             (11L)
  20 #define SE_SYSTEMTIME_PRIVILEGE                 (12L)
  21 #define SE_PROF_SINGLE_PROCESS_PRIVILEGE        (13L)
  22 #define SE_INC_BASE_PRIORITY_PRIVILEGE          (14L)
  23 #define SE_CREATE_PAGEFILE_PRIVILEGE            (15L)
  24 #define SE_CREATE_PERMANENT_PRIVILEGE           (16L)
  25 #define SE_BACKUP_PRIVILEGE                     (17L)
  26 #define SE_RESTORE_PRIVILEGE                    (18L)
  27 #define SE_SHUTDOWN_PRIVILEGE                   (19L)
  28 #define SE_DEBUG_PRIVILEGE                      (20L)
  29 #define SE_AUDIT_PRIVILEGE                      (21L)
  30 #define SE_SYSTEM_ENVIRONMENT_PRIVILEGE         (22L)
  31 #define SE_CHANGE_NOTIFY_PRIVILEGE              (23L)
  32 #define SE_REMOTE_SHUTDOWN_PRIVILEGE            (24L)
  33 #define SE_MAX_WELL_KNOWN_PRIVILEGE             SE_REMOTE_SHUTDOWN_PRIVILEGE
  34
  35 #if 0
  36 /* Security descriptor control. */
  37 #define SECURITY_DESCRIPTOR_REVISION    (1)
  38 #define SECURITY_DESCRIPTOR_MIN_LENGTH  (20)
  39 #define SE_OWNER_DEFAULTED      (1)
  40 #define SE_GROUP_DEFAULTED      (2)
  41 #define SE_DACL_PRESENT (4)
  42 #define SE_DACL_DEFAULTED       (8)
  43 #define SE_SACL_PRESENT (16)
  44 #define SE_SACL_DEFAULTED       (32)
  45 #define SE_SELF_RELATIVE        (32768)
  46 #endif
  47
  48 // This is defined in W32API:
  49 // typedef ULONG ACCESS_MODE, *PACCESS_MODE;
  50
  51 #if 0
  52 typedef struct _ACE_HEADER
  53 {
  54   CHAR AceType;
  55   CHAR AceFlags;
  56   USHORT AceSize;
  57   ACCESS_MASK AccessMask;
  58 } ACE_HEADER, *PACE_HEADER;
  59
  60 typedef struct
  61 {
  62   ACE_HEADER Header;
  63 } ACE, *PACE;
  64 #endif
  65
  66 #ifdef __GNU__
  67 typedef struct _SECURITY_DESCRIPTOR_CONTEXT
  68 {
  69 } SECURITY_DESCRIPTOR_CONTEXT, *PSECURITY_DESCRIPTOR_CONTEXT;
  70 #endif
  71
  72
  73 #ifndef __USE_W32API
  74
  75 /* SID Auhority */
  76 #define SECURITY_NULL_SID_AUTHORITY             {0,0,0,0,0,0}
  77 #define SECURITY_WORLD_SID_AUTHORITY            {0,0,0,0,0,1}
  78 #define SECURITY_LOCAL_SID_AUTHORITY            {0,0,0,0,0,2}
  79 #define SECURITY_CREATOR_SID_AUTHORITY          {0,0,0,0,0,3}
  80 #define SECURITY_NON_UNIQUE_AUTHORITY           {0,0,0,0,0,4}
  81 #define SECURITY_NT_AUTHORITY                   {0,0,0,0,0,5}
  82
  83 /* SID */
  84 #define SECURITY_NULL_RID                       (0L)
  85 #define SECURITY_WORLD_RID                      (0L)
  86 #define SECURITY_LOCAL_RID                      (0L)
  87 #define SECURITY_CREATOR_OWNER_RID              (0L)
  88 #define SECURITY_CREATOR_GROUP_RID              (0x1L)
  89 #define SECURITY_CREATOR_OWNER_SERVER_RID       (0x2L)
  90 #define SECURITY_CREATOR_GROUP_SERVER_RID       (0x3L)
  91 #define SECURITY_DIALUP_RID                     (0x1L)
  92 #define SECURITY_NETWORK_RID                    (0x2L)
  93 #define SECURITY_BATCH_RID                      (0x3L)
  94 #define SECURITY_INTERACTIVE_RID                (0x4L)
  95 #define SECURITY_LOGON_IDS_RID                  (0x5L)
  96 #define SECURITY_LOGON_IDS_RID_COUNT            (0x3L)
  97 #define SECURITY_SERVICE_RID                    (0x6L)
  98 #define SECURITY_ANONYMOUS_LOGON_RID            (0x7L)
  99 #define SECURITY_PROXY_RID                      (0x8L)
 100 #define SECURITY_ENTERPRISE_CONTROLLERS_RID     (0x9L)
 101 #define SECURITY_SERVER_LOGON_RID               SECURITY_ENTERPRISE_CONTROLLERS_RID
 102 #define SECURITY_PRINCIPAL_SELF_RID             (0xAL)
 103 #define SECURITY_AUTHENTICATED_USER_RID         (0xBL)
 104 #define SECURITY_RESTRICTED_CODE_RID            (0xCL)
 105 #define SECURITY_LOCAL_SYSTEM_RID               (0x12L)
 106 #define SECURITY_NT_NON_UNIQUE_RID              (0x15L)
 107 #define SECURITY_BUILTIN_DOMAIN_RID             (0x20L)
 108 #define DOMAIN_USER_RID_ADMIN                   (0x1F4L)
 109 #define DOMAIN_USER_RID_GUEST                   (0x1F5L)
 110 #define DOMAIN_GROUP_RID_ADMINS                 (0x200L)
 111 #define DOMAIN_GROUP_RID_USERS                  (0x201L)
 112 #define DOMAIN_ALIAS_RID_ADMINS                 (0x220L)
 113 #define DOMAIN_ALIAS_RID_USERS                  (0x221L)
 114 #define DOMAIN_ALIAS_RID_GUESTS                 (0x222L)
 115 #define DOMAIN_ALIAS_RID_POWER_USERS            (0x223L)
 116 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS            (0x224L)
 117 #define DOMAIN_ALIAS_RID_SYSTEM_OPS             (0x225L)
 118 #define DOMAIN_ALIAS_RID_PRINT_OPS              (0x226L)
 119 #define DOMAIN_ALIAS_RID_BACKUP_OPS             (0x227L)
 120 #define DOMAIN_ALIAS_RID_REPLICATOR             (0x228L)
 121
 122 /* ACCESS_MASK */
 123 #define MAXIMUM_ALLOWED                 (0x2000000L)
 124 #define GENERIC_ALL                     (0x10000000L)
 125 #define GENERIC_EXECUTE                 (0x20000000L)
 126
 127 #define SECURITY_STATIC_TRACKING        (0)
 128 #define SECURITY_DYNAMIC_TRACKING       (1)
 129
 130 /* Standard rights */
 131 #define STANDARD_RIGHTS_REQUIRED        (0xf0000L)
 132 #define STANDARD_RIGHTS_WRITE           (0x20000L)
 133 #define STANDARD_RIGHTS_READ            (0x20000L)
 134 #define STANDARD_RIGHTS_EXECUTE         (0x20000L)
 135 #define STANDARD_RIGHTS_ALL             (0x1f0000L)
 136 #define SPECIFIC_RIGHTS_ALL             (0xffffL)
 137
 138 /* Token rights */
 139 #define TOKEN_ASSIGN_PRIMARY            (0x0001L)
 140 #define TOKEN_DUPLICATE                 (0x0002L)
 141 #define TOKEN_IMPERSONATE               (0x0004L)
 142 #define TOKEN_QUERY                     (0x0008L)
 143 #define TOKEN_QUERY_SOURCE              (0x0010L)
 144 #define TOKEN_ADJUST_PRIVILEGES         (0x0020L)
 145 #define TOKEN_ADJUST_GROUPS             (0x0040L)
 146 #define TOKEN_ADJUST_DEFAULT            (0x0080L)
 147
 148 #define TOKEN_ALL_ACCESS                (0xf00ffL)
 149 #define TOKEN_READ                      (0x20008L)
 150 #define TOKEN_WRITE                     (0x200e0L)
 151 #define TOKEN_EXECUTE                   (0x20000L)
 152
 153 typedef BOOL SECURITY_CONTEXT_TRACKING_MODE;
 154
 155 typedef ULONG SECURITY_INFORMATION, *PSECURITY_INFORMATION;
 156
 157 typedef enum _TOKEN_INFORMATION_CLASS
 158 {
 159   TokenUser = 1,
 160   TokenGroups,
 161   TokenPrivileges,
 162   TokenOwner,
 163   TokenPrimaryGroup,
 164   TokenDefaultDacl,
 165   TokenSource,
 166   TokenType,
 167   TokenImpersonationLevel,
 168   TokenStatistics
 169 } TOKEN_INFORMATION_CLASS;
 170
 171 typedef ULONG SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL;
 172
 173 #define SecurityAnonymous ((SECURITY_IMPERSONATION_LEVEL)1)
 174 #define SecurityIdentification ((SECURITY_IMPERSONATION_LEVEL)2)
 175 #define SecurityImpersonation ((SECURITY_IMPERSONATION_LEVEL)3)
 176 #define SecurityDelegation ((SECURITY_IMPERSONATION_LEVEL)4)
 177
 178 typedef ULONG ACCESS_MASK, *PACCESS_MASK;
 179 typedef ULONG TOKEN_TYPE, *PTOKEN_TYPE;
 180
 181 #define TokenPrimary           ((TOKEN_TYPE)1)
 182 #define TokenImpersonation     ((TOKEN_TYPE)2)
 183
 184 typedef struct _SECURITY_QUALITY_OF_SERVICE
 185 {
 186   ULONG Length;
 187   SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
 188   SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode;
 189   BOOLEAN EffectiveOnly;
 190 } SECURITY_QUALITY_OF_SERVICE;
 191
 192 typedef SECURITY_QUALITY_OF_SERVICE* PSECURITY_QUALITY_OF_SERVICE;
 193
 194 typedef struct _ACE_HEADER
 195 {
 196   BYTE AceType;
 197   BYTE AceFlags;
 198   WORD AceSize;
 199 } ACE_HEADER, *PACE_HEADER;
 200
 201 typedef struct _SID_IDENTIFIER_AUTHORITY
 202 {
 203   BYTE Value[6];
 204 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
 205
 206 typedef struct _SID
 207 {
 208   UCHAR  Revision;
 209   UCHAR  SubAuthorityCount;
 210   SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
 211   ULONG SubAuthority[1];
 212 } SID, *PSID;
 213
 214 typedef struct _ACL
 215 {
 216   UCHAR AclRevision;
 217   UCHAR Sbz1;
 218   USHORT AclSize;
 219   USHORT AceCount;
 220   USHORT Sbz2;
 221 } ACL, *PACL;
 222
 223 typedef struct _ACL_REVISION_INFORMATION
 224 {
 225   ULONG AclRevision;
 226 } ACL_REVISION_INFORMATION, *PACL_REVISION_INFORMATION;
 227
 228 typedef struct _ACL_SIZE_INFORMATION
 229 {
 230   ULONG AceCount;
 231   ULONG AclBytesInUse;
 232   ULONG AclBytesFree;
 233 } ACL_SIZE_INFORMATION, *PACL_SIZE_INFORMATION;
 234
 235 typedef enum _ACL_INFORMATION_CLASS
 236 {
 237   AclRevisionInformation = 1,
 238   AclSizeInformation
 239 } ACL_INFORMATION_CLASS;
 240
 241 typedef USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
 242
 243 typedef struct _LUID
 244 {
 245   ULONG LowPart;
 246   LONG  HighPart;
 247 } LUID, *PLUID;
 248
 249 typedef struct _SECURITY_DESCRIPTOR
 250 {
 251   UCHAR  Revision;
 252   UCHAR  Sbz1;
 253   SECURITY_DESCRIPTOR_CONTROL Control;
 254   PSID Owner;
 255   PSID Group;
 256   PACL Sacl;
 257   PACL Dacl;
 258 } SECURITY_DESCRIPTOR, *PSECURITY_DESCRIPTOR;
 259
 260 typedef struct _LUID_AND_ATTRIBUTES
 261 {
 262   LUID  Luid;
 263   ULONG Attributes;
 264 } LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
 265
 266 typedef struct _TOKEN_SOURCE
 267 {
 268   CHAR SourceName[8];
 269   LUID SourceIdentifier;
 270 } TOKEN_SOURCE, *PTOKEN_SOURCE;
 271
 272 typedef struct _TOKEN_CONTROL
 273 {
 274   LUID TokenId;
 275   LUID AuthenticationId;
 276   LUID ModifiedId;
 277   TOKEN_SOURCE TokenSource;
 278 } TOKEN_CONTROL, *PTOKEN_CONTROL;
 279
 280 typedef struct _SID_AND_ATTRIBUTES
 281 {
 282   PSID  Sid;
 283   DWORD Attributes;
 284 } SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
 285
 286 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
 287 typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
 288
 289 typedef struct _TOKEN_USER
 290 {
 291   SID_AND_ATTRIBUTES User;
 292 } TOKEN_USER, *PTOKEN_USER;
 293
 294 typedef struct _TOKEN_PRIMARY_GROUP
 295 {
 296   PSID PrimaryGroup;
 297 } TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
 298
 299 typedef struct _TOKEN_GROUPS
 300 {
 301   DWORD GroupCount;
 302   SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
 303 } TOKEN_GROUPS, *PTOKEN_GROUPS, *LPTOKEN_GROUPS;
 304
 305 typedef struct _TOKEN_PRIVILEGES
 306 {
 307   DWORD PrivilegeCount;
 308   LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
 309 } TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES, *LPTOKEN_PRIVILEGES;
 310
 311 typedef struct _TOKEN_OWNER
 312 {
 313   PSID Owner;
 314 } TOKEN_OWNER, *PTOKEN_OWNER;
 315
 316 typedef struct _TOKEN_DEFAULT_DACL
 317 {
 318   PACL DefaultDacl;
 319 } TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
 320
 321 typedef struct _TOKEN_STATISTICS
 322 {
 323   LUID  TokenId;
 324   LUID  AuthenticationId;
 325   LARGE_INTEGER ExpirationTime;
 326   TOKEN_TYPE TokenType;
 327   SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
 328   DWORD DynamicCharged;
 329   DWORD DynamicAvailable;
 330   DWORD GroupCount;
 331   DWORD PrivilegeCount;
 332   LUID  ModifiedId;
 333 } TOKEN_STATISTICS, *PTOKEN_STATISTICS;
 334
 335 typedef struct _GENERIC_MAPPING
 336 {
 337   ACCESS_MASK GenericRead;
 338   ACCESS_MASK GenericWrite;
 339   ACCESS_MASK GenericExecute;
 340   ACCESS_MASK GenericAll;
 341 } GENERIC_MAPPING, *PGENERIC_MAPPING;
 342
 343 typedef struct _PRIVILEGE_SET
 344 {
 345   DWORD PrivilegeCount;
 346   DWORD Control;
 347   LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY];
 348 } PRIVILEGE_SET, *PPRIVILEGE_SET, *LPPRIVILEGE_SET;
 349
 350 typedef struct _SECURITY_ATTRIBUTES
 351 {
 352   DWORD  nLength;
 353   LPVOID lpSecurityDescriptor;
 354   BOOL   bInheritHandle;
 355 } SECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES;
 356
 357 #endif /* !__USE_W32API */
 358
 359 typedef struct
 360 {
 361   ACE_HEADER Header;
 362   ACCESS_MASK AccessMask;
 363 } ACE, *PACE;
 364
 365 #endif /* __INCLUDE_SECURITY_H */