projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[CSRSRV]: Fix two DPRINTs.
[reactos.git] / reactos / include / xdk / setypes.h
1 /******************************************************************************
2 * Security Manager Types *
3 ******************************************************************************/
4 $if (_WDMDDK_)
5
6 /* Simple types */
7 typedef PVOID PSECURITY_DESCRIPTOR;
8 typedef ULONG SECURITY_INFORMATION, *PSECURITY_INFORMATION;
9 typedef ULONG ACCESS_MASK, *PACCESS_MASK;
10 typedef PVOID PACCESS_TOKEN;
11 typedef PVOID PSID;
12
13 #define DELETE 0x00010000L
14 #define READ_CONTROL 0x00020000L
15 #define WRITE_DAC 0x00040000L
16 #define WRITE_OWNER 0x00080000L
17 #define SYNCHRONIZE 0x00100000L
18 #define STANDARD_RIGHTS_REQUIRED 0x000F0000L
19 #define STANDARD_RIGHTS_READ READ_CONTROL
20 #define STANDARD_RIGHTS_WRITE READ_CONTROL
21 #define STANDARD_RIGHTS_EXECUTE READ_CONTROL
22 #define STANDARD_RIGHTS_ALL 0x001F0000L
23 #define SPECIFIC_RIGHTS_ALL 0x0000FFFFL
24 #define ACCESS_SYSTEM_SECURITY 0x01000000L
25 #define MAXIMUM_ALLOWED 0x02000000L
26 #define GENERIC_READ 0x80000000L
27 #define GENERIC_WRITE 0x40000000L
28 #define GENERIC_EXECUTE 0x20000000L
29 #define GENERIC_ALL 0x10000000L
30
31 typedef struct _GENERIC_MAPPING {
32 ACCESS_MASK GenericRead;
33 ACCESS_MASK GenericWrite;
34 ACCESS_MASK GenericExecute;
35 ACCESS_MASK GenericAll;
36 } GENERIC_MAPPING, *PGENERIC_MAPPING;
37
38 #define ACL_REVISION 2
39 #define ACL_REVISION_DS 4
40
41 #define ACL_REVISION1 1
42 #define ACL_REVISION2 2
43 #define ACL_REVISION3 3
44 #define ACL_REVISION4 4
45 #define MIN_ACL_REVISION ACL_REVISION2
46 #define MAX_ACL_REVISION ACL_REVISION4
47
48 typedef struct _ACL {
49 UCHAR AclRevision;
50 UCHAR Sbz1;
51 USHORT AclSize;
52 USHORT AceCount;
53 USHORT Sbz2;
54 } ACL, *PACL;
55
56 /* Current security descriptor revision value */
57 #define SECURITY_DESCRIPTOR_REVISION (1)
58 #define SECURITY_DESCRIPTOR_REVISION1 (1)
59
60 /* Privilege attributes */
61 #define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x00000001L)
62 #define SE_PRIVILEGE_ENABLED (0x00000002L)
63 #define SE_PRIVILEGE_REMOVED (0X00000004L)
64 #define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
65
66 #define SE_PRIVILEGE_VALID_ATTRIBUTES (SE_PRIVILEGE_ENABLED_BY_DEFAULT | \
67 SE_PRIVILEGE_ENABLED | \
68 SE_PRIVILEGE_REMOVED | \
69 SE_PRIVILEGE_USED_FOR_ACCESS)
70
71 #include <pshpack4.h>
72 typedef struct _LUID_AND_ATTRIBUTES {
73 LUID Luid;
74 ULONG Attributes;
75 } LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
76 #include <poppack.h>
77
78 typedef LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
79 typedef LUID_AND_ATTRIBUTES_ARRAY *PLUID_AND_ATTRIBUTES_ARRAY;
80
81 /* Privilege sets */
82 #define PRIVILEGE_SET_ALL_NECESSARY (1)
83
84 typedef struct _PRIVILEGE_SET {
85 ULONG PrivilegeCount;
86 ULONG Control;
87 LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY];
88 } PRIVILEGE_SET,*PPRIVILEGE_SET;
89
90 typedef enum _SECURITY_IMPERSONATION_LEVEL {
91 SecurityAnonymous,
92 SecurityIdentification,
93 SecurityImpersonation,
94 SecurityDelegation
95 } SECURITY_IMPERSONATION_LEVEL, * PSECURITY_IMPERSONATION_LEVEL;
96
97 #define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation
98 #define SECURITY_MIN_IMPERSONATION_LEVEL SecurityAnonymous
99 #define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation
100 #define VALID_IMPERSONATION_LEVEL(Level) (((Level) >= SECURITY_MIN_IMPERSONATION_LEVEL) && ((Level) <= SECURITY_MAX_IMPERSONATION_LEVEL))
101
102 #define SECURITY_DYNAMIC_TRACKING (TRUE)
103 #define SECURITY_STATIC_TRACKING (FALSE)
104
105 typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE, *PSECURITY_CONTEXT_TRACKING_MODE;
106
107 typedef struct _SECURITY_QUALITY_OF_SERVICE {
108 ULONG Length;
109 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
110 SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode;
111 BOOLEAN EffectiveOnly;
112 } SECURITY_QUALITY_OF_SERVICE, *PSECURITY_QUALITY_OF_SERVICE;
113
114 typedef struct _SE_IMPERSONATION_STATE {
115 PACCESS_TOKEN Token;
116 BOOLEAN CopyOnOpen;
117 BOOLEAN EffectiveOnly;
118 SECURITY_IMPERSONATION_LEVEL Level;
119 } SE_IMPERSONATION_STATE, *PSE_IMPERSONATION_STATE;
120
121 #define OWNER_SECURITY_INFORMATION (0x00000001L)
122 #define GROUP_SECURITY_INFORMATION (0x00000002L)
123 #define DACL_SECURITY_INFORMATION (0x00000004L)
124 #define SACL_SECURITY_INFORMATION (0x00000008L)
125 #define LABEL_SECURITY_INFORMATION (0x00000010L)
126
127 #define PROTECTED_DACL_SECURITY_INFORMATION (0x80000000L)
128 #define PROTECTED_SACL_SECURITY_INFORMATION (0x40000000L)
129 #define UNPROTECTED_DACL_SECURITY_INFORMATION (0x20000000L)
130 #define UNPROTECTED_SACL_SECURITY_INFORMATION (0x10000000L)
131
132 typedef enum _SECURITY_OPERATION_CODE {
133 SetSecurityDescriptor,
134 QuerySecurityDescriptor,
135 DeleteSecurityDescriptor,
136 AssignSecurityDescriptor
137 } SECURITY_OPERATION_CODE, *PSECURITY_OPERATION_CODE;
138
139 #define INITIAL_PRIVILEGE_COUNT 3
140
141 typedef struct _INITIAL_PRIVILEGE_SET {
142 ULONG PrivilegeCount;
143 ULONG Control;
144 LUID_AND_ATTRIBUTES Privilege[INITIAL_PRIVILEGE_COUNT];
145 } INITIAL_PRIVILEGE_SET, * PINITIAL_PRIVILEGE_SET;
146
147 #define SE_MIN_WELL_KNOWN_PRIVILEGE 2
148 #define SE_CREATE_TOKEN_PRIVILEGE 2
149 #define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE 3
150 #define SE_LOCK_MEMORY_PRIVILEGE 4
151 #define SE_INCREASE_QUOTA_PRIVILEGE 5
152 #define SE_MACHINE_ACCOUNT_PRIVILEGE 6
153 #define SE_TCB_PRIVILEGE 7
154 #define SE_SECURITY_PRIVILEGE 8
155 #define SE_TAKE_OWNERSHIP_PRIVILEGE 9
156 #define SE_LOAD_DRIVER_PRIVILEGE 10
157 #define SE_SYSTEM_PROFILE_PRIVILEGE 11
158 #define SE_SYSTEMTIME_PRIVILEGE 12
159 #define SE_PROF_SINGLE_PROCESS_PRIVILEGE 13
160 #define SE_INC_BASE_PRIORITY_PRIVILEGE 14
161 #define SE_CREATE_PAGEFILE_PRIVILEGE 15
162 #define SE_CREATE_PERMANENT_PRIVILEGE 16
163 #define SE_BACKUP_PRIVILEGE 17
164 #define SE_RESTORE_PRIVILEGE 18
165 #define SE_SHUTDOWN_PRIVILEGE 19
166 #define SE_DEBUG_PRIVILEGE 20
167 #define SE_AUDIT_PRIVILEGE 21
168 #define SE_SYSTEM_ENVIRONMENT_PRIVILEGE 22
169 #define SE_CHANGE_NOTIFY_PRIVILEGE 23
170 #define SE_REMOTE_SHUTDOWN_PRIVILEGE 24
171 #define SE_UNDOCK_PRIVILEGE 25
172 #define SE_SYNC_AGENT_PRIVILEGE 26
173 #define SE_ENABLE_DELEGATION_PRIVILEGE 27
174 #define SE_MANAGE_VOLUME_PRIVILEGE 28
175 #define SE_IMPERSONATE_PRIVILEGE 29
176 #define SE_CREATE_GLOBAL_PRIVILEGE 30
177 #define SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE 31
178 #define SE_RELABEL_PRIVILEGE 32
179 #define SE_INC_WORKING_SET_PRIVILEGE 33
180 #define SE_TIME_ZONE_PRIVILEGE 34
181 #define SE_CREATE_SYMBOLIC_LINK_PRIVILEGE 35
182 #define SE_MAX_WELL_KNOWN_PRIVILEGE SE_CREATE_SYMBOLIC_LINK_PRIVILEGE
183
184 typedef struct _SECURITY_SUBJECT_CONTEXT {
185 PACCESS_TOKEN ClientToken;
186 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
187 PACCESS_TOKEN PrimaryToken;
188 PVOID ProcessAuditId;
189 } SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT;
190
191 typedef struct _ACCESS_STATE {
192 LUID OperationID;
193 BOOLEAN SecurityEvaluated;
194 BOOLEAN GenerateAudit;
195 BOOLEAN GenerateOnClose;
196 BOOLEAN PrivilegesAllocated;
197 ULONG Flags;
198 ACCESS_MASK RemainingDesiredAccess;
199 ACCESS_MASK PreviouslyGrantedAccess;
200 ACCESS_MASK OriginalDesiredAccess;
201 SECURITY_SUBJECT_CONTEXT SubjectSecurityContext;
202 PSECURITY_DESCRIPTOR SecurityDescriptor;
203 PVOID AuxData;
204 union {
205 INITIAL_PRIVILEGE_SET InitialPrivilegeSet;
206 PRIVILEGE_SET PrivilegeSet;
207 } Privileges;
208 BOOLEAN AuditPrivileges;
209 UNICODE_STRING ObjectName;
210 UNICODE_STRING ObjectTypeName;
211 } ACCESS_STATE, *PACCESS_STATE;
212
213 typedef VOID
214 (NTAPI *PNTFS_DEREF_EXPORTED_SECURITY_DESCRIPTOR)(
215 _In_ PVOID Vcb,
216 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor);
217
218 #ifndef _NTLSA_IFS_
219
220 #ifndef _NTLSA_AUDIT_
221 #define _NTLSA_AUDIT_
222
223 #define SE_MAX_AUDIT_PARAMETERS 32
224 #define SE_MAX_GENERIC_AUDIT_PARAMETERS 28
225
226 #define SE_ADT_OBJECT_ONLY 0x1
227
228 #define SE_ADT_PARAMETERS_SELF_RELATIVE 0x00000001
229 #define SE_ADT_PARAMETERS_SEND_TO_LSA 0x00000002
230 #define SE_ADT_PARAMETER_EXTENSIBLE_AUDIT 0x00000004
231 #define SE_ADT_PARAMETER_GENERIC_AUDIT 0x00000008
232 #define SE_ADT_PARAMETER_WRITE_SYNCHRONOUS 0x00000010
233
234 #define LSAP_SE_ADT_PARAMETER_ARRAY_TRUE_SIZE(Parameters) \
235 ( sizeof(SE_ADT_PARAMETER_ARRAY) - sizeof(SE_ADT_PARAMETER_ARRAY_ENTRY) * \
236 (SE_MAX_AUDIT_PARAMETERS - Parameters->ParameterCount) )
237
238 typedef enum _SE_ADT_PARAMETER_TYPE {
239 SeAdtParmTypeNone = 0,
240 SeAdtParmTypeString,
241 SeAdtParmTypeFileSpec,
242 SeAdtParmTypeUlong,
243 SeAdtParmTypeSid,
244 SeAdtParmTypeLogonId,
245 SeAdtParmTypeNoLogonId,
246 SeAdtParmTypeAccessMask,
247 SeAdtParmTypePrivs,
248 SeAdtParmTypeObjectTypes,
249 SeAdtParmTypeHexUlong,
250 SeAdtParmTypePtr,
251 SeAdtParmTypeTime,
252 SeAdtParmTypeGuid,
253 SeAdtParmTypeLuid,
254 SeAdtParmTypeHexInt64,
255 SeAdtParmTypeStringList,
256 SeAdtParmTypeSidList,
257 SeAdtParmTypeDuration,
258 SeAdtParmTypeUserAccountControl,
259 SeAdtParmTypeNoUac,
260 SeAdtParmTypeMessage,
261 SeAdtParmTypeDateTime,
262 SeAdtParmTypeSockAddr,
263 SeAdtParmTypeSD,
264 SeAdtParmTypeLogonHours,
265 SeAdtParmTypeLogonIdNoSid,
266 SeAdtParmTypeUlongNoConv,
267 SeAdtParmTypeSockAddrNoPort,
268 SeAdtParmTypeAccessReason
269 } SE_ADT_PARAMETER_TYPE, *PSE_ADT_PARAMETER_TYPE;
270
271 typedef struct _SE_ADT_OBJECT_TYPE {
272 GUID ObjectType;
273 USHORT Flags;
274 USHORT Level;
275 ACCESS_MASK AccessMask;
276 } SE_ADT_OBJECT_TYPE, *PSE_ADT_OBJECT_TYPE;
277
278 typedef struct _SE_ADT_PARAMETER_ARRAY_ENTRY {
279 SE_ADT_PARAMETER_TYPE Type;
280 ULONG Length;
281 ULONG_PTR Data[2];
282 PVOID Address;
283 } SE_ADT_PARAMETER_ARRAY_ENTRY, *PSE_ADT_PARAMETER_ARRAY_ENTRY;
284
285 typedef struct _SE_ADT_ACCESS_REASON {
286 ACCESS_MASK AccessMask;
287 ULONG AccessReasons[32];
288 ULONG ObjectTypeIndex;
289 ULONG AccessGranted;
290 PSECURITY_DESCRIPTOR SecurityDescriptor;
291 } SE_ADT_ACCESS_REASON, *PSE_ADT_ACCESS_REASON;
292
293 typedef struct _SE_ADT_PARAMETER_ARRAY {
294 ULONG CategoryId;
295 ULONG AuditId;
296 ULONG ParameterCount;
297 ULONG Length;
298 USHORT FlatSubCategoryId;
299 USHORT Type;
300 ULONG Flags;
301 SE_ADT_PARAMETER_ARRAY_ENTRY Parameters[ SE_MAX_AUDIT_PARAMETERS ];
302 } SE_ADT_PARAMETER_ARRAY, *PSE_ADT_PARAMETER_ARRAY;
303
304 #endif /* !_NTLSA_AUDIT_ */
305 #endif /* !_NTLSA_IFS_ */
306 $endif (_WDMDDK_)
307 $if (_NTDDK_)
308 #define SE_UNSOLICITED_INPUT_PRIVILEGE 6
309
310 typedef enum _WELL_KNOWN_SID_TYPE {
311 WinNullSid = 0,
312 WinWorldSid = 1,
313 WinLocalSid = 2,
314 WinCreatorOwnerSid = 3,
315 WinCreatorGroupSid = 4,
316 WinCreatorOwnerServerSid = 5,
317 WinCreatorGroupServerSid = 6,
318 WinNtAuthoritySid = 7,
319 WinDialupSid = 8,
320 WinNetworkSid = 9,
321 WinBatchSid = 10,
322 WinInteractiveSid = 11,
323 WinServiceSid = 12,
324 WinAnonymousSid = 13,
325 WinProxySid = 14,
326 WinEnterpriseControllersSid = 15,
327 WinSelfSid = 16,
328 WinAuthenticatedUserSid = 17,
329 WinRestrictedCodeSid = 18,
330 WinTerminalServerSid = 19,
331 WinRemoteLogonIdSid = 20,
332 WinLogonIdsSid = 21,
333 WinLocalSystemSid = 22,
334 WinLocalServiceSid = 23,
335 WinNetworkServiceSid = 24,
336 WinBuiltinDomainSid = 25,
337 WinBuiltinAdministratorsSid = 26,
338 WinBuiltinUsersSid = 27,
339 WinBuiltinGuestsSid = 28,
340 WinBuiltinPowerUsersSid = 29,
341 WinBuiltinAccountOperatorsSid = 30,
342 WinBuiltinSystemOperatorsSid = 31,
343 WinBuiltinPrintOperatorsSid = 32,
344 WinBuiltinBackupOperatorsSid = 33,
345 WinBuiltinReplicatorSid = 34,
346 WinBuiltinPreWindows2000CompatibleAccessSid = 35,
347 WinBuiltinRemoteDesktopUsersSid = 36,
348 WinBuiltinNetworkConfigurationOperatorsSid = 37,
349 WinAccountAdministratorSid = 38,
350 WinAccountGuestSid = 39,
351 WinAccountKrbtgtSid = 40,
352 WinAccountDomainAdminsSid = 41,
353 WinAccountDomainUsersSid = 42,
354 WinAccountDomainGuestsSid = 43,
355 WinAccountComputersSid = 44,
356 WinAccountControllersSid = 45,
357 WinAccountCertAdminsSid = 46,
358 WinAccountSchemaAdminsSid = 47,
359 WinAccountEnterpriseAdminsSid = 48,
360 WinAccountPolicyAdminsSid = 49,
361 WinAccountRasAndIasServersSid = 50,
362 WinNTLMAuthenticationSid = 51,
363 WinDigestAuthenticationSid = 52,
364 WinSChannelAuthenticationSid = 53,
365 WinThisOrganizationSid = 54,
366 WinOtherOrganizationSid = 55,
367 WinBuiltinIncomingForestTrustBuildersSid = 56,
368 WinBuiltinPerfMonitoringUsersSid = 57,
369 WinBuiltinPerfLoggingUsersSid = 58,
370 WinBuiltinAuthorizationAccessSid = 59,
371 WinBuiltinTerminalServerLicenseServersSid = 60,
372 WinBuiltinDCOMUsersSid = 61,
373 WinBuiltinIUsersSid = 62,
374 WinIUserSid = 63,
375 WinBuiltinCryptoOperatorsSid = 64,
376 WinUntrustedLabelSid = 65,
377 WinLowLabelSid = 66,
378 WinMediumLabelSid = 67,
379 WinHighLabelSid = 68,
380 WinSystemLabelSid = 69,
381 WinWriteRestrictedCodeSid = 70,
382 WinCreatorOwnerRightsSid = 71,
383 WinCacheablePrincipalsGroupSid = 72,
384 WinNonCacheablePrincipalsGroupSid = 73,
385 WinEnterpriseReadonlyControllersSid = 74,
386 WinAccountReadonlyControllersSid = 75,
387 WinBuiltinEventLogReadersGroup = 76,
388 WinNewEnterpriseReadonlyControllersSid = 77,
389 WinBuiltinCertSvcDComAccessGroup = 78,
390 WinMediumPlusLabelSid = 79,
391 WinLocalLogonSid = 80,
392 WinConsoleLogonSid = 81,
393 WinThisOrganizationCertificateSid = 82,
394 } WELL_KNOWN_SID_TYPE;
395 $endif (_NTDDK_)
396 $if (_NTIFS_)
397 #ifndef SID_IDENTIFIER_AUTHORITY_DEFINED
398 #define SID_IDENTIFIER_AUTHORITY_DEFINED
399 typedef struct _SID_IDENTIFIER_AUTHORITY {
400 UCHAR Value[6];
401 } SID_IDENTIFIER_AUTHORITY,*PSID_IDENTIFIER_AUTHORITY,*LPSID_IDENTIFIER_AUTHORITY;
402 #endif
403
404 #ifndef SID_DEFINED
405 #define SID_DEFINED
406 typedef struct _SID {
407 UCHAR Revision;
408 UCHAR SubAuthorityCount;
409 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
410 #ifdef MIDL_PASS
411 [size_is(SubAuthorityCount)] ULONG SubAuthority[*];
412 #else
413 ULONG SubAuthority[ANYSIZE_ARRAY];
414 #endif
415 } SID, *PISID;
416 #endif
417
418 #define SID_REVISION 1
419 #define SID_MAX_SUB_AUTHORITIES 15
420 #define SID_RECOMMENDED_SUB_AUTHORITIES 1
421
422 #ifndef MIDL_PASS
423 #define SECURITY_MAX_SID_SIZE (sizeof(SID) - sizeof(ULONG) + (SID_MAX_SUB_AUTHORITIES * sizeof(ULONG)))
424 #endif
425
426 typedef enum _SID_NAME_USE {
427 SidTypeUser = 1,
428 SidTypeGroup,
429 SidTypeDomain,
430 SidTypeAlias,
431 SidTypeWellKnownGroup,
432 SidTypeDeletedAccount,
433 SidTypeInvalid,
434 SidTypeUnknown,
435 SidTypeComputer,
436 SidTypeLabel
437 } SID_NAME_USE, *PSID_NAME_USE;
438
439 typedef struct _SID_AND_ATTRIBUTES {
440 #ifdef MIDL_PASS
441 PISID Sid;
442 #else
443 PSID Sid;
444 #endif
445 ULONG Attributes;
446 } SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
447 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
448 typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
449
450 #define SID_HASH_SIZE 32
451 typedef ULONG_PTR SID_HASH_ENTRY, *PSID_HASH_ENTRY;
452
453 typedef struct _SID_AND_ATTRIBUTES_HASH {
454 ULONG SidCount;
455 PSID_AND_ATTRIBUTES SidAttr;
456 SID_HASH_ENTRY Hash[SID_HASH_SIZE];
457 } SID_AND_ATTRIBUTES_HASH, *PSID_AND_ATTRIBUTES_HASH;
458
459 /* Universal well-known SIDs */
460
461 #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
462 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
463 #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
464 #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
465 #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
466 #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
467
468 #define SECURITY_NULL_RID (0x00000000L)
469 #define SECURITY_WORLD_RID (0x00000000L)
470 #define SECURITY_LOCAL_RID (0x00000000L)
471 #define SECURITY_LOCAL_LOGON_RID (0x00000001L)
472
473 #define SECURITY_CREATOR_OWNER_RID (0x00000000L)
474 #define SECURITY_CREATOR_GROUP_RID (0x00000001L)
475 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
476 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
477 #define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
478
479 /* NT well-known SIDs */
480
481 #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
482
483 #define SECURITY_DIALUP_RID (0x00000001L)
484 #define SECURITY_NETWORK_RID (0x00000002L)
485 #define SECURITY_BATCH_RID (0x00000003L)
486 #define SECURITY_INTERACTIVE_RID (0x00000004L)
487 #define SECURITY_LOGON_IDS_RID (0x00000005L)
488 #define SECURITY_LOGON_IDS_RID_COUNT (3L)
489 #define SECURITY_SERVICE_RID (0x00000006L)
490 #define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
491 #define SECURITY_PROXY_RID (0x00000008L)
492 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
493 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
494 #define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
495 #define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
496 #define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
497 #define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
498 #define SECURITY_REMOTE_LOGON_RID (0x0000000EL)
499 #define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL)
500 #define SECURITY_IUSER_RID (0x00000011L)
501 #define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
502 #define SECURITY_LOCAL_SERVICE_RID (0x00000013L)
503 #define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
504 #define SECURITY_NT_NON_UNIQUE (0x00000015L)
505 #define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
506 #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
507
508 #define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
509 #define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
510
511
512 #define SECURITY_PACKAGE_BASE_RID (0x00000040L)
513 #define SECURITY_PACKAGE_RID_COUNT (2L)
514 #define SECURITY_PACKAGE_NTLM_RID (0x0000000AL)
515 #define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
516 #define SECURITY_PACKAGE_DIGEST_RID (0x00000015L)
517
518 #define SECURITY_CRED_TYPE_BASE_RID (0x00000041L)
519 #define SECURITY_CRED_TYPE_RID_COUNT (2L)
520 #define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L)
521
522 #define SECURITY_MIN_BASE_RID (0x00000050L)
523 #define SECURITY_SERVICE_ID_BASE_RID (0x00000050L)
524 #define SECURITY_SERVICE_ID_RID_COUNT (6L)
525 #define SECURITY_RESERVED_ID_BASE_RID (0x00000051L)
526 #define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L)
527 #define SECURITY_APPPOOL_ID_RID_COUNT (6L)
528 #define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L)
529 #define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L)
530 #define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L)
531 #define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L)
532 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID (0x00000055L)
533 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L)
534 #define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L)
535 #define SECURITY_WMIHOST_ID_RID_COUNT (6L)
536 #define SECURITY_TASK_ID_BASE_RID (0x00000057L)
537 #define SECURITY_NFS_ID_BASE_RID (0x00000058L)
538 #define SECURITY_COM_ID_BASE_RID (0x00000059L)
539 #define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L)
540
541 #define SECURITY_MAX_BASE_RID (0x0000006FL)
542
543 #define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
544 #define SECURITY_MIN_NEVER_FILTERED (0x000003E8L)
545
546 #define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
547
548 #define SECURITY_WINDOWSMOBILE_ID_BASE_RID (0x00000070L)
549
550 /* Well-known domain relative sub-authority values (RIDs) */
551
552 #define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
553
554 #define FOREST_USER_RID_MAX (0x000001F3L)
555
556 /* Well-known users */
557
558 #define DOMAIN_USER_RID_ADMIN (0x000001F4L)
559 #define DOMAIN_USER_RID_GUEST (0x000001F5L)
560 #define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
561
562 #define DOMAIN_USER_RID_MAX (0x000003E7L)
563
564 /* Well-known groups */
565
566 #define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
567 #define DOMAIN_GROUP_RID_USERS (0x00000201L)
568 #define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
569 #define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L)
570 #define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)
571 #define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)
572 #define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
573 #define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
574 #define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
575 #define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L)
576
577 /* Well-known aliases */
578
579 #define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
580 #define DOMAIN_ALIAS_RID_USERS (0x00000221L)
581 #define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
582 #define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
583
584 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
585 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
586 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
587 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
588
589 #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
590 #define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
591 #define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL)
592 #define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL)
593 #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL)
594 #define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
595
596 #define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL)
597 #define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL)
598 #define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
599 #define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L)
600 #define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L)
601 #define DOMAIN_ALIAS_RID_IUSERS (0x00000238L)
602 #define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L)
603 #define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL)
604 #define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL)
605 #define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL)
606 #define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL)
607
608 #define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
609 #define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L)
610 #define SECURITY_MANDATORY_LOW_RID (0x00001000L)
611 #define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L)
612 #define SECURITY_MANDATORY_HIGH_RID (0x00003000L)
613 #define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L)
614 #define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
615
616 /* SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that
617 can be set by a usermode caller.*/
618
619 #define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
620
621 #define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
622
623 /* Allocate the System Luid. The first 1000 LUIDs are reserved.
624 Use #999 here (0x3e7 = 999) */
625
626 #define SYSTEM_LUID {0x3e7, 0x0}
627 #define ANONYMOUS_LOGON_LUID {0x3e6, 0x0}
628 #define LOCALSERVICE_LUID {0x3e5, 0x0}
629 #define NETWORKSERVICE_LUID {0x3e4, 0x0}
630 #define IUSER_LUID {0x3e3, 0x0}
631
632 typedef struct _ACE_HEADER {
633 UCHAR AceType;
634 UCHAR AceFlags;
635 USHORT AceSize;
636 } ACE_HEADER, *PACE_HEADER;
637
638 /* also in winnt.h */
639 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
640 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
641 #define ACCESS_DENIED_ACE_TYPE (0x1)
642 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
643 #define SYSTEM_ALARM_ACE_TYPE (0x3)
644 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
645 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
646 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
647 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
648 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
649 #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
650 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
651 #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
652 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
653 #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
654 #define ACCESS_MAX_MS_ACE_TYPE (0x8)
655 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
656 #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
657 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
658 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
659 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
660 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
661 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
662 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
663 #define ACCESS_MAX_MS_V5_ACE_TYPE (0x11)
664 #define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11)
665
666 /* The following are the inherit flags that go into the AceFlags field
667 of an Ace header. */
668
669 #define OBJECT_INHERIT_ACE (0x1)
670 #define CONTAINER_INHERIT_ACE (0x2)
671 #define NO_PROPAGATE_INHERIT_ACE (0x4)
672 #define INHERIT_ONLY_ACE (0x8)
673 #define INHERITED_ACE (0x10)
674 #define VALID_INHERIT_FLAGS (0x1F)
675
676 #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
677 #define FAILED_ACCESS_ACE_FLAG (0x80)
678
679 typedef struct _ACCESS_ALLOWED_ACE {
680 ACE_HEADER Header;
681 ACCESS_MASK Mask;
682 ULONG SidStart;
683 } ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE;
684
685 typedef struct _ACCESS_DENIED_ACE {
686 ACE_HEADER Header;
687 ACCESS_MASK Mask;
688 ULONG SidStart;
689 } ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE;
690
691 typedef struct _SYSTEM_AUDIT_ACE {
692 ACE_HEADER Header;
693 ACCESS_MASK Mask;
694 ULONG SidStart;
695 } SYSTEM_AUDIT_ACE, *PSYSTEM_AUDIT_ACE;
696
697 typedef struct _SYSTEM_ALARM_ACE {
698 ACE_HEADER Header;
699 ACCESS_MASK Mask;
700 ULONG SidStart;
701 } SYSTEM_ALARM_ACE, *PSYSTEM_ALARM_ACE;
702
703 typedef struct _SYSTEM_MANDATORY_LABEL_ACE {
704 ACE_HEADER Header;
705 ACCESS_MASK Mask;
706 ULONG SidStart;
707 } SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;
708
709 #define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1
710 #define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2
711 #define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
712 #define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \
713 SYSTEM_MANDATORY_LABEL_NO_READ_UP | \
714 SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
715
716 #define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
717
718 typedef USHORT SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL;
719
720 #define SE_OWNER_DEFAULTED 0x0001
721 #define SE_GROUP_DEFAULTED 0x0002
722 #define SE_DACL_PRESENT 0x0004
723 #define SE_DACL_DEFAULTED 0x0008
724 #define SE_SACL_PRESENT 0x0010
725 #define SE_SACL_DEFAULTED 0x0020
726 #define SE_DACL_UNTRUSTED 0x0040
727 #define SE_SERVER_SECURITY 0x0080
728 #define SE_DACL_AUTO_INHERIT_REQ 0x0100
729 #define SE_SACL_AUTO_INHERIT_REQ 0x0200
730 #define SE_DACL_AUTO_INHERITED 0x0400
731 #define SE_SACL_AUTO_INHERITED 0x0800
732 #define SE_DACL_PROTECTED 0x1000
733 #define SE_SACL_PROTECTED 0x2000
734 #define SE_RM_CONTROL_VALID 0x4000
735 #define SE_SELF_RELATIVE 0x8000
736
737 typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
738 UCHAR Revision;
739 UCHAR Sbz1;
740 SECURITY_DESCRIPTOR_CONTROL Control;
741 ULONG Owner;
742 ULONG Group;
743 ULONG Sacl;
744 ULONG Dacl;
745 } SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
746
747 typedef struct _SECURITY_DESCRIPTOR {
748 UCHAR Revision;
749 UCHAR Sbz1;
750 SECURITY_DESCRIPTOR_CONTROL Control;
751 PSID Owner;
752 PSID Group;
753 PACL Sacl;
754 PACL Dacl;
755 } SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
756
757 typedef struct _OBJECT_TYPE_LIST {
758 USHORT Level;
759 USHORT Sbz;
760 GUID *ObjectType;
761 } OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST;
762
763 #define ACCESS_OBJECT_GUID 0
764 #define ACCESS_PROPERTY_SET_GUID 1
765 #define ACCESS_PROPERTY_GUID 2
766 #define ACCESS_MAX_LEVEL 4
767
768 typedef enum _AUDIT_EVENT_TYPE {
769 AuditEventObjectAccess,
770 AuditEventDirectoryServiceAccess
771 } AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
772
773 #define AUDIT_ALLOW_NO_PRIVILEGE 0x1
774
775 #define ACCESS_DS_SOURCE_A "DS"
776 #define ACCESS_DS_SOURCE_W L"DS"
777 #define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object"
778 #define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object"
779
780 #define ACCESS_REASON_TYPE_MASK 0xffff0000
781 #define ACCESS_REASON_DATA_MASK 0x0000ffff
782
783 typedef enum _ACCESS_REASON_TYPE {
784 AccessReasonNone = 0x00000000,
785 AccessReasonAllowedAce = 0x00010000,
786 AccessReasonDeniedAce = 0x00020000,
787 AccessReasonAllowedParentAce = 0x00030000,
788 AccessReasonDeniedParentAce = 0x00040000,
789 AccessReasonMissingPrivilege = 0x00100000,
790 AccessReasonFromPrivilege = 0x00200000,
791 AccessReasonIntegrityLevel = 0x00300000,
792 AccessReasonOwnership = 0x00400000,
793 AccessReasonNullDacl = 0x00500000,
794 AccessReasonEmptyDacl = 0x00600000,
795 AccessReasonNoSD = 0x00700000,
796 AccessReasonNoGrant = 0x00800000
797 } ACCESS_REASON_TYPE;
798
799 typedef ULONG ACCESS_REASON;
800
801 typedef struct _ACCESS_REASONS {
802 ACCESS_REASON Data[32];
803 } ACCESS_REASONS, *PACCESS_REASONS;
804
805 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_OWNER_ACE 0x00000001
806 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_LABEL_ACE 0x00000002
807 #define SE_SECURITY_DESCRIPTOR_VALID_FLAGS 0x00000003
808
809 typedef struct _SE_SECURITY_DESCRIPTOR {
810 ULONG Size;
811 ULONG Flags;
812 PSECURITY_DESCRIPTOR SecurityDescriptor;
813 } SE_SECURITY_DESCRIPTOR, *PSE_SECURITY_DESCRIPTOR;
814
815 typedef struct _SE_ACCESS_REQUEST {
816 ULONG Size;
817 PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor;
818 ACCESS_MASK DesiredAccess;
819 ACCESS_MASK PreviouslyGrantedAccess;
820 PSID PrincipalSelfSid;
821 PGENERIC_MAPPING GenericMapping;
822 ULONG ObjectTypeListCount;
823 POBJECT_TYPE_LIST ObjectTypeList;
824 } SE_ACCESS_REQUEST, *PSE_ACCESS_REQUEST;
825
826 typedef struct _SE_ACCESS_REPLY {
827 ULONG Size;
828 ULONG ResultListCount;
829 PACCESS_MASK GrantedAccess;
830 PNTSTATUS AccessStatus;
831 PACCESS_REASONS AccessReason;
832 PPRIVILEGE_SET* Privileges;
833 } SE_ACCESS_REPLY, *PSE_ACCESS_REPLY;
834
835 typedef enum _SE_AUDIT_OPERATION {
836 AuditPrivilegeObject,
837 AuditPrivilegeService,
838 AuditAccessCheck,
839 AuditOpenObject,
840 AuditOpenObjectWithTransaction,
841 AuditCloseObject,
842 AuditDeleteObject,
843 AuditOpenObjectForDelete,
844 AuditOpenObjectForDeleteWithTransaction,
845 AuditCloseNonObject,
846 AuditOpenNonObject,
847 AuditObjectReference,
848 AuditHandleCreation,
849 } SE_AUDIT_OPERATION, *PSE_AUDIT_OPERATION;
850
851 typedef struct _SE_AUDIT_INFO {
852 ULONG Size;
853 AUDIT_EVENT_TYPE AuditType;
854 SE_AUDIT_OPERATION AuditOperation;
855 ULONG AuditFlags;
856 UNICODE_STRING SubsystemName;
857 UNICODE_STRING ObjectTypeName;
858 UNICODE_STRING ObjectName;
859 PVOID HandleId;
860 GUID* TransactionId;
861 LUID* OperationId;
862 BOOLEAN ObjectCreation;
863 BOOLEAN GenerateOnClose;
864 } SE_AUDIT_INFO, *PSE_AUDIT_INFO;
865
866 #define TOKEN_ASSIGN_PRIMARY (0x0001)
867 #define TOKEN_DUPLICATE (0x0002)
868 #define TOKEN_IMPERSONATE (0x0004)
869 #define TOKEN_QUERY (0x0008)
870 #define TOKEN_QUERY_SOURCE (0x0010)
871 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
872 #define TOKEN_ADJUST_GROUPS (0x0040)
873 #define TOKEN_ADJUST_DEFAULT (0x0080)
874 #define TOKEN_ADJUST_SESSIONID (0x0100)
875
876 #define TOKEN_ALL_ACCESS_P (STANDARD_RIGHTS_REQUIRED |\
877 TOKEN_ASSIGN_PRIMARY |\
878 TOKEN_DUPLICATE |\
879 TOKEN_IMPERSONATE |\
880 TOKEN_QUERY |\
881 TOKEN_QUERY_SOURCE |\
882 TOKEN_ADJUST_PRIVILEGES |\
883 TOKEN_ADJUST_GROUPS |\
884 TOKEN_ADJUST_DEFAULT )
885
886 #if ((defined(_WIN32_WINNT) && (_WIN32_WINNT > 0x0400)) || (!defined(_WIN32_WINNT)))
887 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P |\
888 TOKEN_ADJUST_SESSIONID )
889 #else
890 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P)
891 #endif
892
893 #define TOKEN_READ (STANDARD_RIGHTS_READ |\
894 TOKEN_QUERY)
895
896 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
897 TOKEN_ADJUST_PRIVILEGES |\
898 TOKEN_ADJUST_GROUPS |\
899 TOKEN_ADJUST_DEFAULT)
900
901 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
902
903 typedef enum _TOKEN_TYPE {
904 TokenPrimary = 1,
905 TokenImpersonation
906 } TOKEN_TYPE,*PTOKEN_TYPE;
907
908 typedef enum _TOKEN_INFORMATION_CLASS {
909 TokenUser = 1,
910 TokenGroups,
911 TokenPrivileges,
912 TokenOwner,
913 TokenPrimaryGroup,
914 TokenDefaultDacl,
915 TokenSource,
916 TokenType,
917 TokenImpersonationLevel,
918 TokenStatistics,
919 TokenRestrictedSids,
920 TokenSessionId,
921 TokenGroupsAndPrivileges,
922 TokenSessionReference,
923 TokenSandBoxInert,
924 TokenAuditPolicy,
925 TokenOrigin,
926 TokenElevationType,
927 TokenLinkedToken,
928 TokenElevation,
929 TokenHasRestrictions,
930 TokenAccessInformation,
931 TokenVirtualizationAllowed,
932 TokenVirtualizationEnabled,
933 TokenIntegrityLevel,
934 TokenUIAccess,
935 TokenMandatoryPolicy,
936 TokenLogonSid,
937 MaxTokenInfoClass
938 } TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS;
939
940 typedef struct _TOKEN_USER {
941 SID_AND_ATTRIBUTES User;
942 } TOKEN_USER, *PTOKEN_USER;
943
944 typedef struct _TOKEN_GROUPS {
945 ULONG GroupCount;
946 #ifdef MIDL_PASS
947 [size_is(GroupCount)] SID_AND_ATTRIBUTES Groups[*];
948 #else
949 SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
950 #endif
951 } TOKEN_GROUPS,*PTOKEN_GROUPS,*LPTOKEN_GROUPS;
952
953 typedef struct _TOKEN_PRIVILEGES {
954 ULONG PrivilegeCount;
955 LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
956 } TOKEN_PRIVILEGES,*PTOKEN_PRIVILEGES,*LPTOKEN_PRIVILEGES;
957
958 typedef struct _TOKEN_OWNER {
959 PSID Owner;
960 } TOKEN_OWNER,*PTOKEN_OWNER;
961
962 typedef struct _TOKEN_PRIMARY_GROUP {
963 PSID PrimaryGroup;
964 } TOKEN_PRIMARY_GROUP,*PTOKEN_PRIMARY_GROUP;
965
966 typedef struct _TOKEN_DEFAULT_DACL {
967 PACL DefaultDacl;
968 } TOKEN_DEFAULT_DACL,*PTOKEN_DEFAULT_DACL;
969
970 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES {
971 ULONG SidCount;
972 ULONG SidLength;
973 PSID_AND_ATTRIBUTES Sids;
974 ULONG RestrictedSidCount;
975 ULONG RestrictedSidLength;
976 PSID_AND_ATTRIBUTES RestrictedSids;
977 ULONG PrivilegeCount;
978 ULONG PrivilegeLength;
979 PLUID_AND_ATTRIBUTES Privileges;
980 LUID AuthenticationId;
981 } TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES;
982
983 typedef struct _TOKEN_LINKED_TOKEN {
984 HANDLE LinkedToken;
985 } TOKEN_LINKED_TOKEN, *PTOKEN_LINKED_TOKEN;
986
987 typedef struct _TOKEN_ELEVATION {
988 ULONG TokenIsElevated;
989 } TOKEN_ELEVATION, *PTOKEN_ELEVATION;
990
991 typedef struct _TOKEN_MANDATORY_LABEL {
992 SID_AND_ATTRIBUTES Label;
993 } TOKEN_MANDATORY_LABEL, *PTOKEN_MANDATORY_LABEL;
994
995 #define TOKEN_MANDATORY_POLICY_OFF 0x0
996 #define TOKEN_MANDATORY_POLICY_NO_WRITE_UP 0x1
997 #define TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN 0x2
998
999 #define TOKEN_MANDATORY_POLICY_VALID_MASK (TOKEN_MANDATORY_POLICY_NO_WRITE_UP | \
1000 TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN)
1001
1002 typedef struct _TOKEN_MANDATORY_POLICY {
1003 ULONG Policy;
1004 } TOKEN_MANDATORY_POLICY, *PTOKEN_MANDATORY_POLICY;
1005
1006 typedef struct _TOKEN_ACCESS_INFORMATION {
1007 PSID_AND_ATTRIBUTES_HASH SidHash;
1008 PSID_AND_ATTRIBUTES_HASH RestrictedSidHash;
1009 PTOKEN_PRIVILEGES Privileges;
1010 LUID AuthenticationId;
1011 TOKEN_TYPE TokenType;
1012 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
1013 TOKEN_MANDATORY_POLICY MandatoryPolicy;
1014 ULONG Flags;
1015 } TOKEN_ACCESS_INFORMATION, *PTOKEN_ACCESS_INFORMATION;
1016
1017 #define POLICY_AUDIT_SUBCATEGORY_COUNT (53)
1018
1019 typedef struct _TOKEN_AUDIT_POLICY {
1020 UCHAR PerUserPolicy[((POLICY_AUDIT_SUBCATEGORY_COUNT) >> 1) + 1];
1021 } TOKEN_AUDIT_POLICY, *PTOKEN_AUDIT_POLICY;
1022
1023 #define TOKEN_SOURCE_LENGTH 8
1024
1025 typedef struct _TOKEN_SOURCE {
1026 CHAR SourceName[TOKEN_SOURCE_LENGTH];
1027 LUID SourceIdentifier;
1028 } TOKEN_SOURCE,*PTOKEN_SOURCE;
1029
1030 typedef struct _TOKEN_STATISTICS {
1031 LUID TokenId;
1032 LUID AuthenticationId;
1033 LARGE_INTEGER ExpirationTime;
1034 TOKEN_TYPE TokenType;
1035 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
1036 ULONG DynamicCharged;
1037 ULONG DynamicAvailable;
1038 ULONG GroupCount;
1039 ULONG PrivilegeCount;
1040 LUID ModifiedId;
1041 } TOKEN_STATISTICS, *PTOKEN_STATISTICS;
1042
1043 typedef struct _TOKEN_CONTROL {
1044 LUID TokenId;
1045 LUID AuthenticationId;
1046 LUID ModifiedId;
1047 TOKEN_SOURCE TokenSource;
1048 } TOKEN_CONTROL,*PTOKEN_CONTROL;
1049
1050 typedef struct _TOKEN_ORIGIN {
1051 LUID OriginatingLogonSession;
1052 } TOKEN_ORIGIN, *PTOKEN_ORIGIN;
1053
1054 typedef enum _MANDATORY_LEVEL {
1055 MandatoryLevelUntrusted = 0,
1056 MandatoryLevelLow,
1057 MandatoryLevelMedium,
1058 MandatoryLevelHigh,
1059 MandatoryLevelSystem,
1060 MandatoryLevelSecureProcess,
1061 MandatoryLevelCount
1062 } MANDATORY_LEVEL, *PMANDATORY_LEVEL;
1063
1064 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x0001
1065 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x0002
1066 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x0004
1067 #define TOKEN_WRITE_RESTRICTED 0x0008
1068 #define TOKEN_IS_RESTRICTED 0x0010
1069 #define TOKEN_SESSION_NOT_REFERENCED 0x0020
1070 #define TOKEN_SANDBOX_INERT 0x0040
1071 #define TOKEN_HAS_IMPERSONATE_PRIVILEGE 0x0080
1072 #define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
1073 #define TOKEN_VIRTUALIZE_ALLOWED 0x0200
1074 #define TOKEN_VIRTUALIZE_ENABLED 0x0400
1075 #define TOKEN_IS_FILTERED 0x0800
1076 #define TOKEN_UIACCESS 0x1000
1077 #define TOKEN_NOT_LOW 0x2000
1078
1079 typedef struct _SE_EXPORTS {
1080 LUID SeCreateTokenPrivilege;
1081 LUID SeAssignPrimaryTokenPrivilege;
1082 LUID SeLockMemoryPrivilege;
1083 LUID SeIncreaseQuotaPrivilege;
1084 LUID SeUnsolicitedInputPrivilege;
1085 LUID SeTcbPrivilege;
1086 LUID SeSecurityPrivilege;
1087 LUID SeTakeOwnershipPrivilege;
1088 LUID SeLoadDriverPrivilege;
1089 LUID SeCreatePagefilePrivilege;
1090 LUID SeIncreaseBasePriorityPrivilege;
1091 LUID SeSystemProfilePrivilege;
1092 LUID SeSystemtimePrivilege;
1093 LUID SeProfileSingleProcessPrivilege;
1094 LUID SeCreatePermanentPrivilege;
1095 LUID SeBackupPrivilege;
1096 LUID SeRestorePrivilege;
1097 LUID SeShutdownPrivilege;
1098 LUID SeDebugPrivilege;
1099 LUID SeAuditPrivilege;
1100 LUID SeSystemEnvironmentPrivilege;
1101 LUID SeChangeNotifyPrivilege;
1102 LUID SeRemoteShutdownPrivilege;
1103 PSID SeNullSid;
1104 PSID SeWorldSid;
1105 PSID SeLocalSid;
1106 PSID SeCreatorOwnerSid;
1107 PSID SeCreatorGroupSid;
1108 PSID SeNtAuthoritySid;
1109 PSID SeDialupSid;
1110 PSID SeNetworkSid;
1111 PSID SeBatchSid;
1112 PSID SeInteractiveSid;
1113 PSID SeLocalSystemSid;
1114 PSID SeAliasAdminsSid;
1115 PSID SeAliasUsersSid;
1116 PSID SeAliasGuestsSid;
1117 PSID SeAliasPowerUsersSid;
1118 PSID SeAliasAccountOpsSid;
1119 PSID SeAliasSystemOpsSid;
1120 PSID SeAliasPrintOpsSid;
1121 PSID SeAliasBackupOpsSid;
1122 PSID SeAuthenticatedUsersSid;
1123 PSID SeRestrictedSid;
1124 PSID SeAnonymousLogonSid;
1125 LUID SeUndockPrivilege;
1126 LUID SeSyncAgentPrivilege;
1127 LUID SeEnableDelegationPrivilege;
1128 PSID SeLocalServiceSid;
1129 PSID SeNetworkServiceSid;
1130 LUID SeManageVolumePrivilege;
1131 LUID SeImpersonatePrivilege;
1132 LUID SeCreateGlobalPrivilege;
1133 LUID SeTrustedCredManAccessPrivilege;
1134 LUID SeRelabelPrivilege;
1135 LUID SeIncreaseWorkingSetPrivilege;
1136 LUID SeTimeZonePrivilege;
1137 LUID SeCreateSymbolicLinkPrivilege;
1138 PSID SeIUserSid;
1139 PSID SeUntrustedMandatorySid;
1140 PSID SeLowMandatorySid;
1141 PSID SeMediumMandatorySid;
1142 PSID SeHighMandatorySid;
1143 PSID SeSystemMandatorySid;
1144 PSID SeOwnerRightsSid;
1145 } SE_EXPORTS, *PSE_EXPORTS;
1146
1147 typedef NTSTATUS
1148 (NTAPI *PSE_LOGON_SESSION_TERMINATED_ROUTINE)(
1149 IN PLUID LogonId);
1150
1151 typedef struct _SECURITY_CLIENT_CONTEXT {
1152 SECURITY_QUALITY_OF_SERVICE SecurityQos;
1153 PACCESS_TOKEN ClientToken;
1154 BOOLEAN DirectlyAccessClientToken;
1155 BOOLEAN DirectAccessEffectiveOnly;
1156 BOOLEAN ServerIsRemote;
1157 TOKEN_CONTROL ClientTokenControl;
1158 } SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
1159
1160 $endif (_NTIFS_)
A free Windows-compatible Operating System