projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[XDK][PSDK][DDK] Share some Se types between winnt and ntifs/wdm. WIP.
[reactos.git] / reactos / include / xdk / setypes.h
1 /******************************************************************************
2 * Security Manager Types *
3 ******************************************************************************/
4 $if (_WDMDDK_)
5
6 /* Simple types */
7 typedef PVOID PSECURITY_DESCRIPTOR;
8 typedef ULONG SECURITY_INFORMATION, *PSECURITY_INFORMATION;
9 typedef ULONG ACCESS_MASK, *PACCESS_MASK;
10
11 $endif (_WDMDDK_)
12 $if (_WDMDDK_ || _WINNT_)
13
14 typedef PVOID PACCESS_TOKEN;
15 typedef PVOID PSID;
16
17 $endif (_WDMDDK_ || _WINNT_)
18 $if (_WDMDDK_)
19
20 #define DELETE 0x00010000L
21 #define READ_CONTROL 0x00020000L
22 #define WRITE_DAC 0x00040000L
23 #define WRITE_OWNER 0x00080000L
24 #define SYNCHRONIZE 0x00100000L
25 #define STANDARD_RIGHTS_REQUIRED 0x000F0000L
26 #define STANDARD_RIGHTS_READ READ_CONTROL
27 #define STANDARD_RIGHTS_WRITE READ_CONTROL
28 #define STANDARD_RIGHTS_EXECUTE READ_CONTROL
29 #define STANDARD_RIGHTS_ALL 0x001F0000L
30 #define SPECIFIC_RIGHTS_ALL 0x0000FFFFL
31 #define ACCESS_SYSTEM_SECURITY 0x01000000L
32 #define MAXIMUM_ALLOWED 0x02000000L
33 #define GENERIC_READ 0x80000000L
34 #define GENERIC_WRITE 0x40000000L
35 #define GENERIC_EXECUTE 0x20000000L
36 #define GENERIC_ALL 0x10000000L
37
38 typedef struct _GENERIC_MAPPING {
39 ACCESS_MASK GenericRead;
40 ACCESS_MASK GenericWrite;
41 ACCESS_MASK GenericExecute;
42 ACCESS_MASK GenericAll;
43 } GENERIC_MAPPING, *PGENERIC_MAPPING;
44
45 #define ACL_REVISION 2
46 #define ACL_REVISION_DS 4
47
48 #define ACL_REVISION1 1
49 #define ACL_REVISION2 2
50 #define ACL_REVISION3 3
51 #define ACL_REVISION4 4
52 #define MIN_ACL_REVISION ACL_REVISION2
53 #define MAX_ACL_REVISION ACL_REVISION4
54
55 typedef struct _ACL {
56 UCHAR AclRevision;
57 UCHAR Sbz1;
58 USHORT AclSize;
59 USHORT AceCount;
60 USHORT Sbz2;
61 } ACL, *PACL;
62
63 /* Current security descriptor revision value */
64 #define SECURITY_DESCRIPTOR_REVISION (1)
65 #define SECURITY_DESCRIPTOR_REVISION1 (1)
66
67 /* Privilege attributes */
68 #define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x00000001L)
69 #define SE_PRIVILEGE_ENABLED (0x00000002L)
70 #define SE_PRIVILEGE_REMOVED (0X00000004L)
71 #define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
72
73 #define SE_PRIVILEGE_VALID_ATTRIBUTES (SE_PRIVILEGE_ENABLED_BY_DEFAULT | \
74 SE_PRIVILEGE_ENABLED | \
75 SE_PRIVILEGE_REMOVED | \
76 SE_PRIVILEGE_USED_FOR_ACCESS)
77
78 #include <pshpack4.h>
79 typedef struct _LUID_AND_ATTRIBUTES {
80 LUID Luid;
81 ULONG Attributes;
82 } LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
83 #include <poppack.h>
84
85 typedef LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
86 typedef LUID_AND_ATTRIBUTES_ARRAY *PLUID_AND_ATTRIBUTES_ARRAY;
87
88 /* Privilege sets */
89 #define PRIVILEGE_SET_ALL_NECESSARY (1)
90
91 typedef struct _PRIVILEGE_SET {
92 ULONG PrivilegeCount;
93 ULONG Control;
94 LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY];
95 } PRIVILEGE_SET,*PPRIVILEGE_SET;
96
97 $endif(_WDMDDK_)
98 $if(_WDMDDK_ || _WINNT_)
99
100 typedef enum _SECURITY_IMPERSONATION_LEVEL {
101 SecurityAnonymous,
102 SecurityIdentification,
103 SecurityImpersonation,
104 SecurityDelegation
105 } SECURITY_IMPERSONATION_LEVEL, * PSECURITY_IMPERSONATION_LEVEL;
106
107 $endif (_WDMDDK_ || _WINNT_)
108 $if (_WDMDDK_)
109
110 #define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation
111 #define SECURITY_MIN_IMPERSONATION_LEVEL SecurityAnonymous
112 #define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation
113 #define VALID_IMPERSONATION_LEVEL(Level) (((Level) >= SECURITY_MIN_IMPERSONATION_LEVEL) && ((Level) <= SECURITY_MAX_IMPERSONATION_LEVEL))
114
115 #define SECURITY_DYNAMIC_TRACKING (TRUE)
116 #define SECURITY_STATIC_TRACKING (FALSE)
117
118 $endif (_WDMDDK_)
119 $if (_WDMDDK_ || _WINNT_)
120
121 typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE, *PSECURITY_CONTEXT_TRACKING_MODE;
122
123 typedef struct _SECURITY_QUALITY_OF_SERVICE {
124 $ULONG Length;
125 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
126 SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode;
127 BOOLEAN EffectiveOnly;
128 } SECURITY_QUALITY_OF_SERVICE, *PSECURITY_QUALITY_OF_SERVICE;
129
130 typedef struct _SE_IMPERSONATION_STATE {
131 PACCESS_TOKEN Token;
132 BOOLEAN CopyOnOpen;
133 BOOLEAN EffectiveOnly;
134 SECURITY_IMPERSONATION_LEVEL Level;
135 } SE_IMPERSONATION_STATE, *PSE_IMPERSONATION_STATE;
136
137 $endif (_WDMDDK_ || _WINNT_)
138 $if (_WDMDDK_)
139
140 #define OWNER_SECURITY_INFORMATION (0x00000001L)
141 #define GROUP_SECURITY_INFORMATION (0x00000002L)
142 #define DACL_SECURITY_INFORMATION (0x00000004L)
143 #define SACL_SECURITY_INFORMATION (0x00000008L)
144 #define LABEL_SECURITY_INFORMATION (0x00000010L)
145
146 #define PROTECTED_DACL_SECURITY_INFORMATION (0x80000000L)
147 #define PROTECTED_SACL_SECURITY_INFORMATION (0x40000000L)
148 #define UNPROTECTED_DACL_SECURITY_INFORMATION (0x20000000L)
149 #define UNPROTECTED_SACL_SECURITY_INFORMATION (0x10000000L)
150
151 typedef enum _SECURITY_OPERATION_CODE {
152 SetSecurityDescriptor,
153 QuerySecurityDescriptor,
154 DeleteSecurityDescriptor,
155 AssignSecurityDescriptor
156 } SECURITY_OPERATION_CODE, *PSECURITY_OPERATION_CODE;
157
158 #define INITIAL_PRIVILEGE_COUNT 3
159
160 typedef struct _INITIAL_PRIVILEGE_SET {
161 ULONG PrivilegeCount;
162 ULONG Control;
163 LUID_AND_ATTRIBUTES Privilege[INITIAL_PRIVILEGE_COUNT];
164 } INITIAL_PRIVILEGE_SET, * PINITIAL_PRIVILEGE_SET;
165
166 #define SE_MIN_WELL_KNOWN_PRIVILEGE 2
167 #define SE_CREATE_TOKEN_PRIVILEGE 2
168 #define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE 3
169 #define SE_LOCK_MEMORY_PRIVILEGE 4
170 #define SE_INCREASE_QUOTA_PRIVILEGE 5
171 #define SE_MACHINE_ACCOUNT_PRIVILEGE 6
172 #define SE_TCB_PRIVILEGE 7
173 #define SE_SECURITY_PRIVILEGE 8
174 #define SE_TAKE_OWNERSHIP_PRIVILEGE 9
175 #define SE_LOAD_DRIVER_PRIVILEGE 10
176 #define SE_SYSTEM_PROFILE_PRIVILEGE 11
177 #define SE_SYSTEMTIME_PRIVILEGE 12
178 #define SE_PROF_SINGLE_PROCESS_PRIVILEGE 13
179 #define SE_INC_BASE_PRIORITY_PRIVILEGE 14
180 #define SE_CREATE_PAGEFILE_PRIVILEGE 15
181 #define SE_CREATE_PERMANENT_PRIVILEGE 16
182 #define SE_BACKUP_PRIVILEGE 17
183 #define SE_RESTORE_PRIVILEGE 18
184 #define SE_SHUTDOWN_PRIVILEGE 19
185 #define SE_DEBUG_PRIVILEGE 20
186 #define SE_AUDIT_PRIVILEGE 21
187 #define SE_SYSTEM_ENVIRONMENT_PRIVILEGE 22
188 #define SE_CHANGE_NOTIFY_PRIVILEGE 23
189 #define SE_REMOTE_SHUTDOWN_PRIVILEGE 24
190 #define SE_UNDOCK_PRIVILEGE 25
191 #define SE_SYNC_AGENT_PRIVILEGE 26
192 #define SE_ENABLE_DELEGATION_PRIVILEGE 27
193 #define SE_MANAGE_VOLUME_PRIVILEGE 28
194 #define SE_IMPERSONATE_PRIVILEGE 29
195 #define SE_CREATE_GLOBAL_PRIVILEGE 30
196 #define SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE 31
197 #define SE_RELABEL_PRIVILEGE 32
198 #define SE_INC_WORKING_SET_PRIVILEGE 33
199 #define SE_TIME_ZONE_PRIVILEGE 34
200 #define SE_CREATE_SYMBOLIC_LINK_PRIVILEGE 35
201 #define SE_MAX_WELL_KNOWN_PRIVILEGE SE_CREATE_SYMBOLIC_LINK_PRIVILEGE
202
203 typedef struct _SECURITY_SUBJECT_CONTEXT {
204 PACCESS_TOKEN ClientToken;
205 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
206 PACCESS_TOKEN PrimaryToken;
207 PVOID ProcessAuditId;
208 } SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT;
209
210 typedef struct _ACCESS_STATE {
211 LUID OperationID;
212 BOOLEAN SecurityEvaluated;
213 BOOLEAN GenerateAudit;
214 BOOLEAN GenerateOnClose;
215 BOOLEAN PrivilegesAllocated;
216 ULONG Flags;
217 ACCESS_MASK RemainingDesiredAccess;
218 ACCESS_MASK PreviouslyGrantedAccess;
219 ACCESS_MASK OriginalDesiredAccess;
220 SECURITY_SUBJECT_CONTEXT SubjectSecurityContext;
221 PSECURITY_DESCRIPTOR SecurityDescriptor;
222 PVOID AuxData;
223 union {
224 INITIAL_PRIVILEGE_SET InitialPrivilegeSet;
225 PRIVILEGE_SET PrivilegeSet;
226 } Privileges;
227 BOOLEAN AuditPrivileges;
228 UNICODE_STRING ObjectName;
229 UNICODE_STRING ObjectTypeName;
230 } ACCESS_STATE, *PACCESS_STATE;
231
232 typedef VOID
233 (NTAPI *PNTFS_DEREF_EXPORTED_SECURITY_DESCRIPTOR)(
234 _In_ PVOID Vcb,
235 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor);
236
237 #ifndef _NTLSA_IFS_
238
239 #ifndef _NTLSA_AUDIT_
240 #define _NTLSA_AUDIT_
241
242 #define SE_MAX_AUDIT_PARAMETERS 32
243 #define SE_MAX_GENERIC_AUDIT_PARAMETERS 28
244
245 #define SE_ADT_OBJECT_ONLY 0x1
246
247 #define SE_ADT_PARAMETERS_SELF_RELATIVE 0x00000001
248 #define SE_ADT_PARAMETERS_SEND_TO_LSA 0x00000002
249 #define SE_ADT_PARAMETER_EXTENSIBLE_AUDIT 0x00000004
250 #define SE_ADT_PARAMETER_GENERIC_AUDIT 0x00000008
251 #define SE_ADT_PARAMETER_WRITE_SYNCHRONOUS 0x00000010
252
253 #define LSAP_SE_ADT_PARAMETER_ARRAY_TRUE_SIZE(Parameters) \
254 ( sizeof(SE_ADT_PARAMETER_ARRAY) - sizeof(SE_ADT_PARAMETER_ARRAY_ENTRY) * \
255 (SE_MAX_AUDIT_PARAMETERS - Parameters->ParameterCount) )
256
257 typedef enum _SE_ADT_PARAMETER_TYPE {
258 SeAdtParmTypeNone = 0,
259 SeAdtParmTypeString,
260 SeAdtParmTypeFileSpec,
261 SeAdtParmTypeUlong,
262 SeAdtParmTypeSid,
263 SeAdtParmTypeLogonId,
264 SeAdtParmTypeNoLogonId,
265 SeAdtParmTypeAccessMask,
266 SeAdtParmTypePrivs,
267 SeAdtParmTypeObjectTypes,
268 SeAdtParmTypeHexUlong,
269 SeAdtParmTypePtr,
270 SeAdtParmTypeTime,
271 SeAdtParmTypeGuid,
272 SeAdtParmTypeLuid,
273 SeAdtParmTypeHexInt64,
274 SeAdtParmTypeStringList,
275 SeAdtParmTypeSidList,
276 SeAdtParmTypeDuration,
277 SeAdtParmTypeUserAccountControl,
278 SeAdtParmTypeNoUac,
279 SeAdtParmTypeMessage,
280 SeAdtParmTypeDateTime,
281 SeAdtParmTypeSockAddr,
282 SeAdtParmTypeSD,
283 SeAdtParmTypeLogonHours,
284 SeAdtParmTypeLogonIdNoSid,
285 SeAdtParmTypeUlongNoConv,
286 SeAdtParmTypeSockAddrNoPort,
287 SeAdtParmTypeAccessReason
288 } SE_ADT_PARAMETER_TYPE, *PSE_ADT_PARAMETER_TYPE;
289
290 typedef struct _SE_ADT_OBJECT_TYPE {
291 GUID ObjectType;
292 USHORT Flags;
293 USHORT Level;
294 ACCESS_MASK AccessMask;
295 } SE_ADT_OBJECT_TYPE, *PSE_ADT_OBJECT_TYPE;
296
297 typedef struct _SE_ADT_PARAMETER_ARRAY_ENTRY {
298 SE_ADT_PARAMETER_TYPE Type;
299 ULONG Length;
300 ULONG_PTR Data[2];
301 PVOID Address;
302 } SE_ADT_PARAMETER_ARRAY_ENTRY, *PSE_ADT_PARAMETER_ARRAY_ENTRY;
303
304 typedef struct _SE_ADT_ACCESS_REASON {
305 ACCESS_MASK AccessMask;
306 ULONG AccessReasons[32];
307 ULONG ObjectTypeIndex;
308 ULONG AccessGranted;
309 PSECURITY_DESCRIPTOR SecurityDescriptor;
310 } SE_ADT_ACCESS_REASON, *PSE_ADT_ACCESS_REASON;
311
312 typedef struct _SE_ADT_PARAMETER_ARRAY {
313 ULONG CategoryId;
314 ULONG AuditId;
315 ULONG ParameterCount;
316 ULONG Length;
317 USHORT FlatSubCategoryId;
318 USHORT Type;
319 ULONG Flags;
320 SE_ADT_PARAMETER_ARRAY_ENTRY Parameters[ SE_MAX_AUDIT_PARAMETERS ];
321 } SE_ADT_PARAMETER_ARRAY, *PSE_ADT_PARAMETER_ARRAY;
322
323 #endif /* !_NTLSA_AUDIT_ */
324 #endif /* !_NTLSA_IFS_ */
325 $endif (_WDMDDK_)
326 $if (_NTDDK_)
327 #define SE_UNSOLICITED_INPUT_PRIVILEGE 6
328
329 typedef enum _WELL_KNOWN_SID_TYPE {
330 WinNullSid = 0,
331 WinWorldSid = 1,
332 WinLocalSid = 2,
333 WinCreatorOwnerSid = 3,
334 WinCreatorGroupSid = 4,
335 WinCreatorOwnerServerSid = 5,
336 WinCreatorGroupServerSid = 6,
337 WinNtAuthoritySid = 7,
338 WinDialupSid = 8,
339 WinNetworkSid = 9,
340 WinBatchSid = 10,
341 WinInteractiveSid = 11,
342 WinServiceSid = 12,
343 WinAnonymousSid = 13,
344 WinProxySid = 14,
345 WinEnterpriseControllersSid = 15,
346 WinSelfSid = 16,
347 WinAuthenticatedUserSid = 17,
348 WinRestrictedCodeSid = 18,
349 WinTerminalServerSid = 19,
350 WinRemoteLogonIdSid = 20,
351 WinLogonIdsSid = 21,
352 WinLocalSystemSid = 22,
353 WinLocalServiceSid = 23,
354 WinNetworkServiceSid = 24,
355 WinBuiltinDomainSid = 25,
356 WinBuiltinAdministratorsSid = 26,
357 WinBuiltinUsersSid = 27,
358 WinBuiltinGuestsSid = 28,
359 WinBuiltinPowerUsersSid = 29,
360 WinBuiltinAccountOperatorsSid = 30,
361 WinBuiltinSystemOperatorsSid = 31,
362 WinBuiltinPrintOperatorsSid = 32,
363 WinBuiltinBackupOperatorsSid = 33,
364 WinBuiltinReplicatorSid = 34,
365 WinBuiltinPreWindows2000CompatibleAccessSid = 35,
366 WinBuiltinRemoteDesktopUsersSid = 36,
367 WinBuiltinNetworkConfigurationOperatorsSid = 37,
368 WinAccountAdministratorSid = 38,
369 WinAccountGuestSid = 39,
370 WinAccountKrbtgtSid = 40,
371 WinAccountDomainAdminsSid = 41,
372 WinAccountDomainUsersSid = 42,
373 WinAccountDomainGuestsSid = 43,
374 WinAccountComputersSid = 44,
375 WinAccountControllersSid = 45,
376 WinAccountCertAdminsSid = 46,
377 WinAccountSchemaAdminsSid = 47,
378 WinAccountEnterpriseAdminsSid = 48,
379 WinAccountPolicyAdminsSid = 49,
380 WinAccountRasAndIasServersSid = 50,
381 WinNTLMAuthenticationSid = 51,
382 WinDigestAuthenticationSid = 52,
383 WinSChannelAuthenticationSid = 53,
384 WinThisOrganizationSid = 54,
385 WinOtherOrganizationSid = 55,
386 WinBuiltinIncomingForestTrustBuildersSid = 56,
387 WinBuiltinPerfMonitoringUsersSid = 57,
388 WinBuiltinPerfLoggingUsersSid = 58,
389 WinBuiltinAuthorizationAccessSid = 59,
390 WinBuiltinTerminalServerLicenseServersSid = 60,
391 WinBuiltinDCOMUsersSid = 61,
392 WinBuiltinIUsersSid = 62,
393 WinIUserSid = 63,
394 WinBuiltinCryptoOperatorsSid = 64,
395 WinUntrustedLabelSid = 65,
396 WinLowLabelSid = 66,
397 WinMediumLabelSid = 67,
398 WinHighLabelSid = 68,
399 WinSystemLabelSid = 69,
400 WinWriteRestrictedCodeSid = 70,
401 WinCreatorOwnerRightsSid = 71,
402 WinCacheablePrincipalsGroupSid = 72,
403 WinNonCacheablePrincipalsGroupSid = 73,
404 WinEnterpriseReadonlyControllersSid = 74,
405 WinAccountReadonlyControllersSid = 75,
406 WinBuiltinEventLogReadersGroup = 76,
407 WinNewEnterpriseReadonlyControllersSid = 77,
408 WinBuiltinCertSvcDComAccessGroup = 78,
409 WinMediumPlusLabelSid = 79,
410 WinLocalLogonSid = 80,
411 WinConsoleLogonSid = 81,
412 WinThisOrganizationCertificateSid = 82,
413 } WELL_KNOWN_SID_TYPE;
414 $endif (_NTDDK_)
415 $if (_NTIFS_ || _WINNT_)
416
417 #ifndef SID_IDENTIFIER_AUTHORITY_DEFINED
418 #define SID_IDENTIFIER_AUTHORITY_DEFINED
419 typedef struct _SID_IDENTIFIER_AUTHORITY {
420 $UCHAR Value[6];
421 } SID_IDENTIFIER_AUTHORITY,*PSID_IDENTIFIER_AUTHORITY,*LPSID_IDENTIFIER_AUTHORITY;
422 #endif
423
424 #ifndef SID_DEFINED
425 #define SID_DEFINED
426 typedef struct _SID {
427 $UCHAR Revision;
428 $UCHAR SubAuthorityCount;
429 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
430 #ifdef MIDL_PASS
431 [size_is(SubAuthorityCount)] $ULONG SubAuthority[*];
432 #else
433 $ULONG SubAuthority[ANYSIZE_ARRAY];
434 #endif
435 } SID, *PISID;
436 #endif
437
438 $endif (_NTIFS_ || _WINNT_)
439 $if (_NTIFS_)
440
441 #define SID_REVISION 1
442 #define SID_MAX_SUB_AUTHORITIES 15
443 #define SID_RECOMMENDED_SUB_AUTHORITIES 1
444
445 #ifndef MIDL_PASS
446 #define SECURITY_MAX_SID_SIZE (sizeof(SID) - sizeof(ULONG) + (SID_MAX_SUB_AUTHORITIES * sizeof(ULONG)))
447 #endif
448
449 typedef enum _SID_NAME_USE {
450 SidTypeUser = 1,
451 SidTypeGroup,
452 SidTypeDomain,
453 SidTypeAlias,
454 SidTypeWellKnownGroup,
455 SidTypeDeletedAccount,
456 SidTypeInvalid,
457 SidTypeUnknown,
458 SidTypeComputer,
459 SidTypeLabel
460 } SID_NAME_USE, *PSID_NAME_USE;
461
462 typedef struct _SID_AND_ATTRIBUTES {
463 #ifdef MIDL_PASS
464 PISID Sid;
465 #else
466 PSID Sid;
467 #endif
468 ULONG Attributes;
469 } SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
470 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
471 typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
472
473 #define SID_HASH_SIZE 32
474 typedef ULONG_PTR SID_HASH_ENTRY, *PSID_HASH_ENTRY;
475
476 typedef struct _SID_AND_ATTRIBUTES_HASH {
477 ULONG SidCount;
478 PSID_AND_ATTRIBUTES SidAttr;
479 SID_HASH_ENTRY Hash[SID_HASH_SIZE];
480 } SID_AND_ATTRIBUTES_HASH, *PSID_AND_ATTRIBUTES_HASH;
481
482 /* Universal well-known SIDs */
483
484 #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
485 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
486 #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
487 #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
488 #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
489 #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
490
491 #define SECURITY_NULL_RID (0x00000000L)
492 #define SECURITY_WORLD_RID (0x00000000L)
493 #define SECURITY_LOCAL_RID (0x00000000L)
494 #define SECURITY_LOCAL_LOGON_RID (0x00000001L)
495
496 #define SECURITY_CREATOR_OWNER_RID (0x00000000L)
497 #define SECURITY_CREATOR_GROUP_RID (0x00000001L)
498 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
499 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
500 #define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
501
502 /* NT well-known SIDs */
503
504 #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
505
506 #define SECURITY_DIALUP_RID (0x00000001L)
507 #define SECURITY_NETWORK_RID (0x00000002L)
508 #define SECURITY_BATCH_RID (0x00000003L)
509 #define SECURITY_INTERACTIVE_RID (0x00000004L)
510 #define SECURITY_LOGON_IDS_RID (0x00000005L)
511 #define SECURITY_LOGON_IDS_RID_COUNT (3L)
512 #define SECURITY_SERVICE_RID (0x00000006L)
513 #define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
514 #define SECURITY_PROXY_RID (0x00000008L)
515 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
516 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
517 #define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
518 #define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
519 #define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
520 #define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
521 #define SECURITY_REMOTE_LOGON_RID (0x0000000EL)
522 #define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL)
523 #define SECURITY_IUSER_RID (0x00000011L)
524 #define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
525 #define SECURITY_LOCAL_SERVICE_RID (0x00000013L)
526 #define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
527 #define SECURITY_NT_NON_UNIQUE (0x00000015L)
528 #define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
529 #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
530
531 #define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
532 #define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
533
534
535 #define SECURITY_PACKAGE_BASE_RID (0x00000040L)
536 #define SECURITY_PACKAGE_RID_COUNT (2L)
537 #define SECURITY_PACKAGE_NTLM_RID (0x0000000AL)
538 #define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
539 #define SECURITY_PACKAGE_DIGEST_RID (0x00000015L)
540
541 #define SECURITY_CRED_TYPE_BASE_RID (0x00000041L)
542 #define SECURITY_CRED_TYPE_RID_COUNT (2L)
543 #define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L)
544
545 #define SECURITY_MIN_BASE_RID (0x00000050L)
546 #define SECURITY_SERVICE_ID_BASE_RID (0x00000050L)
547 #define SECURITY_SERVICE_ID_RID_COUNT (6L)
548 #define SECURITY_RESERVED_ID_BASE_RID (0x00000051L)
549 #define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L)
550 #define SECURITY_APPPOOL_ID_RID_COUNT (6L)
551 #define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L)
552 #define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L)
553 #define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L)
554 #define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L)
555 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID (0x00000055L)
556 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L)
557 #define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L)
558 #define SECURITY_WMIHOST_ID_RID_COUNT (6L)
559 #define SECURITY_TASK_ID_BASE_RID (0x00000057L)
560 #define SECURITY_NFS_ID_BASE_RID (0x00000058L)
561 #define SECURITY_COM_ID_BASE_RID (0x00000059L)
562 #define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L)
563
564 #define SECURITY_MAX_BASE_RID (0x0000006FL)
565
566 #define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
567 #define SECURITY_MIN_NEVER_FILTERED (0x000003E8L)
568
569 #define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
570
571 #define SECURITY_WINDOWSMOBILE_ID_BASE_RID (0x00000070L)
572
573 /* Well-known domain relative sub-authority values (RIDs) */
574
575 #define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
576
577 #define FOREST_USER_RID_MAX (0x000001F3L)
578
579 /* Well-known users */
580
581 #define DOMAIN_USER_RID_ADMIN (0x000001F4L)
582 #define DOMAIN_USER_RID_GUEST (0x000001F5L)
583 #define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
584
585 #define DOMAIN_USER_RID_MAX (0x000003E7L)
586
587 /* Well-known groups */
588
589 #define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
590 #define DOMAIN_GROUP_RID_USERS (0x00000201L)
591 #define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
592 #define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L)
593 #define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)
594 #define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)
595 #define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
596 #define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
597 #define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
598 #define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L)
599
600 /* Well-known aliases */
601
602 #define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
603 #define DOMAIN_ALIAS_RID_USERS (0x00000221L)
604 #define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
605 #define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
606
607 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
608 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
609 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
610 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
611
612 #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
613 #define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
614 #define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL)
615 #define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL)
616 #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL)
617 #define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
618
619 #define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL)
620 #define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL)
621 #define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
622 #define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L)
623 #define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L)
624 #define DOMAIN_ALIAS_RID_IUSERS (0x00000238L)
625 #define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L)
626 #define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL)
627 #define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL)
628 #define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL)
629 #define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL)
630
631 #define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
632 #define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L)
633 #define SECURITY_MANDATORY_LOW_RID (0x00001000L)
634 #define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L)
635 #define SECURITY_MANDATORY_HIGH_RID (0x00003000L)
636 #define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L)
637 #define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
638
639 /* SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that
640 can be set by a usermode caller.*/
641
642 #define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
643
644 #define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
645
646 /* Allocate the System Luid. The first 1000 LUIDs are reserved.
647 Use #999 here (0x3e7 = 999) */
648
649 #define SYSTEM_LUID {0x3e7, 0x0}
650 #define ANONYMOUS_LOGON_LUID {0x3e6, 0x0}
651 #define LOCALSERVICE_LUID {0x3e5, 0x0}
652 #define NETWORKSERVICE_LUID {0x3e4, 0x0}
653 #define IUSER_LUID {0x3e3, 0x0}
654
655 typedef struct _ACE_HEADER {
656 UCHAR AceType;
657 UCHAR AceFlags;
658 USHORT AceSize;
659 } ACE_HEADER, *PACE_HEADER;
660
661 /* also in winnt.h */
662 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
663 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
664 #define ACCESS_DENIED_ACE_TYPE (0x1)
665 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
666 #define SYSTEM_ALARM_ACE_TYPE (0x3)
667 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
668 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
669 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
670 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
671 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
672 #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
673 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
674 #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
675 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
676 #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
677 #define ACCESS_MAX_MS_ACE_TYPE (0x8)
678 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
679 #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
680 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
681 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
682 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
683 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
684 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
685 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
686 #define ACCESS_MAX_MS_V5_ACE_TYPE (0x11)
687 #define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11)
688
689 /* The following are the inherit flags that go into the AceFlags field
690 of an Ace header. */
691
692 #define OBJECT_INHERIT_ACE (0x1)
693 #define CONTAINER_INHERIT_ACE (0x2)
694 #define NO_PROPAGATE_INHERIT_ACE (0x4)
695 #define INHERIT_ONLY_ACE (0x8)
696 #define INHERITED_ACE (0x10)
697 #define VALID_INHERIT_FLAGS (0x1F)
698
699 #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
700 #define FAILED_ACCESS_ACE_FLAG (0x80)
701
702 typedef struct _ACCESS_ALLOWED_ACE {
703 ACE_HEADER Header;
704 ACCESS_MASK Mask;
705 ULONG SidStart;
706 } ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE;
707
708 typedef struct _ACCESS_DENIED_ACE {
709 ACE_HEADER Header;
710 ACCESS_MASK Mask;
711 ULONG SidStart;
712 } ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE;
713
714 typedef struct _SYSTEM_AUDIT_ACE {
715 ACE_HEADER Header;
716 ACCESS_MASK Mask;
717 ULONG SidStart;
718 } SYSTEM_AUDIT_ACE, *PSYSTEM_AUDIT_ACE;
719
720 typedef struct _SYSTEM_ALARM_ACE {
721 ACE_HEADER Header;
722 ACCESS_MASK Mask;
723 ULONG SidStart;
724 } SYSTEM_ALARM_ACE, *PSYSTEM_ALARM_ACE;
725
726 typedef struct _SYSTEM_MANDATORY_LABEL_ACE {
727 ACE_HEADER Header;
728 ACCESS_MASK Mask;
729 ULONG SidStart;
730 } SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;
731
732 #define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1
733 #define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2
734 #define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
735 #define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \
736 SYSTEM_MANDATORY_LABEL_NO_READ_UP | \
737 SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
738
739 #define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
740
741 typedef USHORT SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL;
742
743 #define SE_OWNER_DEFAULTED 0x0001
744 #define SE_GROUP_DEFAULTED 0x0002
745 #define SE_DACL_PRESENT 0x0004
746 #define SE_DACL_DEFAULTED 0x0008
747 #define SE_SACL_PRESENT 0x0010
748 #define SE_SACL_DEFAULTED 0x0020
749 #define SE_DACL_UNTRUSTED 0x0040
750 #define SE_SERVER_SECURITY 0x0080
751 #define SE_DACL_AUTO_INHERIT_REQ 0x0100
752 #define SE_SACL_AUTO_INHERIT_REQ 0x0200
753 #define SE_DACL_AUTO_INHERITED 0x0400
754 #define SE_SACL_AUTO_INHERITED 0x0800
755 #define SE_DACL_PROTECTED 0x1000
756 #define SE_SACL_PROTECTED 0x2000
757 #define SE_RM_CONTROL_VALID 0x4000
758 #define SE_SELF_RELATIVE 0x8000
759
760 typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
761 UCHAR Revision;
762 UCHAR Sbz1;
763 SECURITY_DESCRIPTOR_CONTROL Control;
764 ULONG Owner;
765 ULONG Group;
766 ULONG Sacl;
767 ULONG Dacl;
768 } SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
769
770 typedef struct _SECURITY_DESCRIPTOR {
771 UCHAR Revision;
772 UCHAR Sbz1;
773 SECURITY_DESCRIPTOR_CONTROL Control;
774 PSID Owner;
775 PSID Group;
776 PACL Sacl;
777 PACL Dacl;
778 } SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
779
780 typedef struct _OBJECT_TYPE_LIST {
781 USHORT Level;
782 USHORT Sbz;
783 GUID *ObjectType;
784 } OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST;
785
786 #define ACCESS_OBJECT_GUID 0
787 #define ACCESS_PROPERTY_SET_GUID 1
788 #define ACCESS_PROPERTY_GUID 2
789 #define ACCESS_MAX_LEVEL 4
790
791 typedef enum _AUDIT_EVENT_TYPE {
792 AuditEventObjectAccess,
793 AuditEventDirectoryServiceAccess
794 } AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
795
796 #define AUDIT_ALLOW_NO_PRIVILEGE 0x1
797
798 #define ACCESS_DS_SOURCE_A "DS"
799 #define ACCESS_DS_SOURCE_W L"DS"
800 #define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object"
801 #define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object"
802
803 #define ACCESS_REASON_TYPE_MASK 0xffff0000
804 #define ACCESS_REASON_DATA_MASK 0x0000ffff
805
806 typedef enum _ACCESS_REASON_TYPE {
807 AccessReasonNone = 0x00000000,
808 AccessReasonAllowedAce = 0x00010000,
809 AccessReasonDeniedAce = 0x00020000,
810 AccessReasonAllowedParentAce = 0x00030000,
811 AccessReasonDeniedParentAce = 0x00040000,
812 AccessReasonMissingPrivilege = 0x00100000,
813 AccessReasonFromPrivilege = 0x00200000,
814 AccessReasonIntegrityLevel = 0x00300000,
815 AccessReasonOwnership = 0x00400000,
816 AccessReasonNullDacl = 0x00500000,
817 AccessReasonEmptyDacl = 0x00600000,
818 AccessReasonNoSD = 0x00700000,
819 AccessReasonNoGrant = 0x00800000
820 } ACCESS_REASON_TYPE;
821
822 typedef ULONG ACCESS_REASON;
823
824 typedef struct _ACCESS_REASONS {
825 ACCESS_REASON Data[32];
826 } ACCESS_REASONS, *PACCESS_REASONS;
827
828 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_OWNER_ACE 0x00000001
829 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_LABEL_ACE 0x00000002
830 #define SE_SECURITY_DESCRIPTOR_VALID_FLAGS 0x00000003
831
832 typedef struct _SE_SECURITY_DESCRIPTOR {
833 ULONG Size;
834 ULONG Flags;
835 PSECURITY_DESCRIPTOR SecurityDescriptor;
836 } SE_SECURITY_DESCRIPTOR, *PSE_SECURITY_DESCRIPTOR;
837
838 typedef struct _SE_ACCESS_REQUEST {
839 ULONG Size;
840 PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor;
841 ACCESS_MASK DesiredAccess;
842 ACCESS_MASK PreviouslyGrantedAccess;
843 PSID PrincipalSelfSid;
844 PGENERIC_MAPPING GenericMapping;
845 ULONG ObjectTypeListCount;
846 POBJECT_TYPE_LIST ObjectTypeList;
847 } SE_ACCESS_REQUEST, *PSE_ACCESS_REQUEST;
848
849 typedef struct _SE_ACCESS_REPLY {
850 ULONG Size;
851 ULONG ResultListCount;
852 PACCESS_MASK GrantedAccess;
853 PNTSTATUS AccessStatus;
854 PACCESS_REASONS AccessReason;
855 PPRIVILEGE_SET* Privileges;
856 } SE_ACCESS_REPLY, *PSE_ACCESS_REPLY;
857
858 typedef enum _SE_AUDIT_OPERATION {
859 AuditPrivilegeObject,
860 AuditPrivilegeService,
861 AuditAccessCheck,
862 AuditOpenObject,
863 AuditOpenObjectWithTransaction,
864 AuditCloseObject,
865 AuditDeleteObject,
866 AuditOpenObjectForDelete,
867 AuditOpenObjectForDeleteWithTransaction,
868 AuditCloseNonObject,
869 AuditOpenNonObject,
870 AuditObjectReference,
871 AuditHandleCreation,
872 } SE_AUDIT_OPERATION, *PSE_AUDIT_OPERATION;
873
874 typedef struct _SE_AUDIT_INFO {
875 ULONG Size;
876 AUDIT_EVENT_TYPE AuditType;
877 SE_AUDIT_OPERATION AuditOperation;
878 ULONG AuditFlags;
879 UNICODE_STRING SubsystemName;
880 UNICODE_STRING ObjectTypeName;
881 UNICODE_STRING ObjectName;
882 PVOID HandleId;
883 GUID* TransactionId;
884 LUID* OperationId;
885 BOOLEAN ObjectCreation;
886 BOOLEAN GenerateOnClose;
887 } SE_AUDIT_INFO, *PSE_AUDIT_INFO;
888
889 #define TOKEN_ASSIGN_PRIMARY (0x0001)
890 #define TOKEN_DUPLICATE (0x0002)
891 #define TOKEN_IMPERSONATE (0x0004)
892 #define TOKEN_QUERY (0x0008)
893 #define TOKEN_QUERY_SOURCE (0x0010)
894 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
895 #define TOKEN_ADJUST_GROUPS (0x0040)
896 #define TOKEN_ADJUST_DEFAULT (0x0080)
897 #define TOKEN_ADJUST_SESSIONID (0x0100)
898
899 #define TOKEN_ALL_ACCESS_P (STANDARD_RIGHTS_REQUIRED |\
900 TOKEN_ASSIGN_PRIMARY |\
901 TOKEN_DUPLICATE |\
902 TOKEN_IMPERSONATE |\
903 TOKEN_QUERY |\
904 TOKEN_QUERY_SOURCE |\
905 TOKEN_ADJUST_PRIVILEGES |\
906 TOKEN_ADJUST_GROUPS |\
907 TOKEN_ADJUST_DEFAULT )
908
909 #if ((defined(_WIN32_WINNT) && (_WIN32_WINNT > 0x0400)) || (!defined(_WIN32_WINNT)))
910 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P |\
911 TOKEN_ADJUST_SESSIONID )
912 #else
913 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P)
914 #endif
915
916 #define TOKEN_READ (STANDARD_RIGHTS_READ |\
917 TOKEN_QUERY)
918
919 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
920 TOKEN_ADJUST_PRIVILEGES |\
921 TOKEN_ADJUST_GROUPS |\
922 TOKEN_ADJUST_DEFAULT)
923
924 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
925
926 typedef enum _TOKEN_TYPE {
927 TokenPrimary = 1,
928 TokenImpersonation
929 } TOKEN_TYPE,*PTOKEN_TYPE;
930
931 typedef enum _TOKEN_INFORMATION_CLASS {
932 TokenUser = 1,
933 TokenGroups,
934 TokenPrivileges,
935 TokenOwner,
936 TokenPrimaryGroup,
937 TokenDefaultDacl,
938 TokenSource,
939 TokenType,
940 TokenImpersonationLevel,
941 TokenStatistics,
942 TokenRestrictedSids,
943 TokenSessionId,
944 TokenGroupsAndPrivileges,
945 TokenSessionReference,
946 TokenSandBoxInert,
947 TokenAuditPolicy,
948 TokenOrigin,
949 TokenElevationType,
950 TokenLinkedToken,
951 TokenElevation,
952 TokenHasRestrictions,
953 TokenAccessInformation,
954 TokenVirtualizationAllowed,
955 TokenVirtualizationEnabled,
956 TokenIntegrityLevel,
957 TokenUIAccess,
958 TokenMandatoryPolicy,
959 TokenLogonSid,
960 MaxTokenInfoClass
961 } TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS;
962
963 typedef struct _TOKEN_USER {
964 SID_AND_ATTRIBUTES User;
965 } TOKEN_USER, *PTOKEN_USER;
966
967 typedef struct _TOKEN_GROUPS {
968 ULONG GroupCount;
969 #ifdef MIDL_PASS
970 [size_is(GroupCount)] SID_AND_ATTRIBUTES Groups[*];
971 #else
972 SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
973 #endif
974 } TOKEN_GROUPS,*PTOKEN_GROUPS,*LPTOKEN_GROUPS;
975
976 typedef struct _TOKEN_PRIVILEGES {
977 ULONG PrivilegeCount;
978 LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
979 } TOKEN_PRIVILEGES,*PTOKEN_PRIVILEGES,*LPTOKEN_PRIVILEGES;
980
981 typedef struct _TOKEN_OWNER {
982 PSID Owner;
983 } TOKEN_OWNER,*PTOKEN_OWNER;
984
985 typedef struct _TOKEN_PRIMARY_GROUP {
986 PSID PrimaryGroup;
987 } TOKEN_PRIMARY_GROUP,*PTOKEN_PRIMARY_GROUP;
988
989 typedef struct _TOKEN_DEFAULT_DACL {
990 PACL DefaultDacl;
991 } TOKEN_DEFAULT_DACL,*PTOKEN_DEFAULT_DACL;
992
993 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES {
994 ULONG SidCount;
995 ULONG SidLength;
996 PSID_AND_ATTRIBUTES Sids;
997 ULONG RestrictedSidCount;
998 ULONG RestrictedSidLength;
999 PSID_AND_ATTRIBUTES RestrictedSids;
1000 ULONG PrivilegeCount;
1001 ULONG PrivilegeLength;
1002 PLUID_AND_ATTRIBUTES Privileges;
1003 LUID AuthenticationId;
1004 } TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES;
1005
1006 typedef struct _TOKEN_LINKED_TOKEN {
1007 HANDLE LinkedToken;
1008 } TOKEN_LINKED_TOKEN, *PTOKEN_LINKED_TOKEN;
1009
1010 typedef struct _TOKEN_ELEVATION {
1011 ULONG TokenIsElevated;
1012 } TOKEN_ELEVATION, *PTOKEN_ELEVATION;
1013
1014 typedef struct _TOKEN_MANDATORY_LABEL {
1015 SID_AND_ATTRIBUTES Label;
1016 } TOKEN_MANDATORY_LABEL, *PTOKEN_MANDATORY_LABEL;
1017
1018 #define TOKEN_MANDATORY_POLICY_OFF 0x0
1019 #define TOKEN_MANDATORY_POLICY_NO_WRITE_UP 0x1
1020 #define TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN 0x2
1021
1022 #define TOKEN_MANDATORY_POLICY_VALID_MASK (TOKEN_MANDATORY_POLICY_NO_WRITE_UP | \
1023 TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN)
1024
1025 typedef struct _TOKEN_MANDATORY_POLICY {
1026 ULONG Policy;
1027 } TOKEN_MANDATORY_POLICY, *PTOKEN_MANDATORY_POLICY;
1028
1029 typedef struct _TOKEN_ACCESS_INFORMATION {
1030 PSID_AND_ATTRIBUTES_HASH SidHash;
1031 PSID_AND_ATTRIBUTES_HASH RestrictedSidHash;
1032 PTOKEN_PRIVILEGES Privileges;
1033 LUID AuthenticationId;
1034 TOKEN_TYPE TokenType;
1035 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
1036 TOKEN_MANDATORY_POLICY MandatoryPolicy;
1037 ULONG Flags;
1038 } TOKEN_ACCESS_INFORMATION, *PTOKEN_ACCESS_INFORMATION;
1039
1040 #define POLICY_AUDIT_SUBCATEGORY_COUNT (53)
1041
1042 typedef struct _TOKEN_AUDIT_POLICY {
1043 UCHAR PerUserPolicy[((POLICY_AUDIT_SUBCATEGORY_COUNT) >> 1) + 1];
1044 } TOKEN_AUDIT_POLICY, *PTOKEN_AUDIT_POLICY;
1045
1046 #define TOKEN_SOURCE_LENGTH 8
1047
1048 typedef struct _TOKEN_SOURCE {
1049 CHAR SourceName[TOKEN_SOURCE_LENGTH];
1050 LUID SourceIdentifier;
1051 } TOKEN_SOURCE,*PTOKEN_SOURCE;
1052
1053 typedef struct _TOKEN_STATISTICS {
1054 LUID TokenId;
1055 LUID AuthenticationId;
1056 LARGE_INTEGER ExpirationTime;
1057 TOKEN_TYPE TokenType;
1058 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
1059 ULONG DynamicCharged;
1060 ULONG DynamicAvailable;
1061 ULONG GroupCount;
1062 ULONG PrivilegeCount;
1063 LUID ModifiedId;
1064 } TOKEN_STATISTICS, *PTOKEN_STATISTICS;
1065
1066 typedef struct _TOKEN_CONTROL {
1067 LUID TokenId;
1068 LUID AuthenticationId;
1069 LUID ModifiedId;
1070 TOKEN_SOURCE TokenSource;
1071 } TOKEN_CONTROL,*PTOKEN_CONTROL;
1072
1073 typedef struct _TOKEN_ORIGIN {
1074 LUID OriginatingLogonSession;
1075 } TOKEN_ORIGIN, *PTOKEN_ORIGIN;
1076
1077 typedef enum _MANDATORY_LEVEL {
1078 MandatoryLevelUntrusted = 0,
1079 MandatoryLevelLow,
1080 MandatoryLevelMedium,
1081 MandatoryLevelHigh,
1082 MandatoryLevelSystem,
1083 MandatoryLevelSecureProcess,
1084 MandatoryLevelCount
1085 } MANDATORY_LEVEL, *PMANDATORY_LEVEL;
1086
1087 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x0001
1088 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x0002
1089 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x0004
1090 #define TOKEN_WRITE_RESTRICTED 0x0008
1091 #define TOKEN_IS_RESTRICTED 0x0010
1092 #define TOKEN_SESSION_NOT_REFERENCED 0x0020
1093 #define TOKEN_SANDBOX_INERT 0x0040
1094 #define TOKEN_HAS_IMPERSONATE_PRIVILEGE 0x0080
1095 #define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
1096 #define TOKEN_VIRTUALIZE_ALLOWED 0x0200
1097 #define TOKEN_VIRTUALIZE_ENABLED 0x0400
1098 #define TOKEN_IS_FILTERED 0x0800
1099 #define TOKEN_UIACCESS 0x1000
1100 #define TOKEN_NOT_LOW 0x2000
1101
1102 typedef struct _SE_EXPORTS {
1103 LUID SeCreateTokenPrivilege;
1104 LUID SeAssignPrimaryTokenPrivilege;
1105 LUID SeLockMemoryPrivilege;
1106 LUID SeIncreaseQuotaPrivilege;
1107 LUID SeUnsolicitedInputPrivilege;
1108 LUID SeTcbPrivilege;
1109 LUID SeSecurityPrivilege;
1110 LUID SeTakeOwnershipPrivilege;
1111 LUID SeLoadDriverPrivilege;
1112 LUID SeCreatePagefilePrivilege;
1113 LUID SeIncreaseBasePriorityPrivilege;
1114 LUID SeSystemProfilePrivilege;
1115 LUID SeSystemtimePrivilege;
1116 LUID SeProfileSingleProcessPrivilege;
1117 LUID SeCreatePermanentPrivilege;
1118 LUID SeBackupPrivilege;
1119 LUID SeRestorePrivilege;
1120 LUID SeShutdownPrivilege;
1121 LUID SeDebugPrivilege;
1122 LUID SeAuditPrivilege;
1123 LUID SeSystemEnvironmentPrivilege;
1124 LUID SeChangeNotifyPrivilege;
1125 LUID SeRemoteShutdownPrivilege;
1126 PSID SeNullSid;
1127 PSID SeWorldSid;
1128 PSID SeLocalSid;
1129 PSID SeCreatorOwnerSid;
1130 PSID SeCreatorGroupSid;
1131 PSID SeNtAuthoritySid;
1132 PSID SeDialupSid;
1133 PSID SeNetworkSid;
1134 PSID SeBatchSid;
1135 PSID SeInteractiveSid;
1136 PSID SeLocalSystemSid;
1137 PSID SeAliasAdminsSid;
1138 PSID SeAliasUsersSid;
1139 PSID SeAliasGuestsSid;
1140 PSID SeAliasPowerUsersSid;
1141 PSID SeAliasAccountOpsSid;
1142 PSID SeAliasSystemOpsSid;
1143 PSID SeAliasPrintOpsSid;
1144 PSID SeAliasBackupOpsSid;
1145 PSID SeAuthenticatedUsersSid;
1146 PSID SeRestrictedSid;
1147 PSID SeAnonymousLogonSid;
1148 LUID SeUndockPrivilege;
1149 LUID SeSyncAgentPrivilege;
1150 LUID SeEnableDelegationPrivilege;
1151 PSID SeLocalServiceSid;
1152 PSID SeNetworkServiceSid;
1153 LUID SeManageVolumePrivilege;
1154 LUID SeImpersonatePrivilege;
1155 LUID SeCreateGlobalPrivilege;
1156 LUID SeTrustedCredManAccessPrivilege;
1157 LUID SeRelabelPrivilege;
1158 LUID SeIncreaseWorkingSetPrivilege;
1159 LUID SeTimeZonePrivilege;
1160 LUID SeCreateSymbolicLinkPrivilege;
1161 PSID SeIUserSid;
1162 PSID SeUntrustedMandatorySid;
1163 PSID SeLowMandatorySid;
1164 PSID SeMediumMandatorySid;
1165 PSID SeHighMandatorySid;
1166 PSID SeSystemMandatorySid;
1167 PSID SeOwnerRightsSid;
1168 } SE_EXPORTS, *PSE_EXPORTS;
1169
1170 typedef NTSTATUS
1171 (NTAPI *PSE_LOGON_SESSION_TERMINATED_ROUTINE)(
1172 IN PLUID LogonId);
1173
1174 typedef struct _SECURITY_CLIENT_CONTEXT {
1175 SECURITY_QUALITY_OF_SERVICE SecurityQos;
1176 PACCESS_TOKEN ClientToken;
1177 BOOLEAN DirectlyAccessClientToken;
1178 BOOLEAN DirectAccessEffectiveOnly;
1179 BOOLEAN ServerIsRemote;
1180 TOKEN_CONTROL ClientTokenControl;
1181 } SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
1182
1183 $endif (_NTIFS_)
A free Windows-compatible Operating System