projects / reactos.git / blob
? search:


0bc6f3019072b50aff9c1ff1eb72412246673a99
[reactos.git] / reactos / sdk / include / xdk / setypes.h
1 /******************************************************************************
2 * Security Manager Types *
3 ******************************************************************************/
4 $if (_WDMDDK_ || _WINNT_)
5
6 /* Simple types */
7 typedef PVOID PSECURITY_DESCRIPTOR;
8 typedef $ULONG SECURITY_INFORMATION, *PSECURITY_INFORMATION;
9 typedef $ULONG ACCESS_MASK, *PACCESS_MASK;
10
11 typedef PVOID PACCESS_TOKEN;
12 typedef PVOID PSID;
13
14 #define DELETE 0x00010000L
15 #define READ_CONTROL 0x00020000L
16 #define WRITE_DAC 0x00040000L
17 #define WRITE_OWNER 0x00080000L
18 #define SYNCHRONIZE 0x00100000L
19 #define STANDARD_RIGHTS_REQUIRED 0x000F0000L
20 #define STANDARD_RIGHTS_READ READ_CONTROL
21 #define STANDARD_RIGHTS_WRITE READ_CONTROL
22 #define STANDARD_RIGHTS_EXECUTE READ_CONTROL
23 #define STANDARD_RIGHTS_ALL 0x001F0000L
24 #define SPECIFIC_RIGHTS_ALL 0x0000FFFFL
25 #define ACCESS_SYSTEM_SECURITY 0x01000000L
26 #define MAXIMUM_ALLOWED 0x02000000L
27 #define GENERIC_READ 0x80000000L
28 #define GENERIC_WRITE 0x40000000L
29 #define GENERIC_EXECUTE 0x20000000L
30 #define GENERIC_ALL 0x10000000L
31
32 typedef struct _GENERIC_MAPPING {
33 ACCESS_MASK GenericRead;
34 ACCESS_MASK GenericWrite;
35 ACCESS_MASK GenericExecute;
36 ACCESS_MASK GenericAll;
37 } GENERIC_MAPPING, *PGENERIC_MAPPING;
38
39 #define ACL_REVISION 2
40 #define ACL_REVISION_DS 4
41
42 #define ACL_REVISION1 1
43 #define ACL_REVISION2 2
44 #define ACL_REVISION3 3
45 #define ACL_REVISION4 4
46 #define MIN_ACL_REVISION ACL_REVISION2
47 #define MAX_ACL_REVISION ACL_REVISION4
48
49 typedef struct _ACL {
50 $UCHAR AclRevision;
51 $UCHAR Sbz1;
52 $USHORT AclSize;
53 $USHORT AceCount;
54 $USHORT Sbz2;
55 } ACL, *PACL;
56
57 /* Current security descriptor revision value */
58 #define SECURITY_DESCRIPTOR_REVISION (1)
59 #define SECURITY_DESCRIPTOR_REVISION1 (1)
60
61 /* Privilege attributes */
62 #define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x00000001L)
63 #define SE_PRIVILEGE_ENABLED (0x00000002L)
64 #define SE_PRIVILEGE_REMOVED (0X00000004L)
65 #define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
66
67 #define SE_PRIVILEGE_VALID_ATTRIBUTES (SE_PRIVILEGE_ENABLED_BY_DEFAULT | \
68 SE_PRIVILEGE_ENABLED | \
69 SE_PRIVILEGE_REMOVED | \
70 SE_PRIVILEGE_USED_FOR_ACCESS)
71
72 #include <pshpack4.h>
73 typedef struct _LUID_AND_ATTRIBUTES {
74 LUID Luid;
75 $ULONG Attributes;
76 } LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
77 #include <poppack.h>
78
79 typedef LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
80 typedef LUID_AND_ATTRIBUTES_ARRAY *PLUID_AND_ATTRIBUTES_ARRAY;
81
82 /* Privilege sets */
83 #define PRIVILEGE_SET_ALL_NECESSARY (1)
84
85 typedef struct _PRIVILEGE_SET {
86 $ULONG PrivilegeCount;
87 $ULONG Control;
88 LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY];
89 } PRIVILEGE_SET, *PPRIVILEGE_SET;
90
91 typedef enum _SECURITY_IMPERSONATION_LEVEL {
92 SecurityAnonymous,
93 SecurityIdentification,
94 SecurityImpersonation,
95 SecurityDelegation
96 } SECURITY_IMPERSONATION_LEVEL, * PSECURITY_IMPERSONATION_LEVEL;
97
98 #define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation
99 #define SECURITY_MIN_IMPERSONATION_LEVEL SecurityAnonymous
100 #define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation
101 #define VALID_IMPERSONATION_LEVEL(Level) (((Level) >= SECURITY_MIN_IMPERSONATION_LEVEL) && ((Level) <= SECURITY_MAX_IMPERSONATION_LEVEL))
102
103 #define SECURITY_DYNAMIC_TRACKING (TRUE)
104 #define SECURITY_STATIC_TRACKING (FALSE)
105
106 typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE, *PSECURITY_CONTEXT_TRACKING_MODE;
107
108 typedef struct _SECURITY_QUALITY_OF_SERVICE {
109 $ULONG Length;
110 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
111 SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode;
112 BOOLEAN EffectiveOnly;
113 } SECURITY_QUALITY_OF_SERVICE, *PSECURITY_QUALITY_OF_SERVICE;
114
115 typedef struct _SE_IMPERSONATION_STATE {
116 PACCESS_TOKEN Token;
117 BOOLEAN CopyOnOpen;
118 BOOLEAN EffectiveOnly;
119 SECURITY_IMPERSONATION_LEVEL Level;
120 } SE_IMPERSONATION_STATE, *PSE_IMPERSONATION_STATE;
121
122
123 #define OWNER_SECURITY_INFORMATION (0x00000001L)
124 #define GROUP_SECURITY_INFORMATION (0x00000002L)
125 #define DACL_SECURITY_INFORMATION (0x00000004L)
126 #define SACL_SECURITY_INFORMATION (0x00000008L)
127 #define LABEL_SECURITY_INFORMATION (0x00000010L)
128
129 #define PROTECTED_DACL_SECURITY_INFORMATION (0x80000000L)
130 #define PROTECTED_SACL_SECURITY_INFORMATION (0x40000000L)
131 #define UNPROTECTED_DACL_SECURITY_INFORMATION (0x20000000L)
132 #define UNPROTECTED_SACL_SECURITY_INFORMATION (0x10000000L)
133
134 $endif (_WDMDDK_ || _WINNT_)
135 $if (_WDMDDK_)
136
137 typedef enum _SECURITY_OPERATION_CODE {
138 SetSecurityDescriptor,
139 QuerySecurityDescriptor,
140 DeleteSecurityDescriptor,
141 AssignSecurityDescriptor
142 } SECURITY_OPERATION_CODE, *PSECURITY_OPERATION_CODE;
143
144 #define INITIAL_PRIVILEGE_COUNT 3
145
146 typedef struct _INITIAL_PRIVILEGE_SET {
147 ULONG PrivilegeCount;
148 ULONG Control;
149 LUID_AND_ATTRIBUTES Privilege[INITIAL_PRIVILEGE_COUNT];
150 } INITIAL_PRIVILEGE_SET, * PINITIAL_PRIVILEGE_SET;
151
152 #define SE_MIN_WELL_KNOWN_PRIVILEGE 2
153 #define SE_CREATE_TOKEN_PRIVILEGE 2
154 #define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE 3
155 #define SE_LOCK_MEMORY_PRIVILEGE 4
156 #define SE_INCREASE_QUOTA_PRIVILEGE 5
157 #define SE_MACHINE_ACCOUNT_PRIVILEGE 6
158 #define SE_TCB_PRIVILEGE 7
159 #define SE_SECURITY_PRIVILEGE 8
160 #define SE_TAKE_OWNERSHIP_PRIVILEGE 9
161 #define SE_LOAD_DRIVER_PRIVILEGE 10
162 #define SE_SYSTEM_PROFILE_PRIVILEGE 11
163 #define SE_SYSTEMTIME_PRIVILEGE 12
164 #define SE_PROF_SINGLE_PROCESS_PRIVILEGE 13
165 #define SE_INC_BASE_PRIORITY_PRIVILEGE 14
166 #define SE_CREATE_PAGEFILE_PRIVILEGE 15
167 #define SE_CREATE_PERMANENT_PRIVILEGE 16
168 #define SE_BACKUP_PRIVILEGE 17
169 #define SE_RESTORE_PRIVILEGE 18
170 #define SE_SHUTDOWN_PRIVILEGE 19
171 #define SE_DEBUG_PRIVILEGE 20
172 #define SE_AUDIT_PRIVILEGE 21
173 #define SE_SYSTEM_ENVIRONMENT_PRIVILEGE 22
174 #define SE_CHANGE_NOTIFY_PRIVILEGE 23
175 #define SE_REMOTE_SHUTDOWN_PRIVILEGE 24
176 #define SE_UNDOCK_PRIVILEGE 25
177 #define SE_SYNC_AGENT_PRIVILEGE 26
178 #define SE_ENABLE_DELEGATION_PRIVILEGE 27
179 #define SE_MANAGE_VOLUME_PRIVILEGE 28
180 #define SE_IMPERSONATE_PRIVILEGE 29
181 #define SE_CREATE_GLOBAL_PRIVILEGE 30
182 #define SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE 31
183 #define SE_RELABEL_PRIVILEGE 32
184 #define SE_INC_WORKING_SET_PRIVILEGE 33
185 #define SE_TIME_ZONE_PRIVILEGE 34
186 #define SE_CREATE_SYMBOLIC_LINK_PRIVILEGE 35
187 #define SE_MAX_WELL_KNOWN_PRIVILEGE SE_CREATE_SYMBOLIC_LINK_PRIVILEGE
188
189 typedef struct _SECURITY_SUBJECT_CONTEXT {
190 PACCESS_TOKEN ClientToken;
191 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
192 PACCESS_TOKEN PrimaryToken;
193 PVOID ProcessAuditId;
194 } SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT;
195
196 typedef struct _ACCESS_STATE {
197 LUID OperationID;
198 BOOLEAN SecurityEvaluated;
199 BOOLEAN GenerateAudit;
200 BOOLEAN GenerateOnClose;
201 BOOLEAN PrivilegesAllocated;
202 ULONG Flags;
203 ACCESS_MASK RemainingDesiredAccess;
204 ACCESS_MASK PreviouslyGrantedAccess;
205 ACCESS_MASK OriginalDesiredAccess;
206 SECURITY_SUBJECT_CONTEXT SubjectSecurityContext;
207 PSECURITY_DESCRIPTOR SecurityDescriptor;
208 PVOID AuxData;
209 union {
210 INITIAL_PRIVILEGE_SET InitialPrivilegeSet;
211 PRIVILEGE_SET PrivilegeSet;
212 } Privileges;
213 BOOLEAN AuditPrivileges;
214 UNICODE_STRING ObjectName;
215 UNICODE_STRING ObjectTypeName;
216 } ACCESS_STATE, *PACCESS_STATE;
217
218 typedef VOID
219 (NTAPI *PNTFS_DEREF_EXPORTED_SECURITY_DESCRIPTOR)(
220 _In_ PVOID Vcb,
221 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor);
222
223 #ifndef _NTLSA_IFS_
224
225 #ifndef _NTLSA_AUDIT_
226 #define _NTLSA_AUDIT_
227
228 #define SE_MAX_AUDIT_PARAMETERS 32
229 #define SE_MAX_GENERIC_AUDIT_PARAMETERS 28
230
231 #define SE_ADT_OBJECT_ONLY 0x1
232
233 #define SE_ADT_PARAMETERS_SELF_RELATIVE 0x00000001
234 #define SE_ADT_PARAMETERS_SEND_TO_LSA 0x00000002
235 #define SE_ADT_PARAMETER_EXTENSIBLE_AUDIT 0x00000004
236 #define SE_ADT_PARAMETER_GENERIC_AUDIT 0x00000008
237 #define SE_ADT_PARAMETER_WRITE_SYNCHRONOUS 0x00000010
238
239 #define LSAP_SE_ADT_PARAMETER_ARRAY_TRUE_SIZE(Parameters) \
240 ( sizeof(SE_ADT_PARAMETER_ARRAY) - sizeof(SE_ADT_PARAMETER_ARRAY_ENTRY) * \
241 (SE_MAX_AUDIT_PARAMETERS - Parameters->ParameterCount) )
242
243 typedef enum _SE_ADT_PARAMETER_TYPE {
244 SeAdtParmTypeNone = 0,
245 SeAdtParmTypeString,
246 SeAdtParmTypeFileSpec,
247 SeAdtParmTypeUlong,
248 SeAdtParmTypeSid,
249 SeAdtParmTypeLogonId,
250 SeAdtParmTypeNoLogonId,
251 SeAdtParmTypeAccessMask,
252 SeAdtParmTypePrivs,
253 SeAdtParmTypeObjectTypes,
254 SeAdtParmTypeHexUlong,
255 SeAdtParmTypePtr,
256 SeAdtParmTypeTime,
257 SeAdtParmTypeGuid,
258 SeAdtParmTypeLuid,
259 SeAdtParmTypeHexInt64,
260 SeAdtParmTypeStringList,
261 SeAdtParmTypeSidList,
262 SeAdtParmTypeDuration,
263 SeAdtParmTypeUserAccountControl,
264 SeAdtParmTypeNoUac,
265 SeAdtParmTypeMessage,
266 SeAdtParmTypeDateTime,
267 SeAdtParmTypeSockAddr,
268 SeAdtParmTypeSD,
269 SeAdtParmTypeLogonHours,
270 SeAdtParmTypeLogonIdNoSid,
271 SeAdtParmTypeUlongNoConv,
272 SeAdtParmTypeSockAddrNoPort,
273 SeAdtParmTypeAccessReason
274 } SE_ADT_PARAMETER_TYPE, *PSE_ADT_PARAMETER_TYPE;
275
276 typedef struct _SE_ADT_OBJECT_TYPE {
277 GUID ObjectType;
278 USHORT Flags;
279 USHORT Level;
280 ACCESS_MASK AccessMask;
281 } SE_ADT_OBJECT_TYPE, *PSE_ADT_OBJECT_TYPE;
282
283 typedef struct _SE_ADT_PARAMETER_ARRAY_ENTRY {
284 SE_ADT_PARAMETER_TYPE Type;
285 ULONG Length;
286 ULONG_PTR Data[2];
287 PVOID Address;
288 } SE_ADT_PARAMETER_ARRAY_ENTRY, *PSE_ADT_PARAMETER_ARRAY_ENTRY;
289
290 typedef struct _SE_ADT_ACCESS_REASON {
291 ACCESS_MASK AccessMask;
292 ULONG AccessReasons[32];
293 ULONG ObjectTypeIndex;
294 ULONG AccessGranted;
295 PSECURITY_DESCRIPTOR SecurityDescriptor;
296 } SE_ADT_ACCESS_REASON, *PSE_ADT_ACCESS_REASON;
297
298 typedef struct _SE_ADT_PARAMETER_ARRAY {
299 ULONG CategoryId;
300 ULONG AuditId;
301 ULONG ParameterCount;
302 ULONG Length;
303 USHORT FlatSubCategoryId;
304 USHORT Type;
305 ULONG Flags;
306 SE_ADT_PARAMETER_ARRAY_ENTRY Parameters[ SE_MAX_AUDIT_PARAMETERS ];
307 } SE_ADT_PARAMETER_ARRAY, *PSE_ADT_PARAMETER_ARRAY;
308
309 #endif /* !_NTLSA_AUDIT_ */
310 #endif /* !_NTLSA_IFS_ */
311 $endif (_WDMDDK_)
312 $if (_NTDDK_)
313 #define SE_UNSOLICITED_INPUT_PRIVILEGE 6
314
315 $endif (_NTDDK_)
316 $if (_NTDDK_ || _WINNT_)
317
318 typedef enum _WELL_KNOWN_SID_TYPE {
319 WinNullSid = 0,
320 WinWorldSid = 1,
321 WinLocalSid = 2,
322 WinCreatorOwnerSid = 3,
323 WinCreatorGroupSid = 4,
324 WinCreatorOwnerServerSid = 5,
325 WinCreatorGroupServerSid = 6,
326 WinNtAuthoritySid = 7,
327 WinDialupSid = 8,
328 WinNetworkSid = 9,
329 WinBatchSid = 10,
330 WinInteractiveSid = 11,
331 WinServiceSid = 12,
332 WinAnonymousSid = 13,
333 WinProxySid = 14,
334 WinEnterpriseControllersSid = 15,
335 WinSelfSid = 16,
336 WinAuthenticatedUserSid = 17,
337 WinRestrictedCodeSid = 18,
338 WinTerminalServerSid = 19,
339 WinRemoteLogonIdSid = 20,
340 WinLogonIdsSid = 21,
341 WinLocalSystemSid = 22,
342 WinLocalServiceSid = 23,
343 WinNetworkServiceSid = 24,
344 WinBuiltinDomainSid = 25,
345 WinBuiltinAdministratorsSid = 26,
346 WinBuiltinUsersSid = 27,
347 WinBuiltinGuestsSid = 28,
348 WinBuiltinPowerUsersSid = 29,
349 WinBuiltinAccountOperatorsSid = 30,
350 WinBuiltinSystemOperatorsSid = 31,
351 WinBuiltinPrintOperatorsSid = 32,
352 WinBuiltinBackupOperatorsSid = 33,
353 WinBuiltinReplicatorSid = 34,
354 WinBuiltinPreWindows2000CompatibleAccessSid = 35,
355 WinBuiltinRemoteDesktopUsersSid = 36,
356 WinBuiltinNetworkConfigurationOperatorsSid = 37,
357 WinAccountAdministratorSid = 38,
358 WinAccountGuestSid = 39,
359 WinAccountKrbtgtSid = 40,
360 WinAccountDomainAdminsSid = 41,
361 WinAccountDomainUsersSid = 42,
362 WinAccountDomainGuestsSid = 43,
363 WinAccountComputersSid = 44,
364 WinAccountControllersSid = 45,
365 WinAccountCertAdminsSid = 46,
366 WinAccountSchemaAdminsSid = 47,
367 WinAccountEnterpriseAdminsSid = 48,
368 WinAccountPolicyAdminsSid = 49,
369 WinAccountRasAndIasServersSid = 50,
370 WinNTLMAuthenticationSid = 51,
371 WinDigestAuthenticationSid = 52,
372 WinSChannelAuthenticationSid = 53,
373 WinThisOrganizationSid = 54,
374 WinOtherOrganizationSid = 55,
375 WinBuiltinIncomingForestTrustBuildersSid = 56,
376 WinBuiltinPerfMonitoringUsersSid = 57,
377 WinBuiltinPerfLoggingUsersSid = 58,
378 WinBuiltinAuthorizationAccessSid = 59,
379 WinBuiltinTerminalServerLicenseServersSid = 60,
380 WinBuiltinDCOMUsersSid = 61,
381 WinBuiltinIUsersSid = 62,
382 WinIUserSid = 63,
383 WinBuiltinCryptoOperatorsSid = 64,
384 WinUntrustedLabelSid = 65,
385 WinLowLabelSid = 66,
386 WinMediumLabelSid = 67,
387 WinHighLabelSid = 68,
388 WinSystemLabelSid = 69,
389 WinWriteRestrictedCodeSid = 70,
390 WinCreatorOwnerRightsSid = 71,
391 WinCacheablePrincipalsGroupSid = 72,
392 WinNonCacheablePrincipalsGroupSid = 73,
393 WinEnterpriseReadonlyControllersSid = 74,
394 WinAccountReadonlyControllersSid = 75,
395 WinBuiltinEventLogReadersGroup = 76,
396 WinNewEnterpriseReadonlyControllersSid = 77,
397 WinBuiltinCertSvcDComAccessGroup = 78,
398 WinMediumPlusLabelSid = 79,
399 WinLocalLogonSid = 80,
400 WinConsoleLogonSid = 81,
401 WinThisOrganizationCertificateSid = 82,
402 } WELL_KNOWN_SID_TYPE;
403
404 $endif (_NTDDK_ || _WINNT_)
405 $if (_NTIFS_ || _WINNT_)
406
407 #ifndef SID_IDENTIFIER_AUTHORITY_DEFINED
408 #define SID_IDENTIFIER_AUTHORITY_DEFINED
409 typedef struct _SID_IDENTIFIER_AUTHORITY {
410 $UCHAR Value[6];
411 } SID_IDENTIFIER_AUTHORITY,*PSID_IDENTIFIER_AUTHORITY,*LPSID_IDENTIFIER_AUTHORITY;
412 #endif
413
414 #ifndef SID_DEFINED
415 #define SID_DEFINED
416 typedef struct _SID {
417 $UCHAR Revision;
418 $UCHAR SubAuthorityCount;
419 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
420 #ifdef MIDL_PASS
421 [size_is(SubAuthorityCount)] $ULONG SubAuthority[*];
422 #else
423 $ULONG SubAuthority[ANYSIZE_ARRAY];
424 #endif
425 } SID, *PISID;
426 #endif
427
428 #define SID_REVISION 1
429 #define SID_MAX_SUB_AUTHORITIES 15
430 #define SID_RECOMMENDED_SUB_AUTHORITIES 1
431
432 #ifndef MIDL_PASS
433 #define SECURITY_MAX_SID_SIZE (sizeof(SID) - sizeof($ULONG) + (SID_MAX_SUB_AUTHORITIES * sizeof($ULONG)))
434 #endif
435
436 typedef enum _SID_NAME_USE {
437 SidTypeUser = 1,
438 SidTypeGroup,
439 SidTypeDomain,
440 SidTypeAlias,
441 SidTypeWellKnownGroup,
442 SidTypeDeletedAccount,
443 SidTypeInvalid,
444 SidTypeUnknown,
445 SidTypeComputer,
446 SidTypeLabel
447 } SID_NAME_USE, *PSID_NAME_USE;
448
449 typedef struct _SID_AND_ATTRIBUTES {
450 #ifdef MIDL_PASS
451 PISID Sid;
452 #else
453 PSID Sid;
454 #endif
455 $ULONG Attributes;
456 } SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
457 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
458 typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
459
460 #define SID_HASH_SIZE 32
461 typedef ULONG_PTR SID_HASH_ENTRY, *PSID_HASH_ENTRY;
462
463 typedef struct _SID_AND_ATTRIBUTES_HASH {
464 $ULONG SidCount;
465 PSID_AND_ATTRIBUTES SidAttr;
466 SID_HASH_ENTRY Hash[SID_HASH_SIZE];
467 } SID_AND_ATTRIBUTES_HASH, *PSID_AND_ATTRIBUTES_HASH;
468
469 /* Universal well-known SIDs */
470
471 #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
472
473 /* S-1-1 */
474 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
475
476 /* S-1-2 */
477 #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
478
479 /* S-1-3 */
480 #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
481
482 /* S-1-4 */
483 #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
484
485 #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
486
487 #define SECURITY_NULL_RID (0x00000000L)
488 #define SECURITY_WORLD_RID (0x00000000L)
489 #define SECURITY_LOCAL_RID (0x00000000L)
490 #define SECURITY_LOCAL_LOGON_RID (0x00000001L)
491
492 #define SECURITY_CREATOR_OWNER_RID (0x00000000L)
493 #define SECURITY_CREATOR_GROUP_RID (0x00000001L)
494 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
495 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
496 #define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
497
498 /* NT well-known SIDs */
499
500 /* S-1-5 */
501 #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
502
503 #define SECURITY_DIALUP_RID (0x00000001L)
504 #define SECURITY_NETWORK_RID (0x00000002L)
505 #define SECURITY_BATCH_RID (0x00000003L)
506 #define SECURITY_INTERACTIVE_RID (0x00000004L)
507 #define SECURITY_LOGON_IDS_RID (0x00000005L)
508 #define SECURITY_LOGON_IDS_RID_COUNT (3L)
509 #define SECURITY_SERVICE_RID (0x00000006L)
510 #define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
511 #define SECURITY_PROXY_RID (0x00000008L)
512 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
513 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
514 #define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
515 #define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
516 #define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
517 #define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
518 #define SECURITY_REMOTE_LOGON_RID (0x0000000EL)
519 #define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL)
520 #define SECURITY_IUSER_RID (0x00000011L)
521 #define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
522 #define SECURITY_LOCAL_SERVICE_RID (0x00000013L)
523 #define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
524 #define SECURITY_NT_NON_UNIQUE (0x00000015L)
525 #define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
526 #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
527
528 #define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
529 #define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
530
531
532 #define SECURITY_PACKAGE_BASE_RID (0x00000040L)
533 #define SECURITY_PACKAGE_RID_COUNT (2L)
534 #define SECURITY_PACKAGE_NTLM_RID (0x0000000AL)
535 #define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
536 #define SECURITY_PACKAGE_DIGEST_RID (0x00000015L)
537
538 #define SECURITY_CRED_TYPE_BASE_RID (0x00000041L)
539 #define SECURITY_CRED_TYPE_RID_COUNT (2L)
540 #define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L)
541
542 #define SECURITY_MIN_BASE_RID (0x00000050L)
543 #define SECURITY_SERVICE_ID_BASE_RID (0x00000050L)
544 #define SECURITY_SERVICE_ID_RID_COUNT (6L)
545 #define SECURITY_RESERVED_ID_BASE_RID (0x00000051L)
546 #define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L)
547 #define SECURITY_APPPOOL_ID_RID_COUNT (6L)
548 #define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L)
549 #define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L)
550 #define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L)
551 #define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L)
552 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID (0x00000055L)
553 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L)
554 #define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L)
555 #define SECURITY_WMIHOST_ID_RID_COUNT (6L)
556 #define SECURITY_TASK_ID_BASE_RID (0x00000057L)
557 #define SECURITY_NFS_ID_BASE_RID (0x00000058L)
558 #define SECURITY_COM_ID_BASE_RID (0x00000059L)
559 #define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L)
560
561 #define SECURITY_MAX_BASE_RID (0x0000006FL)
562
563 #define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
564 #define SECURITY_MIN_NEVER_FILTERED (0x000003E8L)
565
566 #define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
567
568 #define SECURITY_WINDOWSMOBILE_ID_BASE_RID (0x00000070L)
569
570 /* Well-known domain relative sub-authority values (RIDs) */
571
572 #define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
573
574 #define FOREST_USER_RID_MAX (0x000001F3L)
575
576 /* Well-known users */
577
578 #define DOMAIN_USER_RID_ADMIN (0x000001F4L)
579 #define DOMAIN_USER_RID_GUEST (0x000001F5L)
580 #define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
581
582 #define DOMAIN_USER_RID_MAX (0x000003E7L)
583
584 /* Well-known groups */
585
586 #define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
587 #define DOMAIN_GROUP_RID_USERS (0x00000201L)
588 #define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
589 #define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L)
590 #define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)
591 #define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)
592 #define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
593 #define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
594 #define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
595 #define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L)
596
597 /* Well-known aliases */
598
599 #define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
600 #define DOMAIN_ALIAS_RID_USERS (0x00000221L)
601 #define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
602 #define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
603
604 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
605 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
606 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
607 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
608
609 #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
610 #define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
611 #define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL)
612 #define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL)
613 #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL)
614 #define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
615
616 #define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL)
617 #define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL)
618 #define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
619 #define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L)
620 #define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L)
621
622 #define DOMAIN_ALIAS_RID_IUSERS (0x00000238L)
623 #define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L)
624 #define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL)
625 #define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL)
626 #define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL)
627 #define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL)
628
629 #define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
630 #define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L)
631 #define SECURITY_MANDATORY_LOW_RID (0x00001000L)
632 #define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L)
633 #define SECURITY_MANDATORY_HIGH_RID (0x00003000L)
634 #define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L)
635 #define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
636
637 /* SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that
638 can be set by a usermode caller.*/
639
640 #define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
641
642 #define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
643
644 /* Allocate the System Luid. The first 1000 LUIDs are reserved.
645 Use #999 here (0x3e7 = 999) */
646
647 #define SYSTEM_LUID {0x3e7, 0x0}
648 #define ANONYMOUS_LOGON_LUID {0x3e6, 0x0}
649 #define LOCALSERVICE_LUID {0x3e5, 0x0}
650 #define NETWORKSERVICE_LUID {0x3e4, 0x0}
651 #define IUSER_LUID {0x3e3, 0x0}
652
653 typedef struct _ACE_HEADER {
654 $UCHAR AceType;
655 $UCHAR AceFlags;
656 $USHORT AceSize;
657 } ACE_HEADER, *PACE_HEADER;
658
659 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
660 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
661 #define ACCESS_DENIED_ACE_TYPE (0x1)
662 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
663 #define SYSTEM_ALARM_ACE_TYPE (0x3)
664 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
665 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
666 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
667 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
668 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
669 #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
670 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
671 #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
672 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
673 #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
674 #define ACCESS_MAX_MS_ACE_TYPE (0x8)
675 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
676 #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
677 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
678 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
679 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
680 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
681 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
682 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
683 #define ACCESS_MAX_MS_V5_ACE_TYPE (0x11)
684 #define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11)
685
686 /* The following are the inherit flags that go into the AceFlags field
687 of an Ace header. */
688
689 #define OBJECT_INHERIT_ACE (0x1)
690 #define CONTAINER_INHERIT_ACE (0x2)
691 #define NO_PROPAGATE_INHERIT_ACE (0x4)
692 #define INHERIT_ONLY_ACE (0x8)
693 #define INHERITED_ACE (0x10)
694 #define VALID_INHERIT_FLAGS (0x1F)
695
696 #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
697 #define FAILED_ACCESS_ACE_FLAG (0x80)
698
699 typedef struct _ACCESS_ALLOWED_ACE {
700 ACE_HEADER Header;
701 ACCESS_MASK Mask;
702 $ULONG SidStart;
703 } ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE;
704
705 typedef struct _ACCESS_DENIED_ACE {
706 ACE_HEADER Header;
707 ACCESS_MASK Mask;
708 $ULONG SidStart;
709 } ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE;
710
711 typedef struct _SYSTEM_AUDIT_ACE {
712 ACE_HEADER Header;
713 ACCESS_MASK Mask;
714 $ULONG SidStart;
715 } SYSTEM_AUDIT_ACE, *PSYSTEM_AUDIT_ACE;
716
717 typedef struct _SYSTEM_ALARM_ACE {
718 ACE_HEADER Header;
719 ACCESS_MASK Mask;
720 $ULONG SidStart;
721 } SYSTEM_ALARM_ACE, *PSYSTEM_ALARM_ACE;
722
723 typedef struct _SYSTEM_MANDATORY_LABEL_ACE {
724 ACE_HEADER Header;
725 ACCESS_MASK Mask;
726 $ULONG SidStart;
727 } SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;
728
729 #define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1
730 #define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2
731 #define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
732 #define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \
733 SYSTEM_MANDATORY_LABEL_NO_READ_UP | \
734 SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
735
736 #define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
737
738 typedef $USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
739
740 #define SE_OWNER_DEFAULTED 0x0001
741 #define SE_GROUP_DEFAULTED 0x0002
742 #define SE_DACL_PRESENT 0x0004
743 #define SE_DACL_DEFAULTED 0x0008
744 #define SE_SACL_PRESENT 0x0010
745 #define SE_SACL_DEFAULTED 0x0020
746 #define SE_DACL_UNTRUSTED 0x0040
747 #define SE_SERVER_SECURITY 0x0080
748 #define SE_DACL_AUTO_INHERIT_REQ 0x0100
749 #define SE_SACL_AUTO_INHERIT_REQ 0x0200
750 #define SE_DACL_AUTO_INHERITED 0x0400
751 #define SE_SACL_AUTO_INHERITED 0x0800
752 #define SE_DACL_PROTECTED 0x1000
753 #define SE_SACL_PROTECTED 0x2000
754 #define SE_RM_CONTROL_VALID 0x4000
755 #define SE_SELF_RELATIVE 0x8000
756
757 typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
758 $UCHAR Revision;
759 $UCHAR Sbz1;
760 SECURITY_DESCRIPTOR_CONTROL Control;
761 $ULONG Owner;
762 $ULONG Group;
763 $ULONG Sacl;
764 $ULONG Dacl;
765 } SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
766
767 typedef struct _SECURITY_DESCRIPTOR {
768 $UCHAR Revision;
769 $UCHAR Sbz1;
770 SECURITY_DESCRIPTOR_CONTROL Control;
771 PSID Owner;
772 PSID Group;
773 PACL Sacl;
774 PACL Dacl;
775 } SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
776
777 typedef struct _OBJECT_TYPE_LIST {
778 $USHORT Level;
779 $USHORT Sbz;
780 GUID *ObjectType;
781 } OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST;
782
783 #define ACCESS_OBJECT_GUID 0
784 #define ACCESS_PROPERTY_SET_GUID 1
785 #define ACCESS_PROPERTY_GUID 2
786 #define ACCESS_MAX_LEVEL 4
787
788 typedef enum _AUDIT_EVENT_TYPE {
789 AuditEventObjectAccess,
790 AuditEventDirectoryServiceAccess
791 } AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
792
793 #define AUDIT_ALLOW_NO_PRIVILEGE 0x1
794
795 #define ACCESS_DS_SOURCE_A "DS"
796 #define ACCESS_DS_SOURCE_W L"DS"
797 #define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object"
798 #define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object"
799
800 #define ACCESS_REASON_TYPE_MASK 0xffff0000
801 #define ACCESS_REASON_DATA_MASK 0x0000ffff
802
803 typedef enum _ACCESS_REASON_TYPE {
804 AccessReasonNone = 0x00000000,
805 AccessReasonAllowedAce = 0x00010000,
806 AccessReasonDeniedAce = 0x00020000,
807 AccessReasonAllowedParentAce = 0x00030000,
808 AccessReasonDeniedParentAce = 0x00040000,
809 AccessReasonMissingPrivilege = 0x00100000,
810 AccessReasonFromPrivilege = 0x00200000,
811 AccessReasonIntegrityLevel = 0x00300000,
812 AccessReasonOwnership = 0x00400000,
813 AccessReasonNullDacl = 0x00500000,
814 AccessReasonEmptyDacl = 0x00600000,
815 AccessReasonNoSD = 0x00700000,
816 AccessReasonNoGrant = 0x00800000
817 } ACCESS_REASON_TYPE;
818
819 typedef $ULONG ACCESS_REASON;
820
821 typedef struct _ACCESS_REASONS {
822 ACCESS_REASON Data[32];
823 } ACCESS_REASONS, *PACCESS_REASONS;
824
825 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_OWNER_ACE 0x00000001
826 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_LABEL_ACE 0x00000002
827 #define SE_SECURITY_DESCRIPTOR_VALID_FLAGS 0x00000003
828
829 typedef struct _SE_SECURITY_DESCRIPTOR {
830 $ULONG Size;
831 $ULONG Flags;
832 PSECURITY_DESCRIPTOR SecurityDescriptor;
833 } SE_SECURITY_DESCRIPTOR, *PSE_SECURITY_DESCRIPTOR;
834
835 typedef struct _SE_ACCESS_REQUEST {
836 $ULONG Size;
837 PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor;
838 ACCESS_MASK DesiredAccess;
839 ACCESS_MASK PreviouslyGrantedAccess;
840 PSID PrincipalSelfSid;
841 PGENERIC_MAPPING GenericMapping;
842 $ULONG ObjectTypeListCount;
843 POBJECT_TYPE_LIST ObjectTypeList;
844 } SE_ACCESS_REQUEST, *PSE_ACCESS_REQUEST;
845
846 #define TOKEN_ASSIGN_PRIMARY (0x0001)
847 #define TOKEN_DUPLICATE (0x0002)
848 #define TOKEN_IMPERSONATE (0x0004)
849 #define TOKEN_QUERY (0x0008)
850 #define TOKEN_QUERY_SOURCE (0x0010)
851 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
852 #define TOKEN_ADJUST_GROUPS (0x0040)
853 #define TOKEN_ADJUST_DEFAULT (0x0080)
854 #define TOKEN_ADJUST_SESSIONID (0x0100)
855
856 #define TOKEN_ALL_ACCESS_P (STANDARD_RIGHTS_REQUIRED |\
857 TOKEN_ASSIGN_PRIMARY |\
858 TOKEN_DUPLICATE |\
859 TOKEN_IMPERSONATE |\
860 TOKEN_QUERY |\
861 TOKEN_QUERY_SOURCE |\
862 TOKEN_ADJUST_PRIVILEGES |\
863 TOKEN_ADJUST_GROUPS |\
864 TOKEN_ADJUST_DEFAULT)
865
866 #if ((defined(_WIN32_WINNT) && (_WIN32_WINNT > 0x0400)) || (!defined(_WIN32_WINNT)))
867 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P | TOKEN_ADJUST_SESSIONID)
868 #else
869 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P)
870 #endif
871
872 #define TOKEN_READ (STANDARD_RIGHTS_READ | TOKEN_QUERY)
873
874 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
875 TOKEN_ADJUST_PRIVILEGES |\
876 TOKEN_ADJUST_GROUPS |\
877 TOKEN_ADJUST_DEFAULT)
878
879 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
880
881 typedef enum _TOKEN_TYPE {
882 TokenPrimary = 1,
883 TokenImpersonation
884 } TOKEN_TYPE, *PTOKEN_TYPE;
885
886 typedef enum _TOKEN_INFORMATION_CLASS {
887 TokenUser = 1,
888 TokenGroups,
889 TokenPrivileges,
890 TokenOwner,
891 TokenPrimaryGroup,
892 TokenDefaultDacl,
893 TokenSource,
894 TokenType,
895 TokenImpersonationLevel,
896 TokenStatistics,
897 TokenRestrictedSids,
898 TokenSessionId,
899 TokenGroupsAndPrivileges,
900 TokenSessionReference,
901 TokenSandBoxInert,
902 TokenAuditPolicy,
903 TokenOrigin,
904 TokenElevationType,
905 TokenLinkedToken,
906 TokenElevation,
907 TokenHasRestrictions,
908 TokenAccessInformation,
909 TokenVirtualizationAllowed,
910 TokenVirtualizationEnabled,
911 TokenIntegrityLevel,
912 TokenUIAccess,
913 TokenMandatoryPolicy,
914 TokenLogonSid,
915 MaxTokenInfoClass
916 } TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS;
917
918 typedef struct _TOKEN_USER {
919 SID_AND_ATTRIBUTES User;
920 } TOKEN_USER, *PTOKEN_USER;
921
922 typedef struct _TOKEN_GROUPS {
923 $ULONG GroupCount;
924 #ifdef MIDL_PASS
925 [size_is(GroupCount)] SID_AND_ATTRIBUTES Groups[*];
926 #else
927 SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
928 #endif
929 } TOKEN_GROUPS, *PTOKEN_GROUPS, *LPTOKEN_GROUPS;
930
931 typedef struct _TOKEN_PRIVILEGES {
932 $ULONG PrivilegeCount;
933 LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
934 } TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES, *LPTOKEN_PRIVILEGES;
935
936 typedef struct _TOKEN_OWNER {
937 PSID Owner;
938 } TOKEN_OWNER, *PTOKEN_OWNER;
939
940 typedef struct _TOKEN_PRIMARY_GROUP {
941 PSID PrimaryGroup;
942 } TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
943
944 typedef struct _TOKEN_DEFAULT_DACL {
945 PACL DefaultDacl;
946 } TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
947
948 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES {
949 $ULONG SidCount;
950 $ULONG SidLength;
951 PSID_AND_ATTRIBUTES Sids;
952 $ULONG RestrictedSidCount;
953 $ULONG RestrictedSidLength;
954 PSID_AND_ATTRIBUTES RestrictedSids;
955 $ULONG PrivilegeCount;
956 $ULONG PrivilegeLength;
957 PLUID_AND_ATTRIBUTES Privileges;
958 LUID AuthenticationId;
959 } TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES;
960
961 typedef struct _TOKEN_LINKED_TOKEN {
962 HANDLE LinkedToken;
963 } TOKEN_LINKED_TOKEN, *PTOKEN_LINKED_TOKEN;
964
965 typedef struct _TOKEN_ELEVATION {
966 $ULONG TokenIsElevated;
967 } TOKEN_ELEVATION, *PTOKEN_ELEVATION;
968
969 typedef struct _TOKEN_MANDATORY_LABEL {
970 SID_AND_ATTRIBUTES Label;
971 } TOKEN_MANDATORY_LABEL, *PTOKEN_MANDATORY_LABEL;
972
973 #define TOKEN_MANDATORY_POLICY_OFF 0x0
974 #define TOKEN_MANDATORY_POLICY_NO_WRITE_UP 0x1
975 #define TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN 0x2
976
977 #define TOKEN_MANDATORY_POLICY_VALID_MASK (TOKEN_MANDATORY_POLICY_NO_WRITE_UP | \
978 TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN)
979
980 #define POLICY_AUDIT_SUBCATEGORY_COUNT (56)
981
982 typedef struct _TOKEN_AUDIT_POLICY {
983 $UCHAR PerUserPolicy[((POLICY_AUDIT_SUBCATEGORY_COUNT) >> 1) + 1];
984 } TOKEN_AUDIT_POLICY, *PTOKEN_AUDIT_POLICY;
985
986 #define TOKEN_SOURCE_LENGTH 8
987
988 typedef struct _TOKEN_SOURCE {
989 CHAR SourceName[TOKEN_SOURCE_LENGTH];
990 LUID SourceIdentifier;
991 } TOKEN_SOURCE, *PTOKEN_SOURCE;
992
993 #include <pshpack4.h>
994 typedef struct _TOKEN_STATISTICS {
995 LUID TokenId;
996 LUID AuthenticationId;
997 LARGE_INTEGER ExpirationTime;
998 TOKEN_TYPE TokenType;
999 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
1000 $ULONG DynamicCharged;
1001 $ULONG DynamicAvailable;
1002 $ULONG GroupCount;
1003 $ULONG PrivilegeCount;
1004 LUID ModifiedId;
1005 } TOKEN_STATISTICS, *PTOKEN_STATISTICS;
1006 #include <poppack.h>
1007
1008 typedef struct _TOKEN_CONTROL {
1009 LUID TokenId;
1010 LUID AuthenticationId;
1011 LUID ModifiedId;
1012 TOKEN_SOURCE TokenSource;
1013 } TOKEN_CONTROL, *PTOKEN_CONTROL;
1014
1015 typedef struct _TOKEN_ORIGIN {
1016 LUID OriginatingLogonSession;
1017 } TOKEN_ORIGIN, *PTOKEN_ORIGIN;
1018
1019 typedef enum _MANDATORY_LEVEL {
1020 MandatoryLevelUntrusted = 0,
1021 MandatoryLevelLow,
1022 MandatoryLevelMedium,
1023 MandatoryLevelHigh,
1024 MandatoryLevelSystem,
1025 MandatoryLevelSecureProcess,
1026 MandatoryLevelCount
1027 } MANDATORY_LEVEL, *PMANDATORY_LEVEL;
1028
1029 $endif(_NTIFS_ || _WINNT_)
1030 $if(_NTIFS_)
1031
1032 typedef struct _SE_ACCESS_REPLY {
1033 $ULONG Size;
1034 $ULONG ResultListCount;
1035 PACCESS_MASK GrantedAccess;
1036 PNTSTATUS AccessStatus;
1037 PACCESS_REASONS AccessReason;
1038 PPRIVILEGE_SET* Privileges;
1039 } SE_ACCESS_REPLY, *PSE_ACCESS_REPLY;
1040
1041 typedef enum _SE_AUDIT_OPERATION {
1042 AuditPrivilegeObject,
1043 AuditPrivilegeService,
1044 AuditAccessCheck,
1045 AuditOpenObject,
1046 AuditOpenObjectWithTransaction,
1047 AuditCloseObject,
1048 AuditDeleteObject,
1049 AuditOpenObjectForDelete,
1050 AuditOpenObjectForDeleteWithTransaction,
1051 AuditCloseNonObject,
1052 AuditOpenNonObject,
1053 AuditObjectReference,
1054 AuditHandleCreation,
1055 } SE_AUDIT_OPERATION, *PSE_AUDIT_OPERATION;
1056
1057 typedef struct _SE_AUDIT_INFO {
1058 ULONG Size;
1059 AUDIT_EVENT_TYPE AuditType;
1060 SE_AUDIT_OPERATION AuditOperation;
1061 ULONG AuditFlags;
1062 UNICODE_STRING SubsystemName;
1063 UNICODE_STRING ObjectTypeName;
1064 UNICODE_STRING ObjectName;
1065 PVOID HandleId;
1066 GUID* TransactionId;
1067 LUID* OperationId;
1068 BOOLEAN ObjectCreation;
1069 BOOLEAN GenerateOnClose;
1070 } SE_AUDIT_INFO, *PSE_AUDIT_INFO;
1071
1072 typedef struct _TOKEN_MANDATORY_POLICY {
1073 $ULONG Policy;
1074 } TOKEN_MANDATORY_POLICY, *PTOKEN_MANDATORY_POLICY;
1075
1076 typedef struct _TOKEN_ACCESS_INFORMATION {
1077 PSID_AND_ATTRIBUTES_HASH SidHash;
1078 PSID_AND_ATTRIBUTES_HASH RestrictedSidHash;
1079 PTOKEN_PRIVILEGES Privileges;
1080 LUID AuthenticationId;
1081 TOKEN_TYPE TokenType;
1082 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
1083 TOKEN_MANDATORY_POLICY MandatoryPolicy;
1084 $ULONG Flags;
1085 } TOKEN_ACCESS_INFORMATION, *PTOKEN_ACCESS_INFORMATION;
1086
1087 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x0001
1088 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x0002
1089 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x0004
1090 #define TOKEN_WRITE_RESTRICTED 0x0008
1091 #define TOKEN_IS_RESTRICTED 0x0010
1092 #define TOKEN_SESSION_NOT_REFERENCED 0x0020
1093 #define TOKEN_SANDBOX_INERT 0x0040
1094 #define TOKEN_HAS_IMPERSONATE_PRIVILEGE 0x0080
1095 #define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
1096 #define TOKEN_VIRTUALIZE_ALLOWED 0x0200
1097 #define TOKEN_VIRTUALIZE_ENABLED 0x0400
1098 #define TOKEN_IS_FILTERED 0x0800
1099 #define TOKEN_UIACCESS 0x1000
1100 #define TOKEN_NOT_LOW 0x2000
1101
1102 typedef struct _SE_EXPORTS {
1103 LUID SeCreateTokenPrivilege;
1104 LUID SeAssignPrimaryTokenPrivilege;
1105 LUID SeLockMemoryPrivilege;
1106 LUID SeIncreaseQuotaPrivilege;
1107 LUID SeUnsolicitedInputPrivilege;
1108 LUID SeTcbPrivilege;
1109 LUID SeSecurityPrivilege;
1110 LUID SeTakeOwnershipPrivilege;
1111 LUID SeLoadDriverPrivilege;
1112 LUID SeCreatePagefilePrivilege;
1113 LUID SeIncreaseBasePriorityPrivilege;
1114 LUID SeSystemProfilePrivilege;
1115 LUID SeSystemtimePrivilege;
1116 LUID SeProfileSingleProcessPrivilege;
1117 LUID SeCreatePermanentPrivilege;
1118 LUID SeBackupPrivilege;
1119 LUID SeRestorePrivilege;
1120 LUID SeShutdownPrivilege;
1121 LUID SeDebugPrivilege;
1122 LUID SeAuditPrivilege;
1123 LUID SeSystemEnvironmentPrivilege;
1124 LUID SeChangeNotifyPrivilege;
1125 LUID SeRemoteShutdownPrivilege;
1126 PSID SeNullSid;
1127 PSID SeWorldSid;
1128 PSID SeLocalSid;
1129 PSID SeCreatorOwnerSid;
1130 PSID SeCreatorGroupSid;
1131 PSID SeNtAuthoritySid;
1132 PSID SeDialupSid;
1133 PSID SeNetworkSid;
1134 PSID SeBatchSid;
1135 PSID SeInteractiveSid;
1136 PSID SeLocalSystemSid;
1137 PSID SeAliasAdminsSid;
1138 PSID SeAliasUsersSid;
1139 PSID SeAliasGuestsSid;
1140 PSID SeAliasPowerUsersSid;
1141 PSID SeAliasAccountOpsSid;
1142 PSID SeAliasSystemOpsSid;
1143 PSID SeAliasPrintOpsSid;
1144 PSID SeAliasBackupOpsSid;
1145 PSID SeAuthenticatedUsersSid;
1146 PSID SeRestrictedSid;
1147 PSID SeAnonymousLogonSid;
1148 LUID SeUndockPrivilege;
1149 LUID SeSyncAgentPrivilege;
1150 LUID SeEnableDelegationPrivilege;
1151 PSID SeLocalServiceSid;
1152 PSID SeNetworkServiceSid;
1153 LUID SeManageVolumePrivilege;
1154 LUID SeImpersonatePrivilege;
1155 LUID SeCreateGlobalPrivilege;
1156 LUID SeTrustedCredManAccessPrivilege;
1157 LUID SeRelabelPrivilege;
1158 LUID SeIncreaseWorkingSetPrivilege;
1159 LUID SeTimeZonePrivilege;
1160 LUID SeCreateSymbolicLinkPrivilege;
1161 PSID SeIUserSid;
1162 PSID SeUntrustedMandatorySid;
1163 PSID SeLowMandatorySid;
1164 PSID SeMediumMandatorySid;
1165 PSID SeHighMandatorySid;
1166 PSID SeSystemMandatorySid;
1167 PSID SeOwnerRightsSid;
1168 } SE_EXPORTS, *PSE_EXPORTS;
1169
1170 typedef NTSTATUS
1171 (NTAPI *PSE_LOGON_SESSION_TERMINATED_ROUTINE)(
1172 IN PLUID LogonId);
1173
1174 typedef struct _SECURITY_CLIENT_CONTEXT {
1175 SECURITY_QUALITY_OF_SERVICE SecurityQos;
1176 PACCESS_TOKEN ClientToken;
1177 BOOLEAN DirectlyAccessClientToken;
1178 BOOLEAN DirectAccessEffectiveOnly;
1179 BOOLEAN ServerIsRemote;
1180 TOKEN_CONTROL ClientTokenControl;
1181 } SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
1182
1183 $endif (_NTIFS_)
A free Windows-compatible Operating System