1 /******************************************************************************
2 * Security Manager Types *
3 ******************************************************************************/
4 $
if (_WDMDDK_
|| _WINNT_
)
7 typedef PVOID PSECURITY_DESCRIPTOR
;
8 typedef $ULONG SECURITY_INFORMATION
, *PSECURITY_INFORMATION
;
9 typedef $ULONG ACCESS_MASK
, *PACCESS_MASK
;
11 typedef PVOID PACCESS_TOKEN
;
14 #define DELETE 0x00010000L
15 #define READ_CONTROL 0x00020000L
16 #define WRITE_DAC 0x00040000L
17 #define WRITE_OWNER 0x00080000L
18 #define SYNCHRONIZE 0x00100000L
19 #define STANDARD_RIGHTS_REQUIRED 0x000F0000L
20 #define STANDARD_RIGHTS_READ READ_CONTROL
21 #define STANDARD_RIGHTS_WRITE READ_CONTROL
22 #define STANDARD_RIGHTS_EXECUTE READ_CONTROL
23 #define STANDARD_RIGHTS_ALL 0x001F0000L
24 #define SPECIFIC_RIGHTS_ALL 0x0000FFFFL
25 #define ACCESS_SYSTEM_SECURITY 0x01000000L
26 #define MAXIMUM_ALLOWED 0x02000000L
27 #define GENERIC_READ 0x80000000L
28 #define GENERIC_WRITE 0x40000000L
29 #define GENERIC_EXECUTE 0x20000000L
30 #define GENERIC_ALL 0x10000000L
32 typedef struct _GENERIC_MAPPING
{
33 ACCESS_MASK GenericRead
;
34 ACCESS_MASK GenericWrite
;
35 ACCESS_MASK GenericExecute
;
36 ACCESS_MASK GenericAll
;
37 } GENERIC_MAPPING
, *PGENERIC_MAPPING
;
39 #define ACL_REVISION 2
40 #define ACL_REVISION_DS 4
42 #define ACL_REVISION1 1
43 #define ACL_REVISION2 2
44 #define ACL_REVISION3 3
45 #define ACL_REVISION4 4
46 #define MIN_ACL_REVISION ACL_REVISION2
47 #define MAX_ACL_REVISION ACL_REVISION4
57 /* Current security descriptor revision value */
58 #define SECURITY_DESCRIPTOR_REVISION (1)
59 #define SECURITY_DESCRIPTOR_REVISION1 (1)
61 /* Privilege attributes */
62 #define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x00000001L)
63 #define SE_PRIVILEGE_ENABLED (0x00000002L)
64 #define SE_PRIVILEGE_REMOVED (0x00000004L)
65 #define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
67 #define SE_PRIVILEGE_VALID_ATTRIBUTES (SE_PRIVILEGE_ENABLED_BY_DEFAULT | \
68 SE_PRIVILEGE_ENABLED | \
69 SE_PRIVILEGE_REMOVED | \
70 SE_PRIVILEGE_USED_FOR_ACCESS)
73 typedef struct _LUID_AND_ATTRIBUTES
{
76 } LUID_AND_ATTRIBUTES
, *PLUID_AND_ATTRIBUTES
;
79 typedef LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES_ARRAY
[ANYSIZE_ARRAY
];
80 typedef LUID_AND_ATTRIBUTES_ARRAY
*PLUID_AND_ATTRIBUTES_ARRAY
;
83 #define PRIVILEGE_SET_ALL_NECESSARY (1)
85 typedef struct _PRIVILEGE_SET
{
86 $ULONG PrivilegeCount
;
88 LUID_AND_ATTRIBUTES Privilege
[ANYSIZE_ARRAY
];
89 } PRIVILEGE_SET
, *PPRIVILEGE_SET
;
91 typedef enum _SECURITY_IMPERSONATION_LEVEL
{
93 SecurityIdentification
,
94 SecurityImpersonation
,
96 } SECURITY_IMPERSONATION_LEVEL
, * PSECURITY_IMPERSONATION_LEVEL
;
98 #define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation
99 #define SECURITY_MIN_IMPERSONATION_LEVEL SecurityAnonymous
100 #define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation
101 #define VALID_IMPERSONATION_LEVEL(Level) (((Level) >= SECURITY_MIN_IMPERSONATION_LEVEL) && ((Level) <= SECURITY_MAX_IMPERSONATION_LEVEL))
103 #define SECURITY_DYNAMIC_TRACKING (TRUE)
104 #define SECURITY_STATIC_TRACKING (FALSE)
106 typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE
, *PSECURITY_CONTEXT_TRACKING_MODE
;
108 typedef struct _SECURITY_QUALITY_OF_SERVICE
{
110 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
111 SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode
;
112 BOOLEAN EffectiveOnly
;
113 } SECURITY_QUALITY_OF_SERVICE
, *PSECURITY_QUALITY_OF_SERVICE
;
115 typedef struct _SE_IMPERSONATION_STATE
{
118 BOOLEAN EffectiveOnly
;
119 SECURITY_IMPERSONATION_LEVEL Level
;
120 } SE_IMPERSONATION_STATE
, *PSE_IMPERSONATION_STATE
;
123 #define OWNER_SECURITY_INFORMATION (0x00000001L)
124 #define GROUP_SECURITY_INFORMATION (0x00000002L)
125 #define DACL_SECURITY_INFORMATION (0x00000004L)
126 #define SACL_SECURITY_INFORMATION (0x00000008L)
127 #define LABEL_SECURITY_INFORMATION (0x00000010L)
129 #define PROTECTED_DACL_SECURITY_INFORMATION (0x80000000L)
130 #define PROTECTED_SACL_SECURITY_INFORMATION (0x40000000L)
131 #define UNPROTECTED_DACL_SECURITY_INFORMATION (0x20000000L)
132 #define UNPROTECTED_SACL_SECURITY_INFORMATION (0x10000000L)
134 $
endif (_WDMDDK_
|| _WINNT_
)
137 typedef enum _SECURITY_OPERATION_CODE
{
138 SetSecurityDescriptor
,
139 QuerySecurityDescriptor
,
140 DeleteSecurityDescriptor
,
141 AssignSecurityDescriptor
142 } SECURITY_OPERATION_CODE
, *PSECURITY_OPERATION_CODE
;
144 #define INITIAL_PRIVILEGE_COUNT 3
146 typedef struct _INITIAL_PRIVILEGE_SET
{
147 ULONG PrivilegeCount
;
149 LUID_AND_ATTRIBUTES Privilege
[INITIAL_PRIVILEGE_COUNT
];
150 } INITIAL_PRIVILEGE_SET
, * PINITIAL_PRIVILEGE_SET
;
152 #define SE_MIN_WELL_KNOWN_PRIVILEGE 2
153 #define SE_CREATE_TOKEN_PRIVILEGE 2
154 #define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE 3
155 #define SE_LOCK_MEMORY_PRIVILEGE 4
156 #define SE_INCREASE_QUOTA_PRIVILEGE 5
157 #define SE_MACHINE_ACCOUNT_PRIVILEGE 6
158 #define SE_TCB_PRIVILEGE 7
159 #define SE_SECURITY_PRIVILEGE 8
160 #define SE_TAKE_OWNERSHIP_PRIVILEGE 9
161 #define SE_LOAD_DRIVER_PRIVILEGE 10
162 #define SE_SYSTEM_PROFILE_PRIVILEGE 11
163 #define SE_SYSTEMTIME_PRIVILEGE 12
164 #define SE_PROF_SINGLE_PROCESS_PRIVILEGE 13
165 #define SE_INC_BASE_PRIORITY_PRIVILEGE 14
166 #define SE_CREATE_PAGEFILE_PRIVILEGE 15
167 #define SE_CREATE_PERMANENT_PRIVILEGE 16
168 #define SE_BACKUP_PRIVILEGE 17
169 #define SE_RESTORE_PRIVILEGE 18
170 #define SE_SHUTDOWN_PRIVILEGE 19
171 #define SE_DEBUG_PRIVILEGE 20
172 #define SE_AUDIT_PRIVILEGE 21
173 #define SE_SYSTEM_ENVIRONMENT_PRIVILEGE 22
174 #define SE_CHANGE_NOTIFY_PRIVILEGE 23
175 #define SE_REMOTE_SHUTDOWN_PRIVILEGE 24
176 #define SE_UNDOCK_PRIVILEGE 25
177 #define SE_SYNC_AGENT_PRIVILEGE 26
178 #define SE_ENABLE_DELEGATION_PRIVILEGE 27
179 #define SE_MANAGE_VOLUME_PRIVILEGE 28
180 #define SE_IMPERSONATE_PRIVILEGE 29
181 #define SE_CREATE_GLOBAL_PRIVILEGE 30
182 #define SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE 31
183 #define SE_RELABEL_PRIVILEGE 32
184 #define SE_INC_WORKING_SET_PRIVILEGE 33
185 #define SE_TIME_ZONE_PRIVILEGE 34
186 #define SE_CREATE_SYMBOLIC_LINK_PRIVILEGE 35
187 #define SE_MAX_WELL_KNOWN_PRIVILEGE SE_CREATE_SYMBOLIC_LINK_PRIVILEGE
189 typedef struct _SECURITY_SUBJECT_CONTEXT
{
190 PACCESS_TOKEN ClientToken
;
191 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
192 PACCESS_TOKEN PrimaryToken
;
193 PVOID ProcessAuditId
;
194 } SECURITY_SUBJECT_CONTEXT
, *PSECURITY_SUBJECT_CONTEXT
;
196 typedef struct _ACCESS_STATE
{
198 BOOLEAN SecurityEvaluated
;
199 BOOLEAN GenerateAudit
;
200 BOOLEAN GenerateOnClose
;
201 BOOLEAN PrivilegesAllocated
;
203 ACCESS_MASK RemainingDesiredAccess
;
204 ACCESS_MASK PreviouslyGrantedAccess
;
205 ACCESS_MASK OriginalDesiredAccess
;
206 SECURITY_SUBJECT_CONTEXT SubjectSecurityContext
;
207 PSECURITY_DESCRIPTOR SecurityDescriptor
;
210 INITIAL_PRIVILEGE_SET InitialPrivilegeSet
;
211 PRIVILEGE_SET PrivilegeSet
;
213 BOOLEAN AuditPrivileges
;
214 UNICODE_STRING ObjectName
;
215 UNICODE_STRING ObjectTypeName
;
216 } ACCESS_STATE
, *PACCESS_STATE
;
219 (NTAPI
*PNTFS_DEREF_EXPORTED_SECURITY_DESCRIPTOR
)(
221 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
);
225 #ifndef _NTLSA_AUDIT_
226 #define _NTLSA_AUDIT_
228 #define SE_MAX_AUDIT_PARAMETERS 32
229 #define SE_MAX_GENERIC_AUDIT_PARAMETERS 28
231 #define SE_ADT_OBJECT_ONLY 0x1
233 #define SE_ADT_PARAMETERS_SELF_RELATIVE 0x00000001
234 #define SE_ADT_PARAMETERS_SEND_TO_LSA 0x00000002
235 #define SE_ADT_PARAMETER_EXTENSIBLE_AUDIT 0x00000004
236 #define SE_ADT_PARAMETER_GENERIC_AUDIT 0x00000008
237 #define SE_ADT_PARAMETER_WRITE_SYNCHRONOUS 0x00000010
239 #define LSAP_SE_ADT_PARAMETER_ARRAY_TRUE_SIZE(Parameters) \
240 ( sizeof(SE_ADT_PARAMETER_ARRAY) - sizeof(SE_ADT_PARAMETER_ARRAY_ENTRY) * \
241 (SE_MAX_AUDIT_PARAMETERS - Parameters->ParameterCount) )
243 typedef enum _SE_ADT_PARAMETER_TYPE
{
244 SeAdtParmTypeNone
= 0,
246 SeAdtParmTypeFileSpec
,
249 SeAdtParmTypeLogonId
,
250 SeAdtParmTypeNoLogonId
,
251 SeAdtParmTypeAccessMask
,
253 SeAdtParmTypeObjectTypes
,
254 SeAdtParmTypeHexUlong
,
259 SeAdtParmTypeHexInt64
,
260 SeAdtParmTypeStringList
,
261 SeAdtParmTypeSidList
,
262 SeAdtParmTypeDuration
,
263 SeAdtParmTypeUserAccountControl
,
265 SeAdtParmTypeMessage
,
266 SeAdtParmTypeDateTime
,
267 SeAdtParmTypeSockAddr
,
269 SeAdtParmTypeLogonHours
,
270 SeAdtParmTypeLogonIdNoSid
,
271 SeAdtParmTypeUlongNoConv
,
272 SeAdtParmTypeSockAddrNoPort
,
273 SeAdtParmTypeAccessReason
274 } SE_ADT_PARAMETER_TYPE
, *PSE_ADT_PARAMETER_TYPE
;
276 typedef struct _SE_ADT_OBJECT_TYPE
{
280 ACCESS_MASK AccessMask
;
281 } SE_ADT_OBJECT_TYPE
, *PSE_ADT_OBJECT_TYPE
;
283 typedef struct _SE_ADT_PARAMETER_ARRAY_ENTRY
{
284 SE_ADT_PARAMETER_TYPE Type
;
288 } SE_ADT_PARAMETER_ARRAY_ENTRY
, *PSE_ADT_PARAMETER_ARRAY_ENTRY
;
290 typedef struct _SE_ADT_ACCESS_REASON
{
291 ACCESS_MASK AccessMask
;
292 ULONG AccessReasons
[32];
293 ULONG ObjectTypeIndex
;
295 PSECURITY_DESCRIPTOR SecurityDescriptor
;
296 } SE_ADT_ACCESS_REASON
, *PSE_ADT_ACCESS_REASON
;
298 typedef struct _SE_ADT_PARAMETER_ARRAY
{
301 ULONG ParameterCount
;
303 USHORT FlatSubCategoryId
;
306 SE_ADT_PARAMETER_ARRAY_ENTRY Parameters
[ SE_MAX_AUDIT_PARAMETERS
];
307 } SE_ADT_PARAMETER_ARRAY
, *PSE_ADT_PARAMETER_ARRAY
;
309 #endif /* !_NTLSA_AUDIT_ */
310 #endif /* !_NTLSA_IFS_ */
313 #define SE_UNSOLICITED_INPUT_PRIVILEGE 6
316 $
if (_NTDDK_
|| _WINNT_
)
318 typedef enum _WELL_KNOWN_SID_TYPE
{
322 WinCreatorOwnerSid
= 3,
323 WinCreatorGroupSid
= 4,
324 WinCreatorOwnerServerSid
= 5,
325 WinCreatorGroupServerSid
= 6,
326 WinNtAuthoritySid
= 7,
330 WinInteractiveSid
= 11,
332 WinAnonymousSid
= 13,
334 WinEnterpriseControllersSid
= 15,
336 WinAuthenticatedUserSid
= 17,
337 WinRestrictedCodeSid
= 18,
338 WinTerminalServerSid
= 19,
339 WinRemoteLogonIdSid
= 20,
341 WinLocalSystemSid
= 22,
342 WinLocalServiceSid
= 23,
343 WinNetworkServiceSid
= 24,
344 WinBuiltinDomainSid
= 25,
345 WinBuiltinAdministratorsSid
= 26,
346 WinBuiltinUsersSid
= 27,
347 WinBuiltinGuestsSid
= 28,
348 WinBuiltinPowerUsersSid
= 29,
349 WinBuiltinAccountOperatorsSid
= 30,
350 WinBuiltinSystemOperatorsSid
= 31,
351 WinBuiltinPrintOperatorsSid
= 32,
352 WinBuiltinBackupOperatorsSid
= 33,
353 WinBuiltinReplicatorSid
= 34,
354 WinBuiltinPreWindows2000CompatibleAccessSid
= 35,
355 WinBuiltinRemoteDesktopUsersSid
= 36,
356 WinBuiltinNetworkConfigurationOperatorsSid
= 37,
357 WinAccountAdministratorSid
= 38,
358 WinAccountGuestSid
= 39,
359 WinAccountKrbtgtSid
= 40,
360 WinAccountDomainAdminsSid
= 41,
361 WinAccountDomainUsersSid
= 42,
362 WinAccountDomainGuestsSid
= 43,
363 WinAccountComputersSid
= 44,
364 WinAccountControllersSid
= 45,
365 WinAccountCertAdminsSid
= 46,
366 WinAccountSchemaAdminsSid
= 47,
367 WinAccountEnterpriseAdminsSid
= 48,
368 WinAccountPolicyAdminsSid
= 49,
369 WinAccountRasAndIasServersSid
= 50,
370 WinNTLMAuthenticationSid
= 51,
371 WinDigestAuthenticationSid
= 52,
372 WinSChannelAuthenticationSid
= 53,
373 WinThisOrganizationSid
= 54,
374 WinOtherOrganizationSid
= 55,
375 WinBuiltinIncomingForestTrustBuildersSid
= 56,
376 WinBuiltinPerfMonitoringUsersSid
= 57,
377 WinBuiltinPerfLoggingUsersSid
= 58,
378 WinBuiltinAuthorizationAccessSid
= 59,
379 WinBuiltinTerminalServerLicenseServersSid
= 60,
380 WinBuiltinDCOMUsersSid
= 61,
381 WinBuiltinIUsersSid
= 62,
383 WinBuiltinCryptoOperatorsSid
= 64,
384 WinUntrustedLabelSid
= 65,
386 WinMediumLabelSid
= 67,
387 WinHighLabelSid
= 68,
388 WinSystemLabelSid
= 69,
389 WinWriteRestrictedCodeSid
= 70,
390 WinCreatorOwnerRightsSid
= 71,
391 WinCacheablePrincipalsGroupSid
= 72,
392 WinNonCacheablePrincipalsGroupSid
= 73,
393 WinEnterpriseReadonlyControllersSid
= 74,
394 WinAccountReadonlyControllersSid
= 75,
395 WinBuiltinEventLogReadersGroup
= 76,
396 WinNewEnterpriseReadonlyControllersSid
= 77,
397 WinBuiltinCertSvcDComAccessGroup
= 78,
398 WinMediumPlusLabelSid
= 79,
399 WinLocalLogonSid
= 80,
400 WinConsoleLogonSid
= 81,
401 WinThisOrganizationCertificateSid
= 82,
402 WinApplicationPackageAuthoritySid
= 83,
403 WinBuiltinAnyPackageSid
= 84,
404 WinCapabilityInternetClientSid
= 85,
405 WinCapabilityInternetClientServerSid
= 86,
406 WinCapabilityPrivateNetworkClientServerSid
= 87,
407 WinCapabilityPicturesLibrarySid
= 88,
408 WinCapabilityVideosLibrarySid
= 89,
409 WinCapabilityMusicLibrarySid
= 90,
410 WinCapabilityDocumentsLibrarySid
= 91,
411 WinCapabilitySharedUserCertificatesSid
= 92,
412 WinCapabilityEnterpriseAuthenticationSid
= 93,
413 WinCapabilityRemovableStorageSid
= 94,
414 WinBuiltinRDSRemoteAccessServersSid
= 95,
415 WinBuiltinRDSEndpointServersSid
= 96,
416 WinBuiltinRDSManagementServersSid
= 97,
417 WinUserModeDriversSid
= 98,
418 WinBuiltinHyperVAdminsSid
= 99,
419 WinAccountCloneableControllersSid
= 100,
420 WinBuiltinAccessControlAssistanceOperatorsSid
= 101,
421 WinBuiltinRemoteManagementUsersSid
= 102,
422 WinAuthenticationAuthorityAssertedSid
= 103,
423 WinAuthenticationServiceAssertedSid
= 104,
424 WinLocalAccountSid
= 105,
425 WinLocalAccountAndAdministratorSid
= 106,
426 WinAccountProtectedUsersSid
= 107,
427 } WELL_KNOWN_SID_TYPE
;
429 $
endif (_NTDDK_
|| _WINNT_
)
430 $
if (_NTIFS_
|| _WINNT_
)
432 #ifndef SID_IDENTIFIER_AUTHORITY_DEFINED
433 #define SID_IDENTIFIER_AUTHORITY_DEFINED
434 typedef struct _SID_IDENTIFIER_AUTHORITY
{
436 } SID_IDENTIFIER_AUTHORITY
,*PSID_IDENTIFIER_AUTHORITY
,*LPSID_IDENTIFIER_AUTHORITY
;
441 typedef struct _SID
{
443 $UCHAR SubAuthorityCount
;
444 SID_IDENTIFIER_AUTHORITY IdentifierAuthority
;
446 [size_is(SubAuthorityCount
)] $ULONG SubAuthority
[*];
448 $ULONG SubAuthority
[ANYSIZE_ARRAY
];
453 #define SID_REVISION 1
454 #define SID_MAX_SUB_AUTHORITIES 15
455 #define SID_RECOMMENDED_SUB_AUTHORITIES 1
458 #define SECURITY_MAX_SID_SIZE (sizeof(SID) - sizeof($ULONG) + (SID_MAX_SUB_AUTHORITIES * sizeof($ULONG)))
461 typedef enum _SID_NAME_USE
{
466 SidTypeWellKnownGroup
,
467 SidTypeDeletedAccount
,
472 } SID_NAME_USE
, *PSID_NAME_USE
;
474 typedef struct _SID_AND_ATTRIBUTES
{
481 } SID_AND_ATTRIBUTES
, *PSID_AND_ATTRIBUTES
;
482 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY
[ANYSIZE_ARRAY
];
483 typedef SID_AND_ATTRIBUTES_ARRAY
*PSID_AND_ATTRIBUTES_ARRAY
;
485 #define SID_HASH_SIZE 32
486 typedef ULONG_PTR SID_HASH_ENTRY
, *PSID_HASH_ENTRY
;
488 typedef struct _SID_AND_ATTRIBUTES_HASH
{
490 PSID_AND_ATTRIBUTES SidAttr
;
491 SID_HASH_ENTRY Hash
[SID_HASH_SIZE
];
492 } SID_AND_ATTRIBUTES_HASH
, *PSID_AND_ATTRIBUTES_HASH
;
494 /* Universal well-known SIDs */
496 #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
499 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
502 #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
505 #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
508 #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
510 #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
512 #define SECURITY_NULL_RID (0x00000000L)
513 #define SECURITY_WORLD_RID (0x00000000L)
514 #define SECURITY_LOCAL_RID (0x00000000L)
515 #define SECURITY_LOCAL_LOGON_RID (0x00000001L)
517 #define SECURITY_CREATOR_OWNER_RID (0x00000000L)
518 #define SECURITY_CREATOR_GROUP_RID (0x00000001L)
519 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
520 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
521 #define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
523 /* NT well-known SIDs */
526 #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
528 #define SECURITY_DIALUP_RID (0x00000001L)
529 #define SECURITY_NETWORK_RID (0x00000002L)
530 #define SECURITY_BATCH_RID (0x00000003L)
531 #define SECURITY_INTERACTIVE_RID (0x00000004L)
532 #define SECURITY_LOGON_IDS_RID (0x00000005L)
533 #define SECURITY_LOGON_IDS_RID_COUNT (3L)
534 #define SECURITY_SERVICE_RID (0x00000006L)
535 #define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
536 #define SECURITY_PROXY_RID (0x00000008L)
537 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
538 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
539 #define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
540 #define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
541 #define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
542 #define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
543 #define SECURITY_REMOTE_LOGON_RID (0x0000000EL)
544 #define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL)
545 #define SECURITY_IUSER_RID (0x00000011L)
546 #define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
547 #define SECURITY_LOCAL_SERVICE_RID (0x00000013L)
548 #define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
549 #define SECURITY_NT_NON_UNIQUE (0x00000015L)
550 #define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
551 #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
553 #define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
554 #define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
557 #define SECURITY_PACKAGE_BASE_RID (0x00000040L)
558 #define SECURITY_PACKAGE_RID_COUNT (2L)
559 #define SECURITY_PACKAGE_NTLM_RID (0x0000000AL)
560 #define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
561 #define SECURITY_PACKAGE_DIGEST_RID (0x00000015L)
563 #define SECURITY_CRED_TYPE_BASE_RID (0x00000041L)
564 #define SECURITY_CRED_TYPE_RID_COUNT (2L)
565 #define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L)
567 #define SECURITY_MIN_BASE_RID (0x00000050L)
568 #define SECURITY_SERVICE_ID_BASE_RID (0x00000050L)
569 #define SECURITY_SERVICE_ID_RID_COUNT (6L)
570 #define SECURITY_RESERVED_ID_BASE_RID (0x00000051L)
571 #define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L)
572 #define SECURITY_APPPOOL_ID_RID_COUNT (6L)
573 #define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L)
574 #define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L)
575 #define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L)
576 #define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L)
577 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID (0x00000055L)
578 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L)
579 #define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L)
580 #define SECURITY_WMIHOST_ID_RID_COUNT (6L)
581 #define SECURITY_TASK_ID_BASE_RID (0x00000057L)
582 #define SECURITY_NFS_ID_BASE_RID (0x00000058L)
583 #define SECURITY_COM_ID_BASE_RID (0x00000059L)
584 #define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L)
586 #define SECURITY_MAX_BASE_RID (0x0000006FL)
588 #define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
589 #define SECURITY_MIN_NEVER_FILTERED (0x000003E8L)
591 #define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
593 #define SECURITY_WINDOWSMOBILE_ID_BASE_RID (0x00000070L)
595 /* Well-known domain relative sub-authority values (RIDs) */
597 #define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
599 #define FOREST_USER_RID_MAX (0x000001F3L)
601 /* Well-known users */
603 #define DOMAIN_USER_RID_ADMIN (0x000001F4L)
604 #define DOMAIN_USER_RID_GUEST (0x000001F5L)
605 #define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
607 #define DOMAIN_USER_RID_MAX (0x000003E7L)
609 /* Well-known groups */
611 #define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
612 #define DOMAIN_GROUP_RID_USERS (0x00000201L)
613 #define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
614 #define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L)
615 #define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)
616 #define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)
617 #define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)
618 #define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)
619 #define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
620 #define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L)
622 /* Well-known aliases */
624 #define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
625 #define DOMAIN_ALIAS_RID_USERS (0x00000221L)
626 #define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
627 #define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
629 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
630 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
631 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
632 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
634 #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
635 #define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
636 #define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL)
637 #define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL)
638 #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL)
639 #define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
641 #define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL)
642 #define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL)
643 #define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
644 #define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L)
645 #define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L)
647 #define DOMAIN_ALIAS_RID_IUSERS (0x00000238L)
648 #define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L)
649 #define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL)
650 #define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL)
651 #define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL)
652 #define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL)
654 #define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
655 #define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L)
656 #define SECURITY_MANDATORY_LOW_RID (0x00001000L)
657 #define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L)
658 #define SECURITY_MANDATORY_HIGH_RID (0x00003000L)
659 #define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L)
660 #define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
662 /* SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that
663 can be set by a usermode caller.*/
665 #define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
667 #define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
669 /* Allocate the System Luid. The first 1000 LUIDs are reserved.
670 Use #999 here (0x3e7 = 999) */
672 #define SYSTEM_LUID {0x3e7, 0x0}
673 #define ANONYMOUS_LOGON_LUID {0x3e6, 0x0}
674 #define LOCALSERVICE_LUID {0x3e5, 0x0}
675 #define NETWORKSERVICE_LUID {0x3e4, 0x0}
676 #define IUSER_LUID {0x3e3, 0x0}
678 typedef struct _ACE_HEADER
{
682 } ACE_HEADER
, *PACE_HEADER
;
684 #define ACCESS_MIN_MS_ACE_TYPE (0x0)
685 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
686 #define ACCESS_DENIED_ACE_TYPE (0x1)
687 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
688 #define SYSTEM_ALARM_ACE_TYPE (0x3)
689 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
690 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
691 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
692 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)
693 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)
694 #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)
695 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)
696 #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)
697 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
698 #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)
699 #define ACCESS_MAX_MS_ACE_TYPE (0x8)
700 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)
701 #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)
702 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
703 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)
704 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)
705 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)
706 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)
707 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
708 #define ACCESS_MAX_MS_V5_ACE_TYPE (0x11)
709 #define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11)
711 /* The following are the inherit flags that go into the AceFlags field
714 #define OBJECT_INHERIT_ACE (0x1)
715 #define CONTAINER_INHERIT_ACE (0x2)
716 #define NO_PROPAGATE_INHERIT_ACE (0x4)
717 #define INHERIT_ONLY_ACE (0x8)
718 #define INHERITED_ACE (0x10)
719 #define VALID_INHERIT_FLAGS (0x1F)
721 #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
722 #define FAILED_ACCESS_ACE_FLAG (0x80)
724 typedef struct _ACCESS_ALLOWED_ACE
{
728 } ACCESS_ALLOWED_ACE
, *PACCESS_ALLOWED_ACE
;
730 typedef struct _ACCESS_DENIED_ACE
{
734 } ACCESS_DENIED_ACE
, *PACCESS_DENIED_ACE
;
736 typedef struct _SYSTEM_AUDIT_ACE
{
740 } SYSTEM_AUDIT_ACE
, *PSYSTEM_AUDIT_ACE
;
742 typedef struct _SYSTEM_ALARM_ACE
{
746 } SYSTEM_ALARM_ACE
, *PSYSTEM_ALARM_ACE
;
748 typedef struct _SYSTEM_MANDATORY_LABEL_ACE
{
752 } SYSTEM_MANDATORY_LABEL_ACE
, *PSYSTEM_MANDATORY_LABEL_ACE
;
754 #define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1
755 #define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2
756 #define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
757 #define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \
758 SYSTEM_MANDATORY_LABEL_NO_READ_UP | \
759 SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
761 #define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
763 typedef $USHORT SECURITY_DESCRIPTOR_CONTROL
, *PSECURITY_DESCRIPTOR_CONTROL
;
765 #define SE_OWNER_DEFAULTED 0x0001
766 #define SE_GROUP_DEFAULTED 0x0002
767 #define SE_DACL_PRESENT 0x0004
768 #define SE_DACL_DEFAULTED 0x0008
769 #define SE_SACL_PRESENT 0x0010
770 #define SE_SACL_DEFAULTED 0x0020
771 #define SE_DACL_UNTRUSTED 0x0040
772 #define SE_SERVER_SECURITY 0x0080
773 #define SE_DACL_AUTO_INHERIT_REQ 0x0100
774 #define SE_SACL_AUTO_INHERIT_REQ 0x0200
775 #define SE_DACL_AUTO_INHERITED 0x0400
776 #define SE_SACL_AUTO_INHERITED 0x0800
777 #define SE_DACL_PROTECTED 0x1000
778 #define SE_SACL_PROTECTED 0x2000
779 #define SE_RM_CONTROL_VALID 0x4000
780 #define SE_SELF_RELATIVE 0x8000
782 typedef struct _SECURITY_DESCRIPTOR_RELATIVE
{
785 SECURITY_DESCRIPTOR_CONTROL Control
;
790 } SECURITY_DESCRIPTOR_RELATIVE
, *PISECURITY_DESCRIPTOR_RELATIVE
;
792 typedef struct _SECURITY_DESCRIPTOR
{
795 SECURITY_DESCRIPTOR_CONTROL Control
;
800 } SECURITY_DESCRIPTOR
, *PISECURITY_DESCRIPTOR
;
802 typedef struct _OBJECT_TYPE_LIST
{
806 } OBJECT_TYPE_LIST
, *POBJECT_TYPE_LIST
;
808 #define ACCESS_OBJECT_GUID 0
809 #define ACCESS_PROPERTY_SET_GUID 1
810 #define ACCESS_PROPERTY_GUID 2
811 #define ACCESS_MAX_LEVEL 4
813 typedef enum _AUDIT_EVENT_TYPE
{
814 AuditEventObjectAccess
,
815 AuditEventDirectoryServiceAccess
816 } AUDIT_EVENT_TYPE
, *PAUDIT_EVENT_TYPE
;
818 #define AUDIT_ALLOW_NO_PRIVILEGE 0x1
820 #define ACCESS_DS_SOURCE_A "DS"
821 #define ACCESS_DS_SOURCE_W L"DS"
822 #define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object"
823 #define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object"
825 #define ACCESS_REASON_TYPE_MASK 0xffff0000
826 #define ACCESS_REASON_DATA_MASK 0x0000ffff
828 typedef enum _ACCESS_REASON_TYPE
{
829 AccessReasonNone
= 0x00000000,
830 AccessReasonAllowedAce
= 0x00010000,
831 AccessReasonDeniedAce
= 0x00020000,
832 AccessReasonAllowedParentAce
= 0x00030000,
833 AccessReasonDeniedParentAce
= 0x00040000,
834 AccessReasonMissingPrivilege
= 0x00100000,
835 AccessReasonFromPrivilege
= 0x00200000,
836 AccessReasonIntegrityLevel
= 0x00300000,
837 AccessReasonOwnership
= 0x00400000,
838 AccessReasonNullDacl
= 0x00500000,
839 AccessReasonEmptyDacl
= 0x00600000,
840 AccessReasonNoSD
= 0x00700000,
841 AccessReasonNoGrant
= 0x00800000
842 } ACCESS_REASON_TYPE
;
844 typedef $ULONG ACCESS_REASON
;
846 typedef struct _ACCESS_REASONS
{
847 ACCESS_REASON Data
[32];
848 } ACCESS_REASONS
, *PACCESS_REASONS
;
850 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_OWNER_ACE 0x00000001
851 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_LABEL_ACE 0x00000002
852 #define SE_SECURITY_DESCRIPTOR_VALID_FLAGS 0x00000003
854 typedef struct _SE_SECURITY_DESCRIPTOR
{
857 PSECURITY_DESCRIPTOR SecurityDescriptor
;
858 } SE_SECURITY_DESCRIPTOR
, *PSE_SECURITY_DESCRIPTOR
;
860 typedef struct _SE_ACCESS_REQUEST
{
862 PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor
;
863 ACCESS_MASK DesiredAccess
;
864 ACCESS_MASK PreviouslyGrantedAccess
;
865 PSID PrincipalSelfSid
;
866 PGENERIC_MAPPING GenericMapping
;
867 $ULONG ObjectTypeListCount
;
868 POBJECT_TYPE_LIST ObjectTypeList
;
869 } SE_ACCESS_REQUEST
, *PSE_ACCESS_REQUEST
;
871 #define TOKEN_ASSIGN_PRIMARY (0x0001)
872 #define TOKEN_DUPLICATE (0x0002)
873 #define TOKEN_IMPERSONATE (0x0004)
874 #define TOKEN_QUERY (0x0008)
875 #define TOKEN_QUERY_SOURCE (0x0010)
876 #define TOKEN_ADJUST_PRIVILEGES (0x0020)
877 #define TOKEN_ADJUST_GROUPS (0x0040)
878 #define TOKEN_ADJUST_DEFAULT (0x0080)
879 #define TOKEN_ADJUST_SESSIONID (0x0100)
881 #define TOKEN_ALL_ACCESS_P (STANDARD_RIGHTS_REQUIRED |\
882 TOKEN_ASSIGN_PRIMARY |\
886 TOKEN_QUERY_SOURCE |\
887 TOKEN_ADJUST_PRIVILEGES |\
888 TOKEN_ADJUST_GROUPS |\
889 TOKEN_ADJUST_DEFAULT)
891 #if ((defined(_WIN32_WINNT) && (_WIN32_WINNT > 0x0400)) || (!defined(_WIN32_WINNT)))
892 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P | TOKEN_ADJUST_SESSIONID)
894 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P)
897 #define TOKEN_READ (STANDARD_RIGHTS_READ | TOKEN_QUERY)
899 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\
900 TOKEN_ADJUST_PRIVILEGES |\
901 TOKEN_ADJUST_GROUPS |\
902 TOKEN_ADJUST_DEFAULT)
904 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
906 typedef enum _TOKEN_TYPE
{
909 } TOKEN_TYPE
, *PTOKEN_TYPE
;
911 typedef enum _TOKEN_INFORMATION_CLASS
{
920 TokenImpersonationLevel
,
924 TokenGroupsAndPrivileges
,
925 TokenSessionReference
,
932 TokenHasRestrictions
,
933 TokenAccessInformation
,
934 TokenVirtualizationAllowed
,
935 TokenVirtualizationEnabled
,
938 TokenMandatoryPolicy
,
942 TokenAppContainerSid
,
943 TokenAppContainerNumber
,
944 TokenUserClaimAttributes
,
945 TokenDeviceClaimAttributes
,
946 TokenRestrictedUserClaimAttributes
,
947 TokenRestrictedDeviceClaimAttributes
,
949 TokenRestrictedDeviceGroups
,
950 TokenSecurityAttributes
,
953 } TOKEN_INFORMATION_CLASS
, *PTOKEN_INFORMATION_CLASS
;
955 typedef struct _TOKEN_USER
{
956 SID_AND_ATTRIBUTES User
;
957 } TOKEN_USER
, *PTOKEN_USER
;
959 typedef struct _TOKEN_GROUPS
{
962 [size_is(GroupCount
)] SID_AND_ATTRIBUTES Groups
[*];
964 SID_AND_ATTRIBUTES Groups
[ANYSIZE_ARRAY
];
966 } TOKEN_GROUPS
, *PTOKEN_GROUPS
, *LPTOKEN_GROUPS
;
968 typedef struct _TOKEN_PRIVILEGES
{
969 $ULONG PrivilegeCount
;
970 LUID_AND_ATTRIBUTES Privileges
[ANYSIZE_ARRAY
];
971 } TOKEN_PRIVILEGES
, *PTOKEN_PRIVILEGES
, *LPTOKEN_PRIVILEGES
;
973 typedef struct _TOKEN_OWNER
{
975 } TOKEN_OWNER
, *PTOKEN_OWNER
;
977 typedef struct _TOKEN_PRIMARY_GROUP
{
979 } TOKEN_PRIMARY_GROUP
, *PTOKEN_PRIMARY_GROUP
;
981 typedef struct _TOKEN_DEFAULT_DACL
{
983 } TOKEN_DEFAULT_DACL
, *PTOKEN_DEFAULT_DACL
;
985 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES
{
988 PSID_AND_ATTRIBUTES Sids
;
989 $ULONG RestrictedSidCount
;
990 $ULONG RestrictedSidLength
;
991 PSID_AND_ATTRIBUTES RestrictedSids
;
992 $ULONG PrivilegeCount
;
993 $ULONG PrivilegeLength
;
994 PLUID_AND_ATTRIBUTES Privileges
;
995 LUID AuthenticationId
;
996 } TOKEN_GROUPS_AND_PRIVILEGES
, *PTOKEN_GROUPS_AND_PRIVILEGES
;
998 typedef struct _TOKEN_LINKED_TOKEN
{
1000 } TOKEN_LINKED_TOKEN
, *PTOKEN_LINKED_TOKEN
;
1002 typedef struct _TOKEN_ELEVATION
{
1003 $ULONG TokenIsElevated
;
1004 } TOKEN_ELEVATION
, *PTOKEN_ELEVATION
;
1006 typedef struct _TOKEN_MANDATORY_LABEL
{
1007 SID_AND_ATTRIBUTES Label
;
1008 } TOKEN_MANDATORY_LABEL
, *PTOKEN_MANDATORY_LABEL
;
1010 #define TOKEN_MANDATORY_POLICY_OFF 0x0
1011 #define TOKEN_MANDATORY_POLICY_NO_WRITE_UP 0x1
1012 #define TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN 0x2
1014 #define TOKEN_MANDATORY_POLICY_VALID_MASK (TOKEN_MANDATORY_POLICY_NO_WRITE_UP | \
1015 TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN)
1017 #define POLICY_AUDIT_SUBCATEGORY_COUNT (56)
1019 typedef struct _TOKEN_AUDIT_POLICY
{
1020 $UCHAR PerUserPolicy
[((POLICY_AUDIT_SUBCATEGORY_COUNT
) >> 1) + 1];
1021 } TOKEN_AUDIT_POLICY
, *PTOKEN_AUDIT_POLICY
;
1023 #define TOKEN_SOURCE_LENGTH 8
1025 typedef struct _TOKEN_SOURCE
{
1026 CHAR SourceName
[TOKEN_SOURCE_LENGTH
];
1027 LUID SourceIdentifier
;
1028 } TOKEN_SOURCE
, *PTOKEN_SOURCE
;
1030 #include <pshpack4.h>
1031 typedef struct _TOKEN_STATISTICS
{
1033 LUID AuthenticationId
;
1034 LARGE_INTEGER ExpirationTime
;
1035 TOKEN_TYPE TokenType
;
1036 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
1037 $ULONG DynamicCharged
;
1038 $ULONG DynamicAvailable
;
1040 $ULONG PrivilegeCount
;
1042 } TOKEN_STATISTICS
, *PTOKEN_STATISTICS
;
1043 #include <poppack.h>
1045 typedef struct _TOKEN_CONTROL
{
1047 LUID AuthenticationId
;
1049 TOKEN_SOURCE TokenSource
;
1050 } TOKEN_CONTROL
, *PTOKEN_CONTROL
;
1052 typedef struct _TOKEN_ORIGIN
{
1053 LUID OriginatingLogonSession
;
1054 } TOKEN_ORIGIN
, *PTOKEN_ORIGIN
;
1056 typedef enum _MANDATORY_LEVEL
{
1057 MandatoryLevelUntrusted
= 0,
1059 MandatoryLevelMedium
,
1061 MandatoryLevelSystem
,
1062 MandatoryLevelSecureProcess
,
1064 } MANDATORY_LEVEL
, *PMANDATORY_LEVEL
;
1066 $
endif(_NTIFS_
|| _WINNT_
)
1069 typedef struct _SE_ACCESS_REPLY
{
1071 $ULONG ResultListCount
;
1072 PACCESS_MASK GrantedAccess
;
1073 PNTSTATUS AccessStatus
;
1074 PACCESS_REASONS AccessReason
;
1075 PPRIVILEGE_SET
* Privileges
;
1076 } SE_ACCESS_REPLY
, *PSE_ACCESS_REPLY
;
1078 typedef enum _SE_AUDIT_OPERATION
{
1079 AuditPrivilegeObject
,
1080 AuditPrivilegeService
,
1083 AuditOpenObjectWithTransaction
,
1086 AuditOpenObjectForDelete
,
1087 AuditOpenObjectForDeleteWithTransaction
,
1088 AuditCloseNonObject
,
1090 AuditObjectReference
,
1091 AuditHandleCreation
,
1092 } SE_AUDIT_OPERATION
, *PSE_AUDIT_OPERATION
;
1094 typedef struct _SE_AUDIT_INFO
{
1096 AUDIT_EVENT_TYPE AuditType
;
1097 SE_AUDIT_OPERATION AuditOperation
;
1099 UNICODE_STRING SubsystemName
;
1100 UNICODE_STRING ObjectTypeName
;
1101 UNICODE_STRING ObjectName
;
1103 GUID
* TransactionId
;
1105 BOOLEAN ObjectCreation
;
1106 BOOLEAN GenerateOnClose
;
1107 } SE_AUDIT_INFO
, *PSE_AUDIT_INFO
;
1109 typedef struct _TOKEN_MANDATORY_POLICY
{
1111 } TOKEN_MANDATORY_POLICY
, *PTOKEN_MANDATORY_POLICY
;
1113 typedef struct _TOKEN_ACCESS_INFORMATION
{
1114 PSID_AND_ATTRIBUTES_HASH SidHash
;
1115 PSID_AND_ATTRIBUTES_HASH RestrictedSidHash
;
1116 PTOKEN_PRIVILEGES Privileges
;
1117 LUID AuthenticationId
;
1118 TOKEN_TYPE TokenType
;
1119 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
;
1120 TOKEN_MANDATORY_POLICY MandatoryPolicy
;
1122 } TOKEN_ACCESS_INFORMATION
, *PTOKEN_ACCESS_INFORMATION
;
1124 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x0001
1125 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x0002
1126 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x0004
1127 #define TOKEN_WRITE_RESTRICTED 0x0008
1128 #define TOKEN_HAS_ADMIN_GROUP TOKEN_WRITE_RESTRICTED
1129 #define TOKEN_IS_RESTRICTED 0x0010
1130 #define TOKEN_SESSION_NOT_REFERENCED 0x0020
1131 #define TOKEN_SANDBOX_INERT 0x0040
1132 #define TOKEN_HAS_IMPERSONATE_PRIVILEGE 0x0080
1133 #define SE_BACKUP_PRIVILEGES_CHECKED 0x0100
1134 #define TOKEN_VIRTUALIZE_ALLOWED 0x0200
1135 #define TOKEN_VIRTUALIZE_ENABLED 0x0400
1136 #define TOKEN_IS_FILTERED 0x0800
1137 #define TOKEN_UIACCESS 0x1000
1138 #define TOKEN_NOT_LOW 0x2000
1140 typedef struct _SE_EXPORTS
{
1141 LUID SeCreateTokenPrivilege
;
1142 LUID SeAssignPrimaryTokenPrivilege
;
1143 LUID SeLockMemoryPrivilege
;
1144 LUID SeIncreaseQuotaPrivilege
;
1145 LUID SeUnsolicitedInputPrivilege
;
1146 LUID SeTcbPrivilege
;
1147 LUID SeSecurityPrivilege
;
1148 LUID SeTakeOwnershipPrivilege
;
1149 LUID SeLoadDriverPrivilege
;
1150 LUID SeCreatePagefilePrivilege
;
1151 LUID SeIncreaseBasePriorityPrivilege
;
1152 LUID SeSystemProfilePrivilege
;
1153 LUID SeSystemtimePrivilege
;
1154 LUID SeProfileSingleProcessPrivilege
;
1155 LUID SeCreatePermanentPrivilege
;
1156 LUID SeBackupPrivilege
;
1157 LUID SeRestorePrivilege
;
1158 LUID SeShutdownPrivilege
;
1159 LUID SeDebugPrivilege
;
1160 LUID SeAuditPrivilege
;
1161 LUID SeSystemEnvironmentPrivilege
;
1162 LUID SeChangeNotifyPrivilege
;
1163 LUID SeRemoteShutdownPrivilege
;
1167 PSID SeCreatorOwnerSid
;
1168 PSID SeCreatorGroupSid
;
1169 PSID SeNtAuthoritySid
;
1173 PSID SeInteractiveSid
;
1174 PSID SeLocalSystemSid
;
1175 PSID SeAliasAdminsSid
;
1176 PSID SeAliasUsersSid
;
1177 PSID SeAliasGuestsSid
;
1178 PSID SeAliasPowerUsersSid
;
1179 PSID SeAliasAccountOpsSid
;
1180 PSID SeAliasSystemOpsSid
;
1181 PSID SeAliasPrintOpsSid
;
1182 PSID SeAliasBackupOpsSid
;
1183 PSID SeAuthenticatedUsersSid
;
1184 PSID SeRestrictedSid
;
1185 PSID SeAnonymousLogonSid
;
1186 LUID SeUndockPrivilege
;
1187 LUID SeSyncAgentPrivilege
;
1188 LUID SeEnableDelegationPrivilege
;
1189 PSID SeLocalServiceSid
;
1190 PSID SeNetworkServiceSid
;
1191 LUID SeManageVolumePrivilege
;
1192 LUID SeImpersonatePrivilege
;
1193 LUID SeCreateGlobalPrivilege
;
1194 LUID SeTrustedCredManAccessPrivilege
;
1195 LUID SeRelabelPrivilege
;
1196 LUID SeIncreaseWorkingSetPrivilege
;
1197 LUID SeTimeZonePrivilege
;
1198 LUID SeCreateSymbolicLinkPrivilege
;
1200 PSID SeUntrustedMandatorySid
;
1201 PSID SeLowMandatorySid
;
1202 PSID SeMediumMandatorySid
;
1203 PSID SeHighMandatorySid
;
1204 PSID SeSystemMandatorySid
;
1205 PSID SeOwnerRightsSid
;
1206 } SE_EXPORTS
, *PSE_EXPORTS
;
1209 (NTAPI
*PSE_LOGON_SESSION_TERMINATED_ROUTINE
)(
1212 typedef struct _SECURITY_CLIENT_CONTEXT
{
1213 SECURITY_QUALITY_OF_SERVICE SecurityQos
;
1214 PACCESS_TOKEN ClientToken
;
1215 BOOLEAN DirectlyAccessClientToken
;
1216 BOOLEAN DirectAccessEffectiveOnly
;
1217 BOOLEAN ServerIsRemote
;
1218 TOKEN_CONTROL ClientTokenControl
;
1219 } SECURITY_CLIENT_CONTEXT
, *PSECURITY_CLIENT_CONTEXT
;