extern "C" {
#endif
+
/* Dependencies */
#include <ntddk.h>
#include <excpt.h>
/******************************************************************************
* Security Manager Types *
******************************************************************************/
+
#ifndef SID_IDENTIFIER_AUTHORITY_DEFINED
#define SID_IDENTIFIER_AUTHORITY_DEFINED
typedef struct _SID_IDENTIFIER_AUTHORITY {
/* Universal well-known SIDs */
#define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
+
+/* S-1-1 */
#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
+
+/* S-1-2 */
#define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
+
+/* S-1-3 */
#define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
+
+/* S-1-4 */
#define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
+
#define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
-#define SECURITY_NULL_RID (0x00000000L)
-#define SECURITY_WORLD_RID (0x00000000L)
-#define SECURITY_LOCAL_RID (0x00000000L)
-#define SECURITY_LOCAL_LOGON_RID (0x00000001L)
+#define SECURITY_NULL_RID (0x00000000L)
+#define SECURITY_WORLD_RID (0x00000000L)
+#define SECURITY_LOCAL_RID (0x00000000L)
+#define SECURITY_LOCAL_LOGON_RID (0x00000001L)
-#define SECURITY_CREATOR_OWNER_RID (0x00000000L)
-#define SECURITY_CREATOR_GROUP_RID (0x00000001L)
-#define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
-#define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
-#define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
+#define SECURITY_CREATOR_OWNER_RID (0x00000000L)
+#define SECURITY_CREATOR_GROUP_RID (0x00000001L)
+#define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
+#define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
+#define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
/* NT well-known SIDs */
-#define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
-
-#define SECURITY_DIALUP_RID (0x00000001L)
-#define SECURITY_NETWORK_RID (0x00000002L)
-#define SECURITY_BATCH_RID (0x00000003L)
-#define SECURITY_INTERACTIVE_RID (0x00000004L)
-#define SECURITY_LOGON_IDS_RID (0x00000005L)
-#define SECURITY_LOGON_IDS_RID_COUNT (3L)
-#define SECURITY_SERVICE_RID (0x00000006L)
-#define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
-#define SECURITY_PROXY_RID (0x00000008L)
-#define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
-#define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
-#define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
-#define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
-#define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
-#define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
-#define SECURITY_REMOTE_LOGON_RID (0x0000000EL)
-#define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL)
-#define SECURITY_IUSER_RID (0x00000011L)
-#define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
-#define SECURITY_LOCAL_SERVICE_RID (0x00000013L)
-#define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
-#define SECURITY_NT_NON_UNIQUE (0x00000015L)
-#define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
+/* S-1-5 */
+#define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
+
+#define SECURITY_DIALUP_RID (0x00000001L)
+#define SECURITY_NETWORK_RID (0x00000002L)
+#define SECURITY_BATCH_RID (0x00000003L)
+#define SECURITY_INTERACTIVE_RID (0x00000004L)
+#define SECURITY_LOGON_IDS_RID (0x00000005L)
+#define SECURITY_LOGON_IDS_RID_COUNT (3L)
+#define SECURITY_SERVICE_RID (0x00000006L)
+#define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
+#define SECURITY_PROXY_RID (0x00000008L)
+#define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
+#define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
+#define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)
+#define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
+#define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)
+#define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)
+#define SECURITY_REMOTE_LOGON_RID (0x0000000EL)
+#define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL)
+#define SECURITY_IUSER_RID (0x00000011L)
+#define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
+#define SECURITY_LOCAL_SERVICE_RID (0x00000013L)
+#define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
+#define SECURITY_NT_NON_UNIQUE (0x00000015L)
+#define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
#define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
-#define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
+#define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
#define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
-#define SECURITY_PACKAGE_BASE_RID (0x00000040L)
-#define SECURITY_PACKAGE_RID_COUNT (2L)
-#define SECURITY_PACKAGE_NTLM_RID (0x0000000AL)
-#define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
-#define SECURITY_PACKAGE_DIGEST_RID (0x00000015L)
-
-#define SECURITY_CRED_TYPE_BASE_RID (0x00000041L)
-#define SECURITY_CRED_TYPE_RID_COUNT (2L)
-#define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L)
-
-#define SECURITY_MIN_BASE_RID (0x00000050L)
-#define SECURITY_SERVICE_ID_BASE_RID (0x00000050L)
-#define SECURITY_SERVICE_ID_RID_COUNT (6L)
-#define SECURITY_RESERVED_ID_BASE_RID (0x00000051L)
-#define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L)
-#define SECURITY_APPPOOL_ID_RID_COUNT (6L)
-#define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L)
-#define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L)
-#define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L)
-#define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L)
+#define SECURITY_PACKAGE_BASE_RID (0x00000040L)
+#define SECURITY_PACKAGE_RID_COUNT (2L)
+#define SECURITY_PACKAGE_NTLM_RID (0x0000000AL)
+#define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
+#define SECURITY_PACKAGE_DIGEST_RID (0x00000015L)
+
+#define SECURITY_CRED_TYPE_BASE_RID (0x00000041L)
+#define SECURITY_CRED_TYPE_RID_COUNT (2L)
+#define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L)
+
+#define SECURITY_MIN_BASE_RID (0x00000050L)
+#define SECURITY_SERVICE_ID_BASE_RID (0x00000050L)
+#define SECURITY_SERVICE_ID_RID_COUNT (6L)
+#define SECURITY_RESERVED_ID_BASE_RID (0x00000051L)
+#define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L)
+#define SECURITY_APPPOOL_ID_RID_COUNT (6L)
+#define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L)
+#define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L)
+#define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L)
+#define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L)
#define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID (0x00000055L)
#define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L)
-#define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L)
-#define SECURITY_WMIHOST_ID_RID_COUNT (6L)
-#define SECURITY_TASK_ID_BASE_RID (0x00000057L)
-#define SECURITY_NFS_ID_BASE_RID (0x00000058L)
-#define SECURITY_COM_ID_BASE_RID (0x00000059L)
-#define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L)
+#define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L)
+#define SECURITY_WMIHOST_ID_RID_COUNT (6L)
+#define SECURITY_TASK_ID_BASE_RID (0x00000057L)
+#define SECURITY_NFS_ID_BASE_RID (0x00000058L)
+#define SECURITY_COM_ID_BASE_RID (0x00000059L)
+#define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L)
-#define SECURITY_MAX_BASE_RID (0x0000006FL)
+#define SECURITY_MAX_BASE_RID (0x0000006FL)
-#define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
-#define SECURITY_MIN_NEVER_FILTERED (0x000003E8L)
+#define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
+#define SECURITY_MIN_NEVER_FILTERED (0x000003E8L)
#define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
#define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
-#define FOREST_USER_RID_MAX (0x000001F3L)
+#define FOREST_USER_RID_MAX (0x000001F3L)
/* Well-known users */
-#define DOMAIN_USER_RID_ADMIN (0x000001F4L)
-#define DOMAIN_USER_RID_GUEST (0x000001F5L)
-#define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
+#define DOMAIN_USER_RID_ADMIN (0x000001F4L)
+#define DOMAIN_USER_RID_GUEST (0x000001F5L)
+#define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
-#define DOMAIN_USER_RID_MAX (0x000003E7L)
+#define DOMAIN_USER_RID_MAX (0x000003E7L)
/* Well-known groups */
/* Well-known aliases */
-#define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
-#define DOMAIN_ALIAS_RID_USERS (0x00000221L)
-#define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
-#define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
+#define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
+#define DOMAIN_ALIAS_RID_USERS (0x00000221L)
+#define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
+#define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
-#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
-#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
-#define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
-#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
+#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
+#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
+#define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
+#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
#define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
#define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)
#define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL)
#define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
-#define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL)
-#define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL)
-#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
-#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L)
-#define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L)
+#define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL)
+#define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL)
+#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
+#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L)
+#define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L)
+
#define DOMAIN_ALIAS_RID_IUSERS (0x00000238L)
#define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L)
#define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL)
#define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL)
#define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL)
-#define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
-#define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L)
-#define SECURITY_MANDATORY_LOW_RID (0x00001000L)
-#define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L)
-#define SECURITY_MANDATORY_HIGH_RID (0x00003000L)
-#define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L)
-#define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
+#define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
+#define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L)
+#define SECURITY_MANDATORY_LOW_RID (0x00001000L)
+#define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L)
+#define SECURITY_MANDATORY_HIGH_RID (0x00003000L)
+#define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L)
+#define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
/* SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that
can be set by a usermode caller.*/
-#define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
+#define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
#define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
/* Allocate the System Luid. The first 1000 LUIDs are reserved.
Use #999 here (0x3e7 = 999) */
-#define SYSTEM_LUID {0x3e7, 0x0}
-#define ANONYMOUS_LOGON_LUID {0x3e6, 0x0}
-#define LOCALSERVICE_LUID {0x3e5, 0x0}
-#define NETWORKSERVICE_LUID {0x3e4, 0x0}
-#define IUSER_LUID {0x3e3, 0x0}
+#define SYSTEM_LUID {0x3e7, 0x0}
+#define ANONYMOUS_LOGON_LUID {0x3e6, 0x0}
+#define LOCALSERVICE_LUID {0x3e5, 0x0}
+#define NETWORKSERVICE_LUID {0x3e4, 0x0}
+#define IUSER_LUID {0x3e3, 0x0}
typedef struct _ACE_HEADER {
UCHAR AceType;
USHORT AceSize;
} ACE_HEADER, *PACE_HEADER;
-/* also in winnt.h */
#define ACCESS_MIN_MS_ACE_TYPE (0x0)
#define ACCESS_ALLOWED_ACE_TYPE (0x0)
#define ACCESS_DENIED_ACE_TYPE (0x1)
/* The following are the inherit flags that go into the AceFlags field
of an Ace header. */
-#define OBJECT_INHERIT_ACE (0x1)
-#define CONTAINER_INHERIT_ACE (0x2)
-#define NO_PROPAGATE_INHERIT_ACE (0x4)
-#define INHERIT_ONLY_ACE (0x8)
-#define INHERITED_ACE (0x10)
-#define VALID_INHERIT_FLAGS (0x1F)
+#define OBJECT_INHERIT_ACE (0x1)
+#define CONTAINER_INHERIT_ACE (0x2)
+#define NO_PROPAGATE_INHERIT_ACE (0x4)
+#define INHERIT_ONLY_ACE (0x8)
+#define INHERITED_ACE (0x10)
+#define VALID_INHERIT_FLAGS (0x1F)
-#define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
-#define FAILED_ACCESS_ACE_FLAG (0x80)
+#define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
+#define FAILED_ACCESS_ACE_FLAG (0x80)
typedef struct _ACCESS_ALLOWED_ACE {
ACE_HEADER Header;
ULONG SidStart;
} SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;
-#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1
-#define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2
-#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
-#define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \
- SYSTEM_MANDATORY_LABEL_NO_READ_UP | \
- SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
-
-#define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
-
-typedef USHORT SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL;
-
-#define SE_OWNER_DEFAULTED 0x0001
-#define SE_GROUP_DEFAULTED 0x0002
-#define SE_DACL_PRESENT 0x0004
-#define SE_DACL_DEFAULTED 0x0008
-#define SE_SACL_PRESENT 0x0010
-#define SE_SACL_DEFAULTED 0x0020
-#define SE_DACL_UNTRUSTED 0x0040
-#define SE_SERVER_SECURITY 0x0080
-#define SE_DACL_AUTO_INHERIT_REQ 0x0100
-#define SE_SACL_AUTO_INHERIT_REQ 0x0200
-#define SE_DACL_AUTO_INHERITED 0x0400
-#define SE_SACL_AUTO_INHERITED 0x0800
-#define SE_DACL_PROTECTED 0x1000
-#define SE_SACL_PROTECTED 0x2000
-#define SE_RM_CONTROL_VALID 0x4000
-#define SE_SELF_RELATIVE 0x8000
+#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1
+#define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2
+#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
+#define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \
+ SYSTEM_MANDATORY_LABEL_NO_READ_UP | \
+ SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
+
+#define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
+
+typedef USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
+
+#define SE_OWNER_DEFAULTED 0x0001
+#define SE_GROUP_DEFAULTED 0x0002
+#define SE_DACL_PRESENT 0x0004
+#define SE_DACL_DEFAULTED 0x0008
+#define SE_SACL_PRESENT 0x0010
+#define SE_SACL_DEFAULTED 0x0020
+#define SE_DACL_UNTRUSTED 0x0040
+#define SE_SERVER_SECURITY 0x0080
+#define SE_DACL_AUTO_INHERIT_REQ 0x0100
+#define SE_SACL_AUTO_INHERIT_REQ 0x0200
+#define SE_DACL_AUTO_INHERITED 0x0400
+#define SE_SACL_AUTO_INHERITED 0x0800
+#define SE_DACL_PROTECTED 0x1000
+#define SE_SACL_PROTECTED 0x2000
+#define SE_RM_CONTROL_VALID 0x4000
+#define SE_SELF_RELATIVE 0x8000
typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
UCHAR Revision;
PSECURITY_DESCRIPTOR SecurityDescriptor;
} SE_SECURITY_DESCRIPTOR, *PSE_SECURITY_DESCRIPTOR;
+
typedef struct _SE_ACCESS_REQUEST {
ULONG Size;
PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor;
} FS_FILTER_CALLBACK_DATA, *PFS_FILTER_CALLBACK_DATA;
typedef NTSTATUS
-(*PFS_FILTER_CALLBACK) (
+(NTAPI *PFS_FILTER_CALLBACK) (
_In_ PFS_FILTER_CALLBACK_DATA Data,
_Out_ PVOID *CompletionContext);
typedef VOID
-(*PFS_FILTER_COMPLETION_CALLBACK) (
+(NTAPI *PFS_FILTER_COMPLETION_CALLBACK) (
_In_ PFS_FILTER_CALLBACK_DATA Data,
_In_ NTSTATUS OperationStatus,
_In_ PVOID CompletionContext);