-/*
+/* $Id: setypes.h,v 1.15 2004/07/11 16:09:37 ekohl Exp $
+ *
* COPYRIGHT: See COPYING in the top level directory for details
* PROJECT: ReactOS kernel
* FILE: include/ddk/setypes.h
#ifndef __INCLUDE_DDK_SETYPES_H
#define __INCLUDE_DDK_SETYPES_H
-typedef ULONG ACCESS_MODE, *PACCESS_MODE;
-typedef SECURITY_QUALITY_OF_SERVICE* PSECURITY_QUALITY_OF_SERVICE;
+#include <ntos/security.h>
+
+/* TOKEN_GROUPS structure */
+#define SE_GROUP_MANDATORY (0x1L)
+#define SE_GROUP_ENABLED_BY_DEFAULT (0x2L)
+#define SE_GROUP_ENABLED (0x4L)
+#define SE_GROUP_OWNER (0x8L)
+#define SE_GROUP_LOGON_ID (0xC0000000L)
+
+/* ACL Defines */
+#define ACL_REVISION1 (1)
+#define ACL_REVISION2 (2)
+#define ACL_REVISION3 (3)
+#define MIN_ACL_REVISION ACL_REVISION2
+#define MAX_ACL_REVISION ACL_REVISION3
+
+#define ACL_REVISION (2)
+
+/* ACE_HEADER structure */
+#define ACCESS_MIN_MS_ACE_TYPE (0x0)
+#define ACCESS_ALLOWED_ACE_TYPE (0x0)
+#define ACCESS_DENIED_ACE_TYPE (0x1)
+#define SYSTEM_AUDIT_ACE_TYPE (0x2)
+#define SYSTEM_ALARM_ACE_TYPE (0x3)
+#define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
+#define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)
+#define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
+#define ACCESS_MAX_MS_ACE_TYPE (0x4)
+
+/* ACE flags in the ACE_HEADER structure */
+#define OBJECT_INHERIT_ACE (0x1)
+#define CONTAINER_INHERIT_ACE (0x2)
+#define NO_PROPAGATE_INHERIT_ACE (0x4)
+#define INHERIT_ONLY_ACE (0x8)
+#define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
+#define FAILED_ACCESS_ACE_FLAG (0x80)
+
+/* SECURITY_DESCRIPTOR_CONTROL */
+#define SECURITY_DESCRIPTOR_REVISION (1)
+#define SECURITY_DESCRIPTOR_REVISION1 (1)
+#define SECURITY_DESCRIPTOR_MIN_LENGTH (20)
+#define SE_OWNER_DEFAULTED (1)
+#define SE_GROUP_DEFAULTED (2)
+#define SE_DACL_PRESENT (4)
+#define SE_DACL_DEFAULTED (8)
+#define SE_SACL_PRESENT (16)
+#define SE_SACL_DEFAULTED (32)
+#define SE_SELF_RELATIVE (32768)
+
+/* PRIVILEGE_SET */
+#define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x1L)
+#define SE_PRIVILEGE_ENABLED (0x2L)
+#define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
+#define PRIVILEGE_SET_ALL_NECESSARY (0x1)
+
+/* SID */
+#define SID_REVISION (1)
+#define SID_MAX_SUB_AUTHORITIES (15)
+
+typedef struct _ACCESS_TOKEN
+{
+ TOKEN_SOURCE TokenSource; /* 0x00 */
+ LUID TokenId; /* 0x10 */
+ LUID AuthenticationId; /* 0x18 */
+ LARGE_INTEGER ExpirationTime; /* 0x20 */
+ LUID ModifiedId; /* 0x28 */
+ ULONG UserAndGroupCount; /* 0x30 */
+ ULONG PrivilegeCount; /* 0x34 */
+ ULONG VariableLength; /* 0x38 */
+ ULONG DynamicCharged; /* 0x3C */
+ ULONG DynamicAvailable; /* 0x40 */
+ ULONG DefaultOwnerIndex; /* 0x44 */
+ PSID_AND_ATTRIBUTES UserAndGroups; /* 0x48 */
+ PSID PrimaryGroup; /* 0x4C */
+ PLUID_AND_ATTRIBUTES Privileges; /* 0x50 */
+ ULONG Unknown1; /* 0x54 */
+ PACL DefaultDacl; /* 0x58 */
+ TOKEN_TYPE TokenType; /* 0x5C */
+ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; /* 0x60 */
+ UCHAR TokenFlags; /* 0x64 */
+ UCHAR TokenInUse; /* 0x65 */
+ UCHAR Unused[2]; /* 0x66 */
+ PVOID ProxyData; /* 0x68 */
+ PVOID AuditData; /* 0x6c */
+ UCHAR VariablePart[0]; /* 0x70 */
+} ACCESS_TOKEN, *PACCESS_TOKEN;
+
typedef struct _SECURITY_SUBJECT_CONTEXT
{
+ PACCESS_TOKEN ClientToken; /* 0x0 */
+ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; /* 0x4 */
+ PACCESS_TOKEN PrimaryToken; /* 0x8 */
+ PVOID ProcessAuditId; /* 0xC */
} SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT;
-typedef struct _SECURITY_DESCRIPTOR_CONTEXT
+
+typedef struct _SECURITY_CLIENT_CONTEXT
{
-} SECURITY_DESCRIPTOR_CONTEXT, *PSECURITY_DESCRIPTOR_CONTEXT;
-
-typedef struct _ACCESS_TOKEN {
- TOKEN_SOURCE TokenSource;
- LUID AuthenticationId;
- LARGE_INTEGER ExpirationTime;
- LUID ModifiedId;
- ULONG UserAndGroupCount;
- ULONG PrivilegeCount;
- ULONG VariableLength;
- ULONG DynamicCharged;
- ULONG DynamicAvailable;
- ULONG DefaultOwnerIndex;
- PACL DefaultDacl;
- TOKEN_TYPE TokenType;
- SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
- UCHAR TokenFlags;
- UCHAR TokenInUse;
- UCHAR Unused[2];
- PVOID ProxyData;
- PVOID AuditData;
- UCHAR VariablePart[0];
-} ACCESS_TOKEN, *PACCESS_TOKEN;
+ SECURITY_QUALITY_OF_SERVICE SecurityQos; /* 0x00 */
+ PACCESS_TOKEN Token; /* 0x0C */
+ BOOLEAN DirectlyAccessClientToken; /* 0x10 */
+ BOOLEAN DirectAccessEffectiveOnly; /* 0x11 */
+ BOOLEAN ServerIsRemote; /* 0x12 */
+ TOKEN_CONTROL ClientTokenControl; /* 0x14 */
+} SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
+
+
+typedef struct _SE_EXPORTS
+{
+ /* Privilege values */
+ LUID SeCreateTokenPrivilege;
+ LUID SeAssignPrimaryTokenPrivilege;
+ LUID SeLockMemoryPrivilege;
+ LUID SeIncreaseQuotaPrivilege;
+ LUID SeUnsolicitedInputPrivilege;
+ LUID SeTcbPrivilege;
+ LUID SeSecurityPrivilege;
+ LUID SeTakeOwnershipPrivilege;
+ LUID SeLoadDriverPrivilege;
+ LUID SeCreatePagefilePrivilege;
+ LUID SeIncreaseBasePriorityPrivilege;
+ LUID SeSystemProfilePrivilege;
+ LUID SeSystemtimePrivilege;
+ LUID SeProfileSingleProcessPrivilege;
+ LUID SeCreatePermanentPrivilege;
+ LUID SeBackupPrivilege;
+ LUID SeRestorePrivilege;
+ LUID SeShutdownPrivilege;
+ LUID SeDebugPrivilege;
+ LUID SeAuditPrivilege;
+ LUID SeSystemEnvironmentPrivilege;
+ LUID SeChangeNotifyPrivilege;
+ LUID SeRemoteShutdownPrivilege;
+
+ /* Universally defined SIDs */
+ PSID SeNullSid;
+ PSID SeWorldSid;
+ PSID SeLocalSid;
+ PSID SeCreatorOwnerSid;
+ PSID SeCreatorGroupSid;
+
+ /* Nt defined SIDs */
+ PSID SeNtAuthoritySid;
+ PSID SeDialupSid;
+ PSID SeNetworkSid;
+ PSID SeBatchSid;
+ PSID SeInteractiveSid;
+ PSID SeLocalSystemSid;
+ PSID SeAliasAdminsSid;
+ PSID SeAliasUsersSid;
+ PSID SeAliasGuestsSid;
+ PSID SeAliasPowerUsersSid;
+ PSID SeAliasAccountOpsSid;
+ PSID SeAliasSystemOpsSid;
+ PSID SeAliasPrintOpsSid;
+ PSID SeAliasBackupOpsSid;
+} SE_EXPORTS, *PSE_EXPORTS;
+
+
+typedef NTSTATUS STDCALL_FUNC
+(*PSE_LOGON_SESSION_TERMINATED_ROUTINE)(IN PLUID LogonId);
+
+
+typedef enum _SECURITY_OPERATION_CODE
+{
+ SetSecurityDescriptor,
+ QuerySecurityDescriptor,
+ DeleteSecurityDescriptor,
+ AssignSecurityDescriptor
+} SECURITY_OPERATION_CODE, *PSECURITY_OPERATION_CODE;
+
+typedef struct _ACCESS_STATE
+{
+ LUID OperationID;
+ BOOLEAN SecurityEvaluated;
+ BOOLEAN GenerateAudit;
+ BOOLEAN GenerateClose;
+ BOOLEAN PrivilegesAllocated;
+ ULONG Flags;
+ ACCESS_MASK RemainingDesiredAccess;
+ ACCESS_MASK PreviouslyGrantedAccess;
+ ACCESS_MASK OriginallyDesiredAccess;
+ SECURITY_SUBJECT_CONTEXT SubjectSecurityContext; /* 0x1C */
+ PSECURITY_DESCRIPTOR SecurityDescriptor; /* 0x2C */
+ PVOID AuxData; /* 0x30 */
+ union
+ {
+ INITIAL_PRIVILEGE_SET InitialPrivilegeSet;
+ PRIVILEGE_SET PrivilegeSet;
+ } Privileges;
+ BOOLEAN AuditPrivileges;
+ UNICODE_STRING ObjectName;
+ UNICODE_STRING ObjectTypeName;
+} ACCESS_STATE, *PACCESS_STATE;
#endif
+
+/* EOF */