/* Security descriptor control. */
#define SECURITY_DESCRIPTOR_REVISION (1)
#define SECURITY_DESCRIPTOR_MIN_LENGTH (20)
-#define SE_OWNER_DEFAULTED (1)
-#define SE_GROUP_DEFAULTED (2)
-#define SE_DACL_PRESENT (4)
-#define SE_DACL_DEFAULTED (8)
-#define SE_SACL_PRESENT (16)
-#define SE_SACL_DEFAULTED (32)
-#define SE_SELF_RELATIVE (32768)
+#define SE_OWNER_DEFAULTED (0x0001)
+#define SE_GROUP_DEFAULTED (0x0002)
+#define SE_DACL_PRESENT (0x0004)
+#define SE_DACL_DEFAULTED (0x0008)
+#define SE_SACL_PRESENT (0x0010)
+#define SE_SACL_DEFAULTED (0x0020)
+#define SE_RM_CONTROL_VALID (0x4000)
+#define SE_SELF_RELATIVE (0x8000)
#endif
+/* This is defined in the Win 32 API headers as something else: */
+#if defined(__NTOSKRNL__) || defined(__NTDRIVER__) || defined(__NTHAL__) || defined(__NTDLL__) || defined(__NTAPP__)
typedef ULONG ACCESS_MODE, *PACCESS_MODE;
+#endif
#if 0
typedef struct _ACE_HEADER
} ACE, *PACE;
#endif
+#ifdef __GNU__
typedef struct _SECURITY_DESCRIPTOR_CONTEXT
{
} SECURITY_DESCRIPTOR_CONTEXT, *PSECURITY_DESCRIPTOR_CONTEXT;
+#endif
#ifndef __USE_W32API
+#define SYSTEM_LUID { 0x3E7, 0x0 }
+#define ANONYMOUS_LOGON_LUID { 0x3e6, 0x0 }
+#define LOCALSERVICE_LUID { 0x3e5, 0x0 }
+#define NETWORKSERVICE_LUID { 0x3e4, 0x0 }
+
/* SID Auhority */
#define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
#define DOMAIN_ALIAS_RID_REPLICATOR (0x228L)
/* ACCESS_MASK */
-#define MAXIMUM_ALLOWED (0x2000000L)
-#define GENERIC_ALL (0x10000000L)
+/* Generic rights */
+#define GENERIC_READ (0x80000000L)
+#define GENERIC_WRITE (0x40000000L)
#define GENERIC_EXECUTE (0x20000000L)
-
-#define SECURITY_STATIC_TRACKING (0)
-#define SECURITY_DYNAMIC_TRACKING (1)
+#define GENERIC_ALL (0x10000000L)
+#define MAXIMUM_ALLOWED (0x02000000L)
+#define ACCESS_SYSTEM_SECURITY (0x01000000L)
/* Standard rights */
-#define STANDARD_RIGHTS_REQUIRED (0xf0000L)
-#define STANDARD_RIGHTS_WRITE (0x20000L)
-#define STANDARD_RIGHTS_READ (0x20000L)
-#define STANDARD_RIGHTS_EXECUTE (0x20000L)
-#define STANDARD_RIGHTS_ALL (0x1f0000L)
-#define SPECIFIC_RIGHTS_ALL (0xffffL)
+#define STANDARD_RIGHTS_REQUIRED (0x000f0000L)
+#define STANDARD_RIGHTS_WRITE (0x00020000L)
+#define STANDARD_RIGHTS_READ (0x00020000L)
+#define STANDARD_RIGHTS_EXECUTE (0x00020000L)
+#define STANDARD_RIGHTS_ALL (0x001f0000L)
+#define SPECIFIC_RIGHTS_ALL (0x0000ffffL)
/* Token rights */
#define TOKEN_ASSIGN_PRIMARY (0x0001L)
#define TOKEN_ADJUST_PRIVILEGES (0x0020L)
#define TOKEN_ADJUST_GROUPS (0x0040L)
#define TOKEN_ADJUST_DEFAULT (0x0080L)
+#define TOKEN_ADJUST_SESSIONID (0x0100L)
-#define TOKEN_ALL_ACCESS (0xf00ffL)
+#define TOKEN_ALL_ACCESS (0xf01ffL)
#define TOKEN_READ (0x20008L)
#define TOKEN_WRITE (0x200e0L)
#define TOKEN_EXECUTE (0x20000L)
-typedef BOOL SECURITY_CONTEXT_TRACKING_MODE;
+typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE, *PSECURITY_CONTEXT_TRACKING_MODE;
+
+#define SECURITY_STATIC_TRACKING (0)
+#define SECURITY_DYNAMIC_TRACKING (1)
typedef ULONG SECURITY_INFORMATION, *PSECURITY_INFORMATION;
+#define OWNER_SECURITY_INFORMATION (0x1L)
+#define GROUP_SECURITY_INFORMATION (0x2L)
+#define DACL_SECURITY_INFORMATION (0x4L)
+#define SACL_SECURITY_INFORMATION (0x8L)
+
typedef enum _TOKEN_INFORMATION_CLASS
{
TokenUser = 1,
TokenSource,
TokenType,
TokenImpersonationLevel,
- TokenStatistics
+ TokenStatistics,
+ TokenRestrictedSids,
+ TokenSessionId,
+ TokenGroupsAndPrivileges,
+ TokenSessionReference,
+ TokenSandBoxInert,
+ TokenAuditPolicy,
+ TokenOrigin
} TOKEN_INFORMATION_CLASS;
-typedef ULONG SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL;
-
-#define SecurityAnonymous ((SECURITY_IMPERSONATION_LEVEL)1)
-#define SecurityIdentification ((SECURITY_IMPERSONATION_LEVEL)2)
-#define SecurityImpersonation ((SECURITY_IMPERSONATION_LEVEL)3)
-#define SecurityDelegation ((SECURITY_IMPERSONATION_LEVEL)4)
+typedef enum _SECURITY_IMPERSONATION_LEVEL
+{
+ SecurityAnonymous,
+ SecurityIdentification,
+ SecurityImpersonation,
+ SecurityDelegation
+} SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL;
typedef ULONG ACCESS_MASK, *PACCESS_MASK;
typedef ULONG TOKEN_TYPE, *PTOKEN_TYPE;
UCHAR SubAuthorityCount;
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
ULONG SubAuthority[1];
-} SID, *PSID;
+} SID, *PISID;
+
+typedef PVOID PSID;
typedef struct _ACL
{
typedef USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
-typedef LARGE_INTEGER LUID, *PLUID;
+typedef struct _LUID
+{
+ ULONG LowPart;
+ LONG HighPart;
+} LUID, *PLUID;
typedef struct _SECURITY_DESCRIPTOR
{
PACL Dacl;
} SECURITY_DESCRIPTOR, *PSECURITY_DESCRIPTOR;
+typedef struct _SECURITY_DESCRIPTOR_RELATIVE
+{
+ UCHAR Revision;
+ UCHAR Sbz1;
+ SECURITY_DESCRIPTOR_CONTROL Control;
+ ULONG Owner;
+ ULONG Group;
+ ULONG Sacl;
+ ULONG Dacl;
+} SECURITY_DESCRIPTOR_RELATIVE, *PSECURITY_DESCRIPTOR_RELATIVE;
+
typedef struct _LUID_AND_ATTRIBUTES
{
LUID Luid;
- DWORD Attributes;
+ ULONG Attributes;
} LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
typedef struct _TOKEN_SOURCE
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
} TOKEN_GROUPS, *PTOKEN_GROUPS, *LPTOKEN_GROUPS;
+typedef struct _TOKEN_GROUPS_AND_PRIVILEGES
+{
+ ULONG SidCount;
+ ULONG SidLength;
+ PSID_AND_ATTRIBUTES Sids;
+ ULONG RestrictedSidCount;
+ ULONG RestrictedSidLength;
+ PSID_AND_ATTRIBUTES RestrictedSids;
+ ULONG PrivilegeCount;
+ ULONG PrivilegeLength;
+ PLUID_AND_ATTRIBUTES Privileges;
+ LUID AuthenticationId;
+} TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES;
+
typedef struct _TOKEN_PRIVILEGES
{
DWORD PrivilegeCount;
LUID ModifiedId;
} TOKEN_STATISTICS, *PTOKEN_STATISTICS;
+typedef struct _TOKEN_ORIGIN {
+ LUID OriginatingLogonSession;
+} TOKEN_ORIGIN, *PTOKEN_ORIGIN;
+
typedef struct _GENERIC_MAPPING
{
ACCESS_MASK GenericRead;
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY];
} PRIVILEGE_SET, *PPRIVILEGE_SET, *LPPRIVILEGE_SET;
+#define INITIAL_PRIVILEGE_COUNT 3
+
+typedef struct _INITIAL_PRIVILEGE_SET
+{
+ ULONG PrivilegeCount;
+ ULONG Control;
+ LUID_AND_ATTRIBUTES Privilege[INITIAL_PRIVILEGE_COUNT];
+} INITIAL_PRIVILEGE_SET, *PINITIAL_PRIVILEGE_SET;
+
typedef struct _SECURITY_ATTRIBUTES
{
DWORD nLength;