[XDK][PSDK][DDK] Share more Se types between winnt and ntddk/ntifs/wdm. Also add...
authorAmine Khaldi <amine.khaldi@reactos.org>
Sun, 7 Jun 2015 13:14:36 +0000 (13:14 +0000)
committerAmine Khaldi <amine.khaldi@reactos.org>
Sun, 7 Jun 2015 13:14:36 +0000 (13:14 +0000)
svn path=/trunk/; revision=68061

reactos/include/ddk/ntddk.h
reactos/include/ddk/ntifs.h
reactos/include/ddk/wdm.h
reactos/include/psdk/winnt.h
reactos/include/xdk/setypes.h
reactos/include/xdk/winnt_old.h

index 1632f88..1e7a48c 100644 (file)
@@ -2903,6 +2903,7 @@ typedef struct _RTL_DYNAMIC_HASH_TABLE {
  ******************************************************************************/
 #define SE_UNSOLICITED_INPUT_PRIVILEGE    6
 
+
 typedef enum _WELL_KNOWN_SID_TYPE {
   WinNullSid = 0,
   WinWorldSid = 1,
@@ -2989,6 +2990,7 @@ typedef enum _WELL_KNOWN_SID_TYPE {
   WinThisOrganizationCertificateSid = 82,
 } WELL_KNOWN_SID_TYPE;
 
+
 #if defined(_M_IX86)
 
 #define PAUSE_PROCESSOR YieldProcessor();
index a41205f..3de6e03 100644 (file)
@@ -86,7 +86,6 @@ typedef struct _SID {
 } SID, *PISID;
 #endif
 
-
 #define SID_REVISION                    1
 #define SID_MAX_SUB_AUTHORITIES         15
 #define SID_RECOMMENDED_SUB_AUTHORITIES 1
@@ -131,89 +130,99 @@ typedef struct _SID_AND_ATTRIBUTES_HASH {
 /* Universal well-known SIDs */
 
 #define SECURITY_NULL_SID_AUTHORITY         {0,0,0,0,0,0}
+
+/* S-1-1 */
 #define SECURITY_WORLD_SID_AUTHORITY        {0,0,0,0,0,1}
+
+/* S-1-2 */
 #define SECURITY_LOCAL_SID_AUTHORITY        {0,0,0,0,0,2}
+
+/* S-1-3 */
 #define SECURITY_CREATOR_SID_AUTHORITY      {0,0,0,0,0,3}
+
+/* S-1-4 */
 #define SECURITY_NON_UNIQUE_AUTHORITY       {0,0,0,0,0,4}
+
 #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
 
-#define SECURITY_NULL_RID                 (0x00000000L)
-#define SECURITY_WORLD_RID                (0x00000000L)
-#define SECURITY_LOCAL_RID                (0x00000000L)
-#define SECURITY_LOCAL_LOGON_RID          (0x00000001L)
+#define SECURITY_NULL_RID                   (0x00000000L)
+#define SECURITY_WORLD_RID                  (0x00000000L)
+#define SECURITY_LOCAL_RID                  (0x00000000L)
+#define SECURITY_LOCAL_LOGON_RID            (0x00000001L)
 
-#define SECURITY_CREATOR_OWNER_RID        (0x00000000L)
-#define SECURITY_CREATOR_GROUP_RID        (0x00000001L)
-#define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
-#define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
-#define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
+#define SECURITY_CREATOR_OWNER_RID          (0x00000000L)
+#define SECURITY_CREATOR_GROUP_RID          (0x00000001L)
+#define SECURITY_CREATOR_OWNER_SERVER_RID   (0x00000002L)
+#define SECURITY_CREATOR_GROUP_SERVER_RID   (0x00000003L)
+#define SECURITY_CREATOR_OWNER_RIGHTS_RID   (0x00000004L)
 
 /* NT well-known SIDs */
 
-#define SECURITY_NT_AUTHORITY           {0,0,0,0,0,5}
-
-#define SECURITY_DIALUP_RID             (0x00000001L)
-#define SECURITY_NETWORK_RID            (0x00000002L)
-#define SECURITY_BATCH_RID              (0x00000003L)
-#define SECURITY_INTERACTIVE_RID        (0x00000004L)
-#define SECURITY_LOGON_IDS_RID          (0x00000005L)
-#define SECURITY_LOGON_IDS_RID_COUNT    (3L)
-#define SECURITY_SERVICE_RID            (0x00000006L)
-#define SECURITY_ANONYMOUS_LOGON_RID    (0x00000007L)
-#define SECURITY_PROXY_RID              (0x00000008L)
-#define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
-#define SECURITY_SERVER_LOGON_RID       SECURITY_ENTERPRISE_CONTROLLERS_RID
-#define SECURITY_PRINCIPAL_SELF_RID     (0x0000000AL)
-#define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
-#define SECURITY_RESTRICTED_CODE_RID    (0x0000000CL)
-#define SECURITY_TERMINAL_SERVER_RID    (0x0000000DL)
-#define SECURITY_REMOTE_LOGON_RID       (0x0000000EL)
-#define SECURITY_THIS_ORGANIZATION_RID  (0x0000000FL)
-#define SECURITY_IUSER_RID              (0x00000011L)
-#define SECURITY_LOCAL_SYSTEM_RID       (0x00000012L)
-#define SECURITY_LOCAL_SERVICE_RID      (0x00000013L)
-#define SECURITY_NETWORK_SERVICE_RID    (0x00000014L)
-#define SECURITY_NT_NON_UNIQUE          (0x00000015L)
-#define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT  (3L)
+/* S-1-5 */
+#define SECURITY_NT_AUTHORITY               {0,0,0,0,0,5}
+
+#define SECURITY_DIALUP_RID                          (0x00000001L)
+#define SECURITY_NETWORK_RID                         (0x00000002L)
+#define SECURITY_BATCH_RID                           (0x00000003L)
+#define SECURITY_INTERACTIVE_RID                     (0x00000004L)
+#define SECURITY_LOGON_IDS_RID                       (0x00000005L)
+#define SECURITY_LOGON_IDS_RID_COUNT                 (3L)
+#define SECURITY_SERVICE_RID                         (0x00000006L)
+#define SECURITY_ANONYMOUS_LOGON_RID                 (0x00000007L)
+#define SECURITY_PROXY_RID                           (0x00000008L)
+#define SECURITY_ENTERPRISE_CONTROLLERS_RID          (0x00000009L)
+#define SECURITY_SERVER_LOGON_RID                    SECURITY_ENTERPRISE_CONTROLLERS_RID
+#define SECURITY_PRINCIPAL_SELF_RID                  (0x0000000AL)
+#define SECURITY_AUTHENTICATED_USER_RID              (0x0000000BL)
+#define SECURITY_RESTRICTED_CODE_RID                 (0x0000000CL)
+#define SECURITY_TERMINAL_SERVER_RID                 (0x0000000DL)
+#define SECURITY_REMOTE_LOGON_RID                    (0x0000000EL)
+#define SECURITY_THIS_ORGANIZATION_RID               (0x0000000FL)
+#define SECURITY_IUSER_RID                           (0x00000011L)
+#define SECURITY_LOCAL_SYSTEM_RID                    (0x00000012L)
+#define SECURITY_LOCAL_SERVICE_RID                   (0x00000013L)
+#define SECURITY_NETWORK_SERVICE_RID                 (0x00000014L)
+#define SECURITY_NT_NON_UNIQUE                       (0x00000015L)
+#define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT        (3L)
 #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
 
-#define SECURITY_BUILTIN_DOMAIN_RID     (0x00000020L)
+#define SECURITY_BUILTIN_DOMAIN_RID        (0x00000020L)
 #define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
 
 
-#define SECURITY_PACKAGE_BASE_RID       (0x00000040L)
-#define SECURITY_PACKAGE_RID_COUNT      (2L)
-#define SECURITY_PACKAGE_NTLM_RID       (0x0000000AL)
-#define SECURITY_PACKAGE_SCHANNEL_RID   (0x0000000EL)
-#define SECURITY_PACKAGE_DIGEST_RID     (0x00000015L)
-
-#define SECURITY_CRED_TYPE_BASE_RID             (0x00000041L)
-#define SECURITY_CRED_TYPE_RID_COUNT            (2L)
-#define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID    (0x00000001L)
-
-#define SECURITY_MIN_BASE_RID          (0x00000050L)
-#define SECURITY_SERVICE_ID_BASE_RID    (0x00000050L)
-#define SECURITY_SERVICE_ID_RID_COUNT   (6L)
-#define SECURITY_RESERVED_ID_BASE_RID   (0x00000051L)
-#define SECURITY_APPPOOL_ID_BASE_RID    (0x00000052L)
-#define SECURITY_APPPOOL_ID_RID_COUNT   (6L)
-#define SECURITY_VIRTUALSERVER_ID_BASE_RID    (0x00000053L)
-#define SECURITY_VIRTUALSERVER_ID_RID_COUNT   (6L)
-#define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID  (0x00000054L)
-#define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L)
+#define SECURITY_PACKAGE_BASE_RID     (0x00000040L)
+#define SECURITY_PACKAGE_RID_COUNT    (2L)
+#define SECURITY_PACKAGE_NTLM_RID     (0x0000000AL)
+#define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
+#define SECURITY_PACKAGE_DIGEST_RID   (0x00000015L)
+
+#define SECURITY_CRED_TYPE_BASE_RID          (0x00000041L)
+#define SECURITY_CRED_TYPE_RID_COUNT         (2L)
+#define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L)
+
+#define SECURITY_MIN_BASE_RID                               (0x00000050L)
+#define SECURITY_SERVICE_ID_BASE_RID                        (0x00000050L)
+#define SECURITY_SERVICE_ID_RID_COUNT                       (6L)
+#define SECURITY_RESERVED_ID_BASE_RID                       (0x00000051L)
+#define SECURITY_APPPOOL_ID_BASE_RID                        (0x00000052L)
+#define SECURITY_APPPOOL_ID_RID_COUNT                       (6L)
+#define SECURITY_VIRTUALSERVER_ID_BASE_RID                  (0x00000053L)
+#define SECURITY_VIRTUALSERVER_ID_RID_COUNT                 (6L)
+#define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID             (0x00000054L)
+#define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT            (6L)
 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID  (0x00000055L)
 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L)
-#define SECURITY_WMIHOST_ID_BASE_RID  (0x00000056L)
-#define SECURITY_WMIHOST_ID_RID_COUNT (6L)
-#define SECURITY_TASK_ID_BASE_RID                 (0x00000057L)
-#define SECURITY_NFS_ID_BASE_RID        (0x00000058L)
-#define SECURITY_COM_ID_BASE_RID        (0x00000059L)
-#define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT   (6L)
+#define SECURITY_WMIHOST_ID_BASE_RID                        (0x00000056L)
+#define SECURITY_WMIHOST_ID_RID_COUNT                       (6L)
+#define SECURITY_TASK_ID_BASE_RID                           (0x00000057L)
+#define SECURITY_NFS_ID_BASE_RID                            (0x00000058L)
+#define SECURITY_COM_ID_BASE_RID                            (0x00000059L)
+#define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT                (6L)
 
-#define SECURITY_MAX_BASE_RID          (0x0000006FL)
+#define SECURITY_MAX_BASE_RID (0x0000006FL)
 
-#define SECURITY_MAX_ALWAYS_FILTERED    (0x000003E7L)
-#define SECURITY_MIN_NEVER_FILTERED     (0x000003E8L)
+#define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
+#define SECURITY_MIN_NEVER_FILTERED  (0x000003E8L)
 
 #define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
 
@@ -223,15 +232,15 @@ typedef struct _SID_AND_ATTRIBUTES_HASH {
 
 #define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
 
-#define FOREST_USER_RID_MAX            (0x000001F3L)
+#define FOREST_USER_RID_MAX (0x000001F3L)
 
 /* Well-known users */
 
-#define DOMAIN_USER_RID_ADMIN          (0x000001F4L)
-#define DOMAIN_USER_RID_GUEST          (0x000001F5L)
-#define DOMAIN_USER_RID_KRBTGT         (0x000001F6L)
+#define DOMAIN_USER_RID_ADMIN  (0x000001F4L)
+#define DOMAIN_USER_RID_GUEST  (0x000001F5L)
+#define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
 
-#define DOMAIN_USER_RID_MAX            (0x000003E7L)
+#define DOMAIN_USER_RID_MAX (0x000003E7L)
 
 /* Well-known groups */
 
@@ -248,15 +257,15 @@ typedef struct _SID_AND_ATTRIBUTES_HASH {
 
 /* Well-known aliases */
 
-#define DOMAIN_ALIAS_RID_ADMINS                         (0x00000220L)
-#define DOMAIN_ALIAS_RID_USERS                          (0x00000221L)
-#define DOMAIN_ALIAS_RID_GUESTS                         (0x00000222L)
-#define DOMAIN_ALIAS_RID_POWER_USERS                    (0x00000223L)
+#define DOMAIN_ALIAS_RID_ADMINS      (0x00000220L)
+#define DOMAIN_ALIAS_RID_USERS       (0x00000221L)
+#define DOMAIN_ALIAS_RID_GUESTS      (0x00000222L)
+#define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
 
-#define DOMAIN_ALIAS_RID_ACCOUNT_OPS                    (0x00000224L)
-#define DOMAIN_ALIAS_RID_SYSTEM_OPS                     (0x00000225L)
-#define DOMAIN_ALIAS_RID_PRINT_OPS                      (0x00000226L)
-#define DOMAIN_ALIAS_RID_BACKUP_OPS                     (0x00000227L)
+#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
+#define DOMAIN_ALIAS_RID_SYSTEM_OPS  (0x00000225L)
+#define DOMAIN_ALIAS_RID_PRINT_OPS   (0x00000226L)
+#define DOMAIN_ALIAS_RID_BACKUP_OPS  (0x00000227L)
 
 #define DOMAIN_ALIAS_RID_REPLICATOR                     (0x00000228L)
 #define DOMAIN_ALIAS_RID_RAS_SERVERS                    (0x00000229L)
@@ -265,11 +274,12 @@ typedef struct _SID_AND_ATTRIBUTES_HASH {
 #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS      (0x0000022CL)
 #define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
 
-#define DOMAIN_ALIAS_RID_MONITORING_USERS               (0x0000022EL)
-#define DOMAIN_ALIAS_RID_LOGGING_USERS                  (0x0000022FL)
-#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS            (0x00000230L)
-#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS             (0x00000231L)
-#define DOMAIN_ALIAS_RID_DCOM_USERS                     (0x00000232L)
+#define DOMAIN_ALIAS_RID_MONITORING_USERS    (0x0000022EL)
+#define DOMAIN_ALIAS_RID_LOGGING_USERS       (0x0000022FL)
+#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
+#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS  (0x00000231L)
+#define DOMAIN_ALIAS_RID_DCOM_USERS          (0x00000232L)
+
 #define DOMAIN_ALIAS_RID_IUSERS                         (0x00000238L)
 #define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS               (0x00000239L)
 #define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP     (0x0000023BL)
@@ -277,29 +287,29 @@ typedef struct _SID_AND_ATTRIBUTES_HASH {
 #define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP        (0x0000023DL)
 #define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP      (0x0000023EL)
 
-#define SECURITY_MANDATORY_LABEL_AUTHORITY          {0,0,0,0,0,16}
-#define SECURITY_MANDATORY_UNTRUSTED_RID            (0x00000000L)
-#define SECURITY_MANDATORY_LOW_RID                  (0x00001000L)
-#define SECURITY_MANDATORY_MEDIUM_RID               (0x00002000L)
-#define SECURITY_MANDATORY_HIGH_RID                 (0x00003000L)
-#define SECURITY_MANDATORY_SYSTEM_RID               (0x00004000L)
-#define SECURITY_MANDATORY_PROTECTED_PROCESS_RID    (0x00005000L)
+#define SECURITY_MANDATORY_LABEL_AUTHORITY       {0,0,0,0,0,16}
+#define SECURITY_MANDATORY_UNTRUSTED_RID         (0x00000000L)
+#define SECURITY_MANDATORY_LOW_RID               (0x00001000L)
+#define SECURITY_MANDATORY_MEDIUM_RID            (0x00002000L)
+#define SECURITY_MANDATORY_HIGH_RID              (0x00003000L)
+#define SECURITY_MANDATORY_SYSTEM_RID            (0x00004000L)
+#define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
 
 /* SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that
    can be set by a usermode caller.*/
 
-#define SECURITY_MANDATORY_MAXIMUM_USER_RID   SECURITY_MANDATORY_SYSTEM_RID
+#define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
 
 #define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
 
 /* Allocate the System Luid.  The first 1000 LUIDs are reserved.
    Use #999 here (0x3e7 = 999) */
 
-#define SYSTEM_LUID                     {0x3e7, 0x0}
-#define ANONYMOUS_LOGON_LUID            {0x3e6, 0x0}
-#define LOCALSERVICE_LUID               {0x3e5, 0x0}
-#define NETWORKSERVICE_LUID             {0x3e4, 0x0}
-#define IUSER_LUID                      {0x3e3, 0x0}
+#define SYSTEM_LUID          {0x3e7, 0x0}
+#define ANONYMOUS_LOGON_LUID {0x3e6, 0x0}
+#define LOCALSERVICE_LUID    {0x3e5, 0x0}
+#define NETWORKSERVICE_LUID  {0x3e4, 0x0}
+#define IUSER_LUID           {0x3e3, 0x0}
 
 typedef struct _ACE_HEADER {
   UCHAR AceType;
@@ -307,7 +317,6 @@ typedef struct _ACE_HEADER {
   USHORT AceSize;
 } ACE_HEADER, *PACE_HEADER;
 
-/* also in winnt.h */
 #define ACCESS_MIN_MS_ACE_TYPE                  (0x0)
 #define ACCESS_ALLOWED_ACE_TYPE                 (0x0)
 #define ACCESS_DENIED_ACE_TYPE                  (0x1)
@@ -338,15 +347,15 @@ typedef struct _ACE_HEADER {
 /* The following are the inherit flags that go into the AceFlags field
    of an Ace header. */
 
-#define OBJECT_INHERIT_ACE                (0x1)
-#define CONTAINER_INHERIT_ACE             (0x2)
-#define NO_PROPAGATE_INHERIT_ACE          (0x4)
-#define INHERIT_ONLY_ACE                  (0x8)
-#define INHERITED_ACE                     (0x10)
-#define VALID_INHERIT_FLAGS               (0x1F)
+#define OBJECT_INHERIT_ACE       (0x1)
+#define CONTAINER_INHERIT_ACE    (0x2)
+#define NO_PROPAGATE_INHERIT_ACE (0x4)
+#define INHERIT_ONLY_ACE         (0x8)
+#define INHERITED_ACE            (0x10)
+#define VALID_INHERIT_FLAGS      (0x1F)
 
-#define SUCCESSFUL_ACCESS_ACE_FLAG        (0x40)
-#define FAILED_ACCESS_ACE_FLAG            (0x80)
+#define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
+#define FAILED_ACCESS_ACE_FLAG     (0x80)
 
 typedef struct _ACCESS_ALLOWED_ACE {
   ACE_HEADER Header;
@@ -378,33 +387,33 @@ typedef struct _SYSTEM_MANDATORY_LABEL_ACE {
   ULONG SidStart;
 } SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;
 
-#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP         0x1
-#define SYSTEM_MANDATORY_LABEL_NO_READ_UP          0x2
-#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP       0x4
-#define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP   | \
-                                           SYSTEM_MANDATORY_LABEL_NO_READ_UP    | \
-                                           SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
-
-#define SECURITY_DESCRIPTOR_MIN_LENGTH   (sizeof(SECURITY_DESCRIPTOR))
-
-typedef USHORT SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL;
-
-#define SE_OWNER_DEFAULTED              0x0001
-#define SE_GROUP_DEFAULTED              0x0002
-#define SE_DACL_PRESENT                 0x0004
-#define SE_DACL_DEFAULTED               0x0008
-#define SE_SACL_PRESENT                 0x0010
-#define SE_SACL_DEFAULTED               0x0020
-#define SE_DACL_UNTRUSTED               0x0040
-#define SE_SERVER_SECURITY              0x0080
-#define SE_DACL_AUTO_INHERIT_REQ        0x0100
-#define SE_SACL_AUTO_INHERIT_REQ        0x0200
-#define SE_DACL_AUTO_INHERITED          0x0400
-#define SE_SACL_AUTO_INHERITED          0x0800
-#define SE_DACL_PROTECTED               0x1000
-#define SE_SACL_PROTECTED               0x2000
-#define SE_RM_CONTROL_VALID             0x4000
-#define SE_SELF_RELATIVE                0x8000
+#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP   0x1
+#define SYSTEM_MANDATORY_LABEL_NO_READ_UP    0x2
+#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
+#define SYSTEM_MANDATORY_LABEL_VALID_MASK    (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \
+                                              SYSTEM_MANDATORY_LABEL_NO_READ_UP  | \
+                                              SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
+
+#define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
+
+typedef USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
+
+#define SE_OWNER_DEFAULTED       0x0001
+#define SE_GROUP_DEFAULTED       0x0002
+#define SE_DACL_PRESENT          0x0004
+#define SE_DACL_DEFAULTED        0x0008
+#define SE_SACL_PRESENT          0x0010
+#define SE_SACL_DEFAULTED        0x0020
+#define SE_DACL_UNTRUSTED        0x0040
+#define SE_SERVER_SECURITY       0x0080
+#define SE_DACL_AUTO_INHERIT_REQ 0x0100
+#define SE_SACL_AUTO_INHERIT_REQ 0x0200
+#define SE_DACL_AUTO_INHERITED   0x0400
+#define SE_SACL_AUTO_INHERITED   0x0800
+#define SE_DACL_PROTECTED        0x1000
+#define SE_SACL_PROTECTED        0x2000
+#define SE_RM_CONTROL_VALID      0x4000
+#define SE_SELF_RELATIVE         0x8000
 
 typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
   UCHAR Revision;
@@ -484,6 +493,7 @@ typedef struct _SE_SECURITY_DESCRIPTOR {
   PSECURITY_DESCRIPTOR SecurityDescriptor;
 } SE_SECURITY_DESCRIPTOR, *PSE_SECURITY_DESCRIPTOR;
 
+
 typedef struct _SE_ACCESS_REQUEST {
   ULONG Size;
   PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor;
index 01a320e..5b938b8 100644 (file)
@@ -2516,28 +2516,26 @@ typedef PVOID PSECURITY_DESCRIPTOR;
 typedef ULONG SECURITY_INFORMATION, *PSECURITY_INFORMATION;
 typedef ULONG ACCESS_MASK, *PACCESS_MASK;
 
-
 typedef PVOID PACCESS_TOKEN;
 typedef PVOID PSID;
 
-
-#define DELETE                           0x00010000L
-#define READ_CONTROL                     0x00020000L
-#define WRITE_DAC                        0x00040000L
-#define WRITE_OWNER                      0x00080000L
-#define SYNCHRONIZE                      0x00100000L
-#define STANDARD_RIGHTS_REQUIRED         0x000F0000L
-#define STANDARD_RIGHTS_READ             READ_CONTROL
-#define STANDARD_RIGHTS_WRITE            READ_CONTROL
-#define STANDARD_RIGHTS_EXECUTE          READ_CONTROL
-#define STANDARD_RIGHTS_ALL              0x001F0000L
-#define SPECIFIC_RIGHTS_ALL              0x0000FFFFL
-#define ACCESS_SYSTEM_SECURITY           0x01000000L
-#define MAXIMUM_ALLOWED                  0x02000000L
-#define GENERIC_READ                     0x80000000L
-#define GENERIC_WRITE                    0x40000000L
-#define GENERIC_EXECUTE                  0x20000000L
-#define GENERIC_ALL                      0x10000000L
+#define DELETE                   0x00010000L
+#define READ_CONTROL             0x00020000L
+#define WRITE_DAC                0x00040000L
+#define WRITE_OWNER              0x00080000L
+#define SYNCHRONIZE              0x00100000L
+#define STANDARD_RIGHTS_REQUIRED 0x000F0000L
+#define STANDARD_RIGHTS_READ     READ_CONTROL
+#define STANDARD_RIGHTS_WRITE    READ_CONTROL
+#define STANDARD_RIGHTS_EXECUTE  READ_CONTROL
+#define STANDARD_RIGHTS_ALL      0x001F0000L
+#define SPECIFIC_RIGHTS_ALL      0x0000FFFFL
+#define ACCESS_SYSTEM_SECURITY   0x01000000L
+#define MAXIMUM_ALLOWED          0x02000000L
+#define GENERIC_READ             0x80000000L
+#define GENERIC_WRITE            0x40000000L
+#define GENERIC_EXECUTE          0x20000000L
+#define GENERIC_ALL              0x10000000L
 
 typedef struct _GENERIC_MAPPING {
   ACCESS_MASK GenericRead;
@@ -2546,15 +2544,15 @@ typedef struct _GENERIC_MAPPING {
   ACCESS_MASK GenericAll;
 } GENERIC_MAPPING, *PGENERIC_MAPPING;
 
-#define ACL_REVISION                      2
-#define ACL_REVISION_DS                   4
+#define ACL_REVISION    2
+#define ACL_REVISION_DS 4
 
-#define ACL_REVISION1                     1
-#define ACL_REVISION2                     2
-#define ACL_REVISION3                     3
-#define ACL_REVISION4                     4
-#define MIN_ACL_REVISION                  ACL_REVISION2
-#define MAX_ACL_REVISION                  ACL_REVISION4
+#define ACL_REVISION1    1
+#define ACL_REVISION2    2
+#define ACL_REVISION3    3
+#define ACL_REVISION4    4
+#define MIN_ACL_REVISION ACL_REVISION2
+#define MAX_ACL_REVISION ACL_REVISION4
 
 typedef struct _ACL {
   UCHAR AclRevision;
@@ -2596,8 +2594,7 @@ typedef struct _PRIVILEGE_SET {
   ULONG PrivilegeCount;
   ULONG Control;
   LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY];
-} PRIVILEGE_SET,*PPRIVILEGE_SET;
-
+} PRIVILEGE_SET, *PPRIVILEGE_SET;
 
 typedef enum _SECURITY_IMPERSONATION_LEVEL {
   SecurityAnonymous,
@@ -2606,16 +2603,14 @@ typedef enum _SECURITY_IMPERSONATION_LEVEL {
   SecurityDelegation
 } SECURITY_IMPERSONATION_LEVEL, * PSECURITY_IMPERSONATION_LEVEL;
 
-
 #define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation
 #define SECURITY_MIN_IMPERSONATION_LEVEL SecurityAnonymous
-#define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation
+#define DEFAULT_IMPERSONATION_LEVEL      SecurityImpersonation
 #define VALID_IMPERSONATION_LEVEL(Level) (((Level) >= SECURITY_MIN_IMPERSONATION_LEVEL) && ((Level) <= SECURITY_MAX_IMPERSONATION_LEVEL))
 
 #define SECURITY_DYNAMIC_TRACKING (TRUE)
 #define SECURITY_STATIC_TRACKING (FALSE)
 
-
 typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE, *PSECURITY_CONTEXT_TRACKING_MODE;
 
 typedef struct _SECURITY_QUALITY_OF_SERVICE {
@@ -2633,16 +2628,17 @@ typedef struct _SE_IMPERSONATION_STATE {
 } SE_IMPERSONATION_STATE, *PSE_IMPERSONATION_STATE;
 
 
-#define OWNER_SECURITY_INFORMATION       (0x00000001L)
-#define GROUP_SECURITY_INFORMATION       (0x00000002L)
-#define DACL_SECURITY_INFORMATION        (0x00000004L)
-#define SACL_SECURITY_INFORMATION        (0x00000008L)
-#define LABEL_SECURITY_INFORMATION       (0x00000010L)
+#define OWNER_SECURITY_INFORMATION (0x00000001L)
+#define GROUP_SECURITY_INFORMATION (0x00000002L)
+#define DACL_SECURITY_INFORMATION  (0x00000004L)
+#define SACL_SECURITY_INFORMATION  (0x00000008L)
+#define LABEL_SECURITY_INFORMATION (0x00000010L)
+
+#define PROTECTED_DACL_SECURITY_INFORMATION   (0x80000000L)
+#define PROTECTED_SACL_SECURITY_INFORMATION   (0x40000000L)
+#define UNPROTECTED_DACL_SECURITY_INFORMATION (0x20000000L)
+#define UNPROTECTED_SACL_SECURITY_INFORMATION (0x10000000L)
 
-#define PROTECTED_DACL_SECURITY_INFORMATION     (0x80000000L)
-#define PROTECTED_SACL_SECURITY_INFORMATION     (0x40000000L)
-#define UNPROTECTED_DACL_SECURITY_INFORMATION   (0x20000000L)
-#define UNPROTECTED_SACL_SECURITY_INFORMATION   (0x10000000L)
 
 typedef enum _SECURITY_OPERATION_CODE {
   SetSecurityDescriptor,
index 8817a21..afacd3d 100644 (file)
@@ -2013,26 +2013,6 @@ _InterlockedBitTestAndComplement64(
 #define SYSTEM_AUDIT_ACE_TYPE           (0x2)
 #define SYSTEM_ALARM_ACE_TYPE           (0x3)
 /*end ntifs.h */
-#define OBJECT_INHERIT_ACE    1
-#define CONTAINER_INHERIT_ACE    2
-#define NO_PROPAGATE_INHERIT_ACE    4
-#define INHERIT_ONLY_ACE    8
-#define INHERITED_ACE    16
-#define VALID_INHERIT_FLAGS    0x1F
-#define SUCCESSFUL_ACCESS_ACE_FLAG    64
-#define FAILED_ACCESS_ACE_FLAG    128
-#define DELETE    0x00010000L
-#define READ_CONTROL    0x20000L
-#define WRITE_DAC    0x40000L
-#define WRITE_OWNER    0x80000L
-#define SYNCHRONIZE    0x100000L
-#define STANDARD_RIGHTS_REQUIRED    0xF0000
-#define STANDARD_RIGHTS_READ    0x20000
-#define STANDARD_RIGHTS_WRITE    0x20000
-#define STANDARD_RIGHTS_EXECUTE    0x20000
-#define STANDARD_RIGHTS_ALL    0x1F0000
-#define SPECIFIC_RIGHTS_ALL    0xFFFF
-#define ACCESS_SYSTEM_SECURITY    0x1000000
 
 #define REG_STANDARD_FORMAT 1
 #define REG_LATEST_FORMAT   2
@@ -2087,12 +2067,6 @@ _InterlockedBitTestAndComplement64(
 
 #endif /* WIN32_NO_STATUS */
 
-#define MAXIMUM_ALLOWED    0x2000000
-#define GENERIC_READ    0x80000000
-#define GENERIC_WRITE    0x40000000
-#define GENERIC_EXECUTE    0x20000000
-#define GENERIC_ALL    0x10000000
-
 #define INVALID_FILE_ATTRIBUTES    ((DWORD)-1)
 
 /* Also in ddk/winddk.h */
@@ -2270,204 +2244,6 @@ _InterlockedBitTestAndComplement64(
 #define PROCESS_SET_LIMITED_INFORMATION 0x2000
 #define THREAD_RESUME 0x1000
 
-/*
- * To prevent gcc compiler warnings, bracket these defines when initialising
- * a  SID_IDENTIFIER_AUTHORITY, eg.
- * SID_IDENTIFIER_AUTHORITY aNullSidAuthority = {SECURITY_NULL_SID_AUTHORITY};
- */
-#define SID_MAX_SUB_AUTHORITIES     15
-
-/* security entities */
-#define SECURITY_NULL_RID            (0x00000000L)
-#define SECURITY_WORLD_RID            (0x00000000L)
-#define SECURITY_LOCAL_RID            (0X00000000L)
-
-#define SECURITY_NULL_SID_AUTHORITY        {0,0,0,0,0,0}
-
-/* S-1-1 */
-#define SECURITY_WORLD_SID_AUTHORITY        {0,0,0,0,0,1}
-
-/* S-1-2 */
-#define SECURITY_LOCAL_SID_AUTHORITY        {0,0,0,0,0,2}
-
-/* S-1-3 */
-#define SECURITY_CREATOR_SID_AUTHORITY        {0,0,0,0,0,3}
-#define SECURITY_CREATOR_OWNER_RID        (0x00000000L)
-#define SECURITY_CREATOR_GROUP_RID        (0x00000001L)
-#define SECURITY_CREATOR_OWNER_SERVER_RID    (0x00000002L)
-#define SECURITY_CREATOR_GROUP_SERVER_RID    (0x00000003L)
-
-/* S-1-4 */
-#define SECURITY_NON_UNIQUE_AUTHORITY        {0,0,0,0,0,4}
-
-/* S-1-5 */
-#define SECURITY_NT_AUTHORITY            {0,0,0,0,0,5}
-#define SECURITY_DIALUP_RID                     0x00000001L
-#define SECURITY_NETWORK_RID                    0x00000002L
-#define SECURITY_BATCH_RID                      0x00000003L
-#define SECURITY_INTERACTIVE_RID                0x00000004L
-#define SECURITY_LOGON_IDS_RID                  0x00000005L
-#define SECURITY_SERVICE_RID                    0x00000006L
-#define SECURITY_ANONYMOUS_LOGON_RID            0x00000007L
-#define SECURITY_PROXY_RID                      0x00000008L
-#define SECURITY_ENTERPRISE_CONTROLLERS_RID     0x00000009L
-#define SECURITY_SERVER_LOGON_RID               SECURITY_ENTERPRISE_CONTROLLERS_RID
-#define SECURITY_PRINCIPAL_SELF_RID             0x0000000AL
-#define SECURITY_AUTHENTICATED_USER_RID         0x0000000BL
-#define SECURITY_RESTRICTED_CODE_RID            0x0000000CL
-#define SECURITY_TERMINAL_SERVER_RID            0x0000000DL
-#define SECURITY_REMOTE_LOGON_RID               0x0000000EL
-#define SECURITY_THIS_ORGANIZATION_RID          0x0000000FL
-#define SECURITY_LOCAL_SYSTEM_RID               0x00000012L
-#define SECURITY_LOCAL_SERVICE_RID              0x00000013L
-#define SECURITY_NETWORK_SERVICE_RID            0x00000014L
-#define SECURITY_NT_NON_UNIQUE                  0x00000015L
-#define SECURITY_BUILTIN_DOMAIN_RID             0x00000020L
-
-#define SECURITY_PACKAGE_BASE_RID               0x00000040L
-#define SECURITY_PACKAGE_NTLM_RID               0x0000000AL
-#define SECURITY_PACKAGE_SCHANNEL_RID           0x0000000EL
-#define SECURITY_PACKAGE_DIGEST_RID             0x00000015L
-#define SECURITY_OTHER_ORGANIZATION_RID         0x000003E8L
-
-#define SECURITY_LOGON_IDS_RID_COUNT 0x3
-#define SID_REVISION 1
-
-#define FOREST_USER_RID_MAX                     0x000001F3L
-#define DOMAIN_USER_RID_ADMIN                   0x000001F4L
-#define DOMAIN_USER_RID_GUEST                   0x000001F5L
-#define DOMAIN_USER_RID_KRBTGT                  0x000001F6L
-#define DOMAIN_USER_RID_MAX                     0x000003E7L
-
-#define DOMAIN_GROUP_RID_ADMINS                 0x00000200L
-#define DOMAIN_GROUP_RID_USERS                  0x00000201L
-#define DOMAIN_GROUP_RID_GUESTS                 0x00000202L
-#define DOMAIN_GROUP_RID_COMPUTERS              0x00000203L
-#define DOMAIN_GROUP_RID_CONTROLLERS            0x00000204L
-#define DOMAIN_GROUP_RID_CERT_ADMINS            0x00000205L
-#define DOMAIN_GROUP_RID_SCHEMA_ADMINS          0x00000206L
-#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS      0x00000207L
-#define DOMAIN_GROUP_RID_POLICY_ADMINS          0x00000208L
-
-#define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
-#define SECURITY_MANDATORY_UNTRUSTED_RID        0x00000000L
-#define SECURITY_MANDATORY_LOW_RID              0x00001000L
-#define SECURITY_MANDATORY_MEDIUM_RID           0x00002000L
-#define SECURITY_MANDATORY_HIGH_RID             0x00003000L
-#define SECURITY_MANDATORY_SYSTEM_RID           0x00004000L
-#define SECURITY_MANDATORY_PROTECTED_PROCESS_RID 0x00005000L
-
-#define DOMAIN_ALIAS_RID_ADMINS                 0x00000220L
-#define DOMAIN_ALIAS_RID_USERS                  0x00000221L
-#define DOMAIN_ALIAS_RID_GUESTS                 0x00000222L
-#define DOMAIN_ALIAS_RID_POWER_USERS            0x00000223L
-
-#define DOMAIN_ALIAS_RID_ACCOUNT_OPS            0x00000224L
-#define DOMAIN_ALIAS_RID_SYSTEM_OPS             0x00000225L
-#define DOMAIN_ALIAS_RID_PRINT_OPS              0x00000226L
-#define DOMAIN_ALIAS_RID_BACKUP_OPS             0x00000227L
-
-#define DOMAIN_ALIAS_RID_REPLICATOR             0x00000228L
-#define DOMAIN_ALIAS_RID_RAS_SERVERS            0x00000229L
-#define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS       0x0000022AL
-#define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS   0x0000022BL
-#define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS 0x0000022CL
-#define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS 0x0000022DL
-
-#define DOMAIN_ALIAS_RID_MONITORING_USERS       0x0000022EL
-#define DOMAIN_ALIAS_RID_LOGGING_USERS          0x0000022FL
-#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS    0x00000230L
-#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS     0x00000231L
-#define DOMAIN_ALIAS_RID_DCOM_USERS             0x00000232L
-
-#define SECURITY_MANDATORY_LABEL_AUTHORITY  {0,0,0,0,0,16}
-
-typedef enum {
-  WinNullSid = 0,
-  WinWorldSid = 1,
-  WinLocalSid = 2,
-  WinCreatorOwnerSid = 3,
-  WinCreatorGroupSid = 4,
-  WinCreatorOwnerServerSid = 5,
-  WinCreatorGroupServerSid = 6,
-  WinNtAuthoritySid = 7,
-  WinDialupSid = 8,
-  WinNetworkSid = 9,
-  WinBatchSid = 10,
-  WinInteractiveSid = 11,
-  WinServiceSid = 12,
-  WinAnonymousSid = 13,
-  WinProxySid = 14,
-  WinEnterpriseControllersSid = 15,
-  WinSelfSid = 16,
-  WinAuthenticatedUserSid = 17,
-  WinRestrictedCodeSid = 18,
-  WinTerminalServerSid = 19,
-  WinRemoteLogonIdSid = 20,
-  WinLogonIdsSid = 21,
-  WinLocalSystemSid = 22,
-  WinLocalServiceSid = 23,
-  WinNetworkServiceSid = 24,
-  WinBuiltinDomainSid = 25,
-  WinBuiltinAdministratorsSid = 26,
-  WinBuiltinUsersSid = 27,
-  WinBuiltinGuestsSid = 28,
-  WinBuiltinPowerUsersSid = 29,
-  WinBuiltinAccountOperatorsSid = 30,
-  WinBuiltinSystemOperatorsSid = 31,
-  WinBuiltinPrintOperatorsSid = 32,
-  WinBuiltinBackupOperatorsSid = 33,
-  WinBuiltinReplicatorSid = 34,
-  WinBuiltinPreWindows2000CompatibleAccessSid = 35,
-  WinBuiltinRemoteDesktopUsersSid = 36,
-  WinBuiltinNetworkConfigurationOperatorsSid = 37,
-  WinAccountAdministratorSid = 38,
-  WinAccountGuestSid = 39,
-  WinAccountKrbtgtSid = 40,
-  WinAccountDomainAdminsSid = 41,
-  WinAccountDomainUsersSid = 42,
-  WinAccountDomainGuestsSid = 43,
-  WinAccountComputersSid = 44,
-  WinAccountControllersSid = 45,
-  WinAccountCertAdminsSid = 46,
-  WinAccountSchemaAdminsSid = 47,
-  WinAccountEnterpriseAdminsSid = 48,
-  WinAccountPolicyAdminsSid = 49,
-  WinAccountRasAndIasServersSid = 50,
-  WinNTLMAuthenticationSid = 51,
-  WinDigestAuthenticationSid = 52,
-  WinSChannelAuthenticationSid = 53,
-  WinThisOrganizationSid = 54,
-  WinOtherOrganizationSid = 55,
-  WinBuiltinIncomingForestTrustBuildersSid = 56,
-  WinBuiltinPerfMonitoringUsersSid = 57,
-  WinBuiltinPerfLoggingUsersSid = 58,
-  WinBuiltinAuthorizationAccessSid = 59,
-  WinBuiltinTerminalServerLicenseServersSid = 60,
-  WinBuiltinDCOMUsersSid = 61,
-  WinBuiltinIUsersSid = 62,
-  WinIUserSid = 63,
-  WinBuiltinCryptoOperatorsSid = 64,
-  WinUntrustedLabelSid = 65,
-  WinLowLabelSid = 66,
-  WinMediumLabelSid = 67,
-  WinHighLabelSid = 68,
-  WinSystemLabelSid = 69,
-  WinWriteRestrictedCodeSid = 70,
-  WinCreatorOwnerRightsSid = 71,
-  WinCacheablePrincipalsGroupSid = 72,
-  WinNonCacheablePrincipalsGroupSid = 73,
-  WinEnterpriseReadonlyControllersSid = 74,
-  WinAccountReadonlyControllersSid = 75,
-  WinBuiltinEventLogReadersGroup = 76,
-  WinNewEnterpriseReadonlyControllersSid = 77,
-  WinBuiltinCertSvcDComAccessGroup = 78,
-  WinMediumPlusLabelSid = 79,
-  WinLocalLogonSid = 80,
-  WinConsoleLogonSid = 81,
-  WinThisOrganizationCertificateSid = 82,
-} WELL_KNOWN_SID_TYPE;
-
 #define SE_CREATE_TOKEN_NAME    TEXT("SeCreateTokenPrivilege")
 #define SE_ASSIGNPRIMARYTOKEN_NAME    TEXT("SeAssignPrimaryTokenPrivilege")
 #define SE_LOCK_MEMORY_NAME    TEXT("SeLockMemoryPrivilege")
@@ -2525,14 +2301,6 @@ typedef enum {
 #define LANG_MANX_GAELIC    0x94
 #define SUBLANG_PORTUGUESE_PORTUGAL   0x02
 
-#define ACL_REVISION    2
-#define ACL_REVISION_DS 4
-#define ACL_REVISION1 1
-#define ACL_REVISION2 2
-#define ACL_REVISION3 3
-#define ACL_REVISION4 4
-#define MIN_ACL_REVISION 2
-#define MAX_ACL_REVISION 4
 #define PROCESSOR_INTEL_386 386
 #define PROCESSOR_INTEL_486 486
 #define PROCESSOR_INTEL_PENTIUM 586
@@ -2658,14 +2426,6 @@ typedef enum {
 #define REG_OPTION_BACKUP_RESTORE    4
 #define REG_OPTION_OPEN_LINK    8
 #define REG_LEGAL_OPTION    15
-#define OWNER_SECURITY_INFORMATION 1
-#define GROUP_SECURITY_INFORMATION 2
-#define DACL_SECURITY_INFORMATION 4
-#define SACL_SECURITY_INFORMATION 8
-#define PROTECTED_DACL_SECURITY_INFORMATION     0x80000000
-#define PROTECTED_SACL_SECURITY_INFORMATION     0x40000000
-#define UNPROTECTED_DACL_SECURITY_INFORMATION   0x20000000
-#define UNPROTECTED_SACL_SECURITY_INFORMATION   0x10000000
 #define MAXIMUM_PROCESSORS 32
 #define PAGE_NOACCESS    0x0001
 #define PAGE_READONLY    0x0002
@@ -3071,33 +2831,7 @@ typedef enum {
 #define SERVICE_ERROR_NORMAL 1
 #define SERVICE_ERROR_SEVERE 2
 #define SERVICE_ERROR_CRITICAL 3
-#define SE_OWNER_DEFAULTED              0x0001
-#define SE_GROUP_DEFAULTED              0x0002
-#define SE_DACL_PRESENT                 0x0004
-#define SE_DACL_DEFAULTED               0x0008
-#define SE_SACL_PRESENT                 0x0010
-#define SE_SACL_DEFAULTED               0x0020
-#define SE_DACL_UNTRUSTED               0x0040
-#define SE_SERVER_SECURITY              0x0080
-#define SE_DACL_AUTO_INHERIT_REQ        0x0100
-#define SE_SACL_AUTO_INHERIT_REQ        0x0200
-#define SE_DACL_AUTO_INHERITED          0x0400
-#define SE_SACL_AUTO_INHERITED          0x0800
-#define SE_DACL_PROTECTED               0x1000
-#define SE_SACL_PROTECTED               0x2000
-#define SE_RM_CONTROL_VALID             0x4000
-#define SE_SELF_RELATIVE                0x8000
-#define SECURITY_DESCRIPTOR_MIN_LENGTH 20
-#define SECURITY_DESCRIPTOR_REVISION 1
-#define SECURITY_DESCRIPTOR_REVISION1 1
-#define SE_PRIVILEGE_ENABLED_BY_DEFAULT 1
-#define SE_PRIVILEGE_ENABLED 2
-#define SE_PRIVILEGE_USED_FOR_ACCESS 0x80000000
-#define PRIVILEGE_SET_ALL_NECESSARY 1
-#define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation
-#define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation
-#define SECURITY_DYNAMIC_TRACKING TRUE
-#define SECURITY_STATIC_TRACKING FALSE
+
 /* also in ddk/ntifs.h */
 #define TOKEN_ASSIGN_PRIMARY            (0x0001)
 #define TOKEN_DUPLICATE                 (0x0002)
@@ -3289,7 +3023,6 @@ typedef VOID (NTAPI *WORKERCALLBACKFUNC)(PVOID);
 #define IO_REPARSE_TAG_MOUNT_POINT 0xA0000003
 #define IO_REPARSE_TAG_SYMLINK 0xA000000CL
 #ifndef RC_INVOKED
-typedef DWORD ACCESS_MASK, *PACCESS_MASK;
 
 #ifdef _GUID_DEFINED
 # warning _GUID_DEFINED is deprecated, use GUID_DEFINED instead
@@ -3305,263 +3038,80 @@ typedef struct _GUID {
 } GUID, *REFGUID, *LPGUID;
 #endif /* GUID_DEFINED */
 
-#define SYSTEM_LUID { 0x3E7, 0x0 }
-
-/* ACE Access Types, also in ntifs.h */
-#define ACCESS_MIN_MS_ACE_TYPE                  (0x0)
-#define ACCESS_ALLOWED_ACE_TYPE                 (0x0)
-#define ACCESS_DENIED_ACE_TYPE                  (0x1)
-#define SYSTEM_AUDIT_ACE_TYPE                   (0x2)
-#define SYSTEM_ALARM_ACE_TYPE                   (0x3)
-#define ACCESS_MAX_MS_V2_ACE_TYPE               (0x3)
-#define ACCESS_ALLOWED_COMPOUND_ACE_TYPE        (0x4)
-#define ACCESS_MAX_MS_V3_ACE_TYPE               (0x4)
-#define ACCESS_MIN_MS_OBJECT_ACE_TYPE           (0x5)
-#define ACCESS_ALLOWED_OBJECT_ACE_TYPE          (0x5)
-#define ACCESS_DENIED_OBJECT_ACE_TYPE           (0x6)
-#define SYSTEM_AUDIT_OBJECT_ACE_TYPE            (0x7)
-#define SYSTEM_ALARM_OBJECT_ACE_TYPE            (0x8)
-#define ACCESS_MAX_MS_OBJECT_ACE_TYPE           (0x8)
-#define ACCESS_MAX_MS_V4_ACE_TYPE               (0x8)
-#define ACCESS_MAX_MS_ACE_TYPE                  (0x8)
-#define ACCESS_ALLOWED_CALLBACK_ACE_TYPE        (0x9)
-#define ACCESS_DENIED_CALLBACK_ACE_TYPE         (0xA)
-#define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
-#define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE  (0xC)
-#define SYSTEM_AUDIT_CALLBACK_ACE_TYPE          (0xD)
-#define SYSTEM_ALARM_CALLBACK_ACE_TYPE          (0xE)
-#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE   (0xF)
-#define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE   (0x10)
-#define SYSTEM_MANDATORY_LABEL_ACE_TYPE         (0x11)
-#define ACCESS_MAX_MS_V5_ACE_TYPE               (0x11)
-/* end ntifs.h */
-
-typedef struct _GENERIC_MAPPING {
-  ACCESS_MASK GenericRead;
-  ACCESS_MASK GenericWrite;
-  ACCESS_MASK GenericExecute;
-  ACCESS_MASK GenericAll;
-} GENERIC_MAPPING, *PGENERIC_MAPPING;
-
-typedef struct _ACE_HEADER {
-  BYTE AceType;
-  BYTE AceFlags;
-  WORD AceSize;
-} ACE_HEADER, *PACE_HEADER;
+typedef enum _ACL_INFORMATION_CLASS {
+  AclRevisionInformation = 1,
+  AclSizeInformation
+} ACL_INFORMATION_CLASS;
 
-typedef struct _ACCESS_ALLOWED_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD SidStart;
-} ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE;
+typedef struct _ACL_REVISION_INFORMATION {
+  DWORD AclRevision;
+} ACL_REVISION_INFORMATION, *PACL_REVISION_INFORMATION;
 
-typedef struct _ACCESS_DENIED_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD SidStart;
-} ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE;
+typedef struct _ACL_SIZE_INFORMATION {
+  DWORD AceCount;
+  DWORD AclBytesInUse;
+  DWORD AclBytesFree;
+} ACL_SIZE_INFORMATION, *PACL_SIZE_INFORMATION;
 
-typedef struct _SYSTEM_AUDIT_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD SidStart;
-} SYSTEM_AUDIT_ACE, *PSYSTEM_AUDIT_ACE;
+#ifndef _LDT_ENTRY_DEFINED
+#define _LDT_ENTRY_DEFINED
 
-typedef struct _SYSTEM_ALARM_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD SidStart;
-} SYSTEM_ALARM_ACE,*PSYSTEM_ALARM_ACE;
+typedef struct _LDT_ENTRY {
+  WORD LimitLow;
+  WORD BaseLow;
+  union {
+    struct {
+      BYTE BaseMid;
+      BYTE Flags1;
+      BYTE Flags2;
+      BYTE BaseHi;
+    } Bytes;
+    struct {
+      DWORD BaseMid:8;
+      DWORD Type:5;
+      DWORD Dpl:2;
+      DWORD Pres:1;
+      DWORD LimitHi:4;
+      DWORD Sys:1;
+      DWORD Reserved_0:1;
+      DWORD Default_Big:1;
+      DWORD Granularity:1;
+      DWORD BaseHi:8;
+    } Bits;
+  } HighWord;
+} LDT_ENTRY, *PLDT_ENTRY, *LPLDT_ENTRY;
 
-typedef struct _SYSTEM_MANDATORY_LABEL_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD SidStart;
-} SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;
+#endif /* _LDT_ENTRY_DEFINED */
 
-#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP  0x1
-#define SYSTEM_MANDATORY_LABEL_NO_READ_UP   0x2
-#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP    0x4
-#define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | SYSTEM_MANDATORY_LABEL_NO_READ_UP | SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
+/* FIXME: add more machines */
+#if defined(_X86_)
+#define SIZE_OF_80387_REGISTERS    80
+#define CONTEXT_i386    0x10000
+#define CONTEXT_i486    0x10000
+#define CONTEXT_CONTROL    (CONTEXT_i386|0x00000001L)
+#define CONTEXT_INTEGER    (CONTEXT_i386|0x00000002L)
+#define CONTEXT_SEGMENTS    (CONTEXT_i386|0x00000004L)
+#define CONTEXT_FLOATING_POINT    (CONTEXT_i386|0x00000008L)
+#define CONTEXT_DEBUG_REGISTERS    (CONTEXT_i386|0x00000010L)
+#define CONTEXT_EXTENDED_REGISTERS (CONTEXT_i386|0x00000020L)
+#define CONTEXT_FULL    (CONTEXT_CONTROL|CONTEXT_INTEGER|CONTEXT_SEGMENTS)
+#define MAXIMUM_SUPPORTED_EXTENSION  512
 
-typedef struct _ACCESS_ALLOWED_OBJECT_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD Flags;
-  GUID ObjectType;
-  GUID InheritedObjectType;
-  DWORD SidStart;
-} ACCESS_ALLOWED_OBJECT_ACE,*PACCESS_ALLOWED_OBJECT_ACE;
+#define EXCEPTION_READ_FAULT    0
+#define EXCEPTION_WRITE_FAULT   1
+#define EXCEPTION_EXECUTE_FAULT 8
 
-typedef struct _ACCESS_DENIED_OBJECT_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD Flags;
-  GUID ObjectType;
-  GUID InheritedObjectType;
-  DWORD SidStart;
-} ACCESS_DENIED_OBJECT_ACE,*PACCESS_DENIED_OBJECT_ACE;
-
-typedef struct _SYSTEM_AUDIT_OBJECT_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD Flags;
-  GUID ObjectType;
-  GUID InheritedObjectType;
-  DWORD SidStart;
-} SYSTEM_AUDIT_OBJECT_ACE,*PSYSTEM_AUDIT_OBJECT_ACE;
-
-typedef struct _SYSTEM_ALARM_OBJECT_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD Flags;
-  GUID ObjectType;
-  GUID InheritedObjectType;
-  DWORD SidStart;
-} SYSTEM_ALARM_OBJECT_ACE,*PSYSTEM_ALARM_OBJECT_ACE;
-
-typedef struct _ACCESS_ALLOWED_CALLBACK_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD SidStart;
-} ACCESS_ALLOWED_CALLBACK_ACE, *PACCESS_ALLOWED_CALLBACK_ACE;
-
-typedef struct _ACCESS_DENIED_CALLBACK_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD SidStart;
-} ACCESS_DENIED_CALLBACK_ACE, *PACCESS_DENIED_CALLBACK_ACE;
-
-typedef struct _SYSTEM_AUDIT_CALLBACK_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD SidStart;
-} SYSTEM_AUDIT_CALLBACK_ACE, *PSYSTEM_AUDIT_CALLBACK_ACE;
-
-typedef struct _SYSTEM_ALARM_CALLBACK_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD SidStart;
-} SYSTEM_ALARM_CALLBACK_ACE, *PSYSTEM_ALARM_CALLBACK_ACE;
-
-typedef struct _ACCESS_ALLOWED_CALLBACK_OBJECT_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD Flags;
-  GUID ObjectType;
-  GUID InheritedObjectType;
-  DWORD SidStart;
-} ACCESS_ALLOWED_CALLBACK_OBJECT_ACE, *PACCESS_ALLOWED_CALLBACK_OBJECT_ACE;
-
-typedef struct _ACCESS_DENIED_CALLBACK_OBJECT_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD Flags;
-  GUID ObjectType;
-  GUID InheritedObjectType;
-  DWORD SidStart;
-} ACCESS_DENIED_CALLBACK_OBJECT_ACE, *PACCESS_DENIED_CALLBACK_OBJECT_ACE;
-
-typedef struct _SYSTEM_AUDIT_CALLBACK_OBJECT_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD Flags;
-  GUID ObjectType;
-  GUID InheritedObjectType;
-  DWORD SidStart;
-} SYSTEM_AUDIT_CALLBACK_OBJECT_ACE, *PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE;
-
-typedef struct _SYSTEM_ALARM_CALLBACK_OBJECT_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD Flags;
-  GUID ObjectType;
-  GUID InheritedObjectType;
-  DWORD SidStart;
-} SYSTEM_ALARM_CALLBACK_OBJECT_ACE, *PSYSTEM_ALARM_CALLBACK_OBJECT_ACE;
-
-typedef struct _ACL {
-  BYTE AclRevision;
-  BYTE Sbz1;
-  WORD AclSize;
-  WORD AceCount;
-  WORD Sbz2;
-} ACL,*PACL;
-
-typedef enum _ACL_INFORMATION_CLASS {
-  AclRevisionInformation = 1,
-  AclSizeInformation
-} ACL_INFORMATION_CLASS;
-
-typedef struct _ACL_REVISION_INFORMATION {
-  DWORD AclRevision;
-} ACL_REVISION_INFORMATION, *PACL_REVISION_INFORMATION;
-
-typedef struct _ACL_SIZE_INFORMATION {
-  DWORD AceCount;
-  DWORD AclBytesInUse;
-  DWORD AclBytesFree;
-} ACL_SIZE_INFORMATION, *PACL_SIZE_INFORMATION;
-
-#ifndef _LDT_ENTRY_DEFINED
-#define _LDT_ENTRY_DEFINED
-
-typedef struct _LDT_ENTRY {
-  WORD LimitLow;
-  WORD BaseLow;
-  union {
-    struct {
-      BYTE BaseMid;
-      BYTE Flags1;
-      BYTE Flags2;
-      BYTE BaseHi;
-    } Bytes;
-    struct {
-      DWORD BaseMid:8;
-      DWORD Type:5;
-      DWORD Dpl:2;
-      DWORD Pres:1;
-      DWORD LimitHi:4;
-      DWORD Sys:1;
-      DWORD Reserved_0:1;
-      DWORD Default_Big:1;
-      DWORD Granularity:1;
-      DWORD BaseHi:8;
-    } Bits;
-  } HighWord;
-} LDT_ENTRY, *PLDT_ENTRY, *LPLDT_ENTRY;
-
-#endif /* _LDT_ENTRY_DEFINED */
-
-/* FIXME: add more machines */
-#if defined(_X86_)
-#define SIZE_OF_80387_REGISTERS    80
-#define CONTEXT_i386    0x10000
-#define CONTEXT_i486    0x10000
-#define CONTEXT_CONTROL    (CONTEXT_i386|0x00000001L)
-#define CONTEXT_INTEGER    (CONTEXT_i386|0x00000002L)
-#define CONTEXT_SEGMENTS    (CONTEXT_i386|0x00000004L)
-#define CONTEXT_FLOATING_POINT    (CONTEXT_i386|0x00000008L)
-#define CONTEXT_DEBUG_REGISTERS    (CONTEXT_i386|0x00000010L)
-#define CONTEXT_EXTENDED_REGISTERS (CONTEXT_i386|0x00000020L)
-#define CONTEXT_FULL    (CONTEXT_CONTROL|CONTEXT_INTEGER|CONTEXT_SEGMENTS)
-#define MAXIMUM_SUPPORTED_EXTENSION  512
-
-#define EXCEPTION_READ_FAULT    0
-#define EXCEPTION_WRITE_FAULT   1
-#define EXCEPTION_EXECUTE_FAULT 8
-
-typedef struct _FLOATING_SAVE_AREA {
-  DWORD ControlWord;
-  DWORD StatusWord;
-  DWORD TagWord;
-  DWORD ErrorOffset;
-  DWORD ErrorSelector;
-  DWORD DataOffset;
-  DWORD DataSelector;
-  BYTE RegisterArea[SIZE_OF_80387_REGISTERS];
-  DWORD Cr0NpxState;
-} FLOATING_SAVE_AREA, *PFLOATING_SAVE_AREA;
+typedef struct _FLOATING_SAVE_AREA {
+  DWORD ControlWord;
+  DWORD StatusWord;
+  DWORD TagWord;
+  DWORD ErrorOffset;
+  DWORD ErrorSelector;
+  DWORD DataOffset;
+  DWORD DataSelector;
+  BYTE RegisterArea[SIZE_OF_80387_REGISTERS];
+  DWORD Cr0NpxState;
+} FLOATING_SAVE_AREA, *PFLOATING_SAVE_AREA;
 
 typedef struct _CONTEXT {
   DWORD ContextFlags;
@@ -4415,117 +3965,782 @@ typedef struct _EXCEPTION_RECORD {
   ULONG_PTR ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS];
 } EXCEPTION_RECORD, *PEXCEPTION_RECORD;
 
-typedef struct _EXCEPTION_RECORD32 {
-  DWORD ExceptionCode;
-  DWORD ExceptionFlags;
-  DWORD ExceptionRecord;
-  DWORD ExceptionAddress;
-  DWORD NumberParameters;
-  DWORD ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS];
-} EXCEPTION_RECORD32,*PEXCEPTION_RECORD32;
+typedef struct _EXCEPTION_RECORD32 {
+  DWORD ExceptionCode;
+  DWORD ExceptionFlags;
+  DWORD ExceptionRecord;
+  DWORD ExceptionAddress;
+  DWORD NumberParameters;
+  DWORD ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS];
+} EXCEPTION_RECORD32,*PEXCEPTION_RECORD32;
+
+typedef struct _EXCEPTION_RECORD64 {
+  DWORD ExceptionCode;
+  DWORD ExceptionFlags;
+  DWORD64 ExceptionRecord;
+  DWORD64 ExceptionAddress;
+  DWORD NumberParameters;
+  DWORD __unusedAlignment;
+  DWORD64 ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS];
+} EXCEPTION_RECORD64,*PEXCEPTION_RECORD64;
+
+typedef struct _EXCEPTION_POINTERS {
+  PEXCEPTION_RECORD ExceptionRecord;
+  PCONTEXT ContextRecord;
+} EXCEPTION_POINTERS,*PEXCEPTION_POINTERS, *LPEXCEPTION_POINTERS;
+
+typedef struct _SECURITY_ATTRIBUTES {
+    DWORD nLength;
+    LPVOID lpSecurityDescriptor;
+    BOOL bInheritHandle;
+} SECURITY_ATTRIBUTES, *PSECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES;
+
+#define SECURITY_MIN_SID_SIZE (sizeof(SID))
+
+/******************************************************************************
+ *                            Security Manager Types                          *
+ ******************************************************************************/
+
+/* Simple types */
+typedef PVOID PSECURITY_DESCRIPTOR;
+typedef DWORD SECURITY_INFORMATION, *PSECURITY_INFORMATION;
+typedef DWORD ACCESS_MASK, *PACCESS_MASK;
+
+typedef PVOID PACCESS_TOKEN;
+typedef PVOID PSID;
+
+#define DELETE                   0x00010000L
+#define READ_CONTROL             0x00020000L
+#define WRITE_DAC                0x00040000L
+#define WRITE_OWNER              0x00080000L
+#define SYNCHRONIZE              0x00100000L
+#define STANDARD_RIGHTS_REQUIRED 0x000F0000L
+#define STANDARD_RIGHTS_READ     READ_CONTROL
+#define STANDARD_RIGHTS_WRITE    READ_CONTROL
+#define STANDARD_RIGHTS_EXECUTE  READ_CONTROL
+#define STANDARD_RIGHTS_ALL      0x001F0000L
+#define SPECIFIC_RIGHTS_ALL      0x0000FFFFL
+#define ACCESS_SYSTEM_SECURITY   0x01000000L
+#define MAXIMUM_ALLOWED          0x02000000L
+#define GENERIC_READ             0x80000000L
+#define GENERIC_WRITE            0x40000000L
+#define GENERIC_EXECUTE          0x20000000L
+#define GENERIC_ALL              0x10000000L
+
+typedef struct _GENERIC_MAPPING {
+  ACCESS_MASK GenericRead;
+  ACCESS_MASK GenericWrite;
+  ACCESS_MASK GenericExecute;
+  ACCESS_MASK GenericAll;
+} GENERIC_MAPPING, *PGENERIC_MAPPING;
+
+#define ACL_REVISION    2
+#define ACL_REVISION_DS 4
+
+#define ACL_REVISION1    1
+#define ACL_REVISION2    2
+#define ACL_REVISION3    3
+#define ACL_REVISION4    4
+#define MIN_ACL_REVISION ACL_REVISION2
+#define MAX_ACL_REVISION ACL_REVISION4
+
+typedef struct _ACL {
+  BYTE AclRevision;
+  BYTE Sbz1;
+  WORD AclSize;
+  WORD AceCount;
+  WORD Sbz2;
+} ACL, *PACL;
+
+/* Current security descriptor revision value */
+#define SECURITY_DESCRIPTOR_REVISION     (1)
+#define SECURITY_DESCRIPTOR_REVISION1    (1)
+
+/* Privilege attributes */
+#define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x00000001L)
+#define SE_PRIVILEGE_ENABLED            (0x00000002L)
+#define SE_PRIVILEGE_REMOVED            (0X00000004L)
+#define SE_PRIVILEGE_USED_FOR_ACCESS    (0x80000000L)
+
+#define SE_PRIVILEGE_VALID_ATTRIBUTES   (SE_PRIVILEGE_ENABLED_BY_DEFAULT | \
+                                         SE_PRIVILEGE_ENABLED            | \
+                                         SE_PRIVILEGE_REMOVED            | \
+                                         SE_PRIVILEGE_USED_FOR_ACCESS)
+
+#include <pshpack4.h>
+typedef struct _LUID_AND_ATTRIBUTES {
+  LUID Luid;
+  DWORD Attributes;
+} LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
+#include <poppack.h>
+
+typedef LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
+typedef LUID_AND_ATTRIBUTES_ARRAY *PLUID_AND_ATTRIBUTES_ARRAY;
+
+/* Privilege sets */
+#define PRIVILEGE_SET_ALL_NECESSARY (1)
+
+typedef struct _PRIVILEGE_SET {
+  DWORD PrivilegeCount;
+  DWORD Control;
+  LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY];
+} PRIVILEGE_SET, *PPRIVILEGE_SET;
+
+typedef enum _SECURITY_IMPERSONATION_LEVEL {
+  SecurityAnonymous,
+  SecurityIdentification,
+  SecurityImpersonation,
+  SecurityDelegation
+} SECURITY_IMPERSONATION_LEVEL, * PSECURITY_IMPERSONATION_LEVEL;
+
+#define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation
+#define SECURITY_MIN_IMPERSONATION_LEVEL SecurityAnonymous
+#define DEFAULT_IMPERSONATION_LEVEL      SecurityImpersonation
+#define VALID_IMPERSONATION_LEVEL(Level) (((Level) >= SECURITY_MIN_IMPERSONATION_LEVEL) && ((Level) <= SECURITY_MAX_IMPERSONATION_LEVEL))
+
+#define SECURITY_DYNAMIC_TRACKING (TRUE)
+#define SECURITY_STATIC_TRACKING (FALSE)
+
+typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE, *PSECURITY_CONTEXT_TRACKING_MODE;
+
+typedef struct _SECURITY_QUALITY_OF_SERVICE {
+  DWORD Length;
+  SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
+  SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode;
+  BOOLEAN EffectiveOnly;
+} SECURITY_QUALITY_OF_SERVICE, *PSECURITY_QUALITY_OF_SERVICE;
+
+typedef struct _SE_IMPERSONATION_STATE {
+  PACCESS_TOKEN Token;
+  BOOLEAN CopyOnOpen;
+  BOOLEAN EffectiveOnly;
+  SECURITY_IMPERSONATION_LEVEL Level;
+} SE_IMPERSONATION_STATE, *PSE_IMPERSONATION_STATE;
+
+
+#define OWNER_SECURITY_INFORMATION (0x00000001L)
+#define GROUP_SECURITY_INFORMATION (0x00000002L)
+#define DACL_SECURITY_INFORMATION  (0x00000004L)
+#define SACL_SECURITY_INFORMATION  (0x00000008L)
+#define LABEL_SECURITY_INFORMATION (0x00000010L)
+
+#define PROTECTED_DACL_SECURITY_INFORMATION   (0x80000000L)
+#define PROTECTED_SACL_SECURITY_INFORMATION   (0x40000000L)
+#define UNPROTECTED_DACL_SECURITY_INFORMATION (0x20000000L)
+#define UNPROTECTED_SACL_SECURITY_INFORMATION (0x10000000L)
+
+
+typedef enum _WELL_KNOWN_SID_TYPE {
+  WinNullSid = 0,
+  WinWorldSid = 1,
+  WinLocalSid = 2,
+  WinCreatorOwnerSid = 3,
+  WinCreatorGroupSid = 4,
+  WinCreatorOwnerServerSid = 5,
+  WinCreatorGroupServerSid = 6,
+  WinNtAuthoritySid = 7,
+  WinDialupSid = 8,
+  WinNetworkSid = 9,
+  WinBatchSid = 10,
+  WinInteractiveSid = 11,
+  WinServiceSid = 12,
+  WinAnonymousSid = 13,
+  WinProxySid = 14,
+  WinEnterpriseControllersSid = 15,
+  WinSelfSid = 16,
+  WinAuthenticatedUserSid = 17,
+  WinRestrictedCodeSid = 18,
+  WinTerminalServerSid = 19,
+  WinRemoteLogonIdSid = 20,
+  WinLogonIdsSid = 21,
+  WinLocalSystemSid = 22,
+  WinLocalServiceSid = 23,
+  WinNetworkServiceSid = 24,
+  WinBuiltinDomainSid = 25,
+  WinBuiltinAdministratorsSid = 26,
+  WinBuiltinUsersSid = 27,
+  WinBuiltinGuestsSid = 28,
+  WinBuiltinPowerUsersSid = 29,
+  WinBuiltinAccountOperatorsSid = 30,
+  WinBuiltinSystemOperatorsSid = 31,
+  WinBuiltinPrintOperatorsSid = 32,
+  WinBuiltinBackupOperatorsSid = 33,
+  WinBuiltinReplicatorSid = 34,
+  WinBuiltinPreWindows2000CompatibleAccessSid = 35,
+  WinBuiltinRemoteDesktopUsersSid = 36,
+  WinBuiltinNetworkConfigurationOperatorsSid = 37,
+  WinAccountAdministratorSid = 38,
+  WinAccountGuestSid = 39,
+  WinAccountKrbtgtSid = 40,
+  WinAccountDomainAdminsSid = 41,
+  WinAccountDomainUsersSid = 42,
+  WinAccountDomainGuestsSid = 43,
+  WinAccountComputersSid = 44,
+  WinAccountControllersSid = 45,
+  WinAccountCertAdminsSid = 46,
+  WinAccountSchemaAdminsSid = 47,
+  WinAccountEnterpriseAdminsSid = 48,
+  WinAccountPolicyAdminsSid = 49,
+  WinAccountRasAndIasServersSid = 50,
+  WinNTLMAuthenticationSid = 51,
+  WinDigestAuthenticationSid = 52,
+  WinSChannelAuthenticationSid = 53,
+  WinThisOrganizationSid = 54,
+  WinOtherOrganizationSid = 55,
+  WinBuiltinIncomingForestTrustBuildersSid = 56,
+  WinBuiltinPerfMonitoringUsersSid = 57,
+  WinBuiltinPerfLoggingUsersSid = 58,
+  WinBuiltinAuthorizationAccessSid = 59,
+  WinBuiltinTerminalServerLicenseServersSid = 60,
+  WinBuiltinDCOMUsersSid = 61,
+  WinBuiltinIUsersSid = 62,
+  WinIUserSid = 63,
+  WinBuiltinCryptoOperatorsSid = 64,
+  WinUntrustedLabelSid = 65,
+  WinLowLabelSid = 66,
+  WinMediumLabelSid = 67,
+  WinHighLabelSid = 68,
+  WinSystemLabelSid = 69,
+  WinWriteRestrictedCodeSid = 70,
+  WinCreatorOwnerRightsSid = 71,
+  WinCacheablePrincipalsGroupSid = 72,
+  WinNonCacheablePrincipalsGroupSid = 73,
+  WinEnterpriseReadonlyControllersSid = 74,
+  WinAccountReadonlyControllersSid = 75,
+  WinBuiltinEventLogReadersGroup = 76,
+  WinNewEnterpriseReadonlyControllersSid = 77,
+  WinBuiltinCertSvcDComAccessGroup = 78,
+  WinMediumPlusLabelSid = 79,
+  WinLocalLogonSid = 80,
+  WinConsoleLogonSid = 81,
+  WinThisOrganizationCertificateSid = 82,
+} WELL_KNOWN_SID_TYPE;
+
+
+#ifndef SID_IDENTIFIER_AUTHORITY_DEFINED
+#define SID_IDENTIFIER_AUTHORITY_DEFINED
+typedef struct _SID_IDENTIFIER_AUTHORITY {
+  BYTE Value[6];
+} SID_IDENTIFIER_AUTHORITY,*PSID_IDENTIFIER_AUTHORITY,*LPSID_IDENTIFIER_AUTHORITY;
+#endif
+
+#ifndef SID_DEFINED
+#define SID_DEFINED
+typedef struct _SID {
+  BYTE Revision;
+  BYTE SubAuthorityCount;
+  SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
+#ifdef MIDL_PASS
+  [size_is(SubAuthorityCount)] DWORD SubAuthority[*];
+#else
+  DWORD SubAuthority[ANYSIZE_ARRAY];
+#endif
+} SID, *PISID;
+#endif
+
+#define SID_REVISION                    1
+#define SID_MAX_SUB_AUTHORITIES         15
+#define SID_RECOMMENDED_SUB_AUTHORITIES 1
+
+#ifndef MIDL_PASS
+#define SECURITY_MAX_SID_SIZE (sizeof(SID) - sizeof(DWORD) + (SID_MAX_SUB_AUTHORITIES * sizeof(DWORD)))
+#endif
+
+typedef enum _SID_NAME_USE {
+  SidTypeUser = 1,
+  SidTypeGroup,
+  SidTypeDomain,
+  SidTypeAlias,
+  SidTypeWellKnownGroup,
+  SidTypeDeletedAccount,
+  SidTypeInvalid,
+  SidTypeUnknown,
+  SidTypeComputer,
+  SidTypeLabel
+} SID_NAME_USE, *PSID_NAME_USE;
+
+typedef struct _SID_AND_ATTRIBUTES {
+#ifdef MIDL_PASS
+  PISID Sid;
+#else
+  PSID Sid;
+#endif
+  DWORD Attributes;
+} SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
+typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
+typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
+
+#define SID_HASH_SIZE 32
+typedef ULONG_PTR SID_HASH_ENTRY, *PSID_HASH_ENTRY;
+
+typedef struct _SID_AND_ATTRIBUTES_HASH {
+  DWORD SidCount;
+  PSID_AND_ATTRIBUTES SidAttr;
+  SID_HASH_ENTRY Hash[SID_HASH_SIZE];
+} SID_AND_ATTRIBUTES_HASH, *PSID_AND_ATTRIBUTES_HASH;
+
+/* Universal well-known SIDs */
+
+#define SECURITY_NULL_SID_AUTHORITY         {0,0,0,0,0,0}
+
+/* S-1-1 */
+#define SECURITY_WORLD_SID_AUTHORITY        {0,0,0,0,0,1}
+
+/* S-1-2 */
+#define SECURITY_LOCAL_SID_AUTHORITY        {0,0,0,0,0,2}
+
+/* S-1-3 */
+#define SECURITY_CREATOR_SID_AUTHORITY      {0,0,0,0,0,3}
+
+/* S-1-4 */
+#define SECURITY_NON_UNIQUE_AUTHORITY       {0,0,0,0,0,4}
+
+#define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
+
+#define SECURITY_NULL_RID                   (0x00000000L)
+#define SECURITY_WORLD_RID                  (0x00000000L)
+#define SECURITY_LOCAL_RID                  (0x00000000L)
+#define SECURITY_LOCAL_LOGON_RID            (0x00000001L)
+
+#define SECURITY_CREATOR_OWNER_RID          (0x00000000L)
+#define SECURITY_CREATOR_GROUP_RID          (0x00000001L)
+#define SECURITY_CREATOR_OWNER_SERVER_RID   (0x00000002L)
+#define SECURITY_CREATOR_GROUP_SERVER_RID   (0x00000003L)
+#define SECURITY_CREATOR_OWNER_RIGHTS_RID   (0x00000004L)
+
+/* NT well-known SIDs */
+
+/* S-1-5 */
+#define SECURITY_NT_AUTHORITY               {0,0,0,0,0,5}
+
+#define SECURITY_DIALUP_RID                          (0x00000001L)
+#define SECURITY_NETWORK_RID                         (0x00000002L)
+#define SECURITY_BATCH_RID                           (0x00000003L)
+#define SECURITY_INTERACTIVE_RID                     (0x00000004L)
+#define SECURITY_LOGON_IDS_RID                       (0x00000005L)
+#define SECURITY_LOGON_IDS_RID_COUNT                 (3L)
+#define SECURITY_SERVICE_RID                         (0x00000006L)
+#define SECURITY_ANONYMOUS_LOGON_RID                 (0x00000007L)
+#define SECURITY_PROXY_RID                           (0x00000008L)
+#define SECURITY_ENTERPRISE_CONTROLLERS_RID          (0x00000009L)
+#define SECURITY_SERVER_LOGON_RID                    SECURITY_ENTERPRISE_CONTROLLERS_RID
+#define SECURITY_PRINCIPAL_SELF_RID                  (0x0000000AL)
+#define SECURITY_AUTHENTICATED_USER_RID              (0x0000000BL)
+#define SECURITY_RESTRICTED_CODE_RID                 (0x0000000CL)
+#define SECURITY_TERMINAL_SERVER_RID                 (0x0000000DL)
+#define SECURITY_REMOTE_LOGON_RID                    (0x0000000EL)
+#define SECURITY_THIS_ORGANIZATION_RID               (0x0000000FL)
+#define SECURITY_IUSER_RID                           (0x00000011L)
+#define SECURITY_LOCAL_SYSTEM_RID                    (0x00000012L)
+#define SECURITY_LOCAL_SERVICE_RID                   (0x00000013L)
+#define SECURITY_NETWORK_SERVICE_RID                 (0x00000014L)
+#define SECURITY_NT_NON_UNIQUE                       (0x00000015L)
+#define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT        (3L)
+#define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
+
+#define SECURITY_BUILTIN_DOMAIN_RID        (0x00000020L)
+#define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
+
+
+#define SECURITY_PACKAGE_BASE_RID     (0x00000040L)
+#define SECURITY_PACKAGE_RID_COUNT    (2L)
+#define SECURITY_PACKAGE_NTLM_RID     (0x0000000AL)
+#define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
+#define SECURITY_PACKAGE_DIGEST_RID   (0x00000015L)
+
+#define SECURITY_CRED_TYPE_BASE_RID          (0x00000041L)
+#define SECURITY_CRED_TYPE_RID_COUNT         (2L)
+#define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L)
+
+#define SECURITY_MIN_BASE_RID                               (0x00000050L)
+#define SECURITY_SERVICE_ID_BASE_RID                        (0x00000050L)
+#define SECURITY_SERVICE_ID_RID_COUNT                       (6L)
+#define SECURITY_RESERVED_ID_BASE_RID                       (0x00000051L)
+#define SECURITY_APPPOOL_ID_BASE_RID                        (0x00000052L)
+#define SECURITY_APPPOOL_ID_RID_COUNT                       (6L)
+#define SECURITY_VIRTUALSERVER_ID_BASE_RID                  (0x00000053L)
+#define SECURITY_VIRTUALSERVER_ID_RID_COUNT                 (6L)
+#define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID             (0x00000054L)
+#define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT            (6L)
+#define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID  (0x00000055L)
+#define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L)
+#define SECURITY_WMIHOST_ID_BASE_RID                        (0x00000056L)
+#define SECURITY_WMIHOST_ID_RID_COUNT                       (6L)
+#define SECURITY_TASK_ID_BASE_RID                           (0x00000057L)
+#define SECURITY_NFS_ID_BASE_RID                            (0x00000058L)
+#define SECURITY_COM_ID_BASE_RID                            (0x00000059L)
+#define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT                (6L)
+
+#define SECURITY_MAX_BASE_RID (0x0000006FL)
+
+#define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
+#define SECURITY_MIN_NEVER_FILTERED  (0x000003E8L)
+
+#define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
+
+#define SECURITY_WINDOWSMOBILE_ID_BASE_RID (0x00000070L)
+
+/* Well-known domain relative sub-authority values (RIDs) */
+
+#define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
+
+#define FOREST_USER_RID_MAX (0x000001F3L)
+
+/* Well-known users */
+
+#define DOMAIN_USER_RID_ADMIN  (0x000001F4L)
+#define DOMAIN_USER_RID_GUEST  (0x000001F5L)
+#define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
+
+#define DOMAIN_USER_RID_MAX (0x000003E7L)
+
+/* Well-known groups */
+
+#define DOMAIN_GROUP_RID_ADMINS               (0x00000200L)
+#define DOMAIN_GROUP_RID_USERS                (0x00000201L)
+#define DOMAIN_GROUP_RID_GUESTS               (0x00000202L)
+#define DOMAIN_GROUP_RID_COMPUTERS            (0x00000203L)
+#define DOMAIN_GROUP_RID_CONTROLLERS          (0x00000204L)
+#define DOMAIN_GROUP_RID_CERT_ADMINS          (0x00000205L)
+#define DOMAIN_GROUP_RID_SCHEMA_ADMINS        (0x00000206L)
+#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS    (0x00000207L)
+#define DOMAIN_GROUP_RID_POLICY_ADMINS        (0x00000208L)
+#define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L)
+
+/* Well-known aliases */
+
+#define DOMAIN_ALIAS_RID_ADMINS      (0x00000220L)
+#define DOMAIN_ALIAS_RID_USERS       (0x00000221L)
+#define DOMAIN_ALIAS_RID_GUESTS      (0x00000222L)
+#define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
+
+#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
+#define DOMAIN_ALIAS_RID_SYSTEM_OPS  (0x00000225L)
+#define DOMAIN_ALIAS_RID_PRINT_OPS   (0x00000226L)
+#define DOMAIN_ALIAS_RID_BACKUP_OPS  (0x00000227L)
+
+#define DOMAIN_ALIAS_RID_REPLICATOR                     (0x00000228L)
+#define DOMAIN_ALIAS_RID_RAS_SERVERS                    (0x00000229L)
+#define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS               (0x0000022AL)
+#define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS           (0x0000022BL)
+#define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS      (0x0000022CL)
+#define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
+
+#define DOMAIN_ALIAS_RID_MONITORING_USERS    (0x0000022EL)
+#define DOMAIN_ALIAS_RID_LOGGING_USERS       (0x0000022FL)
+#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
+#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS  (0x00000231L)
+#define DOMAIN_ALIAS_RID_DCOM_USERS          (0x00000232L)
+
+#define DOMAIN_ALIAS_RID_IUSERS                         (0x00000238L)
+#define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS               (0x00000239L)
+#define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP     (0x0000023BL)
+#define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL)
+#define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP        (0x0000023DL)
+#define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP      (0x0000023EL)
+
+#define SECURITY_MANDATORY_LABEL_AUTHORITY       {0,0,0,0,0,16}
+#define SECURITY_MANDATORY_UNTRUSTED_RID         (0x00000000L)
+#define SECURITY_MANDATORY_LOW_RID               (0x00001000L)
+#define SECURITY_MANDATORY_MEDIUM_RID            (0x00002000L)
+#define SECURITY_MANDATORY_HIGH_RID              (0x00003000L)
+#define SECURITY_MANDATORY_SYSTEM_RID            (0x00004000L)
+#define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
+
+/* SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that
+   can be set by a usermode caller.*/
+
+#define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
+
+#define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
+
+/* Allocate the System Luid.  The first 1000 LUIDs are reserved.
+   Use #999 here (0x3e7 = 999) */
+
+#define SYSTEM_LUID          {0x3e7, 0x0}
+#define ANONYMOUS_LOGON_LUID {0x3e6, 0x0}
+#define LOCALSERVICE_LUID    {0x3e5, 0x0}
+#define NETWORKSERVICE_LUID  {0x3e4, 0x0}
+#define IUSER_LUID           {0x3e3, 0x0}
+
+typedef struct _ACE_HEADER {
+  BYTE AceType;
+  BYTE AceFlags;
+  WORD AceSize;
+} ACE_HEADER, *PACE_HEADER;
+
+#define ACCESS_MIN_MS_ACE_TYPE                  (0x0)
+#define ACCESS_ALLOWED_ACE_TYPE                 (0x0)
+#define ACCESS_DENIED_ACE_TYPE                  (0x1)
+#define SYSTEM_AUDIT_ACE_TYPE                   (0x2)
+#define SYSTEM_ALARM_ACE_TYPE                   (0x3)
+#define ACCESS_MAX_MS_V2_ACE_TYPE               (0x3)
+#define ACCESS_ALLOWED_COMPOUND_ACE_TYPE        (0x4)
+#define ACCESS_MAX_MS_V3_ACE_TYPE               (0x4)
+#define ACCESS_MIN_MS_OBJECT_ACE_TYPE           (0x5)
+#define ACCESS_ALLOWED_OBJECT_ACE_TYPE          (0x5)
+#define ACCESS_DENIED_OBJECT_ACE_TYPE           (0x6)
+#define SYSTEM_AUDIT_OBJECT_ACE_TYPE            (0x7)
+#define SYSTEM_ALARM_OBJECT_ACE_TYPE            (0x8)
+#define ACCESS_MAX_MS_OBJECT_ACE_TYPE           (0x8)
+#define ACCESS_MAX_MS_V4_ACE_TYPE               (0x8)
+#define ACCESS_MAX_MS_ACE_TYPE                  (0x8)
+#define ACCESS_ALLOWED_CALLBACK_ACE_TYPE        (0x9)
+#define ACCESS_DENIED_CALLBACK_ACE_TYPE         (0xA)
+#define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
+#define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE  (0xC)
+#define SYSTEM_AUDIT_CALLBACK_ACE_TYPE          (0xD)
+#define SYSTEM_ALARM_CALLBACK_ACE_TYPE          (0xE)
+#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE   (0xF)
+#define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE   (0x10)
+#define ACCESS_MAX_MS_V5_ACE_TYPE               (0x11)
+#define SYSTEM_MANDATORY_LABEL_ACE_TYPE         (0x11)
+
+/* The following are the inherit flags that go into the AceFlags field
+   of an Ace header. */
+
+#define OBJECT_INHERIT_ACE       (0x1)
+#define CONTAINER_INHERIT_ACE    (0x2)
+#define NO_PROPAGATE_INHERIT_ACE (0x4)
+#define INHERIT_ONLY_ACE         (0x8)
+#define INHERITED_ACE            (0x10)
+#define VALID_INHERIT_FLAGS      (0x1F)
+
+#define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
+#define FAILED_ACCESS_ACE_FLAG     (0x80)
+
+typedef struct _ACCESS_ALLOWED_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD SidStart;
+} ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE;
+
+typedef struct _ACCESS_DENIED_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD SidStart;
+} ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE;
+
+typedef struct _SYSTEM_AUDIT_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD SidStart;
+} SYSTEM_AUDIT_ACE, *PSYSTEM_AUDIT_ACE;
+
+typedef struct _SYSTEM_ALARM_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD SidStart;
+} SYSTEM_ALARM_ACE, *PSYSTEM_ALARM_ACE;
 
-typedef struct _EXCEPTION_RECORD64 {
-  DWORD ExceptionCode;
-  DWORD ExceptionFlags;
-  DWORD64 ExceptionRecord;
-  DWORD64 ExceptionAddress;
-  DWORD NumberParameters;
-  DWORD __unusedAlignment;
-  DWORD64 ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS];
-} EXCEPTION_RECORD64,*PEXCEPTION_RECORD64;
+typedef struct _SYSTEM_MANDATORY_LABEL_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD SidStart;
+} SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;
 
-typedef struct _EXCEPTION_POINTERS {
-  PEXCEPTION_RECORD ExceptionRecord;
-  PCONTEXT ContextRecord;
-} EXCEPTION_POINTERS,*PEXCEPTION_POINTERS, *LPEXCEPTION_POINTERS;
+#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP   0x1
+#define SYSTEM_MANDATORY_LABEL_NO_READ_UP    0x2
+#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
+#define SYSTEM_MANDATORY_LABEL_VALID_MASK    (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \
+                                              SYSTEM_MANDATORY_LABEL_NO_READ_UP  | \
+                                              SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
+
+#define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
+
+typedef WORD SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
+
+#define SE_OWNER_DEFAULTED       0x0001
+#define SE_GROUP_DEFAULTED       0x0002
+#define SE_DACL_PRESENT          0x0004
+#define SE_DACL_DEFAULTED        0x0008
+#define SE_SACL_PRESENT          0x0010
+#define SE_SACL_DEFAULTED        0x0020
+#define SE_DACL_UNTRUSTED        0x0040
+#define SE_SERVER_SECURITY       0x0080
+#define SE_DACL_AUTO_INHERIT_REQ 0x0100
+#define SE_SACL_AUTO_INHERIT_REQ 0x0200
+#define SE_DACL_AUTO_INHERITED   0x0400
+#define SE_SACL_AUTO_INHERITED   0x0800
+#define SE_DACL_PROTECTED        0x1000
+#define SE_SACL_PROTECTED        0x2000
+#define SE_RM_CONTROL_VALID      0x4000
+#define SE_SELF_RELATIVE         0x8000
 
-#include <pshpack4.h>
+typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
+  BYTE Revision;
+  BYTE Sbz1;
+  SECURITY_DESCRIPTOR_CONTROL Control;
+  DWORD Owner;
+  DWORD Group;
+  DWORD Sacl;
+  DWORD Dacl;
+} SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
 
-typedef struct _LUID_AND_ATTRIBUTES {
-  LUID Luid;
-  DWORD Attributes;
-} LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
-typedef LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
-typedef LUID_AND_ATTRIBUTES_ARRAY *PLUID_AND_ATTRIBUTES_ARRAY;
+typedef struct _SECURITY_DESCRIPTOR {
+  BYTE Revision;
+  BYTE Sbz1;
+  SECURITY_DESCRIPTOR_CONTROL Control;
+  PSID Owner;
+  PSID Group;
+  PACL Sacl;
+  PACL Dacl;
+} SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
 
-#include <poppack.h>
+typedef struct _OBJECT_TYPE_LIST {
+  WORD Level;
+  WORD Sbz;
+  GUID *ObjectType;
+} OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST;
 
-typedef struct _PRIVILEGE_SET {
-  DWORD PrivilegeCount;
-  DWORD Control;
-  LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY];
-} PRIVILEGE_SET,*PPRIVILEGE_SET;
+#define ACCESS_OBJECT_GUID       0
+#define ACCESS_PROPERTY_SET_GUID 1
+#define ACCESS_PROPERTY_GUID     2
+#define ACCESS_MAX_LEVEL         4
 
-typedef struct _SECURITY_ATTRIBUTES {
-    DWORD nLength;
-    LPVOID lpSecurityDescriptor;
-    BOOL bInheritHandle;
-} SECURITY_ATTRIBUTES,*PSECURITY_ATTRIBUTES,*LPSECURITY_ATTRIBUTES;
+typedef enum _AUDIT_EVENT_TYPE {
+  AuditEventObjectAccess,
+  AuditEventDirectoryServiceAccess
+} AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
 
-/******************************************************************************
- *                            Security Manager Types                          *
- ******************************************************************************/
+#define AUDIT_ALLOW_NO_PRIVILEGE 0x1
+
+#define ACCESS_DS_SOURCE_A "DS"
+#define ACCESS_DS_SOURCE_W L"DS"
+#define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object"
+#define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object"
+
+#define ACCESS_REASON_TYPE_MASK 0xffff0000
+#define ACCESS_REASON_DATA_MASK 0x0000ffff
+
+typedef enum _ACCESS_REASON_TYPE {
+  AccessReasonNone = 0x00000000,
+  AccessReasonAllowedAce = 0x00010000,
+  AccessReasonDeniedAce = 0x00020000,
+  AccessReasonAllowedParentAce = 0x00030000,
+  AccessReasonDeniedParentAce = 0x00040000,
+  AccessReasonMissingPrivilege = 0x00100000,
+  AccessReasonFromPrivilege = 0x00200000,
+  AccessReasonIntegrityLevel = 0x00300000,
+  AccessReasonOwnership = 0x00400000,
+  AccessReasonNullDacl = 0x00500000,
+  AccessReasonEmptyDacl = 0x00600000,
+  AccessReasonNoSD = 0x00700000,
+  AccessReasonNoGrant = 0x00800000
+} ACCESS_REASON_TYPE;
+
+typedef DWORD ACCESS_REASON;
+
+typedef struct _ACCESS_REASONS {
+  ACCESS_REASON Data[32];
+} ACCESS_REASONS, *PACCESS_REASONS;
+
+#define SE_SECURITY_DESCRIPTOR_FLAG_NO_OWNER_ACE    0x00000001
+#define SE_SECURITY_DESCRIPTOR_FLAG_NO_LABEL_ACE    0x00000002
+#define SE_SECURITY_DESCRIPTOR_VALID_FLAGS          0x00000003
+
+typedef struct _SE_SECURITY_DESCRIPTOR {
+  DWORD Size;
+  DWORD Flags;
+  PSECURITY_DESCRIPTOR SecurityDescriptor;
+} SE_SECURITY_DESCRIPTOR, *PSE_SECURITY_DESCRIPTOR;
 
-typedef PVOID PACCESS_TOKEN;
-typedef PVOID PSID;
 
+typedef struct _ACCESS_ALLOWED_OBJECT_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD Flags;
+  GUID ObjectType;
+  GUID InheritedObjectType;
+  DWORD SidStart;
+} ACCESS_ALLOWED_OBJECT_ACE,*PACCESS_ALLOWED_OBJECT_ACE;
 
-typedef enum _SECURITY_IMPERSONATION_LEVEL {
-  SecurityAnonymous,
-  SecurityIdentification,
-  SecurityImpersonation,
-  SecurityDelegation
-} SECURITY_IMPERSONATION_LEVEL, * PSECURITY_IMPERSONATION_LEVEL;
+typedef struct _ACCESS_DENIED_OBJECT_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD Flags;
+  GUID ObjectType;
+  GUID InheritedObjectType;
+  DWORD SidStart;
+} ACCESS_DENIED_OBJECT_ACE,*PACCESS_DENIED_OBJECT_ACE;
 
+typedef struct _SYSTEM_AUDIT_OBJECT_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD Flags;
+  GUID ObjectType;
+  GUID InheritedObjectType;
+  DWORD SidStart;
+} SYSTEM_AUDIT_OBJECT_ACE,*PSYSTEM_AUDIT_OBJECT_ACE;
 
-typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE, *PSECURITY_CONTEXT_TRACKING_MODE;
+typedef struct _SYSTEM_ALARM_OBJECT_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD Flags;
+  GUID ObjectType;
+  GUID InheritedObjectType;
+  DWORD SidStart;
+} SYSTEM_ALARM_OBJECT_ACE,*PSYSTEM_ALARM_OBJECT_ACE;
 
-typedef struct _SECURITY_QUALITY_OF_SERVICE {
-  DWORD Length;
-  SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
-  SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode;
-  BOOLEAN EffectiveOnly;
-} SECURITY_QUALITY_OF_SERVICE, *PSECURITY_QUALITY_OF_SERVICE;
+typedef struct _ACCESS_ALLOWED_CALLBACK_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD SidStart;
+} ACCESS_ALLOWED_CALLBACK_ACE, *PACCESS_ALLOWED_CALLBACK_ACE;
 
-typedef struct _SE_IMPERSONATION_STATE {
-  PACCESS_TOKEN Token;
-  BOOLEAN CopyOnOpen;
-  BOOLEAN EffectiveOnly;
-  SECURITY_IMPERSONATION_LEVEL Level;
-} SE_IMPERSONATION_STATE, *PSE_IMPERSONATION_STATE;
+typedef struct _ACCESS_DENIED_CALLBACK_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD SidStart;
+} ACCESS_DENIED_CALLBACK_ACE, *PACCESS_DENIED_CALLBACK_ACE;
 
+typedef struct _SYSTEM_AUDIT_CALLBACK_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD SidStart;
+} SYSTEM_AUDIT_CALLBACK_ACE, *PSYSTEM_AUDIT_CALLBACK_ACE;
 
-#ifndef SID_IDENTIFIER_AUTHORITY_DEFINED
-#define SID_IDENTIFIER_AUTHORITY_DEFINED
-typedef struct _SID_IDENTIFIER_AUTHORITY {
-  BYTE Value[6];
-} SID_IDENTIFIER_AUTHORITY,*PSID_IDENTIFIER_AUTHORITY,*LPSID_IDENTIFIER_AUTHORITY;
-#endif
+typedef struct _SYSTEM_ALARM_CALLBACK_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD SidStart;
+} SYSTEM_ALARM_CALLBACK_ACE, *PSYSTEM_ALARM_CALLBACK_ACE;
 
-#ifndef SID_DEFINED
-#define SID_DEFINED
-typedef struct _SID {
-  BYTE Revision;
-  BYTE SubAuthorityCount;
-  SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
-#ifdef MIDL_PASS
-  [size_is(SubAuthorityCount)] DWORD SubAuthority[*];
-#else
-  DWORD SubAuthority[ANYSIZE_ARRAY];
-#endif
-} SID, *PISID;
-#endif
+typedef struct _ACCESS_ALLOWED_CALLBACK_OBJECT_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD Flags;
+  GUID ObjectType;
+  GUID InheritedObjectType;
+  DWORD SidStart;
+} ACCESS_ALLOWED_CALLBACK_OBJECT_ACE, *PACCESS_ALLOWED_CALLBACK_OBJECT_ACE;
 
+typedef struct _ACCESS_DENIED_CALLBACK_OBJECT_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD Flags;
+  GUID ObjectType;
+  GUID InheritedObjectType;
+  DWORD SidStart;
+} ACCESS_DENIED_CALLBACK_OBJECT_ACE, *PACCESS_DENIED_CALLBACK_OBJECT_ACE;
 
-#define SECURITY_MIN_SID_SIZE (sizeof(SID))
-#define SECURITY_MAX_SID_SIZE (FIELD_OFFSET(SID, SubAuthority) + SID_MAX_SUB_AUTHORITIES * sizeof(DWORD))
+typedef struct _SYSTEM_AUDIT_CALLBACK_OBJECT_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD Flags;
+  GUID ObjectType;
+  GUID InheritedObjectType;
+  DWORD SidStart;
+} SYSTEM_AUDIT_CALLBACK_OBJECT_ACE, *PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE;
 
-typedef struct _SID_AND_ATTRIBUTES {
-  PSID Sid;
-  DWORD Attributes;
-} SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
-typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
-typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
+typedef struct _SYSTEM_ALARM_CALLBACK_OBJECT_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD Flags;
+  GUID ObjectType;
+  GUID InheritedObjectType;
+  DWORD SidStart;
+} SYSTEM_ALARM_CALLBACK_OBJECT_ACE, *PSYSTEM_ALARM_CALLBACK_OBJECT_ACE;
 
 typedef struct _TOKEN_SOURCE {
   CHAR SourceName[TOKEN_SOURCE_LENGTH];
@@ -4612,33 +4827,6 @@ typedef struct _TOKEN_USER {
   SID_AND_ATTRIBUTES User;
 } TOKEN_USER, *PTOKEN_USER;
 
-typedef DWORD SECURITY_INFORMATION,*PSECURITY_INFORMATION;
-typedef WORD SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL;
-
-#ifndef _SECURITY_ATTRIBUTES_
-#define _SECURITY_ATTRIBUTES_
-typedef struct _SECURITY_DESCRIPTOR {
-  BYTE Revision;
-  BYTE Sbz1;
-  SECURITY_DESCRIPTOR_CONTROL Control;
-  PSID Owner;
-  PSID Group;
-  PACL Sacl;
-  PACL Dacl;
-} SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
-typedef PVOID PSECURITY_DESCRIPTOR;
-#endif
-
-typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
-  BYTE Revision;
-  BYTE Sbz1;
-  SECURITY_DESCRIPTOR_CONTROL Control;
-  DWORD Owner;
-  DWORD Group;
-  DWORD Sacl;
-  DWORD Dacl;
-} SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
-
 typedef enum _TOKEN_INFORMATION_CLASS {
   TokenUser = 1,
   TokenGroups,
@@ -4671,19 +4859,6 @@ typedef enum _TOKEN_INFORMATION_CLASS {
   MaxTokenInfoClass
 } TOKEN_INFORMATION_CLASS;
 
-typedef enum _SID_NAME_USE {
-  SidTypeUser=1,
-  SidTypeGroup,
-  SidTypeDomain,
-  SidTypeAlias,
-  SidTypeWellKnownGroup,
-  SidTypeDeletedAccount,
-  SidTypeInvalid,
-  SidTypeUnknown,
-  SidTypeComputer,
-  SidTypeLabel
-} SID_NAME_USE,*PSID_NAME_USE;
-
 typedef struct _QUOTA_LIMITS {
   SIZE_T PagedPoolLimit;
   SIZE_T NonPagedPoolLimit;
@@ -6290,14 +6465,6 @@ typedef struct _SYSTEM_POWER_INFORMATION {
 } SYSTEM_POWER_INFORMATION,*PSYSTEM_POWER_INFORMATION;
 #endif
 
-#if (_WIN32_WINNT >= 0x0500)
-#define _AUDIT_EVENT_TYPE_HACK 1
-typedef enum _AUDIT_EVENT_TYPE {
-  AuditEventObjectAccess,
-  AuditEventDirectoryServiceAccess
-} AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
-#endif
-
 #if (_WIN32_WINNT >= 0x0501)
 
 typedef enum _ACTIVATION_CONTEXT_INFO_CLASS {
@@ -6517,12 +6684,6 @@ RtlSecureZeroMemory(_Out_writes_bytes_all_(Length) PVOID Buffer,
     return Buffer;
 }
 
-typedef struct _OBJECT_TYPE_LIST {
-  WORD Level;
-  WORD Sbz;
-  GUID *ObjectType;
-} OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST;
-
 #if defined(_M_IX86)
 FORCEINLINE struct _TEB * NtCurrentTeb(void)
 {
index c9b2dbe..26d9505 100644 (file)
@@ -1,39 +1,33 @@
 /******************************************************************************
  *                            Security Manager Types                          *
  ******************************************************************************/
-$if (_WDMDDK_)
+$if (_WDMDDK_ || _WINNT_)
 
 /* Simple types */
 typedef PVOID PSECURITY_DESCRIPTOR;
-typedef ULONG SECURITY_INFORMATION, *PSECURITY_INFORMATION;
-typedef ULONG ACCESS_MASK, *PACCESS_MASK;
-
-$endif (_WDMDDK_)
-$if (_WDMDDK_ || _WINNT_)
+typedef $ULONG SECURITY_INFORMATION, *PSECURITY_INFORMATION;
+typedef $ULONG ACCESS_MASK, *PACCESS_MASK;
 
 typedef PVOID PACCESS_TOKEN;
 typedef PVOID PSID;
 
-$endif (_WDMDDK_ || _WINNT_)
-$if (_WDMDDK_)
-
-#define DELETE                           0x00010000L
-#define READ_CONTROL                     0x00020000L
-#define WRITE_DAC                        0x00040000L
-#define WRITE_OWNER                      0x00080000L
-#define SYNCHRONIZE                      0x00100000L
-#define STANDARD_RIGHTS_REQUIRED         0x000F0000L
-#define STANDARD_RIGHTS_READ             READ_CONTROL
-#define STANDARD_RIGHTS_WRITE            READ_CONTROL
-#define STANDARD_RIGHTS_EXECUTE          READ_CONTROL
-#define STANDARD_RIGHTS_ALL              0x001F0000L
-#define SPECIFIC_RIGHTS_ALL              0x0000FFFFL
-#define ACCESS_SYSTEM_SECURITY           0x01000000L
-#define MAXIMUM_ALLOWED                  0x02000000L
-#define GENERIC_READ                     0x80000000L
-#define GENERIC_WRITE                    0x40000000L
-#define GENERIC_EXECUTE                  0x20000000L
-#define GENERIC_ALL                      0x10000000L
+#define DELETE                   0x00010000L
+#define READ_CONTROL             0x00020000L
+#define WRITE_DAC                0x00040000L
+#define WRITE_OWNER              0x00080000L
+#define SYNCHRONIZE              0x00100000L
+#define STANDARD_RIGHTS_REQUIRED 0x000F0000L
+#define STANDARD_RIGHTS_READ     READ_CONTROL
+#define STANDARD_RIGHTS_WRITE    READ_CONTROL
+#define STANDARD_RIGHTS_EXECUTE  READ_CONTROL
+#define STANDARD_RIGHTS_ALL      0x001F0000L
+#define SPECIFIC_RIGHTS_ALL      0x0000FFFFL
+#define ACCESS_SYSTEM_SECURITY   0x01000000L
+#define MAXIMUM_ALLOWED          0x02000000L
+#define GENERIC_READ             0x80000000L
+#define GENERIC_WRITE            0x40000000L
+#define GENERIC_EXECUTE          0x20000000L
+#define GENERIC_ALL              0x10000000L
 
 typedef struct _GENERIC_MAPPING {
   ACCESS_MASK GenericRead;
@@ -42,22 +36,22 @@ typedef struct _GENERIC_MAPPING {
   ACCESS_MASK GenericAll;
 } GENERIC_MAPPING, *PGENERIC_MAPPING;
 
-#define ACL_REVISION                      2
-#define ACL_REVISION_DS                   4
+#define ACL_REVISION    2
+#define ACL_REVISION_DS 4
 
-#define ACL_REVISION1                     1
-#define ACL_REVISION2                     2
-#define ACL_REVISION3                     3
-#define ACL_REVISION4                     4
-#define MIN_ACL_REVISION                  ACL_REVISION2
-#define MAX_ACL_REVISION                  ACL_REVISION4
+#define ACL_REVISION1    1
+#define ACL_REVISION2    2
+#define ACL_REVISION3    3
+#define ACL_REVISION4    4
+#define MIN_ACL_REVISION ACL_REVISION2
+#define MAX_ACL_REVISION ACL_REVISION4
 
 typedef struct _ACL {
-  UCHAR AclRevision;
-  UCHAR Sbz1;
-  USHORT AclSize;
-  USHORT AceCount;
-  USHORT Sbz2;
+  $UCHAR AclRevision;
+  $UCHAR Sbz1;
+  $USHORT AclSize;
+  $USHORT AceCount;
+  $USHORT Sbz2;
 } ACL, *PACL;
 
 /* Current security descriptor revision value */
@@ -78,7 +72,7 @@ typedef struct _ACL {
 #include <pshpack4.h>
 typedef struct _LUID_AND_ATTRIBUTES {
   LUID Luid;
-  ULONG Attributes;
+  $ULONG Attributes;
 } LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
 #include <poppack.h>
 
@@ -89,13 +83,10 @@ typedef LUID_AND_ATTRIBUTES_ARRAY *PLUID_AND_ATTRIBUTES_ARRAY;
 #define PRIVILEGE_SET_ALL_NECESSARY (1)
 
 typedef struct _PRIVILEGE_SET {
-  ULONG PrivilegeCount;
-  ULONG Control;
+  $ULONG PrivilegeCount;
+  $ULONG Control;
   LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY];
-} PRIVILEGE_SET,*PPRIVILEGE_SET;
-
-$endif(_WDMDDK_)
-$if(_WDMDDK_ || _WINNT_)
+} PRIVILEGE_SET, *PPRIVILEGE_SET;
 
 typedef enum _SECURITY_IMPERSONATION_LEVEL {
   SecurityAnonymous,
@@ -104,20 +95,14 @@ typedef enum _SECURITY_IMPERSONATION_LEVEL {
   SecurityDelegation
 } SECURITY_IMPERSONATION_LEVEL, * PSECURITY_IMPERSONATION_LEVEL;
 
-$endif (_WDMDDK_ || _WINNT_)
-$if (_WDMDDK_)
-
 #define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation
 #define SECURITY_MIN_IMPERSONATION_LEVEL SecurityAnonymous
-#define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation
+#define DEFAULT_IMPERSONATION_LEVEL      SecurityImpersonation
 #define VALID_IMPERSONATION_LEVEL(Level) (((Level) >= SECURITY_MIN_IMPERSONATION_LEVEL) && ((Level) <= SECURITY_MAX_IMPERSONATION_LEVEL))
 
 #define SECURITY_DYNAMIC_TRACKING (TRUE)
 #define SECURITY_STATIC_TRACKING (FALSE)
 
-$endif (_WDMDDK_)
-$if (_WDMDDK_ || _WINNT_)
-
 typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE, *PSECURITY_CONTEXT_TRACKING_MODE;
 
 typedef struct _SECURITY_QUALITY_OF_SERVICE {
@@ -134,19 +119,20 @@ typedef struct _SE_IMPERSONATION_STATE {
   SECURITY_IMPERSONATION_LEVEL Level;
 } SE_IMPERSONATION_STATE, *PSE_IMPERSONATION_STATE;
 
-$endif (_WDMDDK_ || _WINNT_)
-$if (_WDMDDK_)
 
-#define OWNER_SECURITY_INFORMATION       (0x00000001L)
-#define GROUP_SECURITY_INFORMATION       (0x00000002L)
-#define DACL_SECURITY_INFORMATION        (0x00000004L)
-#define SACL_SECURITY_INFORMATION        (0x00000008L)
-#define LABEL_SECURITY_INFORMATION       (0x00000010L)
+#define OWNER_SECURITY_INFORMATION (0x00000001L)
+#define GROUP_SECURITY_INFORMATION (0x00000002L)
+#define DACL_SECURITY_INFORMATION  (0x00000004L)
+#define SACL_SECURITY_INFORMATION  (0x00000008L)
+#define LABEL_SECURITY_INFORMATION (0x00000010L)
+
+#define PROTECTED_DACL_SECURITY_INFORMATION   (0x80000000L)
+#define PROTECTED_SACL_SECURITY_INFORMATION   (0x40000000L)
+#define UNPROTECTED_DACL_SECURITY_INFORMATION (0x20000000L)
+#define UNPROTECTED_SACL_SECURITY_INFORMATION (0x10000000L)
 
-#define PROTECTED_DACL_SECURITY_INFORMATION     (0x80000000L)
-#define PROTECTED_SACL_SECURITY_INFORMATION     (0x40000000L)
-#define UNPROTECTED_DACL_SECURITY_INFORMATION   (0x20000000L)
-#define UNPROTECTED_SACL_SECURITY_INFORMATION   (0x10000000L)
+$endif (_WDMDDK_ || _WINNT_)
+$if (_WDMDDK_)
 
 typedef enum _SECURITY_OPERATION_CODE {
   SetSecurityDescriptor,
@@ -326,6 +312,9 @@ $endif (_WDMDDK_)
 $if (_NTDDK_)
 #define SE_UNSOLICITED_INPUT_PRIVILEGE    6
 
+$endif (_NTDDK_)
+$if (_NTDDK_ || _WINNT_)
+
 typedef enum _WELL_KNOWN_SID_TYPE {
   WinNullSid = 0,
   WinWorldSid = 1,
@@ -411,7 +400,8 @@ typedef enum _WELL_KNOWN_SID_TYPE {
   WinConsoleLogonSid = 81,
   WinThisOrganizationCertificateSid = 82,
 } WELL_KNOWN_SID_TYPE;
-$endif (_NTDDK_)
+
+$endif (_NTDDK_ || _WINNT_)
 $if (_NTIFS_ || _WINNT_)
 
 #ifndef SID_IDENTIFIER_AUTHORITY_DEFINED
@@ -435,15 +425,12 @@ typedef struct _SID {
 } SID, *PISID;
 #endif
 
-$endif (_NTIFS_ || _WINNT_)
-$if (_NTIFS_)
-
 #define SID_REVISION                    1
 #define SID_MAX_SUB_AUTHORITIES         15
 #define SID_RECOMMENDED_SUB_AUTHORITIES 1
 
 #ifndef MIDL_PASS
-#define SECURITY_MAX_SID_SIZE (sizeof(SID) - sizeof(ULONG) + (SID_MAX_SUB_AUTHORITIES * sizeof(ULONG)))
+#define SECURITY_MAX_SID_SIZE (sizeof(SID) - sizeof($ULONG) + (SID_MAX_SUB_AUTHORITIES * sizeof($ULONG)))
 #endif
 
 typedef enum _SID_NAME_USE {
@@ -465,7 +452,7 @@ typedef struct _SID_AND_ATTRIBUTES {
 #else
   PSID Sid;
 #endif
-  ULONG Attributes;
+  $ULONG Attributes;
 } SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
 typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
@@ -474,7 +461,7 @@ typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
 typedef ULONG_PTR SID_HASH_ENTRY, *PSID_HASH_ENTRY;
 
 typedef struct _SID_AND_ATTRIBUTES_HASH {
-  ULONG SidCount;
+  $ULONG SidCount;
   PSID_AND_ATTRIBUTES SidAttr;
   SID_HASH_ENTRY Hash[SID_HASH_SIZE];
 } SID_AND_ATTRIBUTES_HASH, *PSID_AND_ATTRIBUTES_HASH;
@@ -482,89 +469,99 @@ typedef struct _SID_AND_ATTRIBUTES_HASH {
 /* Universal well-known SIDs */
 
 #define SECURITY_NULL_SID_AUTHORITY         {0,0,0,0,0,0}
+
+/* S-1-1 */
 #define SECURITY_WORLD_SID_AUTHORITY        {0,0,0,0,0,1}
+
+/* S-1-2 */
 #define SECURITY_LOCAL_SID_AUTHORITY        {0,0,0,0,0,2}
+
+/* S-1-3 */
 #define SECURITY_CREATOR_SID_AUTHORITY      {0,0,0,0,0,3}
+
+/* S-1-4 */
 #define SECURITY_NON_UNIQUE_AUTHORITY       {0,0,0,0,0,4}
+
 #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
 
-#define SECURITY_NULL_RID                 (0x00000000L)
-#define SECURITY_WORLD_RID                (0x00000000L)
-#define SECURITY_LOCAL_RID                (0x00000000L)
-#define SECURITY_LOCAL_LOGON_RID          (0x00000001L)
+#define SECURITY_NULL_RID                   (0x00000000L)
+#define SECURITY_WORLD_RID                  (0x00000000L)
+#define SECURITY_LOCAL_RID                  (0x00000000L)
+#define SECURITY_LOCAL_LOGON_RID            (0x00000001L)
 
-#define SECURITY_CREATOR_OWNER_RID        (0x00000000L)
-#define SECURITY_CREATOR_GROUP_RID        (0x00000001L)
-#define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
-#define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
-#define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
+#define SECURITY_CREATOR_OWNER_RID          (0x00000000L)
+#define SECURITY_CREATOR_GROUP_RID          (0x00000001L)
+#define SECURITY_CREATOR_OWNER_SERVER_RID   (0x00000002L)
+#define SECURITY_CREATOR_GROUP_SERVER_RID   (0x00000003L)
+#define SECURITY_CREATOR_OWNER_RIGHTS_RID   (0x00000004L)
 
 /* NT well-known SIDs */
 
-#define SECURITY_NT_AUTHORITY           {0,0,0,0,0,5}
-
-#define SECURITY_DIALUP_RID             (0x00000001L)
-#define SECURITY_NETWORK_RID            (0x00000002L)
-#define SECURITY_BATCH_RID              (0x00000003L)
-#define SECURITY_INTERACTIVE_RID        (0x00000004L)
-#define SECURITY_LOGON_IDS_RID          (0x00000005L)
-#define SECURITY_LOGON_IDS_RID_COUNT    (3L)
-#define SECURITY_SERVICE_RID            (0x00000006L)
-#define SECURITY_ANONYMOUS_LOGON_RID    (0x00000007L)
-#define SECURITY_PROXY_RID              (0x00000008L)
-#define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)
-#define SECURITY_SERVER_LOGON_RID       SECURITY_ENTERPRISE_CONTROLLERS_RID
-#define SECURITY_PRINCIPAL_SELF_RID     (0x0000000AL)
-#define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)
-#define SECURITY_RESTRICTED_CODE_RID    (0x0000000CL)
-#define SECURITY_TERMINAL_SERVER_RID    (0x0000000DL)
-#define SECURITY_REMOTE_LOGON_RID       (0x0000000EL)
-#define SECURITY_THIS_ORGANIZATION_RID  (0x0000000FL)
-#define SECURITY_IUSER_RID              (0x00000011L)
-#define SECURITY_LOCAL_SYSTEM_RID       (0x00000012L)
-#define SECURITY_LOCAL_SERVICE_RID      (0x00000013L)
-#define SECURITY_NETWORK_SERVICE_RID    (0x00000014L)
-#define SECURITY_NT_NON_UNIQUE          (0x00000015L)
-#define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT  (3L)
+/* S-1-5 */
+#define SECURITY_NT_AUTHORITY               {0,0,0,0,0,5}
+
+#define SECURITY_DIALUP_RID                          (0x00000001L)
+#define SECURITY_NETWORK_RID                         (0x00000002L)
+#define SECURITY_BATCH_RID                           (0x00000003L)
+#define SECURITY_INTERACTIVE_RID                     (0x00000004L)
+#define SECURITY_LOGON_IDS_RID                       (0x00000005L)
+#define SECURITY_LOGON_IDS_RID_COUNT                 (3L)
+#define SECURITY_SERVICE_RID                         (0x00000006L)
+#define SECURITY_ANONYMOUS_LOGON_RID                 (0x00000007L)
+#define SECURITY_PROXY_RID                           (0x00000008L)
+#define SECURITY_ENTERPRISE_CONTROLLERS_RID          (0x00000009L)
+#define SECURITY_SERVER_LOGON_RID                    SECURITY_ENTERPRISE_CONTROLLERS_RID
+#define SECURITY_PRINCIPAL_SELF_RID                  (0x0000000AL)
+#define SECURITY_AUTHENTICATED_USER_RID              (0x0000000BL)
+#define SECURITY_RESTRICTED_CODE_RID                 (0x0000000CL)
+#define SECURITY_TERMINAL_SERVER_RID                 (0x0000000DL)
+#define SECURITY_REMOTE_LOGON_RID                    (0x0000000EL)
+#define SECURITY_THIS_ORGANIZATION_RID               (0x0000000FL)
+#define SECURITY_IUSER_RID                           (0x00000011L)
+#define SECURITY_LOCAL_SYSTEM_RID                    (0x00000012L)
+#define SECURITY_LOCAL_SERVICE_RID                   (0x00000013L)
+#define SECURITY_NETWORK_SERVICE_RID                 (0x00000014L)
+#define SECURITY_NT_NON_UNIQUE                       (0x00000015L)
+#define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT        (3L)
 #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L)
 
-#define SECURITY_BUILTIN_DOMAIN_RID     (0x00000020L)
+#define SECURITY_BUILTIN_DOMAIN_RID        (0x00000020L)
 #define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L)
 
 
-#define SECURITY_PACKAGE_BASE_RID       (0x00000040L)
-#define SECURITY_PACKAGE_RID_COUNT      (2L)
-#define SECURITY_PACKAGE_NTLM_RID       (0x0000000AL)
-#define SECURITY_PACKAGE_SCHANNEL_RID   (0x0000000EL)
-#define SECURITY_PACKAGE_DIGEST_RID     (0x00000015L)
-
-#define SECURITY_CRED_TYPE_BASE_RID             (0x00000041L)
-#define SECURITY_CRED_TYPE_RID_COUNT            (2L)
-#define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID    (0x00000001L)
-
-#define SECURITY_MIN_BASE_RID          (0x00000050L)
-#define SECURITY_SERVICE_ID_BASE_RID    (0x00000050L)
-#define SECURITY_SERVICE_ID_RID_COUNT   (6L)
-#define SECURITY_RESERVED_ID_BASE_RID   (0x00000051L)
-#define SECURITY_APPPOOL_ID_BASE_RID    (0x00000052L)
-#define SECURITY_APPPOOL_ID_RID_COUNT   (6L)
-#define SECURITY_VIRTUALSERVER_ID_BASE_RID    (0x00000053L)
-#define SECURITY_VIRTUALSERVER_ID_RID_COUNT   (6L)
-#define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID  (0x00000054L)
-#define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L)
+#define SECURITY_PACKAGE_BASE_RID     (0x00000040L)
+#define SECURITY_PACKAGE_RID_COUNT    (2L)
+#define SECURITY_PACKAGE_NTLM_RID     (0x0000000AL)
+#define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)
+#define SECURITY_PACKAGE_DIGEST_RID   (0x00000015L)
+
+#define SECURITY_CRED_TYPE_BASE_RID          (0x00000041L)
+#define SECURITY_CRED_TYPE_RID_COUNT         (2L)
+#define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L)
+
+#define SECURITY_MIN_BASE_RID                               (0x00000050L)
+#define SECURITY_SERVICE_ID_BASE_RID                        (0x00000050L)
+#define SECURITY_SERVICE_ID_RID_COUNT                       (6L)
+#define SECURITY_RESERVED_ID_BASE_RID                       (0x00000051L)
+#define SECURITY_APPPOOL_ID_BASE_RID                        (0x00000052L)
+#define SECURITY_APPPOOL_ID_RID_COUNT                       (6L)
+#define SECURITY_VIRTUALSERVER_ID_BASE_RID                  (0x00000053L)
+#define SECURITY_VIRTUALSERVER_ID_RID_COUNT                 (6L)
+#define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID             (0x00000054L)
+#define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT            (6L)
 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID  (0x00000055L)
 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L)
-#define SECURITY_WMIHOST_ID_BASE_RID  (0x00000056L)
-#define SECURITY_WMIHOST_ID_RID_COUNT (6L)
-#define SECURITY_TASK_ID_BASE_RID                 (0x00000057L)
-#define SECURITY_NFS_ID_BASE_RID        (0x00000058L)
-#define SECURITY_COM_ID_BASE_RID        (0x00000059L)
-#define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT   (6L)
+#define SECURITY_WMIHOST_ID_BASE_RID                        (0x00000056L)
+#define SECURITY_WMIHOST_ID_RID_COUNT                       (6L)
+#define SECURITY_TASK_ID_BASE_RID                           (0x00000057L)
+#define SECURITY_NFS_ID_BASE_RID                            (0x00000058L)
+#define SECURITY_COM_ID_BASE_RID                            (0x00000059L)
+#define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT                (6L)
 
-#define SECURITY_MAX_BASE_RID          (0x0000006FL)
+#define SECURITY_MAX_BASE_RID (0x0000006FL)
 
-#define SECURITY_MAX_ALWAYS_FILTERED    (0x000003E7L)
-#define SECURITY_MIN_NEVER_FILTERED     (0x000003E8L)
+#define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)
+#define SECURITY_MIN_NEVER_FILTERED  (0x000003E8L)
 
 #define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
 
@@ -574,15 +571,15 @@ typedef struct _SID_AND_ATTRIBUTES_HASH {
 
 #define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L)
 
-#define FOREST_USER_RID_MAX            (0x000001F3L)
+#define FOREST_USER_RID_MAX (0x000001F3L)
 
 /* Well-known users */
 
-#define DOMAIN_USER_RID_ADMIN          (0x000001F4L)
-#define DOMAIN_USER_RID_GUEST          (0x000001F5L)
-#define DOMAIN_USER_RID_KRBTGT         (0x000001F6L)
+#define DOMAIN_USER_RID_ADMIN  (0x000001F4L)
+#define DOMAIN_USER_RID_GUEST  (0x000001F5L)
+#define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
 
-#define DOMAIN_USER_RID_MAX            (0x000003E7L)
+#define DOMAIN_USER_RID_MAX (0x000003E7L)
 
 /* Well-known groups */
 
@@ -599,15 +596,15 @@ typedef struct _SID_AND_ATTRIBUTES_HASH {
 
 /* Well-known aliases */
 
-#define DOMAIN_ALIAS_RID_ADMINS                         (0x00000220L)
-#define DOMAIN_ALIAS_RID_USERS                          (0x00000221L)
-#define DOMAIN_ALIAS_RID_GUESTS                         (0x00000222L)
-#define DOMAIN_ALIAS_RID_POWER_USERS                    (0x00000223L)
+#define DOMAIN_ALIAS_RID_ADMINS      (0x00000220L)
+#define DOMAIN_ALIAS_RID_USERS       (0x00000221L)
+#define DOMAIN_ALIAS_RID_GUESTS      (0x00000222L)
+#define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
 
-#define DOMAIN_ALIAS_RID_ACCOUNT_OPS                    (0x00000224L)
-#define DOMAIN_ALIAS_RID_SYSTEM_OPS                     (0x00000225L)
-#define DOMAIN_ALIAS_RID_PRINT_OPS                      (0x00000226L)
-#define DOMAIN_ALIAS_RID_BACKUP_OPS                     (0x00000227L)
+#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
+#define DOMAIN_ALIAS_RID_SYSTEM_OPS  (0x00000225L)
+#define DOMAIN_ALIAS_RID_PRINT_OPS   (0x00000226L)
+#define DOMAIN_ALIAS_RID_BACKUP_OPS  (0x00000227L)
 
 #define DOMAIN_ALIAS_RID_REPLICATOR                     (0x00000228L)
 #define DOMAIN_ALIAS_RID_RAS_SERVERS                    (0x00000229L)
@@ -616,11 +613,12 @@ typedef struct _SID_AND_ATTRIBUTES_HASH {
 #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS      (0x0000022CL)
 #define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
 
-#define DOMAIN_ALIAS_RID_MONITORING_USERS               (0x0000022EL)
-#define DOMAIN_ALIAS_RID_LOGGING_USERS                  (0x0000022FL)
-#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS            (0x00000230L)
-#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS             (0x00000231L)
-#define DOMAIN_ALIAS_RID_DCOM_USERS                     (0x00000232L)
+#define DOMAIN_ALIAS_RID_MONITORING_USERS    (0x0000022EL)
+#define DOMAIN_ALIAS_RID_LOGGING_USERS       (0x0000022FL)
+#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)
+#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS  (0x00000231L)
+#define DOMAIN_ALIAS_RID_DCOM_USERS          (0x00000232L)
+
 #define DOMAIN_ALIAS_RID_IUSERS                         (0x00000238L)
 #define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS               (0x00000239L)
 #define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP     (0x0000023BL)
@@ -628,37 +626,36 @@ typedef struct _SID_AND_ATTRIBUTES_HASH {
 #define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP        (0x0000023DL)
 #define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP      (0x0000023EL)
 
-#define SECURITY_MANDATORY_LABEL_AUTHORITY          {0,0,0,0,0,16}
-#define SECURITY_MANDATORY_UNTRUSTED_RID            (0x00000000L)
-#define SECURITY_MANDATORY_LOW_RID                  (0x00001000L)
-#define SECURITY_MANDATORY_MEDIUM_RID               (0x00002000L)
-#define SECURITY_MANDATORY_HIGH_RID                 (0x00003000L)
-#define SECURITY_MANDATORY_SYSTEM_RID               (0x00004000L)
-#define SECURITY_MANDATORY_PROTECTED_PROCESS_RID    (0x00005000L)
+#define SECURITY_MANDATORY_LABEL_AUTHORITY       {0,0,0,0,0,16}
+#define SECURITY_MANDATORY_UNTRUSTED_RID         (0x00000000L)
+#define SECURITY_MANDATORY_LOW_RID               (0x00001000L)
+#define SECURITY_MANDATORY_MEDIUM_RID            (0x00002000L)
+#define SECURITY_MANDATORY_HIGH_RID              (0x00003000L)
+#define SECURITY_MANDATORY_SYSTEM_RID            (0x00004000L)
+#define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L)
 
 /* SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that
    can be set by a usermode caller.*/
 
-#define SECURITY_MANDATORY_MAXIMUM_USER_RID   SECURITY_MANDATORY_SYSTEM_RID
+#define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID
 
 #define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000)
 
 /* Allocate the System Luid.  The first 1000 LUIDs are reserved.
    Use #999 here (0x3e7 = 999) */
 
-#define SYSTEM_LUID                     {0x3e7, 0x0}
-#define ANONYMOUS_LOGON_LUID            {0x3e6, 0x0}
-#define LOCALSERVICE_LUID               {0x3e5, 0x0}
-#define NETWORKSERVICE_LUID             {0x3e4, 0x0}
-#define IUSER_LUID                      {0x3e3, 0x0}
+#define SYSTEM_LUID          {0x3e7, 0x0}
+#define ANONYMOUS_LOGON_LUID {0x3e6, 0x0}
+#define LOCALSERVICE_LUID    {0x3e5, 0x0}
+#define NETWORKSERVICE_LUID  {0x3e4, 0x0}
+#define IUSER_LUID           {0x3e3, 0x0}
 
 typedef struct _ACE_HEADER {
-  UCHAR AceType;
-  UCHAR AceFlags;
-  USHORT AceSize;
+  $UCHAR AceType;
+  $UCHAR AceFlags;
+  $USHORT AceSize;
 } ACE_HEADER, *PACE_HEADER;
 
-/* also in winnt.h */
 #define ACCESS_MIN_MS_ACE_TYPE                  (0x0)
 #define ACCESS_ALLOWED_ACE_TYPE                 (0x0)
 #define ACCESS_DENIED_ACE_TYPE                  (0x1)
@@ -689,87 +686,87 @@ typedef struct _ACE_HEADER {
 /* The following are the inherit flags that go into the AceFlags field
    of an Ace header. */
 
-#define OBJECT_INHERIT_ACE                (0x1)
-#define CONTAINER_INHERIT_ACE             (0x2)
-#define NO_PROPAGATE_INHERIT_ACE          (0x4)
-#define INHERIT_ONLY_ACE                  (0x8)
-#define INHERITED_ACE                     (0x10)
-#define VALID_INHERIT_FLAGS               (0x1F)
+#define OBJECT_INHERIT_ACE       (0x1)
+#define CONTAINER_INHERIT_ACE    (0x2)
+#define NO_PROPAGATE_INHERIT_ACE (0x4)
+#define INHERIT_ONLY_ACE         (0x8)
+#define INHERITED_ACE            (0x10)
+#define VALID_INHERIT_FLAGS      (0x1F)
 
-#define SUCCESSFUL_ACCESS_ACE_FLAG        (0x40)
-#define FAILED_ACCESS_ACE_FLAG            (0x80)
+#define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
+#define FAILED_ACCESS_ACE_FLAG     (0x80)
 
 typedef struct _ACCESS_ALLOWED_ACE {
   ACE_HEADER Header;
   ACCESS_MASK Mask;
-  ULONG SidStart;
+  $ULONG SidStart;
 } ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE;
 
 typedef struct _ACCESS_DENIED_ACE {
   ACE_HEADER Header;
   ACCESS_MASK Mask;
-  ULONG SidStart;
+  $ULONG SidStart;
 } ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE;
 
 typedef struct _SYSTEM_AUDIT_ACE {
   ACE_HEADER Header;
   ACCESS_MASK Mask;
-  ULONG SidStart;
+  $ULONG SidStart;
 } SYSTEM_AUDIT_ACE, *PSYSTEM_AUDIT_ACE;
 
 typedef struct _SYSTEM_ALARM_ACE {
   ACE_HEADER Header;
   ACCESS_MASK Mask;
-  ULONG SidStart;
+  $ULONG SidStart;
 } SYSTEM_ALARM_ACE, *PSYSTEM_ALARM_ACE;
 
 typedef struct _SYSTEM_MANDATORY_LABEL_ACE {
   ACE_HEADER Header;
   ACCESS_MASK Mask;
-  ULONG SidStart;
+  $ULONG SidStart;
 } SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;
 
-#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP         0x1
-#define SYSTEM_MANDATORY_LABEL_NO_READ_UP          0x2
-#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP       0x4
-#define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP   | \
-                                           SYSTEM_MANDATORY_LABEL_NO_READ_UP    | \
-                                           SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
-
-#define SECURITY_DESCRIPTOR_MIN_LENGTH   (sizeof(SECURITY_DESCRIPTOR))
-
-typedef USHORT SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL;
-
-#define SE_OWNER_DEFAULTED              0x0001
-#define SE_GROUP_DEFAULTED              0x0002
-#define SE_DACL_PRESENT                 0x0004
-#define SE_DACL_DEFAULTED               0x0008
-#define SE_SACL_PRESENT                 0x0010
-#define SE_SACL_DEFAULTED               0x0020
-#define SE_DACL_UNTRUSTED               0x0040
-#define SE_SERVER_SECURITY              0x0080
-#define SE_DACL_AUTO_INHERIT_REQ        0x0100
-#define SE_SACL_AUTO_INHERIT_REQ        0x0200
-#define SE_DACL_AUTO_INHERITED          0x0400
-#define SE_SACL_AUTO_INHERITED          0x0800
-#define SE_DACL_PROTECTED               0x1000
-#define SE_SACL_PROTECTED               0x2000
-#define SE_RM_CONTROL_VALID             0x4000
-#define SE_SELF_RELATIVE                0x8000
+#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP   0x1
+#define SYSTEM_MANDATORY_LABEL_NO_READ_UP    0x2
+#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4
+#define SYSTEM_MANDATORY_LABEL_VALID_MASK    (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \
+                                              SYSTEM_MANDATORY_LABEL_NO_READ_UP  | \
+                                              SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
+
+#define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
+
+typedef $USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
+
+#define SE_OWNER_DEFAULTED       0x0001
+#define SE_GROUP_DEFAULTED       0x0002
+#define SE_DACL_PRESENT          0x0004
+#define SE_DACL_DEFAULTED        0x0008
+#define SE_SACL_PRESENT          0x0010
+#define SE_SACL_DEFAULTED        0x0020
+#define SE_DACL_UNTRUSTED        0x0040
+#define SE_SERVER_SECURITY       0x0080
+#define SE_DACL_AUTO_INHERIT_REQ 0x0100
+#define SE_SACL_AUTO_INHERIT_REQ 0x0200
+#define SE_DACL_AUTO_INHERITED   0x0400
+#define SE_SACL_AUTO_INHERITED   0x0800
+#define SE_DACL_PROTECTED        0x1000
+#define SE_SACL_PROTECTED        0x2000
+#define SE_RM_CONTROL_VALID      0x4000
+#define SE_SELF_RELATIVE         0x8000
 
 typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
-  UCHAR Revision;
-  UCHAR Sbz1;
+  $UCHAR Revision;
+  $UCHAR Sbz1;
   SECURITY_DESCRIPTOR_CONTROL Control;
-  ULONG Owner;
-  ULONG Group;
-  ULONG Sacl;
-  ULONG Dacl;
+  $ULONG Owner;
+  $ULONG Group;
+  $ULONG Sacl;
+  $ULONG Dacl;
 } SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
 
 typedef struct _SECURITY_DESCRIPTOR {
-  UCHAR Revision;
-  UCHAR Sbz1;
+  $UCHAR Revision;
+  $UCHAR Sbz1;
   SECURITY_DESCRIPTOR_CONTROL Control;
   PSID Owner;
   PSID Group;
@@ -778,8 +775,8 @@ typedef struct _SECURITY_DESCRIPTOR {
 } SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
 
 typedef struct _OBJECT_TYPE_LIST {
-  USHORT Level;
-  USHORT Sbz;
+  $USHORT Level;
+  $USHORT Sbz;
   GUID *ObjectType;
 } OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST;
 
@@ -819,7 +816,7 @@ typedef enum _ACCESS_REASON_TYPE {
   AccessReasonNoGrant = 0x00800000
 } ACCESS_REASON_TYPE;
 
-typedef ULONG ACCESS_REASON;
+typedef $ULONG ACCESS_REASON;
 
 typedef struct _ACCESS_REASONS {
   ACCESS_REASON Data[32];
@@ -830,11 +827,14 @@ typedef struct _ACCESS_REASONS {
 #define SE_SECURITY_DESCRIPTOR_VALID_FLAGS          0x00000003
 
 typedef struct _SE_SECURITY_DESCRIPTOR {
-  ULONG Size;
-  ULONG Flags;
+  $ULONG Size;
+  $ULONG Flags;
   PSECURITY_DESCRIPTOR SecurityDescriptor;
 } SE_SECURITY_DESCRIPTOR, *PSE_SECURITY_DESCRIPTOR;
 
+$endif(_NTIFS_ || _WINNT_)
+$if(_NTIFS_)
+
 typedef struct _SE_ACCESS_REQUEST {
   ULONG Size;
   PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor;
index b7ec2ef..b7e4db3 100644 (file)
 #define SYSTEM_AUDIT_ACE_TYPE           (0x2)
 #define SYSTEM_ALARM_ACE_TYPE           (0x3)
 /*end ntifs.h */
-#define OBJECT_INHERIT_ACE    1
-#define CONTAINER_INHERIT_ACE    2
-#define NO_PROPAGATE_INHERIT_ACE    4
-#define INHERIT_ONLY_ACE    8
-#define INHERITED_ACE    16
-#define VALID_INHERIT_FLAGS    0x1F
-#define SUCCESSFUL_ACCESS_ACE_FLAG    64
-#define FAILED_ACCESS_ACE_FLAG    128
-#define DELETE    0x00010000L
-#define READ_CONTROL    0x20000L
-#define WRITE_DAC    0x40000L
-#define WRITE_OWNER    0x80000L
-#define SYNCHRONIZE    0x100000L
-#define STANDARD_RIGHTS_REQUIRED    0xF0000
-#define STANDARD_RIGHTS_READ    0x20000
-#define STANDARD_RIGHTS_WRITE    0x20000
-#define STANDARD_RIGHTS_EXECUTE    0x20000
-#define STANDARD_RIGHTS_ALL    0x1F0000
-#define SPECIFIC_RIGHTS_ALL    0xFFFF
-#define ACCESS_SYSTEM_SECURITY    0x1000000
 
 #define REG_STANDARD_FORMAT 1
 #define REG_LATEST_FORMAT   2
 
 #endif /* WIN32_NO_STATUS */
 
-#define MAXIMUM_ALLOWED    0x2000000
-#define GENERIC_READ    0x80000000
-#define GENERIC_WRITE    0x40000000
-#define GENERIC_EXECUTE    0x20000000
-#define GENERIC_ALL    0x10000000
-
 #define INVALID_FILE_ATTRIBUTES    ((DWORD)-1)
 
 /* Also in ddk/winddk.h */
 #define PROCESS_SET_LIMITED_INFORMATION 0x2000
 #define THREAD_RESUME 0x1000
 
-/*
- * To prevent gcc compiler warnings, bracket these defines when initialising
- * a  SID_IDENTIFIER_AUTHORITY, eg.
- * SID_IDENTIFIER_AUTHORITY aNullSidAuthority = {SECURITY_NULL_SID_AUTHORITY};
- */
-#define SID_MAX_SUB_AUTHORITIES     15
-
-/* security entities */
-#define SECURITY_NULL_RID            (0x00000000L)
-#define SECURITY_WORLD_RID            (0x00000000L)
-#define SECURITY_LOCAL_RID            (0X00000000L)
-
-#define SECURITY_NULL_SID_AUTHORITY        {0,0,0,0,0,0}
-
-/* S-1-1 */
-#define SECURITY_WORLD_SID_AUTHORITY        {0,0,0,0,0,1}
-
-/* S-1-2 */
-#define SECURITY_LOCAL_SID_AUTHORITY        {0,0,0,0,0,2}
-
-/* S-1-3 */
-#define SECURITY_CREATOR_SID_AUTHORITY        {0,0,0,0,0,3}
-#define SECURITY_CREATOR_OWNER_RID        (0x00000000L)
-#define SECURITY_CREATOR_GROUP_RID        (0x00000001L)
-#define SECURITY_CREATOR_OWNER_SERVER_RID    (0x00000002L)
-#define SECURITY_CREATOR_GROUP_SERVER_RID    (0x00000003L)
-
-/* S-1-4 */
-#define SECURITY_NON_UNIQUE_AUTHORITY        {0,0,0,0,0,4}
-
-/* S-1-5 */
-#define SECURITY_NT_AUTHORITY            {0,0,0,0,0,5}
-#define SECURITY_DIALUP_RID                     0x00000001L
-#define SECURITY_NETWORK_RID                    0x00000002L
-#define SECURITY_BATCH_RID                      0x00000003L
-#define SECURITY_INTERACTIVE_RID                0x00000004L
-#define SECURITY_LOGON_IDS_RID                  0x00000005L
-#define SECURITY_SERVICE_RID                    0x00000006L
-#define SECURITY_ANONYMOUS_LOGON_RID            0x00000007L
-#define SECURITY_PROXY_RID                      0x00000008L
-#define SECURITY_ENTERPRISE_CONTROLLERS_RID     0x00000009L
-#define SECURITY_SERVER_LOGON_RID               SECURITY_ENTERPRISE_CONTROLLERS_RID
-#define SECURITY_PRINCIPAL_SELF_RID             0x0000000AL
-#define SECURITY_AUTHENTICATED_USER_RID         0x0000000BL
-#define SECURITY_RESTRICTED_CODE_RID            0x0000000CL
-#define SECURITY_TERMINAL_SERVER_RID            0x0000000DL
-#define SECURITY_REMOTE_LOGON_RID               0x0000000EL
-#define SECURITY_THIS_ORGANIZATION_RID          0x0000000FL
-#define SECURITY_LOCAL_SYSTEM_RID               0x00000012L
-#define SECURITY_LOCAL_SERVICE_RID              0x00000013L
-#define SECURITY_NETWORK_SERVICE_RID            0x00000014L
-#define SECURITY_NT_NON_UNIQUE                  0x00000015L
-#define SECURITY_BUILTIN_DOMAIN_RID             0x00000020L
-
-#define SECURITY_PACKAGE_BASE_RID               0x00000040L
-#define SECURITY_PACKAGE_NTLM_RID               0x0000000AL
-#define SECURITY_PACKAGE_SCHANNEL_RID           0x0000000EL
-#define SECURITY_PACKAGE_DIGEST_RID             0x00000015L
-#define SECURITY_OTHER_ORGANIZATION_RID         0x000003E8L
-
-#define SECURITY_LOGON_IDS_RID_COUNT 0x3
-#define SID_REVISION 1
-
-#define FOREST_USER_RID_MAX                     0x000001F3L
-#define DOMAIN_USER_RID_ADMIN                   0x000001F4L
-#define DOMAIN_USER_RID_GUEST                   0x000001F5L
-#define DOMAIN_USER_RID_KRBTGT                  0x000001F6L
-#define DOMAIN_USER_RID_MAX                     0x000003E7L
-
-#define DOMAIN_GROUP_RID_ADMINS                 0x00000200L
-#define DOMAIN_GROUP_RID_USERS                  0x00000201L
-#define DOMAIN_GROUP_RID_GUESTS                 0x00000202L
-#define DOMAIN_GROUP_RID_COMPUTERS              0x00000203L
-#define DOMAIN_GROUP_RID_CONTROLLERS            0x00000204L
-#define DOMAIN_GROUP_RID_CERT_ADMINS            0x00000205L
-#define DOMAIN_GROUP_RID_SCHEMA_ADMINS          0x00000206L
-#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS      0x00000207L
-#define DOMAIN_GROUP_RID_POLICY_ADMINS          0x00000208L
-
-#define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
-#define SECURITY_MANDATORY_UNTRUSTED_RID        0x00000000L
-#define SECURITY_MANDATORY_LOW_RID              0x00001000L
-#define SECURITY_MANDATORY_MEDIUM_RID           0x00002000L
-#define SECURITY_MANDATORY_HIGH_RID             0x00003000L
-#define SECURITY_MANDATORY_SYSTEM_RID           0x00004000L
-#define SECURITY_MANDATORY_PROTECTED_PROCESS_RID 0x00005000L
-
-#define DOMAIN_ALIAS_RID_ADMINS                 0x00000220L
-#define DOMAIN_ALIAS_RID_USERS                  0x00000221L
-#define DOMAIN_ALIAS_RID_GUESTS                 0x00000222L
-#define DOMAIN_ALIAS_RID_POWER_USERS            0x00000223L
-
-#define DOMAIN_ALIAS_RID_ACCOUNT_OPS            0x00000224L
-#define DOMAIN_ALIAS_RID_SYSTEM_OPS             0x00000225L
-#define DOMAIN_ALIAS_RID_PRINT_OPS              0x00000226L
-#define DOMAIN_ALIAS_RID_BACKUP_OPS             0x00000227L
-
-#define DOMAIN_ALIAS_RID_REPLICATOR             0x00000228L
-#define DOMAIN_ALIAS_RID_RAS_SERVERS            0x00000229L
-#define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS       0x0000022AL
-#define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS   0x0000022BL
-#define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS 0x0000022CL
-#define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS 0x0000022DL
-
-#define DOMAIN_ALIAS_RID_MONITORING_USERS       0x0000022EL
-#define DOMAIN_ALIAS_RID_LOGGING_USERS          0x0000022FL
-#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS    0x00000230L
-#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS     0x00000231L
-#define DOMAIN_ALIAS_RID_DCOM_USERS             0x00000232L
-
-#define SECURITY_MANDATORY_LABEL_AUTHORITY  {0,0,0,0,0,16}
-
-typedef enum {
-  WinNullSid = 0,
-  WinWorldSid = 1,
-  WinLocalSid = 2,
-  WinCreatorOwnerSid = 3,
-  WinCreatorGroupSid = 4,
-  WinCreatorOwnerServerSid = 5,
-  WinCreatorGroupServerSid = 6,
-  WinNtAuthoritySid = 7,
-  WinDialupSid = 8,
-  WinNetworkSid = 9,
-  WinBatchSid = 10,
-  WinInteractiveSid = 11,
-  WinServiceSid = 12,
-  WinAnonymousSid = 13,
-  WinProxySid = 14,
-  WinEnterpriseControllersSid = 15,
-  WinSelfSid = 16,
-  WinAuthenticatedUserSid = 17,
-  WinRestrictedCodeSid = 18,
-  WinTerminalServerSid = 19,
-  WinRemoteLogonIdSid = 20,
-  WinLogonIdsSid = 21,
-  WinLocalSystemSid = 22,
-  WinLocalServiceSid = 23,
-  WinNetworkServiceSid = 24,
-  WinBuiltinDomainSid = 25,
-  WinBuiltinAdministratorsSid = 26,
-  WinBuiltinUsersSid = 27,
-  WinBuiltinGuestsSid = 28,
-  WinBuiltinPowerUsersSid = 29,
-  WinBuiltinAccountOperatorsSid = 30,
-  WinBuiltinSystemOperatorsSid = 31,
-  WinBuiltinPrintOperatorsSid = 32,
-  WinBuiltinBackupOperatorsSid = 33,
-  WinBuiltinReplicatorSid = 34,
-  WinBuiltinPreWindows2000CompatibleAccessSid = 35,
-  WinBuiltinRemoteDesktopUsersSid = 36,
-  WinBuiltinNetworkConfigurationOperatorsSid = 37,
-  WinAccountAdministratorSid = 38,
-  WinAccountGuestSid = 39,
-  WinAccountKrbtgtSid = 40,
-  WinAccountDomainAdminsSid = 41,
-  WinAccountDomainUsersSid = 42,
-  WinAccountDomainGuestsSid = 43,
-  WinAccountComputersSid = 44,
-  WinAccountControllersSid = 45,
-  WinAccountCertAdminsSid = 46,
-  WinAccountSchemaAdminsSid = 47,
-  WinAccountEnterpriseAdminsSid = 48,
-  WinAccountPolicyAdminsSid = 49,
-  WinAccountRasAndIasServersSid = 50,
-  WinNTLMAuthenticationSid = 51,
-  WinDigestAuthenticationSid = 52,
-  WinSChannelAuthenticationSid = 53,
-  WinThisOrganizationSid = 54,
-  WinOtherOrganizationSid = 55,
-  WinBuiltinIncomingForestTrustBuildersSid = 56,
-  WinBuiltinPerfMonitoringUsersSid = 57,
-  WinBuiltinPerfLoggingUsersSid = 58,
-  WinBuiltinAuthorizationAccessSid = 59,
-  WinBuiltinTerminalServerLicenseServersSid = 60,
-  WinBuiltinDCOMUsersSid = 61,
-  WinBuiltinIUsersSid = 62,
-  WinIUserSid = 63,
-  WinBuiltinCryptoOperatorsSid = 64,
-  WinUntrustedLabelSid = 65,
-  WinLowLabelSid = 66,
-  WinMediumLabelSid = 67,
-  WinHighLabelSid = 68,
-  WinSystemLabelSid = 69,
-  WinWriteRestrictedCodeSid = 70,
-  WinCreatorOwnerRightsSid = 71,
-  WinCacheablePrincipalsGroupSid = 72,
-  WinNonCacheablePrincipalsGroupSid = 73,
-  WinEnterpriseReadonlyControllersSid = 74,
-  WinAccountReadonlyControllersSid = 75,
-  WinBuiltinEventLogReadersGroup = 76,
-  WinNewEnterpriseReadonlyControllersSid = 77,
-  WinBuiltinCertSvcDComAccessGroup = 78,
-  WinMediumPlusLabelSid = 79,
-  WinLocalLogonSid = 80,
-  WinConsoleLogonSid = 81,
-  WinThisOrganizationCertificateSid = 82,
-} WELL_KNOWN_SID_TYPE;
-
 #define SE_CREATE_TOKEN_NAME    TEXT("SeCreateTokenPrivilege")
 #define SE_ASSIGNPRIMARYTOKEN_NAME    TEXT("SeAssignPrimaryTokenPrivilege")
 #define SE_LOCK_MEMORY_NAME    TEXT("SeLockMemoryPrivilege")
@@ -630,14 +406,6 @@ typedef enum {
 #define LANG_MANX_GAELIC    0x94
 #define SUBLANG_PORTUGUESE_PORTUGAL   0x02
 
-#define ACL_REVISION    2
-#define ACL_REVISION_DS 4
-#define ACL_REVISION1 1
-#define ACL_REVISION2 2
-#define ACL_REVISION3 3
-#define ACL_REVISION4 4
-#define MIN_ACL_REVISION 2
-#define MAX_ACL_REVISION 4
 #define PROCESSOR_INTEL_386 386
 #define PROCESSOR_INTEL_486 486
 #define PROCESSOR_INTEL_PENTIUM 586
@@ -763,14 +531,6 @@ typedef enum {
 #define REG_OPTION_BACKUP_RESTORE    4
 #define REG_OPTION_OPEN_LINK    8
 #define REG_LEGAL_OPTION    15
-#define OWNER_SECURITY_INFORMATION 1
-#define GROUP_SECURITY_INFORMATION 2
-#define DACL_SECURITY_INFORMATION 4
-#define SACL_SECURITY_INFORMATION 8
-#define PROTECTED_DACL_SECURITY_INFORMATION     0x80000000
-#define PROTECTED_SACL_SECURITY_INFORMATION     0x40000000
-#define UNPROTECTED_DACL_SECURITY_INFORMATION   0x20000000
-#define UNPROTECTED_SACL_SECURITY_INFORMATION   0x10000000
 #define MAXIMUM_PROCESSORS 32
 #define PAGE_NOACCESS    0x0001
 #define PAGE_READONLY    0x0002
@@ -1176,33 +936,7 @@ typedef enum {
 #define SERVICE_ERROR_NORMAL 1
 #define SERVICE_ERROR_SEVERE 2
 #define SERVICE_ERROR_CRITICAL 3
-#define SE_OWNER_DEFAULTED              0x0001
-#define SE_GROUP_DEFAULTED              0x0002
-#define SE_DACL_PRESENT                 0x0004
-#define SE_DACL_DEFAULTED               0x0008
-#define SE_SACL_PRESENT                 0x0010
-#define SE_SACL_DEFAULTED               0x0020
-#define SE_DACL_UNTRUSTED               0x0040
-#define SE_SERVER_SECURITY              0x0080
-#define SE_DACL_AUTO_INHERIT_REQ        0x0100
-#define SE_SACL_AUTO_INHERIT_REQ        0x0200
-#define SE_DACL_AUTO_INHERITED          0x0400
-#define SE_SACL_AUTO_INHERITED          0x0800
-#define SE_DACL_PROTECTED               0x1000
-#define SE_SACL_PROTECTED               0x2000
-#define SE_RM_CONTROL_VALID             0x4000
-#define SE_SELF_RELATIVE                0x8000
-#define SECURITY_DESCRIPTOR_MIN_LENGTH 20
-#define SECURITY_DESCRIPTOR_REVISION 1
-#define SECURITY_DESCRIPTOR_REVISION1 1
-#define SE_PRIVILEGE_ENABLED_BY_DEFAULT 1
-#define SE_PRIVILEGE_ENABLED 2
-#define SE_PRIVILEGE_USED_FOR_ACCESS 0x80000000
-#define PRIVILEGE_SET_ALL_NECESSARY 1
-#define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation
-#define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation
-#define SECURITY_DYNAMIC_TRACKING TRUE
-#define SECURITY_STATIC_TRACKING FALSE
+
 /* also in ddk/ntifs.h */
 #define TOKEN_ASSIGN_PRIMARY            (0x0001)
 #define TOKEN_DUPLICATE                 (0x0002)
@@ -1394,7 +1128,6 @@ typedef VOID (NTAPI *WORKERCALLBACKFUNC)(PVOID);
 #define IO_REPARSE_TAG_MOUNT_POINT 0xA0000003
 #define IO_REPARSE_TAG_SYMLINK 0xA000000CL
 #ifndef RC_INVOKED
-typedef DWORD ACCESS_MASK, *PACCESS_MASK;
 
 #ifdef _GUID_DEFINED
 # warning _GUID_DEFINED is deprecated, use GUID_DEFINED instead
@@ -1410,189 +1143,6 @@ typedef struct _GUID {
 } GUID, *REFGUID, *LPGUID;
 #endif /* GUID_DEFINED */
 
-#define SYSTEM_LUID { 0x3E7, 0x0 }
-
-/* ACE Access Types, also in ntifs.h */
-#define ACCESS_MIN_MS_ACE_TYPE                  (0x0)
-#define ACCESS_ALLOWED_ACE_TYPE                 (0x0)
-#define ACCESS_DENIED_ACE_TYPE                  (0x1)
-#define SYSTEM_AUDIT_ACE_TYPE                   (0x2)
-#define SYSTEM_ALARM_ACE_TYPE                   (0x3)
-#define ACCESS_MAX_MS_V2_ACE_TYPE               (0x3)
-#define ACCESS_ALLOWED_COMPOUND_ACE_TYPE        (0x4)
-#define ACCESS_MAX_MS_V3_ACE_TYPE               (0x4)
-#define ACCESS_MIN_MS_OBJECT_ACE_TYPE           (0x5)
-#define ACCESS_ALLOWED_OBJECT_ACE_TYPE          (0x5)
-#define ACCESS_DENIED_OBJECT_ACE_TYPE           (0x6)
-#define SYSTEM_AUDIT_OBJECT_ACE_TYPE            (0x7)
-#define SYSTEM_ALARM_OBJECT_ACE_TYPE            (0x8)
-#define ACCESS_MAX_MS_OBJECT_ACE_TYPE           (0x8)
-#define ACCESS_MAX_MS_V4_ACE_TYPE               (0x8)
-#define ACCESS_MAX_MS_ACE_TYPE                  (0x8)
-#define ACCESS_ALLOWED_CALLBACK_ACE_TYPE        (0x9)
-#define ACCESS_DENIED_CALLBACK_ACE_TYPE         (0xA)
-#define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)
-#define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE  (0xC)
-#define SYSTEM_AUDIT_CALLBACK_ACE_TYPE          (0xD)
-#define SYSTEM_ALARM_CALLBACK_ACE_TYPE          (0xE)
-#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE   (0xF)
-#define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE   (0x10)
-#define SYSTEM_MANDATORY_LABEL_ACE_TYPE         (0x11)
-#define ACCESS_MAX_MS_V5_ACE_TYPE               (0x11)
-/* end ntifs.h */
-
-typedef struct _GENERIC_MAPPING {
-  ACCESS_MASK GenericRead;
-  ACCESS_MASK GenericWrite;
-  ACCESS_MASK GenericExecute;
-  ACCESS_MASK GenericAll;
-} GENERIC_MAPPING, *PGENERIC_MAPPING;
-
-typedef struct _ACE_HEADER {
-  BYTE AceType;
-  BYTE AceFlags;
-  WORD AceSize;
-} ACE_HEADER, *PACE_HEADER;
-
-typedef struct _ACCESS_ALLOWED_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD SidStart;
-} ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE;
-
-typedef struct _ACCESS_DENIED_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD SidStart;
-} ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE;
-
-typedef struct _SYSTEM_AUDIT_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD SidStart;
-} SYSTEM_AUDIT_ACE, *PSYSTEM_AUDIT_ACE;
-
-typedef struct _SYSTEM_ALARM_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD SidStart;
-} SYSTEM_ALARM_ACE,*PSYSTEM_ALARM_ACE;
-
-typedef struct _SYSTEM_MANDATORY_LABEL_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD SidStart;
-} SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;
-
-#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP  0x1
-#define SYSTEM_MANDATORY_LABEL_NO_READ_UP   0x2
-#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP    0x4
-#define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | SYSTEM_MANDATORY_LABEL_NO_READ_UP | SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP)
-
-typedef struct _ACCESS_ALLOWED_OBJECT_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD Flags;
-  GUID ObjectType;
-  GUID InheritedObjectType;
-  DWORD SidStart;
-} ACCESS_ALLOWED_OBJECT_ACE,*PACCESS_ALLOWED_OBJECT_ACE;
-
-typedef struct _ACCESS_DENIED_OBJECT_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD Flags;
-  GUID ObjectType;
-  GUID InheritedObjectType;
-  DWORD SidStart;
-} ACCESS_DENIED_OBJECT_ACE,*PACCESS_DENIED_OBJECT_ACE;
-
-typedef struct _SYSTEM_AUDIT_OBJECT_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD Flags;
-  GUID ObjectType;
-  GUID InheritedObjectType;
-  DWORD SidStart;
-} SYSTEM_AUDIT_OBJECT_ACE,*PSYSTEM_AUDIT_OBJECT_ACE;
-
-typedef struct _SYSTEM_ALARM_OBJECT_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD Flags;
-  GUID ObjectType;
-  GUID InheritedObjectType;
-  DWORD SidStart;
-} SYSTEM_ALARM_OBJECT_ACE,*PSYSTEM_ALARM_OBJECT_ACE;
-
-typedef struct _ACCESS_ALLOWED_CALLBACK_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD SidStart;
-} ACCESS_ALLOWED_CALLBACK_ACE, *PACCESS_ALLOWED_CALLBACK_ACE;
-
-typedef struct _ACCESS_DENIED_CALLBACK_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD SidStart;
-} ACCESS_DENIED_CALLBACK_ACE, *PACCESS_DENIED_CALLBACK_ACE;
-
-typedef struct _SYSTEM_AUDIT_CALLBACK_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD SidStart;
-} SYSTEM_AUDIT_CALLBACK_ACE, *PSYSTEM_AUDIT_CALLBACK_ACE;
-
-typedef struct _SYSTEM_ALARM_CALLBACK_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD SidStart;
-} SYSTEM_ALARM_CALLBACK_ACE, *PSYSTEM_ALARM_CALLBACK_ACE;
-
-typedef struct _ACCESS_ALLOWED_CALLBACK_OBJECT_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD Flags;
-  GUID ObjectType;
-  GUID InheritedObjectType;
-  DWORD SidStart;
-} ACCESS_ALLOWED_CALLBACK_OBJECT_ACE, *PACCESS_ALLOWED_CALLBACK_OBJECT_ACE;
-
-typedef struct _ACCESS_DENIED_CALLBACK_OBJECT_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD Flags;
-  GUID ObjectType;
-  GUID InheritedObjectType;
-  DWORD SidStart;
-} ACCESS_DENIED_CALLBACK_OBJECT_ACE, *PACCESS_DENIED_CALLBACK_OBJECT_ACE;
-
-typedef struct _SYSTEM_AUDIT_CALLBACK_OBJECT_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD Flags;
-  GUID ObjectType;
-  GUID InheritedObjectType;
-  DWORD SidStart;
-} SYSTEM_AUDIT_CALLBACK_OBJECT_ACE, *PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE;
-
-typedef struct _SYSTEM_ALARM_CALLBACK_OBJECT_ACE {
-  ACE_HEADER Header;
-  ACCESS_MASK Mask;
-  DWORD Flags;
-  GUID ObjectType;
-  GUID InheritedObjectType;
-  DWORD SidStart;
-} SYSTEM_ALARM_CALLBACK_OBJECT_ACE, *PSYSTEM_ALARM_CALLBACK_OBJECT_ACE;
-
-typedef struct _ACL {
-  BYTE AclRevision;
-  BYTE Sbz1;
-  WORD AclSize;
-  WORD AceCount;
-  WORD Sbz2;
-} ACL,*PACL;
-
 typedef enum _ACL_INFORMATION_CLASS {
   AclRevisionInformation = 1,
   AclSizeInformation
@@ -2544,40 +2094,111 @@ typedef struct _EXCEPTION_POINTERS {
   PCONTEXT ContextRecord;
 } EXCEPTION_POINTERS,*PEXCEPTION_POINTERS, *LPEXCEPTION_POINTERS;
 
-#include <pshpack4.h>
-
-typedef struct _LUID_AND_ATTRIBUTES {
-  LUID Luid;
-  DWORD Attributes;
-} LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
-typedef LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
-typedef LUID_AND_ATTRIBUTES_ARRAY *PLUID_AND_ATTRIBUTES_ARRAY;
-
-#include <poppack.h>
-
-typedef struct _PRIVILEGE_SET {
-  DWORD PrivilegeCount;
-  DWORD Control;
-  LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY];
-} PRIVILEGE_SET,*PPRIVILEGE_SET;
-
 typedef struct _SECURITY_ATTRIBUTES {
     DWORD nLength;
     LPVOID lpSecurityDescriptor;
     BOOL bInheritHandle;
-} SECURITY_ATTRIBUTES,*PSECURITY_ATTRIBUTES,*LPSECURITY_ATTRIBUTES;
+} SECURITY_ATTRIBUTES, *PSECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES;
+
+#define SECURITY_MIN_SID_SIZE (sizeof(SID))
 
 $include(setypes.h)
 
-#define SECURITY_MIN_SID_SIZE (sizeof(SID))
-#define SECURITY_MAX_SID_SIZE (FIELD_OFFSET(SID, SubAuthority) + SID_MAX_SUB_AUTHORITIES * sizeof(DWORD))
+typedef struct _ACCESS_ALLOWED_OBJECT_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD Flags;
+  GUID ObjectType;
+  GUID InheritedObjectType;
+  DWORD SidStart;
+} ACCESS_ALLOWED_OBJECT_ACE,*PACCESS_ALLOWED_OBJECT_ACE;
+
+typedef struct _ACCESS_DENIED_OBJECT_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD Flags;
+  GUID ObjectType;
+  GUID InheritedObjectType;
+  DWORD SidStart;
+} ACCESS_DENIED_OBJECT_ACE,*PACCESS_DENIED_OBJECT_ACE;
+
+typedef struct _SYSTEM_AUDIT_OBJECT_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD Flags;
+  GUID ObjectType;
+  GUID InheritedObjectType;
+  DWORD SidStart;
+} SYSTEM_AUDIT_OBJECT_ACE,*PSYSTEM_AUDIT_OBJECT_ACE;
+
+typedef struct _SYSTEM_ALARM_OBJECT_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD Flags;
+  GUID ObjectType;
+  GUID InheritedObjectType;
+  DWORD SidStart;
+} SYSTEM_ALARM_OBJECT_ACE,*PSYSTEM_ALARM_OBJECT_ACE;
+
+typedef struct _ACCESS_ALLOWED_CALLBACK_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD SidStart;
+} ACCESS_ALLOWED_CALLBACK_ACE, *PACCESS_ALLOWED_CALLBACK_ACE;
+
+typedef struct _ACCESS_DENIED_CALLBACK_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD SidStart;
+} ACCESS_DENIED_CALLBACK_ACE, *PACCESS_DENIED_CALLBACK_ACE;
+
+typedef struct _SYSTEM_AUDIT_CALLBACK_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD SidStart;
+} SYSTEM_AUDIT_CALLBACK_ACE, *PSYSTEM_AUDIT_CALLBACK_ACE;
+
+typedef struct _SYSTEM_ALARM_CALLBACK_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD SidStart;
+} SYSTEM_ALARM_CALLBACK_ACE, *PSYSTEM_ALARM_CALLBACK_ACE;
+
+typedef struct _ACCESS_ALLOWED_CALLBACK_OBJECT_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD Flags;
+  GUID ObjectType;
+  GUID InheritedObjectType;
+  DWORD SidStart;
+} ACCESS_ALLOWED_CALLBACK_OBJECT_ACE, *PACCESS_ALLOWED_CALLBACK_OBJECT_ACE;
+
+typedef struct _ACCESS_DENIED_CALLBACK_OBJECT_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD Flags;
+  GUID ObjectType;
+  GUID InheritedObjectType;
+  DWORD SidStart;
+} ACCESS_DENIED_CALLBACK_OBJECT_ACE, *PACCESS_DENIED_CALLBACK_OBJECT_ACE;
 
-typedef struct _SID_AND_ATTRIBUTES {
-  PSID Sid;
-  DWORD Attributes;
-} SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
-typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
-typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
+typedef struct _SYSTEM_AUDIT_CALLBACK_OBJECT_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD Flags;
+  GUID ObjectType;
+  GUID InheritedObjectType;
+  DWORD SidStart;
+} SYSTEM_AUDIT_CALLBACK_OBJECT_ACE, *PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE;
+
+typedef struct _SYSTEM_ALARM_CALLBACK_OBJECT_ACE {
+  ACE_HEADER Header;
+  ACCESS_MASK Mask;
+  DWORD Flags;
+  GUID ObjectType;
+  GUID InheritedObjectType;
+  DWORD SidStart;
+} SYSTEM_ALARM_CALLBACK_OBJECT_ACE, *PSYSTEM_ALARM_CALLBACK_OBJECT_ACE;
 
 typedef struct _TOKEN_SOURCE {
   CHAR SourceName[TOKEN_SOURCE_LENGTH];
@@ -2664,33 +2285,6 @@ typedef struct _TOKEN_USER {
   SID_AND_ATTRIBUTES User;
 } TOKEN_USER, *PTOKEN_USER;
 
-typedef DWORD SECURITY_INFORMATION,*PSECURITY_INFORMATION;
-typedef WORD SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL;
-
-#ifndef _SECURITY_ATTRIBUTES_
-#define _SECURITY_ATTRIBUTES_
-typedef struct _SECURITY_DESCRIPTOR {
-  BYTE Revision;
-  BYTE Sbz1;
-  SECURITY_DESCRIPTOR_CONTROL Control;
-  PSID Owner;
-  PSID Group;
-  PACL Sacl;
-  PACL Dacl;
-} SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
-typedef PVOID PSECURITY_DESCRIPTOR;
-#endif
-
-typedef struct _SECURITY_DESCRIPTOR_RELATIVE {
-  BYTE Revision;
-  BYTE Sbz1;
-  SECURITY_DESCRIPTOR_CONTROL Control;
-  DWORD Owner;
-  DWORD Group;
-  DWORD Sacl;
-  DWORD Dacl;
-} SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
-
 typedef enum _TOKEN_INFORMATION_CLASS {
   TokenUser = 1,
   TokenGroups,
@@ -2723,19 +2317,6 @@ typedef enum _TOKEN_INFORMATION_CLASS {
   MaxTokenInfoClass
 } TOKEN_INFORMATION_CLASS;
 
-typedef enum _SID_NAME_USE {
-  SidTypeUser=1,
-  SidTypeGroup,
-  SidTypeDomain,
-  SidTypeAlias,
-  SidTypeWellKnownGroup,
-  SidTypeDeletedAccount,
-  SidTypeInvalid,
-  SidTypeUnknown,
-  SidTypeComputer,
-  SidTypeLabel
-} SID_NAME_USE,*PSID_NAME_USE;
-
 typedef struct _QUOTA_LIMITS {
   SIZE_T PagedPoolLimit;
   SIZE_T NonPagedPoolLimit;
@@ -4342,14 +3923,6 @@ typedef struct _SYSTEM_POWER_INFORMATION {
 } SYSTEM_POWER_INFORMATION,*PSYSTEM_POWER_INFORMATION;
 #endif
 
-#if (_WIN32_WINNT >= 0x0500)
-#define _AUDIT_EVENT_TYPE_HACK 1
-typedef enum _AUDIT_EVENT_TYPE {
-  AuditEventObjectAccess,
-  AuditEventDirectoryServiceAccess
-} AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
-#endif
-
 #if (_WIN32_WINNT >= 0x0501)
 
 typedef enum _ACTIVATION_CONTEXT_INFO_CLASS {
@@ -4569,12 +4142,6 @@ RtlSecureZeroMemory(_Out_writes_bytes_all_(Length) PVOID Buffer,
     return Buffer;
 }
 
-typedef struct _OBJECT_TYPE_LIST {
-  WORD Level;
-  WORD Sbz;
-  GUID *ObjectType;
-} OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST;
-
 #if defined(_M_IX86)
 FORCEINLINE struct _TEB * NtCurrentTeb(void)
 {