From f1e3085aa84fd7c052f849fc1793e365eba574f3 Mon Sep 17 00:00:00 2001 From: Amine Khaldi Date: Sun, 7 Jun 2015 13:14:36 +0000 Subject: [PATCH] [XDK][PSDK][DDK] Share more Se types between winnt and ntddk/ntifs/wdm. Also add missing and improve some existing types and definitions in winnt to match the others. svn path=/trunk/; revision=68061 --- reactos/include/ddk/ntddk.h | 2 + reactos/include/ddk/ntifs.h | 274 +++--- reactos/include/ddk/wdm.h | 78 +- reactos/include/psdk/winnt.h | 1483 +++++++++++++++++-------------- reactos/include/xdk/setypes.h | 446 +++++----- reactos/include/xdk/winnt_old.h | 629 ++----------- 6 files changed, 1324 insertions(+), 1588 deletions(-) diff --git a/reactos/include/ddk/ntddk.h b/reactos/include/ddk/ntddk.h index 1632f886ac2..1e7a48c6e17 100644 --- a/reactos/include/ddk/ntddk.h +++ b/reactos/include/ddk/ntddk.h @@ -2903,6 +2903,7 @@ typedef struct _RTL_DYNAMIC_HASH_TABLE { ******************************************************************************/ #define SE_UNSOLICITED_INPUT_PRIVILEGE 6 + typedef enum _WELL_KNOWN_SID_TYPE { WinNullSid = 0, WinWorldSid = 1, @@ -2989,6 +2990,7 @@ typedef enum _WELL_KNOWN_SID_TYPE { WinThisOrganizationCertificateSid = 82, } WELL_KNOWN_SID_TYPE; + #if defined(_M_IX86) #define PAUSE_PROCESSOR YieldProcessor(); diff --git a/reactos/include/ddk/ntifs.h b/reactos/include/ddk/ntifs.h index a41205f2be7..3de6e03c382 100644 --- a/reactos/include/ddk/ntifs.h +++ b/reactos/include/ddk/ntifs.h @@ -86,7 +86,6 @@ typedef struct _SID { } SID, *PISID; #endif - #define SID_REVISION 1 #define SID_MAX_SUB_AUTHORITIES 15 #define SID_RECOMMENDED_SUB_AUTHORITIES 1 @@ -131,89 +130,99 @@ typedef struct _SID_AND_ATTRIBUTES_HASH { /* Universal well-known SIDs */ #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0} + +/* S-1-1 */ #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1} + +/* S-1-2 */ #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2} + +/* S-1-3 */ #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3} + +/* S-1-4 */ #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4} + #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9} -#define SECURITY_NULL_RID (0x00000000L) -#define SECURITY_WORLD_RID (0x00000000L) -#define SECURITY_LOCAL_RID (0x00000000L) -#define SECURITY_LOCAL_LOGON_RID (0x00000001L) +#define SECURITY_NULL_RID (0x00000000L) +#define SECURITY_WORLD_RID (0x00000000L) +#define SECURITY_LOCAL_RID (0x00000000L) +#define SECURITY_LOCAL_LOGON_RID (0x00000001L) -#define SECURITY_CREATOR_OWNER_RID (0x00000000L) -#define SECURITY_CREATOR_GROUP_RID (0x00000001L) -#define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L) -#define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L) -#define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L) +#define SECURITY_CREATOR_OWNER_RID (0x00000000L) +#define SECURITY_CREATOR_GROUP_RID (0x00000001L) +#define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L) +#define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L) +#define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L) /* NT well-known SIDs */ -#define SECURITY_NT_AUTHORITY {0,0,0,0,0,5} - -#define SECURITY_DIALUP_RID (0x00000001L) -#define SECURITY_NETWORK_RID (0x00000002L) -#define SECURITY_BATCH_RID (0x00000003L) -#define SECURITY_INTERACTIVE_RID (0x00000004L) -#define SECURITY_LOGON_IDS_RID (0x00000005L) -#define SECURITY_LOGON_IDS_RID_COUNT (3L) -#define SECURITY_SERVICE_RID (0x00000006L) -#define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L) -#define SECURITY_PROXY_RID (0x00000008L) -#define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L) -#define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID -#define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL) -#define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL) -#define SECURITY_RESTRICTED_CODE_RID (0x0000000CL) -#define SECURITY_TERMINAL_SERVER_RID (0x0000000DL) -#define SECURITY_REMOTE_LOGON_RID (0x0000000EL) -#define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL) -#define SECURITY_IUSER_RID (0x00000011L) -#define SECURITY_LOCAL_SYSTEM_RID (0x00000012L) -#define SECURITY_LOCAL_SERVICE_RID (0x00000013L) -#define SECURITY_NETWORK_SERVICE_RID (0x00000014L) -#define SECURITY_NT_NON_UNIQUE (0x00000015L) -#define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L) +/* S-1-5 */ +#define SECURITY_NT_AUTHORITY {0,0,0,0,0,5} + +#define SECURITY_DIALUP_RID (0x00000001L) +#define SECURITY_NETWORK_RID (0x00000002L) +#define SECURITY_BATCH_RID (0x00000003L) +#define SECURITY_INTERACTIVE_RID (0x00000004L) +#define SECURITY_LOGON_IDS_RID (0x00000005L) +#define SECURITY_LOGON_IDS_RID_COUNT (3L) +#define SECURITY_SERVICE_RID (0x00000006L) +#define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L) +#define SECURITY_PROXY_RID (0x00000008L) +#define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L) +#define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID +#define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL) +#define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL) +#define SECURITY_RESTRICTED_CODE_RID (0x0000000CL) +#define SECURITY_TERMINAL_SERVER_RID (0x0000000DL) +#define SECURITY_REMOTE_LOGON_RID (0x0000000EL) +#define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL) +#define SECURITY_IUSER_RID (0x00000011L) +#define SECURITY_LOCAL_SYSTEM_RID (0x00000012L) +#define SECURITY_LOCAL_SERVICE_RID (0x00000013L) +#define SECURITY_NETWORK_SERVICE_RID (0x00000014L) +#define SECURITY_NT_NON_UNIQUE (0x00000015L) +#define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L) #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L) -#define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L) +#define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L) #define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L) -#define SECURITY_PACKAGE_BASE_RID (0x00000040L) -#define SECURITY_PACKAGE_RID_COUNT (2L) -#define SECURITY_PACKAGE_NTLM_RID (0x0000000AL) -#define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL) -#define SECURITY_PACKAGE_DIGEST_RID (0x00000015L) - -#define SECURITY_CRED_TYPE_BASE_RID (0x00000041L) -#define SECURITY_CRED_TYPE_RID_COUNT (2L) -#define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L) - -#define SECURITY_MIN_BASE_RID (0x00000050L) -#define SECURITY_SERVICE_ID_BASE_RID (0x00000050L) -#define SECURITY_SERVICE_ID_RID_COUNT (6L) -#define SECURITY_RESERVED_ID_BASE_RID (0x00000051L) -#define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L) -#define SECURITY_APPPOOL_ID_RID_COUNT (6L) -#define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L) -#define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L) -#define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L) -#define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L) +#define SECURITY_PACKAGE_BASE_RID (0x00000040L) +#define SECURITY_PACKAGE_RID_COUNT (2L) +#define SECURITY_PACKAGE_NTLM_RID (0x0000000AL) +#define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL) +#define SECURITY_PACKAGE_DIGEST_RID (0x00000015L) + +#define SECURITY_CRED_TYPE_BASE_RID (0x00000041L) +#define SECURITY_CRED_TYPE_RID_COUNT (2L) +#define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L) + +#define SECURITY_MIN_BASE_RID (0x00000050L) +#define SECURITY_SERVICE_ID_BASE_RID (0x00000050L) +#define SECURITY_SERVICE_ID_RID_COUNT (6L) +#define SECURITY_RESERVED_ID_BASE_RID (0x00000051L) +#define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L) +#define SECURITY_APPPOOL_ID_RID_COUNT (6L) +#define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L) +#define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L) +#define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L) +#define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L) #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID (0x00000055L) #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L) -#define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L) -#define SECURITY_WMIHOST_ID_RID_COUNT (6L) -#define SECURITY_TASK_ID_BASE_RID (0x00000057L) -#define SECURITY_NFS_ID_BASE_RID (0x00000058L) -#define SECURITY_COM_ID_BASE_RID (0x00000059L) -#define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L) +#define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L) +#define SECURITY_WMIHOST_ID_RID_COUNT (6L) +#define SECURITY_TASK_ID_BASE_RID (0x00000057L) +#define SECURITY_NFS_ID_BASE_RID (0x00000058L) +#define SECURITY_COM_ID_BASE_RID (0x00000059L) +#define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L) -#define SECURITY_MAX_BASE_RID (0x0000006FL) +#define SECURITY_MAX_BASE_RID (0x0000006FL) -#define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L) -#define SECURITY_MIN_NEVER_FILTERED (0x000003E8L) +#define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L) +#define SECURITY_MIN_NEVER_FILTERED (0x000003E8L) #define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L) @@ -223,15 +232,15 @@ typedef struct _SID_AND_ATTRIBUTES_HASH { #define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L) -#define FOREST_USER_RID_MAX (0x000001F3L) +#define FOREST_USER_RID_MAX (0x000001F3L) /* Well-known users */ -#define DOMAIN_USER_RID_ADMIN (0x000001F4L) -#define DOMAIN_USER_RID_GUEST (0x000001F5L) -#define DOMAIN_USER_RID_KRBTGT (0x000001F6L) +#define DOMAIN_USER_RID_ADMIN (0x000001F4L) +#define DOMAIN_USER_RID_GUEST (0x000001F5L) +#define DOMAIN_USER_RID_KRBTGT (0x000001F6L) -#define DOMAIN_USER_RID_MAX (0x000003E7L) +#define DOMAIN_USER_RID_MAX (0x000003E7L) /* Well-known groups */ @@ -248,15 +257,15 @@ typedef struct _SID_AND_ATTRIBUTES_HASH { /* Well-known aliases */ -#define DOMAIN_ALIAS_RID_ADMINS (0x00000220L) -#define DOMAIN_ALIAS_RID_USERS (0x00000221L) -#define DOMAIN_ALIAS_RID_GUESTS (0x00000222L) -#define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L) +#define DOMAIN_ALIAS_RID_ADMINS (0x00000220L) +#define DOMAIN_ALIAS_RID_USERS (0x00000221L) +#define DOMAIN_ALIAS_RID_GUESTS (0x00000222L) +#define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L) -#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L) -#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L) -#define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L) -#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L) +#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L) +#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L) +#define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L) +#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L) #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L) #define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L) @@ -265,11 +274,12 @@ typedef struct _SID_AND_ATTRIBUTES_HASH { #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL) #define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL) -#define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL) -#define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL) -#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L) -#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L) -#define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L) +#define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL) +#define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL) +#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L) +#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L) +#define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L) + #define DOMAIN_ALIAS_RID_IUSERS (0x00000238L) #define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L) #define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL) @@ -277,29 +287,29 @@ typedef struct _SID_AND_ATTRIBUTES_HASH { #define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL) #define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL) -#define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16} -#define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L) -#define SECURITY_MANDATORY_LOW_RID (0x00001000L) -#define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L) -#define SECURITY_MANDATORY_HIGH_RID (0x00003000L) -#define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L) -#define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L) +#define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16} +#define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L) +#define SECURITY_MANDATORY_LOW_RID (0x00001000L) +#define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L) +#define SECURITY_MANDATORY_HIGH_RID (0x00003000L) +#define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L) +#define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L) /* SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that can be set by a usermode caller.*/ -#define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID +#define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID #define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000) /* Allocate the System Luid. The first 1000 LUIDs are reserved. Use #999 here (0x3e7 = 999) */ -#define SYSTEM_LUID {0x3e7, 0x0} -#define ANONYMOUS_LOGON_LUID {0x3e6, 0x0} -#define LOCALSERVICE_LUID {0x3e5, 0x0} -#define NETWORKSERVICE_LUID {0x3e4, 0x0} -#define IUSER_LUID {0x3e3, 0x0} +#define SYSTEM_LUID {0x3e7, 0x0} +#define ANONYMOUS_LOGON_LUID {0x3e6, 0x0} +#define LOCALSERVICE_LUID {0x3e5, 0x0} +#define NETWORKSERVICE_LUID {0x3e4, 0x0} +#define IUSER_LUID {0x3e3, 0x0} typedef struct _ACE_HEADER { UCHAR AceType; @@ -307,7 +317,6 @@ typedef struct _ACE_HEADER { USHORT AceSize; } ACE_HEADER, *PACE_HEADER; -/* also in winnt.h */ #define ACCESS_MIN_MS_ACE_TYPE (0x0) #define ACCESS_ALLOWED_ACE_TYPE (0x0) #define ACCESS_DENIED_ACE_TYPE (0x1) @@ -338,15 +347,15 @@ typedef struct _ACE_HEADER { /* The following are the inherit flags that go into the AceFlags field of an Ace header. */ -#define OBJECT_INHERIT_ACE (0x1) -#define CONTAINER_INHERIT_ACE (0x2) -#define NO_PROPAGATE_INHERIT_ACE (0x4) -#define INHERIT_ONLY_ACE (0x8) -#define INHERITED_ACE (0x10) -#define VALID_INHERIT_FLAGS (0x1F) +#define OBJECT_INHERIT_ACE (0x1) +#define CONTAINER_INHERIT_ACE (0x2) +#define NO_PROPAGATE_INHERIT_ACE (0x4) +#define INHERIT_ONLY_ACE (0x8) +#define INHERITED_ACE (0x10) +#define VALID_INHERIT_FLAGS (0x1F) -#define SUCCESSFUL_ACCESS_ACE_FLAG (0x40) -#define FAILED_ACCESS_ACE_FLAG (0x80) +#define SUCCESSFUL_ACCESS_ACE_FLAG (0x40) +#define FAILED_ACCESS_ACE_FLAG (0x80) typedef struct _ACCESS_ALLOWED_ACE { ACE_HEADER Header; @@ -378,33 +387,33 @@ typedef struct _SYSTEM_MANDATORY_LABEL_ACE { ULONG SidStart; } SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE; -#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1 -#define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2 -#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4 -#define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \ - SYSTEM_MANDATORY_LABEL_NO_READ_UP | \ - SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP) - -#define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR)) - -typedef USHORT SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL; - -#define SE_OWNER_DEFAULTED 0x0001 -#define SE_GROUP_DEFAULTED 0x0002 -#define SE_DACL_PRESENT 0x0004 -#define SE_DACL_DEFAULTED 0x0008 -#define SE_SACL_PRESENT 0x0010 -#define SE_SACL_DEFAULTED 0x0020 -#define SE_DACL_UNTRUSTED 0x0040 -#define SE_SERVER_SECURITY 0x0080 -#define SE_DACL_AUTO_INHERIT_REQ 0x0100 -#define SE_SACL_AUTO_INHERIT_REQ 0x0200 -#define SE_DACL_AUTO_INHERITED 0x0400 -#define SE_SACL_AUTO_INHERITED 0x0800 -#define SE_DACL_PROTECTED 0x1000 -#define SE_SACL_PROTECTED 0x2000 -#define SE_RM_CONTROL_VALID 0x4000 -#define SE_SELF_RELATIVE 0x8000 +#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1 +#define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2 +#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4 +#define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \ + SYSTEM_MANDATORY_LABEL_NO_READ_UP | \ + SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP) + +#define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR)) + +typedef USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL; + +#define SE_OWNER_DEFAULTED 0x0001 +#define SE_GROUP_DEFAULTED 0x0002 +#define SE_DACL_PRESENT 0x0004 +#define SE_DACL_DEFAULTED 0x0008 +#define SE_SACL_PRESENT 0x0010 +#define SE_SACL_DEFAULTED 0x0020 +#define SE_DACL_UNTRUSTED 0x0040 +#define SE_SERVER_SECURITY 0x0080 +#define SE_DACL_AUTO_INHERIT_REQ 0x0100 +#define SE_SACL_AUTO_INHERIT_REQ 0x0200 +#define SE_DACL_AUTO_INHERITED 0x0400 +#define SE_SACL_AUTO_INHERITED 0x0800 +#define SE_DACL_PROTECTED 0x1000 +#define SE_SACL_PROTECTED 0x2000 +#define SE_RM_CONTROL_VALID 0x4000 +#define SE_SELF_RELATIVE 0x8000 typedef struct _SECURITY_DESCRIPTOR_RELATIVE { UCHAR Revision; @@ -484,6 +493,7 @@ typedef struct _SE_SECURITY_DESCRIPTOR { PSECURITY_DESCRIPTOR SecurityDescriptor; } SE_SECURITY_DESCRIPTOR, *PSE_SECURITY_DESCRIPTOR; + typedef struct _SE_ACCESS_REQUEST { ULONG Size; PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor; diff --git a/reactos/include/ddk/wdm.h b/reactos/include/ddk/wdm.h index 01a320e8a8c..5b938b8e48a 100644 --- a/reactos/include/ddk/wdm.h +++ b/reactos/include/ddk/wdm.h @@ -2516,28 +2516,26 @@ typedef PVOID PSECURITY_DESCRIPTOR; typedef ULONG SECURITY_INFORMATION, *PSECURITY_INFORMATION; typedef ULONG ACCESS_MASK, *PACCESS_MASK; - typedef PVOID PACCESS_TOKEN; typedef PVOID PSID; - -#define DELETE 0x00010000L -#define READ_CONTROL 0x00020000L -#define WRITE_DAC 0x00040000L -#define WRITE_OWNER 0x00080000L -#define SYNCHRONIZE 0x00100000L -#define STANDARD_RIGHTS_REQUIRED 0x000F0000L -#define STANDARD_RIGHTS_READ READ_CONTROL -#define STANDARD_RIGHTS_WRITE READ_CONTROL -#define STANDARD_RIGHTS_EXECUTE READ_CONTROL -#define STANDARD_RIGHTS_ALL 0x001F0000L -#define SPECIFIC_RIGHTS_ALL 0x0000FFFFL -#define ACCESS_SYSTEM_SECURITY 0x01000000L -#define MAXIMUM_ALLOWED 0x02000000L -#define GENERIC_READ 0x80000000L -#define GENERIC_WRITE 0x40000000L -#define GENERIC_EXECUTE 0x20000000L -#define GENERIC_ALL 0x10000000L +#define DELETE 0x00010000L +#define READ_CONTROL 0x00020000L +#define WRITE_DAC 0x00040000L +#define WRITE_OWNER 0x00080000L +#define SYNCHRONIZE 0x00100000L +#define STANDARD_RIGHTS_REQUIRED 0x000F0000L +#define STANDARD_RIGHTS_READ READ_CONTROL +#define STANDARD_RIGHTS_WRITE READ_CONTROL +#define STANDARD_RIGHTS_EXECUTE READ_CONTROL +#define STANDARD_RIGHTS_ALL 0x001F0000L +#define SPECIFIC_RIGHTS_ALL 0x0000FFFFL +#define ACCESS_SYSTEM_SECURITY 0x01000000L +#define MAXIMUM_ALLOWED 0x02000000L +#define GENERIC_READ 0x80000000L +#define GENERIC_WRITE 0x40000000L +#define GENERIC_EXECUTE 0x20000000L +#define GENERIC_ALL 0x10000000L typedef struct _GENERIC_MAPPING { ACCESS_MASK GenericRead; @@ -2546,15 +2544,15 @@ typedef struct _GENERIC_MAPPING { ACCESS_MASK GenericAll; } GENERIC_MAPPING, *PGENERIC_MAPPING; -#define ACL_REVISION 2 -#define ACL_REVISION_DS 4 +#define ACL_REVISION 2 +#define ACL_REVISION_DS 4 -#define ACL_REVISION1 1 -#define ACL_REVISION2 2 -#define ACL_REVISION3 3 -#define ACL_REVISION4 4 -#define MIN_ACL_REVISION ACL_REVISION2 -#define MAX_ACL_REVISION ACL_REVISION4 +#define ACL_REVISION1 1 +#define ACL_REVISION2 2 +#define ACL_REVISION3 3 +#define ACL_REVISION4 4 +#define MIN_ACL_REVISION ACL_REVISION2 +#define MAX_ACL_REVISION ACL_REVISION4 typedef struct _ACL { UCHAR AclRevision; @@ -2596,8 +2594,7 @@ typedef struct _PRIVILEGE_SET { ULONG PrivilegeCount; ULONG Control; LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]; -} PRIVILEGE_SET,*PPRIVILEGE_SET; - +} PRIVILEGE_SET, *PPRIVILEGE_SET; typedef enum _SECURITY_IMPERSONATION_LEVEL { SecurityAnonymous, @@ -2606,16 +2603,14 @@ typedef enum _SECURITY_IMPERSONATION_LEVEL { SecurityDelegation } SECURITY_IMPERSONATION_LEVEL, * PSECURITY_IMPERSONATION_LEVEL; - #define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation #define SECURITY_MIN_IMPERSONATION_LEVEL SecurityAnonymous -#define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation +#define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation #define VALID_IMPERSONATION_LEVEL(Level) (((Level) >= SECURITY_MIN_IMPERSONATION_LEVEL) && ((Level) <= SECURITY_MAX_IMPERSONATION_LEVEL)) #define SECURITY_DYNAMIC_TRACKING (TRUE) #define SECURITY_STATIC_TRACKING (FALSE) - typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE, *PSECURITY_CONTEXT_TRACKING_MODE; typedef struct _SECURITY_QUALITY_OF_SERVICE { @@ -2633,16 +2628,17 @@ typedef struct _SE_IMPERSONATION_STATE { } SE_IMPERSONATION_STATE, *PSE_IMPERSONATION_STATE; -#define OWNER_SECURITY_INFORMATION (0x00000001L) -#define GROUP_SECURITY_INFORMATION (0x00000002L) -#define DACL_SECURITY_INFORMATION (0x00000004L) -#define SACL_SECURITY_INFORMATION (0x00000008L) -#define LABEL_SECURITY_INFORMATION (0x00000010L) +#define OWNER_SECURITY_INFORMATION (0x00000001L) +#define GROUP_SECURITY_INFORMATION (0x00000002L) +#define DACL_SECURITY_INFORMATION (0x00000004L) +#define SACL_SECURITY_INFORMATION (0x00000008L) +#define LABEL_SECURITY_INFORMATION (0x00000010L) + +#define PROTECTED_DACL_SECURITY_INFORMATION (0x80000000L) +#define PROTECTED_SACL_SECURITY_INFORMATION (0x40000000L) +#define UNPROTECTED_DACL_SECURITY_INFORMATION (0x20000000L) +#define UNPROTECTED_SACL_SECURITY_INFORMATION (0x10000000L) -#define PROTECTED_DACL_SECURITY_INFORMATION (0x80000000L) -#define PROTECTED_SACL_SECURITY_INFORMATION (0x40000000L) -#define UNPROTECTED_DACL_SECURITY_INFORMATION (0x20000000L) -#define UNPROTECTED_SACL_SECURITY_INFORMATION (0x10000000L) typedef enum _SECURITY_OPERATION_CODE { SetSecurityDescriptor, diff --git a/reactos/include/psdk/winnt.h b/reactos/include/psdk/winnt.h index 8817a211175..afacd3dfbe1 100644 --- a/reactos/include/psdk/winnt.h +++ b/reactos/include/psdk/winnt.h @@ -2013,26 +2013,6 @@ _InterlockedBitTestAndComplement64( #define SYSTEM_AUDIT_ACE_TYPE (0x2) #define SYSTEM_ALARM_ACE_TYPE (0x3) /*end ntifs.h */ -#define OBJECT_INHERIT_ACE 1 -#define CONTAINER_INHERIT_ACE 2 -#define NO_PROPAGATE_INHERIT_ACE 4 -#define INHERIT_ONLY_ACE 8 -#define INHERITED_ACE 16 -#define VALID_INHERIT_FLAGS 0x1F -#define SUCCESSFUL_ACCESS_ACE_FLAG 64 -#define FAILED_ACCESS_ACE_FLAG 128 -#define DELETE 0x00010000L -#define READ_CONTROL 0x20000L -#define WRITE_DAC 0x40000L -#define WRITE_OWNER 0x80000L -#define SYNCHRONIZE 0x100000L -#define STANDARD_RIGHTS_REQUIRED 0xF0000 -#define STANDARD_RIGHTS_READ 0x20000 -#define STANDARD_RIGHTS_WRITE 0x20000 -#define STANDARD_RIGHTS_EXECUTE 0x20000 -#define STANDARD_RIGHTS_ALL 0x1F0000 -#define SPECIFIC_RIGHTS_ALL 0xFFFF -#define ACCESS_SYSTEM_SECURITY 0x1000000 #define REG_STANDARD_FORMAT 1 #define REG_LATEST_FORMAT 2 @@ -2087,12 +2067,6 @@ _InterlockedBitTestAndComplement64( #endif /* WIN32_NO_STATUS */ -#define MAXIMUM_ALLOWED 0x2000000 -#define GENERIC_READ 0x80000000 -#define GENERIC_WRITE 0x40000000 -#define GENERIC_EXECUTE 0x20000000 -#define GENERIC_ALL 0x10000000 - #define INVALID_FILE_ATTRIBUTES ((DWORD)-1) /* Also in ddk/winddk.h */ @@ -2270,204 +2244,6 @@ _InterlockedBitTestAndComplement64( #define PROCESS_SET_LIMITED_INFORMATION 0x2000 #define THREAD_RESUME 0x1000 -/* - * To prevent gcc compiler warnings, bracket these defines when initialising - * a SID_IDENTIFIER_AUTHORITY, eg. - * SID_IDENTIFIER_AUTHORITY aNullSidAuthority = {SECURITY_NULL_SID_AUTHORITY}; - */ -#define SID_MAX_SUB_AUTHORITIES 15 - -/* security entities */ -#define SECURITY_NULL_RID (0x00000000L) -#define SECURITY_WORLD_RID (0x00000000L) -#define SECURITY_LOCAL_RID (0X00000000L) - -#define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0} - -/* S-1-1 */ -#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1} - -/* S-1-2 */ -#define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2} - -/* S-1-3 */ -#define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3} -#define SECURITY_CREATOR_OWNER_RID (0x00000000L) -#define SECURITY_CREATOR_GROUP_RID (0x00000001L) -#define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L) -#define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L) - -/* S-1-4 */ -#define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4} - -/* S-1-5 */ -#define SECURITY_NT_AUTHORITY {0,0,0,0,0,5} -#define SECURITY_DIALUP_RID 0x00000001L -#define SECURITY_NETWORK_RID 0x00000002L -#define SECURITY_BATCH_RID 0x00000003L -#define SECURITY_INTERACTIVE_RID 0x00000004L -#define SECURITY_LOGON_IDS_RID 0x00000005L -#define SECURITY_SERVICE_RID 0x00000006L -#define SECURITY_ANONYMOUS_LOGON_RID 0x00000007L -#define SECURITY_PROXY_RID 0x00000008L -#define SECURITY_ENTERPRISE_CONTROLLERS_RID 0x00000009L -#define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID -#define SECURITY_PRINCIPAL_SELF_RID 0x0000000AL -#define SECURITY_AUTHENTICATED_USER_RID 0x0000000BL -#define SECURITY_RESTRICTED_CODE_RID 0x0000000CL -#define SECURITY_TERMINAL_SERVER_RID 0x0000000DL -#define SECURITY_REMOTE_LOGON_RID 0x0000000EL -#define SECURITY_THIS_ORGANIZATION_RID 0x0000000FL -#define SECURITY_LOCAL_SYSTEM_RID 0x00000012L -#define SECURITY_LOCAL_SERVICE_RID 0x00000013L -#define SECURITY_NETWORK_SERVICE_RID 0x00000014L -#define SECURITY_NT_NON_UNIQUE 0x00000015L -#define SECURITY_BUILTIN_DOMAIN_RID 0x00000020L - -#define SECURITY_PACKAGE_BASE_RID 0x00000040L -#define SECURITY_PACKAGE_NTLM_RID 0x0000000AL -#define SECURITY_PACKAGE_SCHANNEL_RID 0x0000000EL -#define SECURITY_PACKAGE_DIGEST_RID 0x00000015L -#define SECURITY_OTHER_ORGANIZATION_RID 0x000003E8L - -#define SECURITY_LOGON_IDS_RID_COUNT 0x3 -#define SID_REVISION 1 - -#define FOREST_USER_RID_MAX 0x000001F3L -#define DOMAIN_USER_RID_ADMIN 0x000001F4L -#define DOMAIN_USER_RID_GUEST 0x000001F5L -#define DOMAIN_USER_RID_KRBTGT 0x000001F6L -#define DOMAIN_USER_RID_MAX 0x000003E7L - -#define DOMAIN_GROUP_RID_ADMINS 0x00000200L -#define DOMAIN_GROUP_RID_USERS 0x00000201L -#define DOMAIN_GROUP_RID_GUESTS 0x00000202L -#define DOMAIN_GROUP_RID_COMPUTERS 0x00000203L -#define DOMAIN_GROUP_RID_CONTROLLERS 0x00000204L -#define DOMAIN_GROUP_RID_CERT_ADMINS 0x00000205L -#define DOMAIN_GROUP_RID_SCHEMA_ADMINS 0x00000206L -#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS 0x00000207L -#define DOMAIN_GROUP_RID_POLICY_ADMINS 0x00000208L - -#define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16} -#define SECURITY_MANDATORY_UNTRUSTED_RID 0x00000000L -#define SECURITY_MANDATORY_LOW_RID 0x00001000L -#define SECURITY_MANDATORY_MEDIUM_RID 0x00002000L -#define SECURITY_MANDATORY_HIGH_RID 0x00003000L -#define SECURITY_MANDATORY_SYSTEM_RID 0x00004000L -#define SECURITY_MANDATORY_PROTECTED_PROCESS_RID 0x00005000L - -#define DOMAIN_ALIAS_RID_ADMINS 0x00000220L -#define DOMAIN_ALIAS_RID_USERS 0x00000221L -#define DOMAIN_ALIAS_RID_GUESTS 0x00000222L -#define DOMAIN_ALIAS_RID_POWER_USERS 0x00000223L - -#define DOMAIN_ALIAS_RID_ACCOUNT_OPS 0x00000224L -#define DOMAIN_ALIAS_RID_SYSTEM_OPS 0x00000225L -#define DOMAIN_ALIAS_RID_PRINT_OPS 0x00000226L -#define DOMAIN_ALIAS_RID_BACKUP_OPS 0x00000227L - -#define DOMAIN_ALIAS_RID_REPLICATOR 0x00000228L -#define DOMAIN_ALIAS_RID_RAS_SERVERS 0x00000229L -#define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS 0x0000022AL -#define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS 0x0000022BL -#define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS 0x0000022CL -#define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS 0x0000022DL - -#define DOMAIN_ALIAS_RID_MONITORING_USERS 0x0000022EL -#define DOMAIN_ALIAS_RID_LOGGING_USERS 0x0000022FL -#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS 0x00000230L -#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS 0x00000231L -#define DOMAIN_ALIAS_RID_DCOM_USERS 0x00000232L - -#define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16} - -typedef enum { - WinNullSid = 0, - WinWorldSid = 1, - WinLocalSid = 2, - WinCreatorOwnerSid = 3, - WinCreatorGroupSid = 4, - WinCreatorOwnerServerSid = 5, - WinCreatorGroupServerSid = 6, - WinNtAuthoritySid = 7, - WinDialupSid = 8, - WinNetworkSid = 9, - WinBatchSid = 10, - WinInteractiveSid = 11, - WinServiceSid = 12, - WinAnonymousSid = 13, - WinProxySid = 14, - WinEnterpriseControllersSid = 15, - WinSelfSid = 16, - WinAuthenticatedUserSid = 17, - WinRestrictedCodeSid = 18, - WinTerminalServerSid = 19, - WinRemoteLogonIdSid = 20, - WinLogonIdsSid = 21, - WinLocalSystemSid = 22, - WinLocalServiceSid = 23, - WinNetworkServiceSid = 24, - WinBuiltinDomainSid = 25, - WinBuiltinAdministratorsSid = 26, - WinBuiltinUsersSid = 27, - WinBuiltinGuestsSid = 28, - WinBuiltinPowerUsersSid = 29, - WinBuiltinAccountOperatorsSid = 30, - WinBuiltinSystemOperatorsSid = 31, - WinBuiltinPrintOperatorsSid = 32, - WinBuiltinBackupOperatorsSid = 33, - WinBuiltinReplicatorSid = 34, - WinBuiltinPreWindows2000CompatibleAccessSid = 35, - WinBuiltinRemoteDesktopUsersSid = 36, - WinBuiltinNetworkConfigurationOperatorsSid = 37, - WinAccountAdministratorSid = 38, - WinAccountGuestSid = 39, - WinAccountKrbtgtSid = 40, - WinAccountDomainAdminsSid = 41, - WinAccountDomainUsersSid = 42, - WinAccountDomainGuestsSid = 43, - WinAccountComputersSid = 44, - WinAccountControllersSid = 45, - WinAccountCertAdminsSid = 46, - WinAccountSchemaAdminsSid = 47, - WinAccountEnterpriseAdminsSid = 48, - WinAccountPolicyAdminsSid = 49, - WinAccountRasAndIasServersSid = 50, - WinNTLMAuthenticationSid = 51, - WinDigestAuthenticationSid = 52, - WinSChannelAuthenticationSid = 53, - WinThisOrganizationSid = 54, - WinOtherOrganizationSid = 55, - WinBuiltinIncomingForestTrustBuildersSid = 56, - WinBuiltinPerfMonitoringUsersSid = 57, - WinBuiltinPerfLoggingUsersSid = 58, - WinBuiltinAuthorizationAccessSid = 59, - WinBuiltinTerminalServerLicenseServersSid = 60, - WinBuiltinDCOMUsersSid = 61, - WinBuiltinIUsersSid = 62, - WinIUserSid = 63, - WinBuiltinCryptoOperatorsSid = 64, - WinUntrustedLabelSid = 65, - WinLowLabelSid = 66, - WinMediumLabelSid = 67, - WinHighLabelSid = 68, - WinSystemLabelSid = 69, - WinWriteRestrictedCodeSid = 70, - WinCreatorOwnerRightsSid = 71, - WinCacheablePrincipalsGroupSid = 72, - WinNonCacheablePrincipalsGroupSid = 73, - WinEnterpriseReadonlyControllersSid = 74, - WinAccountReadonlyControllersSid = 75, - WinBuiltinEventLogReadersGroup = 76, - WinNewEnterpriseReadonlyControllersSid = 77, - WinBuiltinCertSvcDComAccessGroup = 78, - WinMediumPlusLabelSid = 79, - WinLocalLogonSid = 80, - WinConsoleLogonSid = 81, - WinThisOrganizationCertificateSid = 82, -} WELL_KNOWN_SID_TYPE; - #define SE_CREATE_TOKEN_NAME TEXT("SeCreateTokenPrivilege") #define SE_ASSIGNPRIMARYTOKEN_NAME TEXT("SeAssignPrimaryTokenPrivilege") #define SE_LOCK_MEMORY_NAME TEXT("SeLockMemoryPrivilege") @@ -2525,14 +2301,6 @@ typedef enum { #define LANG_MANX_GAELIC 0x94 #define SUBLANG_PORTUGUESE_PORTUGAL 0x02 -#define ACL_REVISION 2 -#define ACL_REVISION_DS 4 -#define ACL_REVISION1 1 -#define ACL_REVISION2 2 -#define ACL_REVISION3 3 -#define ACL_REVISION4 4 -#define MIN_ACL_REVISION 2 -#define MAX_ACL_REVISION 4 #define PROCESSOR_INTEL_386 386 #define PROCESSOR_INTEL_486 486 #define PROCESSOR_INTEL_PENTIUM 586 @@ -2658,14 +2426,6 @@ typedef enum { #define REG_OPTION_BACKUP_RESTORE 4 #define REG_OPTION_OPEN_LINK 8 #define REG_LEGAL_OPTION 15 -#define OWNER_SECURITY_INFORMATION 1 -#define GROUP_SECURITY_INFORMATION 2 -#define DACL_SECURITY_INFORMATION 4 -#define SACL_SECURITY_INFORMATION 8 -#define PROTECTED_DACL_SECURITY_INFORMATION 0x80000000 -#define PROTECTED_SACL_SECURITY_INFORMATION 0x40000000 -#define UNPROTECTED_DACL_SECURITY_INFORMATION 0x20000000 -#define UNPROTECTED_SACL_SECURITY_INFORMATION 0x10000000 #define MAXIMUM_PROCESSORS 32 #define PAGE_NOACCESS 0x0001 #define PAGE_READONLY 0x0002 @@ -3071,33 +2831,7 @@ typedef enum { #define SERVICE_ERROR_NORMAL 1 #define SERVICE_ERROR_SEVERE 2 #define SERVICE_ERROR_CRITICAL 3 -#define SE_OWNER_DEFAULTED 0x0001 -#define SE_GROUP_DEFAULTED 0x0002 -#define SE_DACL_PRESENT 0x0004 -#define SE_DACL_DEFAULTED 0x0008 -#define SE_SACL_PRESENT 0x0010 -#define SE_SACL_DEFAULTED 0x0020 -#define SE_DACL_UNTRUSTED 0x0040 -#define SE_SERVER_SECURITY 0x0080 -#define SE_DACL_AUTO_INHERIT_REQ 0x0100 -#define SE_SACL_AUTO_INHERIT_REQ 0x0200 -#define SE_DACL_AUTO_INHERITED 0x0400 -#define SE_SACL_AUTO_INHERITED 0x0800 -#define SE_DACL_PROTECTED 0x1000 -#define SE_SACL_PROTECTED 0x2000 -#define SE_RM_CONTROL_VALID 0x4000 -#define SE_SELF_RELATIVE 0x8000 -#define SECURITY_DESCRIPTOR_MIN_LENGTH 20 -#define SECURITY_DESCRIPTOR_REVISION 1 -#define SECURITY_DESCRIPTOR_REVISION1 1 -#define SE_PRIVILEGE_ENABLED_BY_DEFAULT 1 -#define SE_PRIVILEGE_ENABLED 2 -#define SE_PRIVILEGE_USED_FOR_ACCESS 0x80000000 -#define PRIVILEGE_SET_ALL_NECESSARY 1 -#define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation -#define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation -#define SECURITY_DYNAMIC_TRACKING TRUE -#define SECURITY_STATIC_TRACKING FALSE + /* also in ddk/ntifs.h */ #define TOKEN_ASSIGN_PRIMARY (0x0001) #define TOKEN_DUPLICATE (0x0002) @@ -3289,7 +3023,6 @@ typedef VOID (NTAPI *WORKERCALLBACKFUNC)(PVOID); #define IO_REPARSE_TAG_MOUNT_POINT 0xA0000003 #define IO_REPARSE_TAG_SYMLINK 0xA000000CL #ifndef RC_INVOKED -typedef DWORD ACCESS_MASK, *PACCESS_MASK; #ifdef _GUID_DEFINED # warning _GUID_DEFINED is deprecated, use GUID_DEFINED instead @@ -3305,263 +3038,80 @@ typedef struct _GUID { } GUID, *REFGUID, *LPGUID; #endif /* GUID_DEFINED */ -#define SYSTEM_LUID { 0x3E7, 0x0 } - -/* ACE Access Types, also in ntifs.h */ -#define ACCESS_MIN_MS_ACE_TYPE (0x0) -#define ACCESS_ALLOWED_ACE_TYPE (0x0) -#define ACCESS_DENIED_ACE_TYPE (0x1) -#define SYSTEM_AUDIT_ACE_TYPE (0x2) -#define SYSTEM_ALARM_ACE_TYPE (0x3) -#define ACCESS_MAX_MS_V2_ACE_TYPE (0x3) -#define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4) -#define ACCESS_MAX_MS_V3_ACE_TYPE (0x4) -#define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5) -#define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5) -#define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6) -#define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7) -#define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8) -#define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8) -#define ACCESS_MAX_MS_V4_ACE_TYPE (0x8) -#define ACCESS_MAX_MS_ACE_TYPE (0x8) -#define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9) -#define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA) -#define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB) -#define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC) -#define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD) -#define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE) -#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF) -#define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10) -#define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11) -#define ACCESS_MAX_MS_V5_ACE_TYPE (0x11) -/* end ntifs.h */ - -typedef struct _GENERIC_MAPPING { - ACCESS_MASK GenericRead; - ACCESS_MASK GenericWrite; - ACCESS_MASK GenericExecute; - ACCESS_MASK GenericAll; -} GENERIC_MAPPING, *PGENERIC_MAPPING; - -typedef struct _ACE_HEADER { - BYTE AceType; - BYTE AceFlags; - WORD AceSize; -} ACE_HEADER, *PACE_HEADER; +typedef enum _ACL_INFORMATION_CLASS { + AclRevisionInformation = 1, + AclSizeInformation +} ACL_INFORMATION_CLASS; -typedef struct _ACCESS_ALLOWED_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD SidStart; -} ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE; +typedef struct _ACL_REVISION_INFORMATION { + DWORD AclRevision; +} ACL_REVISION_INFORMATION, *PACL_REVISION_INFORMATION; -typedef struct _ACCESS_DENIED_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD SidStart; -} ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE; +typedef struct _ACL_SIZE_INFORMATION { + DWORD AceCount; + DWORD AclBytesInUse; + DWORD AclBytesFree; +} ACL_SIZE_INFORMATION, *PACL_SIZE_INFORMATION; -typedef struct _SYSTEM_AUDIT_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD SidStart; -} SYSTEM_AUDIT_ACE, *PSYSTEM_AUDIT_ACE; +#ifndef _LDT_ENTRY_DEFINED +#define _LDT_ENTRY_DEFINED -typedef struct _SYSTEM_ALARM_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD SidStart; -} SYSTEM_ALARM_ACE,*PSYSTEM_ALARM_ACE; +typedef struct _LDT_ENTRY { + WORD LimitLow; + WORD BaseLow; + union { + struct { + BYTE BaseMid; + BYTE Flags1; + BYTE Flags2; + BYTE BaseHi; + } Bytes; + struct { + DWORD BaseMid:8; + DWORD Type:5; + DWORD Dpl:2; + DWORD Pres:1; + DWORD LimitHi:4; + DWORD Sys:1; + DWORD Reserved_0:1; + DWORD Default_Big:1; + DWORD Granularity:1; + DWORD BaseHi:8; + } Bits; + } HighWord; +} LDT_ENTRY, *PLDT_ENTRY, *LPLDT_ENTRY; -typedef struct _SYSTEM_MANDATORY_LABEL_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD SidStart; -} SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE; +#endif /* _LDT_ENTRY_DEFINED */ -#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1 -#define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2 -#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4 -#define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | SYSTEM_MANDATORY_LABEL_NO_READ_UP | SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP) +/* FIXME: add more machines */ +#if defined(_X86_) +#define SIZE_OF_80387_REGISTERS 80 +#define CONTEXT_i386 0x10000 +#define CONTEXT_i486 0x10000 +#define CONTEXT_CONTROL (CONTEXT_i386|0x00000001L) +#define CONTEXT_INTEGER (CONTEXT_i386|0x00000002L) +#define CONTEXT_SEGMENTS (CONTEXT_i386|0x00000004L) +#define CONTEXT_FLOATING_POINT (CONTEXT_i386|0x00000008L) +#define CONTEXT_DEBUG_REGISTERS (CONTEXT_i386|0x00000010L) +#define CONTEXT_EXTENDED_REGISTERS (CONTEXT_i386|0x00000020L) +#define CONTEXT_FULL (CONTEXT_CONTROL|CONTEXT_INTEGER|CONTEXT_SEGMENTS) +#define MAXIMUM_SUPPORTED_EXTENSION 512 -typedef struct _ACCESS_ALLOWED_OBJECT_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD Flags; - GUID ObjectType; - GUID InheritedObjectType; - DWORD SidStart; -} ACCESS_ALLOWED_OBJECT_ACE,*PACCESS_ALLOWED_OBJECT_ACE; +#define EXCEPTION_READ_FAULT 0 +#define EXCEPTION_WRITE_FAULT 1 +#define EXCEPTION_EXECUTE_FAULT 8 -typedef struct _ACCESS_DENIED_OBJECT_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD Flags; - GUID ObjectType; - GUID InheritedObjectType; - DWORD SidStart; -} ACCESS_DENIED_OBJECT_ACE,*PACCESS_DENIED_OBJECT_ACE; - -typedef struct _SYSTEM_AUDIT_OBJECT_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD Flags; - GUID ObjectType; - GUID InheritedObjectType; - DWORD SidStart; -} SYSTEM_AUDIT_OBJECT_ACE,*PSYSTEM_AUDIT_OBJECT_ACE; - -typedef struct _SYSTEM_ALARM_OBJECT_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD Flags; - GUID ObjectType; - GUID InheritedObjectType; - DWORD SidStart; -} SYSTEM_ALARM_OBJECT_ACE,*PSYSTEM_ALARM_OBJECT_ACE; - -typedef struct _ACCESS_ALLOWED_CALLBACK_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD SidStart; -} ACCESS_ALLOWED_CALLBACK_ACE, *PACCESS_ALLOWED_CALLBACK_ACE; - -typedef struct _ACCESS_DENIED_CALLBACK_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD SidStart; -} ACCESS_DENIED_CALLBACK_ACE, *PACCESS_DENIED_CALLBACK_ACE; - -typedef struct _SYSTEM_AUDIT_CALLBACK_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD SidStart; -} SYSTEM_AUDIT_CALLBACK_ACE, *PSYSTEM_AUDIT_CALLBACK_ACE; - -typedef struct _SYSTEM_ALARM_CALLBACK_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD SidStart; -} SYSTEM_ALARM_CALLBACK_ACE, *PSYSTEM_ALARM_CALLBACK_ACE; - -typedef struct _ACCESS_ALLOWED_CALLBACK_OBJECT_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD Flags; - GUID ObjectType; - GUID InheritedObjectType; - DWORD SidStart; -} ACCESS_ALLOWED_CALLBACK_OBJECT_ACE, *PACCESS_ALLOWED_CALLBACK_OBJECT_ACE; - -typedef struct _ACCESS_DENIED_CALLBACK_OBJECT_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD Flags; - GUID ObjectType; - GUID InheritedObjectType; - DWORD SidStart; -} ACCESS_DENIED_CALLBACK_OBJECT_ACE, *PACCESS_DENIED_CALLBACK_OBJECT_ACE; - -typedef struct _SYSTEM_AUDIT_CALLBACK_OBJECT_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD Flags; - GUID ObjectType; - GUID InheritedObjectType; - DWORD SidStart; -} SYSTEM_AUDIT_CALLBACK_OBJECT_ACE, *PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE; - -typedef struct _SYSTEM_ALARM_CALLBACK_OBJECT_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD Flags; - GUID ObjectType; - GUID InheritedObjectType; - DWORD SidStart; -} SYSTEM_ALARM_CALLBACK_OBJECT_ACE, *PSYSTEM_ALARM_CALLBACK_OBJECT_ACE; - -typedef struct _ACL { - BYTE AclRevision; - BYTE Sbz1; - WORD AclSize; - WORD AceCount; - WORD Sbz2; -} ACL,*PACL; - -typedef enum _ACL_INFORMATION_CLASS { - AclRevisionInformation = 1, - AclSizeInformation -} ACL_INFORMATION_CLASS; - -typedef struct _ACL_REVISION_INFORMATION { - DWORD AclRevision; -} ACL_REVISION_INFORMATION, *PACL_REVISION_INFORMATION; - -typedef struct _ACL_SIZE_INFORMATION { - DWORD AceCount; - DWORD AclBytesInUse; - DWORD AclBytesFree; -} ACL_SIZE_INFORMATION, *PACL_SIZE_INFORMATION; - -#ifndef _LDT_ENTRY_DEFINED -#define _LDT_ENTRY_DEFINED - -typedef struct _LDT_ENTRY { - WORD LimitLow; - WORD BaseLow; - union { - struct { - BYTE BaseMid; - BYTE Flags1; - BYTE Flags2; - BYTE BaseHi; - } Bytes; - struct { - DWORD BaseMid:8; - DWORD Type:5; - DWORD Dpl:2; - DWORD Pres:1; - DWORD LimitHi:4; - DWORD Sys:1; - DWORD Reserved_0:1; - DWORD Default_Big:1; - DWORD Granularity:1; - DWORD BaseHi:8; - } Bits; - } HighWord; -} LDT_ENTRY, *PLDT_ENTRY, *LPLDT_ENTRY; - -#endif /* _LDT_ENTRY_DEFINED */ - -/* FIXME: add more machines */ -#if defined(_X86_) -#define SIZE_OF_80387_REGISTERS 80 -#define CONTEXT_i386 0x10000 -#define CONTEXT_i486 0x10000 -#define CONTEXT_CONTROL (CONTEXT_i386|0x00000001L) -#define CONTEXT_INTEGER (CONTEXT_i386|0x00000002L) -#define CONTEXT_SEGMENTS (CONTEXT_i386|0x00000004L) -#define CONTEXT_FLOATING_POINT (CONTEXT_i386|0x00000008L) -#define CONTEXT_DEBUG_REGISTERS (CONTEXT_i386|0x00000010L) -#define CONTEXT_EXTENDED_REGISTERS (CONTEXT_i386|0x00000020L) -#define CONTEXT_FULL (CONTEXT_CONTROL|CONTEXT_INTEGER|CONTEXT_SEGMENTS) -#define MAXIMUM_SUPPORTED_EXTENSION 512 - -#define EXCEPTION_READ_FAULT 0 -#define EXCEPTION_WRITE_FAULT 1 -#define EXCEPTION_EXECUTE_FAULT 8 - -typedef struct _FLOATING_SAVE_AREA { - DWORD ControlWord; - DWORD StatusWord; - DWORD TagWord; - DWORD ErrorOffset; - DWORD ErrorSelector; - DWORD DataOffset; - DWORD DataSelector; - BYTE RegisterArea[SIZE_OF_80387_REGISTERS]; - DWORD Cr0NpxState; -} FLOATING_SAVE_AREA, *PFLOATING_SAVE_AREA; +typedef struct _FLOATING_SAVE_AREA { + DWORD ControlWord; + DWORD StatusWord; + DWORD TagWord; + DWORD ErrorOffset; + DWORD ErrorSelector; + DWORD DataOffset; + DWORD DataSelector; + BYTE RegisterArea[SIZE_OF_80387_REGISTERS]; + DWORD Cr0NpxState; +} FLOATING_SAVE_AREA, *PFLOATING_SAVE_AREA; typedef struct _CONTEXT { DWORD ContextFlags; @@ -4415,117 +3965,782 @@ typedef struct _EXCEPTION_RECORD { ULONG_PTR ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS]; } EXCEPTION_RECORD, *PEXCEPTION_RECORD; -typedef struct _EXCEPTION_RECORD32 { - DWORD ExceptionCode; - DWORD ExceptionFlags; - DWORD ExceptionRecord; - DWORD ExceptionAddress; - DWORD NumberParameters; - DWORD ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS]; -} EXCEPTION_RECORD32,*PEXCEPTION_RECORD32; +typedef struct _EXCEPTION_RECORD32 { + DWORD ExceptionCode; + DWORD ExceptionFlags; + DWORD ExceptionRecord; + DWORD ExceptionAddress; + DWORD NumberParameters; + DWORD ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS]; +} EXCEPTION_RECORD32,*PEXCEPTION_RECORD32; + +typedef struct _EXCEPTION_RECORD64 { + DWORD ExceptionCode; + DWORD ExceptionFlags; + DWORD64 ExceptionRecord; + DWORD64 ExceptionAddress; + DWORD NumberParameters; + DWORD __unusedAlignment; + DWORD64 ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS]; +} EXCEPTION_RECORD64,*PEXCEPTION_RECORD64; + +typedef struct _EXCEPTION_POINTERS { + PEXCEPTION_RECORD ExceptionRecord; + PCONTEXT ContextRecord; +} EXCEPTION_POINTERS,*PEXCEPTION_POINTERS, *LPEXCEPTION_POINTERS; + +typedef struct _SECURITY_ATTRIBUTES { + DWORD nLength; + LPVOID lpSecurityDescriptor; + BOOL bInheritHandle; +} SECURITY_ATTRIBUTES, *PSECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES; + +#define SECURITY_MIN_SID_SIZE (sizeof(SID)) + +/****************************************************************************** + * Security Manager Types * + ******************************************************************************/ + +/* Simple types */ +typedef PVOID PSECURITY_DESCRIPTOR; +typedef DWORD SECURITY_INFORMATION, *PSECURITY_INFORMATION; +typedef DWORD ACCESS_MASK, *PACCESS_MASK; + +typedef PVOID PACCESS_TOKEN; +typedef PVOID PSID; + +#define DELETE 0x00010000L +#define READ_CONTROL 0x00020000L +#define WRITE_DAC 0x00040000L +#define WRITE_OWNER 0x00080000L +#define SYNCHRONIZE 0x00100000L +#define STANDARD_RIGHTS_REQUIRED 0x000F0000L +#define STANDARD_RIGHTS_READ READ_CONTROL +#define STANDARD_RIGHTS_WRITE READ_CONTROL +#define STANDARD_RIGHTS_EXECUTE READ_CONTROL +#define STANDARD_RIGHTS_ALL 0x001F0000L +#define SPECIFIC_RIGHTS_ALL 0x0000FFFFL +#define ACCESS_SYSTEM_SECURITY 0x01000000L +#define MAXIMUM_ALLOWED 0x02000000L +#define GENERIC_READ 0x80000000L +#define GENERIC_WRITE 0x40000000L +#define GENERIC_EXECUTE 0x20000000L +#define GENERIC_ALL 0x10000000L + +typedef struct _GENERIC_MAPPING { + ACCESS_MASK GenericRead; + ACCESS_MASK GenericWrite; + ACCESS_MASK GenericExecute; + ACCESS_MASK GenericAll; +} GENERIC_MAPPING, *PGENERIC_MAPPING; + +#define ACL_REVISION 2 +#define ACL_REVISION_DS 4 + +#define ACL_REVISION1 1 +#define ACL_REVISION2 2 +#define ACL_REVISION3 3 +#define ACL_REVISION4 4 +#define MIN_ACL_REVISION ACL_REVISION2 +#define MAX_ACL_REVISION ACL_REVISION4 + +typedef struct _ACL { + BYTE AclRevision; + BYTE Sbz1; + WORD AclSize; + WORD AceCount; + WORD Sbz2; +} ACL, *PACL; + +/* Current security descriptor revision value */ +#define SECURITY_DESCRIPTOR_REVISION (1) +#define SECURITY_DESCRIPTOR_REVISION1 (1) + +/* Privilege attributes */ +#define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x00000001L) +#define SE_PRIVILEGE_ENABLED (0x00000002L) +#define SE_PRIVILEGE_REMOVED (0X00000004L) +#define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L) + +#define SE_PRIVILEGE_VALID_ATTRIBUTES (SE_PRIVILEGE_ENABLED_BY_DEFAULT | \ + SE_PRIVILEGE_ENABLED | \ + SE_PRIVILEGE_REMOVED | \ + SE_PRIVILEGE_USED_FOR_ACCESS) + +#include +typedef struct _LUID_AND_ATTRIBUTES { + LUID Luid; + DWORD Attributes; +} LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES; +#include + +typedef LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY]; +typedef LUID_AND_ATTRIBUTES_ARRAY *PLUID_AND_ATTRIBUTES_ARRAY; + +/* Privilege sets */ +#define PRIVILEGE_SET_ALL_NECESSARY (1) + +typedef struct _PRIVILEGE_SET { + DWORD PrivilegeCount; + DWORD Control; + LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]; +} PRIVILEGE_SET, *PPRIVILEGE_SET; + +typedef enum _SECURITY_IMPERSONATION_LEVEL { + SecurityAnonymous, + SecurityIdentification, + SecurityImpersonation, + SecurityDelegation +} SECURITY_IMPERSONATION_LEVEL, * PSECURITY_IMPERSONATION_LEVEL; + +#define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation +#define SECURITY_MIN_IMPERSONATION_LEVEL SecurityAnonymous +#define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation +#define VALID_IMPERSONATION_LEVEL(Level) (((Level) >= SECURITY_MIN_IMPERSONATION_LEVEL) && ((Level) <= SECURITY_MAX_IMPERSONATION_LEVEL)) + +#define SECURITY_DYNAMIC_TRACKING (TRUE) +#define SECURITY_STATIC_TRACKING (FALSE) + +typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE, *PSECURITY_CONTEXT_TRACKING_MODE; + +typedef struct _SECURITY_QUALITY_OF_SERVICE { + DWORD Length; + SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; + SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode; + BOOLEAN EffectiveOnly; +} SECURITY_QUALITY_OF_SERVICE, *PSECURITY_QUALITY_OF_SERVICE; + +typedef struct _SE_IMPERSONATION_STATE { + PACCESS_TOKEN Token; + BOOLEAN CopyOnOpen; + BOOLEAN EffectiveOnly; + SECURITY_IMPERSONATION_LEVEL Level; +} SE_IMPERSONATION_STATE, *PSE_IMPERSONATION_STATE; + + +#define OWNER_SECURITY_INFORMATION (0x00000001L) +#define GROUP_SECURITY_INFORMATION (0x00000002L) +#define DACL_SECURITY_INFORMATION (0x00000004L) +#define SACL_SECURITY_INFORMATION (0x00000008L) +#define LABEL_SECURITY_INFORMATION (0x00000010L) + +#define PROTECTED_DACL_SECURITY_INFORMATION (0x80000000L) +#define PROTECTED_SACL_SECURITY_INFORMATION (0x40000000L) +#define UNPROTECTED_DACL_SECURITY_INFORMATION (0x20000000L) +#define UNPROTECTED_SACL_SECURITY_INFORMATION (0x10000000L) + + +typedef enum _WELL_KNOWN_SID_TYPE { + WinNullSid = 0, + WinWorldSid = 1, + WinLocalSid = 2, + WinCreatorOwnerSid = 3, + WinCreatorGroupSid = 4, + WinCreatorOwnerServerSid = 5, + WinCreatorGroupServerSid = 6, + WinNtAuthoritySid = 7, + WinDialupSid = 8, + WinNetworkSid = 9, + WinBatchSid = 10, + WinInteractiveSid = 11, + WinServiceSid = 12, + WinAnonymousSid = 13, + WinProxySid = 14, + WinEnterpriseControllersSid = 15, + WinSelfSid = 16, + WinAuthenticatedUserSid = 17, + WinRestrictedCodeSid = 18, + WinTerminalServerSid = 19, + WinRemoteLogonIdSid = 20, + WinLogonIdsSid = 21, + WinLocalSystemSid = 22, + WinLocalServiceSid = 23, + WinNetworkServiceSid = 24, + WinBuiltinDomainSid = 25, + WinBuiltinAdministratorsSid = 26, + WinBuiltinUsersSid = 27, + WinBuiltinGuestsSid = 28, + WinBuiltinPowerUsersSid = 29, + WinBuiltinAccountOperatorsSid = 30, + WinBuiltinSystemOperatorsSid = 31, + WinBuiltinPrintOperatorsSid = 32, + WinBuiltinBackupOperatorsSid = 33, + WinBuiltinReplicatorSid = 34, + WinBuiltinPreWindows2000CompatibleAccessSid = 35, + WinBuiltinRemoteDesktopUsersSid = 36, + WinBuiltinNetworkConfigurationOperatorsSid = 37, + WinAccountAdministratorSid = 38, + WinAccountGuestSid = 39, + WinAccountKrbtgtSid = 40, + WinAccountDomainAdminsSid = 41, + WinAccountDomainUsersSid = 42, + WinAccountDomainGuestsSid = 43, + WinAccountComputersSid = 44, + WinAccountControllersSid = 45, + WinAccountCertAdminsSid = 46, + WinAccountSchemaAdminsSid = 47, + WinAccountEnterpriseAdminsSid = 48, + WinAccountPolicyAdminsSid = 49, + WinAccountRasAndIasServersSid = 50, + WinNTLMAuthenticationSid = 51, + WinDigestAuthenticationSid = 52, + WinSChannelAuthenticationSid = 53, + WinThisOrganizationSid = 54, + WinOtherOrganizationSid = 55, + WinBuiltinIncomingForestTrustBuildersSid = 56, + WinBuiltinPerfMonitoringUsersSid = 57, + WinBuiltinPerfLoggingUsersSid = 58, + WinBuiltinAuthorizationAccessSid = 59, + WinBuiltinTerminalServerLicenseServersSid = 60, + WinBuiltinDCOMUsersSid = 61, + WinBuiltinIUsersSid = 62, + WinIUserSid = 63, + WinBuiltinCryptoOperatorsSid = 64, + WinUntrustedLabelSid = 65, + WinLowLabelSid = 66, + WinMediumLabelSid = 67, + WinHighLabelSid = 68, + WinSystemLabelSid = 69, + WinWriteRestrictedCodeSid = 70, + WinCreatorOwnerRightsSid = 71, + WinCacheablePrincipalsGroupSid = 72, + WinNonCacheablePrincipalsGroupSid = 73, + WinEnterpriseReadonlyControllersSid = 74, + WinAccountReadonlyControllersSid = 75, + WinBuiltinEventLogReadersGroup = 76, + WinNewEnterpriseReadonlyControllersSid = 77, + WinBuiltinCertSvcDComAccessGroup = 78, + WinMediumPlusLabelSid = 79, + WinLocalLogonSid = 80, + WinConsoleLogonSid = 81, + WinThisOrganizationCertificateSid = 82, +} WELL_KNOWN_SID_TYPE; + + +#ifndef SID_IDENTIFIER_AUTHORITY_DEFINED +#define SID_IDENTIFIER_AUTHORITY_DEFINED +typedef struct _SID_IDENTIFIER_AUTHORITY { + BYTE Value[6]; +} SID_IDENTIFIER_AUTHORITY,*PSID_IDENTIFIER_AUTHORITY,*LPSID_IDENTIFIER_AUTHORITY; +#endif + +#ifndef SID_DEFINED +#define SID_DEFINED +typedef struct _SID { + BYTE Revision; + BYTE SubAuthorityCount; + SID_IDENTIFIER_AUTHORITY IdentifierAuthority; +#ifdef MIDL_PASS + [size_is(SubAuthorityCount)] DWORD SubAuthority[*]; +#else + DWORD SubAuthority[ANYSIZE_ARRAY]; +#endif +} SID, *PISID; +#endif + +#define SID_REVISION 1 +#define SID_MAX_SUB_AUTHORITIES 15 +#define SID_RECOMMENDED_SUB_AUTHORITIES 1 + +#ifndef MIDL_PASS +#define SECURITY_MAX_SID_SIZE (sizeof(SID) - sizeof(DWORD) + (SID_MAX_SUB_AUTHORITIES * sizeof(DWORD))) +#endif + +typedef enum _SID_NAME_USE { + SidTypeUser = 1, + SidTypeGroup, + SidTypeDomain, + SidTypeAlias, + SidTypeWellKnownGroup, + SidTypeDeletedAccount, + SidTypeInvalid, + SidTypeUnknown, + SidTypeComputer, + SidTypeLabel +} SID_NAME_USE, *PSID_NAME_USE; + +typedef struct _SID_AND_ATTRIBUTES { +#ifdef MIDL_PASS + PISID Sid; +#else + PSID Sid; +#endif + DWORD Attributes; +} SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES; +typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY]; +typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY; + +#define SID_HASH_SIZE 32 +typedef ULONG_PTR SID_HASH_ENTRY, *PSID_HASH_ENTRY; + +typedef struct _SID_AND_ATTRIBUTES_HASH { + DWORD SidCount; + PSID_AND_ATTRIBUTES SidAttr; + SID_HASH_ENTRY Hash[SID_HASH_SIZE]; +} SID_AND_ATTRIBUTES_HASH, *PSID_AND_ATTRIBUTES_HASH; + +/* Universal well-known SIDs */ + +#define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0} + +/* S-1-1 */ +#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1} + +/* S-1-2 */ +#define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2} + +/* S-1-3 */ +#define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3} + +/* S-1-4 */ +#define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4} + +#define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9} + +#define SECURITY_NULL_RID (0x00000000L) +#define SECURITY_WORLD_RID (0x00000000L) +#define SECURITY_LOCAL_RID (0x00000000L) +#define SECURITY_LOCAL_LOGON_RID (0x00000001L) + +#define SECURITY_CREATOR_OWNER_RID (0x00000000L) +#define SECURITY_CREATOR_GROUP_RID (0x00000001L) +#define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L) +#define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L) +#define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L) + +/* NT well-known SIDs */ + +/* S-1-5 */ +#define SECURITY_NT_AUTHORITY {0,0,0,0,0,5} + +#define SECURITY_DIALUP_RID (0x00000001L) +#define SECURITY_NETWORK_RID (0x00000002L) +#define SECURITY_BATCH_RID (0x00000003L) +#define SECURITY_INTERACTIVE_RID (0x00000004L) +#define SECURITY_LOGON_IDS_RID (0x00000005L) +#define SECURITY_LOGON_IDS_RID_COUNT (3L) +#define SECURITY_SERVICE_RID (0x00000006L) +#define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L) +#define SECURITY_PROXY_RID (0x00000008L) +#define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L) +#define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID +#define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL) +#define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL) +#define SECURITY_RESTRICTED_CODE_RID (0x0000000CL) +#define SECURITY_TERMINAL_SERVER_RID (0x0000000DL) +#define SECURITY_REMOTE_LOGON_RID (0x0000000EL) +#define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL) +#define SECURITY_IUSER_RID (0x00000011L) +#define SECURITY_LOCAL_SYSTEM_RID (0x00000012L) +#define SECURITY_LOCAL_SERVICE_RID (0x00000013L) +#define SECURITY_NETWORK_SERVICE_RID (0x00000014L) +#define SECURITY_NT_NON_UNIQUE (0x00000015L) +#define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L) +#define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L) + +#define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L) +#define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L) + + +#define SECURITY_PACKAGE_BASE_RID (0x00000040L) +#define SECURITY_PACKAGE_RID_COUNT (2L) +#define SECURITY_PACKAGE_NTLM_RID (0x0000000AL) +#define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL) +#define SECURITY_PACKAGE_DIGEST_RID (0x00000015L) + +#define SECURITY_CRED_TYPE_BASE_RID (0x00000041L) +#define SECURITY_CRED_TYPE_RID_COUNT (2L) +#define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L) + +#define SECURITY_MIN_BASE_RID (0x00000050L) +#define SECURITY_SERVICE_ID_BASE_RID (0x00000050L) +#define SECURITY_SERVICE_ID_RID_COUNT (6L) +#define SECURITY_RESERVED_ID_BASE_RID (0x00000051L) +#define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L) +#define SECURITY_APPPOOL_ID_RID_COUNT (6L) +#define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L) +#define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L) +#define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L) +#define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L) +#define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID (0x00000055L) +#define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L) +#define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L) +#define SECURITY_WMIHOST_ID_RID_COUNT (6L) +#define SECURITY_TASK_ID_BASE_RID (0x00000057L) +#define SECURITY_NFS_ID_BASE_RID (0x00000058L) +#define SECURITY_COM_ID_BASE_RID (0x00000059L) +#define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L) + +#define SECURITY_MAX_BASE_RID (0x0000006FL) + +#define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L) +#define SECURITY_MIN_NEVER_FILTERED (0x000003E8L) + +#define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L) + +#define SECURITY_WINDOWSMOBILE_ID_BASE_RID (0x00000070L) + +/* Well-known domain relative sub-authority values (RIDs) */ + +#define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L) + +#define FOREST_USER_RID_MAX (0x000001F3L) + +/* Well-known users */ + +#define DOMAIN_USER_RID_ADMIN (0x000001F4L) +#define DOMAIN_USER_RID_GUEST (0x000001F5L) +#define DOMAIN_USER_RID_KRBTGT (0x000001F6L) + +#define DOMAIN_USER_RID_MAX (0x000003E7L) + +/* Well-known groups */ + +#define DOMAIN_GROUP_RID_ADMINS (0x00000200L) +#define DOMAIN_GROUP_RID_USERS (0x00000201L) +#define DOMAIN_GROUP_RID_GUESTS (0x00000202L) +#define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L) +#define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L) +#define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L) +#define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L) +#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L) +#define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L) +#define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L) + +/* Well-known aliases */ + +#define DOMAIN_ALIAS_RID_ADMINS (0x00000220L) +#define DOMAIN_ALIAS_RID_USERS (0x00000221L) +#define DOMAIN_ALIAS_RID_GUESTS (0x00000222L) +#define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L) + +#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L) +#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L) +#define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L) +#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L) + +#define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L) +#define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L) +#define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL) +#define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL) +#define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL) +#define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL) + +#define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL) +#define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL) +#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L) +#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L) +#define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L) + +#define DOMAIN_ALIAS_RID_IUSERS (0x00000238L) +#define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L) +#define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL) +#define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL) +#define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL) +#define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL) + +#define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16} +#define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L) +#define SECURITY_MANDATORY_LOW_RID (0x00001000L) +#define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L) +#define SECURITY_MANDATORY_HIGH_RID (0x00003000L) +#define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L) +#define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L) + +/* SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that + can be set by a usermode caller.*/ + +#define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID + +#define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000) + +/* Allocate the System Luid. The first 1000 LUIDs are reserved. + Use #999 here (0x3e7 = 999) */ + +#define SYSTEM_LUID {0x3e7, 0x0} +#define ANONYMOUS_LOGON_LUID {0x3e6, 0x0} +#define LOCALSERVICE_LUID {0x3e5, 0x0} +#define NETWORKSERVICE_LUID {0x3e4, 0x0} +#define IUSER_LUID {0x3e3, 0x0} + +typedef struct _ACE_HEADER { + BYTE AceType; + BYTE AceFlags; + WORD AceSize; +} ACE_HEADER, *PACE_HEADER; + +#define ACCESS_MIN_MS_ACE_TYPE (0x0) +#define ACCESS_ALLOWED_ACE_TYPE (0x0) +#define ACCESS_DENIED_ACE_TYPE (0x1) +#define SYSTEM_AUDIT_ACE_TYPE (0x2) +#define SYSTEM_ALARM_ACE_TYPE (0x3) +#define ACCESS_MAX_MS_V2_ACE_TYPE (0x3) +#define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4) +#define ACCESS_MAX_MS_V3_ACE_TYPE (0x4) +#define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5) +#define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5) +#define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6) +#define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7) +#define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8) +#define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8) +#define ACCESS_MAX_MS_V4_ACE_TYPE (0x8) +#define ACCESS_MAX_MS_ACE_TYPE (0x8) +#define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9) +#define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA) +#define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB) +#define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC) +#define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD) +#define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE) +#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF) +#define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10) +#define ACCESS_MAX_MS_V5_ACE_TYPE (0x11) +#define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11) + +/* The following are the inherit flags that go into the AceFlags field + of an Ace header. */ + +#define OBJECT_INHERIT_ACE (0x1) +#define CONTAINER_INHERIT_ACE (0x2) +#define NO_PROPAGATE_INHERIT_ACE (0x4) +#define INHERIT_ONLY_ACE (0x8) +#define INHERITED_ACE (0x10) +#define VALID_INHERIT_FLAGS (0x1F) + +#define SUCCESSFUL_ACCESS_ACE_FLAG (0x40) +#define FAILED_ACCESS_ACE_FLAG (0x80) + +typedef struct _ACCESS_ALLOWED_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD SidStart; +} ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE; + +typedef struct _ACCESS_DENIED_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD SidStart; +} ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE; + +typedef struct _SYSTEM_AUDIT_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD SidStart; +} SYSTEM_AUDIT_ACE, *PSYSTEM_AUDIT_ACE; + +typedef struct _SYSTEM_ALARM_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD SidStart; +} SYSTEM_ALARM_ACE, *PSYSTEM_ALARM_ACE; -typedef struct _EXCEPTION_RECORD64 { - DWORD ExceptionCode; - DWORD ExceptionFlags; - DWORD64 ExceptionRecord; - DWORD64 ExceptionAddress; - DWORD NumberParameters; - DWORD __unusedAlignment; - DWORD64 ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS]; -} EXCEPTION_RECORD64,*PEXCEPTION_RECORD64; +typedef struct _SYSTEM_MANDATORY_LABEL_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD SidStart; +} SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE; -typedef struct _EXCEPTION_POINTERS { - PEXCEPTION_RECORD ExceptionRecord; - PCONTEXT ContextRecord; -} EXCEPTION_POINTERS,*PEXCEPTION_POINTERS, *LPEXCEPTION_POINTERS; +#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1 +#define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2 +#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4 +#define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \ + SYSTEM_MANDATORY_LABEL_NO_READ_UP | \ + SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP) + +#define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR)) + +typedef WORD SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL; + +#define SE_OWNER_DEFAULTED 0x0001 +#define SE_GROUP_DEFAULTED 0x0002 +#define SE_DACL_PRESENT 0x0004 +#define SE_DACL_DEFAULTED 0x0008 +#define SE_SACL_PRESENT 0x0010 +#define SE_SACL_DEFAULTED 0x0020 +#define SE_DACL_UNTRUSTED 0x0040 +#define SE_SERVER_SECURITY 0x0080 +#define SE_DACL_AUTO_INHERIT_REQ 0x0100 +#define SE_SACL_AUTO_INHERIT_REQ 0x0200 +#define SE_DACL_AUTO_INHERITED 0x0400 +#define SE_SACL_AUTO_INHERITED 0x0800 +#define SE_DACL_PROTECTED 0x1000 +#define SE_SACL_PROTECTED 0x2000 +#define SE_RM_CONTROL_VALID 0x4000 +#define SE_SELF_RELATIVE 0x8000 -#include +typedef struct _SECURITY_DESCRIPTOR_RELATIVE { + BYTE Revision; + BYTE Sbz1; + SECURITY_DESCRIPTOR_CONTROL Control; + DWORD Owner; + DWORD Group; + DWORD Sacl; + DWORD Dacl; +} SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE; -typedef struct _LUID_AND_ATTRIBUTES { - LUID Luid; - DWORD Attributes; -} LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES; -typedef LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY]; -typedef LUID_AND_ATTRIBUTES_ARRAY *PLUID_AND_ATTRIBUTES_ARRAY; +typedef struct _SECURITY_DESCRIPTOR { + BYTE Revision; + BYTE Sbz1; + SECURITY_DESCRIPTOR_CONTROL Control; + PSID Owner; + PSID Group; + PACL Sacl; + PACL Dacl; +} SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR; -#include +typedef struct _OBJECT_TYPE_LIST { + WORD Level; + WORD Sbz; + GUID *ObjectType; +} OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST; -typedef struct _PRIVILEGE_SET { - DWORD PrivilegeCount; - DWORD Control; - LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]; -} PRIVILEGE_SET,*PPRIVILEGE_SET; +#define ACCESS_OBJECT_GUID 0 +#define ACCESS_PROPERTY_SET_GUID 1 +#define ACCESS_PROPERTY_GUID 2 +#define ACCESS_MAX_LEVEL 4 -typedef struct _SECURITY_ATTRIBUTES { - DWORD nLength; - LPVOID lpSecurityDescriptor; - BOOL bInheritHandle; -} SECURITY_ATTRIBUTES,*PSECURITY_ATTRIBUTES,*LPSECURITY_ATTRIBUTES; +typedef enum _AUDIT_EVENT_TYPE { + AuditEventObjectAccess, + AuditEventDirectoryServiceAccess +} AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE; -/****************************************************************************** - * Security Manager Types * - ******************************************************************************/ +#define AUDIT_ALLOW_NO_PRIVILEGE 0x1 + +#define ACCESS_DS_SOURCE_A "DS" +#define ACCESS_DS_SOURCE_W L"DS" +#define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object" +#define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object" + +#define ACCESS_REASON_TYPE_MASK 0xffff0000 +#define ACCESS_REASON_DATA_MASK 0x0000ffff + +typedef enum _ACCESS_REASON_TYPE { + AccessReasonNone = 0x00000000, + AccessReasonAllowedAce = 0x00010000, + AccessReasonDeniedAce = 0x00020000, + AccessReasonAllowedParentAce = 0x00030000, + AccessReasonDeniedParentAce = 0x00040000, + AccessReasonMissingPrivilege = 0x00100000, + AccessReasonFromPrivilege = 0x00200000, + AccessReasonIntegrityLevel = 0x00300000, + AccessReasonOwnership = 0x00400000, + AccessReasonNullDacl = 0x00500000, + AccessReasonEmptyDacl = 0x00600000, + AccessReasonNoSD = 0x00700000, + AccessReasonNoGrant = 0x00800000 +} ACCESS_REASON_TYPE; + +typedef DWORD ACCESS_REASON; + +typedef struct _ACCESS_REASONS { + ACCESS_REASON Data[32]; +} ACCESS_REASONS, *PACCESS_REASONS; + +#define SE_SECURITY_DESCRIPTOR_FLAG_NO_OWNER_ACE 0x00000001 +#define SE_SECURITY_DESCRIPTOR_FLAG_NO_LABEL_ACE 0x00000002 +#define SE_SECURITY_DESCRIPTOR_VALID_FLAGS 0x00000003 + +typedef struct _SE_SECURITY_DESCRIPTOR { + DWORD Size; + DWORD Flags; + PSECURITY_DESCRIPTOR SecurityDescriptor; +} SE_SECURITY_DESCRIPTOR, *PSE_SECURITY_DESCRIPTOR; -typedef PVOID PACCESS_TOKEN; -typedef PVOID PSID; +typedef struct _ACCESS_ALLOWED_OBJECT_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD Flags; + GUID ObjectType; + GUID InheritedObjectType; + DWORD SidStart; +} ACCESS_ALLOWED_OBJECT_ACE,*PACCESS_ALLOWED_OBJECT_ACE; -typedef enum _SECURITY_IMPERSONATION_LEVEL { - SecurityAnonymous, - SecurityIdentification, - SecurityImpersonation, - SecurityDelegation -} SECURITY_IMPERSONATION_LEVEL, * PSECURITY_IMPERSONATION_LEVEL; +typedef struct _ACCESS_DENIED_OBJECT_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD Flags; + GUID ObjectType; + GUID InheritedObjectType; + DWORD SidStart; +} ACCESS_DENIED_OBJECT_ACE,*PACCESS_DENIED_OBJECT_ACE; +typedef struct _SYSTEM_AUDIT_OBJECT_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD Flags; + GUID ObjectType; + GUID InheritedObjectType; + DWORD SidStart; +} SYSTEM_AUDIT_OBJECT_ACE,*PSYSTEM_AUDIT_OBJECT_ACE; -typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE, *PSECURITY_CONTEXT_TRACKING_MODE; +typedef struct _SYSTEM_ALARM_OBJECT_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD Flags; + GUID ObjectType; + GUID InheritedObjectType; + DWORD SidStart; +} SYSTEM_ALARM_OBJECT_ACE,*PSYSTEM_ALARM_OBJECT_ACE; -typedef struct _SECURITY_QUALITY_OF_SERVICE { - DWORD Length; - SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; - SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode; - BOOLEAN EffectiveOnly; -} SECURITY_QUALITY_OF_SERVICE, *PSECURITY_QUALITY_OF_SERVICE; +typedef struct _ACCESS_ALLOWED_CALLBACK_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD SidStart; +} ACCESS_ALLOWED_CALLBACK_ACE, *PACCESS_ALLOWED_CALLBACK_ACE; -typedef struct _SE_IMPERSONATION_STATE { - PACCESS_TOKEN Token; - BOOLEAN CopyOnOpen; - BOOLEAN EffectiveOnly; - SECURITY_IMPERSONATION_LEVEL Level; -} SE_IMPERSONATION_STATE, *PSE_IMPERSONATION_STATE; +typedef struct _ACCESS_DENIED_CALLBACK_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD SidStart; +} ACCESS_DENIED_CALLBACK_ACE, *PACCESS_DENIED_CALLBACK_ACE; +typedef struct _SYSTEM_AUDIT_CALLBACK_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD SidStart; +} SYSTEM_AUDIT_CALLBACK_ACE, *PSYSTEM_AUDIT_CALLBACK_ACE; -#ifndef SID_IDENTIFIER_AUTHORITY_DEFINED -#define SID_IDENTIFIER_AUTHORITY_DEFINED -typedef struct _SID_IDENTIFIER_AUTHORITY { - BYTE Value[6]; -} SID_IDENTIFIER_AUTHORITY,*PSID_IDENTIFIER_AUTHORITY,*LPSID_IDENTIFIER_AUTHORITY; -#endif +typedef struct _SYSTEM_ALARM_CALLBACK_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD SidStart; +} SYSTEM_ALARM_CALLBACK_ACE, *PSYSTEM_ALARM_CALLBACK_ACE; -#ifndef SID_DEFINED -#define SID_DEFINED -typedef struct _SID { - BYTE Revision; - BYTE SubAuthorityCount; - SID_IDENTIFIER_AUTHORITY IdentifierAuthority; -#ifdef MIDL_PASS - [size_is(SubAuthorityCount)] DWORD SubAuthority[*]; -#else - DWORD SubAuthority[ANYSIZE_ARRAY]; -#endif -} SID, *PISID; -#endif +typedef struct _ACCESS_ALLOWED_CALLBACK_OBJECT_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD Flags; + GUID ObjectType; + GUID InheritedObjectType; + DWORD SidStart; +} ACCESS_ALLOWED_CALLBACK_OBJECT_ACE, *PACCESS_ALLOWED_CALLBACK_OBJECT_ACE; +typedef struct _ACCESS_DENIED_CALLBACK_OBJECT_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD Flags; + GUID ObjectType; + GUID InheritedObjectType; + DWORD SidStart; +} ACCESS_DENIED_CALLBACK_OBJECT_ACE, *PACCESS_DENIED_CALLBACK_OBJECT_ACE; -#define SECURITY_MIN_SID_SIZE (sizeof(SID)) -#define SECURITY_MAX_SID_SIZE (FIELD_OFFSET(SID, SubAuthority) + SID_MAX_SUB_AUTHORITIES * sizeof(DWORD)) +typedef struct _SYSTEM_AUDIT_CALLBACK_OBJECT_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD Flags; + GUID ObjectType; + GUID InheritedObjectType; + DWORD SidStart; +} SYSTEM_AUDIT_CALLBACK_OBJECT_ACE, *PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE; -typedef struct _SID_AND_ATTRIBUTES { - PSID Sid; - DWORD Attributes; -} SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES; -typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY]; -typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY; +typedef struct _SYSTEM_ALARM_CALLBACK_OBJECT_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD Flags; + GUID ObjectType; + GUID InheritedObjectType; + DWORD SidStart; +} SYSTEM_ALARM_CALLBACK_OBJECT_ACE, *PSYSTEM_ALARM_CALLBACK_OBJECT_ACE; typedef struct _TOKEN_SOURCE { CHAR SourceName[TOKEN_SOURCE_LENGTH]; @@ -4612,33 +4827,6 @@ typedef struct _TOKEN_USER { SID_AND_ATTRIBUTES User; } TOKEN_USER, *PTOKEN_USER; -typedef DWORD SECURITY_INFORMATION,*PSECURITY_INFORMATION; -typedef WORD SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL; - -#ifndef _SECURITY_ATTRIBUTES_ -#define _SECURITY_ATTRIBUTES_ -typedef struct _SECURITY_DESCRIPTOR { - BYTE Revision; - BYTE Sbz1; - SECURITY_DESCRIPTOR_CONTROL Control; - PSID Owner; - PSID Group; - PACL Sacl; - PACL Dacl; -} SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR; -typedef PVOID PSECURITY_DESCRIPTOR; -#endif - -typedef struct _SECURITY_DESCRIPTOR_RELATIVE { - BYTE Revision; - BYTE Sbz1; - SECURITY_DESCRIPTOR_CONTROL Control; - DWORD Owner; - DWORD Group; - DWORD Sacl; - DWORD Dacl; -} SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE; - typedef enum _TOKEN_INFORMATION_CLASS { TokenUser = 1, TokenGroups, @@ -4671,19 +4859,6 @@ typedef enum _TOKEN_INFORMATION_CLASS { MaxTokenInfoClass } TOKEN_INFORMATION_CLASS; -typedef enum _SID_NAME_USE { - SidTypeUser=1, - SidTypeGroup, - SidTypeDomain, - SidTypeAlias, - SidTypeWellKnownGroup, - SidTypeDeletedAccount, - SidTypeInvalid, - SidTypeUnknown, - SidTypeComputer, - SidTypeLabel -} SID_NAME_USE,*PSID_NAME_USE; - typedef struct _QUOTA_LIMITS { SIZE_T PagedPoolLimit; SIZE_T NonPagedPoolLimit; @@ -6290,14 +6465,6 @@ typedef struct _SYSTEM_POWER_INFORMATION { } SYSTEM_POWER_INFORMATION,*PSYSTEM_POWER_INFORMATION; #endif -#if (_WIN32_WINNT >= 0x0500) -#define _AUDIT_EVENT_TYPE_HACK 1 -typedef enum _AUDIT_EVENT_TYPE { - AuditEventObjectAccess, - AuditEventDirectoryServiceAccess -} AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE; -#endif - #if (_WIN32_WINNT >= 0x0501) typedef enum _ACTIVATION_CONTEXT_INFO_CLASS { @@ -6517,12 +6684,6 @@ RtlSecureZeroMemory(_Out_writes_bytes_all_(Length) PVOID Buffer, return Buffer; } -typedef struct _OBJECT_TYPE_LIST { - WORD Level; - WORD Sbz; - GUID *ObjectType; -} OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST; - #if defined(_M_IX86) FORCEINLINE struct _TEB * NtCurrentTeb(void) { diff --git a/reactos/include/xdk/setypes.h b/reactos/include/xdk/setypes.h index c9b2dbe780e..26d9505dae1 100644 --- a/reactos/include/xdk/setypes.h +++ b/reactos/include/xdk/setypes.h @@ -1,39 +1,33 @@ /****************************************************************************** * Security Manager Types * ******************************************************************************/ -$if (_WDMDDK_) +$if (_WDMDDK_ || _WINNT_) /* Simple types */ typedef PVOID PSECURITY_DESCRIPTOR; -typedef ULONG SECURITY_INFORMATION, *PSECURITY_INFORMATION; -typedef ULONG ACCESS_MASK, *PACCESS_MASK; - -$endif (_WDMDDK_) -$if (_WDMDDK_ || _WINNT_) +typedef $ULONG SECURITY_INFORMATION, *PSECURITY_INFORMATION; +typedef $ULONG ACCESS_MASK, *PACCESS_MASK; typedef PVOID PACCESS_TOKEN; typedef PVOID PSID; -$endif (_WDMDDK_ || _WINNT_) -$if (_WDMDDK_) - -#define DELETE 0x00010000L -#define READ_CONTROL 0x00020000L -#define WRITE_DAC 0x00040000L -#define WRITE_OWNER 0x00080000L -#define SYNCHRONIZE 0x00100000L -#define STANDARD_RIGHTS_REQUIRED 0x000F0000L -#define STANDARD_RIGHTS_READ READ_CONTROL -#define STANDARD_RIGHTS_WRITE READ_CONTROL -#define STANDARD_RIGHTS_EXECUTE READ_CONTROL -#define STANDARD_RIGHTS_ALL 0x001F0000L -#define SPECIFIC_RIGHTS_ALL 0x0000FFFFL -#define ACCESS_SYSTEM_SECURITY 0x01000000L -#define MAXIMUM_ALLOWED 0x02000000L -#define GENERIC_READ 0x80000000L -#define GENERIC_WRITE 0x40000000L -#define GENERIC_EXECUTE 0x20000000L -#define GENERIC_ALL 0x10000000L +#define DELETE 0x00010000L +#define READ_CONTROL 0x00020000L +#define WRITE_DAC 0x00040000L +#define WRITE_OWNER 0x00080000L +#define SYNCHRONIZE 0x00100000L +#define STANDARD_RIGHTS_REQUIRED 0x000F0000L +#define STANDARD_RIGHTS_READ READ_CONTROL +#define STANDARD_RIGHTS_WRITE READ_CONTROL +#define STANDARD_RIGHTS_EXECUTE READ_CONTROL +#define STANDARD_RIGHTS_ALL 0x001F0000L +#define SPECIFIC_RIGHTS_ALL 0x0000FFFFL +#define ACCESS_SYSTEM_SECURITY 0x01000000L +#define MAXIMUM_ALLOWED 0x02000000L +#define GENERIC_READ 0x80000000L +#define GENERIC_WRITE 0x40000000L +#define GENERIC_EXECUTE 0x20000000L +#define GENERIC_ALL 0x10000000L typedef struct _GENERIC_MAPPING { ACCESS_MASK GenericRead; @@ -42,22 +36,22 @@ typedef struct _GENERIC_MAPPING { ACCESS_MASK GenericAll; } GENERIC_MAPPING, *PGENERIC_MAPPING; -#define ACL_REVISION 2 -#define ACL_REVISION_DS 4 +#define ACL_REVISION 2 +#define ACL_REVISION_DS 4 -#define ACL_REVISION1 1 -#define ACL_REVISION2 2 -#define ACL_REVISION3 3 -#define ACL_REVISION4 4 -#define MIN_ACL_REVISION ACL_REVISION2 -#define MAX_ACL_REVISION ACL_REVISION4 +#define ACL_REVISION1 1 +#define ACL_REVISION2 2 +#define ACL_REVISION3 3 +#define ACL_REVISION4 4 +#define MIN_ACL_REVISION ACL_REVISION2 +#define MAX_ACL_REVISION ACL_REVISION4 typedef struct _ACL { - UCHAR AclRevision; - UCHAR Sbz1; - USHORT AclSize; - USHORT AceCount; - USHORT Sbz2; + $UCHAR AclRevision; + $UCHAR Sbz1; + $USHORT AclSize; + $USHORT AceCount; + $USHORT Sbz2; } ACL, *PACL; /* Current security descriptor revision value */ @@ -78,7 +72,7 @@ typedef struct _ACL { #include typedef struct _LUID_AND_ATTRIBUTES { LUID Luid; - ULONG Attributes; + $ULONG Attributes; } LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES; #include @@ -89,13 +83,10 @@ typedef LUID_AND_ATTRIBUTES_ARRAY *PLUID_AND_ATTRIBUTES_ARRAY; #define PRIVILEGE_SET_ALL_NECESSARY (1) typedef struct _PRIVILEGE_SET { - ULONG PrivilegeCount; - ULONG Control; + $ULONG PrivilegeCount; + $ULONG Control; LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]; -} PRIVILEGE_SET,*PPRIVILEGE_SET; - -$endif(_WDMDDK_) -$if(_WDMDDK_ || _WINNT_) +} PRIVILEGE_SET, *PPRIVILEGE_SET; typedef enum _SECURITY_IMPERSONATION_LEVEL { SecurityAnonymous, @@ -104,20 +95,14 @@ typedef enum _SECURITY_IMPERSONATION_LEVEL { SecurityDelegation } SECURITY_IMPERSONATION_LEVEL, * PSECURITY_IMPERSONATION_LEVEL; -$endif (_WDMDDK_ || _WINNT_) -$if (_WDMDDK_) - #define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation #define SECURITY_MIN_IMPERSONATION_LEVEL SecurityAnonymous -#define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation +#define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation #define VALID_IMPERSONATION_LEVEL(Level) (((Level) >= SECURITY_MIN_IMPERSONATION_LEVEL) && ((Level) <= SECURITY_MAX_IMPERSONATION_LEVEL)) #define SECURITY_DYNAMIC_TRACKING (TRUE) #define SECURITY_STATIC_TRACKING (FALSE) -$endif (_WDMDDK_) -$if (_WDMDDK_ || _WINNT_) - typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE, *PSECURITY_CONTEXT_TRACKING_MODE; typedef struct _SECURITY_QUALITY_OF_SERVICE { @@ -134,19 +119,20 @@ typedef struct _SE_IMPERSONATION_STATE { SECURITY_IMPERSONATION_LEVEL Level; } SE_IMPERSONATION_STATE, *PSE_IMPERSONATION_STATE; -$endif (_WDMDDK_ || _WINNT_) -$if (_WDMDDK_) -#define OWNER_SECURITY_INFORMATION (0x00000001L) -#define GROUP_SECURITY_INFORMATION (0x00000002L) -#define DACL_SECURITY_INFORMATION (0x00000004L) -#define SACL_SECURITY_INFORMATION (0x00000008L) -#define LABEL_SECURITY_INFORMATION (0x00000010L) +#define OWNER_SECURITY_INFORMATION (0x00000001L) +#define GROUP_SECURITY_INFORMATION (0x00000002L) +#define DACL_SECURITY_INFORMATION (0x00000004L) +#define SACL_SECURITY_INFORMATION (0x00000008L) +#define LABEL_SECURITY_INFORMATION (0x00000010L) + +#define PROTECTED_DACL_SECURITY_INFORMATION (0x80000000L) +#define PROTECTED_SACL_SECURITY_INFORMATION (0x40000000L) +#define UNPROTECTED_DACL_SECURITY_INFORMATION (0x20000000L) +#define UNPROTECTED_SACL_SECURITY_INFORMATION (0x10000000L) -#define PROTECTED_DACL_SECURITY_INFORMATION (0x80000000L) -#define PROTECTED_SACL_SECURITY_INFORMATION (0x40000000L) -#define UNPROTECTED_DACL_SECURITY_INFORMATION (0x20000000L) -#define UNPROTECTED_SACL_SECURITY_INFORMATION (0x10000000L) +$endif (_WDMDDK_ || _WINNT_) +$if (_WDMDDK_) typedef enum _SECURITY_OPERATION_CODE { SetSecurityDescriptor, @@ -326,6 +312,9 @@ $endif (_WDMDDK_) $if (_NTDDK_) #define SE_UNSOLICITED_INPUT_PRIVILEGE 6 +$endif (_NTDDK_) +$if (_NTDDK_ || _WINNT_) + typedef enum _WELL_KNOWN_SID_TYPE { WinNullSid = 0, WinWorldSid = 1, @@ -411,7 +400,8 @@ typedef enum _WELL_KNOWN_SID_TYPE { WinConsoleLogonSid = 81, WinThisOrganizationCertificateSid = 82, } WELL_KNOWN_SID_TYPE; -$endif (_NTDDK_) + +$endif (_NTDDK_ || _WINNT_) $if (_NTIFS_ || _WINNT_) #ifndef SID_IDENTIFIER_AUTHORITY_DEFINED @@ -435,15 +425,12 @@ typedef struct _SID { } SID, *PISID; #endif -$endif (_NTIFS_ || _WINNT_) -$if (_NTIFS_) - #define SID_REVISION 1 #define SID_MAX_SUB_AUTHORITIES 15 #define SID_RECOMMENDED_SUB_AUTHORITIES 1 #ifndef MIDL_PASS -#define SECURITY_MAX_SID_SIZE (sizeof(SID) - sizeof(ULONG) + (SID_MAX_SUB_AUTHORITIES * sizeof(ULONG))) +#define SECURITY_MAX_SID_SIZE (sizeof(SID) - sizeof($ULONG) + (SID_MAX_SUB_AUTHORITIES * sizeof($ULONG))) #endif typedef enum _SID_NAME_USE { @@ -465,7 +452,7 @@ typedef struct _SID_AND_ATTRIBUTES { #else PSID Sid; #endif - ULONG Attributes; + $ULONG Attributes; } SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES; typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY]; typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY; @@ -474,7 +461,7 @@ typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY; typedef ULONG_PTR SID_HASH_ENTRY, *PSID_HASH_ENTRY; typedef struct _SID_AND_ATTRIBUTES_HASH { - ULONG SidCount; + $ULONG SidCount; PSID_AND_ATTRIBUTES SidAttr; SID_HASH_ENTRY Hash[SID_HASH_SIZE]; } SID_AND_ATTRIBUTES_HASH, *PSID_AND_ATTRIBUTES_HASH; @@ -482,89 +469,99 @@ typedef struct _SID_AND_ATTRIBUTES_HASH { /* Universal well-known SIDs */ #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0} + +/* S-1-1 */ #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1} + +/* S-1-2 */ #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2} + +/* S-1-3 */ #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3} + +/* S-1-4 */ #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4} + #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9} -#define SECURITY_NULL_RID (0x00000000L) -#define SECURITY_WORLD_RID (0x00000000L) -#define SECURITY_LOCAL_RID (0x00000000L) -#define SECURITY_LOCAL_LOGON_RID (0x00000001L) +#define SECURITY_NULL_RID (0x00000000L) +#define SECURITY_WORLD_RID (0x00000000L) +#define SECURITY_LOCAL_RID (0x00000000L) +#define SECURITY_LOCAL_LOGON_RID (0x00000001L) -#define SECURITY_CREATOR_OWNER_RID (0x00000000L) -#define SECURITY_CREATOR_GROUP_RID (0x00000001L) -#define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L) -#define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L) -#define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L) +#define SECURITY_CREATOR_OWNER_RID (0x00000000L) +#define SECURITY_CREATOR_GROUP_RID (0x00000001L) +#define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L) +#define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L) +#define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L) /* NT well-known SIDs */ -#define SECURITY_NT_AUTHORITY {0,0,0,0,0,5} - -#define SECURITY_DIALUP_RID (0x00000001L) -#define SECURITY_NETWORK_RID (0x00000002L) -#define SECURITY_BATCH_RID (0x00000003L) -#define SECURITY_INTERACTIVE_RID (0x00000004L) -#define SECURITY_LOGON_IDS_RID (0x00000005L) -#define SECURITY_LOGON_IDS_RID_COUNT (3L) -#define SECURITY_SERVICE_RID (0x00000006L) -#define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L) -#define SECURITY_PROXY_RID (0x00000008L) -#define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L) -#define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID -#define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL) -#define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL) -#define SECURITY_RESTRICTED_CODE_RID (0x0000000CL) -#define SECURITY_TERMINAL_SERVER_RID (0x0000000DL) -#define SECURITY_REMOTE_LOGON_RID (0x0000000EL) -#define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL) -#define SECURITY_IUSER_RID (0x00000011L) -#define SECURITY_LOCAL_SYSTEM_RID (0x00000012L) -#define SECURITY_LOCAL_SERVICE_RID (0x00000013L) -#define SECURITY_NETWORK_SERVICE_RID (0x00000014L) -#define SECURITY_NT_NON_UNIQUE (0x00000015L) -#define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L) +/* S-1-5 */ +#define SECURITY_NT_AUTHORITY {0,0,0,0,0,5} + +#define SECURITY_DIALUP_RID (0x00000001L) +#define SECURITY_NETWORK_RID (0x00000002L) +#define SECURITY_BATCH_RID (0x00000003L) +#define SECURITY_INTERACTIVE_RID (0x00000004L) +#define SECURITY_LOGON_IDS_RID (0x00000005L) +#define SECURITY_LOGON_IDS_RID_COUNT (3L) +#define SECURITY_SERVICE_RID (0x00000006L) +#define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L) +#define SECURITY_PROXY_RID (0x00000008L) +#define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L) +#define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID +#define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL) +#define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL) +#define SECURITY_RESTRICTED_CODE_RID (0x0000000CL) +#define SECURITY_TERMINAL_SERVER_RID (0x0000000DL) +#define SECURITY_REMOTE_LOGON_RID (0x0000000EL) +#define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL) +#define SECURITY_IUSER_RID (0x00000011L) +#define SECURITY_LOCAL_SYSTEM_RID (0x00000012L) +#define SECURITY_LOCAL_SERVICE_RID (0x00000013L) +#define SECURITY_NETWORK_SERVICE_RID (0x00000014L) +#define SECURITY_NT_NON_UNIQUE (0x00000015L) +#define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L) #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L) -#define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L) +#define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L) #define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L) -#define SECURITY_PACKAGE_BASE_RID (0x00000040L) -#define SECURITY_PACKAGE_RID_COUNT (2L) -#define SECURITY_PACKAGE_NTLM_RID (0x0000000AL) -#define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL) -#define SECURITY_PACKAGE_DIGEST_RID (0x00000015L) - -#define SECURITY_CRED_TYPE_BASE_RID (0x00000041L) -#define SECURITY_CRED_TYPE_RID_COUNT (2L) -#define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L) - -#define SECURITY_MIN_BASE_RID (0x00000050L) -#define SECURITY_SERVICE_ID_BASE_RID (0x00000050L) -#define SECURITY_SERVICE_ID_RID_COUNT (6L) -#define SECURITY_RESERVED_ID_BASE_RID (0x00000051L) -#define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L) -#define SECURITY_APPPOOL_ID_RID_COUNT (6L) -#define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L) -#define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L) -#define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L) -#define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L) +#define SECURITY_PACKAGE_BASE_RID (0x00000040L) +#define SECURITY_PACKAGE_RID_COUNT (2L) +#define SECURITY_PACKAGE_NTLM_RID (0x0000000AL) +#define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL) +#define SECURITY_PACKAGE_DIGEST_RID (0x00000015L) + +#define SECURITY_CRED_TYPE_BASE_RID (0x00000041L) +#define SECURITY_CRED_TYPE_RID_COUNT (2L) +#define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L) + +#define SECURITY_MIN_BASE_RID (0x00000050L) +#define SECURITY_SERVICE_ID_BASE_RID (0x00000050L) +#define SECURITY_SERVICE_ID_RID_COUNT (6L) +#define SECURITY_RESERVED_ID_BASE_RID (0x00000051L) +#define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L) +#define SECURITY_APPPOOL_ID_RID_COUNT (6L) +#define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L) +#define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L) +#define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L) +#define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L) #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID (0x00000055L) #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L) -#define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L) -#define SECURITY_WMIHOST_ID_RID_COUNT (6L) -#define SECURITY_TASK_ID_BASE_RID (0x00000057L) -#define SECURITY_NFS_ID_BASE_RID (0x00000058L) -#define SECURITY_COM_ID_BASE_RID (0x00000059L) -#define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L) +#define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L) +#define SECURITY_WMIHOST_ID_RID_COUNT (6L) +#define SECURITY_TASK_ID_BASE_RID (0x00000057L) +#define SECURITY_NFS_ID_BASE_RID (0x00000058L) +#define SECURITY_COM_ID_BASE_RID (0x00000059L) +#define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L) -#define SECURITY_MAX_BASE_RID (0x0000006FL) +#define SECURITY_MAX_BASE_RID (0x0000006FL) -#define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L) -#define SECURITY_MIN_NEVER_FILTERED (0x000003E8L) +#define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L) +#define SECURITY_MIN_NEVER_FILTERED (0x000003E8L) #define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L) @@ -574,15 +571,15 @@ typedef struct _SID_AND_ATTRIBUTES_HASH { #define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L) -#define FOREST_USER_RID_MAX (0x000001F3L) +#define FOREST_USER_RID_MAX (0x000001F3L) /* Well-known users */ -#define DOMAIN_USER_RID_ADMIN (0x000001F4L) -#define DOMAIN_USER_RID_GUEST (0x000001F5L) -#define DOMAIN_USER_RID_KRBTGT (0x000001F6L) +#define DOMAIN_USER_RID_ADMIN (0x000001F4L) +#define DOMAIN_USER_RID_GUEST (0x000001F5L) +#define DOMAIN_USER_RID_KRBTGT (0x000001F6L) -#define DOMAIN_USER_RID_MAX (0x000003E7L) +#define DOMAIN_USER_RID_MAX (0x000003E7L) /* Well-known groups */ @@ -599,15 +596,15 @@ typedef struct _SID_AND_ATTRIBUTES_HASH { /* Well-known aliases */ -#define DOMAIN_ALIAS_RID_ADMINS (0x00000220L) -#define DOMAIN_ALIAS_RID_USERS (0x00000221L) -#define DOMAIN_ALIAS_RID_GUESTS (0x00000222L) -#define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L) +#define DOMAIN_ALIAS_RID_ADMINS (0x00000220L) +#define DOMAIN_ALIAS_RID_USERS (0x00000221L) +#define DOMAIN_ALIAS_RID_GUESTS (0x00000222L) +#define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L) -#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L) -#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L) -#define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L) -#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L) +#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L) +#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L) +#define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L) +#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L) #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L) #define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L) @@ -616,11 +613,12 @@ typedef struct _SID_AND_ATTRIBUTES_HASH { #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL) #define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL) -#define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL) -#define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL) -#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L) -#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L) -#define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L) +#define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL) +#define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL) +#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L) +#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L) +#define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L) + #define DOMAIN_ALIAS_RID_IUSERS (0x00000238L) #define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L) #define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL) @@ -628,37 +626,36 @@ typedef struct _SID_AND_ATTRIBUTES_HASH { #define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL) #define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL) -#define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16} -#define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L) -#define SECURITY_MANDATORY_LOW_RID (0x00001000L) -#define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L) -#define SECURITY_MANDATORY_HIGH_RID (0x00003000L) -#define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L) -#define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L) +#define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16} +#define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L) +#define SECURITY_MANDATORY_LOW_RID (0x00001000L) +#define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L) +#define SECURITY_MANDATORY_HIGH_RID (0x00003000L) +#define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L) +#define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L) /* SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that can be set by a usermode caller.*/ -#define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID +#define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID #define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000) /* Allocate the System Luid. The first 1000 LUIDs are reserved. Use #999 here (0x3e7 = 999) */ -#define SYSTEM_LUID {0x3e7, 0x0} -#define ANONYMOUS_LOGON_LUID {0x3e6, 0x0} -#define LOCALSERVICE_LUID {0x3e5, 0x0} -#define NETWORKSERVICE_LUID {0x3e4, 0x0} -#define IUSER_LUID {0x3e3, 0x0} +#define SYSTEM_LUID {0x3e7, 0x0} +#define ANONYMOUS_LOGON_LUID {0x3e6, 0x0} +#define LOCALSERVICE_LUID {0x3e5, 0x0} +#define NETWORKSERVICE_LUID {0x3e4, 0x0} +#define IUSER_LUID {0x3e3, 0x0} typedef struct _ACE_HEADER { - UCHAR AceType; - UCHAR AceFlags; - USHORT AceSize; + $UCHAR AceType; + $UCHAR AceFlags; + $USHORT AceSize; } ACE_HEADER, *PACE_HEADER; -/* also in winnt.h */ #define ACCESS_MIN_MS_ACE_TYPE (0x0) #define ACCESS_ALLOWED_ACE_TYPE (0x0) #define ACCESS_DENIED_ACE_TYPE (0x1) @@ -689,87 +686,87 @@ typedef struct _ACE_HEADER { /* The following are the inherit flags that go into the AceFlags field of an Ace header. */ -#define OBJECT_INHERIT_ACE (0x1) -#define CONTAINER_INHERIT_ACE (0x2) -#define NO_PROPAGATE_INHERIT_ACE (0x4) -#define INHERIT_ONLY_ACE (0x8) -#define INHERITED_ACE (0x10) -#define VALID_INHERIT_FLAGS (0x1F) +#define OBJECT_INHERIT_ACE (0x1) +#define CONTAINER_INHERIT_ACE (0x2) +#define NO_PROPAGATE_INHERIT_ACE (0x4) +#define INHERIT_ONLY_ACE (0x8) +#define INHERITED_ACE (0x10) +#define VALID_INHERIT_FLAGS (0x1F) -#define SUCCESSFUL_ACCESS_ACE_FLAG (0x40) -#define FAILED_ACCESS_ACE_FLAG (0x80) +#define SUCCESSFUL_ACCESS_ACE_FLAG (0x40) +#define FAILED_ACCESS_ACE_FLAG (0x80) typedef struct _ACCESS_ALLOWED_ACE { ACE_HEADER Header; ACCESS_MASK Mask; - ULONG SidStart; + $ULONG SidStart; } ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE; typedef struct _ACCESS_DENIED_ACE { ACE_HEADER Header; ACCESS_MASK Mask; - ULONG SidStart; + $ULONG SidStart; } ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE; typedef struct _SYSTEM_AUDIT_ACE { ACE_HEADER Header; ACCESS_MASK Mask; - ULONG SidStart; + $ULONG SidStart; } SYSTEM_AUDIT_ACE, *PSYSTEM_AUDIT_ACE; typedef struct _SYSTEM_ALARM_ACE { ACE_HEADER Header; ACCESS_MASK Mask; - ULONG SidStart; + $ULONG SidStart; } SYSTEM_ALARM_ACE, *PSYSTEM_ALARM_ACE; typedef struct _SYSTEM_MANDATORY_LABEL_ACE { ACE_HEADER Header; ACCESS_MASK Mask; - ULONG SidStart; + $ULONG SidStart; } SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE; -#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1 -#define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2 -#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4 -#define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \ - SYSTEM_MANDATORY_LABEL_NO_READ_UP | \ - SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP) - -#define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR)) - -typedef USHORT SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL; - -#define SE_OWNER_DEFAULTED 0x0001 -#define SE_GROUP_DEFAULTED 0x0002 -#define SE_DACL_PRESENT 0x0004 -#define SE_DACL_DEFAULTED 0x0008 -#define SE_SACL_PRESENT 0x0010 -#define SE_SACL_DEFAULTED 0x0020 -#define SE_DACL_UNTRUSTED 0x0040 -#define SE_SERVER_SECURITY 0x0080 -#define SE_DACL_AUTO_INHERIT_REQ 0x0100 -#define SE_SACL_AUTO_INHERIT_REQ 0x0200 -#define SE_DACL_AUTO_INHERITED 0x0400 -#define SE_SACL_AUTO_INHERITED 0x0800 -#define SE_DACL_PROTECTED 0x1000 -#define SE_SACL_PROTECTED 0x2000 -#define SE_RM_CONTROL_VALID 0x4000 -#define SE_SELF_RELATIVE 0x8000 +#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1 +#define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2 +#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4 +#define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \ + SYSTEM_MANDATORY_LABEL_NO_READ_UP | \ + SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP) + +#define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR)) + +typedef $USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL; + +#define SE_OWNER_DEFAULTED 0x0001 +#define SE_GROUP_DEFAULTED 0x0002 +#define SE_DACL_PRESENT 0x0004 +#define SE_DACL_DEFAULTED 0x0008 +#define SE_SACL_PRESENT 0x0010 +#define SE_SACL_DEFAULTED 0x0020 +#define SE_DACL_UNTRUSTED 0x0040 +#define SE_SERVER_SECURITY 0x0080 +#define SE_DACL_AUTO_INHERIT_REQ 0x0100 +#define SE_SACL_AUTO_INHERIT_REQ 0x0200 +#define SE_DACL_AUTO_INHERITED 0x0400 +#define SE_SACL_AUTO_INHERITED 0x0800 +#define SE_DACL_PROTECTED 0x1000 +#define SE_SACL_PROTECTED 0x2000 +#define SE_RM_CONTROL_VALID 0x4000 +#define SE_SELF_RELATIVE 0x8000 typedef struct _SECURITY_DESCRIPTOR_RELATIVE { - UCHAR Revision; - UCHAR Sbz1; + $UCHAR Revision; + $UCHAR Sbz1; SECURITY_DESCRIPTOR_CONTROL Control; - ULONG Owner; - ULONG Group; - ULONG Sacl; - ULONG Dacl; + $ULONG Owner; + $ULONG Group; + $ULONG Sacl; + $ULONG Dacl; } SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE; typedef struct _SECURITY_DESCRIPTOR { - UCHAR Revision; - UCHAR Sbz1; + $UCHAR Revision; + $UCHAR Sbz1; SECURITY_DESCRIPTOR_CONTROL Control; PSID Owner; PSID Group; @@ -778,8 +775,8 @@ typedef struct _SECURITY_DESCRIPTOR { } SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR; typedef struct _OBJECT_TYPE_LIST { - USHORT Level; - USHORT Sbz; + $USHORT Level; + $USHORT Sbz; GUID *ObjectType; } OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST; @@ -819,7 +816,7 @@ typedef enum _ACCESS_REASON_TYPE { AccessReasonNoGrant = 0x00800000 } ACCESS_REASON_TYPE; -typedef ULONG ACCESS_REASON; +typedef $ULONG ACCESS_REASON; typedef struct _ACCESS_REASONS { ACCESS_REASON Data[32]; @@ -830,11 +827,14 @@ typedef struct _ACCESS_REASONS { #define SE_SECURITY_DESCRIPTOR_VALID_FLAGS 0x00000003 typedef struct _SE_SECURITY_DESCRIPTOR { - ULONG Size; - ULONG Flags; + $ULONG Size; + $ULONG Flags; PSECURITY_DESCRIPTOR SecurityDescriptor; } SE_SECURITY_DESCRIPTOR, *PSE_SECURITY_DESCRIPTOR; +$endif(_NTIFS_ || _WINNT_) +$if(_NTIFS_) + typedef struct _SE_ACCESS_REQUEST { ULONG Size; PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor; diff --git a/reactos/include/xdk/winnt_old.h b/reactos/include/xdk/winnt_old.h index b7ec2ef24bb..b7e4db3b687 100644 --- a/reactos/include/xdk/winnt_old.h +++ b/reactos/include/xdk/winnt_old.h @@ -118,26 +118,6 @@ #define SYSTEM_AUDIT_ACE_TYPE (0x2) #define SYSTEM_ALARM_ACE_TYPE (0x3) /*end ntifs.h */ -#define OBJECT_INHERIT_ACE 1 -#define CONTAINER_INHERIT_ACE 2 -#define NO_PROPAGATE_INHERIT_ACE 4 -#define INHERIT_ONLY_ACE 8 -#define INHERITED_ACE 16 -#define VALID_INHERIT_FLAGS 0x1F -#define SUCCESSFUL_ACCESS_ACE_FLAG 64 -#define FAILED_ACCESS_ACE_FLAG 128 -#define DELETE 0x00010000L -#define READ_CONTROL 0x20000L -#define WRITE_DAC 0x40000L -#define WRITE_OWNER 0x80000L -#define SYNCHRONIZE 0x100000L -#define STANDARD_RIGHTS_REQUIRED 0xF0000 -#define STANDARD_RIGHTS_READ 0x20000 -#define STANDARD_RIGHTS_WRITE 0x20000 -#define STANDARD_RIGHTS_EXECUTE 0x20000 -#define STANDARD_RIGHTS_ALL 0x1F0000 -#define SPECIFIC_RIGHTS_ALL 0xFFFF -#define ACCESS_SYSTEM_SECURITY 0x1000000 #define REG_STANDARD_FORMAT 1 #define REG_LATEST_FORMAT 2 @@ -192,12 +172,6 @@ #endif /* WIN32_NO_STATUS */ -#define MAXIMUM_ALLOWED 0x2000000 -#define GENERIC_READ 0x80000000 -#define GENERIC_WRITE 0x40000000 -#define GENERIC_EXECUTE 0x20000000 -#define GENERIC_ALL 0x10000000 - #define INVALID_FILE_ATTRIBUTES ((DWORD)-1) /* Also in ddk/winddk.h */ @@ -375,204 +349,6 @@ #define PROCESS_SET_LIMITED_INFORMATION 0x2000 #define THREAD_RESUME 0x1000 -/* - * To prevent gcc compiler warnings, bracket these defines when initialising - * a SID_IDENTIFIER_AUTHORITY, eg. - * SID_IDENTIFIER_AUTHORITY aNullSidAuthority = {SECURITY_NULL_SID_AUTHORITY}; - */ -#define SID_MAX_SUB_AUTHORITIES 15 - -/* security entities */ -#define SECURITY_NULL_RID (0x00000000L) -#define SECURITY_WORLD_RID (0x00000000L) -#define SECURITY_LOCAL_RID (0X00000000L) - -#define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0} - -/* S-1-1 */ -#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1} - -/* S-1-2 */ -#define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2} - -/* S-1-3 */ -#define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3} -#define SECURITY_CREATOR_OWNER_RID (0x00000000L) -#define SECURITY_CREATOR_GROUP_RID (0x00000001L) -#define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L) -#define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L) - -/* S-1-4 */ -#define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4} - -/* S-1-5 */ -#define SECURITY_NT_AUTHORITY {0,0,0,0,0,5} -#define SECURITY_DIALUP_RID 0x00000001L -#define SECURITY_NETWORK_RID 0x00000002L -#define SECURITY_BATCH_RID 0x00000003L -#define SECURITY_INTERACTIVE_RID 0x00000004L -#define SECURITY_LOGON_IDS_RID 0x00000005L -#define SECURITY_SERVICE_RID 0x00000006L -#define SECURITY_ANONYMOUS_LOGON_RID 0x00000007L -#define SECURITY_PROXY_RID 0x00000008L -#define SECURITY_ENTERPRISE_CONTROLLERS_RID 0x00000009L -#define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID -#define SECURITY_PRINCIPAL_SELF_RID 0x0000000AL -#define SECURITY_AUTHENTICATED_USER_RID 0x0000000BL -#define SECURITY_RESTRICTED_CODE_RID 0x0000000CL -#define SECURITY_TERMINAL_SERVER_RID 0x0000000DL -#define SECURITY_REMOTE_LOGON_RID 0x0000000EL -#define SECURITY_THIS_ORGANIZATION_RID 0x0000000FL -#define SECURITY_LOCAL_SYSTEM_RID 0x00000012L -#define SECURITY_LOCAL_SERVICE_RID 0x00000013L -#define SECURITY_NETWORK_SERVICE_RID 0x00000014L -#define SECURITY_NT_NON_UNIQUE 0x00000015L -#define SECURITY_BUILTIN_DOMAIN_RID 0x00000020L - -#define SECURITY_PACKAGE_BASE_RID 0x00000040L -#define SECURITY_PACKAGE_NTLM_RID 0x0000000AL -#define SECURITY_PACKAGE_SCHANNEL_RID 0x0000000EL -#define SECURITY_PACKAGE_DIGEST_RID 0x00000015L -#define SECURITY_OTHER_ORGANIZATION_RID 0x000003E8L - -#define SECURITY_LOGON_IDS_RID_COUNT 0x3 -#define SID_REVISION 1 - -#define FOREST_USER_RID_MAX 0x000001F3L -#define DOMAIN_USER_RID_ADMIN 0x000001F4L -#define DOMAIN_USER_RID_GUEST 0x000001F5L -#define DOMAIN_USER_RID_KRBTGT 0x000001F6L -#define DOMAIN_USER_RID_MAX 0x000003E7L - -#define DOMAIN_GROUP_RID_ADMINS 0x00000200L -#define DOMAIN_GROUP_RID_USERS 0x00000201L -#define DOMAIN_GROUP_RID_GUESTS 0x00000202L -#define DOMAIN_GROUP_RID_COMPUTERS 0x00000203L -#define DOMAIN_GROUP_RID_CONTROLLERS 0x00000204L -#define DOMAIN_GROUP_RID_CERT_ADMINS 0x00000205L -#define DOMAIN_GROUP_RID_SCHEMA_ADMINS 0x00000206L -#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS 0x00000207L -#define DOMAIN_GROUP_RID_POLICY_ADMINS 0x00000208L - -#define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16} -#define SECURITY_MANDATORY_UNTRUSTED_RID 0x00000000L -#define SECURITY_MANDATORY_LOW_RID 0x00001000L -#define SECURITY_MANDATORY_MEDIUM_RID 0x00002000L -#define SECURITY_MANDATORY_HIGH_RID 0x00003000L -#define SECURITY_MANDATORY_SYSTEM_RID 0x00004000L -#define SECURITY_MANDATORY_PROTECTED_PROCESS_RID 0x00005000L - -#define DOMAIN_ALIAS_RID_ADMINS 0x00000220L -#define DOMAIN_ALIAS_RID_USERS 0x00000221L -#define DOMAIN_ALIAS_RID_GUESTS 0x00000222L -#define DOMAIN_ALIAS_RID_POWER_USERS 0x00000223L - -#define DOMAIN_ALIAS_RID_ACCOUNT_OPS 0x00000224L -#define DOMAIN_ALIAS_RID_SYSTEM_OPS 0x00000225L -#define DOMAIN_ALIAS_RID_PRINT_OPS 0x00000226L -#define DOMAIN_ALIAS_RID_BACKUP_OPS 0x00000227L - -#define DOMAIN_ALIAS_RID_REPLICATOR 0x00000228L -#define DOMAIN_ALIAS_RID_RAS_SERVERS 0x00000229L -#define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS 0x0000022AL -#define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS 0x0000022BL -#define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS 0x0000022CL -#define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS 0x0000022DL - -#define DOMAIN_ALIAS_RID_MONITORING_USERS 0x0000022EL -#define DOMAIN_ALIAS_RID_LOGGING_USERS 0x0000022FL -#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS 0x00000230L -#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS 0x00000231L -#define DOMAIN_ALIAS_RID_DCOM_USERS 0x00000232L - -#define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16} - -typedef enum { - WinNullSid = 0, - WinWorldSid = 1, - WinLocalSid = 2, - WinCreatorOwnerSid = 3, - WinCreatorGroupSid = 4, - WinCreatorOwnerServerSid = 5, - WinCreatorGroupServerSid = 6, - WinNtAuthoritySid = 7, - WinDialupSid = 8, - WinNetworkSid = 9, - WinBatchSid = 10, - WinInteractiveSid = 11, - WinServiceSid = 12, - WinAnonymousSid = 13, - WinProxySid = 14, - WinEnterpriseControllersSid = 15, - WinSelfSid = 16, - WinAuthenticatedUserSid = 17, - WinRestrictedCodeSid = 18, - WinTerminalServerSid = 19, - WinRemoteLogonIdSid = 20, - WinLogonIdsSid = 21, - WinLocalSystemSid = 22, - WinLocalServiceSid = 23, - WinNetworkServiceSid = 24, - WinBuiltinDomainSid = 25, - WinBuiltinAdministratorsSid = 26, - WinBuiltinUsersSid = 27, - WinBuiltinGuestsSid = 28, - WinBuiltinPowerUsersSid = 29, - WinBuiltinAccountOperatorsSid = 30, - WinBuiltinSystemOperatorsSid = 31, - WinBuiltinPrintOperatorsSid = 32, - WinBuiltinBackupOperatorsSid = 33, - WinBuiltinReplicatorSid = 34, - WinBuiltinPreWindows2000CompatibleAccessSid = 35, - WinBuiltinRemoteDesktopUsersSid = 36, - WinBuiltinNetworkConfigurationOperatorsSid = 37, - WinAccountAdministratorSid = 38, - WinAccountGuestSid = 39, - WinAccountKrbtgtSid = 40, - WinAccountDomainAdminsSid = 41, - WinAccountDomainUsersSid = 42, - WinAccountDomainGuestsSid = 43, - WinAccountComputersSid = 44, - WinAccountControllersSid = 45, - WinAccountCertAdminsSid = 46, - WinAccountSchemaAdminsSid = 47, - WinAccountEnterpriseAdminsSid = 48, - WinAccountPolicyAdminsSid = 49, - WinAccountRasAndIasServersSid = 50, - WinNTLMAuthenticationSid = 51, - WinDigestAuthenticationSid = 52, - WinSChannelAuthenticationSid = 53, - WinThisOrganizationSid = 54, - WinOtherOrganizationSid = 55, - WinBuiltinIncomingForestTrustBuildersSid = 56, - WinBuiltinPerfMonitoringUsersSid = 57, - WinBuiltinPerfLoggingUsersSid = 58, - WinBuiltinAuthorizationAccessSid = 59, - WinBuiltinTerminalServerLicenseServersSid = 60, - WinBuiltinDCOMUsersSid = 61, - WinBuiltinIUsersSid = 62, - WinIUserSid = 63, - WinBuiltinCryptoOperatorsSid = 64, - WinUntrustedLabelSid = 65, - WinLowLabelSid = 66, - WinMediumLabelSid = 67, - WinHighLabelSid = 68, - WinSystemLabelSid = 69, - WinWriteRestrictedCodeSid = 70, - WinCreatorOwnerRightsSid = 71, - WinCacheablePrincipalsGroupSid = 72, - WinNonCacheablePrincipalsGroupSid = 73, - WinEnterpriseReadonlyControllersSid = 74, - WinAccountReadonlyControllersSid = 75, - WinBuiltinEventLogReadersGroup = 76, - WinNewEnterpriseReadonlyControllersSid = 77, - WinBuiltinCertSvcDComAccessGroup = 78, - WinMediumPlusLabelSid = 79, - WinLocalLogonSid = 80, - WinConsoleLogonSid = 81, - WinThisOrganizationCertificateSid = 82, -} WELL_KNOWN_SID_TYPE; - #define SE_CREATE_TOKEN_NAME TEXT("SeCreateTokenPrivilege") #define SE_ASSIGNPRIMARYTOKEN_NAME TEXT("SeAssignPrimaryTokenPrivilege") #define SE_LOCK_MEMORY_NAME TEXT("SeLockMemoryPrivilege") @@ -630,14 +406,6 @@ typedef enum { #define LANG_MANX_GAELIC 0x94 #define SUBLANG_PORTUGUESE_PORTUGAL 0x02 -#define ACL_REVISION 2 -#define ACL_REVISION_DS 4 -#define ACL_REVISION1 1 -#define ACL_REVISION2 2 -#define ACL_REVISION3 3 -#define ACL_REVISION4 4 -#define MIN_ACL_REVISION 2 -#define MAX_ACL_REVISION 4 #define PROCESSOR_INTEL_386 386 #define PROCESSOR_INTEL_486 486 #define PROCESSOR_INTEL_PENTIUM 586 @@ -763,14 +531,6 @@ typedef enum { #define REG_OPTION_BACKUP_RESTORE 4 #define REG_OPTION_OPEN_LINK 8 #define REG_LEGAL_OPTION 15 -#define OWNER_SECURITY_INFORMATION 1 -#define GROUP_SECURITY_INFORMATION 2 -#define DACL_SECURITY_INFORMATION 4 -#define SACL_SECURITY_INFORMATION 8 -#define PROTECTED_DACL_SECURITY_INFORMATION 0x80000000 -#define PROTECTED_SACL_SECURITY_INFORMATION 0x40000000 -#define UNPROTECTED_DACL_SECURITY_INFORMATION 0x20000000 -#define UNPROTECTED_SACL_SECURITY_INFORMATION 0x10000000 #define MAXIMUM_PROCESSORS 32 #define PAGE_NOACCESS 0x0001 #define PAGE_READONLY 0x0002 @@ -1176,33 +936,7 @@ typedef enum { #define SERVICE_ERROR_NORMAL 1 #define SERVICE_ERROR_SEVERE 2 #define SERVICE_ERROR_CRITICAL 3 -#define SE_OWNER_DEFAULTED 0x0001 -#define SE_GROUP_DEFAULTED 0x0002 -#define SE_DACL_PRESENT 0x0004 -#define SE_DACL_DEFAULTED 0x0008 -#define SE_SACL_PRESENT 0x0010 -#define SE_SACL_DEFAULTED 0x0020 -#define SE_DACL_UNTRUSTED 0x0040 -#define SE_SERVER_SECURITY 0x0080 -#define SE_DACL_AUTO_INHERIT_REQ 0x0100 -#define SE_SACL_AUTO_INHERIT_REQ 0x0200 -#define SE_DACL_AUTO_INHERITED 0x0400 -#define SE_SACL_AUTO_INHERITED 0x0800 -#define SE_DACL_PROTECTED 0x1000 -#define SE_SACL_PROTECTED 0x2000 -#define SE_RM_CONTROL_VALID 0x4000 -#define SE_SELF_RELATIVE 0x8000 -#define SECURITY_DESCRIPTOR_MIN_LENGTH 20 -#define SECURITY_DESCRIPTOR_REVISION 1 -#define SECURITY_DESCRIPTOR_REVISION1 1 -#define SE_PRIVILEGE_ENABLED_BY_DEFAULT 1 -#define SE_PRIVILEGE_ENABLED 2 -#define SE_PRIVILEGE_USED_FOR_ACCESS 0x80000000 -#define PRIVILEGE_SET_ALL_NECESSARY 1 -#define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation -#define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation -#define SECURITY_DYNAMIC_TRACKING TRUE -#define SECURITY_STATIC_TRACKING FALSE + /* also in ddk/ntifs.h */ #define TOKEN_ASSIGN_PRIMARY (0x0001) #define TOKEN_DUPLICATE (0x0002) @@ -1394,7 +1128,6 @@ typedef VOID (NTAPI *WORKERCALLBACKFUNC)(PVOID); #define IO_REPARSE_TAG_MOUNT_POINT 0xA0000003 #define IO_REPARSE_TAG_SYMLINK 0xA000000CL #ifndef RC_INVOKED -typedef DWORD ACCESS_MASK, *PACCESS_MASK; #ifdef _GUID_DEFINED # warning _GUID_DEFINED is deprecated, use GUID_DEFINED instead @@ -1410,189 +1143,6 @@ typedef struct _GUID { } GUID, *REFGUID, *LPGUID; #endif /* GUID_DEFINED */ -#define SYSTEM_LUID { 0x3E7, 0x0 } - -/* ACE Access Types, also in ntifs.h */ -#define ACCESS_MIN_MS_ACE_TYPE (0x0) -#define ACCESS_ALLOWED_ACE_TYPE (0x0) -#define ACCESS_DENIED_ACE_TYPE (0x1) -#define SYSTEM_AUDIT_ACE_TYPE (0x2) -#define SYSTEM_ALARM_ACE_TYPE (0x3) -#define ACCESS_MAX_MS_V2_ACE_TYPE (0x3) -#define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4) -#define ACCESS_MAX_MS_V3_ACE_TYPE (0x4) -#define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5) -#define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5) -#define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6) -#define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7) -#define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8) -#define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8) -#define ACCESS_MAX_MS_V4_ACE_TYPE (0x8) -#define ACCESS_MAX_MS_ACE_TYPE (0x8) -#define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9) -#define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA) -#define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB) -#define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC) -#define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD) -#define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE) -#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF) -#define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10) -#define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11) -#define ACCESS_MAX_MS_V5_ACE_TYPE (0x11) -/* end ntifs.h */ - -typedef struct _GENERIC_MAPPING { - ACCESS_MASK GenericRead; - ACCESS_MASK GenericWrite; - ACCESS_MASK GenericExecute; - ACCESS_MASK GenericAll; -} GENERIC_MAPPING, *PGENERIC_MAPPING; - -typedef struct _ACE_HEADER { - BYTE AceType; - BYTE AceFlags; - WORD AceSize; -} ACE_HEADER, *PACE_HEADER; - -typedef struct _ACCESS_ALLOWED_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD SidStart; -} ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE; - -typedef struct _ACCESS_DENIED_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD SidStart; -} ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE; - -typedef struct _SYSTEM_AUDIT_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD SidStart; -} SYSTEM_AUDIT_ACE, *PSYSTEM_AUDIT_ACE; - -typedef struct _SYSTEM_ALARM_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD SidStart; -} SYSTEM_ALARM_ACE,*PSYSTEM_ALARM_ACE; - -typedef struct _SYSTEM_MANDATORY_LABEL_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD SidStart; -} SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE; - -#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1 -#define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2 -#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4 -#define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | SYSTEM_MANDATORY_LABEL_NO_READ_UP | SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP) - -typedef struct _ACCESS_ALLOWED_OBJECT_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD Flags; - GUID ObjectType; - GUID InheritedObjectType; - DWORD SidStart; -} ACCESS_ALLOWED_OBJECT_ACE,*PACCESS_ALLOWED_OBJECT_ACE; - -typedef struct _ACCESS_DENIED_OBJECT_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD Flags; - GUID ObjectType; - GUID InheritedObjectType; - DWORD SidStart; -} ACCESS_DENIED_OBJECT_ACE,*PACCESS_DENIED_OBJECT_ACE; - -typedef struct _SYSTEM_AUDIT_OBJECT_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD Flags; - GUID ObjectType; - GUID InheritedObjectType; - DWORD SidStart; -} SYSTEM_AUDIT_OBJECT_ACE,*PSYSTEM_AUDIT_OBJECT_ACE; - -typedef struct _SYSTEM_ALARM_OBJECT_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD Flags; - GUID ObjectType; - GUID InheritedObjectType; - DWORD SidStart; -} SYSTEM_ALARM_OBJECT_ACE,*PSYSTEM_ALARM_OBJECT_ACE; - -typedef struct _ACCESS_ALLOWED_CALLBACK_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD SidStart; -} ACCESS_ALLOWED_CALLBACK_ACE, *PACCESS_ALLOWED_CALLBACK_ACE; - -typedef struct _ACCESS_DENIED_CALLBACK_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD SidStart; -} ACCESS_DENIED_CALLBACK_ACE, *PACCESS_DENIED_CALLBACK_ACE; - -typedef struct _SYSTEM_AUDIT_CALLBACK_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD SidStart; -} SYSTEM_AUDIT_CALLBACK_ACE, *PSYSTEM_AUDIT_CALLBACK_ACE; - -typedef struct _SYSTEM_ALARM_CALLBACK_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD SidStart; -} SYSTEM_ALARM_CALLBACK_ACE, *PSYSTEM_ALARM_CALLBACK_ACE; - -typedef struct _ACCESS_ALLOWED_CALLBACK_OBJECT_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD Flags; - GUID ObjectType; - GUID InheritedObjectType; - DWORD SidStart; -} ACCESS_ALLOWED_CALLBACK_OBJECT_ACE, *PACCESS_ALLOWED_CALLBACK_OBJECT_ACE; - -typedef struct _ACCESS_DENIED_CALLBACK_OBJECT_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD Flags; - GUID ObjectType; - GUID InheritedObjectType; - DWORD SidStart; -} ACCESS_DENIED_CALLBACK_OBJECT_ACE, *PACCESS_DENIED_CALLBACK_OBJECT_ACE; - -typedef struct _SYSTEM_AUDIT_CALLBACK_OBJECT_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD Flags; - GUID ObjectType; - GUID InheritedObjectType; - DWORD SidStart; -} SYSTEM_AUDIT_CALLBACK_OBJECT_ACE, *PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE; - -typedef struct _SYSTEM_ALARM_CALLBACK_OBJECT_ACE { - ACE_HEADER Header; - ACCESS_MASK Mask; - DWORD Flags; - GUID ObjectType; - GUID InheritedObjectType; - DWORD SidStart; -} SYSTEM_ALARM_CALLBACK_OBJECT_ACE, *PSYSTEM_ALARM_CALLBACK_OBJECT_ACE; - -typedef struct _ACL { - BYTE AclRevision; - BYTE Sbz1; - WORD AclSize; - WORD AceCount; - WORD Sbz2; -} ACL,*PACL; - typedef enum _ACL_INFORMATION_CLASS { AclRevisionInformation = 1, AclSizeInformation @@ -2544,40 +2094,111 @@ typedef struct _EXCEPTION_POINTERS { PCONTEXT ContextRecord; } EXCEPTION_POINTERS,*PEXCEPTION_POINTERS, *LPEXCEPTION_POINTERS; -#include - -typedef struct _LUID_AND_ATTRIBUTES { - LUID Luid; - DWORD Attributes; -} LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES; -typedef LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY]; -typedef LUID_AND_ATTRIBUTES_ARRAY *PLUID_AND_ATTRIBUTES_ARRAY; - -#include - -typedef struct _PRIVILEGE_SET { - DWORD PrivilegeCount; - DWORD Control; - LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]; -} PRIVILEGE_SET,*PPRIVILEGE_SET; - typedef struct _SECURITY_ATTRIBUTES { DWORD nLength; LPVOID lpSecurityDescriptor; BOOL bInheritHandle; -} SECURITY_ATTRIBUTES,*PSECURITY_ATTRIBUTES,*LPSECURITY_ATTRIBUTES; +} SECURITY_ATTRIBUTES, *PSECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES; + +#define SECURITY_MIN_SID_SIZE (sizeof(SID)) $include(setypes.h) -#define SECURITY_MIN_SID_SIZE (sizeof(SID)) -#define SECURITY_MAX_SID_SIZE (FIELD_OFFSET(SID, SubAuthority) + SID_MAX_SUB_AUTHORITIES * sizeof(DWORD)) +typedef struct _ACCESS_ALLOWED_OBJECT_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD Flags; + GUID ObjectType; + GUID InheritedObjectType; + DWORD SidStart; +} ACCESS_ALLOWED_OBJECT_ACE,*PACCESS_ALLOWED_OBJECT_ACE; + +typedef struct _ACCESS_DENIED_OBJECT_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD Flags; + GUID ObjectType; + GUID InheritedObjectType; + DWORD SidStart; +} ACCESS_DENIED_OBJECT_ACE,*PACCESS_DENIED_OBJECT_ACE; + +typedef struct _SYSTEM_AUDIT_OBJECT_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD Flags; + GUID ObjectType; + GUID InheritedObjectType; + DWORD SidStart; +} SYSTEM_AUDIT_OBJECT_ACE,*PSYSTEM_AUDIT_OBJECT_ACE; + +typedef struct _SYSTEM_ALARM_OBJECT_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD Flags; + GUID ObjectType; + GUID InheritedObjectType; + DWORD SidStart; +} SYSTEM_ALARM_OBJECT_ACE,*PSYSTEM_ALARM_OBJECT_ACE; + +typedef struct _ACCESS_ALLOWED_CALLBACK_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD SidStart; +} ACCESS_ALLOWED_CALLBACK_ACE, *PACCESS_ALLOWED_CALLBACK_ACE; + +typedef struct _ACCESS_DENIED_CALLBACK_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD SidStart; +} ACCESS_DENIED_CALLBACK_ACE, *PACCESS_DENIED_CALLBACK_ACE; + +typedef struct _SYSTEM_AUDIT_CALLBACK_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD SidStart; +} SYSTEM_AUDIT_CALLBACK_ACE, *PSYSTEM_AUDIT_CALLBACK_ACE; + +typedef struct _SYSTEM_ALARM_CALLBACK_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD SidStart; +} SYSTEM_ALARM_CALLBACK_ACE, *PSYSTEM_ALARM_CALLBACK_ACE; + +typedef struct _ACCESS_ALLOWED_CALLBACK_OBJECT_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD Flags; + GUID ObjectType; + GUID InheritedObjectType; + DWORD SidStart; +} ACCESS_ALLOWED_CALLBACK_OBJECT_ACE, *PACCESS_ALLOWED_CALLBACK_OBJECT_ACE; + +typedef struct _ACCESS_DENIED_CALLBACK_OBJECT_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD Flags; + GUID ObjectType; + GUID InheritedObjectType; + DWORD SidStart; +} ACCESS_DENIED_CALLBACK_OBJECT_ACE, *PACCESS_DENIED_CALLBACK_OBJECT_ACE; -typedef struct _SID_AND_ATTRIBUTES { - PSID Sid; - DWORD Attributes; -} SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES; -typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY]; -typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY; +typedef struct _SYSTEM_AUDIT_CALLBACK_OBJECT_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD Flags; + GUID ObjectType; + GUID InheritedObjectType; + DWORD SidStart; +} SYSTEM_AUDIT_CALLBACK_OBJECT_ACE, *PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE; + +typedef struct _SYSTEM_ALARM_CALLBACK_OBJECT_ACE { + ACE_HEADER Header; + ACCESS_MASK Mask; + DWORD Flags; + GUID ObjectType; + GUID InheritedObjectType; + DWORD SidStart; +} SYSTEM_ALARM_CALLBACK_OBJECT_ACE, *PSYSTEM_ALARM_CALLBACK_OBJECT_ACE; typedef struct _TOKEN_SOURCE { CHAR SourceName[TOKEN_SOURCE_LENGTH]; @@ -2664,33 +2285,6 @@ typedef struct _TOKEN_USER { SID_AND_ATTRIBUTES User; } TOKEN_USER, *PTOKEN_USER; -typedef DWORD SECURITY_INFORMATION,*PSECURITY_INFORMATION; -typedef WORD SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL; - -#ifndef _SECURITY_ATTRIBUTES_ -#define _SECURITY_ATTRIBUTES_ -typedef struct _SECURITY_DESCRIPTOR { - BYTE Revision; - BYTE Sbz1; - SECURITY_DESCRIPTOR_CONTROL Control; - PSID Owner; - PSID Group; - PACL Sacl; - PACL Dacl; -} SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR; -typedef PVOID PSECURITY_DESCRIPTOR; -#endif - -typedef struct _SECURITY_DESCRIPTOR_RELATIVE { - BYTE Revision; - BYTE Sbz1; - SECURITY_DESCRIPTOR_CONTROL Control; - DWORD Owner; - DWORD Group; - DWORD Sacl; - DWORD Dacl; -} SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE; - typedef enum _TOKEN_INFORMATION_CLASS { TokenUser = 1, TokenGroups, @@ -2723,19 +2317,6 @@ typedef enum _TOKEN_INFORMATION_CLASS { MaxTokenInfoClass } TOKEN_INFORMATION_CLASS; -typedef enum _SID_NAME_USE { - SidTypeUser=1, - SidTypeGroup, - SidTypeDomain, - SidTypeAlias, - SidTypeWellKnownGroup, - SidTypeDeletedAccount, - SidTypeInvalid, - SidTypeUnknown, - SidTypeComputer, - SidTypeLabel -} SID_NAME_USE,*PSID_NAME_USE; - typedef struct _QUOTA_LIMITS { SIZE_T PagedPoolLimit; SIZE_T NonPagedPoolLimit; @@ -4342,14 +3923,6 @@ typedef struct _SYSTEM_POWER_INFORMATION { } SYSTEM_POWER_INFORMATION,*PSYSTEM_POWER_INFORMATION; #endif -#if (_WIN32_WINNT >= 0x0500) -#define _AUDIT_EVENT_TYPE_HACK 1 -typedef enum _AUDIT_EVENT_TYPE { - AuditEventObjectAccess, - AuditEventDirectoryServiceAccess -} AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE; -#endif - #if (_WIN32_WINNT >= 0x0501) typedef enum _ACTIVATION_CONTEXT_INFO_CLASS { @@ -4569,12 +4142,6 @@ RtlSecureZeroMemory(_Out_writes_bytes_all_(Length) PVOID Buffer, return Buffer; } -typedef struct _OBJECT_TYPE_LIST { - WORD Level; - WORD Sbz; - GUID *ObjectType; -} OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST; - #if defined(_M_IX86) FORCEINLINE struct _TEB * NtCurrentTeb(void) { -- 2.17.1