ReactOS Development > Doxygen
setypes.h
Go to the documentation of this file.
00001 /****************************************************************************** 00002 * Security Manager Types * 00003 ******************************************************************************/ 00004 $if (_WDMDDK_) 00005 00006 /* Simple types */ 00007 typedef PVOID PSECURITY_DESCRIPTOR; 00008 typedef ULONG SECURITY_INFORMATION, *PSECURITY_INFORMATION; 00009 typedef ULONG ACCESS_MASK, *PACCESS_MASK; 00010 typedef PVOID PACCESS_TOKEN; 00011 typedef PVOID PSID; 00012 00013 #define DELETE 0x00010000L 00014 #define READ_CONTROL 0x00020000L 00015 #define WRITE_DAC 0x00040000L 00016 #define WRITE_OWNER 0x00080000L 00017 #define SYNCHRONIZE 0x00100000L 00018 #define STANDARD_RIGHTS_REQUIRED 0x000F0000L 00019 #define STANDARD_RIGHTS_READ READ_CONTROL 00020 #define STANDARD_RIGHTS_WRITE READ_CONTROL 00021 #define STANDARD_RIGHTS_EXECUTE READ_CONTROL 00022 #define STANDARD_RIGHTS_ALL 0x001F0000L 00023 #define SPECIFIC_RIGHTS_ALL 0x0000FFFFL 00024 #define ACCESS_SYSTEM_SECURITY 0x01000000L 00025 #define MAXIMUM_ALLOWED 0x02000000L 00026 #define GENERIC_READ 0x80000000L 00027 #define GENERIC_WRITE 0x40000000L 00028 #define GENERIC_EXECUTE 0x20000000L 00029 #define GENERIC_ALL 0x10000000L 00030 00031 typedef struct _GENERIC_MAPPING { 00032 ACCESS_MASK GenericRead; 00033 ACCESS_MASK GenericWrite; 00034 ACCESS_MASK GenericExecute; 00035 ACCESS_MASK GenericAll; 00036 } GENERIC_MAPPING, *PGENERIC_MAPPING; 00037 00038 #define ACL_REVISION 2 00039 #define ACL_REVISION_DS 4 00040 00041 #define ACL_REVISION1 1 00042 #define ACL_REVISION2 2 00043 #define ACL_REVISION3 3 00044 #define ACL_REVISION4 4 00045 #define MIN_ACL_REVISION ACL_REVISION2 00046 #define MAX_ACL_REVISION ACL_REVISION4 00047 00048 typedef struct _ACL { 00049 UCHAR AclRevision; 00050 UCHAR Sbz1; 00051 USHORT AclSize; 00052 USHORT AceCount; 00053 USHORT Sbz2; 00054 } ACL, *PACL; 00055 00056 /* Current security descriptor revision value */ 00057 #define SECURITY_DESCRIPTOR_REVISION (1) 00058 #define SECURITY_DESCRIPTOR_REVISION1 (1) 00059 00060 /* Privilege attributes */ 00061 #define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x00000001L) 00062 #define SE_PRIVILEGE_ENABLED (0x00000002L) 00063 #define SE_PRIVILEGE_REMOVED (0X00000004L) 00064 #define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L) 00065 00066 #define SE_PRIVILEGE_VALID_ATTRIBUTES (SE_PRIVILEGE_ENABLED_BY_DEFAULT | \ 00067 SE_PRIVILEGE_ENABLED | \ 00068 SE_PRIVILEGE_REMOVED | \ 00069 SE_PRIVILEGE_USED_FOR_ACCESS) 00070 00071 #include <pshpack4.h> 00072 typedef struct _LUID_AND_ATTRIBUTES { 00073 LUID Luid; 00074 ULONG Attributes; 00075 } LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES; 00076 #include <poppack.h> 00077 00078 typedef LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY]; 00079 typedef LUID_AND_ATTRIBUTES_ARRAY *PLUID_AND_ATTRIBUTES_ARRAY; 00080 00081 /* Privilege sets */ 00082 #define PRIVILEGE_SET_ALL_NECESSARY (1) 00083 00084 typedef struct _PRIVILEGE_SET { 00085 ULONG PrivilegeCount; 00086 ULONG Control; 00087 LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]; 00088 } PRIVILEGE_SET,*PPRIVILEGE_SET; 00089 00090 typedef enum _SECURITY_IMPERSONATION_LEVEL { 00091 SecurityAnonymous, 00092 SecurityIdentification, 00093 SecurityImpersonation, 00094 SecurityDelegation 00095 } SECURITY_IMPERSONATION_LEVEL, * PSECURITY_IMPERSONATION_LEVEL; 00096 00097 #define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation 00098 #define SECURITY_MIN_IMPERSONATION_LEVEL SecurityAnonymous 00099 #define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation 00100 #define VALID_IMPERSONATION_LEVEL(Level) (((Level) >= SECURITY_MIN_IMPERSONATION_LEVEL) && ((Level) <= SECURITY_MAX_IMPERSONATION_LEVEL)) 00101 00102 #define SECURITY_DYNAMIC_TRACKING (TRUE) 00103 #define SECURITY_STATIC_TRACKING (FALSE) 00104 00105 typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE, *PSECURITY_CONTEXT_TRACKING_MODE; 00106 00107 typedef struct _SECURITY_QUALITY_OF_SERVICE { 00108 ULONG Length; 00109 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; 00110 SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode; 00111 BOOLEAN EffectiveOnly; 00112 } SECURITY_QUALITY_OF_SERVICE, *PSECURITY_QUALITY_OF_SERVICE; 00113 00114 typedef struct _SE_IMPERSONATION_STATE { 00115 PACCESS_TOKEN Token; 00116 BOOLEAN CopyOnOpen; 00117 BOOLEAN EffectiveOnly; 00118 SECURITY_IMPERSONATION_LEVEL Level; 00119 } SE_IMPERSONATION_STATE, *PSE_IMPERSONATION_STATE; 00120 00121 #define OWNER_SECURITY_INFORMATION (0x00000001L) 00122 #define GROUP_SECURITY_INFORMATION (0x00000002L) 00123 #define DACL_SECURITY_INFORMATION (0x00000004L) 00124 #define SACL_SECURITY_INFORMATION (0x00000008L) 00125 #define LABEL_SECURITY_INFORMATION (0x00000010L) 00126 00127 #define PROTECTED_DACL_SECURITY_INFORMATION (0x80000000L) 00128 #define PROTECTED_SACL_SECURITY_INFORMATION (0x40000000L) 00129 #define UNPROTECTED_DACL_SECURITY_INFORMATION (0x20000000L) 00130 #define UNPROTECTED_SACL_SECURITY_INFORMATION (0x10000000L) 00131 00132 typedef enum _SECURITY_OPERATION_CODE { 00133 SetSecurityDescriptor, 00134 QuerySecurityDescriptor, 00135 DeleteSecurityDescriptor, 00136 AssignSecurityDescriptor 00137 } SECURITY_OPERATION_CODE, *PSECURITY_OPERATION_CODE; 00138 00139 #define INITIAL_PRIVILEGE_COUNT 3 00140 00141 typedef struct _INITIAL_PRIVILEGE_SET { 00142 ULONG PrivilegeCount; 00143 ULONG Control; 00144 LUID_AND_ATTRIBUTES Privilege[INITIAL_PRIVILEGE_COUNT]; 00145 } INITIAL_PRIVILEGE_SET, * PINITIAL_PRIVILEGE_SET; 00146 00147 #define SE_MIN_WELL_KNOWN_PRIVILEGE 2 00148 #define SE_CREATE_TOKEN_PRIVILEGE 2 00149 #define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE 3 00150 #define SE_LOCK_MEMORY_PRIVILEGE 4 00151 #define SE_INCREASE_QUOTA_PRIVILEGE 5 00152 #define SE_MACHINE_ACCOUNT_PRIVILEGE 6 00153 #define SE_TCB_PRIVILEGE 7 00154 #define SE_SECURITY_PRIVILEGE 8 00155 #define SE_TAKE_OWNERSHIP_PRIVILEGE 9 00156 #define SE_LOAD_DRIVER_PRIVILEGE 10 00157 #define SE_SYSTEM_PROFILE_PRIVILEGE 11 00158 #define SE_SYSTEMTIME_PRIVILEGE 12 00159 #define SE_PROF_SINGLE_PROCESS_PRIVILEGE 13 00160 #define SE_INC_BASE_PRIORITY_PRIVILEGE 14 00161 #define SE_CREATE_PAGEFILE_PRIVILEGE 15 00162 #define SE_CREATE_PERMANENT_PRIVILEGE 16 00163 #define SE_BACKUP_PRIVILEGE 17 00164 #define SE_RESTORE_PRIVILEGE 18 00165 #define SE_SHUTDOWN_PRIVILEGE 19 00166 #define SE_DEBUG_PRIVILEGE 20 00167 #define SE_AUDIT_PRIVILEGE 21 00168 #define SE_SYSTEM_ENVIRONMENT_PRIVILEGE 22 00169 #define SE_CHANGE_NOTIFY_PRIVILEGE 23 00170 #define SE_REMOTE_SHUTDOWN_PRIVILEGE 24 00171 #define SE_UNDOCK_PRIVILEGE 25 00172 #define SE_SYNC_AGENT_PRIVILEGE 26 00173 #define SE_ENABLE_DELEGATION_PRIVILEGE 27 00174 #define SE_MANAGE_VOLUME_PRIVILEGE 28 00175 #define SE_IMPERSONATE_PRIVILEGE 29 00176 #define SE_CREATE_GLOBAL_PRIVILEGE 30 00177 #define SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE 31 00178 #define SE_RELABEL_PRIVILEGE 32 00179 #define SE_INC_WORKING_SET_PRIVILEGE 33 00180 #define SE_TIME_ZONE_PRIVILEGE 34 00181 #define SE_CREATE_SYMBOLIC_LINK_PRIVILEGE 35 00182 #define SE_MAX_WELL_KNOWN_PRIVILEGE SE_CREATE_SYMBOLIC_LINK_PRIVILEGE 00183 00184 typedef struct _SECURITY_SUBJECT_CONTEXT { 00185 PACCESS_TOKEN ClientToken; 00186 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; 00187 PACCESS_TOKEN PrimaryToken; 00188 PVOID ProcessAuditId; 00189 } SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT; 00190 00191 typedef struct _ACCESS_STATE { 00192 LUID OperationID; 00193 BOOLEAN SecurityEvaluated; 00194 BOOLEAN GenerateAudit; 00195 BOOLEAN GenerateOnClose; 00196 BOOLEAN PrivilegesAllocated; 00197 ULONG Flags; 00198 ACCESS_MASK RemainingDesiredAccess; 00199 ACCESS_MASK PreviouslyGrantedAccess; 00200 ACCESS_MASK OriginalDesiredAccess; 00201 SECURITY_SUBJECT_CONTEXT SubjectSecurityContext; 00202 PSECURITY_DESCRIPTOR SecurityDescriptor; 00203 PVOID AuxData; 00204 union { 00205 INITIAL_PRIVILEGE_SET InitialPrivilegeSet; 00206 PRIVILEGE_SET PrivilegeSet; 00207 } Privileges; 00208 BOOLEAN AuditPrivileges; 00209 UNICODE_STRING ObjectName; 00210 UNICODE_STRING ObjectTypeName; 00211 } ACCESS_STATE, *PACCESS_STATE; 00212 00213 typedef VOID 00214 (NTAPI *PNTFS_DEREF_EXPORTED_SECURITY_DESCRIPTOR)( 00215 _In_ PVOID Vcb, 00216 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor); 00217 00218 #ifndef _NTLSA_IFS_ 00219 00220 #ifndef _NTLSA_AUDIT_ 00221 #define _NTLSA_AUDIT_ 00222 00223 #define SE_MAX_AUDIT_PARAMETERS 32 00224 #define SE_MAX_GENERIC_AUDIT_PARAMETERS 28 00225 00226 #define SE_ADT_OBJECT_ONLY 0x1 00227 00228 #define SE_ADT_PARAMETERS_SELF_RELATIVE 0x00000001 00229 #define SE_ADT_PARAMETERS_SEND_TO_LSA 0x00000002 00230 #define SE_ADT_PARAMETER_EXTENSIBLE_AUDIT 0x00000004 00231 #define SE_ADT_PARAMETER_GENERIC_AUDIT 0x00000008 00232 #define SE_ADT_PARAMETER_WRITE_SYNCHRONOUS 0x00000010 00233 00234 #define LSAP_SE_ADT_PARAMETER_ARRAY_TRUE_SIZE(Parameters) \ 00235 ( sizeof(SE_ADT_PARAMETER_ARRAY) - sizeof(SE_ADT_PARAMETER_ARRAY_ENTRY) * \ 00236 (SE_MAX_AUDIT_PARAMETERS - Parameters->ParameterCount) ) 00237 00238 typedef enum _SE_ADT_PARAMETER_TYPE { 00239 SeAdtParmTypeNone = 0, 00240 SeAdtParmTypeString, 00241 SeAdtParmTypeFileSpec, 00242 SeAdtParmTypeUlong, 00243 SeAdtParmTypeSid, 00244 SeAdtParmTypeLogonId, 00245 SeAdtParmTypeNoLogonId, 00246 SeAdtParmTypeAccessMask, 00247 SeAdtParmTypePrivs, 00248 SeAdtParmTypeObjectTypes, 00249 SeAdtParmTypeHexUlong, 00250 SeAdtParmTypePtr, 00251 SeAdtParmTypeTime, 00252 SeAdtParmTypeGuid, 00253 SeAdtParmTypeLuid, 00254 SeAdtParmTypeHexInt64, 00255 SeAdtParmTypeStringList, 00256 SeAdtParmTypeSidList, 00257 SeAdtParmTypeDuration, 00258 SeAdtParmTypeUserAccountControl, 00259 SeAdtParmTypeNoUac, 00260 SeAdtParmTypeMessage, 00261 SeAdtParmTypeDateTime, 00262 SeAdtParmTypeSockAddr, 00263 SeAdtParmTypeSD, 00264 SeAdtParmTypeLogonHours, 00265 SeAdtParmTypeLogonIdNoSid, 00266 SeAdtParmTypeUlongNoConv, 00267 SeAdtParmTypeSockAddrNoPort, 00268 SeAdtParmTypeAccessReason 00269 } SE_ADT_PARAMETER_TYPE, *PSE_ADT_PARAMETER_TYPE; 00270 00271 typedef struct _SE_ADT_OBJECT_TYPE { 00272 GUID ObjectType; 00273 USHORT Flags; 00274 USHORT Level; 00275 ACCESS_MASK AccessMask; 00276 } SE_ADT_OBJECT_TYPE, *PSE_ADT_OBJECT_TYPE; 00277 00278 typedef struct _SE_ADT_PARAMETER_ARRAY_ENTRY { 00279 SE_ADT_PARAMETER_TYPE Type; 00280 ULONG Length; 00281 ULONG_PTR Data[2]; 00282 PVOID Address; 00283 } SE_ADT_PARAMETER_ARRAY_ENTRY, *PSE_ADT_PARAMETER_ARRAY_ENTRY; 00284 00285 typedef struct _SE_ADT_ACCESS_REASON { 00286 ACCESS_MASK AccessMask; 00287 ULONG AccessReasons[32]; 00288 ULONG ObjectTypeIndex; 00289 ULONG AccessGranted; 00290 PSECURITY_DESCRIPTOR SecurityDescriptor; 00291 } SE_ADT_ACCESS_REASON, *PSE_ADT_ACCESS_REASON; 00292 00293 typedef struct _SE_ADT_PARAMETER_ARRAY { 00294 ULONG CategoryId; 00295 ULONG AuditId; 00296 ULONG ParameterCount; 00297 ULONG Length; 00298 USHORT FlatSubCategoryId; 00299 USHORT Type; 00300 ULONG Flags; 00301 SE_ADT_PARAMETER_ARRAY_ENTRY Parameters[ SE_MAX_AUDIT_PARAMETERS ]; 00302 } SE_ADT_PARAMETER_ARRAY, *PSE_ADT_PARAMETER_ARRAY; 00303 00304 #endif /* !_NTLSA_AUDIT_ */ 00305 #endif /* !_NTLSA_IFS_ */ 00306 $endif (_WDMDDK_) 00307 $if (_NTDDK_) 00308 #define SE_UNSOLICITED_INPUT_PRIVILEGE 6 00309 00310 typedef enum _WELL_KNOWN_SID_TYPE { 00311 WinNullSid = 0, 00312 WinWorldSid = 1, 00313 WinLocalSid = 2, 00314 WinCreatorOwnerSid = 3, 00315 WinCreatorGroupSid = 4, 00316 WinCreatorOwnerServerSid = 5, 00317 WinCreatorGroupServerSid = 6, 00318 WinNtAuthoritySid = 7, 00319 WinDialupSid = 8, 00320 WinNetworkSid = 9, 00321 WinBatchSid = 10, 00322 WinInteractiveSid = 11, 00323 WinServiceSid = 12, 00324 WinAnonymousSid = 13, 00325 WinProxySid = 14, 00326 WinEnterpriseControllersSid = 15, 00327 WinSelfSid = 16, 00328 WinAuthenticatedUserSid = 17, 00329 WinRestrictedCodeSid = 18, 00330 WinTerminalServerSid = 19, 00331 WinRemoteLogonIdSid = 20, 00332 WinLogonIdsSid = 21, 00333 WinLocalSystemSid = 22, 00334 WinLocalServiceSid = 23, 00335 WinNetworkServiceSid = 24, 00336 WinBuiltinDomainSid = 25, 00337 WinBuiltinAdministratorsSid = 26, 00338 WinBuiltinUsersSid = 27, 00339 WinBuiltinGuestsSid = 28, 00340 WinBuiltinPowerUsersSid = 29, 00341 WinBuiltinAccountOperatorsSid = 30, 00342 WinBuiltinSystemOperatorsSid = 31, 00343 WinBuiltinPrintOperatorsSid = 32, 00344 WinBuiltinBackupOperatorsSid = 33, 00345 WinBuiltinReplicatorSid = 34, 00346 WinBuiltinPreWindows2000CompatibleAccessSid = 35, 00347 WinBuiltinRemoteDesktopUsersSid = 36, 00348 WinBuiltinNetworkConfigurationOperatorsSid = 37, 00349 WinAccountAdministratorSid = 38, 00350 WinAccountGuestSid = 39, 00351 WinAccountKrbtgtSid = 40, 00352 WinAccountDomainAdminsSid = 41, 00353 WinAccountDomainUsersSid = 42, 00354 WinAccountDomainGuestsSid = 43, 00355 WinAccountComputersSid = 44, 00356 WinAccountControllersSid = 45, 00357 WinAccountCertAdminsSid = 46, 00358 WinAccountSchemaAdminsSid = 47, 00359 WinAccountEnterpriseAdminsSid = 48, 00360 WinAccountPolicyAdminsSid = 49, 00361 WinAccountRasAndIasServersSid = 50, 00362 WinNTLMAuthenticationSid = 51, 00363 WinDigestAuthenticationSid = 52, 00364 WinSChannelAuthenticationSid = 53, 00365 WinThisOrganizationSid = 54, 00366 WinOtherOrganizationSid = 55, 00367 WinBuiltinIncomingForestTrustBuildersSid = 56, 00368 WinBuiltinPerfMonitoringUsersSid = 57, 00369 WinBuiltinPerfLoggingUsersSid = 58, 00370 WinBuiltinAuthorizationAccessSid = 59, 00371 WinBuiltinTerminalServerLicenseServersSid = 60, 00372 WinBuiltinDCOMUsersSid = 61, 00373 WinBuiltinIUsersSid = 62, 00374 WinIUserSid = 63, 00375 WinBuiltinCryptoOperatorsSid = 64, 00376 WinUntrustedLabelSid = 65, 00377 WinLowLabelSid = 66, 00378 WinMediumLabelSid = 67, 00379 WinHighLabelSid = 68, 00380 WinSystemLabelSid = 69, 00381 WinWriteRestrictedCodeSid = 70, 00382 WinCreatorOwnerRightsSid = 71, 00383 WinCacheablePrincipalsGroupSid = 72, 00384 WinNonCacheablePrincipalsGroupSid = 73, 00385 WinEnterpriseReadonlyControllersSid = 74, 00386 WinAccountReadonlyControllersSid = 75, 00387 WinBuiltinEventLogReadersGroup = 76, 00388 WinNewEnterpriseReadonlyControllersSid = 77, 00389 WinBuiltinCertSvcDComAccessGroup = 78, 00390 WinMediumPlusLabelSid = 79, 00391 WinLocalLogonSid = 80, 00392 WinConsoleLogonSid = 81, 00393 WinThisOrganizationCertificateSid = 82, 00394 } WELL_KNOWN_SID_TYPE; 00395 $endif (_NTDDK_) 00396 $if (_NTIFS_) 00397 #ifndef SID_IDENTIFIER_AUTHORITY_DEFINED 00398 #define SID_IDENTIFIER_AUTHORITY_DEFINED 00399 typedef struct _SID_IDENTIFIER_AUTHORITY { 00400 UCHAR Value[6]; 00401 } SID_IDENTIFIER_AUTHORITY,*PSID_IDENTIFIER_AUTHORITY,*LPSID_IDENTIFIER_AUTHORITY; 00402 #endif 00403 00404 #ifndef SID_DEFINED 00405 #define SID_DEFINED 00406 typedef struct _SID { 00407 UCHAR Revision; 00408 UCHAR SubAuthorityCount; 00409 SID_IDENTIFIER_AUTHORITY IdentifierAuthority; 00410 #ifdef MIDL_PASS 00411 [size_is(SubAuthorityCount)] ULONG SubAuthority[*]; 00412 #else 00413 ULONG SubAuthority[ANYSIZE_ARRAY]; 00414 #endif 00415 } SID, *PISID; 00416 #endif 00417 00418 #define SID_REVISION 1 00419 #define SID_MAX_SUB_AUTHORITIES 15 00420 #define SID_RECOMMENDED_SUB_AUTHORITIES 1 00421 00422 #ifndef MIDL_PASS 00423 #define SECURITY_MAX_SID_SIZE (sizeof(SID) - sizeof(ULONG) + (SID_MAX_SUB_AUTHORITIES * sizeof(ULONG))) 00424 #endif 00425 00426 typedef enum _SID_NAME_USE { 00427 SidTypeUser = 1, 00428 SidTypeGroup, 00429 SidTypeDomain, 00430 SidTypeAlias, 00431 SidTypeWellKnownGroup, 00432 SidTypeDeletedAccount, 00433 SidTypeInvalid, 00434 SidTypeUnknown, 00435 SidTypeComputer, 00436 SidTypeLabel 00437 } SID_NAME_USE, *PSID_NAME_USE; 00438 00439 typedef struct _SID_AND_ATTRIBUTES { 00440 #ifdef MIDL_PASS 00441 PISID Sid; 00442 #else 00443 PSID Sid; 00444 #endif 00445 ULONG Attributes; 00446 } SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES; 00447 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY]; 00448 typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY; 00449 00450 #define SID_HASH_SIZE 32 00451 typedef ULONG_PTR SID_HASH_ENTRY, *PSID_HASH_ENTRY; 00452 00453 typedef struct _SID_AND_ATTRIBUTES_HASH { 00454 ULONG SidCount; 00455 PSID_AND_ATTRIBUTES SidAttr; 00456 SID_HASH_ENTRY Hash[SID_HASH_SIZE]; 00457 } SID_AND_ATTRIBUTES_HASH, *PSID_AND_ATTRIBUTES_HASH; 00458 00459 /* Universal well-known SIDs */ 00460 00461 #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0} 00462 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1} 00463 #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2} 00464 #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3} 00465 #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4} 00466 #define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9} 00467 00468 #define SECURITY_NULL_RID (0x00000000L) 00469 #define SECURITY_WORLD_RID (0x00000000L) 00470 #define SECURITY_LOCAL_RID (0x00000000L) 00471 #define SECURITY_LOCAL_LOGON_RID (0x00000001L) 00472 00473 #define SECURITY_CREATOR_OWNER_RID (0x00000000L) 00474 #define SECURITY_CREATOR_GROUP_RID (0x00000001L) 00475 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L) 00476 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L) 00477 #define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L) 00478 00479 /* NT well-known SIDs */ 00480 00481 #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5} 00482 00483 #define SECURITY_DIALUP_RID (0x00000001L) 00484 #define SECURITY_NETWORK_RID (0x00000002L) 00485 #define SECURITY_BATCH_RID (0x00000003L) 00486 #define SECURITY_INTERACTIVE_RID (0x00000004L) 00487 #define SECURITY_LOGON_IDS_RID (0x00000005L) 00488 #define SECURITY_LOGON_IDS_RID_COUNT (3L) 00489 #define SECURITY_SERVICE_RID (0x00000006L) 00490 #define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L) 00491 #define SECURITY_PROXY_RID (0x00000008L) 00492 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L) 00493 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID 00494 #define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL) 00495 #define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL) 00496 #define SECURITY_RESTRICTED_CODE_RID (0x0000000CL) 00497 #define SECURITY_TERMINAL_SERVER_RID (0x0000000DL) 00498 #define SECURITY_REMOTE_LOGON_RID (0x0000000EL) 00499 #define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL) 00500 #define SECURITY_IUSER_RID (0x00000011L) 00501 #define SECURITY_LOCAL_SYSTEM_RID (0x00000012L) 00502 #define SECURITY_LOCAL_SERVICE_RID (0x00000013L) 00503 #define SECURITY_NETWORK_SERVICE_RID (0x00000014L) 00504 #define SECURITY_NT_NON_UNIQUE (0x00000015L) 00505 #define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L) 00506 #define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID (0x00000016L) 00507 00508 #define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L) 00509 #define SECURITY_WRITE_RESTRICTED_CODE_RID (0x00000021L) 00510 00511 00512 #define SECURITY_PACKAGE_BASE_RID (0x00000040L) 00513 #define SECURITY_PACKAGE_RID_COUNT (2L) 00514 #define SECURITY_PACKAGE_NTLM_RID (0x0000000AL) 00515 #define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL) 00516 #define SECURITY_PACKAGE_DIGEST_RID (0x00000015L) 00517 00518 #define SECURITY_CRED_TYPE_BASE_RID (0x00000041L) 00519 #define SECURITY_CRED_TYPE_RID_COUNT (2L) 00520 #define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID (0x00000001L) 00521 00522 #define SECURITY_MIN_BASE_RID (0x00000050L) 00523 #define SECURITY_SERVICE_ID_BASE_RID (0x00000050L) 00524 #define SECURITY_SERVICE_ID_RID_COUNT (6L) 00525 #define SECURITY_RESERVED_ID_BASE_RID (0x00000051L) 00526 #define SECURITY_APPPOOL_ID_BASE_RID (0x00000052L) 00527 #define SECURITY_APPPOOL_ID_RID_COUNT (6L) 00528 #define SECURITY_VIRTUALSERVER_ID_BASE_RID (0x00000053L) 00529 #define SECURITY_VIRTUALSERVER_ID_RID_COUNT (6L) 00530 #define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID (0x00000054L) 00531 #define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT (6L) 00532 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID (0x00000055L) 00533 #define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT (6L) 00534 #define SECURITY_WMIHOST_ID_BASE_RID (0x00000056L) 00535 #define SECURITY_WMIHOST_ID_RID_COUNT (6L) 00536 #define SECURITY_TASK_ID_BASE_RID (0x00000057L) 00537 #define SECURITY_NFS_ID_BASE_RID (0x00000058L) 00538 #define SECURITY_COM_ID_BASE_RID (0x00000059L) 00539 #define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT (6L) 00540 00541 #define SECURITY_MAX_BASE_RID (0x0000006FL) 00542 00543 #define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L) 00544 #define SECURITY_MIN_NEVER_FILTERED (0x000003E8L) 00545 00546 #define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L) 00547 00548 #define SECURITY_WINDOWSMOBILE_ID_BASE_RID (0x00000070L) 00549 00550 /* Well-known domain relative sub-authority values (RIDs) */ 00551 00552 #define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS (0x000001F2L) 00553 00554 #define FOREST_USER_RID_MAX (0x000001F3L) 00555 00556 /* Well-known users */ 00557 00558 #define DOMAIN_USER_RID_ADMIN (0x000001F4L) 00559 #define DOMAIN_USER_RID_GUEST (0x000001F5L) 00560 #define DOMAIN_USER_RID_KRBTGT (0x000001F6L) 00561 00562 #define DOMAIN_USER_RID_MAX (0x000003E7L) 00563 00564 /* Well-known groups */ 00565 00566 #define DOMAIN_GROUP_RID_ADMINS (0x00000200L) 00567 #define DOMAIN_GROUP_RID_USERS (0x00000201L) 00568 #define DOMAIN_GROUP_RID_GUESTS (0x00000202L) 00569 #define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L) 00570 #define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L) 00571 #define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L) 00572 #define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L) 00573 #define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L) 00574 #define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L) 00575 #define DOMAIN_GROUP_RID_READONLY_CONTROLLERS (0x00000209L) 00576 00577 /* Well-known aliases */ 00578 00579 #define DOMAIN_ALIAS_RID_ADMINS (0x00000220L) 00580 #define DOMAIN_ALIAS_RID_USERS (0x00000221L) 00581 #define DOMAIN_ALIAS_RID_GUESTS (0x00000222L) 00582 #define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L) 00583 00584 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L) 00585 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L) 00586 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L) 00587 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L) 00588 00589 #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L) 00590 #define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L) 00591 #define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL) 00592 #define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL) 00593 #define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL) 00594 #define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL) 00595 00596 #define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL) 00597 #define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL) 00598 #define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L) 00599 #define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L) 00600 #define DOMAIN_ALIAS_RID_DCOM_USERS (0x00000232L) 00601 #define DOMAIN_ALIAS_RID_IUSERS (0x00000238L) 00602 #define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS (0x00000239L) 00603 #define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP (0x0000023BL) 00604 #define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP (0x0000023CL) 00605 #define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP (0x0000023DL) 00606 #define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP (0x0000023EL) 00607 00608 #define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16} 00609 #define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L) 00610 #define SECURITY_MANDATORY_LOW_RID (0x00001000L) 00611 #define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L) 00612 #define SECURITY_MANDATORY_HIGH_RID (0x00003000L) 00613 #define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L) 00614 #define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L) 00615 00616 /* SECURITY_MANDATORY_MAXIMUM_USER_RID is the highest RID that 00617 can be set by a usermode caller.*/ 00618 00619 #define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID 00620 00621 #define MANDATORY_LEVEL_TO_MANDATORY_RID(IL) (IL * 0x1000) 00622 00623 /* Allocate the System Luid. The first 1000 LUIDs are reserved. 00624 Use #999 here (0x3e7 = 999) */ 00625 00626 #define SYSTEM_LUID {0x3e7, 0x0} 00627 #define ANONYMOUS_LOGON_LUID {0x3e6, 0x0} 00628 #define LOCALSERVICE_LUID {0x3e5, 0x0} 00629 #define NETWORKSERVICE_LUID {0x3e4, 0x0} 00630 #define IUSER_LUID {0x3e3, 0x0} 00631 00632 typedef struct _ACE_HEADER { 00633 UCHAR AceType; 00634 UCHAR AceFlags; 00635 USHORT AceSize; 00636 } ACE_HEADER, *PACE_HEADER; 00637 00638 /* also in winnt.h */ 00639 #define ACCESS_MIN_MS_ACE_TYPE (0x0) 00640 #define ACCESS_ALLOWED_ACE_TYPE (0x0) 00641 #define ACCESS_DENIED_ACE_TYPE (0x1) 00642 #define SYSTEM_AUDIT_ACE_TYPE (0x2) 00643 #define SYSTEM_ALARM_ACE_TYPE (0x3) 00644 #define ACCESS_MAX_MS_V2_ACE_TYPE (0x3) 00645 #define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4) 00646 #define ACCESS_MAX_MS_V3_ACE_TYPE (0x4) 00647 #define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5) 00648 #define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5) 00649 #define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6) 00650 #define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7) 00651 #define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8) 00652 #define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8) 00653 #define ACCESS_MAX_MS_V4_ACE_TYPE (0x8) 00654 #define ACCESS_MAX_MS_ACE_TYPE (0x8) 00655 #define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9) 00656 #define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA) 00657 #define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB) 00658 #define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC) 00659 #define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD) 00660 #define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE) 00661 #define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF) 00662 #define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10) 00663 #define ACCESS_MAX_MS_V5_ACE_TYPE (0x11) 00664 #define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11) 00665 00666 /* The following are the inherit flags that go into the AceFlags field 00667 of an Ace header. */ 00668 00669 #define OBJECT_INHERIT_ACE (0x1) 00670 #define CONTAINER_INHERIT_ACE (0x2) 00671 #define NO_PROPAGATE_INHERIT_ACE (0x4) 00672 #define INHERIT_ONLY_ACE (0x8) 00673 #define INHERITED_ACE (0x10) 00674 #define VALID_INHERIT_FLAGS (0x1F) 00675 00676 #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40) 00677 #define FAILED_ACCESS_ACE_FLAG (0x80) 00678 00679 typedef struct _ACCESS_ALLOWED_ACE { 00680 ACE_HEADER Header; 00681 ACCESS_MASK Mask; 00682 ULONG SidStart; 00683 } ACCESS_ALLOWED_ACE, *PACCESS_ALLOWED_ACE; 00684 00685 typedef struct _ACCESS_DENIED_ACE { 00686 ACE_HEADER Header; 00687 ACCESS_MASK Mask; 00688 ULONG SidStart; 00689 } ACCESS_DENIED_ACE, *PACCESS_DENIED_ACE; 00690 00691 typedef struct _SYSTEM_AUDIT_ACE { 00692 ACE_HEADER Header; 00693 ACCESS_MASK Mask; 00694 ULONG SidStart; 00695 } SYSTEM_AUDIT_ACE, *PSYSTEM_AUDIT_ACE; 00696 00697 typedef struct _SYSTEM_ALARM_ACE { 00698 ACE_HEADER Header; 00699 ACCESS_MASK Mask; 00700 ULONG SidStart; 00701 } SYSTEM_ALARM_ACE, *PSYSTEM_ALARM_ACE; 00702 00703 typedef struct _SYSTEM_MANDATORY_LABEL_ACE { 00704 ACE_HEADER Header; 00705 ACCESS_MASK Mask; 00706 ULONG SidStart; 00707 } SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE; 00708 00709 #define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1 00710 #define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2 00711 #define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4 00712 #define SYSTEM_MANDATORY_LABEL_VALID_MASK (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \ 00713 SYSTEM_MANDATORY_LABEL_NO_READ_UP | \ 00714 SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP) 00715 00716 #define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR)) 00717 00718 typedef USHORT SECURITY_DESCRIPTOR_CONTROL,*PSECURITY_DESCRIPTOR_CONTROL; 00719 00720 #define SE_OWNER_DEFAULTED 0x0001 00721 #define SE_GROUP_DEFAULTED 0x0002 00722 #define SE_DACL_PRESENT 0x0004 00723 #define SE_DACL_DEFAULTED 0x0008 00724 #define SE_SACL_PRESENT 0x0010 00725 #define SE_SACL_DEFAULTED 0x0020 00726 #define SE_DACL_UNTRUSTED 0x0040 00727 #define SE_SERVER_SECURITY 0x0080 00728 #define SE_DACL_AUTO_INHERIT_REQ 0x0100 00729 #define SE_SACL_AUTO_INHERIT_REQ 0x0200 00730 #define SE_DACL_AUTO_INHERITED 0x0400 00731 #define SE_SACL_AUTO_INHERITED 0x0800 00732 #define SE_DACL_PROTECTED 0x1000 00733 #define SE_SACL_PROTECTED 0x2000 00734 #define SE_RM_CONTROL_VALID 0x4000 00735 #define SE_SELF_RELATIVE 0x8000 00736 00737 typedef struct _SECURITY_DESCRIPTOR_RELATIVE { 00738 UCHAR Revision; 00739 UCHAR Sbz1; 00740 SECURITY_DESCRIPTOR_CONTROL Control; 00741 ULONG Owner; 00742 ULONG Group; 00743 ULONG Sacl; 00744 ULONG Dacl; 00745 } SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE; 00746 00747 typedef struct _SECURITY_DESCRIPTOR { 00748 UCHAR Revision; 00749 UCHAR Sbz1; 00750 SECURITY_DESCRIPTOR_CONTROL Control; 00751 PSID Owner; 00752 PSID Group; 00753 PACL Sacl; 00754 PACL Dacl; 00755 } SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR; 00756 00757 typedef struct _OBJECT_TYPE_LIST { 00758 USHORT Level; 00759 USHORT Sbz; 00760 GUID *ObjectType; 00761 } OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST; 00762 00763 #define ACCESS_OBJECT_GUID 0 00764 #define ACCESS_PROPERTY_SET_GUID 1 00765 #define ACCESS_PROPERTY_GUID 2 00766 #define ACCESS_MAX_LEVEL 4 00767 00768 typedef enum _AUDIT_EVENT_TYPE { 00769 AuditEventObjectAccess, 00770 AuditEventDirectoryServiceAccess 00771 } AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE; 00772 00773 #define AUDIT_ALLOW_NO_PRIVILEGE 0x1 00774 00775 #define ACCESS_DS_SOURCE_A "DS" 00776 #define ACCESS_DS_SOURCE_W L"DS" 00777 #define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object" 00778 #define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object" 00779 00780 #define ACCESS_REASON_TYPE_MASK 0xffff0000 00781 #define ACCESS_REASON_DATA_MASK 0x0000ffff 00782 00783 typedef enum _ACCESS_REASON_TYPE { 00784 AccessReasonNone = 0x00000000, 00785 AccessReasonAllowedAce = 0x00010000, 00786 AccessReasonDeniedAce = 0x00020000, 00787 AccessReasonAllowedParentAce = 0x00030000, 00788 AccessReasonDeniedParentAce = 0x00040000, 00789 AccessReasonMissingPrivilege = 0x00100000, 00790 AccessReasonFromPrivilege = 0x00200000, 00791 AccessReasonIntegrityLevel = 0x00300000, 00792 AccessReasonOwnership = 0x00400000, 00793 AccessReasonNullDacl = 0x00500000, 00794 AccessReasonEmptyDacl = 0x00600000, 00795 AccessReasonNoSD = 0x00700000, 00796 AccessReasonNoGrant = 0x00800000 00797 } ACCESS_REASON_TYPE; 00798 00799 typedef ULONG ACCESS_REASON; 00800 00801 typedef struct _ACCESS_REASONS { 00802 ACCESS_REASON Data[32]; 00803 } ACCESS_REASONS, *PACCESS_REASONS; 00804 00805 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_OWNER_ACE 0x00000001 00806 #define SE_SECURITY_DESCRIPTOR_FLAG_NO_LABEL_ACE 0x00000002 00807 #define SE_SECURITY_DESCRIPTOR_VALID_FLAGS 0x00000003 00808 00809 typedef struct _SE_SECURITY_DESCRIPTOR { 00810 ULONG Size; 00811 ULONG Flags; 00812 PSECURITY_DESCRIPTOR SecurityDescriptor; 00813 } SE_SECURITY_DESCRIPTOR, *PSE_SECURITY_DESCRIPTOR; 00814 00815 typedef struct _SE_ACCESS_REQUEST { 00816 ULONG Size; 00817 PSE_SECURITY_DESCRIPTOR SeSecurityDescriptor; 00818 ACCESS_MASK DesiredAccess; 00819 ACCESS_MASK PreviouslyGrantedAccess; 00820 PSID PrincipalSelfSid; 00821 PGENERIC_MAPPING GenericMapping; 00822 ULONG ObjectTypeListCount; 00823 POBJECT_TYPE_LIST ObjectTypeList; 00824 } SE_ACCESS_REQUEST, *PSE_ACCESS_REQUEST; 00825 00826 typedef struct _SE_ACCESS_REPLY { 00827 ULONG Size; 00828 ULONG ResultListCount; 00829 PACCESS_MASK GrantedAccess; 00830 PNTSTATUS AccessStatus; 00831 PACCESS_REASONS AccessReason; 00832 PPRIVILEGE_SET* Privileges; 00833 } SE_ACCESS_REPLY, *PSE_ACCESS_REPLY; 00834 00835 typedef enum _SE_AUDIT_OPERATION { 00836 AuditPrivilegeObject, 00837 AuditPrivilegeService, 00838 AuditAccessCheck, 00839 AuditOpenObject, 00840 AuditOpenObjectWithTransaction, 00841 AuditCloseObject, 00842 AuditDeleteObject, 00843 AuditOpenObjectForDelete, 00844 AuditOpenObjectForDeleteWithTransaction, 00845 AuditCloseNonObject, 00846 AuditOpenNonObject, 00847 AuditObjectReference, 00848 AuditHandleCreation, 00849 } SE_AUDIT_OPERATION, *PSE_AUDIT_OPERATION; 00850 00851 typedef struct _SE_AUDIT_INFO { 00852 ULONG Size; 00853 AUDIT_EVENT_TYPE AuditType; 00854 SE_AUDIT_OPERATION AuditOperation; 00855 ULONG AuditFlags; 00856 UNICODE_STRING SubsystemName; 00857 UNICODE_STRING ObjectTypeName; 00858 UNICODE_STRING ObjectName; 00859 PVOID HandleId; 00860 GUID* TransactionId; 00861 LUID* OperationId; 00862 BOOLEAN ObjectCreation; 00863 BOOLEAN GenerateOnClose; 00864 } SE_AUDIT_INFO, *PSE_AUDIT_INFO; 00865 00866 #define TOKEN_ASSIGN_PRIMARY (0x0001) 00867 #define TOKEN_DUPLICATE (0x0002) 00868 #define TOKEN_IMPERSONATE (0x0004) 00869 #define TOKEN_QUERY (0x0008) 00870 #define TOKEN_QUERY_SOURCE (0x0010) 00871 #define TOKEN_ADJUST_PRIVILEGES (0x0020) 00872 #define TOKEN_ADJUST_GROUPS (0x0040) 00873 #define TOKEN_ADJUST_DEFAULT (0x0080) 00874 #define TOKEN_ADJUST_SESSIONID (0x0100) 00875 00876 #define TOKEN_ALL_ACCESS_P (STANDARD_RIGHTS_REQUIRED |\ 00877 TOKEN_ASSIGN_PRIMARY |\ 00878 TOKEN_DUPLICATE |\ 00879 TOKEN_IMPERSONATE |\ 00880 TOKEN_QUERY |\ 00881 TOKEN_QUERY_SOURCE |\ 00882 TOKEN_ADJUST_PRIVILEGES |\ 00883 TOKEN_ADJUST_GROUPS |\ 00884 TOKEN_ADJUST_DEFAULT ) 00885 00886 #if ((defined(_WIN32_WINNT) && (_WIN32_WINNT > 0x0400)) || (!defined(_WIN32_WINNT))) 00887 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P |\ 00888 TOKEN_ADJUST_SESSIONID ) 00889 #else 00890 #define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P) 00891 #endif 00892 00893 #define TOKEN_READ (STANDARD_RIGHTS_READ |\ 00894 TOKEN_QUERY) 00895 00896 #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\ 00897 TOKEN_ADJUST_PRIVILEGES |\ 00898 TOKEN_ADJUST_GROUPS |\ 00899 TOKEN_ADJUST_DEFAULT) 00900 00901 #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE) 00902 00903 typedef enum _TOKEN_TYPE { 00904 TokenPrimary = 1, 00905 TokenImpersonation 00906 } TOKEN_TYPE,*PTOKEN_TYPE; 00907 00908 typedef enum _TOKEN_INFORMATION_CLASS { 00909 TokenUser = 1, 00910 TokenGroups, 00911 TokenPrivileges, 00912 TokenOwner, 00913 TokenPrimaryGroup, 00914 TokenDefaultDacl, 00915 TokenSource, 00916 TokenType, 00917 TokenImpersonationLevel, 00918 TokenStatistics, 00919 TokenRestrictedSids, 00920 TokenSessionId, 00921 TokenGroupsAndPrivileges, 00922 TokenSessionReference, 00923 TokenSandBoxInert, 00924 TokenAuditPolicy, 00925 TokenOrigin, 00926 TokenElevationType, 00927 TokenLinkedToken, 00928 TokenElevation, 00929 TokenHasRestrictions, 00930 TokenAccessInformation, 00931 TokenVirtualizationAllowed, 00932 TokenVirtualizationEnabled, 00933 TokenIntegrityLevel, 00934 TokenUIAccess, 00935 TokenMandatoryPolicy, 00936 TokenLogonSid, 00937 MaxTokenInfoClass 00938 } TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS; 00939 00940 typedef struct _TOKEN_USER { 00941 SID_AND_ATTRIBUTES User; 00942 } TOKEN_USER, *PTOKEN_USER; 00943 00944 typedef struct _TOKEN_GROUPS { 00945 ULONG GroupCount; 00946 #ifdef MIDL_PASS 00947 [size_is(GroupCount)] SID_AND_ATTRIBUTES Groups[*]; 00948 #else 00949 SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]; 00950 #endif 00951 } TOKEN_GROUPS,*PTOKEN_GROUPS,*LPTOKEN_GROUPS; 00952 00953 typedef struct _TOKEN_PRIVILEGES { 00954 ULONG PrivilegeCount; 00955 LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]; 00956 } TOKEN_PRIVILEGES,*PTOKEN_PRIVILEGES,*LPTOKEN_PRIVILEGES; 00957 00958 typedef struct _TOKEN_OWNER { 00959 PSID Owner; 00960 } TOKEN_OWNER,*PTOKEN_OWNER; 00961 00962 typedef struct _TOKEN_PRIMARY_GROUP { 00963 PSID PrimaryGroup; 00964 } TOKEN_PRIMARY_GROUP,*PTOKEN_PRIMARY_GROUP; 00965 00966 typedef struct _TOKEN_DEFAULT_DACL { 00967 PACL DefaultDacl; 00968 } TOKEN_DEFAULT_DACL,*PTOKEN_DEFAULT_DACL; 00969 00970 typedef struct _TOKEN_GROUPS_AND_PRIVILEGES { 00971 ULONG SidCount; 00972 ULONG SidLength; 00973 PSID_AND_ATTRIBUTES Sids; 00974 ULONG RestrictedSidCount; 00975 ULONG RestrictedSidLength; 00976 PSID_AND_ATTRIBUTES RestrictedSids; 00977 ULONG PrivilegeCount; 00978 ULONG PrivilegeLength; 00979 PLUID_AND_ATTRIBUTES Privileges; 00980 LUID AuthenticationId; 00981 } TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES; 00982 00983 typedef struct _TOKEN_LINKED_TOKEN { 00984 HANDLE LinkedToken; 00985 } TOKEN_LINKED_TOKEN, *PTOKEN_LINKED_TOKEN; 00986 00987 typedef struct _TOKEN_ELEVATION { 00988 ULONG TokenIsElevated; 00989 } TOKEN_ELEVATION, *PTOKEN_ELEVATION; 00990 00991 typedef struct _TOKEN_MANDATORY_LABEL { 00992 SID_AND_ATTRIBUTES Label; 00993 } TOKEN_MANDATORY_LABEL, *PTOKEN_MANDATORY_LABEL; 00994 00995 #define TOKEN_MANDATORY_POLICY_OFF 0x0 00996 #define TOKEN_MANDATORY_POLICY_NO_WRITE_UP 0x1 00997 #define TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN 0x2 00998 00999 #define TOKEN_MANDATORY_POLICY_VALID_MASK (TOKEN_MANDATORY_POLICY_NO_WRITE_UP | \ 01000 TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN) 01001 01002 typedef struct _TOKEN_MANDATORY_POLICY { 01003 ULONG Policy; 01004 } TOKEN_MANDATORY_POLICY, *PTOKEN_MANDATORY_POLICY; 01005 01006 typedef struct _TOKEN_ACCESS_INFORMATION { 01007 PSID_AND_ATTRIBUTES_HASH SidHash; 01008 PSID_AND_ATTRIBUTES_HASH RestrictedSidHash; 01009 PTOKEN_PRIVILEGES Privileges; 01010 LUID AuthenticationId; 01011 TOKEN_TYPE TokenType; 01012 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; 01013 TOKEN_MANDATORY_POLICY MandatoryPolicy; 01014 ULONG Flags; 01015 } TOKEN_ACCESS_INFORMATION, *PTOKEN_ACCESS_INFORMATION; 01016 01017 #define POLICY_AUDIT_SUBCATEGORY_COUNT (53) 01018 01019 typedef struct _TOKEN_AUDIT_POLICY { 01020 UCHAR PerUserPolicy[((POLICY_AUDIT_SUBCATEGORY_COUNT) >> 1) + 1]; 01021 } TOKEN_AUDIT_POLICY, *PTOKEN_AUDIT_POLICY; 01022 01023 #define TOKEN_SOURCE_LENGTH 8 01024 01025 typedef struct _TOKEN_SOURCE { 01026 CHAR SourceName[TOKEN_SOURCE_LENGTH]; 01027 LUID SourceIdentifier; 01028 } TOKEN_SOURCE,*PTOKEN_SOURCE; 01029 01030 typedef struct _TOKEN_STATISTICS { 01031 LUID TokenId; 01032 LUID AuthenticationId; 01033 LARGE_INTEGER ExpirationTime; 01034 TOKEN_TYPE TokenType; 01035 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; 01036 ULONG DynamicCharged; 01037 ULONG DynamicAvailable; 01038 ULONG GroupCount; 01039 ULONG PrivilegeCount; 01040 LUID ModifiedId; 01041 } TOKEN_STATISTICS, *PTOKEN_STATISTICS; 01042 01043 typedef struct _TOKEN_CONTROL { 01044 LUID TokenId; 01045 LUID AuthenticationId; 01046 LUID ModifiedId; 01047 TOKEN_SOURCE TokenSource; 01048 } TOKEN_CONTROL,*PTOKEN_CONTROL; 01049 01050 typedef struct _TOKEN_ORIGIN { 01051 LUID OriginatingLogonSession; 01052 } TOKEN_ORIGIN, *PTOKEN_ORIGIN; 01053 01054 typedef enum _MANDATORY_LEVEL { 01055 MandatoryLevelUntrusted = 0, 01056 MandatoryLevelLow, 01057 MandatoryLevelMedium, 01058 MandatoryLevelHigh, 01059 MandatoryLevelSystem, 01060 MandatoryLevelSecureProcess, 01061 MandatoryLevelCount 01062 } MANDATORY_LEVEL, *PMANDATORY_LEVEL; 01063 01064 #define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x0001 01065 #define TOKEN_HAS_BACKUP_PRIVILEGE 0x0002 01066 #define TOKEN_HAS_RESTORE_PRIVILEGE 0x0004 01067 #define TOKEN_WRITE_RESTRICTED 0x0008 01068 #define TOKEN_IS_RESTRICTED 0x0010 01069 #define TOKEN_SESSION_NOT_REFERENCED 0x0020 01070 #define TOKEN_SANDBOX_INERT 0x0040 01071 #define TOKEN_HAS_IMPERSONATE_PRIVILEGE 0x0080 01072 #define SE_BACKUP_PRIVILEGES_CHECKED 0x0100 01073 #define TOKEN_VIRTUALIZE_ALLOWED 0x0200 01074 #define TOKEN_VIRTUALIZE_ENABLED 0x0400 01075 #define TOKEN_IS_FILTERED 0x0800 01076 #define TOKEN_UIACCESS 0x1000 01077 #define TOKEN_NOT_LOW 0x2000 01078 01079 typedef struct _SE_EXPORTS { 01080 LUID SeCreateTokenPrivilege; 01081 LUID SeAssignPrimaryTokenPrivilege; 01082 LUID SeLockMemoryPrivilege; 01083 LUID SeIncreaseQuotaPrivilege; 01084 LUID SeUnsolicitedInputPrivilege; 01085 LUID SeTcbPrivilege; 01086 LUID SeSecurityPrivilege; 01087 LUID SeTakeOwnershipPrivilege; 01088 LUID SeLoadDriverPrivilege; 01089 LUID SeCreatePagefilePrivilege; 01090 LUID SeIncreaseBasePriorityPrivilege; 01091 LUID SeSystemProfilePrivilege; 01092 LUID SeSystemtimePrivilege; 01093 LUID SeProfileSingleProcessPrivilege; 01094 LUID SeCreatePermanentPrivilege; 01095 LUID SeBackupPrivilege; 01096 LUID SeRestorePrivilege; 01097 LUID SeShutdownPrivilege; 01098 LUID SeDebugPrivilege; 01099 LUID SeAuditPrivilege; 01100 LUID SeSystemEnvironmentPrivilege; 01101 LUID SeChangeNotifyPrivilege; 01102 LUID SeRemoteShutdownPrivilege; 01103 PSID SeNullSid; 01104 PSID SeWorldSid; 01105 PSID SeLocalSid; 01106 PSID SeCreatorOwnerSid; 01107 PSID SeCreatorGroupSid; 01108 PSID SeNtAuthoritySid; 01109 PSID SeDialupSid; 01110 PSID SeNetworkSid; 01111 PSID SeBatchSid; 01112 PSID SeInteractiveSid; 01113 PSID SeLocalSystemSid; 01114 PSID SeAliasAdminsSid; 01115 PSID SeAliasUsersSid; 01116 PSID SeAliasGuestsSid; 01117 PSID SeAliasPowerUsersSid; 01118 PSID SeAliasAccountOpsSid; 01119 PSID SeAliasSystemOpsSid; 01120 PSID SeAliasPrintOpsSid; 01121 PSID SeAliasBackupOpsSid; 01122 PSID SeAuthenticatedUsersSid; 01123 PSID SeRestrictedSid; 01124 PSID SeAnonymousLogonSid; 01125 LUID SeUndockPrivilege; 01126 LUID SeSyncAgentPrivilege; 01127 LUID SeEnableDelegationPrivilege; 01128 PSID SeLocalServiceSid; 01129 PSID SeNetworkServiceSid; 01130 LUID SeManageVolumePrivilege; 01131 LUID SeImpersonatePrivilege; 01132 LUID SeCreateGlobalPrivilege; 01133 LUID SeTrustedCredManAccessPrivilege; 01134 LUID SeRelabelPrivilege; 01135 LUID SeIncreaseWorkingSetPrivilege; 01136 LUID SeTimeZonePrivilege; 01137 LUID SeCreateSymbolicLinkPrivilege; 01138 PSID SeIUserSid; 01139 PSID SeUntrustedMandatorySid; 01140 PSID SeLowMandatorySid; 01141 PSID SeMediumMandatorySid; 01142 PSID SeHighMandatorySid; 01143 PSID SeSystemMandatorySid; 01144 PSID SeOwnerRightsSid; 01145 } SE_EXPORTS, *PSE_EXPORTS; 01146 01147 typedef NTSTATUS 01148 (NTAPI *PSE_LOGON_SESSION_TERMINATED_ROUTINE)( 01149 IN PLUID LogonId); 01150 01151 typedef struct _SECURITY_CLIENT_CONTEXT { 01152 SECURITY_QUALITY_OF_SERVICE SecurityQos; 01153 PACCESS_TOKEN ClientToken; 01154 BOOLEAN DirectlyAccessClientToken; 01155 BOOLEAN DirectAccessEffectiveOnly; 01156 BOOLEAN ServerIsRemote; 01157 TOKEN_CONTROL ClientTokenControl; 01158 } SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT; 01159 01160 $endif (_NTIFS_)
Generated on Sun May 27 2012 04:31:04 for ReactOS by
1.7.6.1
