ReactOS  0.4.14-dev-114-gc8cbd56
setypes.h
Go to the documentation of this file.
1 /*++ NDK Version: 0098
2 
3 Copyright (c) Alex Ionescu. All rights reserved.
4 
5 Header Name:
6 
7  setypes.h
8 
9 Abstract:
10 
11  Type definitions for the security manager.
12 
13 Author:
14 
15  Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
16 
17 --*/
18 
19 #ifndef _SETYPES_H
20 #define _SETYPES_H
21 
22 //
23 // Dependencies
24 //
25 #include <umtypes.h>
26 
27 //
28 // Well Known SIDs
29 //
30 #define SECURITY_INTERNETSITE_AUTHORITY {0,0,0,0,0,7}
31 
32 #ifdef NTOS_MODE_USER
33 //
34 // Privilege constants
35 //
36 #define SE_MIN_WELL_KNOWN_PRIVILEGE (2L)
37 #define SE_CREATE_TOKEN_PRIVILEGE (2L)
38 #define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE (3L)
39 #define SE_LOCK_MEMORY_PRIVILEGE (4L)
40 #define SE_INCREASE_QUOTA_PRIVILEGE (5L)
41 #define SE_UNSOLICITED_INPUT_PRIVILEGE (6L)
42 #define SE_MACHINE_ACCOUNT_PRIVILEGE (6L)
43 #define SE_TCB_PRIVILEGE (7L)
44 #define SE_SECURITY_PRIVILEGE (8L)
45 #define SE_TAKE_OWNERSHIP_PRIVILEGE (9L)
46 #define SE_LOAD_DRIVER_PRIVILEGE (10L)
47 #define SE_SYSTEM_PROFILE_PRIVILEGE (11L)
48 #define SE_SYSTEMTIME_PRIVILEGE (12L)
49 #define SE_PROF_SINGLE_PROCESS_PRIVILEGE (13L)
50 #define SE_INC_BASE_PRIORITY_PRIVILEGE (14L)
51 #define SE_CREATE_PAGEFILE_PRIVILEGE (15L)
52 #define SE_CREATE_PERMANENT_PRIVILEGE (16L)
53 #define SE_BACKUP_PRIVILEGE (17L)
54 #define SE_RESTORE_PRIVILEGE (18L)
55 #define SE_SHUTDOWN_PRIVILEGE (19L)
56 #define SE_DEBUG_PRIVILEGE (20L)
57 #define SE_AUDIT_PRIVILEGE (21L)
58 #define SE_SYSTEM_ENVIRONMENT_PRIVILEGE (22L)
59 #define SE_CHANGE_NOTIFY_PRIVILEGE (23L)
60 #define SE_REMOTE_SHUTDOWN_PRIVILEGE (24L)
61 #define SE_UNDOCK_PRIVILEGE (25L)
62 #define SE_SYNC_AGENT_PRIVILEGE (26L)
63 #define SE_ENABLE_DELEGATION_PRIVILEGE (27L)
64 #define SE_MANAGE_VOLUME_PRIVILEGE (28L)
65 #define SE_IMPERSONATE_PRIVILEGE (29L)
66 #define SE_CREATE_GLOBAL_PRIVILEGE (30L)
67 #define SE_MAX_WELL_KNOWN_PRIVILEGE (SE_CREATE_GLOBAL_PRIVILEGE)
68 
69 typedef struct _TOKEN_MANDATORY_POLICY {
70  ULONG Policy;
71 } TOKEN_MANDATORY_POLICY, *PTOKEN_MANDATORY_POLICY;
72 
73 typedef struct _TOKEN_ACCESS_INFORMATION
74 {
75  struct _SID_AND_ATTRIBUTES_HASH *SidHash;
76  struct _SID_AND_ATTRIBUTES_HASH *RestrictedSidHash;
77  struct _TOKEN_PRIVILEGES *Privileges;
78  LUID AuthenticationId;
79  TOKEN_TYPE TokenType;
80  SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
81  TOKEN_MANDATORY_POLICY MandatoryPolicy;
82  ULONG Flags;
83 } TOKEN_ACCESS_INFORMATION, *PTOKEN_ACCESS_INFORMATION;
84 
85 #else
86 
87 //
88 // User and Group-related SID Attributes
89 //
90 #define SE_GROUP_MANDATORY 0x00000001
91 #define SE_GROUP_ENABLED_BY_DEFAULT 0x00000002
92 #define SE_GROUP_ENABLED 0x00000004
93 #define SE_GROUP_OWNER 0x00000008
94 #define SE_GROUP_USE_FOR_DENY_ONLY 0x00000010
95 #define SE_GROUP_INTEGRITY 0x00000020
96 #define SE_GROUP_INTEGRITY_ENABLED 0x00000040
97 #define SE_GROUP_RESOURCE 0x20000000
98 #define SE_GROUP_LOGON_ID 0xC0000000
99 
100 #define SE_GROUP_VALID_ATTRIBUTES \
101  (SE_GROUP_MANDATORY | \
102  SE_GROUP_ENABLED_BY_DEFAULT | \
103  SE_GROUP_ENABLED | \
104  SE_GROUP_OWNER | \
105  SE_GROUP_USE_FOR_DENY_ONLY | \
106  SE_GROUP_LOGON_ID | \
107  SE_GROUP_RESOURCE | \
108  SE_GROUP_INTEGRITY | \
109  SE_GROUP_INTEGRITY_ENABLED)
110 
111 //
112 // Audit and Policy Structures
113 //
114 typedef struct _SEP_AUDIT_POLICY_CATEGORIES
115 {
116  UCHAR System:4;
117  UCHAR Logon:4;
118  UCHAR ObjectAccess:4;
119  UCHAR PrivilegeUse:4;
120  UCHAR DetailedTracking:4;
121  UCHAR PolicyChange:4;
122  UCHAR AccountManagement:4;
123  UCHAR DirectoryServiceAccess:4;
124  UCHAR AccountLogon:4;
125 } SEP_AUDIT_POLICY_CATEGORIES, *PSEP_AUDIT_POLICY_CATEGORIES;
126 
127 typedef struct _SEP_AUDIT_POLICY_OVERLAY
128 {
129  ULONGLONG PolicyBits:36;
130  ULONGLONG SetBit:1;
131 } SEP_AUDIT_POLICY_OVERLAY, *PSEP_AUDIT_POLICY_OVERLAY;
132 
133 typedef struct _SEP_AUDIT_POLICY
134 {
135  union
136  {
137  SEP_AUDIT_POLICY_CATEGORIES PolicyElements;
138  SEP_AUDIT_POLICY_OVERLAY PolicyOverlay;
139  ULONGLONG Overlay;
140  };
141 } SEP_AUDIT_POLICY, *PSEP_AUDIT_POLICY;
142 
143 typedef struct _SE_AUDIT_PROCESS_CREATION_INFO
144 {
145  POBJECT_NAME_INFORMATION ImageFileName;
146 } SE_AUDIT_PROCESS_CREATION_INFO, *PSE_AUDIT_PROCESS_CREATION_INFO;
147 
148 //
149 // Token and auxiliary data
150 //
151 typedef struct _TOKEN
152 {
153  TOKEN_SOURCE TokenSource; /* 0x00 */
154  LUID TokenId; /* 0x10 */
155  LUID AuthenticationId; /* 0x18 */
156  LUID ParentTokenId; /* 0x20 */
157  LARGE_INTEGER ExpirationTime; /* 0x28 */
158  struct _ERESOURCE *TokenLock; /* 0x30 */
159  SEP_AUDIT_POLICY AuditPolicy; /* 0x38 */
160  LUID ModifiedId; /* 0x40 */
161  ULONG SessionId; /* 0x48 */
162  ULONG UserAndGroupCount; /* 0x4C */
163  ULONG RestrictedSidCount; /* 0x50 */
164  ULONG PrivilegeCount; /* 0x54 */
165  ULONG VariableLength; /* 0x58 */
166  ULONG DynamicCharged; /* 0x5C */
167  ULONG DynamicAvailable; /* 0x60 */
168  ULONG DefaultOwnerIndex; /* 0x64 */
169  PSID_AND_ATTRIBUTES UserAndGroups; /* 0x68 */
170  PSID_AND_ATTRIBUTES RestrictedSids; /* 0x6C */
171  PSID PrimaryGroup; /* 0x70 */
172  PLUID_AND_ATTRIBUTES Privileges; /* 0x74 */
173  PULONG DynamicPart; /* 0x78 */
174  PACL DefaultDacl; /* 0x7C */
175  TOKEN_TYPE TokenType; /* 0x80 */
176  SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; /* 0x84 */
177  ULONG TokenFlags; /* 0x88 */
178  BOOLEAN TokenInUse; /* 0x8C */
179  PVOID ProxyData; /* 0x90 */
180  PVOID AuditData; /* 0x94 */
181  LUID OriginatingLogonSession; /* 0x98 */
182  ULONG VariablePart; /* 0xA0 */
183 } TOKEN, *PTOKEN;
184 
185 typedef struct _AUX_ACCESS_DATA
186 {
187  PPRIVILEGE_SET PrivilegeSet;
188  GENERIC_MAPPING GenericMapping;
189  ULONG Reserved;
190 } AUX_ACCESS_DATA, *PAUX_ACCESS_DATA;
191 
192 //
193 // External SRM Data
194 //
195 extern PACL NTSYSAPI SePublicDefaultDacl;
196 extern PACL NTSYSAPI SeSystemDefaultDacl;
197 
198 #endif
199 #endif
_TOKEN::TokenType
TOKEN_TYPE TokenType
Definition: setypes.h:175
_AUX_ACCESS_DATA::PrivilegeSet
PPRIVILEGE_SET PrivilegeSet
Definition: setypes.h:187
_SEP_AUDIT_POLICY_CATEGORIES
Definition: setypes.h:114
_LUID_AND_ATTRIBUTES
Definition: setypes.h:73
_SEP_AUDIT_POLICY_CATEGORIES::DirectoryServiceAccess
UCHAR DirectoryServiceAccess
Definition: setypes.h:123
_TOKEN_ACCESS_INFORMATION::SidHash
PSID_AND_ATTRIBUTES_HASH SidHash
Definition: setypes.h:1114
_SID
Definition: ms-dtyp.idl:198
_SEP_AUDIT_POLICY_OVERLAY::PolicyBits
ULONGLONG PolicyBits
Definition: setypes.h:129
_SE_AUDIT_PROCESS_CREATION_INFO::ImageFileName
POBJECT_NAME_INFORMATION ImageFileName
Definition: setypes.h:145
_TOKEN::DynamicCharged
ULONG DynamicCharged
Definition: setypes.h:166
_TOKEN_PRIVILEGES
Definition: setypes.h:968
PTOKEN_ACCESS_INFORMATION
struct _TOKEN_ACCESS_INFORMATION * PTOKEN_ACCESS_INFORMATION
_ACL
Definition: ms-dtyp.idl:293
_TOKEN_MANDATORY_POLICY
Definition: setypes.h:1109
_TOKEN::AuditData
PVOID AuditData
Definition: setypes.h:180
SeSystemDefaultDacl
PACL NTSYSAPI SeSystemDefaultDacl
Definition: acl.c:23
_TOKEN::AuthenticationId
LUID AuthenticationId
Definition: setypes.h:155
_TOKEN::VariablePart
ULONG VariablePart
Definition: setypes.h:182
_TOKEN_ACCESS_INFORMATION::RestrictedSidHash
PSID_AND_ATTRIBUTES_HASH RestrictedSidHash
Definition: setypes.h:1115
_PRIVILEGE_SET
Definition: setypes.h:85
_TOKEN::ProxyData
PVOID ProxyData
Definition: setypes.h:179
_OBJECT_NAME_INFORMATION
Definition: nt_native.h:1269
_AUX_ACCESS_DATA::GenericMapping
GENERIC_MAPPING GenericMapping
Definition: setypes.h:188
_TOKEN::PrivilegeCount
ULONG PrivilegeCount
Definition: setypes.h:164
_TOKEN_ACCESS_INFORMATION
Definition: setypes.h:1113
_TOKEN::Privileges
PLUID_AND_ATTRIBUTES Privileges
Definition: setypes.h:172
NTSYSAPI
#define NTSYSAPI
Definition: ntoskrnl.h:14
_AUX_ACCESS_DATA::Reserved
ULONG Reserved
Definition: setypes.h:189
_TOKEN::ModifiedId
LUID ModifiedId
Definition: setypes.h:160
PSEP_AUDIT_POLICY
struct _SEP_AUDIT_POLICY * PSEP_AUDIT_POLICY
_SEP_AUDIT_POLICY_CATEGORIES::PrivilegeUse
UCHAR PrivilegeUse
Definition: setypes.h:119
_TOKEN::TokenFlags
ULONG TokenFlags
Definition: setypes.h:177
_TOKEN_ACCESS_INFORMATION::ImpersonationLevel
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:1119
_LUID
Definition: devicetopology.idl:136
PSEP_AUDIT_POLICY_OVERLAY
struct _SEP_AUDIT_POLICY_OVERLAY * PSEP_AUDIT_POLICY_OVERLAY
_TOKEN::TokenLock
struct _ERESOURCE * TokenLock
Definition: setypes.h:158
_TOKEN::DynamicAvailable
ULONG DynamicAvailable
Definition: setypes.h:167
TOKEN_ACCESS_INFORMATION
struct _TOKEN_ACCESS_INFORMATION TOKEN_ACCESS_INFORMATION
SECURITY_IMPERSONATION_LEVEL
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
_TOKEN::DefaultDacl
PACL DefaultDacl
Definition: setypes.h:174
_TOKEN_ACCESS_INFORMATION::Privileges
PTOKEN_PRIVILEGES Privileges
Definition: setypes.h:1116
_SEP_AUDIT_POLICY_CATEGORIES::Logon
UCHAR Logon
Definition: setypes.h:117
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
TOKEN_MANDATORY_POLICY
struct _TOKEN_MANDATORY_POLICY TOKEN_MANDATORY_POLICY
_SE_AUDIT_PROCESS_CREATION_INFO
Definition: setypes.h:143
_TOKEN::ParentTokenId
LUID ParentTokenId
Definition: setypes.h:156
_SEP_AUDIT_POLICY
Definition: setypes.h:133
SEP_AUDIT_POLICY_OVERLAY
struct _SEP_AUDIT_POLICY_OVERLAY SEP_AUDIT_POLICY_OVERLAY
_TOKEN::DefaultOwnerIndex
ULONG DefaultOwnerIndex
Definition: setypes.h:168
_TOKEN::VariableLength
ULONG VariableLength
Definition: setypes.h:165
_SEP_AUDIT_POLICY::PolicyOverlay
SEP_AUDIT_POLICY_OVERLAY PolicyOverlay
Definition: setypes.h:138
PSE_AUDIT_PROCESS_CREATION_INFO
struct _SE_AUDIT_PROCESS_CREATION_INFO * PSE_AUDIT_PROCESS_CREATION_INFO
_TOKEN::SessionId
ULONG SessionId
Definition: setypes.h:161
_TOKEN::RestrictedSidCount
ULONG RestrictedSidCount
Definition: setypes.h:163
_TOKEN::DynamicPart
PULONG DynamicPart
Definition: setypes.h:173
PTOKEN_MANDATORY_POLICY
struct _TOKEN_MANDATORY_POLICY * PTOKEN_MANDATORY_POLICY
_TOKEN::PrimaryGroup
PSID PrimaryGroup
Definition: setypes.h:171
_TOKEN_ACCESS_INFORMATION::TokenType
TOKEN_TYPE TokenType
Definition: setypes.h:1118
_TOKEN::ExpirationTime
LARGE_INTEGER ExpirationTime
Definition: setypes.h:157
_GENERIC_MAPPING
Definition: nt_native.h:564
_TOKEN::TokenInUse
BOOLEAN TokenInUse
Definition: setypes.h:178
_TOKEN_ACCESS_INFORMATION::AuthenticationId
LUID AuthenticationId
Definition: setypes.h:1117
ULONGLONG
uint64_t ULONGLONG
Definition: typedefs.h:65
_SID_AND_ATTRIBUTES
Definition: setypes.h:474
_ERESOURCE
Definition: extypes.h:222
_SEP_AUDIT_POLICY::PolicyElements
SEP_AUDIT_POLICY_CATEGORIES PolicyElements
Definition: setypes.h:137
_SEP_AUDIT_POLICY_OVERLAY
Definition: setypes.h:127
_TOKEN_MANDATORY_POLICY::Policy
$ULONG Policy
Definition: setypes.h:1110
_TOKEN::RestrictedSids
PSID_AND_ATTRIBUTES RestrictedSids
Definition: setypes.h:170
UCHAR
unsigned char UCHAR
Definition: xmlstorage.h:181
_SEP_AUDIT_POLICY_CATEGORIES::AccountManagement
UCHAR AccountManagement
Definition: setypes.h:122
_TOKEN::AuditPolicy
SEP_AUDIT_POLICY AuditPolicy
Definition: setypes.h:159
_TOKEN_ACCESS_INFORMATION::MandatoryPolicy
TOKEN_MANDATORY_POLICY MandatoryPolicy
Definition: setypes.h:1120
_SEP_AUDIT_POLICY_CATEGORIES::ObjectAccess
UCHAR ObjectAccess
Definition: setypes.h:118
_SEP_AUDIT_POLICY_CATEGORIES::DetailedTracking
UCHAR DetailedTracking
Definition: setypes.h:120
_SEP_AUDIT_POLICY_CATEGORIES::PolicyChange
UCHAR PolicyChange
Definition: setypes.h:121
TOKEN_TYPE
enum _TOKEN_TYPE TOKEN_TYPE
_TOKEN_SOURCE
Definition: imports.h:277
_SID_AND_ATTRIBUTES_HASH
Definition: setypes.h:488
AUX_ACCESS_DATA
struct _AUX_ACCESS_DATA AUX_ACCESS_DATA
SePublicDefaultDacl
PACL NTSYSAPI SePublicDefaultDacl
Definition: acl.c:22
_AUX_ACCESS_DATA
Definition: setypes.h:185
SE_AUDIT_PROCESS_CREATION_INFO
struct _SE_AUDIT_PROCESS_CREATION_INFO SE_AUDIT_PROCESS_CREATION_INFO
PTOKEN
struct _TOKEN * PTOKEN
_SEP_AUDIT_POLICY_CATEGORIES::AccountLogon
UCHAR AccountLogon
Definition: setypes.h:124
_TOKEN::UserAndGroupCount
ULONG UserAndGroupCount
Definition: setypes.h:162
_SEP_AUDIT_POLICY::Overlay
ULONGLONG Overlay
Definition: setypes.h:139
_TOKEN::TokenId
LUID TokenId
Definition: setypes.h:154
_TOKEN_ACCESS_INFORMATION::Flags
$ULONG Flags
Definition: setypes.h:1121
PULONG
unsigned int * PULONG
Definition: retypes.h:1
SEP_AUDIT_POLICY
struct _SEP_AUDIT_POLICY SEP_AUDIT_POLICY
PAUX_ACCESS_DATA
struct _AUX_ACCESS_DATA * PAUX_ACCESS_DATA
_LARGE_INTEGER
Definition: typedefs.h:100
PSEP_AUDIT_POLICY_CATEGORIES
struct _SEP_AUDIT_POLICY_CATEGORIES * PSEP_AUDIT_POLICY_CATEGORIES
_SEP_AUDIT_POLICY_CATEGORIES::System
UCHAR System
Definition: setypes.h:116
_TOKEN::ImpersonationLevel
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:176
ULONG
unsigned int ULONG
Definition: retypes.h:1
_TOKEN::UserAndGroups
PSID_AND_ATTRIBUTES UserAndGroups
Definition: setypes.h:169
SEP_AUDIT_POLICY_CATEGORIES
struct _SEP_AUDIT_POLICY_CATEGORIES SEP_AUDIT_POLICY_CATEGORIES
_SEP_AUDIT_POLICY_OVERLAY::SetBit
ULONGLONG SetBit
Definition: setypes.h:130
_TOKEN::TokenSource
TOKEN_SOURCE TokenSource
Definition: setypes.h:153
_TOKEN
Definition: setypes.h:151
TOKEN
struct _TOKEN TOKEN
_TOKEN::OriginatingLogonSession
LUID OriginatingLogonSession
Definition: setypes.h:181