ReactOS 0.4.15-dev-7788-g1ad9096
setypes.h
Go to the documentation of this file.
1/*++ NDK Version: 0098
2
3Copyright (c) Alex Ionescu. All rights reserved.
4
5Header Name:
6
7 setypes.h
8
9Abstract:
10
11 Type definitions for the security manager.
12
13Author:
14
15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
16
17--*/
18
19#ifndef _SETYPES_H
20#define _SETYPES_H
21
22//
23// Dependencies
24//
25#include <umtypes.h>
26
27//
28// Well Known SIDs
29//
30#define SECURITY_INTERNETSITE_AUTHORITY {0,0,0,0,0,7}
31
32#ifdef NTOS_MODE_USER
33//
34// Privilege constants
35//
36#define SE_MIN_WELL_KNOWN_PRIVILEGE (2L)
37#define SE_CREATE_TOKEN_PRIVILEGE (2L)
38#define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE (3L)
39#define SE_LOCK_MEMORY_PRIVILEGE (4L)
40#define SE_INCREASE_QUOTA_PRIVILEGE (5L)
41#define SE_UNSOLICITED_INPUT_PRIVILEGE (6L)
42#define SE_MACHINE_ACCOUNT_PRIVILEGE (6L)
43#define SE_TCB_PRIVILEGE (7L)
44#define SE_SECURITY_PRIVILEGE (8L)
45#define SE_TAKE_OWNERSHIP_PRIVILEGE (9L)
46#define SE_LOAD_DRIVER_PRIVILEGE (10L)
47#define SE_SYSTEM_PROFILE_PRIVILEGE (11L)
48#define SE_SYSTEMTIME_PRIVILEGE (12L)
49#define SE_PROF_SINGLE_PROCESS_PRIVILEGE (13L)
50#define SE_INC_BASE_PRIORITY_PRIVILEGE (14L)
51#define SE_CREATE_PAGEFILE_PRIVILEGE (15L)
52#define SE_CREATE_PERMANENT_PRIVILEGE (16L)
53#define SE_BACKUP_PRIVILEGE (17L)
54#define SE_RESTORE_PRIVILEGE (18L)
55#define SE_SHUTDOWN_PRIVILEGE (19L)
56#define SE_DEBUG_PRIVILEGE (20L)
57#define SE_AUDIT_PRIVILEGE (21L)
58#define SE_SYSTEM_ENVIRONMENT_PRIVILEGE (22L)
59#define SE_CHANGE_NOTIFY_PRIVILEGE (23L)
60#define SE_REMOTE_SHUTDOWN_PRIVILEGE (24L)
61#define SE_UNDOCK_PRIVILEGE (25L)
62#define SE_SYNC_AGENT_PRIVILEGE (26L)
63#define SE_ENABLE_DELEGATION_PRIVILEGE (27L)
64#define SE_MANAGE_VOLUME_PRIVILEGE (28L)
65#define SE_IMPERSONATE_PRIVILEGE (29L)
66#define SE_CREATE_GLOBAL_PRIVILEGE (30L)
67#define SE_MAX_WELL_KNOWN_PRIVILEGE (SE_CREATE_GLOBAL_PRIVILEGE)
68
69typedef struct _TOKEN_MANDATORY_POLICY {
72
73typedef struct _TOKEN_ACCESS_INFORMATION
74{
84
85#else
86
87//
88// User and Group-related SID Attributes
89//
90#define SE_GROUP_MANDATORY 0x00000001
91#define SE_GROUP_ENABLED_BY_DEFAULT 0x00000002
92#define SE_GROUP_ENABLED 0x00000004
93#define SE_GROUP_OWNER 0x00000008
94#define SE_GROUP_USE_FOR_DENY_ONLY 0x00000010
95#define SE_GROUP_INTEGRITY 0x00000020
96#define SE_GROUP_INTEGRITY_ENABLED 0x00000040
97#define SE_GROUP_RESOURCE 0x20000000
98#define SE_GROUP_LOGON_ID 0xC0000000
99
100#define SE_GROUP_VALID_ATTRIBUTES \
101 (SE_GROUP_MANDATORY | \
102 SE_GROUP_ENABLED_BY_DEFAULT | \
103 SE_GROUP_ENABLED | \
104 SE_GROUP_OWNER | \
105 SE_GROUP_USE_FOR_DENY_ONLY | \
106 SE_GROUP_LOGON_ID | \
107 SE_GROUP_RESOURCE | \
108 SE_GROUP_INTEGRITY | \
109 SE_GROUP_INTEGRITY_ENABLED)
110
111//
112// Privilege token filtering flags
113//
114#define DISABLE_MAX_PRIVILEGE 0x1
115#define SANDBOX_INERT 0x2
116#if (NTDDI_VERSION >= NTDDI_LONGHORN)
117#define LUA_TOKEN 0x4
118#define WRITE_RESTRICTED 0x8
119#endif
120
121//
122// Proxy Class enumeration
123//
124typedef enum _PROXY_CLASS
125{
131
132//
133// Audit and Policy Structures
134//
136{
147
149{
153
154typedef struct _SEP_AUDIT_POLICY
155{
156 union
157 {
161 };
163
164//
165// Security Logon Session References
166//
168{
176
178{
181
182//
183// Token Audit Data
184//
186{
191
192//
193// Token Proxy Data
194//
196{
203
204//
205// Token and auxiliary data
206//
207// ===================!!!IMPORTANT NOTE!!!=====================
208// ImageFileName, ProcessCid, ThreadCid and CreateMethod field
209// names are taken from Windows Server 2003 SP2 checked build
210// WinDBG debug extensions command purposes (such as !logonsession
211// command respectively). As such names are hardcoded, we have
212// to be compatible with them. THESE FIELD NAMES MUST NOT BE
213// CHANGED!!!
214// ============================================================
215typedef struct _TOKEN
216{
218 LUID TokenId; /* 0x10 */
220 LUID ParentTokenId; /* 0x20 */
224 LUID ModifiedId; /* 0x40 */
225 ULONG SessionId; /* 0x48 */
235 PSID PrimaryGroup; /* 0x70 */
237 PULONG DynamicPart; /* 0x78 */
238 PACL DefaultDacl; /* 0x7C */
241 ULONG TokenFlags; /* 0x88 */
242 BOOLEAN TokenInUse; /* 0x8C */
247#if DBG
248 UCHAR ImageFileName[16]; /* 0xA4 */
249 HANDLE ProcessCid; /* 0xB4 */
250 HANDLE ThreadCid; /* 0xB8 */
251 ULONG CreateMethod; /* 0xBC */
252#endif
253 ULONG VariablePart; /* 0xC0 */
255
256typedef struct _AUX_ACCESS_DATA
257{
262
263//
264// External SRM Data
265//
268
269#endif
270#endif
unsigned char BOOLEAN
TOKEN_TYPE
Definition: asmpp.cpp:29
#define NTSYSAPI
Definition: ntoskrnl.h:12
ERESOURCE * PERESOURCE
Definition: env_spec_w32.h:595
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
struct _SEP_AUDIT_POLICY_CATEGORIES SEP_AUDIT_POLICY_CATEGORIES
struct _TOKEN * PTOKEN
struct _SEP_LOGON_SESSION_REFERENCES SEP_LOGON_SESSION_REFERENCES
struct _SE_AUDIT_PROCESS_CREATION_INFO * PSE_AUDIT_PROCESS_CREATION_INFO
struct _SEP_AUDIT_POLICY SEP_AUDIT_POLICY
struct _SEP_AUDIT_POLICY_CATEGORIES * PSEP_AUDIT_POLICY_CATEGORIES
struct _AUX_ACCESS_DATA * PAUX_ACCESS_DATA
struct _SE_AUDIT_PROCESS_CREATION_INFO SE_AUDIT_PROCESS_CREATION_INFO
_PROXY_CLASS
Definition: setypes.h:125
@ ProxyTree
Definition: setypes.h:128
@ ProxyService
Definition: setypes.h:127
@ ProxyFull
Definition: setypes.h:126
@ ProxyDirectory
Definition: setypes.h:129
struct _SEP_LOGON_SESSION_REFERENCES * PSEP_LOGON_SESSION_REFERENCES
struct _SECURITY_TOKEN_AUDIT_DATA SECURITY_TOKEN_AUDIT_DATA
struct _TOKEN TOKEN
struct _SECURITY_TOKEN_PROXY_DATA * PSECURITY_TOKEN_PROXY_DATA
PACL NTSYSAPI SePublicDefaultDacl
Definition: acl.c:16
struct _AUX_ACCESS_DATA AUX_ACCESS_DATA
enum _PROXY_CLASS PROXY_CLASS
struct _SEP_AUDIT_POLICY * PSEP_AUDIT_POLICY
struct _SECURITY_TOKEN_AUDIT_DATA * PSECURITY_TOKEN_AUDIT_DATA
struct _SEP_AUDIT_POLICY_OVERLAY SEP_AUDIT_POLICY_OVERLAY
struct _SECURITY_TOKEN_PROXY_DATA SECURITY_TOKEN_PROXY_DATA
struct _SEP_AUDIT_POLICY_OVERLAY * PSEP_AUDIT_POLICY_OVERLAY
PACL NTSYSAPI SeSystemDefaultDacl
Definition: acl.c:17
PPRIVILEGE_SET PrivilegeSet
Definition: setypes.h:258
GENERIC_MAPPING GenericMapping
Definition: setypes.h:259
ULONG Reserved
Definition: setypes.h:260
Definition: typedefs.h:120
UNICODE_STRING PathInfo
Definition: setypes.h:199
PROXY_CLASS ProxyClass
Definition: setypes.h:198
ULONGLONG Overlay
Definition: setypes.h:160
SEP_AUDIT_POLICY_OVERLAY PolicyOverlay
Definition: setypes.h:159
SEP_AUDIT_POLICY_CATEGORIES PolicyElements
Definition: setypes.h:158
struct _SEP_LOGON_SESSION_REFERENCES * Next
Definition: setypes.h:169
POBJECT_NAME_INFORMATION ImageFileName
Definition: setypes.h:179
PSID_AND_ATTRIBUTES_HASH SidHash
Definition: setypes.h:1168
PTOKEN_PRIVILEGES Privileges
Definition: setypes.h:1170
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:1173
PSID_AND_ATTRIBUTES_HASH RestrictedSidHash
Definition: setypes.h:1169
TOKEN_MANDATORY_POLICY MandatoryPolicy
Definition: setypes.h:1174
LUID AuthenticationId
Definition: setypes.h:219
ULONG DynamicCharged
Definition: setypes.h:230
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:240
LUID ModifiedId
Definition: setypes.h:224
ULONG DefaultOwnerIndex
Definition: setypes.h:232
LARGE_INTEGER ExpirationTime
Definition: setypes.h:221
PSECURITY_TOKEN_PROXY_DATA ProxyData
Definition: setypes.h:243
PSECURITY_TOKEN_AUDIT_DATA AuditData
Definition: setypes.h:244
SEP_AUDIT_POLICY AuditPolicy
Definition: setypes.h:223
PSID_AND_ATTRIBUTES RestrictedSids
Definition: setypes.h:234
ULONG VariablePart
Definition: setypes.h:253
ULONG SessionId
Definition: setypes.h:225
ULONG PrivilegeCount
Definition: setypes.h:228
PLUID_AND_ATTRIBUTES Privileges
Definition: setypes.h:236
PSID_AND_ATTRIBUTES UserAndGroups
Definition: setypes.h:233
TOKEN_TYPE TokenType
Definition: setypes.h:239
ULONG TokenFlags
Definition: setypes.h:241
LUID ParentTokenId
Definition: setypes.h:220
ULONG DynamicAvailable
Definition: setypes.h:231
BOOLEAN TokenInUse
Definition: setypes.h:242
ULONG VariableLength
Definition: setypes.h:229
PACL DefaultDacl
Definition: setypes.h:238
PSID PrimaryGroup
Definition: setypes.h:235
LUID OriginatingLogonSession
Definition: setypes.h:246
LUID TokenId
Definition: setypes.h:218
PERESOURCE TokenLock
Definition: setypes.h:222
PULONG DynamicPart
Definition: setypes.h:237
PSEP_LOGON_SESSION_REFERENCES LogonSession
Definition: setypes.h:245
ULONG UserAndGroupCount
Definition: setypes.h:226
TOKEN_SOURCE TokenSource
Definition: setypes.h:217
ULONG RestrictedSidCount
Definition: setypes.h:227
uint32_t * PULONG
Definition: typedefs.h:59
uint32_t ULONG
Definition: typedefs.h:59
uint64_t ULONGLONG
Definition: typedefs.h:67
struct _TOKEN_ACCESS_INFORMATION TOKEN_ACCESS_INFORMATION
struct _TOKEN_MANDATORY_POLICY * PTOKEN_MANDATORY_POLICY
struct _TOKEN_MANDATORY_POLICY TOKEN_MANDATORY_POLICY
struct _TOKEN_ACCESS_INFORMATION * PTOKEN_ACCESS_INFORMATION
unsigned char UCHAR
Definition: xmlstorage.h:181