3 * COPYRIGHT: See COPYING in the top level directory for details
4 * PROJECT: ReactOS kernel
5 * FILE: include/ddk/setypes.h
6 * PURPOSE: Security manager types
8 * ??/??/??: Created with empty stubs by David Welch
9 * 29/08/98: ACCESS_TOKEN definition from Boudewijn Dekker
12 #ifndef __INCLUDE_DDK_SETYPES_H
13 #define __INCLUDE_DDK_SETYPES_H
15 #include <ntos/security.h>
17 /* TOKEN_GROUPS structure */
18 #define SE_GROUP_MANDATORY (0x1L)
19 #define SE_GROUP_ENABLED_BY_DEFAULT (0x2L)
20 #define SE_GROUP_ENABLED (0x4L)
21 #define SE_GROUP_OWNER (0x8L)
22 #define SE_GROUP_LOGON_ID (0xc0000000L)
25 #define ACL_REVISION (2)
27 /* ACE_HEADER structure */
28 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
29 #define ACCESS_DENIED_ACE_TYPE (0x1)
30 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
31 #define SYSTEM_ALARM_ACE_TYPE (0x3)
33 /* ACE flags in the ACE_HEADER structure */
34 #define OBJECT_INHERIT_ACE (0x1)
35 #define CONTAINER_INHERIT_ACE (0x2)
36 #define NO_PROPAGATE_INHERIT_ACE (0x4)
37 #define INHERIT_ONLY_ACE (0x8)
38 #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
39 #define FAILED_ACCESS_ACE_FLAG (0x80)
41 /* SECURITY_DESCRIPTOR_CONTROL */
42 #define SECURITY_DESCRIPTOR_REVISION (1)
43 #define SECURITY_DESCRIPTOR_MIN_LENGTH (20)
44 #define SE_OWNER_DEFAULTED (1)
45 #define SE_GROUP_DEFAULTED (2)
46 #define SE_DACL_PRESENT (4)
47 #define SE_DACL_DEFAULTED (8)
48 #define SE_SACL_PRESENT (16)
49 #define SE_SACL_DEFAULTED (32)
50 #define SE_SELF_RELATIVE (32768)
53 #define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x1L)
54 #define SE_PRIVILEGE_ENABLED (0x2L)
55 #define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
56 #define PRIVILEGE_SET_ALL_NECESSARY (0x1)
58 typedef struct _ACCESS_TOKEN
60 TOKEN_SOURCE TokenSource; // 0x00
62 LUID AuthenticationId; // 0x18
63 LARGE_INTEGER ExpirationTime; // 0x20
64 LUID ModifiedId; // 0x28
65 ULONG UserAndGroupCount; // 0x30
66 ULONG PrivilegeCount; // 0x34
67 ULONG VariableLength; // 0x38
68 ULONG DynamicCharged; // 0x3C
69 ULONG DynamicAvailable; // 0x40
70 ULONG DefaultOwnerIndex; // 0x44
71 PSID_AND_ATTRIBUTES UserAndGroups; // 0x48
72 PSID PrimaryGroup; // 0x4C
73 PLUID_AND_ATTRIBUTES Privileges; // 0x50
74 ULONG Unknown1; // 0x54
75 PACL DefaultDacl; // 0x58
76 TOKEN_TYPE TokenType; // 0x5C
77 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; // 0x60
78 UCHAR TokenFlags; // 0x64
79 UCHAR TokenInUse; // 0x65
80 UCHAR Unused[2]; // 0x66
81 PVOID ProxyData; // 0x68
82 PVOID AuditData; // 0x6c
83 UCHAR VariablePart[0]; // 0x70
84 } ACCESS_TOKEN, *PACCESS_TOKEN;
87 typedef struct _SECURITY_SUBJECT_CONTEXT
89 PACCESS_TOKEN ClientToken; // 0x0
90 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; // 0x4
91 PACCESS_TOKEN PrimaryToken; // 0x8
92 PVOID ProcessAuditId; // 0xC
93 } SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT;
96 typedef struct _SECURITY_CLIENT_CONTEXT
98 SECURITY_QUALITY_OF_SERVICE SecurityQos; // 0x00
99 PACCESS_TOKEN Token; // 0x0C
100 BOOLEAN DirectlyAccessClientToken; // 0x10
101 BOOLEAN DirectAccessEffectiveOnly; // 0x11
102 BOOLEAN ServerIsRemote; // 0x12
103 TOKEN_CONTROL ClientTokenControl; // 0x14
104 } SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
107 typedef struct _SE_EXPORTS
109 /* Privilege values */
110 LUID SeCreateTokenPrivilege;
111 LUID SeAssignPrimaryTokenPrivilege;
112 LUID SeLockMemoryPrivilege;
113 LUID SeIncreaseQuotaPrivilege;
114 LUID SeUnsolicitedInputPrivilege;
116 LUID SeSecurityPrivilege;
117 LUID SeTakeOwnershipPrivilege;
118 LUID SeLoadDriverPrivilege;
119 LUID SeCreatePagefilePrivilege;
120 LUID SeIncreaseBasePriorityPrivilege;
121 LUID SeSystemProfilePrivilege;
122 LUID SeSystemtimePrivilege;
123 LUID SeProfileSingleProcessPrivilege;
124 LUID SeCreatePermanentPrivilege;
125 LUID SeBackupPrivilege;
126 LUID SeRestorePrivilege;
127 LUID SeShutdownPrivilege;
128 LUID SeDebugPrivilege;
129 LUID SeAuditPrivilege;
130 LUID SeSystemEnvironmentPrivilege;
131 LUID SeChangeNotifyPrivilege;
132 LUID SeRemoteShutdownPrivilege;
134 /* Universally defined SIDs */
138 PSID SeCreatorOwnerSid;
139 PSID SeCreatorGroupSid;
141 /* Nt defined SIDs */
142 PSID SeNtAuthoritySid;
146 PSID SeInteractiveSid;
147 PSID SeLocalSystemSid;
148 PSID SeAliasAdminsSid;
149 PSID SeAliasUsersSid;
150 PSID SeAliasGuestsSid;
151 PSID SeAliasPowerUsersSid;
152 PSID SeAliasAccountOpsSid;
153 PSID SeAliasSystemOpsSid;
154 PSID SeAliasPrintOpsSid;
155 PSID SeAliasBackupOpsSid;
156 } SE_EXPORTS, *PSE_EXPORTS;
158 #define INITIAL_PRIVILEGE_COUNT 3
160 typedef struct _INITIAL_PRIVILEGE_SET
162 ULONG PrivilegeCount;
164 LUID_AND_ATTRIBUTES Privilege[INITIAL_PRIVILEGE_COUNT];
165 } INITIAL_PRIVILEGE_SET, *PINITIAL_PRIVILEGE_SET;
168 typedef NTSTATUS STDCALL
169 (*PSE_LOGON_SESSION_TERMINATED_ROUTINE)(IN PLUID LogonId);