3 * COPYRIGHT: See COPYING in the top level directory for details
4 * PROJECT: ReactOS kernel
5 * FILE: include/ddk/setypes.h
6 * PURPOSE: Security manager types
8 * ??/??/??: Created with empty stubs by David Welch
9 * 29/08/98: ACCESS_TOKEN definition from Boudewijn Dekker
12 #ifndef __INCLUDE_DDK_SETYPES_H
13 #define __INCLUDE_DDK_SETYPES_H
15 #include <ntos/security.h>
17 /* TOKEN_GROUPS structure */
18 #define SE_GROUP_MANDATORY (0x1L)
19 #define SE_GROUP_ENABLED_BY_DEFAULT (0x2L)
20 #define SE_GROUP_ENABLED (0x4L)
21 #define SE_GROUP_OWNER (0x8L)
22 #define SE_GROUP_LOGON_ID (0xc0000000L)
25 #define ACL_REVISION (2)
27 /* ACE_HEADER structure */
28 #define ACCESS_ALLOWED_ACE_TYPE (0x0)
29 #define ACCESS_DENIED_ACE_TYPE (0x1)
30 #define SYSTEM_AUDIT_ACE_TYPE (0x2)
31 #define SYSTEM_ALARM_ACE_TYPE (0x3)
33 /* ACE flags in the ACE_HEADER structure */
34 #define OBJECT_INHERIT_ACE (0x1)
35 #define CONTAINER_INHERIT_ACE (0x2)
36 #define NO_PROPAGATE_INHERIT_ACE (0x4)
37 #define INHERIT_ONLY_ACE (0x8)
38 #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
39 #define FAILED_ACCESS_ACE_FLAG (0x80)
41 /* SECURITY_DESCRIPTOR_CONTROL */
42 #define SECURITY_DESCRIPTOR_REVISION (1)
43 #define SECURITY_DESCRIPTOR_MIN_LENGTH (20)
44 #define SE_OWNER_DEFAULTED (1)
45 #define SE_GROUP_DEFAULTED (2)
46 #define SE_DACL_PRESENT (4)
47 #define SE_DACL_DEFAULTED (8)
48 #define SE_SACL_PRESENT (16)
49 #define SE_SACL_DEFAULTED (32)
50 #define SE_SELF_RELATIVE (32768)
53 #define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x1L)
54 #define SE_PRIVILEGE_ENABLED (0x2L)
55 #define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
56 #define PRIVILEGE_SET_ALL_NECESSARY (0x1)
58 typedef struct _ACCESS_TOKEN
60 TOKEN_SOURCE TokenSource; /* 0x00 */
61 LUID TokenId; /* 0x10 */
62 LUID AuthenticationId; /* 0x18 */
63 LARGE_INTEGER ExpirationTime; /* 0x20 */
64 LUID ModifiedId; /* 0x28 */
65 ULONG UserAndGroupCount; /* 0x30 */
66 ULONG PrivilegeCount; /* 0x34 */
67 ULONG VariableLength; /* 0x38 */
68 ULONG DynamicCharged; /* 0x3C */
69 ULONG DynamicAvailable; /* 0x40 */
70 ULONG DefaultOwnerIndex; /* 0x44 */
71 PSID_AND_ATTRIBUTES UserAndGroups; /* 0x48 */
72 PSID PrimaryGroup; /* 0x4C */
73 PLUID_AND_ATTRIBUTES Privileges; /* 0x50 */
74 ULONG Unknown1; /* 0x54 */
75 PACL DefaultDacl; /* 0x58 */
76 TOKEN_TYPE TokenType; /* 0x5C */
77 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; /* 0x60 */
78 UCHAR TokenFlags; /* 0x64 */
79 UCHAR TokenInUse; /* 0x65 */
80 UCHAR Unused[2]; /* 0x66 */
81 PVOID ProxyData; /* 0x68 */
82 PVOID AuditData; /* 0x6c */
83 UCHAR VariablePart[0]; /* 0x70 */
84 } ACCESS_TOKEN, *PACCESS_TOKEN;
87 typedef struct _SECURITY_SUBJECT_CONTEXT
89 PACCESS_TOKEN ClientToken; /* 0x0 */
90 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; /* 0x4 */
91 PACCESS_TOKEN PrimaryToken; /* 0x8 */
92 PVOID ProcessAuditId; /* 0xC */
93 } SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT;
96 typedef struct _SECURITY_CLIENT_CONTEXT
98 SECURITY_QUALITY_OF_SERVICE SecurityQos; /* 0x00 */
99 PACCESS_TOKEN Token; /* 0x0C */
100 BOOLEAN DirectlyAccessClientToken; /* 0x10 */
101 BOOLEAN DirectAccessEffectiveOnly; /* 0x11 */
102 BOOLEAN ServerIsRemote; /* 0x12 */
103 TOKEN_CONTROL ClientTokenControl; /* 0x14 */
104 } SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
107 typedef struct _SE_EXPORTS
109 /* Privilege values */
110 LUID SeCreateTokenPrivilege;
111 LUID SeAssignPrimaryTokenPrivilege;
112 LUID SeLockMemoryPrivilege;
113 LUID SeIncreaseQuotaPrivilege;
114 LUID SeUnsolicitedInputPrivilege;
116 LUID SeSecurityPrivilege;
117 LUID SeTakeOwnershipPrivilege;
118 LUID SeLoadDriverPrivilege;
119 LUID SeCreatePagefilePrivilege;
120 LUID SeIncreaseBasePriorityPrivilege;
121 LUID SeSystemProfilePrivilege;
122 LUID SeSystemtimePrivilege;
123 LUID SeProfileSingleProcessPrivilege;
124 LUID SeCreatePermanentPrivilege;
125 LUID SeBackupPrivilege;
126 LUID SeRestorePrivilege;
127 LUID SeShutdownPrivilege;
128 LUID SeDebugPrivilege;
129 LUID SeAuditPrivilege;
130 LUID SeSystemEnvironmentPrivilege;
131 LUID SeChangeNotifyPrivilege;
132 LUID SeRemoteShutdownPrivilege;
134 /* Universally defined SIDs */
138 PSID SeCreatorOwnerSid;
139 PSID SeCreatorGroupSid;
141 /* Nt defined SIDs */
142 PSID SeNtAuthoritySid;
146 PSID SeInteractiveSid;
147 PSID SeLocalSystemSid;
148 PSID SeAliasAdminsSid;
149 PSID SeAliasUsersSid;
150 PSID SeAliasGuestsSid;
151 PSID SeAliasPowerUsersSid;
152 PSID SeAliasAccountOpsSid;
153 PSID SeAliasSystemOpsSid;
154 PSID SeAliasPrintOpsSid;
155 PSID SeAliasBackupOpsSid;
156 } SE_EXPORTS, *PSE_EXPORTS;
159 typedef NTSTATUS STDCALL_FUNC
160 (*PSE_LOGON_SESSION_TERMINATED_ROUTINE)(IN PLUID LogonId);
163 typedef enum _SECURITY_OPERATION_CODE
165 SetSecurityDescriptor,
166 QuerySecurityDescriptor,
167 DeleteSecurityDescriptor,
168 AssignSecurityDescriptor
169 } SECURITY_OPERATION_CODE, *PSECURITY_OPERATION_CODE;