1 #ifndef __INCLUDE_SECURITY_H
2 #define __INCLUDE_SECURITY_H
4 #include <ntos/ntdef.h>
5 #include <ntos/types.h>
8 #define SE_MIN_WELL_KNOWN_PRIVILEGE (2L)
9 #define SE_CREATE_TOKEN_PRIVILEGE (2L)
10 #define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE (3L)
11 #define SE_LOCK_MEMORY_PRIVILEGE (4L)
12 #define SE_INCREASE_QUOTA_PRIVILEGE (5L)
13 #define SE_UNSOLICITED_INPUT_PRIVILEGE (6L) /* unused */
14 #define SE_MACHINE_ACCOUNT_PRIVILEGE (6L)
15 #define SE_TCB_PRIVILEGE (7L)
16 #define SE_SECURITY_PRIVILEGE (8L)
17 #define SE_TAKE_OWNERSHIP_PRIVILEGE (9L)
18 #define SE_LOAD_DRIVER_PRIVILEGE (10L)
19 #define SE_SYSTEM_PROFILE_PRIVILEGE (11L)
20 #define SE_SYSTEMTIME_PRIVILEGE (12L)
21 #define SE_PROF_SINGLE_PROCESS_PRIVILEGE (13L)
22 #define SE_INC_BASE_PRIORITY_PRIVILEGE (14L)
23 #define SE_CREATE_PAGEFILE_PRIVILEGE (15L)
24 #define SE_CREATE_PERMANENT_PRIVILEGE (16L)
25 #define SE_BACKUP_PRIVILEGE (17L)
26 #define SE_RESTORE_PRIVILEGE (18L)
27 #define SE_SHUTDOWN_PRIVILEGE (19L)
28 #define SE_DEBUG_PRIVILEGE (20L)
29 #define SE_AUDIT_PRIVILEGE (21L)
30 #define SE_SYSTEM_ENVIRONMENT_PRIVILEGE (22L)
31 #define SE_CHANGE_NOTIFY_PRIVILEGE (23L)
32 #define SE_REMOTE_SHUTDOWN_PRIVILEGE (24L)
33 #define SE_MAX_WELL_KNOWN_PRIVILEGE SE_REMOTE_SHUTDOWN_PRIVILEGE
36 /* Security descriptor control. */
37 #define SECURITY_DESCRIPTOR_REVISION (1)
38 #define SECURITY_DESCRIPTOR_MIN_LENGTH (20)
39 #define SE_OWNER_DEFAULTED (1)
40 #define SE_GROUP_DEFAULTED (2)
41 #define SE_DACL_PRESENT (4)
42 #define SE_DACL_DEFAULTED (8)
43 #define SE_SACL_PRESENT (16)
44 #define SE_SACL_DEFAULTED (32)
45 #define SE_SELF_RELATIVE (32768)
48 typedef ULONG ACCESS_MODE, *PACCESS_MODE;
51 typedef struct _ACE_HEADER
56 ACCESS_MASK AccessMask;
57 } ACE_HEADER, *PACE_HEADER;
66 typedef struct _SECURITY_DESCRIPTOR_CONTEXT
68 } SECURITY_DESCRIPTOR_CONTEXT, *PSECURITY_DESCRIPTOR_CONTEXT;
75 #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
76 #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
77 #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
78 #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
79 #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
80 #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5}
83 #define SECURITY_NULL_RID (0L)
84 #define SECURITY_WORLD_RID (0L)
85 #define SECURITY_LOCAL_RID (0L)
86 #define SECURITY_CREATOR_OWNER_RID (0L)
87 #define SECURITY_CREATOR_GROUP_RID (0x1L)
88 #define SECURITY_CREATOR_OWNER_SERVER_RID (0x2L)
89 #define SECURITY_CREATOR_GROUP_SERVER_RID (0x3L)
90 #define SECURITY_DIALUP_RID (0x1L)
91 #define SECURITY_NETWORK_RID (0x2L)
92 #define SECURITY_BATCH_RID (0x3L)
93 #define SECURITY_INTERACTIVE_RID (0x4L)
94 #define SECURITY_LOGON_IDS_RID (0x5L)
95 #define SECURITY_LOGON_IDS_RID_COUNT (0x3L)
96 #define SECURITY_SERVICE_RID (0x6L)
97 #define SECURITY_ANONYMOUS_LOGON_RID (0x7L)
98 #define SECURITY_PROXY_RID (0x8L)
99 #define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x9L)
100 #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID
101 #define SECURITY_PRINCIPAL_SELF_RID (0xAL)
102 #define SECURITY_AUTHENTICATED_USER_RID (0xBL)
103 #define SECURITY_RESTRICTED_CODE_RID (0xCL)
104 #define SECURITY_LOCAL_SYSTEM_RID (0x12L)
105 #define SECURITY_NT_NON_UNIQUE_RID (0x15L)
106 #define SECURITY_BUILTIN_DOMAIN_RID (0x20L)
107 #define DOMAIN_USER_RID_ADMIN (0x1F4L)
108 #define DOMAIN_USER_RID_GUEST (0x1F5L)
109 #define DOMAIN_GROUP_RID_ADMINS (0x200L)
110 #define DOMAIN_GROUP_RID_USERS (0x201L)
111 #define DOMAIN_ALIAS_RID_ADMINS (0x220L)
112 #define DOMAIN_ALIAS_RID_USERS (0x221L)
113 #define DOMAIN_ALIAS_RID_GUESTS (0x222L)
114 #define DOMAIN_ALIAS_RID_POWER_USERS (0x223L)
115 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x224L)
116 #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x225L)
117 #define DOMAIN_ALIAS_RID_PRINT_OPS (0x226L)
118 #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x227L)
119 #define DOMAIN_ALIAS_RID_REPLICATOR (0x228L)
122 #define MAXIMUM_ALLOWED (0x2000000L)
123 #define GENERIC_ALL (0x10000000L)
124 #define GENERIC_EXECUTE (0x20000000L)
126 #define SECURITY_STATIC_TRACKING (0)
127 #define SECURITY_DYNAMIC_TRACKING (1)
129 /* Standard rights */
130 #define STANDARD_RIGHTS_REQUIRED (0xf0000L)
131 #define STANDARD_RIGHTS_WRITE (0x20000L)
132 #define STANDARD_RIGHTS_READ (0x20000L)
133 #define STANDARD_RIGHTS_EXECUTE (0x20000L)
134 #define STANDARD_RIGHTS_ALL (0x1f0000L)
135 #define SPECIFIC_RIGHTS_ALL (0xffffL)
138 #define TOKEN_ASSIGN_PRIMARY (0x0001L)
139 #define TOKEN_DUPLICATE (0x0002L)
140 #define TOKEN_IMPERSONATE (0x0004L)
141 #define TOKEN_QUERY (0x0008L)
142 #define TOKEN_QUERY_SOURCE (0x0010L)
143 #define TOKEN_ADJUST_PRIVILEGES (0x0020L)
144 #define TOKEN_ADJUST_GROUPS (0x0040L)
145 #define TOKEN_ADJUST_DEFAULT (0x0080L)
147 #define TOKEN_ALL_ACCESS (0xf00ffL)
148 #define TOKEN_READ (0x20008L)
149 #define TOKEN_WRITE (0x200e0L)
150 #define TOKEN_EXECUTE (0x20000L)
152 typedef BOOL SECURITY_CONTEXT_TRACKING_MODE;
154 typedef ULONG SECURITY_INFORMATION, *PSECURITY_INFORMATION;
156 typedef enum _TOKEN_INFORMATION_CLASS
166 TokenImpersonationLevel,
168 } TOKEN_INFORMATION_CLASS;
170 typedef ULONG SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL;
172 #define SecurityAnonymous ((SECURITY_IMPERSONATION_LEVEL)1)
173 #define SecurityIdentification ((SECURITY_IMPERSONATION_LEVEL)2)
174 #define SecurityImpersonation ((SECURITY_IMPERSONATION_LEVEL)3)
175 #define SecurityDelegation ((SECURITY_IMPERSONATION_LEVEL)4)
177 typedef ULONG ACCESS_MASK, *PACCESS_MASK;
178 typedef ULONG TOKEN_TYPE, *PTOKEN_TYPE;
180 #define TokenPrimary ((TOKEN_TYPE)1)
181 #define TokenImpersonation ((TOKEN_TYPE)2)
183 typedef struct _SECURITY_QUALITY_OF_SERVICE
186 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
187 SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode;
188 BOOLEAN EffectiveOnly;
189 } SECURITY_QUALITY_OF_SERVICE;
191 typedef SECURITY_QUALITY_OF_SERVICE* PSECURITY_QUALITY_OF_SERVICE;
193 typedef struct _ACE_HEADER
198 } ACE_HEADER, *PACE_HEADER;
200 typedef struct _SID_IDENTIFIER_AUTHORITY
203 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
208 UCHAR SubAuthorityCount;
209 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
210 ULONG SubAuthority[1];
222 typedef struct _ACL_REVISION_INFORMATION
225 } ACL_REVISION_INFORMATION, *PACL_REVISION_INFORMATION;
227 typedef struct _ACL_SIZE_INFORMATION
232 } ACL_SIZE_INFORMATION, *PACL_SIZE_INFORMATION;
234 typedef enum _ACL_INFORMATION_CLASS
236 AclRevisionInformation = 1,
238 } ACL_INFORMATION_CLASS;
240 typedef USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
242 typedef LARGE_INTEGER LUID, *PLUID;
244 typedef struct _SECURITY_DESCRIPTOR
248 SECURITY_DESCRIPTOR_CONTROL Control;
253 } SECURITY_DESCRIPTOR, *PSECURITY_DESCRIPTOR;
255 typedef struct _LUID_AND_ATTRIBUTES
259 } LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
261 typedef struct _TOKEN_SOURCE
264 LUID SourceIdentifier;
265 } TOKEN_SOURCE, *PTOKEN_SOURCE;
267 typedef struct _TOKEN_CONTROL
270 LUID AuthenticationId;
272 TOKEN_SOURCE TokenSource;
273 } TOKEN_CONTROL, *PTOKEN_CONTROL;
275 typedef struct _SID_AND_ATTRIBUTES
279 } SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
281 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
282 typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
284 typedef struct _TOKEN_USER
286 SID_AND_ATTRIBUTES User;
287 } TOKEN_USER, *PTOKEN_USER;
289 typedef struct _TOKEN_PRIMARY_GROUP
292 } TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
294 typedef struct _TOKEN_GROUPS
297 SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
298 } TOKEN_GROUPS, *PTOKEN_GROUPS, *LPTOKEN_GROUPS;
300 typedef struct _TOKEN_PRIVILEGES
302 DWORD PrivilegeCount;
303 LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
304 } TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES, *LPTOKEN_PRIVILEGES;
306 typedef struct _TOKEN_OWNER
309 } TOKEN_OWNER, *PTOKEN_OWNER;
311 typedef struct _TOKEN_DEFAULT_DACL
314 } TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
316 typedef struct _TOKEN_STATISTICS
319 LUID AuthenticationId;
320 LARGE_INTEGER ExpirationTime;
321 TOKEN_TYPE TokenType;
322 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
323 DWORD DynamicCharged;
324 DWORD DynamicAvailable;
326 DWORD PrivilegeCount;
328 } TOKEN_STATISTICS, *PTOKEN_STATISTICS;
330 typedef struct _GENERIC_MAPPING
332 ACCESS_MASK GenericRead;
333 ACCESS_MASK GenericWrite;
334 ACCESS_MASK GenericExecute;
335 ACCESS_MASK GenericAll;
336 } GENERIC_MAPPING, *PGENERIC_MAPPING;
338 typedef struct _PRIVILEGE_SET
340 DWORD PrivilegeCount;
342 LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY];
343 } PRIVILEGE_SET, *PPRIVILEGE_SET, *LPPRIVILEGE_SET;
345 typedef struct _SECURITY_ATTRIBUTES
348 LPVOID lpSecurityDescriptor;
350 } SECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES;
352 #endif /* !__USE_W32API */
357 ACCESS_MASK AccessMask;
360 #endif /* __INCLUDE_SECURITY_H */