include/ntos/security.h

   1 #ifndef __INCLUDE_SECURITY_H
   2 #define __INCLUDE_SECURITY_H
   3
   4 #include <ntos/ntdef.h>
   5 #include <ntos/types.h>
   6
   7 /* SID Auhority */
   8 #define SECURITY_NULL_SID_AUTHORITY             {0,0,0,0,0,0}
   9 #define SECURITY_WORLD_SID_AUTHORITY            {0,0,0,0,0,1}
  10 #define SECURITY_LOCAL_SID_AUTHORITY            {0,0,0,0,0,2}
  11 #define SECURITY_CREATOR_SID_AUTHORITY          {0,0,0,0,0,3}
  12 #define SECURITY_NON_UNIQUE_AUTHORITY           {0,0,0,0,0,4}
  13 #define SECURITY_NT_AUTHORITY                   {0,0,0,0,0,5}
  14
  15 /* SID */
  16 #define SECURITY_NULL_RID                       (0L)
  17 #define SECURITY_WORLD_RID                      (0L)
  18 #define SECURITY_LOCAL_RID                      (0L)
  19 #define SECURITY_CREATOR_OWNER_RID              (0L)
  20 #define SECURITY_CREATOR_GROUP_RID              (0x1L)
  21 #define SECURITY_CREATOR_OWNER_SERVER_RID       (0x2L)
  22 #define SECURITY_CREATOR_GROUP_SERVER_RID       (0x3L)
  23 #define SECURITY_DIALUP_RID                     (0x1L)
  24 #define SECURITY_NETWORK_RID                    (0x2L)
  25 #define SECURITY_BATCH_RID                      (0x3L)
  26 #define SECURITY_INTERACTIVE_RID                (0x4L)
  27 #define SECURITY_LOGON_IDS_RID                  (0x5L)
  28 #define SECURITY_LOGON_IDS_RID_COUNT            (0x3L)
  29 #define SECURITY_SERVICE_RID                    (0x6L)
  30 #define SECURITY_ANONYMOUS_LOGON_RID            (0x7L)
  31 #define SECURITY_PROXY_RID                      (0x8L)
  32 #define SECURITY_ENTERPRISE_CONTROLLERS_RID     (0x9L)
  33 #define SECURITY_SERVER_LOGON_RID               SECURITY_ENTERPRISE_CONTROLLERS_RID
  34 #define SECURITY_PRINCIPAL_SELF_RID             (0xAL)
  35 #define SECURITY_AUTHENTICATED_USER_RID         (0xBL)
  36 #define SECURITY_RESTRICTED_CODE_RID            (0xCL)
  37 #define SECURITY_LOCAL_SYSTEM_RID               (0x12L)
  38 #define SECURITY_NT_NON_UNIQUE_RID              (0x15L)
  39 #define SECURITY_BUILTIN_DOMAIN_RID             (0x20L)
  40 #define DOMAIN_USER_RID_ADMIN                   (0x1F4L)
  41 #define DOMAIN_USER_RID_GUEST                   (0x1F5L)
  42 #define DOMAIN_GROUP_RID_ADMINS                 (0x200L)
  43 #define DOMAIN_GROUP_RID_USERS                  (0x201L)
  44 #define DOMAIN_ALIAS_RID_ADMINS                 (0x220L)
  45 #define DOMAIN_ALIAS_RID_USERS                  (0x221L)
  46 #define DOMAIN_ALIAS_RID_GUESTS                 (0x222L)
  47 #define DOMAIN_ALIAS_RID_POWER_USERS            (0x223L)
  48 #define DOMAIN_ALIAS_RID_ACCOUNT_OPS            (0x224L)
  49 #define DOMAIN_ALIAS_RID_SYSTEM_OPS             (0x225L)
  50 #define DOMAIN_ALIAS_RID_PRINT_OPS              (0x226L)
  51 #define DOMAIN_ALIAS_RID_BACKUP_OPS             (0x227L)
  52 #define DOMAIN_ALIAS_RID_REPLICATOR             (0x228L)
  53
  54 /* Privileges */
  55 #define SE_MIN_WELL_KNOWN_PRIVILEGE             (2L)
  56 #define SE_CREATE_TOKEN_PRIVILEGE               (2L)
  57 #define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE         (3L)
  58 #define SE_LOCK_MEMORY_PRIVILEGE                (4L)
  59 #define SE_INCREASE_QUOTA_PRIVILEGE             (5L)
  60 #define SE_UNSOLICITED_INPUT_PRIVILEGE          (6L)  /* unused */
  61 #define SE_MACHINE_ACCOUNT_PRIVILEGE            (6L)
  62 #define SE_TCB_PRIVILEGE                        (7L)
  63 #define SE_SECURITY_PRIVILEGE                   (8L)
  64 #define SE_TAKE_OWNERSHIP_PRIVILEGE             (9L)
  65 #define SE_LOAD_DRIVER_PRIVILEGE                (10L)
  66 #define SE_SYSTEM_PROFILE_PRIVILEGE             (11L)
  67 #define SE_SYSTEMTIME_PRIVILEGE                 (12L)
  68 #define SE_PROF_SINGLE_PROCESS_PRIVILEGE        (13L)
  69 #define SE_INC_BASE_PRIORITY_PRIVILEGE          (14L)
  70 #define SE_CREATE_PAGEFILE_PRIVILEGE            (15L)
  71 #define SE_CREATE_PERMANENT_PRIVILEGE           (16L)
  72 #define SE_BACKUP_PRIVILEGE                     (17L)
  73 #define SE_RESTORE_PRIVILEGE                    (18L)
  74 #define SE_SHUTDOWN_PRIVILEGE                   (19L)
  75 #define SE_DEBUG_PRIVILEGE                      (20L)
  76 #define SE_AUDIT_PRIVILEGE                      (21L)
  77 #define SE_SYSTEM_ENVIRONMENT_PRIVILEGE         (22L)
  78 #define SE_CHANGE_NOTIFY_PRIVILEGE              (23L)
  79 #define SE_REMOTE_SHUTDOWN_PRIVILEGE            (24L)
  80 #define SE_MAX_WELL_KNOWN_PRIVILEGE             SE_REMOTE_SHUTDOWN_PRIVILEGE
  81
  82 #if 0
  83 /* Security descriptor control. */
  84 #define SECURITY_DESCRIPTOR_REVISION    (1)
  85 #define SECURITY_DESCRIPTOR_MIN_LENGTH  (20)
  86 #define SE_OWNER_DEFAULTED      (1)
  87 #define SE_GROUP_DEFAULTED      (2)
  88 #define SE_DACL_PRESENT (4)
  89 #define SE_DACL_DEFAULTED       (8)
  90 #define SE_SACL_PRESENT (16)
  91 #define SE_SACL_DEFAULTED       (32)
  92 #define SE_SELF_RELATIVE        (32768)
  93 #endif
  94
  95 /* ACCESS_MASK */
  96 #define MAXIMUM_ALLOWED                 (0x2000000L)
  97 #define GENERIC_ALL                     (0x10000000L)
  98 #define GENERIC_EXECUTE                 (0x20000000L)
  99
 100 #define SECURITY_STATIC_TRACKING        (0)
 101 #define SECURITY_DYNAMIC_TRACKING       (1)
 102
 103 /* Standard rights */
 104 #define STANDARD_RIGHTS_REQUIRED        (0xf0000L)
 105 #define STANDARD_RIGHTS_WRITE           (0x20000L)
 106 #define STANDARD_RIGHTS_READ            (0x20000L)
 107 #define STANDARD_RIGHTS_EXECUTE         (0x20000L)
 108 #define STANDARD_RIGHTS_ALL             (0x1f0000L)
 109 #define SPECIFIC_RIGHTS_ALL             (0xffffL)
 110
 111 /* Token rights */
 112 #define TOKEN_ASSIGN_PRIMARY            (0x0001L)
 113 #define TOKEN_DUPLICATE                 (0x0002L)
 114 #define TOKEN_IMPERSONATE               (0x0004L)
 115 #define TOKEN_QUERY                     (0x0008L)
 116 #define TOKEN_QUERY_SOURCE              (0x0010L)
 117 #define TOKEN_ADJUST_PRIVILEGES         (0x0020L)
 118 #define TOKEN_ADJUST_GROUPS             (0x0040L)
 119 #define TOKEN_ADJUST_DEFAULT            (0x0080L)
 120
 121 #define TOKEN_ALL_ACCESS                (0xf00ffL)
 122 #define TOKEN_READ                      (0x20008L)
 123 #define TOKEN_WRITE                     (0x200e0L)
 124 #define TOKEN_EXECUTE                   (0x20000L)
 125
 126 typedef BOOL SECURITY_CONTEXT_TRACKING_MODE;
 127
 128 typedef ULONG SECURITY_INFORMATION, *PSECURITY_INFORMATION;
 129
 130 typedef enum _TOKEN_INFORMATION_CLASS
 131 {
 132   TokenUser = 1,
 133   TokenGroups,
 134   TokenPrivileges,
 135   TokenOwner,
 136   TokenPrimaryGroup,
 137   TokenDefaultDacl,
 138   TokenSource,
 139   TokenType,
 140   TokenImpersonationLevel,
 141   TokenStatistics
 142 } TOKEN_INFORMATION_CLASS;
 143
 144 typedef ULONG SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL;
 145
 146 #define SecurityAnonymous ((SECURITY_IMPERSONATION_LEVEL)1)
 147 #define SecurityIdentification ((SECURITY_IMPERSONATION_LEVEL)2)
 148 #define SecurityImpersonation ((SECURITY_IMPERSONATION_LEVEL)3)
 149 #define SecurityDelegation ((SECURITY_IMPERSONATION_LEVEL)4)
 150
 151 typedef ULONG TOKEN_TYPE, *PTOKEN_TYPE;
 152
 153 #define TokenPrimary           ((TOKEN_TYPE)1)
 154 #define TokenImpersonation     ((TOKEN_TYPE)2)
 155
 156 //typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE, *PSECURITY_CONTEXT_TRACKING_MODE;
 157
 158 //#define SECURITY_DYNAMIC_TRACKING  (TRUE)
 159 //#define SECURITY_STATIC_TRACKING   (FALSE)
 160
 161 typedef ULONG ACCESS_MASK, *PACCESS_MASK;
 162 typedef ULONG ACCESS_MODE, *PACCESS_MODE;
 163
 164 typedef struct _SECURITY_QUALITY_OF_SERVICE
 165 {
 166   ULONG Length;
 167   SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
 168   SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode;
 169   BOOLEAN EffectiveOnly;
 170 } SECURITY_QUALITY_OF_SERVICE;
 171
 172 typedef SECURITY_QUALITY_OF_SERVICE* PSECURITY_QUALITY_OF_SERVICE;
 173
 174 typedef struct _ACE_HEADER
 175 {
 176   BYTE AceType;
 177   BYTE AceFlags;
 178   WORD AceSize;
 179 } ACE_HEADER, *PACE_HEADER;
 180
 181 typedef struct
 182 {
 183   ACE_HEADER Header;
 184   ACCESS_MASK AccessMask;
 185 } ACE, *PACE;
 186
 187 typedef struct _SID_IDENTIFIER_AUTHORITY
 188 {
 189   BYTE Value[6];
 190 } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
 191
 192 typedef struct _SID
 193 {
 194   UCHAR  Revision;
 195   UCHAR  SubAuthorityCount;
 196   SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
 197   ULONG SubAuthority[1];
 198 } SID, *PSID;
 199
 200 typedef struct _ACL
 201 {
 202   UCHAR AclRevision;
 203   UCHAR Sbz1;
 204   USHORT AclSize;
 205   USHORT AceCount;
 206   USHORT Sbz2;
 207 } ACL, *PACL;
 208
 209 typedef struct _ACL_REVISION_INFORMATION
 210 {
 211   ULONG AclRevision;
 212 } ACL_REVISION_INFORMATION, *PACL_REVISION_INFORMATION;
 213
 214 typedef struct _ACL_SIZE_INFORMATION
 215 {
 216   ULONG AceCount;
 217   ULONG AclBytesInUse;
 218   ULONG AclBytesFree;
 219 } ACL_SIZE_INFORMATION, *PACL_SIZE_INFORMATION;
 220
 221 typedef enum _ACL_INFORMATION_CLASS
 222 {
 223   AclRevisionInformation = 1,
 224   AclSizeInformation
 225 } ACL_INFORMATION_CLASS;
 226
 227 typedef USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
 228
 229 typedef struct _SECURITY_DESCRIPTOR_CONTEXT
 230 {
 231 } SECURITY_DESCRIPTOR_CONTEXT, *PSECURITY_DESCRIPTOR_CONTEXT;
 232
 233 typedef LARGE_INTEGER LUID, *PLUID;
 234
 235 typedef struct _SECURITY_DESCRIPTOR
 236 {
 237   UCHAR  Revision;
 238   UCHAR  Sbz1;
 239   SECURITY_DESCRIPTOR_CONTROL Control;
 240   PSID Owner;
 241   PSID Group;
 242   PACL Sacl;
 243   PACL Dacl;
 244 } SECURITY_DESCRIPTOR, *PSECURITY_DESCRIPTOR;
 245
 246 typedef struct _LUID_AND_ATTRIBUTES
 247 {
 248   LUID  Luid;
 249   DWORD Attributes;
 250 } LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
 251
 252 typedef struct _TOKEN_SOURCE
 253 {
 254   CHAR SourceName[8];
 255   LUID SourceIdentifier;
 256 } TOKEN_SOURCE, *PTOKEN_SOURCE;
 257
 258 typedef struct _TOKEN_CONTROL
 259 {
 260   LUID TokenId;
 261   LUID AuthenticationId;
 262   LUID ModifiedId;
 263   TOKEN_SOURCE TokenSource;
 264 } TOKEN_CONTROL, *PTOKEN_CONTROL;
 265
 266 typedef struct _SID_AND_ATTRIBUTES
 267 {
 268   PSID  Sid;
 269   DWORD Attributes;
 270 } SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
 271
 272 typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
 273 typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
 274
 275 typedef struct _TOKEN_USER
 276 {
 277   SID_AND_ATTRIBUTES User;
 278 } TOKEN_USER, *PTOKEN_USER;
 279
 280 typedef struct _TOKEN_PRIMARY_GROUP
 281 {
 282   PSID PrimaryGroup;
 283 } TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
 284
 285 typedef struct _TOKEN_GROUPS
 286 {
 287   DWORD GroupCount;
 288   SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
 289 } TOKEN_GROUPS, *PTOKEN_GROUPS, *LPTOKEN_GROUPS;
 290
 291 typedef struct _TOKEN_PRIVILEGES
 292 {
 293   DWORD PrivilegeCount;
 294   LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
 295 } TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES, *LPTOKEN_PRIVILEGES;
 296
 297 typedef struct _TOKEN_OWNER
 298 {
 299   PSID Owner;
 300 } TOKEN_OWNER, *PTOKEN_OWNER;
 301
 302 typedef struct _TOKEN_DEFAULT_DACL
 303 {
 304   PACL DefaultDacl;
 305 } TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
 306
 307 typedef struct _TOKEN_STATISTICS
 308 {
 309   LUID  TokenId;
 310   LUID  AuthenticationId;
 311   LARGE_INTEGER ExpirationTime;
 312   TOKEN_TYPE TokenType;
 313   SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
 314   DWORD DynamicCharged;
 315   DWORD DynamicAvailable;
 316   DWORD GroupCount;
 317   DWORD PrivilegeCount;
 318   LUID  ModifiedId;
 319 } TOKEN_STATISTICS, *PTOKEN_STATISTICS;
 320
 321 typedef struct _GENERIC_MAPPING
 322 {
 323   ACCESS_MASK GenericRead;
 324   ACCESS_MASK GenericWrite;
 325   ACCESS_MASK GenericExecute;
 326   ACCESS_MASK GenericAll;
 327 } GENERIC_MAPPING, *PGENERIC_MAPPING;
 328
 329 typedef struct _PRIVILEGE_SET
 330 {
 331   DWORD PrivilegeCount;
 332   DWORD Control;
 333   LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY];
 334 } PRIVILEGE_SET, *PPRIVILEGE_SET, *LPPRIVILEGE_SET;
 335
 336 typedef struct _SECURITY_ATTRIBUTES
 337 {
 338   DWORD  nLength;
 339   LPVOID lpSecurityDescriptor;
 340   BOOL   bInheritHandle;
 341 } SECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES;
 342
 343
 344 #endif /* __INCLUDE_SECURITY_H */