1 /*++ NDK Version: 0098 2 3 Copyright (c) Alex Ionescu. All rights reserved. 4 5 Header Name: 6 7 setypes.h 8 9 Abstract: 10 11 Type definitions for the security manager. 12 13 Author: 14 15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 16 17 --*/ 18 19 #ifndef _SETYPES_H 20 #define _SETYPES_H 21 22 // 23 // Dependencies 24 // 25 #include <umtypes.h> 26 27 // 28 // Well Known SIDs 29 // 30 #define SECURITY_INTERNETSITE_AUTHORITY {0,0,0,0,0,7} 31 32 #ifdef NTOS_MODE_USER 33 // 34 // Privilege constants 35 // 36 #define SE_MIN_WELL_KNOWN_PRIVILEGE (2L) 37 #define SE_CREATE_TOKEN_PRIVILEGE (2L) 38 #define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE (3L) 39 #define SE_LOCK_MEMORY_PRIVILEGE (4L) 40 #define SE_INCREASE_QUOTA_PRIVILEGE (5L) 41 #define SE_UNSOLICITED_INPUT_PRIVILEGE (6L) 42 #define SE_MACHINE_ACCOUNT_PRIVILEGE (6L) 43 #define SE_TCB_PRIVILEGE (7L) 44 #define SE_SECURITY_PRIVILEGE (8L) 45 #define SE_TAKE_OWNERSHIP_PRIVILEGE (9L) 46 #define SE_LOAD_DRIVER_PRIVILEGE (10L) 47 #define SE_SYSTEM_PROFILE_PRIVILEGE (11L) 48 #define SE_SYSTEMTIME_PRIVILEGE (12L) 49 #define SE_PROF_SINGLE_PROCESS_PRIVILEGE (13L) 50 #define SE_INC_BASE_PRIORITY_PRIVILEGE (14L) 51 #define SE_CREATE_PAGEFILE_PRIVILEGE (15L) 52 #define SE_CREATE_PERMANENT_PRIVILEGE (16L) 53 #define SE_BACKUP_PRIVILEGE (17L) 54 #define SE_RESTORE_PRIVILEGE (18L) 55 #define SE_SHUTDOWN_PRIVILEGE (19L) 56 #define SE_DEBUG_PRIVILEGE (20L) 57 #define SE_AUDIT_PRIVILEGE (21L) 58 #define SE_SYSTEM_ENVIRONMENT_PRIVILEGE (22L) 59 #define SE_CHANGE_NOTIFY_PRIVILEGE (23L) 60 #define SE_REMOTE_SHUTDOWN_PRIVILEGE (24L) 61 #define SE_UNDOCK_PRIVILEGE (25L) 62 #define SE_SYNC_AGENT_PRIVILEGE (26L) 63 #define SE_ENABLE_DELEGATION_PRIVILEGE (27L) 64 #define SE_MANAGE_VOLUME_PRIVILEGE (28L) 65 #define SE_IMPERSONATE_PRIVILEGE (29L) 66 #define SE_CREATE_GLOBAL_PRIVILEGE (30L) 67 #define SE_MAX_WELL_KNOWN_PRIVILEGE (SE_CREATE_GLOBAL_PRIVILEGE) 68 69 typedef struct _TOKEN_MANDATORY_POLICY { 70 ULONG Policy; 71 } TOKEN_MANDATORY_POLICY, *PTOKEN_MANDATORY_POLICY; 72 73 typedef struct _TOKEN_ACCESS_INFORMATION 74 { 75 struct _SID_AND_ATTRIBUTES_HASH *SidHash; 76 struct _SID_AND_ATTRIBUTES_HASH *RestrictedSidHash; 77 struct _TOKEN_PRIVILEGES *Privileges; 78 LUID AuthenticationId; 79 TOKEN_TYPE TokenType; 80 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; 81 TOKEN_MANDATORY_POLICY MandatoryPolicy; 82 ULONG Flags; 83 } TOKEN_ACCESS_INFORMATION, *PTOKEN_ACCESS_INFORMATION; 84 85 #else 86 87 // 88 // User and Group-related SID Attributes 89 // 90 #define SE_GROUP_MANDATORY 0x00000001 91 #define SE_GROUP_ENABLED_BY_DEFAULT 0x00000002 92 #define SE_GROUP_ENABLED 0x00000004 93 #define SE_GROUP_OWNER 0x00000008 94 #define SE_GROUP_USE_FOR_DENY_ONLY 0x00000010 95 #define SE_GROUP_INTEGRITY 0x00000020 96 #define SE_GROUP_INTEGRITY_ENABLED 0x00000040 97 #define SE_GROUP_RESOURCE 0x20000000 98 #define SE_GROUP_LOGON_ID 0xC0000000 99 100 #define SE_GROUP_VALID_ATTRIBUTES \ 101 (SE_GROUP_MANDATORY | \ 102 SE_GROUP_ENABLED_BY_DEFAULT | \ 103 SE_GROUP_ENABLED | \ 104 SE_GROUP_OWNER | \ 105 SE_GROUP_USE_FOR_DENY_ONLY | \ 106 SE_GROUP_LOGON_ID | \ 107 SE_GROUP_RESOURCE | \ 108 SE_GROUP_INTEGRITY | \ 109 SE_GROUP_INTEGRITY_ENABLED) 110 111 // 112 // Privilege token filtering flags 113 // 114 #define DISABLE_MAX_PRIVILEGE 0x1 115 #define SANDBOX_INERT 0x2 116 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 117 #define LUA_TOKEN 0x4 118 #define WRITE_RESTRICTED 0x8 119 #endif 120 121 // 122 // Proxy Class enumeration 123 // 124 typedef enum _PROXY_CLASS 125 { 126 ProxyFull = 0, 127 ProxyService, 128 ProxyTree, 129 ProxyDirectory 130 } PROXY_CLASS; 131 132 // 133 // Audit and Policy Structures 134 // 135 typedef struct _SEP_AUDIT_POLICY_CATEGORIES 136 { 137 UCHAR System:4; 138 UCHAR Logon:4; 139 UCHAR ObjectAccess:4; 140 UCHAR PrivilegeUse:4; 141 UCHAR DetailedTracking:4; 142 UCHAR PolicyChange:4; 143 UCHAR AccountManagement:4; 144 UCHAR DirectoryServiceAccess:4; 145 UCHAR AccountLogon:4; 146 } SEP_AUDIT_POLICY_CATEGORIES, *PSEP_AUDIT_POLICY_CATEGORIES; 147 148 typedef struct _SEP_AUDIT_POLICY_OVERLAY 149 { 150 ULONGLONG PolicyBits:36; 151 ULONGLONG SetBit:1; 152 } SEP_AUDIT_POLICY_OVERLAY, *PSEP_AUDIT_POLICY_OVERLAY; 153 154 typedef struct _SEP_AUDIT_POLICY 155 { 156 union 157 { 158 SEP_AUDIT_POLICY_CATEGORIES PolicyElements; 159 SEP_AUDIT_POLICY_OVERLAY PolicyOverlay; 160 ULONGLONG Overlay; 161 }; 162 } SEP_AUDIT_POLICY, *PSEP_AUDIT_POLICY; 163 164 // 165 // Security Logon Session References 166 // 167 typedef struct _SEP_LOGON_SESSION_REFERENCES 168 { 169 struct _SEP_LOGON_SESSION_REFERENCES *Next; 170 LUID LogonId; 171 ULONG ReferenceCount; 172 ULONG Flags; 173 PDEVICE_MAP pDeviceMap; 174 LIST_ENTRY TokenList; 175 } SEP_LOGON_SESSION_REFERENCES, *PSEP_LOGON_SESSION_REFERENCES; 176 177 typedef struct _SE_AUDIT_PROCESS_CREATION_INFO 178 { 179 POBJECT_NAME_INFORMATION ImageFileName; 180 } SE_AUDIT_PROCESS_CREATION_INFO, *PSE_AUDIT_PROCESS_CREATION_INFO; 181 182 // 183 // Token Audit Data 184 // 185 typedef struct _SECURITY_TOKEN_AUDIT_DATA 186 { 187 ULONG Length; 188 ULONG GrantMask; 189 ULONG DenyMask; 190 } SECURITY_TOKEN_AUDIT_DATA, *PSECURITY_TOKEN_AUDIT_DATA; 191 192 // 193 // Token Proxy Data 194 // 195 typedef struct _SECURITY_TOKEN_PROXY_DATA 196 { 197 ULONG Length; 198 PROXY_CLASS ProxyClass; 199 UNICODE_STRING PathInfo; 200 ULONG ContainerMask; 201 ULONG ObjectMask; 202 } SECURITY_TOKEN_PROXY_DATA, *PSECURITY_TOKEN_PROXY_DATA; 203 204 // 205 // Token and auxiliary data 206 // 207 // ===================!!!IMPORTANT NOTE!!!===================== 208 // ImageFileName, ProcessCid, ThreadCid and CreateMethod field 209 // names are taken from Windows Server 2003 SP2 checked build 210 // WinDBG debug extensions command purposes (such as !logonsession 211 // command respectively). As such names are hardcoded, we have 212 // to be compatible with them. THESE FIELD NAMES MUST NOT BE 213 // CHANGED!!! 214 // ============================================================ 215 typedef struct _TOKEN 216 { 217 TOKEN_SOURCE TokenSource; /* 0x00 */ 218 LUID TokenId; /* 0x10 */ 219 LUID AuthenticationId; /* 0x18 */ 220 LUID ParentTokenId; /* 0x20 */ 221 LARGE_INTEGER ExpirationTime; /* 0x28 */ 222 PERESOURCE TokenLock; /* 0x30 */ 223 SEP_AUDIT_POLICY AuditPolicy; /* 0x38 */ 224 LUID ModifiedId; /* 0x40 */ 225 ULONG SessionId; /* 0x48 */ 226 ULONG UserAndGroupCount; /* 0x4C */ 227 ULONG RestrictedSidCount; /* 0x50 */ 228 ULONG PrivilegeCount; /* 0x54 */ 229 ULONG VariableLength; /* 0x58 */ 230 ULONG DynamicCharged; /* 0x5C */ 231 ULONG DynamicAvailable; /* 0x60 */ 232 ULONG DefaultOwnerIndex; /* 0x64 */ 233 PSID_AND_ATTRIBUTES UserAndGroups; /* 0x68 */ 234 PSID_AND_ATTRIBUTES RestrictedSids; /* 0x6C */ 235 PSID PrimaryGroup; /* 0x70 */ 236 PLUID_AND_ATTRIBUTES Privileges; /* 0x74 */ 237 PULONG DynamicPart; /* 0x78 */ 238 PACL DefaultDacl; /* 0x7C */ 239 TOKEN_TYPE TokenType; /* 0x80 */ 240 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; /* 0x84 */ 241 ULONG TokenFlags; /* 0x88 */ 242 BOOLEAN TokenInUse; /* 0x8C */ 243 PSECURITY_TOKEN_PROXY_DATA ProxyData; /* 0x90 */ 244 PSECURITY_TOKEN_AUDIT_DATA AuditData; /* 0x94 */ 245 PSEP_LOGON_SESSION_REFERENCES LogonSession; /* 0x98 */ 246 LUID OriginatingLogonSession; /* 0x9C */ 247 #if DBG 248 UCHAR ImageFileName[16]; /* 0xA4 */ 249 HANDLE ProcessCid; /* 0xB4 */ 250 HANDLE ThreadCid; /* 0xB8 */ 251 ULONG CreateMethod; /* 0xBC */ 252 #endif 253 ULONG VariablePart; /* 0xC0 */ 254 } TOKEN, *PTOKEN; 255 256 typedef struct _AUX_ACCESS_DATA 257 { 258 PPRIVILEGE_SET PrivilegesUsed; 259 GENERIC_MAPPING GenericMapping; 260 ACCESS_MASK AccessesToAudit; 261 ACCESS_MASK MaximumAuditMask; 262 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 263 GUID TransactionId; 264 #endif 265 #if (NTDDI_VERSION >= NTDDI_WIN7) 266 PVOID NewSecurityDescriptor; 267 PVOID ExistingSecurityDescriptor; 268 PVOID ParentSecurityDescriptor; 269 VOID (NTAPI *DerefSecurityDescriptor)(PVOID, PVOID); 270 PVOID SDLock; 271 ACCESS_REASONS AccessReasons; 272 #endif 273 #if (NTDDI_VERSION >= NTDDI_WIN8) 274 BOOLEAN GenerateStagingEvents; 275 #endif 276 } AUX_ACCESS_DATA, *PAUX_ACCESS_DATA; 277 278 // 279 // External SRM Data 280 // 281 extern PACL NTSYSAPI SePublicDefaultDacl; 282 extern PACL NTSYSAPI SeSystemDefaultDacl; 283 284 #endif 285 #endif 286