xref: /reactos/sdk/include/ndk/setypes.h (revision 9d3c3a75)
1 /*++ NDK Version: 0098
2 
3 Copyright (c) Alex Ionescu.  All rights reserved.
4 
5 Header Name:
6 
7     setypes.h
8 
9 Abstract:
10 
11     Type definitions for the security manager.
12 
13 Author:
14 
15     Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
16 
17 --*/
18 
19 #ifndef _SETYPES_H
20 #define _SETYPES_H
21 
22 //
23 // Dependencies
24 //
25 #include <umtypes.h>
26 
27 //
28 // Well Known SIDs
29 //
30 #define SECURITY_INTERNETSITE_AUTHORITY     {0,0,0,0,0,7}
31 
32 #ifdef NTOS_MODE_USER
33 //
34 // Privilege constants
35 //
36 #define SE_MIN_WELL_KNOWN_PRIVILEGE       (2L)
37 #define SE_CREATE_TOKEN_PRIVILEGE         (2L)
38 #define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE   (3L)
39 #define SE_LOCK_MEMORY_PRIVILEGE          (4L)
40 #define SE_INCREASE_QUOTA_PRIVILEGE       (5L)
41 #define SE_UNSOLICITED_INPUT_PRIVILEGE    (6L)
42 #define SE_MACHINE_ACCOUNT_PRIVILEGE      (6L)
43 #define SE_TCB_PRIVILEGE                  (7L)
44 #define SE_SECURITY_PRIVILEGE             (8L)
45 #define SE_TAKE_OWNERSHIP_PRIVILEGE       (9L)
46 #define SE_LOAD_DRIVER_PRIVILEGE          (10L)
47 #define SE_SYSTEM_PROFILE_PRIVILEGE       (11L)
48 #define SE_SYSTEMTIME_PRIVILEGE           (12L)
49 #define SE_PROF_SINGLE_PROCESS_PRIVILEGE  (13L)
50 #define SE_INC_BASE_PRIORITY_PRIVILEGE    (14L)
51 #define SE_CREATE_PAGEFILE_PRIVILEGE      (15L)
52 #define SE_CREATE_PERMANENT_PRIVILEGE     (16L)
53 #define SE_BACKUP_PRIVILEGE               (17L)
54 #define SE_RESTORE_PRIVILEGE              (18L)
55 #define SE_SHUTDOWN_PRIVILEGE             (19L)
56 #define SE_DEBUG_PRIVILEGE                (20L)
57 #define SE_AUDIT_PRIVILEGE                (21L)
58 #define SE_SYSTEM_ENVIRONMENT_PRIVILEGE   (22L)
59 #define SE_CHANGE_NOTIFY_PRIVILEGE        (23L)
60 #define SE_REMOTE_SHUTDOWN_PRIVILEGE      (24L)
61 #define SE_UNDOCK_PRIVILEGE               (25L)
62 #define SE_SYNC_AGENT_PRIVILEGE           (26L)
63 #define SE_ENABLE_DELEGATION_PRIVILEGE    (27L)
64 #define SE_MANAGE_VOLUME_PRIVILEGE        (28L)
65 #define SE_IMPERSONATE_PRIVILEGE          (29L)
66 #define SE_CREATE_GLOBAL_PRIVILEGE        (30L)
67 #define SE_MAX_WELL_KNOWN_PRIVILEGE       (SE_CREATE_GLOBAL_PRIVILEGE)
68 
69 typedef struct _TOKEN_MANDATORY_POLICY {
70   ULONG Policy;
71 } TOKEN_MANDATORY_POLICY, *PTOKEN_MANDATORY_POLICY;
72 
73 typedef struct _TOKEN_ACCESS_INFORMATION
74 {
75     struct _SID_AND_ATTRIBUTES_HASH *SidHash;
76     struct _SID_AND_ATTRIBUTES_HASH *RestrictedSidHash;
77     struct _TOKEN_PRIVILEGES *Privileges;
78     LUID AuthenticationId;
79     TOKEN_TYPE TokenType;
80     SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
81     TOKEN_MANDATORY_POLICY MandatoryPolicy;
82     ULONG Flags;
83 } TOKEN_ACCESS_INFORMATION, *PTOKEN_ACCESS_INFORMATION;
84 
85 #else
86 
87 //
88 // User and Group-related SID Attributes
89 //
90 #define SE_GROUP_MANDATORY                                  0x00000001
91 #define SE_GROUP_ENABLED_BY_DEFAULT                         0x00000002
92 #define SE_GROUP_ENABLED                                    0x00000004
93 #define SE_GROUP_OWNER                                      0x00000008
94 #define SE_GROUP_USE_FOR_DENY_ONLY                          0x00000010
95 #define SE_GROUP_INTEGRITY                                  0x00000020
96 #define SE_GROUP_INTEGRITY_ENABLED                          0x00000040
97 #define SE_GROUP_RESOURCE                                   0x20000000
98 #define SE_GROUP_LOGON_ID                                   0xC0000000
99 
100 #define SE_GROUP_VALID_ATTRIBUTES                           \
101     (SE_GROUP_MANDATORY                                 |   \
102      SE_GROUP_ENABLED_BY_DEFAULT                        |   \
103      SE_GROUP_ENABLED                                   |   \
104      SE_GROUP_OWNER                                     |   \
105      SE_GROUP_USE_FOR_DENY_ONLY                         |   \
106      SE_GROUP_LOGON_ID                                  |   \
107      SE_GROUP_RESOURCE                                  |   \
108      SE_GROUP_INTEGRITY                                 |   \
109      SE_GROUP_INTEGRITY_ENABLED)
110 
111 //
112 // Privilege token filtering flags
113 //
114 #define DISABLE_MAX_PRIVILEGE 0x1
115 #define SANDBOX_INERT         0x2
116 #if (NTDDI_VERSION >= NTDDI_LONGHORN)
117 #define LUA_TOKEN             0x4
118 #define WRITE_RESTRICTED      0x8
119 #endif
120 
121 //
122 // Proxy Class enumeration
123 //
124 typedef enum _PROXY_CLASS
125 {
126     ProxyFull = 0,
127     ProxyService,
128     ProxyTree,
129     ProxyDirectory
130 } PROXY_CLASS;
131 
132 //
133 // Audit and Policy Structures
134 //
135 typedef struct _SEP_AUDIT_POLICY_CATEGORIES
136 {
137     UCHAR System:4;
138     UCHAR Logon:4;
139     UCHAR ObjectAccess:4;
140     UCHAR PrivilegeUse:4;
141     UCHAR DetailedTracking:4;
142     UCHAR PolicyChange:4;
143     UCHAR AccountManagement:4;
144     UCHAR DirectoryServiceAccess:4;
145     UCHAR AccountLogon:4;
146 } SEP_AUDIT_POLICY_CATEGORIES, *PSEP_AUDIT_POLICY_CATEGORIES;
147 
148 typedef struct _SEP_AUDIT_POLICY_OVERLAY
149 {
150     ULONGLONG PolicyBits:36;
151     ULONGLONG SetBit:1;
152 } SEP_AUDIT_POLICY_OVERLAY, *PSEP_AUDIT_POLICY_OVERLAY;
153 
154 typedef struct _SEP_AUDIT_POLICY
155 {
156     union
157     {
158         SEP_AUDIT_POLICY_CATEGORIES PolicyElements;
159         SEP_AUDIT_POLICY_OVERLAY PolicyOverlay;
160         ULONGLONG Overlay;
161     };
162 } SEP_AUDIT_POLICY, *PSEP_AUDIT_POLICY;
163 
164 //
165 // Security Logon Session References
166 //
167 typedef struct _SEP_LOGON_SESSION_REFERENCES
168 {
169     struct _SEP_LOGON_SESSION_REFERENCES *Next;
170     LUID LogonId;
171     ULONG ReferenceCount;
172     ULONG Flags;
173     PDEVICE_MAP pDeviceMap;
174     LIST_ENTRY TokenList;
175 } SEP_LOGON_SESSION_REFERENCES, *PSEP_LOGON_SESSION_REFERENCES;
176 
177 typedef struct _SE_AUDIT_PROCESS_CREATION_INFO
178 {
179     POBJECT_NAME_INFORMATION ImageFileName;
180 } SE_AUDIT_PROCESS_CREATION_INFO, *PSE_AUDIT_PROCESS_CREATION_INFO;
181 
182 //
183 // Token Audit Data
184 //
185 typedef struct _SECURITY_TOKEN_AUDIT_DATA
186 {
187     ULONG Length;
188     ULONG GrantMask;
189     ULONG DenyMask;
190 } SECURITY_TOKEN_AUDIT_DATA, *PSECURITY_TOKEN_AUDIT_DATA;
191 
192 //
193 // Token Proxy Data
194 //
195 typedef struct _SECURITY_TOKEN_PROXY_DATA
196 {
197     ULONG Length;
198     PROXY_CLASS ProxyClass;
199     UNICODE_STRING PathInfo;
200     ULONG ContainerMask;
201     ULONG ObjectMask;
202 } SECURITY_TOKEN_PROXY_DATA, *PSECURITY_TOKEN_PROXY_DATA;
203 
204 //
205 // Token and auxiliary data
206 //
207 typedef struct _TOKEN
208 {
209     TOKEN_SOURCE TokenSource;                         /* 0x00 */
210     LUID TokenId;                                     /* 0x10 */
211     LUID AuthenticationId;                            /* 0x18 */
212     LUID ParentTokenId;                               /* 0x20 */
213     LARGE_INTEGER ExpirationTime;                     /* 0x28 */
214     PERESOURCE TokenLock;                             /* 0x30 */
215     SEP_AUDIT_POLICY AuditPolicy;                     /* 0x38 */
216     LUID ModifiedId;                                  /* 0x40 */
217     ULONG SessionId;                                  /* 0x48 */
218     ULONG UserAndGroupCount;                          /* 0x4C */
219     ULONG RestrictedSidCount;                         /* 0x50 */
220     ULONG PrivilegeCount;                             /* 0x54 */
221     ULONG VariableLength;                             /* 0x58 */
222     ULONG DynamicCharged;                             /* 0x5C */
223     ULONG DynamicAvailable;                           /* 0x60 */
224     ULONG DefaultOwnerIndex;                          /* 0x64 */
225     PSID_AND_ATTRIBUTES UserAndGroups;                /* 0x68 */
226     PSID_AND_ATTRIBUTES RestrictedSids;               /* 0x6C */
227     PSID PrimaryGroup;                                /* 0x70 */
228     PLUID_AND_ATTRIBUTES Privileges;                  /* 0x74 */
229     PULONG DynamicPart;                               /* 0x78 */
230     PACL DefaultDacl;                                 /* 0x7C */
231     TOKEN_TYPE TokenType;                             /* 0x80 */
232     SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;  /* 0x84 */
233     ULONG TokenFlags;                                 /* 0x88 */
234     BOOLEAN TokenInUse;                               /* 0x8C */
235     PSECURITY_TOKEN_PROXY_DATA ProxyData;             /* 0x90 */
236     PSECURITY_TOKEN_AUDIT_DATA AuditData;             /* 0x94 */
237     PSEP_LOGON_SESSION_REFERENCES LogonSession;       /* 0x98 */
238     LUID OriginatingLogonSession;                     /* 0x9C */
239     ULONG VariablePart;                               /* 0xA4 */
240 } TOKEN, *PTOKEN;
241 
242 typedef struct _AUX_ACCESS_DATA
243 {
244     PPRIVILEGE_SET PrivilegeSet;
245     GENERIC_MAPPING GenericMapping;
246     ULONG Reserved;
247 } AUX_ACCESS_DATA, *PAUX_ACCESS_DATA;
248 
249 //
250 // External SRM Data
251 //
252 extern PACL NTSYSAPI SePublicDefaultDacl;
253 extern PACL NTSYSAPI SeSystemDefaultDacl;
254 
255 #endif
256 #endif
257