|
|
/*++ BUILD Version: 0003 // Increment this if a change has global effects
Copyright (c) 1989-2000 Microsoft Corporation
Module Name:
ntseapi.h
Abstract:
This module contains the Security APIs and any public data structures needed to call these APIs.
This module should be included by including "nt.h".
Author:
Gary Kimura (GaryKi) 06-Mar-1989
Revision History:
--*/
#ifndef _NTSEAPI_#define _NTSEAPI_
#if _MSC_VER > 1000#pragma once#endif
#ifdef __cplusplusextern "C" {#endif
�////////////////////////////////////////////////////////////////////////// //// Pointers to Opaque data types //// //////////////////////////////////////////////////////////////////////////
//// Some of these data types may have related data types defined elsewhere// in this file.//
// begin_ntddk begin_wdm begin_nthal begin_ntifs//// Define an access token from a programmer's viewpoint. The structure is// completely opaque and the programer is only allowed to have pointers// to tokens.//
typedef PVOID PACCESS_TOKEN; // winnt
//// Pointer to a SECURITY_DESCRIPTOR opaque data type.//
typedef PVOID PSECURITY_DESCRIPTOR; // winnt
//// Define a pointer to the Security ID data type (an opaque data type)//
typedef PVOID PSID; // winnt
// end_ntddk end_wdm end_nthal end_ntifs
�// begin_winnt////////////////////////////////////////////////////////////////////////// //// ACCESS MASK //// //////////////////////////////////////////////////////////////////////////
//// Define the access mask as a longword sized structure divided up as// follows://// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0// +---------------+---------------+-------------------------------+// |G|G|G|G|Res'd|A| StandardRights| SpecificRights |// |R|W|E|A| |S| | |// +-+-------------+---------------+-------------------------------+//// typedef struct _ACCESS_MASK {// USHORT SpecificRights;// UCHAR StandardRights;// UCHAR AccessSystemAcl : 1;// UCHAR Reserved : 3;// UCHAR GenericAll : 1;// UCHAR GenericExecute : 1;// UCHAR GenericWrite : 1;// UCHAR GenericRead : 1;// } ACCESS_MASK;// typedef ACCESS_MASK *PACCESS_MASK;//// but to make life simple for programmer's we'll allow them to specify// a desired access mask by simply OR'ing together mulitple single rights// and treat an access mask as a ULONG. For example//// DesiredAccess = DELETE | READ_CONTROL//// So we'll declare ACCESS_MASK as ULONG//
// begin_ntddk begin_wdm begin_nthal begin_ntifstypedef ULONG ACCESS_MASK;typedef ACCESS_MASK *PACCESS_MASK;
// end_winnt// end_ntddk end_wdm end_nthal end_ntifs
�// begin_winnt////////////////////////////////////////////////////////////////////////// //// ACCESS TYPES //// //////////////////////////////////////////////////////////////////////////
// begin_ntddk begin_wdm begin_nthal begin_ntifs//// The following are masks for the predefined standard access types//
#define DELETE (0x00010000L)#define READ_CONTROL (0x00020000L)#define WRITE_DAC (0x00040000L)#define WRITE_OWNER (0x00080000L)#define SYNCHRONIZE (0x00100000L)
#define STANDARD_RIGHTS_REQUIRED (0x000F0000L)
#define STANDARD_RIGHTS_READ (READ_CONTROL)#define STANDARD_RIGHTS_WRITE (READ_CONTROL)#define STANDARD_RIGHTS_EXECUTE (READ_CONTROL)
#define STANDARD_RIGHTS_ALL (0x001F0000L)
#define SPECIFIC_RIGHTS_ALL (0x0000FFFFL)
//// AccessSystemAcl access type//
#define ACCESS_SYSTEM_SECURITY (0x01000000L)
//// MaximumAllowed access type//
#define MAXIMUM_ALLOWED (0x02000000L)
//// These are the generic rights.//
#define GENERIC_READ (0x80000000L)#define GENERIC_WRITE (0x40000000L)#define GENERIC_EXECUTE (0x20000000L)#define GENERIC_ALL (0x10000000L)
//// Define the generic mapping array. This is used to denote the// mapping of each generic access right to a specific access mask.//
typedef struct _GENERIC_MAPPING { ACCESS_MASK GenericRead; ACCESS_MASK GenericWrite; ACCESS_MASK GenericExecute; ACCESS_MASK GenericAll;} GENERIC_MAPPING;typedef GENERIC_MAPPING *PGENERIC_MAPPING;
// end_winnt end_ntddk end_wdm end_nthal end_ntifs�// begin_ntddk begin_wdm begin_winnt begin_nthal begin_ntifs
////////////////////////////////////////////////////////////////////////// //// LUID_AND_ATTRIBUTES //// //////////////////////////////////////////////////////////////////////////////
#include <pshpack4.h>
typedef struct _LUID_AND_ATTRIBUTES { LUID Luid; ULONG Attributes; } LUID_AND_ATTRIBUTES, * PLUID_AND_ATTRIBUTES;typedef LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];typedef LUID_AND_ATTRIBUTES_ARRAY *PLUID_AND_ATTRIBUTES_ARRAY;
#include <poppack.h>
// end_winnt end_wdm end_ntddk end_nthal end_ntifs�// begin_winnt
////////////////////////////////////////////////////////////////////////// //// Security Id (SID) //// //////////////////////////////////////////////////////////////////////////////// Pictorially the structure of an SID is as follows://// 1 1 1 1 1 1// 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0// +---------------------------------------------------------------+// | SubAuthorityCount |Reserved1 (SBZ)| Revision |// +---------------------------------------------------------------+// | IdentifierAuthority[0] |// +---------------------------------------------------------------+// | IdentifierAuthority[1] |// +---------------------------------------------------------------+// | IdentifierAuthority[2] |// +---------------------------------------------------------------+// | |// +- - - - - - - - SubAuthority[] - - - - - - - - -+// | |// +---------------------------------------------------------------+////
// begin_ntifs
#ifndef SID_IDENTIFIER_AUTHORITY_DEFINED#define SID_IDENTIFIER_AUTHORITY_DEFINEDtypedef struct _SID_IDENTIFIER_AUTHORITY { UCHAR Value[6];} SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;#endif
#ifndef SID_DEFINED#define SID_DEFINEDtypedef struct _SID { UCHAR Revision; UCHAR SubAuthorityCount; SID_IDENTIFIER_AUTHORITY IdentifierAuthority;#ifdef MIDL_PASS [size_is(SubAuthorityCount)] ULONG SubAuthority[*];#else // MIDL_PASS ULONG SubAuthority[ANYSIZE_ARRAY];#endif // MIDL_PASS} SID, *PISID;#endif
#define SID_REVISION (1) // Current revision level#define SID_MAX_SUB_AUTHORITIES (15)#define SID_RECOMMENDED_SUB_AUTHORITIES (1) // Will change to around 6
// in a future release.#ifndef MIDL_PASS#define SECURITY_MAX_SID_SIZE \ (sizeof(SID) - sizeof(ULONG) + (SID_MAX_SUB_AUTHORITIES * sizeof(ULONG)))#endif // MIDL_PASS
typedef enum _SID_NAME_USE { SidTypeUser = 1, SidTypeGroup, SidTypeDomain, SidTypeAlias, SidTypeWellKnownGroup, SidTypeDeletedAccount, SidTypeInvalid, SidTypeUnknown, SidTypeComputer} SID_NAME_USE, *PSID_NAME_USE;
typedef struct _SID_AND_ATTRIBUTES { PSID Sid; ULONG Attributes; } SID_AND_ATTRIBUTES, * PSID_AND_ATTRIBUTES;
typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
�/////////////////////////////////////////////////////////////////////////////// //// Universal well-known SIDs //// //// Null SID S-1-0-0 //// World S-1-1-0 //// Local S-1-2-0 //// Creator Owner ID S-1-3-0 //// Creator Group ID S-1-3-1 //// Creator Owner Server ID S-1-3-2 //// Creator Group Server ID S-1-3-3 //// //// (Non-unique IDs) S-1-4 //// ///////////////////////////////////////////////////////////////////////////////
#define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}#define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}#define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}#define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}#define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}#define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9}
#define SECURITY_NULL_RID (0x00000000L)#define SECURITY_WORLD_RID (0x00000000L)#define SECURITY_LOCAL_RID (0x00000000L)
#define SECURITY_CREATOR_OWNER_RID (0x00000000L)#define SECURITY_CREATOR_GROUP_RID (0x00000001L)
#define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)#define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
///////////////////////////////////////////////////////////////////////////////// //// NT well-known SIDs //// //// NT Authority S-1-5 //// Dialup S-1-5-1 //// //// Network S-1-5-2 //// Batch S-1-5-3 //// Interactive S-1-5-4 //// (Logon IDs) S-1-5-5-X-Y //// Service S-1-5-6 //// AnonymousLogon S-1-5-7 (aka null logon session) //// Proxy S-1-5-8 //// Enterprise DC (EDC) S-1-5-9 (aka domain controller account) //// Self S-1-5-10 (self RID) //// Authenticated User S-1-5-11 (Authenticated user somewhere) //// Restricted Code S-1-5-12 (Running restricted code) //// Terminal Server S-1-5-13 (Running on Terminal Server) //// Remote Logon S-1-5-14 (Remote Interactive Logon) //// This Organization S-1-5-15 //// //// Local System S-1-5-18 //// Local Service S-1-5-19 //// Network Service S-1-5-20 //// //// (NT non-unique IDs) S-1-5-0x15-... (NT Domain Sids) //// //// (Built-in domain) S-1-5-0x20 //// //// (Security Package IDs) S-1-5-0x40 //// NTLM Authentication S-1-5-0x40-10 //// SChannel Authentication S-1-5-0x40-14 //// Digest Authentication S-1-5-0x40-21 //// //// Other Organization S-1-5-1000 (>=1000 can not be filtered) //// //// //// NOTE: the relative identifier values (RIDs) determine which security //// boundaries the SID is allowed to cross. Before adding new RIDs, //// a determination needs to be made regarding which range they should //// be added to in order to ensure proper "SID filtering" //// /////////////////////////////////////////////////////////////////////////////////
#define SECURITY_NT_AUTHORITY {0,0,0,0,0,5} // ntifs
#define SECURITY_DIALUP_RID (0x00000001L)#define SECURITY_NETWORK_RID (0x00000002L)#define SECURITY_BATCH_RID (0x00000003L)#define SECURITY_INTERACTIVE_RID (0x00000004L)#define SECURITY_LOGON_IDS_RID (0x00000005L)#define SECURITY_LOGON_IDS_RID_COUNT (3L)#define SECURITY_SERVICE_RID (0x00000006L)#define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)#define SECURITY_PROXY_RID (0x00000008L)#define SECURITY_ENTERPRISE_CONTROLLERS_RID (0x00000009L)#define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID#define SECURITY_PRINCIPAL_SELF_RID (0x0000000AL)#define SECURITY_AUTHENTICATED_USER_RID (0x0000000BL)#define SECURITY_RESTRICTED_CODE_RID (0x0000000CL)#define SECURITY_TERMINAL_SERVER_RID (0x0000000DL)#define SECURITY_REMOTE_LOGON_RID (0x0000000EL)#define SECURITY_THIS_ORGANIZATION_RID (0x0000000FL)
#define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)#define SECURITY_LOCAL_SERVICE_RID (0x00000013L)#define SECURITY_NETWORK_SERVICE_RID (0x00000014L)
#define SECURITY_NT_NON_UNIQUE (0x00000015L)#define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT (3L)
#define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
#define SECURITY_PACKAGE_BASE_RID (0x00000040L)#define SECURITY_PACKAGE_RID_COUNT (2L)#define SECURITY_PACKAGE_NTLM_RID (0x0000000AL)#define SECURITY_PACKAGE_SCHANNEL_RID (0x0000000EL)#define SECURITY_PACKAGE_DIGEST_RID (0x00000015L)
#define SECURITY_MAX_ALWAYS_FILTERED (0x000003E7L)#define SECURITY_MIN_NEVER_FILTERED (0x000003E8L)
#define SECURITY_OTHER_ORGANIZATION_RID (0x000003E8L)
�/////////////////////////////////////////////////////////////////////////////// //// well-known domain relative sub-authority values (RIDs)... //// ///////////////////////////////////////////////////////////////////////////////
// Well-known users ...
#define FOREST_USER_RID_MAX (0x000001F3L)
#define DOMAIN_USER_RID_ADMIN (0x000001F4L)#define DOMAIN_USER_RID_GUEST (0x000001F5L)#define DOMAIN_USER_RID_KRBTGT (0x000001F6L)
#define DOMAIN_USER_RID_MAX (0x000003E7L)
// well-known groups ...
#define DOMAIN_GROUP_RID_ADMINS (0x00000200L)#define DOMAIN_GROUP_RID_USERS (0x00000201L)#define DOMAIN_GROUP_RID_GUESTS (0x00000202L)#define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L)#define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L)#define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L)#define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L)#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L)#define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L)
// well-known aliases ...
#define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)#define DOMAIN_ALIAS_RID_USERS (0x00000221L)#define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)#define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)#define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
#define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)#define DOMAIN_ALIAS_RID_RAS_SERVERS (0x00000229L)#define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS (0x0000022AL)#define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS (0x0000022BL)#define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS (0x0000022CL)#define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS (0x0000022DL)
#define DOMAIN_ALIAS_RID_MONITORING_USERS (0x0000022EL)#define DOMAIN_ALIAS_RID_LOGGING_USERS (0x0000022FL)#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS (0x00000230L)#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS (0x00000231L)
// end_winnt end_ntifs
/////////////////////////////////////////////////////////////////////////////// //// Foreign Security Authorities //// //// SiteServer Authority S-1-6 //// Internet Site Authority S-1-7 //// Exchange Authority S-1-8 //// Resource Manager Authority S-1-9 //// Passport Authority S-1-10 //// ///////////////////////////////////////////////////////////////////////////////
#define SECURITY_SITESERVER_AUTHORITY {0,0,0,0,0,6}#define SECURITY_INTERNETSITE_AUTHORITY {0,0,0,0,0,7}#define SECURITY_EXCHANGE_AUTHORITY {0,0,0,0,0,8}
#define SECURITY_PASSPORT_AUTHORITY {0,0,0,0,0,10}
//// Well known SID definitions for lookup.//
// begin_winnt begin_ntddk begin_ntifs
typedef enum {
WinNullSid = 0, WinWorldSid = 1, WinLocalSid = 2, WinCreatorOwnerSid = 3, WinCreatorGroupSid = 4, WinCreatorOwnerServerSid = 5, WinCreatorGroupServerSid = 6, WinNtAuthoritySid = 7, WinDialupSid = 8, WinNetworkSid = 9, WinBatchSid = 10, WinInteractiveSid = 11, WinServiceSid = 12, WinAnonymousSid = 13, WinProxySid = 14, WinEnterpriseControllersSid = 15, WinSelfSid = 16, WinAuthenticatedUserSid = 17, WinRestrictedCodeSid = 18, WinTerminalServerSid = 19, WinRemoteLogonIdSid = 20, WinLogonIdsSid = 21, WinLocalSystemSid = 22, WinLocalServiceSid = 23, WinNetworkServiceSid = 24, WinBuiltinDomainSid = 25, WinBuiltinAdministratorsSid = 26, WinBuiltinUsersSid = 27, WinBuiltinGuestsSid = 28, WinBuiltinPowerUsersSid = 29, WinBuiltinAccountOperatorsSid = 30, WinBuiltinSystemOperatorsSid = 31, WinBuiltinPrintOperatorsSid = 32, WinBuiltinBackupOperatorsSid = 33, WinBuiltinReplicatorSid = 34, WinBuiltinPreWindows2000CompatibleAccessSid = 35, WinBuiltinRemoteDesktopUsersSid = 36, WinBuiltinNetworkConfigurationOperatorsSid = 37, WinAccountAdministratorSid = 38, WinAccountGuestSid = 39, WinAccountKrbtgtSid = 40, WinAccountDomainAdminsSid = 41, WinAccountDomainUsersSid = 42, WinAccountDomainGuestsSid = 43, WinAccountComputersSid = 44, WinAccountControllersSid = 45, WinAccountCertAdminsSid = 46, WinAccountSchemaAdminsSid = 47, WinAccountEnterpriseAdminsSid = 48, WinAccountPolicyAdminsSid = 49, WinAccountRasAndIasServersSid = 50, WinNTLMAuthenticationSid = 51, WinDigestAuthenticationSid = 52, WinSChannelAuthenticationSid = 53, WinThisOrganizationSid = 54, WinOtherOrganizationSid = 55, WinBuiltinIncomingForestTrustBuildersSid = 56, WinBuiltinPerfMonitoringUsersSid = 57, WinBuiltinPerfLoggingUsersSid = 58, WinBuiltinAuthorizationAccessSid = 59, WinBuiltinTerminalServerLicenseServersSid = 60,
} WELL_KNOWN_SID_TYPE;
// end_winnt end_ntddk end_ntifs
// begin_winnt begin_ntifs//// Allocate the System Luid. The first 1000 LUIDs are reserved.// Use #999 here (0x3E7 = 999)//
#define SYSTEM_LUID { 0x3E7, 0x0 }#define ANONYMOUS_LOGON_LUID { 0x3e6, 0x0 }#define LOCALSERVICE_LUID { 0x3e5, 0x0 }#define NETWORKSERVICE_LUID { 0x3e4, 0x0 }
// end_ntifs
////////////////////////////////////////////////////////////////////////// //// User and Group related SID attributes //// //////////////////////////////////////////////////////////////////////////
//// Group attributes//
#define SE_GROUP_MANDATORY (0x00000001L)#define SE_GROUP_ENABLED_BY_DEFAULT (0x00000002L)#define SE_GROUP_ENABLED (0x00000004L)#define SE_GROUP_OWNER (0x00000008L)#define SE_GROUP_USE_FOR_DENY_ONLY (0x00000010L)#define SE_GROUP_LOGON_ID (0xC0000000L)#define SE_GROUP_RESOURCE (0x20000000L)
//// User attributes//
// (None yet defined.)
�
////////////////////////////////////////////////////////////////////////// //// ACL and ACE //// //////////////////////////////////////////////////////////////////////////
//// Define an ACL and the ACE format. The structure of an ACL header// followed by one or more ACEs. Pictorally the structure of an ACL header// is as follows://// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0// +-------------------------------+---------------+---------------+// | AclSize | Sbz1 | AclRevision |// +-------------------------------+---------------+---------------+// | Sbz2 | AceCount |// +-------------------------------+-------------------------------+//// The current AclRevision is defined to be ACL_REVISION.//// AclSize is the size, in bytes, allocated for the ACL. This includes// the ACL header, ACES, and remaining free space in the buffer.//// AceCount is the number of ACES in the ACL.//
// begin_ntddk begin_wdm begin_ntifs// This is the *current* ACL revision
#define ACL_REVISION (2)#define ACL_REVISION_DS (4)
// This is the history of ACL revisions. Add a new one whenever// ACL_REVISION is updated
#define ACL_REVISION1 (1)#define MIN_ACL_REVISION ACL_REVISION2#define ACL_REVISION2 (2)#define ACL_REVISION3 (3)#define ACL_REVISION4 (4)#define MAX_ACL_REVISION ACL_REVISION4
typedef struct _ACL { UCHAR AclRevision; UCHAR Sbz1; USHORT AclSize; USHORT AceCount; USHORT Sbz2;} ACL;typedef ACL *PACL;
// end_ntddk end_wdm
//// The structure of an ACE is a common ace header followed by ace type// specific data. Pictorally the structure of the common ace header is// as follows://// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0// +---------------+-------+-------+---------------+---------------+// | AceSize | AceFlags | AceType |// +---------------+-------+-------+---------------+---------------+//// AceType denotes the type of the ace, there are some predefined ace// types//// AceSize is the size, in bytes, of ace.//// AceFlags are the Ace flags for audit and inheritance, defined shortly.
typedef struct _ACE_HEADER { UCHAR AceType; UCHAR AceFlags; USHORT AceSize;} ACE_HEADER;typedef ACE_HEADER *PACE_HEADER;
//// The following are the predefined ace types that go into the AceType// field of an Ace header.//
#define ACCESS_MIN_MS_ACE_TYPE (0x0)#define ACCESS_ALLOWED_ACE_TYPE (0x0)#define ACCESS_DENIED_ACE_TYPE (0x1)#define SYSTEM_AUDIT_ACE_TYPE (0x2)#define SYSTEM_ALARM_ACE_TYPE (0x3)#define ACCESS_MAX_MS_V2_ACE_TYPE (0x3)
#define ACCESS_ALLOWED_COMPOUND_ACE_TYPE (0x4)#define ACCESS_MAX_MS_V3_ACE_TYPE (0x4)
#define ACCESS_MIN_MS_OBJECT_ACE_TYPE (0x5)#define ACCESS_ALLOWED_OBJECT_ACE_TYPE (0x5)#define ACCESS_DENIED_OBJECT_ACE_TYPE (0x6)#define SYSTEM_AUDIT_OBJECT_ACE_TYPE (0x7)#define SYSTEM_ALARM_OBJECT_ACE_TYPE (0x8)#define ACCESS_MAX_MS_OBJECT_ACE_TYPE (0x8)
#define ACCESS_MAX_MS_V4_ACE_TYPE (0x8)#define ACCESS_MAX_MS_ACE_TYPE (0x8)
#define ACCESS_ALLOWED_CALLBACK_ACE_TYPE (0x9)#define ACCESS_DENIED_CALLBACK_ACE_TYPE (0xA)#define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE (0xB)#define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE (0xC)#define SYSTEM_AUDIT_CALLBACK_ACE_TYPE (0xD)#define SYSTEM_ALARM_CALLBACK_ACE_TYPE (0xE)#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE (0xF)#define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE (0x10)
#define ACCESS_MAX_MS_V5_ACE_TYPE (0x10)
// end_winnt
// begin_winnt
//// The following are the inherit flags that go into the AceFlags field// of an Ace header.//
#define OBJECT_INHERIT_ACE (0x1)#define CONTAINER_INHERIT_ACE (0x2)#define NO_PROPAGATE_INHERIT_ACE (0x4)#define INHERIT_ONLY_ACE (0x8)#define INHERITED_ACE (0x10)#define VALID_INHERIT_FLAGS (0x1F)
// The following are the currently defined ACE flags that go into the// AceFlags field of an ACE header. Each ACE type has its own set of// AceFlags.//// SUCCESSFUL_ACCESS_ACE_FLAG - used only with system audit and alarm ACE// types to indicate that a message is generated for successful accesses.//// FAILED_ACCESS_ACE_FLAG - used only with system audit and alarm ACE types// to indicate that a message is generated for failed accesses.//
//// SYSTEM_AUDIT and SYSTEM_ALARM AceFlags//// These control the signaling of audit and alarms for success or failure.//
#define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)#define FAILED_ACCESS_ACE_FLAG (0x80)
//// We'll define the structure of the predefined ACE types. Pictorally// the structure of the predefined ACE's is as follows://// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0// +---------------+-------+-------+---------------+---------------+// | AceFlags | Resd |Inherit| AceSize | AceType |// +---------------+-------+-------+---------------+---------------+// | Mask |// +---------------------------------------------------------------+// | |// + +// | |// + Sid +// | |// + +// | |// +---------------------------------------------------------------+//// Mask is the access mask associated with the ACE. This is either the// access allowed, access denied, audit, or alarm mask.//// Sid is the Sid associated with the ACE.//
// The following are the four predefined ACE types.
// Examine the AceType field in the Header to determine// which structure is appropriate to use for casting.
typedef struct _ACCESS_ALLOWED_ACE { ACE_HEADER Header; ACCESS_MASK Mask; ULONG SidStart;} ACCESS_ALLOWED_ACE;
typedef ACCESS_ALLOWED_ACE *PACCESS_ALLOWED_ACE;
typedef struct _ACCESS_DENIED_ACE { ACE_HEADER Header; ACCESS_MASK Mask; ULONG SidStart;} ACCESS_DENIED_ACE;typedef ACCESS_DENIED_ACE *PACCESS_DENIED_ACE;
typedef struct _SYSTEM_AUDIT_ACE { ACE_HEADER Header; ACCESS_MASK Mask; ULONG SidStart;} SYSTEM_AUDIT_ACE;typedef SYSTEM_AUDIT_ACE *PSYSTEM_AUDIT_ACE;
typedef struct _SYSTEM_ALARM_ACE { ACE_HEADER Header; ACCESS_MASK Mask; ULONG SidStart;} SYSTEM_ALARM_ACE;typedef SYSTEM_ALARM_ACE *PSYSTEM_ALARM_ACE;
// end_ntifs
// end_winnt//// COMPOUND ACE//// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0// +---------------+-------+-------+---------------+---------------+// | AceFlags | Resd |Inherit| AceSize | AceType |// +---------------+-------+-------+---------------+---------------+// | Mask |// +-------------------------------+-------------------------------+// | Compound ACE Type | Reserved (SBZ) |// +-------------------------------+-------------------------------+// | |// + +// | |// + Sid +// | |// + +// | |// +---------------------------------------------------------------+//
typedef struct _COMPOUND_ACCESS_ALLOWED_ACE { ACE_HEADER Header; ACCESS_MASK Mask; USHORT CompoundAceType; USHORT Reserved; ULONG SidStart;} COMPOUND_ACCESS_ALLOWED_ACE;
typedef COMPOUND_ACCESS_ALLOWED_ACE *PCOMPOUND_ACCESS_ALLOWED_ACE;
//// Currently defined Compound ACE types//
#define COMPOUND_ACE_IMPERSONATION 1
// begin_winnt
typedef struct _ACCESS_ALLOWED_OBJECT_ACE { ACE_HEADER Header; ACCESS_MASK Mask; ULONG Flags; GUID ObjectType; GUID InheritedObjectType; ULONG SidStart;} ACCESS_ALLOWED_OBJECT_ACE, *PACCESS_ALLOWED_OBJECT_ACE;
typedef struct _ACCESS_DENIED_OBJECT_ACE { ACE_HEADER Header; ACCESS_MASK Mask; ULONG Flags; GUID ObjectType; GUID InheritedObjectType; ULONG SidStart;} ACCESS_DENIED_OBJECT_ACE, *PACCESS_DENIED_OBJECT_ACE;
typedef struct _SYSTEM_AUDIT_OBJECT_ACE { ACE_HEADER Header; ACCESS_MASK Mask; ULONG Flags; GUID ObjectType; GUID InheritedObjectType; ULONG SidStart;} SYSTEM_AUDIT_OBJECT_ACE, *PSYSTEM_AUDIT_OBJECT_ACE;
typedef struct _SYSTEM_ALARM_OBJECT_ACE { ACE_HEADER Header; ACCESS_MASK Mask; ULONG Flags; GUID ObjectType; GUID InheritedObjectType; ULONG SidStart;} SYSTEM_ALARM_OBJECT_ACE, *PSYSTEM_ALARM_OBJECT_ACE;
//// Callback ace support in post Win2000.// Resource managers can put their own data after Sidstart + Length of the sid//
typedef struct _ACCESS_ALLOWED_CALLBACK_ACE { ACE_HEADER Header; ACCESS_MASK Mask; ULONG SidStart; // Opaque resouce manager specific data} ACCESS_ALLOWED_CALLBACK_ACE, *PACCESS_ALLOWED_CALLBACK_ACE;
typedef struct _ACCESS_DENIED_CALLBACK_ACE { ACE_HEADER Header; ACCESS_MASK Mask; ULONG SidStart; // Opaque resouce manager specific data} ACCESS_DENIED_CALLBACK_ACE, *PACCESS_DENIED_CALLBACK_ACE;
typedef struct _SYSTEM_AUDIT_CALLBACK_ACE { ACE_HEADER Header; ACCESS_MASK Mask; ULONG SidStart; // Opaque resouce manager specific data} SYSTEM_AUDIT_CALLBACK_ACE, *PSYSTEM_AUDIT_CALLBACK_ACE;
typedef struct _SYSTEM_ALARM_CALLBACK_ACE { ACE_HEADER Header; ACCESS_MASK Mask; ULONG SidStart; // Opaque resouce manager specific data} SYSTEM_ALARM_CALLBACK_ACE, *PSYSTEM_ALARM_CALLBACK_ACE;
typedef struct _ACCESS_ALLOWED_CALLBACK_OBJECT_ACE { ACE_HEADER Header; ACCESS_MASK Mask; ULONG Flags; GUID ObjectType; GUID InheritedObjectType; ULONG SidStart; // Opaque resouce manager specific data} ACCESS_ALLOWED_CALLBACK_OBJECT_ACE, *PACCESS_ALLOWED_CALLBACK_OBJECT_ACE;
typedef struct _ACCESS_DENIED_CALLBACK_OBJECT_ACE { ACE_HEADER Header; ACCESS_MASK Mask; ULONG Flags; GUID ObjectType; GUID InheritedObjectType; ULONG SidStart; // Opaque resouce manager specific data} ACCESS_DENIED_CALLBACK_OBJECT_ACE, *PACCESS_DENIED_CALLBACK_OBJECT_ACE;
typedef struct _SYSTEM_AUDIT_CALLBACK_OBJECT_ACE { ACE_HEADER Header; ACCESS_MASK Mask; ULONG Flags; GUID ObjectType; GUID InheritedObjectType; ULONG SidStart; // Opaque resouce manager specific data} SYSTEM_AUDIT_CALLBACK_OBJECT_ACE, *PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE;
typedef struct _SYSTEM_ALARM_CALLBACK_OBJECT_ACE { ACE_HEADER Header; ACCESS_MASK Mask; ULONG Flags; GUID ObjectType; GUID InheritedObjectType; ULONG SidStart; // Opaque resouce manager specific data} SYSTEM_ALARM_CALLBACK_OBJECT_ACE, *PSYSTEM_ALARM_CALLBACK_OBJECT_ACE;
//// Currently define Flags for "OBJECT" ACE types.//
#define ACE_OBJECT_TYPE_PRESENT 0x1#define ACE_INHERITED_OBJECT_TYPE_PRESENT 0x2
�//// The following declarations are used for setting and querying information// about and ACL. First are the various information classes available to// the user.//
typedef enum _ACL_INFORMATION_CLASS { AclRevisionInformation = 1, AclSizeInformation} ACL_INFORMATION_CLASS;
//// This record is returned/sent if the user is requesting/setting the// AclRevisionInformation//
typedef struct _ACL_REVISION_INFORMATION { ULONG AclRevision;} ACL_REVISION_INFORMATION;typedef ACL_REVISION_INFORMATION *PACL_REVISION_INFORMATION;
//// This record is returned if the user is requesting AclSizeInformation//
typedef struct _ACL_SIZE_INFORMATION { ULONG AceCount; ULONG AclBytesInUse; ULONG AclBytesFree;} ACL_SIZE_INFORMATION;typedef ACL_SIZE_INFORMATION *PACL_SIZE_INFORMATION;
// end_winnt
�
// begin_winnt
////////////////////////////////////////////////////////////////////////// //// SECURITY_DESCRIPTOR //// ////////////////////////////////////////////////////////////////////////////// Define the Security Descriptor and related data types.// This is an opaque data structure.//
// begin_wdm begin_ntddk begin_ntifs//// Current security descriptor revision value//
#define SECURITY_DESCRIPTOR_REVISION (1)#define SECURITY_DESCRIPTOR_REVISION1 (1)
// end_wdm end_ntddk
#define SECURITY_DESCRIPTOR_MIN_LENGTH (sizeof(SECURITY_DESCRIPTOR))
typedef USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
#define SE_OWNER_DEFAULTED (0x0001)#define SE_GROUP_DEFAULTED (0x0002)#define SE_DACL_PRESENT (0x0004)#define SE_DACL_DEFAULTED (0x0008)#define SE_SACL_PRESENT (0x0010)#define SE_SACL_DEFAULTED (0x0020)// end_winnt#define SE_DACL_UNTRUSTED (0x0040)#define SE_SERVER_SECURITY (0x0080)// begin_winnt#define SE_DACL_AUTO_INHERIT_REQ (0x0100)#define SE_SACL_AUTO_INHERIT_REQ (0x0200)#define SE_DACL_AUTO_INHERITED (0x0400)#define SE_SACL_AUTO_INHERITED (0x0800)#define SE_DACL_PROTECTED (0x1000)#define SE_SACL_PROTECTED (0x2000)#define SE_RM_CONTROL_VALID (0x4000)#define SE_SELF_RELATIVE (0x8000)
//// Where://// SE_OWNER_DEFAULTED - This boolean flag, when set, indicates that the// SID pointed to by the Owner field was provided by a// defaulting mechanism rather than explicitly provided by the// original provider of the security descriptor. This may// affect the treatment of the SID with respect to inheritence// of an owner.//// SE_GROUP_DEFAULTED - This boolean flag, when set, indicates that the// SID in the Group field was provided by a defaulting mechanism// rather than explicitly provided by the original provider of// the security descriptor. This may affect the treatment of// the SID with respect to inheritence of a primary group.//// SE_DACL_PRESENT - This boolean flag, when set, indicates that the// security descriptor contains a discretionary ACL. If this// flag is set and the Dacl field of the SECURITY_DESCRIPTOR is// null, then a null ACL is explicitly being specified.//// SE_DACL_DEFAULTED - This boolean flag, when set, indicates that the// ACL pointed to by the Dacl field was provided by a defaulting// mechanism rather than explicitly provided by the original// provider of the security descriptor. This may affect the// treatment of the ACL with respect to inheritence of an ACL.// This flag is ignored if the DaclPresent flag is not set.//// SE_SACL_PRESENT - This boolean flag, when set, indicates that the// security descriptor contains a system ACL pointed to by the// Sacl field. If this flag is set and the Sacl field of the// SECURITY_DESCRIPTOR is null, then an empty (but present)// ACL is being specified.//// SE_SACL_DEFAULTED - This boolean flag, when set, indicates that the// ACL pointed to by the Sacl field was provided by a defaulting// mechanism rather than explicitly provided by the original// provider of the security descriptor. This may affect the// treatment of the ACL with respect to inheritence of an ACL.// This flag is ignored if the SaclPresent flag is not set.//// end_winnt// SE_DACL_TRUSTED - This boolean flag, when set, indicates that the// ACL pointed to by the Dacl field was provided by a trusted source// and does not require any editing of compound ACEs. If this flag// is not set and a compound ACE is encountered, the system will// substitute known valid SIDs for the server SIDs in the ACEs.//// SE_SERVER_SECURITY - This boolean flag, when set, indicates that the// caller wishes the system to create a Server ACL based on the// input ACL, regardess of its source (explicit or defaulting.// This is done by replacing all of the GRANT ACEs with compound// ACEs granting the current server. This flag is only// meaningful if the subject is impersonating.//// begin_winnt// SE_SELF_RELATIVE - This boolean flag, when set, indicates that the// security descriptor is in self-relative form. In this form,// all fields of the security descriptor are contiguous in memory// and all pointer fields are expressed as offsets from the// beginning of the security descriptor. This form is useful// for treating security descriptors as opaque data structures// for transmission in communication protocol or for storage on// secondary media.//////// Pictorially the structure of a security descriptor is as follows://// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0// +---------------------------------------------------------------+// | Control |Reserved1 (SBZ)| Revision |// +---------------------------------------------------------------+// | Owner |// +---------------------------------------------------------------+// | Group |// +---------------------------------------------------------------+// | Sacl |// +---------------------------------------------------------------+// | Dacl |// +---------------------------------------------------------------+//// In general, this data structure should be treated opaquely to ensure future// compatibility.////
typedef struct _SECURITY_DESCRIPTOR_RELATIVE { UCHAR Revision; UCHAR Sbz1; SECURITY_DESCRIPTOR_CONTROL Control; ULONG Owner; ULONG Group; ULONG Sacl; ULONG Dacl; } SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE;
typedef struct _SECURITY_DESCRIPTOR { UCHAR Revision; UCHAR Sbz1; SECURITY_DESCRIPTOR_CONTROL Control; PSID Owner; PSID Group; PACL Sacl; PACL Dacl;
} SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
// end_ntifs
// Where://// Revision - Contains the revision level of the security// descriptor. This allows this structure to be passed between// systems or stored on disk even though it is expected to// change in the future.//// Control - A set of flags which qualify the meaning of the// security descriptor or individual fields of the security// descriptor.//// Owner - is a pointer to an SID representing an object's owner.// If this field is null, then no owner SID is present in the// security descriptor. If the security descriptor is in// self-relative form, then this field contains an offset to// the SID, rather than a pointer.//// Group - is a pointer to an SID representing an object's primary// group. If this field is null, then no primary group SID is// present in the security descriptor. If the security descriptor// is in self-relative form, then this field contains an offset to// the SID, rather than a pointer.//// Sacl - is a pointer to a system ACL. This field value is only// valid if the DaclPresent control flag is set. If the// SaclPresent flag is set and this field is null, then a null// ACL is specified. If the security descriptor is in// self-relative form, then this field contains an offset to// the ACL, rather than a pointer.//// Dacl - is a pointer to a discretionary ACL. This field value is// only valid if the DaclPresent control flag is set. If the// DaclPresent flag is set and this field is null, then a null// ACL (unconditionally granting access) is specified. If the// security descriptor is in self-relative form, then this field// contains an offset to the ACL, rather than a pointer.//
// end_winnt
�// begin_winnt begin_ntifs
////////////////////////////////////////////////////////////////////////// //// Object Type list for AccessCheckByType //// //////////////////////////////////////////////////////////////////////////
typedef struct _OBJECT_TYPE_LIST { USHORT Level; USHORT Sbz; GUID *ObjectType;} OBJECT_TYPE_LIST, *POBJECT_TYPE_LIST;
//// DS values for Level//
#define ACCESS_OBJECT_GUID 0#define ACCESS_PROPERTY_SET_GUID 1#define ACCESS_PROPERTY_GUID 2
#define ACCESS_MAX_LEVEL 4
//// Parameters to NtAccessCheckByTypeAndAditAlarm//
typedef enum _AUDIT_EVENT_TYPE { AuditEventObjectAccess, AuditEventDirectoryServiceAccess} AUDIT_EVENT_TYPE, *PAUDIT_EVENT_TYPE;
#define AUDIT_ALLOW_NO_PRIVILEGE 0x1
//// DS values for Source and ObjectTypeName//
#define ACCESS_DS_SOURCE_A "DS"#define ACCESS_DS_SOURCE_W L"DS"#define ACCESS_DS_OBJECT_TYPE_NAME_A "Directory Service Object"#define ACCESS_DS_OBJECT_TYPE_NAME_W L"Directory Service Object"
////////////////////////////////////////////////////////////////////////// //// Privilege Related Data Structures //// //////////////////////////////////////////////////////////////////////////
// begin_wdm begin_ntddk begin_nthal//// Privilege attributes//
#define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x00000001L)#define SE_PRIVILEGE_ENABLED (0x00000002L)#define SE_PRIVILEGE_REMOVED (0X00000004L)#define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
//// Privilege Set Control flags//
#define PRIVILEGE_SET_ALL_NECESSARY (1)
//// Privilege Set - This is defined for a privilege set of one.// If more than one privilege is needed, then this structure// will need to be allocated with more space.//// Note: don't change this structure without fixing the INITIAL_PRIVILEGE_SET// structure (defined in se.h)//
typedef struct _PRIVILEGE_SET { ULONG PrivilegeCount; ULONG Control; LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]; } PRIVILEGE_SET, * PPRIVILEGE_SET;
// end_winnt end_wdm end_ntddk end_nthal end_ntifs�// begin_winnt
////////////////////////////////////////////////////////////////////////// //// NT Defined Privileges //// //////////////////////////////////////////////////////////////////////////// end_winnt
//// ** ** ** ** ** ** ** ** ** ** NOTE ** ** ** ** ** ** ** ** ** ** ** ** **//// Any additions or deletions to the following list// of privileges must have corresponding changes made// in the following files:// - ntos\se\seglobal.c// - ds\security\base\lsa\msprivs\msprivs.rc// - ds\security\base\lsa\server\dspolicy\dbpriv.c//// ** ** ** ** ** ** ** ** ** ** NOTE ** ** ** ** ** ** ** ** ** ** ** ** **//
// begin_winnt
#define SE_CREATE_TOKEN_NAME TEXT("SeCreateTokenPrivilege")#define SE_ASSIGNPRIMARYTOKEN_NAME TEXT("SeAssignPrimaryTokenPrivilege")#define SE_LOCK_MEMORY_NAME TEXT("SeLockMemoryPrivilege")#define SE_INCREASE_QUOTA_NAME TEXT("SeIncreaseQuotaPrivilege")#define SE_UNSOLICITED_INPUT_NAME TEXT("SeUnsolicitedInputPrivilege")#define SE_MACHINE_ACCOUNT_NAME TEXT("SeMachineAccountPrivilege")#define SE_TCB_NAME TEXT("SeTcbPrivilege")#define SE_SECURITY_NAME TEXT("SeSecurityPrivilege")#define SE_TAKE_OWNERSHIP_NAME TEXT("SeTakeOwnershipPrivilege")#define SE_LOAD_DRIVER_NAME TEXT("SeLoadDriverPrivilege")#define SE_SYSTEM_PROFILE_NAME TEXT("SeSystemProfilePrivilege")#define SE_SYSTEMTIME_NAME TEXT("SeSystemtimePrivilege")#define SE_PROF_SINGLE_PROCESS_NAME TEXT("SeProfileSingleProcessPrivilege")#define SE_INC_BASE_PRIORITY_NAME TEXT("SeIncreaseBasePriorityPrivilege")#define SE_CREATE_PAGEFILE_NAME TEXT("SeCreatePagefilePrivilege")#define SE_CREATE_PERMANENT_NAME TEXT("SeCreatePermanentPrivilege")#define SE_BACKUP_NAME TEXT("SeBackupPrivilege")#define SE_RESTORE_NAME TEXT("SeRestorePrivilege")#define SE_SHUTDOWN_NAME TEXT("SeShutdownPrivilege")#define SE_DEBUG_NAME TEXT("SeDebugPrivilege")#define SE_AUDIT_NAME TEXT("SeAuditPrivilege")#define SE_SYSTEM_ENVIRONMENT_NAME TEXT("SeSystemEnvironmentPrivilege")#define SE_CHANGE_NOTIFY_NAME TEXT("SeChangeNotifyPrivilege")#define SE_REMOTE_SHUTDOWN_NAME TEXT("SeRemoteShutdownPrivilege")#define SE_UNDOCK_NAME TEXT("SeUndockPrivilege")#define SE_SYNC_AGENT_NAME TEXT("SeSyncAgentPrivilege")#define SE_ENABLE_DELEGATION_NAME TEXT("SeEnableDelegationPrivilege")#define SE_MANAGE_VOLUME_NAME TEXT("SeManageVolumePrivilege")#define SE_IMPERSONATE_NAME TEXT("SeImpersonatePrivilege")#define SE_CREATE_GLOBAL_NAME TEXT("SeCreateGlobalPrivilege")// end_winnt
// begin_wdm begin_ntddk begin_ntifs//// These must be converted to LUIDs before use.//
#define SE_MIN_WELL_KNOWN_PRIVILEGE (2L)#define SE_CREATE_TOKEN_PRIVILEGE (2L)#define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE (3L)#define SE_LOCK_MEMORY_PRIVILEGE (4L)#define SE_INCREASE_QUOTA_PRIVILEGE (5L)
// end_wdm//// Unsolicited Input is obsolete and unused.//
#define SE_UNSOLICITED_INPUT_PRIVILEGE (6L)
// begin_wdm#define SE_MACHINE_ACCOUNT_PRIVILEGE (6L)#define SE_TCB_PRIVILEGE (7L)#define SE_SECURITY_PRIVILEGE (8L)#define SE_TAKE_OWNERSHIP_PRIVILEGE (9L)#define SE_LOAD_DRIVER_PRIVILEGE (10L)#define SE_SYSTEM_PROFILE_PRIVILEGE (11L)#define SE_SYSTEMTIME_PRIVILEGE (12L)#define SE_PROF_SINGLE_PROCESS_PRIVILEGE (13L)#define SE_INC_BASE_PRIORITY_PRIVILEGE (14L)#define SE_CREATE_PAGEFILE_PRIVILEGE (15L)#define SE_CREATE_PERMANENT_PRIVILEGE (16L)#define SE_BACKUP_PRIVILEGE (17L)#define SE_RESTORE_PRIVILEGE (18L)#define SE_SHUTDOWN_PRIVILEGE (19L)#define SE_DEBUG_PRIVILEGE (20L)#define SE_AUDIT_PRIVILEGE (21L)#define SE_SYSTEM_ENVIRONMENT_PRIVILEGE (22L)#define SE_CHANGE_NOTIFY_PRIVILEGE (23L)#define SE_REMOTE_SHUTDOWN_PRIVILEGE (24L)#define SE_UNDOCK_PRIVILEGE (25L)#define SE_SYNC_AGENT_PRIVILEGE (26L)#define SE_ENABLE_DELEGATION_PRIVILEGE (27L)#define SE_MANAGE_VOLUME_PRIVILEGE (28L)#define SE_IMPERSONATE_PRIVILEGE (29L)#define SE_CREATE_GLOBAL_PRIVILEGE (30L)#define SE_MAX_WELL_KNOWN_PRIVILEGE (SE_CREATE_GLOBAL_PRIVILEGE)
// end_wdm end_ntddk end_ntifs
�// begin_winnt
////////////////////////////////////////////////////////////////////// //// Security Quality Of Service //// //// //////////////////////////////////////////////////////////////////////
// begin_wdm begin_ntddk begin_nthal begin_ntifs//// Impersonation Level//// Impersonation level is represented by a pair of bits in Windows.// If a new impersonation level is added or lowest value is changed from// 0 to something else, fix the Windows CreateFile call.//
typedef enum _SECURITY_IMPERSONATION_LEVEL { SecurityAnonymous, SecurityIdentification, SecurityImpersonation, SecurityDelegation } SECURITY_IMPERSONATION_LEVEL, * PSECURITY_IMPERSONATION_LEVEL;
#define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation#define SECURITY_MIN_IMPERSONATION_LEVEL SecurityAnonymous#define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation#define VALID_IMPERSONATION_LEVEL(L) (((L) >= SECURITY_MIN_IMPERSONATION_LEVEL) && ((L) <= SECURITY_MAX_IMPERSONATION_LEVEL))// end_nthal end_wdm end_ntddk end_ntifs end_winnt//�// begin_winnt begin_ntifs
////////////////////////////////////////////////////////////////////// //// Token Object Definitions //// //// //////////////////////////////////////////////////////////////////////
//// Token Specific Access Rights.//
#define TOKEN_ASSIGN_PRIMARY (0x0001)#define TOKEN_DUPLICATE (0x0002)#define TOKEN_IMPERSONATE (0x0004)#define TOKEN_QUERY (0x0008)#define TOKEN_QUERY_SOURCE (0x0010)#define TOKEN_ADJUST_PRIVILEGES (0x0020)#define TOKEN_ADJUST_GROUPS (0x0040)#define TOKEN_ADJUST_DEFAULT (0x0080)#define TOKEN_ADJUST_SESSIONID (0x0100)
#define TOKEN_ALL_ACCESS_P (STANDARD_RIGHTS_REQUIRED |\ TOKEN_ASSIGN_PRIMARY |\ TOKEN_DUPLICATE |\ TOKEN_IMPERSONATE |\ TOKEN_QUERY |\ TOKEN_QUERY_SOURCE |\ TOKEN_ADJUST_PRIVILEGES |\ TOKEN_ADJUST_GROUPS |\ TOKEN_ADJUST_DEFAULT )
#if ((defined(_WIN32_WINNT) && (_WIN32_WINNT > 0x0400)) || (!defined(_WIN32_WINNT)))#define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P |\ TOKEN_ADJUST_SESSIONID )#else#define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P)#endif
#define TOKEN_READ (STANDARD_RIGHTS_READ |\ TOKEN_QUERY)
#define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |\ TOKEN_ADJUST_PRIVILEGES |\ TOKEN_ADJUST_GROUPS |\ TOKEN_ADJUST_DEFAULT)
#define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
////// Token Types//
typedef enum _TOKEN_TYPE { TokenPrimary = 1, TokenImpersonation } TOKEN_TYPE;typedef TOKEN_TYPE *PTOKEN_TYPE;
//// Token Information Classes.//
typedef enum _TOKEN_INFORMATION_CLASS { TokenUser = 1, TokenGroups, TokenPrivileges, TokenOwner, TokenPrimaryGroup, TokenDefaultDacl, TokenSource, TokenType, TokenImpersonationLevel, TokenStatistics, TokenRestrictedSids, TokenSessionId, TokenGroupsAndPrivileges, TokenSessionReference, TokenSandBoxInert, TokenAuditPolicy, TokenOrigin, MaxTokenInfoClass // MaxTokenInfoClass should always be the last enum} TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS;
//// Token information class structures//
typedef struct _TOKEN_USER { SID_AND_ATTRIBUTES User;} TOKEN_USER, *PTOKEN_USER;
typedef struct _TOKEN_GROUPS { ULONG GroupCount; SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];} TOKEN_GROUPS, *PTOKEN_GROUPS;
typedef struct _TOKEN_PRIVILEGES { ULONG PrivilegeCount; LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES;
typedef struct _TOKEN_OWNER { PSID Owner;} TOKEN_OWNER, *PTOKEN_OWNER;
typedef struct _TOKEN_PRIMARY_GROUP { PSID PrimaryGroup;} TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
typedef struct _TOKEN_DEFAULT_DACL { PACL DefaultDacl;} TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
typedef struct _TOKEN_GROUPS_AND_PRIVILEGES { ULONG SidCount; ULONG SidLength; PSID_AND_ATTRIBUTES Sids; ULONG RestrictedSidCount; ULONG RestrictedSidLength; PSID_AND_ATTRIBUTES RestrictedSids; ULONG PrivilegeCount; ULONG PrivilegeLength; PLUID_AND_ATTRIBUTES Privileges; LUID AuthenticationId;} TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES;
//// Valid bits for each TOKEN_AUDIT_POLICY policy mask field.//
#define TOKEN_AUDIT_SUCCESS_INCLUDE 0x1#define TOKEN_AUDIT_SUCCESS_EXCLUDE 0x2#define TOKEN_AUDIT_FAILURE_INCLUDE 0x4#define TOKEN_AUDIT_FAILURE_EXCLUDE 0x8
#define VALID_AUDIT_POLICY_BITS (TOKEN_AUDIT_SUCCESS_INCLUDE | \ TOKEN_AUDIT_SUCCESS_EXCLUDE | \ TOKEN_AUDIT_FAILURE_INCLUDE | \ TOKEN_AUDIT_FAILURE_EXCLUDE)
#define VALID_TOKEN_AUDIT_POLICY_ELEMENT(P) ((((P).PolicyMask & ~VALID_AUDIT_POLICY_BITS) == 0) && \ ((P).Category <= AuditEventMaxType))
typedef struct _TOKEN_AUDIT_POLICY_ELEMENT { ULONG Category; ULONG PolicyMask;} TOKEN_AUDIT_POLICY_ELEMENT, *PTOKEN_AUDIT_POLICY_ELEMENT;
typedef struct _TOKEN_AUDIT_POLICY { ULONG PolicyCount; TOKEN_AUDIT_POLICY_ELEMENT Policy[ANYSIZE_ARRAY];} TOKEN_AUDIT_POLICY, *PTOKEN_AUDIT_POLICY;
#define PER_USER_AUDITING_POLICY_SIZE(p) \ ( sizeof(TOKEN_AUDIT_POLICY) + (((p)->PolicyCount > ANYSIZE_ARRAY) ? (sizeof(TOKEN_AUDIT_POLICY_ELEMENT) * ((p)->PolicyCount - ANYSIZE_ARRAY)) : 0) )#define PER_USER_AUDITING_POLICY_SIZE_BY_COUNT(C) \ ( sizeof(TOKEN_AUDIT_POLICY) + (((C) > ANYSIZE_ARRAY) ? (sizeof(TOKEN_AUDIT_POLICY_ELEMENT) * ((C) - ANYSIZE_ARRAY)) : 0) )
// end_winnt end_ntifs
typedef enum _PROXY_CLASS { ProxyFull, ProxyService, ProxyTree, ProxyDirectory} PROXY_CLASS, * PPROXY_CLASS;
typedef struct _SECURITY_TOKEN_PROXY_DATA { ULONG Length; PROXY_CLASS ProxyClass; UNICODE_STRING PathInfo; ACCESS_MASK ContainerMask; ACCESS_MASK ObjectMask;} SECURITY_TOKEN_PROXY_DATA, *PSECURITY_TOKEN_PROXY_DATA;
typedef struct _SECURITY_TOKEN_AUDIT_DATA { ULONG Length; ACCESS_MASK GrantMask; ACCESS_MASK DenyMask;} SECURITY_TOKEN_AUDIT_DATA, *PSECURITY_TOKEN_AUDIT_DATA;
// begin_ntifs begin_winnt
#define TOKEN_SOURCE_LENGTH 8
typedef struct _TOKEN_SOURCE { CHAR SourceName[TOKEN_SOURCE_LENGTH]; LUID SourceIdentifier;} TOKEN_SOURCE, *PTOKEN_SOURCE;
typedef struct _TOKEN_STATISTICS { LUID TokenId; LUID AuthenticationId; LARGE_INTEGER ExpirationTime; TOKEN_TYPE TokenType; SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; ULONG DynamicCharged; ULONG DynamicAvailable; ULONG GroupCount; ULONG PrivilegeCount; LUID ModifiedId;} TOKEN_STATISTICS, *PTOKEN_STATISTICS;
typedef struct _TOKEN_CONTROL { LUID TokenId; LUID AuthenticationId; LUID ModifiedId; TOKEN_SOURCE TokenSource;} TOKEN_CONTROL, *PTOKEN_CONTROL;
typedef struct _TOKEN_ORIGIN { LUID OriginatingLogonSession ;} TOKEN_ORIGIN, * PTOKEN_ORIGIN ;
// end_winnt// end_ntifs
// begin_wdm begin_ntddk begin_ntifs begin_winnt//// Security Tracking Mode//
#define SECURITY_DYNAMIC_TRACKING (TRUE)#define SECURITY_STATIC_TRACKING (FALSE)
typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE, * PSECURITY_CONTEXT_TRACKING_MODE;
//// Quality Of Service//
typedef struct _SECURITY_QUALITY_OF_SERVICE { ULONG Length; SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode; BOOLEAN EffectiveOnly; } SECURITY_QUALITY_OF_SERVICE, * PSECURITY_QUALITY_OF_SERVICE;
// end_winnt end_wdm end_ntddk end_ntifs
//// Advanced Quality of Service//
typedef struct _SECURITY_ADVANCED_QUALITY_OF_SERVICE { ULONG Length; SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode; BOOLEAN EffectiveOnly; PSECURITY_TOKEN_PROXY_DATA ProxyData; PSECURITY_TOKEN_AUDIT_DATA AuditData;} SECURITY_ADVANCED_QUALITY_OF_SERVICE, *PSECURITY_ADVANCED_QUALITY_OF_SERVICE;
// begin_wdm begin_ntddk begin_ntifs begin_winnt
//// Used to represent information related to a thread impersonation//
typedef struct _SE_IMPERSONATION_STATE { PACCESS_TOKEN Token; BOOLEAN CopyOnOpen; BOOLEAN EffectiveOnly; SECURITY_IMPERSONATION_LEVEL Level;} SE_IMPERSONATION_STATE, *PSE_IMPERSONATION_STATE;
// end_winnt end_wdm end_ntddk end_ntifs
�////////////////////////////////////////////////////////////////////////// //// Flags for NtFilerToken //// //////////////////////////////////////////////////////////////////////////
#define DISABLE_MAX_PRIVILEGE 0x1 // winnt#define SANDBOX_INERT 0x2 // winnt
�////////////////////////////////////////////////////////////////////////// //// General Security definitions //// //////////////////////////////////////////////////////////////////////////
//// Security information associated with objects.// Used for query operations.//// This will be extended in the future to include mandatory access control.//
// begin_winnt begin_wdm begin_ntddk begin_nthal begin_ntifs
typedef ULONG SECURITY_INFORMATION, *PSECURITY_INFORMATION;
#define OWNER_SECURITY_INFORMATION (0x00000001L)#define GROUP_SECURITY_INFORMATION (0x00000002L)#define DACL_SECURITY_INFORMATION (0x00000004L)#define SACL_SECURITY_INFORMATION (0x00000008L)
#define PROTECTED_DACL_SECURITY_INFORMATION (0x80000000L)#define PROTECTED_SACL_SECURITY_INFORMATION (0x40000000L)#define UNPROTECTED_DACL_SECURITY_INFORMATION (0x20000000L)#define UNPROTECTED_SACL_SECURITY_INFORMATION (0x10000000L)
// end_winnt end_wdm end_ntddk end_nthal end_ntifs
//// used for password manipulations//
typedef struct _SECURITY_SEED_AND_LENGTH { UCHAR Length; UCHAR Seed;} SECURITY_SEED_AND_LENGTH, *PSECURITY_SEED_AND_LENGTH;
�////////////////////////////////////////////////////////////////////////// //// Security System Service Defnitions //// //////////////////////////////////////////////////////////////////////////
//// Security check system services//
NTSYSCALLAPINTSTATUSNTAPINtAccessCheck ( IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN HANDLE ClientToken, IN ACCESS_MASK DesiredAccess, IN PGENERIC_MAPPING GenericMapping, OUT PPRIVILEGE_SET PrivilegeSet, IN OUT PULONG PrivilegeSetLength, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus );
NTSYSCALLAPINTSTATUSNTAPINtAccessCheckByType ( IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID PrincipalSelfSid, IN HANDLE ClientToken, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE_LIST ObjectTypeList, IN ULONG ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, OUT PPRIVILEGE_SET PrivilegeSet, IN OUT PULONG PrivilegeSetLength, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus );
NTSYSCALLAPINTSTATUSNTAPINtAccessCheckByTypeResultList ( IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID PrincipalSelfSid, IN HANDLE ClientToken, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE_LIST ObjectTypeList, IN ULONG ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, OUT PPRIVILEGE_SET PrivilegeSet, IN OUT PULONG PrivilegeSetLength, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus );
�///////////////////////////////////////////////////////////////////////// //// Token Object System Services //// /////////////////////////////////////////////////////////////////////////
NTSYSCALLAPINTSTATUSNTAPINtCreateToken( OUT PHANDLE TokenHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN TOKEN_TYPE TokenType, IN PLUID AuthenticationId, IN PLARGE_INTEGER ExpirationTime, IN PTOKEN_USER User, IN PTOKEN_GROUPS Groups, IN PTOKEN_PRIVILEGES Privileges, IN PTOKEN_OWNER Owner OPTIONAL, IN PTOKEN_PRIMARY_GROUP PrimaryGroup, IN PTOKEN_DEFAULT_DACL DefaultDacl OPTIONAL, IN PTOKEN_SOURCE TokenSource );
NTSYSCALLAPINTSTATUSNTAPINtCompareTokens( IN HANDLE FirstTokenHandle, IN HANDLE SecondTokenHandle, OUT PBOOLEAN Equal );
// begin_ntifs
NTSYSCALLAPINTSTATUSNTAPINtOpenThreadToken( IN HANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN BOOLEAN OpenAsSelf, OUT PHANDLE TokenHandle );
NTSYSCALLAPINTSTATUSNTAPINtOpenThreadTokenEx( IN HANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN BOOLEAN OpenAsSelf, IN ULONG HandleAttributes, OUT PHANDLE TokenHandle );
NTSYSCALLAPINTSTATUSNTAPINtOpenProcessToken( IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle );
NTSYSCALLAPINTSTATUSNTAPINtOpenProcessTokenEx( IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, OUT PHANDLE TokenHandle );
NTSYSAPINTSTATUSNTAPINtOpenJobObjectToken( IN HANDLE JobHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle );
NTSYSCALLAPINTSTATUSNTAPINtDuplicateToken( IN HANDLE ExistingTokenHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN BOOLEAN EffectiveOnly, IN TOKEN_TYPE TokenType, OUT PHANDLE NewTokenHandle );
NTSYSCALLAPINTSTATUSNTAPINtFilterToken ( IN HANDLE ExistingTokenHandle, IN ULONG Flags, IN PTOKEN_GROUPS SidsToDisable OPTIONAL, IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL, IN PTOKEN_GROUPS RestrictedSids OPTIONAL, OUT PHANDLE NewTokenHandle );
NTSYSCALLAPINTSTATUSNTAPINtImpersonateAnonymousToken( IN HANDLE ThreadHandle );
NTSYSCALLAPINTSTATUSNTAPINtQueryInformationToken ( IN HANDLE TokenHandle, IN TOKEN_INFORMATION_CLASS TokenInformationClass, OUT PVOID TokenInformation, IN ULONG TokenInformationLength, OUT PULONG ReturnLength );
NTSYSCALLAPINTSTATUSNTAPINtSetInformationToken ( IN HANDLE TokenHandle, IN TOKEN_INFORMATION_CLASS TokenInformationClass, IN PVOID TokenInformation, IN ULONG TokenInformationLength );
NTSYSCALLAPINTSTATUSNTAPINtAdjustPrivilegesToken ( IN HANDLE TokenHandle, IN BOOLEAN DisableAllPrivileges, IN PTOKEN_PRIVILEGES NewState OPTIONAL, IN ULONG BufferLength OPTIONAL, OUT PTOKEN_PRIVILEGES PreviousState OPTIONAL, OUT PULONG ReturnLength );
NTSYSCALLAPINTSTATUSNTAPINtAdjustGroupsToken ( IN HANDLE TokenHandle, IN BOOLEAN ResetToDefault, IN PTOKEN_GROUPS NewState OPTIONAL, IN ULONG BufferLength OPTIONAL, OUT PTOKEN_GROUPS PreviousState OPTIONAL, OUT PULONG ReturnLength );
NTSYSCALLAPINTSTATUSNTAPINtPrivilegeCheck ( IN HANDLE ClientToken, IN OUT PPRIVILEGE_SET RequiredPrivileges, OUT PBOOLEAN Result );
NTSYSCALLAPINTSTATUSNTAPINtAccessCheckAndAuditAlarm ( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN PUNICODE_STRING ObjectTypeName, IN PUNICODE_STRING ObjectName, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ACCESS_MASK DesiredAccess, IN PGENERIC_MAPPING GenericMapping, IN BOOLEAN ObjectCreation, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus, OUT PBOOLEAN GenerateOnClose );
NTSYSCALLAPINTSTATUSNTAPINtAccessCheckByTypeAndAuditAlarm ( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN PUNICODE_STRING ObjectTypeName, IN PUNICODE_STRING ObjectName, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID PrincipalSelfSid, IN ACCESS_MASK DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN ULONG Flags, IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL, IN ULONG ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOLEAN ObjectCreation, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus, OUT PBOOLEAN GenerateOnClose );
NTSYSCALLAPINTSTATUSNTAPINtAccessCheckByTypeResultListAndAuditAlarm ( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN PUNICODE_STRING ObjectTypeName, IN PUNICODE_STRING ObjectName, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID PrincipalSelfSid, IN ACCESS_MASK DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN ULONG Flags, IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL, IN ULONG ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOLEAN ObjectCreation, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus, OUT PBOOLEAN GenerateOnClose );
NTSYSCALLAPINTSTATUSNTAPINtAccessCheckByTypeResultListAndAuditAlarmByHandle ( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN HANDLE ClientToken, IN PUNICODE_STRING ObjectTypeName, IN PUNICODE_STRING ObjectName, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID PrincipalSelfSid, IN ACCESS_MASK DesiredAccess, IN AUDIT_EVENT_TYPE AuditType, IN ULONG Flags, IN POBJECT_TYPE_LIST ObjectTypeList OPTIONAL, IN ULONG ObjectTypeListLength, IN PGENERIC_MAPPING GenericMapping, IN BOOLEAN ObjectCreation, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus, OUT PBOOLEAN GenerateOnClose );
NTSYSCALLAPINTSTATUSNTAPINtOpenObjectAuditAlarm ( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId OPTIONAL, IN PUNICODE_STRING ObjectTypeName, IN PUNICODE_STRING ObjectName, IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL, IN HANDLE ClientToken, IN ACCESS_MASK DesiredAccess, IN ACCESS_MASK GrantedAccess, IN PPRIVILEGE_SET Privileges OPTIONAL, IN BOOLEAN ObjectCreation, IN BOOLEAN AccessGranted, OUT PBOOLEAN GenerateOnClose );
NTSYSCALLAPINTSTATUSNTAPINtPrivilegeObjectAuditAlarm ( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN HANDLE ClientToken, IN ACCESS_MASK DesiredAccess, IN PPRIVILEGE_SET Privileges, IN BOOLEAN AccessGranted );
NTSYSCALLAPINTSTATUSNTAPINtCloseObjectAuditAlarm ( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN BOOLEAN GenerateOnClose );
NTSYSCALLAPINTSTATUSNTAPINtDeleteObjectAuditAlarm ( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN BOOLEAN GenerateOnClose );
NTSYSCALLAPINTSTATUSNTAPINtPrivilegedServiceAuditAlarm ( IN PUNICODE_STRING SubsystemName, IN PUNICODE_STRING ServiceName, IN HANDLE ClientToken, IN PPRIVILEGE_SET Privileges, IN BOOLEAN AccessGranted );
// end_ntifs
#ifdef __cplusplus}#endif
#endif // _NTSEAPI_
|
