Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

389 lines
16 KiB

  1. //+-------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1992-1999.
  5. //
  6. // File: CAIROSEAPI.H
  7. //
  8. // Contents: This file contains the stuff to be merged with ntseapi.h
  9. // after Daytona ships.
  10. //
  11. // This file contains the CAIROSID structure to
  12. // be used by Cairo interchangebly with the NT SID structure.
  13. // Also included is the planned Cairo SID structure to
  14. // be used when the SID revision is changed. This change
  15. // will not occur until after Daytona ships because of the
  16. // extent of the kernel changes required.
  17. // The same is true of the ACE structure; there is a current
  18. // Cairo version, and, commented out, the planned Cairo
  19. // version when the ACL revision is changed.
  20. //
  21. // History: 7/94 davemont created
  22. //
  23. //--------------------------------------------------------------------------
  24. #include <nt.h>
  25. #if !defined( __CAIROSEAPI_H__ )
  26. #define __CAIROSEAPI_H__
  27. #if _MSC_VER > 1000
  28. #pragma once
  29. #endif
  30. ////////////////////////////////////////////////////////////////////////
  31. // //
  32. // Cairo Security Id (CAIROSID) //
  33. // //
  34. ////////////////////////////////////////////////////////////////////////
  35. //
  36. //
  37. // Pictorially the structure of an Cairo SID is as follows:
  38. //
  39. // 1 1 1 1 1 1
  40. // 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
  41. // +---------------------------------------------------------------+
  42. // | SubAuthorityCount = 10 |Reserved1 (SBZ)| Revision |
  43. // +---------------------------------------------------------------+
  44. // | IdentifierAuthority[0,1] |
  45. // +---------------------------------------------------------------+
  46. // | IdentifierAuthority[2,3] |
  47. // +---------------------------------------------------------------+
  48. // | IdentifierAuthority[4,5] = 5 |
  49. // +---------------------------------------------------------------+
  50. // | |
  51. // +- - SubAuthority[0] = SECURITY_NT2_NON_UNIQUE = 16 - - - - -+
  52. // | |
  53. // +---------------------------------------------------------------+
  54. // | |
  55. // +- - SubAuthority[1] = SECURITY_NT2_REVISION_RID = 0 - - - -+
  56. // | |
  57. // +---------------------------------------------------------------+
  58. // | |
  59. // +- - - - - - - - Domain ID - - - - - - - - - - -+
  60. // | |
  61. // +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -+
  62. // | |
  63. // +- - - - - - - - - - - - - - - - - - - - - -+
  64. // | |
  65. // +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -+
  66. // | |
  67. // +- - - - - - - - - - - - - - - - - - - - - -+
  68. // | |
  69. // +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -+
  70. // | |
  71. // +- - - - - - - - - - - - - - - - - - - - - -+
  72. // | |
  73. // +---------------------------------------------------------------+
  74. // | |
  75. // +- - - - - - - - Rid - - - - - - - - - - - - -+
  76. // | |
  77. // +---------------------------------------------------------------+
  78. //
  79. //
  80. //
  81. #define CAIROSID_SUBAUTHORITY_COUNT 7
  82. #define SECURITY_NT2_NON_UNIQUE 16
  83. #define SECURITY_NT2_REVISION_RID 0
  84. typedef struct _CAIROSID {
  85. UCHAR Revision;
  86. UCHAR SubAuthorityCount;
  87. SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
  88. ULONG ZerothSubAuthority;
  89. ULONG FirstSubAuthority;
  90. GUID sDomain;
  91. ULONG rid;
  92. } CAIROSID, *PICAIROSID;
  93. ////////////////////////////////////////////////////////////////////////
  94. // //
  95. // ACL and ACE //
  96. // //
  97. ////////////////////////////////////////////////////////////////////////
  98. //
  99. //
  100. // Define an ACL and the ACE format. The structure of an ACL header
  101. // followed by one or more ACEs. Pictorally the structure of an ACL header
  102. // is as follows:
  103. //
  104. // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
  105. // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
  106. // +-------------------------------+---------------+---------------+
  107. // | AclSize | Sbz1 | AclRevision |
  108. // +-------------------------------+---------------+---------------+
  109. // | Sbz2 | AceCount |
  110. // +-------------------------------+-------------------------------+
  111. //
  112. // The current AclRevision is defined to be ACL_REVISION.
  113. //
  114. // AclSize is the size, in bytes, allocated for the ACL. This includes
  115. // the ACL header, ACES, and remaining free space in the buffer.
  116. //
  117. // AceCount is the number of ACES in the ACL.
  118. //
  119. //
  120. //#define CAIRO_ACL_REVISION (3)
  121. //
  122. //
  123. // The structure of an ACE is a common ace header followed by ace type
  124. // specific data. Pictorally the structure of the common ace header is
  125. // as follows:
  126. //
  127. // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
  128. // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
  129. // +---------------+-------+-------+---------------+---------------+
  130. // | AceSize | AceFlags | AceType |
  131. // +---------------+-------+-------+---------------+---------------+
  132. //
  133. // AceType denotes the type of the ace, there are some predefined ace
  134. // types
  135. //
  136. // AceSize is the size, in bytes, of ace.
  137. //
  138. // AceFlags are the Ace flags for audit and inheritance, defined shortly.
  139. //
  140. //
  141. // The following are the predefined ace types that go into the AceType
  142. // field of an Ace header.
  143. //
  144. //
  145. // #define ACCESS_ALLOWED_ACE_TYPE (0x0)
  146. // #define ACCESS_DENIED_ACE_TYPE (0x1)
  147. // #define SYSTEM_AUDIT_ACE_TYPE (0x2)
  148. // #define SYSTEM_ALARM_ACE_TYPE (0x3)
  149. //
  150. // The following are the inherit flags that go into the AceFlags field
  151. // of an Ace header.
  152. //
  153. // #define OBJECT_INHERIT_ACE (0x1)
  154. // #define CONTAINER_INHERIT_ACE (0x2)
  155. // #define NO_PROPAGATE_INHERIT_ACE (0x4)
  156. // #define INHERIT_ONLY_ACE (0x8)
  157. // #define END_OF_INHERITED_ACE (0x10)
  158. // #define VALID_INHERIT_FLAGS (0x1F)
  159. // CAIRO ACE FLAGS
  160. //#define SIMPLE_CAIRO_ACE (OX0)
  161. //#define IMPERSONATE_CAIRO_ACE (0x1)
  162. // The following are the currently defined ACE flags that go into the
  163. // AceFlags field of an ACE header. Each ACE type has its own set of
  164. // AceFlags.
  165. //
  166. // SUCCESSFUL_ACCESS_ACE_FLAG - used only with system audit and alarm ACE
  167. // types to indicate that a message is generated for successful accesses.
  168. //
  169. // FAILED_ACCESS_ACE_FLAG - used only with system audit and alarm ACE types
  170. // to indicate that a message is generated for failed accesses.
  171. //
  172. //
  173. // SYSTEM_AUDIT and SYSTEM_ALARM AceFlags
  174. //
  175. // These control the signaling of audit and alarms for success or failure.
  176. //
  177. //
  178. //#define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
  179. //#define FAILED_ACCESS_ACE_FLAG (0x80)
  180. //
  181. //
  182. // Following is a picture of the current Cairo ACE. Right now we use
  183. // the extra space in the ACE after the SID to save the name. As a fail
  184. // safe the length of the name is stored, it must be less than the remaining
  185. // length of the ACE.
  186. //
  187. // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
  188. // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
  189. // +---------------+-------+-------+---------------+---------------+
  190. // | AceSize | AceFlags | AceType |
  191. // +---------------+-------+-------+---------------+---------------+
  192. // | Mask |
  193. // +---------------------------------------------------------------+
  194. // | |
  195. // | NT version of CairoSID |
  196. // | |
  197. // +---------------------------------------------------------------+
  198. // | [optional] length of name |
  199. // +---------------------------------------------------------------+
  200. // | [optional] name (null terminated) |
  201. // | |
  202. // | |
  203. // | |
  204. // | |
  205. // +---------------------------------------------------------------+
  206. //
  207. typedef struct _CAIRO_ACE {
  208. ACE_HEADER Header;
  209. ACCESS_MASK Mask;
  210. CAIROSID CSid;
  211. ULONG cNameLength;
  212. WCHAR Name[ANYSIZE_ARRAY];
  213. } CAIRO_ACE, *PCAIRO_ACE;
  214. //--------------------------------------------------------------------------
  215. //
  216. // Following is the final version of the Cairo ACE.
  217. //
  218. // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
  219. // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
  220. // +---------------+-------+-------+---------------+---------------+
  221. // | AceSize | AceFlags | AceType |
  222. // +---------------+-------+-------+---------------+---------------+
  223. // | Mask |
  224. // +---------------------------------------------------------------+
  225. // | AdvancedAceType | SidCount |
  226. // +---------------------------------------------------------------+
  227. // | |
  228. // + +
  229. // | SID |
  230. // + or +
  231. // | CairoSID |
  232. // + +
  233. // | |
  234. // +---------------------------------------------------------------+
  235. // | offset to ID name |
  236. // +---------------------------------------------------------------+
  237. // | [optional] |
  238. // + +
  239. // | SID |
  240. // + or +
  241. // | CairoSID |
  242. // + +
  243. // | |
  244. // +---------------------------------------------------------------+
  245. // | [optional] |
  246. // | offset to ID name |
  247. // +---------------------------------------------------------------+
  248. // | |
  249. // | name (null terminated) |
  250. // | |
  251. // +---------------------------------------------------------------+
  252. // | [optional] |
  253. // | name (null terminated) |
  254. // | |
  255. // +---------------------------------------------------------------+
  256. //
  257. //
  258. // Mask is the access mask associated with the ACE. This is either the
  259. // access allowed, access denied, audit, or alarm mask.
  260. //
  261. // Sid is the Sid associated with the ACE.
  262. //
  263. //
  264. //typedef struct _ACCESS_ACE {
  265. // ACE_HEADER Header;
  266. // ACCESS_MASK Mask;
  267. // USHORT AdvancedAceType;
  268. // USHORT SidCount;
  269. // ULONG SidStart;
  270. //} ACCESS_ACE;
  271. //typedef ACCESS_ACE *PACCESS_ACE;
  272. //
  273. //--------------------------------------------------------------------------
  274. //
  275. // Well-known identifiers
  276. //
  277. #if 0
  278. //
  279. // The on disk format for identifiers is as follows:
  280. //
  281. // SID Format:
  282. //
  283. // S-1-4-x1-x2-x3-x4-y1-y2-y3-y4
  284. //
  285. // Where the S-1-4 is a standard prefix for our identifiers
  286. //
  287. // x1-x4 are the GUID of the principal, mapped to consecutive ulongs
  288. // y1-y4 are the GUID of the principal's domain, mapped as above.
  289. //
  290. //
  291. // There are several well known "guids" which are used to represent either
  292. // artificial groups or domain-wide constants. These are listed below. To
  293. // use them, use the AllocateAndInitializeSid call.
  294. //
  295. //
  296. // This define is used to determine the needed size for the SID.
  297. //
  298. // You would use this as the second parameter to AllocateAndInitializeSid
  299. //
  300. #define SECURITY_SID_RID_COUNT 8
  301. #define SECURITY_NT2_AUTHORITY {0, 0, 0, 0, 0, 4}
  302. //
  303. // A well known "guid" exists to represent the local domain, which really
  304. // means local machine. This domain is assigned only to local identifiers.
  305. //
  306. #define SECURITY_LOCAL_DOMAIN_1 0
  307. #define SECURITY_LOCAL_DOMAIN_2 0
  308. #define SECURITY_LOCAL_DOMAIN_3 0
  309. #define SECURITY_LOCAL_DOMAIN_4 105
  310. #define SECURITY_LOCAL_DOMAIN_GUID {0, 0, 0, {0, 0, 0, 0, 105, 0, 0, 0} }
  311. //
  312. // A well known "guid" exists to represent the PRIVATE group. This group is
  313. // actually the same as the NT admin alias
  314. //
  315. #define SECURITY_PRIVATE_GROUP_SID_COUNT 2
  316. #define SECURITY_PRIVATE_GROUP_1 32
  317. #define SECURITY_PRIVATE_GROUP_2 544
  318. #define SECURITY_PRIVATE_GROUP_GUID {2, 32, 544, {0, 0, 0, 0, 0, 0, 0, 0}}
  319. //
  320. // A well known "guid" exists to represent the PUBLIC group. This group is
  321. // actually the same as the NT guest group.
  322. //
  323. #define SECURITY_PUBLIC_GROUP_SID_COUNT 2
  324. #define SECURITY_PUBLIC_GROUP_1 32
  325. #define SECURITY_PUBLIC_GROUP_2 545
  326. #define SECURITY_PUBLIC_GROUP_GUID {2, 32, 545, {0, 0, 0, 0, 0, 0, 0, 0}}
  327. //
  328. // A well known "guid" exists to represent the GUEST user. This group is
  329. // actually the same as the NT guest user.
  330. //
  331. #define SECURITY_GUEST_USER_SID_COUNT 2
  332. #define SECURITY_GUEST_USER_1 32
  333. #define SECURITY_GUEST_USER_2 501
  334. #define SECURITY_GUEST_USER_GUID {2, 32, 501, {0, 0, 0, 0, 0, 0, 0, 0}}
  335. #endif
  336. //
  337. // Next free rid is 0x256. Last free is 0x3e7 (999)
  338. // The local PRIVATE group. This is actually the same as the NT admin group
  339. #define DOMAIN_GROUP_RID_PRIVATE DOMAIN_ALIAS_RID_ADMINS
  340. // The local PUBLIC group. This is actually the same as the NT users group
  341. #define DOMAIN_GROUP_RID_PUBLIC DOMAIN_ALIAS_RID_USERS
  342. #define DOMAIN_GROUP_RID_BACKUP_OPS DOMAIN_ALIAS_RID_BACKUP_OPS
  343. #define DOMAIN_GROUP_RID_ACCOUNT_OPS DOMAIN_ALIAS_RID_ACCOUNT_OPS
  344. #define DOMAIN_GROUP_RID_PRINT_OPS DOMAIN_ALIAS_RID_PRINT_OPS
  345. #define DOMAIN_GROUP_RID_SERVER_OPS DOMAIN_ALIAS_RID_SYSTEM_OPS
  346. #define DOMAIN_SERVICE_RID_KDC 0x250
  347. #define DOMAIN_SERVICE_RID_DFSM 0x251
  348. #define DOMAIN_SERVICE_RID_DS_SERVER 0x252
  349. #define DOMAIN_SERVICE_RID_NTLMSVC 0x253
  350. #define DOMAIN_SERVICE_RID_PRIVSVR 0x254
  351. #define DOMAIN_SERVICE_RID_ORASVC 0x255
  352. // NULL Guid
  353. // #define SECURITY_NULL_GUID {0, 0, 0, {0, 0, 0, 0, 0, 0, 0, 0} }
  354. #endif // __CAIROSEAPI_H__