/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
 */

#ifndef _SECURITY_NDL_
#define	_SECURITY_NDL_

#define	USE_UINT_ENUMS 1

struct GUID {
	DWORD time_low;
	WORD time_mid;
	WORD time_hi_and_version;
	BYTE clock_seq[2];
	BYTE node[6];
};

#define	SEC_MASK_GENERIC	0xF0000000
#define	SEC_MASK_FLAGS		0x0F000000
#define	SEC_MASK_STANDARD	0x00FF0000
#define	SEC_MASK_SPECIFIC	0x0000FFFF
#define	SEC_GENERIC_ALL		0x10000000
#define	SEC_GENERIC_EXECUTE	0x20000000
#define	SEC_GENERIC_WRITE	0x40000000
#define	SEC_GENERIC_READ	0x80000000
#define	SEC_FLAG_SYSTEM_SECURITY 0x01000000
#define	SEC_FLAG_MAXIMUM_ALLOWED 0x02000000
#define	SEC_STD_DELETE		0x00010000
#define	SEC_STD_READ_CONTROL	0x00020000
#define	SEC_STD_WRITE_DAC	0x00040000
#define	SEC_STD_WRITE_OWNER	0x00080000
#define	SEC_STD_SYNCHRONIZE	0x00100000
#define	SEC_STD_REQUIRED	0x000F0000
#define	SEC_STD_ALL		0x001F0000
#define	SEC_FILE_READ_DATA	0x00000001
#define	SEC_FILE_WRITE_DATA	0x00000002
#define	SEC_FILE_APPEND_DATA	0x00000004
#define	SEC_FILE_READ_EA	0x00000008
#define	SEC_FILE_WRITE_EA	0x00000010
#define	SEC_FILE_EXECUTE	0x00000020
#define	SEC_FILE_READ_ATTRIBUTE	0x00000080
#define	SEC_FILE_WRITE_ATTRIBUTE 0x00000100
#define	SEC_FILE_ALL		0x000001ff
#define	SEC_DIR_LIST		0x00000001
#define	SEC_DIR_ADD_FILE	0x00000002
#define	SEC_DIR_ADD_SUBDIR	0x00000004
#define	SEC_DIR_READ_EA		0x00000008
#define	SEC_DIR_WRITE_EA	0x00000010
#define	SEC_DIR_TRAVERSE	0x00000020
#define	SEC_DIR_DELETE_CHILD	0x00000040
#define	SEC_DIR_READ_ATTRIBUTE	0x00000080
#define	SEC_DIR_WRITE_ATTRIBUTE	0x00000100
#define	SEC_REG_QUERY_VALUE	0x00000001
#define	SEC_REG_SET_VALUE	0x00000002
#define	SEC_REG_CREATE_SUBKEY	0x00000004
#define	SEC_REG_ENUM_SUBKEYS	0x00000008
#define	SEC_REG_NOTIFY		0x00000010
#define	SEC_REG_CREATE_LINK	0x00000020
#define	SEC_ADS_CREATE_CHILD	0x00000001
#define	SEC_ADS_DELETE_CHILD	0x00000002
#define	SEC_ADS_LIST		0x00000004
#define	SEC_ADS_SELF_WRITE	0x00000008
#define	SEC_ADS_READ_PROP	0x00000010
#define	SEC_ADS_WRITE_PROP	0x00000020
#define	SEC_ADS_DELETE_TREE	0x00000040
#define	SEC_ADS_LIST_OBJECT	0x00000080
#define	SEC_ADS_CONTROL_ACCESS	0x00000100
#define	SEC_RIGHTS_FILE_READ	SEC_STD_READ_CONTROL|SEC_STD_SYNCHRONIZE|SEC_FILE_READ_DATA|SEC_FILE_READ_ATTRIBUTE|SEC_FILE_READ_EA
#define	SEC_RIGHTS_FILE_WRITE	SEC_STD_READ_CONTROL|SEC_STD_SYNCHRONIZE|SEC_FILE_WRITE_DATA|SEC_FILE_WRITE_ATTRIBUTE|SEC_FILE_WRITE_EA|SEC_FILE_APPEND_DATA
#define	SEC_RIGHTS_FILE_EXECUTE	SEC_STD_SYNCHRONIZE|SEC_STD_READ_CONTROL|SEC_FILE_READ_ATTRIBUTE|SEC_FILE_EXECUTE
#define	SEC_RIGHTS_FILE_ALL	SEC_STD_ALL|SEC_FILE_ALL
#define	SEC_RIGHTS_DIR_READ	SEC_RIGHTS_FILE_READ
#define	SEC_RIGHTS_DIR_WRITE	SEC_RIGHTS_FILE_WRITE
#define	SEC_RIGHTS_DIR_EXECUTE	SEC_RIGHTS_FILE_EXECUTE
#define	SEC_RIGHTS_DIR_ALL	SEC_RIGHTS_FILE_ALL
#define	SID_NULL		"S-1-0-0"
#define	SID_WORLD_DOMAIN	"S-1-1"
#define	SID_WORLD		"S-1-1-0"
#define	SID_CREATOR_OWNER_DOMAIN "S-1-3"
#define	SID_CREATOR_OWNER	"S-1-3-0"
#define	SID_CREATOR_GROUP	"S-1-3-1"
#define	SID_NT_AUTHORITY	"S-1-5"
#define	SID_NT_DIALUP		"S-1-5-1"
#define	SID_NT_NETWORK		"S-1-5-2"
#define	SID_NT_BATCH		"S-1-5-3"
#define	SID_NT_INTERACTIVE	"S-1-5-4"
#define	SID_NT_SERVICE		"S-1-5-6"
#define	SID_NT_ANONYMOUS	"S-1-5-7"
#define	SID_NT_PROXY		"S-1-5-8"
#define	SID_NT_ENTERPRISE_DCS	"S-1-5-9"
#define	SID_NT_SELF		"S-1-5-10"
#define	SID_NT_AUTHENTICATED_USERS "S-1-5-11"
#define	SID_NT_RESTRICTED	"S-1-5-12"
#define	SID_NT_TERMINAL_SERVER_USERS "S-1-5-13"
#define	SID_NT_REMOTE_INTERACTIVE "S-1-5-14"
#define	SID_NT_THIS_ORGANISATION  "S-1-5-15"
#define	SID_NT_SYSTEM		"S-1-5-18"
#define	SID_NT_LOCAL_SERVICE	"S-1-5-19"
#define	SID_NT_NETWORK_SERVICE	"S-1-5-20"
#define	SID_BUILTIN		"S-1-5-32"
#define	SID_BUILTIN_ADMINISTRATORS "S-1-5-32-544"
#define	SID_BUILTIN_USERS	"S-1-5-32-545"
#define	SID_BUILTIN_GUESTS	"S-1-5-32-546"
#define	SID_BUILTIN_POWER_USERS	"S-1-5-32-547"
#define	SID_BUILTIN_ACCOUNT_OPERATORS	"S-1-5-32-548"
#define	SID_BUILTIN_SERVER_OPERATORS	"S-1-5-32-549"
#define	SID_BUILTIN_PRINT_OPERATORS	"S-1-5-32-550"
#define	SID_BUILTIN_BACKUP_OPERATORS	"S-1-5-32-551"
#define	SID_BUILTIN_REPLICATOR	"S-1-5-32-552"
#define	SID_BUILTIN_RAS_SERVERS	"S-1-5-32-553"
#define	SID_BUILTIN_PREW2K	"S-1-5-32-554"
#define	DOMAIN_RID_LOGON	9
#define	DOMAIN_RID_ADMINISTRATOR 500
#define	DOMAIN_RID_GUEST	501
#define	DOMAIN_RID_ADMINS	512
#define	DOMAIN_RID_USERS	513
#define	DOMAIN_RID_DCS		516
#define	DOMAIN_RID_CERT_ADMINS	517
#define	DOMAIN_RID_SCHEMA_ADMINS 518
#define	DOMAIN_RID_ENTERPRISE_ADMINS 519
#define	NT4_ACL_REVISION	SECURITY_ACL_REVISION_NT4
#define	SD_REVISION		SECURITY_DESCRIPTOR_REVISION_1

#ifndef USE_UINT_ENUMS
	enum sec_privilege {
	SEC_PRIV_SECURITY=1,
	SEC_PRIV_BACKUP=2,
	SEC_PRIV_RESTORE=3,
	SEC_PRIV_SYSTEMTIME=4,
	SEC_PRIV_SHUTDOWN=5,
	SEC_PRIV_REMOTE_SHUTDOWN=6,
	SEC_PRIV_TAKE_OWNERSHIP=7,
	SEC_PRIV_DEBUG=8,
	SEC_PRIV_SYSTEM_ENVIRONMENT=9,
	SEC_PRIV_SYSTEM_PROFILE=10,
	SEC_PRIV_PROFILE_SINGLE_PROCESS=11,
	SEC_PRIV_INCREASE_BASE_PRIORITY=12,
	SEC_PRIV_LOAD_DRIVER=13,
	SEC_PRIV_CREATE_PAGEFILE=14,
	SEC_PRIV_INCREASE_QUOTA=15,
	SEC_PRIV_CHANGE_NOTIFY=16,
	SEC_PRIV_UNDOCK=17,
	SEC_PRIV_MANAGE_VOLUME=18,
	SEC_PRIV_IMPERSONATE=19,
	SEC_PRIV_CREATE_GLOBAL=20,
	SEC_PRIV_ENABLE_DELEGATION=21,
	SEC_PRIV_INTERACTIVE_LOGON=22,
	SEC_PRIV_NETWORK_LOGON=23,
	SEC_PRIV_REMOTE_INTERACTIVE_LOGON=24
};
#else

#define	SEC_PRIV_SECURITY			1
#define	SEC_PRIV_BACKUP				2
#define	SEC_PRIV_RESTORE			3
#define	SEC_PRIV_SYSTEMTIME			4
#define	SEC_PRIV_SHUTDOWN			5
#define	SEC_PRIV_REMOTE_SHUTDOWN		6
#define	SEC_PRIV_TAKE_OWNERSHIP			7
#define	SEC_PRIV_DEBUG				8
#define	SEC_PRIV_SYSTEM_ENVIRONMENT		9
#define	SEC_PRIV_SYSTEM_PROFILE			10
#define	SEC_PRIV_PROFILE_SINGLE_PROCESS		11
#define	SEC_PRIV_INCREASE_BASE_PRIORITY		12
#define	SEC_PRIV_LOAD_DRIVER			13
#define	SEC_PRIV_CREATE_PAGEFILE		14
#define	SEC_PRIV_INCREASE_QUOTA			15
#define	SEC_PRIV_CHANGE_NOTIFY			16
#define	SEC_PRIV_UNDOCK				17
#define	SEC_PRIV_MANAGE_VOLUME			18
#define	SEC_PRIV_IMPERSONATE			19
#define	SEC_PRIV_CREATE_GLOBAL			20
#define	SEC_PRIV_ENABLE_DELEGATION		21
#define	SEC_PRIV_INTERACTIVE_LOGON		22
#define	SEC_PRIV_NETWORK_LOGON			23
#define	SEC_PRIV_REMOTE_INTERACTIVE_LOGON	24
#endif

struct dom_sid {
	BYTE sid_rev_num;
	BYTE num_auths;
	BYTE id_auth[6];
	DWORD *sub_auths;
};

/*
 * bitmap security_ace_flags
 */
#define	SEC_ACE_FLAG_OBJECT_INHERIT		0x01
#define	SEC_ACE_FLAG_CONTAINER_INHERIT		0x02
#define	SEC_ACE_FLAG_NO_PROPAGATE_INHERIT	0x04
#define	SEC_ACE_FLAG_INHERIT_ONLY		0x08
#define	SEC_ACE_FLAG_INHERITED_ACE		0x10
#define	SEC_ACE_FLAG_VALID_INHERIT		0x0f
#define	SEC_ACE_FLAG_SUCCESSFUL_ACCESS		0x40
#define	SEC_ACE_FLAG_FAILED_ACCESS		0x80

#ifndef USE_UINT_ENUMS
enum security_ace_type {
	SEC_ACE_TYPE_ACCESS_ALLOWED=0,
	SEC_ACE_TYPE_ACCESS_DENIED=1,
	SEC_ACE_TYPE_SYSTEM_AUDIT=2,
	SEC_ACE_TYPE_SYSTEM_ALARM=3,
	SEC_ACE_TYPE_ALLOWED_COMPOUND=4,
	SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT=5,
	SEC_ACE_TYPE_ACCESS_DENIED_OBJECT=6,
	SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT=7,
	SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT=8
};
#else
#define	SEC_ACE_TYPE_ACCESS_ALLOWED		0
#define	SEC_ACE_TYPE_ACCESS_DENIED		1
#define	SEC_ACE_TYPE_SYSTEM_AUDIT		2
#define	SEC_ACE_TYPE_SYSTEM_ALARM		3
#define	SEC_ACE_TYPE_ALLOWED_COMPOUND		4
#define	SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT	5
#define	SEC_ACE_TYPE_ACCESS_DENIED_OBJECT	6
#define	SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT	7
#define	SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT	8
#endif

/*
 * bitmap security_ace_object_flags
 */
#define	SEC_ACE_OBJECT_TYPE_PRESENT		0x00000001
#define	SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT	0x00000002

union security_ace_object_type {
	CASE(0) struct GUID type;
};

union security_ace_object_inherited_type {
	CASE(0) struct GUID inherited_type;
};

struct security_ace_object {
	DWORD flags;
};

union security_ace_object_ctr {
	CASE(0) struct security_ace_object object;
};

struct security_ace {
	DWORD security_ace_type;
	BYTE flags;
	WORD size;
	DWORD access_mask;
	struct dom_sid trustee;
};

#ifndef USE_UINT_ENUMS
enum security_acl_revision {
	SECURITY_ACL_REVISION_NT4=2,
	SECURITY_ACL_REVISION_ADS=4
};
#else
#define	SECURITY_ACL_REVISION_NT4	2
#define	SECURITY_ACL_REVISION_ADS	4
#endif

struct security_acl {
	DWORD security_acl_revision;
	WORD size;
	DWORD num_aces;
	struct security_ace *aces;
};

#ifndef USE_UINT_ENUMS
enum security_descriptor_revision {
	SECURITY_DESCRIPTOR_REVISION_1=1
};
#else
#define	SECURITY_DESCRIPTOR_REVISION_1	1
#endif

/*
 * bitmap security_descriptor_type
 */
#define	SEC_DESC_OWNER_DEFAULTED	0x0001
#define	SEC_DESC_GROUP_DEFAULTED	0x0002
#define	SEC_DESC_DACL_PRESENT		0x0004
#define	SEC_DESC_DACL_DEFAULTED		0x0008
#define	SEC_DESC_SACL_PRESENT		0x0010
#define	SEC_DESC_SACL_DEFAULTED		0x0020
#define	SEC_DESC_DACL_TRUSTED		0x0040
#define	SEC_DESC_SERVER_SECURITY	0x0080
#define	SEC_DESC_DACL_AUTO_INHERIT_REQ	0x0100
#define	SEC_DESC_SACL_AUTO_INHERIT_REQ	0x0200
#define	SEC_DESC_DACL_AUTO_INHERITED	0x0400
#define	SEC_DESC_SACL_AUTO_INHERITED	0x0800
#define	SEC_DESC_DACL_PROTECTED		0x1000
#define	SEC_DESC_SACL_PROTECTED		0x2000
#define	SEC_DESC_RM_CONTROL_VALID	0x4000
#define	SEC_DESC_SELF_RELATIVE		0x8000

struct security_descriptor {
	WORD revision;
	WORD type;
	DWORD ownersid;
	DWORD groupsid;
	DWORD sacl;
	DWORD dacl;
};

struct sec_desc_buf {
	DWORD sd_size;
	struct security_descriptor *sd;
};

struct security_token {
	struct dom_sid *user_sid;
	struct dom_sid *group_sid;
	DWORD num_sids;
	DWORD privilege_mask1;
	DWORD privilege_mask2;
};

/* 
 * bitmap security_secinfo
 */
#define	SECINFO_OWNER		0x00000001
#define	SECINFO_GROUP		0x00000002
#define	SECINFO_DACL		0x00000004
#define	SECINFO_SACL		0x00000008

#endif /* _SECURITY_NDL_ */