/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
*/
#ifndef _SECURITY_NDL_
#define _SECURITY_NDL_
#define USE_UINT_ENUMS 1
struct GUID {
DWORD time_low;
WORD time_mid;
WORD time_hi_and_version;
BYTE clock_seq[2];
BYTE node[6];
};
#define SEC_MASK_GENERIC 0xF0000000
#define SEC_MASK_FLAGS 0x0F000000
#define SEC_MASK_STANDARD 0x00FF0000
#define SEC_MASK_SPECIFIC 0x0000FFFF
#define SEC_GENERIC_ALL 0x10000000
#define SEC_GENERIC_EXECUTE 0x20000000
#define SEC_GENERIC_WRITE 0x40000000
#define SEC_GENERIC_READ 0x80000000
#define SEC_FLAG_SYSTEM_SECURITY 0x01000000
#define SEC_FLAG_MAXIMUM_ALLOWED 0x02000000
#define SEC_STD_DELETE 0x00010000
#define SEC_STD_READ_CONTROL 0x00020000
#define SEC_STD_WRITE_DAC 0x00040000
#define SEC_STD_WRITE_OWNER 0x00080000
#define SEC_STD_SYNCHRONIZE 0x00100000
#define SEC_STD_REQUIRED 0x000F0000
#define SEC_STD_ALL 0x001F0000
#define SEC_FILE_READ_DATA 0x00000001
#define SEC_FILE_WRITE_DATA 0x00000002
#define SEC_FILE_APPEND_DATA 0x00000004
#define SEC_FILE_READ_EA 0x00000008
#define SEC_FILE_WRITE_EA 0x00000010
#define SEC_FILE_EXECUTE 0x00000020
#define SEC_FILE_READ_ATTRIBUTE 0x00000080
#define SEC_FILE_WRITE_ATTRIBUTE 0x00000100
#define SEC_FILE_ALL 0x000001ff
#define SEC_DIR_LIST 0x00000001
#define SEC_DIR_ADD_FILE 0x00000002
#define SEC_DIR_ADD_SUBDIR 0x00000004
#define SEC_DIR_READ_EA 0x00000008
#define SEC_DIR_WRITE_EA 0x00000010
#define SEC_DIR_TRAVERSE 0x00000020
#define SEC_DIR_DELETE_CHILD 0x00000040
#define SEC_DIR_READ_ATTRIBUTE 0x00000080
#define SEC_DIR_WRITE_ATTRIBUTE 0x00000100
#define SEC_REG_QUERY_VALUE 0x00000001
#define SEC_REG_SET_VALUE 0x00000002
#define SEC_REG_CREATE_SUBKEY 0x00000004
#define SEC_REG_ENUM_SUBKEYS 0x00000008
#define SEC_REG_NOTIFY 0x00000010
#define SEC_REG_CREATE_LINK 0x00000020
#define SEC_ADS_CREATE_CHILD 0x00000001
#define SEC_ADS_DELETE_CHILD 0x00000002
#define SEC_ADS_LIST 0x00000004
#define SEC_ADS_SELF_WRITE 0x00000008
#define SEC_ADS_READ_PROP 0x00000010
#define SEC_ADS_WRITE_PROP 0x00000020
#define SEC_ADS_DELETE_TREE 0x00000040
#define SEC_ADS_LIST_OBJECT 0x00000080
#define SEC_ADS_CONTROL_ACCESS 0x00000100
#define SEC_RIGHTS_FILE_READ SEC_STD_READ_CONTROL|SEC_STD_SYNCHRONIZE|SEC_FILE_READ_DATA|SEC_FILE_READ_ATTRIBUTE|SEC_FILE_READ_EA
#define SEC_RIGHTS_FILE_WRITE SEC_STD_READ_CONTROL|SEC_STD_SYNCHRONIZE|SEC_FILE_WRITE_DATA|SEC_FILE_WRITE_ATTRIBUTE|SEC_FILE_WRITE_EA|SEC_FILE_APPEND_DATA
#define SEC_RIGHTS_FILE_EXECUTE SEC_STD_SYNCHRONIZE|SEC_STD_READ_CONTROL|SEC_FILE_READ_ATTRIBUTE|SEC_FILE_EXECUTE
#define SEC_RIGHTS_FILE_ALL SEC_STD_ALL|SEC_FILE_ALL
#define SEC_RIGHTS_DIR_READ SEC_RIGHTS_FILE_READ
#define SEC_RIGHTS_DIR_WRITE SEC_RIGHTS_FILE_WRITE
#define SEC_RIGHTS_DIR_EXECUTE SEC_RIGHTS_FILE_EXECUTE
#define SEC_RIGHTS_DIR_ALL SEC_RIGHTS_FILE_ALL
#define SID_NULL "S-1-0-0"
#define SID_WORLD_DOMAIN "S-1-1"
#define SID_WORLD "S-1-1-0"
#define SID_CREATOR_OWNER_DOMAIN "S-1-3"
#define SID_CREATOR_OWNER "S-1-3-0"
#define SID_CREATOR_GROUP "S-1-3-1"
#define SID_NT_AUTHORITY "S-1-5"
#define SID_NT_DIALUP "S-1-5-1"
#define SID_NT_NETWORK "S-1-5-2"
#define SID_NT_BATCH "S-1-5-3"
#define SID_NT_INTERACTIVE "S-1-5-4"
#define SID_NT_SERVICE "S-1-5-6"
#define SID_NT_ANONYMOUS "S-1-5-7"
#define SID_NT_PROXY "S-1-5-8"
#define SID_NT_ENTERPRISE_DCS "S-1-5-9"
#define SID_NT_SELF "S-1-5-10"
#define SID_NT_AUTHENTICATED_USERS "S-1-5-11"
#define SID_NT_RESTRICTED "S-1-5-12"
#define SID_NT_TERMINAL_SERVER_USERS "S-1-5-13"
#define SID_NT_REMOTE_INTERACTIVE "S-1-5-14"
#define SID_NT_THIS_ORGANISATION "S-1-5-15"
#define SID_NT_SYSTEM "S-1-5-18"
#define SID_NT_LOCAL_SERVICE "S-1-5-19"
#define SID_NT_NETWORK_SERVICE "S-1-5-20"
#define SID_BUILTIN "S-1-5-32"
#define SID_BUILTIN_ADMINISTRATORS "S-1-5-32-544"
#define SID_BUILTIN_USERS "S-1-5-32-545"
#define SID_BUILTIN_GUESTS "S-1-5-32-546"
#define SID_BUILTIN_POWER_USERS "S-1-5-32-547"
#define SID_BUILTIN_ACCOUNT_OPERATORS "S-1-5-32-548"
#define SID_BUILTIN_SERVER_OPERATORS "S-1-5-32-549"
#define SID_BUILTIN_PRINT_OPERATORS "S-1-5-32-550"
#define SID_BUILTIN_BACKUP_OPERATORS "S-1-5-32-551"
#define SID_BUILTIN_REPLICATOR "S-1-5-32-552"
#define SID_BUILTIN_RAS_SERVERS "S-1-5-32-553"
#define SID_BUILTIN_PREW2K "S-1-5-32-554"
#define DOMAIN_RID_LOGON 9
#define DOMAIN_RID_ADMINISTRATOR 500
#define DOMAIN_RID_GUEST 501
#define DOMAIN_RID_ADMINS 512
#define DOMAIN_RID_USERS 513
#define DOMAIN_RID_DCS 516
#define DOMAIN_RID_CERT_ADMINS 517
#define DOMAIN_RID_SCHEMA_ADMINS 518
#define DOMAIN_RID_ENTERPRISE_ADMINS 519
#define NT4_ACL_REVISION SECURITY_ACL_REVISION_NT4
#define SD_REVISION SECURITY_DESCRIPTOR_REVISION_1
#ifndef USE_UINT_ENUMS
enum sec_privilege {
SEC_PRIV_SECURITY=1,
SEC_PRIV_BACKUP=2,
SEC_PRIV_RESTORE=3,
SEC_PRIV_SYSTEMTIME=4,
SEC_PRIV_SHUTDOWN=5,
SEC_PRIV_REMOTE_SHUTDOWN=6,
SEC_PRIV_TAKE_OWNERSHIP=7,
SEC_PRIV_DEBUG=8,
SEC_PRIV_SYSTEM_ENVIRONMENT=9,
SEC_PRIV_SYSTEM_PROFILE=10,
SEC_PRIV_PROFILE_SINGLE_PROCESS=11,
SEC_PRIV_INCREASE_BASE_PRIORITY=12,
SEC_PRIV_LOAD_DRIVER=13,
SEC_PRIV_CREATE_PAGEFILE=14,
SEC_PRIV_INCREASE_QUOTA=15,
SEC_PRIV_CHANGE_NOTIFY=16,
SEC_PRIV_UNDOCK=17,
SEC_PRIV_MANAGE_VOLUME=18,
SEC_PRIV_IMPERSONATE=19,
SEC_PRIV_CREATE_GLOBAL=20,
SEC_PRIV_ENABLE_DELEGATION=21,
SEC_PRIV_INTERACTIVE_LOGON=22,
SEC_PRIV_NETWORK_LOGON=23,
SEC_PRIV_REMOTE_INTERACTIVE_LOGON=24
};
#else
#define SEC_PRIV_SECURITY 1
#define SEC_PRIV_BACKUP 2
#define SEC_PRIV_RESTORE 3
#define SEC_PRIV_SYSTEMTIME 4
#define SEC_PRIV_SHUTDOWN 5
#define SEC_PRIV_REMOTE_SHUTDOWN 6
#define SEC_PRIV_TAKE_OWNERSHIP 7
#define SEC_PRIV_DEBUG 8
#define SEC_PRIV_SYSTEM_ENVIRONMENT 9
#define SEC_PRIV_SYSTEM_PROFILE 10
#define SEC_PRIV_PROFILE_SINGLE_PROCESS 11
#define SEC_PRIV_INCREASE_BASE_PRIORITY 12
#define SEC_PRIV_LOAD_DRIVER 13
#define SEC_PRIV_CREATE_PAGEFILE 14
#define SEC_PRIV_INCREASE_QUOTA 15
#define SEC_PRIV_CHANGE_NOTIFY 16
#define SEC_PRIV_UNDOCK 17
#define SEC_PRIV_MANAGE_VOLUME 18
#define SEC_PRIV_IMPERSONATE 19
#define SEC_PRIV_CREATE_GLOBAL 20
#define SEC_PRIV_ENABLE_DELEGATION 21
#define SEC_PRIV_INTERACTIVE_LOGON 22
#define SEC_PRIV_NETWORK_LOGON 23
#define SEC_PRIV_REMOTE_INTERACTIVE_LOGON 24
#endif
struct dom_sid {
BYTE sid_rev_num;
BYTE num_auths;
BYTE id_auth[6];
DWORD *sub_auths;
};
/*
* bitmap security_ace_flags
*/
#define SEC_ACE_FLAG_OBJECT_INHERIT 0x01
#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x02
#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x04
#define SEC_ACE_FLAG_INHERIT_ONLY 0x08
#define SEC_ACE_FLAG_INHERITED_ACE 0x10
#define SEC_ACE_FLAG_VALID_INHERIT 0x0f
#define SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0x40
#define SEC_ACE_FLAG_FAILED_ACCESS 0x80
#ifndef USE_UINT_ENUMS
enum security_ace_type {
SEC_ACE_TYPE_ACCESS_ALLOWED=0,
SEC_ACE_TYPE_ACCESS_DENIED=1,
SEC_ACE_TYPE_SYSTEM_AUDIT=2,
SEC_ACE_TYPE_SYSTEM_ALARM=3,
SEC_ACE_TYPE_ALLOWED_COMPOUND=4,
SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT=5,
SEC_ACE_TYPE_ACCESS_DENIED_OBJECT=6,
SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT=7,
SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT=8
};
#else
#define SEC_ACE_TYPE_ACCESS_ALLOWED 0
#define SEC_ACE_TYPE_ACCESS_DENIED 1
#define SEC_ACE_TYPE_SYSTEM_AUDIT 2
#define SEC_ACE_TYPE_SYSTEM_ALARM 3
#define SEC_ACE_TYPE_ALLOWED_COMPOUND 4
#define SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT 5
#define SEC_ACE_TYPE_ACCESS_DENIED_OBJECT 6
#define SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT 7
#define SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT 8
#endif
/*
* bitmap security_ace_object_flags
*/
#define SEC_ACE_OBJECT_TYPE_PRESENT 0x00000001
#define SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT 0x00000002
union security_ace_object_type {
CASE(0) struct GUID type;
};
union security_ace_object_inherited_type {
CASE(0) struct GUID inherited_type;
};
struct security_ace_object {
DWORD flags;
};
union security_ace_object_ctr {
CASE(0) struct security_ace_object object;
};
struct security_ace {
DWORD security_ace_type;
BYTE flags;
WORD size;
DWORD access_mask;
struct dom_sid trustee;
};
#ifndef USE_UINT_ENUMS
enum security_acl_revision {
SECURITY_ACL_REVISION_NT4=2,
SECURITY_ACL_REVISION_ADS=4
};
#else
#define SECURITY_ACL_REVISION_NT4 2
#define SECURITY_ACL_REVISION_ADS 4
#endif
struct security_acl {
DWORD security_acl_revision;
WORD size;
DWORD num_aces;
struct security_ace *aces;
};
#ifndef USE_UINT_ENUMS
enum security_descriptor_revision {
SECURITY_DESCRIPTOR_REVISION_1=1
};
#else
#define SECURITY_DESCRIPTOR_REVISION_1 1
#endif
/*
* bitmap security_descriptor_type
*/
#define SEC_DESC_OWNER_DEFAULTED 0x0001
#define SEC_DESC_GROUP_DEFAULTED 0x0002
#define SEC_DESC_DACL_PRESENT 0x0004
#define SEC_DESC_DACL_DEFAULTED 0x0008
#define SEC_DESC_SACL_PRESENT 0x0010
#define SEC_DESC_SACL_DEFAULTED 0x0020
#define SEC_DESC_DACL_TRUSTED 0x0040
#define SEC_DESC_SERVER_SECURITY 0x0080
#define SEC_DESC_DACL_AUTO_INHERIT_REQ 0x0100
#define SEC_DESC_SACL_AUTO_INHERIT_REQ 0x0200
#define SEC_DESC_DACL_AUTO_INHERITED 0x0400
#define SEC_DESC_SACL_AUTO_INHERITED 0x0800
#define SEC_DESC_DACL_PROTECTED 0x1000
#define SEC_DESC_SACL_PROTECTED 0x2000
#define SEC_DESC_RM_CONTROL_VALID 0x4000
#define SEC_DESC_SELF_RELATIVE 0x8000
struct security_descriptor {
WORD revision;
WORD type;
DWORD ownersid;
DWORD groupsid;
DWORD sacl;
DWORD dacl;
};
struct sec_desc_buf {
DWORD sd_size;
struct security_descriptor *sd;
};
struct security_token {
struct dom_sid *user_sid;
struct dom_sid *group_sid;
DWORD num_sids;
DWORD privilege_mask1;
DWORD privilege_mask2;
};
/*
* bitmap security_secinfo
*/
#define SECINFO_OWNER 0x00000001
#define SECINFO_GROUP 0x00000002
#define SECINFO_DACL 0x00000004
#define SECINFO_SACL 0x00000008
#endif /* _SECURITY_NDL_ */