ntsec.h
上传用户:xuemeng126
上传日期:2022-07-05
资源大小:454k
文件大小:26k
- /*--
- Copyright (c) 1998 Mark Russinovich
- Module Name:
- ntsec.h
- Abstract:
- Windows NT kernel-mode security APIs and definitions. Most of
- this is taken from winnt.h
- --*/
- #ifndef _NTSEC_
- #define _NTSEC_
- //
- // These typedefs convert Win32 types to DDK types
- //
- typedef ULONG DWORD;
- typedef UCHAR BYTE;
- typedef USHORT WORD;
- typedef PVOID LPVOID;
- typedef BOOLEAN BOOL;
- ////////////////////////////////////////////////////////////////////////
- // //
- // Security Id (SID) //
- // //
- ////////////////////////////////////////////////////////////////////////
- //
- //
- // Pictorially the structure of an SID is as follows:
- //
- // 1 1 1 1 1 1
- // 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
- // +---------------------------------------------------------------+
- // | SubAuthorityCount |Reserved1 (SBZ)| Revision |
- // +---------------------------------------------------------------+
- // | IdentifierAuthority[0] |
- // +---------------------------------------------------------------+
- // | IdentifierAuthority[1] |
- // +---------------------------------------------------------------+
- // | IdentifierAuthority[2] |
- // +---------------------------------------------------------------+
- // | |
- // +- - - - - - - - SubAuthority[] - - - - - - - - -+
- // | |
- // +---------------------------------------------------------------+
- //
- //
- // typedef struct _SID_IDENTIFIER_AUTHORITY {
- // BYTE Value[6];
- // } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
- // typedef struct _SID {
- // BYTE Revision;
- // BYTE SubAuthorityCount;
- // SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
- // #ifdef MIDL_PASS
- // [size_is(SubAuthorityCount)] DWORD SubAuthority[*];
- // #else // MIDL_PASS
- // DWORD SubAuthority[ANYSIZE_ARRAY];
- // #endif // MIDL_PASS
- // } SID, *PISID;
- //#define SID_REVISION (1) // Current revision level
- #define SID_MAX_SUB_AUTHORITIES (15)
- #define SID_RECOMMENDED_SUB_AUTHORITIES (1) // Will change to around 6
- // in a future release.
- // typedef enum _SID_NAME_USE {
- // SidTypeUser = 1,
- // SidTypeGroup,
- // SidTypeDomain,
- // SidTypeAlias,
- // SidTypeWellKnownGroup,
- // SidTypeDeletedAccount,
- // SidTypeInvalid,
- // SidTypeUnknown
- // } SID_NAME_USE, *PSID_NAME_USE;
- // typedef struct _SID_AND_ATTRIBUTES {
- // PSID Sid;
- // DWORD Attributes;
- // } SID_AND_ATTRIBUTES, * PSID_AND_ATTRIBUTES;
- typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
- typedef SID_AND_ATTRIBUTES_ARRAY *PSID_AND_ATTRIBUTES_ARRAY;
- /////////////////////////////////////////////////////////////////////////////
- // //
- // Universal well-known SIDs //
- // //
- // Null SID S-1-0-0 //
- // World S-1-1-0 //
- // Local S-1-2-0 //
- // Creator Owner ID S-1-3-0 //
- // Creator Group ID S-1-3-1 //
- // Creator Owner Server ID S-1-3-2 //
- // Creator Group Server ID S-1-3-3 //
- // //
- // (Non-unique IDs) S-1-4 //
- // //
- /////////////////////////////////////////////////////////////////////////////
- #define SECURITY_NULL_SID_AUTHORITY {0,0,0,0,0,0}
- #define SECURITY_WORLD_SID_AUTHORITY {0,0,0,0,0,1}
- #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2}
- #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3}
- #define SECURITY_NON_UNIQUE_AUTHORITY {0,0,0,0,0,4}
- #define SECURITY_NULL_RID (0x00000000L)
- #define SECURITY_WORLD_RID (0x00000000L)
- #define SECURITY_LOCAL_RID (0X00000000L)
- #define SECURITY_CREATOR_OWNER_RID (0x00000000L)
- #define SECURITY_CREATOR_GROUP_RID (0x00000001L)
- #define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
- #define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
- /////////////////////////////////////////////////////////////////////////////
- // //
- // NT well-known SIDs //
- // //
- // NT Authority S-1-5 //
- // Dialup S-1-5-1 //
- // //
- // Network S-1-5-2 //
- // Batch S-1-5-3 //
- // Interactive S-1-5-4 //
- // Service S-1-5-6 //
- // AnonymousLogon S-1-5-7 (aka null logon session) //
- // Proxy S-1-5-8 //
- // ServerLogon S-1-5-8 (aka domain controller account) //
- // //
- // (Logon IDs) S-1-5-5-X-Y //
- // //
- // (NT non-unique IDs) S-1-5-0x15-... //
- // //
- // (Built-in domain) s-1-5-0x20 //
- // //
- /////////////////////////////////////////////////////////////////////////////
- #define SECURITY_NT_AUTHORITY {0,0,0,0,0,5} // ntifs
- #define SECURITY_DIALUP_RID (0x00000001L)
- #define SECURITY_NETWORK_RID (0x00000002L)
- #define SECURITY_BATCH_RID (0x00000003L)
- #define SECURITY_INTERACTIVE_RID (0x00000004L)
- #define SECURITY_SERVICE_RID (0x00000006L)
- #define SECURITY_ANONYMOUS_LOGON_RID (0x00000007L)
- #define SECURITY_PROXY_RID (0x00000008L)
- #define SECURITY_SERVER_LOGON_RID (0x00000009L)
- #define SECURITY_LOGON_IDS_RID (0x00000005L)
- #define SECURITY_LOGON_IDS_RID_COUNT (3L)
- #define SECURITY_LOCAL_SYSTEM_RID (0x00000012L)
- #define SECURITY_NT_NON_UNIQUE (0x00000015L)
- #define SECURITY_BUILTIN_DOMAIN_RID (0x00000020L)
- /////////////////////////////////////////////////////////////////////////////
- // //
- // well-known domain relative sub-authority values (RIDs)... //
- // //
- /////////////////////////////////////////////////////////////////////////////
- // Well-known users ...
- #define DOMAIN_USER_RID_ADMIN (0x000001F4L)
- #define DOMAIN_USER_RID_GUEST (0x000001F5L)
- // well-known groups ...
- #define DOMAIN_GROUP_RID_ADMINS (0x00000200L)
- #define DOMAIN_GROUP_RID_USERS (0x00000201L)
- #define DOMAIN_GROUP_RID_GUESTS (0x00000202L)
- // well-known aliases ...
- #define DOMAIN_ALIAS_RID_ADMINS (0x00000220L)
- #define DOMAIN_ALIAS_RID_USERS (0x00000221L)
- #define DOMAIN_ALIAS_RID_GUESTS (0x00000222L)
- #define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L)
- #define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L)
- #define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L)
- #define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L)
- #define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L)
- #define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L)
- ////////////////////////////////////////////////////////////////////////
- // //
- // User and Group related SID attributes //
- // //
- ////////////////////////////////////////////////////////////////////////
- //
- // Group attributes
- //
- #define SE_GROUP_MANDATORY (0x00000001L)
- #define SE_GROUP_ENABLED_BY_DEFAULT (0x00000002L)
- #define SE_GROUP_ENABLED (0x00000004L)
- #define SE_GROUP_OWNER (0x00000008L)
- #define SE_GROUP_LOGON_ID (0xC0000000L)
- //
- // The structure of an ACE is a common ace header followed by ace type
- // specific data. Pictorally the structure of the common ace header is
- // as follows:
- //
- // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
- // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
- // +---------------+-------+-------+---------------+---------------+
- // | AceSize | AceFlags | AceType |
- // +---------------+-------+-------+---------------+---------------+
- //
- // AceType denotes the type of the ace, there are some predefined ace
- // types
- //
- // AceSize is the size, in bytes, of ace.
- //
- // AceFlags are the Ace flags for audit and inheritance, defined shortly.
- typedef struct _ACE_HEADER {
- BYTE AceType;
- BYTE AceFlags;
- WORD AceSize;
- } ACE_HEADER;
- typedef ACE_HEADER *PACE_HEADER;
- //
- // The following are the predefined ace types that go into the AceType
- // field of an Ace header.
- //
- #define ACCESS_ALLOWED_ACE_TYPE (0x0)
- #define ACCESS_DENIED_ACE_TYPE (0x1)
- #define SYSTEM_AUDIT_ACE_TYPE (0x2)
- #define SYSTEM_ALARM_ACE_TYPE (0x3)
- //
- // The following are the inherit flags that go into the AceFlags field
- // of an Ace header.
- //
- #define OBJECT_INHERIT_ACE (0x1)
- #define CONTAINER_INHERIT_ACE (0x2)
- #define NO_PROPAGATE_INHERIT_ACE (0x4)
- #define INHERIT_ONLY_ACE (0x8)
- #define VALID_INHERIT_FLAGS (0xF)
- // The following are the currently defined ACE flags that go into the
- // AceFlags field of an ACE header. Each ACE type has its own set of
- // AceFlags.
- //
- // SUCCESSFUL_ACCESS_ACE_FLAG - used only with system audit and alarm ACE
- // types to indicate that a message is generated for successful accesses.
- //
- // FAILED_ACCESS_ACE_FLAG - used only with system audit and alarm ACE types
- // to indicate that a message is generated for failed accesses.
- //
- //
- // SYSTEM_AUDIT and SYSTEM_ALARM AceFlags
- //
- // These control the signaling of audit and alarms for success or failure.
- //
- #define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
- #define FAILED_ACCESS_ACE_FLAG (0x80)
- //
- // We'll define the structure of the predefined ACE types. Pictorally
- // the structure of the predefined ACE's is as follows:
- //
- // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
- // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
- // +---------------+-------+-------+---------------+---------------+
- // | AceFlags | Resd |Inherit| AceSize | AceType |
- // +---------------+-------+-------+---------------+---------------+
- // | Mask |
- // +---------------------------------------------------------------+
- // | |
- // + +
- // | |
- // + Sid +
- // | |
- // + +
- // | |
- // +---------------------------------------------------------------+
- //
- // Mask is the access mask associated with the ACE. This is either the
- // access allowed, access denied, audit, or alarm mask.
- //
- // Sid is the Sid associated with the ACE.
- //
- // The following are the four predefined ACE types.
- // Examine the AceType field in the Header to determine
- // which structure is appropriate to use for casting.
- typedef struct _ACCESS_ALLOWED_ACE {
- ACE_HEADER Header;
- ACCESS_MASK Mask;
- DWORD SidStart;
- } ACCESS_ALLOWED_ACE;
- typedef ACCESS_ALLOWED_ACE *PACCESS_ALLOWED_ACE;
- typedef struct _ACCESS_DENIED_ACE {
- ACE_HEADER Header;
- ACCESS_MASK Mask;
- DWORD SidStart;
- } ACCESS_DENIED_ACE;
- typedef ACCESS_DENIED_ACE *PACCESS_DENIED_ACE;
- typedef struct _SYSTEM_AUDIT_ACE {
- ACE_HEADER Header;
- ACCESS_MASK Mask;
- DWORD SidStart;
- } SYSTEM_AUDIT_ACE;
- typedef SYSTEM_AUDIT_ACE *PSYSTEM_AUDIT_ACE;
- typedef struct _SYSTEM_ALARM_ACE {
- ACE_HEADER Header;
- ACCESS_MASK Mask;
- DWORD SidStart;
- } SYSTEM_ALARM_ACE;
- typedef SYSTEM_ALARM_ACE *PSYSTEM_ALARM_ACE;
- //
- // Minimum length, in bytes, needed to build a security descriptor
- // (NOTE: This must manually be kept consistent with the)
- // (sizeof(SECURITY_DESCRIPTOR) )
- //
- #define SECURITY_DESCRIPTOR_MIN_LENGTH (20)
- typedef WORD SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL;
- #define SE_OWNER_DEFAULTED (0x0001)
- #define SE_GROUP_DEFAULTED (0x0002)
- #define SE_DACL_PRESENT (0x0004)
- #define SE_DACL_DEFAULTED (0x0008)
- #define SE_SACL_PRESENT (0x0010)
- #define SE_SACL_DEFAULTED (0x0020)
- #define SE_SELF_RELATIVE (0x8000)
- //
- // Where:
- //
- // SE_OWNER_DEFAULTED - This boolean flag, when set, indicates that the
- // SID pointed to by the Owner field was provided by a
- // defaulting mechanism rather than explicitly provided by the
- // original provider of the security descriptor. This may
- // affect the treatment of the SID with respect to inheritence
- // of an owner.
- //
- // SE_GROUP_DEFAULTED - This boolean flag, when set, indicates that the
- // SID in the Group field was provided by a defaulting mechanism
- // rather than explicitly provided by the original provider of
- // the security descriptor. This may affect the treatment of
- // the SID with respect to inheritence of a primary group.
- //
- // SE_DACL_PRESENT - This boolean flag, when set, indicates that the
- // security descriptor contains a discretionary ACL. If this
- // flag is set and the Dacl field of the SECURITY_DESCRIPTOR is
- // null, then a null ACL is explicitly being specified.
- //
- // SE_DACL_DEFAULTED - This boolean flag, when set, indicates that the
- // ACL pointed to by the Dacl field was provided by a defaulting
- // mechanism rather than explicitly provided by the original
- // provider of the security descriptor. This may affect the
- // treatment of the ACL with respect to inheritence of an ACL.
- // This flag is ignored if the DaclPresent flag is not set.
- //
- // SE_SACL_PRESENT - This boolean flag, when set, indicates that the
- // security descriptor contains a system ACL pointed to by the
- // Sacl field. If this flag is set and the Sacl field of the
- // SECURITY_DESCRIPTOR is null, then an empty (but present)
- // ACL is being specified.
- //
- // SE_SACL_DEFAULTED - This boolean flag, when set, indicates that the
- // ACL pointed to by the Sacl field was provided by a defaulting
- // mechanism rather than explicitly provided by the original
- // provider of the security descriptor. This may affect the
- // treatment of the ACL with respect to inheritence of an ACL.
- // This flag is ignored if the SaclPresent flag is not set.
- //
- // SE_SELF_RELATIVE - This boolean flag, when set, indicates that the
- // security descriptor is in self-relative form. In this form,
- // all fields of the security descriptor are contiguous in memory
- // and all pointer fields are expressed as offsets from the
- // beginning of the security descriptor. This form is useful
- // for treating security descriptors as opaque data structures
- // for transmission in communication protocol or for storage on
- // secondary media.
- //
- //
- //
- // Pictorially the structure of a security descriptor is as follows:
- //
- // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
- // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
- // +---------------------------------------------------------------+
- // | Control |Reserved1 (SBZ)| Revision |
- // +---------------------------------------------------------------+
- // | Owner |
- // +---------------------------------------------------------------+
- // | Group |
- // +---------------------------------------------------------------+
- // | Sacl |
- // +---------------------------------------------------------------+
- // | Dacl |
- // +---------------------------------------------------------------+
- //
- // In general, this data structure should be treated opaquely to ensure future
- // compatibility.
- //
- //
- typedef struct _SECURITY_ATTRIBUTES {
- DWORD nLength;
- LPVOID lpSecurityDescriptor;
- BOOL bInheritHandle;
- } SECURITY_ATTRIBUTES, *PSECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES;
- ////////////////////////////////////////////////////////////////////
- // //
- // Token Object Definitions //
- // //
- // //
- ////////////////////////////////////////////////////////////////////
- //
- // Token Specific Access Rights.
- //
- #define TOKEN_ASSIGN_PRIMARY (0x0001)
- #define TOKEN_DUPLICATE (0x0002)
- #define TOKEN_IMPERSONATE (0x0004)
- #define TOKEN_QUERY (0x0008)
- #define TOKEN_QUERY_SOURCE (0x0010)
- #define TOKEN_ADJUST_PRIVILEGES (0x0020)
- #define TOKEN_ADJUST_GROUPS (0x0040)
- #define TOKEN_ADJUST_DEFAULT (0x0080)
- #define TOKEN_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED |
- TOKEN_ASSIGN_PRIMARY |
- TOKEN_DUPLICATE |
- TOKEN_IMPERSONATE |
- TOKEN_QUERY |
- TOKEN_QUERY_SOURCE |
- TOKEN_ADJUST_PRIVILEGES |
- TOKEN_ADJUST_GROUPS |
- TOKEN_ADJUST_DEFAULT)
- #define TOKEN_READ (STANDARD_RIGHTS_READ |
- TOKEN_QUERY)
- #define TOKEN_WRITE (STANDARD_RIGHTS_WRITE |
- TOKEN_ADJUST_PRIVILEGES |
- TOKEN_ADJUST_GROUPS |
- TOKEN_ADJUST_DEFAULT)
- #define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
- //
- //
- // Token Types
- //
- // typedef enum _TOKEN_TYPE {
- // TokenPrimary = 1,
- // TokenImpersonation
- // } TOKEN_TYPE;
- // typedef TOKEN_TYPE *PTOKEN_TYPE;
- //
- // Token Information Classes.
- //
- // typedef enum _TOKEN_INFORMATION_CLASS {
- // TokenUser = 1,
- // TokenGroups,
- // TokenPrivileges,
- // TokenOwner,
- // TokenPrimaryGroup,
- // TokenDefaultDacl,
- // TokenSource,
- // TokenType,
- // TokenImpersonationLevel,
- // TokenStatistics
- // } TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS;
- // typedef struct _TOKEN_USER {
- // SID_AND_ATTRIBUTES User;
- // } TOKEN_USER, *PTOKEN_USER;
- // typedef struct _TOKEN_GROUPS {
- // DWORD GroupCount;
- // SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
- // } TOKEN_GROUPS, *PTOKEN_GROUPS;
- // typedef struct _TOKEN_PRIVILEGES {
- // DWORD PrivilegeCount;
- // LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
- // } TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES;
- // typedef struct _TOKEN_OWNER {
- // PSID Owner;
- // } TOKEN_OWNER, *PTOKEN_OWNER;
- // typedef struct _TOKEN_PRIMARY_GROUP {
- // PSID PrimaryGroup;
- // } TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
- // typedef struct _TOKEN_DEFAULT_DACL {
- // PACL DefaultDacl;
- // } TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
- #define TOKEN_SOURCE_LENGTH 8
- // typedef struct _TOKEN_SOURCE {
- // CHAR SourceName[TOKEN_SOURCE_LENGTH];
- // LUID SourceIdentifier;
- // } TOKEN_SOURCE, *PTOKEN_SOURCE;
- // typedef struct _TOKEN_STATISTICS {
- // LUID TokenId;
- // LUID AuthenticationId;
- // LARGE_INTEGER ExpirationTime;
- // TOKEN_TYPE TokenType;
- // SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
- // DWORD DynamicCharged;
- // DWORD DynamicAvailable;
- // DWORD GroupCount;
- // DWORD PrivilegeCount;
- // LUID ModifiedId;
- // } TOKEN_STATISTICS, *PTOKEN_STATISTICS;
- // typedef struct _TOKEN_CONTROL {
- // LUID TokenId;
- // LUID AuthenticationId;
- // LUID ModifiedId;
- // TOKEN_SOURCE TokenSource;
- // } TOKEN_CONTROL, *PTOKEN_CONTROL;
- //
- // Data structure used to represent client security context for a thread.
- // This data structure is used to support impersonation.
- //
- // THE FIELDS OF THIS DATA STRUCTURE SHOULD BE CONSIDERED OPAQUE
- // BY ALL EXCEPT THE SECURITY ROUTINES.
- //
- // typedef struct _SECURITY_CLIENT_CONTEXT {
- // SECURITY_QUALITY_OF_SERVICE SecurityQos;
- // PACCESS_TOKEN ClientToken;
- // BOOLEAN DirectlyAccessClientToken;
- // BOOLEAN DirectAccessEffectiveOnly;
- // BOOLEAN ServerIsRemote;
- // TOKEN_CONTROL ClientTokenControl;
- // } SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
- //
- // Privileges
- //
- #define SE_CREATE_TOKEN_NAME TEXT("SeCreateTokenPrivilege")
- #define SE_ASSIGNPRIMARYTOKEN_NAME TEXT("SeAssignPrimaryTokenPrivilege")
- #define SE_LOCK_MEMORY_NAME TEXT("SeLockMemoryPrivilege")
- #define SE_INCREASE_QUOTA_NAME TEXT("SeIncreaseQuotaPrivilege")
- #define SE_UNSOLICITED_INPUT_NAME TEXT("SeUnsolicitedInputPrivilege")
- #define SE_MACHINE_ACCOUNT_NAME TEXT("SeMachineAccountPrivilege")
- #define SE_TCB_NAME TEXT("SeTcbPrivilege")
- #define SE_SECURITY_NAME TEXT("SeSecurityPrivilege")
- #define SE_TAKE_OWNERSHIP_NAME TEXT("SeTakeOwnershipPrivilege")
- #define SE_LOAD_DRIVER_NAME TEXT("SeLoadDriverPrivilege")
- #define SE_SYSTEM_PROFILE_NAME TEXT("SeSystemProfilePrivilege")
- #define SE_SYSTEMTIME_NAME TEXT("SeSystemtimePrivilege")
- #define SE_PROF_SINGLE_PROCESS_NAME TEXT("SeProfileSingleProcessPrivilege")
- #define SE_INC_BASE_PRIORITY_NAME TEXT("SeIncreaseBasePriorityPrivilege")
- #define SE_CREATE_PAGEFILE_NAME TEXT("SeCreatePagefilePrivilege")
- #define SE_CREATE_PERMANENT_NAME TEXT("SeCreatePermanentPrivilege")
- #define SE_BACKUP_NAME TEXT("SeBackupPrivilege")
- #define SE_RESTORE_NAME TEXT("SeRestorePrivilege")
- #define SE_SHUTDOWN_NAME TEXT("SeShutdownPrivilege")
- #define SE_DEBUG_NAME TEXT("SeDebugPrivilege")
- #define SE_AUDIT_NAME TEXT("SeAuditPrivilege")
- #define SE_SYSTEM_ENVIRONMENT_NAME TEXT("SeSystemEnvironmentPrivilege")
- #define SE_CHANGE_NOTIFY_NAME TEXT("SeChangeNotifyPrivilege")
- #define SE_REMOTE_SHUTDOWN_NAME TEXT("SeRemoteShutdownPrivilege")
- //
- // Privilege attributes
- //
- #define SE_PRIVILEGE_ENABLED_BY_DEFAULT (0x00000001L)
- #define SE_PRIVILEGE_ENABLED (0x00000002L)
- #define SE_PRIVILEGE_USED_FOR_ACCESS (0x80000000L)
- //
- // SID Manipulation
- //
- // Win32: IsEqualSid
- // BOOLEAN
- // NTAPI
- // RtlEqualSid(
- // PSID Sid1,
- // PSID Sid2
- // );
- // Win32: GetLengthSid
- // ULONG
- // NTAPI
- // RtlLengthSid(
- // PSID Sid
- // );
- // Win32: CopySid
- // NTSTATUS
- // NTAPI
- // RtlCopySid(
- // ULONG nDestinationSidLength,
- // PSID pDestinationSid,
- // PSID pSourceSid
- // );
- // Win32: AdjustTokenPrivileges
- NTSTATUS
- NTAPI
- NtAdjustPrivilegesToken(
- HANDLE TokenHandle,
- BOOLEAN DisableAllPrivileges,
- PTOKEN_PRIVILEGES NewState,
- ULONG BufferLength,
- PTOKEN_PRIVILEGES PreviousState,
- PULONG ReturnLength
- );
- //
- // Token manipulation
- //
- // PVOID
- // NTAPI
- // PsReferencePrimaryToken(
- // PEPROCESS Process
- // );
- // PVOID
- // NTAPI
- // PsReferenceImpersonationToken(
- // PETHREAD Thread,
- // PBOOLEAN CopyOnOpen,
- // PBOOLEAN EffectiveOnly,
- // PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
- // );
- #endif // _NTSEC_