1*cb174861Sjoyce mcintosh/* 2*cb174861Sjoyce mcintosh * CDDL HEADER START 3*cb174861Sjoyce mcintosh * 4*cb174861Sjoyce mcintosh * The contents of this file are subject to the terms of the 5*cb174861Sjoyce mcintosh * Common Development and Distribution License (the "License"). 6*cb174861Sjoyce mcintosh * You may not use this file except in compliance with the License. 7*cb174861Sjoyce mcintosh * 8*cb174861Sjoyce mcintosh * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9*cb174861Sjoyce mcintosh * or http://www.opensolaris.org/os/licensing. 10*cb174861Sjoyce mcintosh * See the License for the specific language governing permissions 11*cb174861Sjoyce mcintosh * and limitations under the License. 12*cb174861Sjoyce mcintosh * 13*cb174861Sjoyce mcintosh * When distributing Covered Code, include this CDDL HEADER in each 14*cb174861Sjoyce mcintosh * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15*cb174861Sjoyce mcintosh * If applicable, add the following below this CDDL HEADER, with the 16*cb174861Sjoyce mcintosh * fields enclosed by brackets "[]" replaced with your own identifying 17*cb174861Sjoyce mcintosh * information: Portions Copyright [yyyy] [name of copyright owner] 18*cb174861Sjoyce mcintosh * 19*cb174861Sjoyce mcintosh * CDDL HEADER END 20*cb174861Sjoyce mcintosh */ 21*cb174861Sjoyce mcintosh/* 22*cb174861Sjoyce mcintosh * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. 23*cb174861Sjoyce mcintosh */ 24*cb174861Sjoyce mcintosh 25*cb174861Sjoyce mcintosh#ifndef _SECURITY_NDL_ 26*cb174861Sjoyce mcintosh#define _SECURITY_NDL_ 27*cb174861Sjoyce mcintosh 28*cb174861Sjoyce mcintosh#define USE_UINT_ENUMS 1 29*cb174861Sjoyce mcintosh 30*cb174861Sjoyce mcintoshstruct GUID { 31*cb174861Sjoyce mcintosh DWORD time_low; 32*cb174861Sjoyce mcintosh WORD time_mid; 33*cb174861Sjoyce mcintosh WORD time_hi_and_version; 34*cb174861Sjoyce mcintosh BYTE clock_seq[2]; 35*cb174861Sjoyce mcintosh BYTE node[6]; 36*cb174861Sjoyce mcintosh}; 37*cb174861Sjoyce mcintosh 38*cb174861Sjoyce mcintosh#define SEC_MASK_GENERIC 0xF0000000 39*cb174861Sjoyce mcintosh#define SEC_MASK_FLAGS 0x0F000000 40*cb174861Sjoyce mcintosh#define SEC_MASK_STANDARD 0x00FF0000 41*cb174861Sjoyce mcintosh#define SEC_MASK_SPECIFIC 0x0000FFFF 42*cb174861Sjoyce mcintosh#define SEC_GENERIC_ALL 0x10000000 43*cb174861Sjoyce mcintosh#define SEC_GENERIC_EXECUTE 0x20000000 44*cb174861Sjoyce mcintosh#define SEC_GENERIC_WRITE 0x40000000 45*cb174861Sjoyce mcintosh#define SEC_GENERIC_READ 0x80000000 46*cb174861Sjoyce mcintosh#define SEC_FLAG_SYSTEM_SECURITY 0x01000000 47*cb174861Sjoyce mcintosh#define SEC_FLAG_MAXIMUM_ALLOWED 0x02000000 48*cb174861Sjoyce mcintosh#define SEC_STD_DELETE 0x00010000 49*cb174861Sjoyce mcintosh#define SEC_STD_READ_CONTROL 0x00020000 50*cb174861Sjoyce mcintosh#define SEC_STD_WRITE_DAC 0x00040000 51*cb174861Sjoyce mcintosh#define SEC_STD_WRITE_OWNER 0x00080000 52*cb174861Sjoyce mcintosh#define SEC_STD_SYNCHRONIZE 0x00100000 53*cb174861Sjoyce mcintosh#define SEC_STD_REQUIRED 0x000F0000 54*cb174861Sjoyce mcintosh#define SEC_STD_ALL 0x001F0000 55*cb174861Sjoyce mcintosh#define SEC_FILE_READ_DATA 0x00000001 56*cb174861Sjoyce mcintosh#define SEC_FILE_WRITE_DATA 0x00000002 57*cb174861Sjoyce mcintosh#define SEC_FILE_APPEND_DATA 0x00000004 58*cb174861Sjoyce mcintosh#define SEC_FILE_READ_EA 0x00000008 59*cb174861Sjoyce mcintosh#define SEC_FILE_WRITE_EA 0x00000010 60*cb174861Sjoyce mcintosh#define SEC_FILE_EXECUTE 0x00000020 61*cb174861Sjoyce mcintosh#define SEC_FILE_READ_ATTRIBUTE 0x00000080 62*cb174861Sjoyce mcintosh#define SEC_FILE_WRITE_ATTRIBUTE 0x00000100 63*cb174861Sjoyce mcintosh#define SEC_FILE_ALL 0x000001ff 64*cb174861Sjoyce mcintosh#define SEC_DIR_LIST 0x00000001 65*cb174861Sjoyce mcintosh#define SEC_DIR_ADD_FILE 0x00000002 66*cb174861Sjoyce mcintosh#define SEC_DIR_ADD_SUBDIR 0x00000004 67*cb174861Sjoyce mcintosh#define SEC_DIR_READ_EA 0x00000008 68*cb174861Sjoyce mcintosh#define SEC_DIR_WRITE_EA 0x00000010 69*cb174861Sjoyce mcintosh#define SEC_DIR_TRAVERSE 0x00000020 70*cb174861Sjoyce mcintosh#define SEC_DIR_DELETE_CHILD 0x00000040 71*cb174861Sjoyce mcintosh#define SEC_DIR_READ_ATTRIBUTE 0x00000080 72*cb174861Sjoyce mcintosh#define SEC_DIR_WRITE_ATTRIBUTE 0x00000100 73*cb174861Sjoyce mcintosh#define SEC_REG_QUERY_VALUE 0x00000001 74*cb174861Sjoyce mcintosh#define SEC_REG_SET_VALUE 0x00000002 75*cb174861Sjoyce mcintosh#define SEC_REG_CREATE_SUBKEY 0x00000004 76*cb174861Sjoyce mcintosh#define SEC_REG_ENUM_SUBKEYS 0x00000008 77*cb174861Sjoyce mcintosh#define SEC_REG_NOTIFY 0x00000010 78*cb174861Sjoyce mcintosh#define SEC_REG_CREATE_LINK 0x00000020 79*cb174861Sjoyce mcintosh#define SEC_ADS_CREATE_CHILD 0x00000001 80*cb174861Sjoyce mcintosh#define SEC_ADS_DELETE_CHILD 0x00000002 81*cb174861Sjoyce mcintosh#define SEC_ADS_LIST 0x00000004 82*cb174861Sjoyce mcintosh#define SEC_ADS_SELF_WRITE 0x00000008 83*cb174861Sjoyce mcintosh#define SEC_ADS_READ_PROP 0x00000010 84*cb174861Sjoyce mcintosh#define SEC_ADS_WRITE_PROP 0x00000020 85*cb174861Sjoyce mcintosh#define SEC_ADS_DELETE_TREE 0x00000040 86*cb174861Sjoyce mcintosh#define SEC_ADS_LIST_OBJECT 0x00000080 87*cb174861Sjoyce mcintosh#define SEC_ADS_CONTROL_ACCESS 0x00000100 88*cb174861Sjoyce mcintosh#define SEC_RIGHTS_FILE_READ SEC_STD_READ_CONTROL|SEC_STD_SYNCHRONIZE|SEC_FILE_READ_DATA|SEC_FILE_READ_ATTRIBUTE|SEC_FILE_READ_EA 89*cb174861Sjoyce mcintosh#define SEC_RIGHTS_FILE_WRITE SEC_STD_READ_CONTROL|SEC_STD_SYNCHRONIZE|SEC_FILE_WRITE_DATA|SEC_FILE_WRITE_ATTRIBUTE|SEC_FILE_WRITE_EA|SEC_FILE_APPEND_DATA 90*cb174861Sjoyce mcintosh#define SEC_RIGHTS_FILE_EXECUTE SEC_STD_SYNCHRONIZE|SEC_STD_READ_CONTROL|SEC_FILE_READ_ATTRIBUTE|SEC_FILE_EXECUTE 91*cb174861Sjoyce mcintosh#define SEC_RIGHTS_FILE_ALL SEC_STD_ALL|SEC_FILE_ALL 92*cb174861Sjoyce mcintosh#define SEC_RIGHTS_DIR_READ SEC_RIGHTS_FILE_READ 93*cb174861Sjoyce mcintosh#define SEC_RIGHTS_DIR_WRITE SEC_RIGHTS_FILE_WRITE 94*cb174861Sjoyce mcintosh#define SEC_RIGHTS_DIR_EXECUTE SEC_RIGHTS_FILE_EXECUTE 95*cb174861Sjoyce mcintosh#define SEC_RIGHTS_DIR_ALL SEC_RIGHTS_FILE_ALL 96*cb174861Sjoyce mcintosh#define SID_NULL "S-1-0-0" 97*cb174861Sjoyce mcintosh#define SID_WORLD_DOMAIN "S-1-1" 98*cb174861Sjoyce mcintosh#define SID_WORLD "S-1-1-0" 99*cb174861Sjoyce mcintosh#define SID_CREATOR_OWNER_DOMAIN "S-1-3" 100*cb174861Sjoyce mcintosh#define SID_CREATOR_OWNER "S-1-3-0" 101*cb174861Sjoyce mcintosh#define SID_CREATOR_GROUP "S-1-3-1" 102*cb174861Sjoyce mcintosh#define SID_NT_AUTHORITY "S-1-5" 103*cb174861Sjoyce mcintosh#define SID_NT_DIALUP "S-1-5-1" 104*cb174861Sjoyce mcintosh#define SID_NT_NETWORK "S-1-5-2" 105*cb174861Sjoyce mcintosh#define SID_NT_BATCH "S-1-5-3" 106*cb174861Sjoyce mcintosh#define SID_NT_INTERACTIVE "S-1-5-4" 107*cb174861Sjoyce mcintosh#define SID_NT_SERVICE "S-1-5-6" 108*cb174861Sjoyce mcintosh#define SID_NT_ANONYMOUS "S-1-5-7" 109*cb174861Sjoyce mcintosh#define SID_NT_PROXY "S-1-5-8" 110*cb174861Sjoyce mcintosh#define SID_NT_ENTERPRISE_DCS "S-1-5-9" 111*cb174861Sjoyce mcintosh#define SID_NT_SELF "S-1-5-10" 112*cb174861Sjoyce mcintosh#define SID_NT_AUTHENTICATED_USERS "S-1-5-11" 113*cb174861Sjoyce mcintosh#define SID_NT_RESTRICTED "S-1-5-12" 114*cb174861Sjoyce mcintosh#define SID_NT_TERMINAL_SERVER_USERS "S-1-5-13" 115*cb174861Sjoyce mcintosh#define SID_NT_REMOTE_INTERACTIVE "S-1-5-14" 116*cb174861Sjoyce mcintosh#define SID_NT_THIS_ORGANISATION "S-1-5-15" 117*cb174861Sjoyce mcintosh#define SID_NT_SYSTEM "S-1-5-18" 118*cb174861Sjoyce mcintosh#define SID_NT_LOCAL_SERVICE "S-1-5-19" 119*cb174861Sjoyce mcintosh#define SID_NT_NETWORK_SERVICE "S-1-5-20" 120*cb174861Sjoyce mcintosh#define SID_BUILTIN "S-1-5-32" 121*cb174861Sjoyce mcintosh#define SID_BUILTIN_ADMINISTRATORS "S-1-5-32-544" 122*cb174861Sjoyce mcintosh#define SID_BUILTIN_USERS "S-1-5-32-545" 123*cb174861Sjoyce mcintosh#define SID_BUILTIN_GUESTS "S-1-5-32-546" 124*cb174861Sjoyce mcintosh#define SID_BUILTIN_POWER_USERS "S-1-5-32-547" 125*cb174861Sjoyce mcintosh#define SID_BUILTIN_ACCOUNT_OPERATORS "S-1-5-32-548" 126*cb174861Sjoyce mcintosh#define SID_BUILTIN_SERVER_OPERATORS "S-1-5-32-549" 127*cb174861Sjoyce mcintosh#define SID_BUILTIN_PRINT_OPERATORS "S-1-5-32-550" 128*cb174861Sjoyce mcintosh#define SID_BUILTIN_BACKUP_OPERATORS "S-1-5-32-551" 129*cb174861Sjoyce mcintosh#define SID_BUILTIN_REPLICATOR "S-1-5-32-552" 130*cb174861Sjoyce mcintosh#define SID_BUILTIN_RAS_SERVERS "S-1-5-32-553" 131*cb174861Sjoyce mcintosh#define SID_BUILTIN_PREW2K "S-1-5-32-554" 132*cb174861Sjoyce mcintosh#define DOMAIN_RID_LOGON 9 133*cb174861Sjoyce mcintosh#define DOMAIN_RID_ADMINISTRATOR 500 134*cb174861Sjoyce mcintosh#define DOMAIN_RID_GUEST 501 135*cb174861Sjoyce mcintosh#define DOMAIN_RID_ADMINS 512 136*cb174861Sjoyce mcintosh#define DOMAIN_RID_USERS 513 137*cb174861Sjoyce mcintosh#define DOMAIN_RID_DCS 516 138*cb174861Sjoyce mcintosh#define DOMAIN_RID_CERT_ADMINS 517 139*cb174861Sjoyce mcintosh#define DOMAIN_RID_SCHEMA_ADMINS 518 140*cb174861Sjoyce mcintosh#define DOMAIN_RID_ENTERPRISE_ADMINS 519 141*cb174861Sjoyce mcintosh#define NT4_ACL_REVISION SECURITY_ACL_REVISION_NT4 142*cb174861Sjoyce mcintosh#define SD_REVISION SECURITY_DESCRIPTOR_REVISION_1 143*cb174861Sjoyce mcintosh 144*cb174861Sjoyce mcintosh#ifndef USE_UINT_ENUMS 145*cb174861Sjoyce mcintosh enum sec_privilege { 146*cb174861Sjoyce mcintosh SEC_PRIV_SECURITY=1, 147*cb174861Sjoyce mcintosh SEC_PRIV_BACKUP=2, 148*cb174861Sjoyce mcintosh SEC_PRIV_RESTORE=3, 149*cb174861Sjoyce mcintosh SEC_PRIV_SYSTEMTIME=4, 150*cb174861Sjoyce mcintosh SEC_PRIV_SHUTDOWN=5, 151*cb174861Sjoyce mcintosh SEC_PRIV_REMOTE_SHUTDOWN=6, 152*cb174861Sjoyce mcintosh SEC_PRIV_TAKE_OWNERSHIP=7, 153*cb174861Sjoyce mcintosh SEC_PRIV_DEBUG=8, 154*cb174861Sjoyce mcintosh SEC_PRIV_SYSTEM_ENVIRONMENT=9, 155*cb174861Sjoyce mcintosh SEC_PRIV_SYSTEM_PROFILE=10, 156*cb174861Sjoyce mcintosh SEC_PRIV_PROFILE_SINGLE_PROCESS=11, 157*cb174861Sjoyce mcintosh SEC_PRIV_INCREASE_BASE_PRIORITY=12, 158*cb174861Sjoyce mcintosh SEC_PRIV_LOAD_DRIVER=13, 159*cb174861Sjoyce mcintosh SEC_PRIV_CREATE_PAGEFILE=14, 160*cb174861Sjoyce mcintosh SEC_PRIV_INCREASE_QUOTA=15, 161*cb174861Sjoyce mcintosh SEC_PRIV_CHANGE_NOTIFY=16, 162*cb174861Sjoyce mcintosh SEC_PRIV_UNDOCK=17, 163*cb174861Sjoyce mcintosh SEC_PRIV_MANAGE_VOLUME=18, 164*cb174861Sjoyce mcintosh SEC_PRIV_IMPERSONATE=19, 165*cb174861Sjoyce mcintosh SEC_PRIV_CREATE_GLOBAL=20, 166*cb174861Sjoyce mcintosh SEC_PRIV_ENABLE_DELEGATION=21, 167*cb174861Sjoyce mcintosh SEC_PRIV_INTERACTIVE_LOGON=22, 168*cb174861Sjoyce mcintosh SEC_PRIV_NETWORK_LOGON=23, 169*cb174861Sjoyce mcintosh SEC_PRIV_REMOTE_INTERACTIVE_LOGON=24 170*cb174861Sjoyce mcintosh}; 171*cb174861Sjoyce mcintosh#else 172*cb174861Sjoyce mcintosh 173*cb174861Sjoyce mcintosh#define SEC_PRIV_SECURITY 1 174*cb174861Sjoyce mcintosh#define SEC_PRIV_BACKUP 2 175*cb174861Sjoyce mcintosh#define SEC_PRIV_RESTORE 3 176*cb174861Sjoyce mcintosh#define SEC_PRIV_SYSTEMTIME 4 177*cb174861Sjoyce mcintosh#define SEC_PRIV_SHUTDOWN 5 178*cb174861Sjoyce mcintosh#define SEC_PRIV_REMOTE_SHUTDOWN 6 179*cb174861Sjoyce mcintosh#define SEC_PRIV_TAKE_OWNERSHIP 7 180*cb174861Sjoyce mcintosh#define SEC_PRIV_DEBUG 8 181*cb174861Sjoyce mcintosh#define SEC_PRIV_SYSTEM_ENVIRONMENT 9 182*cb174861Sjoyce mcintosh#define SEC_PRIV_SYSTEM_PROFILE 10 183*cb174861Sjoyce mcintosh#define SEC_PRIV_PROFILE_SINGLE_PROCESS 11 184*cb174861Sjoyce mcintosh#define SEC_PRIV_INCREASE_BASE_PRIORITY 12 185*cb174861Sjoyce mcintosh#define SEC_PRIV_LOAD_DRIVER 13 186*cb174861Sjoyce mcintosh#define SEC_PRIV_CREATE_PAGEFILE 14 187*cb174861Sjoyce mcintosh#define SEC_PRIV_INCREASE_QUOTA 15 188*cb174861Sjoyce mcintosh#define SEC_PRIV_CHANGE_NOTIFY 16 189*cb174861Sjoyce mcintosh#define SEC_PRIV_UNDOCK 17 190*cb174861Sjoyce mcintosh#define SEC_PRIV_MANAGE_VOLUME 18 191*cb174861Sjoyce mcintosh#define SEC_PRIV_IMPERSONATE 19 192*cb174861Sjoyce mcintosh#define SEC_PRIV_CREATE_GLOBAL 20 193*cb174861Sjoyce mcintosh#define SEC_PRIV_ENABLE_DELEGATION 21 194*cb174861Sjoyce mcintosh#define SEC_PRIV_INTERACTIVE_LOGON 22 195*cb174861Sjoyce mcintosh#define SEC_PRIV_NETWORK_LOGON 23 196*cb174861Sjoyce mcintosh#define SEC_PRIV_REMOTE_INTERACTIVE_LOGON 24 197*cb174861Sjoyce mcintosh#endif 198*cb174861Sjoyce mcintosh 199*cb174861Sjoyce mcintoshstruct dom_sid { 200*cb174861Sjoyce mcintosh BYTE sid_rev_num; 201*cb174861Sjoyce mcintosh BYTE num_auths; 202*cb174861Sjoyce mcintosh BYTE id_auth[6]; 203*cb174861Sjoyce mcintosh DWORD *sub_auths; 204*cb174861Sjoyce mcintosh}; 205*cb174861Sjoyce mcintosh 206*cb174861Sjoyce mcintosh/* 207*cb174861Sjoyce mcintosh * bitmap security_ace_flags 208*cb174861Sjoyce mcintosh */ 209*cb174861Sjoyce mcintosh#define SEC_ACE_FLAG_OBJECT_INHERIT 0x01 210*cb174861Sjoyce mcintosh#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x02 211*cb174861Sjoyce mcintosh#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x04 212*cb174861Sjoyce mcintosh#define SEC_ACE_FLAG_INHERIT_ONLY 0x08 213*cb174861Sjoyce mcintosh#define SEC_ACE_FLAG_INHERITED_ACE 0x10 214*cb174861Sjoyce mcintosh#define SEC_ACE_FLAG_VALID_INHERIT 0x0f 215*cb174861Sjoyce mcintosh#define SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0x40 216*cb174861Sjoyce mcintosh#define SEC_ACE_FLAG_FAILED_ACCESS 0x80 217*cb174861Sjoyce mcintosh 218*cb174861Sjoyce mcintosh#ifndef USE_UINT_ENUMS 219*cb174861Sjoyce mcintoshenum security_ace_type { 220*cb174861Sjoyce mcintosh SEC_ACE_TYPE_ACCESS_ALLOWED=0, 221*cb174861Sjoyce mcintosh SEC_ACE_TYPE_ACCESS_DENIED=1, 222*cb174861Sjoyce mcintosh SEC_ACE_TYPE_SYSTEM_AUDIT=2, 223*cb174861Sjoyce mcintosh SEC_ACE_TYPE_SYSTEM_ALARM=3, 224*cb174861Sjoyce mcintosh SEC_ACE_TYPE_ALLOWED_COMPOUND=4, 225*cb174861Sjoyce mcintosh SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT=5, 226*cb174861Sjoyce mcintosh SEC_ACE_TYPE_ACCESS_DENIED_OBJECT=6, 227*cb174861Sjoyce mcintosh SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT=7, 228*cb174861Sjoyce mcintosh SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT=8 229*cb174861Sjoyce mcintosh}; 230*cb174861Sjoyce mcintosh#else 231*cb174861Sjoyce mcintosh#define SEC_ACE_TYPE_ACCESS_ALLOWED 0 232*cb174861Sjoyce mcintosh#define SEC_ACE_TYPE_ACCESS_DENIED 1 233*cb174861Sjoyce mcintosh#define SEC_ACE_TYPE_SYSTEM_AUDIT 2 234*cb174861Sjoyce mcintosh#define SEC_ACE_TYPE_SYSTEM_ALARM 3 235*cb174861Sjoyce mcintosh#define SEC_ACE_TYPE_ALLOWED_COMPOUND 4 236*cb174861Sjoyce mcintosh#define SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT 5 237*cb174861Sjoyce mcintosh#define SEC_ACE_TYPE_ACCESS_DENIED_OBJECT 6 238*cb174861Sjoyce mcintosh#define SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT 7 239*cb174861Sjoyce mcintosh#define SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT 8 240*cb174861Sjoyce mcintosh#endif 241*cb174861Sjoyce mcintosh 242*cb174861Sjoyce mcintosh/* 243*cb174861Sjoyce mcintosh * bitmap security_ace_object_flags 244*cb174861Sjoyce mcintosh */ 245*cb174861Sjoyce mcintosh#define SEC_ACE_OBJECT_TYPE_PRESENT 0x00000001 246*cb174861Sjoyce mcintosh#define SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT 0x00000002 247*cb174861Sjoyce mcintosh 248*cb174861Sjoyce mcintoshunion security_ace_object_type { 249*cb174861Sjoyce mcintosh CASE(0) struct GUID type; 250*cb174861Sjoyce mcintosh}; 251*cb174861Sjoyce mcintosh 252*cb174861Sjoyce mcintoshunion security_ace_object_inherited_type { 253*cb174861Sjoyce mcintosh CASE(0) struct GUID inherited_type; 254*cb174861Sjoyce mcintosh}; 255*cb174861Sjoyce mcintosh 256*cb174861Sjoyce mcintoshstruct security_ace_object { 257*cb174861Sjoyce mcintosh DWORD flags; 258*cb174861Sjoyce mcintosh}; 259*cb174861Sjoyce mcintosh 260*cb174861Sjoyce mcintoshunion security_ace_object_ctr { 261*cb174861Sjoyce mcintosh CASE(0) struct security_ace_object object; 262*cb174861Sjoyce mcintosh}; 263*cb174861Sjoyce mcintosh 264*cb174861Sjoyce mcintoshstruct security_ace { 265*cb174861Sjoyce mcintosh DWORD security_ace_type; 266*cb174861Sjoyce mcintosh BYTE flags; 267*cb174861Sjoyce mcintosh WORD size; 268*cb174861Sjoyce mcintosh DWORD access_mask; 269*cb174861Sjoyce mcintosh struct dom_sid trustee; 270*cb174861Sjoyce mcintosh}; 271*cb174861Sjoyce mcintosh 272*cb174861Sjoyce mcintosh#ifndef USE_UINT_ENUMS 273*cb174861Sjoyce mcintoshenum security_acl_revision { 274*cb174861Sjoyce mcintosh SECURITY_ACL_REVISION_NT4=2, 275*cb174861Sjoyce mcintosh SECURITY_ACL_REVISION_ADS=4 276*cb174861Sjoyce mcintosh}; 277*cb174861Sjoyce mcintosh#else 278*cb174861Sjoyce mcintosh#define SECURITY_ACL_REVISION_NT4 2 279*cb174861Sjoyce mcintosh#define SECURITY_ACL_REVISION_ADS 4 280*cb174861Sjoyce mcintosh#endif 281*cb174861Sjoyce mcintosh 282*cb174861Sjoyce mcintoshstruct security_acl { 283*cb174861Sjoyce mcintosh DWORD security_acl_revision; 284*cb174861Sjoyce mcintosh WORD size; 285*cb174861Sjoyce mcintosh DWORD num_aces; 286*cb174861Sjoyce mcintosh struct security_ace *aces; 287*cb174861Sjoyce mcintosh}; 288*cb174861Sjoyce mcintosh 289*cb174861Sjoyce mcintosh#ifndef USE_UINT_ENUMS 290*cb174861Sjoyce mcintoshenum security_descriptor_revision { 291*cb174861Sjoyce mcintosh SECURITY_DESCRIPTOR_REVISION_1=1 292*cb174861Sjoyce mcintosh}; 293*cb174861Sjoyce mcintosh#else 294*cb174861Sjoyce mcintosh#define SECURITY_DESCRIPTOR_REVISION_1 1 295*cb174861Sjoyce mcintosh#endif 296*cb174861Sjoyce mcintosh 297*cb174861Sjoyce mcintosh/* 298*cb174861Sjoyce mcintosh * bitmap security_descriptor_type 299*cb174861Sjoyce mcintosh */ 300*cb174861Sjoyce mcintosh#define SEC_DESC_OWNER_DEFAULTED 0x0001 301*cb174861Sjoyce mcintosh#define SEC_DESC_GROUP_DEFAULTED 0x0002 302*cb174861Sjoyce mcintosh#define SEC_DESC_DACL_PRESENT 0x0004 303*cb174861Sjoyce mcintosh#define SEC_DESC_DACL_DEFAULTED 0x0008 304*cb174861Sjoyce mcintosh#define SEC_DESC_SACL_PRESENT 0x0010 305*cb174861Sjoyce mcintosh#define SEC_DESC_SACL_DEFAULTED 0x0020 306*cb174861Sjoyce mcintosh#define SEC_DESC_DACL_TRUSTED 0x0040 307*cb174861Sjoyce mcintosh#define SEC_DESC_SERVER_SECURITY 0x0080 308*cb174861Sjoyce mcintosh#define SEC_DESC_DACL_AUTO_INHERIT_REQ 0x0100 309*cb174861Sjoyce mcintosh#define SEC_DESC_SACL_AUTO_INHERIT_REQ 0x0200 310*cb174861Sjoyce mcintosh#define SEC_DESC_DACL_AUTO_INHERITED 0x0400 311*cb174861Sjoyce mcintosh#define SEC_DESC_SACL_AUTO_INHERITED 0x0800 312*cb174861Sjoyce mcintosh#define SEC_DESC_DACL_PROTECTED 0x1000 313*cb174861Sjoyce mcintosh#define SEC_DESC_SACL_PROTECTED 0x2000 314*cb174861Sjoyce mcintosh#define SEC_DESC_RM_CONTROL_VALID 0x4000 315*cb174861Sjoyce mcintosh#define SEC_DESC_SELF_RELATIVE 0x8000 316*cb174861Sjoyce mcintosh 317*cb174861Sjoyce mcintoshstruct security_descriptor { 318*cb174861Sjoyce mcintosh WORD revision; 319*cb174861Sjoyce mcintosh WORD type; 320*cb174861Sjoyce mcintosh DWORD ownersid; 321*cb174861Sjoyce mcintosh DWORD groupsid; 322*cb174861Sjoyce mcintosh DWORD sacl; 323*cb174861Sjoyce mcintosh DWORD dacl; 324*cb174861Sjoyce mcintosh}; 325*cb174861Sjoyce mcintosh 326*cb174861Sjoyce mcintoshstruct sec_desc_buf { 327*cb174861Sjoyce mcintosh DWORD sd_size; 328*cb174861Sjoyce mcintosh struct security_descriptor *sd; 329*cb174861Sjoyce mcintosh}; 330*cb174861Sjoyce mcintosh 331*cb174861Sjoyce mcintoshstruct security_token { 332*cb174861Sjoyce mcintosh struct dom_sid *user_sid; 333*cb174861Sjoyce mcintosh struct dom_sid *group_sid; 334*cb174861Sjoyce mcintosh DWORD num_sids; 335*cb174861Sjoyce mcintosh DWORD privilege_mask1; 336*cb174861Sjoyce mcintosh DWORD privilege_mask2; 337*cb174861Sjoyce mcintosh}; 338*cb174861Sjoyce mcintosh 339*cb174861Sjoyce mcintosh/* 340*cb174861Sjoyce mcintosh * bitmap security_secinfo 341*cb174861Sjoyce mcintosh */ 342*cb174861Sjoyce mcintosh#define SECINFO_OWNER 0x00000001 343*cb174861Sjoyce mcintosh#define SECINFO_GROUP 0x00000002 344*cb174861Sjoyce mcintosh#define SECINFO_DACL 0x00000004 345*cb174861Sjoyce mcintosh#define SECINFO_SACL 0x00000008 346*cb174861Sjoyce mcintosh 347*cb174861Sjoyce mcintosh#endif /* _SECURITY_NDL_ */ 348