3 * Macros and structures for security descriptors
5 * From Microsoft's public documentation and the WINE project
10 #ifndef _WIMLIB_SECURITY_H
11 #define _WIMLIB_SECURITY_H
13 #define SECURITY_DESCRIPTOR_REVISION 1
14 #define SECURITY_DESCRIPTOR_REVISION1 1
16 /* inherit AceFlags */
17 #define OBJECT_INHERIT_ACE 0x01
18 #define CONTAINER_INHERIT_ACE 0x02
19 #define NO_PROPAGATE_INHERIT_ACE 0x04
20 #define INHERIT_ONLY_ACE 0x08
21 #define INHERITED_ACE 0x10
22 #define VALID_INHERIT_FLAGS 0x1F
24 #define SE_OWNER_DEFAULTED 0x00000001
25 #define SE_GROUP_DEFAULTED 0x00000002
26 #define SE_DACL_PRESENT 0x00000004
27 #define SE_DACL_DEFAULTED 0x00000008
28 #define SE_SACL_PRESENT 0x00000010
29 #define SE_SACL_DEFAULTED 0x00000020
30 #define SE_DACL_AUTO_INHERIT_REQ 0x00000100
31 #define SE_SACL_AUTO_INHERIT_REQ 0x00000200
32 #define SE_DACL_AUTO_INHERITED 0x00000400
33 #define SE_SACL_AUTO_INHERITED 0x00000800
34 #define SE_DACL_PROTECTED 0x00001000
35 #define SE_SACL_PROTECTED 0x00002000
36 #define SE_RM_CONTROL_VALID 0x00004000
37 #define SE_SELF_RELATIVE 0x00008000
39 /* Flags in access control entries */
40 #define DELETE 0x00010000
41 #define READ_CONTROL 0x00020000
42 #define WRITE_DAC 0x00040000
43 #define WRITE_OWNER 0x00080000
44 #define SYNCHRONIZE 0x00100000
45 #define STANDARD_RIGHTS_REQUIRED 0x000f0000
47 #define STANDARD_RIGHTS_READ READ_CONTROL
48 #define STANDARD_RIGHTS_WRITE READ_CONTROL
49 #define STANDARD_RIGHTS_EXECUTE READ_CONTROL
51 #define STANDARD_RIGHTS_ALL 0x001f0000
53 #define SPECIFIC_RIGHTS_ALL 0x0000ffff
55 #define GENERIC_READ 0x80000000
56 #define GENERIC_WRITE 0x40000000
57 #define GENERIC_EXECUTE 0x20000000
58 #define GENERIC_ALL 0x10000000
60 #define MAXIMUM_ALLOWED 0x02000000
61 #define ACCESS_SYSTEM_SECURITY 0x01000000
63 #define EVENT_QUERY_STATE 0x0001
64 #define EVENT_MODIFY_STATE 0x0002
65 #define EVENT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
67 #define SEMAPHORE_MODIFY_STATE 0x0002
68 #define SEMAPHORE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
70 #define MUTEX_MODIFY_STATE 0x0001
71 #define MUTEX_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x1)
73 #define JOB_OBJECT_ASSIGN_PROCESS 0x0001
74 #define JOB_OBJECT_SET_ATTRIBUTES 0x0002
75 #define JOB_OBJECT_QUERY 0x0004
76 #define JOB_OBJECT_TERMINATE 0x0008
77 #define JOB_OBJECT_SET_SECURITY_ATTRIBUTES 0x0010
78 #define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x1f)
80 #define TIMER_QUERY_STATE 0x0001
81 #define TIMER_MODIFY_STATE 0x0002
82 #define TIMER_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
84 #define PROCESS_TERMINATE 0x0001
85 #define PROCESS_CREATE_THREAD 0x0002
86 #define PROCESS_VM_OPERATION 0x0008
87 #define PROCESS_VM_READ 0x0010
88 #define PROCESS_VM_WRITE 0x0020
89 #define PROCESS_DUP_HANDLE 0x0040
90 #define PROCESS_CREATE_PROCESS 0x0080
91 #define PROCESS_SET_QUOTA 0x0100
92 #define PROCESS_SET_INFORMATION 0x0200
93 #define PROCESS_QUERY_INFORMATION 0x0400
94 #define PROCESS_SUSPEND_RESUME 0x0800
95 #define PROCESS_QUERY_LIMITED_INFORMATION 0x1000
96 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0xfff)
98 #define THREAD_TERMINATE 0x0001
99 #define THREAD_SUSPEND_RESUME 0x0002
100 #define THREAD_GET_CONTEXT 0x0008
101 #define THREAD_SET_CONTEXT 0x0010
102 #define THREAD_SET_INFORMATION 0x0020
103 #define THREAD_QUERY_INFORMATION 0x0040
104 #define THREAD_SET_THREAD_TOKEN 0x0080
105 #define THREAD_IMPERSONATE 0x0100
106 #define THREAD_DIRECT_IMPERSONATION 0x0200
107 #define THREAD_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3ff)
109 #define THREAD_BASE_PRIORITY_LOWRT 15
110 #define THREAD_BASE_PRIORITY_MAX 2
111 #define THREAD_BASE_PRIORITY_MIN -2
112 #define THREAD_BASE_PRIORITY_IDLE -15
114 /* predefined authority values for SID's (security identifiers) */
115 enum sid_authority_value {
116 SECURITY_NULL_SID_AUTHORITY = 0,
117 SECURITY_WORLD_SID_AUTHORITY = 1,
118 SECURITY_LOCAL_SID_AUTHORITY = 2,
119 SECURITY_CREATOR_SID_AUTHORITY = 3,
120 SECURITY_NON_UNIQUE_AUTHORITY = 4,
121 SECURITY_NT_AUTHORITY = 5,
124 /* local administrators group */
125 #define SECURITY_BUILTIN_DOMAIN_RID 32
126 #define DOMAIN_ALIAS_RID_ADMINS 544
130 ACCESS_ALLOWED_ACE_TYPE = 0,
131 ACCESS_DENIED_ACE_TYPE = 1,
132 SYSTEM_AUDIT_ACE_TYPE = 2,
135 /* At the start of each type of access control entry. */
137 /* enum ace_type, specifies what type of ACE this is. */
140 /* bitwise OR of the inherit ACE flags #defined above */
143 /* Size of the access control entry. */
147 /* Grants rights to a user or group */
154 /* Denies rights to a user or group */
168 /* Header of an access control list. */
170 /* ACL_REVISION or ACL_REVISION_DS */
176 /* Total size of the ACL, including all access control entries */
179 /* Number of access control entry structures that follow the ACL
187 /* A structure used to identify users or groups. */
192 u8 sub_authority_count;
194 /* Identifies the authority that issued the SID. Can be, but does not
195 * have to be, one of enum sid_authority_value */
196 u8 identifier_authority[6];
198 u32 sub_authority[0];
207 /* Example: 0x4149 */
208 u16 security_descriptor_control;
210 /* Offset of a SID structure in the security descriptor. */
214 /* Offset of a SID structure in the security descriptor. */
218 /* Offset of an ACL structure in the security descriptor. */
223 /* Offset of an ACL structure in the security descriptor. */
224 /* Discretionary ACL. */
227 } SecurityDescriptor;
230 #endif /* _WIMLIB_SECURITY_H */