| blob | 421fe28b6fee667a36966e767abc0cddf0cfdf22 |
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
23 */
25 #ifndef _SECURITY_NDL_
26 #define _SECURITY_NDL_
28 #define USE_UINT_ENUMS 1
30 struct GUID {
31 DWORD time_low;
32 WORD time_mid;
33 WORD time_hi_and_version;
34 BYTE clock_seq[2];
35 BYTE node[6];
36 };
38 #define SEC_MASK_GENERIC 0xF0000000
39 #define SEC_MASK_FLAGS 0x0F000000
40 #define SEC_MASK_STANDARD 0x00FF0000
41 #define SEC_MASK_SPECIFIC 0x0000FFFF
42 #define SEC_GENERIC_ALL 0x10000000
43 #define SEC_GENERIC_EXECUTE 0x20000000
44 #define SEC_GENERIC_WRITE 0x40000000
45 #define SEC_GENERIC_READ 0x80000000
46 #define SEC_FLAG_SYSTEM_SECURITY 0x01000000
47 #define SEC_FLAG_MAXIMUM_ALLOWED 0x02000000
48 #define SEC_STD_DELETE 0x00010000
49 #define SEC_STD_READ_CONTROL 0x00020000
50 #define SEC_STD_WRITE_DAC 0x00040000
51 #define SEC_STD_WRITE_OWNER 0x00080000
52 #define SEC_STD_SYNCHRONIZE 0x00100000
53 #define SEC_STD_REQUIRED 0x000F0000
54 #define SEC_STD_ALL 0x001F0000
55 #define SEC_FILE_READ_DATA 0x00000001
56 #define SEC_FILE_WRITE_DATA 0x00000002
57 #define SEC_FILE_APPEND_DATA 0x00000004
58 #define SEC_FILE_READ_EA 0x00000008
59 #define SEC_FILE_WRITE_EA 0x00000010
60 #define SEC_FILE_EXECUTE 0x00000020
61 #define SEC_FILE_READ_ATTRIBUTE 0x00000080
62 #define SEC_FILE_WRITE_ATTRIBUTE 0x00000100
63 #define SEC_FILE_ALL 0x000001ff
64 #define SEC_DIR_LIST 0x00000001
65 #define SEC_DIR_ADD_FILE 0x00000002
66 #define SEC_DIR_ADD_SUBDIR 0x00000004
67 #define SEC_DIR_READ_EA 0x00000008
68 #define SEC_DIR_WRITE_EA 0x00000010
69 #define SEC_DIR_TRAVERSE 0x00000020
70 #define SEC_DIR_DELETE_CHILD 0x00000040
71 #define SEC_DIR_READ_ATTRIBUTE 0x00000080
72 #define SEC_DIR_WRITE_ATTRIBUTE 0x00000100
73 #define SEC_REG_QUERY_VALUE 0x00000001
74 #define SEC_REG_SET_VALUE 0x00000002
75 #define SEC_REG_CREATE_SUBKEY 0x00000004
76 #define SEC_REG_ENUM_SUBKEYS 0x00000008
77 #define SEC_REG_NOTIFY 0x00000010
78 #define SEC_REG_CREATE_LINK 0x00000020
79 #define SEC_ADS_CREATE_CHILD 0x00000001
80 #define SEC_ADS_DELETE_CHILD 0x00000002
81 #define SEC_ADS_LIST 0x00000004
82 #define SEC_ADS_SELF_WRITE 0x00000008
83 #define SEC_ADS_READ_PROP 0x00000010
84 #define SEC_ADS_WRITE_PROP 0x00000020
85 #define SEC_ADS_DELETE_TREE 0x00000040
86 #define SEC_ADS_LIST_OBJECT 0x00000080
87 #define SEC_ADS_CONTROL_ACCESS 0x00000100
88 #define SEC_RIGHTS_FILE_READ SEC_STD_READ_CONTROL|SEC_STD_SYNCHRONIZE|SEC_FILE_READ_DATA|SEC_FILE_READ_ATTRIBUTE|SEC_FILE_READ_EA
89 #define SEC_RIGHTS_FILE_WRITE SEC_STD_READ_CONTROL|SEC_STD_SYNCHRONIZE|SEC_FILE_WRITE_DATA|SEC_FILE_WRITE_ATTRIBUTE|SEC_FILE_WRITE_EA|SEC_FILE_APPEND_DATA
90 #define SEC_RIGHTS_FILE_EXECUTE SEC_STD_SYNCHRONIZE|SEC_STD_READ_CONTROL|SEC_FILE_READ_ATTRIBUTE|SEC_FILE_EXECUTE
91 #define SEC_RIGHTS_FILE_ALL SEC_STD_ALL|SEC_FILE_ALL
92 #define SEC_RIGHTS_DIR_READ SEC_RIGHTS_FILE_READ
93 #define SEC_RIGHTS_DIR_WRITE SEC_RIGHTS_FILE_WRITE
94 #define SEC_RIGHTS_DIR_EXECUTE SEC_RIGHTS_FILE_EXECUTE
95 #define SEC_RIGHTS_DIR_ALL SEC_RIGHTS_FILE_ALL
96 #define SID_NULL "S-1-0-0"
97 #define SID_WORLD_DOMAIN "S-1-1"
98 #define SID_WORLD "S-1-1-0"
99 #define SID_CREATOR_OWNER_DOMAIN "S-1-3"
100 #define SID_CREATOR_OWNER "S-1-3-0"
101 #define SID_CREATOR_GROUP "S-1-3-1"
102 #define SID_NT_AUTHORITY "S-1-5"
103 #define SID_NT_DIALUP "S-1-5-1"
104 #define SID_NT_NETWORK "S-1-5-2"
105 #define SID_NT_BATCH "S-1-5-3"
106 #define SID_NT_INTERACTIVE "S-1-5-4"
107 #define SID_NT_SERVICE "S-1-5-6"
108 #define SID_NT_ANONYMOUS "S-1-5-7"
109 #define SID_NT_PROXY "S-1-5-8"
110 #define SID_NT_ENTERPRISE_DCS "S-1-5-9"
111 #define SID_NT_SELF "S-1-5-10"
112 #define SID_NT_AUTHENTICATED_USERS "S-1-5-11"
113 #define SID_NT_RESTRICTED "S-1-5-12"
114 #define SID_NT_TERMINAL_SERVER_USERS "S-1-5-13"
115 #define SID_NT_REMOTE_INTERACTIVE "S-1-5-14"
116 #define SID_NT_THIS_ORGANISATION "S-1-5-15"
117 #define SID_NT_SYSTEM "S-1-5-18"
118 #define SID_NT_LOCAL_SERVICE "S-1-5-19"
119 #define SID_NT_NETWORK_SERVICE "S-1-5-20"
120 #define SID_BUILTIN "S-1-5-32"
121 #define SID_BUILTIN_ADMINISTRATORS "S-1-5-32-544"
122 #define SID_BUILTIN_USERS "S-1-5-32-545"
123 #define SID_BUILTIN_GUESTS "S-1-5-32-546"
124 #define SID_BUILTIN_POWER_USERS "S-1-5-32-547"
125 #define SID_BUILTIN_ACCOUNT_OPERATORS "S-1-5-32-548"
126 #define SID_BUILTIN_SERVER_OPERATORS "S-1-5-32-549"
127 #define SID_BUILTIN_PRINT_OPERATORS "S-1-5-32-550"
128 #define SID_BUILTIN_BACKUP_OPERATORS "S-1-5-32-551"
129 #define SID_BUILTIN_REPLICATOR "S-1-5-32-552"
130 #define SID_BUILTIN_RAS_SERVERS "S-1-5-32-553"
131 #define SID_BUILTIN_PREW2K "S-1-5-32-554"
132 #define DOMAIN_RID_LOGON 9
133 #define DOMAIN_RID_ADMINISTRATOR 500
134 #define DOMAIN_RID_GUEST 501
135 #define DOMAIN_RID_ADMINS 512
136 #define DOMAIN_RID_USERS 513
137 #define DOMAIN_RID_DCS 516
138 #define DOMAIN_RID_CERT_ADMINS 517
139 #define DOMAIN_RID_SCHEMA_ADMINS 518
140 #define DOMAIN_RID_ENTERPRISE_ADMINS 519
141 #define NT4_ACL_REVISION SECURITY_ACL_REVISION_NT4
142 #define SD_REVISION SECURITY_DESCRIPTOR_REVISION_1
144 #ifndef USE_UINT_ENUMS
145 enum sec_privilege {
146 SEC_PRIV_SECURITY=1,
147 SEC_PRIV_BACKUP=2,
148 SEC_PRIV_RESTORE=3,
149 SEC_PRIV_SYSTEMTIME=4,
150 SEC_PRIV_SHUTDOWN=5,
151 SEC_PRIV_REMOTE_SHUTDOWN=6,
152 SEC_PRIV_TAKE_OWNERSHIP=7,
153 SEC_PRIV_DEBUG=8,
154 SEC_PRIV_SYSTEM_ENVIRONMENT=9,
155 SEC_PRIV_SYSTEM_PROFILE=10,
156 SEC_PRIV_PROFILE_SINGLE_PROCESS=11,
157 SEC_PRIV_INCREASE_BASE_PRIORITY=12,
158 SEC_PRIV_LOAD_DRIVER=13,
159 SEC_PRIV_CREATE_PAGEFILE=14,
160 SEC_PRIV_INCREASE_QUOTA=15,
161 SEC_PRIV_CHANGE_NOTIFY=16,
162 SEC_PRIV_UNDOCK=17,
163 SEC_PRIV_MANAGE_VOLUME=18,
164 SEC_PRIV_IMPERSONATE=19,
165 SEC_PRIV_CREATE_GLOBAL=20,
166 SEC_PRIV_ENABLE_DELEGATION=21,
167 SEC_PRIV_INTERACTIVE_LOGON=22,
168 SEC_PRIV_NETWORK_LOGON=23,
169 SEC_PRIV_REMOTE_INTERACTIVE_LOGON=24
170 };
171 #else
173 #define SEC_PRIV_SECURITY 1
174 #define SEC_PRIV_BACKUP 2
175 #define SEC_PRIV_RESTORE 3
176 #define SEC_PRIV_SYSTEMTIME 4
177 #define SEC_PRIV_SHUTDOWN 5
178 #define SEC_PRIV_REMOTE_SHUTDOWN 6
179 #define SEC_PRIV_TAKE_OWNERSHIP 7
180 #define SEC_PRIV_DEBUG 8
181 #define SEC_PRIV_SYSTEM_ENVIRONMENT 9
182 #define SEC_PRIV_SYSTEM_PROFILE 10
183 #define SEC_PRIV_PROFILE_SINGLE_PROCESS 11
184 #define SEC_PRIV_INCREASE_BASE_PRIORITY 12
185 #define SEC_PRIV_LOAD_DRIVER 13
186 #define SEC_PRIV_CREATE_PAGEFILE 14
187 #define SEC_PRIV_INCREASE_QUOTA 15
188 #define SEC_PRIV_CHANGE_NOTIFY 16
189 #define SEC_PRIV_UNDOCK 17
190 #define SEC_PRIV_MANAGE_VOLUME 18
191 #define SEC_PRIV_IMPERSONATE 19
192 #define SEC_PRIV_CREATE_GLOBAL 20
193 #define SEC_PRIV_ENABLE_DELEGATION 21
194 #define SEC_PRIV_INTERACTIVE_LOGON 22
195 #define SEC_PRIV_NETWORK_LOGON 23
196 #define SEC_PRIV_REMOTE_INTERACTIVE_LOGON 24
197 #endif
199 struct dom_sid {
200 BYTE sid_rev_num;
201 BYTE num_auths;
202 BYTE id_auth[6];
203 DWORD *sub_auths;
204 };
206 /*
207 * bitmap security_ace_flags
208 */
209 #define SEC_ACE_FLAG_OBJECT_INHERIT 0x01
210 #define SEC_ACE_FLAG_CONTAINER_INHERIT 0x02
211 #define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x04
212 #define SEC_ACE_FLAG_INHERIT_ONLY 0x08
213 #define SEC_ACE_FLAG_INHERITED_ACE 0x10
214 #define SEC_ACE_FLAG_VALID_INHERIT 0x0f
215 #define SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0x40
216 #define SEC_ACE_FLAG_FAILED_ACCESS 0x80
218 #ifndef USE_UINT_ENUMS
219 enum security_ace_type {
220 SEC_ACE_TYPE_ACCESS_ALLOWED=0,
221 SEC_ACE_TYPE_ACCESS_DENIED=1,
222 SEC_ACE_TYPE_SYSTEM_AUDIT=2,
223 SEC_ACE_TYPE_SYSTEM_ALARM=3,
224 SEC_ACE_TYPE_ALLOWED_COMPOUND=4,
225 SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT=5,
226 SEC_ACE_TYPE_ACCESS_DENIED_OBJECT=6,
227 SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT=7,
228 SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT=8
229 };
230 #else
231 #define SEC_ACE_TYPE_ACCESS_ALLOWED 0
232 #define SEC_ACE_TYPE_ACCESS_DENIED 1
233 #define SEC_ACE_TYPE_SYSTEM_AUDIT 2
234 #define SEC_ACE_TYPE_SYSTEM_ALARM 3
235 #define SEC_ACE_TYPE_ALLOWED_COMPOUND 4
236 #define SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT 5
237 #define SEC_ACE_TYPE_ACCESS_DENIED_OBJECT 6
238 #define SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT 7
239 #define SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT 8
240 #endif
242 /*
243 * bitmap security_ace_object_flags
244 */
245 #define SEC_ACE_OBJECT_TYPE_PRESENT 0x00000001
246 #define SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT 0x00000002
248 union security_ace_object_type {
249 CASE(0) struct GUID type;
250 };
252 union security_ace_object_inherited_type {
253 CASE(0) struct GUID inherited_type;
254 };
256 struct security_ace_object {
257 DWORD flags;
258 };
260 union security_ace_object_ctr {
261 CASE(0) struct security_ace_object object;
262 };
264 struct security_ace {
265 DWORD security_ace_type;
266 BYTE flags;
267 WORD size;
268 DWORD access_mask;
269 struct dom_sid trustee;
270 };
272 #ifndef USE_UINT_ENUMS
273 enum security_acl_revision {
274 SECURITY_ACL_REVISION_NT4=2,
275 SECURITY_ACL_REVISION_ADS=4
276 };
277 #else
278 #define SECURITY_ACL_REVISION_NT4 2
279 #define SECURITY_ACL_REVISION_ADS 4
280 #endif
282 struct security_acl {
283 DWORD security_acl_revision;
284 WORD size;
285 DWORD num_aces;
286 struct security_ace *aces;
287 };
289 #ifndef USE_UINT_ENUMS
290 enum security_descriptor_revision {
291 SECURITY_DESCRIPTOR_REVISION_1=1
292 };
293 #else
294 #define SECURITY_DESCRIPTOR_REVISION_1 1
295 #endif
297 /*
298 * bitmap security_descriptor_type
299 */
300 #define SEC_DESC_OWNER_DEFAULTED 0x0001
301 #define SEC_DESC_GROUP_DEFAULTED 0x0002
302 #define SEC_DESC_DACL_PRESENT 0x0004
303 #define SEC_DESC_DACL_DEFAULTED 0x0008
304 #define SEC_DESC_SACL_PRESENT 0x0010
305 #define SEC_DESC_SACL_DEFAULTED 0x0020
306 #define SEC_DESC_DACL_TRUSTED 0x0040
307 #define SEC_DESC_SERVER_SECURITY 0x0080
308 #define SEC_DESC_DACL_AUTO_INHERIT_REQ 0x0100
309 #define SEC_DESC_SACL_AUTO_INHERIT_REQ 0x0200
310 #define SEC_DESC_DACL_AUTO_INHERITED 0x0400
311 #define SEC_DESC_SACL_AUTO_INHERITED 0x0800
312 #define SEC_DESC_DACL_PROTECTED 0x1000
313 #define SEC_DESC_SACL_PROTECTED 0x2000
314 #define SEC_DESC_RM_CONTROL_VALID 0x4000
315 #define SEC_DESC_SELF_RELATIVE 0x8000
317 struct security_descriptor {
318 WORD revision;
319 WORD type;
320 DWORD ownersid;
321 DWORD groupsid;
322 DWORD sacl;
323 DWORD dacl;
324 };
326 struct sec_desc_buf {
327 DWORD sd_size;
328 struct security_descriptor *sd;
329 };
331 struct security_token {
332 struct dom_sid *user_sid;
333 struct dom_sid *group_sid;
334 DWORD num_sids;
335 DWORD privilege_mask1;
336 DWORD privilege_mask2;
337 };
339 /*
340 * bitmap security_secinfo
341 */
342 #define SECINFO_OWNER 0x00000001
343 #define SECINFO_GROUP 0x00000002
344 #define SECINFO_DACL 0x00000004
345 #define SECINFO_SACL 0x00000008
347 #endif /* _SECURITY_NDL_ */