|
|
dd89bb |
#ifndef _NT_ACL_H_
|
|
|
dd89bb |
#define _NT_ACL_H_
|
|
|
dd89bb |
|
|
|
414ad3 |
#include "nt_abi.h"
|
|
|
1359b3 |
#include "nt_object.h"
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef enum _nt_sid_name_use {
|
|
|
dd89bb |
NT_SID_TYPE_USER = 1,
|
|
|
dd89bb |
NT_SID_TYPE_GROUP,
|
|
|
dd89bb |
NT_SID_TYPE_DOMAIN,
|
|
|
dd89bb |
NT_SID_TYPE_ALIAS,
|
|
|
dd89bb |
NT_SID_TYPE_WELL_KNOWN_GROUP,
|
|
|
dd89bb |
NT_SID_TYPE_DELETED_ACCOUNT,
|
|
|
dd89bb |
NT_SID_TYPE_INVALID,
|
|
|
dd89bb |
NT_SID_TYPE_UNKNOWN,
|
|
|
dd89bb |
NT_SID_TYPE_COMPUTER,
|
|
|
dd89bb |
NT_SID_TYPE_LABEL
|
|
|
dd89bb |
} nt_sid_name_use;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
/* access control entry types */
|
|
|
dd89bb |
#define NT_ACE_TYPE_ACCESS_ALLOWED (0x00)
|
|
|
dd89bb |
#define NT_ACE_TYPE_ACCESS_DENIED (0x01)
|
|
|
dd89bb |
#define NT_ACE_TYPE_SYSTEM_AUDIT (0x02)
|
|
|
dd89bb |
#define NT_ACE_TYPE_SYSTEM_ALARM (0x03)
|
|
|
dd89bb |
#define NT_ACE_TYPE_ACCESS_ALLOWED_COMPOUND (0x04)
|
|
|
dd89bb |
#define NT_ACE_TYPE_ACCESS_ALLOWED_OBJECT (0x05)
|
|
|
dd89bb |
#define NT_ACE_TYPE_ACCESS_DENIED_OBJECT (0x06)
|
|
|
dd89bb |
#define NT_ACE_TYPE_SYSTEM_AUDIT_OBJECT (0x07)
|
|
|
dd89bb |
#define NT_ACE_TYPE_SYSTEM_ALARM_OBJECT (0x08)
|
|
|
dd89bb |
#define NT_ACE_TYPE_ACCESS_ALLOWED_CALLBACK (0x09)
|
|
|
dd89bb |
#define NT_ACE_TYPE_ACCESS_DENIED_CALLBACK (0x0A)
|
|
|
dd89bb |
#define NT_ACE_TYPE_ACCESS_ALLOWED_CALLBACK_OBJECT (0x0B)
|
|
|
dd89bb |
#define NT_ACE_TYPE_ACCESS_DENIED_CALLBACK_OBJECT (0x0C)
|
|
|
dd89bb |
#define NT_ACE_TYPE_SYSTEM_AUDIT_CALLBACK (0x0D)
|
|
|
dd89bb |
#define NT_ACE_TYPE_SYSTEM_ALARM_CALLBACK (0x0E)
|
|
|
dd89bb |
#define NT_ACE_TYPE_SYSTEM_AUDIT_CALLBACK_OBJECT (0x0F)
|
|
|
dd89bb |
#define NT_ACE_TYPE_SYSTEM_ALARM_CALLBACK_OBJECT (0x10)
|
|
|
dd89bb |
#define NT_ACE_TYPE_SYSTEM_MANDATORY_LABEL (0x11)
|
|
|
dd89bb |
#define NT_ACE_TYPE_SYSTEM_RESOURCE_ATTRIBUTE (0x12)
|
|
|
dd89bb |
#define NT_ACE_TYPE_SYSTEM_SCOPED_POLICY_ID (0x13)
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
/* acceess control entry flags */
|
|
|
dd89bb |
#define NT_ACE_OBJECT_INHERIT (0x01)
|
|
|
dd89bb |
#define NT_ACE_CONTAINER_INHERIT (0x02)
|
|
|
dd89bb |
#define NT_ACE_NO_PROPAGATE_INHERIT (0x04)
|
|
|
dd89bb |
#define NT_ACE_INHERIT_ONLY (0x08)
|
|
|
dd89bb |
#define NT_ACE_INHERITED (0x10)
|
|
|
dd89bb |
#define NT_ACE_VALID_INHERIT_FLAGS (0x1F)
|
|
|
dd89bb |
#define NT_ACE_SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
|
|
|
dd89bb |
#define NT_ACE_FAILED_ACCESS_ACE_FLAG (0x80)
|
|
|
dd89bb |
|
|
|
32ec33 |
/* acl_init_common_descriptor_meta option bits */
|
|
|
32ec33 |
#define NT_ACL_INIT_COMMON_DESCRIPTION_META_QUERY_MODE (0x00)
|
|
|
32ec33 |
#define NT_ACL_INIT_COMMON_DESCRIPTION_META_STRICT_MODE (0x01)
|
|
|
32ec33 |
|
|
|
dd89bb |
typedef struct _nt_ace_header {
|
|
|
dd89bb |
unsigned char ace_type;
|
|
|
dd89bb |
unsigned char ace_flags;
|
|
|
dd89bb |
uint16_t ace_size;
|
|
|
dd89bb |
} nt_ace_header;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_access_allowed_ace {
|
|
|
dd89bb |
nt_ace_header header;
|
|
|
dd89bb |
uint32_t mask;
|
|
|
dd89bb |
uint32_t sid_start;
|
|
|
dd89bb |
} nt_access_allowed_ace;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_access_denied_ace {
|
|
|
dd89bb |
nt_ace_header header;
|
|
|
dd89bb |
uint32_t mask;
|
|
|
dd89bb |
uint32_t sid_start;
|
|
|
dd89bb |
} nt_access_denied_ace;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_audit_ace {
|
|
|
dd89bb |
nt_ace_header header;
|
|
|
dd89bb |
uint32_t mask;
|
|
|
dd89bb |
uint32_t sid_start;
|
|
|
dd89bb |
} nt_system_audit_ace;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_alarm_ace {
|
|
|
dd89bb |
nt_ace_header header;
|
|
|
dd89bb |
uint32_t mask;
|
|
|
dd89bb |
uint32_t sid_start;
|
|
|
dd89bb |
} nt_system_alarm_ace;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_resource_attribute_ace {
|
|
|
dd89bb |
nt_ace_header header;
|
|
|
dd89bb |
uint32_t mask;
|
|
|
dd89bb |
uint32_t sid_start;
|
|
|
dd89bb |
} nt_system_resource_attribute_ace;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_scoped_policy_id_ace {
|
|
|
dd89bb |
nt_ace_header header;
|
|
|
dd89bb |
uint32_t mask;
|
|
|
dd89bb |
uint32_t sid_start;
|
|
|
dd89bb |
} nt_system_scoped_policy_id_ace;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_mandatory_label_ace {
|
|
|
dd89bb |
nt_ace_header header;
|
|
|
dd89bb |
uint32_t mask;
|
|
|
dd89bb |
uint32_t sid_start;
|
|
|
dd89bb |
} nt_system_mandatory_label_ace;
|
|
|
dd89bb |
|
|
|
6e02db |
/* helper structures */
|
|
|
6e02db |
typedef struct _nt_sd_common_data {
|
|
|
6e02db |
nt_sd sd;
|
|
|
6e02db |
nt_sid_any owner;
|
|
|
6e02db |
nt_sid_any group;
|
|
|
6e02db |
nt_acl dacl;
|
|
|
6e02db |
nt_access_allowed_ace system_ace;
|
|
|
6e02db |
nt_sid_os system_sid;
|
|
|
6e02db |
nt_access_allowed_ace owner_ace;
|
|
|
6e02db |
nt_sid_any owner_sid;
|
|
|
6e02db |
nt_access_allowed_ace group_ace;
|
|
|
6e02db |
nt_sid_any group_sid;
|
|
|
6e02db |
nt_access_allowed_ace other_ace;
|
|
|
6e02db |
nt_sid_any other_sid;
|
|
|
17fbe4 |
nt_access_allowed_ace admin_ace;
|
|
|
17fbe4 |
nt_sid_any admin_sid;
|
|
|
6e02db |
} nt_sd_common_data;
|
|
|
6e02db |
|
|
|
6e02db |
typedef struct _nt_sd_common_meta {
|
|
|
6e02db |
nt_sd * sd;
|
|
|
6e02db |
nt_sid * owner;
|
|
|
6e02db |
nt_sid * group;
|
|
|
6e02db |
nt_acl * dacl;
|
|
|
6e02db |
nt_access_allowed_ace * owner_ace;
|
|
|
6e02db |
nt_sid * owner_sid;
|
|
|
6e02db |
nt_access_allowed_ace * group_ace;
|
|
|
6e02db |
nt_sid * group_sid;
|
|
|
6e02db |
nt_access_allowed_ace * other_ace;
|
|
|
6e02db |
nt_sid * other_sid;
|
|
|
17fbe4 |
nt_access_allowed_ace * admin_ace;
|
|
|
17fbe4 |
nt_sid * admin_sid;
|
|
|
32ec33 |
uint32_t system_acc;
|
|
|
6e02db |
} nt_sd_common_meta;
|
|
|
6e02db |
|
|
|
6e02db |
typedef struct _nt_sd_common_buffer {
|
|
|
6e02db |
nt_sd sd;
|
|
|
6e02db |
nt_sid_any owner;
|
|
|
6e02db |
nt_sid_any group;
|
|
|
6e02db |
nt_acl dacl;
|
|
|
17fbe4 |
uint32_t buffer[80];
|
|
|
6e02db |
} nt_sd_common_buffer;
|
|
|
6e02db |
|
|
|
60ddd3 |
|
|
|
60ddd3 |
/* extension functions */
|
|
|
60ddd3 |
typedef void __stdcall ntapi_acl_init_common_descriptor(
|
|
|
60ddd3 |
__out nt_sd_common_buffer * sd,
|
|
|
60ddd3 |
__in const nt_sid * owner,
|
|
|
60ddd3 |
__in const nt_sid * group,
|
|
|
60ddd3 |
__in const nt_sid * other,
|
|
|
17fbe4 |
__in const nt_sid * admin,
|
|
|
60ddd3 |
__in uint32_t owner_access,
|
|
|
60ddd3 |
__in uint32_t group_access,
|
|
|
60ddd3 |
__in uint32_t other_access,
|
|
|
17fbe4 |
__in uint32_t admin_access,
|
|
|
60ddd3 |
__in uint32_t system_access);
|
|
|
60ddd3 |
|
|
|
32ec33 |
typedef int32_t __stdcall ntapi_acl_init_common_descriptor_meta(
|
|
|
32ec33 |
__out nt_sd_common_meta * meta,
|
|
|
32ec33 |
__in nt_sd * sd,
|
|
|
32ec33 |
__in uint32_t options);
|
|
|
32ec33 |
|
|
|
dd89bb |
#endif
|