|
|
dd89bb |
#ifndef _NT_TOKEN_H_
|
|
|
dd89bb |
#define _NT_TOKEN_H_
|
|
|
dd89bb |
|
|
|
414ad3 |
#include "nt_abi.h"
|
|
|
dd89bb |
#include "nt_object.h"
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef enum _nt_token_type {
|
|
|
dd89bb |
NT_TOKEN_PRIMARY = 1,
|
|
|
dd89bb |
NT_TOKEN_IMPERSONATION = 2,
|
|
|
dd89bb |
} nt_token_type;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef enum _nt_token_info_class {
|
|
|
dd89bb |
NT_TOKEN_USER = 1,
|
|
|
dd89bb |
NT_TOKEN_GROUPS = 2,
|
|
|
dd89bb |
NT_TOKEN_PRIVILEGES = 3,
|
|
|
dd89bb |
NT_TOKEN_OWNER = 4,
|
|
|
dd89bb |
NT_TOKEN_PRIMARY_GROUP = 5,
|
|
|
dd89bb |
NT_TOKEN_DEFAULT_DACL = 6,
|
|
|
dd89bb |
NT_TOKEN_SOURCE = 7,
|
|
|
dd89bb |
NT_TOKEN_TYPE = 8,
|
|
|
dd89bb |
NT_TOKEN_IMPERSONATION_LEVEL = 9,
|
|
|
dd89bb |
NT_TOKEN_STATISTICS = 10,
|
|
|
dd89bb |
NT_TOKEN_RESTRICTED_SIDS = 11,
|
|
|
dd89bb |
NT_TOKEN_SESSION_ID = 12,
|
|
|
dd89bb |
} nt_token_info_class;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
80cfca |
/* token privilege constants */
|
|
|
80cfca |
#define NT_SE_CREATE_TOKEN_PRIVILEGE 2
|
|
|
80cfca |
#define NT_SE_ASSIGN_PRIMARY_TOKEN_PRIVILEGE 3
|
|
|
80cfca |
#define NT_SE_LOCK_MEMORY_PRIVILEGE 4
|
|
|
80cfca |
#define NT_SE_INCREASE_QUOTA_PRIVILEGE 5
|
|
|
80cfca |
#define NT_SE_MACHINE_ACCOUNT_PRIVILEGE 6
|
|
|
80cfca |
#define NT_SE_TCB_PRIVILEGE 7
|
|
|
80cfca |
#define NT_SE_SECURITY_PRIVILEGE 8
|
|
|
80cfca |
#define NT_SE_TAKE_OWNERSHIP_PRIVILEGE 9
|
|
|
80cfca |
#define NT_SE_LOAD_DRIVER_PRIVILEGE 10
|
|
|
80cfca |
#define NT_SE_SYSTEM_PROFILE_PRIVILEGE 11
|
|
|
80cfca |
#define NT_SE_SYSTEMTIME_PRIVILEGE 12
|
|
|
80cfca |
#define NT_SE_PROFILE_SINGLE_PROCESS_PRIVILEGE 13
|
|
|
80cfca |
#define NT_SE_INCREASE_BASE_PRIORITY_PRIVILEGE 14
|
|
|
80cfca |
#define NT_SE_CREATE_PAGEFILE_PRIVILEGE 15
|
|
|
80cfca |
#define NT_SE_CREATE_PERMANENT_PRIVILEGE 16
|
|
|
80cfca |
#define NT_SE_BACKUP_PRIVILEGE 17
|
|
|
80cfca |
#define NT_SE_RESTORE_PRIVILEGE 18
|
|
|
80cfca |
#define NT_SE_SHUTDOWN_PRIVILEGE 19
|
|
|
80cfca |
#define NT_SE_DEBUG_PRIVILEGE 20
|
|
|
80cfca |
#define NT_SE_AUDIT_PRIVILEGE 21
|
|
|
80cfca |
#define NT_SE_SYSTEM_ENVIRONMENT_PRIVILEGE 22
|
|
|
80cfca |
#define NT_SE_CHANGE_NOTIFY_PRIVILEGE 23
|
|
|
80cfca |
#define NT_SE_REMOTE_SHUTDOWN_PRIVILEGE 24
|
|
|
80cfca |
#define NT_SE_UNDOCK_PRIVILEGE 25
|
|
|
80cfca |
#define NT_SE_SYNC_AGENT_PRIVILEGE 26
|
|
|
80cfca |
#define NT_SE_ENABLE_DELEGATION_PRIVILEGE 27
|
|
|
80cfca |
#define NT_SE_MANAGE_VOLUME_PRIVILEGE 28
|
|
|
80cfca |
#define NT_SE_IMPERSONATE_PRIVILEGE 29
|
|
|
80cfca |
#define NT_SE_CREATE_GLOBAL_PRIVILEGE 30
|
|
|
80cfca |
#define NT_SE_TRUSTED_CRED_MAN_ACCESS_PRIVILEGE 31
|
|
|
80cfca |
#define NT_SE_RELABEL_PRIVILEGE 32
|
|
|
80cfca |
#define NT_SE_INCREASE_WORKING_SET_PRIVILEGE 33
|
|
|
80cfca |
#define NT_SE_TIME_ZONE_PRIVILEGE 34
|
|
|
80cfca |
#define NT_SE_CREATE_SYMBOLIC_LINK_PRIVILEGE 35
|
|
|
80cfca |
|
|
|
80cfca |
|
|
|
80cfca |
|
|
|
80cfca |
/* token attribute bits */
|
|
|
80cfca |
#define NT_SE_DISABLE_PRIVILEGE (0x0001U)
|
|
|
80cfca |
#define NT_SE_ENABLE_PRIVILEGE (0x0002U)
|
|
|
80cfca |
|
|
|
80cfca |
|
|
|
dd89bb |
/* token access bits */
|
|
|
dd89bb |
#define NT_TOKEN_ASSIGN_PRIMARY 0x00000001U
|
|
|
dd89bb |
#define NT_TOKEN_DUPLICATE 0x00000002U
|
|
|
dd89bb |
#define NT_TOKEN_IMPERSONATE 0x00000004U
|
|
|
dd89bb |
#define NT_TOKEN_QUERY 0x00000008U
|
|
|
dd89bb |
#define NT_TOKEN_QUERY_SOURCE 0x00000010U
|
|
|
dd89bb |
#define NT_TOKEN_ADJUST_PRIVILEGES 0x00000020U
|
|
|
dd89bb |
#define NT_TOKEN_ADJUST_GROUPS 0x00000040U
|
|
|
dd89bb |
#define NT_TOKEN_ADJUST_DEFAULT 0x00000080U
|
|
|
dd89bb |
#define NT_TOKEN_ADJUST_SESSIONID 0x00000100U
|
|
|
dd89bb |
|
|
|
dd89bb |
#define NT_TOKEN_ALL_ACCESS NT_SEC_STANDARD_RIGHTS_REQUIRED \
|
|
|
dd89bb |
| NT_TOKEN_ASSIGN_PRIMARY \
|
|
|
dd89bb |
| NT_TOKEN_DUPLICATE \
|
|
|
dd89bb |
| NT_TOKEN_IMPERSONATE \
|
|
|
dd89bb |
| NT_TOKEN_QUERY \
|
|
|
dd89bb |
| NT_TOKEN_QUERY_SOURCE \
|
|
|
dd89bb |
| NT_TOKEN_ADJUST_PRIVILEGES \
|
|
|
dd89bb |
| NT_TOKEN_ADJUST_GROUPS \
|
|
|
dd89bb |
| NT_TOKEN_ADJUST_SESSIONID \
|
|
|
dd89bb |
| NT_TOKEN_ADJUST_DEFAULT
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
#define NT_TOKEN_READ NT_SEC_STANDARD_RIGHTS_READ \
|
|
|
dd89bb |
| NT_TOKEN_QUERY
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
#define NT_TOKEN_WRITE NT_SEC_STANDARD_RIGHTS_WRITE \
|
|
|
dd89bb |
| TOKEN_ADJUST_PRIVILEGES \
|
|
|
dd89bb |
| NT_OKEN_ADJUST_GROUPS \
|
|
|
dd89bb |
| NT_TOKEN_ADJUST_DEFAULT
|
|
|
dd89bb |
|
|
|
dd89bb |
#define NT_TOKEN_EXECUTE NT_SEC_STANDARD_RIGHTS_EXECUTE
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
/* filtered token flags */
|
|
|
dd89bb |
#define NT_DISABLE_MAX_PRIVILEGE 0x01
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_token_statistics {
|
|
|
dd89bb |
nt_luid token_id;
|
|
|
dd89bb |
nt_luid authentication_id;
|
|
|
dd89bb |
nt_large_integer expiration_time;
|
|
|
dd89bb |
nt_token_type token_type;
|
|
|
dd89bb |
nt_security_impersonation_level impersonation_level;
|
|
|
dd89bb |
uint32_t dynamic_charged;
|
|
|
dd89bb |
uint32_t dynamic_available;
|
|
|
dd89bb |
uint32_t group_count;
|
|
|
dd89bb |
uint32_t privilege_count;
|
|
|
dd89bb |
nt_luid modified_id;
|
|
|
dd89bb |
} nt_token_statistics;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_create_token(
|
|
|
dd89bb |
__out void ** htoken,
|
|
|
dd89bb |
__in uint32_t desired_access,
|
|
|
dd89bb |
__in nt_object_attributes * obj_attr,
|
|
|
dd89bb |
__in nt_token_type type,
|
|
|
dd89bb |
__in nt_luid * authentication_id,
|
|
|
dd89bb |
__in nt_large_integer * expiration_time,
|
|
|
dd89bb |
__in nt_token_user * user,
|
|
|
dd89bb |
__in nt_token_groups * groups,
|
|
|
dd89bb |
__in nt_token_privileges * privileges,
|
|
|
dd89bb |
__in nt_token_owner * owner,
|
|
|
dd89bb |
__in nt_token_primary_group * primary_group,
|
|
|
dd89bb |
__in nt_token_default_dacl * default_dacl,
|
|
|
dd89bb |
__in nt_token_source * source);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_open_process_token(
|
|
|
dd89bb |
__in void * hprocess,
|
|
|
dd89bb |
__in uint32_t desired_access,
|
|
|
dd89bb |
__out void ** htoken);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_open_thread_token(
|
|
|
dd89bb |
__in void * hthread,
|
|
|
dd89bb |
__in uint32_t desired_access,
|
|
|
dd89bb |
__in int32_t open_as_self,
|
|
|
dd89bb |
__out void ** htoken);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_duplicate_token(
|
|
|
dd89bb |
__in void * htoken_existing,
|
|
|
dd89bb |
__in uint32_t desired_access,
|
|
|
dd89bb |
__in nt_object_attributes * obj_attr,
|
|
|
dd89bb |
__in int32_t effective_only,
|
|
|
dd89bb |
__in nt_token_type token_type,
|
|
|
dd89bb |
__out void ** htoken_new);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_filter_token(
|
|
|
dd89bb |
__in void * htoken_existing,
|
|
|
dd89bb |
__in uint32_t flags,
|
|
|
dd89bb |
__in nt_token_groups * sids_to_disable,
|
|
|
dd89bb |
__in nt_token_privileges * privileges_to_delete,
|
|
|
dd89bb |
__in nt_token_groups * sids_to_restrict,
|
|
|
dd89bb |
__out void ** htoken_new);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_adjust_privileges_token(
|
|
|
dd89bb |
__in void * htoken,
|
|
|
dd89bb |
__in int32_t disable_all_privileges,
|
|
|
dd89bb |
__in nt_token_privileges * new_state,
|
|
|
dd89bb |
__in size_t buffer_length,
|
|
|
dd89bb |
__in nt_token_privileges * prev_state __optional,
|
|
|
dd89bb |
__out size_t * returned_length);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_adjust_groups_token(
|
|
|
dd89bb |
__in void * htoken,
|
|
|
dd89bb |
__in int32_t reset_to_default,
|
|
|
dd89bb |
__in nt_token_groups * new_state,
|
|
|
dd89bb |
__in size_t buffer_length,
|
|
|
dd89bb |
__in nt_token_groups * prev_state __optional,
|
|
|
dd89bb |
__out size_t * returned_length);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_query_information_token(
|
|
|
dd89bb |
__in void * htoken,
|
|
|
dd89bb |
__in nt_token_info_class token_info_class,
|
|
|
dd89bb |
__out void * token_info,
|
|
|
dd89bb |
__in size_t token_info_length,
|
|
|
dd89bb |
__out size_t * returned_length);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_set_information_token(
|
|
|
dd89bb |
__in void * htoken,
|
|
|
dd89bb |
__in nt_token_info_class token_info_class,
|
|
|
dd89bb |
__in void * token_info,
|
|
|
dd89bb |
__in size_t token_info_length);
|
|
|
dd89bb |
|
|
|
5f1999 |
|
|
|
5f1999 |
/* extension functions */
|
|
|
5f1999 |
typedef int32_t __stdcall ntapi_tt_enable_token_privilege(
|
|
|
5f1999 |
__in void * htoken,
|
|
|
5f1999 |
__in uint32_t privilege);
|
|
|
5f1999 |
|
|
|
5f1999 |
|
|
|
5f1999 |
typedef int32_t __stdcall ntapi_tt_disable_token_privilege(
|
|
|
5f1999 |
__in void * htoken,
|
|
|
5f1999 |
__in uint32_t privilege);
|
|
|
5f1999 |
|
|
|
dd89bb |
#endif
|