Blob Blame History Raw
#ifndef _NT_TOKEN_H_
#define _NT_TOKEN_H_

#include <psxtypes/psxtypes.h>
#include "nt_object.h"

typedef enum _nt_token_type {
	NT_TOKEN_PRIMARY	= 1,
	NT_TOKEN_IMPERSONATION	= 2,
} nt_token_type;


typedef enum _nt_token_info_class {
	NT_TOKEN_USER 			= 1,
	NT_TOKEN_GROUPS			= 2,
	NT_TOKEN_PRIVILEGES		= 3,
	NT_TOKEN_OWNER			= 4,
	NT_TOKEN_PRIMARY_GROUP		= 5,
	NT_TOKEN_DEFAULT_DACL		= 6,
	NT_TOKEN_SOURCE			= 7,
	NT_TOKEN_TYPE			= 8,
	NT_TOKEN_IMPERSONATION_LEVEL	= 9,
	NT_TOKEN_STATISTICS		= 10,
	NT_TOKEN_RESTRICTED_SIDS	= 11,
	NT_TOKEN_SESSION_ID		= 12,
} nt_token_info_class;


/* token access bits */
#define NT_TOKEN_ASSIGN_PRIMARY		0x00000001U
#define NT_TOKEN_DUPLICATE		0x00000002U
#define NT_TOKEN_IMPERSONATE		0x00000004U
#define NT_TOKEN_QUERY			0x00000008U
#define NT_TOKEN_QUERY_SOURCE		0x00000010U
#define NT_TOKEN_ADJUST_PRIVILEGES	0x00000020U
#define NT_TOKEN_ADJUST_GROUPS		0x00000040U
#define NT_TOKEN_ADJUST_DEFAULT		0x00000080U
#define NT_TOKEN_ADJUST_SESSIONID	0x00000100U

#define NT_TOKEN_ALL_ACCESS	NT_SEC_STANDARD_RIGHTS_REQUIRED \
					| NT_TOKEN_ASSIGN_PRIMARY \
					| NT_TOKEN_DUPLICATE \
					| NT_TOKEN_IMPERSONATE \
					| NT_TOKEN_QUERY \
					| NT_TOKEN_QUERY_SOURCE \
					| NT_TOKEN_ADJUST_PRIVILEGES \
					| NT_TOKEN_ADJUST_GROUPS \
					| NT_TOKEN_ADJUST_SESSIONID \
					| NT_TOKEN_ADJUST_DEFAULT


#define NT_TOKEN_READ		NT_SEC_STANDARD_RIGHTS_READ \
					| NT_TOKEN_QUERY


#define NT_TOKEN_WRITE		NT_SEC_STANDARD_RIGHTS_WRITE \
					| TOKEN_ADJUST_PRIVILEGES \
					| NT_OKEN_ADJUST_GROUPS \
					| NT_TOKEN_ADJUST_DEFAULT

#define NT_TOKEN_EXECUTE	NT_SEC_STANDARD_RIGHTS_EXECUTE


/* filtered token flags */
#define NT_DISABLE_MAX_PRIVILEGE	0x01


typedef struct _nt_token_statistics {
	nt_luid					token_id;
	nt_luid					authentication_id;
	nt_large_integer			expiration_time;
	nt_token_type				token_type;
	nt_security_impersonation_level		impersonation_level;
	uint32_t				dynamic_charged;
	uint32_t				dynamic_available;
	uint32_t				group_count;
	uint32_t				privilege_count;
	nt_luid					modified_id;
} nt_token_statistics;


typedef int32_t __stdcall ntapi_zw_create_token(
	__out	void **				htoken,
	__in	uint32_t			desired_access,
	__in	nt_object_attributes *		obj_attr,
	__in	nt_token_type			type,
	__in	nt_luid *			authentication_id,
	__in	nt_large_integer *		expiration_time,
	__in	nt_token_user *			user,
	__in	nt_token_groups *		groups,
	__in	nt_token_privileges *		privileges,
	__in	nt_token_owner *		owner,
	__in	nt_token_primary_group *	primary_group,
	__in	nt_token_default_dacl *		default_dacl,
	__in	nt_token_source *		source);


typedef int32_t __stdcall ntapi_zw_open_process_token(
	__in	void *			hprocess,
	__in	uint32_t		desired_access,
	__out	void **			htoken);


typedef int32_t __stdcall ntapi_zw_open_thread_token(
	__in	void *			hthread,
	__in	uint32_t		desired_access,
	__in	int32_t			open_as_self,
	__out	void **			htoken);


typedef int32_t __stdcall ntapi_zw_duplicate_token(
	__in	void *				htoken_existing,
	__in	uint32_t			desired_access,
	__in	nt_object_attributes *		obj_attr,
	__in	int32_t				effective_only,
	__in	nt_token_type			token_type,
	__out	void **				htoken_new);


typedef int32_t __stdcall ntapi_zw_filter_token(
	__in	void *				htoken_existing,
	__in	uint32_t			flags,
	__in	nt_token_groups *		sids_to_disable,
	__in	nt_token_privileges *		privileges_to_delete,
	__in	nt_token_groups *		sids_to_restrict,
	__out	void **				htoken_new);


typedef int32_t __stdcall ntapi_zw_adjust_privileges_token(
	__in	void *				htoken,
	__in	int32_t				disable_all_privileges,
	__in	nt_token_privileges *		new_state,
	__in	size_t				buffer_length,
	__in	nt_token_privileges *		prev_state	__optional,
	__out	size_t *			returned_length);


typedef int32_t __stdcall ntapi_zw_adjust_groups_token(
	__in	void *				htoken,
	__in	int32_t				reset_to_default,
	__in	nt_token_groups *		new_state,
	__in	size_t				buffer_length,
	__in	nt_token_groups *		prev_state	__optional,
	__out	size_t *			returned_length);


typedef int32_t __stdcall ntapi_zw_query_information_token(
	__in	void *			htoken,
	__in	nt_token_info_class	token_info_class,
	__out	void *			token_info,
	__in	size_t			token_info_length,
	__out	size_t *		returned_length);


typedef int32_t __stdcall ntapi_zw_set_information_token(
	__in	void *			htoken,
	__in	nt_token_info_class	token_info_class,
	__in	void *			token_info,
	__in	size_t			token_info_length);

#endif