summaryrefslogtreecommitdiffhomepage
path: root/include/ntapi/nt_acl.h
blob: fac3109e7ecb8db4787c7873f8f1102c56f84d5d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
#ifndef _NT_ACL_H_
#define _NT_ACL_H_

#include "nt_abi.h"
#include "nt_object.h"

typedef enum _nt_sid_name_use {
	NT_SID_TYPE_USER = 1,
	NT_SID_TYPE_GROUP,
	NT_SID_TYPE_DOMAIN,
	NT_SID_TYPE_ALIAS,
	NT_SID_TYPE_WELL_KNOWN_GROUP,
	NT_SID_TYPE_DELETED_ACCOUNT,
	NT_SID_TYPE_INVALID,
	NT_SID_TYPE_UNKNOWN,
	NT_SID_TYPE_COMPUTER,
	NT_SID_TYPE_LABEL
} nt_sid_name_use;


/* access control entry types */
#define NT_ACE_TYPE_ACCESS_ALLOWED			(0x00)
#define NT_ACE_TYPE_ACCESS_DENIED			(0x01)
#define NT_ACE_TYPE_SYSTEM_AUDIT			(0x02)
#define NT_ACE_TYPE_SYSTEM_ALARM			(0x03)
#define NT_ACE_TYPE_ACCESS_ALLOWED_COMPOUND		(0x04)
#define NT_ACE_TYPE_ACCESS_ALLOWED_OBJECT		(0x05)
#define NT_ACE_TYPE_ACCESS_DENIED_OBJECT		(0x06)
#define NT_ACE_TYPE_SYSTEM_AUDIT_OBJECT			(0x07)
#define NT_ACE_TYPE_SYSTEM_ALARM_OBJECT			(0x08)
#define NT_ACE_TYPE_ACCESS_ALLOWED_CALLBACK		(0x09)
#define NT_ACE_TYPE_ACCESS_DENIED_CALLBACK		(0x0A)
#define NT_ACE_TYPE_ACCESS_ALLOWED_CALLBACK_OBJECT	(0x0B)
#define NT_ACE_TYPE_ACCESS_DENIED_CALLBACK_OBJECT	(0x0C)
#define NT_ACE_TYPE_SYSTEM_AUDIT_CALLBACK		(0x0D)
#define NT_ACE_TYPE_SYSTEM_ALARM_CALLBACK		(0x0E)
#define NT_ACE_TYPE_SYSTEM_AUDIT_CALLBACK_OBJECT	(0x0F)
#define NT_ACE_TYPE_SYSTEM_ALARM_CALLBACK_OBJECT	(0x10)
#define NT_ACE_TYPE_SYSTEM_MANDATORY_LABEL		(0x11)
#define NT_ACE_TYPE_SYSTEM_RESOURCE_ATTRIBUTE		(0x12)
#define NT_ACE_TYPE_SYSTEM_SCOPED_POLICY_ID		(0x13)


/* acceess control entry flags */
#define NT_ACE_OBJECT_INHERIT                		(0x01)
#define NT_ACE_CONTAINER_INHERIT             		(0x02)
#define NT_ACE_NO_PROPAGATE_INHERIT          		(0x04)
#define NT_ACE_INHERIT_ONLY                  		(0x08)
#define NT_ACE_INHERITED                     		(0x10)
#define NT_ACE_VALID_INHERIT_FLAGS			(0x1F)
#define NT_ACE_SUCCESSFUL_ACCESS_ACE_FLAG		(0x40)
#define NT_ACE_FAILED_ACCESS_ACE_FLAG			(0x80)

typedef struct _nt_ace_header {
	unsigned char	ace_type;
	unsigned char	ace_flags;
	uint16_t	ace_size;
} nt_ace_header;


typedef struct _nt_access_allowed_ace {
	nt_ace_header	header;
	uint32_t	mask;
	uint32_t	sid_start;
} nt_access_allowed_ace;


typedef struct _nt_access_denied_ace {
	nt_ace_header	header;
	uint32_t	mask;
	uint32_t	sid_start;
} nt_access_denied_ace;


typedef struct _nt_system_audit_ace {
	nt_ace_header	header;
	uint32_t	mask;
	uint32_t	sid_start;
} nt_system_audit_ace;


typedef struct _nt_system_alarm_ace {
	nt_ace_header	header;
	uint32_t	mask;
	uint32_t	sid_start;
} nt_system_alarm_ace;


typedef struct _nt_system_resource_attribute_ace {
	nt_ace_header	header;
	uint32_t	mask;
	uint32_t	sid_start;
} nt_system_resource_attribute_ace;


typedef struct _nt_system_scoped_policy_id_ace {
	nt_ace_header	header;
	uint32_t	mask;
	uint32_t	sid_start;
} nt_system_scoped_policy_id_ace;


typedef struct _nt_system_mandatory_label_ace {
	nt_ace_header	header;
	uint32_t	mask;
	uint32_t	sid_start;
} nt_system_mandatory_label_ace;

/* helper structures */
typedef struct _nt_sd_common_data {
	nt_sd			sd;
	nt_sid_any		owner;
	nt_sid_any		group;
	nt_acl			dacl;
	nt_access_allowed_ace	system_ace;
	nt_sid_os		system_sid;
	nt_access_allowed_ace	owner_ace;
	nt_sid_any		owner_sid;
	nt_access_allowed_ace	group_ace;
	nt_sid_any		group_sid;
	nt_access_allowed_ace	other_ace;
	nt_sid_any		other_sid;
	nt_access_allowed_ace	admin_ace;
	nt_sid_any		admin_sid;
} nt_sd_common_data;

typedef struct _nt_sd_common_meta {
	nt_sd *			sd;
	nt_sid *		owner;
	nt_sid *		group;
	nt_acl *		dacl;
	nt_access_allowed_ace *	system_ace;
	nt_sid *		system_sid;
	nt_access_allowed_ace *	owner_ace;
	nt_sid *		owner_sid;
	nt_access_allowed_ace *	group_ace;
	nt_sid *		group_sid;
	nt_access_allowed_ace *	other_ace;
	nt_sid *		other_sid;
	nt_access_allowed_ace *	admin_ace;
	nt_sid *		admin_sid;
} nt_sd_common_meta;

typedef struct _nt_sd_common_buffer {
	nt_sd			sd;
	nt_sid_any		owner;
	nt_sid_any		group;
	nt_acl			dacl;
	uint32_t		buffer[80];
} nt_sd_common_buffer;


/* extension functions */
typedef void    __stdcall ntapi_acl_init_common_descriptor(
	__out	nt_sd_common_buffer *	sd,
	__in	const nt_sid *		owner,
	__in	const nt_sid *		group,
	__in	const nt_sid *		other,
	__in	const nt_sid *		admin,
	__in	uint32_t		owner_access,
	__in	uint32_t		group_access,
	__in	uint32_t		other_access,
	__in	uint32_t		admin_access,
	__in	uint32_t		system_access);

#endif