From dd89bb8ad4fe184a34b5dbdda237e640fc82121b Mon Sep 17 00:00:00 2001
From: midipix <writeonce@midipix.org>
Date: Mon, 27 Jul 2015 04:01:18 -0400
Subject: entered advanced internal development stage.

---
 include/ntapi/nt_token.h | 161 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 161 insertions(+)
 create mode 100644 include/ntapi/nt_token.h

(limited to 'include/ntapi/nt_token.h')

diff --git a/include/ntapi/nt_token.h b/include/ntapi/nt_token.h
new file mode 100644
index 0000000..aa2df2c
--- /dev/null
+++ b/include/ntapi/nt_token.h
@@ -0,0 +1,161 @@
+#ifndef _NT_TOKEN_H_
+#define _NT_TOKEN_H_
+
+#include <psxtypes/psxtypes.h>
+#include "nt_object.h"
+
+typedef enum _nt_token_type {
+	NT_TOKEN_PRIMARY	= 1,
+	NT_TOKEN_IMPERSONATION	= 2,
+} nt_token_type;
+
+
+typedef enum _nt_token_info_class {
+	NT_TOKEN_USER 			= 1,
+	NT_TOKEN_GROUPS			= 2,
+	NT_TOKEN_PRIVILEGES		= 3,
+	NT_TOKEN_OWNER			= 4,
+	NT_TOKEN_PRIMARY_GROUP		= 5,
+	NT_TOKEN_DEFAULT_DACL		= 6,
+	NT_TOKEN_SOURCE			= 7,
+	NT_TOKEN_TYPE			= 8,
+	NT_TOKEN_IMPERSONATION_LEVEL	= 9,
+	NT_TOKEN_STATISTICS		= 10,
+	NT_TOKEN_RESTRICTED_SIDS	= 11,
+	NT_TOKEN_SESSION_ID		= 12,
+} nt_token_info_class;
+
+
+/* token access bits */
+#define NT_TOKEN_ASSIGN_PRIMARY		0x00000001U
+#define NT_TOKEN_DUPLICATE		0x00000002U
+#define NT_TOKEN_IMPERSONATE		0x00000004U
+#define NT_TOKEN_QUERY			0x00000008U
+#define NT_TOKEN_QUERY_SOURCE		0x00000010U
+#define NT_TOKEN_ADJUST_PRIVILEGES	0x00000020U
+#define NT_TOKEN_ADJUST_GROUPS		0x00000040U
+#define NT_TOKEN_ADJUST_DEFAULT		0x00000080U
+#define NT_TOKEN_ADJUST_SESSIONID	0x00000100U
+
+#define NT_TOKEN_ALL_ACCESS	NT_SEC_STANDARD_RIGHTS_REQUIRED \
+					| NT_TOKEN_ASSIGN_PRIMARY \
+					| NT_TOKEN_DUPLICATE \
+					| NT_TOKEN_IMPERSONATE \
+					| NT_TOKEN_QUERY \
+					| NT_TOKEN_QUERY_SOURCE \
+					| NT_TOKEN_ADJUST_PRIVILEGES \
+					| NT_TOKEN_ADJUST_GROUPS \
+					| NT_TOKEN_ADJUST_SESSIONID \
+					| NT_TOKEN_ADJUST_DEFAULT
+
+
+#define NT_TOKEN_READ		NT_SEC_STANDARD_RIGHTS_READ \
+					| NT_TOKEN_QUERY
+
+
+#define NT_TOKEN_WRITE		NT_SEC_STANDARD_RIGHTS_WRITE \
+					| TOKEN_ADJUST_PRIVILEGES \
+					| NT_OKEN_ADJUST_GROUPS \
+					| NT_TOKEN_ADJUST_DEFAULT
+
+#define NT_TOKEN_EXECUTE	NT_SEC_STANDARD_RIGHTS_EXECUTE
+
+
+/* filtered token flags */
+#define NT_DISABLE_MAX_PRIVILEGE	0x01
+
+
+typedef struct _nt_token_statistics {
+	nt_luid					token_id;
+	nt_luid					authentication_id;
+	nt_large_integer			expiration_time;
+	nt_token_type				token_type;
+	nt_security_impersonation_level		impersonation_level;
+	uint32_t				dynamic_charged;
+	uint32_t				dynamic_available;
+	uint32_t				group_count;
+	uint32_t				privilege_count;
+	nt_luid					modified_id;
+} nt_token_statistics;
+
+
+typedef int32_t __stdcall ntapi_zw_create_token(
+	__out	void **				htoken,
+	__in	uint32_t			desired_access,
+	__in	nt_object_attributes *		obj_attr,
+	__in	nt_token_type			type,
+	__in	nt_luid *			authentication_id,
+	__in	nt_large_integer *		expiration_time,
+	__in	nt_token_user *			user,
+	__in	nt_token_groups *		groups,
+	__in	nt_token_privileges *		privileges,
+	__in	nt_token_owner *		owner,
+	__in	nt_token_primary_group *	primary_group,
+	__in	nt_token_default_dacl *		default_dacl,
+	__in	nt_token_source *		source);
+
+
+typedef int32_t __stdcall ntapi_zw_open_process_token(
+	__in	void *			hprocess,
+	__in	uint32_t		desired_access,
+	__out	void **			htoken);
+
+
+typedef int32_t __stdcall ntapi_zw_open_thread_token(
+	__in	void *			hthread,
+	__in	uint32_t		desired_access,
+	__in	int32_t			open_as_self,
+	__out	void **			htoken);
+
+
+typedef int32_t __stdcall ntapi_zw_duplicate_token(
+	__in	void *				htoken_existing,
+	__in	uint32_t			desired_access,
+	__in	nt_object_attributes *		obj_attr,
+	__in	int32_t				effective_only,
+	__in	nt_token_type			token_type,
+	__out	void **				htoken_new);
+
+
+typedef int32_t __stdcall ntapi_zw_filter_token(
+	__in	void *				htoken_existing,
+	__in	uint32_t			flags,
+	__in	nt_token_groups *		sids_to_disable,
+	__in	nt_token_privileges *		privileges_to_delete,
+	__in	nt_token_groups *		sids_to_restrict,
+	__out	void **				htoken_new);
+
+
+typedef int32_t __stdcall ntapi_zw_adjust_privileges_token(
+	__in	void *				htoken,
+	__in	int32_t				disable_all_privileges,
+	__in	nt_token_privileges *		new_state,
+	__in	size_t				buffer_length,
+	__in	nt_token_privileges *		prev_state	__optional,
+	__out	size_t *			returned_length);
+
+
+typedef int32_t __stdcall ntapi_zw_adjust_groups_token(
+	__in	void *				htoken,
+	__in	int32_t				reset_to_default,
+	__in	nt_token_groups *		new_state,
+	__in	size_t				buffer_length,
+	__in	nt_token_groups *		prev_state	__optional,
+	__out	size_t *			returned_length);
+
+
+typedef int32_t __stdcall ntapi_zw_query_information_token(
+	__in	void *			htoken,
+	__in	nt_token_info_class	token_info_class,
+	__out	void *			token_info,
+	__in	size_t			token_info_length,
+	__out	size_t *		returned_length);
+
+
+typedef int32_t __stdcall ntapi_zw_set_information_token(
+	__in	void *			htoken,
+	__in	nt_token_info_class	token_info_class,
+	__in	void *			token_info,
+	__in	size_t			token_info_length);
+
+#endif
-- 
cgit v1.2.3