#ifndef _NT_SECURITY_H_
#define _NT_SECURITY_H_

#include "nt_abi.h"
#include "nt_object.h"

typedef enum _nt_audit_event_type {
	NT_AUDIT_EVENT_OBJECT_ACCESS,
	NT_AUDIT_EVENT_DIRECTORY_SERVICE_ACCESS
} nt_audit_event_type;


/* audit flag bits */
#define NT_AUDIT_ALLOW_NO_PRIVILEGE 	0x01


typedef struct _nt_privilege_set {
	uint32_t	privilege_count;
	uint32_t	control;
	nt_luid_and_attributes	privilege[];
} nt_privilege_set;


typedef struct _nt_object_type_list {
	int32_t		level;
	int32_t		sbz;
	nt_guid *	object_type;
} nt_object_type_list;


typedef int32_t __stdcall ntapi_zw_privilege_check(
	__in	void *			htoken,
	__in	nt_privilege_set *	required_privileges,
	__out	unsigned char *		result);


typedef int32_t __stdcall ntapi_zw_privilege_object_audit_alarm(
	__in	nt_unicode_string *	subsystem_name,
	__in	void *			handle_id,
	__in	void *			htoken,
	__in	uint32_t		desired_access,
	__in	nt_privilege_set *	privileges,
	__in	unsigned char		access_granted);


typedef int32_t __stdcall ntapi_zw_privileged_service_audit_alarm(
	__in	nt_unicode_string *	subsystem_name,
	__in	nt_unicode_string *	service_name,
	__in	void *			htoken,
	__in	nt_privilege_set *	privileges,
	__in	unsigned char		access_granted);


typedef int32_t __stdcall ntapi_zw_access_check(
	__in	nt_security_descriptor *	sec_desc,
	__in	void *				htoken,
	__in	uint32_t			desired_access,
	__in	nt_generic_mapping *		generic_mapping,
	__in	nt_privilege_set *		privilege_set,
	__in	uint32_t *			privilege_set_length,
	__out	uint32_t *			granted_access,
	__out	unsigned char *			access_status);


typedef int32_t __stdcall ntapi_zw_access_check_and_audit_alarm(
	__in	nt_unicode_string *		subsystem_name,
	__in	void *				handle_id,
	__in	nt_unicode_string *		object_type_name,
	__in	nt_unicode_string *		object_name,
	__in	nt_security_descriptor *	sec_desc,
	__in	uint32_t			desired_access,
	__in	nt_generic_mapping *		generic_mapping,
	__in	unsigned char			object_creation,
	__out	uint32_t *			granted_access,
	__out	unsigned char *			access_status,
	__out	unsigned char *			generate_on_close);


typedef int32_t __stdcall ntapi_zw_access_check_by_type(
	__in	nt_security_descriptor *	sec_desc,
	__in	nt_sid *			principal_self_sid,
	__in	void *				htoken,
	__in	uint32_t			desired_access,
	__in	nt_object_type_list *		obj_type_list,
	__in	uint32_t			obj_type_list_length,
	__in	nt_generic_mapping *		generic_mapping,
	__in	nt_privilege_set *		privilege_set,
	__in	uint32_t *			privilege_set_length,
	__out	uint32_t *			granted_access,
	__out	unsigned char *			access_status);


typedef int32_t __stdcall ntapi_zw_access_check_by_type_and_audit_alarm(
	__in	nt_unicode_string *		subsystem_name,
	__in	void *				handle_id,
	__in	nt_unicode_string *		object_type_name,
	__in	nt_unicode_string *		object_name,
	__in	nt_security_descriptor *	sec_desc,
	__in	nt_sid *			principal_self_sid,
	__in	uint32_t			desired_access,
	__in	nt_audit_event_type		audit_type,
	__in	uint32_t			augid_flags,
	__in	nt_object_type_list *		obj_type_list,
	__in	uint32_t			obj_type_list_length,
	__in	nt_generic_mapping *		generic_mapping,
	__in	unsigned char			object_creation,
	__out	uint32_t *			granted_access,
	__out	uint32_t *			access_status,
	__out	unsigned char *			generate_on_close);


typedef int32_t __stdcall ntapi_zw_access_check_by_type_result_list(
	__in	nt_security_descriptor *	sec_desc,
	__in	nt_sid *			principal_self_sid,
	__in	void *				htoken,
	__in	uint32_t			desired_access,
	__in	nt_object_type_list *		obj_type_list,
	__in	uint32_t			obj_type_list_length,
	__in	nt_generic_mapping *		generic_mapping,
	__in	nt_privilege_set *		privilege_set,
	__in	uint32_t *			privilege_set_length,
	__out	uint32_t *			granted_access_list,
	__out	uint32_t *			access_status_list);


typedef int32_t __stdcall ntapi_zw_access_check_by_type_result_list_and_audit_alarm(
	__in	nt_unicode_string *		subsystem_name,
	__in	void *				handle_id,
	__in	nt_unicode_string *		object_type_name,
	__in	nt_unicode_string *		object_name,
	__in	nt_security_descriptor *	sec_desc,
	__in	nt_sid *			principal_self_sid,
	__in	uint32_t			desired_access,
	__in	nt_audit_event_type		audit_type,
	__in	uint32_t			augid_flags,
	__in	nt_object_type_list *		obj_type_list,
	__in	uint32_t			obj_type_list_length,
	__in	nt_generic_mapping *		generic_mapping,
	__in	unsigned char			object_creation,
	__out	uint32_t *			granted_access_list,
	__out	uint32_t *			access_status_list,
	__out	uint32_t *			generate_on_close);


typedef int32_t __stdcall ntapi_zw_access_check_by_type_result_list_and_audit_alarm_by_handle(
	__in	nt_unicode_string *		subsystem_name,
	__in	void *				handle_id,
	__in	void *				htoken,
	__in	nt_unicode_string *		object_type_name,
	__in	nt_unicode_string *		object_name,
	__in	nt_security_descriptor *	sec_desc,
	__in	nt_sid *			principal_self_sid,
	__in	uint32_t			desired_access,
	__in	nt_audit_event_type		audit_type,
	__in	uint32_t			augid_flags,
	__in	nt_object_type_list *		obj_type_list,
	__in	uint32_t			obj_type_list_length,
	__in	nt_generic_mapping *		generic_mapping,
	__in	unsigned char			object_creation,
	__out	uint32_t *			granted_access_list,
	__out	uint32_t *			access_status_list,
	__out	uint32_t *			generate_on_close);


typedef int32_t __stdcall ntapi_zw_open_object_audit_alarm(
	__in	nt_unicode_string *		subsystem_name,
	__in	void **				handle_id,
	__in	nt_unicode_string *		object_type_name,
	__in	nt_unicode_string *		object_name,
	__in	nt_security_descriptor *	sec_desc,
	__in	void *				htoken,
	__in	uint32_t			desired_access,
	__in	uint32_t			granted_access,
	__in	nt_privilege_set *		privileges	__optional,
	__in	unsigned char			object_creation,
	__in	unsigned char			access_granted,
	__out	unsigned char *			generate_on_close);

typedef int32_t __stdcall ntapi_zw_close_object_audit_alarm(
	__in	nt_unicode_string *		subsystem_name,
	__in	void *				handle_id,
	__out	unsigned char *			generate_on_close);


typedef int32_t __stdcall ntapi_zw_delete_object_audit_alarm(
	__in	nt_unicode_string *		subsystem_name,
	__in	void *				handle_id,
	__out	unsigned char *			generate_on_close);

#endif