1*12890SJoyce.McIntosh@Sun.COM/* 2*12890SJoyce.McIntosh@Sun.COM * CDDL HEADER START 3*12890SJoyce.McIntosh@Sun.COM * 4*12890SJoyce.McIntosh@Sun.COM * The contents of this file are subject to the terms of the 5*12890SJoyce.McIntosh@Sun.COM * Common Development and Distribution License (the "License"). 6*12890SJoyce.McIntosh@Sun.COM * You may not use this file except in compliance with the License. 7*12890SJoyce.McIntosh@Sun.COM * 8*12890SJoyce.McIntosh@Sun.COM * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9*12890SJoyce.McIntosh@Sun.COM * or http://www.opensolaris.org/os/licensing. 10*12890SJoyce.McIntosh@Sun.COM * See the License for the specific language governing permissions 11*12890SJoyce.McIntosh@Sun.COM * and limitations under the License. 12*12890SJoyce.McIntosh@Sun.COM * 13*12890SJoyce.McIntosh@Sun.COM * When distributing Covered Code, include this CDDL HEADER in each 14*12890SJoyce.McIntosh@Sun.COM * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15*12890SJoyce.McIntosh@Sun.COM * If applicable, add the following below this CDDL HEADER, with the 16*12890SJoyce.McIntosh@Sun.COM * fields enclosed by brackets "[]" replaced with your own identifying 17*12890SJoyce.McIntosh@Sun.COM * information: Portions Copyright [yyyy] [name of copyright owner] 18*12890SJoyce.McIntosh@Sun.COM * 19*12890SJoyce.McIntosh@Sun.COM * CDDL HEADER END 20*12890SJoyce.McIntosh@Sun.COM */ 21*12890SJoyce.McIntosh@Sun.COM/* 22*12890SJoyce.McIntosh@Sun.COM * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. 23*12890SJoyce.McIntosh@Sun.COM */ 24*12890SJoyce.McIntosh@Sun.COM 25*12890SJoyce.McIntosh@Sun.COM#ifndef _SECURITY_NDL_ 26*12890SJoyce.McIntosh@Sun.COM#define _SECURITY_NDL_ 27*12890SJoyce.McIntosh@Sun.COM 28*12890SJoyce.McIntosh@Sun.COM#define USE_UINT_ENUMS 1 29*12890SJoyce.McIntosh@Sun.COM 30*12890SJoyce.McIntosh@Sun.COMstruct GUID { 31*12890SJoyce.McIntosh@Sun.COM DWORD time_low; 32*12890SJoyce.McIntosh@Sun.COM WORD time_mid; 33*12890SJoyce.McIntosh@Sun.COM WORD time_hi_and_version; 34*12890SJoyce.McIntosh@Sun.COM BYTE clock_seq[2]; 35*12890SJoyce.McIntosh@Sun.COM BYTE node[6]; 36*12890SJoyce.McIntosh@Sun.COM}; 37*12890SJoyce.McIntosh@Sun.COM 38*12890SJoyce.McIntosh@Sun.COM#define SEC_MASK_GENERIC 0xF0000000 39*12890SJoyce.McIntosh@Sun.COM#define SEC_MASK_FLAGS 0x0F000000 40*12890SJoyce.McIntosh@Sun.COM#define SEC_MASK_STANDARD 0x00FF0000 41*12890SJoyce.McIntosh@Sun.COM#define SEC_MASK_SPECIFIC 0x0000FFFF 42*12890SJoyce.McIntosh@Sun.COM#define SEC_GENERIC_ALL 0x10000000 43*12890SJoyce.McIntosh@Sun.COM#define SEC_GENERIC_EXECUTE 0x20000000 44*12890SJoyce.McIntosh@Sun.COM#define SEC_GENERIC_WRITE 0x40000000 45*12890SJoyce.McIntosh@Sun.COM#define SEC_GENERIC_READ 0x80000000 46*12890SJoyce.McIntosh@Sun.COM#define SEC_FLAG_SYSTEM_SECURITY 0x01000000 47*12890SJoyce.McIntosh@Sun.COM#define SEC_FLAG_MAXIMUM_ALLOWED 0x02000000 48*12890SJoyce.McIntosh@Sun.COM#define SEC_STD_DELETE 0x00010000 49*12890SJoyce.McIntosh@Sun.COM#define SEC_STD_READ_CONTROL 0x00020000 50*12890SJoyce.McIntosh@Sun.COM#define SEC_STD_WRITE_DAC 0x00040000 51*12890SJoyce.McIntosh@Sun.COM#define SEC_STD_WRITE_OWNER 0x00080000 52*12890SJoyce.McIntosh@Sun.COM#define SEC_STD_SYNCHRONIZE 0x00100000 53*12890SJoyce.McIntosh@Sun.COM#define SEC_STD_REQUIRED 0x000F0000 54*12890SJoyce.McIntosh@Sun.COM#define SEC_STD_ALL 0x001F0000 55*12890SJoyce.McIntosh@Sun.COM#define SEC_FILE_READ_DATA 0x00000001 56*12890SJoyce.McIntosh@Sun.COM#define SEC_FILE_WRITE_DATA 0x00000002 57*12890SJoyce.McIntosh@Sun.COM#define SEC_FILE_APPEND_DATA 0x00000004 58*12890SJoyce.McIntosh@Sun.COM#define SEC_FILE_READ_EA 0x00000008 59*12890SJoyce.McIntosh@Sun.COM#define SEC_FILE_WRITE_EA 0x00000010 60*12890SJoyce.McIntosh@Sun.COM#define SEC_FILE_EXECUTE 0x00000020 61*12890SJoyce.McIntosh@Sun.COM#define SEC_FILE_READ_ATTRIBUTE 0x00000080 62*12890SJoyce.McIntosh@Sun.COM#define SEC_FILE_WRITE_ATTRIBUTE 0x00000100 63*12890SJoyce.McIntosh@Sun.COM#define SEC_FILE_ALL 0x000001ff 64*12890SJoyce.McIntosh@Sun.COM#define SEC_DIR_LIST 0x00000001 65*12890SJoyce.McIntosh@Sun.COM#define SEC_DIR_ADD_FILE 0x00000002 66*12890SJoyce.McIntosh@Sun.COM#define SEC_DIR_ADD_SUBDIR 0x00000004 67*12890SJoyce.McIntosh@Sun.COM#define SEC_DIR_READ_EA 0x00000008 68*12890SJoyce.McIntosh@Sun.COM#define SEC_DIR_WRITE_EA 0x00000010 69*12890SJoyce.McIntosh@Sun.COM#define SEC_DIR_TRAVERSE 0x00000020 70*12890SJoyce.McIntosh@Sun.COM#define SEC_DIR_DELETE_CHILD 0x00000040 71*12890SJoyce.McIntosh@Sun.COM#define SEC_DIR_READ_ATTRIBUTE 0x00000080 72*12890SJoyce.McIntosh@Sun.COM#define SEC_DIR_WRITE_ATTRIBUTE 0x00000100 73*12890SJoyce.McIntosh@Sun.COM#define SEC_REG_QUERY_VALUE 0x00000001 74*12890SJoyce.McIntosh@Sun.COM#define SEC_REG_SET_VALUE 0x00000002 75*12890SJoyce.McIntosh@Sun.COM#define SEC_REG_CREATE_SUBKEY 0x00000004 76*12890SJoyce.McIntosh@Sun.COM#define SEC_REG_ENUM_SUBKEYS 0x00000008 77*12890SJoyce.McIntosh@Sun.COM#define SEC_REG_NOTIFY 0x00000010 78*12890SJoyce.McIntosh@Sun.COM#define SEC_REG_CREATE_LINK 0x00000020 79*12890SJoyce.McIntosh@Sun.COM#define SEC_ADS_CREATE_CHILD 0x00000001 80*12890SJoyce.McIntosh@Sun.COM#define SEC_ADS_DELETE_CHILD 0x00000002 81*12890SJoyce.McIntosh@Sun.COM#define SEC_ADS_LIST 0x00000004 82*12890SJoyce.McIntosh@Sun.COM#define SEC_ADS_SELF_WRITE 0x00000008 83*12890SJoyce.McIntosh@Sun.COM#define SEC_ADS_READ_PROP 0x00000010 84*12890SJoyce.McIntosh@Sun.COM#define SEC_ADS_WRITE_PROP 0x00000020 85*12890SJoyce.McIntosh@Sun.COM#define SEC_ADS_DELETE_TREE 0x00000040 86*12890SJoyce.McIntosh@Sun.COM#define SEC_ADS_LIST_OBJECT 0x00000080 87*12890SJoyce.McIntosh@Sun.COM#define SEC_ADS_CONTROL_ACCESS 0x00000100 88*12890SJoyce.McIntosh@Sun.COM#define SEC_RIGHTS_FILE_READ SEC_STD_READ_CONTROL|SEC_STD_SYNCHRONIZE|SEC_FILE_READ_DATA|SEC_FILE_READ_ATTRIBUTE|SEC_FILE_READ_EA 89*12890SJoyce.McIntosh@Sun.COM#define SEC_RIGHTS_FILE_WRITE SEC_STD_READ_CONTROL|SEC_STD_SYNCHRONIZE|SEC_FILE_WRITE_DATA|SEC_FILE_WRITE_ATTRIBUTE|SEC_FILE_WRITE_EA|SEC_FILE_APPEND_DATA 90*12890SJoyce.McIntosh@Sun.COM#define SEC_RIGHTS_FILE_EXECUTE SEC_STD_SYNCHRONIZE|SEC_STD_READ_CONTROL|SEC_FILE_READ_ATTRIBUTE|SEC_FILE_EXECUTE 91*12890SJoyce.McIntosh@Sun.COM#define SEC_RIGHTS_FILE_ALL SEC_STD_ALL|SEC_FILE_ALL 92*12890SJoyce.McIntosh@Sun.COM#define SEC_RIGHTS_DIR_READ SEC_RIGHTS_FILE_READ 93*12890SJoyce.McIntosh@Sun.COM#define SEC_RIGHTS_DIR_WRITE SEC_RIGHTS_FILE_WRITE 94*12890SJoyce.McIntosh@Sun.COM#define SEC_RIGHTS_DIR_EXECUTE SEC_RIGHTS_FILE_EXECUTE 95*12890SJoyce.McIntosh@Sun.COM#define SEC_RIGHTS_DIR_ALL SEC_RIGHTS_FILE_ALL 96*12890SJoyce.McIntosh@Sun.COM#define SID_NULL "S-1-0-0" 97*12890SJoyce.McIntosh@Sun.COM#define SID_WORLD_DOMAIN "S-1-1" 98*12890SJoyce.McIntosh@Sun.COM#define SID_WORLD "S-1-1-0" 99*12890SJoyce.McIntosh@Sun.COM#define SID_CREATOR_OWNER_DOMAIN "S-1-3" 100*12890SJoyce.McIntosh@Sun.COM#define SID_CREATOR_OWNER "S-1-3-0" 101*12890SJoyce.McIntosh@Sun.COM#define SID_CREATOR_GROUP "S-1-3-1" 102*12890SJoyce.McIntosh@Sun.COM#define SID_NT_AUTHORITY "S-1-5" 103*12890SJoyce.McIntosh@Sun.COM#define SID_NT_DIALUP "S-1-5-1" 104*12890SJoyce.McIntosh@Sun.COM#define SID_NT_NETWORK "S-1-5-2" 105*12890SJoyce.McIntosh@Sun.COM#define SID_NT_BATCH "S-1-5-3" 106*12890SJoyce.McIntosh@Sun.COM#define SID_NT_INTERACTIVE "S-1-5-4" 107*12890SJoyce.McIntosh@Sun.COM#define SID_NT_SERVICE "S-1-5-6" 108*12890SJoyce.McIntosh@Sun.COM#define SID_NT_ANONYMOUS "S-1-5-7" 109*12890SJoyce.McIntosh@Sun.COM#define SID_NT_PROXY "S-1-5-8" 110*12890SJoyce.McIntosh@Sun.COM#define SID_NT_ENTERPRISE_DCS "S-1-5-9" 111*12890SJoyce.McIntosh@Sun.COM#define SID_NT_SELF "S-1-5-10" 112*12890SJoyce.McIntosh@Sun.COM#define SID_NT_AUTHENTICATED_USERS "S-1-5-11" 113*12890SJoyce.McIntosh@Sun.COM#define SID_NT_RESTRICTED "S-1-5-12" 114*12890SJoyce.McIntosh@Sun.COM#define SID_NT_TERMINAL_SERVER_USERS "S-1-5-13" 115*12890SJoyce.McIntosh@Sun.COM#define SID_NT_REMOTE_INTERACTIVE "S-1-5-14" 116*12890SJoyce.McIntosh@Sun.COM#define SID_NT_THIS_ORGANISATION "S-1-5-15" 117*12890SJoyce.McIntosh@Sun.COM#define SID_NT_SYSTEM "S-1-5-18" 118*12890SJoyce.McIntosh@Sun.COM#define SID_NT_LOCAL_SERVICE "S-1-5-19" 119*12890SJoyce.McIntosh@Sun.COM#define SID_NT_NETWORK_SERVICE "S-1-5-20" 120*12890SJoyce.McIntosh@Sun.COM#define SID_BUILTIN "S-1-5-32" 121*12890SJoyce.McIntosh@Sun.COM#define SID_BUILTIN_ADMINISTRATORS "S-1-5-32-544" 122*12890SJoyce.McIntosh@Sun.COM#define SID_BUILTIN_USERS "S-1-5-32-545" 123*12890SJoyce.McIntosh@Sun.COM#define SID_BUILTIN_GUESTS "S-1-5-32-546" 124*12890SJoyce.McIntosh@Sun.COM#define SID_BUILTIN_POWER_USERS "S-1-5-32-547" 125*12890SJoyce.McIntosh@Sun.COM#define SID_BUILTIN_ACCOUNT_OPERATORS "S-1-5-32-548" 126*12890SJoyce.McIntosh@Sun.COM#define SID_BUILTIN_SERVER_OPERATORS "S-1-5-32-549" 127*12890SJoyce.McIntosh@Sun.COM#define SID_BUILTIN_PRINT_OPERATORS "S-1-5-32-550" 128*12890SJoyce.McIntosh@Sun.COM#define SID_BUILTIN_BACKUP_OPERATORS "S-1-5-32-551" 129*12890SJoyce.McIntosh@Sun.COM#define SID_BUILTIN_REPLICATOR "S-1-5-32-552" 130*12890SJoyce.McIntosh@Sun.COM#define SID_BUILTIN_RAS_SERVERS "S-1-5-32-553" 131*12890SJoyce.McIntosh@Sun.COM#define SID_BUILTIN_PREW2K "S-1-5-32-554" 132*12890SJoyce.McIntosh@Sun.COM#define DOMAIN_RID_LOGON 9 133*12890SJoyce.McIntosh@Sun.COM#define DOMAIN_RID_ADMINISTRATOR 500 134*12890SJoyce.McIntosh@Sun.COM#define DOMAIN_RID_GUEST 501 135*12890SJoyce.McIntosh@Sun.COM#define DOMAIN_RID_ADMINS 512 136*12890SJoyce.McIntosh@Sun.COM#define DOMAIN_RID_USERS 513 137*12890SJoyce.McIntosh@Sun.COM#define DOMAIN_RID_DCS 516 138*12890SJoyce.McIntosh@Sun.COM#define DOMAIN_RID_CERT_ADMINS 517 139*12890SJoyce.McIntosh@Sun.COM#define DOMAIN_RID_SCHEMA_ADMINS 518 140*12890SJoyce.McIntosh@Sun.COM#define DOMAIN_RID_ENTERPRISE_ADMINS 519 141*12890SJoyce.McIntosh@Sun.COM#define NT4_ACL_REVISION SECURITY_ACL_REVISION_NT4 142*12890SJoyce.McIntosh@Sun.COM#define SD_REVISION SECURITY_DESCRIPTOR_REVISION_1 143*12890SJoyce.McIntosh@Sun.COM 144*12890SJoyce.McIntosh@Sun.COM#ifndef USE_UINT_ENUMS 145*12890SJoyce.McIntosh@Sun.COM enum sec_privilege { 146*12890SJoyce.McIntosh@Sun.COM SEC_PRIV_SECURITY=1, 147*12890SJoyce.McIntosh@Sun.COM SEC_PRIV_BACKUP=2, 148*12890SJoyce.McIntosh@Sun.COM SEC_PRIV_RESTORE=3, 149*12890SJoyce.McIntosh@Sun.COM SEC_PRIV_SYSTEMTIME=4, 150*12890SJoyce.McIntosh@Sun.COM SEC_PRIV_SHUTDOWN=5, 151*12890SJoyce.McIntosh@Sun.COM SEC_PRIV_REMOTE_SHUTDOWN=6, 152*12890SJoyce.McIntosh@Sun.COM SEC_PRIV_TAKE_OWNERSHIP=7, 153*12890SJoyce.McIntosh@Sun.COM SEC_PRIV_DEBUG=8, 154*12890SJoyce.McIntosh@Sun.COM SEC_PRIV_SYSTEM_ENVIRONMENT=9, 155*12890SJoyce.McIntosh@Sun.COM SEC_PRIV_SYSTEM_PROFILE=10, 156*12890SJoyce.McIntosh@Sun.COM SEC_PRIV_PROFILE_SINGLE_PROCESS=11, 157*12890SJoyce.McIntosh@Sun.COM SEC_PRIV_INCREASE_BASE_PRIORITY=12, 158*12890SJoyce.McIntosh@Sun.COM SEC_PRIV_LOAD_DRIVER=13, 159*12890SJoyce.McIntosh@Sun.COM SEC_PRIV_CREATE_PAGEFILE=14, 160*12890SJoyce.McIntosh@Sun.COM SEC_PRIV_INCREASE_QUOTA=15, 161*12890SJoyce.McIntosh@Sun.COM SEC_PRIV_CHANGE_NOTIFY=16, 162*12890SJoyce.McIntosh@Sun.COM SEC_PRIV_UNDOCK=17, 163*12890SJoyce.McIntosh@Sun.COM SEC_PRIV_MANAGE_VOLUME=18, 164*12890SJoyce.McIntosh@Sun.COM SEC_PRIV_IMPERSONATE=19, 165*12890SJoyce.McIntosh@Sun.COM SEC_PRIV_CREATE_GLOBAL=20, 166*12890SJoyce.McIntosh@Sun.COM SEC_PRIV_ENABLE_DELEGATION=21, 167*12890SJoyce.McIntosh@Sun.COM SEC_PRIV_INTERACTIVE_LOGON=22, 168*12890SJoyce.McIntosh@Sun.COM SEC_PRIV_NETWORK_LOGON=23, 169*12890SJoyce.McIntosh@Sun.COM SEC_PRIV_REMOTE_INTERACTIVE_LOGON=24 170*12890SJoyce.McIntosh@Sun.COM}; 171*12890SJoyce.McIntosh@Sun.COM#else 172*12890SJoyce.McIntosh@Sun.COM 173*12890SJoyce.McIntosh@Sun.COM#define SEC_PRIV_SECURITY 1 174*12890SJoyce.McIntosh@Sun.COM#define SEC_PRIV_BACKUP 2 175*12890SJoyce.McIntosh@Sun.COM#define SEC_PRIV_RESTORE 3 176*12890SJoyce.McIntosh@Sun.COM#define SEC_PRIV_SYSTEMTIME 4 177*12890SJoyce.McIntosh@Sun.COM#define SEC_PRIV_SHUTDOWN 5 178*12890SJoyce.McIntosh@Sun.COM#define SEC_PRIV_REMOTE_SHUTDOWN 6 179*12890SJoyce.McIntosh@Sun.COM#define SEC_PRIV_TAKE_OWNERSHIP 7 180*12890SJoyce.McIntosh@Sun.COM#define SEC_PRIV_DEBUG 8 181*12890SJoyce.McIntosh@Sun.COM#define SEC_PRIV_SYSTEM_ENVIRONMENT 9 182*12890SJoyce.McIntosh@Sun.COM#define SEC_PRIV_SYSTEM_PROFILE 10 183*12890SJoyce.McIntosh@Sun.COM#define SEC_PRIV_PROFILE_SINGLE_PROCESS 11 184*12890SJoyce.McIntosh@Sun.COM#define SEC_PRIV_INCREASE_BASE_PRIORITY 12 185*12890SJoyce.McIntosh@Sun.COM#define SEC_PRIV_LOAD_DRIVER 13 186*12890SJoyce.McIntosh@Sun.COM#define SEC_PRIV_CREATE_PAGEFILE 14 187*12890SJoyce.McIntosh@Sun.COM#define SEC_PRIV_INCREASE_QUOTA 15 188*12890SJoyce.McIntosh@Sun.COM#define SEC_PRIV_CHANGE_NOTIFY 16 189*12890SJoyce.McIntosh@Sun.COM#define SEC_PRIV_UNDOCK 17 190*12890SJoyce.McIntosh@Sun.COM#define SEC_PRIV_MANAGE_VOLUME 18 191*12890SJoyce.McIntosh@Sun.COM#define SEC_PRIV_IMPERSONATE 19 192*12890SJoyce.McIntosh@Sun.COM#define SEC_PRIV_CREATE_GLOBAL 20 193*12890SJoyce.McIntosh@Sun.COM#define SEC_PRIV_ENABLE_DELEGATION 21 194*12890SJoyce.McIntosh@Sun.COM#define SEC_PRIV_INTERACTIVE_LOGON 22 195*12890SJoyce.McIntosh@Sun.COM#define SEC_PRIV_NETWORK_LOGON 23 196*12890SJoyce.McIntosh@Sun.COM#define SEC_PRIV_REMOTE_INTERACTIVE_LOGON 24 197*12890SJoyce.McIntosh@Sun.COM#endif 198*12890SJoyce.McIntosh@Sun.COM 199*12890SJoyce.McIntosh@Sun.COMstruct dom_sid { 200*12890SJoyce.McIntosh@Sun.COM BYTE sid_rev_num; 201*12890SJoyce.McIntosh@Sun.COM BYTE num_auths; 202*12890SJoyce.McIntosh@Sun.COM BYTE id_auth[6]; 203*12890SJoyce.McIntosh@Sun.COM DWORD *sub_auths; 204*12890SJoyce.McIntosh@Sun.COM}; 205*12890SJoyce.McIntosh@Sun.COM 206*12890SJoyce.McIntosh@Sun.COM/* 207*12890SJoyce.McIntosh@Sun.COM * bitmap security_ace_flags 208*12890SJoyce.McIntosh@Sun.COM */ 209*12890SJoyce.McIntosh@Sun.COM#define SEC_ACE_FLAG_OBJECT_INHERIT 0x01 210*12890SJoyce.McIntosh@Sun.COM#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x02 211*12890SJoyce.McIntosh@Sun.COM#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x04 212*12890SJoyce.McIntosh@Sun.COM#define SEC_ACE_FLAG_INHERIT_ONLY 0x08 213*12890SJoyce.McIntosh@Sun.COM#define SEC_ACE_FLAG_INHERITED_ACE 0x10 214*12890SJoyce.McIntosh@Sun.COM#define SEC_ACE_FLAG_VALID_INHERIT 0x0f 215*12890SJoyce.McIntosh@Sun.COM#define SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0x40 216*12890SJoyce.McIntosh@Sun.COM#define SEC_ACE_FLAG_FAILED_ACCESS 0x80 217*12890SJoyce.McIntosh@Sun.COM 218*12890SJoyce.McIntosh@Sun.COM#ifndef USE_UINT_ENUMS 219*12890SJoyce.McIntosh@Sun.COMenum security_ace_type { 220*12890SJoyce.McIntosh@Sun.COM SEC_ACE_TYPE_ACCESS_ALLOWED=0, 221*12890SJoyce.McIntosh@Sun.COM SEC_ACE_TYPE_ACCESS_DENIED=1, 222*12890SJoyce.McIntosh@Sun.COM SEC_ACE_TYPE_SYSTEM_AUDIT=2, 223*12890SJoyce.McIntosh@Sun.COM SEC_ACE_TYPE_SYSTEM_ALARM=3, 224*12890SJoyce.McIntosh@Sun.COM SEC_ACE_TYPE_ALLOWED_COMPOUND=4, 225*12890SJoyce.McIntosh@Sun.COM SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT=5, 226*12890SJoyce.McIntosh@Sun.COM SEC_ACE_TYPE_ACCESS_DENIED_OBJECT=6, 227*12890SJoyce.McIntosh@Sun.COM SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT=7, 228*12890SJoyce.McIntosh@Sun.COM SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT=8 229*12890SJoyce.McIntosh@Sun.COM}; 230*12890SJoyce.McIntosh@Sun.COM#else 231*12890SJoyce.McIntosh@Sun.COM#define SEC_ACE_TYPE_ACCESS_ALLOWED 0 232*12890SJoyce.McIntosh@Sun.COM#define SEC_ACE_TYPE_ACCESS_DENIED 1 233*12890SJoyce.McIntosh@Sun.COM#define SEC_ACE_TYPE_SYSTEM_AUDIT 2 234*12890SJoyce.McIntosh@Sun.COM#define SEC_ACE_TYPE_SYSTEM_ALARM 3 235*12890SJoyce.McIntosh@Sun.COM#define SEC_ACE_TYPE_ALLOWED_COMPOUND 4 236*12890SJoyce.McIntosh@Sun.COM#define SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT 5 237*12890SJoyce.McIntosh@Sun.COM#define SEC_ACE_TYPE_ACCESS_DENIED_OBJECT 6 238*12890SJoyce.McIntosh@Sun.COM#define SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT 7 239*12890SJoyce.McIntosh@Sun.COM#define SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT 8 240*12890SJoyce.McIntosh@Sun.COM#endif 241*12890SJoyce.McIntosh@Sun.COM 242*12890SJoyce.McIntosh@Sun.COM/* 243*12890SJoyce.McIntosh@Sun.COM * bitmap security_ace_object_flags 244*12890SJoyce.McIntosh@Sun.COM */ 245*12890SJoyce.McIntosh@Sun.COM#define SEC_ACE_OBJECT_TYPE_PRESENT 0x00000001 246*12890SJoyce.McIntosh@Sun.COM#define SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT 0x00000002 247*12890SJoyce.McIntosh@Sun.COM 248*12890SJoyce.McIntosh@Sun.COMunion security_ace_object_type { 249*12890SJoyce.McIntosh@Sun.COM CASE(0) struct GUID type; 250*12890SJoyce.McIntosh@Sun.COM}; 251*12890SJoyce.McIntosh@Sun.COM 252*12890SJoyce.McIntosh@Sun.COMunion security_ace_object_inherited_type { 253*12890SJoyce.McIntosh@Sun.COM CASE(0) struct GUID inherited_type; 254*12890SJoyce.McIntosh@Sun.COM}; 255*12890SJoyce.McIntosh@Sun.COM 256*12890SJoyce.McIntosh@Sun.COMstruct security_ace_object { 257*12890SJoyce.McIntosh@Sun.COM DWORD flags; 258*12890SJoyce.McIntosh@Sun.COM}; 259*12890SJoyce.McIntosh@Sun.COM 260*12890SJoyce.McIntosh@Sun.COMunion security_ace_object_ctr { 261*12890SJoyce.McIntosh@Sun.COM CASE(0) struct security_ace_object object; 262*12890SJoyce.McIntosh@Sun.COM}; 263*12890SJoyce.McIntosh@Sun.COM 264*12890SJoyce.McIntosh@Sun.COMstruct security_ace { 265*12890SJoyce.McIntosh@Sun.COM DWORD security_ace_type; 266*12890SJoyce.McIntosh@Sun.COM BYTE flags; 267*12890SJoyce.McIntosh@Sun.COM WORD size; 268*12890SJoyce.McIntosh@Sun.COM DWORD access_mask; 269*12890SJoyce.McIntosh@Sun.COM struct dom_sid trustee; 270*12890SJoyce.McIntosh@Sun.COM}; 271*12890SJoyce.McIntosh@Sun.COM 272*12890SJoyce.McIntosh@Sun.COM#ifndef USE_UINT_ENUMS 273*12890SJoyce.McIntosh@Sun.COMenum security_acl_revision { 274*12890SJoyce.McIntosh@Sun.COM SECURITY_ACL_REVISION_NT4=2, 275*12890SJoyce.McIntosh@Sun.COM SECURITY_ACL_REVISION_ADS=4 276*12890SJoyce.McIntosh@Sun.COM}; 277*12890SJoyce.McIntosh@Sun.COM#else 278*12890SJoyce.McIntosh@Sun.COM#define SECURITY_ACL_REVISION_NT4 2 279*12890SJoyce.McIntosh@Sun.COM#define SECURITY_ACL_REVISION_ADS 4 280*12890SJoyce.McIntosh@Sun.COM#endif 281*12890SJoyce.McIntosh@Sun.COM 282*12890SJoyce.McIntosh@Sun.COMstruct security_acl { 283*12890SJoyce.McIntosh@Sun.COM DWORD security_acl_revision; 284*12890SJoyce.McIntosh@Sun.COM WORD size; 285*12890SJoyce.McIntosh@Sun.COM DWORD num_aces; 286*12890SJoyce.McIntosh@Sun.COM struct security_ace *aces; 287*12890SJoyce.McIntosh@Sun.COM}; 288*12890SJoyce.McIntosh@Sun.COM 289*12890SJoyce.McIntosh@Sun.COM#ifndef USE_UINT_ENUMS 290*12890SJoyce.McIntosh@Sun.COMenum security_descriptor_revision { 291*12890SJoyce.McIntosh@Sun.COM SECURITY_DESCRIPTOR_REVISION_1=1 292*12890SJoyce.McIntosh@Sun.COM}; 293*12890SJoyce.McIntosh@Sun.COM#else 294*12890SJoyce.McIntosh@Sun.COM#define SECURITY_DESCRIPTOR_REVISION_1 1 295*12890SJoyce.McIntosh@Sun.COM#endif 296*12890SJoyce.McIntosh@Sun.COM 297*12890SJoyce.McIntosh@Sun.COM/* 298*12890SJoyce.McIntosh@Sun.COM * bitmap security_descriptor_type 299*12890SJoyce.McIntosh@Sun.COM */ 300*12890SJoyce.McIntosh@Sun.COM#define SEC_DESC_OWNER_DEFAULTED 0x0001 301*12890SJoyce.McIntosh@Sun.COM#define SEC_DESC_GROUP_DEFAULTED 0x0002 302*12890SJoyce.McIntosh@Sun.COM#define SEC_DESC_DACL_PRESENT 0x0004 303*12890SJoyce.McIntosh@Sun.COM#define SEC_DESC_DACL_DEFAULTED 0x0008 304*12890SJoyce.McIntosh@Sun.COM#define SEC_DESC_SACL_PRESENT 0x0010 305*12890SJoyce.McIntosh@Sun.COM#define SEC_DESC_SACL_DEFAULTED 0x0020 306*12890SJoyce.McIntosh@Sun.COM#define SEC_DESC_DACL_TRUSTED 0x0040 307*12890SJoyce.McIntosh@Sun.COM#define SEC_DESC_SERVER_SECURITY 0x0080 308*12890SJoyce.McIntosh@Sun.COM#define SEC_DESC_DACL_AUTO_INHERIT_REQ 0x0100 309*12890SJoyce.McIntosh@Sun.COM#define SEC_DESC_SACL_AUTO_INHERIT_REQ 0x0200 310*12890SJoyce.McIntosh@Sun.COM#define SEC_DESC_DACL_AUTO_INHERITED 0x0400 311*12890SJoyce.McIntosh@Sun.COM#define SEC_DESC_SACL_AUTO_INHERITED 0x0800 312*12890SJoyce.McIntosh@Sun.COM#define SEC_DESC_DACL_PROTECTED 0x1000 313*12890SJoyce.McIntosh@Sun.COM#define SEC_DESC_SACL_PROTECTED 0x2000 314*12890SJoyce.McIntosh@Sun.COM#define SEC_DESC_RM_CONTROL_VALID 0x4000 315*12890SJoyce.McIntosh@Sun.COM#define SEC_DESC_SELF_RELATIVE 0x8000 316*12890SJoyce.McIntosh@Sun.COM 317*12890SJoyce.McIntosh@Sun.COMstruct security_descriptor { 318*12890SJoyce.McIntosh@Sun.COM WORD revision; 319*12890SJoyce.McIntosh@Sun.COM WORD type; 320*12890SJoyce.McIntosh@Sun.COM DWORD ownersid; 321*12890SJoyce.McIntosh@Sun.COM DWORD groupsid; 322*12890SJoyce.McIntosh@Sun.COM DWORD sacl; 323*12890SJoyce.McIntosh@Sun.COM DWORD dacl; 324*12890SJoyce.McIntosh@Sun.COM}; 325*12890SJoyce.McIntosh@Sun.COM 326*12890SJoyce.McIntosh@Sun.COMstruct sec_desc_buf { 327*12890SJoyce.McIntosh@Sun.COM DWORD sd_size; 328*12890SJoyce.McIntosh@Sun.COM struct security_descriptor *sd; 329*12890SJoyce.McIntosh@Sun.COM}; 330*12890SJoyce.McIntosh@Sun.COM 331*12890SJoyce.McIntosh@Sun.COMstruct security_token { 332*12890SJoyce.McIntosh@Sun.COM struct dom_sid *user_sid; 333*12890SJoyce.McIntosh@Sun.COM struct dom_sid *group_sid; 334*12890SJoyce.McIntosh@Sun.COM DWORD num_sids; 335*12890SJoyce.McIntosh@Sun.COM DWORD privilege_mask1; 336*12890SJoyce.McIntosh@Sun.COM DWORD privilege_mask2; 337*12890SJoyce.McIntosh@Sun.COM}; 338*12890SJoyce.McIntosh@Sun.COM 339*12890SJoyce.McIntosh@Sun.COM/* 340*12890SJoyce.McIntosh@Sun.COM * bitmap security_secinfo 341*12890SJoyce.McIntosh@Sun.COM */ 342*12890SJoyce.McIntosh@Sun.COM#define SECINFO_OWNER 0x00000001 343*12890SJoyce.McIntosh@Sun.COM#define SECINFO_GROUP 0x00000002 344*12890SJoyce.McIntosh@Sun.COM#define SECINFO_DACL 0x00000004 345*12890SJoyce.McIntosh@Sun.COM#define SECINFO_SACL 0x00000008 346*12890SJoyce.McIntosh@Sun.COM 347*12890SJoyce.McIntosh@Sun.COM#endif /* _SECURITY_NDL_ */ 348