FreeRDP
Loading...
Searching...
No Matches
winpr/include/winpr/security.h
1
20#ifndef WINPR_SECURITY_H
21#define WINPR_SECURITY_H
22
23#include <winpr/winpr.h>
24#include <winpr/wtypes.h>
25
31#ifndef _WIN32
32
33#include <winpr/nt.h>
34
35#define ANYSIZE_ARRAY 1
36
37typedef enum
38{
39 SecurityAnonymous,
40 SecurityIdentification,
41 SecurityImpersonation,
42 SecurityDelegation
43} SECURITY_IMPERSONATION_LEVEL,
44 *PSECURITY_IMPERSONATION_LEVEL;
45
46#define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation
47#define SECURITY_MIN_IMPERSONATION_LEVEL SecurityAnonymous
48#define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation
49#define VALID_IMPERSONATION_LEVEL(L) \
50 (((L) >= SECURITY_MIN_IMPERSONATION_LEVEL) && ((L) <= SECURITY_MAX_IMPERSONATION_LEVEL))
51
52#define TOKEN_ASSIGN_PRIMARY (0x0001)
53#define TOKEN_DUPLICATE (0x0002)
54#define TOKEN_IMPERSONATE (0x0004)
55#define TOKEN_QUERY (0x0008)
56#define TOKEN_QUERY_SOURCE (0x0010)
57#define TOKEN_ADJUST_PRIVILEGES (0x0020)
58#define TOKEN_ADJUST_GROUPS (0x0040)
59#define TOKEN_ADJUST_DEFAULT (0x0080)
60#define TOKEN_ADJUST_SESSIONID (0x0100)
61
62#define TOKEN_ALL_ACCESS_P \
63 (STANDARD_RIGHTS_REQUIRED | TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | TOKEN_IMPERSONATE | \
64 TOKEN_QUERY | TOKEN_QUERY_SOURCE | TOKEN_ADJUST_PRIVILEGES | TOKEN_ADJUST_GROUPS | \
65 TOKEN_ADJUST_DEFAULT)
66
67#define TOKEN_ALL_ACCESS (TOKEN_ALL_ACCESS_P | TOKEN_ADJUST_SESSIONID)
68
69#define TOKEN_READ (STANDARD_RIGHTS_READ | TOKEN_QUERY)
70
71#define TOKEN_WRITE \
72 (STANDARD_RIGHTS_WRITE | TOKEN_ADJUST_PRIVILEGES | TOKEN_ADJUST_GROUPS | TOKEN_ADJUST_DEFAULT)
73
74#define TOKEN_EXECUTE (STANDARD_RIGHTS_EXECUTE)
75
76#define TOKEN_MANDATORY_POLICY_OFF 0x0
77#define TOKEN_MANDATORY_POLICY_NO_WRITE_UP 0x1
78#define TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN 0x2
79
80#define TOKEN_MANDATORY_POLICY_VALID_MASK \
81 (TOKEN_MANDATORY_POLICY_NO_WRITE_UP | TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN)
82
83#define POLICY_AUDIT_SUBCATEGORY_COUNT (56)
84
85#define TOKEN_SOURCE_LENGTH 8
86
87#define SID_REVISION (1)
88#define SID_MAX_SUB_AUTHORITIES (15)
89#define SID_RECOMMENDED_SUB_AUTHORITIES (1)
90
91#define SID_HASH_SIZE 32
92
93#define SECURITY_MANDATORY_UNTRUSTED_RID 0x0000
94#define SECURITY_MANDATORY_LOW_RID 0x1000
95#define SECURITY_MANDATORY_MEDIUM_RID 0x2000
96#define SECURITY_MANDATORY_HIGH_RID 0x3000
97#define SECURITY_MANDATORY_SYSTEM_RID 0x4000
98
99#define SECURITY_NULL_SID_AUTHORITY \
100 { \
101 0, 0, 0, 0, 0, 0 \
102 }
103#define SECURITY_WORLD_SID_AUTHORITY \
104 { \
105 0, 0, 0, 0, 0, 1 \
106 }
107#define SECURITY_LOCAL_SID_AUTHORITY \
108 { \
109 0, 0, 0, 0, 0, 2 \
110 }
111#define SECURITY_CREATOR_SID_AUTHORITY \
112 { \
113 0, 0, 0, 0, 0, 3 \
114 }
115#define SECURITY_NON_UNIQUE_AUTHORITY \
116 { \
117 0, 0, 0, 0, 0, 4 \
118 }
119#define SECURITY_RESOURCE_MANAGER_AUTHORITY \
120 { \
121 0, 0, 0, 0, 0, 9 \
122 }
123
124#define SECURITY_NULL_RID (0x00000000L)
125#define SECURITY_WORLD_RID (0x00000000L)
126#define SECURITY_LOCAL_RID (0x00000000L)
127#define SECURITY_LOCAL_LOGON_RID (0x00000001L)
128
129#define SECURITY_CREATOR_OWNER_RID (0x00000000L)
130#define SECURITY_CREATOR_GROUP_RID (0x00000001L)
131#define SECURITY_CREATOR_OWNER_SERVER_RID (0x00000002L)
132#define SECURITY_CREATOR_GROUP_SERVER_RID (0x00000003L)
133#define SECURITY_CREATOR_OWNER_RIGHTS_RID (0x00000004L)
134
135typedef PVOID PACCESS_TOKEN;
136typedef PVOID PCLAIMS_BLOB;
137
138typedef struct
139{
140 LUID Luid;
141 DWORD Attributes;
142} LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
143typedef LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
144typedef LUID_AND_ATTRIBUTES_ARRAY* PLUID_AND_ATTRIBUTES_ARRAY;
145
146typedef struct
147{
148 BYTE Value[6];
149} SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY;
150
151typedef struct
152{
153 BYTE Revision;
154 BYTE SubAuthorityCount;
155 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
156 DWORD SubAuthority[ANYSIZE_ARRAY];
157} SID, *PISID;
158
159typedef enum
160{
161 SidTypeUser = 1,
162 SidTypeGroup,
163 SidTypeDomain,
164 SidTypeAlias,
165 SidTypeWellKnownGroup,
166 SidTypeDeletedAccount,
167 SidTypeInvalid,
168 SidTypeUnknown,
169 SidTypeComputer,
170 SidTypeLabel
171} SID_NAME_USE,
172 *PSID_NAME_USE;
173
174typedef struct
175{
176 PSID Sid;
177 DWORD Attributes;
178} SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
179
180typedef SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES_ARRAY[ANYSIZE_ARRAY];
181typedef SID_AND_ATTRIBUTES_ARRAY* PSID_AND_ATTRIBUTES_ARRAY;
182
183typedef ULONG_PTR SID_HASH_ENTRY, *PSID_HASH_ENTRY;
184
185typedef struct
186{
187 DWORD SidCount;
188 PSID_AND_ATTRIBUTES SidAttr;
189 SID_HASH_ENTRY Hash[SID_HASH_SIZE];
190} SID_AND_ATTRIBUTES_HASH, *PSID_AND_ATTRIBUTES_HASH;
191
192typedef enum
193{
194 TokenPrimary = 1,
195 TokenImpersonation
196} TOKEN_TYPE;
197typedef TOKEN_TYPE* PTOKEN_TYPE;
198
199typedef enum
200{
201 TokenElevationTypeDefault = 1,
202 TokenElevationTypeFull,
203 TokenElevationTypeLimited
204} TOKEN_ELEVATION_TYPE,
205 *PTOKEN_ELEVATION_TYPE;
206
207typedef enum
208{
209 TokenUser = 1,
210 TokenGroups,
211 TokenPrivileges,
212 TokenOwner,
213 TokenPrimaryGroup,
214 TokenDefaultDacl,
215 TokenSource,
216 TokenType,
217 TokenImpersonationLevel,
218 TokenStatistics,
219 TokenRestrictedSids,
220 TokenSessionId,
221 TokenGroupsAndPrivileges,
222 TokenSessionReference,
223 TokenSandBoxInert,
224 TokenAuditPolicy,
225 TokenOrigin,
226 TokenElevationType,
227 TokenLinkedToken,
228 TokenElevation,
229 TokenHasRestrictions,
230 TokenAccessInformation,
231 TokenVirtualizationAllowed,
232 TokenVirtualizationEnabled,
233 TokenIntegrityLevel,
234 TokenUIAccess,
235 TokenMandatoryPolicy,
236 TokenLogonSid,
237 TokenIsAppContainer,
238 TokenCapabilities,
239 TokenAppContainerSid,
240 TokenAppContainerNumber,
241 TokenUserClaimAttributes,
242 TokenDeviceClaimAttributes,
243 TokenRestrictedUserClaimAttributes,
244 TokenRestrictedDeviceClaimAttributes,
245 TokenDeviceGroups,
246 TokenRestrictedDeviceGroups,
247 TokenSecurityAttributes,
248 TokenIsRestricted,
249 MaxTokenInfoClass
250} TOKEN_INFORMATION_CLASS,
251 *PTOKEN_INFORMATION_CLASS;
252
253typedef struct
254{
255 SID_AND_ATTRIBUTES User;
256} TOKEN_USER, *PTOKEN_USER;
257
258typedef struct
259{
260 DWORD GroupCount;
261 SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
262} TOKEN_GROUPS, *PTOKEN_GROUPS;
263
264typedef struct
265{
266 DWORD PrivilegeCount;
267 LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY];
268} TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES;
269
270typedef struct
271{
272 PSID Owner;
273} TOKEN_OWNER, *PTOKEN_OWNER;
274
275typedef struct
276{
277 PSID PrimaryGroup;
278} TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP;
279
280typedef struct
281{
282 PACL DefaultDacl;
283} TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL;
284
285typedef struct
286{
287 PCLAIMS_BLOB UserClaims;
288} TOKEN_USER_CLAIMS, *PTOKEN_USER_CLAIMS;
289
290typedef struct
291{
292 PCLAIMS_BLOB DeviceClaims;
293} TOKEN_DEVICE_CLAIMS, *PTOKEN_DEVICE_CLAIMS;
294
295typedef struct
296{
297 DWORD SidCount;
298 DWORD SidLength;
299 PSID_AND_ATTRIBUTES Sids;
300 DWORD RestrictedSidCount;
301 DWORD RestrictedSidLength;
302 PSID_AND_ATTRIBUTES RestrictedSids;
303 DWORD PrivilegeCount;
304 DWORD PrivilegeLength;
305 PLUID_AND_ATTRIBUTES Privileges;
306 LUID AuthenticationId;
307} TOKEN_GROUPS_AND_PRIVILEGES, *PTOKEN_GROUPS_AND_PRIVILEGES;
308
309typedef struct
310{
311 HANDLE LinkedToken;
312} TOKEN_LINKED_TOKEN, *PTOKEN_LINKED_TOKEN;
313
314typedef struct
315{
316 DWORD TokenIsElevated;
317} TOKEN_ELEVATION, *PTOKEN_ELEVATION;
318
323
324typedef struct
325{
326 DWORD Policy;
327} TOKEN_MANDATORY_POLICY, *PTOKEN_MANDATORY_POLICY;
328
329typedef struct
330{
331 PSID_AND_ATTRIBUTES_HASH SidHash;
332 PSID_AND_ATTRIBUTES_HASH RestrictedSidHash;
333 PTOKEN_PRIVILEGES Privileges;
334 LUID AuthenticationId;
335 TOKEN_TYPE TokenType;
336 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
337 TOKEN_MANDATORY_POLICY MandatoryPolicy;
338 DWORD Flags;
339 DWORD AppContainerNumber;
340 PSID PackageSid;
341 PSID_AND_ATTRIBUTES_HASH CapabilitiesHash;
342} TOKEN_ACCESS_INFORMATION, *PTOKEN_ACCESS_INFORMATION;
343
344typedef struct
345{
346 BYTE PerUserPolicy[((POLICY_AUDIT_SUBCATEGORY_COUNT) >> 1) + 1];
347} TOKEN_AUDIT_POLICY, *PTOKEN_AUDIT_POLICY;
348
349typedef struct
350{
351 CHAR SourceName[TOKEN_SOURCE_LENGTH];
352 LUID SourceIdentifier;
353} TOKEN_SOURCE, *PTOKEN_SOURCE;
354
355typedef struct
356{
357 LUID TokenId;
358 LUID AuthenticationId;
359 LARGE_INTEGER ExpirationTime;
360 TOKEN_TYPE TokenType;
361 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
362 DWORD DynamicCharged;
363 DWORD DynamicAvailable;
364 DWORD GroupCount;
365 DWORD PrivilegeCount;
366 LUID ModifiedId;
367} TOKEN_STATISTICS, *PTOKEN_STATISTICS;
368
369typedef struct
370{
371 LUID TokenId;
372 LUID AuthenticationId;
373 LUID ModifiedId;
374 TOKEN_SOURCE TokenSource;
375} TOKEN_CONTROL, *PTOKEN_CONTROL;
376
377typedef struct
378{
379 LUID OriginatingLogonSession;
380} TOKEN_ORIGIN, *PTOKEN_ORIGIN;
381
382typedef enum
383{
384 MandatoryLevelUntrusted = 0,
385 MandatoryLevelLow,
386 MandatoryLevelMedium,
387 MandatoryLevelHigh,
388 MandatoryLevelSystem,
389 MandatoryLevelSecureProcess,
390 MandatoryLevelCount
391} MANDATORY_LEVEL,
392 *PMANDATORY_LEVEL;
393
394typedef struct
395{
396 PSID TokenAppContainer;
397} TOKEN_APPCONTAINER_INFORMATION, *PTOKEN_APPCONTAINER_INFORMATION;
398
399#ifdef __cplusplus
400extern "C"
401{
402#endif
403
404 WINPR_ATTR_NODISCARD
405 WINPR_API BOOL InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor,
406 DWORD dwRevision);
407
408 WINPR_ATTR_NODISCARD
409 WINPR_API DWORD GetSecurityDescriptorLength(PSECURITY_DESCRIPTOR pSecurityDescriptor);
410
411 WINPR_ATTR_NODISCARD
412 WINPR_API BOOL IsValidSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor);
413
414 WINPR_ATTR_NODISCARD
415 WINPR_API BOOL GetSecurityDescriptorControl(PSECURITY_DESCRIPTOR pSecurityDescriptor,
416 PSECURITY_DESCRIPTOR_CONTROL pControl,
417 LPDWORD lpdwRevision);
418
419 WINPR_ATTR_NODISCARD
420 WINPR_API BOOL SetSecurityDescriptorControl(PSECURITY_DESCRIPTOR pSecurityDescriptor,
421 SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest,
422 SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet);
423
424 WINPR_ATTR_NODISCARD
425 WINPR_API BOOL GetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor,
426 LPBOOL lpbDaclPresent, PACL* pDacl,
427 LPBOOL lpbDaclDefaulted);
428
429 WINPR_ATTR_NODISCARD
430 WINPR_API BOOL SetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor,
431 BOOL bDaclPresent, PACL pDacl, BOOL bDaclDefaulted);
432
433 WINPR_ATTR_NODISCARD
434 WINPR_API BOOL GetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR pSecurityDescriptor,
435 PSID* pGroup, LPBOOL lpbGroupDefaulted);
436
437 WINPR_ATTR_NODISCARD
438 WINPR_API BOOL SetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID pGroup,
439 BOOL bGroupDefaulted);
440
441 WINPR_ATTR_NODISCARD
442 WINPR_API BOOL GetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR pSecurityDescriptor,
443 PSID* pOwner, LPBOOL lpbOwnerDefaulted);
444
445 WINPR_ATTR_NODISCARD
446 WINPR_API BOOL SetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID pOwner,
447 BOOL bOwnerDefaulted);
448
449 WINPR_ATTR_NODISCARD
450 WINPR_API DWORD GetSecurityDescriptorRMControl(PSECURITY_DESCRIPTOR SecurityDescriptor,
451 PUCHAR RMControl);
452
453 WINPR_ATTR_NODISCARD
454 WINPR_API DWORD SetSecurityDescriptorRMControl(PSECURITY_DESCRIPTOR SecurityDescriptor,
455 PUCHAR RMControl);
456
457 WINPR_ATTR_NODISCARD
458 WINPR_API BOOL GetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor,
459 LPBOOL lpbSaclPresent, PACL* pSacl,
460 LPBOOL lpbSaclDefaulted);
461
462 WINPR_ATTR_NODISCARD
463 WINPR_API BOOL SetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor,
464 BOOL bSaclPresent, PACL pSacl, BOOL bSaclDefaulted);
465
466#ifdef __cplusplus
467}
468#endif
469
470#endif
471
472#endif /* WINPR_SECURITY_H */
LUID_AND_ATTRIBUTES
Definition winpr/include/winpr/security.h:139
LUID
Definition wtypes.h:263
SID_AND_ATTRIBUTES_HASH
Definition winpr/include/winpr/security.h:186
SID_AND_ATTRIBUTES
Definition winpr/include/winpr/security.h:175
SID_IDENTIFIER_AUTHORITY
Definition winpr/include/winpr/security.h:147
TOKEN_ACCESS_INFORMATION
Definition winpr/include/winpr/security.h:330
TOKEN_APPCONTAINER_INFORMATION
Definition winpr/include/winpr/security.h:395
TOKEN_AUDIT_POLICY
Definition winpr/include/winpr/security.h:345
TOKEN_CONTROL
Definition winpr/include/winpr/security.h:370
TOKEN_DEFAULT_DACL
Definition winpr/include/winpr/security.h:281
TOKEN_DEVICE_CLAIMS
Definition winpr/include/winpr/security.h:291
TOKEN_ELEVATION
Definition winpr/include/winpr/security.h:315
TOKEN_GROUPS_AND_PRIVILEGES
Definition winpr/include/winpr/security.h:296
TOKEN_GROUPS
Definition winpr/include/winpr/security.h:259
TOKEN_LINKED_TOKEN
Definition winpr/include/winpr/security.h:310
TOKEN_MANDATORY_LABEL
Definition winpr/include/winpr/security.h:320
TOKEN_MANDATORY_POLICY
Definition winpr/include/winpr/security.h:325
TOKEN_ORIGIN
Definition winpr/include/winpr/security.h:378
TOKEN_OWNER
Definition winpr/include/winpr/security.h:271
TOKEN_PRIMARY_GROUP
Definition winpr/include/winpr/security.h:276
TOKEN_PRIVILEGES
Definition winpr/include/winpr/security.h:265
TOKEN_SOURCE
Definition winpr/include/winpr/security.h:350
TOKEN_STATISTICS
Definition winpr/include/winpr/security.h:356
TOKEN_USER_CLAIMS
Definition winpr/include/winpr/security.h:286
TOKEN_USER
Definition winpr/include/winpr/security.h:254
LARGE_INTEGER
Definition wtypes.h:309