Introduce core security and privilege structures
This commit is contained in:
@@ -54,6 +54,11 @@
|
|||||||
/* Default security quota */
|
/* Default security quota */
|
||||||
#define SE_DEFAULT_SECURITY_QUOTA 2048
|
#define SE_DEFAULT_SECURITY_QUOTA 2048
|
||||||
|
|
||||||
|
#define SE_INITIAL_PRIVILEGE_COUNT 3
|
||||||
|
|
||||||
|
/* Token source length */
|
||||||
|
#define SE_TOKEN_SOURCE_LENGTH 8
|
||||||
|
|
||||||
/* C/C++ specific code */
|
/* C/C++ specific code */
|
||||||
#ifndef __XTOS_ASSEMBLER__
|
#ifndef __XTOS_ASSEMBLER__
|
||||||
|
|
||||||
@@ -66,6 +71,15 @@ typedef enum _SECURITY_IMPERSONATION_LEVEL
|
|||||||
SecurityDelegation
|
SecurityDelegation
|
||||||
} SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL;
|
} SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL;
|
||||||
|
|
||||||
|
/* Security operation codes */
|
||||||
|
typedef enum _SECURITY_OPERATION_CODE
|
||||||
|
{
|
||||||
|
SetSecurityDescriptor,
|
||||||
|
QuerySecurityDescriptor,
|
||||||
|
DeleteSecurityDescriptor,
|
||||||
|
AssignSecurityDescriptor
|
||||||
|
} SECURITY_OPERATION_CODE, *PSECURITY_OPERATION_CODE;
|
||||||
|
|
||||||
/* Generic security mapping structure definition */
|
/* Generic security mapping structure definition */
|
||||||
typedef struct _GENERIC_MAPPING
|
typedef struct _GENERIC_MAPPING
|
||||||
{
|
{
|
||||||
@@ -75,6 +89,45 @@ typedef struct _GENERIC_MAPPING
|
|||||||
ULONG GenericAll;
|
ULONG GenericAll;
|
||||||
} GENERIC_MAPPING, *PGENERIC_MAPPING;
|
} GENERIC_MAPPING, *PGENERIC_MAPPING;
|
||||||
|
|
||||||
|
/* LUID and attributes structure definition */
|
||||||
|
typedef struct _LUID_AND_ATTRIBUTES
|
||||||
|
{
|
||||||
|
LUID Luid;
|
||||||
|
ULONG Attributes;
|
||||||
|
} LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
|
||||||
|
|
||||||
|
/* Initial privilege set structure definition */
|
||||||
|
typedef struct _INITIAL_PRIVILEGE_SET
|
||||||
|
{
|
||||||
|
ULONG PrivilegeCount;
|
||||||
|
ULONG Control;
|
||||||
|
LUID_AND_ATTRIBUTES Privilege[SE_INITIAL_PRIVILEGE_COUNT];
|
||||||
|
} INITIAL_PRIVILEGE_SET, * PINITIAL_PRIVILEGE_SET;
|
||||||
|
|
||||||
|
/* Privilege set structure definition */
|
||||||
|
typedef struct _PRIVILEGE_SET
|
||||||
|
{
|
||||||
|
ULONG PrivilegeCount;
|
||||||
|
ULONG Control;
|
||||||
|
LUID_AND_ATTRIBUTES Privilege[1];
|
||||||
|
} PRIVILEGE_SET, *PPRIVILEGE_SET;
|
||||||
|
|
||||||
|
/* Token source structure definition */
|
||||||
|
typedef struct _TOKEN_SOURCE
|
||||||
|
{
|
||||||
|
CHAR SourceName[SE_TOKEN_SOURCE_LENGTH];
|
||||||
|
LUID SourceIdentifier;
|
||||||
|
} TOKEN_SOURCE, *PTOKEN_SOURCE;
|
||||||
|
|
||||||
|
/* Token control structure definition */
|
||||||
|
typedef struct _TOKEN_CONTROL
|
||||||
|
{
|
||||||
|
LUID TokenId;
|
||||||
|
LUID AuthenticationId;
|
||||||
|
LUID ModifiedId;
|
||||||
|
TOKEN_SOURCE TokenSource;
|
||||||
|
} TOKEN_CONTROL, *PTOKEN_CONTROL;
|
||||||
|
|
||||||
/* Security quality of service structure definition */
|
/* Security quality of service structure definition */
|
||||||
typedef struct _SECURITY_QUALITY_OF_SERVICE
|
typedef struct _SECURITY_QUALITY_OF_SERVICE
|
||||||
{
|
{
|
||||||
@@ -84,5 +137,50 @@ typedef struct _SECURITY_QUALITY_OF_SERVICE
|
|||||||
BOOLEAN EffectiveOnly;
|
BOOLEAN EffectiveOnly;
|
||||||
} SECURITY_QUALITY_OF_SERVICE, *PSECURITY_QUALITY_OF_SERVICE;
|
} SECURITY_QUALITY_OF_SERVICE, *PSECURITY_QUALITY_OF_SERVICE;
|
||||||
|
|
||||||
|
/* Security client context structure definition */
|
||||||
|
typedef struct _SECURITY_CLIENT_CONTEXT
|
||||||
|
{
|
||||||
|
SECURITY_QUALITY_OF_SERVICE SecurityQos;
|
||||||
|
PACCESS_TOKEN ClientToken;
|
||||||
|
BOOLEAN DirectlyAccessClientToken;
|
||||||
|
BOOLEAN DirectAccessEffectiveOnly;
|
||||||
|
BOOLEAN ServerIsRemote;
|
||||||
|
TOKEN_CONTROL ClientTokenControl;
|
||||||
|
} SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
|
||||||
|
|
||||||
|
/* Security subject context structure definition */
|
||||||
|
typedef struct _SECURITY_SUBJECT_CONTEXT
|
||||||
|
{
|
||||||
|
PACCESS_TOKEN ClientToken;
|
||||||
|
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
|
||||||
|
PACCESS_TOKEN PrimaryToken;
|
||||||
|
PVOID ProcessAuditId;
|
||||||
|
} SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT;
|
||||||
|
|
||||||
|
/* Access state structure definition */
|
||||||
|
typedef struct _ACCESS_STATE
|
||||||
|
{
|
||||||
|
LUID OperationID;
|
||||||
|
BOOLEAN SecurityEvaluated;
|
||||||
|
BOOLEAN GenerateAudit;
|
||||||
|
BOOLEAN GenerateOnClose;
|
||||||
|
BOOLEAN PrivilegesAllocated;
|
||||||
|
ULONG Flags;
|
||||||
|
ACCESS_MASK RemainingDesiredAccess;
|
||||||
|
ACCESS_MASK PreviouslyGrantedAccess;
|
||||||
|
ACCESS_MASK OriginalDesiredAccess;
|
||||||
|
SECURITY_SUBJECT_CONTEXT SubjectSecurityContext;
|
||||||
|
PSECURITY_DESCRIPTOR SecurityDescriptor;
|
||||||
|
PVOID AuxData;
|
||||||
|
union
|
||||||
|
{
|
||||||
|
INITIAL_PRIVILEGE_SET InitialPrivilegeSet;
|
||||||
|
PRIVILEGE_SET PrivilegeSet;
|
||||||
|
} Privileges;
|
||||||
|
BOOLEAN AuditPrivileges;
|
||||||
|
UNICODE_STRING ObjectName;
|
||||||
|
UNICODE_STRING ObjectTypeName;
|
||||||
|
} ACCESS_STATE, *PACCESS_STATE;
|
||||||
|
|
||||||
#endif /* __XTOS_ASSEMBLER__ */
|
#endif /* __XTOS_ASSEMBLER__ */
|
||||||
#endif /* __XTDK_SETYPES_H */
|
#endif /* __XTDK_SETYPES_H */
|
||||||
|
|||||||
@@ -62,11 +62,13 @@ typedef enum _MODE MODE, *PMODE;
|
|||||||
typedef enum _RTL_BALANCED_NODE_COLOR RTL_BALANCED_NODE_COLOR, *PRTL_BALANCED_NODE_COLOR;
|
typedef enum _RTL_BALANCED_NODE_COLOR RTL_BALANCED_NODE_COLOR, *PRTL_BALANCED_NODE_COLOR;
|
||||||
typedef enum _RTL_VARIABLE_TYPE RTL_VARIABLE_TYPE, *PRTL_VARIABLE_TYPE;
|
typedef enum _RTL_VARIABLE_TYPE RTL_VARIABLE_TYPE, *PRTL_VARIABLE_TYPE;
|
||||||
typedef enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL;
|
typedef enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL;
|
||||||
|
typedef enum _SECURITY_OPERATION_CODE SECURITY_OPERATION_CODE, *PSECURITY_OPERATION_CODE;
|
||||||
typedef enum _SYSTEM_FIRMWARE_TYPE SYSTEM_FIRMWARE_TYPE, *PSYSTEM_FIRMWARE_TYPE;
|
typedef enum _SYSTEM_FIRMWARE_TYPE SYSTEM_FIRMWARE_TYPE, *PSYSTEM_FIRMWARE_TYPE;
|
||||||
typedef enum _SYSTEM_RESOURCE_TYPE SYSTEM_RESOURCE_TYPE, *PSYSTEM_RESOURCE_TYPE;
|
typedef enum _SYSTEM_RESOURCE_TYPE SYSTEM_RESOURCE_TYPE, *PSYSTEM_RESOURCE_TYPE;
|
||||||
typedef enum _WAIT_TYPE WAIT_TYPE, *PWAIT_TYPE;
|
typedef enum _WAIT_TYPE WAIT_TYPE, *PWAIT_TYPE;
|
||||||
|
|
||||||
/* Structures forward references */
|
/* Structures forward references */
|
||||||
|
typedef struct _ACCESS_STATE ACCESS_STATE, *PACCESS_STATE;
|
||||||
typedef struct _ACPI_CACHE_LIST ACPI_CACHE_LIST, *PACPI_CACHE_LIST;
|
typedef struct _ACPI_CACHE_LIST ACPI_CACHE_LIST, *PACPI_CACHE_LIST;
|
||||||
typedef struct _ACPI_DESCRIPTION_HEADER ACPI_DESCRIPTION_HEADER, *PACPI_DESCRIPTION_HEADER;
|
typedef struct _ACPI_DESCRIPTION_HEADER ACPI_DESCRIPTION_HEADER, *PACPI_DESCRIPTION_HEADER;
|
||||||
typedef struct _ACPI_FADT ACPI_FADT, *PACPI_FADT;
|
typedef struct _ACPI_FADT ACPI_FADT, *PACPI_FADT;
|
||||||
@@ -256,6 +258,7 @@ typedef struct _GENERIC_MAPPING GENERIC_MAPPING, *PGENERIC_MAPPING;
|
|||||||
typedef struct _GUID GUID, *PGUID;
|
typedef struct _GUID GUID, *PGUID;
|
||||||
typedef struct _HL_FRAMEBUFFER_DATA HL_FRAMEBUFFER_DATA, *PHL_FRAMEBUFFER_DATA;
|
typedef struct _HL_FRAMEBUFFER_DATA HL_FRAMEBUFFER_DATA, *PHL_FRAMEBUFFER_DATA;
|
||||||
typedef struct _HL_SCROLL_REGION_DATA HL_SCROLL_REGION_DATA, *PHL_SCROLL_REGION_DATA;
|
typedef struct _HL_SCROLL_REGION_DATA HL_SCROLL_REGION_DATA, *PHL_SCROLL_REGION_DATA;
|
||||||
|
typedef struct _INITIAL_PRIVILEGE_SET INITIAL_PRIVILEGE_SET, *PINITIAL_PRIVILEGE_SET;
|
||||||
typedef struct _KAFFINITY_MAP KAFFINITY_MAP, *PKAFFINITY_MAP;
|
typedef struct _KAFFINITY_MAP KAFFINITY_MAP, *PKAFFINITY_MAP;
|
||||||
typedef struct _KAPC KAPC, *PKAPC;
|
typedef struct _KAPC KAPC, *PKAPC;
|
||||||
typedef struct _KAPC_STATE KAPC_STATE, *PKAPC_STATE;
|
typedef struct _KAPC_STATE KAPC_STATE, *PKAPC_STATE;
|
||||||
@@ -298,6 +301,7 @@ typedef struct _LOADER_MEMORY_DESCRIPTOR LOADER_MEMORY_DESCRIPTOR, *PLOADER_MEMO
|
|||||||
typedef struct _LOOKASIDE_LIST LOOKASIDE_LIST, *PLOOKASIDE_LIST;
|
typedef struct _LOOKASIDE_LIST LOOKASIDE_LIST, *PLOOKASIDE_LIST;
|
||||||
typedef struct _LOOKASIDE_LIST_EX LOOKASIDE_LIST_EX, *PLOOKASIDE_LIST_EX;
|
typedef struct _LOOKASIDE_LIST_EX LOOKASIDE_LIST_EX, *PLOOKASIDE_LIST_EX;
|
||||||
typedef struct _LUID LUID, *PLUID;
|
typedef struct _LUID LUID, *PLUID;
|
||||||
|
typedef struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES;
|
||||||
typedef struct _M128 M128, *PM128;
|
typedef struct _M128 M128, *PM128;
|
||||||
typedef struct _MMCOLOR_TABLES MMCOLOR_TABLES, *PMMCOLOR_TABLES;
|
typedef struct _MMCOLOR_TABLES MMCOLOR_TABLES, *PMMCOLOR_TABLES;
|
||||||
typedef struct _MMFREE_POOL_ENTRY MMFREE_POOL_ENTRY, *PMMFREE_POOL_ENTRY;
|
typedef struct _MMFREE_POOL_ENTRY MMFREE_POOL_ENTRY, *PMMFREE_POOL_ENTRY;
|
||||||
@@ -341,6 +345,7 @@ typedef struct _PHYSICAL_MEMORY_RUN PHYSICAL_MEMORY_RUN, *PPHYSICAL_MEMORY_RUN;
|
|||||||
typedef struct _POOL_HEADER POOL_HEADER, *PPOOL_HEADER;
|
typedef struct _POOL_HEADER POOL_HEADER, *PPOOL_HEADER;
|
||||||
typedef struct _POOL_TRACKING_BIG_ALLOCATIONS POOL_TRACKING_BIG_ALLOCATIONS, *PPOOL_TRACKING_BIG_ALLOCATIONS;
|
typedef struct _POOL_TRACKING_BIG_ALLOCATIONS POOL_TRACKING_BIG_ALLOCATIONS, *PPOOL_TRACKING_BIG_ALLOCATIONS;
|
||||||
typedef struct _POOL_TRACKING_TABLE POOL_TRACKING_TABLE, *PPOOL_TRACKING_TABLE;
|
typedef struct _POOL_TRACKING_TABLE POOL_TRACKING_TABLE, *PPOOL_TRACKING_TABLE;
|
||||||
|
typedef struct _PRIVILEGE_SET PRIVILEGE_SET, *PPRIVILEGE_SET;
|
||||||
typedef struct _PROCESSOR_IDENTITY PROCESSOR_IDENTITY, *PPROCESSOR_IDENTITY;
|
typedef struct _PROCESSOR_IDENTITY PROCESSOR_IDENTITY, *PPROCESSOR_IDENTITY;
|
||||||
typedef struct _PROCESSOR_POWER_STATE PROCESSOR_POWER_STATE, *PPROCESSOR_POWER_STATE;
|
typedef struct _PROCESSOR_POWER_STATE PROCESSOR_POWER_STATE, *PPROCESSOR_POWER_STATE;
|
||||||
typedef struct _QUAD QUAD, *PQUAD;
|
typedef struct _QUAD QUAD, *PQUAD;
|
||||||
@@ -349,7 +354,9 @@ typedef struct _RTL_BITMAP RTL_BITMAP, *PRTL_BITMAP;
|
|||||||
typedef struct _RTL_PRINT_CONTEXT RTL_PRINT_CONTEXT, *PRTL_PRINT_CONTEXT;
|
typedef struct _RTL_PRINT_CONTEXT RTL_PRINT_CONTEXT, *PRTL_PRINT_CONTEXT;
|
||||||
typedef struct _RTL_PRINT_FORMAT_PROPERTIES RTL_PRINT_FORMAT_PROPERTIES, *PRTL_PRINT_FORMAT_PROPERTIES;
|
typedef struct _RTL_PRINT_FORMAT_PROPERTIES RTL_PRINT_FORMAT_PROPERTIES, *PRTL_PRINT_FORMAT_PROPERTIES;
|
||||||
typedef struct _RTL_RB_TREE RTL_RB_TREE, *PRTL_RB_TREE;
|
typedef struct _RTL_RB_TREE RTL_RB_TREE, *PRTL_RB_TREE;
|
||||||
|
typedef struct _SECURITY_CLIENT_CONTEXT SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT;
|
||||||
typedef struct _SECURITY_QUALITY_OF_SERVICE SECURITY_QUALITY_OF_SERVICE, *PSECURITY_QUALITY_OF_SERVICE;
|
typedef struct _SECURITY_QUALITY_OF_SERVICE SECURITY_QUALITY_OF_SERVICE, *PSECURITY_QUALITY_OF_SERVICE;
|
||||||
|
typedef struct _SECURITY_SUBJECT_CONTEXT SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT;
|
||||||
typedef struct _SINGLE_LIST_ENTRY SINGLE_LIST_ENTRY, *PSINGLE_LIST_ENTRY;
|
typedef struct _SINGLE_LIST_ENTRY SINGLE_LIST_ENTRY, *PSINGLE_LIST_ENTRY;
|
||||||
typedef struct _SMBIOS_TABLE_HEADER SMBIOS_TABLE_HEADER, *PSMBIOS_TABLE_HEADER;
|
typedef struct _SMBIOS_TABLE_HEADER SMBIOS_TABLE_HEADER, *PSMBIOS_TABLE_HEADER;
|
||||||
typedef struct _SMBIOS3_TABLE_HEADER SMBIOS3_TABLE_HEADER, *PSMBIOS3_TABLE_HEADER;
|
typedef struct _SMBIOS3_TABLE_HEADER SMBIOS3_TABLE_HEADER, *PSMBIOS3_TABLE_HEADER;
|
||||||
@@ -359,6 +366,8 @@ typedef struct _STRING64 STRING64, *PSTRING64;
|
|||||||
typedef struct _THREAD_INFORMATION_BLOCK THREAD_INFORMATION_BLOCK, *PTHREAD_INFORMATION_BLOCK;
|
typedef struct _THREAD_INFORMATION_BLOCK THREAD_INFORMATION_BLOCK, *PTHREAD_INFORMATION_BLOCK;
|
||||||
typedef struct _TIME_FIELDS TIME_FIELDS, *PTIME_FIELDS;
|
typedef struct _TIME_FIELDS TIME_FIELDS, *PTIME_FIELDS;
|
||||||
typedef struct _TIMER_ROUTINES TIMER_ROUTINES, *PTIMER_ROUTINES;
|
typedef struct _TIMER_ROUTINES TIMER_ROUTINES, *PTIMER_ROUTINES;
|
||||||
|
typedef struct _TOKEN_CONTROL TOKEN_CONTROL, *PTOKEN_CONTROL;
|
||||||
|
typedef struct _TOKEN_SOURCE TOKEN_SOURCE, *PTOKEN_SOURCE;
|
||||||
typedef struct _UEFI_FIRMWARE_INFORMATION UEFI_FIRMWARE_INFORMATION, *PUEFI_FIRMWARE_INFORMATION;
|
typedef struct _UEFI_FIRMWARE_INFORMATION UEFI_FIRMWARE_INFORMATION, *PUEFI_FIRMWARE_INFORMATION;
|
||||||
typedef struct _UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING;
|
typedef struct _UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING;
|
||||||
typedef struct _UNICODE_STRING32 UNICODE_STRING32, *PUNICODE_STRING32;
|
typedef struct _UNICODE_STRING32 UNICODE_STRING32, *PUNICODE_STRING32;
|
||||||
|
|||||||
Reference in New Issue
Block a user