From b76a240fd8f691691f6d29aa6900782beb56d4be Mon Sep 17 00:00:00 2001 From: Aiken Harris Date: Fri, 3 Jul 2026 10:23:10 +0200 Subject: [PATCH] Define core security structures --- sdk/xtdk/setypes.h | 88 +++++++++++++++++++++++++++++++++++++++++++++ sdk/xtdk/xtbase.h | 9 +++++ sdk/xtdk/xtkmapi.h | 1 + sdk/xtdk/xtstruct.h | 3 ++ 4 files changed, 101 insertions(+) create mode 100644 sdk/xtdk/setypes.h diff --git a/sdk/xtdk/setypes.h b/sdk/xtdk/setypes.h new file mode 100644 index 0000000..96b3ec0 --- /dev/null +++ b/sdk/xtdk/setypes.h @@ -0,0 +1,88 @@ +/** + * PROJECT: ExectOS + * COPYRIGHT: See COPYING.md in the top level directory + * FILE: sdk/xtdk/setypes.h + * DESCRIPTION: Kernel Security structures and definitions + * DEVELOPERS: Aiken Harris + */ + +#ifndef __XTDK_SETYPES_H +#define __XTDK_SETYPES_H + +#include +#include +#include + + +/* Privilege LUIDs */ +#define SE_LUID_MIN_WELL_KNOWN_PRIVILEGE (LUID){2, 0} +#define SE_LUID_CREATE_TOKEN_PRIVILEGE (LUID){2, 0} +#define SE_LUID_ASSIGNPRIMARYTOKEN_PRIVILEGE (LUID){3, 0} +#define SE_LUID_LOCK_MEMORY_PRIVILEGE (LUID){4, 0} +#define SE_LUID_INCREASE_QUOTA_PRIVILEGE (LUID){5, 0} +#define SE_LUID_MACHINE_ACCOUNT_PRIVILEGE (LUID){6, 0} +#define SE_LUID_TCB_PRIVILEGE (LUID){7, 0} +#define SE_LUID_SECURITY_PRIVILEGE (LUID){8, 0} +#define SE_LUID_TAKE_OWNERSHIP_PRIVILEGE (LUID){9, 0} +#define SE_LUID_LOAD_DRIVER_PRIVILEGE (LUID){10, 0} +#define SE_LUID_SYSTEM_PROFILE_PRIVILEGE (LUID){11, 0} +#define SE_LUID_SYSTEMTIME_PRIVILEGE (LUID){12, 0} +#define SE_LUID_PROF_SINGLE_PROCESS_PRIVILEGE (LUID){13, 0} +#define SE_LUID_INC_BASE_PRIORITY_PRIVILEGE (LUID){14, 0} +#define SE_LUID_CREATE_PAGEFILE_PRIVILEGE (LUID){15, 0} +#define SE_LUID_CREATE_PERMANENT_PRIVILEGE (LUID){16, 0} +#define SE_LUID_BACKUP_PRIVILEGE (LUID){17, 0} +#define SE_LUID_RESTORE_PRIVILEGE (LUID){18, 0} +#define SE_LUID_SHUTDOWN_PRIVILEGE (LUID){19, 0} +#define SE_LUID_DEBUG_PRIVILEGE (LUID){20, 0} +#define SE_LUID_AUDIT_PRIVILEGE (LUID){21, 0} +#define SE_LUID_SYSTEM_ENVIRONMENT_PRIVILEGE (LUID){22, 0} +#define SE_LUID_CHANGE_NOTIFY_PRIVILEGE (LUID){23, 0} +#define SE_LUID_REMOTE_SHUTDOWN_PRIVILEGE (LUID){24, 0} +#define SE_LUID_UNDOCK_PRIVILEGE (LUID){25, 0} +#define SE_LUID_SYNC_AGENT_PRIVILEGE (LUID){26, 0} +#define SE_LUID_ENABLE_DELEGATION_PRIVILEGE (LUID){27, 0} +#define SE_LUID_MANAGE_VOLUME_PRIVILEGE (LUID){28, 0} +#define SE_LUID_IMPERSONATE_PRIVILEGE (LUID){29, 0} +#define SE_LUID_CREATE_GLOBAL_PRIVILEGE (LUID){30, 0} +#define SE_LUID_TRUSTED_CREDMAN_ACCESS_PRIVILEGE (LUID){31, 0} +#define SE_LUID_RELABEL_PRIVILEGE (LUID){32, 0} +#define SE_LUID_INC_WORKING_SET_PRIVILEGE (LUID){33, 0} +#define SE_LUID_TIME_ZONE_PRIVILEGE (LUID){34, 0} +#define SE_LUID_CREATE_SYMBOLIC_LINK_PRIVILEGE (LUID){35, 0} + +/* Default security quota */ +#define SE_DEFAULT_SECURITY_QUOTA 2048 + +/* C/C++ specific code */ +#ifndef __XTOS_ASSEMBLER__ + +/* Security impersonation levels */ +typedef enum _SECURITY_IMPERSONATION_LEVEL +{ + SecurityAnonymous, + SecurityIdentification, + SecurityImpersonation, + SecurityDelegation +} SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL; + +/* Generic security mapping structure definition */ +typedef struct _GENERIC_MAPPING +{ + ULONG GenericRead; + ULONG GenericWrite; + ULONG GenericExecute; + ULONG GenericAll; +} GENERIC_MAPPING, *PGENERIC_MAPPING; + +/* Security quality of service structure definition */ +typedef struct _SECURITY_QUALITY_OF_SERVICE +{ + ULONG Length; + SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; + SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode; + BOOLEAN EffectiveOnly; +} SECURITY_QUALITY_OF_SERVICE, *PSECURITY_QUALITY_OF_SERVICE; + +#endif /* __XTOS_ASSEMBLER__ */ +#endif /* __XTDK_SETYPES_H */ diff --git a/sdk/xtdk/xtbase.h b/sdk/xtdk/xtbase.h index be5cf74..7418a9e 100644 --- a/sdk/xtdk/xtbase.h +++ b/sdk/xtdk/xtbase.h @@ -17,6 +17,9 @@ /* C/C++ specific code */ #ifndef __XTOS_ASSEMBLER__ +/* Access mask */ +typedef ULONG ACCESS_MASK, *PACCESS_MASK; + /* Kernel affinity */ typedef ULONG_PTR KAFFINITY, *PKAFFINITY; @@ -41,6 +44,12 @@ typedef ULONG_PTR PFN_NUMBER, *PPFN_NUMBER; /* Physical address */ typedef LARGE_INTEGER PHYSICAL_ADDRESS, *PPHYSICAL_ADDRESS; +/* Security descriptor */ +typedef PVOID PSECURITY_DESCRIPTOR; + +/* Security context tracking mode */ +typedef BOOLEAN SECURITY_CONTEXT_TRACKING_MODE, *PSECURITY_CONTEXT_TRACKING_MODE; + /* 128-bit 16-byte aligned XMM register */ typedef struct _M128 { diff --git a/sdk/xtdk/xtkmapi.h b/sdk/xtdk/xtkmapi.h index 142a21a..2505bdb 100644 --- a/sdk/xtdk/xtkmapi.h +++ b/sdk/xtdk/xtkmapi.h @@ -38,6 +38,7 @@ #include #include #include +#include /* Architecture-specific low level data types headers */ #include ARCH_HEADER(artypes.h) diff --git a/sdk/xtdk/xtstruct.h b/sdk/xtdk/xtstruct.h index c181720..8f683c0 100644 --- a/sdk/xtdk/xtstruct.h +++ b/sdk/xtdk/xtstruct.h @@ -61,6 +61,7 @@ typedef enum _MMSYSTEM_PTE_POOL_TYPE MMSYSTEM_PTE_POOL_TYPE, *PMMSYSTEM_PTE_POOL typedef enum _MODE MODE, *PMODE; typedef enum _RTL_BALANCED_NODE_COLOR RTL_BALANCED_NODE_COLOR, *PRTL_BALANCED_NODE_COLOR; typedef enum _RTL_VARIABLE_TYPE RTL_VARIABLE_TYPE, *PRTL_VARIABLE_TYPE; +typedef enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL; typedef enum _SYSTEM_FIRMWARE_TYPE SYSTEM_FIRMWARE_TYPE, *PSYSTEM_FIRMWARE_TYPE; typedef enum _SYSTEM_RESOURCE_TYPE SYSTEM_RESOURCE_TYPE, *PSYSTEM_RESOURCE_TYPE; typedef enum _WAIT_TYPE WAIT_TYPE, *PWAIT_TYPE; @@ -251,6 +252,7 @@ typedef struct _FIRMWARE_INFORMATION_BLOCK FIRMWARE_INFORMATION_BLOCK, *PFIRMWAR typedef struct _FLOAT128 FLOAT128, *PFLOAT128; typedef struct _GENERAL_LOOKASIDE GENERAL_LOOKASIDE, *PGENERAL_LOOKASIDE; typedef struct _GENERIC_ADDRESS GENERIC_ADDRESS, *PGENERIC_ADDRESS; +typedef struct _GENERIC_MAPPING GENERIC_MAPPING, *PGENERIC_MAPPING; typedef struct _GUID GUID, *PGUID; typedef struct _HL_FRAMEBUFFER_DATA HL_FRAMEBUFFER_DATA, *PHL_FRAMEBUFFER_DATA; typedef struct _HL_SCROLL_REGION_DATA HL_SCROLL_REGION_DATA, *PHL_SCROLL_REGION_DATA; @@ -346,6 +348,7 @@ typedef struct _RTL_BITMAP RTL_BITMAP, *PRTL_BITMAP; typedef struct _RTL_PRINT_CONTEXT RTL_PRINT_CONTEXT, *PRTL_PRINT_CONTEXT; typedef struct _RTL_PRINT_FORMAT_PROPERTIES RTL_PRINT_FORMAT_PROPERTIES, *PRTL_PRINT_FORMAT_PROPERTIES; typedef struct _RTL_RB_TREE RTL_RB_TREE, *PRTL_RB_TREE; +typedef struct _SECURITY_QUALITY_OF_SERVICE SECURITY_QUALITY_OF_SERVICE, *PSECURITY_QUALITY_OF_SERVICE; typedef struct _SINGLE_LIST_ENTRY SINGLE_LIST_ENTRY, *PSINGLE_LIST_ENTRY; typedef struct _SMBIOS_TABLE_HEADER SMBIOS_TABLE_HEADER, *PSMBIOS_TABLE_HEADER; typedef struct _SMBIOS3_TABLE_HEADER SMBIOS3_TABLE_HEADER, *PSMBIOS3_TABLE_HEADER;