diff --git a/include/winnt.h b/include/winnt.h index bdcd90a9ddc..b5393f57e6e 100644 --- a/include/winnt.h +++ b/include/winnt.h @@ -4289,6 +4289,7 @@ static const WCHAR SE_CREATE_GLOBAL_NAME[] = { 'S','e','C','r','e','a','t','e',' #define SE_PRIVILEGE_ENABLED 0x00000002 #define SE_PRIVILEGE_REMOVED 0x00000004 #define SE_PRIVILEGE_USED_FOR_ACCESS 0x80000000 +#define SE_PRIVILEGE_VALID_ATTRIBUTES 0x80000007 #define PRIVILEGE_SET_ALL_NECESSARY 1 @@ -4356,6 +4357,7 @@ typedef struct _SID_AND_ATTRIBUTES { /* S-1-2 */ #define SECURITY_LOCAL_SID_AUTHORITY {0,0,0,0,0,2} +#define SECURITY_LOCAL_LOGON_RID __MSABI_LONG(0X00000000) /* S-1-3 */ #define SECURITY_CREATOR_SID_AUTHORITY {0,0,0,0,0,3} @@ -4390,16 +4392,35 @@ typedef struct _SID_AND_ATTRIBUTES { #define SECURITY_LOCAL_SERVICE_RID __MSABI_LONG(0x00000013) #define SECURITY_NETWORK_SERVICE_RID __MSABI_LONG(0x00000014) #define SECURITY_NT_NON_UNIQUE __MSABI_LONG(0x00000015) +#define SECURITY_ENTERPRISE_READONLY_CONTROLLERS_RID __MSABI_LONG(0x00000016) #define SECURITY_BUILTIN_DOMAIN_RID __MSABI_LONG(0x00000020) +#define SECURITY_WRITE_RESTRICTED_CODE_RID __MSABI_LONG(0x00000021) #define SECURITY_PACKAGE_BASE_RID __MSABI_LONG(0x00000040) #define SECURITY_PACKAGE_NTLM_RID __MSABI_LONG(0x0000000A) #define SECURITY_PACKAGE_SCHANNEL_RID __MSABI_LONG(0x0000000E) #define SECURITY_PACKAGE_DIGEST_RID __MSABI_LONG(0x00000015) +#define SECURITY_CRED_TYPE_BASE_RID __MSABI_LONG(0x00000041) +#define SECURITY_CRED_TYPE_THIS_ORG_CERT_RID __MSABI_LONG(0x00000001) +#define SECURITY_MIN_BASE_RID __MSABI_LONG(0x00000050) +#define SECURITY_SERVICE_ID_BASE_RID __MSABI_LONG(0x00000050) +#define SECURITY_RESERVED_ID_BASE_RID __MSABI_LONG(0x00000051) +#define SECURITY_APPPOOL_ID_BASE_RID __MSABI_LONG(0x00000052) +#define SECURITY_VIRTUALSERVER_ID_BASE_RID __MSABI_LONG(0x00000053) +#define SECURITY_USERMODEDRIVERHOST_ID_BASE_RID __MSABI_LONG(0x00000054) +#define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_BASE_RID __MSABI_LONG(0x00000055) +#define SECURITY_WMIHOST_ID_BASE_RID __MSABI_LONG(0x00000056) +#define SECURITY_TASK_ID_BASE_RID __MSABI_LONG(0x00000057) +#define SECURITY_NFS_ID_BASE_RID __MSABI_LONG(0x00000058) +#define SECURITY_COM_ID_BASE_RID __MSABI_LONG(0x00000059) +#define SECURITY_MAX_BASE_RID __MSABI_LONG(0x0000006F) +#define SECURITY_WINDOWSMOBILE_ID_BASE_RID __MSABI_LONG(0x00000070) #define SECURITY_MAX_ALWAYS_FILTERED __MSABI_LONG(0x000003E7) #define SECURITY_MIN_NEVER_FILTERED __MSABI_LONG(0x000003E8) #define SECURITY_OTHER_ORGANIZATION_RID __MSABI_LONG(0x000003E8) +#define DOMAIN_GROUP_RID_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS __MSABI_LONG(0x000001F2) + #define FOREST_USER_RID_MAX __MSABI_LONG(0x000001F3) #define DOMAIN_USER_RID_ADMIN __MSABI_LONG(0x000001F4) #define DOMAIN_USER_RID_GUEST __MSABI_LONG(0x000001F5) @@ -4415,6 +4436,9 @@ typedef struct _SID_AND_ATTRIBUTES { #define DOMAIN_GROUP_RID_SCHEMA_ADMINS __MSABI_LONG(0x00000206) #define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS __MSABI_LONG(0x00000207) #define DOMAIN_GROUP_RID_POLICY_ADMINS __MSABI_LONG(0x00000208) +#define DOMAIN_GROUP_RID_READONLY_CONTROLLERS __MSABI_LONG(0x00000209) + +#define SECURITY_RESOURCE_MANAGER_AUTHORITY {0,0,0,0,0,9} #define SECURITY_APP_PACKAGE_AUTHORITY {0,0,0,0,0,15} #define SECURITY_APP_PACKAGE_BASE_RID __MSABI_LONG(0x000000002) @@ -4432,9 +4456,13 @@ typedef struct _SID_AND_ATTRIBUTES { #define SECURITY_MANDATORY_UNTRUSTED_RID __MSABI_LONG(0x00000000) #define SECURITY_MANDATORY_LOW_RID __MSABI_LONG(0x00001000) #define SECURITY_MANDATORY_MEDIUM_RID __MSABI_LONG(0x00002000) +#define SECURITY_MANDATORY_MEDIUM_PLUS_RID __MSABI_LONG(0x00002100) #define SECURITY_MANDATORY_HIGH_RID __MSABI_LONG(0x00003000) #define SECURITY_MANDATORY_SYSTEM_RID __MSABI_LONG(0x00004000) #define SECURITY_MANDATORY_PROTECTED_PROCESS_RID __MSABI_LONG(0x00005000) +#define SECURITY_MANDATORY_MAXIMUM_USER_RID SECURITY_MANDATORY_SYSTEM_RID + +#define MANDATORY_LEVEL_TO_MANDATORY_RID(ML) (ML * 0x1000) #define DOMAIN_ALIAS_RID_ADMINS __MSABI_LONG(0x00000220) #define DOMAIN_ALIAS_RID_USERS __MSABI_LONG(0x00000221) @@ -4458,11 +4486,32 @@ typedef struct _SID_AND_ATTRIBUTES { #define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS __MSABI_LONG(0x00000230) #define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS __MSABI_LONG(0x00000231) #define DOMAIN_ALIAS_RID_DCOM_USERS __MSABI_LONG(0x00000232) +#define DOMAIN_ALIAS_RID_IUSERS __MSABI_LONG(0x00000238) +#define DOMAIN_ALIAS_RID_CRYPTO_OPERATORS __MSABI_LONG(0x00000239) +#define DOMAIN_ALIAS_RID_CACHEABLE_PRINCIPALS_GROUP __MSABI_LONG(0x0000023B) +#define DOMAIN_ALIAS_RID_NON_CACHEABLE_PRINCIPALS_GROUP __MSABI_LONG(0x0000023C) +#define DOMAIN_ALIAS_RID_EVENT_LOG_READERS_GROUP __MSABI_LONG(0x0000023D) +#define DOMAIN_ALIAS_RID_CERTSVC_DCOM_ACCESS_GROUP __MSABI_LONG(0x0000023E) #define SECURITY_SERVER_LOGON_RID SECURITY_ENTERPRISE_CONTROLLERS_RID #define SECURITY_PACKAGE_RID_COUNT __MSABI_LONG(2) +#define SECURITY_CRED_TYPE_RID_COUNT __MSABI_LONG(2) #define SECURITY_LOGON_IDS_RID_COUNT __MSABI_LONG(3) +#define SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT __MSABI_LONG(3) +#define SECURITY_SERVICE_ID_RID_COUNT __MSABI_LONG(6) +#define SECURITY_APPPOOL_ID_RID_COUNT __MSABI_LONG(6) +#define SECURITY_VIRTUALSERVER_ID_RID_COUNT __MSABI_LONG(6) +#define SECURITY_USERMODEDRIVERHOST_ID_RID_COUNT __MSABI_LONG(6) +#define SECURITY_CLOUD_INFRASTRUCTURE_SERVICES_ID_RID_COUNT __MSABI_LONG(6) +#define SECURITY_WMIHOST_ID_RID_COUNT __MSABI_LONG(6) +#define SECURITY_VIRTUALACCOUNT_ID_RID_COUNT __MSABI_LONG(6) + +#define SYSTEM_LUID { 0x3e7, 0x0 } +#define ANONYMOUS_LOGON_LUID { 0x3e6, 0x0 } +#define LOCALSERVICE_LUID { 0x3e5, 0x0 } +#define NETWORKSERVICE_LUID { 0x3e4, 0x0 } +#define IUSER_LUID { 0x3e3, 0x0 } typedef enum { WinNullSid = 0, @@ -4815,11 +4864,30 @@ typedef struct _ACE_HEADER { } ACE_HEADER,*PACE_HEADER; /* AceType */ -#define ACCESS_ALLOWED_ACE_TYPE 0 -#define ACCESS_DENIED_ACE_TYPE 1 -#define SYSTEM_AUDIT_ACE_TYPE 2 -#define SYSTEM_ALARM_ACE_TYPE 3 +#define ACCESS_MIN_MS_ACE_TYPE 0x0 +#define ACCESS_ALLOWED_ACE_TYPE 0x0 +#define ACCESS_DENIED_ACE_TYPE 0x1 +#define SYSTEM_AUDIT_ACE_TYPE 0x2 +#define SYSTEM_ALARM_ACE_TYPE 0x3 +#define ACCESS_MAX_MS_V2_ACE_TYPE 0x3 +#define ACCESS_ALLOWED_COMPOUND_ACE_TYPE 0x4 +#define ACCESS_MAX_MS_V3_ACE_TYPE 0x4 +#define ACCESS_MIN_MS_OBJECT_ACE_TYPE 0x5 +#define ACCESS_ALLOWED_OBJECT_ACE_TYPE 0x5 +#define ACCESS_DENIED_OBJECT_ACE_TYPE 0x6 +#define ACCESS_AUDIT_OBJECT_ACE_TYPE 0x7 +#define ACCESS_ALARM_OBJECT_ACE_TYPE 0x8 +#define ACCESS_MAX_MS_V4_ACE_TYPE 0x8 +#define ACCESS_ALLOWED_CALLBACK_ACE_TYPE 0x9 +#define ACCESS_DENIED_CALLBACK_ACE_TYPE 0xa +#define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE 0xb +#define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE 0xc +#define SYSTEM_AUDIT_CALLBACK_ACE_TYPE 0xd +#define SYSTEM_ALARM_CALLBACK_ACE_TYPE 0xe +#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE 0xf +#define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE 0x10 #define SYSTEM_MANDATORY_LABEL_ACE_TYPE 0x11 +#define ACCESS_MAX_MS_V5_ACE_TYPE 0x11 /* inherit AceFlags */ #define OBJECT_INHERIT_ACE 0x01