1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
|
//+-------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1992 - 1992.
//
// File: CAIROSEAPI.H
//
// Contents: This file contains the stuff to be merged with ntseapi.h
// after Daytona ships.
//
// This file contains the CAIROSID structure to
// be used by Cairo interchangebly with the NT SID structure.
// Also included is the planned Cairo SID structure to
// be used when the SID revision is changed. This change
// will not occur until after Daytona ships because of the
// extent of the kernel changes required.
// The same is true of the ACE structure; there is a current
// Cairo version, and, commented out, the planned Cairo
// version when the ACL revision is changed.
//
// History: 7/94 davemont created
//
//--------------------------------------------------------------------------
#include <nt.h>
#if !defined( __CAIROSEAPI_H__ )
#define __CAIROSEAPI_H__
////////////////////////////////////////////////////////////////////////
// //
// Cairo Security Id (CAIROSID) //
// //
////////////////////////////////////////////////////////////////////////
//
//
// Pictorially the structure of an Cairo SID is as follows:
//
// 1 1 1 1 1 1
// 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
// +---------------------------------------------------------------+
// | SubAuthorityCount = 10 |Reserved1 (SBZ)| Revision |
// +---------------------------------------------------------------+
// | IdentifierAuthority[0,1] |
// +---------------------------------------------------------------+
// | IdentifierAuthority[2,3] |
// +---------------------------------------------------------------+
// | IdentifierAuthority[4,5] = 5 |
// +---------------------------------------------------------------+
// | |
// +- - SubAuthority[0] = SECURITY_NT2_NON_UNIQUE = 16 - - - - -+
// | |
// +---------------------------------------------------------------+
// | |
// +- - SubAuthority[1] = SECURITY_NT2_REVISION_RID = 0 - - - -+
// | |
// +---------------------------------------------------------------+
// | |
// +- - - - - - - - Domain ID - - - - - - - - - - -+
// | |
// +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -+
// | |
// +- - - - - - - - - - - - - - - - - - - - - -+
// | |
// +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -+
// | |
// +- - - - - - - - - - - - - - - - - - - - - -+
// | |
// +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -+
// | |
// +- - - - - - - - - - - - - - - - - - - - - -+
// | |
// +---------------------------------------------------------------+
// | |
// +- - - - - - - - Rid - - - - - - - - - - - - -+
// | |
// +---------------------------------------------------------------+
//
//
//
#define CAIROSID_SUBAUTHORITY_COUNT 7
#define SECURITY_NT2_NON_UNIQUE 16
#define SECURITY_NT2_REVISION_RID 0
typedef struct _CAIROSID {
UCHAR Revision;
UCHAR SubAuthorityCount;
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
ULONG ZerothSubAuthority;
ULONG FirstSubAuthority;
GUID sDomain;
ULONG rid;
} CAIROSID, *PICAIROSID;
////////////////////////////////////////////////////////////////////////
// //
// ACL and ACE //
// //
////////////////////////////////////////////////////////////////////////
//
//
// Define an ACL and the ACE format. The structure of an ACL header
// followed by one or more ACEs. Pictorally the structure of an ACL header
// is as follows:
//
// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
// +-------------------------------+---------------+---------------+
// | AclSize | Sbz1 | AclRevision |
// +-------------------------------+---------------+---------------+
// | Sbz2 | AceCount |
// +-------------------------------+-------------------------------+
//
// The current AclRevision is defined to be ACL_REVISION.
//
// AclSize is the size, in bytes, allocated for the ACL. This includes
// the ACL header, ACES, and remaining free space in the buffer.
//
// AceCount is the number of ACES in the ACL.
//
//
//#define CAIRO_ACL_REVISION (3)
//
//
// The structure of an ACE is a common ace header followed by ace type
// specific data. Pictorally the structure of the common ace header is
// as follows:
//
// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
// +---------------+-------+-------+---------------+---------------+
// | AceSize | AceFlags | AceType |
// +---------------+-------+-------+---------------+---------------+
//
// AceType denotes the type of the ace, there are some predefined ace
// types
//
// AceSize is the size, in bytes, of ace.
//
// AceFlags are the Ace flags for audit and inheritance, defined shortly.
//
//
// The following are the predefined ace types that go into the AceType
// field of an Ace header.
//
//
// #define ACCESS_ALLOWED_ACE_TYPE (0x0)
// #define ACCESS_DENIED_ACE_TYPE (0x1)
// #define SYSTEM_AUDIT_ACE_TYPE (0x2)
// #define SYSTEM_ALARM_ACE_TYPE (0x3)
//
// The following are the inherit flags that go into the AceFlags field
// of an Ace header.
//
// #define OBJECT_INHERIT_ACE (0x1)
// #define CONTAINER_INHERIT_ACE (0x2)
// #define NO_PROPAGATE_INHERIT_ACE (0x4)
// #define INHERIT_ONLY_ACE (0x8)
// #define END_OF_INHERITED_ACE (0x10)
// #define VALID_INHERIT_FLAGS (0x1F)
// CAIRO ACE FLAGS
//#define SIMPLE_CAIRO_ACE (OX0)
//#define IMPERSONATE_CAIRO_ACE (0x1)
// The following are the currently defined ACE flags that go into the
// AceFlags field of an ACE header. Each ACE type has its own set of
// AceFlags.
//
// SUCCESSFUL_ACCESS_ACE_FLAG - used only with system audit and alarm ACE
// types to indicate that a message is generated for successful accesses.
//
// FAILED_ACCESS_ACE_FLAG - used only with system audit and alarm ACE types
// to indicate that a message is generated for failed accesses.
//
//
// SYSTEM_AUDIT and SYSTEM_ALARM AceFlags
//
// These control the signaling of audit and alarms for success or failure.
//
//
//#define SUCCESSFUL_ACCESS_ACE_FLAG (0x40)
//#define FAILED_ACCESS_ACE_FLAG (0x80)
//
//
// Following is a picture of the current Cairo ACE. Right now we use
// the extra space in the ACE after the SID to save the name. As a fail
// safe the length of the name is stored, it must be less than the remaining
// length of the ACE.
//
// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
// +---------------+-------+-------+---------------+---------------+
// | AceSize | AceFlags | AceType |
// +---------------+-------+-------+---------------+---------------+
// | Mask |
// +---------------------------------------------------------------+
// | |
// | NT version of CairoSID |
// | |
// +---------------------------------------------------------------+
// | [optional] length of name |
// +---------------------------------------------------------------+
// | [optional] name (null terminated) |
// | |
// | |
// | |
// | |
// +---------------------------------------------------------------+
//
typedef struct _CAIRO_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
CAIROSID CSid;
ULONG cNameLength;
WCHAR Name[ANYSIZE_ARRAY];
} CAIRO_ACE, *PCAIRO_ACE;
//--------------------------------------------------------------------------
//
// Following is the final version of the Cairo ACE.
//
// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
// +---------------+-------+-------+---------------+---------------+
// | AceSize | AceFlags | AceType |
// +---------------+-------+-------+---------------+---------------+
// | Mask |
// +---------------------------------------------------------------+
// | AdvancedAceType | SidCount |
// +---------------------------------------------------------------+
// | |
// + +
// | SID |
// + or +
// | CairoSID |
// + +
// | |
// +---------------------------------------------------------------+
// | offset to ID name |
// +---------------------------------------------------------------+
// | [optional] |
// + +
// | SID |
// + or +
// | CairoSID |
// + +
// | |
// +---------------------------------------------------------------+
// | [optional] |
// | offset to ID name |
// +---------------------------------------------------------------+
// | |
// | name (null terminated) |
// | |
// +---------------------------------------------------------------+
// | [optional] |
// | name (null terminated) |
// | |
// +---------------------------------------------------------------+
//
//
// Mask is the access mask associated with the ACE. This is either the
// access allowed, access denied, audit, or alarm mask.
//
// Sid is the Sid associated with the ACE.
//
//
//typedef struct _ACCESS_ACE {
// ACE_HEADER Header;
// ACCESS_MASK Mask;
// USHORT AdvancedAceType;
// USHORT SidCount;
// ULONG SidStart;
//} ACCESS_ACE;
//typedef ACCESS_ACE *PACCESS_ACE;
//
//--------------------------------------------------------------------------
//
// Well-known identifiers
//
#if 0
//
// The on disk format for identifiers is as follows:
//
// SID Format:
//
// S-1-4-x1-x2-x3-x4-y1-y2-y3-y4
//
// Where the S-1-4 is a standard prefix for our identifiers
//
// x1-x4 are the GUID of the principal, mapped to consecutive ulongs
// y1-y4 are the GUID of the principal's domain, mapped as above.
//
//
// There are several well known "guids" which are used to represent either
// artificial groups or domain-wide constants. These are listed below. To
// use them, use the AllocateAndInitializeSid call.
//
//
// This define is used to determine the needed size for the SID.
//
// You would use this as the second parameter to AllocateAndInitializeSid
//
#define SECURITY_SID_RID_COUNT 8
#define SECURITY_NT2_AUTHORITY {0, 0, 0, 0, 0, 4}
//
// A well known "guid" exists to represent the local domain, which really
// means local machine. This domain is assigned only to local identifiers.
//
#define SECURITY_LOCAL_DOMAIN_1 0
#define SECURITY_LOCAL_DOMAIN_2 0
#define SECURITY_LOCAL_DOMAIN_3 0
#define SECURITY_LOCAL_DOMAIN_4 105
#define SECURITY_LOCAL_DOMAIN_GUID {0, 0, 0, {0, 0, 0, 0, 105, 0, 0, 0} }
//
// A well known "guid" exists to represent the PRIVATE group. This group is
// actually the same as the NT admin alias
//
#define SECURITY_PRIVATE_GROUP_SID_COUNT 2
#define SECURITY_PRIVATE_GROUP_1 32
#define SECURITY_PRIVATE_GROUP_2 544
#define SECURITY_PRIVATE_GROUP_GUID {2, 32, 544, {0, 0, 0, 0, 0, 0, 0, 0}}
//
// A well known "guid" exists to represent the PUBLIC group. This group is
// actually the same as the NT guest group.
//
#define SECURITY_PUBLIC_GROUP_SID_COUNT 2
#define SECURITY_PUBLIC_GROUP_1 32
#define SECURITY_PUBLIC_GROUP_2 545
#define SECURITY_PUBLIC_GROUP_GUID {2, 32, 545, {0, 0, 0, 0, 0, 0, 0, 0}}
//
// A well known "guid" exists to represent the GUEST user. This group is
// actually the same as the NT guest user.
//
#define SECURITY_GUEST_USER_SID_COUNT 2
#define SECURITY_GUEST_USER_1 32
#define SECURITY_GUEST_USER_2 501
#define SECURITY_GUEST_USER_GUID {2, 32, 501, {0, 0, 0, 0, 0, 0, 0, 0}}
#endif
//
// Next free rid is 0x256. Last free is 0x3e7 (999)
// The local PRIVATE group. This is actually the same as the NT admin group
#define DOMAIN_GROUP_RID_PRIVATE DOMAIN_ALIAS_RID_ADMINS
// The local PUBLIC group. This is actually the same as the NT users group
#define DOMAIN_GROUP_RID_PUBLIC DOMAIN_ALIAS_RID_USERS
#define DOMAIN_GROUP_RID_BACKUP_OPS DOMAIN_ALIAS_RID_BACKUP_OPS
#define DOMAIN_GROUP_RID_ACCOUNT_OPS DOMAIN_ALIAS_RID_ACCOUNT_OPS
#define DOMAIN_GROUP_RID_PRINT_OPS DOMAIN_ALIAS_RID_PRINT_OPS
#define DOMAIN_GROUP_RID_SERVER_OPS DOMAIN_ALIAS_RID_SYSTEM_OPS
#define DOMAIN_SERVICE_RID_KDC 0x250
#define DOMAIN_SERVICE_RID_DFSM 0x251
#define DOMAIN_SERVICE_RID_DS_SERVER 0x252
#define DOMAIN_SERVICE_RID_NTLMSVC 0x253
#define DOMAIN_SERVICE_RID_PRIVSVR 0x254
#define DOMAIN_SERVICE_RID_ORASVC 0x255
// NULL Guid
// #define SECURITY_NULL_GUID {0, 0, 0, {0, 0, 0, 0, 0, 0, 0, 0} }
#endif // __CAIROSEAPI_H__
|
