Difference between revisions of "Unit Security"

From Ultibo.org
Jump to: navigation, search
Line 20: Line 20:
 
| <code>ANYSIZE_ARRAY = 1;</code>
 
| <code>ANYSIZE_ARRAY = 1;</code>
 
| style="width: 50%;"|&nbsp;
 
| style="width: 50%;"|&nbsp;
 +
|-
 +
|}
 +
</div></div>
 +
<br />
 +
<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial; padding-top: 20px; padding-bottom: 15px;">
 +
<div style="font-size: 14px; padding-left: 12px;">'''SID''' <code> SID_* </code></div>
 +
<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
 +
{| class="wikitable" style="font-size: 14px; background: white;"
 +
|-
 +
| <code>SID_REVISION = 1;</code>
 +
| Current revision level
 +
|-
 +
| <code>SID_MAX_SUB_AUTHORITIES = 15;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SID_RECOMMENDED_SUB_AUTHORITIES = 1;</code>
 +
| Will change to around 6 in a future release
 +
|-
 +
|colspan="2"|&nbsp;
 +
|-
 +
| <code>SECURITY_MIN_SID_SIZE = SizeOf(SID) - SizeOf(DWORD);</code>
 +
| Account for SubAuthority[0]
 +
|-
 +
| <code>SECURITY_MAX_SID_SIZE = SizeOf(SID) - SizeOf(DWORD) + (SID_MAX_SUB_AUTHORITIES * SizeOf(DWORD));</code>
 +
| Account for SubAuthority[0]
 +
|-
 +
|colspan="2"|&nbsp;
 +
|-
 +
| <code>SidTypeUser = 1;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SidTypeGroup = 2;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SidTypeDomain = 3;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SidTypeAlias = 4;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SidTypeWellKnownGroup = 5;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SidTypeDeletedAccount = 6;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SidTypeInvalid = 7;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SidTypeUnknown = 8;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SidTypeComputer = 9;</code>
 +
| &nbsp;
 +
|-
 +
|}
 +
</div></div>
 +
<br />
 +
<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial; padding-top: 20px; padding-bottom: 15px;">
 +
<div style="font-size: 14px; padding-left: 12px;">'''ACL''' <code> ACL_* </code></div>
 +
<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
 +
{| class="wikitable" style="font-size: 14px; background: white;"
 +
|-
 +
| <code>ACL_REVISION = 2;</code>
 +
| style="width: 50%;"|&nbsp;
 +
|-
 +
| <code>ACL_REVISION_DS = 4;</code>
 +
| &nbsp;
 +
|-
 +
|colspan="2"|&nbsp;
 +
|-
 +
| <code>ACL_REVISION1 = 1;</code>
 +
| &nbsp;
 +
|-
 +
| <code>ACL_REVISION2 = 2;</code>
 +
| &nbsp;
 +
|-
 +
| <code>MIN_ACL_REVISION = ACL_REVISION2;</code>
 +
| &nbsp;
 +
|-
 +
| <code>ACL_REVISION3 = 3;</code>
 +
| &nbsp;
 +
|-
 +
| <code>ACL_REVISION4 = 4;</code>
 +
| &nbsp;
 +
|-
 +
| <code>MAX_ACL_REVISION = ACL_REVISION4;</code>
 +
| &nbsp;
 +
|-
 +
|colspan="2"|&nbsp;
 +
|-
 +
| <code>AclRevisionInformation = 1;</code>
 +
| &nbsp;
 +
|-
 +
| <code>AclSizeInformation = 2;</code>
 +
| &nbsp;
 +
|-
 +
|}
 +
</div></div>
 +
<br />
 +
<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial; padding-top: 20px; padding-bottom: 15px;">
 +
<div style="font-size: 14px; padding-left: 12px;">'''ACE''' <code> ACE_* </code></div>
 +
<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
 +
{| class="wikitable" style="font-size: 14px; background: white;"
 +
|-
 +
|colspan="2"|The following are the predefined ace types that go into the AceType field of an Ace header
 +
|-
 +
| <code>ACCESS_MIN_MS_ACE_TYPE = $0;</code>
 +
| style="width: 50%;"|&nbsp;
 +
|-
 +
| <code>ACCESS_ALLOWED_ACE_TYPE = $0;</code>
 +
| &nbsp;
 +
|-
 +
| <code>ACCESS_DENIED_ACE_TYPE = $1;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SYSTEM_AUDIT_ACE_TYPE = $2;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SYSTEM_ALARM_ACE_TYPE = $3;</code>
 +
| &nbsp;
 +
|-
 +
| <code>ACCESS_MAX_MS_V2_ACE_TYPE = $3;</code>
 +
| &nbsp;
 +
|-
 +
|colspan="2"|&nbsp;
 +
|-
 +
| <code>ACCESS_ALLOWED_COMPOUND_ACE_TYPE = $4;</code>
 +
| &nbsp;
 +
|-
 +
| <code>ACCESS_MAX_MS_V3_ACE_TYPE = $4;</code>
 +
| &nbsp;
 +
|-
 +
|colspan="2"|&nbsp;
 +
|-
 +
| <code>ACCESS_MIN_MS_OBJECT_ACE_TYPE = $5;</code>
 +
| &nbsp;
 +
|-
 +
| <code>ACCESS_ALLOWED_OBJECT_ACE_TYPE = $5;</code>
 +
| &nbsp;
 +
|-
 +
| <code>ACCESS_DENIED_OBJECT_ACE_TYPE = $6;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SYSTEM_AUDIT_OBJECT_ACE_TYPE = $7;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SYSTEM_ALARM_OBJECT_ACE_TYPE = $8;</code>
 +
| &nbsp;
 +
|-
 +
| <code>ACCESS_MAX_MS_OBJECT_ACE_TYPE = $8;</code>
 +
| &nbsp;
 +
|-
 +
|colspan="2"|&nbsp;
 +
|-
 +
| <code>ACCESS_MAX_MS_V4_ACE_TYPE = $8;</code>
 +
| &nbsp;
 +
|-
 +
| <code>ACCESS_MAX_MS_ACE_TYPE = $8;</code>
 +
| &nbsp;
 +
|-
 +
|colspan="2"|&nbsp;
 +
|-
 +
| <code>ACCESS_ALLOWED_CALLBACK_ACE_TYPE = $9;</code>
 +
| &nbsp;
 +
|-
 +
| <code>ACCESS_DENIED_CALLBACK_ACE_TYPE = $A;</code>
 +
| &nbsp;
 +
|-
 +
| <code>ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE = $B;</code>
 +
| &nbsp;
 +
|-
 +
| <code>ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE = $C;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SYSTEM_AUDIT_CALLBACK_ACE_TYPE = $D;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SYSTEM_ALARM_CALLBACK_ACE_TYPE = $E;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE = $F;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE = $10;</code>
 +
| &nbsp;
 +
|-
 +
|colspan="2"|&nbsp;
 +
|-
 +
| <code>ACCESS_MAX_MS_V5_ACE_TYPE = $10;</code>
 +
| &nbsp;
 +
|-
 +
|colspan="2"|&nbsp;
 +
|-
 +
|colspan="2"|The following are the inherit flags that go into the AceFlags field of an Ace header
 +
|-
 +
| <code>OBJECT_INHERIT_ACE = $1;</code>
 +
| &nbsp;
 +
|-
 +
| <code>CONTAINER_INHERIT_ACE = $2;</code>
 +
| &nbsp;
 +
|-
 +
| <code>NO_PROPAGATE_INHERIT_ACE = $4;</code>
 +
| &nbsp;
 +
|-
 +
| <code>INHERIT_ONLY_ACE = $8;</code>
 +
| &nbsp;
 +
|-
 +
| <code>INHERITED_ACE = $10;</code>
 +
| &nbsp;
 +
|-
 +
| <code>VALID_INHERIT_FLAGS = $1F;</code>
 +
| &nbsp;
 +
|-
 +
|colspan="2"|&nbsp;
 +
|-
 +
|colspan="2"|The following are the currently defined ACE flags that go into the AceFlags field of an ACE header. Each ACE type has its own set of AceFlags.
 +
|-
 +
|colspan="2"|SYSTEM_AUDIT and SYSTEM_ALARM AceFlags
 +
|-
 +
| <code>SUCCESSFUL_ACCESS_ACE_FLAG = $40;</code>
 +
| &nbsp;
 +
|-
 +
| <code>FAILED_ACCESS_ACE_FLAG = $80;</code>
 +
| &nbsp;
 +
|-
 +
|colspan="2"|&nbsp;
 +
|-
 +
|colspan="2"|Currently defined Flags for "OBJECT" ACE types
 +
|-
 +
| <code>ACE_OBJECT_TYPE_PRESENT = $1;</code>
 +
| &nbsp;
 +
|-
 +
| <code>ACE_INHERITED_OBJECT_TYPE_PRESENT = $2;</code>
 +
| &nbsp;
 +
|-
 +
|}
 +
</div></div>
 +
<br />
 +
<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial; padding-top: 20px; padding-bottom: 15px;">
 +
<div style="font-size: 14px; padding-left: 12px;">'''Security descriptor''' <code> SECURITY_DESCRIPTOR_* </code></div>
 +
<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
 +
{| class="wikitable" style="font-size: 14px; background: white;"
 +
|-
 +
| <code>SECURITY_DESCRIPTOR_REVISION = 1;</code>
 +
| Current security descriptor revision value
 +
|-
 +
| <code>SECURITY_DESCRIPTOR_REVISION1 = 1;</code>
 +
| &nbsp;
 +
|-
 +
|colspan="2"|&nbsp;
 +
|-
 +
| <code>SE_OWNER_DEFAULTED = $0001;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SE_GROUP_DEFAULTED = $0002;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SE_DACL_PRESENT = $0004;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SE_DACL_DEFAULTED = $0008;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SE_SACL_PRESENT = $0010;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SE_SACL_DEFAULTED = $0020;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SE_DACL_AUTO_INHERIT_REQ = $0100;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SE_SACL_AUTO_INHERIT_REQ = $0200;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SE_DACL_AUTO_INHERITED = $0400;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SE_SACL_AUTO_INHERITED = $0800;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SE_DACL_PROTECTED = $1000;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SE_SACL_PROTECTED = $2000;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SE_RM_CONTROL_VALID = $4000;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SE_SELF_RELATIVE = $8000;</code>
 +
| &nbsp;
 +
|-
 +
|}
 +
</div></div>
 +
<br />
 +
<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial; padding-top: 20px; padding-bottom: 15px;">
 +
<div style="font-size: 14px; padding-left: 12px;">'''Universal well-known SIDs''' <code> SECURITY_NULL_SID_* </code></div>
 +
<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
 +
{| class="wikitable" style="font-size: 14px; background: white;"
 +
|-
 +
| <code>SECURITY_NULL_SID_IDENTIFIER = 0;</code>
 +
| style="width: 50%;"|&nbsp;
 +
|-
 +
| <code>SECURITY_WORLD_SID_IDENTIFIER = 1;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_LOCAL_SID_IDENTIFIER = 2;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_CREATOR_SID_IDENTIFIER = 3;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_NON_UNIQUE_IDENTIFIER = 4;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_RESOURCE_MANAGER_IDENTIFIER = 9;</code>
 +
| &nbsp;
 +
|-
 +
|colspan="2"|&nbsp;
 +
|-
 +
| <code>SECURITY_NULL_SID_AUTHORITY: TSIDIdentifierAuthority = (Value: (0, 0, 0, 0, 0, 0));</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_WORLD_SID_AUTHORITY: TSIDIdentifierAuthority = (Value: (0, 0, 0, 0, 0, 1));</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_LOCAL_SID_AUTHORITY: TSIDIdentifierAuthority = (Value: (0, 0, 0, 0, 0, 2));</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_CREATOR_SID_AUTHORITY: TSIDIdentifierAuthority = (Value: (0, 0, 0, 0, 0, 3));</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_NON_UNIQUE_AUTHORITY: TSIDIdentifierAuthority = (Value: (0, 0, 0, 0, 0, 4));</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_RESOURCE_MANAGER_AUTHORITY: TSIDIdentifierAuthority = (Value: (0, 0, 0, 0, 0, 9));</code>
 +
| &nbsp;
 +
|-
 +
|colspan="2"|&nbsp;
 +
|-
 +
| <code>SECURITY_NULL_RID = $00000000;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_WORLD_RID = $00000000;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_LOCAL_RID = $00000000;</code>
 +
| &nbsp;
 +
|-
 +
|colspan="2"|&nbsp;
 +
|-
 +
| <code>SECURITY_CREATOR_OWNER_RID = $00000000;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_CREATOR_GROUP_RID = $00000001;</code>
 +
| &nbsp;
 +
|-
 +
|colspan="2"|&nbsp;
 +
|-
 +
| <code>SECURITY_CREATOR_OWNER_SERVER_RID = $00000002;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_CREATOR_GROUP_SERVER_RID = $00000003;</code>
 +
| &nbsp;
 +
|-
 +
|}
 +
</div></div>
 +
<br />
 +
<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial; padding-top: 20px; padding-bottom: 15px;">
 +
<div style="font-size: 14px; padding-left: 12px;">'''NT well-known SIDs''' <code> SECURITY_NT_IDENTIFIER* </code></div>
 +
<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
 +
{| class="wikitable" style="font-size: 14px; background: white;"
 +
|-
 +
| <code>SECURITY_NT_IDENTIFIER = 5;</code>
 +
| style="width: 50%;"|&nbsp;
 +
|-
 +
|colspan="2"|&nbsp;
 +
|-
 +
| <code>SECURITY_NT_AUTHORITY: TSIDIdentifierAuthority = (Value: (0, 0, 0, 0, 0, 5));</code>
 +
| &nbsp;
 +
|-
 +
|colspan="2"|&nbsp;
 +
|-
 +
| <code>SECURITY_DIALUP_RID = $00000001;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_NETWORK_RID = $00000002;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_BATCH_RID = $00000003;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_INTERACTIVE_RID = $00000004;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_SERVICE_RID = $00000006;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_ANONYMOUS_LOGON_RID = $00000007;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_PROXY_RID = $00000008;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_ENTERPRISE_CONTROLLERS_RID = $00000009;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_SERVER_LOGON_RID = SECURITY_ENTERPRISE_CONTROLLERS_RID;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_PRINCIPAL_SELF_RID = $0000000A;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_AUTHENTICATED_USER_RID = $0000000B;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_RESTRICTED_CODE_RID = $0000000C;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_TERMINAL_SERVER_RID = $0000000D;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_REMOTE_LOGON_RID = $0000000E;</code>
 +
| &nbsp;
 +
|-
 +
|colspan="2"|&nbsp;
 +
|-
 +
| <code>SECURITY_LOGON_IDS_RID = $00000005;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_LOGON_IDS_RID_COUNT = 3;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_LOCAL_SYSTEM_RID = $00000012;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_LOCAL_SERVICE_RID = $00000013;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_NETWORK_SERVICE_RID = $00000014;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_NT_NON_UNIQUE = $00000015;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT = 3;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SECURITY_BUILTIN_DOMAIN_RID = $00000020;</code>
 +
| &nbsp;
 +
|-
 +
|}
 +
</div></div>
 +
<br />
 +
<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial; padding-top: 20px; padding-bottom: 15px;">
 +
<div style="font-size: 14px; padding-left: 12px;">'''Well-known users''' <code> _USER_RID_* </code></div>
 +
<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
 +
{| class="wikitable" style="font-size: 14px; background: white;"
 +
|-
 +
| <code>DOMAIN_USER_RID_ADMIN = $000001F4;</code>
 +
| style="width: 50%;"|&nbsp;
 +
|-
 +
| <code>DOMAIN_USER_RID_GUEST = $000001F5;</code>
 +
| &nbsp;
 +
|-
 +
| <code>DOMAIN_USER_RID_KRBTGT = $000001F6;</code>
 +
| &nbsp;
 +
|-
 +
|}
 +
</div></div>
 +
<br />
 +
<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial; padding-top: 20px; padding-bottom: 15px;">
 +
<div style="font-size: 14px; padding-left: 12px;">'''Well-known groups''' <code> _GROUP_RID_* </code></div>
 +
<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
 +
{| class="wikitable" style="font-size: 14px; background: white;"
 +
|-
 +
| <code>DOMAIN_GROUP_RID_ADMINS = $00000200;</code>
 +
| style="width: 50%;"|&nbsp;
 +
|-
 +
| <code>DOMAIN_GROUP_RID_USERS = $00000201;</code>
 +
| &nbsp;
 +
|-
 +
| <code>DOMAIN_GROUP_RID_GUESTS = $00000202;</code>
 +
| &nbsp;
 +
|-
 +
| <code>DOMAIN_GROUP_RID_COMPUTERS = $00000203;</code>
 +
| &nbsp;
 +
|-
 +
| <code>DOMAIN_GROUP_RID_CONTROLLERS = $00000204;</code>
 +
| &nbsp;
 +
|-
 +
| <code>DOMAIN_GROUP_RID_CERT_ADMINS = $00000205;</code>
 +
| &nbsp;
 +
|-
 +
| <code>DOMAIN_GROUP_RID_SCHEMA_ADMINS = $00000206;</code>
 +
| &nbsp;
 +
|-
 +
| <code>DOMAIN_GROUP_RID_ENTERPRISE_ADMINS = $00000207;</code>
 +
| &nbsp;
 +
|-
 +
| <code>DOMAIN_GROUP_RID_POLICY_ADMINS = $00000208;</code>
 +
| &nbsp;
 +
|-
 +
|}
 +
</div></div>
 +
<br />
 +
<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial; padding-top: 20px; padding-bottom: 15px;">
 +
<div style="font-size: 14px; padding-left: 12px;">'''Well-known aliases''' <code> _ALIAS_RID_* </code></div>
 +
<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
 +
{| class="wikitable" style="font-size: 14px; background: white;"
 +
|-
 +
| <code>DOMAIN_ALIAS_RID_ADMINS = $00000220;</code>
 +
| style="width: 50%;"|&nbsp;
 +
|-
 +
| <code>DOMAIN_ALIAS_RID_USERS = $00000221;</code>
 +
| &nbsp;
 +
|-
 +
| <code>DOMAIN_ALIAS_RID_GUESTS = $00000222;</code>
 +
| &nbsp;
 +
|-
 +
| <code>DOMAIN_ALIAS_RID_POWER_USERS = $00000223;</code>
 +
| &nbsp;
 +
|-
 +
|colspan="2"|&nbsp;
 +
|-
 +
| <code>DOMAIN_ALIAS_RID_ACCOUNT_OPS = $00000224;</code>
 +
| &nbsp;
 +
|-
 +
| <code>DOMAIN_ALIAS_RID_SYSTEM_OPS = $00000225;</code>
 +
| &nbsp;
 +
|-
 +
| <code>DOMAIN_ALIAS_RID_PRINT_OPS = $00000226;</code>
 +
| &nbsp;
 +
|-
 +
| <code>DOMAIN_ALIAS_RID_BACKUP_OPS = $00000227;</code>
 +
| &nbsp;
 +
|-
 +
| <code>|colspan="2"|&nbsp;</code>
 +
| &nbsp;
 +
|-
 +
| <code>DOMAIN_ALIAS_RID_REPLICATOR = $00000228;</code>
 +
| &nbsp;
 +
|-
 +
| <code>DOMAIN_ALIAS_RID_RAS_SERVERS = $00000229;</code>
 +
| &nbsp;
 +
|-
 +
| <code>DOMAIN_ALIAS_RID_PREW2KCOMPACCESS = $0000022A;</code>
 +
| &nbsp;
 +
|-
 +
| <code>DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS = $0000022B;</code>
 +
| &nbsp;
 +
|-
 +
| <code>DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS = $0000022C;</code>
 +
| &nbsp;
 +
|-
 +
|}
 +
</div></div>
 +
<br />
 +
<div class="toccolours mw-collapsible mw-collapsed" style="border: 1; font-family: arial; padding-top: 20px; padding-bottom: 15px;">
 +
<div style="font-size: 14px; padding-left: 12px;">'''Group attributes''' <code> _GROUP_* </code></div>
 +
<div class="mw-collapsible-content" style="text-align: left; padding-left: 5px;">
 +
{| class="wikitable" style="font-size: 14px; background: white;"
 +
|-
 +
| <code>SE_GROUP_MANDATORY = $00000001;</code>
 +
| style="width: 50%;"|&nbsp;
 +
|-
 +
| <code>SE_GROUP_ENABLED_BY_DEFAULT = $00000002;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SE_GROUP_ENABLED = $00000004;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SE_GROUP_OWNER = $00000008;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SE_GROUP_USE_FOR_DENY_ONLY = $00000010;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SE_GROUP_LOGON_ID = $C0000000;</code>
 +
| &nbsp;
 +
|-
 +
| <code>SE_GROUP_RESOURCE = $20000000;</code>
 +
| &nbsp;
 
|-
 
|-
 
|}
 
|}

Revision as of 05:18, 24 May 2017

Return to Unit Reference


Description

Ultibo Security interface unit

This unit implements the security support for Ultibo.

Constants


[Expand]
Security specific constants ANYSIZE_*


[Expand]
SID SID_*


[Expand]
ACL ACL_*


[Expand]
ACE ACE_*


[Expand]
Security descriptor SECURITY_DESCRIPTOR_*


[Expand]
Universal well-known SIDs SECURITY_NULL_SID_*


[Expand]
NT well-known SIDs SECURITY_NT_IDENTIFIER*


[Expand]
Well-known users _USER_RID_*


[Expand]
Well-known groups _GROUP_RID_*


[Expand]
Well-known aliases _ALIAS_RID_*


[Expand]
Group attributes _GROUP_*


Type definitions


SID identifier authority

[Expand]

SID_IDENTIFIER_AUTHORITY = _SID_IDENTIFIER_AUTHORITY;

TSidIdentifierAuthority = SID_IDENTIFIER_AUTHORITY;

PSidIdentifierAuthority = PSID_IDENTIFIER_AUTHORITY;

PSID_IDENTIFIER_AUTHORITY = ^SID_IDENTIFIER_AUTHORITY;

_SID_IDENTIFIER_AUTHORITY = record

SID types

[Expand]

SID = _SID;

PPSID = ^PSID;

TSid = SID;

PSid = ^SID;

_SID = record

Signed types

BOOL = LongBool;

Unsigned types

UCHAR = Byte;

Pointer types

PUCHAR = ^Byte;

GUID types

GUID = TGUID;

SID name use

_SID_NAME_USE = DWORD;
SID_NAME_USE = _SID_NAME_USE;
PSID_NAME_USE = ^SID_NAME_USE;
TSidNameUse = SID_NAME_USE;
PSidNameUse = PSID_NAME_USE;

SID and attributes

[Expand]

SID_AND_ATTRIBUTES = _SID_AND_ATTRIBUTES;

TSidAndAttributes = SID_AND_ATTRIBUTES;

PSidAndAttributes = PSID_AND_ATTRIBUTES;

PSID_AND_ATTRIBUTES = ^SID_AND_ATTRIBUTES;

_SID_AND_ATTRIBUTES = record

SID and attributes array

SID_AND_ATTRIBUTES_ARRAY = array [0..ANYSIZE_ARRAY - 1] of SID_AND_ATTRIBUTES;
PSID_AND_ATTRIBUTES_ARRAY = ^SID_AND_ATTRIBUTES_ARRAY;
PSidAndAttributesArray = ^TSidAndAttributesArray;
TSidAndAttributesArray = SID_AND_ATTRIBUTES_ARRAY;

ACL

[Expand]

ACL = _ACL;

TAcl = ACL;

PPACL = ^PACL;

PACL = ^ACL;

_ACL = record

ACL information class

_ACL_INFORMATION_CLASS = DWORD;
ACL_INFORMATION_CLASS = _ACL_INFORMATION_CLASS;
TAclInformationClass = ACL_INFORMATION_CLASS;

ACL revision information

[Expand]

ACL_REVISION_INFORMATION = _ACL_REVISION_INFORMATION;

TAclRevisionInformation = ACL_REVISION_INFORMATION;

PAclRevisionInformation = PACL_REVISION_INFORMATION;

PACL_REVISION_INFORMATION = ^ACL_REVISION_INFORMATION;

_ACL_REVISION_INFORMATION = record

ACL size information

[Expand]

ACL_SIZE_INFORMATION = _ACL_SIZE_INFORMATION;

TAclSizeInformation = ACL_SIZE_INFORMATION;

PAclSizeInformation = PACL_SIZE_INFORMATION;

PACL_SIZE_INFORMATION = ^ACL_SIZE_INFORMATION;

_ACL_SIZE_INFORMATION = record

Access mask

ACCESS_MASK = DWORD;
PACCESS_MASK = ^ACCESS_MASK;
TAccessMask = ACCESS_MASK;
PAccessMask = PACCESS_MASK;

ACE header

[Expand]

ACE_HEADER = _ACE_HEADER;

TAceHeader = ACE_HEADER;

PAceHeader = PACE_HEADER;

PACE_HEADER = ^ACE_HEADER;

_ACE_HEADER = record

Access allowed

[Expand]

ACCESS_ALLOWED_ACE = _ACCESS_ALLOWED_ACE;

TAccessAllowedAce = ACCESS_ALLOWED_ACE;

PAccessAllowedAce = PACCESS_ALLOWED_ACE;

PACCESS_ALLOWED_ACE = ^ACCESS_ALLOWED_ACE;

_ACCESS_ALLOWED_ACE = record

Access denied

[Expand]

ACCESS_DENIED_ACE = _ACCESS_DENIED_ACE;

TAccessDeniedAce = ACCESS_DENIED_ACE;

PAccessDeniedAce = PACCESS_DENIED_ACE;

PACCESS_DENIED_ACE = ^ACCESS_DENIED_ACE;

_ACCESS_DENIED_ACE = record

System audit

[Expand]

SYSTEM_AUDIT_ACE = _SYSTEM_AUDIT_ACE;

TSystemAuditAce = SYSTEM_AUDIT_ACE;

PSystemAuditAce = PSYSTEM_AUDIT_ACE;

PSYSTEM_AUDIT_ACE = ^SYSTEM_AUDIT_ACE;

_SYSTEM_AUDIT_ACE = record

System alarm

[Expand]

SYSTEM_ALARM_ACE = _SYSTEM_ALARM_ACE;

TSystemAlarmAce = SYSTEM_ALARM_ACE;

PSystemAlarmAce = PSYSTEM_ALARM_ACE;

PSYSTEM_ALARM_ACE = ^SYSTEM_ALARM_ACE;

_SYSTEM_ALARM_ACE = record

Access allowed object

[Expand]

ACCESS_ALLOWED_OBJECT_ACE = _ACCESS_ALLOWED_OBJECT_ACE;

TAccessAllowedObjectAce = ACCESS_ALLOWED_OBJECT_ACE;

PAccessAllowedObjectAce = PACCESS_ALLOWED_OBJECT_ACE;

PACCESS_ALLOWED_OBJECT_ACE = ^ACCESS_ALLOWED_OBJECT_ACE;

_ACCESS_ALLOWED_OBJECT_ACE = record

Access denied object

[Expand]

ACCESS_DENIED_OBJECT_ACE = _ACCESS_DENIED_OBJECT_ACE;

TAccessDeniedObjectAce = ACCESS_DENIED_OBJECT_ACE;

PAccessDeniedObjectAce = PACCESS_DENIED_OBJECT_ACE;

PACCESS_DENIED_OBJECT_ACE = ^ACCESS_DENIED_OBJECT_ACE;

_ACCESS_DENIED_OBJECT_ACE = record

System audit object

[Expand]

SYSTEM_AUDIT_OBJECT_ACE = _SYSTEM_AUDIT_OBJECT_ACE;

TSystemAuditObjectAce = SYSTEM_AUDIT_OBJECT_ACE;

PSystemAuditObjectAce = PSYSTEM_AUDIT_OBJECT_ACE;

PSYSTEM_AUDIT_OBJECT_ACE = ^SYSTEM_AUDIT_OBJECT_ACE;

_SYSTEM_AUDIT_OBJECT_ACE = record

System alarm object

[Expand]

SYSTEM_ALARM_OBJECT_ACE = _SYSTEM_ALARM_OBJECT_ACE;

TSystemAlarmObjectAce = SYSTEM_ALARM_OBJECT_ACE;

PSystemAlarmObjectAce = PSYSTEM_ALARM_OBJECT_ACE;

PSYSTEM_ALARM_OBJECT_ACE = ^SYSTEM_ALARM_OBJECT_ACE;

_SYSTEM_ALARM_OBJECT_ACE = record

Security descriptor control

SECURITY_DESCRIPTOR_CONTROL = WORD;
PSECURITY_DESCRIPTOR_CONTROL = ^SECURITY_DESCRIPTOR_CONTROL;
TSecurityDescriptorControl = SECURITY_DESCRIPTOR_CONTROL;
PSecurityDescriptorControl = PSECURITY_DESCRIPTOR_CONTROL;

Security descriptor relative

[Expand]

SECURITY_DESCRIPTOR_RELATIVE = _SECURITY_DESCRIPTOR_RELATIVE;

TSecurityDescriptorRelative = SECURITY_DESCRIPTOR_RELATIVE;

PSecurityDescriptorRelative = PSECURITY_DESCRIPTOR_RELATIVE;

PSECURITY_DESCRIPTOR_RELATIVE = ^SECURITY_DESCRIPTOR_RELATIVE;

_SECURITY_DESCRIPTOR_RELATIVE = record

Security descriptor

[Expand]

SECURITY_DESCRIPTOR = _SECURITY_DESCRIPTOR;

TSecurityDescriptor = SECURITY_DESCRIPTOR;

PSecurityDescriptor = PSECURITY_DESCRIPTOR;

PPSECURITY_DESCRIPTOR = ^PSECURITY_DESCRIPTOR;

PSECURITY_DESCRIPTOR = ^SECURITY_DESCRIPTOR;

_SECURITY_DESCRIPTOR = record

Well known SID type

[Expand]

WELL_KNOWN_SID_TYPE = (

Well known SID

[Expand]

PWellKnownSid = ^TWellKnownSid;

TWellKnownSid = record

Well known ACE

[Expand]

TWellKnownAce = record

Well known ACL

[Expand]

TWellKnownAcl = record

Well known descriptor

[Expand]

PWellKnownDescriptor = ^TWellKnownDescriptor;

TWellKnownDescriptor = record


Public variables

None defined

Function declarations


Security functions

[Expand] 
function IsWellKnownSid(Sid: PSID; WellKnownSidType: WELL_KNOWN_SID_TYPE): BOOL;
Description: To be documented


[Expand] 
function CreateWellKnownSid(WellKnownSidType: WELL_KNOWN_SID_TYPE; DomainSid: PSID; Sid: PSID; var cbSid: DWORD): BOOL;
Description: To be documented


[Expand] 
function IsValidSid(Sid: PSID): BOOL;
Description: To be documented


[Expand] 
function EqualSid(Sid1, Sid2: PSID): BOOL;
Description: To be documented


[Expand] 
function EqualPrefixSid(Sid1, Sid2: PSID): BOOL;
Description: To be documented


[Expand] 
function GetSidLengthRequired(nSubAuthorityCount: UCHAR): DWORD;
Description: To be documented


[Expand] 
function AllocateAndInitializeSid(const pIdentifierAuthority: TSIDIdentifierAuthority; nSubAuthorityCount: Byte; nSubAuthority0, nSubAuthority1: DWORD; nSubAuthority2, nSubAuthority3, nSubAuthority4: DWORD; nSubAuthority5, nSubAuthority6, nSubAuthority7: DWORD; var Sid: PSID): BOOL;
Description: To be documented


[Expand] 
function FreeSid(Sid: PSID): Pointer;
Description: To be documented


[Expand] 
function InitializeSid(Sid: PSID; const pIdentifierAuthority: TSIDIdentifierAuthority; nSubAuthorityCount: Byte): BOOL;
Description: To be documented


[Expand] 
function GetSidIdentifierAuthority(Sid: PSID): PSIDIdentifierAuthority;
Description: To be documented


[Expand] 
function GetSidSubAuthority(Sid: PSID; nSubAuthority: DWORD): PDWORD;
Description: To be documented


[Expand] 
function GetSidSubAuthorityCount(Sid: PSID): PUCHAR;
Description: To be documented


[Expand] 
function GetLengthSid(Sid: PSID): DWORD;
Description: To be documented


[Expand] 
function CopySid(nDestinationSidLength: DWORD; pDestinationSid, pSourceSid: PSID): BOOL;
Description: To be documented


[Expand] 
function ConvertSidToStringSid(Sid: PSID; var StringSid: PChar): BOOL;
Description: To be documented


[Expand] 
function ConvertStringSidToSid(StringSid: PChar; var Sid: PSID): BOOL;
Description: To be documented


[Expand] 
function IsValidAcl(const pAcl: TACL): BOOL;
Description: To be documented


[Expand] 
function InitializeAcl(var pAcl: TACL; nAclLength, dwAclRevision: DWORD): BOOL;
Description: To be documented


[Expand] 
function GetAclInformation(const pAcl: TACL; pAclInformation: Pointer; nAclInformationLength: DWORD; dwAclInformationClass: TAclInformationClass): BOOL;
Description: To be documented


[Expand] 
function SetAclInformation(var pAcl: TACL; pAclInformation: Pointer; nAclInformationLength: DWORD; dwAclInformationClass: TAclInformationClass): BOOL;
Description: To be documented


[Expand] 
function AddAce(var pAcl: TACL; dwAceRevision, dwStartingAceIndex: DWORD; pAceList: Pointer; nAceListLength: DWORD): BOOL;
Description: To be documented


[Expand] 
function DeleteAce(var pAcl: TACL; dwAceIndex: DWORD): BOOL;
Description: To be documented


[Expand] 
function GetAce(const pAcl: TACL; dwAceIndex: DWORD; var pAce: Pointer): BOOL;
Description: To be documented


[Expand] 
function AddAccessAllowedAce(var pAcl: TACL; dwAceRevision: DWORD; AccessMask: DWORD; Sid: PSID): BOOL;
Description: To be documented


[Expand] 
function AddAccessAllowedAceEx(var pAcl: TACL; dwAceRevision: DWORD; AceFlags: DWORD; AccessMask: DWORD; Sid: PSID): BOOL;
Description: To be documented


[Expand] 
function AddAccessDeniedAce(var pAcl: TACL; dwAceRevision: DWORD; AccessMask: DWORD; Sid: PSID): BOOL;
Description: To be documented


[Expand] 
function AddAccessDeniedAceEx(var pAcl: TACL; dwAceRevision: DWORD; AceFlags: DWORD; AccessMask: DWORD; Sid: PSID): BOOL;
Description: To be documented


[Expand] 
function AddAuditAccessAce(var pAcl: TACL; dwAceRevision: DWORD; dwAccessMask: DWORD; Sid: PSID; bAuditSuccess, bAuditFailure: BOOL): BOOL;
Description: To be documented


[Expand] 
function AddAuditAccessAceEx(var pAcl: TACL; dwAceRevision: DWORD; AceFlags: DWORD; dwAccessMask: DWORD; Sid: PSID; bAuditSuccess, bAuditFailure: BOOL): BOOL;
Description: To be documented


[Expand] 
function AddAccessAllowedObjectAce(var pAcl: TACL; dwAceRevision: DWORD; AceFlags: DWORD; AccessMask: DWORD; ObjectTypeGuid, InheritedObjectTypeGuid: PGUID; Sid: PSID): BOOL;
Description: To be documented


[Expand] 
function AddAccessDeniedObjectAce(var pAcl: TACL; dwAceRevision: DWORD; AceFlags: DWORD; AccessMask: DWORD; ObjectTypeGuid, InheritedObjectTypeGuid: PGUID; Sid: PSID): BOOL;
Description: To be documented


[Expand] 
function AddAuditAccessObjectAce(var pAcl: TACL; dwAceRevision: DWORD; AceFlags: DWORD; AccessMask: DWORD; ObjectTypeGuid, InheritedObjectTypeGuid: PGUID; Sid: PSID; bAuditSuccess, bAuditFailure: BOOL): BOOL;
Description: To be documented


[Expand] 
function FindFirstFreeAce(var pAcl: TACL; var pAce: Pointer): BOOL;
Description: To be documented


[Expand] 
function InitializeSecurityDescriptor(pSecurityDescriptor: PSecurityDescriptor; dwRevision: DWORD): BOOL;
Description: To be documented


[Expand] 
function IsValidSecurityDescriptor(pSecurityDescriptor: PSecurityDescriptor): BOOL;
Description: To be documented


[Expand] 
function GetSecurityDescriptorLength(pSecurityDescriptor: PSecurityDescriptor): DWORD;
Description: To be documented


[Expand] 
function GetSecurityDescriptorControl(pSecurityDescriptor: PSecurityDescriptor; var pControl: SECURITY_DESCRIPTOR_CONTROL; var lpdwRevision: DWORD): BOOL;
Description: To be documented


[Expand] 
function SetSecurityDescriptorControl(pSecurityDescriptor: PSecurityDescriptor; ControlBitsOfInterest, ControlBitsToSet: SECURITY_DESCRIPTOR_CONTROL): BOOL;
Description: To be documented


[Expand] 
function GetSecurityDescriptorDacl(pSecurityDescriptor: PSecurityDescriptor; var lpbDaclPresent: BOOL; var pDacl: PACL; var lpbDaclDefaulted: BOOL): BOOL;
Description: To be documented


[Expand] 
function SetSecurityDescriptorDacl(pSecurityDescriptor: PSecurityDescriptor; bDaclPresent: BOOL; pDacl: PACL; bDaclDefaulted: BOOL): BOOL;
Description: To be documented


[Expand] 
function GetSecurityDescriptorSacl(pSecurityDescriptor: PSecurityDescriptor; var lpbSaclPresent: BOOL; var pSacl: PACL; var lpbSaclDefaulted: BOOL): BOOL;
Description: To be documented


[Expand] 
function SetSecurityDescriptorSacl(pSecurityDescriptor: PSecurityDescriptor; bSaclPresent: BOOL; pSacl: PACL; bSaclDefaulted: BOOL): BOOL;
Description: To be documented


[Expand] 
function GetSecurityDescriptorOwner(pSecurityDescriptor: PSecurityDescriptor; var pOwner: PSID; var lpbOwnerDefaulted: BOOL): BOOL;
Description: To be documented


[Expand] 
function SetSecurityDescriptorOwner(pSecurityDescriptor: PSecurityDescriptor; pOwner: PSID; bOwnerDefaulted: BOOL): BOOL;
Description: To be documented


[Expand] 
function GetSecurityDescriptorGroup(pSecurityDescriptor: PSecurityDescriptor; var pGroup: PSID; var lpbGroupDefaulted: BOOL): BOOL;
Description: To be documented


[Expand] 
function SetSecurityDescriptorGroup(pSecurityDescriptor: PSecurityDescriptor; pGroup: PSID; bGroupDefaulted: BOOL): BOOL;
Description: To be documented


[Expand] 
function MakeSelfRelativeSD(pAbsoluteSecurityDescriptor: PSecurityDescriptor; pSelfRelativeSecurityDescriptor: PSecurityDescriptor; var lpdwBufferLength: DWORD): BOOL;
Description: To be documented


[Expand] 
function MakeAbsoluteSD(pSelfRelativeSecurityDescriptor: PSecurityDescriptor; pAbsoluteSecurityDescriptor: PSecurityDescriptor; var lpdwAbsoluteSecurityDescriptorSi: DWORD; var pDacl: TACL; var lpdwDaclSize: DWORD; var pSacl: TACL; var lpdwSaclSize: DWORD; pOwner: PSID; var lpdwOwnerSize: DWORD; pPrimaryGroup: PSID; var lpdwPrimaryGroupSize: DWORD): BOOL;
Description: To be documented


[Expand] 
function MakeAbsoluteSD2(pSelfRelativeSecurityDescriptor: PSecurityDescriptor; var lpdwBufferSize: DWORD): BOOL;
Description: To be documented


Security helper functions

[Expand] 
function SplitStringSid(const StringSid:String):TStringList;
Description: To be documented


[Expand] 
function CreateDefaultSid(var pCreatedSid: PSID): BOOL;
Description: To be documented


[Expand] 
function DestroyDefaultSid(pDefaultSid: PSID): BOOL;
Description: To be documented


[Expand] 
function CreateDefaultSecurityDescriptor(var pCreatedSecurityDescriptor: PSecurityDescriptor; bFolder: BOOL): BOOL;
Description: To be documented


[Expand] 
function DestroyDefaultSecurityDescriptor(pDefaultSecurityDescriptor: PSecurityDescriptor): BOOL;
Description: To be documented


[Expand] 
function CreateInheritedSecurityDescriptorNT(pParentSecurityDescriptor: PSecurityDescriptor; var pCreatedSecurityDescriptor: PSecurityDescriptor): BOOL;
Description: To be documented


[Expand] 
function CreateInheritedSecurityDescriptor2K(pParentSecurityDescriptor: PSecurityDescriptor; var pCreatedSecurityDescriptor: PSecurityDescriptor): BOOL;
Description: To be documented


[Expand] 
function CreateMergedSecurityDescriptor2K(pParentSecurityDescriptor, pChildSecurityDescriptor: PSecurityDescriptor; var pCreatedSecurityDescriptor: PSecurityDescriptor): BOOL;
Description: To be documented


[Expand] 
function DestroyInheritedSecurityDescriptor(pInheritedSecurityDescriptor: PSecurityDescriptor): BOOL;
Description: To be documented


[Expand] 
function DestroyMergedSecurityDescriptor(pMergedSecurityDescriptor: PSecurityDescriptor): BOOL;
Description: To be documented


Return to Unit Reference

Retrieved from "https://ultibo.org/mediawiki_ultibo_org/index.php?title=Unit_Security&oldid=3100"