https://git.reactos.org/?p=reactos.git;a=commitdiff;h=a15e2472b80280c70be970...

commit a15e2472b80280c70be9706d014fc23ed400fc7f Author: George Bișoc george.bisoc@reactos.org AuthorDate: Tue Oct 19 11:22:12 2021 +0200 Commit: George Bișoc george.bisoc@reactos.org CommitDate: Sun Nov 7 14:14:18 2021 +0100

[SDK][NDK][XDK] Add the privilege flags needed for token filtering

These are needed for CreateRestrictedToken, NtFilterToken and SeFilterToken respectively. See the link down below for more information. https://docs.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securi... --- sdk/include/ndk/setypes.h | 10 ++++++++++ sdk/include/xdk/setypes.h | 13 +++++++++++++ 2 files changed, 23 insertions(+)

diff --git a/sdk/include/ndk/setypes.h b/sdk/include/ndk/setypes.h index b89dff14417..b76b0a144ff 100644 --- a/sdk/include/ndk/setypes.h +++ b/sdk/include/ndk/setypes.h @@ -108,6 +108,16 @@ typedef struct _TOKEN_ACCESS_INFORMATION SE_GROUP_INTEGRITY | \ SE_GROUP_INTEGRITY_ENABLED)

+// +// Privilege token filtering flags +// +#define DISABLE_MAX_PRIVILEGE 0x1 +#define SANDBOX_INERT 0x2 +#if (NTDDI_VERSION >= NTDDI_LONGHORN) +#define LUA_TOKEN 0x4 +#define WRITE_RESTRICTED 0x8 +#endif + // // Proxy Class enumeration // diff --git a/sdk/include/xdk/setypes.h b/sdk/include/xdk/setypes.h index 5037c1e3513..763906c40d1 100644 --- a/sdk/include/xdk/setypes.h +++ b/sdk/include/xdk/setypes.h @@ -147,6 +147,19 @@ typedef struct _SE_IMPERSONATION_STATE { #define SEF_MACL_VALID_FLAGS (SEF_MACL_NO_WRITE_UP | SEF_MACL_NO_READ_UP | SEF_MACL_NO_EXECUTE_UP)

$endif (_WDMDDK_ || _WINNT_) + +$if (_WINNT_) + +/* Privilege token filtering flags */ +#define DISABLE_MAX_PRIVILEGE 0x1 +#define SANDBOX_INERT 0x2 +#if (NTDDI_VERSION >= NTDDI_LONGHORN) +#define LUA_TOKEN 0x4 +#define WRITE_RESTRICTED 0x8 +#endif + +$endif (_WINNT_) + $if (_WDMDDK_)

typedef enum _SECURITY_OPERATION_CODE {