Headers diff for authz.dll between 6.0.6002.18005-Windows 6.0 and 6.1.7600.16385-Windows 7.0 versions



 authz.h (6.0.6002.18005-Windows 6.0)   authz.h (6.1.7600.16385-Windows 7.0) 
skipping to change at line 204 skipping to change at line 204
// Callback free function takes in // Callback free function takes in
// pSidAttrArray - To be freed. This has been allocated by the compute // pSidAttrArray - To be freed. This has been allocated by the compute
// dynamic groups function. // dynamic groups function.
// //
typedef VOID (CALLBACK *PFN_AUTHZ_FREE_DYNAMIC_GROUPS) ( typedef VOID (CALLBACK *PFN_AUTHZ_FREE_DYNAMIC_GROUPS) (
IN PSID_AND_ATTRIBUTES pSidAttrArray IN PSID_AND_ATTRIBUTES pSidAttrArray
); );
// //
// BEGIN: *** (Subject) Security attributes ***
//
// WARNING!!!:
// These #defines and data structures exactly mirror
// the TOKEN_XXX definitions in ntseapi.w. Keep them
// in sync.
//
//
// Security attribute data types ...
//
#define AUTHZ_SECURITY_ATTRIBUTE_TYPE_INVALID 0x00
#define AUTHZ_SECURITY_ATTRIBUTE_TYPE_INT64 0x01
#define AUTHZ_SECURITY_ATTRIBUTE_TYPE_UINT64 0x02
//
// Case insensitive attribute value string by default.
// Unless the flag AUTHZ_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE
// is set indicating otherwise.
//
#define AUTHZ_SECURITY_ATTRIBUTE_TYPE_STRING 0x03
//
// Fully-qualified binary name.
//
typedef struct _AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE {
ULONG64 Version;
PWSTR pName;
} AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE, *PAUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE;
#define AUTHZ_SECURITY_ATTRIBUTE_TYPE_FQBN 0x04
//
// This is the 'catch all' type. The attribute manipulation
// code really doesn't care about the actual format of the
// value. Value subtypes are defined only for this type.
// Value subtypes permit easy addition of new subtypes
// without having to change the attribute manipulation
// (and WOW64 thunking!) code.
//
typedef struct _AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE {
PVOID pValue; // Pointer is BYTE aligned.
ULONG ValueLength; // In bytes
} AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE,
*PAUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE;
#define AUTHZ_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING 0x10
//
// Attribute operations that can be specified for a 'set' API:
//
typedef enum {
//
// No-op
//
AUTHZ_SECURITY_ATTRIBUTE_OPERATION_NONE = 0,
//
// Delete all existing security attributes and their values in
// the NT token and replace it with the specified attributes/values.
// If attributes to replace with are not specified, all existing
// attributes and values are deleted.
//
// This operation can be specified at most once and must be the
// only operation specified.
//
AUTHZ_SECURITY_ATTRIBUTE_OPERATION_REPLACE_ALL,
//
// Add a new attribute or a new value to an existing attribute.
// If the value specified for any attribute already exists for
// that attribute, the call fails.
//
AUTHZ_SECURITY_ATTRIBUTE_OPERATION_ADD,
//
// Delete the specified value(s) of the specified attribute(s).
// If the last value is deleted from an attribute, the attribute
// itself is removed. If no matching attribute name was found, no
// modifications are done and the call fails. If no value is specified
// for the attribute, the attribute itself will be deleted.
//
AUTHZ_SECURITY_ATTRIBUTE_OPERATION_DELETE,
//
// The value(s) of the specified security attribute(s) completely
// replace(s) the existing value(s) of the attribute(s). If the
// attribute does not already exist, it is added. When no value
// is specified, the attribute is deleted, if it exists; otherwise,
// the operation is simply ignored and no failure is reported.
//
AUTHZ_SECURITY_ATTRIBUTE_OPERATION_REPLACE
} AUTHZ_SECURITY_ATTRIBUTE_OPERATION, *PAUTHZ_SECURITY_ATTRIBUTE_OPERATION;
//
// An individual security attribute.
//
typedef struct _AUTHZ_SECURITY_ATTRIBUTE_V1 {
//
// Name of the attribute.
// Case insensitive Windows Unicode string.
//
PWSTR pName;
//
// Data type of attribute.
//
USHORT ValueType;
//
// Pass 0 in a set operation and check for 0 in
// a get operation.
//
USHORT Reserved;
//
// Attribute must not be inherited across process spawns.
//
#define AUTHZ_SECURITY_ATTRIBUTE_NON_INHERITABLE 0x0001
//
// Attribute value is compared in a case sensitive way. It is valid with string
value
// or composite type containing string value. For other types of value, this fl
ag
// will be ignored. Currently, it is valid with the two types:
// AUTHZ_SECURITY_ATTRIBUTE_TYPE_STRING and AUTHZ_SECURITY_ATTRIBUTE_TYPE_FQBN.
//
#define AUTHZ_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE 0x0002
#define AUTHZ_SECURITY_ATTRIBUTE_VALID_FLAGS ( \
AUTHZ_SECURITY_ATTRIBUTE_NON_INHERITABLE | \
AUTHZ_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE \
)
ULONG Flags;
//
// Number of values.
//
ULONG ValueCount;
//
// The actual value itself.
//
union {
PLONG64 pInt64;
PULONG64 pUint64;
PWSTR *ppString;
PAUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE pFqbn;
PAUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE pOctetString;
} Values;
} AUTHZ_SECURITY_ATTRIBUTE_V1, *PAUTHZ_SECURITY_ATTRIBUTE_V1;
//
// Set of security attributes.
//
typedef struct _AUTHZ_SECURITY_ATTRIBUTES_INFORMATION {
//
// Versioning. The interpretation of the pointers in the
// Attribute field below is dependent on the version field.
//
// Get operations return the version while the set operation
// MUST specify the version of the data structure passed in.
//
#define AUTHZ_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1 1
#define AUTHZ_SECURITY_ATTRIBUTES_INFORMATION_VERSION \
AUTHZ_SECURITY_ATTRIBUTES_INFORMATION_VERSION_V1
//
// MUST BE first.
//
USHORT Version;
//
// Pass 0 in set operations and ignore on get operations.
//
USHORT Reserved;
ULONG AttributeCount;
union {
PAUTHZ_SECURITY_ATTRIBUTE_V1 pAttributeV1;
} Attribute;
} AUTHZ_SECURITY_ATTRIBUTES_INFORMATION,
*PAUTHZ_SECURITY_ATTRIBUTES_INFORMATION;
//
// Valid flags for AuthzAccessCheck // Valid flags for AuthzAccessCheck
// //
#define AUTHZ_ACCESS_CHECK_NO_DEEP_COPY_SD 0x00000001 #define AUTHZ_ACCESS_CHECK_NO_DEEP_COPY_SD 0x00000001
AUTHZAPI AUTHZAPI
BOOL BOOL
WINAPI WINAPI
AuthzAccessCheck( AuthzAccessCheck(
IN DWORD Flags, IN DWORD Flags,
skipping to change at line 334 skipping to change at line 545
AuthzAddSidsToContext( AuthzAddSidsToContext(
IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
IN PSID_AND_ATTRIBUTES Sids OPTIONAL, IN PSID_AND_ATTRIBUTES Sids OPTIONAL,
IN DWORD SidCount, IN DWORD SidCount,
IN PSID_AND_ATTRIBUTES RestrictedSids OPTIONAL, IN PSID_AND_ATTRIBUTES RestrictedSids OPTIONAL,
IN DWORD RestrictedSidCount, IN DWORD RestrictedSidCount,
OUT PAUTHZ_CLIENT_CONTEXT_HANDLE phNewAuthzClientContext OUT PAUTHZ_CLIENT_CONTEXT_HANDLE phNewAuthzClientContext
); );
// //
// API to modify security attributes in AUTHZ client context.
//
AUTHZAPI
BOOL
WINAPI
AuthzModifySecurityAttributes(
__in AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
__in PAUTHZ_SECURITY_ATTRIBUTE_OPERATION pOperations,
__in PAUTHZ_SECURITY_ATTRIBUTES_INFORMATION pAttributes
);
//
// Enumeration type to be used to specify the type of information to be // Enumeration type to be used to specify the type of information to be
// retrieved from an existing AuthzClientContext. // retrieved from an existing AuthzClientContext.
// //
typedef enum _AUTHZ_CONTEXT_INFORMATION_CLASS typedef enum _AUTHZ_CONTEXT_INFORMATION_CLASS
{ {
AuthzContextInfoUserSid = 1, AuthzContextInfoUserSid = 1,
AuthzContextInfoGroupsSids, AuthzContextInfoGroupsSids,
AuthzContextInfoRestrictedSids, AuthzContextInfoRestrictedSids,
AuthzContextInfoPrivileges, AuthzContextInfoPrivileges,
AuthzContextInfoExpirationTime, AuthzContextInfoExpirationTime,
AuthzContextInfoServerContext, AuthzContextInfoServerContext,
AuthzContextInfoIdentifier, AuthzContextInfoIdentifier,
AuthzContextInfoSource, AuthzContextInfoSource,
AuthzContextInfoAll, AuthzContextInfoAll,
AuthzContextInfoAuthenticationId AuthzContextInfoAuthenticationId,
AuthzContextInfoSecurityAttributes
} AUTHZ_CONTEXT_INFORMATION_CLASS; } AUTHZ_CONTEXT_INFORMATION_CLASS;
AUTHZAPI AUTHZAPI
BOOL BOOL
WINAPI WINAPI
AuthzGetInformationFromContext( AuthzGetInformationFromContext(
IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
IN AUTHZ_CONTEXT_INFORMATION_CLASS InfoClass, IN AUTHZ_CONTEXT_INFORMATION_CLASS InfoClass,
IN DWORD BufferSize, IN DWORD BufferSize,
OUT PDWORD pSizeRequired, OUT PDWORD pSizeRequired,
skipping to change at line 430 skipping to change at line 655
AuthzAuditEventInfoFlags = 1, AuthzAuditEventInfoFlags = 1,
AuthzAuditEventInfoOperationType, AuthzAuditEventInfoOperationType,
AuthzAuditEventInfoObjectType, AuthzAuditEventInfoObjectType,
AuthzAuditEventInfoObjectName, AuthzAuditEventInfoObjectName,
AuthzAuditEventInfoAdditionalInfo, AuthzAuditEventInfoAdditionalInfo,
} AUTHZ_AUDIT_EVENT_INFORMATION_CLASS; } AUTHZ_AUDIT_EVENT_INFORMATION_CLASS;
AUTHZAPI AUTHZAPI
BOOL BOOL
WINAPI WINAPI
AuthzGetInformationFromAuditEvent(
IN AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent,
IN AUTHZ_AUDIT_EVENT_INFORMATION_CLASS InfoClass,
IN DWORD BufferSize,
OUT PDWORD pSizeRequired,
OUT PVOID Buffer
);
AUTHZAPI
BOOL
WINAPI
AuthzFreeAuditEvent( AuthzFreeAuditEvent(
IN AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent IN AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent
); );
// //
// Support for SACL evaluation // Support for SACL evaluation
// //
AUTHZAPI AUTHZAPI
BOOL BOOL
 End of changes. 4 change blocks. 
12 lines changed or deleted 228 lines changed or added

This html diff was produced by rfcdiff 1.41.