windows_permissions/
constants.rs

1//! Constants related to Windows security.
2
3#![allow(non_upper_case_globals)]
4#![allow(missing_docs)]
5
6use winapi::um::accctrl::*;
7use winapi::um::minwinbase::*;
8use winapi::um::winnt::*;
9
10/// Create an enum from a list of constants. Generated enums get a method
11/// `from_raw` that allows them to be converted from a value.
12macro_rules! constant_enum {
13    ( $name:ident; $int:ident; msdn: $msdn:expr; $( $item:ident),* ) => {
14        constant_enum!($name; $int;
15            doc: concat!("See [MSDN](", $msdn, ").");
16            $( $item ),*);
17    };
18    ( $name:ident; $int:ident; doc: $doc:expr; $( $item:ident),* ) => {
19        #[derive(Debug, PartialEq, Copy, Clone)]
20        #[allow(non_camel_case_types)]
21        #[repr(C)]
22        #[doc = $doc]
23        pub enum $name {
24
25        $(
26            $item = $item as isize,
27        )*
28
29        }
30
31        impl $name {
32            pub fn from_raw(raw: $int) -> Option<Self> {
33                match raw {
34                    $( $item => Some($name::$item), )*
35                    _ => None,
36                }
37            }
38        }
39    }
40}
41
42constant_enum!(TrusteeForm; u32;
43    msdn: "https://docs.microsoft.com/en-us/windows/win32/api/accctrl/ne-accctrl-trustee_form";
44    TRUSTEE_IS_SID,
45    TRUSTEE_IS_NAME,
46    TRUSTEE_BAD_FORM,
47    TRUSTEE_IS_OBJECTS_AND_SID,
48    TRUSTEE_IS_OBJECTS_AND_NAME);
49
50constant_enum!(TrusteeType; u32;
51    msdn: "https://docs.microsoft.com/en-us/windows/win32/api/accctrl/ne-accctrl-trustee_type";
52    TRUSTEE_IS_UNKNOWN,
53    TRUSTEE_IS_USER,
54    TRUSTEE_IS_GROUP,
55    TRUSTEE_IS_DOMAIN,
56    TRUSTEE_IS_ALIAS,
57    TRUSTEE_IS_WELL_KNOWN_GROUP,
58    TRUSTEE_IS_DELETED,
59    TRUSTEE_IS_INVALID,
60    TRUSTEE_IS_COMPUTER);
61
62constant_enum!(MultipleTrusteeOperation; u32;
63    msdn: "https://docs.microsoft.com/en-us/windows/win32/api/accctrl/ne-accctrl-multiple_trustee_operation";
64    NO_MULTIPLE_TRUSTEE,
65    TRUSTEE_IS_IMPERSONATE);
66
67constant_enum!(SeObjectType; u32;
68    msdn: "https://docs.microsoft.com/en-us/windows/win32/api/accctrl/ne-accctrl-se_object_type";
69    SE_UNKNOWN_OBJECT_TYPE,
70    SE_FILE_OBJECT,
71    SE_SERVICE,
72    SE_PRINTER,
73    SE_REGISTRY_KEY,
74    SE_LMSHARE,
75    SE_KERNEL_OBJECT,
76    SE_WINDOW_OBJECT,
77    SE_DS_OBJECT,
78    SE_DS_OBJECT_ALL,
79    SE_PROVIDER_DEFINED_OBJECT,
80    SE_WMIGUID_OBJECT,
81    SE_REGISTRY_WOW64_32KEY,
82    SE_REGISTRY_WOW64_64KEY);
83
84constant_enum!(AceType; u8;
85    msdn: "https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-ace_header#members";
86    ACCESS_ALLOWED_ACE_TYPE,
87    ACCESS_ALLOWED_CALLBACK_ACE_TYPE,
88    ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE,
89    ACCESS_ALLOWED_OBJECT_ACE_TYPE,
90    ACCESS_DENIED_ACE_TYPE,
91    ACCESS_DENIED_CALLBACK_ACE_TYPE,
92    ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE,
93    ACCESS_DENIED_OBJECT_ACE_TYPE,
94    SYSTEM_AUDIT_ACE_TYPE,
95    SYSTEM_AUDIT_CALLBACK_ACE_TYPE,
96    SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE,
97    SYSTEM_AUDIT_OBJECT_ACE_TYPE,
98    SYSTEM_MANDATORY_LABEL_ACE_TYPE,
99    SYSTEM_RESOURCE_ATTRIBUTE_ACE_TYPE,
100    SYSTEM_SCOPED_POLICY_ID_ACE_TYPE);
101
102constant_enum!(AclRevision; u8;
103    msdn: "https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-acl";
104    ACL_REVISION,
105    ACL_REVISION_DS);
106
107constant_enum!(SidNameUse; u32;
108    msdn: "https://docs.microsoft.com/en-us/windows/win32/api/winnt/ne-winnt-sid_name_use";
109    SidTypeUser,
110    SidTypeGroup,
111    SidTypeDomain,
112    SidTypeAlias,
113    SidTypeWellKnownGroup,
114    SidTypeDeletedAccount,
115    SidTypeInvalid,
116    SidTypeUnknown,
117    SidTypeComputer,
118    SidTypeLabel,
119    SidTypeLogonSession);
120
121bitflags! {
122    /// See the `AceFlags` available at [MSDN](https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-ace_header).
123    pub struct AceFlags: u8 {
124        const ContainerInherit = CONTAINER_INHERIT_ACE;
125        const ObjectInherit = OBJECT_INHERIT_ACE;
126        const NoPropagateInherit = NO_PROPAGATE_INHERIT_ACE;
127        const InheritOnly = INHERIT_ONLY_ACE;
128        const Inherited = INHERITED_ACE;
129        const SuccessfulAccess = SUCCESSFUL_ACCESS_ACE_FLAG;
130        const FailedAccess = FAILED_ACCESS_ACE_FLAG;
131    }
132}
133
134bitflags! {
135    /// See [MSDN](https://docs.microsoft.com/en-us/windows/win32/secauthz/security-information).
136    pub struct SecurityInformation: u32 {
137        const Attribute = ATTRIBUTE_SECURITY_INFORMATION;
138        const Backup = BACKUP_SECURITY_INFORMATION;
139        const Dacl = DACL_SECURITY_INFORMATION;
140        const Group = GROUP_SECURITY_INFORMATION;
141        const Label = LABEL_SECURITY_INFORMATION;
142        const Owner = OWNER_SECURITY_INFORMATION;
143        const ProtectedDacl = PROTECTED_DACL_SECURITY_INFORMATION;
144        const ProtectedSacl = PROTECTED_SACL_SECURITY_INFORMATION;
145        const Sacl = SACL_SECURITY_INFORMATION;
146        const Scope = SCOPE_SECURITY_INFORMATION;
147        const UnprotectedDacl = UNPROTECTED_DACL_SECURITY_INFORMATION;
148        const UnprotectedSacl = UNPROTECTED_SACL_SECURITY_INFORMATION;
149    }
150}
151
152bitflags! {
153    /// Flags indicating the right to access a resource.
154    ///
155    /// See [MSDN](https://docs.microsoft.com/en-us/windows/win32/secauthz/access-mask)
156    /// for details.
157    pub struct AccessRights: u32 {
158        // All
159        const All = 0xFFFF_FFFF;
160
161        // Bits 31-28: Generic rights
162        const GenericRead = GENERIC_READ;
163        const GenericWrite = GENERIC_WRITE;
164        const GenericExecute = GENERIC_EXECUTE;
165        const GenericAll = GENERIC_ALL;
166
167        // Bits 27-25: Reserved
168
169        // Bit 24: Access system security
170        const AccessSystemSecurity = ACCESS_SYSTEM_SECURITY;
171
172        // Bits 23-16: Standard access rights
173        const Delete = DELETE;
174        const ReadControl = READ_CONTROL;
175        const WriteDac = WRITE_DAC;
176        const WriteOwner = WRITE_OWNER;
177        const Synchronize = SYNCHRONIZE;
178        const StandardRightsRequired = STANDARD_RIGHTS_REQUIRED;
179        const StandardRightsRead = STANDARD_RIGHTS_READ;
180        const StandardRightsWrite = STANDARD_RIGHTS_WRITE;
181        const StandardRightsExecute = STANDARD_RIGHTS_EXECUTE;
182        const StartardRightsAll = STANDARD_RIGHTS_ALL;
183
184        // Object-specific access rights
185        const SpecificRightsAll = SPECIFIC_RIGHTS_ALL;
186        const Bit0  = 1 <<  0;
187        const Bit1  = 1 <<  1;
188        const Bit2  = 1 <<  2;
189        const Bit3  = 1 <<  3;
190        const Bit4  = 1 <<  4;
191        const Bit5  = 1 <<  5;
192        const Bit6  = 1 <<  6;
193        const Bit7  = 1 <<  7;
194        const Bit8  = 1 <<  8;
195        const Bit9  = 1 <<  9;
196        const Bit10 = 1 << 10;
197        const Bit11 = 1 << 11;
198        const Bit12 = 1 << 12;
199        const Bit13 = 1 << 13;
200        const Bit14 = 1 << 14;
201        const Bit15 = 1 << 15;
202
203        // File-specific access rights
204        const FileAllAccess = FILE_ALL_ACCESS;
205        const FileGenericRead = FILE_GENERIC_READ;
206        const FileGenericWrite = FILE_GENERIC_WRITE;
207        const FileGenericExecute = FILE_GENERIC_EXECUTE;
208
209        // Key-specific access rights
210        const KeyAllAccess = KEY_ALL_ACCESS;
211        const KeyRead = KEY_READ;
212        const KeyWrite = KEY_WRITE;
213        const KeyExecute = KEY_EXECUTE;
214
215        // Mandatory label access rights
216        const MandatoryLabelNoReadUp = SYSTEM_MANDATORY_LABEL_NO_READ_UP;
217        const MandatoryLabelNoWriteUp = SYSTEM_MANDATORY_LABEL_NO_WRITE_UP;
218        const MandatoryLabelNoExecuteUp = SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP;
219    }
220}
221
222bitflags! {
223    /// Flags indicating the settings for a local allocation.
224    ///
225    /// See the `uFlags` parameter at [MSDN](https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-localalloc#parameters).
226    pub struct LocalAllocFlags: u32 {
227        const Fixed = LMEM_FIXED;
228        const Moveable = LMEM_MOVEABLE;
229        const ZeroInit = LMEM_ZEROINIT;
230        const Discardable = LMEM_DISCARDABLE;
231        const NoCompact = LMEM_NOCOMPACT;
232        const NoDiscard = LMEM_NODISCARD;
233    }
234}
235
236#[cfg(test)]
237mod test {
238    const A: u8 = 5;
239    const B: u8 = 10;
240    const C: u8 = 15;
241    const INVALID: u8 = 100;
242
243    constant_enum!(TestEnum; u8; doc: "This is a test"; A, B, C);
244
245    #[test]
246    fn constant_enum_works() {
247        let enum_a = TestEnum::A;
248        let enum_b = TestEnum::B;
249        let enum_c = TestEnum::C;
250
251        assert_eq!(None, TestEnum::from_raw(INVALID));
252        assert_eq!(enum_a, TestEnum::from_raw(A).unwrap());
253        assert_eq!(enum_b, TestEnum::from_raw(B).unwrap());
254        assert_eq!(enum_c, TestEnum::from_raw(C).unwrap());
255    }
256}