Documentation ¶
Overview ¶
The dtyp package implements the DTYP client protocol.
Introduction ¶
This document provides a collection of commonly used data types, which are categorized into two basic types: common base types and common data types. The common base types are those types that Microsoft compilers natively support. The common data types are data types that are frequently used by many protocols. These data types are user-defined types.
Overview ¶
Two types of data structures are specified in this document: data structures that are specified in terms of the wire format and data structures that are RPC-marshaled as specified in [MS-RPCE]. The latter are specified by using the Interface Definition Language (IDL) that is defined in [MS-RPCE] section 2.2.4.
For some types of data, both formats are shown. For example, both formats are shown if some protocols use the raw wire format but other protocols use the RPC-marshaled format. Any protocol that uses a data structure name in its IDL necessarily implies the use of the IDL version of the data structure. Any other use implies the use of the wire format version unless otherwise specified by the protocol that uses the data structure.
Index ¶
- Variables
- type ACEHeader
- type ACL
- type ClaimSecurityAttributeOctetStringRelative
- type ClaimSecurityAttributeRelativeV1
- type ClaimSecurityAttributeRelativeV1_Values
- type ClassID
- type EventDescriptor
- type EventHeader
- type EventHeader_Field10
- type EventHeader_Field10_Field1
- type Filetime
- type GUID
- type LUID
- type LargeInteger
- type MandatoryInformation
- type Multistring
- type ObjectTypeList
- type SID
- func (o *SID) Bytes() ([]byte, error)
- func (o *SID) DecodeBinary(b []byte) error
- func (o *SID) MarshalJSON() ([]byte, error)
- func (o *SID) MarshalNDR(ctx context.Context, w ndr.Writer) error
- func (o *SID) NDRSizeInfo() []uint64
- func (o *SID) Parse(s string) error
- func (o *SID) String() string
- func (o *SID) UnmarshalNDR(ctx context.Context, w ndr.Reader) error
- type SIDIDAuthority
- type SecurityDescriptor
- type ServerInfo100
- type ServerInfo101
- type SystemMandatoryLabelACE
- type SystemTime
- type TokenMandatoryPolicy
- type UUID
- type Uint128
- type UlargeInteger
- type UnicodeString
Constants ¶
This section is empty.
Variables ¶
var (
// import guard
GoPackage = "dtyp"
)
Functions ¶
This section is empty.
Types ¶
type ACEHeader ¶
type ACEHeader struct { // AceType (1 byte): An unsigned 8-bit integer that specifies the ACE types. This field // MUST be one of the following values. // // +----------------------------------------------+----------------------------------------------------------------------------------+ // | | | // | VALUE | MEANING | // | | | // +----------------------------------------------+----------------------------------------------------------------------------------+ // +----------------------------------------------+----------------------------------------------------------------------------------+ // | ACCESS_ALLOWED_ACE_TYPE 0x00 | Access-allowed ACE that uses the ACCESS_ALLOWED_ACE (section 2.4.4.2) structure. | // +----------------------------------------------+----------------------------------------------------------------------------------+ // | ACCESS_DENIED_ACE_TYPE 0x01 | Access-denied ACE that uses the ACCESS_DENIED_ACE (section 2.4.4.4) structure. | // +----------------------------------------------+----------------------------------------------------------------------------------+ // | SYSTEM_AUDIT_ACE_TYPE 0x02 | System-audit ACE that uses the SYSTEM_AUDIT_ACE (section 2.4.4.10) structure. | // +----------------------------------------------+----------------------------------------------------------------------------------+ // | SYSTEM_ALARM_ACE_TYPE 0x03 | Reserved for future use. | // +----------------------------------------------+----------------------------------------------------------------------------------+ // | ACCESS_ALLOWED_COMPOUND_ACE_TYPE 0x04 | Reserved for future use. | // +----------------------------------------------+----------------------------------------------------------------------------------+ // | ACCESS_ALLOWED_OBJECT_ACE_TYPE 0x05 | Object-specific access-allowed ACE that uses the ACCESS_ALLOWED_OBJECT_ACE | // | | (section 2.4.4.3) structure.<45> | // +----------------------------------------------+----------------------------------------------------------------------------------+ // | ACCESS_DENIED_OBJECT_ACE_TYPE 0x06 | Object-specific access-denied ACE that uses the ACCESS_DENIED_OBJECT_ACE | // | | (section 2.4.4.5) structure.<46> | // +----------------------------------------------+----------------------------------------------------------------------------------+ // | SYSTEM_AUDIT_OBJECT_ACE_TYPE 0x07 | Object-specific system-audit ACE that uses the SYSTEM_AUDIT_OBJECT_ACE (section | // | | 2.4.4.11) structure.<47> | // +----------------------------------------------+----------------------------------------------------------------------------------+ // | SYSTEM_ALARM_OBJECT_ACE_TYPE 0x08 | Reserved for future use. | // +----------------------------------------------+----------------------------------------------------------------------------------+ // | ACCESS_ALLOWED_CALLBACK_ACE_TYPE 0x09 | Access-allowed callback ACE that uses the ACCESS_ALLOWED_CALLBACK_ACE (section | // | | 2.4.4.6) structure.<48> | // +----------------------------------------------+----------------------------------------------------------------------------------+ // | ACCESS_DENIED_CALLBACK_ACE_TYPE 0x0A | Access-denied callback ACE that uses the ACCESS_DENIED_CALLBACK_ACE (section | // | | 2.4.4.7) structure.<49> | // +----------------------------------------------+----------------------------------------------------------------------------------+ // | ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE 0x0B | Object-specific access-allowed callback ACE that uses the | // | | ACCESS_ALLOWED_CALLBACK_OBJECT_ACE (section 2.4.4.8) structure.<50> | // +----------------------------------------------+----------------------------------------------------------------------------------+ // | ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE 0x0C | Object-specific access-denied callback ACE that uses the | // | | ACCESS_DENIED_CALLBACK_OBJECT_ACE (section 2.4.4.9) structure.<51> | // +----------------------------------------------+----------------------------------------------------------------------------------+ // | SYSTEM_AUDIT_CALLBACK_ACE_TYPE 0x0D | System-audit callback ACE that uses the SYSTEM_AUDIT_CALLBACK_ACE (section | // | | 2.4.4.12) structure.<52> | // +----------------------------------------------+----------------------------------------------------------------------------------+ // | SYSTEM_ALARM_CALLBACK_ACE_TYPE 0x0E | Reserved for future use. | // +----------------------------------------------+----------------------------------------------------------------------------------+ // | SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE 0x0F | Object-specific system-audit callback ACE that uses the | // | | SYSTEM_AUDIT_CALLBACK_OBJECT_ACE (section 2.4.4.14) structure. | // +----------------------------------------------+----------------------------------------------------------------------------------+ // | SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE 0x10 | Reserved for future use. | // +----------------------------------------------+----------------------------------------------------------------------------------+ // | SYSTEM_MANDATORY_LABEL_ACE_TYPE 0x11 | Mandatory label ACE that uses the SYSTEM_MANDATORY_LABEL_ACE (section 2.4.4.13) | // | | structure. | // +----------------------------------------------+----------------------------------------------------------------------------------+ // | SYSTEM_RESOURCE_ATTRIBUTE_ACE_TYPE 0x12 | Resource attribute ACE that uses the SYSTEM_RESOURCE_ATTRIBUTE_ACE (section | // | | 2.4.4.15) | // +----------------------------------------------+----------------------------------------------------------------------------------+ // | SYSTEM_SCOPED_POLICY_ID_ACE_TYPE 0x13 | A central policy ID ACE that uses the SYSTEM_SCOPED_POLICY_ID_ACE (section | // | | 2.4.4.16) | // +----------------------------------------------+----------------------------------------------------------------------------------+ ACEType uint8 `idl:"name:AceType" json:"ace_type"` // AceFlags (1 byte): An unsigned 8-bit integer that specifies a set of ACE type-specific // control flags. This field can be a combination of the following values. // // +---------------------------------+----------------------------------------------------------------------------------+ // | | | // | VALUE | MEANING | // | | | // +---------------------------------+----------------------------------------------------------------------------------+ // +---------------------------------+----------------------------------------------------------------------------------+ // | CONTAINER_INHERIT_ACE 0x02 | Child objects that are containers, such as directories, inherit the | // | | ACE as an effective ACE. The inherited ACE is inheritable unless the | // | | NO_PROPAGATE_INHERIT_ACE bit flag is also set. | // +---------------------------------+----------------------------------------------------------------------------------+ // | FAILED_ACCESS_ACE_FLAG 0x80 | Used with system-audit ACEs in a system access control list (SACL) to generate | // | | audit messages for failed access attempts. | // +---------------------------------+----------------------------------------------------------------------------------+ // | INHERIT_ONLY_ACE 0x08 | Indicates an inherit-only ACE, which does not control access to the object | // | | to which it is attached. If this flag is not set, the ACE is an effective ACE | // | | that controls access to the object to which it is attached. Both effective | // | | and inherit-only ACEs can be inherited depending on the state of the other | // | | inheritance flags. | // +---------------------------------+----------------------------------------------------------------------------------+ // | INHERITED_ACE 0x10 | Used to indicate that the ACE was inherited.<54> See section 2.5.3.5 for | // | | processing rules for setting this flag. | // +---------------------------------+----------------------------------------------------------------------------------+ // | NO_PROPAGATE_INHERIT_ACE 0x04 | If the ACE is inherited by a child object, the system clears the | // | | OBJECT_INHERIT_ACE and CONTAINER_INHERIT_ACE flags in the inherited ACE. This | // | | prevents the ACE from being inherited by subsequent generations of objects. | // +---------------------------------+----------------------------------------------------------------------------------+ // | OBJECT_INHERIT_ACE 0x01 | Noncontainer child objects inherit the ACE as an effective ACE. For child | // | | objects that are containers, the ACE is inherited as an inherit-only ACE unless | // | | the NO_PROPAGATE_INHERIT_ACE bit flag is also set. | // +---------------------------------+----------------------------------------------------------------------------------+ // | SUCCESSFUL_ACCESS_ACE_FLAG 0x40 | Used with system-audit ACEs in a SACL to generate audit messages for successful | // | | access attempts. | // +---------------------------------+----------------------------------------------------------------------------------+ ACEFlags uint8 `idl:"name:AceFlags" json:"ace_flags"` // AceSize (2 bytes): An unsigned 16-bit integer that specifies the size, in bytes, // of the ACE. The AceSize field can be greater than the sum of the individual fields, // but MUST be a multiple of 4 to ensure alignment on a DWORD boundary. In cases where // the AceSize field encompasses additional data for the callback ACEs types, that data // is implementation-specific. Otherwise, this additional data is not interpreted and // MUST be ignored. ACESize uint16 `idl:"name:AceSize" json:"ace_size"` }
ACEHeader structure represents ACE_HEADER RPC structure.
The ACE_HEADER structure defines the type and size of an access control entry (ACE).
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 1 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 2 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 3 | 1 | | | | | | | | | | | | 0 | | | | | | | | | | 0 | | | | | | | | | | 0 | | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | AceType | AceFlags | AceSize | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
The RPC representation of the ACE_HEADER defines the type and size of an ACE. The members and values are as specified in section 2.4.4.1.
func (*ACEHeader) MarshalNDR ¶
type ACL ¶
type ACL struct { // AclRevision (1 byte): An unsigned 8-bit value that specifies the revision of the // ACL. The only two legitimate forms of ACLs supported for on-the-wire management or // manipulation are type 2 and type 4. No other form is valid for manipulation on the // wire. Therefore this field MUST be set to one of the following values. // // +----------------------+----------------------------------------------------------------------------------+ // | | | // | VALUE | MEANING | // | | | // +----------------------+----------------------------------------------------------------------------------+ // +----------------------+----------------------------------------------------------------------------------+ // | ACL_REVISION 0x02 | When set to 0x02, only AceTypes 0x00, 0x01, 0x02, 0x03, 0x11, 0x12, and 0x13 can | // | | be present in the ACL. An AceType of 0x11 is used for SACLs but not for DACLs. | // | | For more information about ACE types, see section 2.4.4.1. | // +----------------------+----------------------------------------------------------------------------------+ // | ACL_REVISION_DS 0x04 | When set to 0x04, AceTypes 0x05, 0x06, 0x07, 0x08, and 0x11 are allowed. ACLs | // | | of revision 0x04 are applicable only to directory service objects. An AceType of | // | | 0x11 is used for SACLs but not for DACLs. | // +----------------------+----------------------------------------------------------------------------------+ ACLRevision uint8 `idl:"name:AclRevision" json:"acl_revision"` // Sbz1 (1 byte): An unsigned 8-bit value. This field is reserved and MUST be set to // zero. SBZ1 uint8 `idl:"name:Sbz1" json:"sbz1"` // AclSize (2 bytes): An unsigned 16-bit integer that specifies the size, in bytes, // of the complete ACL, including all ACEs. ACLSize uint16 `idl:"name:AclSize" json:"acl_size"` // AceCount (2 bytes): An unsigned 16-bit integer that specifies the count of the number // of ACE records in the ACL. ACECount uint16 `idl:"name:AceCount" json:"ace_count"` // Sbz2 (2 bytes): An unsigned 16-bit integer. This field is reserved and MUST be set // to zero. SBZ2 uint16 `idl:"name:Sbz2" json:"sbz2"` }
ACL structure represents ACL RPC structure.
The access control list (ACL) packet is used to specify a list of individual access control entries (ACEs). An ACL packet and an array of ACEs comprise a complete access control list.
The individual ACEs in an ACL are numbered from 0 to n, where n+1 is the number of ACEs in the ACL. When editing an ACL, an application refers to an ACE within the ACL by the ACE index.
In the absence of implementation-specific functions to access the individual ACEs, access to each ACE MUST be computed by using the AclSize and AceCount fields to parse the wire packets following the ACL to identify each ACE_HEADER, which in turn contains the information needed to obtain the specific ACEs.
An ACL is said to be in canonical form if:
* All explicit ACEs are placed before inherited ACEs.
* Within the explicit ACEs, deny ACEs come before grant ACEs.
* Deny ACEs on the object come before deny ACEs on a child or property.
* Grant ACEs on the object come before grant ACEs on a child or property.
* Inherited ACEs are placed in the order in which they were inherited.
There are two types of ACL:
* A discretionary access control list (DACL) ( a66edeb1-52a0-4d64-a93b-2f5c833d7d92#gt_d727f612-7a45-48e4-9d87-71735d62b321 ) is controlled by the owner of an object or anyone granted WRITE_DAC access to the object. It specifies the access particular users and groups can have to an object. For example, the owner of a file can use a DACL to control which users and groups can and cannot have access to the file.
* A system access control list (SACL) ( a66edeb1-52a0-4d64-a93b-2f5c833d7d92#gt_c189801e-3752-4715-88f4-17804dad5782 ) is similar to the DACL, except that the SACL is used to audit rather than control access to an object. When an audited action occurs, the operating system records the event in the security log. Each ACE in a SACL has a header that indicates whether auditing is triggered by success, failure, or both; a SID that specifies a particular user or security group to monitor; and an access mask that lists the operations to audit.
The SACL also MAY contain <71> ( 11e1608c-6169-4fbc-9c33-373fc9b224f4#Appendix_A_71 ) a label ACE that defines the integrity level of the object.
The only valid ACE types for a SACL are the auditing types (SYSTEM_AUDIT_ACE_TYPE, SYSTEM_AUDIT_OBJECT_ACE_TYPE, SYSTEM_AUDIT_CALLBACK_ACE_TYPE, and SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE), the label type (SYSTEM_MANDATORY_LABEL_ACE_TYPE), the system resource attribute type (SYSTEM_RESOURCE_ATTRIBUTE_ACE_TYPE), and the scoped policy type (SYSTEM_SCOPED_POLICY_ID_ACE_TYPE), as specified in section 2.4.4.1.
The SACL MUST NOT contain ACEs that belong in the DACL, and the DACL MUST NOT contain ACE types that belong in the SACL. Doing so results in unspecified behavior.
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 1 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 2 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 3 | 1 | | | | | | | | | | | | 0 | | | | | | | | | | 0 | | | | | | | | | | 0 | | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | AclRevision | Sbz1 | AclSize | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | AceCount | Sbz2 | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
The RPC representation of the ACL data type specifies the elements needed to access a complete access control list, including both the ACL header structure and the array of ACEs. The individual members are as specified in section 2.4.5.
The ACL structure MUST be aligned on a 32-bit boundary.
In the absence of implementation-specific functions to access the individual ACEs, access to each ACE MUST be computed by using the AclSize and AceCount members to parse the memory following the ACL to identify each ACE_HEADER, which in turn contains the information needed to obtain the specific ACEs.
type ClaimSecurityAttributeOctetStringRelative ¶
type ClaimSecurityAttributeOctetStringRelative struct { // Length: The length, in bytes, of the value contained in the OctetString field. Length uint32 `idl:"name:Length" json:"length"` // OctetString: An array of bytes containing the octet string value. The length of // the value is specified by the Length field. OctetString []byte `idl:"name:OctetString" json:"octet_string"` }
ClaimSecurityAttributeOctetStringRelative structure represents CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_RELATIVE RPC structure.
The CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_RELATIVE structure specifies an octet string.<78>
func (*ClaimSecurityAttributeOctetStringRelative) MarshalNDR ¶
func (*ClaimSecurityAttributeOctetStringRelative) NDRSizeInfo ¶
func (o *ClaimSecurityAttributeOctetStringRelative) NDRSizeInfo() []uint64
func (*ClaimSecurityAttributeOctetStringRelative) UnmarshalNDR ¶
type ClaimSecurityAttributeRelativeV1 ¶
type ClaimSecurityAttributeRelativeV1 struct { // Name: A DWORD value indicating an offset from the beginning of the CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 // structure to a string of Unicode characters containing the name of the claim security // attribute. The string MUST be at least 4 bytes in length. Name uint32 `idl:"name:Name" json:"name"` // ValueType: A union tag value indicating the type of information referred to by the // Values member. The Values member MUST be an array of offsets from the beginning of // the CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 structure to the specified ValueType. ValueType // MUST be one of the following values: // // +---------------------------------------------------+----------------------------------------------------------------------------------+ // | | | // | VALUE | MEANING | // | | | // +---------------------------------------------------+----------------------------------------------------------------------------------+ // +---------------------------------------------------+----------------------------------------------------------------------------------+ // | CLAIM_SECURITY_ATTRIBUTE_TYPE_INT64 0x0001 | Values member refers to an array of offsets to LONG64 value(s). | // +---------------------------------------------------+----------------------------------------------------------------------------------+ // | CLAIM_SECURITY_ATTRIBUTE_TYPE_UINT64 0x0002 | Values member refers to an array of offsets to ULONG64 value(s). | // +---------------------------------------------------+----------------------------------------------------------------------------------+ // | CLAIM_SECURITY_ATTRIBUTE_TYPE_STRING 0x0003 | Values member refers to an array of offsets to Unicode character string | // | | value(s). | // +---------------------------------------------------+----------------------------------------------------------------------------------+ // | CLAIM_SECURITY_ATTRIBUTE_TYPE_SID 0x0005 | The Values member refers to an array of offsets to | // | | CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_RELATIVE value(s) where the OctetString | // | | value is a SID string. | // +---------------------------------------------------+----------------------------------------------------------------------------------+ // | CLAIM_SECURITY_ATTRIBUTE_TYPE_BOOLEAN 0x0006 | The Values member refers to an array of offsets to ULONG64 values where each | // | | element indicates a Boolean value. The value 1 indicates TRUE, and the value 0 | // | | indicates FALSE. | // +---------------------------------------------------+----------------------------------------------------------------------------------+ // | CLAIM_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING 0x0010 | Values member contains an array of | // | | CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_RELATIVE value(s) as specified in section | // | | 2.4.10.2. | // +---------------------------------------------------+----------------------------------------------------------------------------------+ ValueType uint16 `idl:"name:ValueType" json:"value_type"` // Flags: The upper two bytes of this DWORD are available for application-specific // data. The two lowest-order bits in the lower of these two bytes are reserved. These // two bytes MAY<75> contain only one of the following values in those two bits: // // +----------------------------------------------------+-----------------------------------------------------------------------+ // | | | // | VALUE | MEANING | // | | | // +----------------------------------------------------+-----------------------------------------------------------------------+ // +----------------------------------------------------+-----------------------------------------------------------------------+ // | FCI_CLAIM_SECURITY_ATTRIBUTE_MANUAL 0x0001 | The CLAIM_SECURITY_ATTRIBUTE has been manually assigned | // +----------------------------------------------------+-----------------------------------------------------------------------+ // | FCI_CLAIM_SECURITY_ATTRIBUTE_POLICY_DERIVED 0x0002 | The CLAIM_SECURITY_ATTRIBUTE has been determined by a central policy. | // +----------------------------------------------------+-----------------------------------------------------------------------+ // // The lower two bytes of this DWORD MUST be zero or a bitwise combination of one or // more of the following values:<76> // // +------------------------------------------------------+----------------------------------------------------------------------------------+ // | | | // | VALUE | MEANING | // | | | // +------------------------------------------------------+----------------------------------------------------------------------------------+ // +------------------------------------------------------+----------------------------------------------------------------------------------+ // | CLAIM_SECURITY_ATTRIBUTE_NON_INHERITABLE 0x0001 | This claim security attribute is not inherited across processes.<77> | // +------------------------------------------------------+----------------------------------------------------------------------------------+ // | CLAIM_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE 0x0002 | The value of the claim security attribute is case sensitive. This flag is valid | // | | for values that contain string types. | // +------------------------------------------------------+----------------------------------------------------------------------------------+ // | CLAIM_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY 0x0004 | Reserved for future use. | // +------------------------------------------------------+----------------------------------------------------------------------------------+ // | CLAIM_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT 0x0008 | The claim security attribute is disabled by default. | // +------------------------------------------------------+----------------------------------------------------------------------------------+ // | CLAIM_SECURITY_ATTRIBUTE_DISABLED 0x0010 | Reserved for future use. | // +------------------------------------------------------+----------------------------------------------------------------------------------+ // | CLAIM_SECURITY_ATTRIBUTE_MANDATORY 0x0020 | The claim security attribute is mandatory. | // +------------------------------------------------------+----------------------------------------------------------------------------------+ Flags uint32 `idl:"name:Flags" json:"flags"` // ValueCount: The number of values contained in the Values member. ValueCount uint32 `idl:"name:ValueCount" json:"value_count"` // Values: An array of offsets from the beginning of the CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 // structure. Each offset indicates the location of a claim security attribute value // of type specified in the ValueType member. Values *ClaimSecurityAttributeRelativeV1_Values `idl:"name:Values" json:"values"` // contains filtered or unexported fields }
ClaimSecurityAttributeRelativeV1 structure represents CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 RPC structure.
The CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 structure defines a resource attribute that is defined in contiguous memory for persistence within a serialized Security Descriptor.
func (*ClaimSecurityAttributeRelativeV1) MarshalNDR ¶
func (*ClaimSecurityAttributeRelativeV1) UnmarshalNDR ¶
type ClaimSecurityAttributeRelativeV1_Values ¶
type ClaimSecurityAttributeRelativeV1_Values struct { Int64 []int64 `idl:"name:pInt64" json:"int64"` Uint64 []uint64 `idl:"name:pUint64" json:"uint64"` String []string `idl:"name:ppString" json:"string"` OctetString []*ClaimSecurityAttributeOctetStringRelative `idl:"name:pOctetString" json:"octet_string"` }
type EventDescriptor ¶
type EventDescriptor struct { // Id: The event identifier. ID uint16 `idl:"name:Id" json:"id"` // Version: The version of the event, which indicates a revision to the event definition. // The Version and Id members uniquely identify the event within the scope of a provider. Version uint8 `idl:"name:Version" json:"version"` // Channel: Defines the audience for the event (for example, administrator or developer). Channel uint8 `idl:"name:Channel" json:"channel"` // Level: Specifies the severity or level of detail included in the event (for example, // informational or fatal). Level uint8 `idl:"name:Level" json:"level"` // Opcode: Identifies a step in a sequence of operations being performed within a Task. Opcode uint8 `idl:"name:Opcode" json:"opcode"` // Task: Identifies a larger unit of work within an application or component (broader // in scope than the Opcode). Task uint16 `idl:"name:Task" json:"task"` // Keyword: A bitmask that specifies a logical group of related events. Each bit corresponds // to one group. An event can belong to one or more groups. The keyword can contain // one or more provider-defined keywords, standard keywords, or both. // // This structure represents an event defined in a manifest and is included in the EVENT_HEADER // structure. Keyword uint64 `idl:"name:Keyword" json:"keyword"` }
EventDescriptor structure represents EVENT_DESCRIPTOR RPC structure.
The EVENT_DESCRIPTOR structure specifies the metadata that defines an event.
func (*EventDescriptor) MarshalNDR ¶
func (*EventDescriptor) UnmarshalNDR ¶
type EventHeader ¶
type EventHeader struct { // Size: Size of the event record, in bytes. Size uint16 `idl:"name:Size" json:"size"` // HeaderType: Reserved. HeaderType uint16 `idl:"name:HeaderType" json:"header_type"` // Flags: Flags that provide information about the event such as the type of session // it was logged to and whether the event contains extended data. This member can contain // one or more of the following flags. // // +-----------------------------------+----------------------------------------------------------------------------------+ // | | | // | VALUE | MEANING | // | | | // +-----------------------------------+----------------------------------------------------------------------------------+ // +-----------------------------------+----------------------------------------------------------------------------------+ // | EVENT_HEADER_FLAG_EXTENDED_INFO | The ExtendedData member of the event record contains data. | // +-----------------------------------+----------------------------------------------------------------------------------+ // | EVENT_HEADER_FLAG_PRIVATE_SESSION | The event was logged to a private session. | // +-----------------------------------+----------------------------------------------------------------------------------+ // | EVENT_HEADER_FLAG_STRING_ONLY | The event data is a null-terminated Unicode string. | // +-----------------------------------+----------------------------------------------------------------------------------+ // | EVENT_HEADER_FLAG_TRACE_MESSAGE | The provider used an implementation-specific trace message function to log the | // | | event. Typically indicates that the event was written by the Windows software | // | | trace preprocessor. | // +-----------------------------------+----------------------------------------------------------------------------------+ // | EVENT_HEADER_FLAG_NO_CPUTIME | Indicates that elapsed execution time was not recorded; the ProcessorTime member | // | | can be used to determine the elapsed execution time. | // +-----------------------------------+----------------------------------------------------------------------------------+ // | EVENT_HEADER_FLAG_32_BIT_HEADER | Indicates that the provider was running on a 32-bit computer or in a WOW64 | // | | session. | // +-----------------------------------+----------------------------------------------------------------------------------+ // | EVENT_HEADER_FLAG_64_BIT_HEADER | Indicates that the provider was running on a 64-bit computer. | // +-----------------------------------+----------------------------------------------------------------------------------+ // | EVENT_HEADER_FLAG_DECODE_GUID | Indicates that the ProviderId member of the event record is a decode GUID rather | // | | than a control GUID.<2> | // +-----------------------------------+----------------------------------------------------------------------------------+ // | EVENT_HEADER_FLAG_CLASSIC_HEADER | Indicates that provider used a trace event function to log the event. | // +-----------------------------------+----------------------------------------------------------------------------------+ // | EVENT_HEADER_FLAG_PROCESSOR_INDEX | If this flag is set, the identifier for the CPU that logged the event MUST be | // | | accessed using the ProcessorIndex member of the BufferContext member of the | // | | event record. If this flag is not set, the identifier for the CPU that logged | // | | the event MUST be read from the ProcessorNumber member of the BufferContext | // | | member of the event record.<3> | // +-----------------------------------+----------------------------------------------------------------------------------+ Flags uint16 `idl:"name:Flags" json:"flags"` // EventProperty: Indicates the source to use for parsing the event data. // // +---------------------------------------+----------------------------------------------------------------------------------+ // | | | // | VALUE | MEANING | // | | | // +---------------------------------------+----------------------------------------------------------------------------------+ // +---------------------------------------+----------------------------------------------------------------------------------+ // | EVENT_HEADER_PROPERTY_XML | Indicates that you need a manifest to parse the event data. | // +---------------------------------------+----------------------------------------------------------------------------------+ // | EVENT_HEADER_PROPERTY_FORWARDED_XML | Indicates that the event data contains within itself a fully rendered XML | // | | description of the data, so you do not need a manifest to parse the event data. | // +---------------------------------------+----------------------------------------------------------------------------------+ // | EVENT_HEADER_PROPERTY_LEGACY_EVENTLOG | Indicates that you need a WMI MOF class to parse the event data. | // +---------------------------------------+----------------------------------------------------------------------------------+ EventProperty uint16 `idl:"name:EventProperty" json:"event_property"` // ThreadId: Identifies the thread that generated the event. ThreadID uint32 `idl:"name:ThreadId" json:"thread_id"` // ProcessId: Identifies the process that generated the event. ProcessID uint32 `idl:"name:ProcessId" json:"process_id"` // TimeStamp: Contains the time that the event occurred. The resolution is system time // unless the ProcessTraceMode member of EVENT_TRACE_LOGFILE contains the PROCESS_TRACE_MODE_RAW_TIMESTAMP // flag, in which case the resolution depends on the value of the Wnode.ClientContext // member of EVENT_TRACE_PROPERTIES at the time the controller created the session. Timestamp *LargeInteger `idl:"name:TimeStamp" json:"timestamp"` // ProviderId: GUID that uniquely identifies the provider that logged the event. ProviderID *GUID `idl:"name:ProviderId" json:"provider_id"` // EventDescriptor: Defines information about the event such as the event identifier // and severity level. EventDescriptor *EventDescriptor `idl:"name:EventDescriptor" json:"event_descriptor"` Field10 *EventHeader_Field10 `idl:"name:" json:""` // ActivityId: Identifier that relates two events. // // The KernelTime and UserTime members can be used to determine the CPU cost in units // for a set of instructions (the values indicate the CPU usage charged to that thread // at the time of logging). For example, if Event A and Event B are consecutively logged // by the same thread and they have CPU usage numbers 150 and 175, then the activity // that was performed by that thread between events A and B cost 25 CPU time units (175 // – 150). ActivityID *GUID `idl:"name:ActivityId" json:"activity_id"` }
EventHeader structure represents EVENT_HEADER RPC structure.
The EVENT_HEADER structure defines the main parameters of an event.
func (*EventHeader) MarshalNDR ¶
func (*EventHeader) UnmarshalNDR ¶
type EventHeader_Field10 ¶
type EventHeader_Field10 struct { Field1 *EventHeader_Field10_Field1 `idl:"name:" json:""` // ProcessorTime: For private sessions, the elapsed execution time for user-mode instructions, // in CPU ticks. ProcessorTime uint64 `idl:"name:ProcessorTime" json:"processor_time"` }
type EventHeader_Field10_Field1 ¶
type EventHeader_Field10_Field1 struct { // KernelTime: Elapsed execution time for kernel-mode instructions, in CPU time units. // For private sessions, the value in the ProcessorTime member can be used instead. KernelTime uint32 `idl:"name:KernelTime" json:"kernel_time"` // UserTime: Elapsed execution time for user-mode instructions, in CPU time units. // For private sessions, the value in the ProcessorTime member can be used instead. UserTime uint32 `idl:"name:UserTime" json:"user_time"` }
EventHeader_Field10_Field1 structure represents EVENT_HEADER structure anonymous member.
The EVENT_HEADER structure defines the main parameters of an event.
func (*EventHeader_Field10_Field1) MarshalNDR ¶
func (*EventHeader_Field10_Field1) UnmarshalNDR ¶
type Filetime ¶
type Filetime struct { // dwLowDateTime: A 32-bit unsigned integer that contains the low-order bits of the // file time. LowDateTime uint32 `idl:"name:dwLowDateTime" json:"low_date_time"` // dwHighDateTime: A 32-bit unsigned integer that contains the high-order bits of the // file time. HighDateTime uint32 `idl:"name:dwHighDateTime" json:"high_date_time"` }
Filetime structure represents FILETIME RPC structure.
The FILETIME structure is a 64-bit value that represents the number of 100-nanosecond intervals that have elapsed since January 1, 1601, Coordinated Universal Time (UTC).
func (*Filetime) DecodeBinary ¶
func (*Filetime) MarshalJSON ¶
func (*Filetime) MarshalNDR ¶
type GUID ¶
type GUID struct { // Data1 (4 bytes): The value of the Data1 member (section 2.3.4), in little-endian // byte order. // // Data1: This member is generally treated as an opaque value. This member is equivalent // to the time_low field of a DCE UUID ([C706] section A.1). Data1 uint32 `idl:"name:Data1" json:"data1"` // Data2 (2 bytes): The value of the Data2 member (section 2.3.4), in little-endian // byte order. // // Data2: This member is generally treated as an opaque value. This member is equivalent // to the time_mid field of a DCE UUID ([C706] section A.1). Data2 uint16 `idl:"name:Data2" json:"data2"` // Data3 (2 bytes): The value of the Data3 member (section 2.3.4), in little-endian // byte order. // // Data3: This member is generally treated as an opaque value. This member is equivalent // to the time_hi_and_version field of a DCE UUID ([C706] section A.1). Data3 uint16 `idl:"name:Data3" json:"data3"` // Data4 (8 bytes): The value of the Data4 member (section 2.3.4), in little-endian // byte order. // // Data4: This array is generally treated as a sequence of opaque values. This member // is equivalent to the following sequence of fields of a DCE UUID ([C706] section A.1) // in this order: clock_seq_hi_and_reserved, clock_seq_low, and the sequence of bytes // in the node field. Data4 []byte `idl:"name:Data4" json:"data4"` }
GUID structure represents GUID RPC structure.
The packet version is used within block protocols. The following diagram represents a GUID as an opaque sequence of bytes.
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 1 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 2 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 3 | 1 | | | | | | | | | | | | 0 | | | | | | | | | | 0 | | | | | | | | | | 0 | | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | Data1 | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | Data2 | Data3 | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | Data4 | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | ... | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
The following structure is an IDL representation of GUID equivalent to and compatible with a DCE UUID ([C706] section A.1) according to the following mappings.
func GUIDFromBytes ¶ added in v1.0.1
func GUIDFromUUID ¶
func (*GUID) MarshalJSON ¶
type LUID ¶
type LUID struct { // LowPart: The low-order bits of the structure. LowPart uint32 `idl:"name:LowPart" json:"low_part"` // HighPart: The high-order bits of the structure. HighPart int32 `idl:"name:HighPart" json:"high_part"` }
LUID structure represents LUID RPC structure.
The LUID structure is 64-bit value guaranteed to be unique only on the system on which it was generated. The uniqueness of a locally unique identifier (LUID) is guaranteed only until the system is restarted.
type LargeInteger ¶
type LargeInteger struct {
QuadPart int64 `idl:"name:QuadPart" json:"quad_part"`
}
LargeInteger structure represents LARGE_INTEGER RPC structure.
The LARGE_INTEGER structure is used to represent a 64-bit signed integer value.
func (*LargeInteger) MarshalNDR ¶
func (*LargeInteger) UnmarshalNDR ¶
type MandatoryInformation ¶
type MandatoryInformation struct { // AllowedAccess: The AllowedAccess member specifies the access mask that is used to // encode the user rights to an object. AllowedAccess uint32 `idl:"name:AllowedAccess" json:"allowed_access"` // WriteAllowed: Specifies write properties for the object. WriteAllowed bool `idl:"name:WriteAllowed" json:"write_allowed"` // ReadAllowed: Specifies read properties for the object. ReadAllowed bool `idl:"name:ReadAllowed" json:"read_allowed"` // ExecuteAllowed: Specifies execution properties for the object. ExecuteAllowed bool `idl:"name:ExecuteAllowed" json:"execute_allowed"` // MandatoryPolicy: Specifies the integrity policy for the object. MandatoryPolicy *TokenMandatoryPolicy `idl:"name:MandatoryPolicy" json:"mandatory_policy"` }
MandatoryInformation structure represents MANDATORY_INFORMATION RPC structure.
The MANDATORY_INFORMATION structure defines mandatory security information for a securable object.
func (*MandatoryInformation) MarshalNDR ¶
func (*MandatoryInformation) UnmarshalNDR ¶
type Multistring ¶
type Multistring struct { // Value: A data buffer, which is a string literal containing multiple null-terminated // strings serially. Value string `idl:"name:Value" json:"value"` // nChar: The length, in characters, including the two terminating nulls. CharCount uint32 `idl:"name:nChar" json:"char_count"` }
Multistring structure represents MULTI_SZ RPC structure.
The MULTI_SZ structure defines an implementation-specific<4> type that contains a sequence of null-terminated strings, terminated by an empty string (\0) so that the last two characters are both null terminators.
func (*Multistring) MarshalNDR ¶
func (*Multistring) UnmarshalNDR ¶
type ObjectTypeList ¶
type ObjectTypeList struct { // Level: Specifies the level of the object type in the hierarchy of an object and // its sub-objects. Level zero indicates the object itself. Level one indicates a sub-object // of the object, such as a property set. Level two indicates a sub-object of the level // one sub-object, such as a property. There can be a maximum of five levels numbered // zero through four. // // +------------------------------+--------------------------------------------+ // | | | // | VALUE | MEANING | // | | | // +------------------------------+--------------------------------------------+ // +------------------------------+--------------------------------------------+ // | ACCESS_OBJECT_GUID 0x0 | Indicates the object itself at level zero. | // +------------------------------+--------------------------------------------+ // | ACCESS_PROPERTY_SET_GUID 0x1 | Indicates a property set at level one. | // +------------------------------+--------------------------------------------+ // | ACCESS_PROPERTY_GUID 0x2 | Indicates a property at level two. | // +------------------------------+--------------------------------------------+ // | ACCESS_MAX_LEVEL 0x4 | Maximum level. | // +------------------------------+--------------------------------------------+ Level uint16 `idl:"name:Level" json:"level"` // Remaining: Remaining access bits for this element, used by the access check algorithm, // as specified in section 2.5.3.2. Remaining uint32 `idl:"name:Remaining" json:"remaining"` // ObjectType: A pointer to the GUID for the object or sub-object. ObjectType *GUID `idl:"name:ObjectType" json:"object_type"` }
ObjectTypeList structure represents OBJECT_TYPE_LIST RPC structure.
The OBJECT_TYPE_LIST structure identifies an object type element in a hierarchy of object types. The Access Check Algorithm Pseudocode functions (section 2.5.3.2) use an array of OBJECT_TYPE_LIST structures to define a hierarchy of an object and its sub-objects, such as property sets and properties.
func (*ObjectTypeList) MarshalNDR ¶
func (*ObjectTypeList) UnmarshalNDR ¶
type SID ¶
type SID struct { // Revision: An 8-bit unsigned integer that specifies the revision level of the SID. // This value MUST be set to 0x01. Revision uint8 `idl:"name:Revision" json:"revision"` // SubAuthorityCount: An 8-bit unsigned integer that specifies the number of elements // in the SubAuthority array. The maximum number of elements allowed is 15. SubAuthorityCount uint8 `idl:"name:SubAuthorityCount" json:"sub_authority_count"` // IdentifierAuthority: An RPC_SID_IDENTIFIER_AUTHORITY structure that indicates the // authority under which the SID was created. It describes the entity that created the // SID. The Identifier Authority value {0,0,0,0,0,5} denotes SIDs created by the NT // SID authority. IDAuthority *SIDIDAuthority `idl:"name:IdentifierAuthority" json:"id_authority"` // SubAuthority: A variable length array of unsigned 32-bit integers that uniquely // identifies a principal relative to the IdentifierAuthority. Its length is determined // by SubAuthorityCount. SubAuthority []uint32 `idl:"name:SubAuthority;size_is:(SubAuthorityCount)" json:"sub_authority"` }
SID structure represents RPC_SID RPC structure.
The RPC_SID structure is an IDL representation of the SID type (as specified in section 2.4.2) for use by RPC-based protocols.
func (*SID) DecodeBinary ¶
func (*SID) MarshalJSON ¶
func (*SID) NDRSizeInfo ¶
type SIDIDAuthority ¶
type SIDIDAuthority struct {
Value []byte `idl:"name:Value" json:"value"`
}
SIDIDAuthority structure represents RPC_SID_IDENTIFIER_AUTHORITY RPC structure.
The RPC_SID_IDENTIFIER_AUTHORITY structure is a representation of a security identifier (SID) authority, as specified by the SID_IDENTIFIER_AUTHORITY structure. This structure is defined in IDL as follows.
For individual member semantics of the SID_IDENTIFIER_AUTHORITY structure, see section 2.4.1.
func (*SIDIDAuthority) MarshalNDR ¶
func (*SIDIDAuthority) UnmarshalNDR ¶
type SecurityDescriptor ¶
type SecurityDescriptor struct { // Revision (1 byte): An unsigned 8-bit value that specifies the revision of the SECURITY_DESCRIPTOR // structure. This field MUST be set to one. // // Revision: As specified in section 2.4.6. Revision uint8 `idl:"name:Revision" json:"revision"` // Sbz1 (1 byte): An unsigned 8-bit value with no meaning unless the Control RM bit // is set to 0x1. If the RM bit is set to 0x1, Sbz1 is interpreted as the resource manager // control bits that contain specific information<73> for the specific resource manager // that is accessing the structure. The permissible values and meanings of these bits // are determined by the implementation of the resource manager. // // Sbz1: As specified in section 2.4.6. SBZ1 uint8 `idl:"name:Sbz1" json:"sbz1"` // Control (2 bytes): An unsigned 16-bit field that specifies control access bit flags. // The Self Relative (SR) bit MUST be set when the security descriptor is in self-relative // format. // // +-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+ // | | | | | | | | | | | | | | | | | // | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 1 | 1 | 2 | 3 | 4 | 5 | // | | | | | | | | | | | 0 | | | | | | // | | | | | | | | | | | | | | | | | // +-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+ // +-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+ // | S R | R M | P S | P D | S I | D I | S C | D C | S S | D T | S D | S P | D D | D P | G D | O D | // +-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+ // // Where the bits are defined as: // // +---------------------------------------+----------------------------------------------------------------------------------+ // | | | // | VALUE | DESCRIPTION | // | | | // +---------------------------------------+----------------------------------------------------------------------------------+ // +---------------------------------------+----------------------------------------------------------------------------------+ // | SR Self-Relative | Set when the security descriptor is in self-relative format. Cleared when the | // | | security descriptor is in absolute format. | // +---------------------------------------+----------------------------------------------------------------------------------+ // | RM RM Control Valid | Set to 0x1 when the Sbz1 field is to be interpreted as resource manager control | // | | bits. | // +---------------------------------------+----------------------------------------------------------------------------------+ // | PS SACL Protected | Set when the SACL will be protected from inherit operations. | // +---------------------------------------+----------------------------------------------------------------------------------+ // | PD DACL Protected | Set when the DACL will be protected from inherit operations. | // +---------------------------------------+----------------------------------------------------------------------------------+ // | SI SACL Auto-Inherited | Set when the SACL was created through inheritance. | // +---------------------------------------+----------------------------------------------------------------------------------+ // | DI DACL Auto-Inherited | Set when the DACL was created through inheritance. | // +---------------------------------------+----------------------------------------------------------------------------------+ // | SC SACL Computed Inheritance Required | Set when the SACL is to be computed through inheritance. When both SC and SI are | // | | set, the resulting security descriptor sets SI; the SC setting is not preserved. | // +---------------------------------------+----------------------------------------------------------------------------------+ // | DC DACL Computed Inheritance Required | Set when the DACL is to be computed through inheritance. When both DC and DI are | // | | set, the resulting security descriptor sets DI; the DC setting is not preserved. | // +---------------------------------------+----------------------------------------------------------------------------------+ // | SS Server Security | Set when the caller wants the system to create a Server ACL based on the input | // | | ACL, regardless of its source (explicit or defaulting). | // +---------------------------------------+----------------------------------------------------------------------------------+ // | DT DACL Trusted | Set when the ACL that is pointed to by the DACL field was provided by a trusted | // | | source and does not require any editing of compound ACEs. | // +---------------------------------------+----------------------------------------------------------------------------------+ // | SD SACL Defaulted | Set when the SACL was established by default means. | // +---------------------------------------+----------------------------------------------------------------------------------+ // | SP SACL Present | Set when the SACL is present on the object. | // +---------------------------------------+----------------------------------------------------------------------------------+ // | DD DACL Defaulted | Set when the DACL was established by default means. | // +---------------------------------------+----------------------------------------------------------------------------------+ // | DP DACL Present | Set when the DACL is present on the object. | // +---------------------------------------+----------------------------------------------------------------------------------+ // | GD Group Defaulted | Set when the group was established by default means. | // +---------------------------------------+----------------------------------------------------------------------------------+ // | OD Owner Defaulted | Set when the owner was established by default means. | // +---------------------------------------+----------------------------------------------------------------------------------+ // // Control: As specified in section 2.4.6. Control uint16 `idl:"name:Control" json:"control"` // Owner: Pointer to the Owner SID (OwnerSid), as specified in section 2.4.6. Owner *SID `idl:"name:Owner" json:"owner"` // Group: Pointer to the Group SID (GroupSid), as specified in section 2.4.6. Group *SID `idl:"name:Group" json:"group"` // Sacl (variable): The SACL of the object. The length of the SID MUST be a multiple // of 4. This field MUST be present if the SP flag is set. // // Sacl: Pointer to the Sacl, as specified in section 2.4.6. SACL *ACL `idl:"name:Sacl" json:"sacl"` // Dacl (variable): The DACL of the object. The length of the SID MUST be a multiple // of 4. This field MUST be present if the DP flag is set. // // Dacl: Pointer to the Dacl, as specified in section 2.4.6. DACL *ACL `idl:"name:Dacl" json:"dacl"` }
SecurityDescriptor structure represents SECURITY_DESCRIPTOR RPC structure.
The SECURITY_DESCRIPTOR structure defines the security attributes of an object. These attributes specify who owns the object; who can access the object and what they can do with it; what level of audit logging can be applied to the object; and what kind of restrictions apply to the use of the security descriptor.
Security descriptors appear in one of two forms, absolute or self-relative.
A security descriptor is said to be in absolute format if it stores all of its security information via pointer fields, as specified in the RPC representation in section 2.4.6.1.
A security descriptor is said to be in self-relative format if it stores all of its security information in a contiguous block of memory and expresses all of its pointer fields as offsets from its beginning. The order of appearance of pointer target fields is not required to be in any particular order; the location of the OwnerSid, GroupSid, Sacl, and/or Dacl is only based on OffsetOwner, OffsetGroup, OffsetSacl, and/or OffsetDacl pointers found in the fixed portion of the relative security descriptor.<72>
The self-relative form of the security descriptor is required if one wants to transmit the SECURITY_DESCRIPTOR structure as an opaque data structure for transmission in communication protocols over a wire, or for storage on secondary media; the absolute form cannot be transmitted because it contains pointers to objects that are generally not accessible to the recipient.
When a self-relative security descriptor is transmitted over a wire, it is sent in little-endian format and requires no padding.
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 1 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 2 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 3 | 1 | | | | | | | | | | | | 0 | | | | | | | | | | 0 | | | | | | | | | | 0 | | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | Revision | Sbz1 | Control | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | OffsetOwner | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | OffsetGroup | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | OffsetSacl | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | OffsetDacl | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | OwnerSid (variable) | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | ... | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | GroupSid (variable) | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | ... | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | Sacl (variable) | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | ... | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | Dacl (variable) | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | ... | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
The RPC representation of the SECURITY_DESCRIPTOR structure defines the in-memory representation of the SECURITY_DESCRIPTOR message. The individual member semantics for the Revision, Sbz1, Control, Owner, Group, Sacl and Dacl members are as specified in section 2.4.6, with the exceptions that Owner corresponds to OwnerSid, and Group corresponds to GroupSid, respectively.
func (*SecurityDescriptor) MarshalNDR ¶
func (*SecurityDescriptor) UnmarshalNDR ¶
type ServerInfo100 ¶
type ServerInfo100 struct { // sv100_platform_id: Specifies the information level to use for platform-specific // information. // // +-----------------+-------+ // | | | // | NAME | VALUE | // | | | // +-----------------+-------+ // +-----------------+-------+ // | PLATFORM_ID_DOS | 300 | // +-----------------+-------+ // | PLATFORM_ID_OS2 | 400 | // +-----------------+-------+ // | PLATFORM_ID_NT | 500 | // +-----------------+-------+ // | PLATFORM_ID_OSF | 600 | // +-----------------+-------+ // | PLATFORM_ID_VMS | 700 | // +-----------------+-------+ PlatformID uint32 `idl:"name:sv100_platform_id" json:"platform_id"` // sv100_name: A pointer to a null-terminated Unicode UTF-16 Internet host name or // NetBIOS host name of a server. Name string `idl:"name:sv100_name;string" json:"name"` }
ServerInfo100 structure represents SERVER_INFO_100 RPC structure.
The SERVER_INFO_100 structure contains information about the specified server, including the name and platform.
func (*ServerInfo100) MarshalNDR ¶
func (*ServerInfo100) UnmarshalNDR ¶
type ServerInfo101 ¶
type ServerInfo101 struct { // sv101_platform_id: Specifies the information level to use for platform-specific // information. // // +-----------------+-------+ // | | | // | NAME | VALUE | // | | | // +-----------------+-------+ // +-----------------+-------+ // | PLATFORM_ID_DOS | 300 | // +-----------------+-------+ // | PLATFORM_ID_OS2 | 400 | // +-----------------+-------+ // | PLATFORM_ID_NT | 500 | // +-----------------+-------+ // | PLATFORM_ID_OSF | 600 | // +-----------------+-------+ // | PLATFORM_ID_VMS | 700 | // +-----------------+-------+ PlatformID uint32 `idl:"name:sv101_platform_id" json:"platform_id"` // sv101_name: A pointer to a null-terminated Unicode UTF-16 Internet host name or // NetBIOS host name of a server. Name string `idl:"name:sv101_name;string" json:"name"` // sv101_version_major: Specifies the major release version number of the operating // system. The server MUST set this field to an implementation-specific major release // version number that corresponds to the host operating system as specified in the // following table. // // +-----------------------------------------+---------------+ // | OPERATING | MAJOR | // | SYSTEM | VERSION | // +-----------------------------------------+---------------+ // +-----------------------------------------+---------------+ // | Windows NT 4.0 operating system | 4 | // +-----------------------------------------+---------------+ // | Windows 2000 operating system | 5 | // +-----------------------------------------+---------------+ // | Windows XP operating system | 5 | // +-----------------------------------------+---------------+ // | Windows Server 2003 operating system | 5 | // +-----------------------------------------+---------------+ // | Windows Vista operating system | 6 | // +-----------------------------------------+---------------+ // | Windows Server 2008 operating system | 6 | // +-----------------------------------------+---------------+ // | Windows Server 2008 R2 operating system | 6 | // +-----------------------------------------+---------------+ VersionMajor uint32 `idl:"name:sv101_version_major" json:"version_major"` // sv101_version_minor: Specifies the minor release version number of the operating // system. The server MUST set this field to an implementation-specific minor release // version number that corresponds to the host operating system as specified in the // following table. // // +------------------------+---------------+ // | OPERATING | MINOR | // | SYSTEM | VERSION | // +------------------------+---------------+ // +------------------------+---------------+ // | Windows NT 4.0 | 0 | // +------------------------+---------------+ // | Windows 2000 | 0 | // +------------------------+---------------+ // | Windows XP | 1 | // +------------------------+---------------+ // | Windows Server 2003 | 2 | // +------------------------+---------------+ // | Windows Vista | 0 | // +------------------------+---------------+ // | Windows Server 2008 | 0 | // +------------------------+---------------+ // | Windows Server 2008 R2 | 1 | // +------------------------+---------------+ VersionMinor uint32 `idl:"name:sv101_version_minor" json:"version_minor"` // sv101_version_type: The sv101_version_type field specifies the SV_TYPE flags, which // indicate the software services that are available (but not necessarily running) on // the server. This member MUST be a combination of one or more of the following values. // // +--------------------------------------+----------------------------------------------------------------------------------+ // | | | // | CONSTANT/VALUE | DESCRIPTION | // | | | // +--------------------------------------+----------------------------------------------------------------------------------+ // +--------------------------------------+----------------------------------------------------------------------------------+ // | SV_TYPE_WORKSTATION 0x00000001 | A server running the WorkStation Service. | // +--------------------------------------+----------------------------------------------------------------------------------+ // | SV_TYPE_SERVER 0x00000002 | A server running the Server Service. | // +--------------------------------------+----------------------------------------------------------------------------------+ // | SV_TYPE_SQLSERVER 0x00000004 | A server running SQL Server. | // +--------------------------------------+----------------------------------------------------------------------------------+ // | SV_TYPE_DOMAIN_CTRL 0x00000008 | A primary domain controller. | // +--------------------------------------+----------------------------------------------------------------------------------+ // | SV_TYPE_DOMAIN_BAKCTRL 0x00000010 | A backup domain controller. | // +--------------------------------------+----------------------------------------------------------------------------------+ // | SV_TYPE_TIME_SOURCE 0x00000020 | A server is available as a time source for network time synchronization. | // +--------------------------------------+----------------------------------------------------------------------------------+ // | SV_TYPE_AFP 0x00000040 | An Apple File Protocol server. | // +--------------------------------------+----------------------------------------------------------------------------------+ // | SV_TYPE_NOVELL 0x00000080 | A Novell server. | // +--------------------------------------+----------------------------------------------------------------------------------+ // | SV_TYPE_DOMAIN_MEMBER 0x00000100 | A LAN Manager 2.x domain member. | // +--------------------------------------+----------------------------------------------------------------------------------+ // | SV_TYPE_PRINTQ_SERVER 0x00000200 | A server sharing print queue. | // +--------------------------------------+----------------------------------------------------------------------------------+ // | SV_TYPE_DIALIN_SERVER 0x00000400 | A server running a dial-in service. | // +--------------------------------------+----------------------------------------------------------------------------------+ // | SV_TYPE_XENIX_SERVER 0x00000800 | A Xenix server. | // +--------------------------------------+----------------------------------------------------------------------------------+ // | SV_TYPE_NT 0x00001000 | Windows Server 2003, Windows XP, Windows 2000, or Windows NT operating system. | // +--------------------------------------+----------------------------------------------------------------------------------+ // | SV_TYPE_WFW 0x00002000 | A server running Windows for Workgroups. | // +--------------------------------------+----------------------------------------------------------------------------------+ // | SV_TYPE_SERVER_MFPN 0x00004000 | Microsoft File and Print for NetWare. | // +--------------------------------------+----------------------------------------------------------------------------------+ // | SV_TYPE_SERVER_NT 0x00008000 | Windows Server 2003, Windows 2000 Server operating system, or a server that is | // | | not a domain controller. | // +--------------------------------------+----------------------------------------------------------------------------------+ // | SV_TYPE_POTENTIAL_BROWSER 0x00010000 | A server that can run the browser service. | // +--------------------------------------+----------------------------------------------------------------------------------+ // | SV_TYPE_BACKUP_BROWSER 0x00020000 | A server running a browser service as backup. | // +--------------------------------------+----------------------------------------------------------------------------------+ // | SV_TYPE_MASTER_BROWSER 0x00040000 | A server running the master browser service. | // +--------------------------------------+----------------------------------------------------------------------------------+ // | SV_TYPE_DOMAIN_MASTER 0x00080000 | A server running the domain master browser. | // +--------------------------------------+----------------------------------------------------------------------------------+ // | SV_TYPE_WINDOWS 0x00400000 | Windows Millennium Edition operating system, Windows 98 operating system, or | // | | Windows 95. | // +--------------------------------------+----------------------------------------------------------------------------------+ // | SV_TYPE_TERMINALSERVER 0x02000000 | Terminal Server. | // +--------------------------------------+----------------------------------------------------------------------------------+ // | SV_TYPE_CLUSTER_VS_NT 0x04000000 | Cluster virtual servers available in the domain. | // +--------------------------------------+----------------------------------------------------------------------------------+ // | SV_TYPE_LOCAL_LIST_ONLY 0x40000000 | Servers maintained by the browser. | // +--------------------------------------+----------------------------------------------------------------------------------+ // | SV_TYPE_DOMAIN_ENUM 0x80000000 | Primary domain. | // +--------------------------------------+----------------------------------------------------------------------------------+ // | SV_TYPE_ALL 0xFFFFFFFF | All servers. | // +--------------------------------------+----------------------------------------------------------------------------------+ VersionType uint32 `idl:"name:sv101_version_type" json:"version_type"` // sv101_comment: A pointer to a null-terminated Unicode UTF-16 string that specifies // a comment that describes the server. Comment string `idl:"name:sv101_comment;string" json:"comment"` }
ServerInfo101 structure represents SERVER_INFO_101 RPC structure.
The SERVER_INFO_101 structure contains information about the specified server, including the name, platform, type of server, and associated software.
func (*ServerInfo101) MarshalNDR ¶
func (*ServerInfo101) UnmarshalNDR ¶
type SystemMandatoryLabelACE ¶
type SystemMandatoryLabelACE struct { // Header (4 bytes): An ACE_HEADER structure that specifies the size and type of ACE. // It also contains flags that control inheritance of the ACE by child objects. // // Header: An ACE_HEADER structure, as specified in section 2.4.4.13. Header *ACEHeader `idl:"name:Header" json:"header"` // Mask (4 bytes): An ACCESS_MASK structure that specifies the access policy for principals // with a mandatory integrity level lower than the object associated with the SACL that // contains this ACE. // // +-------------------------------------------------+----------------------------------------------------------------------------------+ // | | | // | VALUE | MEANING | // | | | // +-------------------------------------------------+----------------------------------------------------------------------------------+ // +-------------------------------------------------+----------------------------------------------------------------------------------+ // | SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x00000001 | A principal with a lower mandatory level than the object cannot write to the | // | | object. | // +-------------------------------------------------+----------------------------------------------------------------------------------+ // | SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x00000002 | A principal with a lower mandatory level than the object cannot read the object. | // +-------------------------------------------------+----------------------------------------------------------------------------------+ // | SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x00000004 | A principal with a lower mandatory level than the object cannot execute the | // | | object. | // +-------------------------------------------------+----------------------------------------------------------------------------------+ // // Mask: An ACCESS_MASK as specified in section 2.4.4.13. Mask uint32 `idl:"name:Mask" json:"mask"` // SidStart: Specifies the first DWORD of the SID. The remaining bytes of the SID are // stored in contiguous memory after the SidStart member. The IdentifierAuthority and // RID MUST be as specified 2.4.4.13. SIDStart uint32 `idl:"name:SidStart" json:"sid_start"` }
SystemMandatoryLabelACE structure represents SYSTEM_MANDATORY_LABEL_ACE RPC structure.
The SYSTEM_MANDATORY_LABEL_ACE structure defines an ACE for the SACL that specifies the mandatory access level and policy for a securable object.<55>
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 1 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 2 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 3 | 1 | | | | | | | | | | | | 0 | | | | | | | | | | 0 | | | | | | | | | | 0 | | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | Header | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | Mask | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | Sid (variable) | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | ... | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
The RPC representation of the SYSTEM_MANDATORY_LABEL_ACE type defines an access control entry (ACE) for the system access control list (SACL) that specifies the mandatory access level and policy for a securable object.
func (*SystemMandatoryLabelACE) MarshalNDR ¶
func (*SystemMandatoryLabelACE) UnmarshalNDR ¶
type SystemTime ¶
type SystemTime struct { Year uint16 `idl:"name:wYear" json:"year"` Month uint16 `idl:"name:wMonth" json:"month"` DayOfWeek uint16 `idl:"name:wDayOfWeek" json:"day_of_week"` Day uint16 `idl:"name:wDay" json:"day"` Hour uint16 `idl:"name:wHour" json:"hour"` Minute uint16 `idl:"name:wMinute" json:"minute"` Second uint16 `idl:"name:wSecond" json:"second"` Milliseconds uint16 `idl:"name:wMilliseconds" json:"milliseconds"` }
SystemTime structure represents SYSTEMTIME RPC structure.
The SYSTEMTIME structure is a date and time, in Coordinated Universal Time (UTC), represented by using individual WORD-sized structure members for the month, day, year, day of week, hour, minute, second, and millisecond.
func (*SystemTime) AsTime ¶
func (s *SystemTime) AsTime() time.Time
func (*SystemTime) MarshalNDR ¶
func (*SystemTime) UnmarshalNDR ¶
type TokenMandatoryPolicy ¶
type TokenMandatoryPolicy struct { // Policy: The Policy member contains a value denoting the mandatory integrity policy // of the token; these values are mutually exclusive. // // +---------------------------------------------------+----------------------------------------------------------------------------------+ // | | | // | VALUE | MEANING | // | | | // +---------------------------------------------------+----------------------------------------------------------------------------------+ // +---------------------------------------------------+----------------------------------------------------------------------------------+ // | TOKEN_MANDATORY_POLICY_OFF 0x00000000 | No mandatory integrity policy is enforced for the token. | // +---------------------------------------------------+----------------------------------------------------------------------------------+ // | TOKEN_MANDATORY_POLICY_NO_WRITE_UP 0x00000001 | A process associated with the token cannot write to objects that have a greater | // | | mandatory integrity level. | // +---------------------------------------------------+----------------------------------------------------------------------------------+ // | TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN 0x00000002 | A process created with the token has an integrity level that is the lesser of | // | | the parent-process integrity level and the executable-file integrity level. | // +---------------------------------------------------+----------------------------------------------------------------------------------+ Policy uint32 `idl:"name:Policy" json:"policy"` }
TokenMandatoryPolicy structure represents TOKEN_MANDATORY_POLICY RPC structure.
The TOKEN_MANDATORY_POLICY structure specifies the mandatory integrity policy for a token.
func (*TokenMandatoryPolicy) MarshalNDR ¶
func (*TokenMandatoryPolicy) UnmarshalNDR ¶
type UUID ¶
type UUID struct { Data1 uint32 `idl:"name:Data1" json:"data1"` Data2 uint16 `idl:"name:Data2" json:"data2"` Data3 uint16 `idl:"name:Data3" json:"data3"` Data4 []byte `idl:"name:Data4" json:"data4"` }
UUID structure represents UUID RPC structure.
type Uint128 ¶
type Uint128 struct { Lower uint64 `idl:"name:lower" json:"lower"` Upper uint64 `idl:"name:upper" json:"upper"` }
Uint128 structure represents UINT128 RPC structure.
The UINT128 structure is intended to hold 128-bit unsigned integers, such as an IPv6 destination address.
type UlargeInteger ¶
type UlargeInteger struct {
QuadPart uint64 `idl:"name:QuadPart" json:"quad_part"`
}
UlargeInteger structure represents ULARGE_INTEGER RPC structure.
The ULARGE_INTEGER structure is used to represent a 64-bit unsigned integer value.
func (*UlargeInteger) MarshalNDR ¶
func (*UlargeInteger) UnmarshalNDR ¶
type UnicodeString ¶
type UnicodeString struct { // Length: The length, in bytes, of the string pointed to by the Buffer member. The // length MUST be a multiple of 2. The length MUST equal the entire size of the buffer. Length uint16 `idl:"name:Length" json:"length"` // MaximumLength: The maximum size, in bytes, of the string pointed to by Buffer. The // size MUST be a multiple of 2. If not, the size MUST be decremented by 1 prior to // use. This value MUST not be less than Length. MaximumLength uint16 `idl:"name:MaximumLength" json:"maximum_length"` // Buffer: A pointer to a string buffer. The string pointed to by the buffer member // MUST NOT include a terminating null character. Buffer string `idl:"name:Buffer;size_is:((MaximumLength/2));length_is:((Length/2))" json:"buffer"` }
UnicodeString structure represents RPC_UNICODE_STRING RPC structure.
The RPC_UNICODE_STRING structure specifies a Unicode string. This structure is defined in IDL as follows: