Export (0) Print
Expand All

2.4.10.1 CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1

The CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 structure defines a resource attribute that is defined in contiguous memory for persistence within a serialized Security Descriptor.

typedef struct _CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 {
  DWORD Name;
  WORD ValueType;
  WORD Reserved;
  DWORD Flags;
  DWORD ValueCount;
  union {
    PLONG64 pInt64[];
    PDWORD64 pUint64[];
    PWSTR ppString[];
    PCLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_RELATIVE pOctetString[];
  } Values;
} CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1, 
 *PCLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1;

Name: A DWORD value indicating an offset from the beginning of the CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 structure to a string of Unicode characters containing the name of the claim security attribute. The string MUST be at least 4 bytes in length.

ValueType: A union tag value indicating the type of information referred to by the Values member. The Values member MUST be an array of offsets from the beginning of the CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 structure to the specified ValueType. ValueType MUST be one of the following values:

Value Meaning

CLAIM_SECURITY_ATTRIBUTE_TYPE_INT64
0x0001

Values member refers to an array of offsets to LONG64 value(s).

CLAIM_SECURITY_ATTRIBUTE_TYPE_UINT64
0x0002

Values member refers to an array of offsets to ULONG64 value(s).

CLAIM_SECURITY_ATTRIBUTE_TYPE_STRING
0x0003

Values member refers to an array of offsets to Unicode character string value(s).

CLAIM_SECURITY_ATTRIBUTE_TYPE_SID
0x0005

The Values member refers to an array of offsets to CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_RELATIVE value(s) where the OctetString value is a SID string.

CLAIM_SECURITY_ATTRIBUTE_TYPE_BOOLEAN
0x0006

The Values member refers to an array of offsets to ULONG64 values where each element indicates a Boolean value. The value 1 indicates TRUE, and the value 0 indicates FALSE.

CLAIM_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING
0x0010

Values member contains an array of CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_RELATIVE value(s) as specified in section 2.4.10.2.

Reserved: Reserved. This member MUST be set to zero when sent and MUST be ignored when received.

Flags: The upper two bytes of this DWORD are available for application-specific data. The two lowest-order bits in the lower of these two bytes are reserved. These two bytes MAY<61> contain only one of the following values in those two bits:

Value Meaning

FCI_CLAIM_SECURITY_ATTRIBUTE_MANUAL
0x0001

The CLAIM_SECURITY_ATTRIBUTE has been manually assigned.

FCI_CLAIM_SECURITY_ATTRIBUTE_POLICY_DERIVED
0x0002

The CLAIM_SECURITY_ATTRIBUTE has been determined by a central policy.

The lower two bytes of this DWORD MUST be zero or a bitwise combination of one or more of the following values:<62>

Value Meaning

CLAIM_SECURITY_ATTRIBUTE_NON_INHERITABLE
0x0001

This claim security attribute is not inherited across processes.

CLAIM_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE
0x0002

The value of the claim security attribute is case sensitive. This flag is valid for values that contain string types.

CLAIM_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY
0x0004

Reserved for future use.

CLAIM_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT
0x0008

The claim security attribute is disabled by default.

CLAIM_SECURITY_ATTRIBUTE_DISABLED
0x0010

Reserved for future use.

CLAIM_SECURITY_ATTRIBUTE_MANDATORY
0x0020

The claim security attribute is mandatory.

ValueCount: The number of values contained in the Values member.

Values: An array of offsets from the beginning of the CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 structure. Each offset indicates the location of a claim security attribute value of type specified in the ValueType member.

 
Show:
© 2015 Microsoft