Windows2000/private/ntos/inc/se.h
2020-09-30 17:12:32 +02:00

1596 lines
41 KiB
C
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/*++ BUILD Version: 0011 // Increment this if a change has global effects
Copyright (c) 1989 Microsoft Corporation
Module Name:
se.h
Abstract:
This module contains the Security routines that are only callable from kernel mode.
This file is included by including "ntos.h".
Author:
Gary Kimura (GaryKi) 09-Mar-1989
*/
#ifndef _SE_
#define _SE_
// Kernel mode only data structures //
// Opaque security data structures are defined in seopaque.h //
// begin_ntddk begin_nthal begin_ntifs
// Security operation codes
typedef enum _SECURITY_OPERATION_CODE {
SetSecurityDescriptor,
QuerySecurityDescriptor,
DeleteSecurityDescriptor,
AssignSecurityDescriptor
} SECURITY_OPERATION_CODE, *PSECURITY_OPERATION_CODE;
// end_ntddk end_nthal end_ntifs
// Default security quota
// This is the minimum amount of quota (in bytes) that will be charged for security information for an object that has security.
#define SE_DEFAULT_SECURITY_QUOTA 2048
// begin_ntifs
// Token Flags
// Flags that may be defined in the TokenFlags field of the token object, or in an ACCESS_STATE structure
#define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
#define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
#define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
#define TOKEN_HAS_ADMIN_GROUP 0x08
#define TOKEN_IS_RESTRICTED 0x10
// end_ntifs
// General flag
#define SE_BACKUP_PRIVILEGES_CHECKED 0x00000010
// begin_ntddk begin_nthal begin_ntifs
// Data structure used to capture subject security context
// for access validations and auditing.
// THE FIELDS OF THIS DATA STRUCTURE SHOULD BE CONSIDERED OPAQUE
// BY ALL EXCEPT THE SECURITY ROUTINES.
typedef struct _SECURITY_SUBJECT_CONTEXT {
PACCESS_TOKEN ClientToken;
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
PACCESS_TOKEN PrimaryToken;
PVOID ProcessAuditId;
} SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT;
// end_ntddk end_nthal end_ntifs
// where
// ClientToken - optionally points to a token object being used by the
// subject's thread to impersonate a client. If the subject's
// thread is not impersonating a client, this field is set to null.
// The token's reference count is incremented to count this field
// as an outstanding reference.
// ImpersonationLevel - Contains the impersonation level of the subject's
// thread. This field is only meaningful if the ClientToken field
// is not null. This field over-rides any higher impersonation
// level value that might be in the client's token.
// PrimaryToken - points the the subject's primary token. The token's
// reference count is incremented to count this field value as an
// outstanding reference.
// ProcessAuditId - Is an ID assigned to represent the subject's process.
// As an implementation detail, this is the process object's address.
// However, this field should not be treated as a pointer, and the
// reference count of the process object is not incremented to
// count it as an outstanding reference.
// begin_ntddk begin_nthal begin_ntifs
// ACCESS_STATE and related structures //
// Initial Privilege Set - Room for three privileges, which should
// be enough for most applications. This structure exists so that
// it can be imbedded in an ACCESS_STATE structure. Use PRIVILEGE_SET
// for all other references to Privilege sets.
#define INITIAL_PRIVILEGE_COUNT 3
typedef struct _INITIAL_PRIVILEGE_SET {
ULONG PrivilegeCount;
ULONG Control;
LUID_AND_ATTRIBUTES Privilege[INITIAL_PRIVILEGE_COUNT];
} INITIAL_PRIVILEGE_SET, * PINITIAL_PRIVILEGE_SET;
// Combine the information that describes the state
// of an access-in-progress into a single structure
typedef struct _ACCESS_STATE {
LUID OperationID;
BOOLEAN SecurityEvaluated;
BOOLEAN GenerateAudit;
BOOLEAN GenerateOnClose;
BOOLEAN PrivilegesAllocated;
ULONG Flags;
ACCESS_MASK RemainingDesiredAccess;
ACCESS_MASK PreviouslyGrantedAccess;
ACCESS_MASK OriginalDesiredAccess;
SECURITY_SUBJECT_CONTEXT SubjectSecurityContext;
PSECURITY_DESCRIPTOR SecurityDescriptor;
PVOID AuxData;
union {
INITIAL_PRIVILEGE_SET InitialPrivilegeSet;
PRIVILEGE_SET PrivilegeSet;
} Privileges;
BOOLEAN AuditPrivileges;
UNICODE_STRING ObjectName;
UNICODE_STRING ObjectTypeName;
} ACCESS_STATE, *PACCESS_STATE;
// end_ntddk end_nthal end_ntifs
/*
where:
OperationID - an LUID to identify the operation being performed. This
ID will be put in the audit log to allow non-contiguous operations
on the same object to be associated with one another.
SecurityEvaluated - a marker to be set by Parse Methods to indicate
that security access checking and audit logging has been performed.
Flags - Holds misc flags for reference during the access attempt.
AuditHandleCreation - a flag set by SeOpenObjectAuditAlarm to indicate
that auditing is to take place when the handle for the object
is allocated.
RemainingDesiredAccess - Access mask containing the access types that
have not yet been granted.
PreviouslyGrantedAccess - Access mask containing the access types that
have been granted, one way or another (for example, a given access
may be granted as a result of owning a privilege rather than being
in an ACL. A routine can check the privilege and mark the access
as granted without doing a formal access check).
SubjectSecurityContext - The subject's captured security context
PrivilegesAllocated - Flag to indicate whether we have allocated
space for the privilege set from pool memory, so it can be
freed.
SecurityDescriptor - Temporarily contains the security descriptor
for the object being created between the time the user's
security descriptor is captured and the time the security
descriptor is passed to SeAssignSecurity. NO ONE BUT
SEASSIGNSECURITY SHOULD EVER LOOK IN THIS FIELD FOR AN
OBJECT'S SECURITY DESCRIPTOR.
AuxData - points to an auxillary data structure to be used for future
expansion of the access state in an upwardly compatible way. This
field replaces the PrivilegesUsed pointer, which was for internal
use only.
Privileges - A set of privileges, some of which may have the
UsedForAccess bit set. If the pre-allocated number of privileges
is not enough, we will allocate space from pool memory to allow
for growth.
*/
// Since the AccessState structure is publically exposed to driver *
// writers, this structure contains additional data added after NT 3.51. *
// *
// Its contents must be accessed only through Se level interfaces, *
// never directly by name. *
// *
// This structure is pointed to by the AuxData field of the AccessState. *
// It is allocated by SeCreateAccessState and freed by SeDeleteAccessState. *
// *
// DO NOT EXPOSE THIS STRUCTURE TO THE PUBLIC. *
typedef struct _AUX_ACCESS_DATA {
PPRIVILEGE_SET PrivilegesUsed;
GENERIC_MAPPING GenericMapping;
ACCESS_MASK AccessesToAudit;
} AUX_ACCESS_DATA, *PAUX_ACCESS_DATA;
/*
where:
PrivilegesUsed - Points to the set of privileges used during the access
validation.
GenericMapping - Points to the generic mapping for the object being accessed.
Normally this would be filled in with the generic mapping passed to
SeCreateAccessState, but in the case of the IO system (which does not
know the type of object being accessed until it parses the name),
it must be filled in later. See the discussion of the GenericMapping
parameter in SeCreateAccessState for more details.
AccessToAudit - Used as a temporary holding area for the access mask
to put into the audit record. This field is necessary because the
access being put into the newly created handle may not be the ones
we want to audit. This occurs when a file is opened for read-only
transacted mode, where a read only file is opened for write access.
We don't want to audit the fact that we granted write access, since
we really didn't, and customers would be confused to see the extra
bit in the audit record.
*/
// Structure describing whether or not a particular type of event is being audited
typedef struct _SE_AUDITING_STATE {
BOOLEAN AuditOnSuccess;
BOOLEAN AuditOnFailure;
} SE_AUDITING_STATE, *PSE_AUDITING_STATE;
typedef struct _SE_PROCESS_AUDIT_INFO {
PEPROCESS Process;
PEPROCESS Parent;
} SE_PROCESS_AUDIT_INFO, *PSE_PROCESS_AUDIT_INFO;
/*
WARNING WARNING WARNING
Only add new fields to the end of this structure.
*************************************************************/
// begin_ntifs
typedef struct _SE_EXPORTS {
// Privilege values
LUID SeCreateTokenPrivilege;
LUID SeAssignPrimaryTokenPrivilege;
LUID SeLockMemoryPrivilege;
LUID SeIncreaseQuotaPrivilege;
LUID SeUnsolicitedInputPrivilege;
LUID SeTcbPrivilege;
LUID SeSecurityPrivilege;
LUID SeTakeOwnershipPrivilege;
LUID SeLoadDriverPrivilege;
LUID SeCreatePagefilePrivilege;
LUID SeIncreaseBasePriorityPrivilege;
LUID SeSystemProfilePrivilege;
LUID SeSystemtimePrivilege;
LUID SeProfileSingleProcessPrivilege;
LUID SeCreatePermanentPrivilege;
LUID SeBackupPrivilege;
LUID SeRestorePrivilege;
LUID SeShutdownPrivilege;
LUID SeDebugPrivilege;
LUID SeAuditPrivilege;
LUID SeSystemEnvironmentPrivilege;
LUID SeChangeNotifyPrivilege;
LUID SeRemoteShutdownPrivilege;
// Universally defined Sids
PSID SeNullSid;
PSID SeWorldSid;
PSID SeLocalSid;
PSID SeCreatorOwnerSid;
PSID SeCreatorGroupSid;
// Nt defined Sids
PSID SeNtAuthoritySid;
PSID SeDialupSid;
PSID SeNetworkSid;
PSID SeBatchSid;
PSID SeInteractiveSid;
PSID SeLocalSystemSid;
PSID SeAliasAdminsSid;
PSID SeAliasUsersSid;
PSID SeAliasGuestsSid;
PSID SeAliasPowerUsersSid;
PSID SeAliasAccountOpsSid;
PSID SeAliasSystemOpsSid;
PSID SeAliasPrintOpsSid;
PSID SeAliasBackupOpsSid;
// New Sids defined for NT5
PSID SeAuthenticatedUsersSid;
PSID SeRestrictedSid;
PSID SeAnonymousLogonSid;
// New Privileges defined for NT5
LUID SeUndockPrivilege;
LUID SeSyncAgentPrivilege;
LUID SeEnableDelegationPrivilege;
} SE_EXPORTS, *PSE_EXPORTS;
// end_ntifs
/*
WARNING WARNING WARNING
Only add new fields to the end of this structure.
*************************************************************/
// begin_ntifs
// Logon session notification callback routines //
// These callback routines are used to notify file systems that have
// registered of logon sessions being terminated, so they can cleanup state
// associated with this logon session
typedef NTSTATUS
(*PSE_LOGON_SESSION_TERMINATED_ROUTINE)(
IN PLUID LogonId);
// end_ntifs
// Exported Security Macro Definitions //
// ACCESS_MASK
// SeComputeDeniedAccesses(
// IN ACCESS_MASK GrantedAccess,
// IN ACCESS_MASK DesiredAccess
// );
// Routine Description:
// This routine generates an access mask containing those accesses
// requested by DesiredAccess that aren't granted by GrantedAccess.
// The result of this routine may be compared to 0 to determine
// if a DesiredAccess mask contains any accesses that have not
// been granted.
// If the result IS ZERO, then all desired accesses have been granted.
// Arguments:
// GrantedAccess - Specifies the granted access mask.
// DesiredAccess - Specifies the desired access mask.
// Return Value:
// An ACCESS_MASK containing the desired accesses that have
// not been granted.
#define SeComputeDeniedAccesses( GrantedAccess, DesiredAccess ) \
((~(GrantedAccess)) & (DesiredAccess) )
// BOOLEAN
// SeComputeGrantedAccesses(
// IN ACCESS_MASK GrantedAccess,
// IN ACCESS_MASK DesiredAccess
// );
// Routine Description:
// This routine generates an access mask containing acccesses
// requested by DesiredAccess that are granted by GrantedAccess.
// The result of this routine may be compared to 0 to determine
// if any desired accesses have been granted.
// If the result IS NON-ZERO, then at least one desired accesses
// has been granted.
// Arguments:
// GrantedAccess - Specifies the granted access mask.
// DesiredAccess - Specifies the desired access mask.
// Return Value:
// This routine returns TRUE if the DesiredAccess mask does specifies
// any bits that are set in the GrantedAccess mask.
#define SeComputeGrantedAccesses( GrantedAccess, DesiredAccess ) \
((GrantedAccess) & (DesiredAccess) )
// ULONG
// SeLengthSid(
// IN PSID Sid
// );
// Routine Description:
// This routine computes the length of a SID.
// Arguments:
// Sid - Points to the SID whose length is to be returned.
// Return Value:
// The length, in bytes of the SID.
#define SeLengthSid( Sid ) \
(8 + (4 * ((SID *)Sid)->SubAuthorityCount))
// BOOLEAN
// SeSameToken (
// IN PTOKEN_CONTROL TokenControl1,
// IN PTOKEN_CONTROL TokenControl2
// )
// Routine Description:
// This routine returns a boolean value indicating whether the two
// token control values represent the same token. The token may
// have changed over time, but must have the same authentication ID
// and token ID. A value of TRUE indicates they
// are equal. A value of FALSE indicates they are not equal.
// Arguments:
// TokenControl1 - Points to a token control to compare.
// TokenControl2 - Points to the other token control to compare.
// Return Value:
// TRUE => The token control values represent the same token.
// FALSE => The token control values do not represent the same token.
#define SeSameToken(TC1,TC2) ( \
((TC1)->TokenId.HighPart == (TC2)->TokenId.HighPart) && \
((TC1)->TokenId.LowPart == (TC2)->TokenId.LowPart) && \
(RtlEqualLuid(&(TC1)->AuthenticationId,&(TC2)->AuthenticationId)) \
)
// begin_ntifs
//VOID
//SeDeleteClientSecurity(
// IN PSECURITY_CLIENT_CONTEXT ClientContext
// )
///*++
//Routine Description:
// This service deletes a client security context block,
// performing whatever cleanup might be necessary to do so. In
// particular, reference to any client token is removed.
//Arguments:
// ClientContext - Points to the client security context block to be
// deleted.
//Return Value:
//--*/
#define SeDeleteClientSecurity(C) { \
if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
PsDereferencePrimaryToken( (C)->ClientToken ); \
} else { \
PsDereferenceImpersonationToken( (C)->ClientToken ); \
} \
}
// end_ntifs
//VOID
//SeStopImpersonatingClient()
///*++
//Routine Description:
// This service is used to stop impersonating a client using an
// impersonation token. This service must be called in the context
// of the server thread which wishes to stop impersonating its
// client.
//Arguments:
// None.
//Return Value:
// None.
//--*/
#define SeStopImpersonatingClient() PsRevertToSelf()
#define SeAssertMappedCanonicalAccess( AccessMask ) \
ASSERT(!( ( AccessMask ) & \
( GENERIC_READ | \
GENERIC_WRITE | \
GENERIC_EXECUTE | \
GENERIC_ALL )) \
)
/*++
Routine Description:
This routine asserts that the given AccessMask does not contain
any generic access types.
Arguments:
AccessMask - The access mask to be checked.
Return Value:
None, or doesn't return.
*/
#define SeComputeSecurityQuota( Size ) \
( \
((( Size ) * 2 ) > SE_DEFAULT_SECURITY_QUOTA) ? \
(( Size ) * 2 ) : SE_DEFAULT_SECURITY_QUOTA \
)
/*++
Routine Description:
This macro computes the amount of quota to charge for
security information.
The current algorithm is to use the larger of twice the size
of the Group + Dacl information being applied and the default as
specified by SE_DEFAULT_SECURITY_QUOTA.
Arguments:
Size - The size in bytes of the Group + Dacl information being applied
to the object.
Return Value:
The size in bytes to charge for security information on this object.
*/
// begin_ntifs
// PACCESS_TOKEN
// SeQuerySubjectContextToken(
// IN PSECURITY_SUBJECT_CONTEXT SubjectContext
// );
// Routine Description:
// This routine returns the effective token from the subject context,
// either the client token, if present, or the process token.
// Arguments:
// SubjectContext - Context to query
// Return Value:
// This routine returns the PACCESS_TOKEN for the effective token.
// The pointer may be passed to SeQueryInformationToken. This routine
// does not affect the lock status of the token, i.e. the token is not
// locked. If the SubjectContext has been locked, the token remains locked,
// if not, the token remains unlocked.
#define SeQuerySubjectContextToken( SubjectContext ) \
( ARGUMENT_PRESENT( ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken) ? \
((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
// end_ntifs
// Define the exported procedures that are callable only from kernel mode //
BOOLEAN
SeInitSystem( VOID );
VOID
SeSetSecurityAccessMask(
IN SECURITY_INFORMATION SecurityInformation,
OUT PACCESS_MASK DesiredAccess
);
VOID
SeQuerySecurityAccessMask(
IN SECURITY_INFORMATION SecurityInformation,
OUT PACCESS_MASK DesiredAccess
);
NTSTATUS
SeDefaultObjectMethod (
IN PVOID Object,
IN SECURITY_OPERATION_CODE OperationCode,
IN PSECURITY_INFORMATION SecurityInformation,
IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
IN OUT PULONG Length,
IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
IN POOL_TYPE PoolType,
IN PGENERIC_MAPPING GenericMapping
);
NTKERNELAPI
NTSTATUS
SeCaptureSecurityDescriptor (
IN PSECURITY_DESCRIPTOR InputSecurityDescriptor,
IN KPROCESSOR_MODE RequestorMode,
IN POOL_TYPE PoolType,
IN BOOLEAN ForceCapture,
OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor
);
NTKERNELAPI
VOID
SeReleaseSecurityDescriptor (
IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor,
IN KPROCESSOR_MODE RequestorMode,
IN BOOLEAN ForceCapture
);
// begin_ntifs
NTKERNELAPI VOID SeCaptureSubjectContext (OUT PSECURITY_SUBJECT_CONTEXT SubjectContext);
NTKERNELAPI VOID SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext);
NTKERNELAPI VOID SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext);
NTKERNELAPI VOID SeReleaseSubjectContext (IN PSECURITY_SUBJECT_CONTEXT SubjectContext);
// end_ntifs
NTSTATUS
SeCaptureSecurityQos (
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN KPROCESSOR_MODE RequestorMode,
IN PBOOLEAN SecurityQosPresent,
IN PSECURITY_ADVANCED_QUALITY_OF_SERVICE CapturedSecurityQos
);
VOID
SeFreeCapturedSecurityQos(
IN PVOID SecurityQos
);
NTSTATUS
SeCaptureSid (
IN PSID InputSid,
IN KPROCESSOR_MODE RequestorMode,
IN PVOID CaptureBuffer OPTIONAL,
IN ULONG CaptureBufferLength,
IN POOL_TYPE PoolType,
IN BOOLEAN ForceCapture,
OUT PSID *CapturedSid
);
VOID
SeReleaseSid (
IN PSID CapturedSid,
IN KPROCESSOR_MODE RequestorMode,
IN BOOLEAN ForceCapture
);
NTSTATUS
SeCaptureAcl (
IN PACL InputAcl,
IN KPROCESSOR_MODE RequestorMode,
IN PVOID CaptureBuffer OPTIONAL,
IN ULONG CaptureBufferLength,
IN POOL_TYPE PoolType,
IN BOOLEAN ForceCapture,
OUT PACL *CapturedAcl,
OUT PULONG AlignedAclSize
);
VOID
SeReleaseAcl (
IN PACL CapturedAcl,
IN KPROCESSOR_MODE RequestorMode,
IN BOOLEAN ForceCapture
);
NTSTATUS
SeCaptureLuidAndAttributesArray (
IN PLUID_AND_ATTRIBUTES InputArray,
IN ULONG ArrayCount,
IN KPROCESSOR_MODE RequestorMode,
IN PVOID CaptureBuffer OPTIONAL,
IN ULONG CaptureBufferLength,
IN POOL_TYPE PoolType,
IN BOOLEAN ForceCapture,
OUT PLUID_AND_ATTRIBUTES *CapturedArray,
OUT PULONG AlignedArraySize
);
VOID
SeReleaseLuidAndAttributesArray (
IN PLUID_AND_ATTRIBUTES CapturedArray,
IN KPROCESSOR_MODE RequestorMode,
IN BOOLEAN ForceCapture
);
NTSTATUS
SeCaptureSidAndAttributesArray (
IN PSID_AND_ATTRIBUTES InputArray,
IN ULONG ArrayCount,
IN KPROCESSOR_MODE RequestorMode,
IN PVOID CaptureBuffer OPTIONAL,
IN ULONG CaptureBufferLength,
IN POOL_TYPE PoolType,
IN BOOLEAN ForceCapture,
OUT PSID_AND_ATTRIBUTES *CapturedArray,
OUT PULONG AlignedArraySize
);
VOID
SeReleaseSidAndAttributesArray (
IN PSID_AND_ATTRIBUTES CapturedArray,
IN KPROCESSOR_MODE RequestorMode,
IN BOOLEAN ForceCapture
);
// begin_ntddk begin_ntifs
NTKERNELAPI
NTSTATUS
SeAssignSecurity (
IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL,
IN PSECURITY_DESCRIPTOR ExplicitDescriptor,
OUT PSECURITY_DESCRIPTOR *NewDescriptor,
IN BOOLEAN IsDirectoryObject,
IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
IN PGENERIC_MAPPING GenericMapping,
IN POOL_TYPE PoolType
);
NTKERNELAPI
NTSTATUS
SeAssignSecurityEx (
IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL,
IN PSECURITY_DESCRIPTOR ExplicitDescriptor OPTIONAL,
OUT PSECURITY_DESCRIPTOR *NewDescriptor,
IN GUID *ObjectType OPTIONAL,
IN BOOLEAN IsDirectoryObject,
IN ULONG AutoInheritFlags,
IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
IN PGENERIC_MAPPING GenericMapping,
IN POOL_TYPE PoolType
);
NTKERNELAPI
NTSTATUS
SeDeassignSecurity (
IN OUT PSECURITY_DESCRIPTOR *SecurityDescriptor
);
NTKERNELAPI
BOOLEAN
SeAccessCheck (
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN BOOLEAN SubjectContextLocked,
IN ACCESS_MASK DesiredAccess,
IN ACCESS_MASK PreviouslyGrantedAccess,
OUT PPRIVILEGE_SET *Privileges OPTIONAL,
IN PGENERIC_MAPPING GenericMapping,
IN KPROCESSOR_MODE AccessMode,
OUT PACCESS_MASK GrantedAccess,
OUT PNTSTATUS AccessStatus
);
// end_ntddk end_ntifs
BOOLEAN
SeProxyAccessCheck (
IN PUNICODE_STRING Volume,
IN PUNICODE_STRING RelativePath,
IN BOOLEAN ContainerObject,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN BOOLEAN SubjectContextLocked,
IN ACCESS_MASK DesiredAccess,
IN ACCESS_MASK PreviouslyGrantedAccess,
OUT PPRIVILEGE_SET *Privileges OPTIONAL,
IN PGENERIC_MAPPING GenericMapping,
IN KPROCESSOR_MODE AccessMode,
OUT PACCESS_MASK GrantedAccess,
OUT PNTSTATUS AccessStatus
);
// begin_ntifs
NTKERNELAPI
BOOLEAN
SePrivilegeCheck(
IN OUT PPRIVILEGE_SET RequiredPrivileges,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN KPROCESSOR_MODE AccessMode
);
NTKERNELAPI
VOID
SeFreePrivileges(
IN PPRIVILEGE_SET Privileges
);
// end_ntifs
NTSTATUS
SePrivilegePolicyCheck(
IN OUT PACCESS_MASK RemainingDesiredAccess,
IN OUT PACCESS_MASK PreviouslyGrantedAccess,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL,
IN PACCESS_TOKEN Token OPTIONAL,
OUT PPRIVILEGE_SET *PrivilegeSet,
IN KPROCESSOR_MODE PreviousMode
);
VOID
SeGenerateMessage (
IN PSTRING ObjectName,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PACCESS_TOKEN Token,
IN ACCESS_MASK DesiredAccess,
IN BOOLEAN AccessGranted,
IN HANDLE AuditPort,
IN HANDLE AlarmPort,
IN KPROCESSOR_MODE AccessMode
);
// begin_ntifs
NTKERNELAPI
VOID
SeOpenObjectAuditAlarm (
IN PUNICODE_STRING ObjectTypeName,
IN PVOID Object OPTIONAL,
IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PACCESS_STATE AccessState,
IN BOOLEAN ObjectCreated,
IN BOOLEAN AccessGranted,
IN KPROCESSOR_MODE AccessMode,
OUT PBOOLEAN GenerateOnClose
);
NTKERNELAPI
VOID
SeOpenObjectForDeleteAuditAlarm (
IN PUNICODE_STRING ObjectTypeName,
IN PVOID Object OPTIONAL,
IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PACCESS_STATE AccessState,
IN BOOLEAN ObjectCreated,
IN BOOLEAN AccessGranted,
IN KPROCESSOR_MODE AccessMode,
OUT PBOOLEAN GenerateOnClose
);
VOID
SeDeleteObjectAuditAlarm(
IN PVOID Object,
IN HANDLE Handle
);
// end_ntifs
VOID
SeCloseObjectAuditAlarm(
IN PVOID Object,
IN HANDLE Handle,
IN BOOLEAN GenerateOnClose
);
VOID
SeTraverseAuditAlarm(
IN PLUID OperationID,
IN PVOID DirectoryObject,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN BOOLEAN SubjectContextLocked,
IN ACCESS_MASK TraverseAccess,
IN PPRIVILEGE_SET Privileges OPTIONAL,
IN BOOLEAN AccessGranted,
IN KPROCESSOR_MODE AccessMode
);
VOID
SeCreateInstanceAuditAlarm(
IN PLUID OperationID OPTIONAL,
IN PVOID Object,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN ACCESS_MASK DesiredAccess,
IN PPRIVILEGE_SET Privileges OPTIONAL,
IN BOOLEAN AccessGranted,
IN KPROCESSOR_MODE AccessMode
);
VOID
SeCreateObjectAuditAlarm(
IN PLUID OperationID OPTIONAL,
IN PVOID Object,
IN PUNICODE_STRING ComponentName,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN ACCESS_MASK DesiredAccess,
IN PPRIVILEGE_SET Privileges OPTIONAL,
IN BOOLEAN AccessGranted,
OUT PBOOLEAN AuditPerformed,
IN KPROCESSOR_MODE AccessMode
);
VOID
SeObjectReferenceAuditAlarm(
IN PLUID OperationID OPTIONAL,
IN PVOID Object,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN ACCESS_MASK DesiredAccess,
IN PPRIVILEGE_SET Privileges OPTIONAL,
IN BOOLEAN AccessGranted,
IN KPROCESSOR_MODE AccessMode
);
NTKERNELAPI
VOID
SePrivilegeObjectAuditAlarm(
IN HANDLE Handle,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN ACCESS_MASK DesiredAccess,
IN PPRIVILEGE_SET Privileges,
IN BOOLEAN AccessGranted,
IN KPROCESSOR_MODE AccessMode
);
BOOLEAN
SeCheckPrivilegedObject(
LUID PrivilegeValue,
HANDLE ObjectHandle,
ACCESS_MASK DesiredAccess,
KPROCESSOR_MODE PreviousMode
);
// begin_ntddk begin_ntifs
NTKERNELAPI
BOOLEAN
SeValidSecurityDescriptor(
IN ULONG Length,
IN PSECURITY_DESCRIPTOR SecurityDescriptor
);
// end_ntddk end_ntifs
//VOID
//SeImplicitObjectAuditAlarm(
// IN PLUID OperationID OPTIONAL,
// IN PVOID Object,
// IN PSECURITY_DESCRIPTOR SecurityDescriptor,
// IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
// IN ACCESS_MASK DesiredAccess,
// IN PPRIVILEGE_SET Privileges OPTIONAL,
// IN BOOLEAN AccessGranted,
// IN KPROCESSOR_MODE AccessMode
// );
VOID
SeAuditHandleCreation(
IN PACCESS_STATE AccessState,
IN HANDLE Handle
);
PACCESS_TOKEN
SeMakeSystemToken ();
PACCESS_TOKEN
SeMakeAnonymousLogonToken ();
VOID
SeGetTokenControlInformation (
IN PACCESS_TOKEN Token,
OUT PTOKEN_CONTROL TokenControl
);
// PVOID
// SeTokenObjectType()
// Routine Description:
// This function returns a pointer to the Token object type structure.
// Arguments:
// None.
// Return Value:
// Pointer to the token object type structure.
extern struct _OBJECT_TYPE *SepTokenObjectType;
#define SeTokenObjectType() (PVOID)SepTokenObjectType
NTKERNELAPI // ntifs
TOKEN_TYPE // ntifs
SeTokenType( // ntifs
IN PACCESS_TOKEN Token // ntifs
); // ntifs
SECURITY_IMPERSONATION_LEVEL
SeTokenImpersonationLevel(
IN PACCESS_TOKEN Token
);
NTKERNELAPI // ntifs
BOOLEAN // ntifs
SeTokenIsAdmin( // ntifs
IN PACCESS_TOKEN Token // ntifs
); // ntifs
NTKERNELAPI // ntifs
BOOLEAN // ntifs
SeTokenIsRestricted( // ntifs
IN PACCESS_TOKEN Token // ntifs
); // ntifs
NTSTATUS
SeSubProcessToken (
IN PEPROCESS ParentProcess,
OUT PACCESS_TOKEN *ChildToken
);
VOID
SeAssignPrimaryToken(
IN PEPROCESS Process,
IN PACCESS_TOKEN Token
);
VOID
SeDeassignPrimaryToken(
IN PEPROCESS Process
);
NTSTATUS
SeExchangePrimaryToken(
IN PEPROCESS Process,
IN PACCESS_TOKEN NewAccessToken,
OUT PACCESS_TOKEN *OldAccessToken
);
NTSTATUS
SeCopyClientToken(
IN PACCESS_TOKEN ClientToken,
IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
IN KPROCESSOR_MODE RequestorMode,
OUT PACCESS_TOKEN *DuplicateToken
);
NTSTATUS
SeFilterToken (
IN PACCESS_TOKEN ExistingToken,
IN ULONG Flags,
IN PTOKEN_GROUPS SidsToDisable OPTIONAL,
IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL,
IN PTOKEN_GROUPS RestrictedSids OPTIONAL,
OUT PACCESS_TOKEN * FilteredToken
);
// begin_ntifs
NTKERNELAPI
NTSTATUS
SeQueryAuthenticationIdToken(
IN PACCESS_TOKEN Token,
OUT PLUID AuthenticationId
);
NTKERNELAPI
NTSTATUS
SeQuerySessionIdToken(
IN PACCESS_TOKEN,
IN PULONG pSessionId
);
NTKERNELAPI
NTSTATUS
SeSetSessionIdToken(
IN PACCESS_TOKEN,
IN ULONG SessionId
);
NTKERNELAPI
NTSTATUS
SeCreateClientSecurity (
IN PETHREAD ClientThread,
IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
IN BOOLEAN RemoteSession,
OUT PSECURITY_CLIENT_CONTEXT ClientContext
);
NTKERNELAPI
VOID
SeImpersonateClient(
IN PSECURITY_CLIENT_CONTEXT ClientContext,
IN PETHREAD ServerThread OPTIONAL
);
NTKERNELAPI
NTSTATUS
SeImpersonateClientEx(
IN PSECURITY_CLIENT_CONTEXT ClientContext,
IN PETHREAD ServerThread OPTIONAL
);
NTKERNELAPI
NTSTATUS
SeCreateClientSecurityFromSubjectContext (
IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
IN BOOLEAN ServerIsRemote,
OUT PSECURITY_CLIENT_CONTEXT ClientContext
);
// end_ntifs
// Do not export the following routines to drivers.
// If you need to do so, create a new routine that
// does not take the AuxData parameter and export
// that.
NTKERNELAPI
NTSTATUS
SeCreateAccessState(
IN PACCESS_STATE AccessState,
IN PAUX_ACCESS_DATA AuxData,
IN ACCESS_MASK DesiredAccess,
IN PGENERIC_MAPPING GenericMapping
);
NTKERNELAPI
VOID
SeDeleteAccessState(
IN PACCESS_STATE AccessState
);
NTSTATUS
SeUpdateClientSecurity(
IN PETHREAD ClientThread,
IN OUT PSECURITY_CLIENT_CONTEXT ClientContext,
OUT PBOOLEAN ChangesMade,
OUT PBOOLEAN NewToken
);
BOOLEAN
SeRmInitPhase1(
);
// begin_ntifs
NTKERNELAPI
NTSTATUS
SeQuerySecurityDescriptorInfo (
IN PSECURITY_INFORMATION SecurityInformation,
OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
IN OUT PULONG Length,
IN PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor
);
NTKERNELAPI
NTSTATUS
SeSetSecurityDescriptorInfo (
IN PVOID Object OPTIONAL,
IN PSECURITY_INFORMATION SecurityInformation,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
IN POOL_TYPE PoolType,
IN PGENERIC_MAPPING GenericMapping
);
NTKERNELAPI
NTSTATUS
SeSetSecurityDescriptorInfoEx (
IN PVOID Object OPTIONAL,
IN PSECURITY_INFORMATION SecurityInformation,
IN PSECURITY_DESCRIPTOR ModificationDescriptor,
IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
IN ULONG AutoInheritFlags,
IN POOL_TYPE PoolType,
IN PGENERIC_MAPPING GenericMapping
);
NTKERNELAPI
NTSTATUS
SeAppendPrivileges(
PACCESS_STATE AccessState,
PPRIVILEGE_SET Privileges
);
// end_ntifs
NTSTATUS
SeComputeQuotaInformationSize(
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
OUT PULONG Size
);
VOID
SePrivilegedServiceAuditAlarm (
IN PUNICODE_STRING ServiceName,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN PPRIVILEGE_SET Privileges,
IN BOOLEAN AccessGranted
);
NTKERNELAPI // ntddk ntifs
BOOLEAN // ntddk ntifs
SeSinglePrivilegeCheck( // ntddk ntifs
LUID PrivilegeValue, // ntddk ntifs
KPROCESSOR_MODE PreviousMode // ntddk ntifs
); // ntddk ntifs
BOOLEAN
SeCheckAuditPrivilege (
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN KPROCESSOR_MODE PreviousMode
);
NTSTATUS
SeAssignWorldSecurityDescriptor(
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN OUT PULONG Length,
IN PSECURITY_INFORMATION SecurityInformation
);
BOOLEAN
SeFastTraverseCheck(
PSECURITY_DESCRIPTOR SecurityDescriptor,
ACCESS_MASK TraverseAccess,
KPROCESSOR_MODE AccessMode
);
NTKERNELAPI // ntifs
BOOLEAN // ntifs
SeAuditingFileEvents( // ntifs
IN BOOLEAN AccessGranted, // ntifs
IN PSECURITY_DESCRIPTOR SecurityDescriptor // ntifs
); // ntifs
NTKERNELAPI // ntifs
BOOLEAN // ntifs
SeAuditingFileOrGlobalEvents( // ntifs
IN BOOLEAN AccessGranted, // ntifs
IN PSECURITY_DESCRIPTOR SecurityDescriptor, // ntifs
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext // ntifs
); // ntifs
VOID
SeAuditProcessCreation(
PEPROCESS Process,
PEPROCESS Parent,
PUNICODE_STRING ImageFileName
);
VOID
SeAuditProcessExit(
PEPROCESS Process
);
VOID
SeAuditHandleDuplication(
PVOID SourceHandle,
PVOID NewHandle,
PEPROCESS SourceProcess,
PEPROCESS TargetProcess
);
// begin_ntifs
VOID
SeSetAccessStateGenericMapping (
PACCESS_STATE AccessState,
PGENERIC_MAPPING GenericMapping
);
// end_ntifs
// begin_ntifs
NTKERNELAPI
NTSTATUS
SeRegisterLogonSessionTerminatedRoutine(
IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
);
NTKERNELAPI
NTSTATUS
SeUnregisterLogonSessionTerminatedRoutine(
IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
);
NTKERNELAPI
NTSTATUS
SeMarkLogonSessionForTerminationNotification(
IN PLUID LogonId
);
NTKERNELAPI
NTSTATUS
SeQueryInformationToken (
IN PACCESS_TOKEN Token,
IN TOKEN_INFORMATION_CLASS TokenInformationClass,
OUT PVOID *TokenInformation
);
// end_ntifs
NTSTATUS
SeIsChildToken(
IN HANDLE Token,
OUT PBOOLEAN IsChild
);
NTSTATUS
SeIsChildTokenByPointer(
IN PACCESS_TOKEN Token,
OUT PBOOLEAN IsChild
);
NTSTATUS
SeFastFilterToken(
IN PACCESS_TOKEN ExistingToken,
IN KPROCESSOR_MODE RequestorMode,
IN ULONG Flags,
IN ULONG GroupCount,
IN PSID_AND_ATTRIBUTES GroupsToDisable OPTIONAL,
IN ULONG PrivilegeCount,
IN PLUID_AND_ATTRIBUTES PrivilegesToDelete OPTIONAL,
IN ULONG SidCount,
IN PSID_AND_ATTRIBUTES RestrictedSids OPTIONAL,
IN ULONG SidLength,
OUT PACCESS_TOKEN * FilteredToken
);
// Global, READ ONLY, Security variables //
// begin_ntifs
// **************************************************************
// C A V E A T P R O G R A M M E R
// If you wish to include this file in an NT driver and use SeExports structure
// defined above, you need to call:
// SeEnableAccessToExports()
// exactly once during initialization.
// C A V E A T P R O G R A M M E R
// **************************************************************
#if 0
#define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
extern PSE_EXPORTS SeExports; // ntifs
#else
#define SeEnableAccessToExports()
extern NTKERNELAPI PSE_EXPORTS SeExports;
#endif
// end_ntifs
// Value used to represent the authentication ID of system processes
extern LUID SeSystemAuthenticationId;
extern LUID SeAnonymousAuthenticationId;
extern TOKEN_SOURCE SeSystemTokenSource;
// Universal well known SIDs
extern PSID SeNullSid;
extern PSID SeWorldSid;
extern PSID SeLocalSid;
extern PSID SeCreatorOwnerSid;
extern PSID SeCreatorGroupSid;
extern PSID SeCreatorOwnerServerSid;
extern PSID SeCreatorGroupServerSid;
extern PSID SePrincipalSelfSid;
// Sids defined by NT
extern PSID SeNtAuthoritySid;
extern PSID SeDialupSid;
extern PSID SeNetworkSid;
extern PSID SeBatchSid;
extern PSID SeInteractiveSid;
extern PSID SeLocalSystemSid;
extern PSID SeAuthenticatedUsersSid;
extern PSID SeAliasAdminsSid;
extern PSID SeRestrictedSid;
extern PSID SeAnonymousLogonSid;
extern PSID SeAliasUsersSid;
extern PSID SeAliasGuestsSid;
extern PSID SeAliasPowerUsersSid;
extern PSID SeAliasAccountOpsSid;
extern PSID SeAliasSystemOpsSid;
extern PSID SeAliasPrintOpsSid;
extern PSID SeAliasBackupOpsSid;
// Well known tokens
extern PACCESS_TOKEN SeAnonymousLogonToken;
// System default DACLs & Security Descriptors
extern PSECURITY_DESCRIPTOR SePublicDefaultSd;
extern PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd;
extern PSECURITY_DESCRIPTOR SePublicOpenSd;
extern PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd;
extern PSECURITY_DESCRIPTOR SeSystemDefaultSd;
extern PSECURITY_DESCRIPTOR SeUnrestrictedSd;
extern PACL SePublicDefaultDacl;
extern PACL SePublicDefaultUnrestrictedDacl;
extern PACL SePublicOpenDacl;
extern PACL SePublicOpenUnrestrictedDacl;
extern PACL SeSystemDefaultDacl;
extern PACL SeUnrestrictedDacl;
// Well known privilege values
extern LUID SeCreateTokenPrivilege;
extern LUID SeAssignPrimaryTokenPrivilege;
extern LUID SeLockMemoryPrivilege;
extern LUID SeIncreaseQuotaPrivilege;
extern LUID SeUnsolicitedInputPrivilege;
extern LUID SeTcbPrivilege;
extern LUID SeSecurityPrivilege;
extern LUID SeTakeOwnershipPrivilege;
extern LUID SeLoadDriverPrivilege;
extern LUID SeCreatePagefilePrivilege;
extern LUID SeIncreaseBasePriorityPrivilege;
extern LUID SeSystemProfilePrivilege;
extern LUID SeSystemtimePrivilege;
extern LUID SeProfileSingleProcessPrivilege;
extern LUID SeCreatePermanentPrivilege;
extern LUID SeBackupPrivilege;
extern LUID SeRestorePrivilege;
extern LUID SeShutdownPrivilege;
extern LUID SeDebugPrivilege;
extern LUID SeAuditPrivilege;
extern LUID SeSystemEnvironmentPrivilege;
extern LUID SeChangeNotifyPrivilege;
extern LUID SeRemoteShutdownPrivilege;
extern LUID SeUndockPrivilege;
extern LUID SeSyncAgentPrivilege;
extern LUID SeEnableDelegationPrivilege;
// Auditing information array
extern SE_AUDITING_STATE SeAuditingState[];
// Flag so that other components may quickly check for
// auditing.
extern BOOLEAN SeDetailedAuditing;
extern UNICODE_STRING SeSubsystemName;
#endif // _SE_