3 Copyright (c) Alex Ionescu. All rights reserved.
11 Function definitions for the security manager.
15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
27 #ifndef NTOS_MODE_USER
30 // Security Descriptors
35 SeCaptureSecurityDescriptor(
36 IN PSECURITY_DESCRIPTOR OriginalSecurityDescriptor
,
37 IN KPROCESSOR_MODE CurrentMode
,
38 IN POOL_TYPE PoolType
,
39 IN BOOLEAN CaptureIfKernel
,
40 OUT PSECURITY_DESCRIPTOR
*CapturedSecurityDescriptor
46 SeReleaseSecurityDescriptor(
47 IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor
,
48 IN KPROCESSOR_MODE CurrentMode
,
49 IN BOOLEAN CaptureIfKernelMode
59 PACCESS_STATE AccessState
,
60 PAUX_ACCESS_DATA AuxData
,
62 PGENERIC_MAPPING GenericMapping
69 IN PACCESS_STATE AccessState
76 SECURITY_IMPERSONATION_LEVEL
78 SeTokenImpersonationLevel(
79 IN PACCESS_TOKEN Token
91 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
92 IN HANDLE ClientToken
,
93 IN ACCESS_MASK DesiredAccess
,
94 IN PGENERIC_MAPPING GenericMapping
,
95 OUT PPRIVILEGE_SET PrivilegeSet
,
96 OUT PULONG ReturnLength
,
97 OUT PACCESS_MASK GrantedAccess
,
98 OUT PNTSTATUS AccessStatus
104 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
105 IN PSID PrincipalSelfSid
,
106 IN HANDLE ClientToken
,
107 IN ACCESS_MASK DesiredAccess
,
108 IN POBJECT_TYPE_LIST ObjectTypeList
,
109 IN ULONG ObjectTypeLength
,
110 IN PGENERIC_MAPPING GenericMapping
,
111 IN PPRIVILEGE_SET PrivilegeSet
,
112 IN ULONG PrivilegeSetLength
,
113 OUT PACCESS_MASK GrantedAccess
,
114 OUT PNTSTATUS AccessStatus
119 NtAccessCheckByTypeResultList(
120 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
121 IN PSID PrincipalSelfSid
,
122 IN HANDLE ClientToken
,
123 IN ACCESS_MASK DesiredAccess
,
124 IN POBJECT_TYPE_LIST ObjectTypeList
,
125 IN ULONG ObjectTypeLength
,
126 IN PGENERIC_MAPPING GenericMapping
,
127 IN PPRIVILEGE_SET PrivilegeSet
,
128 IN ULONG PrivilegeSetLength
,
129 OUT PACCESS_MASK GrantedAccess
,
130 OUT PNTSTATUS AccessStatus
136 NtAccessCheckAndAuditAlarm(
137 IN PUNICODE_STRING SubsystemName
,
139 IN PUNICODE_STRING ObjectTypeName
,
140 IN PUNICODE_STRING ObjectName
,
141 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
142 IN ACCESS_MASK DesiredAccess
,
143 IN PGENERIC_MAPPING GenericMapping
,
144 IN BOOLEAN ObjectCreation
,
145 OUT PACCESS_MASK GrantedAccess
,
146 OUT PNTSTATUS AccessStatus
,
147 OUT PBOOLEAN GenerateOnClose
154 IN HANDLE TokenHandle
,
155 IN BOOLEAN ResetToDefault
,
156 IN PTOKEN_GROUPS NewState
,
157 IN ULONG BufferLength
,
158 OUT PTOKEN_GROUPS PreviousState OPTIONAL
,
159 OUT PULONG ReturnLength
165 NtAdjustPrivilegesToken(
166 IN HANDLE TokenHandle
,
167 IN BOOLEAN DisableAllPrivileges
,
168 IN PTOKEN_PRIVILEGES NewState
,
169 IN ULONG BufferLength
,
170 OUT PTOKEN_PRIVILEGES PreviousState
,
171 OUT PULONG ReturnLength
177 NtAllocateLocallyUniqueId(
178 OUT LUID
*LocallyUniqueId
185 PULARGE_INTEGER Time
,
195 IN HANDLE FirstTokenHandle
,
196 IN HANDLE SecondTokenHandle
,
203 OUT PHANDLE TokenHandle
,
204 IN ACCESS_MASK DesiredAccess
,
205 IN POBJECT_ATTRIBUTES ObjectAttributes
,
206 IN TOKEN_TYPE TokenType
,
207 IN PLUID AuthenticationId
,
208 IN PLARGE_INTEGER ExpirationTime
,
209 IN PTOKEN_USER TokenUser
,
210 IN PTOKEN_GROUPS TokenGroups
,
211 IN PTOKEN_PRIVILEGES TokenPrivileges
,
212 IN PTOKEN_OWNER TokenOwner
,
213 IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup
,
214 IN PTOKEN_DEFAULT_DACL TokenDefaultDacl
,
215 IN PTOKEN_SOURCE TokenSource
222 IN HANDLE ExistingTokenHandle
,
223 IN ACCESS_MASK DesiredAccess
,
224 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
225 IN BOOLEAN EffectiveOnly
,
226 IN TOKEN_TYPE TokenType
,
227 OUT PHANDLE NewTokenHandle
233 NtImpersonateAnonymousToken(
240 NtOpenObjectAuditAlarm(
241 IN PUNICODE_STRING SubsystemName
,
243 IN PUNICODE_STRING ObjectTypeName
,
244 IN PUNICODE_STRING ObjectName
,
245 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
246 IN HANDLE ClientToken
,
247 IN ULONG DesiredAccess
,
248 IN ULONG GrantedAccess
,
249 IN PPRIVILEGE_SET Privileges
,
250 IN BOOLEAN ObjectCreation
,
251 IN BOOLEAN AccessGranted
,
252 OUT PBOOLEAN GenerateOnClose
259 IN HANDLE ProcessHandle
,
260 IN ACCESS_MASK DesiredAccess
,
261 OUT PHANDLE TokenHandle
267 NtOpenProcessTokenEx(
268 IN HANDLE ProcessHandle
,
269 IN ACCESS_MASK DesiredAccess
,
270 IN ULONG HandleAttributes
,
271 OUT PHANDLE TokenHandle
278 IN HANDLE ClientToken
,
279 IN PPRIVILEGE_SET RequiredPrivileges
,
286 NtPrivilegedServiceAuditAlarm(
287 IN PUNICODE_STRING SubsystemName
,
288 IN PUNICODE_STRING ServiceName
,
289 IN HANDLE ClientToken
,
290 IN PPRIVILEGE_SET Privileges
,
291 IN BOOLEAN AccessGranted
297 NtPrivilegeObjectAuditAlarm(
298 IN PUNICODE_STRING SubsystemName
,
300 IN HANDLE ClientToken
,
301 IN ULONG DesiredAccess
,
302 IN PPRIVILEGE_SET Privileges
,
303 IN BOOLEAN AccessGranted
309 NtQueryInformationToken(
310 IN HANDLE TokenHandle
,
311 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
312 OUT PVOID TokenInformation
,
313 IN ULONG TokenInformationLength
,
314 OUT PULONG ReturnLength
320 NtSetInformationToken(
321 IN HANDLE TokenHandle
,
322 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
323 OUT PVOID TokenInformation
,
324 IN ULONG TokenInformationLength
331 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
332 IN HANDLE ClientToken
,
333 IN ACCESS_MASK DesiredAccess
,
334 IN PGENERIC_MAPPING GenericMapping
,
335 OUT PPRIVILEGE_SET PrivilegeSet
,
336 OUT PULONG ReturnLength
,
337 OUT PACCESS_MASK GrantedAccess
,
338 OUT PNTSTATUS AccessStatus
345 IN HANDLE TokenHandle
,
346 IN BOOLEAN ResetToDefault
,
347 IN PTOKEN_GROUPS NewState
,
348 IN ULONG BufferLength
,
349 OUT PTOKEN_GROUPS PreviousState OPTIONAL
,
350 OUT PULONG ReturnLength
356 ZwAdjustPrivilegesToken(
357 IN HANDLE TokenHandle
,
358 IN BOOLEAN DisableAllPrivileges
,
359 IN PTOKEN_PRIVILEGES NewState
,
360 IN ULONG BufferLength
,
361 OUT PTOKEN_PRIVILEGES PreviousState
,
362 OUT PULONG ReturnLength
368 ZwAllocateLocallyUniqueId(
369 OUT LUID
*LocallyUniqueId
376 PULARGE_INTEGER Time
,
386 OUT PHANDLE TokenHandle
,
387 IN ACCESS_MASK DesiredAccess
,
388 IN POBJECT_ATTRIBUTES ObjectAttributes
,
389 IN TOKEN_TYPE TokenType
,
390 IN PLUID AuthenticationId
,
391 IN PLARGE_INTEGER ExpirationTime
,
392 IN PTOKEN_USER TokenUser
,
393 IN PTOKEN_GROUPS TokenGroups
,
394 IN PTOKEN_PRIVILEGES TokenPrivileges
,
395 IN PTOKEN_OWNER TokenOwner
,
396 IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup
,
397 IN PTOKEN_DEFAULT_DACL TokenDefaultDacl
,
398 IN PTOKEN_SOURCE TokenSource
405 IN HANDLE ExistingTokenHandle
,
406 IN ACCESS_MASK DesiredAccess
,
407 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
408 IN BOOLEAN EffectiveOnly
,
409 IN TOKEN_TYPE TokenType
,
410 OUT PHANDLE NewTokenHandle
416 ZwImpersonateAnonymousToken(
423 ZwOpenObjectAuditAlarm(
424 IN PUNICODE_STRING SubsystemName
,
426 IN PUNICODE_STRING ObjectTypeName
,
427 IN PUNICODE_STRING ObjectName
,
428 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
429 IN HANDLE ClientToken
,
430 IN ULONG DesiredAccess
,
431 IN ULONG GrantedAccess
,
432 IN PPRIVILEGE_SET Privileges
,
433 IN BOOLEAN ObjectCreation
,
434 IN BOOLEAN AccessGranted
,
435 OUT PBOOLEAN GenerateOnClose
442 IN HANDLE ProcessHandle
,
443 IN ACCESS_MASK DesiredAccess
,
444 OUT PHANDLE TokenHandle
450 ZwOpenProcessTokenEx(
451 IN HANDLE ProcessHandle
,
452 IN ACCESS_MASK DesiredAccess
,
453 IN ULONG HandleAttributes
,
454 OUT PHANDLE TokenHandle
461 IN HANDLE ClientToken
,
462 IN PPRIVILEGE_SET RequiredPrivileges
,
469 ZwPrivilegedServiceAuditAlarm(
470 IN PUNICODE_STRING SubsystemName
,
471 IN PUNICODE_STRING ServiceName
,
472 IN HANDLE ClientToken
,
473 IN PPRIVILEGE_SET Privileges
,
474 IN BOOLEAN AccessGranted
480 ZwPrivilegeObjectAuditAlarm(
481 IN PUNICODE_STRING SubsystemName
,
483 IN HANDLE ClientToken
,
484 IN ULONG DesiredAccess
,
485 IN PPRIVILEGE_SET Privileges
,
486 IN BOOLEAN AccessGranted
492 ZwQueryInformationToken(
493 IN HANDLE TokenHandle
,
494 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
495 OUT PVOID TokenInformation
,
496 IN ULONG TokenInformationLength
,
497 OUT PULONG ReturnLength
503 ZwSetInformationToken(
504 IN HANDLE TokenHandle
,
505 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
506 OUT PVOID TokenInformation
,
507 IN ULONG TokenInformationLength