Sync with trunk (r48545)
[reactos.git] / include / psdk / authz.h
1 /*
2 * authz.h
3 *
4 * Authorization Framework
5 *
6 * THIS SOFTWARE IS NOT COPYRIGHTED
7 *
8 * This source code is offered for use in the public domain. You may
9 * use, modify or distribute it freely.
10 *
11 * This code is distributed in the hope that it will be useful but
12 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
13 * DISCLAIMED. This includes but is not limited to warranties of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
15 *
16 */
17 #ifndef __AUTHZ_H
18 #define __AUTHZ_H
19
20 #if !defined(_AUTHZ_)
21 #define AUTHZAPI DECLSPEC_IMPORT
22 #else
23 #define AUTHZAPI
24 #endif
25
26 #ifdef __cplusplus
27 extern "C" {
28 #endif
29
30 #define AUTHZ_ACCESS_CHECK_NO_DEEP_COPY_SD 0x1
31
32 #define AUTHZ_GENERATE_SUCCESS_AUDIT 0x1
33 #define AUTHZ_GENERATE_FAILURE_AUDIT 0x2
34
35 #define AUTHZ_SKIP_TOKEN_GROUPS 0x2
36 #define AUTHZ_REQUIRE_S4U_LOGON 0x4
37
38 #define AUTHZ_NO_SUCCESS_AUDIT 0x1
39 #define AUTHZ_NO_FAILURE_AUDIT 0x2
40 #define AUTHZ_NO_ALLOC_STRINGS 0x4
41
42 #define AUTHZ_RM_FLAG_NO_AUDIT 0x1
43 #define AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION 0x2
44
45 typedef HANDLE AUTHZ_CLIENT_CONTEXT_HANDLE, *PAUTHZ_CLIENT_CONTEXT_HANDLE;
46 typedef HANDLE AUTHZ_AUDIT_INFO_HANDLE, *PAUTHZ_AUDIT_INFO_HANDLE;
47 typedef HANDLE AUTHZ_AUDIT_EVENT_HANDLE, *PAUTHZ_AUDIT_EVENT_HANDLE;
48 typedef HANDLE AUTHZ_AUDIT_EVENT_TYPE_HANDLE, *PAUTHZ_AUDIT_EVENT_TYPE_HANDLE;
49 typedef HANDLE AUTHZ_ACCESS_CHECK_RESULTS_HANDLE, *PAUTHZ_ACCESS_CHECK_RESULTS_HANDLE;
50 typedef HANDLE AUTHZ_RESOURCE_MANAGER_HANDLE, *PAUTHZ_RESOURCE_MANAGER_HANDLE;
51 typedef HANDLE AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE, *PAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE;
52
53 #if !defined(_ADTGEN_H)
54 /* FIXME - AUDIT_PARAMS is defined in adtgen.h!!!!! */
55 typedef PVOID PAUDIT_PARAMS;
56 #endif
57
58 typedef enum _AUTHZ_CONTEXT_INFORMATION_CLASS
59 {
60 AuthzContextInfoUserSid = 1,
61 AuthzContextInfoGroupsSids,
62 AuthzContextInfoRestrictedSids,
63 AuthzContextInfoPrivileges,
64 AuthzContextInfoExpirationTime,
65 AuthzContextInfoServerContext,
66 AuthzContextInfoIdentifier,
67 AuthzContextInfoSource,
68 AuthzContextInfoAll,
69 AuthzContextInfoAuthenticationId
70 } AUTHZ_CONTEXT_INFORMATION_CLASS, *PAUTHZ_CONTEXT_INFORMATION_CLASS;
71
72 typedef struct _AUTHZ_ACCESS_REQUEST
73 {
74 ACCESS_MASK DesiredAccess;
75 PSID PrincipalSelfSid;
76 POBJECT_TYPE_LIST ObjectTypeList;
77 DWORD ObjectTypeListLength;
78 PVOID OptionalArguments;
79 } AUTHZ_ACCESS_REQUEST, *PAUTHZ_ACCESS_REQUEST;
80
81 typedef struct _AUTHZ_ACCESS_REPLY
82 {
83 DWORD ResultListLength;
84 PACCESS_MASK GrantedAccessMask;
85 PDWORD SaclEvaluationResults;
86 PDWORD Error;
87 } AUTHZ_ACCESS_REPLY, *PAUTHZ_ACCESS_REPLY;
88
89 typedef struct _AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET
90 {
91 PWSTR szObjectTypeName;
92 DWORD dwOffset;
93 } AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET, *PAUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET;
94
95 typedef struct _AUTHZ_SOURCE_SCHEMA_REGISTRATION
96 {
97 DWORD dwFlags;
98 PWSTR szEventSourceName;
99 PWSTR szEventMessageFile;
100 PWSTR szEventSourceXmlSchemaFile;
101 PWSTR szEventAccessStringsFile;
102 PWSTR szExecutableImagePath;
103 PVOID pReserved;
104 DWORD dwObjectTypeNameCount;
105 AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET ObjectTypeNames[ANYSIZE_ARRAY];
106 } AUTHZ_SOURCE_SCHEMA_REGISTRATION, *PAUTHZ_SOURCE_SCHEMA_REGISTRATION;
107
108 typedef BOOL (CALLBACK *PFN_AUTHZ_DYNAMIC_ACCESS_CHECK)(IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
109 IN PACE_HEADER pAce,
110 IN PVOID pArgs OPTIONAL,
111 IN OUT PBOOL pbAceApplicable);
112
113 typedef BOOL (CALLBACK *PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS)(IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
114 IN PVOID Args,
115 OUT PSID_AND_ATTRIBUTES* pSidAttrArray,
116 OUT PDWORD pSidCount,
117 OUT PSID_AND_ATTRIBUTES* pRestrictedSidAttrArray,
118 OUT PDWORD pRestrictedSidCount);
119
120 typedef VOID (CALLBACK *PFN_AUTHZ_FREE_DYNAMIC_GROUPS)(IN PSID_AND_ATTRIBUTES pSidAttrArray);
121
122 AUTHZAPI
123 BOOL
124 WINAPI
125 AuthzAccessCheck(IN DWORD flags,
126 IN AUTHZ_CLIENT_CONTEXT_HANDLE AuthzClientContext,
127 IN PAUTHZ_ACCESS_REQUEST pRequest,
128 IN AUTHZ_AUDIT_INFO_HANDLE AuditInfo,
129 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
130 IN PSECURITY_DESCRIPTOR* OptionalSecurityDescriptorArray,
131 IN DWORD OptionalSecurityDescriptorCount OPTIONAL,
132 IN OUT PAUTHZ_ACCESS_REPLY pReply,
133 OUT PAUTHZ_ACCESS_CHECK_RESULTS_HANDLE pAuthzHandle);
134
135 AUTHZAPI
136 BOOL
137 WINAPI
138 AuthzAddSidsToContext(IN AUTHZ_CLIENT_CONTEXT_HANDLE OrigClientContext,
139 IN PSID_AND_ATTRIBUTES Sids,
140 IN DWORD SidCount,
141 IN PSID_AND_ATTRIBUTES RestrictedSids,
142 IN DWORD RestrictedSidCount,
143 OUT PAUTHZ_CLIENT_CONTEXT_HANDLE pNewClientContext);
144
145 AUTHZAPI
146 BOOL
147 WINAPI
148 AuthzCachedAccessCheck(IN DWORD Flags,
149 IN AUTHZ_ACCESS_CHECK_RESULTS_HANDLE AuthzHandle,
150 IN PAUTHZ_ACCESS_REQUEST pRequest,
151 IN AUTHZ_AUDIT_EVENT_HANDLE AuditInfo,
152 OUT PAUTHZ_ACCESS_REPLY pReply);
153
154 AUTHZAPI
155 BOOL
156 WINAPI
157 AuthzEnumerateSecurityEventSources(IN DWORD dwFlags,
158 OUT PAUTHZ_SOURCE_SCHEMA_REGISTRATION Buffer,
159 OUT PDWORD pdwCount,
160 IN OUT PDWORD pdwLength);
161
162 AUTHZAPI
163 BOOL
164 WINAPI
165 AuthzFreeAuditEvent(IN AUTHZ_AUDIT_EVENT_HANDLE pAuditEventInfo);
166
167 AUTHZAPI
168 BOOL
169 WINAPI
170 AuthzFreeContext(IN AUTHZ_CLIENT_CONTEXT_HANDLE AuthzClientContext);
171
172 AUTHZAPI
173 BOOL
174 WINAPI
175 AuthzFreeHandle(IN AUTHZ_ACCESS_CHECK_RESULTS_HANDLE AuthzHandle);
176
177 AUTHZAPI
178 BOOL
179 WINAPI
180 AuthzFreeResourceManager(IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager);
181
182 AUTHZAPI
183 BOOL
184 WINAPI
185 AuthzGetInformationFromContext(IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
186 IN AUTHZ_CONTEXT_INFORMATION_CLASS InfoClass,
187 IN DWORD BufferSize,
188 OUT PDWORD pSizeRequired,
189 OUT PVOID Buffer);
190
191 AUTHZAPI
192 BOOL
193 WINAPI
194 AuthzInitializeContextFromAuthzContext(IN DWORD flags,
195 IN AUTHZ_CLIENT_CONTEXT_HANDLE AuthzHandle,
196 IN PLARGE_INTEGER ExpirationTime,
197 IN LUID Identifier,
198 IN PVOID DynamicGroupArgs,
199 OUT PAUTHZ_CLIENT_CONTEXT_HANDLE phNewAuthzHandle);
200
201 AUTHZAPI
202 BOOL
203 WINAPI
204 AuthzInitializeContextFromSid(IN DWORD Flags,
205 IN PSID UserSid,
206 IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager,
207 IN PLARGE_INTEGER pExpirationTime,
208 IN LUID Identifier,
209 IN PVOID DynamicGroupArgs,
210 OUT PAUTHZ_CLIENT_CONTEXT_HANDLE pAuthzClientContext);
211
212 AUTHZAPI
213 BOOL
214 WINAPI
215 AuthzInitializeContextFromToken(IN DWORD Flags,
216 IN HANDLE TokenHandle,
217 IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager,
218 IN PLARGE_INTEGER pExpirationTime,
219 IN LUID Identifier,
220 IN PVOID DynamicGroupArgs,
221 OUT PAUTHZ_CLIENT_CONTEXT_HANDLE pAuthzClientContext);
222
223 AUTHZAPI
224 BOOL
225 WINAPI
226 AuthzInitializeObjectAccessAuditEvent(IN DWORD Flags,
227 IN AUTHZ_AUDIT_EVENT_TYPE_HANDLE hAuditEventType,
228 IN PWSTR szOperationType,
229 IN PWSTR szObjectType,
230 IN PWSTR szObjectName,
231 IN PWSTR szAdditionalInfo,
232 OUT PAUTHZ_AUDIT_EVENT_HANDLE phAuditEvent,
233 IN DWORD dwAdditionalParamCount);
234
235 AUTHZAPI
236 BOOL
237 WINAPI
238 AuthzInitializeObjectAccessAuditEvent2(IN DWORD Flags,
239 IN AUTHZ_AUDIT_EVENT_TYPE_HANDLE hAuditEventType,
240 IN PWSTR szOperationType,
241 IN PWSTR szObjectType,
242 IN PWSTR szObjectName,
243 IN PWSTR szAdditionalInfo,
244 IN PWSTR szAdditionalInfo2,
245 OUT PAUTHZ_AUDIT_EVENT_HANDLE phAuditEvent,
246 IN DWORD dwAdditionalParameterCount);
247
248 AUTHZAPI
249 BOOL
250 WINAPI
251 AuthzInitializeResourceManager(IN DWORD flags,
252 IN PFN_AUTHZ_DYNAMIC_ACCESS_CHECK pfnAccessCheck,
253 IN PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS pfnComputeDynamicGroups,
254 IN PFN_AUTHZ_FREE_DYNAMIC_GROUPS pfnFreeDynamicGroups,
255 IN PCWSTR ResourceManagerName,
256 IN PAUTHZ_RESOURCE_MANAGER_HANDLE pAuthzResourceManager);
257
258 AUTHZAPI
259 BOOL
260 WINAPI
261 AuthzInstallSecurityEventSource(IN DWORD dwFlags,
262 IN PAUTHZ_SOURCE_SCHEMA_REGISTRATION pRegistration);
263
264 AUTHZAPI
265 BOOL
266 WINAPI
267 AuthzOpenObjectAudit(IN DWORD Flags,
268 IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
269 IN PAUTHZ_ACCESS_REQUEST pRequest,
270 IN AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent,
271 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
272 IN PSECURITY_DESCRIPTOR* SecurityDescriptorArray,
273 IN DWORD SecurityDescriptorCount,
274 OUT PAUTHZ_ACCESS_REPLY pReply);
275
276 AUTHZAPI
277 BOOL
278 WINAPI
279 AuthzRegisterSecurityEventSource(IN DWORD dwFlags,
280 IN PCWSTR szEventSourceName,
281 IN PAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE phEventProvider);
282
283 AUTHZAPI
284 BOOL
285 WINAPI
286 AuthzReportSecurityEvent(IN DWORD dwFlags,
287 IN AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE hEventProvider,
288 IN DWORD dwAuditId,
289 IN PSID pUserSid OPTIONAL,
290 IN DWORD dwCount,
291 ...);
292
293 AUTHZAPI
294 BOOL
295 WINAPI
296 AuthzReportSecurityEventFromParams(IN DWORD dwFlags,
297 IN AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE hEventProvider,
298 IN DWORD dwAuditId,
299 IN PSID pUserSid OPTIONAL,
300 IN PAUDIT_PARAMS pParams);
301
302 AUTHZAPI
303 BOOL
304 WINAPI
305 AuthzUninstallSecurityEventSource(IN DWORD dwFlags,
306 IN PWSTR szEventSourceName);
307
308 AUTHZAPI
309 BOOL
310 WINAPI
311 AuthzUnregisterSecurityEventSource(IN DWORD dwFlags,
312 IN OUT PAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE phEventProvider);
313
314 #ifdef __cplusplus
315 }
316 #endif
317 #endif /* __AUTHZ_H */