4 * Authorization Framework
6 * THIS SOFTWARE IS NOT COPYRIGHTED
8 * This source code is offered for use in the public domain. You may
9 * use, modify or distribute it freely.
11 * This code is distributed in the hope that it will be useful but
12 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
13 * DISCLAIMED. This includes but is not limited to warranties of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
21 #define AUTHZAPI DECLSPEC_IMPORT
30 #define AUTHZ_ACCESS_CHECK_NO_DEEP_COPY_SD 0x1
32 #define AUTHZ_GENERATE_SUCCESS_AUDIT 0x1
33 #define AUTHZ_GENERATE_FAILURE_AUDIT 0x2
35 #define AUTHZ_SKIP_TOKEN_GROUPS 0x2
36 #define AUTHZ_REQUIRE_S4U_LOGON 0x4
38 #define AUTHZ_NO_SUCCESS_AUDIT 0x1
39 #define AUTHZ_NO_FAILURE_AUDIT 0x2
40 #define AUTHZ_NO_ALLOC_STRINGS 0x4
42 #define AUTHZ_RM_FLAG_NO_AUDIT 0x1
43 #define AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION 0x2
45 typedef HANDLE AUTHZ_CLIENT_CONTEXT_HANDLE
, *PAUTHZ_CLIENT_CONTEXT_HANDLE
;
46 typedef HANDLE AUTHZ_AUDIT_INFO_HANDLE
, *PAUTHZ_AUDIT_INFO_HANDLE
;
47 typedef HANDLE AUTHZ_AUDIT_EVENT_HANDLE
, *PAUTHZ_AUDIT_EVENT_HANDLE
;
48 typedef HANDLE AUTHZ_AUDIT_EVENT_TYPE_HANDLE
, *PAUTHZ_AUDIT_EVENT_TYPE_HANDLE
;
49 typedef HANDLE AUTHZ_ACCESS_CHECK_RESULTS_HANDLE
, *PAUTHZ_ACCESS_CHECK_RESULTS_HANDLE
;
50 typedef HANDLE AUTHZ_RESOURCE_MANAGER_HANDLE
, *PAUTHZ_RESOURCE_MANAGER_HANDLE
;
51 typedef HANDLE AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE
, *PAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE
;
53 #if !defined(_ADTGEN_H)
54 /* FIXME - AUDIT_PARAMS is defined in adtgen.h!!!!! */
55 typedef PVOID PAUDIT_PARAMS
;
58 typedef enum _AUTHZ_CONTEXT_INFORMATION_CLASS
60 AuthzContextInfoUserSid
= 1,
61 AuthzContextInfoGroupsSids
,
62 AuthzContextInfoRestrictedSids
,
63 AuthzContextInfoPrivileges
,
64 AuthzContextInfoExpirationTime
,
65 AuthzContextInfoServerContext
,
66 AuthzContextInfoIdentifier
,
67 AuthzContextInfoSource
,
69 AuthzContextInfoAuthenticationId
70 } AUTHZ_CONTEXT_INFORMATION_CLASS
, *PAUTHZ_CONTEXT_INFORMATION_CLASS
;
72 typedef struct _AUTHZ_ACCESS_REQUEST
74 ACCESS_MASK DesiredAccess
;
75 PSID PrincipalSelfSid
;
76 POBJECT_TYPE_LIST ObjectTypeList
;
77 DWORD ObjectTypeListLength
;
78 PVOID OptionalArguments
;
79 } AUTHZ_ACCESS_REQUEST
, *PAUTHZ_ACCESS_REQUEST
;
81 typedef struct _AUTHZ_ACCESS_REPLY
83 DWORD ResultListLength
;
84 PACCESS_MASK GrantedAccessMask
;
85 PDWORD SaclEvaluationResults
;
87 } AUTHZ_ACCESS_REPLY
, *PAUTHZ_ACCESS_REPLY
;
89 typedef struct _AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET
91 PWSTR szObjectTypeName
;
93 } AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET
, *PAUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET
;
95 typedef struct _AUTHZ_SOURCE_SCHEMA_REGISTRATION
98 PWSTR szEventSourceName
;
99 PWSTR szEventMessageFile
;
100 PWSTR szEventSourceXmlSchemaFile
;
101 PWSTR szEventAccessStringsFile
;
102 PWSTR szExecutableImagePath
;
104 DWORD dwObjectTypeNameCount
;
105 AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET ObjectTypeNames
[ANYSIZE_ARRAY
];
106 } AUTHZ_SOURCE_SCHEMA_REGISTRATION
, *PAUTHZ_SOURCE_SCHEMA_REGISTRATION
;
108 typedef BOOL (CALLBACK
*PFN_AUTHZ_DYNAMIC_ACCESS_CHECK
)(IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext
,
110 IN PVOID pArgs OPTIONAL
,
111 IN OUT PBOOL pbAceApplicable
);
113 typedef BOOL (CALLBACK
*PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS
)(IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext
,
115 OUT PSID_AND_ATTRIBUTES
* pSidAttrArray
,
116 OUT PDWORD pSidCount
,
117 OUT PSID_AND_ATTRIBUTES
* pRestrictedSidAttrArray
,
118 OUT PDWORD pRestrictedSidCount
);
120 typedef VOID (CALLBACK
*PFN_AUTHZ_FREE_DYNAMIC_GROUPS
)(IN PSID_AND_ATTRIBUTES pSidAttrArray
);
125 AuthzAccessCheck(IN DWORD flags
,
126 IN AUTHZ_CLIENT_CONTEXT_HANDLE AuthzClientContext
,
127 IN PAUTHZ_ACCESS_REQUEST pRequest
,
128 IN AUTHZ_AUDIT_INFO_HANDLE AuditInfo
,
129 IN PSECURITY_DESCRIPTOR pSecurityDescriptor
,
130 IN PSECURITY_DESCRIPTOR
* OptionalSecurityDescriptorArray
,
131 IN DWORD OptionalSecurityDescriptorCount OPTIONAL
,
132 IN OUT PAUTHZ_ACCESS_REPLY pReply
,
133 OUT PAUTHZ_ACCESS_CHECK_RESULTS_HANDLE pAuthzHandle
);
138 AuthzAddSidsToContext(IN AUTHZ_CLIENT_CONTEXT_HANDLE OrigClientContext
,
139 IN PSID_AND_ATTRIBUTES Sids
,
141 IN PSID_AND_ATTRIBUTES RestrictedSids
,
142 IN DWORD RestrictedSidCount
,
143 OUT PAUTHZ_CLIENT_CONTEXT_HANDLE pNewClientContext
);
148 AuthzCachedAccessCheck(IN DWORD Flags
,
149 IN AUTHZ_ACCESS_CHECK_RESULTS_HANDLE AuthzHandle
,
150 IN PAUTHZ_ACCESS_REQUEST pRequest
,
151 IN AUTHZ_AUDIT_EVENT_HANDLE AuditInfo
,
152 OUT PAUTHZ_ACCESS_REPLY pReply
);
157 AuthzEnumerateSecurityEventSources(IN DWORD dwFlags
,
158 OUT PAUTHZ_SOURCE_SCHEMA_REGISTRATION Buffer
,
160 IN OUT PDWORD pdwLength
);
165 AuthzFreeAuditEvent(IN AUTHZ_AUDIT_EVENT_HANDLE pAuditEventInfo
);
170 AuthzFreeContext(IN AUTHZ_CLIENT_CONTEXT_HANDLE AuthzClientContext
);
175 AuthzFreeHandle(IN AUTHZ_ACCESS_CHECK_RESULTS_HANDLE AuthzHandle
);
180 AuthzFreeResourceManager(IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager
);
185 AuthzGetInformationFromContext(IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext
,
186 IN AUTHZ_CONTEXT_INFORMATION_CLASS InfoClass
,
188 OUT PDWORD pSizeRequired
,
194 AuthzInitializeContextFromAuthzContext(IN DWORD flags
,
195 IN AUTHZ_CLIENT_CONTEXT_HANDLE AuthzHandle
,
196 IN PLARGE_INTEGER ExpirationTime
,
198 IN PVOID DynamicGroupArgs
,
199 OUT PAUTHZ_CLIENT_CONTEXT_HANDLE phNewAuthzHandle
);
204 AuthzInitializeContextFromSid(IN DWORD Flags
,
206 IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager
,
207 IN PLARGE_INTEGER pExpirationTime
,
209 IN PVOID DynamicGroupArgs
,
210 OUT PAUTHZ_CLIENT_CONTEXT_HANDLE pAuthzClientContext
);
215 AuthzInitializeContextFromToken(IN DWORD Flags
,
216 IN HANDLE TokenHandle
,
217 IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager
,
218 IN PLARGE_INTEGER pExpirationTime
,
220 IN PVOID DynamicGroupArgs
,
221 OUT PAUTHZ_CLIENT_CONTEXT_HANDLE pAuthzClientContext
);
226 AuthzInitializeObjectAccessAuditEvent(IN DWORD Flags
,
227 IN AUTHZ_AUDIT_EVENT_TYPE_HANDLE hAuditEventType
,
228 IN PWSTR szOperationType
,
229 IN PWSTR szObjectType
,
230 IN PWSTR szObjectName
,
231 IN PWSTR szAdditionalInfo
,
232 OUT PAUTHZ_AUDIT_EVENT_HANDLE phAuditEvent
,
233 IN DWORD dwAdditionalParamCount
);
238 AuthzInitializeObjectAccessAuditEvent2(IN DWORD Flags
,
239 IN AUTHZ_AUDIT_EVENT_TYPE_HANDLE hAuditEventType
,
240 IN PWSTR szOperationType
,
241 IN PWSTR szObjectType
,
242 IN PWSTR szObjectName
,
243 IN PWSTR szAdditionalInfo
,
244 IN PWSTR szAdditionalInfo2
,
245 OUT PAUTHZ_AUDIT_EVENT_HANDLE phAuditEvent
,
246 IN DWORD dwAdditionalParameterCount
);
251 AuthzInitializeResourceManager(IN DWORD flags
,
252 IN PFN_AUTHZ_DYNAMIC_ACCESS_CHECK pfnAccessCheck
,
253 IN PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS pfnComputeDynamicGroups
,
254 IN PFN_AUTHZ_FREE_DYNAMIC_GROUPS pfnFreeDynamicGroups
,
255 IN PCWSTR ResourceManagerName
,
256 IN PAUTHZ_RESOURCE_MANAGER_HANDLE pAuthzResourceManager
);
261 AuthzInstallSecurityEventSource(IN DWORD dwFlags
,
262 IN PAUTHZ_SOURCE_SCHEMA_REGISTRATION pRegistration
);
267 AuthzOpenObjectAudit(IN DWORD Flags
,
268 IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext
,
269 IN PAUTHZ_ACCESS_REQUEST pRequest
,
270 IN AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent
,
271 IN PSECURITY_DESCRIPTOR pSecurityDescriptor
,
272 IN PSECURITY_DESCRIPTOR
* SecurityDescriptorArray
,
273 IN DWORD SecurityDescriptorCount
,
274 OUT PAUTHZ_ACCESS_REPLY pReply
);
279 AuthzRegisterSecurityEventSource(IN DWORD dwFlags
,
280 IN PCWSTR szEventSourceName
,
281 IN PAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE phEventProvider
);
286 AuthzReportSecurityEvent(IN DWORD dwFlags
,
287 IN AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE hEventProvider
,
289 IN PSID pUserSid OPTIONAL
,
296 AuthzReportSecurityEventFromParams(IN DWORD dwFlags
,
297 IN AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE hEventProvider
,
299 IN PSID pUserSid OPTIONAL
,
300 IN PAUDIT_PARAMS pParams
);
305 AuthzUninstallSecurityEventSource(IN DWORD dwFlags
,
306 IN PWSTR szEventSourceName
);
311 AuthzUnregisterSecurityEventSource(IN DWORD dwFlags
,
312 IN OUT PAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE phEventProvider
);
317 #endif /* __AUTHZ_H */