1 /******************************************************************************
2 * Security Manager Functions *
3 ******************************************************************************/
5 #if (NTDDI_VERSION >= NTDDI_WIN2K)
11 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
12 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
,
13 IN BOOLEAN SubjectContextLocked
,
14 IN ACCESS_MASK DesiredAccess
,
15 IN ACCESS_MASK PreviouslyGrantedAccess
,
16 OUT PPRIVILEGE_SET
*Privileges OPTIONAL
,
17 IN PGENERIC_MAPPING GenericMapping
,
18 IN KPROCESSOR_MODE AccessMode
,
19 OUT PACCESS_MASK GrantedAccess
,
20 OUT PNTSTATUS AccessStatus
);
26 IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL
,
27 IN PSECURITY_DESCRIPTOR ExplicitDescriptor OPTIONAL
,
28 OUT PSECURITY_DESCRIPTOR
*NewDescriptor
,
29 IN BOOLEAN IsDirectoryObject
,
30 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
31 IN PGENERIC_MAPPING GenericMapping
,
32 IN POOL_TYPE PoolType
);
38 IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL
,
39 IN PSECURITY_DESCRIPTOR ExplicitDescriptor OPTIONAL
,
40 OUT PSECURITY_DESCRIPTOR
*NewDescriptor
,
41 IN GUID
*ObjectType OPTIONAL
,
42 IN BOOLEAN IsDirectoryObject
,
43 IN ULONG AutoInheritFlags
,
44 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
45 IN PGENERIC_MAPPING GenericMapping
,
46 IN POOL_TYPE PoolType
);
52 IN OUT PSECURITY_DESCRIPTOR
*SecurityDescriptor
);
57 SeValidSecurityDescriptor(
59 IN PSECURITY_DESCRIPTOR SecurityDescriptor
);
64 SeObjectCreateSaclAccessBits(
65 IN PSECURITY_DESCRIPTOR SecurityDescriptor
);
70 SeReleaseSubjectContext(
71 IN OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
);
76 SeUnlockSubjectContext(
77 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
);
82 SeCaptureSubjectContext(
83 OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
);
89 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
);
96 SeSinglePrivilegeCheck(
97 IN LUID PrivilegeValue
,
98 IN KPROCESSOR_MODE PreviousMode
);
105 SeReleaseSubjectContext(
106 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
);
112 IN OUT PPRIVILEGE_SET RequiredPrivileges
,
113 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
114 IN KPROCESSOR_MODE AccessMode
);
119 SeOpenObjectAuditAlarm(
120 IN PUNICODE_STRING ObjectTypeName
,
121 IN PVOID Object OPTIONAL
,
122 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
123 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
124 IN PACCESS_STATE AccessState
,
125 IN BOOLEAN ObjectCreated
,
126 IN BOOLEAN AccessGranted
,
127 IN KPROCESSOR_MODE AccessMode
,
128 OUT PBOOLEAN GenerateOnClose
);
133 SeOpenObjectForDeleteAuditAlarm(
134 IN PUNICODE_STRING ObjectTypeName
,
135 IN PVOID Object OPTIONAL
,
136 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
137 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
138 IN PACCESS_STATE AccessState
,
139 IN BOOLEAN ObjectCreated
,
140 IN BOOLEAN AccessGranted
,
141 IN KPROCESSOR_MODE AccessMode
,
142 OUT PBOOLEAN GenerateOnClose
);
147 SeDeleteObjectAuditAlarm(
155 IN PACCESS_TOKEN Token
);
161 IN PACCESS_TOKEN Token
);
167 IN PACCESS_TOKEN Token
);
172 SeQueryAuthenticationIdToken(
173 IN PACCESS_TOKEN Token
,
174 OUT PLUID AuthenticationId
);
179 SeQuerySessionIdToken(
180 IN PACCESS_TOKEN Token
,
181 OUT PULONG SessionId
);
186 SeCreateClientSecurity(
187 IN PETHREAD ClientThread
,
188 IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos
,
189 IN BOOLEAN RemoteSession
,
190 OUT PSECURITY_CLIENT_CONTEXT ClientContext
);
196 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
197 IN PETHREAD ServerThread OPTIONAL
);
202 SeImpersonateClientEx(
203 IN PSECURITY_CLIENT_CONTEXT ClientContext
,
204 IN PETHREAD ServerThread OPTIONAL
);
209 SeCreateClientSecurityFromSubjectContext(
210 IN PSECURITY_SUBJECT_CONTEXT SubjectContext
,
211 IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos
,
212 IN BOOLEAN ServerIsRemote
,
213 OUT PSECURITY_CLIENT_CONTEXT ClientContext
);
218 SeQuerySecurityDescriptorInfo(
219 IN PSECURITY_INFORMATION SecurityInformation
,
220 OUT PSECURITY_DESCRIPTOR SecurityDescriptor
,
221 IN OUT PULONG Length
,
222 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
);
227 SeSetSecurityDescriptorInfo(
228 IN PVOID Object OPTIONAL
,
229 IN PSECURITY_INFORMATION SecurityInformation
,
230 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
231 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
232 IN POOL_TYPE PoolType
,
233 IN PGENERIC_MAPPING GenericMapping
);
238 SeSetSecurityDescriptorInfoEx(
239 IN PVOID Object OPTIONAL
,
240 IN PSECURITY_INFORMATION SecurityInformation
,
241 IN PSECURITY_DESCRIPTOR ModificationDescriptor
,
242 IN OUT PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
243 IN ULONG AutoInheritFlags
,
244 IN POOL_TYPE PoolType
,
245 IN PGENERIC_MAPPING GenericMapping
);
251 IN OUT PACCESS_STATE AccessState
,
252 IN PPRIVILEGE_SET Privileges
);
257 SeAuditingFileEvents(
258 IN BOOLEAN AccessGranted
,
259 IN PSECURITY_DESCRIPTOR SecurityDescriptor
);
264 SeAuditingFileOrGlobalEvents(
265 IN BOOLEAN AccessGranted
,
266 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
267 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
);
271 SeSetAccessStateGenericMapping(
272 IN OUT PACCESS_STATE AccessState
,
273 IN PGENERIC_MAPPING GenericMapping
);
278 SeRegisterLogonSessionTerminatedRoutine(
279 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
);
284 SeUnregisterLogonSessionTerminatedRoutine(
285 IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
);
290 SeMarkLogonSessionForTerminationNotification(
296 SeQueryInformationToken(
297 IN PACCESS_TOKEN Token
,
298 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
299 OUT PVOID
*TokenInformation
);
302 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
304 #if (NTDDI_VERSION >= NTDDI_WIN2KSP3)
308 SeAuditingHardLinkEvents(
309 IN BOOLEAN AccessGranted
,
310 IN PSECURITY_DESCRIPTOR SecurityDescriptor
);
313 #if (NTDDI_VERSION >= NTDDI_WINXP)
319 IN PACCESS_TOKEN ExistingToken
,
321 IN PTOKEN_GROUPS SidsToDisable OPTIONAL
,
322 IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL
,
323 IN PTOKEN_GROUPS RestrictedSids OPTIONAL
,
324 OUT PACCESS_TOKEN
*FilteredToken
);
329 SeAuditHardLinkCreation(
330 IN PUNICODE_STRING FileName
,
331 IN PUNICODE_STRING LinkName
,
332 IN BOOLEAN bSuccess
);
334 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
336 #if (NTDDI_VERSION >= NTDDI_WINXPSP2)
341 SeAuditingFileEventsWithContext(
342 IN BOOLEAN AccessGranted
,
343 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
344 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL
);
349 SeAuditingHardLinkEventsWithContext(
350 IN BOOLEAN AccessGranted
,
351 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
352 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL
);
358 #if (NTDDI_VERSION >= NTDDI_WS03SP1)
363 IN OUT PSE_ADT_PARAMETER_ARRAY AuditParameters
,
364 IN SE_ADT_PARAMETER_TYPE Type
,
370 SeReportSecurityEvent(
372 IN PUNICODE_STRING SourceName
,
373 IN PSID UserSid OPTIONAL
,
374 IN PSE_ADT_PARAMETER_ARRAY AuditParameters
);
376 #endif /* (NTDDI_VERSION >= NTDDI_WS03SP1) */
379 $
if (_WDMDDK_
|| _NTIFS_
)
380 #if (NTDDI_VERSION >= NTDDI_VISTA)
386 SeComputeAutoInheritByObjectType(
388 IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL
,
389 IN PSECURITY_DESCRIPTOR ParentSecurityDescriptor OPTIONAL
);
391 #ifdef SE_NTFS_WORLD_CACHE
395 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
396 IN PGENERIC_MAPPING GenericMapping
,
397 OUT PACCESS_MASK GrantedAccess
);
398 #endif /* SE_NTFS_WORLD_CACHE */
405 SeOpenObjectAuditAlarmWithTransaction(
406 IN PUNICODE_STRING ObjectTypeName
,
407 IN PVOID Object OPTIONAL
,
408 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
409 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
410 IN PACCESS_STATE AccessState
,
411 IN BOOLEAN ObjectCreated
,
412 IN BOOLEAN AccessGranted
,
413 IN KPROCESSOR_MODE AccessMode
,
414 IN GUID
*TransactionId OPTIONAL
,
415 OUT PBOOLEAN GenerateOnClose
);
420 SeOpenObjectForDeleteAuditAlarmWithTransaction(
421 IN PUNICODE_STRING ObjectTypeName
,
422 IN PVOID Object OPTIONAL
,
423 IN PUNICODE_STRING AbsoluteObjectName OPTIONAL
,
424 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
425 IN PACCESS_STATE AccessState
,
426 IN BOOLEAN ObjectCreated
,
427 IN BOOLEAN AccessGranted
,
428 IN KPROCESSOR_MODE AccessMode
,
429 IN GUID
*TransactionId OPTIONAL
,
430 OUT PBOOLEAN GenerateOnClose
);
437 IN PACCESS_TOKEN Token
,
438 IN ACCESS_MASK DesiredAccess
,
439 IN BOOLEAN AccessGranted
,
440 OUT PBOOLEAN GenerateAudit
,
441 OUT PBOOLEAN GenerateAlarm
);
446 SeDeleteObjectAuditAlarmWithTransaction(
449 IN GUID
*TransactionId OPTIONAL
);
454 SeQueryTokenIntegrity(
455 IN PACCESS_TOKEN Token
,
456 IN OUT PSID_AND_ATTRIBUTES IntegritySA
);
462 IN PACCESS_TOKEN Token
,
468 SeAuditHardLinkCreationWithTransaction(
469 IN PUNICODE_STRING FileName
,
470 IN PUNICODE_STRING LinkName
,
472 IN GUID
*TransactionId OPTIONAL
);
477 SeAuditTransactionStateChange(
478 IN GUID
*TransactionId
,
479 IN GUID
*ResourceManagerId
,
480 IN ULONG NewTransactionState
);
482 $
if (_WDMDDK_
|| _NTIFS_
)
483 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
487 #if (NTDDI_VERSION >= NTDDI_VISTA || (NTDDI_VERSION >= NTDDI_WINXPSP2 && NTDDI_VERSION < NTDDI_WS03))
491 SeTokenIsWriteRestricted(
492 IN PACCESS_TOKEN Token
);
495 #if (NTDDI_VERSION >= NTDDI_WIN7)
500 SeAuditingAnyFileEventsWithContext(
501 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
502 IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL
);
508 IN PUNICODE_STRING ObjectType
,
509 IN PACCESS_TOKEN Token
,
510 IN ACCESS_MASK DesiredAccess
,
511 IN BOOLEAN AccessGranted
,
512 IN OUT PBOOLEAN GenerateAudit
,
513 IN OUT PBOOLEAN GenerateAlarm OPTIONAL
);
518 SeMaximumAuditMaskFromGlobalSacl(
519 IN PUNICODE_STRING ObjectTypeName OPTIONAL
,
520 IN ACCESS_MASK GrantedAccess
,
521 IN PACCESS_TOKEN Token
,
522 IN OUT PACCESS_MASK AuditMask
);
524 #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
528 SeReportSecurityEventWithSubCategory(
530 IN PUNICODE_STRING SourceName
,
531 IN PSID UserSid OPTIONAL
,
532 IN PSE_ADT_PARAMETER_ARRAY AuditParameters
,
533 IN ULONG AuditSubcategoryId
);
537 SeAccessCheckFromState(
538 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
539 IN PTOKEN_ACCESS_INFORMATION PrimaryTokenInformation
,
540 IN PTOKEN_ACCESS_INFORMATION ClientTokenInformation OPTIONAL
,
541 IN ACCESS_MASK DesiredAccess
,
542 IN ACCESS_MASK PreviouslyGrantedAccess
,
543 OUT PPRIVILEGE_SET
*Privileges OPTIONAL
,
544 IN PGENERIC_MAPPING GenericMapping
,
545 IN KPROCESSOR_MODE AccessMode
,
546 OUT PACCESS_MASK GrantedAccess
,
547 OUT PNTSTATUS AccessStatus
);
553 IN PPRIVILEGE_SET Privileges
);
557 SeLocateProcessImageName(
558 IN OUT PEPROCESS Process
,
559 OUT PUNICODE_STRING
*pImageFileName
);
561 #define SeLengthSid( Sid ) \
562 (8 + (4 * ((SID *)Sid)->SubAuthorityCount))
564 #define SeDeleteClientSecurity(C) { \
565 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
566 PsDereferencePrimaryToken( (C)->ClientToken ); \
568 PsDereferenceImpersonationToken( (C)->ClientToken ); \
572 #define SeStopImpersonatingClient() PsRevertToSelf()
574 #define SeQuerySubjectContextToken( SubjectContext ) \
575 ( ARGUMENT_PRESENT( \
576 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
578 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
579 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
581 extern NTKERNELAPI PSE_EXPORTS SeExports
;