3 typedef struct _KNOWN_ACE
8 } KNOWN_ACE
, *PKNOWN_ACE
;
10 typedef struct _KNOWN_OBJECT_ACE
16 } KNOWN_OBJECT_ACE
, *PKNOWN_OBJECT_ACE
;
18 typedef struct _KNOWN_COMPOUND_ACE
22 USHORT CompoundAceType
;
25 } KNOWN_COMPOUND_ACE
, *PKNOWN_COMPOUND_ACE
;
29 SepGetGroupFromDescriptor(PVOID _Descriptor
)
31 PISECURITY_DESCRIPTOR Descriptor
= (PISECURITY_DESCRIPTOR
)_Descriptor
;
32 PISECURITY_DESCRIPTOR_RELATIVE SdRel
;
34 if (Descriptor
->Control
& SE_SELF_RELATIVE
)
36 SdRel
= (PISECURITY_DESCRIPTOR_RELATIVE
)Descriptor
;
37 if (!SdRel
->Group
) return NULL
;
38 return (PSID
)((ULONG_PTR
)Descriptor
+ SdRel
->Group
);
42 return Descriptor
->Group
;
48 SepGetOwnerFromDescriptor(PVOID _Descriptor
)
50 PISECURITY_DESCRIPTOR Descriptor
= (PISECURITY_DESCRIPTOR
)_Descriptor
;
51 PISECURITY_DESCRIPTOR_RELATIVE SdRel
;
53 if (Descriptor
->Control
& SE_SELF_RELATIVE
)
55 SdRel
= (PISECURITY_DESCRIPTOR_RELATIVE
)Descriptor
;
56 if (!SdRel
->Owner
) return NULL
;
57 return (PSID
)((ULONG_PTR
)Descriptor
+ SdRel
->Owner
);
61 return Descriptor
->Owner
;
67 SepGetDaclFromDescriptor(PVOID _Descriptor
)
69 PISECURITY_DESCRIPTOR Descriptor
= (PISECURITY_DESCRIPTOR
)_Descriptor
;
70 PISECURITY_DESCRIPTOR_RELATIVE SdRel
;
72 if (!(Descriptor
->Control
& SE_DACL_PRESENT
)) return NULL
;
74 if (Descriptor
->Control
& SE_SELF_RELATIVE
)
76 SdRel
= (PISECURITY_DESCRIPTOR_RELATIVE
)Descriptor
;
77 if (!SdRel
->Dacl
) return NULL
;
78 return (PACL
)((ULONG_PTR
)Descriptor
+ SdRel
->Dacl
);
82 return Descriptor
->Dacl
;
88 SepGetSaclFromDescriptor(PVOID _Descriptor
)
90 PISECURITY_DESCRIPTOR Descriptor
= (PISECURITY_DESCRIPTOR
)_Descriptor
;
91 PISECURITY_DESCRIPTOR_RELATIVE SdRel
;
93 if (!(Descriptor
->Control
& SE_SACL_PRESENT
)) return NULL
;
95 if (Descriptor
->Control
& SE_SELF_RELATIVE
)
97 SdRel
= (PISECURITY_DESCRIPTOR_RELATIVE
)Descriptor
;
98 if (!SdRel
->Sacl
) return NULL
;
99 return (PACL
)((ULONG_PTR
)Descriptor
+ SdRel
->Sacl
);
103 return Descriptor
->Sacl
;
109 /* SID Authorities */
110 extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority
;
111 extern SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority
;
112 extern SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority
;
113 extern SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority
;
114 extern SID_IDENTIFIER_AUTHORITY SeNtSidAuthority
;
117 extern PSID SeNullSid
;
118 extern PSID SeWorldSid
;
119 extern PSID SeLocalSid
;
120 extern PSID SeCreatorOwnerSid
;
121 extern PSID SeCreatorGroupSid
;
122 extern PSID SeCreatorOwnerServerSid
;
123 extern PSID SeCreatorGroupServerSid
;
124 extern PSID SeNtAuthoritySid
;
125 extern PSID SeDialupSid
;
126 extern PSID SeNetworkSid
;
127 extern PSID SeBatchSid
;
128 extern PSID SeInteractiveSid
;
129 extern PSID SeServiceSid
;
130 extern PSID SeAnonymousLogonSid
;
131 extern PSID SePrincipalSelfSid
;
132 extern PSID SeLocalSystemSid
;
133 extern PSID SeAuthenticatedUserSid
;
134 extern PSID SeRestrictedCodeSid
;
135 extern PSID SeAliasAdminsSid
;
136 extern PSID SeAliasUsersSid
;
137 extern PSID SeAliasGuestsSid
;
138 extern PSID SeAliasPowerUsersSid
;
139 extern PSID SeAliasAccountOpsSid
;
140 extern PSID SeAliasSystemOpsSid
;
141 extern PSID SeAliasPrintOpsSid
;
142 extern PSID SeAliasBackupOpsSid
;
143 extern PSID SeAuthenticatedUsersSid
;
144 extern PSID SeRestrictedSid
;
145 extern PSID SeAnonymousLogonSid
;
146 extern PSID SeLocalServiceSid
;
147 extern PSID SeNetworkServiceSid
;
150 extern const LUID SeCreateTokenPrivilege
;
151 extern const LUID SeAssignPrimaryTokenPrivilege
;
152 extern const LUID SeLockMemoryPrivilege
;
153 extern const LUID SeIncreaseQuotaPrivilege
;
154 extern const LUID SeUnsolicitedInputPrivilege
;
155 extern const LUID SeTcbPrivilege
;
156 extern const LUID SeSecurityPrivilege
;
157 extern const LUID SeTakeOwnershipPrivilege
;
158 extern const LUID SeLoadDriverPrivilege
;
159 extern const LUID SeSystemProfilePrivilege
;
160 extern const LUID SeSystemtimePrivilege
;
161 extern const LUID SeProfileSingleProcessPrivilege
;
162 extern const LUID SeIncreaseBasePriorityPrivilege
;
163 extern const LUID SeCreatePagefilePrivilege
;
164 extern const LUID SeCreatePermanentPrivilege
;
165 extern const LUID SeBackupPrivilege
;
166 extern const LUID SeRestorePrivilege
;
167 extern const LUID SeShutdownPrivilege
;
168 extern const LUID SeDebugPrivilege
;
169 extern const LUID SeAuditPrivilege
;
170 extern const LUID SeSystemEnvironmentPrivilege
;
171 extern const LUID SeChangeNotifyPrivilege
;
172 extern const LUID SeRemoteShutdownPrivilege
;
173 extern const LUID SeUndockPrivilege
;
174 extern const LUID SeSyncAgentPrivilege
;
175 extern const LUID SeEnableDelegationPrivilege
;
176 extern const LUID SeManageVolumePrivilege
;
177 extern const LUID SeImpersonatePrivilege
;
178 extern const LUID SeCreateGlobalPrivilege
;
179 extern const LUID SeTrustedCredmanPrivilege
;
180 extern const LUID SeRelabelPrivilege
;
181 extern const LUID SeIncreaseWorkingSetPrivilege
;
182 extern const LUID SeTimeZonePrivilege
;
183 extern const LUID SeCreateSymbolicLinkPrivilege
;
186 extern PACL SePublicDefaultUnrestrictedDacl
;
187 extern PACL SePublicOpenDacl
;
188 extern PACL SePublicOpenUnrestrictedDacl
;
189 extern PACL SeUnrestrictedDacl
;
192 extern PSECURITY_DESCRIPTOR SePublicDefaultSd
;
193 extern PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
;
194 extern PSECURITY_DESCRIPTOR SePublicOpenSd
;
195 extern PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
;
196 extern PSECURITY_DESCRIPTOR SeSystemDefaultSd
;
197 extern PSECURITY_DESCRIPTOR SeUnrestrictedSd
;
200 #define SepAcquireTokenLockExclusive(Token) \
202 KeEnterCriticalRegion(); \
203 ExAcquireResourceExclusiveLite(((PTOKEN)Token)->TokenLock, TRUE); \
205 #define SepAcquireTokenLockShared(Token) \
207 KeEnterCriticalRegion(); \
208 ExAcquireResourceSharedLite(((PTOKEN)Token)->TokenLock, TRUE); \
211 #define SepReleaseTokenLock(Token) \
213 ExReleaseResourceLite(((PTOKEN)Token)->TokenLock); \
214 KeLeaveCriticalRegion(); \
223 IN PACCESS_TOKEN _Token
,
224 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
225 IN BOOLEAN TokenLocked
231 IN PACCESS_TOKEN _Token
,
238 IN PACCESS_TOKEN _Token
,
239 IN PSID PrincipalSelfSid
,
242 IN BOOLEAN Restricted
254 SepInitPrivileges(VOID
);
259 SepInitSecurityIDs(VOID
);
273 SeRmInitPhase0(VOID
);
277 SeRmInitPhase1(VOID
);
281 SeDeassignPrimaryToken(struct _EPROCESS
*Process
);
294 SeInitializeProcessAuditName(
295 IN PFILE_OBJECT FileObject
,
297 OUT POBJECT_NAME_INFORMATION
*AuditInfo
302 SeCreateAccessStateEx(
304 IN PEPROCESS Process
,
305 IN OUT PACCESS_STATE AccessState
,
306 IN PAUX_ACCESS_DATA AuxData
,
307 IN ACCESS_MASK Access
,
308 IN PGENERIC_MAPPING GenericMapping
322 OUT PBOOLEAN IsSibling
327 SepCreateImpersonationTokenDacl(
329 _In_ PTOKEN PrimaryToken
,
336 SepInitializeTokenImplementation(VOID
);
340 SepCreateSystemProcessToken(VOID
);
344 SeDetailedAuditingWithToken(IN PTOKEN Token
);
348 SeAuditProcessExit(IN PEPROCESS Process
);
352 SeAuditProcessCreate(IN PEPROCESS Process
);
356 SeExchangePrimaryToken(
357 _In_ PEPROCESS Process
,
358 _In_ PACCESS_TOKEN NewAccessToken
,
359 _Out_ PACCESS_TOKEN
* OldAccessToken
364 SeCaptureSubjectContextEx(
366 IN PEPROCESS Process
,
367 OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
372 SeCaptureLuidAndAttributesArray(
373 PLUID_AND_ATTRIBUTES Src
,
374 ULONG PrivilegeCount
,
375 KPROCESSOR_MODE PreviousMode
,
376 PLUID_AND_ATTRIBUTES AllocatedMem
,
377 ULONG AllocatedLength
,
379 BOOLEAN CaptureIfKernel
,
380 PLUID_AND_ATTRIBUTES
* Dest
,
386 SeReleaseLuidAndAttributesArray(
387 PLUID_AND_ATTRIBUTES Privilege
,
388 KPROCESSOR_MODE PreviousMode
,
389 BOOLEAN CaptureIfKernel
396 PLUID_AND_ATTRIBUTES Privileges
,
397 ULONG PrivilegeCount
,
398 ULONG PrivilegeControl
,
399 KPROCESSOR_MODE PreviousMode
404 SePrivilegePolicyCheck(
405 _Inout_ PACCESS_MASK DesiredAccess
,
406 _Inout_ PACCESS_MASK GrantedAccess
,
407 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext
,
409 _Out_opt_ PPRIVILEGE_SET
*OutPrivilegeSet
,
410 _In_ KPROCESSOR_MODE PreviousMode
);
414 SeCheckPrivilegedObject(
415 IN LUID PrivilegeValue
,
416 IN HANDLE ObjectHandle
,
417 IN ACCESS_MASK DesiredAccess
,
418 IN KPROCESSOR_MODE PreviousMode
425 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
,
426 _In_ BOOLEAN EffectiveOnly
,
427 _In_ TOKEN_TYPE TokenType
,
428 _In_ SECURITY_IMPERSONATION_LEVEL Level
,
429 _In_ KPROCESSOR_MODE PreviousMode
,
430 _Out_ PTOKEN
* NewAccessToken
435 SepCaptureSecurityQualityOfService(
436 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
437 IN KPROCESSOR_MODE AccessMode
,
438 IN POOL_TYPE PoolType
,
439 IN BOOLEAN CaptureIfKernel
,
440 OUT PSECURITY_QUALITY_OF_SERVICE
*CapturedSecurityQualityOfService
,
446 SepReleaseSecurityQualityOfService(
447 IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL
,
448 IN KPROCESSOR_MODE AccessMode
,
449 IN BOOLEAN CaptureIfKernel
456 IN KPROCESSOR_MODE AccessMode
,
457 IN POOL_TYPE PoolType
,
458 IN BOOLEAN CaptureIfKernel
,
459 OUT PSID
*CapturedSid
466 IN KPROCESSOR_MODE AccessMode
,
467 IN BOOLEAN CaptureIfKernel
472 SeCaptureSidAndAttributesArray(
473 _In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes
,
474 _In_ ULONG AttributeCount
,
475 _In_ KPROCESSOR_MODE PreviousMode
,
476 _In_opt_ PVOID AllocatedMem
,
477 _In_ ULONG AllocatedLength
,
478 _In_ POOL_TYPE PoolType
,
479 _In_ BOOLEAN CaptureIfKernel
,
480 _Out_ PSID_AND_ATTRIBUTES
*CapturedSidAndAttributes
,
481 _Out_ PULONG ResultLength
);
485 SeReleaseSidAndAttributesArray(
486 _In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes
,
487 _In_ KPROCESSOR_MODE AccessMode
,
488 _In_ BOOLEAN CaptureIfKernel
);
492 SeComputeQuotaInformationSize(
493 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
,
494 _Out_ PULONG QuotaInfoSize
);
500 IN KPROCESSOR_MODE AccessMode
,
501 IN POOL_TYPE PoolType
,
502 IN BOOLEAN CaptureIfKernel
,
503 OUT PACL
*CapturedAcl
510 IN KPROCESSOR_MODE AccessMode
,
511 IN BOOLEAN CaptureIfKernel
516 _Out_writes_bytes_opt_(DaclLength
) PACL AclDest
,
517 _Inout_ PULONG AclLength
,
518 _In_reads_bytes_(AclSource
->AclSize
) PACL AclSource
,
521 _In_ BOOLEAN IsInherited
,
522 _In_ BOOLEAN IsDirectoryObject
,
523 _In_ PGENERIC_MAPPING GenericMapping
);
527 _In_opt_ PACL ExplicitAcl
,
528 _In_ BOOLEAN ExplicitPresent
,
529 _In_ BOOLEAN ExplicitDefaulted
,
530 _In_opt_ PACL ParentAcl
,
531 _In_opt_ PACL DefaultAcl
,
532 _Out_ PULONG AclLength
,
535 _Out_ PBOOLEAN AclPresent
,
536 _Out_ PBOOLEAN IsInherited
,
537 _In_ BOOLEAN IsDirectoryObject
,
538 _In_ PGENERIC_MAPPING GenericMapping
);
542 SeDefaultObjectMethod(
544 SECURITY_OPERATION_CODE OperationType
,
545 PSECURITY_INFORMATION SecurityInformation
,
546 PSECURITY_DESCRIPTOR NewSecurityDescriptor
,
548 PSECURITY_DESCRIPTOR
*OldSecurityDescriptor
,
550 PGENERIC_MAPPING GenericMapping
555 SeSetWorldSecurityDescriptor(
556 SECURITY_INFORMATION SecurityInformation
,
557 PISECURITY_DESCRIPTOR SecurityDescriptor
,
564 IN PACCESS_TOKEN Token
,
565 IN SECURITY_IMPERSONATION_LEVEL Level
,
566 IN KPROCESSOR_MODE PreviousMode
,
567 OUT PACCESS_TOKEN
* NewToken
571 SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation
,
572 OUT PACCESS_MASK DesiredAccess
);
575 SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation
,
576 OUT PACCESS_MASK DesiredAccess
);
580 SeFastTraverseCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
581 IN PACCESS_STATE AccessState
,
582 IN ACCESS_MASK DesiredAccess
,
583 IN KPROCESSOR_MODE AccessMode
);
587 SeCheckAuditPrivilege(
588 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext
,
589 _In_ KPROCESSOR_MODE PreviousMode
);
593 SePrivilegedServiceAuditAlarm(
594 _In_opt_ PUNICODE_STRING ServiceName
,
595 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext
,
596 _In_ PPRIVILEGE_SET PrivilegeSet
,
597 _In_ BOOLEAN AccessGranted
);
600 SepRmReferenceLogonSession(
604 SepRmDereferenceLogonSession(