3 typedef struct _KNOWN_ACE
8 } KNOWN_ACE
, *PKNOWN_ACE
;
10 typedef struct _KNOWN_OBJECT_ACE
16 } KNOWN_OBJECT_ACE
, *PKNOWN_OBJECT_ACE
;
18 typedef struct _KNOWN_COMPOUND_ACE
22 USHORT CompoundAceType
;
25 } KNOWN_COMPOUND_ACE
, *PKNOWN_COMPOUND_ACE
;
29 SepGetGroupFromDescriptor(PVOID _Descriptor
)
31 PISECURITY_DESCRIPTOR Descriptor
= (PISECURITY_DESCRIPTOR
)_Descriptor
;
32 PISECURITY_DESCRIPTOR_RELATIVE SdRel
;
34 if (Descriptor
->Control
& SE_SELF_RELATIVE
)
36 SdRel
= (PISECURITY_DESCRIPTOR_RELATIVE
)Descriptor
;
37 if (!SdRel
->Group
) return NULL
;
38 return (PSID
)((ULONG_PTR
)Descriptor
+ SdRel
->Group
);
42 return Descriptor
->Group
;
48 SepGetOwnerFromDescriptor(PVOID _Descriptor
)
50 PISECURITY_DESCRIPTOR Descriptor
= (PISECURITY_DESCRIPTOR
)_Descriptor
;
51 PISECURITY_DESCRIPTOR_RELATIVE SdRel
;
53 if (Descriptor
->Control
& SE_SELF_RELATIVE
)
55 SdRel
= (PISECURITY_DESCRIPTOR_RELATIVE
)Descriptor
;
56 if (!SdRel
->Owner
) return NULL
;
57 return (PSID
)((ULONG_PTR
)Descriptor
+ SdRel
->Owner
);
61 return Descriptor
->Owner
;
67 SepGetDaclFromDescriptor(PVOID _Descriptor
)
69 PISECURITY_DESCRIPTOR Descriptor
= (PISECURITY_DESCRIPTOR
)_Descriptor
;
70 PISECURITY_DESCRIPTOR_RELATIVE SdRel
;
72 if (!(Descriptor
->Control
& SE_DACL_PRESENT
)) return NULL
;
74 if (Descriptor
->Control
& SE_SELF_RELATIVE
)
76 SdRel
= (PISECURITY_DESCRIPTOR_RELATIVE
)Descriptor
;
77 if (!SdRel
->Dacl
) return NULL
;
78 return (PACL
)((ULONG_PTR
)Descriptor
+ SdRel
->Dacl
);
82 return Descriptor
->Dacl
;
88 SepGetSaclFromDescriptor(PVOID _Descriptor
)
90 PISECURITY_DESCRIPTOR Descriptor
= (PISECURITY_DESCRIPTOR
)_Descriptor
;
91 PISECURITY_DESCRIPTOR_RELATIVE SdRel
;
93 if (!(Descriptor
->Control
& SE_SACL_PRESENT
)) return NULL
;
95 if (Descriptor
->Control
& SE_SELF_RELATIVE
)
97 SdRel
= (PISECURITY_DESCRIPTOR_RELATIVE
)Descriptor
;
98 if (!SdRel
->Sacl
) return NULL
;
99 return (PACL
)((ULONG_PTR
)Descriptor
+ SdRel
->Sacl
);
103 return Descriptor
->Sacl
;
109 /* SID Authorities */
110 extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority
;
111 extern SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority
;
112 extern SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority
;
113 extern SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority
;
114 extern SID_IDENTIFIER_AUTHORITY SeNtSidAuthority
;
117 extern PSID SeNullSid
;
118 extern PSID SeWorldSid
;
119 extern PSID SeLocalSid
;
120 extern PSID SeCreatorOwnerSid
;
121 extern PSID SeCreatorGroupSid
;
122 extern PSID SeCreatorOwnerServerSid
;
123 extern PSID SeCreatorGroupServerSid
;
124 extern PSID SeNtAuthoritySid
;
125 extern PSID SeDialupSid
;
126 extern PSID SeNetworkSid
;
127 extern PSID SeBatchSid
;
128 extern PSID SeInteractiveSid
;
129 extern PSID SeServiceSid
;
130 extern PSID SeAnonymousLogonSid
;
131 extern PSID SePrincipalSelfSid
;
132 extern PSID SeLocalSystemSid
;
133 extern PSID SeAuthenticatedUserSid
;
134 extern PSID SeRestrictedCodeSid
;
135 extern PSID SeAliasAdminsSid
;
136 extern PSID SeAliasUsersSid
;
137 extern PSID SeAliasGuestsSid
;
138 extern PSID SeAliasPowerUsersSid
;
139 extern PSID SeAliasAccountOpsSid
;
140 extern PSID SeAliasSystemOpsSid
;
141 extern PSID SeAliasPrintOpsSid
;
142 extern PSID SeAliasBackupOpsSid
;
143 extern PSID SeAuthenticatedUsersSid
;
144 extern PSID SeRestrictedSid
;
145 extern PSID SeAnonymousLogonSid
;
146 extern PSID SeLocalServiceSid
;
147 extern PSID SeNetworkServiceSid
;
150 extern const LUID SeCreateTokenPrivilege
;
151 extern const LUID SeAssignPrimaryTokenPrivilege
;
152 extern const LUID SeLockMemoryPrivilege
;
153 extern const LUID SeIncreaseQuotaPrivilege
;
154 extern const LUID SeUnsolicitedInputPrivilege
;
155 extern const LUID SeTcbPrivilege
;
156 extern const LUID SeSecurityPrivilege
;
157 extern const LUID SeTakeOwnershipPrivilege
;
158 extern const LUID SeLoadDriverPrivilege
;
159 extern const LUID SeSystemProfilePrivilege
;
160 extern const LUID SeSystemtimePrivilege
;
161 extern const LUID SeProfileSingleProcessPrivilege
;
162 extern const LUID SeIncreaseBasePriorityPrivilege
;
163 extern const LUID SeCreatePagefilePrivilege
;
164 extern const LUID SeCreatePermanentPrivilege
;
165 extern const LUID SeBackupPrivilege
;
166 extern const LUID SeRestorePrivilege
;
167 extern const LUID SeShutdownPrivilege
;
168 extern const LUID SeDebugPrivilege
;
169 extern const LUID SeAuditPrivilege
;
170 extern const LUID SeSystemEnvironmentPrivilege
;
171 extern const LUID SeChangeNotifyPrivilege
;
172 extern const LUID SeRemoteShutdownPrivilege
;
173 extern const LUID SeUndockPrivilege
;
174 extern const LUID SeSyncAgentPrivilege
;
175 extern const LUID SeEnableDelegationPrivilege
;
176 extern const LUID SeManageVolumePrivilege
;
177 extern const LUID SeImpersonatePrivilege
;
178 extern const LUID SeCreateGlobalPrivilege
;
179 extern const LUID SeTrustedCredmanPrivilege
;
180 extern const LUID SeRelabelPrivilege
;
181 extern const LUID SeIncreaseWorkingSetPrivilege
;
182 extern const LUID SeTimeZonePrivilege
;
183 extern const LUID SeCreateSymbolicLinkPrivilege
;
186 extern PACL SePublicDefaultUnrestrictedDacl
;
187 extern PACL SePublicOpenDacl
;
188 extern PACL SePublicOpenUnrestrictedDacl
;
189 extern PACL SeUnrestrictedDacl
;
192 extern PSECURITY_DESCRIPTOR SePublicDefaultSd
;
193 extern PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
;
194 extern PSECURITY_DESCRIPTOR SePublicOpenSd
;
195 extern PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
;
196 extern PSECURITY_DESCRIPTOR SeSystemDefaultSd
;
197 extern PSECURITY_DESCRIPTOR SeUnrestrictedSd
;
200 #define SepAcquireTokenLockExclusive(Token) \
202 KeEnterCriticalRegion(); \
203 ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE); \
205 #define SepAcquireTokenLockShared(Token) \
207 KeEnterCriticalRegion(); \
208 ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE); \
211 #define SepReleaseTokenLock(Token) \
213 ExReleaseResource(((PTOKEN)Token)->TokenLock); \
214 KeLeaveCriticalRegion(); \
223 IN PACCESS_TOKEN _Token
,
224 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
225 IN BOOLEAN TokenLocked
231 IN PACCESS_TOKEN _Token
,
238 IN PACCESS_TOKEN _Token
,
239 IN PSID PrincipalSelfSid
,
242 IN BOOLEAN Restricted
256 SepInitPrivileges(VOID
);
260 SepInitSecurityIDs(VOID
);
272 SeDeassignPrimaryToken(struct _EPROCESS
*Process
);
285 SeInitializeProcessAuditName(
286 IN PFILE_OBJECT FileObject
,
288 OUT POBJECT_NAME_INFORMATION
*AuditInfo
293 SeCreateAccessStateEx(
295 IN PEPROCESS Process
,
296 IN OUT PACCESS_STATE AccessState
,
297 IN PAUX_ACCESS_DATA AuxData
,
298 IN ACCESS_MASK Access
,
299 IN PGENERIC_MAPPING GenericMapping
311 SepCreateImpersonationTokenDacl(
319 SepInitializeTokenImplementation(VOID
);
323 SepCreateSystemProcessToken(VOID
);
327 SeDetailedAuditingWithToken(IN PTOKEN Token
);
331 SeAuditProcessExit(IN PEPROCESS Process
);
335 SeAuditProcessCreate(IN PEPROCESS Process
);
339 SeExchangePrimaryToken(
340 struct _EPROCESS
* Process
,
341 PACCESS_TOKEN NewToken
,
342 PACCESS_TOKEN
* OldTokenP
347 SeCaptureSubjectContextEx(
349 IN PEPROCESS Process
,
350 OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
355 SeCaptureLuidAndAttributesArray(
356 PLUID_AND_ATTRIBUTES Src
,
357 ULONG PrivilegeCount
,
358 KPROCESSOR_MODE PreviousMode
,
359 PLUID_AND_ATTRIBUTES AllocatedMem
,
360 ULONG AllocatedLength
,
362 BOOLEAN CaptureIfKernel
,
363 PLUID_AND_ATTRIBUTES
* Dest
,
369 SeReleaseLuidAndAttributesArray(
370 PLUID_AND_ATTRIBUTES Privilege
,
371 KPROCESSOR_MODE PreviousMode
,
372 BOOLEAN CaptureIfKernel
379 PLUID_AND_ATTRIBUTES Privileges
,
380 ULONG PrivilegeCount
,
381 ULONG PrivilegeControl
,
382 KPROCESSOR_MODE PreviousMode
387 SePrivilegePolicyCheck(
388 _Inout_ PACCESS_MASK DesiredAccess
,
389 _Inout_ PACCESS_MASK GrantedAccess
,
390 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext
,
392 _Out_opt_ PPRIVILEGE_SET
*OutPrivilegeSet
,
393 _In_ KPROCESSOR_MODE PreviousMode
);
397 SeCheckPrivilegedObject(
398 IN LUID PrivilegeValue
,
399 IN HANDLE ObjectHandle
,
400 IN ACCESS_MASK DesiredAccess
,
401 IN KPROCESSOR_MODE PreviousMode
408 POBJECT_ATTRIBUTES ObjectAttributes
,
409 BOOLEAN EffectiveOnly
,
410 TOKEN_TYPE TokenType
,
411 SECURITY_IMPERSONATION_LEVEL Level
,
412 KPROCESSOR_MODE PreviousMode
,
413 PTOKEN
* NewAccessToken
418 SepCaptureSecurityQualityOfService(
419 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
420 IN KPROCESSOR_MODE AccessMode
,
421 IN POOL_TYPE PoolType
,
422 IN BOOLEAN CaptureIfKernel
,
423 OUT PSECURITY_QUALITY_OF_SERVICE
*CapturedSecurityQualityOfService
,
429 SepReleaseSecurityQualityOfService(
430 IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL
,
431 IN KPROCESSOR_MODE AccessMode
,
432 IN BOOLEAN CaptureIfKernel
439 IN KPROCESSOR_MODE AccessMode
,
440 IN POOL_TYPE PoolType
,
441 IN BOOLEAN CaptureIfKernel
,
442 OUT PSID
*CapturedSid
449 IN KPROCESSOR_MODE AccessMode
,
450 IN BOOLEAN CaptureIfKernel
455 SeCaptureSidAndAttributesArray(
456 _In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes
,
457 _In_ ULONG AttributeCount
,
458 _In_ KPROCESSOR_MODE PreviousMode
,
459 _In_opt_ PVOID AllocatedMem
,
460 _In_ ULONG AllocatedLength
,
461 _In_ POOL_TYPE PoolType
,
462 _In_ BOOLEAN CaptureIfKernel
,
463 _Out_ PSID_AND_ATTRIBUTES
*CapturedSidAndAttributes
,
464 _Out_ PULONG ResultLength
);
468 SeReleaseSidAndAttributesArray(
469 _In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes
,
470 _In_ KPROCESSOR_MODE AccessMode
,
471 _In_ BOOLEAN CaptureIfKernel
);
477 IN KPROCESSOR_MODE AccessMode
,
478 IN POOL_TYPE PoolType
,
479 IN BOOLEAN CaptureIfKernel
,
480 OUT PACL
*CapturedAcl
487 IN KPROCESSOR_MODE AccessMode
,
488 IN BOOLEAN CaptureIfKernel
493 SeDefaultObjectMethod(
495 SECURITY_OPERATION_CODE OperationType
,
496 PSECURITY_INFORMATION SecurityInformation
,
497 PSECURITY_DESCRIPTOR NewSecurityDescriptor
,
499 PSECURITY_DESCRIPTOR
*OldSecurityDescriptor
,
501 PGENERIC_MAPPING GenericMapping
506 SeSetWorldSecurityDescriptor(
507 SECURITY_INFORMATION SecurityInformation
,
508 PISECURITY_DESCRIPTOR SecurityDescriptor
,
515 IN PACCESS_TOKEN Token
,
516 IN SECURITY_IMPERSONATION_LEVEL Level
,
517 IN KPROCESSOR_MODE PreviousMode
,
518 OUT PACCESS_TOKEN
* NewToken
522 SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation
,
523 OUT PACCESS_MASK DesiredAccess
);
526 SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation
,
527 OUT PACCESS_MASK DesiredAccess
);
531 SeFastTraverseCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
532 IN PACCESS_STATE AccessState
,
533 IN ACCESS_MASK DesiredAccess
,
534 IN KPROCESSOR_MODE AccessMode
);
538 SeCheckAuditPrivilege(
539 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext
,
540 _In_ KPROCESSOR_MODE PreviousMode
);
544 SePrivilegedServiceAuditAlarm(
545 _In_opt_ PUNICODE_STRING ServiceName
,
546 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext
,
547 _In_ PPRIVILEGE_SET PrivilegeSet
,
548 _In_ BOOLEAN AccessGranted
);