3 typedef struct _KNOWN_ACE
8 } KNOWN_ACE
, *PKNOWN_ACE
;
10 typedef struct _KNOWN_OBJECT_ACE
16 } KNOWN_OBJECT_ACE
, *PKNOWN_OBJECT_ACE
;
18 typedef struct _KNOWN_COMPOUND_ACE
22 USHORT CompoundAceType
;
25 } KNOWN_COMPOUND_ACE
, *PKNOWN_COMPOUND_ACE
;
29 SepGetGroupFromDescriptor(PVOID _Descriptor
)
31 PISECURITY_DESCRIPTOR Descriptor
= (PISECURITY_DESCRIPTOR
)_Descriptor
;
32 PISECURITY_DESCRIPTOR_RELATIVE SdRel
;
34 if (Descriptor
->Control
& SE_SELF_RELATIVE
)
36 SdRel
= (PISECURITY_DESCRIPTOR_RELATIVE
)Descriptor
;
37 if (!SdRel
->Group
) return NULL
;
38 return (PSID
)((ULONG_PTR
)Descriptor
+ SdRel
->Group
);
42 return Descriptor
->Group
;
48 SepGetOwnerFromDescriptor(PVOID _Descriptor
)
50 PISECURITY_DESCRIPTOR Descriptor
= (PISECURITY_DESCRIPTOR
)_Descriptor
;
51 PISECURITY_DESCRIPTOR_RELATIVE SdRel
;
53 if (Descriptor
->Control
& SE_SELF_RELATIVE
)
55 SdRel
= (PISECURITY_DESCRIPTOR_RELATIVE
)Descriptor
;
56 if (!SdRel
->Owner
) return NULL
;
57 return (PSID
)((ULONG_PTR
)Descriptor
+ SdRel
->Owner
);
61 return Descriptor
->Owner
;
67 SepGetDaclFromDescriptor(PVOID _Descriptor
)
69 PISECURITY_DESCRIPTOR Descriptor
= (PISECURITY_DESCRIPTOR
)_Descriptor
;
70 PISECURITY_DESCRIPTOR_RELATIVE SdRel
;
72 if (!(Descriptor
->Control
& SE_DACL_PRESENT
)) return NULL
;
74 if (Descriptor
->Control
& SE_SELF_RELATIVE
)
76 SdRel
= (PISECURITY_DESCRIPTOR_RELATIVE
)Descriptor
;
77 if (!SdRel
->Dacl
) return NULL
;
78 return (PACL
)((ULONG_PTR
)Descriptor
+ SdRel
->Dacl
);
82 return Descriptor
->Dacl
;
88 SepGetSaclFromDescriptor(PVOID _Descriptor
)
90 PISECURITY_DESCRIPTOR Descriptor
= (PISECURITY_DESCRIPTOR
)_Descriptor
;
91 PISECURITY_DESCRIPTOR_RELATIVE SdRel
;
93 if (!(Descriptor
->Control
& SE_SACL_PRESENT
)) return NULL
;
95 if (Descriptor
->Control
& SE_SELF_RELATIVE
)
97 SdRel
= (PISECURITY_DESCRIPTOR_RELATIVE
)Descriptor
;
98 if (!SdRel
->Sacl
) return NULL
;
99 return (PACL
)((ULONG_PTR
)Descriptor
+ SdRel
->Sacl
);
103 return Descriptor
->Sacl
;
109 /* SID Authorities */
110 extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority
;
111 extern SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority
;
112 extern SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority
;
113 extern SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority
;
114 extern SID_IDENTIFIER_AUTHORITY SeNtSidAuthority
;
117 extern PSID SeNullSid
;
118 extern PSID SeWorldSid
;
119 extern PSID SeLocalSid
;
120 extern PSID SeCreatorOwnerSid
;
121 extern PSID SeCreatorGroupSid
;
122 extern PSID SeCreatorOwnerServerSid
;
123 extern PSID SeCreatorGroupServerSid
;
124 extern PSID SeNtAuthoritySid
;
125 extern PSID SeDialupSid
;
126 extern PSID SeNetworkSid
;
127 extern PSID SeBatchSid
;
128 extern PSID SeInteractiveSid
;
129 extern PSID SeServiceSid
;
130 extern PSID SeAnonymousLogonSid
;
131 extern PSID SePrincipalSelfSid
;
132 extern PSID SeLocalSystemSid
;
133 extern PSID SeAuthenticatedUserSid
;
134 extern PSID SeRestrictedCodeSid
;
135 extern PSID SeAliasAdminsSid
;
136 extern PSID SeAliasUsersSid
;
137 extern PSID SeAliasGuestsSid
;
138 extern PSID SeAliasPowerUsersSid
;
139 extern PSID SeAliasAccountOpsSid
;
140 extern PSID SeAliasSystemOpsSid
;
141 extern PSID SeAliasPrintOpsSid
;
142 extern PSID SeAliasBackupOpsSid
;
143 extern PSID SeAuthenticatedUsersSid
;
144 extern PSID SeRestrictedSid
;
145 extern PSID SeAnonymousLogonSid
;
148 extern LUID SeCreateTokenPrivilege
;
149 extern LUID SeAssignPrimaryTokenPrivilege
;
150 extern LUID SeLockMemoryPrivilege
;
151 extern LUID SeIncreaseQuotaPrivilege
;
152 extern LUID SeUnsolicitedInputPrivilege
;
153 extern LUID SeTcbPrivilege
;
154 extern LUID SeSecurityPrivilege
;
155 extern LUID SeTakeOwnershipPrivilege
;
156 extern LUID SeLoadDriverPrivilege
;
157 extern LUID SeCreatePagefilePrivilege
;
158 extern LUID SeIncreaseBasePriorityPrivilege
;
159 extern LUID SeSystemProfilePrivilege
;
160 extern LUID SeSystemtimePrivilege
;
161 extern LUID SeProfileSingleProcessPrivilege
;
162 extern LUID SeCreatePermanentPrivilege
;
163 extern LUID SeBackupPrivilege
;
164 extern LUID SeRestorePrivilege
;
165 extern LUID SeShutdownPrivilege
;
166 extern LUID SeDebugPrivilege
;
167 extern LUID SeAuditPrivilege
;
168 extern LUID SeSystemEnvironmentPrivilege
;
169 extern LUID SeChangeNotifyPrivilege
;
170 extern LUID SeRemoteShutdownPrivilege
;
171 extern LUID SeUndockPrivilege
;
172 extern LUID SeSyncAgentPrivilege
;
173 extern LUID SeEnableDelegationPrivilege
;
176 extern PACL SePublicDefaultUnrestrictedDacl
;
177 extern PACL SePublicOpenDacl
;
178 extern PACL SePublicOpenUnrestrictedDacl
;
179 extern PACL SeUnrestrictedDacl
;
182 extern PSECURITY_DESCRIPTOR SePublicDefaultSd
;
183 extern PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
;
184 extern PSECURITY_DESCRIPTOR SePublicOpenSd
;
185 extern PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
;
186 extern PSECURITY_DESCRIPTOR SeSystemDefaultSd
;
187 extern PSECURITY_DESCRIPTOR SeUnrestrictedSd
;
190 #define SepAcquireTokenLockExclusive(Token) \
192 KeEnterCriticalRegion(); \
193 ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE); \
195 #define SepAcquireTokenLockShared(Token) \
197 KeEnterCriticalRegion(); \
198 ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE); \
201 #define SepReleaseTokenLock(Token) \
203 ExReleaseResource(((PTOKEN)Token)->TokenLock); \
204 KeLeaveCriticalRegion(); \
213 IN PACCESS_TOKEN _Token
,
214 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
215 IN BOOLEAN TokenLocked
221 IN PACCESS_TOKEN _Token
,
228 IN PACCESS_TOKEN _Token
,
229 IN PSID PrincipalSelfSid
,
232 IN BOOLEAN Restricted
250 SepInitPrivileges(VOID
);
254 SepInitSecurityIDs(VOID
);
266 SeDeassignPrimaryToken(struct _EPROCESS
*Process
);
279 SeInitializeProcessAuditName(
280 IN PFILE_OBJECT FileObject
,
282 OUT POBJECT_NAME_INFORMATION
*AuditInfo
287 SeCreateAccessStateEx(
289 IN PEPROCESS Process
,
290 IN OUT PACCESS_STATE AccessState
,
291 IN PAUX_ACCESS_DATA AuxData
,
292 IN ACCESS_MASK Access
,
293 IN PGENERIC_MAPPING GenericMapping
305 SepCreateImpersonationTokenDacl(
313 SepInitializeTokenImplementation(VOID
);
317 SepCreateSystemProcessToken(VOID
);
321 SeDetailedAuditingWithToken(IN PTOKEN Token
);
325 SeAuditProcessExit(IN PEPROCESS Process
);
329 SeAuditProcessCreate(IN PEPROCESS Process
);
333 SeExchangePrimaryToken(
334 struct _EPROCESS
* Process
,
335 PACCESS_TOKEN NewToken
,
336 PACCESS_TOKEN
* OldTokenP
341 SeCaptureSubjectContextEx(
343 IN PEPROCESS Process
,
344 OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
349 SeCaptureLuidAndAttributesArray(
350 PLUID_AND_ATTRIBUTES Src
,
351 ULONG PrivilegeCount
,
352 KPROCESSOR_MODE PreviousMode
,
353 PLUID_AND_ATTRIBUTES AllocatedMem
,
354 ULONG AllocatedLength
,
356 BOOLEAN CaptureIfKernel
,
357 PLUID_AND_ATTRIBUTES
* Dest
,
363 SeReleaseLuidAndAttributesArray(
364 PLUID_AND_ATTRIBUTES Privilege
,
365 KPROCESSOR_MODE PreviousMode
,
366 BOOLEAN CaptureIfKernel
373 PLUID_AND_ATTRIBUTES Privileges
,
374 ULONG PrivilegeCount
,
375 ULONG PrivilegeControl
,
376 KPROCESSOR_MODE PreviousMode
381 SeCheckPrivilegedObject(
382 IN LUID PrivilegeValue
,
383 IN HANDLE ObjectHandle
,
384 IN ACCESS_MASK DesiredAccess
,
385 IN KPROCESSOR_MODE PreviousMode
392 POBJECT_ATTRIBUTES ObjectAttributes
,
393 BOOLEAN EffectiveOnly
,
394 TOKEN_TYPE TokenType
,
395 SECURITY_IMPERSONATION_LEVEL Level
,
396 KPROCESSOR_MODE PreviousMode
,
397 PTOKEN
* NewAccessToken
402 SepCaptureSecurityQualityOfService(
403 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
404 IN KPROCESSOR_MODE AccessMode
,
405 IN POOL_TYPE PoolType
,
406 IN BOOLEAN CaptureIfKernel
,
407 OUT PSECURITY_QUALITY_OF_SERVICE
*CapturedSecurityQualityOfService
,
413 SepReleaseSecurityQualityOfService(
414 IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL
,
415 IN KPROCESSOR_MODE AccessMode
,
416 IN BOOLEAN CaptureIfKernel
423 IN KPROCESSOR_MODE AccessMode
,
424 IN POOL_TYPE PoolType
,
425 IN BOOLEAN CaptureIfKernel
,
426 OUT PSID
*CapturedSid
433 IN KPROCESSOR_MODE AccessMode
,
434 IN BOOLEAN CaptureIfKernel
441 IN KPROCESSOR_MODE AccessMode
,
442 IN POOL_TYPE PoolType
,
443 IN BOOLEAN CaptureIfKernel
,
444 OUT PACL
*CapturedAcl
451 IN KPROCESSOR_MODE AccessMode
,
452 IN BOOLEAN CaptureIfKernel
457 SeDefaultObjectMethod(
459 SECURITY_OPERATION_CODE OperationType
,
460 PSECURITY_INFORMATION SecurityInformation
,
461 PSECURITY_DESCRIPTOR NewSecurityDescriptor
,
463 PSECURITY_DESCRIPTOR
*OldSecurityDescriptor
,
465 PGENERIC_MAPPING GenericMapping
470 SeSetWorldSecurityDescriptor(
471 SECURITY_INFORMATION SecurityInformation
,
472 PISECURITY_DESCRIPTOR SecurityDescriptor
,
479 IN PACCESS_TOKEN Token
,
480 IN SECURITY_IMPERSONATION_LEVEL Level
,
481 IN KPROCESSOR_MODE PreviousMode
,
482 OUT PACCESS_TOKEN
* NewToken
486 SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation
,
487 OUT PACCESS_MASK DesiredAccess
);
490 SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation
,
491 OUT PACCESS_MASK DesiredAccess
);
495 SeFastTraverseCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
496 IN PACCESS_STATE AccessState
,
497 IN ACCESS_MASK DesiredAccess
,
498 IN KPROCESSOR_MODE AccessMode
);