projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Sync with trunk r58740.
[reactos.git] / ntoskrnl / include / internal / se.h
1 #pragma once
2
3 typedef struct _KNOWN_ACE
4 {
5 ACE_HEADER Header;
6 ACCESS_MASK Mask;
7 ULONG SidStart;
8 } KNOWN_ACE, *PKNOWN_ACE;
9
10 typedef struct _KNOWN_OBJECT_ACE
11 {
12 ACE_HEADER Header;
13 ACCESS_MASK Mask;
14 ULONG Flags;
15 ULONG SidStart;
16 } KNOWN_OBJECT_ACE, *PKNOWN_OBJECT_ACE;
17
18 typedef struct _KNOWN_COMPOUND_ACE
19 {
20 ACE_HEADER Header;
21 ACCESS_MASK Mask;
22 USHORT CompoundAceType;
23 USHORT Reserved;
24 ULONG SidStart;
25 } KNOWN_COMPOUND_ACE, *PKNOWN_COMPOUND_ACE;
26
27 PSID
28 FORCEINLINE
29 SepGetGroupFromDescriptor(PVOID _Descriptor)
30 {
31 PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
32 PISECURITY_DESCRIPTOR_RELATIVE SdRel;
33
34 if (Descriptor->Control & SE_SELF_RELATIVE)
35 {
36 SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor;
37 if (!SdRel->Group) return NULL;
38 return (PSID)((ULONG_PTR)Descriptor + SdRel->Group);
39 }
40 else
41 {
42 return Descriptor->Group;
43 }
44 }
45
46 PSID
47 FORCEINLINE
48 SepGetOwnerFromDescriptor(PVOID _Descriptor)
49 {
50 PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
51 PISECURITY_DESCRIPTOR_RELATIVE SdRel;
52
53 if (Descriptor->Control & SE_SELF_RELATIVE)
54 {
55 SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor;
56 if (!SdRel->Owner) return NULL;
57 return (PSID)((ULONG_PTR)Descriptor + SdRel->Owner);
58 }
59 else
60 {
61 return Descriptor->Owner;
62 }
63 }
64
65 PACL
66 FORCEINLINE
67 SepGetDaclFromDescriptor(PVOID _Descriptor)
68 {
69 PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
70 PISECURITY_DESCRIPTOR_RELATIVE SdRel;
71
72 if (!(Descriptor->Control & SE_DACL_PRESENT)) return NULL;
73
74 if (Descriptor->Control & SE_SELF_RELATIVE)
75 {
76 SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor;
77 if (!SdRel->Dacl) return NULL;
78 return (PACL)((ULONG_PTR)Descriptor + SdRel->Dacl);
79 }
80 else
81 {
82 return Descriptor->Dacl;
83 }
84 }
85
86 PACL
87 FORCEINLINE
88 SepGetSaclFromDescriptor(PVOID _Descriptor)
89 {
90 PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
91 PISECURITY_DESCRIPTOR_RELATIVE SdRel;
92
93 if (!(Descriptor->Control & SE_SACL_PRESENT)) return NULL;
94
95 if (Descriptor->Control & SE_SELF_RELATIVE)
96 {
97 SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor;
98 if (!SdRel->Sacl) return NULL;
99 return (PACL)((ULONG_PTR)Descriptor + SdRel->Sacl);
100 }
101 else
102 {
103 return Descriptor->Sacl;
104 }
105 }
106
107 #ifndef RTL_H
108
109 /* SID Authorities */
110 extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority;
111 extern SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority;
112 extern SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority;
113 extern SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority;
114 extern SID_IDENTIFIER_AUTHORITY SeNtSidAuthority;
115
116 /* SIDs */
117 extern PSID SeNullSid;
118 extern PSID SeWorldSid;
119 extern PSID SeLocalSid;
120 extern PSID SeCreatorOwnerSid;
121 extern PSID SeCreatorGroupSid;
122 extern PSID SeCreatorOwnerServerSid;
123 extern PSID SeCreatorGroupServerSid;
124 extern PSID SeNtAuthoritySid;
125 extern PSID SeDialupSid;
126 extern PSID SeNetworkSid;
127 extern PSID SeBatchSid;
128 extern PSID SeInteractiveSid;
129 extern PSID SeServiceSid;
130 extern PSID SeAnonymousLogonSid;
131 extern PSID SePrincipalSelfSid;
132 extern PSID SeLocalSystemSid;
133 extern PSID SeAuthenticatedUserSid;
134 extern PSID SeRestrictedCodeSid;
135 extern PSID SeAliasAdminsSid;
136 extern PSID SeAliasUsersSid;
137 extern PSID SeAliasGuestsSid;
138 extern PSID SeAliasPowerUsersSid;
139 extern PSID SeAliasAccountOpsSid;
140 extern PSID SeAliasSystemOpsSid;
141 extern PSID SeAliasPrintOpsSid;
142 extern PSID SeAliasBackupOpsSid;
143 extern PSID SeAuthenticatedUsersSid;
144 extern PSID SeRestrictedSid;
145 extern PSID SeAnonymousLogonSid;
146
147 /* Privileges */
148 extern LUID SeCreateTokenPrivilege;
149 extern LUID SeAssignPrimaryTokenPrivilege;
150 extern LUID SeLockMemoryPrivilege;
151 extern LUID SeIncreaseQuotaPrivilege;
152 extern LUID SeUnsolicitedInputPrivilege;
153 extern LUID SeTcbPrivilege;
154 extern LUID SeSecurityPrivilege;
155 extern LUID SeTakeOwnershipPrivilege;
156 extern LUID SeLoadDriverPrivilege;
157 extern LUID SeCreatePagefilePrivilege;
158 extern LUID SeIncreaseBasePriorityPrivilege;
159 extern LUID SeSystemProfilePrivilege;
160 extern LUID SeSystemtimePrivilege;
161 extern LUID SeProfileSingleProcessPrivilege;
162 extern LUID SeCreatePermanentPrivilege;
163 extern LUID SeBackupPrivilege;
164 extern LUID SeRestorePrivilege;
165 extern LUID SeShutdownPrivilege;
166 extern LUID SeDebugPrivilege;
167 extern LUID SeAuditPrivilege;
168 extern LUID SeSystemEnvironmentPrivilege;
169 extern LUID SeChangeNotifyPrivilege;
170 extern LUID SeRemoteShutdownPrivilege;
171 extern LUID SeUndockPrivilege;
172 extern LUID SeSyncAgentPrivilege;
173 extern LUID SeEnableDelegationPrivilege;
174
175 /* DACLs */
176 extern PACL SePublicDefaultUnrestrictedDacl;
177 extern PACL SePublicOpenDacl;
178 extern PACL SePublicOpenUnrestrictedDacl;
179 extern PACL SeUnrestrictedDacl;
180
181 /* SDs */
182 extern PSECURITY_DESCRIPTOR SePublicDefaultSd;
183 extern PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd;
184 extern PSECURITY_DESCRIPTOR SePublicOpenSd;
185 extern PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd;
186 extern PSECURITY_DESCRIPTOR SeSystemDefaultSd;
187 extern PSECURITY_DESCRIPTOR SeUnrestrictedSd;
188
189
190 #define SepAcquireTokenLockExclusive(Token) \
191 { \
192 KeEnterCriticalRegion(); \
193 ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE); \
194 }
195 #define SepAcquireTokenLockShared(Token) \
196 { \
197 KeEnterCriticalRegion(); \
198 ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE); \
199 }
200
201 #define SepReleaseTokenLock(Token) \
202 { \
203 ExReleaseResource(((PTOKEN)Token)->TokenLock); \
204 KeLeaveCriticalRegion(); \
205 }
206
207 //
208 // Token Functions
209 //
210 BOOLEAN
211 NTAPI
212 SepTokenIsOwner(
213 IN PACCESS_TOKEN _Token,
214 IN PSECURITY_DESCRIPTOR SecurityDescriptor,
215 IN BOOLEAN TokenLocked
216 );
217
218 BOOLEAN
219 NTAPI
220 SepSidInToken(
221 IN PACCESS_TOKEN _Token,
222 IN PSID Sid
223 );
224
225 BOOLEAN
226 NTAPI
227 SepSidInTokenEx(
228 IN PACCESS_TOKEN _Token,
229 IN PSID PrincipalSelfSid,
230 IN PSID _Sid,
231 IN BOOLEAN Deny,
232 IN BOOLEAN Restricted
233 );
234
235 /* Functions */
236 BOOLEAN
237 NTAPI
238 SeInitSystem(VOID);
239
240 BOOLEAN
241 NTAPI
242 SeInitSRM(VOID);
243
244 VOID
245 NTAPI
246 ExpInitLuid(VOID);
247
248 VOID
249 NTAPI
250 SepInitPrivileges(VOID);
251
252 BOOLEAN
253 NTAPI
254 SepInitSecurityIDs(VOID);
255
256 BOOLEAN
257 NTAPI
258 SepInitDACLs(VOID);
259
260 BOOLEAN
261 NTAPI
262 SepInitSDs(VOID);
263
264 VOID
265 NTAPI
266 SeDeassignPrimaryToken(struct _EPROCESS *Process);
267
268 NTSTATUS
269 NTAPI
270 SeSubProcessToken(
271 IN PTOKEN Parent,
272 OUT PTOKEN *Token,
273 IN BOOLEAN InUse,
274 IN ULONG SessionId
275 );
276
277 NTSTATUS
278 NTAPI
279 SeInitializeProcessAuditName(
280 IN PFILE_OBJECT FileObject,
281 IN BOOLEAN DoAudit,
282 OUT POBJECT_NAME_INFORMATION *AuditInfo
283 );
284
285 NTSTATUS
286 NTAPI
287 SeCreateAccessStateEx(
288 IN PETHREAD Thread,
289 IN PEPROCESS Process,
290 IN OUT PACCESS_STATE AccessState,
291 IN PAUX_ACCESS_DATA AuxData,
292 IN ACCESS_MASK Access,
293 IN PGENERIC_MAPPING GenericMapping
294 );
295
296 NTSTATUS
297 NTAPI
298 SeIsTokenChild(
299 IN PTOKEN Token,
300 OUT PBOOLEAN IsChild
301 );
302
303 NTSTATUS
304 NTAPI
305 SepCreateImpersonationTokenDacl(
306 PTOKEN Token,
307 PTOKEN PrimaryToken,
308 PACL *Dacl
309 );
310
311 VOID
312 NTAPI
313 SepInitializeTokenImplementation(VOID);
314
315 PTOKEN
316 NTAPI
317 SepCreateSystemProcessToken(VOID);
318
319 BOOLEAN
320 NTAPI
321 SeDetailedAuditingWithToken(IN PTOKEN Token);
322
323 VOID
324 NTAPI
325 SeAuditProcessExit(IN PEPROCESS Process);
326
327 VOID
328 NTAPI
329 SeAuditProcessCreate(IN PEPROCESS Process);
330
331 NTSTATUS
332 NTAPI
333 SeExchangePrimaryToken(
334 struct _EPROCESS* Process,
335 PACCESS_TOKEN NewToken,
336 PACCESS_TOKEN* OldTokenP
337 );
338
339 VOID
340 NTAPI
341 SeCaptureSubjectContextEx(
342 IN PETHREAD Thread,
343 IN PEPROCESS Process,
344 OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
345 );
346
347 NTSTATUS
348 NTAPI
349 SeCaptureLuidAndAttributesArray(
350 PLUID_AND_ATTRIBUTES Src,
351 ULONG PrivilegeCount,
352 KPROCESSOR_MODE PreviousMode,
353 PLUID_AND_ATTRIBUTES AllocatedMem,
354 ULONG AllocatedLength,
355 POOL_TYPE PoolType,
356 BOOLEAN CaptureIfKernel,
357 PLUID_AND_ATTRIBUTES* Dest,
358 PULONG Length
359 );
360
361 VOID
362 NTAPI
363 SeReleaseLuidAndAttributesArray(
364 PLUID_AND_ATTRIBUTES Privilege,
365 KPROCESSOR_MODE PreviousMode,
366 BOOLEAN CaptureIfKernel
367 );
368
369 BOOLEAN
370 NTAPI
371 SepPrivilegeCheck(
372 PTOKEN Token,
373 PLUID_AND_ATTRIBUTES Privileges,
374 ULONG PrivilegeCount,
375 ULONG PrivilegeControl,
376 KPROCESSOR_MODE PreviousMode
377 );
378
379 BOOLEAN
380 NTAPI
381 SeCheckPrivilegedObject(
382 IN LUID PrivilegeValue,
383 IN HANDLE ObjectHandle,
384 IN ACCESS_MASK DesiredAccess,
385 IN KPROCESSOR_MODE PreviousMode
386 );
387
388 NTSTATUS
389 NTAPI
390 SepDuplicateToken(
391 PTOKEN Token,
392 POBJECT_ATTRIBUTES ObjectAttributes,
393 BOOLEAN EffectiveOnly,
394 TOKEN_TYPE TokenType,
395 SECURITY_IMPERSONATION_LEVEL Level,
396 KPROCESSOR_MODE PreviousMode,
397 PTOKEN* NewAccessToken
398 );
399
400 NTSTATUS
401 NTAPI
402 SepCaptureSecurityQualityOfService(
403 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
404 IN KPROCESSOR_MODE AccessMode,
405 IN POOL_TYPE PoolType,
406 IN BOOLEAN CaptureIfKernel,
407 OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService,
408 OUT PBOOLEAN Present
409 );
410
411 VOID
412 NTAPI
413 SepReleaseSecurityQualityOfService(
414 IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL,
415 IN KPROCESSOR_MODE AccessMode,
416 IN BOOLEAN CaptureIfKernel
417 );
418
419 NTSTATUS
420 NTAPI
421 SepCaptureSid(
422 IN PSID InputSid,
423 IN KPROCESSOR_MODE AccessMode,
424 IN POOL_TYPE PoolType,
425 IN BOOLEAN CaptureIfKernel,
426 OUT PSID *CapturedSid
427 );
428
429 VOID
430 NTAPI
431 SepReleaseSid(
432 IN PSID CapturedSid,
433 IN KPROCESSOR_MODE AccessMode,
434 IN BOOLEAN CaptureIfKernel
435 );
436
437 NTSTATUS
438 NTAPI
439 SepCaptureAcl(
440 IN PACL InputAcl,
441 IN KPROCESSOR_MODE AccessMode,
442 IN POOL_TYPE PoolType,
443 IN BOOLEAN CaptureIfKernel,
444 OUT PACL *CapturedAcl
445 );
446
447 VOID
448 NTAPI
449 SepReleaseAcl(
450 IN PACL CapturedAcl,
451 IN KPROCESSOR_MODE AccessMode,
452 IN BOOLEAN CaptureIfKernel
453 );
454
455 NTSTATUS
456 NTAPI
457 SeDefaultObjectMethod(
458 PVOID Object,
459 SECURITY_OPERATION_CODE OperationType,
460 PSECURITY_INFORMATION SecurityInformation,
461 PSECURITY_DESCRIPTOR NewSecurityDescriptor,
462 PULONG ReturnLength,
463 PSECURITY_DESCRIPTOR *OldSecurityDescriptor,
464 POOL_TYPE PoolType,
465 PGENERIC_MAPPING GenericMapping
466 );
467
468 NTSTATUS
469 NTAPI
470 SeSetWorldSecurityDescriptor(
471 SECURITY_INFORMATION SecurityInformation,
472 PISECURITY_DESCRIPTOR SecurityDescriptor,
473 PULONG BufferLength
474 );
475
476 NTSTATUS
477 NTAPI
478 SeCopyClientToken(
479 IN PACCESS_TOKEN Token,
480 IN SECURITY_IMPERSONATION_LEVEL Level,
481 IN KPROCESSOR_MODE PreviousMode,
482 OUT PACCESS_TOKEN* NewToken
483 );
484
485 VOID NTAPI
486 SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
487 OUT PACCESS_MASK DesiredAccess);
488
489 VOID NTAPI
490 SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
491 OUT PACCESS_MASK DesiredAccess);
492
493 BOOLEAN
494 NTAPI
495 SeFastTraverseCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
496 IN PACCESS_STATE AccessState,
497 IN ACCESS_MASK DesiredAccess,
498 IN KPROCESSOR_MODE AccessMode);
499
500 #endif
501
502 /* EOF */
A free Windows-compatible Operating System