reactos/include/xdk/sefuncs.h

   1 /******************************************************************************
   2  *                            Security Manager Functions                      *
   3  ******************************************************************************/
   4
   5 #if (NTDDI_VERSION >= NTDDI_WIN2K)
   6 $if (_WDMDDK_)
   7 NTKERNELAPI
   8 BOOLEAN
   9 NTAPI
  10 SeAccessCheck(
  11   IN PSECURITY_DESCRIPTOR SecurityDescriptor,
  12   IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
  13   IN BOOLEAN SubjectContextLocked,
  14   IN ACCESS_MASK DesiredAccess,
  15   IN ACCESS_MASK PreviouslyGrantedAccess,
  16   OUT PPRIVILEGE_SET *Privileges OPTIONAL,
  17   IN PGENERIC_MAPPING GenericMapping,
  18   IN KPROCESSOR_MODE AccessMode,
  19   OUT PACCESS_MASK GrantedAccess,
  20   OUT PNTSTATUS AccessStatus);
  21
  22 NTKERNELAPI
  23 NTSTATUS
  24 NTAPI
  25 SeAssignSecurity(
  26   IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL,
  27   IN PSECURITY_DESCRIPTOR ExplicitDescriptor OPTIONAL,
  28   OUT PSECURITY_DESCRIPTOR *NewDescriptor,
  29   IN BOOLEAN IsDirectoryObject,
  30   IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
  31   IN PGENERIC_MAPPING GenericMapping,
  32   IN POOL_TYPE PoolType);
  33
  34 NTKERNELAPI
  35 NTSTATUS
  36 NTAPI
  37 SeAssignSecurityEx(
  38   IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL,
  39   IN PSECURITY_DESCRIPTOR ExplicitDescriptor OPTIONAL,
  40   OUT PSECURITY_DESCRIPTOR *NewDescriptor,
  41   IN GUID *ObjectType OPTIONAL,
  42   IN BOOLEAN IsDirectoryObject,
  43   IN ULONG AutoInheritFlags,
  44   IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
  45   IN PGENERIC_MAPPING GenericMapping,
  46   IN POOL_TYPE PoolType);
  47
  48 NTKERNELAPI
  49 NTSTATUS
  50 NTAPI
  51 SeDeassignSecurity(
  52   IN OUT PSECURITY_DESCRIPTOR *SecurityDescriptor);
  53
  54 NTKERNELAPI
  55 BOOLEAN
  56 NTAPI
  57 SeValidSecurityDescriptor(
  58   IN ULONG Length,
  59   IN PSECURITY_DESCRIPTOR SecurityDescriptor);
  60
  61 NTKERNELAPI
  62 ULONG
  63 NTAPI
  64 SeObjectCreateSaclAccessBits(
  65   IN PSECURITY_DESCRIPTOR SecurityDescriptor);
  66
  67 NTKERNELAPI
  68 VOID
  69 NTAPI
  70 SeReleaseSubjectContext(
  71   IN OUT PSECURITY_SUBJECT_CONTEXT SubjectContext);
  72
  73 NTKERNELAPI
  74 VOID
  75 NTAPI
  76 SeUnlockSubjectContext(
  77   IN PSECURITY_SUBJECT_CONTEXT SubjectContext);
  78
  79 NTKERNELAPI
  80 VOID
  81 NTAPI
  82 SeCaptureSubjectContext(
  83   OUT PSECURITY_SUBJECT_CONTEXT SubjectContext);
  84
  85 NTKERNELAPI
  86 VOID
  87 NTAPI
  88 SeLockSubjectContext(
  89   IN PSECURITY_SUBJECT_CONTEXT SubjectContext);
  90 $endif (_WDMDDK_)
  91
  92 $if (_NTDDK_)
  93 NTKERNELAPI
  94 BOOLEAN
  95 NTAPI
  96 SeSinglePrivilegeCheck(
  97   IN LUID PrivilegeValue,
  98   IN KPROCESSOR_MODE PreviousMode);
  99 $endif (_NTDDK_)
 100 $if (_NTIFS_)
 101
 102 NTKERNELAPI
 103 VOID
 104 NTAPI
 105 SeReleaseSubjectContext(
 106   IN PSECURITY_SUBJECT_CONTEXT SubjectContext);
 107
 108 NTKERNELAPI
 109 BOOLEAN
 110 NTAPI
 111 SePrivilegeCheck(
 112   IN OUT PPRIVILEGE_SET RequiredPrivileges,
 113   IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
 114   IN KPROCESSOR_MODE AccessMode);
 115
 116 NTKERNELAPI
 117 VOID
 118 NTAPI
 119 SeOpenObjectAuditAlarm(
 120   IN PUNICODE_STRING ObjectTypeName,
 121   IN PVOID Object OPTIONAL,
 122   IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
 123   IN PSECURITY_DESCRIPTOR SecurityDescriptor,
 124   IN PACCESS_STATE AccessState,
 125   IN BOOLEAN ObjectCreated,
 126   IN BOOLEAN AccessGranted,
 127   IN KPROCESSOR_MODE AccessMode,
 128   OUT PBOOLEAN GenerateOnClose);
 129
 130 NTKERNELAPI
 131 VOID
 132 NTAPI
 133 SeOpenObjectForDeleteAuditAlarm(
 134   IN PUNICODE_STRING ObjectTypeName,
 135   IN PVOID Object OPTIONAL,
 136   IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
 137   IN PSECURITY_DESCRIPTOR SecurityDescriptor,
 138   IN PACCESS_STATE AccessState,
 139   IN BOOLEAN ObjectCreated,
 140   IN BOOLEAN AccessGranted,
 141   IN KPROCESSOR_MODE AccessMode,
 142   OUT PBOOLEAN GenerateOnClose);
 143
 144 NTKERNELAPI
 145 VOID
 146 NTAPI
 147 SeDeleteObjectAuditAlarm(
 148   IN PVOID Object,
 149   IN HANDLE Handle);
 150
 151 NTKERNELAPI
 152 TOKEN_TYPE
 153 NTAPI
 154 SeTokenType(
 155   IN PACCESS_TOKEN Token);
 156
 157 NTKERNELAPI
 158 BOOLEAN
 159 NTAPI
 160 SeTokenIsAdmin(
 161   IN PACCESS_TOKEN Token);
 162
 163 NTKERNELAPI
 164 BOOLEAN
 165 NTAPI
 166 SeTokenIsRestricted(
 167   IN PACCESS_TOKEN Token);
 168
 169 NTKERNELAPI
 170 NTSTATUS
 171 NTAPI
 172 SeQueryAuthenticationIdToken(
 173   IN PACCESS_TOKEN Token,
 174   OUT PLUID AuthenticationId);
 175
 176 NTKERNELAPI
 177 NTSTATUS
 178 NTAPI
 179 SeQuerySessionIdToken(
 180   IN PACCESS_TOKEN Token,
 181   OUT PULONG SessionId);
 182
 183 NTKERNELAPI
 184 NTSTATUS
 185 NTAPI
 186 SeCreateClientSecurity(
 187   IN PETHREAD ClientThread,
 188   IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
 189   IN BOOLEAN RemoteSession,
 190   OUT PSECURITY_CLIENT_CONTEXT ClientContext);
 191
 192 NTKERNELAPI
 193 VOID
 194 NTAPI
 195 SeImpersonateClient(
 196   IN PSECURITY_CLIENT_CONTEXT ClientContext,
 197   IN PETHREAD ServerThread OPTIONAL);
 198
 199 NTKERNELAPI
 200 NTSTATUS
 201 NTAPI
 202 SeImpersonateClientEx(
 203   IN PSECURITY_CLIENT_CONTEXT ClientContext,
 204   IN PETHREAD ServerThread OPTIONAL);
 205
 206 NTKERNELAPI
 207 NTSTATUS
 208 NTAPI
 209 SeCreateClientSecurityFromSubjectContext(
 210   IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
 211   IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
 212   IN BOOLEAN ServerIsRemote,
 213   OUT PSECURITY_CLIENT_CONTEXT ClientContext);
 214
 215 NTKERNELAPI
 216 NTSTATUS
 217 NTAPI
 218 SeQuerySecurityDescriptorInfo(
 219   IN PSECURITY_INFORMATION SecurityInformation,
 220   OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
 221   IN OUT PULONG Length,
 222   IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor);
 223
 224 NTKERNELAPI
 225 NTSTATUS
 226 NTAPI
 227 SeSetSecurityDescriptorInfo(
 228   IN PVOID Object OPTIONAL,
 229   IN PSECURITY_INFORMATION SecurityInformation,
 230   IN PSECURITY_DESCRIPTOR SecurityDescriptor,
 231   IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
 232   IN POOL_TYPE PoolType,
 233   IN PGENERIC_MAPPING GenericMapping);
 234
 235 NTKERNELAPI
 236 NTSTATUS
 237 NTAPI
 238 SeSetSecurityDescriptorInfoEx(
 239   IN PVOID Object OPTIONAL,
 240   IN PSECURITY_INFORMATION SecurityInformation,
 241   IN PSECURITY_DESCRIPTOR ModificationDescriptor,
 242   IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
 243   IN ULONG AutoInheritFlags,
 244   IN POOL_TYPE PoolType,
 245   IN PGENERIC_MAPPING GenericMapping);
 246
 247 NTKERNELAPI
 248 NTSTATUS
 249 NTAPI
 250 SeAppendPrivileges(
 251   IN OUT PACCESS_STATE AccessState,
 252   IN PPRIVILEGE_SET Privileges);
 253
 254 NTKERNELAPI
 255 BOOLEAN
 256 NTAPI
 257 SeAuditingFileEvents(
 258   IN BOOLEAN AccessGranted,
 259   IN PSECURITY_DESCRIPTOR SecurityDescriptor);
 260
 261 NTKERNELAPI
 262 BOOLEAN
 263 NTAPI
 264 SeAuditingFileOrGlobalEvents(
 265   IN BOOLEAN AccessGranted,
 266   IN PSECURITY_DESCRIPTOR SecurityDescriptor,
 267   IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext);
 268
 269 VOID
 270 NTAPI
 271 SeSetAccessStateGenericMapping(
 272   IN OUT PACCESS_STATE AccessState,
 273   IN PGENERIC_MAPPING GenericMapping);
 274
 275 NTKERNELAPI
 276 NTSTATUS
 277 NTAPI
 278 SeRegisterLogonSessionTerminatedRoutine(
 279   IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine);
 280
 281 NTKERNELAPI
 282 NTSTATUS
 283 NTAPI
 284 SeUnregisterLogonSessionTerminatedRoutine(
 285   IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine);
 286
 287 NTKERNELAPI
 288 NTSTATUS
 289 NTAPI
 290 SeMarkLogonSessionForTerminationNotification(
 291   IN PLUID LogonId);
 292
 293 NTKERNELAPI
 294 NTSTATUS
 295 NTAPI
 296 SeQueryInformationToken(
 297   IN PACCESS_TOKEN Token,
 298   IN TOKEN_INFORMATION_CLASS TokenInformationClass,
 299   OUT PVOID *TokenInformation);
 300 $endif (_NTIFS_)
 301
 302 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
 303 $if (_NTIFS_)
 304 #if (NTDDI_VERSION >= NTDDI_WIN2KSP3)
 305 NTKERNELAPI
 306 BOOLEAN
 307 NTAPI
 308 SeAuditingHardLinkEvents(
 309   IN BOOLEAN AccessGranted,
 310   IN PSECURITY_DESCRIPTOR SecurityDescriptor);
 311 #endif
 312
 313 #if (NTDDI_VERSION >= NTDDI_WINXP)
 314
 315 NTKERNELAPI
 316 NTSTATUS
 317 NTAPI
 318 SeFilterToken(
 319   IN PACCESS_TOKEN ExistingToken,
 320   IN ULONG Flags,
 321   IN PTOKEN_GROUPS SidsToDisable OPTIONAL,
 322   IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL,
 323   IN PTOKEN_GROUPS RestrictedSids OPTIONAL,
 324   OUT PACCESS_TOKEN *FilteredToken);
 325
 326 NTKERNELAPI
 327 VOID
 328 NTAPI
 329 SeAuditHardLinkCreation(
 330   IN PUNICODE_STRING FileName,
 331   IN PUNICODE_STRING LinkName,
 332   IN BOOLEAN bSuccess);
 333
 334 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
 335
 336 #if (NTDDI_VERSION >= NTDDI_WINXPSP2)
 337
 338 NTKERNELAPI
 339 BOOLEAN
 340 NTAPI
 341 SeAuditingFileEventsWithContext(
 342   IN BOOLEAN AccessGranted,
 343   IN PSECURITY_DESCRIPTOR SecurityDescriptor,
 344   IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL);
 345
 346 NTKERNELAPI
 347 BOOLEAN
 348 NTAPI
 349 SeAuditingHardLinkEventsWithContext(
 350   IN BOOLEAN AccessGranted,
 351   IN PSECURITY_DESCRIPTOR SecurityDescriptor,
 352   IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL);
 353
 354 #endif
 355 $endif (_NTIFS_)
 356
 357 $if (_WDMDDK_)
 358 #if (NTDDI_VERSION >= NTDDI_WS03SP1)
 359
 360 NTSTATUS
 361 NTAPI
 362 SeSetAuditParameter(
 363   IN OUT PSE_ADT_PARAMETER_ARRAY AuditParameters,
 364   IN SE_ADT_PARAMETER_TYPE Type,
 365   IN ULONG Index,
 366   IN PVOID Data);
 367
 368 NTSTATUS
 369 NTAPI
 370 SeReportSecurityEvent(
 371   IN ULONG Flags,
 372   IN PUNICODE_STRING SourceName,
 373   IN PSID UserSid OPTIONAL,
 374   IN PSE_ADT_PARAMETER_ARRAY AuditParameters);
 375
 376 #endif /* (NTDDI_VERSION >= NTDDI_WS03SP1) */
 377 $endif (_WDMDDK_)
 378
 379 $if (_WDMDDK_ || _NTIFS_)
 380 #if (NTDDI_VERSION >= NTDDI_VISTA)
 381 $endif
 382 $if (_WDMDDK_)
 383 NTKERNELAPI
 384 ULONG
 385 NTAPI
 386 SeComputeAutoInheritByObjectType(
 387   IN PVOID ObjectType,
 388   IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL,
 389   IN PSECURITY_DESCRIPTOR ParentSecurityDescriptor OPTIONAL);
 390
 391 #ifdef SE_NTFS_WORLD_CACHE
 392 VOID
 393 NTAPI
 394 SeGetWorldRights(
 395   IN PSECURITY_DESCRIPTOR SecurityDescriptor,
 396   IN PGENERIC_MAPPING GenericMapping,
 397   OUT PACCESS_MASK GrantedAccess);
 398 #endif /* SE_NTFS_WORLD_CACHE */
 399 $endif (_WDMDDK_)
 400 $if (_NTIFS_)
 401
 402 NTKERNELAPI
 403 VOID
 404 NTAPI
 405 SeOpenObjectAuditAlarmWithTransaction(
 406   IN PUNICODE_STRING ObjectTypeName,
 407   IN PVOID Object OPTIONAL,
 408   IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
 409   IN PSECURITY_DESCRIPTOR SecurityDescriptor,
 410   IN PACCESS_STATE AccessState,
 411   IN BOOLEAN ObjectCreated,
 412   IN BOOLEAN AccessGranted,
 413   IN KPROCESSOR_MODE AccessMode,
 414   IN GUID *TransactionId OPTIONAL,
 415   OUT PBOOLEAN GenerateOnClose);
 416
 417 NTKERNELAPI
 418 VOID
 419 NTAPI
 420 SeOpenObjectForDeleteAuditAlarmWithTransaction(
 421   IN PUNICODE_STRING ObjectTypeName,
 422   IN PVOID Object OPTIONAL,
 423   IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
 424   IN PSECURITY_DESCRIPTOR SecurityDescriptor,
 425   IN PACCESS_STATE AccessState,
 426   IN BOOLEAN ObjectCreated,
 427   IN BOOLEAN AccessGranted,
 428   IN KPROCESSOR_MODE AccessMode,
 429   IN GUID *TransactionId OPTIONAL,
 430   OUT PBOOLEAN GenerateOnClose);
 431
 432 NTKERNELAPI
 433 VOID
 434 NTAPI
 435 SeExamineSacl(
 436   IN PACL Sacl,
 437   IN PACCESS_TOKEN Token,
 438   IN ACCESS_MASK DesiredAccess,
 439   IN BOOLEAN AccessGranted,
 440   OUT PBOOLEAN GenerateAudit,
 441   OUT PBOOLEAN GenerateAlarm);
 442
 443 NTKERNELAPI
 444 VOID
 445 NTAPI
 446 SeDeleteObjectAuditAlarmWithTransaction(
 447   IN PVOID Object,
 448   IN HANDLE Handle,
 449   IN GUID *TransactionId OPTIONAL);
 450
 451 NTKERNELAPI
 452 VOID
 453 NTAPI
 454 SeQueryTokenIntegrity(
 455   IN PACCESS_TOKEN Token,
 456   IN OUT PSID_AND_ATTRIBUTES IntegritySA);
 457
 458 NTKERNELAPI
 459 NTSTATUS
 460 NTAPI
 461 SeSetSessionIdToken(
 462   IN PACCESS_TOKEN Token,
 463   IN ULONG SessionId);
 464
 465 NTKERNELAPI
 466 VOID
 467 NTAPI
 468 SeAuditHardLinkCreationWithTransaction(
 469   IN PUNICODE_STRING FileName,
 470   IN PUNICODE_STRING LinkName,
 471   IN BOOLEAN bSuccess,
 472   IN GUID *TransactionId OPTIONAL);
 473
 474 NTKERNELAPI
 475 VOID
 476 NTAPI
 477 SeAuditTransactionStateChange(
 478   IN GUID *TransactionId,
 479   IN GUID *ResourceManagerId,
 480   IN ULONG NewTransactionState);
 481 $endif (_NTIFS_)
 482 $if (_WDMDDK_ || _NTIFS_)
 483 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
 484 $endif
 485 $if (_NTIFS_)
 486
 487 #if (NTDDI_VERSION >= NTDDI_VISTA || (NTDDI_VERSION >= NTDDI_WINXPSP2 && NTDDI_VERSION < NTDDI_WS03))
 488 NTKERNELAPI
 489 BOOLEAN
 490 NTAPI
 491 SeTokenIsWriteRestricted(
 492   IN PACCESS_TOKEN Token);
 493 #endif
 494
 495 #if (NTDDI_VERSION >= NTDDI_WIN7)
 496
 497 NTKERNELAPI
 498 BOOLEAN
 499 NTAPI
 500 SeAuditingAnyFileEventsWithContext(
 501   IN PSECURITY_DESCRIPTOR SecurityDescriptor,
 502   IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL);
 503
 504 NTKERNELAPI
 505 VOID
 506 NTAPI
 507 SeExamineGlobalSacl(
 508   IN PUNICODE_STRING ObjectType,
 509   IN PACCESS_TOKEN Token,
 510   IN ACCESS_MASK DesiredAccess,
 511   IN BOOLEAN AccessGranted,
 512   IN OUT PBOOLEAN GenerateAudit,
 513   IN OUT PBOOLEAN GenerateAlarm OPTIONAL);
 514
 515 NTKERNELAPI
 516 VOID
 517 NTAPI
 518 SeMaximumAuditMaskFromGlobalSacl(
 519   IN PUNICODE_STRING ObjectTypeName OPTIONAL,
 520   IN ACCESS_MASK GrantedAccess,
 521   IN PACCESS_TOKEN Token,
 522   IN OUT PACCESS_MASK AuditMask);
 523
 524 #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
 525
 526 NTSTATUS
 527 NTAPI
 528 SeReportSecurityEventWithSubCategory(
 529   IN ULONG Flags,
 530   IN PUNICODE_STRING SourceName,
 531   IN PSID UserSid OPTIONAL,
 532   IN PSE_ADT_PARAMETER_ARRAY AuditParameters,
 533   IN ULONG AuditSubcategoryId);
 534
 535 BOOLEAN
 536 NTAPI
 537 SeAccessCheckFromState(
 538   IN PSECURITY_DESCRIPTOR SecurityDescriptor,
 539   IN PTOKEN_ACCESS_INFORMATION PrimaryTokenInformation,
 540   IN PTOKEN_ACCESS_INFORMATION ClientTokenInformation OPTIONAL,
 541   IN ACCESS_MASK DesiredAccess,
 542   IN ACCESS_MASK PreviouslyGrantedAccess,
 543   OUT PPRIVILEGE_SET *Privileges OPTIONAL,
 544   IN PGENERIC_MAPPING GenericMapping,
 545   IN KPROCESSOR_MODE AccessMode,
 546   OUT PACCESS_MASK GrantedAccess,
 547   OUT PNTSTATUS AccessStatus);
 548
 549 NTKERNELAPI
 550 VOID
 551 NTAPI
 552 SeFreePrivileges(
 553   IN PPRIVILEGE_SET Privileges);
 554
 555 NTSTATUS
 556 NTAPI
 557 SeLocateProcessImageName(
 558   IN OUT PEPROCESS Process,
 559   OUT PUNICODE_STRING *pImageFileName);
 560
 561 #define SeLengthSid( Sid ) \
 562     (8 + (4 * ((SID *)Sid)->SubAuthorityCount))
 563
 564 #define SeDeleteClientSecurity(C)  {                                           \
 565             if (SeTokenType((C)->ClientToken) == TokenPrimary) {               \
 566                 PsDereferencePrimaryToken( (C)->ClientToken );                 \
 567             } else {                                                           \
 568                 PsDereferenceImpersonationToken( (C)->ClientToken );           \
 569             }                                                                  \
 570 }
 571
 572 #define SeStopImpersonatingClient() PsRevertToSelf()
 573
 574 #define SeQuerySubjectContextToken( SubjectContext )                \
 575     ( ARGUMENT_PRESENT(                                             \
 576         ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken   \
 577         ) ?                                                         \
 578     ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken :     \
 579     ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
 580
 581 extern NTKERNELAPI PSE_EXPORTS SeExports;
 582 $endif (_NTIFS_)