1 #ifndef __NTOSKRNL_INCLUDE_INTERNAL_SE_H
2 #define __NTOSKRNL_INCLUDE_INTERNAL_SE_H
4 extern POBJECT_TYPE SepTokenObjectType
;
7 extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority
;
8 extern SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority
;
9 extern SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority
;
10 extern SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority
;
11 extern SID_IDENTIFIER_AUTHORITY SeNtSidAuthority
;
14 extern PSID SeNullSid
;
15 extern PSID SeWorldSid
;
16 extern PSID SeLocalSid
;
17 extern PSID SeCreatorOwnerSid
;
18 extern PSID SeCreatorGroupSid
;
19 extern PSID SeCreatorOwnerServerSid
;
20 extern PSID SeCreatorGroupServerSid
;
21 extern PSID SeNtAuthoritySid
;
22 extern PSID SeDialupSid
;
23 extern PSID SeNetworkSid
;
24 extern PSID SeBatchSid
;
25 extern PSID SeInteractiveSid
;
26 extern PSID SeServiceSid
;
27 extern PSID SeAnonymousLogonSid
;
28 extern PSID SePrincipalSelfSid
;
29 extern PSID SeLocalSystemSid
;
30 extern PSID SeAuthenticatedUserSid
;
31 extern PSID SeRestrictedCodeSid
;
32 extern PSID SeAliasAdminsSid
;
33 extern PSID SeAliasUsersSid
;
34 extern PSID SeAliasGuestsSid
;
35 extern PSID SeAliasPowerUsersSid
;
36 extern PSID SeAliasAccountOpsSid
;
37 extern PSID SeAliasSystemOpsSid
;
38 extern PSID SeAliasPrintOpsSid
;
39 extern PSID SeAliasBackupOpsSid
;
40 extern PSID SeAuthenticatedUsersSid
;
41 extern PSID SeRestrictedSid
;
42 extern PSID SeAnonymousLogonSid
;
45 extern LUID SeCreateTokenPrivilege
;
46 extern LUID SeAssignPrimaryTokenPrivilege
;
47 extern LUID SeLockMemoryPrivilege
;
48 extern LUID SeIncreaseQuotaPrivilege
;
49 extern LUID SeUnsolicitedInputPrivilege
;
50 extern LUID SeTcbPrivilege
;
51 extern LUID SeSecurityPrivilege
;
52 extern LUID SeTakeOwnershipPrivilege
;
53 extern LUID SeLoadDriverPrivilege
;
54 extern LUID SeCreatePagefilePrivilege
;
55 extern LUID SeIncreaseBasePriorityPrivilege
;
56 extern LUID SeSystemProfilePrivilege
;
57 extern LUID SeSystemtimePrivilege
;
58 extern LUID SeProfileSingleProcessPrivilege
;
59 extern LUID SeCreatePermanentPrivilege
;
60 extern LUID SeBackupPrivilege
;
61 extern LUID SeRestorePrivilege
;
62 extern LUID SeShutdownPrivilege
;
63 extern LUID SeDebugPrivilege
;
64 extern LUID SeAuditPrivilege
;
65 extern LUID SeSystemEnvironmentPrivilege
;
66 extern LUID SeChangeNotifyPrivilege
;
67 extern LUID SeRemoteShutdownPrivilege
;
68 extern LUID SeUndockPrivilege
;
69 extern LUID SeSyncAgentPrivilege
;
70 extern LUID SeEnableDelegationPrivilege
;
73 extern PACL SePublicDefaultUnrestrictedDacl
;
74 extern PACL SePublicOpenDacl
;
75 extern PACL SePublicOpenUnrestrictedDacl
;
76 extern PACL SeUnrestrictedDacl
;
79 extern PSECURITY_DESCRIPTOR SePublicDefaultSd
;
80 extern PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
;
81 extern PSECURITY_DESCRIPTOR SePublicOpenSd
;
82 extern PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
;
83 extern PSECURITY_DESCRIPTOR SeSystemDefaultSd
;
84 extern PSECURITY_DESCRIPTOR SeUnrestrictedSd
;
105 SepInitPrivileges(VOID
);
109 SepInitSecurityIDs(VOID
);
121 SeDeassignPrimaryToken(struct _EPROCESS
*Process
);
125 SepCreateImpersonationTokenDacl(
133 SepInitializeTokenImplementation(VOID
);
137 SepCreateSystemProcessToken(VOID
);
141 SeExchangePrimaryToken(
142 struct _EPROCESS
* Process
,
143 PACCESS_TOKEN NewToken
,
144 PACCESS_TOKEN
* OldTokenP
149 SeCaptureLuidAndAttributesArray(
150 PLUID_AND_ATTRIBUTES Src
,
151 ULONG PrivilegeCount
,
152 KPROCESSOR_MODE PreviousMode
,
153 PLUID_AND_ATTRIBUTES AllocatedMem
,
154 ULONG AllocatedLength
,
156 BOOLEAN CaptureIfKernel
,
157 PLUID_AND_ATTRIBUTES
* Dest
,
163 SeReleaseLuidAndAttributesArray(
164 PLUID_AND_ATTRIBUTES Privilege
,
165 KPROCESSOR_MODE PreviousMode
,
166 BOOLEAN CaptureIfKernel
173 PLUID_AND_ATTRIBUTES Privileges
,
174 ULONG PrivilegeCount
,
175 ULONG PrivilegeControl
,
176 KPROCESSOR_MODE PreviousMode
183 POBJECT_ATTRIBUTES ObjectAttributes
,
184 BOOLEAN EffectiveOnly
,
185 TOKEN_TYPE TokenType
,
186 SECURITY_IMPERSONATION_LEVEL Level
,
187 KPROCESSOR_MODE PreviousMode
,
188 PTOKEN
* NewAccessToken
193 SepCaptureSecurityQualityOfService(
194 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
195 IN KPROCESSOR_MODE AccessMode
,
196 IN POOL_TYPE PoolType
,
197 IN BOOLEAN CaptureIfKernel
,
198 OUT PSECURITY_QUALITY_OF_SERVICE
*CapturedSecurityQualityOfService
,
204 SepReleaseSecurityQualityOfService(
205 IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL
,
206 IN KPROCESSOR_MODE AccessMode
,
207 IN BOOLEAN CaptureIfKernel
214 IN KPROCESSOR_MODE AccessMode
,
215 IN POOL_TYPE PoolType
,
216 IN BOOLEAN CaptureIfKernel
,
217 OUT PSID
*CapturedSid
224 IN KPROCESSOR_MODE AccessMode
,
225 IN BOOLEAN CaptureIfKernel
232 IN KPROCESSOR_MODE AccessMode
,
233 IN POOL_TYPE PoolType
,
234 IN BOOLEAN CaptureIfKernel
,
235 OUT PACL
*CapturedAcl
242 IN KPROCESSOR_MODE AccessMode
,
243 IN BOOLEAN CaptureIfKernel
248 SeDefaultObjectMethod(
250 SECURITY_OPERATION_CODE OperationType
,
251 SECURITY_INFORMATION SecurityInformation
,
252 PSECURITY_DESCRIPTOR NewSecurityDescriptor
,
254 PSECURITY_DESCRIPTOR
*OldSecurityDescriptor
,
256 PGENERIC_MAPPING GenericMapping
261 SeSetWorldSecurityDescriptor(
262 SECURITY_INFORMATION SecurityInformation
,
263 PISECURITY_DESCRIPTOR SecurityDescriptor
,
267 #define SepAcquireTokenLockExclusive(Token) \
269 KeEnterCriticalRegion(); \
270 ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE); \
273 #define SepAcquireTokenLockShared(Token) \
275 KeEnterCriticalRegion(); \
276 ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE); \
279 #define SepReleaseTokenLock(Token) \
281 ExReleaseResource(((PTOKEN)Token)->TokenLock); \
282 KeLeaveCriticalRegion(); \
286 SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation
,
287 OUT PACCESS_MASK DesiredAccess
);
290 SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation
,
291 OUT PACCESS_MASK DesiredAccess
);
293 #endif /* __NTOSKRNL_INCLUDE_INTERNAL_SE_H */