reactos/ntoskrnl/include/internal/se.h

   1 #ifndef __NTOSKRNL_INCLUDE_INTERNAL_SE_H
   2 #define __NTOSKRNL_INCLUDE_INTERNAL_SE_H
   3
   4 extern POBJECT_TYPE SepTokenObjectType;
   5
   6 /* SID Authorities */
   7 extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority;
   8 extern SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority;
   9 extern SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority;
  10 extern SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority;
  11 extern SID_IDENTIFIER_AUTHORITY SeNtSidAuthority;
  12
  13 /* SIDs */
  14 extern PSID SeNullSid;
  15 extern PSID SeWorldSid;
  16 extern PSID SeLocalSid;
  17 extern PSID SeCreatorOwnerSid;
  18 extern PSID SeCreatorGroupSid;
  19 extern PSID SeCreatorOwnerServerSid;
  20 extern PSID SeCreatorGroupServerSid;
  21 extern PSID SeNtAuthoritySid;
  22 extern PSID SeDialupSid;
  23 extern PSID SeNetworkSid;
  24 extern PSID SeBatchSid;
  25 extern PSID SeInteractiveSid;
  26 extern PSID SeServiceSid;
  27 extern PSID SeAnonymousLogonSid;
  28 extern PSID SePrincipalSelfSid;
  29 extern PSID SeLocalSystemSid;
  30 extern PSID SeAuthenticatedUserSid;
  31 extern PSID SeRestrictedCodeSid;
  32 extern PSID SeAliasAdminsSid;
  33 extern PSID SeAliasUsersSid;
  34 extern PSID SeAliasGuestsSid;
  35 extern PSID SeAliasPowerUsersSid;
  36 extern PSID SeAliasAccountOpsSid;
  37 extern PSID SeAliasSystemOpsSid;
  38 extern PSID SeAliasPrintOpsSid;
  39 extern PSID SeAliasBackupOpsSid;
  40 extern PSID SeAuthenticatedUsersSid;
  41 extern PSID SeRestrictedSid;
  42 extern PSID SeAnonymousLogonSid;
  43
  44 /* Privileges */
  45 extern LUID SeCreateTokenPrivilege;
  46 extern LUID SeAssignPrimaryTokenPrivilege;
  47 extern LUID SeLockMemoryPrivilege;
  48 extern LUID SeIncreaseQuotaPrivilege;
  49 extern LUID SeUnsolicitedInputPrivilege;
  50 extern LUID SeTcbPrivilege;
  51 extern LUID SeSecurityPrivilege;
  52 extern LUID SeTakeOwnershipPrivilege;
  53 extern LUID SeLoadDriverPrivilege;
  54 extern LUID SeCreatePagefilePrivilege;
  55 extern LUID SeIncreaseBasePriorityPrivilege;
  56 extern LUID SeSystemProfilePrivilege;
  57 extern LUID SeSystemtimePrivilege;
  58 extern LUID SeProfileSingleProcessPrivilege;
  59 extern LUID SeCreatePermanentPrivilege;
  60 extern LUID SeBackupPrivilege;
  61 extern LUID SeRestorePrivilege;
  62 extern LUID SeShutdownPrivilege;
  63 extern LUID SeDebugPrivilege;
  64 extern LUID SeAuditPrivilege;
  65 extern LUID SeSystemEnvironmentPrivilege;
  66 extern LUID SeChangeNotifyPrivilege;
  67 extern LUID SeRemoteShutdownPrivilege;
  68 extern LUID SeUndockPrivilege;
  69 extern LUID SeSyncAgentPrivilege;
  70 extern LUID SeEnableDelegationPrivilege;
  71
  72 /* DACLs */
  73 extern PACL SePublicDefaultUnrestrictedDacl;
  74 extern PACL SePublicOpenDacl;
  75 extern PACL SePublicOpenUnrestrictedDacl;
  76 extern PACL SeUnrestrictedDacl;
  77
  78 /* SDs */
  79 extern PSECURITY_DESCRIPTOR SePublicDefaultSd;
  80 extern PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd;
  81 extern PSECURITY_DESCRIPTOR SePublicOpenSd;
  82 extern PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd;
  83 extern PSECURITY_DESCRIPTOR SeSystemDefaultSd;
  84 extern PSECURITY_DESCRIPTOR SeUnrestrictedSd;
  85
  86 /* Functions */
  87 BOOLEAN
  88 NTAPI
  89 SeInit(VOID);
  90
  91 BOOLEAN
  92 NTAPI
  93 SeInitSRM(VOID);
  94
  95 VOID
  96 NTAPI
  97 SepInitLuid(VOID);
  98
  99 VOID
 100 NTAPI
 101 SepInitPrivileges(VOID);
 102
 103 BOOLEAN
 104 NTAPI
 105 SepInitSecurityIDs(VOID);
 106
 107 BOOLEAN
 108 NTAPI
 109 SepInitDACLs(VOID);
 110
 111 BOOLEAN
 112 NTAPI
 113 SepInitSDs(VOID);
 114
 115 VOID
 116 NTAPI
 117 SeDeassignPrimaryToken(struct _EPROCESS *Process);
 118
 119 NTSTATUS
 120 NTAPI
 121 SeSubProcessToken(
 122     IN PTOKEN Parent,
 123     OUT PTOKEN *Token,
 124     IN BOOLEAN InUse,
 125     IN ULONG SessionId
 126 );
 127
 128 NTSTATUS
 129 NTAPI
 130 SeInitializeProcessAuditName(
 131     IN PFILE_OBJECT FileObject,
 132     IN BOOLEAN DoAudit,
 133     OUT POBJECT_NAME_INFORMATION *AuditInfo
 134 );
 135
 136 NTSTATUS
 137 NTAPI
 138 SeCreateAccessStateEx(
 139     IN PETHREAD Thread,
 140     IN PEPROCESS Process,
 141     IN OUT PACCESS_STATE AccessState,
 142     IN PAUX_DATA AuxData,
 143     IN ACCESS_MASK Access,
 144     IN PGENERIC_MAPPING GenericMapping
 145 );
 146
 147 NTSTATUS
 148 NTAPI
 149 SeIsTokenChild(
 150     IN PTOKEN Token,
 151     OUT PBOOLEAN IsChild
 152 );
 153
 154 NTSTATUS
 155 NTAPI
 156 SepCreateImpersonationTokenDacl(
 157     PTOKEN Token,
 158     PTOKEN PrimaryToken,
 159     PACL *Dacl
 160 );
 161
 162 VOID
 163 NTAPI
 164 SepInitializeTokenImplementation(VOID);
 165
 166 PTOKEN
 167 NTAPI
 168 SepCreateSystemProcessToken(VOID);
 169
 170 BOOLEAN
 171 NTAPI
 172 SeDetailedAuditingWithToken(IN PTOKEN Token);
 173
 174 VOID
 175 NTAPI
 176 SeAuditProcessExit(IN PEPROCESS Process);
 177
 178 VOID
 179 NTAPI
 180 SeAuditProcessCreate(IN PEPROCESS Process);
 181
 182 NTSTATUS
 183 NTAPI
 184 SeExchangePrimaryToken(
 185     struct _EPROCESS* Process,
 186     PACCESS_TOKEN NewToken,
 187     PACCESS_TOKEN* OldTokenP
 188 );
 189
 190 VOID
 191 NTAPI
 192 SeCaptureSubjectContextEx(
 193     IN PETHREAD Thread,
 194     IN PEPROCESS Process,
 195     OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
 196 );
 197
 198 NTSTATUS
 199 NTAPI
 200 SeCaptureLuidAndAttributesArray(
 201     PLUID_AND_ATTRIBUTES Src,
 202     ULONG PrivilegeCount,
 203     KPROCESSOR_MODE PreviousMode,
 204     PLUID_AND_ATTRIBUTES AllocatedMem,
 205     ULONG AllocatedLength,
 206     POOL_TYPE PoolType,
 207     BOOLEAN CaptureIfKernel,
 208     PLUID_AND_ATTRIBUTES* Dest,
 209     PULONG Length
 210 );
 211
 212 VOID
 213 NTAPI
 214 SeReleaseLuidAndAttributesArray(
 215     PLUID_AND_ATTRIBUTES Privilege,
 216     KPROCESSOR_MODE PreviousMode,
 217     BOOLEAN CaptureIfKernel
 218 );
 219
 220 BOOLEAN
 221 NTAPI
 222 SepPrivilegeCheck(
 223     PTOKEN Token,
 224     PLUID_AND_ATTRIBUTES Privileges,
 225     ULONG PrivilegeCount,
 226     ULONG PrivilegeControl,
 227     KPROCESSOR_MODE PreviousMode
 228 );
 229
 230 NTSTATUS
 231 NTAPI
 232 SepDuplicateToken(
 233     PTOKEN Token,
 234     POBJECT_ATTRIBUTES ObjectAttributes,
 235     BOOLEAN EffectiveOnly,
 236     TOKEN_TYPE TokenType,
 237     SECURITY_IMPERSONATION_LEVEL Level,
 238     KPROCESSOR_MODE PreviousMode,
 239     PTOKEN* NewAccessToken
 240 );
 241
 242 NTSTATUS
 243 NTAPI
 244 SepCaptureSecurityQualityOfService(
 245     IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
 246     IN KPROCESSOR_MODE AccessMode,
 247     IN POOL_TYPE PoolType,
 248     IN BOOLEAN CaptureIfKernel,
 249     OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService,
 250     OUT PBOOLEAN Present
 251 );
 252
 253 VOID
 254 NTAPI
 255 SepReleaseSecurityQualityOfService(
 256     IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL,
 257     IN KPROCESSOR_MODE AccessMode,
 258     IN BOOLEAN CaptureIfKernel
 259 );
 260
 261 NTSTATUS
 262 NTAPI
 263 SepCaptureSid(
 264     IN PSID InputSid,
 265     IN KPROCESSOR_MODE AccessMode,
 266     IN POOL_TYPE PoolType,
 267     IN BOOLEAN CaptureIfKernel,
 268     OUT PSID *CapturedSid
 269 );
 270
 271 VOID
 272 NTAPI
 273 SepReleaseSid(
 274     IN PSID CapturedSid,
 275     IN KPROCESSOR_MODE AccessMode,
 276     IN BOOLEAN CaptureIfKernel
 277 );
 278
 279 NTSTATUS
 280 NTAPI
 281 SepCaptureAcl(
 282     IN PACL InputAcl,
 283     IN KPROCESSOR_MODE AccessMode,
 284     IN POOL_TYPE PoolType,
 285     IN BOOLEAN CaptureIfKernel,
 286     OUT PACL *CapturedAcl
 287 );
 288
 289 VOID
 290 NTAPI
 291 SepReleaseAcl(
 292     IN PACL CapturedAcl,
 293     IN KPROCESSOR_MODE AccessMode,
 294     IN BOOLEAN CaptureIfKernel
 295 );
 296
 297 NTSTATUS
 298 NTAPI
 299 SeDefaultObjectMethod(
 300     PVOID Object,
 301     SECURITY_OPERATION_CODE OperationType,
 302     PSECURITY_INFORMATION SecurityInformation,
 303     PSECURITY_DESCRIPTOR NewSecurityDescriptor,
 304     PULONG ReturnLength,
 305     PSECURITY_DESCRIPTOR *OldSecurityDescriptor,
 306     POOL_TYPE PoolType,
 307     PGENERIC_MAPPING GenericMapping
 308 );
 309
 310 NTSTATUS
 311 NTAPI
 312 SeSetWorldSecurityDescriptor(
 313     SECURITY_INFORMATION SecurityInformation,
 314     PISECURITY_DESCRIPTOR SecurityDescriptor,
 315     PULONG BufferLength
 316 );
 317
 318 #define SepAcquireTokenLockExclusive(Token)                                    \
 319   do {                                                                         \
 320     KeEnterCriticalRegion();                                                   \
 321     ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE);              \
 322   while(0)
 323
 324 #define SepAcquireTokenLockShared(Token)                                       \
 325   do {                                                                         \
 326     KeEnterCriticalRegion();                                                   \
 327     ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE);                 \
 328   while(0)
 329
 330 #define SepReleaseTokenLock(Token)                                             \
 331   do {                                                                         \
 332     ExReleaseResource(((PTOKEN)Token)->TokenLock);                             \
 333     KeLeaveCriticalRegion();                                                   \
 334   while(0)
 335
 336 VOID NTAPI
 337 SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
 338                           OUT PACCESS_MASK DesiredAccess);
 339
 340 VOID NTAPI
 341 SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
 342                         OUT PACCESS_MASK DesiredAccess);
 343
 344 #endif /* __NTOSKRNL_INCLUDE_INTERNAL_SE_H */
 345
 346 /* EOF */