Thomas Weidenmueller <w3seek@reactos.com>
[reactos.git] / reactos / ntoskrnl / include / internal / se.h
1 /*
2 * ReactOS kernel
3 * Copyright (C) 2002 ReactOS Team
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
18 */
19
20 #ifndef __NTOSKRNL_INCLUDE_INTERNAL_SE_H
21 #define __NTOSKRNL_INCLUDE_INTERNAL_SE_H
22
23
24 extern POBJECT_TYPE SepTokenObjectType;
25
26 /* SID Authorities */
27 extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority;
28 extern SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority;
29 extern SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority;
30 extern SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority;
31 extern SID_IDENTIFIER_AUTHORITY SeNtSidAuthority;
32
33 /* SIDs */
34 extern PSID SeNullSid;
35 extern PSID SeWorldSid;
36 extern PSID SeLocalSid;
37 extern PSID SeCreatorOwnerSid;
38 extern PSID SeCreatorGroupSid;
39 extern PSID SeCreatorOwnerServerSid;
40 extern PSID SeCreatorGroupServerSid;
41 extern PSID SeNtAuthoritySid;
42 extern PSID SeDialupSid;
43 extern PSID SeNetworkSid;
44 extern PSID SeBatchSid;
45 extern PSID SeInteractiveSid;
46 extern PSID SeServiceSid;
47 extern PSID SeAnonymousLogonSid;
48 extern PSID SePrincipalSelfSid;
49 extern PSID SeLocalSystemSid;
50 extern PSID SeAuthenticatedUserSid;
51 extern PSID SeRestrictedCodeSid;
52 extern PSID SeAliasAdminsSid;
53 extern PSID SeAliasUsersSid;
54 extern PSID SeAliasGuestsSid;
55 extern PSID SeAliasPowerUsersSid;
56 extern PSID SeAliasAccountOpsSid;
57 extern PSID SeAliasSystemOpsSid;
58 extern PSID SeAliasPrintOpsSid;
59 extern PSID SeAliasBackupOpsSid;
60
61 /* Privileges */
62 extern LUID SeCreateTokenPrivilege;
63 extern LUID SeAssignPrimaryTokenPrivilege;
64 extern LUID SeLockMemoryPrivilege;
65 extern LUID SeIncreaseQuotaPrivilege;
66 extern LUID SeUnsolicitedInputPrivilege;
67 extern LUID SeTcbPrivilege;
68 extern LUID SeSecurityPrivilege;
69 extern LUID SeTakeOwnershipPrivilege;
70 extern LUID SeLoadDriverPrivilege;
71 extern LUID SeCreatePagefilePrivilege;
72 extern LUID SeIncreaseBasePriorityPrivilege;
73 extern LUID SeSystemProfilePrivilege;
74 extern LUID SeSystemtimePrivilege;
75 extern LUID SeProfileSingleProcessPrivilege;
76 extern LUID SeCreatePermanentPrivilege;
77 extern LUID SeBackupPrivilege;
78 extern LUID SeRestorePrivilege;
79 extern LUID SeShutdownPrivilege;
80 extern LUID SeDebugPrivilege;
81 extern LUID SeAuditPrivilege;
82 extern LUID SeSystemEnvironmentPrivilege;
83 extern LUID SeChangeNotifyPrivilege;
84 extern LUID SeRemoteShutdownPrivilege;
85
86 /* DACLs */
87 extern PACL SePublicDefaultUnrestrictedDacl;
88 extern PACL SePublicOpenDacl;
89 extern PACL SePublicOpenUnrestrictedDacl;
90 extern PACL SeUnrestrictedDacl;
91
92 /* SDs */
93 extern PSECURITY_DESCRIPTOR SePublicDefaultSd;
94 extern PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd;
95 extern PSECURITY_DESCRIPTOR SePublicOpenSd;
96 extern PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd;
97 extern PSECURITY_DESCRIPTOR SeSystemDefaultSd;
98 extern PSECURITY_DESCRIPTOR SeUnrestrictedSd;
99
100
101 /* Functions */
102
103 BOOLEAN SeInit1(VOID);
104 BOOLEAN SeInit2(VOID);
105 BOOLEAN SeInitSRM(VOID);
106
107 VOID SepInitLuid(VOID);
108 VOID SepInitPrivileges(VOID);
109 BOOLEAN SepInitSecurityIDs(VOID);
110 BOOLEAN SepInitDACLs(VOID);
111 BOOLEAN SepInitSDs(VOID);
112
113 NTSTATUS STDCALL
114 SepCreateImpersonationTokenDacl(PTOKEN Token,
115 PTOKEN PrimaryToken,
116 PACL *Dacl);
117
118 VOID SepInitializeTokenImplementation(VOID);
119
120 NTSTATUS SepCreateSystemProcessToken(struct _EPROCESS* Process);
121 NTSTATUS SepInitializeNewProcess(struct _EPROCESS* NewProcess,
122 struct _EPROCESS* ParentProcess);
123
124 NTSTATUS SeExchangePrimaryToken(struct _EPROCESS* Process,
125 PACCESS_TOKEN NewToken,
126 PACCESS_TOKEN* OldTokenP);
127
128 NTSTATUS
129 SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
130 ULONG PrivilegeCount,
131 KPROCESSOR_MODE PreviousMode,
132 PLUID_AND_ATTRIBUTES AllocatedMem,
133 ULONG AllocatedLength,
134 POOL_TYPE PoolType,
135 ULONG d,
136 PLUID_AND_ATTRIBUTES* Dest,
137 PULONG Length);
138
139 VOID
140 SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege,
141 KPROCESSOR_MODE PreviousMode,
142 ULONG a);
143
144 BOOLEAN
145 SepPrivilegeCheck(PTOKEN Token,
146 PLUID_AND_ATTRIBUTES Privileges,
147 ULONG PrivilegeCount,
148 ULONG PrivilegeControl,
149 KPROCESSOR_MODE PreviousMode);
150
151 NTSTATUS
152 SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
153 IN KPROCESSOR_MODE AccessMode,
154 IN POOL_TYPE PoolType,
155 IN BOOLEAN CaptureIfKernel,
156 OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService,
157 OUT PBOOLEAN Present);
158
159 VOID
160 SepReleaseSecurityQualityOfService(IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL,
161 IN KPROCESSOR_MODE AccessMode,
162 IN BOOLEAN CaptureIfKernel);
163
164 NTSTATUS
165 SepCaptureSid(IN PSID InputSid,
166 IN KPROCESSOR_MODE AccessMode,
167 IN POOL_TYPE PoolType,
168 IN BOOLEAN CaptureIfKernel,
169 OUT PSID *CapturedSid);
170
171 VOID
172 SepReleaseSid(IN PSID CapturedSid,
173 IN KPROCESSOR_MODE AccessMode,
174 IN BOOLEAN CaptureIfKernel);
175
176 NTSTATUS
177 SepCaptureAcl(IN PACL InputAcl,
178 IN KPROCESSOR_MODE AccessMode,
179 IN POOL_TYPE PoolType,
180 IN BOOLEAN CaptureIfKernel,
181 OUT PACL *CapturedAcl);
182
183 VOID
184 SepReleaseAcl(IN PACL CapturedAcl,
185 IN KPROCESSOR_MODE AccessMode,
186 IN BOOLEAN CaptureIfKernel);
187
188 #define SepAcquireTokenLockExclusive(Token) \
189 do { \
190 KeEnterCriticalRegion(); \
191 ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE); \
192 while(0)
193
194 #define SepAcquireTokenLockShared(Token) \
195 do { \
196 KeEnterCriticalRegion(); \
197 ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE); \
198 while(0)
199
200 #define SepReleaseTokenLock(Token) \
201 do { \
202 ExReleaseResource(((PTOKEN)Token)->TokenLock); \
203 KeLeaveCriticalRegion(); \
204 while(0)
205
206 #endif /* __NTOSKRNL_INCLUDE_INTERNAL_SE_H */
207
208 /* EOF */