3 typedef struct _KNOWN_ACE
8 } KNOWN_ACE
, *PKNOWN_ACE
;
10 typedef struct _KNOWN_OBJECT_ACE
16 } KNOWN_OBJECT_ACE
, *PKNOWN_OBJECT_ACE
;
18 typedef struct _KNOWN_COMPOUND_ACE
22 USHORT CompoundAceType
;
25 } KNOWN_COMPOUND_ACE
, *PKNOWN_COMPOUND_ACE
;
29 SepGetGroupFromDescriptor(PVOID _Descriptor
)
31 PISECURITY_DESCRIPTOR Descriptor
= (PISECURITY_DESCRIPTOR
)_Descriptor
;
32 PISECURITY_DESCRIPTOR_RELATIVE SdRel
;
34 if (Descriptor
->Control
& SE_SELF_RELATIVE
)
36 SdRel
= (PISECURITY_DESCRIPTOR_RELATIVE
)Descriptor
;
37 if (!SdRel
->Group
) return NULL
;
38 return (PSID
)((ULONG_PTR
)Descriptor
+ SdRel
->Group
);
42 return Descriptor
->Group
;
48 SepGetOwnerFromDescriptor(PVOID _Descriptor
)
50 PISECURITY_DESCRIPTOR Descriptor
= (PISECURITY_DESCRIPTOR
)_Descriptor
;
51 PISECURITY_DESCRIPTOR_RELATIVE SdRel
;
53 if (Descriptor
->Control
& SE_SELF_RELATIVE
)
55 SdRel
= (PISECURITY_DESCRIPTOR_RELATIVE
)Descriptor
;
56 if (!SdRel
->Owner
) return NULL
;
57 return (PSID
)((ULONG_PTR
)Descriptor
+ SdRel
->Owner
);
61 return Descriptor
->Owner
;
67 SepGetDaclFromDescriptor(PVOID _Descriptor
)
69 PISECURITY_DESCRIPTOR Descriptor
= (PISECURITY_DESCRIPTOR
)_Descriptor
;
70 PISECURITY_DESCRIPTOR_RELATIVE SdRel
;
72 if (!(Descriptor
->Control
& SE_DACL_PRESENT
)) return NULL
;
74 if (Descriptor
->Control
& SE_SELF_RELATIVE
)
76 SdRel
= (PISECURITY_DESCRIPTOR_RELATIVE
)Descriptor
;
77 if (!SdRel
->Dacl
) return NULL
;
78 return (PACL
)((ULONG_PTR
)Descriptor
+ SdRel
->Dacl
);
82 return Descriptor
->Dacl
;
88 SepGetSaclFromDescriptor(PVOID _Descriptor
)
90 PISECURITY_DESCRIPTOR Descriptor
= (PISECURITY_DESCRIPTOR
)_Descriptor
;
91 PISECURITY_DESCRIPTOR_RELATIVE SdRel
;
93 if (!(Descriptor
->Control
& SE_SACL_PRESENT
)) return NULL
;
95 if (Descriptor
->Control
& SE_SELF_RELATIVE
)
97 SdRel
= (PISECURITY_DESCRIPTOR_RELATIVE
)Descriptor
;
98 if (!SdRel
->Sacl
) return NULL
;
99 return (PACL
)((ULONG_PTR
)Descriptor
+ SdRel
->Sacl
);
103 return Descriptor
->Sacl
;
109 /* SID Authorities */
110 extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority
;
111 extern SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority
;
112 extern SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority
;
113 extern SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority
;
114 extern SID_IDENTIFIER_AUTHORITY SeNtSidAuthority
;
117 extern PSID SeNullSid
;
118 extern PSID SeWorldSid
;
119 extern PSID SeLocalSid
;
120 extern PSID SeCreatorOwnerSid
;
121 extern PSID SeCreatorGroupSid
;
122 extern PSID SeCreatorOwnerServerSid
;
123 extern PSID SeCreatorGroupServerSid
;
124 extern PSID SeNtAuthoritySid
;
125 extern PSID SeDialupSid
;
126 extern PSID SeNetworkSid
;
127 extern PSID SeBatchSid
;
128 extern PSID SeInteractiveSid
;
129 extern PSID SeServiceSid
;
130 extern PSID SeAnonymousLogonSid
;
131 extern PSID SePrincipalSelfSid
;
132 extern PSID SeLocalSystemSid
;
133 extern PSID SeAuthenticatedUserSid
;
134 extern PSID SeRestrictedCodeSid
;
135 extern PSID SeAliasAdminsSid
;
136 extern PSID SeAliasUsersSid
;
137 extern PSID SeAliasGuestsSid
;
138 extern PSID SeAliasPowerUsersSid
;
139 extern PSID SeAliasAccountOpsSid
;
140 extern PSID SeAliasSystemOpsSid
;
141 extern PSID SeAliasPrintOpsSid
;
142 extern PSID SeAliasBackupOpsSid
;
143 extern PSID SeAuthenticatedUsersSid
;
144 extern PSID SeRestrictedSid
;
145 extern PSID SeAnonymousLogonSid
;
148 extern const LUID SeCreateTokenPrivilege
;
149 extern const LUID SeAssignPrimaryTokenPrivilege
;
150 extern const LUID SeLockMemoryPrivilege
;
151 extern const LUID SeIncreaseQuotaPrivilege
;
152 extern const LUID SeUnsolicitedInputPrivilege
;
153 extern const LUID SeTcbPrivilege
;
154 extern const LUID SeSecurityPrivilege
;
155 extern const LUID SeTakeOwnershipPrivilege
;
156 extern const LUID SeLoadDriverPrivilege
;
157 extern const LUID SeSystemProfilePrivilege
;
158 extern const LUID SeSystemtimePrivilege
;
159 extern const LUID SeProfileSingleProcessPrivilege
;
160 extern const LUID SeIncreaseBasePriorityPrivilege
;
161 extern const LUID SeCreatePagefilePrivilege
;
162 extern const LUID SeCreatePermanentPrivilege
;
163 extern const LUID SeBackupPrivilege
;
164 extern const LUID SeRestorePrivilege
;
165 extern const LUID SeShutdownPrivilege
;
166 extern const LUID SeDebugPrivilege
;
167 extern const LUID SeAuditPrivilege
;
168 extern const LUID SeSystemEnvironmentPrivilege
;
169 extern const LUID SeChangeNotifyPrivilege
;
170 extern const LUID SeRemoteShutdownPrivilege
;
171 extern const LUID SeUndockPrivilege
;
172 extern const LUID SeSyncAgentPrivilege
;
173 extern const LUID SeEnableDelegationPrivilege
;
174 extern const LUID SeManageVolumePrivilege
;
175 extern const LUID SeImpersonatePrivilege
;
176 extern const LUID SeCreateGlobalPrivilege
;
177 extern const LUID SeTrustedCredmanPrivilege
;
178 extern const LUID SeRelabelPrivilege
;
179 extern const LUID SeIncreaseWorkingSetPrivilege
;
180 extern const LUID SeTimeZonePrivilege
;
181 extern const LUID SeCreateSymbolicLinkPrivilege
;
184 extern PACL SePublicDefaultUnrestrictedDacl
;
185 extern PACL SePublicOpenDacl
;
186 extern PACL SePublicOpenUnrestrictedDacl
;
187 extern PACL SeUnrestrictedDacl
;
190 extern PSECURITY_DESCRIPTOR SePublicDefaultSd
;
191 extern PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
;
192 extern PSECURITY_DESCRIPTOR SePublicOpenSd
;
193 extern PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
;
194 extern PSECURITY_DESCRIPTOR SeSystemDefaultSd
;
195 extern PSECURITY_DESCRIPTOR SeUnrestrictedSd
;
198 #define SepAcquireTokenLockExclusive(Token) \
200 KeEnterCriticalRegion(); \
201 ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE); \
203 #define SepAcquireTokenLockShared(Token) \
205 KeEnterCriticalRegion(); \
206 ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE); \
209 #define SepReleaseTokenLock(Token) \
211 ExReleaseResource(((PTOKEN)Token)->TokenLock); \
212 KeLeaveCriticalRegion(); \
221 IN PACCESS_TOKEN _Token
,
222 IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
223 IN BOOLEAN TokenLocked
229 IN PACCESS_TOKEN _Token
,
236 IN PACCESS_TOKEN _Token
,
237 IN PSID PrincipalSelfSid
,
240 IN BOOLEAN Restricted
254 SepInitPrivileges(VOID
);
258 SepInitSecurityIDs(VOID
);
270 SeDeassignPrimaryToken(struct _EPROCESS
*Process
);
283 SeInitializeProcessAuditName(
284 IN PFILE_OBJECT FileObject
,
286 OUT POBJECT_NAME_INFORMATION
*AuditInfo
291 SeCreateAccessStateEx(
293 IN PEPROCESS Process
,
294 IN OUT PACCESS_STATE AccessState
,
295 IN PAUX_ACCESS_DATA AuxData
,
296 IN ACCESS_MASK Access
,
297 IN PGENERIC_MAPPING GenericMapping
309 SepCreateImpersonationTokenDacl(
317 SepInitializeTokenImplementation(VOID
);
321 SepCreateSystemProcessToken(VOID
);
325 SeDetailedAuditingWithToken(IN PTOKEN Token
);
329 SeAuditProcessExit(IN PEPROCESS Process
);
333 SeAuditProcessCreate(IN PEPROCESS Process
);
337 SeExchangePrimaryToken(
338 struct _EPROCESS
* Process
,
339 PACCESS_TOKEN NewToken
,
340 PACCESS_TOKEN
* OldTokenP
345 SeCaptureSubjectContextEx(
347 IN PEPROCESS Process
,
348 OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
353 SeCaptureLuidAndAttributesArray(
354 PLUID_AND_ATTRIBUTES Src
,
355 ULONG PrivilegeCount
,
356 KPROCESSOR_MODE PreviousMode
,
357 PLUID_AND_ATTRIBUTES AllocatedMem
,
358 ULONG AllocatedLength
,
360 BOOLEAN CaptureIfKernel
,
361 PLUID_AND_ATTRIBUTES
* Dest
,
367 SeReleaseLuidAndAttributesArray(
368 PLUID_AND_ATTRIBUTES Privilege
,
369 KPROCESSOR_MODE PreviousMode
,
370 BOOLEAN CaptureIfKernel
377 PLUID_AND_ATTRIBUTES Privileges
,
378 ULONG PrivilegeCount
,
379 ULONG PrivilegeControl
,
380 KPROCESSOR_MODE PreviousMode
385 SePrivilegePolicyCheck(
386 _Inout_ PACCESS_MASK DesiredAccess
,
387 _Inout_ PACCESS_MASK GrantedAccess
,
388 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext
,
390 _Out_opt_ PPRIVILEGE_SET
*OutPrivilegeSet
,
391 _In_ KPROCESSOR_MODE PreviousMode
);
395 SeCheckPrivilegedObject(
396 IN LUID PrivilegeValue
,
397 IN HANDLE ObjectHandle
,
398 IN ACCESS_MASK DesiredAccess
,
399 IN KPROCESSOR_MODE PreviousMode
406 POBJECT_ATTRIBUTES ObjectAttributes
,
407 BOOLEAN EffectiveOnly
,
408 TOKEN_TYPE TokenType
,
409 SECURITY_IMPERSONATION_LEVEL Level
,
410 KPROCESSOR_MODE PreviousMode
,
411 PTOKEN
* NewAccessToken
416 SepCaptureSecurityQualityOfService(
417 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
,
418 IN KPROCESSOR_MODE AccessMode
,
419 IN POOL_TYPE PoolType
,
420 IN BOOLEAN CaptureIfKernel
,
421 OUT PSECURITY_QUALITY_OF_SERVICE
*CapturedSecurityQualityOfService
,
427 SepReleaseSecurityQualityOfService(
428 IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL
,
429 IN KPROCESSOR_MODE AccessMode
,
430 IN BOOLEAN CaptureIfKernel
437 IN KPROCESSOR_MODE AccessMode
,
438 IN POOL_TYPE PoolType
,
439 IN BOOLEAN CaptureIfKernel
,
440 OUT PSID
*CapturedSid
447 IN KPROCESSOR_MODE AccessMode
,
448 IN BOOLEAN CaptureIfKernel
453 SeCaptureSidAndAttributesArray(
454 _In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes
,
455 _In_ ULONG AttributeCount
,
456 _In_ KPROCESSOR_MODE PreviousMode
,
457 _In_opt_ PVOID AllocatedMem
,
458 _In_ ULONG AllocatedLength
,
459 _In_ POOL_TYPE PoolType
,
460 _In_ BOOLEAN CaptureIfKernel
,
461 _Out_ PSID_AND_ATTRIBUTES
*CapturedSidAndAttributes
,
462 _Out_ PULONG ResultLength
);
466 SeReleaseSidAndAttributesArray(
467 _In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes
,
468 _In_ KPROCESSOR_MODE AccessMode
,
469 _In_ BOOLEAN CaptureIfKernel
);
475 IN KPROCESSOR_MODE AccessMode
,
476 IN POOL_TYPE PoolType
,
477 IN BOOLEAN CaptureIfKernel
,
478 OUT PACL
*CapturedAcl
485 IN KPROCESSOR_MODE AccessMode
,
486 IN BOOLEAN CaptureIfKernel
491 SeDefaultObjectMethod(
493 SECURITY_OPERATION_CODE OperationType
,
494 PSECURITY_INFORMATION SecurityInformation
,
495 PSECURITY_DESCRIPTOR NewSecurityDescriptor
,
497 PSECURITY_DESCRIPTOR
*OldSecurityDescriptor
,
499 PGENERIC_MAPPING GenericMapping
504 SeSetWorldSecurityDescriptor(
505 SECURITY_INFORMATION SecurityInformation
,
506 PISECURITY_DESCRIPTOR SecurityDescriptor
,
513 IN PACCESS_TOKEN Token
,
514 IN SECURITY_IMPERSONATION_LEVEL Level
,
515 IN KPROCESSOR_MODE PreviousMode
,
516 OUT PACCESS_TOKEN
* NewToken
520 SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation
,
521 OUT PACCESS_MASK DesiredAccess
);
524 SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation
,
525 OUT PACCESS_MASK DesiredAccess
);
529 SeFastTraverseCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
530 IN PACCESS_STATE AccessState
,
531 IN ACCESS_MASK DesiredAccess
,
532 IN KPROCESSOR_MODE AccessMode
);