reactos/ntoskrnl/include/internal/se.h

   1 #pragma once
   2
   3 /* SID Authorities */
   4 extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority;
   5 extern SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority;
   6 extern SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority;
   7 extern SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority;
   8 extern SID_IDENTIFIER_AUTHORITY SeNtSidAuthority;
   9
  10 /* SIDs */
  11 extern PSID SeNullSid;
  12 extern PSID SeWorldSid;
  13 extern PSID SeLocalSid;
  14 extern PSID SeCreatorOwnerSid;
  15 extern PSID SeCreatorGroupSid;
  16 extern PSID SeCreatorOwnerServerSid;
  17 extern PSID SeCreatorGroupServerSid;
  18 extern PSID SeNtAuthoritySid;
  19 extern PSID SeDialupSid;
  20 extern PSID SeNetworkSid;
  21 extern PSID SeBatchSid;
  22 extern PSID SeInteractiveSid;
  23 extern PSID SeServiceSid;
  24 extern PSID SeAnonymousLogonSid;
  25 extern PSID SePrincipalSelfSid;
  26 extern PSID SeLocalSystemSid;
  27 extern PSID SeAuthenticatedUserSid;
  28 extern PSID SeRestrictedCodeSid;
  29 extern PSID SeAliasAdminsSid;
  30 extern PSID SeAliasUsersSid;
  31 extern PSID SeAliasGuestsSid;
  32 extern PSID SeAliasPowerUsersSid;
  33 extern PSID SeAliasAccountOpsSid;
  34 extern PSID SeAliasSystemOpsSid;
  35 extern PSID SeAliasPrintOpsSid;
  36 extern PSID SeAliasBackupOpsSid;
  37 extern PSID SeAuthenticatedUsersSid;
  38 extern PSID SeRestrictedSid;
  39 extern PSID SeAnonymousLogonSid;
  40
  41 /* Privileges */
  42 extern LUID SeCreateTokenPrivilege;
  43 extern LUID SeAssignPrimaryTokenPrivilege;
  44 extern LUID SeLockMemoryPrivilege;
  45 extern LUID SeIncreaseQuotaPrivilege;
  46 extern LUID SeUnsolicitedInputPrivilege;
  47 extern LUID SeTcbPrivilege;
  48 extern LUID SeSecurityPrivilege;
  49 extern LUID SeTakeOwnershipPrivilege;
  50 extern LUID SeLoadDriverPrivilege;
  51 extern LUID SeCreatePagefilePrivilege;
  52 extern LUID SeIncreaseBasePriorityPrivilege;
  53 extern LUID SeSystemProfilePrivilege;
  54 extern LUID SeSystemtimePrivilege;
  55 extern LUID SeProfileSingleProcessPrivilege;
  56 extern LUID SeCreatePermanentPrivilege;
  57 extern LUID SeBackupPrivilege;
  58 extern LUID SeRestorePrivilege;
  59 extern LUID SeShutdownPrivilege;
  60 extern LUID SeDebugPrivilege;
  61 extern LUID SeAuditPrivilege;
  62 extern LUID SeSystemEnvironmentPrivilege;
  63 extern LUID SeChangeNotifyPrivilege;
  64 extern LUID SeRemoteShutdownPrivilege;
  65 extern LUID SeUndockPrivilege;
  66 extern LUID SeSyncAgentPrivilege;
  67 extern LUID SeEnableDelegationPrivilege;
  68
  69 /* DACLs */
  70 extern PACL SePublicDefaultUnrestrictedDacl;
  71 extern PACL SePublicOpenDacl;
  72 extern PACL SePublicOpenUnrestrictedDacl;
  73 extern PACL SeUnrestrictedDacl;
  74
  75 /* SDs */
  76 extern PSECURITY_DESCRIPTOR SePublicDefaultSd;
  77 extern PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd;
  78 extern PSECURITY_DESCRIPTOR SePublicOpenSd;
  79 extern PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd;
  80 extern PSECURITY_DESCRIPTOR SeSystemDefaultSd;
  81 extern PSECURITY_DESCRIPTOR SeUnrestrictedSd;
  82
  83 /* Functions */
  84 BOOLEAN
  85 NTAPI
  86 SeInitSystem(VOID);
  87
  88 BOOLEAN
  89 NTAPI
  90 SeInitSRM(VOID);
  91
  92 VOID
  93 NTAPI
  94 ExpInitLuid(VOID);
  95
  96 VOID
  97 NTAPI
  98 SepInitPrivileges(VOID);
  99
 100 BOOLEAN
 101 NTAPI
 102 SepInitSecurityIDs(VOID);
 103
 104 BOOLEAN
 105 NTAPI
 106 SepInitDACLs(VOID);
 107
 108 BOOLEAN
 109 NTAPI
 110 SepInitSDs(VOID);
 111
 112 VOID
 113 NTAPI
 114 SeDeassignPrimaryToken(struct _EPROCESS *Process);
 115
 116 NTSTATUS
 117 NTAPI
 118 SeSubProcessToken(
 119     IN PTOKEN Parent,
 120     OUT PTOKEN *Token,
 121     IN BOOLEAN InUse,
 122     IN ULONG SessionId
 123 );
 124
 125 NTSTATUS
 126 NTAPI
 127 SeInitializeProcessAuditName(
 128     IN PFILE_OBJECT FileObject,
 129     IN BOOLEAN DoAudit,
 130     OUT POBJECT_NAME_INFORMATION *AuditInfo
 131 );
 132
 133 NTSTATUS
 134 NTAPI
 135 SeCreateAccessStateEx(
 136     IN PETHREAD Thread,
 137     IN PEPROCESS Process,
 138     IN OUT PACCESS_STATE AccessState,
 139     IN PAUX_ACCESS_DATA AuxData,
 140     IN ACCESS_MASK Access,
 141     IN PGENERIC_MAPPING GenericMapping
 142 );
 143
 144 NTSTATUS
 145 NTAPI
 146 SeIsTokenChild(
 147     IN PTOKEN Token,
 148     OUT PBOOLEAN IsChild
 149 );
 150
 151 NTSTATUS
 152 NTAPI
 153 SepCreateImpersonationTokenDacl(
 154     PTOKEN Token,
 155     PTOKEN PrimaryToken,
 156     PACL *Dacl
 157 );
 158
 159 VOID
 160 NTAPI
 161 SepInitializeTokenImplementation(VOID);
 162
 163 PTOKEN
 164 NTAPI
 165 SepCreateSystemProcessToken(VOID);
 166
 167 BOOLEAN
 168 NTAPI
 169 SeDetailedAuditingWithToken(IN PTOKEN Token);
 170
 171 VOID
 172 NTAPI
 173 SeAuditProcessExit(IN PEPROCESS Process);
 174
 175 VOID
 176 NTAPI
 177 SeAuditProcessCreate(IN PEPROCESS Process);
 178
 179 NTSTATUS
 180 NTAPI
 181 SeExchangePrimaryToken(
 182     struct _EPROCESS* Process,
 183     PACCESS_TOKEN NewToken,
 184     PACCESS_TOKEN* OldTokenP
 185 );
 186
 187 VOID
 188 NTAPI
 189 SeCaptureSubjectContextEx(
 190     IN PETHREAD Thread,
 191     IN PEPROCESS Process,
 192     OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
 193 );
 194
 195 NTSTATUS
 196 NTAPI
 197 SeCaptureLuidAndAttributesArray(
 198     PLUID_AND_ATTRIBUTES Src,
 199     ULONG PrivilegeCount,
 200     KPROCESSOR_MODE PreviousMode,
 201     PLUID_AND_ATTRIBUTES AllocatedMem,
 202     ULONG AllocatedLength,
 203     POOL_TYPE PoolType,
 204     BOOLEAN CaptureIfKernel,
 205     PLUID_AND_ATTRIBUTES* Dest,
 206     PULONG Length
 207 );
 208
 209 VOID
 210 NTAPI
 211 SeReleaseLuidAndAttributesArray(
 212     PLUID_AND_ATTRIBUTES Privilege,
 213     KPROCESSOR_MODE PreviousMode,
 214     BOOLEAN CaptureIfKernel
 215 );
 216
 217 BOOLEAN
 218 NTAPI
 219 SepPrivilegeCheck(
 220     PTOKEN Token,
 221     PLUID_AND_ATTRIBUTES Privileges,
 222     ULONG PrivilegeCount,
 223     ULONG PrivilegeControl,
 224     KPROCESSOR_MODE PreviousMode
 225 );
 226
 227 BOOLEAN
 228 NTAPI
 229 SeCheckPrivilegedObject(
 230     IN LUID PrivilegeValue,
 231     IN HANDLE ObjectHandle,
 232     IN ACCESS_MASK DesiredAccess,
 233     IN KPROCESSOR_MODE PreviousMode
 234 );
 235
 236 NTSTATUS
 237 NTAPI
 238 SepDuplicateToken(
 239     PTOKEN Token,
 240     POBJECT_ATTRIBUTES ObjectAttributes,
 241     BOOLEAN EffectiveOnly,
 242     TOKEN_TYPE TokenType,
 243     SECURITY_IMPERSONATION_LEVEL Level,
 244     KPROCESSOR_MODE PreviousMode,
 245     PTOKEN* NewAccessToken
 246 );
 247
 248 NTSTATUS
 249 NTAPI
 250 SepCaptureSecurityQualityOfService(
 251     IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
 252     IN KPROCESSOR_MODE AccessMode,
 253     IN POOL_TYPE PoolType,
 254     IN BOOLEAN CaptureIfKernel,
 255     OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService,
 256     OUT PBOOLEAN Present
 257 );
 258
 259 VOID
 260 NTAPI
 261 SepReleaseSecurityQualityOfService(
 262     IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL,
 263     IN KPROCESSOR_MODE AccessMode,
 264     IN BOOLEAN CaptureIfKernel
 265 );
 266
 267 NTSTATUS
 268 NTAPI
 269 SepCaptureSid(
 270     IN PSID InputSid,
 271     IN KPROCESSOR_MODE AccessMode,
 272     IN POOL_TYPE PoolType,
 273     IN BOOLEAN CaptureIfKernel,
 274     OUT PSID *CapturedSid
 275 );
 276
 277 VOID
 278 NTAPI
 279 SepReleaseSid(
 280     IN PSID CapturedSid,
 281     IN KPROCESSOR_MODE AccessMode,
 282     IN BOOLEAN CaptureIfKernel
 283 );
 284
 285 NTSTATUS
 286 NTAPI
 287 SepCaptureAcl(
 288     IN PACL InputAcl,
 289     IN KPROCESSOR_MODE AccessMode,
 290     IN POOL_TYPE PoolType,
 291     IN BOOLEAN CaptureIfKernel,
 292     OUT PACL *CapturedAcl
 293 );
 294
 295 VOID
 296 NTAPI
 297 SepReleaseAcl(
 298     IN PACL CapturedAcl,
 299     IN KPROCESSOR_MODE AccessMode,
 300     IN BOOLEAN CaptureIfKernel
 301 );
 302
 303 NTSTATUS
 304 NTAPI
 305 SeDefaultObjectMethod(
 306     PVOID Object,
 307     SECURITY_OPERATION_CODE OperationType,
 308     PSECURITY_INFORMATION SecurityInformation,
 309     PSECURITY_DESCRIPTOR NewSecurityDescriptor,
 310     PULONG ReturnLength,
 311     PSECURITY_DESCRIPTOR *OldSecurityDescriptor,
 312     POOL_TYPE PoolType,
 313     PGENERIC_MAPPING GenericMapping
 314 );
 315
 316 NTSTATUS
 317 NTAPI
 318 SeSetWorldSecurityDescriptor(
 319     SECURITY_INFORMATION SecurityInformation,
 320     PISECURITY_DESCRIPTOR SecurityDescriptor,
 321     PULONG BufferLength
 322 );
 323
 324 NTSTATUS
 325 NTAPI
 326 SeCopyClientToken(
 327     IN PACCESS_TOKEN Token,
 328     IN SECURITY_IMPERSONATION_LEVEL Level,
 329     IN KPROCESSOR_MODE PreviousMode,
 330     OUT PACCESS_TOKEN* NewToken
 331 );
 332
 333 #define SepAcquireTokenLockExclusive(Token)                                    \
 334   do {                                                                         \
 335     KeEnterCriticalRegion();                                                   \
 336     ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE);              \
 337   while(0)
 338
 339 #define SepAcquireTokenLockShared(Token)                                       \
 340   do {                                                                         \
 341     KeEnterCriticalRegion();                                                   \
 342     ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE);                 \
 343   while(0)
 344
 345 #define SepReleaseTokenLock(Token)                                             \
 346   do {                                                                         \
 347     ExReleaseResource(((PTOKEN)Token)->TokenLock);                             \
 348     KeLeaveCriticalRegion();                                                   \
 349   while(0)
 350
 351 VOID NTAPI
 352 SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
 353                           OUT PACCESS_MASK DesiredAccess);
 354
 355 VOID NTAPI
 356 SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
 357                         OUT PACCESS_MASK DesiredAccess);
 358
 359 /* EOF */