reactos/ntoskrnl/include/internal/se.h

   1 #pragma once
   2
   3 extern POBJECT_TYPE SepTokenObjectType;
   4
   5 /* SID Authorities */
   6 extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority;
   7 extern SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority;
   8 extern SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority;
   9 extern SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority;
  10 extern SID_IDENTIFIER_AUTHORITY SeNtSidAuthority;
  11
  12 /* SIDs */
  13 extern PSID SeNullSid;
  14 extern PSID SeWorldSid;
  15 extern PSID SeLocalSid;
  16 extern PSID SeCreatorOwnerSid;
  17 extern PSID SeCreatorGroupSid;
  18 extern PSID SeCreatorOwnerServerSid;
  19 extern PSID SeCreatorGroupServerSid;
  20 extern PSID SeNtAuthoritySid;
  21 extern PSID SeDialupSid;
  22 extern PSID SeNetworkSid;
  23 extern PSID SeBatchSid;
  24 extern PSID SeInteractiveSid;
  25 extern PSID SeServiceSid;
  26 extern PSID SeAnonymousLogonSid;
  27 extern PSID SePrincipalSelfSid;
  28 extern PSID SeLocalSystemSid;
  29 extern PSID SeAuthenticatedUserSid;
  30 extern PSID SeRestrictedCodeSid;
  31 extern PSID SeAliasAdminsSid;
  32 extern PSID SeAliasUsersSid;
  33 extern PSID SeAliasGuestsSid;
  34 extern PSID SeAliasPowerUsersSid;
  35 extern PSID SeAliasAccountOpsSid;
  36 extern PSID SeAliasSystemOpsSid;
  37 extern PSID SeAliasPrintOpsSid;
  38 extern PSID SeAliasBackupOpsSid;
  39 extern PSID SeAuthenticatedUsersSid;
  40 extern PSID SeRestrictedSid;
  41 extern PSID SeAnonymousLogonSid;
  42
  43 /* Privileges */
  44 extern LUID SeCreateTokenPrivilege;
  45 extern LUID SeAssignPrimaryTokenPrivilege;
  46 extern LUID SeLockMemoryPrivilege;
  47 extern LUID SeIncreaseQuotaPrivilege;
  48 extern LUID SeUnsolicitedInputPrivilege;
  49 extern LUID SeTcbPrivilege;
  50 extern LUID SeSecurityPrivilege;
  51 extern LUID SeTakeOwnershipPrivilege;
  52 extern LUID SeLoadDriverPrivilege;
  53 extern LUID SeCreatePagefilePrivilege;
  54 extern LUID SeIncreaseBasePriorityPrivilege;
  55 extern LUID SeSystemProfilePrivilege;
  56 extern LUID SeSystemtimePrivilege;
  57 extern LUID SeProfileSingleProcessPrivilege;
  58 extern LUID SeCreatePermanentPrivilege;
  59 extern LUID SeBackupPrivilege;
  60 extern LUID SeRestorePrivilege;
  61 extern LUID SeShutdownPrivilege;
  62 extern LUID SeDebugPrivilege;
  63 extern LUID SeAuditPrivilege;
  64 extern LUID SeSystemEnvironmentPrivilege;
  65 extern LUID SeChangeNotifyPrivilege;
  66 extern LUID SeRemoteShutdownPrivilege;
  67 extern LUID SeUndockPrivilege;
  68 extern LUID SeSyncAgentPrivilege;
  69 extern LUID SeEnableDelegationPrivilege;
  70
  71 /* DACLs */
  72 extern PACL SePublicDefaultUnrestrictedDacl;
  73 extern PACL SePublicOpenDacl;
  74 extern PACL SePublicOpenUnrestrictedDacl;
  75 extern PACL SeUnrestrictedDacl;
  76
  77 /* SDs */
  78 extern PSECURITY_DESCRIPTOR SePublicDefaultSd;
  79 extern PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd;
  80 extern PSECURITY_DESCRIPTOR SePublicOpenSd;
  81 extern PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd;
  82 extern PSECURITY_DESCRIPTOR SeSystemDefaultSd;
  83 extern PSECURITY_DESCRIPTOR SeUnrestrictedSd;
  84
  85 /* Functions */
  86 BOOLEAN
  87 NTAPI
  88 SeInitSystem(VOID);
  89
  90 BOOLEAN
  91 NTAPI
  92 SeInitSRM(VOID);
  93
  94 VOID
  95 NTAPI
  96 ExpInitLuid(VOID);
  97
  98 VOID
  99 NTAPI
 100 SepInitPrivileges(VOID);
 101
 102 BOOLEAN
 103 NTAPI
 104 SepInitSecurityIDs(VOID);
 105
 106 BOOLEAN
 107 NTAPI
 108 SepInitDACLs(VOID);
 109
 110 BOOLEAN
 111 NTAPI
 112 SepInitSDs(VOID);
 113
 114 VOID
 115 NTAPI
 116 SeDeassignPrimaryToken(struct _EPROCESS *Process);
 117
 118 NTSTATUS
 119 NTAPI
 120 SeSubProcessToken(
 121     IN PTOKEN Parent,
 122     OUT PTOKEN *Token,
 123     IN BOOLEAN InUse,
 124     IN ULONG SessionId
 125 );
 126
 127 NTSTATUS
 128 NTAPI
 129 SeInitializeProcessAuditName(
 130     IN PFILE_OBJECT FileObject,
 131     IN BOOLEAN DoAudit,
 132     OUT POBJECT_NAME_INFORMATION *AuditInfo
 133 );
 134
 135 NTSTATUS
 136 NTAPI
 137 SeCreateAccessStateEx(
 138     IN PETHREAD Thread,
 139     IN PEPROCESS Process,
 140     IN OUT PACCESS_STATE AccessState,
 141     IN PAUX_ACCESS_DATA AuxData,
 142     IN ACCESS_MASK Access,
 143     IN PGENERIC_MAPPING GenericMapping
 144 );
 145
 146 NTSTATUS
 147 NTAPI
 148 SeIsTokenChild(
 149     IN PTOKEN Token,
 150     OUT PBOOLEAN IsChild
 151 );
 152
 153 NTSTATUS
 154 NTAPI
 155 SepCreateImpersonationTokenDacl(
 156     PTOKEN Token,
 157     PTOKEN PrimaryToken,
 158     PACL *Dacl
 159 );
 160
 161 VOID
 162 NTAPI
 163 SepInitializeTokenImplementation(VOID);
 164
 165 PTOKEN
 166 NTAPI
 167 SepCreateSystemProcessToken(VOID);
 168
 169 BOOLEAN
 170 NTAPI
 171 SeDetailedAuditingWithToken(IN PTOKEN Token);
 172
 173 VOID
 174 NTAPI
 175 SeAuditProcessExit(IN PEPROCESS Process);
 176
 177 VOID
 178 NTAPI
 179 SeAuditProcessCreate(IN PEPROCESS Process);
 180
 181 NTSTATUS
 182 NTAPI
 183 SeExchangePrimaryToken(
 184     struct _EPROCESS* Process,
 185     PACCESS_TOKEN NewToken,
 186     PACCESS_TOKEN* OldTokenP
 187 );
 188
 189 VOID
 190 NTAPI
 191 SeCaptureSubjectContextEx(
 192     IN PETHREAD Thread,
 193     IN PEPROCESS Process,
 194     OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
 195 );
 196
 197 NTSTATUS
 198 NTAPI
 199 SeCaptureLuidAndAttributesArray(
 200     PLUID_AND_ATTRIBUTES Src,
 201     ULONG PrivilegeCount,
 202     KPROCESSOR_MODE PreviousMode,
 203     PLUID_AND_ATTRIBUTES AllocatedMem,
 204     ULONG AllocatedLength,
 205     POOL_TYPE PoolType,
 206     BOOLEAN CaptureIfKernel,
 207     PLUID_AND_ATTRIBUTES* Dest,
 208     PULONG Length
 209 );
 210
 211 VOID
 212 NTAPI
 213 SeReleaseLuidAndAttributesArray(
 214     PLUID_AND_ATTRIBUTES Privilege,
 215     KPROCESSOR_MODE PreviousMode,
 216     BOOLEAN CaptureIfKernel
 217 );
 218
 219 BOOLEAN
 220 NTAPI
 221 SepPrivilegeCheck(
 222     PTOKEN Token,
 223     PLUID_AND_ATTRIBUTES Privileges,
 224     ULONG PrivilegeCount,
 225     ULONG PrivilegeControl,
 226     KPROCESSOR_MODE PreviousMode
 227 );
 228
 229 NTSTATUS
 230 NTAPI
 231 SepDuplicateToken(
 232     PTOKEN Token,
 233     POBJECT_ATTRIBUTES ObjectAttributes,
 234     BOOLEAN EffectiveOnly,
 235     TOKEN_TYPE TokenType,
 236     SECURITY_IMPERSONATION_LEVEL Level,
 237     KPROCESSOR_MODE PreviousMode,
 238     PTOKEN* NewAccessToken
 239 );
 240
 241 NTSTATUS
 242 NTAPI
 243 SepCaptureSecurityQualityOfService(
 244     IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
 245     IN KPROCESSOR_MODE AccessMode,
 246     IN POOL_TYPE PoolType,
 247     IN BOOLEAN CaptureIfKernel,
 248     OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService,
 249     OUT PBOOLEAN Present
 250 );
 251
 252 VOID
 253 NTAPI
 254 SepReleaseSecurityQualityOfService(
 255     IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL,
 256     IN KPROCESSOR_MODE AccessMode,
 257     IN BOOLEAN CaptureIfKernel
 258 );
 259
 260 NTSTATUS
 261 NTAPI
 262 SepCaptureSid(
 263     IN PSID InputSid,
 264     IN KPROCESSOR_MODE AccessMode,
 265     IN POOL_TYPE PoolType,
 266     IN BOOLEAN CaptureIfKernel,
 267     OUT PSID *CapturedSid
 268 );
 269
 270 VOID
 271 NTAPI
 272 SepReleaseSid(
 273     IN PSID CapturedSid,
 274     IN KPROCESSOR_MODE AccessMode,
 275     IN BOOLEAN CaptureIfKernel
 276 );
 277
 278 NTSTATUS
 279 NTAPI
 280 SepCaptureAcl(
 281     IN PACL InputAcl,
 282     IN KPROCESSOR_MODE AccessMode,
 283     IN POOL_TYPE PoolType,
 284     IN BOOLEAN CaptureIfKernel,
 285     OUT PACL *CapturedAcl
 286 );
 287
 288 VOID
 289 NTAPI
 290 SepReleaseAcl(
 291     IN PACL CapturedAcl,
 292     IN KPROCESSOR_MODE AccessMode,
 293     IN BOOLEAN CaptureIfKernel
 294 );
 295
 296 NTSTATUS
 297 NTAPI
 298 SeDefaultObjectMethod(
 299     PVOID Object,
 300     SECURITY_OPERATION_CODE OperationType,
 301     PSECURITY_INFORMATION SecurityInformation,
 302     PSECURITY_DESCRIPTOR NewSecurityDescriptor,
 303     PULONG ReturnLength,
 304     PSECURITY_DESCRIPTOR *OldSecurityDescriptor,
 305     POOL_TYPE PoolType,
 306     PGENERIC_MAPPING GenericMapping
 307 );
 308
 309 NTSTATUS
 310 NTAPI
 311 SeSetWorldSecurityDescriptor(
 312     SECURITY_INFORMATION SecurityInformation,
 313     PISECURITY_DESCRIPTOR SecurityDescriptor,
 314     PULONG BufferLength
 315 );
 316
 317 NTSTATUS
 318 NTAPI
 319 SeCopyClientToken(
 320     IN PACCESS_TOKEN Token,
 321     IN SECURITY_IMPERSONATION_LEVEL Level,
 322     IN KPROCESSOR_MODE PreviousMode,
 323     OUT PACCESS_TOKEN* NewToken
 324 );
 325
 326 #define SepAcquireTokenLockExclusive(Token)                                    \
 327   do {                                                                         \
 328     KeEnterCriticalRegion();                                                   \
 329     ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE);              \
 330   while(0)
 331
 332 #define SepAcquireTokenLockShared(Token)                                       \
 333   do {                                                                         \
 334     KeEnterCriticalRegion();                                                   \
 335     ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE);                 \
 336   while(0)
 337
 338 #define SepReleaseTokenLock(Token)                                             \
 339   do {                                                                         \
 340     ExReleaseResource(((PTOKEN)Token)->TokenLock);                             \
 341     KeLeaveCriticalRegion();                                                   \
 342   while(0)
 343
 344 VOID NTAPI
 345 SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
 346                           OUT PACCESS_MASK DesiredAccess);
 347
 348 VOID NTAPI
 349 SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
 350                         OUT PACCESS_MASK DesiredAccess);
 351
 352 /* EOF */