2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS kernel
4 * PURPOSE: Security manager
5 * FILE: kernel/se/semgr.c
8 * 26/07/98: Added stubs for security functions
11 /* INCLUDES *****************************************************************/
13 #include <ddk/ntddk.h>
15 #include <internal/debug.h>
17 /* FUNCTIONS ***************************************************************/
19 NTSTATUS STDCALL
ZwQueryInformationToken(IN HANDLE TokenHandle
,
20 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
21 OUT PVOID TokenInformation
,
22 IN ULONG TokenInformationLength
,
23 OUT PULONG ReturnLength
)
28 NTSTATUS STDCALL
NtQueryInformationToken(IN HANDLE TokenHandle
,
29 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
30 OUT PVOID TokenInformation
,
31 IN ULONG TokenInformationLength
,
32 OUT PULONG ReturnLength
)
34 return(ZwQueryInformationToken(TokenHandle
,
35 TokenInformationClass
,
37 TokenInformationLength
,
41 NTSTATUS STDCALL
ZwQuerySecurityObject(IN HANDLE Object
,
42 IN CINT SecurityObjectInformationClass
,
43 OUT PVOID SecurityObjectInformation
,
45 OUT PULONG ReturnLength
)
50 NTSTATUS STDCALL
NtQuerySecurityObject(IN HANDLE Object
,
51 IN CINT SecurityObjectInformationClass
,
52 OUT PVOID SecurityObjectInformation
,
54 OUT PULONG ReturnLength
)
56 return(ZwQuerySecurityObject(Object
,
57 SecurityObjectInformationClass
,
58 SecurityObjectInformation
,
67 IN SECURITY_INFORMATION SecurityInformation
,
68 IN PSECURITY_DESCRIPTOR SecurityDescriptor
76 NtSetInformationToken(
77 IN HANDLE TokenHandle
,
78 IN TOKEN_INFORMATION_CLASS TokenInformationClass
,
79 OUT PVOID TokenInformation
,
80 IN ULONG TokenInformationLength
89 IN HANDLE ClientToken
,
90 IN PPRIVILEGE_SET RequiredPrivileges
,
99 NtPrivilegedServiceAuditAlarm(
100 IN PUNICODE_STRING SubsystemName
,
101 IN PUNICODE_STRING ServiceName
,
102 IN HANDLE ClientToken
,
103 IN PPRIVILEGE_SET Privileges
,
104 IN BOOLEAN AccessGranted
112 NtPrivilegeObjectAuditAlarm(
113 IN PUNICODE_STRING SubsystemName
,
115 IN HANDLE ClientToken
,
116 IN ULONG DesiredAccess
,
117 IN PPRIVILEGE_SET Privileges
,
118 IN BOOLEAN AccessGranted
127 NtOpenObjectAuditAlarm(
128 IN PUNICODE_STRING SubsystemName
,
130 IN POBJECT_ATTRIBUTES ObjectAttributes
,
131 IN HANDLE ClientToken
,
132 IN ULONG DesiredAccess
,
133 IN ULONG GrantedAccess
,
134 IN PPRIVILEGE_SET Privileges
,
135 IN BOOLEAN ObjectCreation
,
136 IN BOOLEAN AccessGranted
,
137 OUT PBOOLEAN GenerateOnClose
146 IN HANDLE ProcessHandle
,
147 IN ACCESS_MASK DesiredAccess
,
148 OUT PHANDLE TokenHandle
157 IN HANDLE ThreadHandle
,
158 IN ACCESS_MASK DesiredAccess
,
159 IN BOOLEAN OpenAsSelf
,
160 OUT PHANDLE TokenHandle
166 NTSTATUS STDCALL
NtDuplicateToken(IN HANDLE ExistingToken
,
167 IN ACCESS_MASK DesiredAccess
,
168 IN POBJECT_ATTRIBUTES ObjectAttributes
,
169 IN SECURITY_IMPERSONATION_LEVEL
171 IN TOKEN_TYPE TokenType
,
172 OUT PHANDLE NewToken
)
178 NTSTATUS STDCALL
NtImpersonateClientOfPort(VOID
)
183 NTSTATUS STDCALL
NtImpersonateThread(IN HANDLE ThreadHandle
,
184 IN HANDLE ThreadToImpersonate
,
185 IN PSECURITY_QUALITY_OF_SERVICE
186 SecurityQualityOfService
)
191 NTSTATUS STDCALL
NtCreateToken(VOID
)
196 NTSTATUS STDCALL
NtDeleteObjectAuditAlarm(IN PUNICODE_STRING SubsystemName
,
198 IN BOOLEAN GenerateOnClose
)
204 NTSTATUS STDCALL
NtAllocateLocallyUniqueId(OUT LUID
*LocallyUniqueId
)
206 return(ZwAllocateLocallyUniqueId(LocallyUniqueId
));
209 NTSTATUS STDCALL
ZwAllocateLocallyUniqueId(OUT LUID
*LocallyUniqueId
)
214 NTSTATUS STDCALL
NtAccessCheckAndAuditAlarm(IN PUNICODE_STRING SubsystemName
,
215 IN PHANDLE ObjectHandle
,
216 IN POBJECT_ATTRIBUTES ObjectAttributes
,
217 IN ACCESS_MASK DesiredAccess
,
218 IN PGENERIC_MAPPING GenericMapping
,
219 IN BOOLEAN ObjectCreation
,
220 OUT PULONG GrantedAccess
,
221 OUT PBOOLEAN AccessStatus
,
222 OUT PBOOLEAN GenerateOnClose
)
227 NTSTATUS STDCALL
NtAdjustGroupsToken(IN HANDLE TokenHandle
,
228 IN BOOLEAN ResetToDefault
,
229 IN PTOKEN_GROUPS NewState
,
230 IN ULONG BufferLength
,
231 OUT PTOKEN_GROUPS PreviousState OPTIONAL
,
232 OUT PULONG ReturnLength
)
237 NTSTATUS STDCALL
NtAdjustPrivilegesToken(IN HANDLE TokenHandle
,
238 IN BOOLEAN DisableAllPrivileges
,
239 IN PTOKEN_PRIVILEGES NewState
,
240 IN ULONG BufferLength
,
241 OUT PTOKEN_PRIVILEGES PreviousState
,
242 OUT PULONG ReturnLength
)
244 return(ZwAdjustPrivilegesToken(TokenHandle
,
245 DisableAllPrivileges
,
252 NTSTATUS STDCALL
ZwAdjustPrivilegesToken(IN HANDLE TokenHandle
,
253 IN BOOLEAN DisableAllPrivileges
,
254 IN PTOKEN_PRIVILEGES NewState
,
255 IN ULONG BufferLength
,
256 OUT PTOKEN_PRIVILEGES PreviousState
,
257 OUT PULONG ReturnLength
)
262 NTSTATUS STDCALL
NtAllocateUuids(PLARGE_INTEGER Time
,
263 PULONG Version
, // ???
266 return(ZwAllocateUuids(Time
,
271 NTSTATUS STDCALL
ZwAllocateUuids(PLARGE_INTEGER Time
,
272 PULONG Version
, // ???
278 NTSTATUS STDCALL
NtCloseObjectAuditAlarm(IN PUNICODE_STRING SubsystemName
,
280 IN BOOLEAN GenerateOnClose
)
285 NTSTATUS STDCALL
NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
286 IN HANDLE ClientToken
,
287 IN ACCESS_MASK DesiredAccess
,
288 IN PGENERIC_MAPPING GenericMapping
,
289 OUT PRIVILEGE_SET PrivilegeSet
,
290 OUT PULONG ReturnLength
,
291 OUT PULONG GrantedAccess
,
292 OUT PBOOLEAN AccessStatus
)
294 return(ZwAccessCheck(SecurityDescriptor
,
304 NTSTATUS STDCALL
ZwAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
305 IN HANDLE ClientToken
,
306 IN ACCESS_MASK DesiredAcces
,
307 IN PGENERIC_MAPPING GenericMapping
,
308 OUT PRIVILEGE_SET PrivilegeSet
,
309 OUT PULONG ReturnLength
,
310 OUT PULONG GrantedAccess
,
311 OUT PBOOLEAN AccessStatus
)
316 NTSTATUS
RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor
,
322 ULONG
RtlLengthSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor
)
327 NTSTATUS
RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor
,
330 BOOLEAN DaclDefaulted
)
335 BOOLEAN
RtlValidSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor
)
340 BOOLEAN
SeSinglePrivilegeCheck(LUID PrivilegeValue
,
341 KPROCESSOR_MODE PreviousMode
)
346 NTSTATUS
SeDeassignSecurity(PSECURITY_DESCRIPTOR
* SecurityDescriptor
)
351 NTSTATUS
SeAssignSecurity(PSECURITY_DESCRIPTOR ParentDescriptor
,
352 PSECURITY_DESCRIPTOR ExplicitDescriptor
,
353 BOOLEAN IsDirectoryObject
,
354 PSECURITY_SUBJECT_CONTEXT SubjectContext
,
355 PGENERIC_MAPPING GenericMapping
,
361 BOOLEAN
SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor
,
362 IN PSECURITY_DESCRIPTOR_CONTEXT SubjectSecurityContext
,
363 IN BOOLEAN SubjectContextLocked
,
364 IN ACCESS_MASK DesiredAccess
,
365 IN ACCESS_MASK PreviouslyGrantedAccess
,
366 OUT PPRIVILEGE_SET
* Privileges
,
367 IN PGENERIC_MAPPING GenericMapping
,
368 IN KPROCESSOR_MODE AccessMode
,
369 OUT PACCESS_MODE GrantedAccess
,
370 OUT PNTSTATUS AccessStatus
)
372 * FUNCTION: Determines whether the requested access rights can be granted
373 * to an object protected by a security descriptor and an object owner
375 * SecurityDescriptor = Security descriptor protected the object
376 * SubjectSecurityContext = Subject's captured security context
377 * SubjectContextLocked = Indicates the user's subject context is locked
378 * DesiredAccess = Access rights the caller is trying to acquire
379 * PreviouslyGrantedAccess = Specified the access rights already granted
381 * GenericMapping = Generic mapping associated with the object
382 * AccessMode = Access mode used for the check
383 * GrantedAccess (OUT) = On return specifies the access granted
384 * AccessStatus (OUT) = Status indicating why access was denied
385 * RETURNS: If access was granted, returns TRUE