projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[XDK][NDK] Restore struct alignment for IO_STACK_LOCATION
[reactos.git] / sdk / include / xdk / sefuncs.h
1 /******************************************************************************
2 * Security Manager Functions *
3 ******************************************************************************/
4
5 #if (NTDDI_VERSION >= NTDDI_WIN2K)
6 $if (_WDMDDK_)
7 _IRQL_requires_max_(PASSIVE_LEVEL)
8 NTKERNELAPI
9 BOOLEAN
10 NTAPI
11 SeAccessCheck(
12 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
13 _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
14 _In_ BOOLEAN SubjectContextLocked,
15 _In_ ACCESS_MASK DesiredAccess,
16 _In_ ACCESS_MASK PreviouslyGrantedAccess,
17 _Outptr_opt_ PPRIVILEGE_SET *Privileges,
18 _In_ PGENERIC_MAPPING GenericMapping,
19 _In_ KPROCESSOR_MODE AccessMode,
20 _Out_ PACCESS_MASK GrantedAccess,
21 _Out_ PNTSTATUS AccessStatus);
22
23 _IRQL_requires_max_(PASSIVE_LEVEL)
24 NTKERNELAPI
25 NTSTATUS
26 NTAPI
27 SeAssignSecurity(
28 _In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor,
29 _In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor,
30 _Out_ PSECURITY_DESCRIPTOR *NewDescriptor,
31 _In_ BOOLEAN IsDirectoryObject,
32 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
33 _In_ PGENERIC_MAPPING GenericMapping,
34 _In_ POOL_TYPE PoolType);
35
36 NTKERNELAPI
37 NTSTATUS
38 NTAPI
39 SeAssignSecurityEx(
40 _In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor,
41 _In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor,
42 _Out_ PSECURITY_DESCRIPTOR *NewDescriptor,
43 _In_opt_ GUID *ObjectType,
44 _In_ BOOLEAN IsDirectoryObject,
45 _In_ ULONG AutoInheritFlags,
46 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
47 _In_ PGENERIC_MAPPING GenericMapping,
48 _In_ POOL_TYPE PoolType);
49
50 _IRQL_requires_max_(PASSIVE_LEVEL)
51 NTKERNELAPI
52 NTSTATUS
53 NTAPI
54 SeDeassignSecurity(
55 _Inout_ PSECURITY_DESCRIPTOR *SecurityDescriptor);
56
57 _IRQL_requires_max_(PASSIVE_LEVEL)
58 NTKERNELAPI
59 BOOLEAN
60 NTAPI
61 SeValidSecurityDescriptor(
62 _In_ ULONG Length,
63 _In_reads_bytes_(Length) PSECURITY_DESCRIPTOR SecurityDescriptor);
64
65 NTKERNELAPI
66 ULONG
67 NTAPI
68 SeObjectCreateSaclAccessBits(
69 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor);
70
71 NTKERNELAPI
72 VOID
73 NTAPI
74 SeReleaseSubjectContext(
75 _Inout_ PSECURITY_SUBJECT_CONTEXT SubjectContext);
76
77 NTKERNELAPI
78 VOID
79 NTAPI
80 SeUnlockSubjectContext(
81 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext);
82
83 NTKERNELAPI
84 VOID
85 NTAPI
86 SeCaptureSubjectContext(
87 _Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext);
88
89 NTKERNELAPI
90 VOID
91 NTAPI
92 SeLockSubjectContext(
93 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext);
94 $endif (_WDMDDK_)
95
96 $if (_NTDDK_)
97 _IRQL_requires_max_(PASSIVE_LEVEL)
98 NTKERNELAPI
99 BOOLEAN
100 NTAPI
101 SeSinglePrivilegeCheck(
102 _In_ LUID PrivilegeValue,
103 _In_ KPROCESSOR_MODE PreviousMode);
104 $endif (_NTDDK_)
105 $if (_NTIFS_)
106
107 NTKERNELAPI
108 VOID
109 NTAPI
110 SeReleaseSubjectContext(
111 _Inout_ PSECURITY_SUBJECT_CONTEXT SubjectContext);
112
113 NTKERNELAPI
114 BOOLEAN
115 NTAPI
116 SePrivilegeCheck(
117 _Inout_ PPRIVILEGE_SET RequiredPrivileges,
118 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
119 _In_ KPROCESSOR_MODE AccessMode);
120
121 NTKERNELAPI
122 VOID
123 NTAPI
124 SeOpenObjectAuditAlarm(
125 _In_ PUNICODE_STRING ObjectTypeName,
126 _In_opt_ PVOID Object,
127 _In_opt_ PUNICODE_STRING AbsoluteObjectName,
128 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
129 _In_ PACCESS_STATE AccessState,
130 _In_ BOOLEAN ObjectCreated,
131 _In_ BOOLEAN AccessGranted,
132 _In_ KPROCESSOR_MODE AccessMode,
133 _Out_ PBOOLEAN GenerateOnClose);
134
135 NTKERNELAPI
136 VOID
137 NTAPI
138 SeOpenObjectForDeleteAuditAlarm(
139 _In_ PUNICODE_STRING ObjectTypeName,
140 _In_opt_ PVOID Object,
141 _In_opt_ PUNICODE_STRING AbsoluteObjectName,
142 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
143 _In_ PACCESS_STATE AccessState,
144 _In_ BOOLEAN ObjectCreated,
145 _In_ BOOLEAN AccessGranted,
146 _In_ KPROCESSOR_MODE AccessMode,
147 _Out_ PBOOLEAN GenerateOnClose);
148
149 NTKERNELAPI
150 VOID
151 NTAPI
152 SeDeleteObjectAuditAlarm(
153 _In_ PVOID Object,
154 _In_ HANDLE Handle);
155
156 NTKERNELAPI
157 TOKEN_TYPE
158 NTAPI
159 SeTokenType(
160 _In_ PACCESS_TOKEN Token);
161
162 NTKERNELAPI
163 BOOLEAN
164 NTAPI
165 SeTokenIsAdmin(
166 _In_ PACCESS_TOKEN Token);
167
168 NTKERNELAPI
169 BOOLEAN
170 NTAPI
171 SeTokenIsRestricted(
172 _In_ PACCESS_TOKEN Token);
173
174 NTKERNELAPI
175 NTSTATUS
176 NTAPI
177 SeQueryAuthenticationIdToken(
178 _In_ PACCESS_TOKEN Token,
179 _Out_ PLUID AuthenticationId);
180
181 NTKERNELAPI
182 NTSTATUS
183 NTAPI
184 SeQuerySessionIdToken(
185 _In_ PACCESS_TOKEN Token,
186 _Out_ PULONG SessionId);
187
188 NTKERNELAPI
189 NTSTATUS
190 NTAPI
191 SeCreateClientSecurity(
192 _In_ PETHREAD ClientThread,
193 _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
194 _In_ BOOLEAN RemoteSession,
195 _Out_ PSECURITY_CLIENT_CONTEXT ClientContext);
196
197 NTKERNELAPI
198 VOID
199 NTAPI
200 SeImpersonateClient(
201 _In_ PSECURITY_CLIENT_CONTEXT ClientContext,
202 _In_opt_ PETHREAD ServerThread);
203
204 NTKERNELAPI
205 NTSTATUS
206 NTAPI
207 SeImpersonateClientEx(
208 _In_ PSECURITY_CLIENT_CONTEXT ClientContext,
209 _In_opt_ PETHREAD ServerThread);
210
211 NTKERNELAPI
212 NTSTATUS
213 NTAPI
214 SeCreateClientSecurityFromSubjectContext(
215 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
216 _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
217 _In_ BOOLEAN ServerIsRemote,
218 _Out_ PSECURITY_CLIENT_CONTEXT ClientContext);
219
220 NTKERNELAPI
221 NTSTATUS
222 NTAPI
223 SeQuerySecurityDescriptorInfo(
224 _In_ PSECURITY_INFORMATION SecurityInformation,
225 _Out_writes_bytes_(*Length) PSECURITY_DESCRIPTOR SecurityDescriptor,
226 _Inout_ PULONG Length,
227 _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor);
228
229 NTKERNELAPI
230 NTSTATUS
231 NTAPI
232 SeSetSecurityDescriptorInfo(
233 _In_opt_ PVOID Object,
234 _In_ PSECURITY_INFORMATION SecurityInformation,
235 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
236 _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
237 _In_ POOL_TYPE PoolType,
238 _In_ PGENERIC_MAPPING GenericMapping);
239
240 NTKERNELAPI
241 NTSTATUS
242 NTAPI
243 SeSetSecurityDescriptorInfoEx(
244 _In_opt_ PVOID Object,
245 _In_ PSECURITY_INFORMATION SecurityInformation,
246 _In_ PSECURITY_DESCRIPTOR ModificationDescriptor,
247 _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
248 _In_ ULONG AutoInheritFlags,
249 _In_ POOL_TYPE PoolType,
250 _In_ PGENERIC_MAPPING GenericMapping);
251
252 NTKERNELAPI
253 NTSTATUS
254 NTAPI
255 SeAppendPrivileges(
256 _Inout_ PACCESS_STATE AccessState,
257 _In_ PPRIVILEGE_SET Privileges);
258
259 NTKERNELAPI
260 BOOLEAN
261 NTAPI
262 SeAuditingFileEvents(
263 _In_ BOOLEAN AccessGranted,
264 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor);
265
266 NTKERNELAPI
267 BOOLEAN
268 NTAPI
269 SeAuditingFileOrGlobalEvents(
270 _In_ BOOLEAN AccessGranted,
271 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
272 _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext);
273
274 VOID
275 NTAPI
276 SeSetAccessStateGenericMapping(
277 _Inout_ PACCESS_STATE AccessState,
278 _In_ PGENERIC_MAPPING GenericMapping);
279
280 NTKERNELAPI
281 NTSTATUS
282 NTAPI
283 SeRegisterLogonSessionTerminatedRoutine(
284 _In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine);
285
286 NTKERNELAPI
287 NTSTATUS
288 NTAPI
289 SeUnregisterLogonSessionTerminatedRoutine(
290 _In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine);
291
292 NTKERNELAPI
293 NTSTATUS
294 NTAPI
295 SeMarkLogonSessionForTerminationNotification(
296 _In_ PLUID LogonId);
297
298 NTKERNELAPI
299 NTSTATUS
300 NTAPI
301 SeQueryInformationToken(
302 _In_ PACCESS_TOKEN Token,
303 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
304 _Outptr_result_buffer_(_Inexpressible_(token-dependent)) PVOID *TokenInformation);
305 $endif (_NTIFS_)
306
307 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
308 $if (_NTIFS_)
309 #if (NTDDI_VERSION >= NTDDI_WIN2KSP3)
310 NTKERNELAPI
311 BOOLEAN
312 NTAPI
313 SeAuditingHardLinkEvents(
314 _In_ BOOLEAN AccessGranted,
315 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor);
316 #endif
317
318 #if (NTDDI_VERSION >= NTDDI_WINXP)
319
320 NTKERNELAPI
321 NTSTATUS
322 NTAPI
323 SeFilterToken(
324 _In_ PACCESS_TOKEN ExistingToken,
325 _In_ ULONG Flags,
326 _In_opt_ PTOKEN_GROUPS SidsToDisable,
327 _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete,
328 _In_opt_ PTOKEN_GROUPS RestrictedSids,
329 _Outptr_ PACCESS_TOKEN *FilteredToken);
330
331 NTKERNELAPI
332 VOID
333 NTAPI
334 SeAuditHardLinkCreation(
335 _In_ PUNICODE_STRING FileName,
336 _In_ PUNICODE_STRING LinkName,
337 _In_ BOOLEAN bSuccess);
338
339 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
340
341 #if (NTDDI_VERSION >= NTDDI_WINXPSP2)
342
343 NTKERNELAPI
344 BOOLEAN
345 NTAPI
346 SeAuditingFileEventsWithContext(
347 _In_ BOOLEAN AccessGranted,
348 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
349 _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext);
350
351 NTKERNELAPI
352 BOOLEAN
353 NTAPI
354 SeAuditingHardLinkEventsWithContext(
355 _In_ BOOLEAN AccessGranted,
356 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
357 _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext);
358
359 #endif
360 $endif (_NTIFS_)
361
362 $if (_WDMDDK_)
363 #if (NTDDI_VERSION >= NTDDI_WS03SP1)
364
365 _At_(AuditParameters->ParameterCount, _Const_)
366 NTSTATUS
367 NTAPI
368 SeSetAuditParameter(
369 _Inout_ PSE_ADT_PARAMETER_ARRAY AuditParameters,
370 _In_ SE_ADT_PARAMETER_TYPE Type,
371 _In_range_(<,SE_MAX_AUDIT_PARAMETERS) ULONG Index,
372 _In_reads_(_Inexpressible_("depends on SE_ADT_PARAMETER_TYPE"))
373 PVOID Data);
374
375 NTSTATUS
376 NTAPI
377 SeReportSecurityEvent(
378 _In_ ULONG Flags,
379 _In_ PUNICODE_STRING SourceName,
380 _In_opt_ PSID UserSid,
381 _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters);
382
383 #endif /* (NTDDI_VERSION >= NTDDI_WS03SP1) */
384 $endif (_WDMDDK_)
385
386 $if (_WDMDDK_ || _NTIFS_)
387 #if (NTDDI_VERSION >= NTDDI_VISTA)
388 $endif (_WDMDDK_ || _NTIFS_)
389 $if (_WDMDDK_)
390 NTKERNELAPI
391 ULONG
392 NTAPI
393 SeComputeAutoInheritByObjectType(
394 _In_ PVOID ObjectType,
395 _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor,
396 _In_opt_ PSECURITY_DESCRIPTOR ParentSecurityDescriptor);
397
398 #ifdef SE_NTFS_WORLD_CACHE
399 VOID
400 NTAPI
401 SeGetWorldRights(
402 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
403 _In_ PGENERIC_MAPPING GenericMapping,
404 _Out_ PACCESS_MASK GrantedAccess);
405 #endif /* SE_NTFS_WORLD_CACHE */
406 $endif (_WDMDDK_)
407 $if (_NTIFS_)
408
409 NTKERNELAPI
410 VOID
411 NTAPI
412 SeOpenObjectAuditAlarmWithTransaction(
413 _In_ PUNICODE_STRING ObjectTypeName,
414 _In_opt_ PVOID Object,
415 _In_opt_ PUNICODE_STRING AbsoluteObjectName,
416 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
417 _In_ PACCESS_STATE AccessState,
418 _In_ BOOLEAN ObjectCreated,
419 _In_ BOOLEAN AccessGranted,
420 _In_ KPROCESSOR_MODE AccessMode,
421 _In_opt_ GUID *TransactionId,
422 _Out_ PBOOLEAN GenerateOnClose);
423
424 NTKERNELAPI
425 VOID
426 NTAPI
427 SeOpenObjectForDeleteAuditAlarmWithTransaction(
428 _In_ PUNICODE_STRING ObjectTypeName,
429 _In_opt_ PVOID Object,
430 _In_opt_ PUNICODE_STRING AbsoluteObjectName,
431 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
432 _In_ PACCESS_STATE AccessState,
433 _In_ BOOLEAN ObjectCreated,
434 _In_ BOOLEAN AccessGranted,
435 _In_ KPROCESSOR_MODE AccessMode,
436 _In_opt_ GUID *TransactionId,
437 _Out_ PBOOLEAN GenerateOnClose);
438
439 NTKERNELAPI
440 VOID
441 NTAPI
442 SeExamineSacl(
443 _In_ PACL Sacl,
444 _In_ PACCESS_TOKEN Token,
445 _In_ ACCESS_MASK DesiredAccess,
446 _In_ BOOLEAN AccessGranted,
447 _Out_ PBOOLEAN GenerateAudit,
448 _Out_ PBOOLEAN GenerateAlarm);
449
450 NTKERNELAPI
451 VOID
452 NTAPI
453 SeDeleteObjectAuditAlarmWithTransaction(
454 _In_ PVOID Object,
455 _In_ HANDLE Handle,
456 _In_opt_ GUID *TransactionId);
457
458 NTKERNELAPI
459 VOID
460 NTAPI
461 SeQueryTokenIntegrity(
462 _In_ PACCESS_TOKEN Token,
463 _Inout_ PSID_AND_ATTRIBUTES IntegritySA);
464
465 NTKERNELAPI
466 NTSTATUS
467 NTAPI
468 SeSetSessionIdToken(
469 _In_ PACCESS_TOKEN Token,
470 _In_ ULONG SessionId);
471
472 NTKERNELAPI
473 VOID
474 NTAPI
475 SeAuditHardLinkCreationWithTransaction(
476 _In_ PUNICODE_STRING FileName,
477 _In_ PUNICODE_STRING LinkName,
478 _In_ BOOLEAN bSuccess,
479 _In_opt_ GUID *TransactionId);
480
481 NTKERNELAPI
482 VOID
483 NTAPI
484 SeAuditTransactionStateChange(
485 _In_ GUID *TransactionId,
486 _In_ GUID *ResourceManagerId,
487 _In_ ULONG NewTransactionState);
488 $endif (_NTIFS_)
489 $if (_WDMDDK_ || _NTIFS_)
490 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
491 $endif (_WDMDDK_ || _NTIFS_)
492 $if (_NTIFS_)
493
494 #if (NTDDI_VERSION >= NTDDI_VISTA || (NTDDI_VERSION >= NTDDI_WINXPSP2 && NTDDI_VERSION < NTDDI_WS03))
495 NTKERNELAPI
496 BOOLEAN
497 NTAPI
498 SeTokenIsWriteRestricted(
499 _In_ PACCESS_TOKEN Token);
500 #endif
501
502 #if (NTDDI_VERSION >= NTDDI_WIN7)
503
504 NTKERNELAPI
505 BOOLEAN
506 NTAPI
507 SeAuditingAnyFileEventsWithContext(
508 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
509 _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
510 _Out_opt_ PBOOLEAN StagingEnabled);
511
512 NTKERNELAPI
513 VOID
514 NTAPI
515 SeExamineGlobalSacl(
516 _In_ PUNICODE_STRING ObjectType,
517 _In_ PACL ResourceSacl,
518 _In_ PACCESS_TOKEN Token,
519 _In_ ACCESS_MASK DesiredAccess,
520 _In_ BOOLEAN AccessGranted,
521 _Inout_ PBOOLEAN GenerateAudit,
522 _Inout_opt_ PBOOLEAN GenerateAlarm);
523
524 NTKERNELAPI
525 VOID
526 NTAPI
527 SeMaximumAuditMaskFromGlobalSacl(
528 _In_opt_ PUNICODE_STRING ObjectTypeName,
529 _In_ ACCESS_MASK GrantedAccess,
530 _In_ PACCESS_TOKEN Token,
531 _Inout_ PACCESS_MASK AuditMask);
532
533 #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
534
535 NTSTATUS
536 NTAPI
537 SeReportSecurityEventWithSubCategory(
538 _In_ ULONG Flags,
539 _In_ PUNICODE_STRING SourceName,
540 _In_opt_ PSID UserSid,
541 _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters,
542 _In_ ULONG AuditSubcategoryId);
543
544 BOOLEAN
545 NTAPI
546 SeAccessCheckFromState(
547 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
548 _In_ PTOKEN_ACCESS_INFORMATION PrimaryTokenInformation,
549 _In_opt_ PTOKEN_ACCESS_INFORMATION ClientTokenInformation,
550 _In_ ACCESS_MASK DesiredAccess,
551 _In_ ACCESS_MASK PreviouslyGrantedAccess,
552 _Outptr_opt_result_maybenull_ PPRIVILEGE_SET *Privileges,
553 _In_ PGENERIC_MAPPING GenericMapping,
554 _In_ KPROCESSOR_MODE AccessMode,
555 _Out_ PACCESS_MASK GrantedAccess,
556 _Out_ PNTSTATUS AccessStatus);
557
558 NTKERNELAPI
559 VOID
560 NTAPI
561 SeFreePrivileges(
562 _In_ PPRIVILEGE_SET Privileges);
563
564 NTSTATUS
565 NTAPI
566 SeLocateProcessImageName(
567 _Inout_ PEPROCESS Process,
568 _Outptr_ PUNICODE_STRING *pImageFileName);
569
570 #define SeLengthSid( Sid ) \
571 (8 + (4 * ((SID *)Sid)->SubAuthorityCount))
572
573 #define SeDeleteClientSecurity(C) { \
574 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
575 PsDereferencePrimaryToken( (C)->ClientToken ); \
576 } else { \
577 PsDereferenceImpersonationToken( (C)->ClientToken ); \
578 } \
579 }
580
581 #define SeStopImpersonatingClient() PsRevertToSelf()
582
583 #define SeQuerySubjectContextToken( SubjectContext ) \
584 ( ARGUMENT_PRESENT( \
585 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
586 ) ? \
587 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
588 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
589
590 extern NTKERNELAPI PSE_EXPORTS SeExports;
591
592 $endif (_NTIFS_)
A free Windows-compatible Operating System