1 /******************************************************************************
2 * Security Manager Functions *
3 ******************************************************************************/
5 #if (NTDDI_VERSION >= NTDDI_WIN2K)
7 _IRQL_requires_max_(PASSIVE_LEVEL
)
12 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
,
13 _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
,
14 _In_ BOOLEAN SubjectContextLocked
,
15 _In_ ACCESS_MASK DesiredAccess
,
16 _In_ ACCESS_MASK PreviouslyGrantedAccess
,
17 _Outptr_opt_ PPRIVILEGE_SET
*Privileges
,
18 _In_ PGENERIC_MAPPING GenericMapping
,
19 _In_ KPROCESSOR_MODE AccessMode
,
20 _Out_ PACCESS_MASK GrantedAccess
,
21 _Out_ PNTSTATUS AccessStatus
);
23 _IRQL_requires_max_(PASSIVE_LEVEL
)
28 _In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor
,
29 _In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor
,
30 _Out_ PSECURITY_DESCRIPTOR
*NewDescriptor
,
31 _In_ BOOLEAN IsDirectoryObject
,
32 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext
,
33 _In_ PGENERIC_MAPPING GenericMapping
,
34 _In_ POOL_TYPE PoolType
);
40 _In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor
,
41 _In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor
,
42 _Out_ PSECURITY_DESCRIPTOR
*NewDescriptor
,
43 _In_opt_ GUID
*ObjectType
,
44 _In_ BOOLEAN IsDirectoryObject
,
45 _In_ ULONG AutoInheritFlags
,
46 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext
,
47 _In_ PGENERIC_MAPPING GenericMapping
,
48 _In_ POOL_TYPE PoolType
);
50 _IRQL_requires_max_(PASSIVE_LEVEL
)
55 _Inout_ PSECURITY_DESCRIPTOR
*SecurityDescriptor
);
57 _IRQL_requires_max_(PASSIVE_LEVEL
)
61 SeValidSecurityDescriptor(
63 _In_reads_bytes_(Length
) PSECURITY_DESCRIPTOR SecurityDescriptor
);
68 SeObjectCreateSaclAccessBits(
69 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
);
74 SeReleaseSubjectContext(
75 _Inout_ PSECURITY_SUBJECT_CONTEXT SubjectContext
);
80 SeUnlockSubjectContext(
81 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext
);
86 SeCaptureSubjectContext(
87 _Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext
);
93 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext
);
97 _IRQL_requires_max_(PASSIVE_LEVEL
)
101 SeSinglePrivilegeCheck(
102 _In_ LUID PrivilegeValue
,
103 _In_ KPROCESSOR_MODE PreviousMode
);
110 SeReleaseSubjectContext(
111 _Inout_ PSECURITY_SUBJECT_CONTEXT SubjectContext
);
117 _Inout_ PPRIVILEGE_SET RequiredPrivileges
,
118 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext
,
119 _In_ KPROCESSOR_MODE AccessMode
);
124 SeOpenObjectAuditAlarm(
125 _In_ PUNICODE_STRING ObjectTypeName
,
126 _In_opt_ PVOID Object
,
127 _In_opt_ PUNICODE_STRING AbsoluteObjectName
,
128 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
,
129 _In_ PACCESS_STATE AccessState
,
130 _In_ BOOLEAN ObjectCreated
,
131 _In_ BOOLEAN AccessGranted
,
132 _In_ KPROCESSOR_MODE AccessMode
,
133 _Out_ PBOOLEAN GenerateOnClose
);
138 SeOpenObjectForDeleteAuditAlarm(
139 _In_ PUNICODE_STRING ObjectTypeName
,
140 _In_opt_ PVOID Object
,
141 _In_opt_ PUNICODE_STRING AbsoluteObjectName
,
142 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
,
143 _In_ PACCESS_STATE AccessState
,
144 _In_ BOOLEAN ObjectCreated
,
145 _In_ BOOLEAN AccessGranted
,
146 _In_ KPROCESSOR_MODE AccessMode
,
147 _Out_ PBOOLEAN GenerateOnClose
);
152 SeDeleteObjectAuditAlarm(
160 _In_ PACCESS_TOKEN Token
);
166 _In_ PACCESS_TOKEN Token
);
172 _In_ PACCESS_TOKEN Token
);
177 SeQueryAuthenticationIdToken(
178 _In_ PACCESS_TOKEN Token
,
179 _Out_ PLUID AuthenticationId
);
184 SeQuerySessionIdToken(
185 _In_ PACCESS_TOKEN Token
,
186 _Out_ PULONG SessionId
);
191 SeCreateClientSecurity(
192 _In_ PETHREAD ClientThread
,
193 _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos
,
194 _In_ BOOLEAN RemoteSession
,
195 _Out_ PSECURITY_CLIENT_CONTEXT ClientContext
);
201 _In_ PSECURITY_CLIENT_CONTEXT ClientContext
,
202 _In_opt_ PETHREAD ServerThread
);
207 SeImpersonateClientEx(
208 _In_ PSECURITY_CLIENT_CONTEXT ClientContext
,
209 _In_opt_ PETHREAD ServerThread
);
214 SeCreateClientSecurityFromSubjectContext(
215 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext
,
216 _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos
,
217 _In_ BOOLEAN ServerIsRemote
,
218 _Out_ PSECURITY_CLIENT_CONTEXT ClientContext
);
223 SeQuerySecurityDescriptorInfo(
224 _In_ PSECURITY_INFORMATION SecurityInformation
,
225 _Out_writes_bytes_(*Length
) PSECURITY_DESCRIPTOR SecurityDescriptor
,
226 _Inout_ PULONG Length
,
227 _Inout_ PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
);
232 SeSetSecurityDescriptorInfo(
233 _In_opt_ PVOID Object
,
234 _In_ PSECURITY_INFORMATION SecurityInformation
,
235 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
,
236 _Inout_ PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
237 _In_ POOL_TYPE PoolType
,
238 _In_ PGENERIC_MAPPING GenericMapping
);
243 SeSetSecurityDescriptorInfoEx(
244 _In_opt_ PVOID Object
,
245 _In_ PSECURITY_INFORMATION SecurityInformation
,
246 _In_ PSECURITY_DESCRIPTOR ModificationDescriptor
,
247 _Inout_ PSECURITY_DESCRIPTOR
*ObjectsSecurityDescriptor
,
248 _In_ ULONG AutoInheritFlags
,
249 _In_ POOL_TYPE PoolType
,
250 _In_ PGENERIC_MAPPING GenericMapping
);
256 _Inout_ PACCESS_STATE AccessState
,
257 _In_ PPRIVILEGE_SET Privileges
);
262 SeAuditingFileEvents(
263 _In_ BOOLEAN AccessGranted
,
264 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
);
269 SeAuditingFileOrGlobalEvents(
270 _In_ BOOLEAN AccessGranted
,
271 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
,
272 _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
);
276 SeSetAccessStateGenericMapping(
277 _Inout_ PACCESS_STATE AccessState
,
278 _In_ PGENERIC_MAPPING GenericMapping
);
283 SeRegisterLogonSessionTerminatedRoutine(
284 _In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
);
289 SeUnregisterLogonSessionTerminatedRoutine(
290 _In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
);
295 SeMarkLogonSessionForTerminationNotification(
301 SeQueryInformationToken(
302 _In_ PACCESS_TOKEN Token
,
303 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass
,
304 _Outptr_result_buffer_(_Inexpressible_(token
-dependent
)) PVOID
*TokenInformation
);
307 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
309 #if (NTDDI_VERSION >= NTDDI_WIN2KSP3)
313 SeAuditingHardLinkEvents(
314 _In_ BOOLEAN AccessGranted
,
315 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
);
318 #if (NTDDI_VERSION >= NTDDI_WINXP)
324 _In_ PACCESS_TOKEN ExistingToken
,
326 _In_opt_ PTOKEN_GROUPS SidsToDisable
,
327 _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete
,
328 _In_opt_ PTOKEN_GROUPS RestrictedSids
,
329 _Outptr_ PACCESS_TOKEN
*FilteredToken
);
334 SeAuditHardLinkCreation(
335 _In_ PUNICODE_STRING FileName
,
336 _In_ PUNICODE_STRING LinkName
,
337 _In_ BOOLEAN bSuccess
);
339 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
341 #if (NTDDI_VERSION >= NTDDI_WINXPSP2)
346 SeAuditingFileEventsWithContext(
347 _In_ BOOLEAN AccessGranted
,
348 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
,
349 _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
);
354 SeAuditingHardLinkEventsWithContext(
355 _In_ BOOLEAN AccessGranted
,
356 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
,
357 _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
);
363 #if (NTDDI_VERSION >= NTDDI_WS03SP1)
365 _At_(AuditParameters
->ParameterCount
, _Const_
)
369 _Inout_ PSE_ADT_PARAMETER_ARRAY AuditParameters
,
370 _In_ SE_ADT_PARAMETER_TYPE Type
,
371 _In_range_(<,SE_MAX_AUDIT_PARAMETERS
) ULONG Index
,
372 _In_reads_(_Inexpressible_("depends on SE_ADT_PARAMETER_TYPE"))
377 SeReportSecurityEvent(
379 _In_ PUNICODE_STRING SourceName
,
380 _In_opt_ PSID UserSid
,
381 _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters
);
383 #endif /* (NTDDI_VERSION >= NTDDI_WS03SP1) */
386 $
if (_WDMDDK_
|| _NTIFS_
)
387 #if (NTDDI_VERSION >= NTDDI_VISTA)
388 $
endif (_WDMDDK_
|| _NTIFS_
)
393 SeComputeAutoInheritByObjectType(
394 _In_ PVOID ObjectType
,
395 _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
,
396 _In_opt_ PSECURITY_DESCRIPTOR ParentSecurityDescriptor
);
398 #ifdef SE_NTFS_WORLD_CACHE
402 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
,
403 _In_ PGENERIC_MAPPING GenericMapping
,
404 _Out_ PACCESS_MASK GrantedAccess
);
405 #endif /* SE_NTFS_WORLD_CACHE */
412 SeOpenObjectAuditAlarmWithTransaction(
413 _In_ PUNICODE_STRING ObjectTypeName
,
414 _In_opt_ PVOID Object
,
415 _In_opt_ PUNICODE_STRING AbsoluteObjectName
,
416 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
,
417 _In_ PACCESS_STATE AccessState
,
418 _In_ BOOLEAN ObjectCreated
,
419 _In_ BOOLEAN AccessGranted
,
420 _In_ KPROCESSOR_MODE AccessMode
,
421 _In_opt_ GUID
*TransactionId
,
422 _Out_ PBOOLEAN GenerateOnClose
);
427 SeOpenObjectForDeleteAuditAlarmWithTransaction(
428 _In_ PUNICODE_STRING ObjectTypeName
,
429 _In_opt_ PVOID Object
,
430 _In_opt_ PUNICODE_STRING AbsoluteObjectName
,
431 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
,
432 _In_ PACCESS_STATE AccessState
,
433 _In_ BOOLEAN ObjectCreated
,
434 _In_ BOOLEAN AccessGranted
,
435 _In_ KPROCESSOR_MODE AccessMode
,
436 _In_opt_ GUID
*TransactionId
,
437 _Out_ PBOOLEAN GenerateOnClose
);
444 _In_ PACCESS_TOKEN Token
,
445 _In_ ACCESS_MASK DesiredAccess
,
446 _In_ BOOLEAN AccessGranted
,
447 _Out_ PBOOLEAN GenerateAudit
,
448 _Out_ PBOOLEAN GenerateAlarm
);
453 SeDeleteObjectAuditAlarmWithTransaction(
456 _In_opt_ GUID
*TransactionId
);
461 SeQueryTokenIntegrity(
462 _In_ PACCESS_TOKEN Token
,
463 _Inout_ PSID_AND_ATTRIBUTES IntegritySA
);
469 _In_ PACCESS_TOKEN Token
,
470 _In_ ULONG SessionId
);
475 SeAuditHardLinkCreationWithTransaction(
476 _In_ PUNICODE_STRING FileName
,
477 _In_ PUNICODE_STRING LinkName
,
478 _In_ BOOLEAN bSuccess
,
479 _In_opt_ GUID
*TransactionId
);
484 SeAuditTransactionStateChange(
485 _In_ GUID
*TransactionId
,
486 _In_ GUID
*ResourceManagerId
,
487 _In_ ULONG NewTransactionState
);
489 $
if (_WDMDDK_
|| _NTIFS_
)
490 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
491 $
endif (_WDMDDK_
|| _NTIFS_
)
494 #if (NTDDI_VERSION >= NTDDI_VISTA || (NTDDI_VERSION >= NTDDI_WINXPSP2 && NTDDI_VERSION < NTDDI_WS03))
498 SeTokenIsWriteRestricted(
499 _In_ PACCESS_TOKEN Token
);
502 #if (NTDDI_VERSION >= NTDDI_WIN7)
507 SeAuditingAnyFileEventsWithContext(
508 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
,
509 _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
,
510 _Out_opt_ PBOOLEAN StagingEnabled
);
516 _In_ PUNICODE_STRING ObjectType
,
517 _In_ PACL ResourceSacl
,
518 _In_ PACCESS_TOKEN Token
,
519 _In_ ACCESS_MASK DesiredAccess
,
520 _In_ BOOLEAN AccessGranted
,
521 _Inout_ PBOOLEAN GenerateAudit
,
522 _Inout_opt_ PBOOLEAN GenerateAlarm
);
527 SeMaximumAuditMaskFromGlobalSacl(
528 _In_opt_ PUNICODE_STRING ObjectTypeName
,
529 _In_ ACCESS_MASK GrantedAccess
,
530 _In_ PACCESS_TOKEN Token
,
531 _Inout_ PACCESS_MASK AuditMask
);
533 #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
537 SeReportSecurityEventWithSubCategory(
539 _In_ PUNICODE_STRING SourceName
,
540 _In_opt_ PSID UserSid
,
541 _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters
,
542 _In_ ULONG AuditSubcategoryId
);
546 SeAccessCheckFromState(
547 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
,
548 _In_ PTOKEN_ACCESS_INFORMATION PrimaryTokenInformation
,
549 _In_opt_ PTOKEN_ACCESS_INFORMATION ClientTokenInformation
,
550 _In_ ACCESS_MASK DesiredAccess
,
551 _In_ ACCESS_MASK PreviouslyGrantedAccess
,
552 _Outptr_opt_result_maybenull_ PPRIVILEGE_SET
*Privileges
,
553 _In_ PGENERIC_MAPPING GenericMapping
,
554 _In_ KPROCESSOR_MODE AccessMode
,
555 _Out_ PACCESS_MASK GrantedAccess
,
556 _Out_ PNTSTATUS AccessStatus
);
562 _In_ PPRIVILEGE_SET Privileges
);
566 SeLocateProcessImageName(
567 _Inout_ PEPROCESS Process
,
568 _Outptr_ PUNICODE_STRING
*pImageFileName
);
570 #define SeLengthSid( Sid ) \
571 (8 + (4 * ((SID *)Sid)->SubAuthorityCount))
573 #define SeDeleteClientSecurity(C) { \
574 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
575 PsDereferencePrimaryToken( (C)->ClientToken ); \
577 PsDereferenceImpersonationToken( (C)->ClientToken ); \
581 #define SeStopImpersonatingClient() PsRevertToSelf()
583 #define SeQuerySubjectContextToken( SubjectContext ) \
584 ( ARGUMENT_PRESENT( \
585 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
587 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
588 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
590 extern NTKERNELAPI PSE_EXPORTS SeExports
;