#pragma once
-extern POBJECT_TYPE SepTokenObjectType;
+typedef struct _KNOWN_ACE
+{
+ ACE_HEADER Header;
+ ACCESS_MASK Mask;
+ ULONG SidStart;
+} KNOWN_ACE, *PKNOWN_ACE;
+
+typedef struct _KNOWN_OBJECT_ACE
+{
+ ACE_HEADER Header;
+ ACCESS_MASK Mask;
+ ULONG Flags;
+ ULONG SidStart;
+} KNOWN_OBJECT_ACE, *PKNOWN_OBJECT_ACE;
+
+typedef struct _KNOWN_COMPOUND_ACE
+{
+ ACE_HEADER Header;
+ ACCESS_MASK Mask;
+ USHORT CompoundAceType;
+ USHORT Reserved;
+ ULONG SidStart;
+} KNOWN_COMPOUND_ACE, *PKNOWN_COMPOUND_ACE;
+
+FORCEINLINE
+PSID
+SepGetGroupFromDescriptor(PVOID _Descriptor)
+{
+ PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
+ PISECURITY_DESCRIPTOR_RELATIVE SdRel;
+
+ if (Descriptor->Control & SE_SELF_RELATIVE)
+ {
+ SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor;
+ if (!SdRel->Group) return NULL;
+ return (PSID)((ULONG_PTR)Descriptor + SdRel->Group);
+ }
+ else
+ {
+ return Descriptor->Group;
+ }
+}
+
+FORCEINLINE
+PSID
+SepGetOwnerFromDescriptor(PVOID _Descriptor)
+{
+ PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
+ PISECURITY_DESCRIPTOR_RELATIVE SdRel;
+
+ if (Descriptor->Control & SE_SELF_RELATIVE)
+ {
+ SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor;
+ if (!SdRel->Owner) return NULL;
+ return (PSID)((ULONG_PTR)Descriptor + SdRel->Owner);
+ }
+ else
+ {
+ return Descriptor->Owner;
+ }
+}
+
+FORCEINLINE
+PACL
+SepGetDaclFromDescriptor(PVOID _Descriptor)
+{
+ PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
+ PISECURITY_DESCRIPTOR_RELATIVE SdRel;
+
+ if (!(Descriptor->Control & SE_DACL_PRESENT)) return NULL;
+
+ if (Descriptor->Control & SE_SELF_RELATIVE)
+ {
+ SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor;
+ if (!SdRel->Dacl) return NULL;
+ return (PACL)((ULONG_PTR)Descriptor + SdRel->Dacl);
+ }
+ else
+ {
+ return Descriptor->Dacl;
+ }
+}
+
+FORCEINLINE
+PACL
+SepGetSaclFromDescriptor(PVOID _Descriptor)
+{
+ PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
+ PISECURITY_DESCRIPTOR_RELATIVE SdRel;
+
+ if (!(Descriptor->Control & SE_SACL_PRESENT)) return NULL;
+
+ if (Descriptor->Control & SE_SELF_RELATIVE)
+ {
+ SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor;
+ if (!SdRel->Sacl) return NULL;
+ return (PACL)((ULONG_PTR)Descriptor + SdRel->Sacl);
+ }
+ else
+ {
+ return Descriptor->Sacl;
+ }
+}
+
+#ifndef RTL_H
/* SID Authorities */
extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority;
extern PSID SeAuthenticatedUsersSid;
extern PSID SeRestrictedSid;
extern PSID SeAnonymousLogonSid;
+extern PSID SeLocalServiceSid;
+extern PSID SeNetworkServiceSid;
/* Privileges */
-extern LUID SeCreateTokenPrivilege;
-extern LUID SeAssignPrimaryTokenPrivilege;
-extern LUID SeLockMemoryPrivilege;
-extern LUID SeIncreaseQuotaPrivilege;
-extern LUID SeUnsolicitedInputPrivilege;
-extern LUID SeTcbPrivilege;
-extern LUID SeSecurityPrivilege;
-extern LUID SeTakeOwnershipPrivilege;
-extern LUID SeLoadDriverPrivilege;
-extern LUID SeCreatePagefilePrivilege;
-extern LUID SeIncreaseBasePriorityPrivilege;
-extern LUID SeSystemProfilePrivilege;
-extern LUID SeSystemtimePrivilege;
-extern LUID SeProfileSingleProcessPrivilege;
-extern LUID SeCreatePermanentPrivilege;
-extern LUID SeBackupPrivilege;
-extern LUID SeRestorePrivilege;
-extern LUID SeShutdownPrivilege;
-extern LUID SeDebugPrivilege;
-extern LUID SeAuditPrivilege;
-extern LUID SeSystemEnvironmentPrivilege;
-extern LUID SeChangeNotifyPrivilege;
-extern LUID SeRemoteShutdownPrivilege;
-extern LUID SeUndockPrivilege;
-extern LUID SeSyncAgentPrivilege;
-extern LUID SeEnableDelegationPrivilege;
+extern const LUID SeCreateTokenPrivilege;
+extern const LUID SeAssignPrimaryTokenPrivilege;
+extern const LUID SeLockMemoryPrivilege;
+extern const LUID SeIncreaseQuotaPrivilege;
+extern const LUID SeUnsolicitedInputPrivilege;
+extern const LUID SeTcbPrivilege;
+extern const LUID SeSecurityPrivilege;
+extern const LUID SeTakeOwnershipPrivilege;
+extern const LUID SeLoadDriverPrivilege;
+extern const LUID SeSystemProfilePrivilege;
+extern const LUID SeSystemtimePrivilege;
+extern const LUID SeProfileSingleProcessPrivilege;
+extern const LUID SeIncreaseBasePriorityPrivilege;
+extern const LUID SeCreatePagefilePrivilege;
+extern const LUID SeCreatePermanentPrivilege;
+extern const LUID SeBackupPrivilege;
+extern const LUID SeRestorePrivilege;
+extern const LUID SeShutdownPrivilege;
+extern const LUID SeDebugPrivilege;
+extern const LUID SeAuditPrivilege;
+extern const LUID SeSystemEnvironmentPrivilege;
+extern const LUID SeChangeNotifyPrivilege;
+extern const LUID SeRemoteShutdownPrivilege;
+extern const LUID SeUndockPrivilege;
+extern const LUID SeSyncAgentPrivilege;
+extern const LUID SeEnableDelegationPrivilege;
+extern const LUID SeManageVolumePrivilege;
+extern const LUID SeImpersonatePrivilege;
+extern const LUID SeCreateGlobalPrivilege;
+extern const LUID SeTrustedCredmanPrivilege;
+extern const LUID SeRelabelPrivilege;
+extern const LUID SeIncreaseWorkingSetPrivilege;
+extern const LUID SeTimeZonePrivilege;
+extern const LUID SeCreateSymbolicLinkPrivilege;
/* DACLs */
extern PACL SePublicDefaultUnrestrictedDacl;
extern PSECURITY_DESCRIPTOR SeSystemDefaultSd;
extern PSECURITY_DESCRIPTOR SeUnrestrictedSd;
-/* Functions */
+
+#define SepAcquireTokenLockExclusive(Token) \
+{ \
+ KeEnterCriticalRegion(); \
+ ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE); \
+}
+#define SepAcquireTokenLockShared(Token) \
+{ \
+ KeEnterCriticalRegion(); \
+ ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE); \
+}
+
+#define SepReleaseTokenLock(Token) \
+{ \
+ ExReleaseResource(((PTOKEN)Token)->TokenLock); \
+ KeLeaveCriticalRegion(); \
+}
+
+//
+// Token Functions
+//
BOOLEAN
NTAPI
-SeInitSystem(VOID);
+SepTokenIsOwner(
+ IN PACCESS_TOKEN _Token,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN BOOLEAN TokenLocked
+);
BOOLEAN
NTAPI
-SeInitSRM(VOID);
+SepSidInToken(
+ IN PACCESS_TOKEN _Token,
+ IN PSID Sid
+);
+
+BOOLEAN
+NTAPI
+SepSidInTokenEx(
+ IN PACCESS_TOKEN _Token,
+ IN PSID PrincipalSelfSid,
+ IN PSID _Sid,
+ IN BOOLEAN Deny,
+ IN BOOLEAN Restricted
+);
+
+/* Functions */
+BOOLEAN
+NTAPI
+SeInitSystem(VOID);
VOID
NTAPI
KPROCESSOR_MODE PreviousMode
);
+NTSTATUS
+NTAPI
+SePrivilegePolicyCheck(
+ _Inout_ PACCESS_MASK DesiredAccess,
+ _Inout_ PACCESS_MASK GrantedAccess,
+ _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
+ _In_ PTOKEN Token,
+ _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet,
+ _In_ KPROCESSOR_MODE PreviousMode);
+
+BOOLEAN
+NTAPI
+SeCheckPrivilegedObject(
+ IN LUID PrivilegeValue,
+ IN HANDLE ObjectHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN KPROCESSOR_MODE PreviousMode
+);
+
NTSTATUS
NTAPI
SepDuplicateToken(
IN BOOLEAN CaptureIfKernel
);
+NTSTATUS
+NTAPI
+SeCaptureSidAndAttributesArray(
+ _In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes,
+ _In_ ULONG AttributeCount,
+ _In_ KPROCESSOR_MODE PreviousMode,
+ _In_opt_ PVOID AllocatedMem,
+ _In_ ULONG AllocatedLength,
+ _In_ POOL_TYPE PoolType,
+ _In_ BOOLEAN CaptureIfKernel,
+ _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes,
+ _Out_ PULONG ResultLength);
+
+VOID
+NTAPI
+SeReleaseSidAndAttributesArray(
+ _In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes,
+ _In_ KPROCESSOR_MODE AccessMode,
+ _In_ BOOLEAN CaptureIfKernel);
+
NTSTATUS
NTAPI
SepCaptureAcl(
IN BOOLEAN CaptureIfKernel
);
+NTSTATUS
+SepPropagateAcl(
+ _Out_writes_bytes_opt_(DaclLength) PACL AclDest,
+ _Inout_ PULONG AclLength,
+ _In_reads_bytes_(AclSource->AclSize) PACL AclSource,
+ _In_ PSID Owner,
+ _In_ PSID Group,
+ _In_ BOOLEAN IsInherited,
+ _In_ BOOLEAN IsDirectoryObject,
+ _In_ PGENERIC_MAPPING GenericMapping);
+
+PACL
+SepSelectAcl(
+ _In_opt_ PACL ExplicitAcl,
+ _In_ BOOLEAN ExplicitPresent,
+ _In_ BOOLEAN ExplicitDefaulted,
+ _In_opt_ PACL ParentAcl,
+ _In_opt_ PACL DefaultAcl,
+ _Out_ PULONG AclLength,
+ _In_ PSID Owner,
+ _In_ PSID Group,
+ _Out_ PBOOLEAN AclPresent,
+ _Out_ PBOOLEAN IsInherited,
+ _In_ BOOLEAN IsDirectoryObject,
+ _In_ PGENERIC_MAPPING GenericMapping);
+
NTSTATUS
NTAPI
SeDefaultObjectMethod(
OUT PACCESS_TOKEN* NewToken
);
-#define SepAcquireTokenLockExclusive(Token) \
- do { \
- KeEnterCriticalRegion(); \
- ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE); \
- while(0)
-
-#define SepAcquireTokenLockShared(Token) \
- do { \
- KeEnterCriticalRegion(); \
- ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE); \
- while(0)
-
-#define SepReleaseTokenLock(Token) \
- do { \
- ExReleaseResource(((PTOKEN)Token)->TokenLock); \
- KeLeaveCriticalRegion(); \
- while(0)
-
VOID NTAPI
SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
OUT PACCESS_MASK DesiredAccess);
SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
OUT PACCESS_MASK DesiredAccess);
+BOOLEAN
+NTAPI
+SeFastTraverseCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+ IN PACCESS_STATE AccessState,
+ IN ACCESS_MASK DesiredAccess,
+ IN KPROCESSOR_MODE AccessMode);
+
+BOOLEAN
+NTAPI
+SeCheckAuditPrivilege(
+ _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
+ _In_ KPROCESSOR_MODE PreviousMode);
+
+VOID
+NTAPI
+SePrivilegedServiceAuditAlarm(
+ _In_opt_ PUNICODE_STRING ServiceName,
+ _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
+ _In_ PPRIVILEGE_SET PrivilegeSet,
+ _In_ BOOLEAN AccessGranted);
+
+#endif
+
/* EOF */