extern PACL SePublicOpenUnrestrictedDacl;
extern PACL SeUnrestrictedDacl;
+/* SDs */
+extern PSECURITY_DESCRIPTOR SePublicDefaultSd;
+extern PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd;
+extern PSECURITY_DESCRIPTOR SePublicOpenSd;
+extern PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd;
+extern PSECURITY_DESCRIPTOR SeSystemDefaultSd;
+extern PSECURITY_DESCRIPTOR SeUnrestrictedSd;
+
/* Functions */
BOOLEAN SeInit1(VOID);
BOOLEAN SeInit2(VOID);
+BOOLEAN SeInitSRM(VOID);
VOID SepInitLuid(VOID);
VOID SepInitPrivileges(VOID);
BOOLEAN SepInitDACLs(VOID);
BOOLEAN SepInitSDs(VOID);
+NTSTATUS STDCALL
+SepCreateImpersonationTokenDacl(PTOKEN Token,
+ PTOKEN PrimaryToken,
+ PACL *Dacl);
+
VOID SepInitializeTokenImplementation(VOID);
+NTSTATUS SepCreateSystemProcessToken(struct _EPROCESS* Process);
+NTSTATUS SepInitializeNewProcess(struct _EPROCESS* NewProcess,
+ struct _EPROCESS* ParentProcess);
NTSTATUS SeExchangePrimaryToken(struct _EPROCESS* Process,
PACCESS_TOKEN NewToken,
PACCESS_TOKEN* OldTokenP);
-NTSTATUS SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
- ULONG PrivilegeCount,
- KPROCESSOR_MODE PreviousMode,
- PLUID_AND_ATTRIBUTES AllocatedMem,
- ULONG AllocatedLength,
- POOL_TYPE PoolType,
- ULONG d,
- PLUID_AND_ATTRIBUTES* Dest,
- PULONG Length);
-
+NTSTATUS
+SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
+ ULONG PrivilegeCount,
+ KPROCESSOR_MODE PreviousMode,
+ PLUID_AND_ATTRIBUTES AllocatedMem,
+ ULONG AllocatedLength,
+ POOL_TYPE PoolType,
+ ULONG d,
+ PLUID_AND_ATTRIBUTES* Dest,
+ PULONG Length);
+
+VOID
+SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege,
+ KPROCESSOR_MODE PreviousMode,
+ ULONG a);
+
+BOOLEAN
+SepPrivilegeCheck(PTOKEN Token,
+ PLUID_AND_ATTRIBUTES Privileges,
+ ULONG PrivilegeCount,
+ ULONG PrivilegeControl,
+ KPROCESSOR_MODE PreviousMode);
+
+NTSTATUS
+SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+ IN KPROCESSOR_MODE AccessMode,
+ IN POOL_TYPE PoolType,
+ IN BOOLEAN CaptureIfKernel,
+ OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService,
+ OUT PBOOLEAN Present);
+
+VOID
+SepReleaseSecurityQualityOfService(IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL,
+ IN KPROCESSOR_MODE AccessMode,
+ IN BOOLEAN CaptureIfKernel);
+
+NTSTATUS
+SepCaptureSid(IN PSID InputSid,
+ IN KPROCESSOR_MODE AccessMode,
+ IN POOL_TYPE PoolType,
+ IN BOOLEAN CaptureIfKernel,
+ OUT PSID *CapturedSid);
+
+VOID
+SepReleaseSid(IN PSID CapturedSid,
+ IN KPROCESSOR_MODE AccessMode,
+ IN BOOLEAN CaptureIfKernel);
+
+NTSTATUS
+SepCaptureAcl(IN PACL InputAcl,
+ IN KPROCESSOR_MODE AccessMode,
+ IN POOL_TYPE PoolType,
+ IN BOOLEAN CaptureIfKernel,
+ OUT PACL *CapturedAcl);
+
+VOID
+SepReleaseAcl(IN PACL CapturedAcl,
+ IN KPROCESSOR_MODE AccessMode,
+ IN BOOLEAN CaptureIfKernel);
+
+#define SepAcquireTokenLockExclusive(Token) \
+ do { \
+ KeEnterCriticalRegion(); \
+ ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE); \
+ while(0)
+
+#define SepAcquireTokenLockShared(Token) \
+ do { \
+ KeEnterCriticalRegion(); \
+ ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE); \
+ while(0)
+
+#define SepReleaseTokenLock(Token) \
+ do { \
+ ExReleaseResource(((PTOKEN)Token)->TokenLock); \
+ KeLeaveCriticalRegion(); \
+ while(0)
#endif /* __NTOSKRNL_INCLUDE_INTERNAL_SE_H */