archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/base/ntos/se/sep.h

759 lines
18 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1989 Microsoft Corporation
  5. Module Name:
  7. sep.h
  9. Abstract:
  11. This module contains the internal (private) declarations needed by the
  12. Kernel mode security routines.
  14. Author:
  16. Gary Kimura (GaryKi) 31-Mar-1989
  17. Jim Kelly (JimK) 2-Mar-1990
  19. Revision History:
  22. --*/
  24. #ifndef _SEP_
  25. #define _SEP_
  27. #include "ntos.h"
  28. #include <ntrmlsa.h>
  29. #include "seopaque.h"
  33. /////////////////////////////////////////////////////////////////////////
  34. // //
  35. // SE Diagnostics //
  36. // //
  37. /////////////////////////////////////////////////////////////////////////
  41. #if DBG
  42. #define SE_DIAGNOSTICS_ENABLED 1
  43. #endif // DBG
  46. //
  47. // These definitions are useful diagnostics aids
  48. //
  50. #if SE_DIAGNOSTICS_ENABLED
  52. //
  53. // Test for enabled diagnostic
  54. //
  56. #define IF_SE_GLOBAL( FlagName ) \
  57. if (SeGlobalFlag & (SE_DIAG_##FlagName))
  59. //
  60. // Diagnostics print statement
  61. //
  63. #define SeDiagPrint( FlagName, _Text_ ) \
  64. IF_SE_GLOBAL( FlagName ) \
  65. DbgPrint _Text_
  68. #else
  70. //
  71. // diagnostics not enabled - No diagnostics included in build
  72. //
  75. //
  76. // Test for diagnostics enabled
  77. //
  79. #define IF_SE_GLOBAL( FlagName ) if (FALSE)
  81. //
  82. // Diagnostics print statement (expands to no-op)
  83. //
  85. #define SeDiagPrint( FlagName, _Text_ ) ;
  87. #endif // SE_DIAGNOSTICS_ENABLED
  92. //
  93. // The following flags enable or disable various diagnostic
  94. // capabilities within SE code. These flags are set in
  95. // SeGlobalFlag (only available within a DBG system).
  96. //
  97. // SD_TRACKING - Display information about create/deletion of
  98. // shared security descriptors
  99. //
  100. //
  102. #define SE_DIAG_SD_TRACKING ((ULONG) 0x00000001L)
  108. //
  109. // Control flag manipulation macros
  110. //
  112. //
  113. // Macro to query whether or not control flags ALL on
  114. // or not (ie, returns FALSE if any of the flags are not set)
  115. //
  117. #define SepAreFlagsSet( Mask, Bits ) \
  118. ( \
  119. ((Mask) & ( Bits )) == ( Bits ) \
  120. )
  122. //
  123. // Macro to set the specified control bits in the given Security Descriptor
  124. //
  126. #define SepSetFlags( Mask, Bits ) \
  127. ( \
  128. ( Mask ) |= ( Bits ) \
  129. )
  131. //
  132. // Macro to clear the passed control bits in the given Security Descriptor
  133. //
  135. #define SepClearFlags( Mask, Bits ) \
  136. ( \
  137. ( Mask ) &= ~( Bits ) \
  138. )
  143. //
  144. // Macro to determine the size of a PRIVILEGE_SET
  145. //
  147. #define SepPrivilegeSetSize( PrivilegeSet ) \
  148. ( ( PrivilegeSet ) == NULL ? 0 : \
  149. ((( PrivilegeSet )->PrivilegeCount > 0) \
  150. ? \
  151. ((ULONG)sizeof(PRIVILEGE_SET) + \
  152. ( \
  153. (( PrivilegeSet )->PrivilegeCount - ANYSIZE_ARRAY) * \
  154. (ULONG)sizeof(LUID_AND_ATTRIBUTES) \
  155. ) \
  156. ) \
  157. : ((ULONG)sizeof(PRIVILEGE_SET) - (ULONG)sizeof(LUID_AND_ATTRIBUTES)) \
  158. ))
  161. //
  162. // Return the effective token from a SecurityContext
  163. //
  165. #define EffectiveToken( SubjectSecurityContext ) ( \
  166. (SubjectSecurityContext)->ClientToken ? \
  167. (SubjectSecurityContext)->ClientToken : \
  168. (SubjectSecurityContext)->PrimaryToken \
  169. ) \
  172. //
  173. // Return a pointer to the Sid of the User of a given token
  174. //
  176. #define SepTokenUserSid( Token ) ((PTOKEN)(Token))->UserAndGroups->Sid
  179. //
  180. // Return the AuthenticationId from a given token
  181. //
  183. #define SepTokenAuthenticationId( Token ) (((PTOKEN)(Token))->AuthenticationId)
  187. //
  188. //
  189. // BOOLEAN
  190. // SepBadImpersonationLevel(
  191. // IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
  192. // IN BOOLEAN ServerIsRemote
  193. // )
  194. //
  195. // Routine Description:
  196. //
  197. // Determine whether a client is trying to impersonate innappropriately
  198. // This routine should only be called if a thread requesting impersonation
  199. // is itself already impersonating a client of its own. This routine
  200. // indicates whether the client is attempting to violate the level of
  201. // impersonation granted to it by its client.
  202. //
  203. // Arguments:
  204. //
  205. // ImpersonationLevel - Is the impersonation level of the client's
  206. // effective token.
  207. //
  208. // ServerIsRemote - Is a boolean flag indicating whether the client
  209. // is requesting impersonation services to a remote system. TRUE
  210. // indicates the session is a remote session, FALSE indicates the
  211. // session is a local session. Delegation level is necessary to
  212. // achieve a remote session.
  213. //
  214. // Return Value:
  215. //
  216. // TRUE - Indicates that the impersonation level of the client's client
  217. // token is innapropriate for the attempted impersonation.
  218. // An error (STATUS_BAD_IMPERSONATION_LEVEL) should be generated.
  219. //
  220. // FALSE - Indicates the impersonation attempt is not bad, and should
  221. // be allowed.
  222. //
  223. //
  225. #define SepBadImpersonationLevel(IL,SIR) (( \
  226. ((IL) == SecurityAnonymous) || ((IL) == SecurityIdentification) || \
  227. ( (SIR) && ((IL) != SecurityDelegation) ) \
  228. ) ? TRUE : FALSE )
  232. //++
  233. //
  234. // BOOL
  235. // IsValidElementCount(
  236. // IN ULONG Count,
  237. // IN <STRUCTURE>
  238. // );
  239. //
  240. //--
  242. #define IsValidElementCount( Count, STRUCTURE ) \
  243. ( Count < ( (ULONG_PTR) ( (PUCHAR) ( (PUCHAR) (LONG_PTR)(LONG)0xFFFFFFFF - (PUCHAR) MM_SYSTEM_RANGE_START ) + 1 ) \
  244. / sizeof( STRUCTURE ) ) )
  247. #define SEP_MAX_PRIVILEGE_COUNT (SE_MAX_WELL_KNOWN_PRIVILEGE-SE_MIN_WELL_KNOWN_PRIVILEGE+32)
  249. #define IsValidPrivilegeCount( count ) ((count == 0) || \
  250. ((count > 0) && \
  251. (count <= SEP_MAX_PRIVILEGE_COUNT)))
  253. //
  254. // the object type list limit is chosen arbitrarily
  255. //
  256. #define SEP_MAX_OBJECT_TYPE_LIST_COUNT 4096
  258. #define IsValidObjectTypeListCount( count ) \
  259. ((count == 0) || \
  260. (count <= SEP_MAX_OBJECT_TYPE_LIST_COUNT))
  262. #define IsInRange(item,min_val,max_val) \
  263. (((item) >= min_val) && ((item) <= max_val))
  265. //
  266. // see msaudite.mc for def. of valid category-id
  267. //
  268. #define IsValidCategoryId(c) \
  269. (IsInRange((c), SE_ADT_MIN_CATEGORY_ID, SE_ADT_MAX_CATEGORY_ID))
  271. //
  272. // see msaudite.mc for def. of valid audit-id
  273. //
  275. #define IsValidAuditId(a) \
  276. (IsInRange((a), SE_ADT_MIN_AUDIT_ID, SE_ADT_MAX_AUDIT_ID))
  278. //
  279. // check for reasonable value of parameter count. we must have atleast
  280. // 2 parameters in the audit-params array. Thus the min limit is 3.
  281. // The max limit is determined by the value in ntlsa.h
  282. //
  284. #define IsValidParameterCount(p) \
  285. (IsInRange((p), 2, SE_MAX_AUDIT_PARAMETERS))
  291. ///////////////////////////////////////////////////////////////////////////
  292. // //
  293. // Constants //
  294. // //
  295. ///////////////////////////////////////////////////////////////////////////
  297. #define SEP_MAX_GROUP_COUNT 4096
  300. ///////////////////////////////////////////////////////////////////////////
  301. // //
  302. // Private Data types //
  303. // //
  304. ///////////////////////////////////////////////////////////////////////////
  307. extern HANDLE SepLsaHandle;
  309. //extern BOOLEAN SepAuditShutdownEvents;
  311. //
  312. // Spinlock protecting the queue of work being passed to LSA
  313. //
  315. extern ERESOURCE SepLsaQueueLock;
  317. extern ULONG SepLsaQueueLength;
  319. //
  320. // Doubly linked list of work items queued to worker threads.
  321. //
  323. extern LIST_ENTRY SepLsaQueue;
  326. extern LONG SepTokenPolicyCounter[POLICY_AUDIT_EVENT_TYPE_COUNT];
  328. // #define SepAcquireTokenReadLock(T) KeEnterCriticalRegion(); \
  329. // ExAcquireResourceSharedLite(&SepTokenLock, TRUE)
  331. #define SepLockLsaQueue() KeEnterCriticalRegion(); \
  332. ExAcquireResourceExclusiveLite(&SepLsaQueueLock, TRUE)
  334. #define SepUnlockLsaQueue() ExReleaseResourceLite(&SepLsaQueueLock); \
  335. KeLeaveCriticalRegion()
  337. #define SepWorkListHead() ((PSEP_LSA_WORK_ITEM)(&SepLsaQueue)->Flink)
  339. #define SepWorkListEmpty() (IsListEmpty (&SepLsaQueue))
  341. #ifndef ExAllocatePool
  342. #define ExAllocatePool(a,b) ExAllocatePoolWithTag(a,b,' eS')
  343. #endif
  344. #ifndef ExAllocatePoolWithQuota
  345. #define ExAllocatePoolWithQuota(a,b) ExAllocatePoolWithQuotaTag(a,b,' eS')
  346. #endif
  348. typedef
  349. VOID
  350. (*PSEP_LSA_WORKER_CLEANUP_ROUTINE)(
  351. IN PVOID Parameter
  352. );
  355. typedef enum _SEP_LSA_WORK_ITEM_TAG {
  356. SepDeleteLogon,
  357. SepAuditRecord
  358. } SEP_LSA_WORK_ITEM_TAG, *PSEP_LSA_WORK_ITEM_TAG;
  364. typedef struct _SEP_LSA_WORK_ITEM {
  366. //
  367. // This field must be the first field of this structure
  368. //
  370. LIST_ENTRY List;
  372. //
  373. // Command Params Memory type
  374. //
  376. SEP_RM_LSA_MEMORY_TYPE CommandParamsMemoryType;
  378. //
  379. // Tag describing what kind of structure we've got
  380. //
  382. SEP_LSA_WORK_ITEM_TAG Tag;
  384. //
  385. // The following union contains the data to be passed
  386. // to LSA.
  387. //
  389. union {
  391. PVOID BaseAddress;
  392. LUID LogonId;
  394. } CommandParams;
  396. //
  397. // These fields must be filled in by the caller of SepRmCallLsa
  398. //
  400. LSA_COMMAND_NUMBER CommandNumber;
  401. ULONG CommandParamsLength;
  402. PVOID ReplyBuffer;
  403. ULONG ReplyBufferLength;
  405. //
  406. // CleanupFunction (if specified) will be called with CleanupParameter
  407. // as its argument before the SEP_LSA_WORK_ITEM is freed by SepRmCallLsa
  408. //
  410. PSEP_LSA_WORKER_CLEANUP_ROUTINE CleanupFunction;
  411. PVOID CleanupParameter;
  413. } SEP_LSA_WORK_ITEM, *PSEP_LSA_WORK_ITEM;
  416. typedef struct _SEP_WORK_ITEM {
  418. WORK_QUEUE_ITEM WorkItem;
  420. } SEP_WORK_ITEM, *PSEP_WORK_ITEM;
  422. //
  423. // Each logon session active in the system has a corresponding record of
  424. // the following type...
  425. //
  427. typedef struct _SEP_LOGON_SESSION_REFERENCES {
  428. struct _SEP_LOGON_SESSION_REFERENCES *Next;
  429. LUID LogonId;
  430. ULONG ReferenceCount;
  431. ULONG Flags;
  432. PDEVICE_MAP pDeviceMap;
  433. #if DBG || TOKEN_LEAK_MONITOR
  434. LIST_ENTRY TokenList;
  435. #endif
  436. } SEP_LOGON_SESSION_REFERENCES, *PSEP_LOGON_SESSION_REFERENCES;
  439. extern SEP_WORK_ITEM SepExWorkItem;
  446. ///////////////////////////////////////////////////////////////////////////
  447. // //
  448. // Private Routines //
  449. // //
  450. ///////////////////////////////////////////////////////////////////////////
  452. BOOLEAN
  453. SepDevelopmentTest( VOID ); //Used only for development testing
  456. BOOLEAN
  457. SepInitializationPhase0( VOID );
  459. BOOLEAN
  460. SepInitializationPhase1( VOID );
  462. BOOLEAN
  463. SepVariableInitialization( VOID );
  465. NTSTATUS
  466. SepCreateToken(
  467. OUT PHANDLE TokenHandle,
  468. IN KPROCESSOR_MODE RequestorMode,
  469. IN ACCESS_MASK DesiredAccess,
  470. IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
  471. IN TOKEN_TYPE TokenType,
  472. IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel OPTIONAL,
  473. IN PLUID AuthenticationId,
  474. IN PLARGE_INTEGER ExpirationTime,
  475. IN PSID_AND_ATTRIBUTES User,
  476. IN ULONG GroupCount,
  477. IN PSID_AND_ATTRIBUTES Groups,
  478. IN ULONG GroupsLength,
  479. IN ULONG PrivilegeCount,
  480. IN PLUID_AND_ATTRIBUTES Privileges,
  481. IN PSID Owner OPTIONAL,
  482. IN PSID PrimaryGroup,
  483. IN PACL DefaultDacl OPTIONAL,
  484. IN PTOKEN_SOURCE TokenSource,
  485. IN BOOLEAN SystemToken,
  486. IN PSECURITY_TOKEN_PROXY_DATA ProxyData OPTIONAL,
  487. IN PSECURITY_TOKEN_AUDIT_DATA AuditData OPTIONAL
  488. );
  490. NTSTATUS
  491. SepReferenceLogonSession(
  492. IN PLUID LogonId,
  493. OUT PSEP_LOGON_SESSION_REFERENCES *ReturnSession
  494. );
  496. VOID
  497. SepDeReferenceLogonSession(
  498. IN PLUID LogonId
  499. );
  501. #define TOKEN_LEAK_MONITOR 0
  502. #if DBG || TOKEN_LEAK_MONITOR
  504. VOID
  505. SepAddTokenLogonSession(
  506. IN PACCESS_TOKEN Token
  507. );
  509. VOID
  510. SepRemoveTokenLogonSession(
  511. IN PACCESS_TOKEN Token
  512. );
  514. extern LONG SepTokenLeakMethodCount;
  515. extern LONG SepTokenLeakBreakCount;
  516. extern LONG SepTokenLeakMethodWatch;
  517. extern PVOID SepTokenLeakToken;
  518. extern HANDLE SepTokenLeakProcessCid;
  519. extern BOOLEAN SepTokenLeakTracking;
  521. #endif
  523. VOID
  524. SepLockSubjectContext(
  525. IN PSECURITY_SUBJECT_CONTEXT SubjectContext
  526. );
  528. VOID
  529. SepFreeSubjectContext(
  530. IN PSECURITY_SUBJECT_CONTEXT SubjectContext
  531. );
  533. VOID
  534. SepGetDefaultsSubjectContext(
  535. IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
  536. OUT PSID *Owner,
  537. OUT PSID *Group,
  538. OUT PSID *ServerOwner,
  539. OUT PSID *ServerGroup,
  540. OUT PACL *Dacl
  541. );
  543. BOOLEAN
  544. SepValidOwnerSubjectContext(
  545. IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
  546. IN PSID Owner,
  547. IN BOOLEAN ServerObject
  548. );
  550. BOOLEAN
  551. SepIdAssignableAsGroup(
  552. IN PACCESS_TOKEN Token,
  553. IN PSID Group
  554. );
  556. BOOLEAN
  557. SepCheckAcl (
  558. IN PACL Acl,
  559. IN ULONG Length
  560. );
  562. BOOLEAN
  563. SepAuditAlarm (
  564. IN PUNICODE_STRING SubsystemName,
  565. IN PVOID HandleId,
  566. IN PUNICODE_STRING ObjectTypeName,
  567. IN PUNICODE_STRING ObjectName,
  568. IN PSECURITY_DESCRIPTOR SecurityDescriptor,
  569. IN ACCESS_MASK DesiredAccess,
  570. IN BOOLEAN ObjectCreation,
  571. IN ACCESS_MASK GrantedAccess,
  572. OUT PBOOLEAN GenerateOnClose
  573. );
  575. BOOLEAN
  576. SepSinglePrivilegeCheck (
  577. LUID DesiredPrivilege,
  578. IN PACCESS_TOKEN EffectiveToken,
  579. IN KPROCESSOR_MODE PreviousMode
  580. );
  582. NTSTATUS
  583. SepRmCallLsa(
  584. PSEP_WORK_ITEM SepWorkItem
  585. );
  587. BOOLEAN
  588. SepInitializeWorkList(
  589. VOID
  590. );
  592. BOOLEAN
  593. SepRmInitPhase0(
  594. );
  596. VOID
  597. SepConcatenatePrivileges(
  598. IN PPRIVILEGE_SET TargetPrivilegeSet,
  599. IN ULONG TargetBufferSize,
  600. IN PPRIVILEGE_SET SourcePrivilegeSet
  601. );
  603. BOOLEAN
  604. SepTokenIsOwner(
  605. IN PACCESS_TOKEN Token,
  606. IN PSECURITY_DESCRIPTOR SecurityDescriptor,
  607. IN BOOLEAN TokenLocked
  608. );
  610. #if DBG
  611. VOID
  612. SepPrintAcl (
  613. IN PACL Acl
  614. );
  616. VOID
  617. SepPrintSid(
  618. IN PSID Sid
  619. );
  621. VOID
  622. SepDumpSecurityDescriptor(
  623. IN PSECURITY_DESCRIPTOR SecurityDescriptor,
  624. IN PSZ TitleString
  625. );
  627. BOOLEAN
  628. SepSidTranslation(
  629. PSID Sid,
  630. PSTRING AccountName
  631. );
  633. VOID
  634. SepDumpTokenInfo(
  635. IN PACCESS_TOKEN Token
  636. );
  638. VOID
  639. SepDumpString(
  640. IN PUNICODE_STRING String
  641. );
  642. #endif //DBG
  644. BOOLEAN
  645. SepSidInToken (
  646. IN PACCESS_TOKEN Token,
  647. IN PSID PrincipalSelfSid,
  648. IN PSID Sid,
  649. IN BOOLEAN DenyAce
  650. );
  653. VOID
  654. SepExamineSacl(
  655. IN PACL Sacl,
  656. IN PACCESS_TOKEN Token,
  657. IN ACCESS_MASK DesiredAccess,
  658. IN BOOLEAN AccessGranted,
  659. OUT PBOOLEAN GenerateAudit,
  660. OUT PBOOLEAN GenerateAlarm
  661. );
  664. VOID
  665. SepCopyString (
  666. IN PUNICODE_STRING SourceString,
  667. OUT PUNICODE_STRING *DestString
  668. );
  670. VOID
  671. SepAssemblePrivileges(
  672. IN ULONG PrivilegeCount,
  673. IN BOOLEAN SystemSecurity,
  674. IN BOOLEAN WriteOwner,
  675. OUT PPRIVILEGE_SET *Privileges
  676. );
  679. PUNICODE_STRING
  680. SepQueryTypeString(
  681. IN PVOID Object
  682. );
  685. POBJECT_NAME_INFORMATION
  686. SepQueryNameString(
  687. IN PVOID Object
  688. );
  690. BOOLEAN
  691. SepFilterPrivilegeAudits(
  692. IN PPRIVILEGE_SET PrivilegeSet
  693. );
  695. BOOLEAN
  696. SepQueueWorkItem(
  697. IN PSEP_LSA_WORK_ITEM LsaWorkItem,
  698. IN BOOLEAN ForceQueue
  699. );
  701. PSEP_LSA_WORK_ITEM
  702. SepDequeueWorkItem(
  703. VOID
  704. );
  706. VOID
  707. SepAdtGenerateDiscardAudit(
  708. VOID
  709. );
  711. BOOLEAN
  712. SepAdtValidateAuditBounds(
  713. ULONG Upper,
  714. ULONG Lower
  715. );
  717. NTSTATUS
  718. SepAdtInitializeCrashOnFail(
  719. VOID
  720. );
  722. BOOLEAN
  723. SepAdtInitializePrivilegeAuditing(
  724. VOID
  725. );
  727. NTSTATUS
  728. SepCopyProxyData (
  729. OUT PSECURITY_TOKEN_PROXY_DATA * DestProxyData,
  730. IN PSECURITY_TOKEN_PROXY_DATA SourceProxyData
  731. );
  733. VOID
  734. SepFreeProxyData (
  735. IN PSECURITY_TOKEN_PROXY_DATA ProxyData
  736. );
  738. NTSTATUS
  739. SepProbeAndCaptureQosData(
  740. IN PSECURITY_ADVANCED_QUALITY_OF_SERVICE CapturedSecurityQos
  741. );
  743. VOID
  744. SepAuditAssignPrimaryToken(
  745. IN PEPROCESS Process,
  746. IN PACCESS_TOKEN NewAccessToken
  747. );
  749. BOOLEAN
  750. SepAdtAuditThisEventWithContext(
  751. IN POLICY_AUDIT_EVENT_TYPE Category,
  752. IN BOOLEAN AccessGranted,
  753. IN BOOLEAN AccessDenied,
  754. IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL
  755. );
  759. #endif // _SEP_