You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1876 lines
48 KiB
1876 lines
48 KiB
/*++ BUILD Version: 0011 // Increment this if a change has global effects
|
|
|
|
Copyright (c) 1989 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
se.h
|
|
|
|
Abstract:
|
|
|
|
This module contains the Security routines that are only callable
|
|
from kernel mode.
|
|
|
|
This file is included by including "ntos.h".
|
|
|
|
Author:
|
|
|
|
Gary Kimura (GaryKi) 09-Mar-1989
|
|
|
|
Revision History:
|
|
|
|
|
|
|
|
--*/
|
|
|
|
#ifndef _SE_
|
|
#define _SE_
|
|
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
// //
|
|
// Kernel mode only data structures //
|
|
// Opaque security data structures are defined in seopaque.h //
|
|
// //
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
|
|
// begin_ntddk begin_wdm begin_nthal begin_ntifs begin_ntosp
|
|
//
|
|
// Security operation codes
|
|
//
|
|
|
|
typedef enum _SECURITY_OPERATION_CODE {
|
|
SetSecurityDescriptor,
|
|
QuerySecurityDescriptor,
|
|
DeleteSecurityDescriptor,
|
|
AssignSecurityDescriptor
|
|
} SECURITY_OPERATION_CODE, *PSECURITY_OPERATION_CODE;
|
|
|
|
// end_ntddk end_wdm end_nthal end_ntifs end_ntosp
|
|
|
|
|
|
|
|
//
|
|
// Default security quota
|
|
//
|
|
// This is the minimum amount of quota (in bytes) that will be
|
|
// charged for security information for an object that has
|
|
// security.
|
|
//
|
|
|
|
#define SE_DEFAULT_SECURITY_QUOTA 2048
|
|
|
|
// begin_ntifs
|
|
//
|
|
// Token Flags
|
|
//
|
|
// Flags that may be defined in the TokenFlags field of the token object,
|
|
// or in an ACCESS_STATE structure
|
|
//
|
|
|
|
#define TOKEN_HAS_TRAVERSE_PRIVILEGE 0x01
|
|
#define TOKEN_HAS_BACKUP_PRIVILEGE 0x02
|
|
#define TOKEN_HAS_RESTORE_PRIVILEGE 0x04
|
|
#define TOKEN_HAS_ADMIN_GROUP 0x08
|
|
#define TOKEN_IS_RESTRICTED 0x10
|
|
#define TOKEN_SESSION_NOT_REFERENCED 0x20
|
|
#define TOKEN_SANDBOX_INERT 0x40
|
|
#define TOKEN_HAS_IMPERSONATE_PRIVILEGE 0x80
|
|
|
|
// end_ntifs
|
|
|
|
|
|
//
|
|
// General flag
|
|
//
|
|
|
|
#define SE_BACKUP_PRIVILEGES_CHECKED 0x00000010
|
|
|
|
|
|
|
|
|
|
// begin_ntddk begin_wdm begin_nthal begin_ntifs begin_ntosp
|
|
//
|
|
// Data structure used to capture subject security context
|
|
// for access validations and auditing.
|
|
//
|
|
// THE FIELDS OF THIS DATA STRUCTURE SHOULD BE CONSIDERED OPAQUE
|
|
// BY ALL EXCEPT THE SECURITY ROUTINES.
|
|
//
|
|
|
|
typedef struct _SECURITY_SUBJECT_CONTEXT {
|
|
PACCESS_TOKEN ClientToken;
|
|
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel;
|
|
PACCESS_TOKEN PrimaryToken;
|
|
PVOID ProcessAuditId;
|
|
} SECURITY_SUBJECT_CONTEXT, *PSECURITY_SUBJECT_CONTEXT;
|
|
|
|
// end_ntddk end_wdm end_nthal end_ntifs end_ntosp
|
|
//
|
|
// where
|
|
//
|
|
// ClientToken - optionally points to a token object being used by the
|
|
// subject's thread to impersonate a client. If the subject's
|
|
// thread is not impersonating a client, this field is set to null.
|
|
// The token's reference count is incremented to count this field
|
|
// as an outstanding reference.
|
|
//
|
|
// ImpersonationLevel - Contains the impersonation level of the subject's
|
|
// thread. This field is only meaningful if the ClientToken field
|
|
// is not null. This field over-rides any higher impersonation
|
|
// level value that might be in the client's token.
|
|
//
|
|
// PrimaryToken - points the the subject's primary token. The token's
|
|
// reference count is incremented to count this field value as an
|
|
// outstanding reference.
|
|
//
|
|
// ProcessAuditId - Is an ID assigned to represent the subject's process.
|
|
// As an implementation detail, this is the process object's address.
|
|
// However, this field should not be treated as a pointer, and the
|
|
// reference count of the process object is not incremented to
|
|
// count it as an outstanding reference.
|
|
//
|
|
|
|
|
|
// begin_ntddk begin_wdm begin_nthal begin_ntifs begin_ntosp
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
// //
|
|
// ACCESS_STATE and related structures //
|
|
// //
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
//
|
|
// Initial Privilege Set - Room for three privileges, which should
|
|
// be enough for most applications. This structure exists so that
|
|
// it can be imbedded in an ACCESS_STATE structure. Use PRIVILEGE_SET
|
|
// for all other references to Privilege sets.
|
|
//
|
|
|
|
#define INITIAL_PRIVILEGE_COUNT 3
|
|
|
|
typedef struct _INITIAL_PRIVILEGE_SET {
|
|
ULONG PrivilegeCount;
|
|
ULONG Control;
|
|
LUID_AND_ATTRIBUTES Privilege[INITIAL_PRIVILEGE_COUNT];
|
|
} INITIAL_PRIVILEGE_SET, * PINITIAL_PRIVILEGE_SET;
|
|
|
|
|
|
|
|
//
|
|
// Combine the information that describes the state
|
|
// of an access-in-progress into a single structure
|
|
//
|
|
|
|
|
|
typedef struct _ACCESS_STATE {
|
|
LUID OperationID;
|
|
BOOLEAN SecurityEvaluated;
|
|
BOOLEAN GenerateAudit;
|
|
BOOLEAN GenerateOnClose;
|
|
BOOLEAN PrivilegesAllocated;
|
|
ULONG Flags;
|
|
ACCESS_MASK RemainingDesiredAccess;
|
|
ACCESS_MASK PreviouslyGrantedAccess;
|
|
ACCESS_MASK OriginalDesiredAccess;
|
|
SECURITY_SUBJECT_CONTEXT SubjectSecurityContext;
|
|
PSECURITY_DESCRIPTOR SecurityDescriptor;
|
|
PVOID AuxData;
|
|
union {
|
|
INITIAL_PRIVILEGE_SET InitialPrivilegeSet;
|
|
PRIVILEGE_SET PrivilegeSet;
|
|
} Privileges;
|
|
|
|
BOOLEAN AuditPrivileges;
|
|
UNICODE_STRING ObjectName;
|
|
UNICODE_STRING ObjectTypeName;
|
|
|
|
} ACCESS_STATE, *PACCESS_STATE;
|
|
|
|
// end_ntddk end_wdm end_nthal end_ntifs end_ntosp
|
|
|
|
/*
|
|
where:
|
|
|
|
OperationID - an LUID to identify the operation being performed. This
|
|
ID will be put in the audit log to allow non-contiguous operations
|
|
on the same object to be associated with one another.
|
|
|
|
SecurityEvaluated - a marker to be set by Parse Methods to indicate
|
|
that security access checking and audit logging has been performed.
|
|
|
|
Flags - Holds misc flags for reference during the access attempt.
|
|
|
|
AuditHandleCreation - a flag set by SeOpenObjectAuditAlarm to indicate
|
|
that auditing is to take place when the handle for the object
|
|
is allocated.
|
|
|
|
RemainingDesiredAccess - Access mask containing the access types that
|
|
have not yet been granted.
|
|
|
|
PreviouslyGrantedAccess - Access mask containing the access types that
|
|
have been granted, one way or another (for example, a given access
|
|
may be granted as a result of owning a privilege rather than being
|
|
in an ACL. A routine can check the privilege and mark the access
|
|
as granted without doing a formal access check).
|
|
|
|
SubjectSecurityContext - The subject's captured security context
|
|
|
|
PrivilegesAllocated - Flag to indicate whether we have allocated
|
|
space for the privilege set from pool memory, so it can be
|
|
freed.
|
|
|
|
SecurityDescriptor - Temporarily contains the security descriptor
|
|
for the object being created between the time the user's
|
|
security descriptor is captured and the time the security
|
|
descriptor is passed to SeAssignSecurity. NO ONE BUT
|
|
SEASSIGNSECURITY SHOULD EVER LOOK IN THIS FIELD FOR AN
|
|
OBJECT'S SECURITY DESCRIPTOR.
|
|
|
|
AuxData - points to an auxillary data structure to be used for future
|
|
expansion of the access state in an upwardly compatible way. This
|
|
field replaces the PrivilegesUsed pointer, which was for internal
|
|
use only.
|
|
|
|
Privileges - A set of privileges, some of which may have the
|
|
UsedForAccess bit set. If the pre-allocated number of privileges
|
|
is not enough, we will allocate space from pool memory to allow
|
|
for growth.
|
|
|
|
*/
|
|
|
|
|
|
|
|
//*******************************************************************************
|
|
// *
|
|
// Since the AccessState structure is publically exposed to driver *
|
|
// writers, this structure contains additional data added after NT 3.51. *
|
|
// *
|
|
// Its contents must be accessed only through Se level interfaces, *
|
|
// never directly by name. *
|
|
// *
|
|
// This structure is pointed to by the AuxData field of the AccessState. *
|
|
// It is allocated by SeCreateAccessState and freed by SeDeleteAccessState. *
|
|
// *
|
|
// DO NOT EXPOSE THIS STRUCTURE TO THE PUBLIC. *
|
|
// *
|
|
//*******************************************************************************
|
|
|
|
// begin_ntosp
|
|
typedef struct _AUX_ACCESS_DATA {
|
|
PPRIVILEGE_SET PrivilegesUsed;
|
|
GENERIC_MAPPING GenericMapping;
|
|
ACCESS_MASK AccessesToAudit;
|
|
ACCESS_MASK MaximumAuditMask;
|
|
} AUX_ACCESS_DATA, *PAUX_ACCESS_DATA;
|
|
// end_ntosp
|
|
|
|
/*
|
|
where:
|
|
|
|
PrivilegesUsed - Points to the set of privileges used during the access
|
|
validation.
|
|
|
|
GenericMapping - Points to the generic mapping for the object being accessed.
|
|
Normally this would be filled in with the generic mapping passed to
|
|
SeCreateAccessState, but in the case of the IO system (which does not
|
|
know the type of object being accessed until it parses the name),
|
|
it must be filled in later. See the discussion of the GenericMapping
|
|
parameter in SeCreateAccessState for more details.
|
|
|
|
AccessToAudit - Used as a temporary holding area for the access mask
|
|
to put into the audit record. This field is necessary because the
|
|
access being put into the newly created handle may not be the ones
|
|
we want to audit. This occurs when a file is opened for read-only
|
|
transacted mode, where a read only file is opened for write access.
|
|
We don't want to audit the fact that we granted write access, since
|
|
we really didn't, and customers would be confused to see the extra
|
|
bit in the audit record.
|
|
|
|
MaximumAuditMask - Stores the audit mask that will be stored into the
|
|
new handle structure to support operation based audits.
|
|
|
|
*/
|
|
|
|
|
|
|
|
//
|
|
// Structure describing whether or not a particular type of event
|
|
// is being audited
|
|
//
|
|
|
|
typedef struct _SE_AUDITING_STATE {
|
|
BOOLEAN AuditOnSuccess;
|
|
BOOLEAN AuditOnFailure;
|
|
} SE_AUDITING_STATE, *PSE_AUDITING_STATE;
|
|
|
|
|
|
|
|
|
|
typedef struct _SE_PROCESS_AUDIT_INFO {
|
|
PEPROCESS Process;
|
|
PEPROCESS Parent;
|
|
} SE_PROCESS_AUDIT_INFO, *PSE_PROCESS_AUDIT_INFO;
|
|
|
|
|
|
|
|
|
|
/************************************************************
|
|
|
|
WARNING WARNING WARNING
|
|
|
|
|
|
Only add new fields to the end of this structure.
|
|
|
|
|
|
*************************************************************/
|
|
|
|
// begin_ntifs begin_ntosp
|
|
|
|
typedef struct _SE_EXPORTS {
|
|
|
|
//
|
|
// Privilege values
|
|
//
|
|
|
|
LUID SeCreateTokenPrivilege;
|
|
LUID SeAssignPrimaryTokenPrivilege;
|
|
LUID SeLockMemoryPrivilege;
|
|
LUID SeIncreaseQuotaPrivilege;
|
|
LUID SeUnsolicitedInputPrivilege;
|
|
LUID SeTcbPrivilege;
|
|
LUID SeSecurityPrivilege;
|
|
LUID SeTakeOwnershipPrivilege;
|
|
LUID SeLoadDriverPrivilege;
|
|
LUID SeCreatePagefilePrivilege;
|
|
LUID SeIncreaseBasePriorityPrivilege;
|
|
LUID SeSystemProfilePrivilege;
|
|
LUID SeSystemtimePrivilege;
|
|
LUID SeProfileSingleProcessPrivilege;
|
|
LUID SeCreatePermanentPrivilege;
|
|
LUID SeBackupPrivilege;
|
|
LUID SeRestorePrivilege;
|
|
LUID SeShutdownPrivilege;
|
|
LUID SeDebugPrivilege;
|
|
LUID SeAuditPrivilege;
|
|
LUID SeSystemEnvironmentPrivilege;
|
|
LUID SeChangeNotifyPrivilege;
|
|
LUID SeRemoteShutdownPrivilege;
|
|
|
|
|
|
//
|
|
// Universally defined Sids
|
|
//
|
|
|
|
|
|
PSID SeNullSid;
|
|
PSID SeWorldSid;
|
|
PSID SeLocalSid;
|
|
PSID SeCreatorOwnerSid;
|
|
PSID SeCreatorGroupSid;
|
|
|
|
|
|
//
|
|
// Nt defined Sids
|
|
//
|
|
|
|
|
|
PSID SeNtAuthoritySid;
|
|
PSID SeDialupSid;
|
|
PSID SeNetworkSid;
|
|
PSID SeBatchSid;
|
|
PSID SeInteractiveSid;
|
|
PSID SeLocalSystemSid;
|
|
PSID SeAliasAdminsSid;
|
|
PSID SeAliasUsersSid;
|
|
PSID SeAliasGuestsSid;
|
|
PSID SeAliasPowerUsersSid;
|
|
PSID SeAliasAccountOpsSid;
|
|
PSID SeAliasSystemOpsSid;
|
|
PSID SeAliasPrintOpsSid;
|
|
PSID SeAliasBackupOpsSid;
|
|
|
|
//
|
|
// New Sids defined for NT5
|
|
//
|
|
|
|
PSID SeAuthenticatedUsersSid;
|
|
|
|
PSID SeRestrictedSid;
|
|
PSID SeAnonymousLogonSid;
|
|
|
|
//
|
|
// New Privileges defined for NT5
|
|
//
|
|
|
|
LUID SeUndockPrivilege;
|
|
LUID SeSyncAgentPrivilege;
|
|
LUID SeEnableDelegationPrivilege;
|
|
|
|
//
|
|
// New Sids defined for post-Windows 2000
|
|
|
|
PSID SeLocalServiceSid;
|
|
PSID SeNetworkServiceSid;
|
|
|
|
//
|
|
// New Privileges defined for post-Windows 2000
|
|
//
|
|
|
|
LUID SeManageVolumePrivilege;
|
|
LUID SeImpersonatePrivilege;
|
|
LUID SeCreateGlobalPrivilege;
|
|
|
|
} SE_EXPORTS, *PSE_EXPORTS;
|
|
|
|
// end_ntifs end_ntosp
|
|
|
|
/************************************************************
|
|
|
|
|
|
WARNING WARNING WARNING
|
|
|
|
|
|
Only add new fields to the end of this structure.
|
|
|
|
|
|
*************************************************************/
|
|
|
|
|
|
|
|
// begin_ntifs
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
// //
|
|
// Logon session notification callback routines //
|
|
// //
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
//
|
|
// These callback routines are used to notify file systems that have
|
|
// registered of logon sessions being terminated, so they can cleanup state
|
|
// associated with this logon session
|
|
//
|
|
|
|
typedef NTSTATUS
|
|
(*PSE_LOGON_SESSION_TERMINATED_ROUTINE)(
|
|
IN PLUID LogonId);
|
|
|
|
// end_ntifs
|
|
|
|
|
|
|
|
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
// //
|
|
// Exported Security Macro Definitions //
|
|
// //
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
//++
|
|
//
|
|
// ACCESS_MASK
|
|
// SeComputeDeniedAccesses(
|
|
// IN ACCESS_MASK GrantedAccess,
|
|
// IN ACCESS_MASK DesiredAccess
|
|
// );
|
|
//
|
|
// Routine Description:
|
|
//
|
|
// This routine generates an access mask containing those accesses
|
|
// requested by DesiredAccess that aren't granted by GrantedAccess.
|
|
// The result of this routine may be compared to 0 to determine
|
|
// if a DesiredAccess mask contains any accesses that have not
|
|
// been granted.
|
|
//
|
|
// If the result IS ZERO, then all desired accesses have been granted.
|
|
//
|
|
// Arguments:
|
|
//
|
|
// GrantedAccess - Specifies the granted access mask.
|
|
//
|
|
// DesiredAccess - Specifies the desired access mask.
|
|
//
|
|
// Return Value:
|
|
//
|
|
// An ACCESS_MASK containing the desired accesses that have
|
|
// not been granted.
|
|
//
|
|
//--
|
|
|
|
#define SeComputeDeniedAccesses( GrantedAccess, DesiredAccess ) \
|
|
((~(GrantedAccess)) & (DesiredAccess) )
|
|
|
|
|
|
//++
|
|
//
|
|
// BOOLEAN
|
|
// SeComputeGrantedAccesses(
|
|
// IN ACCESS_MASK GrantedAccess,
|
|
// IN ACCESS_MASK DesiredAccess
|
|
// );
|
|
//
|
|
// Routine Description:
|
|
//
|
|
// This routine generates an access mask containing acccesses
|
|
// requested by DesiredAccess that are granted by GrantedAccess.
|
|
// The result of this routine may be compared to 0 to determine
|
|
// if any desired accesses have been granted.
|
|
//
|
|
// If the result IS NON-ZERO, then at least one desired accesses
|
|
// has been granted.
|
|
//
|
|
// Arguments:
|
|
//
|
|
// GrantedAccess - Specifies the granted access mask.
|
|
//
|
|
// DesiredAccess - Specifies the desired access mask.
|
|
//
|
|
// Return Value:
|
|
//
|
|
// This routine returns TRUE if the DesiredAccess mask does specifies
|
|
// any bits that are set in the GrantedAccess mask.
|
|
//
|
|
//--
|
|
|
|
#define SeComputeGrantedAccesses( GrantedAccess, DesiredAccess ) \
|
|
((GrantedAccess) & (DesiredAccess) )
|
|
|
|
|
|
// begin_ntifs
|
|
//++
|
|
//
|
|
// ULONG
|
|
// SeLengthSid(
|
|
// IN PSID Sid
|
|
// );
|
|
//
|
|
// Routine Description:
|
|
//
|
|
// This routine computes the length of a SID.
|
|
//
|
|
// Arguments:
|
|
//
|
|
// Sid - Points to the SID whose length is to be returned.
|
|
//
|
|
// Return Value:
|
|
//
|
|
// The length, in bytes of the SID.
|
|
//
|
|
//--
|
|
|
|
#define SeLengthSid( Sid ) \
|
|
(8 + (4 * ((SID *)Sid)->SubAuthorityCount))
|
|
|
|
// end_ntifs
|
|
|
|
|
|
//++
|
|
// BOOLEAN
|
|
// SeSameToken (
|
|
// IN PTOKEN_CONTROL TokenControl1,
|
|
// IN PTOKEN_CONTROL TokenControl2
|
|
// )
|
|
//
|
|
//
|
|
// Routine Description:
|
|
//
|
|
// This routine returns a boolean value indicating whether the two
|
|
// token control values represent the same token. The token may
|
|
// have changed over time, but must have the same authentication ID
|
|
// and token ID. A value of TRUE indicates they
|
|
// are equal. A value of FALSE indicates they are not equal.
|
|
//
|
|
//
|
|
//
|
|
// Arguments:
|
|
//
|
|
// TokenControl1 - Points to a token control to compare.
|
|
//
|
|
// TokenControl2 - Points to the other token control to compare.
|
|
//
|
|
// Return Value:
|
|
//
|
|
// TRUE => The token control values represent the same token.
|
|
//
|
|
// FALSE => The token control values do not represent the same token.
|
|
//
|
|
//
|
|
//--
|
|
|
|
#define SeSameToken(TC1,TC2) ( \
|
|
((TC1)->TokenId.HighPart == (TC2)->TokenId.HighPart) && \
|
|
((TC1)->TokenId.LowPart == (TC2)->TokenId.LowPart) && \
|
|
(RtlEqualLuid(&(TC1)->AuthenticationId,&(TC2)->AuthenticationId)) \
|
|
)
|
|
|
|
|
|
// begin_ntifs
|
|
//
|
|
//VOID
|
|
//SeDeleteClientSecurity(
|
|
// IN PSECURITY_CLIENT_CONTEXT ClientContext
|
|
// )
|
|
//
|
|
///*++
|
|
//
|
|
//Routine Description:
|
|
//
|
|
// This service deletes a client security context block,
|
|
// performing whatever cleanup might be necessary to do so. In
|
|
// particular, reference to any client token is removed.
|
|
//
|
|
//Arguments:
|
|
//
|
|
// ClientContext - Points to the client security context block to be
|
|
// deleted.
|
|
//
|
|
//
|
|
//Return Value:
|
|
//
|
|
//
|
|
//
|
|
//--*/
|
|
//--
|
|
|
|
// begin_ntosp
|
|
#define SeDeleteClientSecurity(C) { \
|
|
if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
|
|
PsDereferencePrimaryToken( (C)->ClientToken ); \
|
|
} else { \
|
|
PsDereferenceImpersonationToken( (C)->ClientToken ); \
|
|
} \
|
|
}
|
|
|
|
|
|
//++
|
|
//VOID
|
|
//SeStopImpersonatingClient()
|
|
//
|
|
///*++
|
|
//
|
|
//Routine Description:
|
|
//
|
|
// This service is used to stop impersonating a client using an
|
|
// impersonation token. This service must be called in the context
|
|
// of the server thread which wishes to stop impersonating its
|
|
// client.
|
|
//
|
|
//
|
|
//Arguments:
|
|
//
|
|
// None.
|
|
//
|
|
//Return Value:
|
|
//
|
|
// None.
|
|
//
|
|
//--*/
|
|
//--
|
|
|
|
#define SeStopImpersonatingClient() PsRevertToSelf()
|
|
|
|
// end_ntosp end_ntifs
|
|
|
|
#define SeAssertMappedCanonicalAccess( AccessMask ) \
|
|
ASSERT(!( ( AccessMask ) & \
|
|
( GENERIC_READ | \
|
|
GENERIC_WRITE | \
|
|
GENERIC_EXECUTE | \
|
|
GENERIC_ALL )) \
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine asserts that the given AccessMask does not contain
|
|
any generic access types.
|
|
|
|
Arguments:
|
|
|
|
AccessMask - The access mask to be checked.
|
|
|
|
Return Value:
|
|
|
|
None, or doesn't return.
|
|
|
|
--*/
|
|
|
|
|
|
|
|
#define SeComputeSecurityQuota( Size ) \
|
|
( \
|
|
((( Size ) * 2 ) > SE_DEFAULT_SECURITY_QUOTA) ? \
|
|
(( Size ) * 2 ) : SE_DEFAULT_SECURITY_QUOTA \
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This macro computes the amount of quota to charge for
|
|
security information.
|
|
|
|
The current algorithm is to use the larger of twice the size
|
|
of the Group + Dacl information being applied and the default as
|
|
specified by SE_DEFAULT_SECURITY_QUOTA.
|
|
|
|
Arguments:
|
|
|
|
Size - The size in bytes of the Group + Dacl information being applied
|
|
to the object.
|
|
|
|
Return Value:
|
|
|
|
The size in bytes to charge for security information on this object.
|
|
|
|
--*/
|
|
|
|
// begin_ntifs begin_ntosp
|
|
|
|
//++
|
|
//
|
|
// PACCESS_TOKEN
|
|
// SeQuerySubjectContextToken(
|
|
// IN PSECURITY_SUBJECT_CONTEXT SubjectContext
|
|
// );
|
|
//
|
|
// Routine Description:
|
|
//
|
|
// This routine returns the effective token from the subject context,
|
|
// either the client token, if present, or the process token.
|
|
//
|
|
// Arguments:
|
|
//
|
|
// SubjectContext - Context to query
|
|
//
|
|
// Return Value:
|
|
//
|
|
// This routine returns the PACCESS_TOKEN for the effective token.
|
|
// The pointer may be passed to SeQueryInformationToken. This routine
|
|
// does not affect the lock status of the token, i.e. the token is not
|
|
// locked. If the SubjectContext has been locked, the token remains locked,
|
|
// if not, the token remains unlocked.
|
|
//
|
|
//--
|
|
|
|
#define SeQuerySubjectContextToken( SubjectContext ) \
|
|
( ARGUMENT_PRESENT( ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken) ? \
|
|
((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
|
|
((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
|
|
|
|
// end_ntifs end_ntosp
|
|
|
|
|
|
|
|
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
// //
|
|
// Define the exported procedures that are callable only from kernel mode //
|
|
// //
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
BOOLEAN
|
|
SeInitSystem( VOID );
|
|
|
|
VOID
|
|
SeSetSecurityAccessMask(
|
|
IN SECURITY_INFORMATION SecurityInformation,
|
|
OUT PACCESS_MASK DesiredAccess
|
|
);
|
|
|
|
VOID
|
|
SeQuerySecurityAccessMask(
|
|
IN SECURITY_INFORMATION SecurityInformation,
|
|
OUT PACCESS_MASK DesiredAccess
|
|
);
|
|
|
|
|
|
NTSTATUS
|
|
SeDefaultObjectMethod (
|
|
IN PVOID Object,
|
|
IN SECURITY_OPERATION_CODE OperationCode,
|
|
IN PSECURITY_INFORMATION SecurityInformation,
|
|
IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN OUT PULONG Length,
|
|
IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
|
|
IN POOL_TYPE PoolType,
|
|
IN PGENERIC_MAPPING GenericMapping
|
|
);
|
|
|
|
// begin_ntosp
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
SeCaptureSecurityDescriptor (
|
|
IN PSECURITY_DESCRIPTOR InputSecurityDescriptor,
|
|
IN KPROCESSOR_MODE RequestorMode,
|
|
IN POOL_TYPE PoolType,
|
|
IN BOOLEAN ForceCapture,
|
|
OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
SeReleaseSecurityDescriptor (
|
|
IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor,
|
|
IN KPROCESSOR_MODE RequestorMode,
|
|
IN BOOLEAN ForceCapture
|
|
);
|
|
|
|
// begin_ntifs
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
SeCaptureSubjectContext (
|
|
OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
|
|
);
|
|
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
SeLockSubjectContext(
|
|
IN PSECURITY_SUBJECT_CONTEXT SubjectContext
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
SeUnlockSubjectContext(
|
|
IN PSECURITY_SUBJECT_CONTEXT SubjectContext
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
SeReleaseSubjectContext (
|
|
IN PSECURITY_SUBJECT_CONTEXT SubjectContext
|
|
);
|
|
|
|
NTSTATUS
|
|
SeCaptureAuditPolicy(
|
|
IN PTOKEN_AUDIT_POLICY Policy,
|
|
IN KPROCESSOR_MODE RequestorMode,
|
|
IN PVOID CaptureBuffer OPTIONAL,
|
|
IN ULONG CaptureBufferLength,
|
|
IN POOL_TYPE PoolType,
|
|
IN BOOLEAN ForceCapture,
|
|
OUT PTOKEN_AUDIT_POLICY *CapturedPolicy
|
|
);
|
|
|
|
VOID
|
|
SeReleaseAuditPolicy (
|
|
IN PTOKEN_AUDIT_POLICY CapturedPolicy,
|
|
IN KPROCESSOR_MODE RequestorMode,
|
|
IN BOOLEAN ForceCapture
|
|
);
|
|
|
|
// end_ntifs end_ntosp
|
|
|
|
VOID
|
|
SeCaptureSubjectContextEx (
|
|
IN PETHREAD Thread,
|
|
IN PEPROCESS Process,
|
|
OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
|
|
);
|
|
|
|
NTSTATUS
|
|
SeCaptureSecurityQos (
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
|
|
IN KPROCESSOR_MODE RequestorMode,
|
|
IN PBOOLEAN SecurityQosPresent,
|
|
IN PSECURITY_ADVANCED_QUALITY_OF_SERVICE CapturedSecurityQos
|
|
);
|
|
|
|
VOID
|
|
SeFreeCapturedSecurityQos(
|
|
IN PVOID SecurityQos
|
|
);
|
|
|
|
NTSTATUS
|
|
SeCaptureSid (
|
|
IN PSID InputSid,
|
|
IN KPROCESSOR_MODE RequestorMode,
|
|
IN PVOID CaptureBuffer OPTIONAL,
|
|
IN ULONG CaptureBufferLength,
|
|
IN POOL_TYPE PoolType,
|
|
IN BOOLEAN ForceCapture,
|
|
OUT PSID *CapturedSid
|
|
);
|
|
|
|
|
|
VOID
|
|
SeReleaseSid (
|
|
IN PSID CapturedSid,
|
|
IN KPROCESSOR_MODE RequestorMode,
|
|
IN BOOLEAN ForceCapture
|
|
);
|
|
|
|
|
|
NTSTATUS
|
|
SeCaptureAcl (
|
|
IN PACL InputAcl,
|
|
IN KPROCESSOR_MODE RequestorMode,
|
|
IN PVOID CaptureBuffer OPTIONAL,
|
|
IN ULONG CaptureBufferLength,
|
|
IN POOL_TYPE PoolType,
|
|
IN BOOLEAN ForceCapture,
|
|
OUT PACL *CapturedAcl,
|
|
OUT PULONG AlignedAclSize
|
|
);
|
|
|
|
|
|
VOID
|
|
SeReleaseAcl (
|
|
IN PACL CapturedAcl,
|
|
IN KPROCESSOR_MODE RequestorMode,
|
|
IN BOOLEAN ForceCapture
|
|
);
|
|
|
|
|
|
NTSTATUS
|
|
SeCaptureLuidAndAttributesArray (
|
|
IN PLUID_AND_ATTRIBUTES InputArray,
|
|
IN ULONG ArrayCount,
|
|
IN KPROCESSOR_MODE RequestorMode,
|
|
IN PVOID CaptureBuffer OPTIONAL,
|
|
IN ULONG CaptureBufferLength,
|
|
IN POOL_TYPE PoolType,
|
|
IN BOOLEAN ForceCapture,
|
|
OUT PLUID_AND_ATTRIBUTES *CapturedArray,
|
|
OUT PULONG AlignedArraySize
|
|
);
|
|
|
|
|
|
|
|
VOID
|
|
SeReleaseLuidAndAttributesArray (
|
|
IN PLUID_AND_ATTRIBUTES CapturedArray,
|
|
IN KPROCESSOR_MODE RequestorMode,
|
|
IN BOOLEAN ForceCapture
|
|
);
|
|
|
|
|
|
|
|
NTSTATUS
|
|
SeCaptureSidAndAttributesArray (
|
|
IN PSID_AND_ATTRIBUTES InputArray,
|
|
IN ULONG ArrayCount,
|
|
IN KPROCESSOR_MODE RequestorMode,
|
|
IN PVOID CaptureBuffer OPTIONAL,
|
|
IN ULONG CaptureBufferLength,
|
|
IN POOL_TYPE PoolType,
|
|
IN BOOLEAN ForceCapture,
|
|
OUT PSID_AND_ATTRIBUTES *CapturedArray,
|
|
OUT PULONG AlignedArraySize
|
|
);
|
|
|
|
|
|
VOID
|
|
SeReleaseSidAndAttributesArray (
|
|
IN PSID_AND_ATTRIBUTES CapturedArray,
|
|
IN KPROCESSOR_MODE RequestorMode,
|
|
IN BOOLEAN ForceCapture
|
|
);
|
|
|
|
// begin_ntddk begin_wdm begin_ntifs begin_ntosp
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
SeAssignSecurity (
|
|
IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL,
|
|
IN PSECURITY_DESCRIPTOR ExplicitDescriptor,
|
|
OUT PSECURITY_DESCRIPTOR *NewDescriptor,
|
|
IN BOOLEAN IsDirectoryObject,
|
|
IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
|
IN PGENERIC_MAPPING GenericMapping,
|
|
IN POOL_TYPE PoolType
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
SeAssignSecurityEx (
|
|
IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL,
|
|
IN PSECURITY_DESCRIPTOR ExplicitDescriptor OPTIONAL,
|
|
OUT PSECURITY_DESCRIPTOR *NewDescriptor,
|
|
IN GUID *ObjectType OPTIONAL,
|
|
IN BOOLEAN IsDirectoryObject,
|
|
IN ULONG AutoInheritFlags,
|
|
IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
|
IN PGENERIC_MAPPING GenericMapping,
|
|
IN POOL_TYPE PoolType
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
SeDeassignSecurity (
|
|
IN OUT PSECURITY_DESCRIPTOR *SecurityDescriptor
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
SeAccessCheck (
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
|
|
IN BOOLEAN SubjectContextLocked,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN ACCESS_MASK PreviouslyGrantedAccess,
|
|
OUT PPRIVILEGE_SET *Privileges OPTIONAL,
|
|
IN PGENERIC_MAPPING GenericMapping,
|
|
IN KPROCESSOR_MODE AccessMode,
|
|
OUT PACCESS_MASK GrantedAccess,
|
|
OUT PNTSTATUS AccessStatus
|
|
);
|
|
|
|
|
|
#ifdef SE_NTFS_WORLD_CACHE
|
|
|
|
VOID
|
|
SeGetWorldRights (
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN PGENERIC_MAPPING GenericMapping,
|
|
OUT PACCESS_MASK GrantedAccess
|
|
);
|
|
|
|
#endif
|
|
|
|
// end_ntddk end_wdm end_ntifs end_ntosp
|
|
|
|
BOOLEAN
|
|
SeProxyAccessCheck (
|
|
IN PUNICODE_STRING Volume,
|
|
IN PUNICODE_STRING RelativePath,
|
|
IN BOOLEAN ContainerObject,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
|
|
IN BOOLEAN SubjectContextLocked,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN ACCESS_MASK PreviouslyGrantedAccess,
|
|
OUT PPRIVILEGE_SET *Privileges OPTIONAL,
|
|
IN PGENERIC_MAPPING GenericMapping,
|
|
IN KPROCESSOR_MODE AccessMode,
|
|
OUT PACCESS_MASK GrantedAccess,
|
|
OUT PNTSTATUS AccessStatus
|
|
);
|
|
|
|
// begin_ntifs begin_ntosp
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
SePrivilegeCheck(
|
|
IN OUT PPRIVILEGE_SET RequiredPrivileges,
|
|
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
|
|
IN KPROCESSOR_MODE AccessMode
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
SeFreePrivileges(
|
|
IN PPRIVILEGE_SET Privileges
|
|
);
|
|
|
|
// end_ntifs end_ntosp
|
|
|
|
NTSTATUS
|
|
SePrivilegePolicyCheck(
|
|
IN OUT PACCESS_MASK RemainingDesiredAccess,
|
|
IN OUT PACCESS_MASK PreviouslyGrantedAccess,
|
|
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL,
|
|
IN PACCESS_TOKEN Token OPTIONAL,
|
|
OUT PPRIVILEGE_SET *PrivilegeSet,
|
|
IN KPROCESSOR_MODE PreviousMode
|
|
);
|
|
|
|
VOID
|
|
SeGenerateMessage (
|
|
IN PSTRING ObjectName,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN PACCESS_TOKEN Token,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN BOOLEAN AccessGranted,
|
|
IN HANDLE AuditPort,
|
|
IN HANDLE AlarmPort,
|
|
IN KPROCESSOR_MODE AccessMode
|
|
);
|
|
|
|
// begin_ntifs
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
SeOpenObjectAuditAlarm (
|
|
IN PUNICODE_STRING ObjectTypeName,
|
|
IN PVOID Object OPTIONAL,
|
|
IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN PACCESS_STATE AccessState,
|
|
IN BOOLEAN ObjectCreated,
|
|
IN BOOLEAN AccessGranted,
|
|
IN KPROCESSOR_MODE AccessMode,
|
|
OUT PBOOLEAN GenerateOnClose
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
SeOpenObjectForDeleteAuditAlarm (
|
|
IN PUNICODE_STRING ObjectTypeName,
|
|
IN PVOID Object OPTIONAL,
|
|
IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN PACCESS_STATE AccessState,
|
|
IN BOOLEAN ObjectCreated,
|
|
IN BOOLEAN AccessGranted,
|
|
IN KPROCESSOR_MODE AccessMode,
|
|
OUT PBOOLEAN GenerateOnClose
|
|
);
|
|
|
|
VOID
|
|
SeDeleteObjectAuditAlarm(
|
|
IN PVOID Object,
|
|
IN HANDLE Handle
|
|
);
|
|
|
|
|
|
// end_ntifs
|
|
|
|
VOID
|
|
SeCloseObjectAuditAlarm(
|
|
IN PVOID Object,
|
|
IN HANDLE Handle,
|
|
IN BOOLEAN GenerateOnClose
|
|
);
|
|
|
|
VOID
|
|
SeCreateInstanceAuditAlarm(
|
|
IN PLUID OperationID OPTIONAL,
|
|
IN PVOID Object,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN PPRIVILEGE_SET Privileges OPTIONAL,
|
|
IN BOOLEAN AccessGranted,
|
|
IN KPROCESSOR_MODE AccessMode
|
|
);
|
|
|
|
VOID
|
|
SeCreateObjectAuditAlarm(
|
|
IN PLUID OperationID OPTIONAL,
|
|
IN PVOID Object,
|
|
IN PUNICODE_STRING ComponentName,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN PPRIVILEGE_SET Privileges OPTIONAL,
|
|
IN BOOLEAN AccessGranted,
|
|
OUT PBOOLEAN AuditPerformed,
|
|
IN KPROCESSOR_MODE AccessMode
|
|
);
|
|
|
|
VOID
|
|
SeObjectReferenceAuditAlarm(
|
|
IN PLUID OperationID OPTIONAL,
|
|
IN PVOID Object,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN PPRIVILEGE_SET Privileges OPTIONAL,
|
|
IN BOOLEAN AccessGranted,
|
|
IN KPROCESSOR_MODE AccessMode
|
|
);
|
|
|
|
// begin_ntosp
|
|
NTKERNELAPI
|
|
VOID
|
|
SePrivilegeObjectAuditAlarm(
|
|
IN HANDLE Handle,
|
|
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN PPRIVILEGE_SET Privileges,
|
|
IN BOOLEAN AccessGranted,
|
|
IN KPROCESSOR_MODE AccessMode
|
|
);
|
|
// end_ntosp
|
|
|
|
BOOLEAN
|
|
SeCheckPrivilegedObject(
|
|
LUID PrivilegeValue,
|
|
HANDLE ObjectHandle,
|
|
ACCESS_MASK DesiredAccess,
|
|
KPROCESSOR_MODE PreviousMode
|
|
);
|
|
|
|
// begin_ntddk begin_wdm begin_ntifs
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
SeValidSecurityDescriptor(
|
|
IN ULONG Length,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor
|
|
);
|
|
|
|
// end_ntddk end_wdm end_ntifs
|
|
|
|
|
|
|
|
//VOID
|
|
//SeImplicitObjectAuditAlarm(
|
|
// IN PLUID OperationID OPTIONAL,
|
|
// IN PVOID Object,
|
|
// IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
// IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
|
|
// IN ACCESS_MASK DesiredAccess,
|
|
// IN PPRIVILEGE_SET Privileges OPTIONAL,
|
|
// IN BOOLEAN AccessGranted,
|
|
// IN KPROCESSOR_MODE AccessMode
|
|
// );
|
|
//
|
|
|
|
VOID
|
|
SeAuditHandleCreation(
|
|
IN PACCESS_STATE AccessState,
|
|
IN HANDLE Handle
|
|
);
|
|
|
|
|
|
|
|
PACCESS_TOKEN
|
|
SeMakeSystemToken (
|
|
VOID
|
|
);
|
|
|
|
PACCESS_TOKEN
|
|
SeMakeAnonymousLogonToken (
|
|
VOID
|
|
);
|
|
|
|
PACCESS_TOKEN
|
|
SeMakeAnonymousLogonTokenNoEveryone (
|
|
VOID
|
|
);
|
|
|
|
VOID
|
|
SeGetTokenControlInformation (
|
|
IN PACCESS_TOKEN Token,
|
|
OUT PTOKEN_CONTROL TokenControl
|
|
);
|
|
|
|
// begin_ntosp
|
|
extern struct _OBJECT_TYPE *SeTokenObjectType;
|
|
|
|
NTKERNELAPI // ntifs
|
|
TOKEN_TYPE // ntifs
|
|
SeTokenType( // ntifs
|
|
IN PACCESS_TOKEN Token // ntifs
|
|
); // ntifs
|
|
|
|
SECURITY_IMPERSONATION_LEVEL
|
|
SeTokenImpersonationLevel(
|
|
IN PACCESS_TOKEN Token
|
|
);
|
|
|
|
NTKERNELAPI // ntifs
|
|
BOOLEAN // ntifs
|
|
SeTokenIsAdmin( // ntifs
|
|
IN PACCESS_TOKEN Token // ntifs
|
|
); // ntifs
|
|
|
|
|
|
NTKERNELAPI // ntifs
|
|
BOOLEAN // ntifs
|
|
SeTokenIsRestricted( // ntifs
|
|
IN PACCESS_TOKEN Token // ntifs
|
|
); // ntifs
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
SeTokenCanImpersonate(
|
|
IN PACCESS_TOKEN ProcessToken,
|
|
IN PACCESS_TOKEN Token,
|
|
IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
|
|
);
|
|
// end_ntosp
|
|
|
|
NTSTATUS
|
|
SeSubProcessToken (
|
|
IN PACCESS_TOKEN ParentToken,
|
|
OUT PACCESS_TOKEN *ChildToken,
|
|
IN BOOLEAN MarkAsActive,
|
|
IN ULONG SessionId
|
|
);
|
|
|
|
VOID
|
|
SeAssignPrimaryToken(
|
|
IN PEPROCESS Process,
|
|
IN PACCESS_TOKEN Token
|
|
);
|
|
|
|
VOID
|
|
SeDeassignPrimaryToken(
|
|
IN PEPROCESS Process
|
|
);
|
|
|
|
NTSTATUS
|
|
SeExchangePrimaryToken(
|
|
IN PEPROCESS Process,
|
|
IN PACCESS_TOKEN NewAccessToken,
|
|
OUT PACCESS_TOKEN *OldAccessToken
|
|
);
|
|
|
|
NTSTATUS
|
|
SeCopyClientToken(
|
|
IN PACCESS_TOKEN ClientToken,
|
|
IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
|
|
IN KPROCESSOR_MODE RequestorMode,
|
|
OUT PACCESS_TOKEN *DuplicateToken
|
|
);
|
|
|
|
// begin_ntifs
|
|
NTSTATUS
|
|
SeFilterToken (
|
|
IN PACCESS_TOKEN ExistingToken,
|
|
IN ULONG Flags,
|
|
IN PTOKEN_GROUPS SidsToDisable OPTIONAL,
|
|
IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL,
|
|
IN PTOKEN_GROUPS RestrictedSids OPTIONAL,
|
|
OUT PACCESS_TOKEN * FilteredToken
|
|
);
|
|
|
|
// begin_ntosp
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
SeQueryAuthenticationIdToken(
|
|
IN PACCESS_TOKEN Token,
|
|
OUT PLUID AuthenticationId
|
|
);
|
|
|
|
// end_ntosp
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
SeQuerySessionIdToken(
|
|
IN PACCESS_TOKEN,
|
|
IN PULONG pSessionId
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
SeSetSessionIdToken(
|
|
IN PACCESS_TOKEN,
|
|
IN ULONG SessionId
|
|
);
|
|
|
|
// begin_ntosp
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
SeCreateClientSecurity (
|
|
IN PETHREAD ClientThread,
|
|
IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
|
|
IN BOOLEAN RemoteSession,
|
|
OUT PSECURITY_CLIENT_CONTEXT ClientContext
|
|
);
|
|
// end_ntosp
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
SeImpersonateClient(
|
|
IN PSECURITY_CLIENT_CONTEXT ClientContext,
|
|
IN PETHREAD ServerThread OPTIONAL
|
|
);
|
|
|
|
// begin_ntosp
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
SeImpersonateClientEx(
|
|
IN PSECURITY_CLIENT_CONTEXT ClientContext,
|
|
IN PETHREAD ServerThread OPTIONAL
|
|
);
|
|
// end_ntosp
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
SeCreateClientSecurityFromSubjectContext (
|
|
IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
|
IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
|
|
IN BOOLEAN ServerIsRemote,
|
|
OUT PSECURITY_CLIENT_CONTEXT ClientContext
|
|
);
|
|
|
|
// end_ntifs
|
|
|
|
//
|
|
// Do not export the following routines to drivers.
|
|
// If you need to do so, create a new routine that
|
|
// does not take the AuxData parameter and export
|
|
// that.
|
|
//
|
|
|
|
// begin_ntosp
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
SeCreateAccessState(
|
|
IN PACCESS_STATE AccessState,
|
|
IN PAUX_ACCESS_DATA AuxData,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN PGENERIC_MAPPING GenericMapping
|
|
);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
SeDeleteAccessState(
|
|
IN PACCESS_STATE AccessState
|
|
);
|
|
// end_ntosp
|
|
|
|
NTSTATUS
|
|
SeCreateAccessStateEx(
|
|
IN PETHREAD Thread OPTIONAL,
|
|
IN PEPROCESS PRocess,
|
|
IN PACCESS_STATE AccessState,
|
|
IN PAUX_ACCESS_DATA AuxData,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN PGENERIC_MAPPING GenericMapping OPTIONAL
|
|
);
|
|
|
|
NTSTATUS
|
|
SeUpdateClientSecurity(
|
|
IN PETHREAD ClientThread,
|
|
IN OUT PSECURITY_CLIENT_CONTEXT ClientContext,
|
|
OUT PBOOLEAN ChangesMade,
|
|
OUT PBOOLEAN NewToken
|
|
);
|
|
|
|
BOOLEAN
|
|
SeRmInitPhase1(
|
|
VOID
|
|
);
|
|
|
|
NTSTATUS
|
|
SeInitializeProcessAuditName (
|
|
IN PVOID FileObject,
|
|
IN BOOLEAN bIgnoreAuditPolicy,
|
|
OUT POBJECT_NAME_INFORMATION *pAuditName
|
|
);
|
|
|
|
NTSTATUS
|
|
SeLocateProcessImageName(
|
|
IN PEPROCESS Process,
|
|
IN PUNICODE_STRING *pImageFileName
|
|
);
|
|
|
|
VOID
|
|
SeAuditSystemTimeChange(
|
|
IN LARGE_INTEGER OldTime,
|
|
IN LARGE_INTEGER NewTime
|
|
);
|
|
|
|
|
|
// begin_ntifs begin_ntosp
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
SeQuerySecurityDescriptorInfo (
|
|
IN PSECURITY_INFORMATION SecurityInformation,
|
|
OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN OUT PULONG Length,
|
|
IN PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
SeSetSecurityDescriptorInfo (
|
|
IN PVOID Object OPTIONAL,
|
|
IN PSECURITY_INFORMATION SecurityInformation,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
|
|
IN POOL_TYPE PoolType,
|
|
IN PGENERIC_MAPPING GenericMapping
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
SeSetSecurityDescriptorInfoEx (
|
|
IN PVOID Object OPTIONAL,
|
|
IN PSECURITY_INFORMATION SecurityInformation,
|
|
IN PSECURITY_DESCRIPTOR ModificationDescriptor,
|
|
IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
|
|
IN ULONG AutoInheritFlags,
|
|
IN POOL_TYPE PoolType,
|
|
IN PGENERIC_MAPPING GenericMapping
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
SeAppendPrivileges(
|
|
PACCESS_STATE AccessState,
|
|
PPRIVILEGE_SET Privileges
|
|
);
|
|
|
|
// end_ntifs end_ntosp
|
|
|
|
NTSTATUS
|
|
SeComputeQuotaInformationSize(
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
OUT PULONG Size
|
|
);
|
|
|
|
VOID
|
|
SePrivilegedServiceAuditAlarm (
|
|
IN PUNICODE_STRING ServiceName,
|
|
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
|
|
IN PPRIVILEGE_SET Privileges,
|
|
IN BOOLEAN AccessGranted
|
|
);
|
|
|
|
NTKERNELAPI // ntddk ntifs ntosp
|
|
BOOLEAN // ntddk ntifs ntosp
|
|
SeSinglePrivilegeCheck( // ntddk ntifs ntosp
|
|
LUID PrivilegeValue, // ntddk ntifs ntosp
|
|
KPROCESSOR_MODE PreviousMode // ntddk ntifs ntosp
|
|
); // ntddk ntifs ntosp
|
|
|
|
BOOLEAN
|
|
SeCheckAuditPrivilege (
|
|
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
|
|
IN KPROCESSOR_MODE PreviousMode
|
|
);
|
|
|
|
NTSTATUS
|
|
SeAssignWorldSecurityDescriptor(
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN OUT PULONG Length,
|
|
IN PSECURITY_INFORMATION SecurityInformation
|
|
);
|
|
|
|
BOOLEAN
|
|
SeFastTraverseCheck(
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN PACCESS_STATE AccessState OPTIONAL,
|
|
IN ACCESS_MASK TraverseAccess,
|
|
IN KPROCESSOR_MODE AccessMode
|
|
);
|
|
|
|
// begin_ntifs
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
SeAuditingFileEvents(
|
|
IN BOOLEAN AccessGranted,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
SeAuditingFileEventsWithContext(
|
|
IN BOOLEAN AccessGranted,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
SeAuditingHardLinkEvents(
|
|
IN BOOLEAN AccessGranted,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
SeAuditingHardLinkEventsWithContext(
|
|
IN BOOLEAN AccessGranted,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
SeAuditingFileOrGlobalEvents(
|
|
IN BOOLEAN AccessGranted,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
|
|
);
|
|
|
|
NTKERNELAPI
|
|
BOOLEAN
|
|
FASTCALL
|
|
SeDetailedAuditingWithToken(
|
|
IN PACCESS_TOKEN AccessToken OPTIONAL
|
|
);
|
|
|
|
// end_ntifs
|
|
|
|
VOID
|
|
SeAuditProcessCreation(
|
|
PEPROCESS Process
|
|
);
|
|
|
|
VOID
|
|
SeAuditProcessExit(
|
|
PEPROCESS Process
|
|
);
|
|
|
|
VOID // ntifs
|
|
SeAuditHardLinkCreation( // ntifs
|
|
IN PUNICODE_STRING FileName, // ntifs
|
|
IN PUNICODE_STRING LinkName, // ntifs
|
|
IN BOOLEAN bSuccess // ntifs
|
|
); // ntifs
|
|
|
|
VOID
|
|
SeAuditLPCInvalidUse(
|
|
IN PUNICODE_STRING LpcCallName,
|
|
IN PUNICODE_STRING LpcServerPort
|
|
);
|
|
|
|
VOID
|
|
SeAuditHandleDuplication(
|
|
PVOID SourceHandle,
|
|
PVOID NewHandle,
|
|
PEPROCESS SourceProcess,
|
|
PEPROCESS TargetProcess
|
|
);
|
|
|
|
VOID
|
|
SeMaximumAuditMask(
|
|
IN PACL Sacl,
|
|
IN ACCESS_MASK GrantedAccess,
|
|
IN PACCESS_TOKEN Token,
|
|
OUT PACCESS_MASK pAuditMask
|
|
);
|
|
|
|
VOID
|
|
SeOperationAuditAlarm (
|
|
IN PUNICODE_STRING CapturedSubsystemName OPTIONAL,
|
|
IN PVOID HandleId,
|
|
IN PUNICODE_STRING ObjectTypeName,
|
|
IN ACCESS_MASK AuditMask,
|
|
IN PSID UserSid OPTIONAL
|
|
);
|
|
|
|
VOID
|
|
SeAddSaclToProcess(
|
|
IN PEPROCESS Process,
|
|
IN PACCESS_TOKEN Token,
|
|
IN PVOID Reserved
|
|
);
|
|
|
|
// begin_ntifs
|
|
|
|
VOID
|
|
SeSetAccessStateGenericMapping (
|
|
PACCESS_STATE AccessState,
|
|
PGENERIC_MAPPING GenericMapping
|
|
);
|
|
|
|
// end_ntifs
|
|
|
|
// begin_ntifs
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
SeRegisterLogonSessionTerminatedRoutine(
|
|
IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
SeUnregisterLogonSessionTerminatedRoutine(
|
|
IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
|
|
);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
SeMarkLogonSessionForTerminationNotification(
|
|
IN PLUID LogonId
|
|
);
|
|
|
|
// begin_ntosp
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
SeQueryInformationToken (
|
|
IN PACCESS_TOKEN Token,
|
|
IN TOKEN_INFORMATION_CLASS TokenInformationClass,
|
|
OUT PVOID *TokenInformation
|
|
);
|
|
|
|
// end_ntifs end_ntosp
|
|
|
|
NTSTATUS
|
|
SeIsChildToken(
|
|
IN HANDLE Token,
|
|
OUT PBOOLEAN IsChild
|
|
);
|
|
|
|
NTSTATUS
|
|
SeIsChildTokenByPointer(
|
|
IN PACCESS_TOKEN Token,
|
|
OUT PBOOLEAN IsChild
|
|
);
|
|
|
|
|
|
NTSTATUS
|
|
SeFastFilterToken(
|
|
IN PACCESS_TOKEN ExistingToken,
|
|
IN KPROCESSOR_MODE RequestorMode,
|
|
IN ULONG Flags,
|
|
IN ULONG GroupCount,
|
|
IN PSID_AND_ATTRIBUTES GroupsToDisable OPTIONAL,
|
|
IN ULONG PrivilegeCount,
|
|
IN PLUID_AND_ATTRIBUTES PrivilegesToDelete OPTIONAL,
|
|
IN ULONG SidCount,
|
|
IN PSID_AND_ATTRIBUTES RestrictedSids OPTIONAL,
|
|
IN ULONG SidLength,
|
|
OUT PACCESS_TOKEN * FilteredToken
|
|
);
|
|
|
|
////////////////////////////////////////////////////////////////////////
|
|
// //
|
|
// Global, READ ONLY, Security variables //
|
|
// //
|
|
////////////////////////////////////////////////////////////////////////
|
|
|
|
|
|
// **************************************************************
|
|
//
|
|
// C A V E A T P R O G R A M M E R
|
|
//
|
|
//
|
|
// If you wish to include this file in an NT driver and use SeExports structure
|
|
// defined above, you need to call:
|
|
//
|
|
//
|
|
// SeEnableAccessToExports()
|
|
//
|
|
// exactly once during initialization.
|
|
//
|
|
// C A V E A T P R O G R A M M E R
|
|
//
|
|
// **************************************************************
|
|
#if 0
|
|
#define SeEnableAccessToExports() SeExports = *(PSE_EXPORTS *)SeExports;
|
|
extern PSE_EXPORTS SeExports;
|
|
#else
|
|
|
|
// begin_ntifs begin_ntosp
|
|
//
|
|
// Grants access to SeExports structure
|
|
//
|
|
|
|
extern NTKERNELAPI PSE_EXPORTS SeExports;
|
|
|
|
// end_ntifs end_ntosp
|
|
#endif
|
|
|
|
//
|
|
// Value used to represent the authentication ID of system processes
|
|
//
|
|
|
|
extern const LUID SeSystemAuthenticationId;
|
|
extern const LUID SeAnonymousAuthenticationId;
|
|
|
|
extern const TOKEN_SOURCE SeSystemTokenSource;
|
|
|
|
//
|
|
// Universal well known SIDs
|
|
//
|
|
|
|
extern PSID SeNullSid;
|
|
extern PSID SeWorldSid;
|
|
extern PSID SeLocalSid;
|
|
extern PSID SeCreatorOwnerSid;
|
|
extern PSID SeCreatorGroupSid;
|
|
extern PSID SeCreatorOwnerServerSid;
|
|
extern PSID SeCreatorGroupServerSid;
|
|
extern PSID SePrincipalSelfSid;
|
|
|
|
|
|
//
|
|
// Sids defined by NT
|
|
//
|
|
|
|
extern PSID SeNtAuthoritySid;
|
|
|
|
extern PSID SeDialupSid;
|
|
extern PSID SeNetworkSid;
|
|
extern PSID SeBatchSid;
|
|
extern PSID SeInteractiveSid;
|
|
extern PSID SeLocalSystemSid;
|
|
extern PSID SeAuthenticatedUsersSid;
|
|
extern PSID SeAliasAdminsSid;
|
|
extern PSID SeRestrictedSid;
|
|
extern PSID SeAnonymousLogonSid;
|
|
extern PSID SeAliasUsersSid;
|
|
extern PSID SeAliasGuestsSid;
|
|
extern PSID SeAliasPowerUsersSid;
|
|
extern PSID SeAliasAccountOpsSid;
|
|
extern PSID SeAliasSystemOpsSid;
|
|
extern PSID SeAliasPrintOpsSid;
|
|
extern PSID SeAliasBackupOpsSid;
|
|
|
|
//
|
|
// Well known tokens
|
|
//
|
|
|
|
extern PACCESS_TOKEN SeAnonymousLogonToken;
|
|
extern PACCESS_TOKEN SeAnonymousLogonTokenNoEveryone;
|
|
|
|
//
|
|
// System default DACLs & Security Descriptors
|
|
//
|
|
|
|
extern PSECURITY_DESCRIPTOR SePublicDefaultSd;
|
|
extern PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd;
|
|
extern PSECURITY_DESCRIPTOR SePublicOpenSd;
|
|
extern PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd;
|
|
extern PSECURITY_DESCRIPTOR SeSystemDefaultSd;
|
|
extern PSECURITY_DESCRIPTOR SeLocalServicePublicSd;
|
|
|
|
extern PACL SePublicDefaultDacl;
|
|
extern PACL SePublicDefaultUnrestrictedDacl;
|
|
extern PACL SePublicOpenDacl;
|
|
extern PACL SePublicOpenUnrestrictedDacl;
|
|
extern PACL SeSystemDefaultDacl;
|
|
extern PACL SeUnrestrictedDacl;
|
|
extern PACL SeLocalServicePublicDacl;
|
|
|
|
//
|
|
// Well known privilege values
|
|
//
|
|
|
|
|
|
extern LUID SeCreateTokenPrivilege;
|
|
extern LUID SeAssignPrimaryTokenPrivilege;
|
|
extern LUID SeLockMemoryPrivilege;
|
|
extern LUID SeIncreaseQuotaPrivilege;
|
|
extern LUID SeUnsolicitedInputPrivilege;
|
|
extern LUID SeTcbPrivilege;
|
|
extern LUID SeSecurityPrivilege;
|
|
extern LUID SeTakeOwnershipPrivilege;
|
|
extern LUID SeLoadDriverPrivilege;
|
|
extern LUID SeCreatePagefilePrivilege;
|
|
extern LUID SeIncreaseBasePriorityPrivilege;
|
|
extern LUID SeSystemProfilePrivilege;
|
|
extern LUID SeSystemtimePrivilege;
|
|
extern LUID SeProfileSingleProcessPrivilege;
|
|
extern LUID SeCreatePermanentPrivilege;
|
|
extern LUID SeBackupPrivilege;
|
|
extern LUID SeRestorePrivilege;
|
|
extern LUID SeShutdownPrivilege;
|
|
extern LUID SeDebugPrivilege;
|
|
extern LUID SeAuditPrivilege;
|
|
extern LUID SeSystemEnvironmentPrivilege;
|
|
extern LUID SeChangeNotifyPrivilege;
|
|
extern LUID SeRemoteShutdownPrivilege;
|
|
extern LUID SeUndockPrivilege;
|
|
extern LUID SeSyncAgentPrivilege;
|
|
extern LUID SeEnableDelegationPrivilege;
|
|
extern LUID SeManageVolumePrivilege;
|
|
extern LUID SeImpersonatePrivilege;
|
|
extern LUID SeCreateGlobalPrivilege;
|
|
|
|
//
|
|
// Auditing information array
|
|
//
|
|
|
|
extern SE_AUDITING_STATE SeAuditingState[];
|
|
|
|
extern const UNICODE_STRING SeSubsystemName;
|
|
|
|
|
|
#endif // _SE_
|