ReactOS  0.4.15-dev-5462-g4d0d22a
se.h
Go to the documentation of this file.
1 /*
2  * PROJECT: ReactOS Kernel
3  * LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
4  * PURPOSE: Internal header for the Security Manager
5  * COPYRIGHT: Copyright Eric Kohl
6  * Copyright 2022 George BiČ™oc <george.bisoc@reactos.org>
7  */
8 
9 #pragma once
10 
11 //
12 // Internal ACE type structures
13 //
14 typedef struct _KNOWN_ACE
15 {
20 
21 typedef struct _KNOWN_OBJECT_ACE
22 {
28 
29 typedef struct _KNOWN_COMPOUND_ACE
30 {
37 
38 //
39 // Access Check Rights
40 //
41 typedef struct _ACCESS_CHECK_RIGHTS
42 {
47 
49 {
53 
54 //
55 // Token Audit Policy Information structure
56 //
58 {
60  struct
61  {
64  } Policies[1];
66 
67 //
68 // Token creation method defines (for debugging purposes)
69 //
70 #define TOKEN_CREATE_METHOD 0xCUL
71 #define TOKEN_DUPLICATE_METHOD 0xDUL
72 #define TOKEN_FILTER_METHOD 0xFUL
73 
74 //
75 // Security descriptor internal helpers
76 //
78 PSID
80  _Inout_ PVOID _Descriptor)
81 {
84 
85  if (Descriptor->Control & SE_SELF_RELATIVE)
86  {
88  if (!SdRel->Group) return NULL;
89  return (PSID)((ULONG_PTR)Descriptor + SdRel->Group);
90  }
91  else
92  {
93  return Descriptor->Group;
94  }
95 }
96 
98 PSID
100  _Inout_ PVOID _Descriptor)
101 {
104 
105  if (Descriptor->Control & SE_SELF_RELATIVE)
106  {
108  if (!SdRel->Owner) return NULL;
109  return (PSID)((ULONG_PTR)Descriptor + SdRel->Owner);
110  }
111  else
112  {
113  return Descriptor->Owner;
114  }
115 }
116 
118 PACL
120  _Inout_ PVOID _Descriptor)
121 {
124 
125  if (!(Descriptor->Control & SE_DACL_PRESENT)) return NULL;
126 
127  if (Descriptor->Control & SE_SELF_RELATIVE)
128  {
130  if (!SdRel->Dacl) return NULL;
131  return (PACL)((ULONG_PTR)Descriptor + SdRel->Dacl);
132  }
133  else
134  {
135  return Descriptor->Dacl;
136  }
137 }
138 
140 PACL
142  _Inout_ PVOID _Descriptor)
143 {
146 
147  if (!(Descriptor->Control & SE_SACL_PRESENT)) return NULL;
148 
149  if (Descriptor->Control & SE_SELF_RELATIVE)
150  {
152  if (!SdRel->Sacl) return NULL;
153  return (PACL)((ULONG_PTR)Descriptor + SdRel->Sacl);
154  }
155  else
156  {
157  return Descriptor->Sacl;
158  }
159 }
160 
161 #ifndef RTL_H
162 
163 //
164 // SID Authorities
165 //
171 
172 //
173 // SIDs
174 //
175 extern PSID SeNullSid;
176 extern PSID SeWorldSid;
177 extern PSID SeLocalSid;
178 extern PSID SeCreatorOwnerSid;
179 extern PSID SeCreatorGroupSid;
182 extern PSID SeNtAuthoritySid;
183 extern PSID SeDialupSid;
184 extern PSID SeNetworkSid;
185 extern PSID SeBatchSid;
186 extern PSID SeInteractiveSid;
187 extern PSID SeServiceSid;
189 extern PSID SePrincipalSelfSid;
190 extern PSID SeLocalSystemSid;
193 extern PSID SeAliasAdminsSid;
194 extern PSID SeAliasUsersSid;
195 extern PSID SeAliasGuestsSid;
199 extern PSID SeAliasPrintOpsSid;
202 extern PSID SeRestrictedSid;
204 extern PSID SeLocalServiceSid;
206 
207 //
208 // Privileges
209 //
210 extern const LUID SeCreateTokenPrivilege;
212 extern const LUID SeLockMemoryPrivilege;
213 extern const LUID SeIncreaseQuotaPrivilege;
214 extern const LUID SeUnsolicitedInputPrivilege;
215 extern const LUID SeTcbPrivilege;
216 extern const LUID SeSecurityPrivilege;
217 extern const LUID SeTakeOwnershipPrivilege;
218 extern const LUID SeLoadDriverPrivilege;
219 extern const LUID SeSystemProfilePrivilege;
220 extern const LUID SeSystemtimePrivilege;
223 extern const LUID SeCreatePagefilePrivilege;
224 extern const LUID SeCreatePermanentPrivilege;
225 extern const LUID SeBackupPrivilege;
226 extern const LUID SeRestorePrivilege;
227 extern const LUID SeShutdownPrivilege;
228 extern const LUID SeDebugPrivilege;
229 extern const LUID SeAuditPrivilege;
231 extern const LUID SeChangeNotifyPrivilege;
232 extern const LUID SeRemoteShutdownPrivilege;
233 extern const LUID SeUndockPrivilege;
234 extern const LUID SeSyncAgentPrivilege;
235 extern const LUID SeEnableDelegationPrivilege;
236 extern const LUID SeManageVolumePrivilege;
237 extern const LUID SeImpersonatePrivilege;
238 extern const LUID SeCreateGlobalPrivilege;
239 extern const LUID SeTrustedCredmanPrivilege;
240 extern const LUID SeRelabelPrivilege;
242 extern const LUID SeTimeZonePrivilege;
244 
245 //
246 // DACLs
247 //
249 extern PACL SePublicOpenDacl;
251 extern PACL SeUnrestrictedDacl;
253 
254 //
255 // SDs
256 //
264 
265 //
266 // Anonymous Logon Tokens
267 //
270 
271 
272 //
273 // Token lock management macros
274 //
275 #define SepAcquireTokenLockExclusive(Token) \
276 { \
277  KeEnterCriticalRegion(); \
278  ExAcquireResourceExclusiveLite(((PTOKEN)Token)->TokenLock, TRUE); \
279 }
280 #define SepAcquireTokenLockShared(Token) \
281 { \
282  KeEnterCriticalRegion(); \
283  ExAcquireResourceSharedLite(((PTOKEN)Token)->TokenLock, TRUE); \
284 }
285 
286 #define SepReleaseTokenLock(Token) \
287 { \
288  ExReleaseResourceLite(((PTOKEN)Token)->TokenLock); \
289  KeLeaveCriticalRegion(); \
290 }
291 
292 #if DBG
293 //
294 // Security Debug Utility Functions
295 //
296 VOID
299 
300 VOID
303 
304 VOID
306  _In_opt_ PACCESS_CHECK_RIGHTS AccessRights);
307 #endif // DBG
308 
309 //
310 // Token Functions
311 //
312 CODE_SEG("INIT")
313 VOID
314 NTAPI
316 
317 CODE_SEG("INIT")
318 PTOKEN
319 NTAPI
321 
322 CODE_SEG("INIT")
323 PTOKEN
325 
326 CODE_SEG("INIT")
327 PTOKEN
329 
330 NTSTATUS
331 NTAPI
333  _In_ PTOKEN Token,
339  _Out_ PTOKEN* NewAccessToken);
340 
341 NTSTATUS
342 NTAPI
350  _In_ PLUID AuthenticationId,
351  _In_ PLARGE_INTEGER ExpirationTime,
353  _In_ ULONG GroupCount,
355  _In_ ULONG GroupsLength,
356  _In_ ULONG PrivilegeCount,
360  _In_opt_ PACL DefaultDacl,
362  _In_ BOOLEAN SystemToken);
363 
364 BOOLEAN
365 NTAPI
367  _In_ PACCESS_TOKEN _Token,
369  _In_ BOOLEAN TokenLocked);
370 
371 NTSTATUS
374 
375 VOID
378 
379 VOID
382 
383 NTSTATUS
385  _In_ PTOKEN Token,
387  _In_opt_ PSID DefaultOwner,
388  _Out_opt_ PULONG PrimaryGroupIndex,
389  _Out_opt_ PULONG DefaultOwnerIndex);
390 
391 VOID
394  _In_ ULONG Index);
395 
396 VOID
399 
400 VOID
403  _In_ ULONG Index);
404 
405 VOID
408  _In_ ULONG Index);
409 
410 ULONG
412  _In_ ULONG DynamicCharged,
414  _In_opt_ PACL DefaultDacl);
415 
416 NTSTATUS
418  _In_ PTOKEN Token,
419  _In_ ULONG NewDynamicPartSize);
420 
421 BOOLEAN
422 NTAPI
424  _In_ PTOKEN ProcessToken,
425  _In_ PTOKEN TokenToImpersonate,
427 
428 VOID
429 NTAPI
431  _In_ PACCESS_TOKEN _Token,
432  _Out_ PTOKEN_CONTROL TokenControl);
433 
434 VOID
435 NTAPI
438 
439 NTSTATUS
440 NTAPI
443  _Out_ PTOKEN *Token,
444  _In_ BOOLEAN InUse,
446 
447 NTSTATUS
448 NTAPI
450  _In_ PTOKEN Token,
452 
453 NTSTATUS
454 NTAPI
456  _In_ PTOKEN Token,
457  _Out_ PBOOLEAN IsSibling);
458 
459 NTSTATUS
460 NTAPI
463  _In_ PACCESS_TOKEN NewAccessToken,
464  _Out_ PACCESS_TOKEN* OldAccessToken);
465 
466 NTSTATUS
467 NTAPI
472  _Out_ PACCESS_TOKEN* NewToken);
473 
474 BOOLEAN
475 NTAPI
477  _In_ PTOKEN Token);
478 
479 ULONG
481  _In_ ULONG Count,
483 
484 //
485 // Security Manager (SeMgr) functions
486 //
487 CODE_SEG("INIT")
488 BOOLEAN
489 NTAPI
491 
492 NTSTATUS
493 NTAPI
495  _In_ PVOID Object,
496  _In_ SECURITY_OPERATION_CODE OperationType,
500  _Inout_opt_ PSECURITY_DESCRIPTOR *OldSecurityDescriptor,
503 
504 VOID
505 NTAPI
509 
510 VOID
511 NTAPI
515 
516 //
517 // Privilege functions
518 //
519 CODE_SEG("INIT")
520 VOID
521 NTAPI
523 
524 BOOLEAN
525 NTAPI
527  _In_ PTOKEN Token,
529  _In_ ULONG PrivilegeCount,
530  _In_ ULONG PrivilegeControl,
532 
533 NTSTATUS
534 NTAPI
539  _In_ PTOKEN Token,
540  _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet,
542 
543 BOOLEAN
544 NTAPI
548 
549 BOOLEAN
550 NTAPI
552  _In_ LUID PrivilegeValue,
553  _In_ HANDLE ObjectHandle,
556 
557 NTSTATUS
558 NTAPI
561  _In_ ULONG PrivilegeCount,
563  _In_ PLUID_AND_ATTRIBUTES AllocatedMem,
564  _In_ ULONG AllocatedLength,
566  _In_ BOOLEAN CaptureIfKernel,
569 
570 VOID
571 NTAPI
575  _In_ BOOLEAN CaptureIfKernel);
576 
577 //
578 // SID functions
579 //
580 CODE_SEG("INIT")
581 BOOLEAN
582 NTAPI
584 
585 NTSTATUS
586 NTAPI
588  _In_ PSID InputSid,
591  _In_ BOOLEAN CaptureIfKernel,
592  _Out_ PSID *CapturedSid);
593 
594 VOID
595 NTAPI
597  _In_ PSID CapturedSid,
599  _In_ BOOLEAN CaptureIfKernel);
600 
601 BOOLEAN
602 NTAPI
604  _In_ PACCESS_TOKEN _Token,
605  _In_ PSID Sid);
606 
607 BOOLEAN
608 NTAPI
610  _In_ PACCESS_TOKEN _Token,
611  _In_ PSID PrincipalSelfSid,
612  _In_ PSID _Sid,
613  _In_ BOOLEAN Deny,
615 
616 PSID
617 NTAPI
620  _In_ PACE Ace);
621 
622 NTSTATUS
623 NTAPI
625  _In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes,
626  _In_ ULONG AttributeCount,
628  _In_opt_ PVOID AllocatedMem,
629  _In_ ULONG AllocatedLength,
631  _In_ BOOLEAN CaptureIfKernel,
632  _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes,
634 
635 VOID
636 NTAPI
638  _In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes,
640  _In_ BOOLEAN CaptureIfKernel);
641 
642 //
643 // ACL functions
644 //
645 CODE_SEG("INIT")
646 BOOLEAN
647 NTAPI
649 
650 NTSTATUS
651 NTAPI
653  _In_ PTOKEN Token,
654  _In_ PTOKEN PrimaryToken,
655  _Out_ PACL* Dacl);
656 
657 NTSTATUS
658 NTAPI
660  _In_ PACL InputAcl,
663  _In_ BOOLEAN CaptureIfKernel,
664  _Out_ PACL *CapturedAcl);
665 
666 VOID
667 NTAPI
669  _In_ PACL CapturedAcl,
671  _In_ BOOLEAN CaptureIfKernel);
672 
673 NTSTATUS
675  _Out_writes_bytes_opt_(DaclLength) PACL AclDest,
677  _In_reads_bytes_(AclSource->AclSize) PACL AclSource,
678  _In_ PSID Owner,
679  _In_ PSID Group,
680  _In_ BOOLEAN IsInherited,
683 
684 PACL
686  _In_opt_ PACL ExplicitAcl,
687  _In_ BOOLEAN ExplicitPresent,
688  _In_ BOOLEAN ExplicitDefaulted,
689  _In_opt_ PACL ParentAcl,
690  _In_opt_ PACL DefaultAcl,
692  _In_ PSID Owner,
693  _In_ PSID Group,
694  _Out_ PBOOLEAN AclPresent,
695  _Out_ PBOOLEAN IsInherited,
698 
699 //
700 // SD functions
701 //
702 CODE_SEG("INIT")
703 BOOLEAN
704 NTAPI
706 
707 NTSTATUS
708 NTAPI
713 
714 NTSTATUS
715 NTAPI
718  _Out_ PULONG QuotaInfoSize);
719 
720 //
721 // Security Reference Monitor (SeRm) functions
722 //
723 BOOLEAN
724 NTAPI
726 
727 BOOLEAN
728 NTAPI
730 
731 NTSTATUS
732 NTAPI
735 
736 NTSTATUS
737 NTAPI
740 
741 NTSTATUS
743  _Inout_ PLUID LogonLuid);
744 
745 NTSTATUS
747  _Inout_ PLUID LogonLuid);
748 
749 NTSTATUS
750 NTAPI
757 
758 NTSTATUS
759 NTAPI
762  _Out_ PDEVICE_MAP *DeviceMap);
763 
764 //
765 // Audit functions
766 //
767 NTSTATUS
768 NTAPI
771  _In_ BOOLEAN DoAudit,
772  _Out_ POBJECT_NAME_INFORMATION *AuditInfo);
773 
774 BOOLEAN
775 NTAPI
777  _In_ PTOKEN Token);
778 
779 VOID
780 NTAPI
783 
784 VOID
785 NTAPI
788 
789 VOID
790 NTAPI
794  _In_ PPRIVILEGE_SET PrivilegeSet,
796 
797 //
798 // Subject functions
799 //
800 VOID
801 NTAPI
806 
807 //
808 // Security Quality of Service (SQoS) functions
809 //
810 NTSTATUS
811 NTAPI
816  _In_ BOOLEAN CaptureIfKernel,
817  _Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService,
818  _Out_ PBOOLEAN Present);
819 
820 VOID
821 NTAPI
823  _In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService,
825  _In_ BOOLEAN CaptureIfKernel);
826 
827 //
828 // Object type list functions
829 //
830 NTSTATUS
832  _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
833  _In_ ULONG ObjectTypeListLength,
835  _Out_ POBJECT_TYPE_LIST *CapturedObjectTypeList);
836 
837 VOID
839  _In_ _Post_invalid_ POBJECT_TYPE_LIST CapturedObjectTypeList,
841 
842 //
843 // Access state functions
844 //
845 NTSTATUS
846 NTAPI
851  _In_ PAUX_ACCESS_DATA AuxData,
852  _In_ ACCESS_MASK Access,
854 
855 //
856 // Access check functions
857 //
858 BOOLEAN
859 NTAPI
865 
866 #endif
867 
868 /* EOF */
NTSTATUS NTAPI SeSetWorldSecurityDescriptor(_In_ SECURITY_INFORMATION SecurityInformation, _In_ PISECURITY_DESCRIPTOR SecurityDescriptor, _In_ PULONG BufferLength)
Sets a "World" security descriptor.
Definition: sd.c:155
PTOKEN SeAnonymousLogonTokenNoEveryone
Definition: semgr.c:20
struct _KNOWN_ACE * PKNOWN_ACE
const LUID SeSystemEnvironmentPrivilege
Definition: priv.c:41
const LUID SeTimeZonePrivilege
Definition: priv.c:53
const LUID SeRemoteShutdownPrivilege
Definition: priv.c:43
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:39
const LUID SeCreateSymbolicLinkPrivilege
Definition: priv.c:54
const uint16_t * PCWSTR
Definition: typedefs.h:57
NTSTATUS NTAPI SepRegQueryHelper(_In_ PCWSTR KeyName, _In_ PCWSTR ValueName, _In_ ULONG ValueType, _In_ ULONG DataLength, _Out_ PVOID ValueData)
A private registry helper that returns the desired value data based on the specifics requested by the...
Definition: srm.c:93
#define SE_SACL_PRESENT
Definition: setypes.h:819
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
Definition: wdfdevice.h:3767
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
VOID SepDumpSdDebugInfo(_In_opt_ PISECURITY_DESCRIPTOR SecurityDescriptor)
Dumps debug information of a security descriptor to the debugger.
Definition: debug.c:215
ACE_HEADER Header
Definition: se.h:16
const LUID SeSystemtimePrivilege
Definition: priv.c:31
PSID SeRestrictedCodeSid
Definition: sid.c:40
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
ULONG SepComputeAvailableDynamicSpace(_In_ ULONG DynamicCharged, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl)
Computes the exact available dynamic area of an access token whilst querying token statistics.
Definition: token.c:659
NTSTATUS NTAPI SepRmInsertLogonSessionIntoToken(_Inout_ PTOKEN Token)
Inserts a logon session into an access token specified by the caller.
Definition: srm.c:368
_Must_inspect_result_ _In_ WDFIORESLIST _In_ PIO_RESOURCE_DESCRIPTOR Descriptor
Definition: wdfresource.h:339
#define SE_SELF_RELATIVE
Definition: setypes.h:830
#define _In_opt_
Definition: ms_sal.h:309
PACL SePublicDefaultUnrestrictedDacl
Definition: acl.c:18
#define _Inout_
Definition: ms_sal.h:378
const LUID SeIncreaseQuotaPrivilege
Definition: priv.c:24
const LUID SeIncreaseWorkingSetPrivilege
Definition: priv.c:52
VOID NTAPI SepReleaseAcl(_In_ PACL CapturedAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) a captured ACL from the memory pool.
Definition: acl.c:464
Definition: se.h:14
VOID SeReleaseObjectTypeList(_In_ _Post_invalid_ POBJECT_TYPE_LIST CapturedObjectTypeList, _In_ KPROCESSOR_MODE PreviousMode)
Releases a buffer list of object types.
Definition: objtype.c:107
PTOKEN NTAPI SepCreateSystemProcessToken(VOID)
Creates the system process token.
Definition: token.c:1507
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Internal function responsible for access token object creation in the kernel. A fully created token o...
Definition: tokenlif.c:97
const LUID SeCreateTokenPrivilege
Definition: priv.c:21
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID with attributes.
Definition: sid.c:994
#define _Out_
Definition: ms_sal.h:345
const LUID SeCreatePermanentPrivilege
Definition: priv.c:35
NTSTATUS NTAPI SeComputeQuotaInformationSize(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PULONG QuotaInfoSize)
const LUID SeDebugPrivilege
Definition: priv.c:39
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Src, _In_ ULONG PrivilegeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_ PLUID_AND_ATTRIBUTES AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PLUID_AND_ATTRIBUTES *Dest, _Inout_ PULONG Length)
const LUID SeBackupPrivilege
Definition: priv.c:36
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
PSECURITY_DESCRIPTOR SeSystemDefaultSd
Definition: sd.c:20
NTSTATUS NTAPI SepCaptureSid(_In_ PSID InputSid, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID *CapturedSid)
Captures a SID.
Definition: sid.c:314
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
Definition: sefuncs.h:29
_In_opt_ PSID Group
Definition: rtlfuncs.h:1646
VOID NTAPI SeSetSecurityAccessMask(_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess)
Sets the access mask for a security information context.
Definition: semgr.c:460
struct _KNOWN_OBJECT_ACE * PKNOWN_OBJECT_ACE
PSECURITY_DESCRIPTOR SeSystemAnonymousLogonSd
Definition: sd.c:22
ULONG SessionId
Definition: dllmain.c:28
LONG NTSTATUS
Definition: precomp.h:26
const LUID SeEnableDelegationPrivilege
Definition: priv.c:46
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
PSID SeAuthenticatedUserSid
Definition: sid.c:39
VOID NTAPI SepInitPrivileges(VOID)
Initializes the privileges during the startup phase of the security manager module....
Definition: priv.c:71
PSID SeAliasBackupOpsSid
Definition: sid.c:48
ACCESS_MASK Mask
Definition: se.h:17
USHORT Reserved
Definition: se.h:34
NTSTATUS SepPropagateAcl(_Out_writes_bytes_opt_(DaclLength) PACL AclDest, _Inout_ PULONG AclLength, _In_reads_bytes_(AclSource->AclSize) PACL AclSource, _In_ PSID Owner, _In_ PSID Group, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
NTSTATUS NTAPI SeIsTokenChild(_In_ PTOKEN Token, _Out_ PBOOLEAN IsChild)
Checks if the token is a child of the other token of the current process that the calling thread is i...
Definition: token.c:1187
PTOKEN SeAnonymousLogonToken
Definition: semgr.c:19
SID_IDENTIFIER_AUTHORITY SeNtSidAuthority
Definition: sid.c:22
NTSTATUS NTAPI SeGetLogonIdDeviceMap(_In_ PLUID LogonId, _Out_ PDEVICE_MAP *DeviceMap)
Retrieves the DOS device map from a logon session.
Definition: srm.c:1347
FORCEINLINE PSID SepGetGroupFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:79
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR Level
Definition: wmitypes.h:55
PSID SeRestrictedSid
Definition: sid.c:50
const LUID SeAssignPrimaryTokenPrivilege
Definition: priv.c:22
NTSTATUS NTAPI SeDefaultObjectMethod(_In_ PVOID Object, _In_ SECURITY_OPERATION_CODE OperationType, _In_ PSECURITY_INFORMATION SecurityInformation, _Inout_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_opt_ PULONG ReturnLength, _Inout_opt_ PSECURITY_DESCRIPTOR *OldSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
FORCEINLINE PSID SepGetOwnerFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:99
const LUID SeSystemProfilePrivilege
Definition: priv.c:30
NTSTATUS NTAPI SeExchangePrimaryToken(_In_ PEPROCESS Process, _In_ PACCESS_TOKEN NewAccessToken, _Out_ PACCESS_TOKEN *OldAccessToken)
Replaces the old access token of a process (pointed by the EPROCESS kernel structure) with a new acce...
Definition: token.c:846
PSID SeAuthenticatedUsersSid
Definition: sid.c:49
NTSTATUS SepCreateTokenLock(_Inout_ PTOKEN Token)
Creates a lock for the token.
Definition: token.c:45
#define SE_DACL_PRESENT
Definition: setypes.h:817
TOpcodeData Groups[17][8]
VOID SepRemoveUserGroupToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Removes a group from the token.
Definition: token.c:618
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _In_ ULONG _Out_opt_ PULONG _Out_opt_ PULONG ValueType
Definition: wdfregistry.h:279
PSID SeCreatorOwnerServerSid
Definition: sid.c:29
PSID SeAliasPrintOpsSid
Definition: sid.c:47
const LUID SeTrustedCredmanPrivilege
Definition: priv.c:50
SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority
Definition: sid.c:19
ACE_HEADER Header
Definition: se.h:23
#define _In_reads_opt_(size)
Definition: ms_sal.h:320
PSID SeAliasAccountOpsSid
Definition: sid.c:45
const LUID SeSyncAgentPrivilege
Definition: priv.c:45
VOID NTAPI SepReleaseSid(_In_ PSID CapturedSid, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID.
Definition: sid.c:400
BOOLEAN NTAPI SepInitSecurityIDs(VOID)
Initializes all the SIDs known in the system.
Definition: sid.c:115
BOOLEAN NTAPI SepInitDACLs(VOID)
Initializes known discretionary access control lists in the system upon kernel and Executive initiali...
Definition: acl.c:38
const LUID SeChangeNotifyPrivilege
Definition: priv.c:42
NTSTATUS NTAPI SeSubProcessToken(_In_ PTOKEN Parent, _Out_ PTOKEN *Token, _In_ BOOLEAN InUse, _In_ ULONG SessionId)
Subtracts a token in exchange of duplicating a new one.
Definition: token.c:1127
NTSTATUS SepRmDereferenceLogonSession(_Inout_ PLUID LogonLuid)
PSECURITY_DESCRIPTOR SeUnrestrictedSd
Definition: sd.c:21
struct _KNOWN_ACE KNOWN_ACE
PSECURITY_DESCRIPTOR SePublicDefaultSd
Definition: sd.c:16
BOOLEAN NTAPI SeCheckPrivilegedObject(_In_ LUID PrivilegeValue, _In_ HANDLE ObjectHandle, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE PreviousMode)
Checks a privileged object if such object has the specific privilege submitted by the caller.
Definition: priv.c:803
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
BOOLEAN NTAPI SeFastTraverseCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE AccessMode)
Determines whether security access rights can be given to an object depending on the security descrip...
Definition: accesschk.c:1054
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311
PSID SeCreatorGroupSid
Definition: sid.c:28
PACL SePublicOpenDacl
Definition: acl.c:19
VOID SepDumpTokenDebugInfo(_In_opt_ PTOKEN Token)
Dumps debug information of an access token to the debugger.
Definition: debug.c:274
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
PTOKEN SepCreateSystemAnonymousLogonToken(VOID)
Creates the anonymous logon token for the system. The difference between this token and the other one...
Definition: token.c:1657
PSID SeNtAuthoritySid
Definition: sid.c:31
PSID SePrincipalSelfSid
Definition: sid.c:37
VOID SepUpdatePrivilegeFlagsToken(_Inout_ PTOKEN Token)
Updates the token's flags based upon the privilege that the token has been granted....
Definition: token.c:554
PSID SeServiceSid
Definition: sid.c:36
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
VOID NTAPI SepInitializeTokenImplementation(VOID)
Internal function that initializes critical kernel data for access token implementation in SRM.
Definition: token.c:1403
NTSTATUS NTAPI SepCaptureAcl(_In_ PACL InputAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PACL *CapturedAcl)
Captures an access control list from an already valid input ACL.
Definition: acl.c:352
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
Definition: card.h:12
FORCEINLINE PACL SepGetSaclFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:141
NTSTATUS SepRmReferenceLogonSession(_Inout_ PLUID LogonLuid)
unsigned char BOOLEAN
PSID SeNetworkServiceSid
Definition: sid.c:53
BOOLEAN NTAPI SeTokenIsInert(_In_ PTOKEN Token)
Determines if a token is a sandbox inert token or not, based upon the token flags.
Definition: token.c:1337
const LUID SeLoadDriverPrivilege
Definition: priv.c:29
const LUID SeManageVolumePrivilege
Definition: priv.c:47
const LUID SeTakeOwnershipPrivilege
Definition: priv.c:28
#define _In_
Definition: ms_sal.h:308
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1130
const LUID SeCreateGlobalPrivilege
Definition: priv.c:49
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
_In_ ULONG _In_opt_ WDFREQUEST _In_opt_ PVOID _In_ size_t _In_ PVOID _In_ size_t _Out_ size_t * DataLength
Definition: cdrom.h:1437
_Must_inspect_result_ _In_ WDFDEVICE _In_ PCUNICODE_STRING KeyName
Definition: wdfdevice.h:2697
NTSTATUS NTAPI SeIsTokenSibling(_In_ PTOKEN Token, _Out_ PBOOLEAN IsSibling)
Checks if the token is a sibling of the other token of the current process that the calling thread is...
Definition: token.c:1236
_In_ WDFREQUEST _In_ WDFFILEOBJECT FileObject
Definition: wdfdevice.h:547
struct _TOKEN_AUDIT_POLICY_INFORMATION TOKEN_AUDIT_POLICY_INFORMATION
#define _Out_writes_bytes_opt_(size)
Definition: ms_sal.h:351
PSID SeAliasUsersSid
Definition: sid.c:42
UNICODE_STRING Restricted
Definition: utils.c:24
ULONG Flags
Definition: se.h:25
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1599
ACCESS_MASK RemainingAccessRights
Definition: se.h:43
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
int Count
Definition: noreturn.cpp:7
ACE_HEADER Header
Definition: se.h:31
const LUID SeCreatePagefilePrivilege
Definition: priv.c:34
LPTSTR ServiceName
Definition: ServiceMain.c:15
const LUID SeRestorePrivilege
Definition: priv.c:37
VOID NTAPI SeReleaseLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Privilege, _In_ KPROCESSOR_MODE PreviousMode, _In_ BOOLEAN CaptureIfKernel)
Releases a LUID with attributes structure.
Definition: priv.c:554
DWORD * PSECURITY_INFORMATION
Definition: ms-dtyp.idl:311
VOID NTAPI SePrivilegedServiceAuditAlarm(_In_opt_ PUNICODE_STRING ServiceName, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN AccessGranted)
Performs an audit alarm to a privileged service request.
Definition: audit.c:369
INT POOL_TYPE
Definition: typedefs.h:78
_In_ WDFCOLLECTION _In_ ULONG Index
struct _KNOWN_COMPOUND_ACE KNOWN_COMPOUND_ACE
ULONG SidStart
Definition: se.h:26
SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority
Definition: sid.c:20
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:154
_In_ GUID _In_ PVOID ValueData
Definition: hubbusif.h:311
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2652
PSID SeLocalServiceSid
Definition: sid.c:52
const LUID SeRelabelPrivilege
Definition: priv.c:51
const LUID SeImpersonatePrivilege
Definition: priv.c:48
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
Definition: user_lib.cpp:531
SID_IDENTIFIER_AUTHORITY SeNullSidAuthority
Definition: sid.c:18
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
* PFILE_OBJECT
Definition: iotypes.h:1998
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING ValueName
Definition: wdfregistry.h:240
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1593
unsigned char UCHAR
Definition: xmlstorage.h:181
char * PBOOLEAN
Definition: retypes.h:11
BOOLEAN NTAPI SeRmInitPhase0(VOID)
Manages the phase 0 initialization of the security reference monitoring module of the kernel.
Definition: srm.c:176
PSID SeAliasAdminsSid
Definition: sid.c:41
PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
Definition: sd.c:19
VOID NTAPI SepReleaseSecurityQualityOfService(_In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) the captured SQOS data from an object in the memory pool.
Definition: sqos.c:225
PSID SeCreatorOwnerSid
Definition: sid.c:27
USHORT CompoundAceType
Definition: se.h:33
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
Captures a SID with attributes.
Definition: sid.c:711
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
#define _Inout_opt_
Definition: ms_sal.h:379
const LUID SeLockMemoryPrivilege
Definition: priv.c:23
VOID SepRemovePrivilegeToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Removes a privilege from the token.
Definition: token.c:582
NTSTATUS NTAPI SePrivilegePolicyCheck(_Inout_ PACCESS_MASK DesiredAccess, _Inout_ PACCESS_MASK GrantedAccess, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PTOKEN Token, _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet, _In_ KPROCESSOR_MODE PreviousMode)
Checks the security policy and returns a set of privileges based upon the said security policy contex...
Definition: priv.c:244
struct _ACCESS_CHECK_RIGHTS * PACCESS_CHECK_RIGHTS
enum _ACCESS_CHECK_RIGHT_TYPE ACCESS_CHECK_RIGHT_TYPE
NTSTATUS NTAPI SeInitializeProcessAuditName(_In_ PFILE_OBJECT FileObject, _In_ BOOLEAN DoAudit, _Out_ POBJECT_NAME_INFORMATION *AuditInfo)
Initializes a process audit name and returns it to the caller.
Definition: audit.c:105
ACCESS_MASK GrantedAccessRights
Definition: se.h:44
const LUID SeProfileSingleProcessPrivilege
Definition: priv.c:32
#define _Post_invalid_
Definition: ms_sal.h:695
PSID SeWorldSid
Definition: sid.c:25
PSID NTAPI SepGetSidFromAce(_In_ UCHAR AceType, _In_ PACE Ace)
Captures a security identifier from a given access control entry. This identifier is valid for the wh...
Definition: sid.c:579
const LUID SeIncreaseBasePriorityPrivilege
Definition: priv.c:33
enum _TOKEN_TYPE TOKEN_TYPE
PSID SeLocalSid
Definition: sid.c:26
PSID SeAliasGuestsSid
Definition: sid.c:43
BOOLEAN NTAPI SepSidInTokenEx(_In_ PACCESS_TOKEN _Token, _In_ PSID PrincipalSelfSid, _In_ PSID _Sid, _In_ BOOLEAN Deny, _In_ BOOLEAN Restricted)
Checks if a SID is present in a token.
Definition: sid.c:443
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
NTSTATUS NTAPI SepRmRemoveLogonSessionFromToken(_Inout_ PTOKEN Token)
Removes a logon session from an access token.
Definition: srm.c:449
const LUID SeTcbPrivilege
Definition: priv.c:26
VOID NTAPI SeDeassignPrimaryToken(_Inout_ PEPROCESS Process)
Removes the primary token of a process.
Definition: token.c:936
NTSTATUS SepRebuildDynamicPartOfToken(_In_ PTOKEN Token, _In_ ULONG NewDynamicPartSize)
static const ACEFLAG AceType[]
Definition: security.c:2382
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
struct _TOKEN_AUDIT_POLICY_INFORMATION::@1768 Policies[1]
NTSTATUS NTAPI SeCopyClientToken(_In_ PACCESS_TOKEN Token, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PACCESS_TOKEN *NewToken)
Copies an existing access token (technically duplicating a new one).
Definition: token.c:1296
const LUID SeShutdownPrivilege
Definition: priv.c:38
PSID SeAliasPowerUsersSid
Definition: sid.c:44
PSID SeCreatorGroupServerSid
Definition: sid.c:30
NTSTATUS NTAPI SeCreateAccessStateEx(_In_ PETHREAD Thread, _In_ PEPROCESS Process, _In_ OUT PACCESS_STATE AccessState, _In_ PAUX_ACCESS_DATA AuxData, _In_ ACCESS_MASK Access, _In_ PGENERIC_MAPPING GenericMapping)
VOID SepDeleteTokenLock(_Inout_ PTOKEN Token)
Deletes a lock of a token.
Definition: token.c:74
BOOLEAN NTAPI SeInitSystem(VOID)
Main security manager initialization function.
Definition: semgr.c:285
ACCESS_MASK Mask
Definition: se.h:32
PSID SeDialupSid
Definition: sid.c:32
unsigned short USHORT
Definition: pedump.c:61
VOID SepUpdateSinglePrivilegeFlagToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Updates the token's flags based upon the privilege that the token has been granted....
Definition: token.c:442
PSID SeAliasSystemOpsSid
Definition: sid.c:46
SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority
Definition: sid.c:21
BOOLEAN NTAPI SeTokenCanImpersonate(_In_ PTOKEN ProcessToken, _In_ PTOKEN TokenToImpersonate, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Ensures that client impersonation can occur by checking if the token we're going to assign as the imp...
Definition: token.c:1969
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:414
ULONG RtlLengthSidAndAttributes(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src)
Computes the length size of a SID.
Definition: token.c:965
BOOLEAN NTAPI SepPrivilegeCheck(_In_ PTOKEN Token, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_ ULONG PrivilegeCount, _In_ ULONG PrivilegeControl, _In_ KPROCESSOR_MODE PreviousMode)
Checks the privileges pointed by Privileges array argument if they exist and match with the privilege...
Definition: priv.c:104
VOID NTAPI SeGetTokenControlInformation(_In_ PACCESS_TOKEN _Token, _Out_ PTOKEN_CONTROL TokenControl)
Retrieves token control information.
Definition: token.c:1474
_ACCESS_CHECK_RIGHT_TYPE
Definition: se.h:48
#define FORCEINLINE
Definition: wdftypes.h:67
VOID NTAPI SeCaptureSubjectContextEx(_In_ PETHREAD Thread, _In_ PEPROCESS Process, _Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
An extended function that captures the security subject context based upon the specified thread and p...
Definition: subject.c:41
#define _Out_opt_
Definition: ms_sal.h:346
unsigned int * PULONG
Definition: retypes.h:1
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1597
#define NULL
Definition: types.h:112
ACCESS_MASK Mask
Definition: se.h:24
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
BOOLEAN NTAPI SeCheckAuditPrivilege(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Checks a single privilege and performs an audit against a privileged service based on a security subj...
Definition: priv.c:360
struct _KNOWN_OBJECT_ACE KNOWN_OBJECT_ACE
ULONG SidStart
Definition: se.h:18
ULONG SidStart
Definition: se.h:35
struct _ACCESS_CHECK_RIGHTS ACCESS_CHECK_RIGHTS
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn UINT32 *TableIdx UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
Definition: acpixf.h:732
struct _TOKEN_AUDIT_POLICY_INFORMATION * PTOKEN_AUDIT_POLICY_INFORMATION
BOOL WINAPI IsChild(_In_ HWND, _In_ HWND)
const LUID SeSecurityPrivilege
Definition: priv.c:27
BOOLEAN NTAPI SepTokenIsOwner(_In_ PACCESS_TOKEN _Token, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN TokenLocked)
Checks if a token belongs to the main user, being the owner.
Definition: token.c:511
PSID SeLocalSystemSid
Definition: sid.c:38
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
PSECURITY_DESCRIPTOR SePublicOpenSd
Definition: sd.c:18
VOID SepDumpAccessRightsStats(_In_opt_ PACCESS_CHECK_RIGHTS AccessRights)
Dumps security access rights to the debugger.
Definition: debug.c:315
#define OUT
Definition: typedefs.h:40
PACL SeUnrestrictedDacl
Definition: acl.c:21
PACL SePublicOpenUnrestrictedDacl
Definition: acl.c:20
VOID NTAPI SeAuditProcessExit(_In_ PEPROCESS Process)
Peforms a security auditing against a process that is about to be terminated.
Definition: audit.c:77
BOOLEAN NTAPI SepSidInToken(_In_ PACCESS_TOKEN _Token, _In_ PSID Sid)
Checks if a SID is present in a token.
Definition: sid.c:547
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
PSID SeNetworkSid
Definition: sid.c:33
unsigned int ULONG
Definition: retypes.h:1
ACCESS_MASK * PACCESS_MASK
Definition: nt_native.h:41
#define ULONG_PTR
Definition: config.h:101
FORCEINLINE PACL SepGetDaclFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:119
const LUID SeUnsolicitedInputPrivilege
Definition: priv.c:25
BOOLEAN NTAPI SeRmInitPhase1(VOID)
Manages the phase 1 initialization of the security reference monitoring module of the kernel.
Definition: srm.c:211
PSID SeInteractiveSid
Definition: sid.c:35
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3776
PSID SeBatchSid
Definition: sid.c:34
PSID SeAnonymousLogonSid
Definition: se.h:203
ACCESS_MASK DeniedAccessRights
Definition: se.h:45
const LUID SeUndockPrivilege
Definition: priv.c:44
NTSTATUS NTAPI SepCaptureSecurityQualityOfService(_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, _Out_ PBOOLEAN Present)
Captures the security quality of service data given the object attributes from an object.
Definition: sqos.c:52
VOID NTAPI SeQuerySecurityAccessMask(_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess)
Queries the access mask from a security information context.
Definition: semgr.c:427
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:401
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
static CODE_SEG("PAGE")
Definition: isapnp.c:1482
NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Finds the primary group and default owner entity based on the submitted primary group instance and an...
Definition: token.c:1011
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Duplicates an access token, from an existing valid token.
Definition: tokenlif.c:471
PTOKEN SepCreateSystemAnonymousLogonTokenNoEveryone(VOID)
Creates the anonymous logon token for the system. This kind of token doesn't include the everyone SID...
Definition: token.c:1725
const LUID SeAuditPrivilege
Definition: priv.c:40
PSID SeNullSid
Definition: sid.c:24
NTSTATUS SeCaptureObjectTypeList(_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ KPROCESSOR_MODE PreviousMode, _Out_ POBJECT_TYPE_LIST *CapturedObjectTypeList)
Captures a list of object types.
Definition: objtype.c:39
PACL SeSystemAnonymousLogonDacl
Definition: acl.c:22
SECURITY_OPERATION_CODE
Definition: setypes.h:170
Definition: rtltypes.h:992
ULONG ACCESS_MASK
Definition: nt_native.h:40
_In_ ULONG AclLength
Definition: rtlfuncs.h:1842
struct _KNOWN_COMPOUND_ACE * PKNOWN_COMPOUND_ACE
NTSTATUS NTAPI SepCreateImpersonationTokenDacl(_In_ PTOKEN Token, _In_ PTOKEN PrimaryToken, _Out_ PACL *Dacl)
Allocates a discretionary access control list based on certain properties of a regular and primary ac...
Definition: acl.c:277
BOOLEAN NTAPI SeDetailedAuditingWithToken(_In_ PTOKEN Token)
Peforms a detailed security auditing with an access token.
Definition: audit.c:34
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
Definition: sd.c:17
VOID NTAPI SeAuditProcessCreate(_In_ PEPROCESS Process)
Peforms a security auditing against a process that is about to be created.
Definition: audit.c:56
struct _SECURITY_DESCRIPTOR * PISECURITY_DESCRIPTOR
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:401
#define _In_reads_bytes_(size)
Definition: ms_sal.h:321
BOOLEAN NTAPI SepInitSDs(VOID)
Initializes the known security descriptors in the system.
Definition: sd.c:37
PACL SepSelectAcl(_In_opt_ PACL ExplicitAcl, _In_ BOOLEAN ExplicitPresent, _In_ BOOLEAN ExplicitDefaulted, _In_opt_ PACL ParentAcl, _In_opt_ PACL DefaultAcl, _Out_ PULONG AclLength, _In_ PSID Owner, _In_ PSID Group, _Out_ PBOOLEAN AclPresent, _Out_ PBOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
Selects an ACL and returns it to the caller.
Definition: acl.c:804