ReactOS  0.4.15-dev-4869-g35a816a
se.h
Go to the documentation of this file.
1 /*
2  * PROJECT: ReactOS Kernel
3  * LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
4  * PURPOSE: Internal header for the Security Manager
5  * COPYRIGHT: Copyright Eric Kohl
6  * Copyright 2022 George BiČ™oc <george.bisoc@reactos.org>
7  */
8 
9 #pragma once
10 
11 //
12 // Internal ACE type structures
13 //
14 typedef struct _KNOWN_ACE
15 {
20 
21 typedef struct _KNOWN_OBJECT_ACE
22 {
28 
29 typedef struct _KNOWN_COMPOUND_ACE
30 {
37 
38 //
39 // Access Check Rights
40 //
41 typedef struct _ACCESS_CHECK_RIGHTS
42 {
47 
49 {
53 
54 //
55 // Token Audit Policy Information structure
56 //
58 {
60  struct
61  {
64  } Policies[1];
66 
67 //
68 // Token creation method defines (for debugging purposes)
69 //
70 #define TOKEN_CREATE_METHOD 0xCUL
71 #define TOKEN_DUPLICATE_METHOD 0xDUL
72 #define TOKEN_FILTER_METHOD 0xFUL
73 
74 //
75 // Security descriptor internal helpers
76 //
78 PSID
80  _Inout_ PVOID _Descriptor)
81 {
84 
85  if (Descriptor->Control & SE_SELF_RELATIVE)
86  {
88  if (!SdRel->Group) return NULL;
89  return (PSID)((ULONG_PTR)Descriptor + SdRel->Group);
90  }
91  else
92  {
93  return Descriptor->Group;
94  }
95 }
96 
98 PSID
100  _Inout_ PVOID _Descriptor)
101 {
104 
105  if (Descriptor->Control & SE_SELF_RELATIVE)
106  {
108  if (!SdRel->Owner) return NULL;
109  return (PSID)((ULONG_PTR)Descriptor + SdRel->Owner);
110  }
111  else
112  {
113  return Descriptor->Owner;
114  }
115 }
116 
118 PACL
120  _Inout_ PVOID _Descriptor)
121 {
124 
125  if (!(Descriptor->Control & SE_DACL_PRESENT)) return NULL;
126 
127  if (Descriptor->Control & SE_SELF_RELATIVE)
128  {
130  if (!SdRel->Dacl) return NULL;
131  return (PACL)((ULONG_PTR)Descriptor + SdRel->Dacl);
132  }
133  else
134  {
135  return Descriptor->Dacl;
136  }
137 }
138 
140 PACL
142  _Inout_ PVOID _Descriptor)
143 {
146 
147  if (!(Descriptor->Control & SE_SACL_PRESENT)) return NULL;
148 
149  if (Descriptor->Control & SE_SELF_RELATIVE)
150  {
152  if (!SdRel->Sacl) return NULL;
153  return (PACL)((ULONG_PTR)Descriptor + SdRel->Sacl);
154  }
155  else
156  {
157  return Descriptor->Sacl;
158  }
159 }
160 
161 #ifndef RTL_H
162 
163 //
164 // SID Authorities
165 //
171 
172 //
173 // SIDs
174 //
175 extern PSID SeNullSid;
176 extern PSID SeWorldSid;
177 extern PSID SeLocalSid;
178 extern PSID SeCreatorOwnerSid;
179 extern PSID SeCreatorGroupSid;
182 extern PSID SeNtAuthoritySid;
183 extern PSID SeDialupSid;
184 extern PSID SeNetworkSid;
185 extern PSID SeBatchSid;
186 extern PSID SeInteractiveSid;
187 extern PSID SeServiceSid;
189 extern PSID SePrincipalSelfSid;
190 extern PSID SeLocalSystemSid;
193 extern PSID SeAliasAdminsSid;
194 extern PSID SeAliasUsersSid;
195 extern PSID SeAliasGuestsSid;
199 extern PSID SeAliasPrintOpsSid;
202 extern PSID SeRestrictedSid;
204 extern PSID SeLocalServiceSid;
206 
207 //
208 // Privileges
209 //
210 extern const LUID SeCreateTokenPrivilege;
212 extern const LUID SeLockMemoryPrivilege;
213 extern const LUID SeIncreaseQuotaPrivilege;
214 extern const LUID SeUnsolicitedInputPrivilege;
215 extern const LUID SeTcbPrivilege;
216 extern const LUID SeSecurityPrivilege;
217 extern const LUID SeTakeOwnershipPrivilege;
218 extern const LUID SeLoadDriverPrivilege;
219 extern const LUID SeSystemProfilePrivilege;
220 extern const LUID SeSystemtimePrivilege;
223 extern const LUID SeCreatePagefilePrivilege;
224 extern const LUID SeCreatePermanentPrivilege;
225 extern const LUID SeBackupPrivilege;
226 extern const LUID SeRestorePrivilege;
227 extern const LUID SeShutdownPrivilege;
228 extern const LUID SeDebugPrivilege;
229 extern const LUID SeAuditPrivilege;
231 extern const LUID SeChangeNotifyPrivilege;
232 extern const LUID SeRemoteShutdownPrivilege;
233 extern const LUID SeUndockPrivilege;
234 extern const LUID SeSyncAgentPrivilege;
235 extern const LUID SeEnableDelegationPrivilege;
236 extern const LUID SeManageVolumePrivilege;
237 extern const LUID SeImpersonatePrivilege;
238 extern const LUID SeCreateGlobalPrivilege;
239 extern const LUID SeTrustedCredmanPrivilege;
240 extern const LUID SeRelabelPrivilege;
242 extern const LUID SeTimeZonePrivilege;
244 
245 //
246 // DACLs
247 //
249 extern PACL SePublicOpenDacl;
251 extern PACL SeUnrestrictedDacl;
253 
254 //
255 // SDs
256 //
264 
265 //
266 // Anonymous Logon Tokens
267 //
270 
271 
272 //
273 // Token lock management macros
274 //
275 #define SepAcquireTokenLockExclusive(Token) \
276 { \
277  KeEnterCriticalRegion(); \
278  ExAcquireResourceExclusiveLite(((PTOKEN)Token)->TokenLock, TRUE); \
279 }
280 #define SepAcquireTokenLockShared(Token) \
281 { \
282  KeEnterCriticalRegion(); \
283  ExAcquireResourceSharedLite(((PTOKEN)Token)->TokenLock, TRUE); \
284 }
285 
286 #define SepReleaseTokenLock(Token) \
287 { \
288  ExReleaseResourceLite(((PTOKEN)Token)->TokenLock); \
289  KeLeaveCriticalRegion(); \
290 }
291 
292 //
293 // Token Functions
294 //
295 CODE_SEG("INIT")
296 VOID
297 NTAPI
299 
300 CODE_SEG("INIT")
301 PTOKEN
302 NTAPI
304 
305 CODE_SEG("INIT")
306 PTOKEN
308 
309 CODE_SEG("INIT")
310 PTOKEN
312 
313 NTSTATUS
314 NTAPI
316  _In_ PTOKEN Token,
322  _Out_ PTOKEN* NewAccessToken);
323 
324 NTSTATUS
325 NTAPI
333  _In_ PLUID AuthenticationId,
334  _In_ PLARGE_INTEGER ExpirationTime,
336  _In_ ULONG GroupCount,
338  _In_ ULONG GroupsLength,
339  _In_ ULONG PrivilegeCount,
343  _In_opt_ PACL DefaultDacl,
345  _In_ BOOLEAN SystemToken);
346 
347 BOOLEAN
348 NTAPI
350  _In_ PACCESS_TOKEN _Token,
352  _In_ BOOLEAN TokenLocked);
353 
354 NTSTATUS
357 
358 VOID
361 
362 VOID
365 
366 NTSTATUS
368  _In_ PTOKEN Token,
370  _In_opt_ PSID DefaultOwner,
371  _Out_opt_ PULONG PrimaryGroupIndex,
372  _Out_opt_ PULONG DefaultOwnerIndex);
373 
374 VOID
377  _In_ ULONG Index);
378 
379 VOID
382 
383 VOID
386  _In_ ULONG Index);
387 
388 VOID
391  _In_ ULONG Index);
392 
393 BOOLEAN
394 NTAPI
396  _In_ PTOKEN ProcessToken,
397  _In_ PTOKEN TokenToImpersonate,
399 
400 VOID
401 NTAPI
403  _In_ PACCESS_TOKEN _Token,
404  _Out_ PTOKEN_CONTROL TokenControl);
405 
406 VOID
407 NTAPI
410 
411 NTSTATUS
412 NTAPI
415  _Out_ PTOKEN *Token,
416  _In_ BOOLEAN InUse,
418 
419 NTSTATUS
420 NTAPI
422  _In_ PTOKEN Token,
424 
425 NTSTATUS
426 NTAPI
428  _In_ PTOKEN Token,
429  _Out_ PBOOLEAN IsSibling);
430 
431 NTSTATUS
432 NTAPI
435  _In_ PACCESS_TOKEN NewAccessToken,
436  _Out_ PACCESS_TOKEN* OldAccessToken);
437 
438 NTSTATUS
439 NTAPI
444  _Out_ PACCESS_TOKEN* NewToken);
445 
446 BOOLEAN
447 NTAPI
449  _In_ PTOKEN Token);
450 
451 ULONG
453  _In_ ULONG Count,
455 
456 //
457 // Security Manager (SeMgr) functions
458 //
459 CODE_SEG("INIT")
460 BOOLEAN
461 NTAPI
463 
464 NTSTATUS
465 NTAPI
467  _In_ PVOID Object,
468  _In_ SECURITY_OPERATION_CODE OperationType,
472  _Inout_opt_ PSECURITY_DESCRIPTOR *OldSecurityDescriptor,
475 
476 VOID
477 NTAPI
481 
482 VOID
483 NTAPI
487 
488 //
489 // Privilege functions
490 //
491 CODE_SEG("INIT")
492 VOID
493 NTAPI
495 
496 BOOLEAN
497 NTAPI
499  _In_ PTOKEN Token,
501  _In_ ULONG PrivilegeCount,
502  _In_ ULONG PrivilegeControl,
504 
505 NTSTATUS
506 NTAPI
511  _In_ PTOKEN Token,
512  _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet,
514 
515 BOOLEAN
516 NTAPI
520 
521 BOOLEAN
522 NTAPI
524  _In_ LUID PrivilegeValue,
525  _In_ HANDLE ObjectHandle,
528 
529 NTSTATUS
530 NTAPI
533  _In_ ULONG PrivilegeCount,
535  _In_ PLUID_AND_ATTRIBUTES AllocatedMem,
536  _In_ ULONG AllocatedLength,
538  _In_ BOOLEAN CaptureIfKernel,
541 
542 VOID
543 NTAPI
547  _In_ BOOLEAN CaptureIfKernel);
548 
549 //
550 // SID functions
551 //
552 CODE_SEG("INIT")
553 BOOLEAN
554 NTAPI
556 
557 NTSTATUS
558 NTAPI
560  _In_ PSID InputSid,
563  _In_ BOOLEAN CaptureIfKernel,
564  _Out_ PSID *CapturedSid);
565 
566 VOID
567 NTAPI
569  _In_ PSID CapturedSid,
571  _In_ BOOLEAN CaptureIfKernel);
572 
573 BOOLEAN
574 NTAPI
576  _In_ PACCESS_TOKEN _Token,
577  _In_ PSID Sid);
578 
579 BOOLEAN
580 NTAPI
582  _In_ PACCESS_TOKEN _Token,
583  _In_ PSID PrincipalSelfSid,
584  _In_ PSID _Sid,
585  _In_ BOOLEAN Deny,
587 
588 PSID
589 NTAPI
592  _In_ PACE Ace);
593 
594 NTSTATUS
595 NTAPI
597  _In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes,
598  _In_ ULONG AttributeCount,
600  _In_opt_ PVOID AllocatedMem,
601  _In_ ULONG AllocatedLength,
603  _In_ BOOLEAN CaptureIfKernel,
604  _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes,
606 
607 VOID
608 NTAPI
610  _In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes,
612  _In_ BOOLEAN CaptureIfKernel);
613 
614 //
615 // ACL functions
616 //
617 CODE_SEG("INIT")
618 BOOLEAN
619 NTAPI
621 
622 NTSTATUS
623 NTAPI
625  _In_ PTOKEN Token,
626  _In_ PTOKEN PrimaryToken,
627  _Out_ PACL* Dacl);
628 
629 NTSTATUS
630 NTAPI
632  _In_ PACL InputAcl,
635  _In_ BOOLEAN CaptureIfKernel,
636  _Out_ PACL *CapturedAcl);
637 
638 VOID
639 NTAPI
641  _In_ PACL CapturedAcl,
643  _In_ BOOLEAN CaptureIfKernel);
644 
645 NTSTATUS
647  _Out_writes_bytes_opt_(DaclLength) PACL AclDest,
649  _In_reads_bytes_(AclSource->AclSize) PACL AclSource,
650  _In_ PSID Owner,
651  _In_ PSID Group,
652  _In_ BOOLEAN IsInherited,
655 
656 PACL
658  _In_opt_ PACL ExplicitAcl,
659  _In_ BOOLEAN ExplicitPresent,
660  _In_ BOOLEAN ExplicitDefaulted,
661  _In_opt_ PACL ParentAcl,
662  _In_opt_ PACL DefaultAcl,
664  _In_ PSID Owner,
665  _In_ PSID Group,
666  _Out_ PBOOLEAN AclPresent,
667  _Out_ PBOOLEAN IsInherited,
670 
671 //
672 // SD functions
673 //
674 CODE_SEG("INIT")
675 BOOLEAN
676 NTAPI
678 
679 NTSTATUS
680 NTAPI
685 
686 NTSTATUS
687 NTAPI
690  _Out_ PULONG QuotaInfoSize);
691 
692 //
693 // Security Reference Monitor (SeRm) functions
694 //
695 BOOLEAN
696 NTAPI
698 
699 BOOLEAN
700 NTAPI
702 
703 NTSTATUS
704 NTAPI
707 
708 NTSTATUS
709 NTAPI
712 
713 NTSTATUS
715  _Inout_ PLUID LogonLuid);
716 
717 NTSTATUS
719  _Inout_ PLUID LogonLuid);
720 
721 NTSTATUS
722 NTAPI
729 
730 NTSTATUS
731 NTAPI
734  _Out_ PDEVICE_MAP *DeviceMap);
735 
736 //
737 // Audit functions
738 //
739 NTSTATUS
740 NTAPI
743  _In_ BOOLEAN DoAudit,
744  _Out_ POBJECT_NAME_INFORMATION *AuditInfo);
745 
746 BOOLEAN
747 NTAPI
749  _In_ PTOKEN Token);
750 
751 VOID
752 NTAPI
755 
756 VOID
757 NTAPI
760 
761 VOID
762 NTAPI
766  _In_ PPRIVILEGE_SET PrivilegeSet,
768 
769 //
770 // Subject functions
771 //
772 VOID
773 NTAPI
778 
779 //
780 // Security Quality of Service (SQoS) functions
781 //
782 NTSTATUS
783 NTAPI
788  _In_ BOOLEAN CaptureIfKernel,
789  _Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService,
790  _Out_ PBOOLEAN Present);
791 
792 VOID
793 NTAPI
795  _In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService,
797  _In_ BOOLEAN CaptureIfKernel);
798 
799 //
800 // Object type list functions
801 //
802 NTSTATUS
804  _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
805  _In_ ULONG ObjectTypeListLength,
807  _Out_ POBJECT_TYPE_LIST *CapturedObjectTypeList);
808 
809 VOID
811  _In_ _Post_invalid_ POBJECT_TYPE_LIST CapturedObjectTypeList,
813 
814 //
815 // Access state functions
816 //
817 NTSTATUS
818 NTAPI
823  _In_ PAUX_ACCESS_DATA AuxData,
824  _In_ ACCESS_MASK Access,
826 
827 //
828 // Access check functions
829 //
830 BOOLEAN
831 NTAPI
837 
838 #endif
839 
840 /* EOF */
NTSTATUS NTAPI SeSetWorldSecurityDescriptor(_In_ SECURITY_INFORMATION SecurityInformation, _In_ PISECURITY_DESCRIPTOR SecurityDescriptor, _In_ PULONG BufferLength)
Sets a "World" security descriptor.
Definition: sd.c:155
PTOKEN SeAnonymousLogonTokenNoEveryone
Definition: semgr.c:20
struct _KNOWN_ACE * PKNOWN_ACE
const LUID SeSystemEnvironmentPrivilege
Definition: priv.c:41
const LUID SeTimeZonePrivilege
Definition: priv.c:53
const LUID SeRemoteShutdownPrivilege
Definition: priv.c:43
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:39
const LUID SeCreateSymbolicLinkPrivilege
Definition: priv.c:54
const uint16_t * PCWSTR
Definition: typedefs.h:57
NTSTATUS NTAPI SepRegQueryHelper(_In_ PCWSTR KeyName, _In_ PCWSTR ValueName, _In_ ULONG ValueType, _In_ ULONG DataLength, _Out_ PVOID ValueData)
A private registry helper that returns the desired value data based on the specifics requested by the...
Definition: srm.c:93
#define SE_SACL_PRESENT
Definition: setypes.h:819
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
Definition: wdfdevice.h:3767
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
ACE_HEADER Header
Definition: se.h:16
const LUID SeSystemtimePrivilege
Definition: priv.c:31
PSID SeRestrictedCodeSid
Definition: sid.c:40
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
NTSTATUS NTAPI SepRmInsertLogonSessionIntoToken(_Inout_ PTOKEN Token)
Inserts a logon session into an access token specified by the caller.
Definition: srm.c:368
_Must_inspect_result_ _In_ WDFIORESLIST _In_ PIO_RESOURCE_DESCRIPTOR Descriptor
Definition: wdfresource.h:339
#define SE_SELF_RELATIVE
Definition: setypes.h:830
#define _In_opt_
Definition: ms_sal.h:309
PACL SePublicDefaultUnrestrictedDacl
Definition: acl.c:18
#define _Inout_
Definition: ms_sal.h:378
const LUID SeIncreaseQuotaPrivilege
Definition: priv.c:24
const LUID SeIncreaseWorkingSetPrivilege
Definition: priv.c:52
VOID NTAPI SepReleaseAcl(_In_ PACL CapturedAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) a captured ACL from the memory pool.
Definition: acl.c:464
Definition: se.h:14
VOID SeReleaseObjectTypeList(_In_ _Post_invalid_ POBJECT_TYPE_LIST CapturedObjectTypeList, _In_ KPROCESSOR_MODE PreviousMode)
Releases a buffer list of object types.
Definition: objtype.c:107
PTOKEN NTAPI SepCreateSystemProcessToken(VOID)
Creates the system process token.
Definition: token.c:1366
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Internal function responsible for access token object creation in the kernel. A fully created token o...
Definition: tokenlif.c:93
const LUID SeCreateTokenPrivilege
Definition: priv.c:21
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID with attributes.
Definition: sid.c:979
#define _Out_
Definition: ms_sal.h:345
const LUID SeCreatePermanentPrivilege
Definition: priv.c:35
NTSTATUS NTAPI SeComputeQuotaInformationSize(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PULONG QuotaInfoSize)
const LUID SeDebugPrivilege
Definition: priv.c:39
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Src, _In_ ULONG PrivilegeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_ PLUID_AND_ATTRIBUTES AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PLUID_AND_ATTRIBUTES *Dest, _Inout_ PULONG Length)
const LUID SeBackupPrivilege
Definition: priv.c:36
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
PSECURITY_DESCRIPTOR SeSystemDefaultSd
Definition: sd.c:20
NTSTATUS NTAPI SepCaptureSid(_In_ PSID InputSid, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID *CapturedSid)
Captures a SID.
Definition: sid.c:314
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
Definition: sefuncs.h:29
_In_opt_ PSID Group
Definition: rtlfuncs.h:1605
VOID NTAPI SeSetSecurityAccessMask(_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess)
Sets the access mask for a security information context.
Definition: semgr.c:460
struct _KNOWN_OBJECT_ACE * PKNOWN_OBJECT_ACE
PSECURITY_DESCRIPTOR SeSystemAnonymousLogonSd
Definition: sd.c:22
ULONG SessionId
Definition: dllmain.c:28
LONG NTSTATUS
Definition: precomp.h:26
const LUID SeEnableDelegationPrivilege
Definition: priv.c:46
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
PSID SeAuthenticatedUserSid
Definition: sid.c:39
VOID NTAPI SepInitPrivileges(VOID)
Initializes the privileges during the startup phase of the security manager module....
Definition: priv.c:71
PSID SeAliasBackupOpsSid
Definition: sid.c:48
ACCESS_MASK Mask
Definition: se.h:17
USHORT Reserved
Definition: se.h:34
NTSTATUS SepPropagateAcl(_Out_writes_bytes_opt_(DaclLength) PACL AclDest, _Inout_ PULONG AclLength, _In_reads_bytes_(AclSource->AclSize) PACL AclSource, _In_ PSID Owner, _In_ PSID Group, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
NTSTATUS NTAPI SeIsTokenChild(_In_ PTOKEN Token, _Out_ PBOOLEAN IsChild)
Checks if the token is a child of the other token of the current process that the calling thread is i...
Definition: token.c:1046
PTOKEN SeAnonymousLogonToken
Definition: semgr.c:19
SID_IDENTIFIER_AUTHORITY SeNtSidAuthority
Definition: sid.c:22
NTSTATUS NTAPI SeGetLogonIdDeviceMap(_In_ PLUID LogonId, _Out_ PDEVICE_MAP *DeviceMap)
Retrieves the DOS device map from a logon session.
Definition: srm.c:1347
FORCEINLINE PSID SepGetGroupFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:79
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR Level
Definition: wmitypes.h:55
PSID SeRestrictedSid
Definition: sid.c:50
const LUID SeAssignPrimaryTokenPrivilege
Definition: priv.c:22
NTSTATUS NTAPI SeDefaultObjectMethod(_In_ PVOID Object, _In_ SECURITY_OPERATION_CODE OperationType, _In_ PSECURITY_INFORMATION SecurityInformation, _Inout_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_opt_ PULONG ReturnLength, _Inout_opt_ PSECURITY_DESCRIPTOR *OldSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn BOOLEAN Physical UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
Definition: acpixf.h:728
FORCEINLINE PSID SepGetOwnerFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:99
const LUID SeSystemProfilePrivilege
Definition: priv.c:30
NTSTATUS NTAPI SeExchangePrimaryToken(_In_ PEPROCESS Process, _In_ PACCESS_TOKEN NewAccessToken, _Out_ PACCESS_TOKEN *OldAccessToken)
Replaces the old access token of a process (pointed by the EPROCESS kernel structure) with a new acce...
Definition: token.c:705
PSID SeAuthenticatedUsersSid
Definition: sid.c:49
NTSTATUS SepCreateTokenLock(_Inout_ PTOKEN Token)
Creates a lock for the token.
Definition: token.c:45
#define SE_DACL_PRESENT
Definition: setypes.h:817
TOpcodeData Groups[17][8]
VOID SepRemoveUserGroupToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Removes a group from the token.
Definition: token.c:618
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _In_ ULONG _Out_opt_ PULONG _Out_opt_ PULONG ValueType
Definition: wdfregistry.h:279
PSID SeCreatorOwnerServerSid
Definition: sid.c:29
PSID SeAliasPrintOpsSid
Definition: sid.c:47
const LUID SeTrustedCredmanPrivilege
Definition: priv.c:50
SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority
Definition: sid.c:19
ACE_HEADER Header
Definition: se.h:23
#define _In_reads_opt_(size)
Definition: ms_sal.h:320
PSID SeAliasAccountOpsSid
Definition: sid.c:45
const LUID SeSyncAgentPrivilege
Definition: priv.c:45
VOID NTAPI SepReleaseSid(_In_ PSID CapturedSid, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID.
Definition: sid.c:400
BOOLEAN NTAPI SepInitSecurityIDs(VOID)
Initializes all the SIDs known in the system.
Definition: sid.c:115
BOOLEAN NTAPI SepInitDACLs(VOID)
Initializes known discretionary access control lists in the system upon kernel and Executive initiali...
Definition: acl.c:38
const LUID SeChangeNotifyPrivilege
Definition: priv.c:42
struct _TOKEN_AUDIT_POLICY_INFORMATION::@1762 Policies[1]
NTSTATUS NTAPI SeSubProcessToken(_In_ PTOKEN Parent, _Out_ PTOKEN *Token, _In_ BOOLEAN InUse, _In_ ULONG SessionId)
Subtracts a token in exchange of duplicating a new one.
Definition: token.c:986
NTSTATUS SepRmDereferenceLogonSession(_Inout_ PLUID LogonLuid)
PSECURITY_DESCRIPTOR SeUnrestrictedSd
Definition: sd.c:21
struct _KNOWN_ACE KNOWN_ACE
PSECURITY_DESCRIPTOR SePublicDefaultSd
Definition: sd.c:16
BOOLEAN NTAPI SeCheckPrivilegedObject(_In_ LUID PrivilegeValue, _In_ HANDLE ObjectHandle, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE PreviousMode)
Checks a privileged object if such object has the specific privilege submitted by the caller.
Definition: priv.c:803
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
BOOLEAN NTAPI SeFastTraverseCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE AccessMode)
Determines whether security access rights can be given to an object depending on the security descrip...
Definition: accesschk.c:1047
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311
PSID SeCreatorGroupSid
Definition: sid.c:28
PACL SePublicOpenDacl
Definition: acl.c:19
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
PTOKEN SepCreateSystemAnonymousLogonToken(VOID)
Creates the anonymous logon token for the system. The difference between this token and the other one...
Definition: token.c:1516
PSID SeNtAuthoritySid
Definition: sid.c:31
PSID SePrincipalSelfSid
Definition: sid.c:37
VOID SepUpdatePrivilegeFlagsToken(_Inout_ PTOKEN Token)
Updates the token's flags based upon the privilege that the token has been granted....
Definition: token.c:554
PSID SeServiceSid
Definition: sid.c:36
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
VOID NTAPI SepInitializeTokenImplementation(VOID)
Internal function that initializes critical kernel data for access token implementation in SRM.
Definition: token.c:1262
NTSTATUS NTAPI SepCaptureAcl(_In_ PACL InputAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PACL *CapturedAcl)
Captures an access control list from an already valid input ACL.
Definition: acl.c:352
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
Definition: card.h:12
FORCEINLINE PACL SepGetSaclFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:141
NTSTATUS SepRmReferenceLogonSession(_Inout_ PLUID LogonLuid)
unsigned char BOOLEAN
PSID SeNetworkServiceSid
Definition: sid.c:53
BOOLEAN NTAPI SeTokenIsInert(_In_ PTOKEN Token)
Determines if a token is a sandbox inert token or not, based upon the token flags.
Definition: token.c:1196
const LUID SeLoadDriverPrivilege
Definition: priv.c:29
const LUID SeManageVolumePrivilege
Definition: priv.c:47
const LUID SeTakeOwnershipPrivilege
Definition: priv.c:28
#define _In_
Definition: ms_sal.h:308
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
const LUID SeCreateGlobalPrivilege
Definition: priv.c:49
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
_In_ ULONG _In_opt_ WDFREQUEST _In_opt_ PVOID _In_ size_t _In_ PVOID _In_ size_t _Out_ size_t * DataLength
Definition: cdrom.h:1437
_Must_inspect_result_ _In_ WDFDEVICE _In_ PCUNICODE_STRING KeyName
Definition: wdfdevice.h:2697
NTSTATUS NTAPI SeIsTokenSibling(_In_ PTOKEN Token, _Out_ PBOOLEAN IsSibling)
Checks if the token is a sibling of the other token of the current process that the calling thread is...
Definition: token.c:1095
_In_ WDFREQUEST _In_ WDFFILEOBJECT FileObject
Definition: wdfdevice.h:547
struct _TOKEN_AUDIT_POLICY_INFORMATION TOKEN_AUDIT_POLICY_INFORMATION
#define _Out_writes_bytes_opt_(size)
Definition: ms_sal.h:351
PSID SeAliasUsersSid
Definition: sid.c:42
UNICODE_STRING Restricted
Definition: utils.c:24
ULONG Flags
Definition: se.h:25
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1558
ACCESS_MASK RemainingAccessRights
Definition: se.h:43
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
int Count
Definition: noreturn.cpp:7
ACE_HEADER Header
Definition: se.h:31
const LUID SeCreatePagefilePrivilege
Definition: priv.c:34
LPTSTR ServiceName
Definition: ServiceMain.c:15
const LUID SeRestorePrivilege
Definition: priv.c:37
VOID NTAPI SeReleaseLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Privilege, _In_ KPROCESSOR_MODE PreviousMode, _In_ BOOLEAN CaptureIfKernel)
Releases a LUID with attributes structure.
Definition: priv.c:554
DWORD * PSECURITY_INFORMATION
Definition: ms-dtyp.idl:311
VOID NTAPI SePrivilegedServiceAuditAlarm(_In_opt_ PUNICODE_STRING ServiceName, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN AccessGranted)
Performs an audit alarm to a privileged service request.
Definition: audit.c:369
INT POOL_TYPE
Definition: typedefs.h:78
_In_ WDFCOLLECTION _In_ ULONG Index
struct _KNOWN_COMPOUND_ACE KNOWN_COMPOUND_ACE
ULONG SidStart
Definition: se.h:26
SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority
Definition: sid.c:20
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:154
_In_ GUID _In_ PVOID ValueData
Definition: hubbusif.h:311
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2652
PSID SeLocalServiceSid
Definition: sid.c:52
const LUID SeRelabelPrivilege
Definition: priv.c:51
const LUID SeImpersonatePrivilege
Definition: priv.c:48
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
Definition: user_lib.cpp:531
SID_IDENTIFIER_AUTHORITY SeNullSidAuthority
Definition: sid.c:18
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
* PFILE_OBJECT
Definition: iotypes.h:1998
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING ValueName
Definition: wdfregistry.h:240
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1552
unsigned char UCHAR
Definition: xmlstorage.h:181
char * PBOOLEAN
Definition: retypes.h:11
BOOLEAN NTAPI SeRmInitPhase0(VOID)
Manages the phase 0 initialization of the security reference monitoring module of the kernel.
Definition: srm.c:176
PSID SeAliasAdminsSid
Definition: sid.c:41
PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
Definition: sd.c:19
VOID NTAPI SepReleaseSecurityQualityOfService(_In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) the captured SQOS data from an object in the memory pool.
Definition: sqos.c:225
PSID SeCreatorOwnerSid
Definition: sid.c:27
USHORT CompoundAceType
Definition: se.h:33
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
Captures a SID with attributes.
Definition: sid.c:696
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
#define _Inout_opt_
Definition: ms_sal.h:379
const LUID SeLockMemoryPrivilege
Definition: priv.c:23
VOID SepRemovePrivilegeToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Removes a privilege from the token.
Definition: token.c:582
NTSTATUS NTAPI SePrivilegePolicyCheck(_Inout_ PACCESS_MASK DesiredAccess, _Inout_ PACCESS_MASK GrantedAccess, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PTOKEN Token, _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet, _In_ KPROCESSOR_MODE PreviousMode)
Checks the security policy and returns a set of privileges based upon the said security policy contex...
Definition: priv.c:244
struct _ACCESS_CHECK_RIGHTS * PACCESS_CHECK_RIGHTS
enum _ACCESS_CHECK_RIGHT_TYPE ACCESS_CHECK_RIGHT_TYPE
NTSTATUS NTAPI SeInitializeProcessAuditName(_In_ PFILE_OBJECT FileObject, _In_ BOOLEAN DoAudit, _Out_ POBJECT_NAME_INFORMATION *AuditInfo)
Initializes a process audit name and returns it to the caller.
Definition: audit.c:105
ACCESS_MASK GrantedAccessRights
Definition: se.h:44
const LUID SeProfileSingleProcessPrivilege
Definition: priv.c:32
#define _Post_invalid_
Definition: ms_sal.h:695
PSID SeWorldSid
Definition: sid.c:25
PSID NTAPI SepGetSidFromAce(_In_ UCHAR AceType, _In_ PACE Ace)
Captures a security identifier from a given access control entry. This identifier is valid for the wh...
Definition: sid.c:579
const LUID SeIncreaseBasePriorityPrivilege
Definition: priv.c:33
enum _TOKEN_TYPE TOKEN_TYPE
PSID SeLocalSid
Definition: sid.c:26
PSID SeAliasGuestsSid
Definition: sid.c:43
BOOLEAN NTAPI SepSidInTokenEx(_In_ PACCESS_TOKEN _Token, _In_ PSID PrincipalSelfSid, _In_ PSID _Sid, _In_ BOOLEAN Deny, _In_ BOOLEAN Restricted)
Checks if a SID is present in a token.
Definition: sid.c:443
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
NTSTATUS NTAPI SepRmRemoveLogonSessionFromToken(_Inout_ PTOKEN Token)
Removes a logon session from an access token.
Definition: srm.c:449
const LUID SeTcbPrivilege
Definition: priv.c:26
VOID NTAPI SeDeassignPrimaryToken(_Inout_ PEPROCESS Process)
Removes the primary token of a process.
Definition: token.c:795
static const ACEFLAG AceType[]
Definition: security.c:2382
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
NTSTATUS NTAPI SeCopyClientToken(_In_ PACCESS_TOKEN Token, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PACCESS_TOKEN *NewToken)
Copies an existing access token (technically duplicating a new one).
Definition: token.c:1155
const LUID SeShutdownPrivilege
Definition: priv.c:38
PSID SeAliasPowerUsersSid
Definition: sid.c:44
PSID SeCreatorGroupServerSid
Definition: sid.c:30
NTSTATUS NTAPI SeCreateAccessStateEx(_In_ PETHREAD Thread, _In_ PEPROCESS Process, _In_ OUT PACCESS_STATE AccessState, _In_ PAUX_ACCESS_DATA AuxData, _In_ ACCESS_MASK Access, _In_ PGENERIC_MAPPING GenericMapping)
VOID SepDeleteTokenLock(_Inout_ PTOKEN Token)
Deletes a lock of a token.
Definition: token.c:74
BOOLEAN NTAPI SeInitSystem(VOID)
Main security manager initialization function.
Definition: semgr.c:285
ACCESS_MASK Mask
Definition: se.h:32
PSID SeDialupSid
Definition: sid.c:32
unsigned short USHORT
Definition: pedump.c:61
VOID SepUpdateSinglePrivilegeFlagToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Updates the token's flags based upon the privilege that the token has been granted....
Definition: token.c:442
PSID SeAliasSystemOpsSid
Definition: sid.c:46
SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority
Definition: sid.c:21
BOOLEAN NTAPI SeTokenCanImpersonate(_In_ PTOKEN ProcessToken, _In_ PTOKEN TokenToImpersonate, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Ensures that client impersonation can occur by checking if the token we're going to assign as the imp...
Definition: token.c:1828
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:414
ULONG RtlLengthSidAndAttributes(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src)
Computes the length size of a SID.
Definition: token.c:824
BOOLEAN NTAPI SepPrivilegeCheck(_In_ PTOKEN Token, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_ ULONG PrivilegeCount, _In_ ULONG PrivilegeControl, _In_ KPROCESSOR_MODE PreviousMode)
Checks the privileges pointed by Privileges array argument if they exist and match with the privilege...
Definition: priv.c:104
VOID NTAPI SeGetTokenControlInformation(_In_ PACCESS_TOKEN _Token, _Out_ PTOKEN_CONTROL TokenControl)
Retrieves token control information.
Definition: token.c:1333
_ACCESS_CHECK_RIGHT_TYPE
Definition: se.h:48
#define FORCEINLINE
Definition: wdftypes.h:67
VOID NTAPI SeCaptureSubjectContextEx(_In_ PETHREAD Thread, _In_ PEPROCESS Process, _Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
An extended function that captures the security subject context based upon the specified thread and p...
Definition: subject.c:41
#define _Out_opt_
Definition: ms_sal.h:346
unsigned int * PULONG
Definition: retypes.h:1
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1556
#define NULL
Definition: types.h:112
ACCESS_MASK Mask
Definition: se.h:24
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
BOOLEAN NTAPI SeCheckAuditPrivilege(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Checks a single privilege and performs an audit against a privileged service based on a security subj...
Definition: priv.c:360
struct _KNOWN_OBJECT_ACE KNOWN_OBJECT_ACE
ULONG SidStart
Definition: se.h:18
ULONG SidStart
Definition: se.h:35
struct _ACCESS_CHECK_RIGHTS ACCESS_CHECK_RIGHTS
struct _TOKEN_AUDIT_POLICY_INFORMATION * PTOKEN_AUDIT_POLICY_INFORMATION
BOOL WINAPI IsChild(_In_ HWND, _In_ HWND)
const LUID SeSecurityPrivilege
Definition: priv.c:27
BOOLEAN NTAPI SepTokenIsOwner(_In_ PACCESS_TOKEN _Token, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN TokenLocked)
Checks if a token belongs to the main user, being the owner.
Definition: token.c:511
PSID SeLocalSystemSid
Definition: sid.c:38
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
PSECURITY_DESCRIPTOR SePublicOpenSd
Definition: sd.c:18
#define OUT
Definition: typedefs.h:40
PACL SeUnrestrictedDacl
Definition: acl.c:21
PACL SePublicOpenUnrestrictedDacl
Definition: acl.c:20
VOID NTAPI SeAuditProcessExit(_In_ PEPROCESS Process)
Peforms a security auditing against a process that is about to be terminated.
Definition: audit.c:77
BOOLEAN NTAPI SepSidInToken(_In_ PACCESS_TOKEN _Token, _In_ PSID Sid)
Checks if a SID is present in a token.
Definition: sid.c:547
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
PSID SeNetworkSid
Definition: sid.c:33
unsigned int ULONG
Definition: retypes.h:1
ACCESS_MASK * PACCESS_MASK
Definition: nt_native.h:41
#define ULONG_PTR
Definition: config.h:101
FORCEINLINE PACL SepGetDaclFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:119
const LUID SeUnsolicitedInputPrivilege
Definition: priv.c:25
BOOLEAN NTAPI SeRmInitPhase1(VOID)
Manages the phase 1 initialization of the security reference monitoring module of the kernel.
Definition: srm.c:211
PSID SeInteractiveSid
Definition: sid.c:35
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3776
PSID SeBatchSid
Definition: sid.c:34
PSID SeAnonymousLogonSid
Definition: se.h:203
ACCESS_MASK DeniedAccessRights
Definition: se.h:45
const LUID SeUndockPrivilege
Definition: priv.c:44
NTSTATUS NTAPI SepCaptureSecurityQualityOfService(_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, _Out_ PBOOLEAN Present)
Captures the security quality of service data given the object attributes from an object.
Definition: sqos.c:52
VOID NTAPI SeQuerySecurityAccessMask(_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess)
Queries the access mask from a security information context.
Definition: semgr.c:427
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:401
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
static CODE_SEG("PAGE")
Definition: isapnp.c:1482
NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Finds the primary group and default owner entity based on the submitted primary group instance and an...
Definition: token.c:870
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Duplicates an access token, from an existing valid token.
Definition: tokenlif.c:423
PTOKEN SepCreateSystemAnonymousLogonTokenNoEveryone(VOID)
Creates the anonymous logon token for the system. This kind of token doesn't include the everyone SID...
Definition: token.c:1584
const LUID SeAuditPrivilege
Definition: priv.c:40
PSID SeNullSid
Definition: sid.c:24
NTSTATUS SeCaptureObjectTypeList(_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ KPROCESSOR_MODE PreviousMode, _Out_ POBJECT_TYPE_LIST *CapturedObjectTypeList)
Captures a list of object types.
Definition: objtype.c:39
PACL SeSystemAnonymousLogonDacl
Definition: acl.c:22
SECURITY_OPERATION_CODE
Definition: setypes.h:170
Definition: rtltypes.h:992
ULONG ACCESS_MASK
Definition: nt_native.h:40
_In_ ULONG AclLength
Definition: rtlfuncs.h:1842
struct _KNOWN_COMPOUND_ACE * PKNOWN_COMPOUND_ACE
NTSTATUS NTAPI SepCreateImpersonationTokenDacl(_In_ PTOKEN Token, _In_ PTOKEN PrimaryToken, _Out_ PACL *Dacl)
Allocates a discretionary access control list based on certain properties of a regular and primary ac...
Definition: acl.c:277
BOOLEAN NTAPI SeDetailedAuditingWithToken(_In_ PTOKEN Token)
Peforms a detailed security auditing with an access token.
Definition: audit.c:34
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
Definition: sd.c:17
VOID NTAPI SeAuditProcessCreate(_In_ PEPROCESS Process)
Peforms a security auditing against a process that is about to be created.
Definition: audit.c:56
struct _SECURITY_DESCRIPTOR * PISECURITY_DESCRIPTOR
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:401
#define _In_reads_bytes_(size)
Definition: ms_sal.h:321
BOOLEAN NTAPI SepInitSDs(VOID)
Initializes the known security descriptors in the system.
Definition: sd.c:37
PACL SepSelectAcl(_In_opt_ PACL ExplicitAcl, _In_ BOOLEAN ExplicitPresent, _In_ BOOLEAN ExplicitDefaulted, _In_opt_ PACL ParentAcl, _In_opt_ PACL DefaultAcl, _Out_ PULONG AclLength, _In_ PSID Owner, _In_ PSID Group, _Out_ PBOOLEAN AclPresent, _Out_ PBOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
Selects an ACL and returns it to the caller.
Definition: acl.c:804