ReactOS  0.4.15-dev-3187-ge372f2b
se.h
Go to the documentation of this file.
1 #pragma once
2 
3 typedef struct _KNOWN_ACE
4 {
9 
10 typedef struct _KNOWN_OBJECT_ACE
11 {
17 
18 typedef struct _KNOWN_COMPOUND_ACE
19 {
26 
28 {
30  struct
31  {
34  } Policies[1];
36 
38 PSID
40  _Inout_ PVOID _Descriptor)
41 {
44 
45  if (Descriptor->Control & SE_SELF_RELATIVE)
46  {
48  if (!SdRel->Group) return NULL;
49  return (PSID)((ULONG_PTR)Descriptor + SdRel->Group);
50  }
51  else
52  {
53  return Descriptor->Group;
54  }
55 }
56 
58 PSID
60  _Inout_ PVOID _Descriptor)
61 {
64 
65  if (Descriptor->Control & SE_SELF_RELATIVE)
66  {
68  if (!SdRel->Owner) return NULL;
69  return (PSID)((ULONG_PTR)Descriptor + SdRel->Owner);
70  }
71  else
72  {
73  return Descriptor->Owner;
74  }
75 }
76 
78 PACL
80  _Inout_ PVOID _Descriptor)
81 {
84 
85  if (!(Descriptor->Control & SE_DACL_PRESENT)) return NULL;
86 
87  if (Descriptor->Control & SE_SELF_RELATIVE)
88  {
90  if (!SdRel->Dacl) return NULL;
91  return (PACL)((ULONG_PTR)Descriptor + SdRel->Dacl);
92  }
93  else
94  {
95  return Descriptor->Dacl;
96  }
97 }
98 
100 PACL
102  _Inout_ PVOID _Descriptor)
103 {
106 
107  if (!(Descriptor->Control & SE_SACL_PRESENT)) return NULL;
108 
109  if (Descriptor->Control & SE_SELF_RELATIVE)
110  {
112  if (!SdRel->Sacl) return NULL;
113  return (PACL)((ULONG_PTR)Descriptor + SdRel->Sacl);
114  }
115  else
116  {
117  return Descriptor->Sacl;
118  }
119 }
120 
121 #ifndef RTL_H
122 
123 /* SID Authorities */
129 
130 /* SIDs */
131 extern PSID SeNullSid;
132 extern PSID SeWorldSid;
133 extern PSID SeLocalSid;
134 extern PSID SeCreatorOwnerSid;
135 extern PSID SeCreatorGroupSid;
138 extern PSID SeNtAuthoritySid;
139 extern PSID SeDialupSid;
140 extern PSID SeNetworkSid;
141 extern PSID SeBatchSid;
142 extern PSID SeInteractiveSid;
143 extern PSID SeServiceSid;
145 extern PSID SePrincipalSelfSid;
146 extern PSID SeLocalSystemSid;
149 extern PSID SeAliasAdminsSid;
150 extern PSID SeAliasUsersSid;
151 extern PSID SeAliasGuestsSid;
155 extern PSID SeAliasPrintOpsSid;
158 extern PSID SeRestrictedSid;
160 extern PSID SeLocalServiceSid;
162 
163 /* Privileges */
164 extern const LUID SeCreateTokenPrivilege;
166 extern const LUID SeLockMemoryPrivilege;
167 extern const LUID SeIncreaseQuotaPrivilege;
168 extern const LUID SeUnsolicitedInputPrivilege;
169 extern const LUID SeTcbPrivilege;
170 extern const LUID SeSecurityPrivilege;
171 extern const LUID SeTakeOwnershipPrivilege;
172 extern const LUID SeLoadDriverPrivilege;
173 extern const LUID SeSystemProfilePrivilege;
174 extern const LUID SeSystemtimePrivilege;
177 extern const LUID SeCreatePagefilePrivilege;
178 extern const LUID SeCreatePermanentPrivilege;
179 extern const LUID SeBackupPrivilege;
180 extern const LUID SeRestorePrivilege;
181 extern const LUID SeShutdownPrivilege;
182 extern const LUID SeDebugPrivilege;
183 extern const LUID SeAuditPrivilege;
185 extern const LUID SeChangeNotifyPrivilege;
186 extern const LUID SeRemoteShutdownPrivilege;
187 extern const LUID SeUndockPrivilege;
188 extern const LUID SeSyncAgentPrivilege;
189 extern const LUID SeEnableDelegationPrivilege;
190 extern const LUID SeManageVolumePrivilege;
191 extern const LUID SeImpersonatePrivilege;
192 extern const LUID SeCreateGlobalPrivilege;
193 extern const LUID SeTrustedCredmanPrivilege;
194 extern const LUID SeRelabelPrivilege;
196 extern const LUID SeTimeZonePrivilege;
198 
199 /* DACLs */
201 extern PACL SePublicOpenDacl;
203 extern PACL SeUnrestrictedDacl;
205 
206 /* SDs */
214 
215 /* Anonymous Logon Tokens */
218 
219 
220 #define SepAcquireTokenLockExclusive(Token) \
221 { \
222  KeEnterCriticalRegion(); \
223  ExAcquireResourceExclusiveLite(((PTOKEN)Token)->TokenLock, TRUE); \
224 }
225 #define SepAcquireTokenLockShared(Token) \
226 { \
227  KeEnterCriticalRegion(); \
228  ExAcquireResourceSharedLite(((PTOKEN)Token)->TokenLock, TRUE); \
229 }
230 
231 #define SepReleaseTokenLock(Token) \
232 { \
233  ExReleaseResourceLite(((PTOKEN)Token)->TokenLock); \
234  KeLeaveCriticalRegion(); \
235 }
236 
237 //
238 // Token Functions
239 //
240 BOOLEAN
241 NTAPI
243  _In_ PACCESS_TOKEN _Token,
245  _In_ BOOLEAN TokenLocked);
246 
247 BOOLEAN
248 NTAPI
250  _In_ PACCESS_TOKEN _Token,
251  _In_ PSID Sid);
252 
253 BOOLEAN
254 NTAPI
256  _In_ PACCESS_TOKEN _Token,
257  _In_ PSID PrincipalSelfSid,
258  _In_ PSID _Sid,
259  _In_ BOOLEAN Deny,
261 
262 BOOLEAN
263 NTAPI
265  _In_ PTOKEN ProcessToken,
266  _In_ PTOKEN TokenToImpersonate,
268 
269 /* Functions */
270 CODE_SEG("INIT")
271 BOOLEAN
272 NTAPI
274 
275 CODE_SEG("INIT")
276 VOID
277 NTAPI
279 
280 CODE_SEG("INIT")
281 BOOLEAN
282 NTAPI
284 
285 CODE_SEG("INIT")
286 BOOLEAN
287 NTAPI
289 
290 CODE_SEG("INIT")
291 BOOLEAN
292 NTAPI
294 
295 BOOLEAN
296 NTAPI
298 
299 BOOLEAN
300 NTAPI
302 
303 VOID
304 NTAPI
307 
308 NTSTATUS
309 NTAPI
312  _Out_ PTOKEN *Token,
313  _In_ BOOLEAN InUse,
315 
316 NTSTATUS
317 NTAPI
320  _In_ BOOLEAN DoAudit,
321  _Out_ POBJECT_NAME_INFORMATION *AuditInfo);
322 
323 NTSTATUS
324 NTAPI
329  _In_ PAUX_ACCESS_DATA AuxData,
330  _In_ ACCESS_MASK Access,
332 
333 NTSTATUS
334 NTAPI
336  _In_ PTOKEN Token,
338 
339 NTSTATUS
340 NTAPI
342  _In_ PTOKEN Token,
343  _Out_ PBOOLEAN IsSibling);
344 
345 NTSTATUS
346 NTAPI
348  _In_ PTOKEN Token,
349  _In_ PTOKEN PrimaryToken,
350  _Out_ PACL* Dacl);
351 
352 NTSTATUS
353 NTAPI
356 
357 NTSTATUS
358 NTAPI
361 
362 CODE_SEG("INIT")
363 VOID
364 NTAPI
366 
367 CODE_SEG("INIT")
368 PTOKEN
369 NTAPI
371 
372 CODE_SEG("INIT")
373 PTOKEN
375 
376 CODE_SEG("INIT")
377 PTOKEN
379 
380 BOOLEAN
381 NTAPI
383  _In_ PTOKEN Token);
384 
385 VOID
386 NTAPI
389 
390 VOID
391 NTAPI
394 
395 NTSTATUS
396 NTAPI
399  _In_ PACCESS_TOKEN NewAccessToken,
400  _Out_ PACCESS_TOKEN* OldAccessToken);
401 
402 VOID
403 NTAPI
408 
409 NTSTATUS
410 NTAPI
413  _In_ ULONG PrivilegeCount,
415  _In_ PLUID_AND_ATTRIBUTES AllocatedMem,
416  _In_ ULONG AllocatedLength,
418  _In_ BOOLEAN CaptureIfKernel,
421 
422 VOID
423 NTAPI
427  _In_ BOOLEAN CaptureIfKernel);
428 
429 BOOLEAN
430 NTAPI
432  _In_ PTOKEN Token,
434  _In_ ULONG PrivilegeCount,
435  _In_ ULONG PrivilegeControl,
437 
438 NTSTATUS
439 NTAPI
444  _In_ PTOKEN Token,
445  _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet,
447 
448 BOOLEAN
449 NTAPI
451  _In_ LUID PrivilegeValue,
452  _In_ HANDLE ObjectHandle,
455 
456 NTSTATUS
457 NTAPI
459  _In_ PTOKEN Token,
465  _Out_ PTOKEN* NewAccessToken);
466 
467 NTSTATUS
468 NTAPI
473  _In_ BOOLEAN CaptureIfKernel,
474  _Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService,
475  _Out_ PBOOLEAN Present);
476 
477 VOID
478 NTAPI
480  _In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService,
482  _In_ BOOLEAN CaptureIfKernel);
483 
484 NTSTATUS
485 NTAPI
487  _In_ PSID InputSid,
490  _In_ BOOLEAN CaptureIfKernel,
491  _Out_ PSID *CapturedSid);
492 
493 VOID
494 NTAPI
496  _In_ PSID CapturedSid,
498  _In_ BOOLEAN CaptureIfKernel);
499 
500 NTSTATUS
501 NTAPI
503  _In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes,
504  _In_ ULONG AttributeCount,
506  _In_opt_ PVOID AllocatedMem,
507  _In_ ULONG AllocatedLength,
509  _In_ BOOLEAN CaptureIfKernel,
510  _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes,
512 
513 VOID
514 NTAPI
516  _In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes,
518  _In_ BOOLEAN CaptureIfKernel);
519 
520 NTSTATUS
521 NTAPI
524  _Out_ PULONG QuotaInfoSize);
525 
526 NTSTATUS
527 NTAPI
529  _In_ PACL InputAcl,
532  _In_ BOOLEAN CaptureIfKernel,
533  _Out_ PACL *CapturedAcl);
534 
535 VOID
536 NTAPI
538  _In_ PACL CapturedAcl,
540  _In_ BOOLEAN CaptureIfKernel);
541 
542 NTSTATUS
544  _Out_writes_bytes_opt_(DaclLength) PACL AclDest,
546  _In_reads_bytes_(AclSource->AclSize) PACL AclSource,
547  _In_ PSID Owner,
548  _In_ PSID Group,
549  _In_ BOOLEAN IsInherited,
552 
553 PACL
555  _In_opt_ PACL ExplicitAcl,
556  _In_ BOOLEAN ExplicitPresent,
557  _In_ BOOLEAN ExplicitDefaulted,
558  _In_opt_ PACL ParentAcl,
559  _In_opt_ PACL DefaultAcl,
561  _In_ PSID Owner,
562  _In_ PSID Group,
563  _Out_ PBOOLEAN AclPresent,
564  _Out_ PBOOLEAN IsInherited,
567 
568 NTSTATUS
569 NTAPI
571  _In_ PVOID Object,
572  _In_ SECURITY_OPERATION_CODE OperationType,
576  _Inout_opt_ PSECURITY_DESCRIPTOR *OldSecurityDescriptor,
579 
580 NTSTATUS
581 NTAPI
586 
587 NTSTATUS
588 NTAPI
593  _Out_ PACCESS_TOKEN* NewToken);
594 
595 NTSTATUS
596 NTAPI
603 
604 VOID
605 NTAPI
609 
610 VOID
611 NTAPI
615 
616 BOOLEAN
617 NTAPI
623 
624 BOOLEAN
625 NTAPI
629 
630 VOID
631 NTAPI
635  _In_ PPRIVILEGE_SET PrivilegeSet,
637 
638 NTSTATUS
640  _Inout_ PLUID LogonLuid);
641 
642 NTSTATUS
644  _Inout_ PLUID LogonLuid);
645 
646 NTSTATUS
647 NTAPI
650  _Out_ PDEVICE_MAP *DeviceMap);
651 
652 #endif
653 
654 /* EOF */
NTSTATUS NTAPI SeSetWorldSecurityDescriptor(_In_ SECURITY_INFORMATION SecurityInformation, _In_ PISECURITY_DESCRIPTOR SecurityDescriptor, _In_ PULONG BufferLength)
Sets a "World" security descriptor.
Definition: sd.c:155
PTOKEN SeAnonymousLogonTokenNoEveryone
Definition: semgr.c:20
struct _KNOWN_ACE * PKNOWN_ACE
const LUID SeSystemEnvironmentPrivilege
Definition: priv.c:39
const LUID SeTimeZonePrivilege
Definition: priv.c:51
const LUID SeRemoteShutdownPrivilege
Definition: priv.c:41
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:39
const LUID SeCreateSymbolicLinkPrivilege
Definition: priv.c:52
const uint16_t * PCWSTR
Definition: typedefs.h:57
NTSTATUS NTAPI SepRegQueryHelper(_In_ PCWSTR KeyName, _In_ PCWSTR ValueName, _In_ ULONG ValueType, _In_ ULONG DataLength, _Out_ PVOID ValueData)
A private registry helper that returns the desired value data based on the specifics requested by the...
Definition: srm.c:93
#define SE_SACL_PRESENT
Definition: setypes.h:788
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
Definition: wdfdevice.h:3767
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
ACE_HEADER Header
Definition: se.h:5
const LUID SeSystemtimePrivilege
Definition: priv.c:29
PSID SeRestrictedCodeSid
Definition: sid.c:38
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
NTSTATUS NTAPI SepRmInsertLogonSessionIntoToken(_Inout_ PTOKEN Token)
Inserts a logon session into an access token specified by the caller.
Definition: srm.c:368
_Must_inspect_result_ _In_ WDFIORESLIST _In_ PIO_RESOURCE_DESCRIPTOR Descriptor
Definition: wdfresource.h:339
#define SE_SELF_RELATIVE
Definition: setypes.h:799
#define _In_opt_
Definition: ms_sal.h:309
PACL SePublicDefaultUnrestrictedDacl
Definition: acl.c:18
#define _Inout_
Definition: ms_sal.h:378
const LUID SeIncreaseQuotaPrivilege
Definition: priv.c:22
const LUID SeIncreaseWorkingSetPrivilege
Definition: priv.c:50
VOID NTAPI SepReleaseAcl(_In_ PACL CapturedAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) a captured ACL from the memory pool.
Definition: acl.c:459
Definition: se.h:3
PTOKEN NTAPI SepCreateSystemProcessToken(VOID)
Creates the system process token.
Definition: token.c:1984
const LUID SeCreateTokenPrivilege
Definition: priv.c:19
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID with attributes.
Definition: sid.c:673
#define _Out_
Definition: ms_sal.h:345
const LUID SeCreatePermanentPrivilege
Definition: priv.c:33
NTSTATUS NTAPI SeComputeQuotaInformationSize(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PULONG QuotaInfoSize)
const LUID SeDebugPrivilege
Definition: priv.c:37
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Src, _In_ ULONG PrivilegeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_ PLUID_AND_ATTRIBUTES AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PLUID_AND_ATTRIBUTES *Dest, _Inout_ PULONG Length)
const LUID SeBackupPrivilege
Definition: priv.c:34
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
PSECURITY_DESCRIPTOR SeSystemDefaultSd
Definition: sd.c:20
NTSTATUS NTAPI SepCaptureSid(_In_ PSID InputSid, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID *CapturedSid)
Captures a SID.
Definition: sid.c:306
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
Definition: sefuncs.h:29
_In_opt_ PSID Group
Definition: rtlfuncs.h:1605
VOID NTAPI SeSetSecurityAccessMask(_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess)
Sets the access mask for a security information context.
Definition: semgr.c:460
struct _KNOWN_OBJECT_ACE * PKNOWN_OBJECT_ACE
PSECURITY_DESCRIPTOR SeSystemAnonymousLogonSd
Definition: sd.c:22
ULONG SessionId
Definition: dllmain.c:28
LONG NTSTATUS
Definition: precomp.h:26
const LUID SeEnableDelegationPrivilege
Definition: priv.c:44
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
PSID SeAuthenticatedUserSid
Definition: sid.c:37
VOID NTAPI SepInitPrivileges(VOID)
Initializes the privileges during the startup phase of the security manager module....
Definition: priv.c:69
PSID SeAliasBackupOpsSid
Definition: sid.c:46
ACCESS_MASK Mask
Definition: se.h:6
USHORT Reserved
Definition: se.h:23
NTSTATUS SepPropagateAcl(_Out_writes_bytes_opt_(DaclLength) PACL AclDest, _Inout_ PULONG AclLength, _In_reads_bytes_(AclSource->AclSize) PACL AclSource, _In_ PSID Owner, _In_ PSID Group, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
NTSTATUS NTAPI SeIsTokenChild(_In_ PTOKEN Token, _Out_ PBOOLEAN IsChild)
Checks if the token is a child of the other token of the current process that the calling thread is i...
Definition: token.c:1373
PTOKEN SeAnonymousLogonToken
Definition: semgr.c:19
SID_IDENTIFIER_AUTHORITY SeNtSidAuthority
Definition: sid.c:20
NTSTATUS NTAPI SeGetLogonIdDeviceMap(_In_ PLUID LogonId, _Out_ PDEVICE_MAP *DeviceMap)
Retrieves the DOS device map from a logon session.
Definition: srm.c:1347
FORCEINLINE PSID SepGetGroupFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:39
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR Level
Definition: wmitypes.h:55
PSID SeRestrictedSid
Definition: sid.c:48
const LUID SeAssignPrimaryTokenPrivilege
Definition: priv.c:20
NTSTATUS NTAPI SeDefaultObjectMethod(_In_ PVOID Object, _In_ SECURITY_OPERATION_CODE OperationType, _In_ PSECURITY_INFORMATION SecurityInformation, _Inout_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_opt_ PULONG ReturnLength, _Inout_opt_ PSECURITY_DESCRIPTOR *OldSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn BOOLEAN Physical UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
Definition: acpixf.h:728
FORCEINLINE PSID SepGetOwnerFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:59
const LUID SeSystemProfilePrivilege
Definition: priv.c:28
NTSTATUS NTAPI SeExchangePrimaryToken(_In_ PEPROCESS Process, _In_ PACCESS_TOKEN NewAccessToken, _Out_ PACCESS_TOKEN *OldAccessToken)
Replaces the old access token of a process (pointed by the EPROCESS kernel structure) with a new acce...
Definition: token.c:704
PSID SeAuthenticatedUsersSid
Definition: sid.c:47
#define SE_DACL_PRESENT
Definition: setypes.h:786
struct _TOKEN_AUDIT_POLICY_INFORMATION::@1759 Policies[1]
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _In_ ULONG _Out_opt_ PULONG _Out_opt_ PULONG ValueType
Definition: wdfregistry.h:279
PSID SeCreatorOwnerServerSid
Definition: sid.c:27
PSID SeAliasPrintOpsSid
Definition: sid.c:45
const LUID SeTrustedCredmanPrivilege
Definition: priv.c:48
SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority
Definition: sid.c:17
ACE_HEADER Header
Definition: se.h:12
PSID SeAliasAccountOpsSid
Definition: sid.c:43
const LUID SeSyncAgentPrivilege
Definition: priv.c:43
VOID NTAPI SepReleaseSid(_In_ PSID CapturedSid, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID.
Definition: sid.c:392
BOOLEAN NTAPI SepInitSecurityIDs(VOID)
Initializes all the SIDs known in the system.
Definition: sid.c:107
BOOLEAN NTAPI SepInitDACLs(VOID)
Initializes known discretionary access control lists in the system upon kernel and Executive initiali...
Definition: acl.c:38
const LUID SeChangeNotifyPrivilege
Definition: priv.c:40
NTSTATUS NTAPI SeSubProcessToken(_In_ PTOKEN Parent, _Out_ PTOKEN *Token, _In_ BOOLEAN InUse, _In_ ULONG SessionId)
Subtracts a token in exchange of duplicating a new one.
Definition: token.c:1313
NTSTATUS SepRmDereferenceLogonSession(_Inout_ PLUID LogonLuid)
PSECURITY_DESCRIPTOR SeUnrestrictedSd
Definition: sd.c:21
struct _KNOWN_ACE KNOWN_ACE
PSECURITY_DESCRIPTOR SePublicDefaultSd
Definition: sd.c:16
BOOLEAN NTAPI SeCheckPrivilegedObject(_In_ LUID PrivilegeValue, _In_ HANDLE ObjectHandle, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE PreviousMode)
Checks a privileged object if such object has the specific privilege submitted by the caller.
Definition: priv.c:797
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
BOOLEAN NTAPI SeFastTraverseCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE AccessMode)
Determines whether security access rights can be given to an object depending on the security descrip...
Definition: accesschk.c:601
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311
PSID SeCreatorGroupSid
Definition: sid.c:26
PACL SePublicOpenDacl
Definition: acl.c:19
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
PTOKEN SepCreateSystemAnonymousLogonToken(VOID)
Creates the anonymous logon token for the system. The difference between this token and the other one...
Definition: token.c:2134
PSID SeNtAuthoritySid
Definition: sid.c:29
PSID SePrincipalSelfSid
Definition: sid.c:35
PSID SeServiceSid
Definition: sid.c:34
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
VOID NTAPI SepInitializeTokenImplementation(VOID)
Internal function that initializes critical kernel data for access token implementation in SRM.
Definition: token.c:1568
NTSTATUS NTAPI SepCaptureAcl(_In_ PACL InputAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PACL *CapturedAcl)
Captures an access control list from an already valid input ACL.
Definition: acl.c:352
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
FORCEINLINE PACL SepGetSaclFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:101
NTSTATUS SepRmReferenceLogonSession(_Inout_ PLUID LogonLuid)
unsigned char BOOLEAN
PSID SeNetworkServiceSid
Definition: sid.c:51
const LUID SeLoadDriverPrivilege
Definition: priv.c:27
const LUID SeManageVolumePrivilege
Definition: priv.c:45
const LUID SeTakeOwnershipPrivilege
Definition: priv.c:26
#define _In_
Definition: ms_sal.h:308
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
const LUID SeCreateGlobalPrivilege
Definition: priv.c:47
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
_In_ ULONG _In_opt_ WDFREQUEST _In_opt_ PVOID _In_ size_t _In_ PVOID _In_ size_t _Out_ size_t * DataLength
Definition: cdrom.h:1437
_Must_inspect_result_ _In_ WDFDEVICE _In_ PCUNICODE_STRING KeyName
Definition: wdfdevice.h:2697
NTSTATUS NTAPI SeIsTokenSibling(_In_ PTOKEN Token, _Out_ PBOOLEAN IsSibling)
Checks if the token is a sibling of the other token of the current process that the calling thread is...
Definition: token.c:1422
_In_ WDFREQUEST _In_ WDFFILEOBJECT FileObject
Definition: wdfdevice.h:547
struct _TOKEN_AUDIT_POLICY_INFORMATION TOKEN_AUDIT_POLICY_INFORMATION
#define _Out_writes_bytes_opt_(size)
Definition: ms_sal.h:351
PSID SeAliasUsersSid
Definition: sid.c:40
UNICODE_STRING Restricted
Definition: utils.c:24
ULONG Flags
Definition: se.h:14
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
ACE_HEADER Header
Definition: se.h:20
const LUID SeCreatePagefilePrivilege
Definition: priv.c:32
LPTSTR ServiceName
Definition: ServiceMain.c:15
const LUID SeRestorePrivilege
Definition: priv.c:35
VOID NTAPI SeReleaseLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Privilege, _In_ KPROCESSOR_MODE PreviousMode, _In_ BOOLEAN CaptureIfKernel)
Releases a LUID with attributes structure.
Definition: priv.c:548
DWORD * PSECURITY_INFORMATION
Definition: ms-dtyp.idl:311
VOID NTAPI SePrivilegedServiceAuditAlarm(_In_opt_ PUNICODE_STRING ServiceName, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN AccessGranted)
Performs an audit alarm to a privileged service request.
Definition: audit.c:369
INT POOL_TYPE
Definition: typedefs.h:78
struct _KNOWN_COMPOUND_ACE KNOWN_COMPOUND_ACE
ULONG SidStart
Definition: se.h:15
SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority
Definition: sid.c:18
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:154
_In_ GUID _In_ PVOID ValueData
Definition: hubbusif.h:311
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2652
PSID SeLocalServiceSid
Definition: sid.c:50
const LUID SeRelabelPrivilege
Definition: priv.c:49
const LUID SeImpersonatePrivilege
Definition: priv.c:46
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
Definition: user_lib.cpp:531
SID_IDENTIFIER_AUTHORITY SeNullSidAuthority
Definition: sid.c:16
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
* PFILE_OBJECT
Definition: iotypes.h:1998
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING ValueName
Definition: wdfregistry.h:240
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1552
unsigned char UCHAR
Definition: xmlstorage.h:181
char * PBOOLEAN
Definition: retypes.h:11
BOOLEAN NTAPI SeRmInitPhase0(VOID)
Manages the phase 0 initialization of the security reference monitoring module of the kernel.
Definition: srm.c:176
PSID SeAliasAdminsSid
Definition: sid.c:39
PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
Definition: sd.c:19
VOID NTAPI SepReleaseSecurityQualityOfService(_In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) the captured SQOS data from an object in the memory pool.
Definition: sqos.c:225
PSID SeCreatorOwnerSid
Definition: sid.c:25
USHORT CompoundAceType
Definition: se.h:22
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
Captures a SID with attributes.
Definition: sid.c:455
#define _Inout_opt_
Definition: ms_sal.h:379
const LUID SeLockMemoryPrivilege
Definition: priv.c:21
NTSTATUS NTAPI SePrivilegePolicyCheck(_Inout_ PACCESS_MASK DesiredAccess, _Inout_ PACCESS_MASK GrantedAccess, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PTOKEN Token, _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet, _In_ KPROCESSOR_MODE PreviousMode)
Checks the security policy and returns a set of privileges based upon the said security policy contex...
Definition: priv.c:242
NTSTATUS NTAPI SeInitializeProcessAuditName(_In_ PFILE_OBJECT FileObject, _In_ BOOLEAN DoAudit, _Out_ POBJECT_NAME_INFORMATION *AuditInfo)
Initializes a process audit name and returns it to the caller.
Definition: audit.c:105
const LUID SeProfileSingleProcessPrivilege
Definition: priv.c:30
#define _Post_invalid_
Definition: ms_sal.h:695
PSID SeWorldSid
Definition: sid.c:23
const LUID SeIncreaseBasePriorityPrivilege
Definition: priv.c:31
enum _TOKEN_TYPE TOKEN_TYPE
PSID SeLocalSid
Definition: sid.c:24
PSID SeAliasGuestsSid
Definition: sid.c:41
BOOLEAN NTAPI SepSidInTokenEx(_In_ PACCESS_TOKEN _Token, _In_ PSID PrincipalSelfSid, _In_ PSID _Sid, _In_ BOOLEAN Deny, _In_ BOOLEAN Restricted)
Checks if a SID is present in a token.
Definition: access.c:48
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
NTSTATUS NTAPI SepRmRemoveLogonSessionFromToken(_Inout_ PTOKEN Token)
Removes a logon session from an access token.
Definition: srm.c:449
const LUID SeTcbPrivilege
Definition: priv.c:24
VOID NTAPI SeDeassignPrimaryToken(_Inout_ PEPROCESS Process)
Removes the primary token of a process.
Definition: token.c:794
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
NTSTATUS NTAPI SeCopyClientToken(_In_ PACCESS_TOKEN Token, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PACCESS_TOKEN *NewToken)
Copies an existing access token (technically duplicating a new one).
Definition: token.c:1482
const LUID SeShutdownPrivilege
Definition: priv.c:36
PSID SeAliasPowerUsersSid
Definition: sid.c:42
PSID SeCreatorGroupServerSid
Definition: sid.c:28
NTSTATUS NTAPI SeCreateAccessStateEx(_In_ PETHREAD Thread, _In_ PEPROCESS Process, _In_ OUT PACCESS_STATE AccessState, _In_ PAUX_ACCESS_DATA AuxData, _In_ ACCESS_MASK Access, _In_ PGENERIC_MAPPING GenericMapping)
BOOLEAN NTAPI SeInitSystem(VOID)
Main security manager initialization function.
Definition: semgr.c:285
ACCESS_MASK Mask
Definition: se.h:21
PSID SeDialupSid
Definition: sid.c:30
unsigned short USHORT
Definition: pedump.c:61
PSID SeAliasSystemOpsSid
Definition: sid.c:44
SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority
Definition: sid.c:19
BOOLEAN NTAPI SeTokenCanImpersonate(_In_ PTOKEN ProcessToken, _In_ PTOKEN TokenToImpersonate, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Ensures that client impersonation can occur by checking if the token we're going to assign as the imp...
Definition: token.c:2857
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:414
BOOLEAN NTAPI SepPrivilegeCheck(_In_ PTOKEN Token, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_ ULONG PrivilegeCount, _In_ ULONG PrivilegeControl, _In_ KPROCESSOR_MODE PreviousMode)
Checks the privileges pointed by Privileges array argument if they exist and match with the privilege...
Definition: priv.c:102
#define FORCEINLINE
Definition: wdftypes.h:67
VOID NTAPI SeCaptureSubjectContextEx(_In_ PETHREAD Thread, _In_ PEPROCESS Process, _Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
An extended function that captures the security subject context based upon the specified thread and p...
Definition: access.c:390
#define _Out_opt_
Definition: ms_sal.h:346
unsigned int * PULONG
Definition: retypes.h:1
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1556
#define NULL
Definition: types.h:112
ACCESS_MASK Mask
Definition: se.h:13
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
BOOLEAN NTAPI SeCheckAuditPrivilege(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Checks a single privilege and performs an audit against a privileged service based on a security subj...
Definition: priv.c:358
struct _KNOWN_OBJECT_ACE KNOWN_OBJECT_ACE
ULONG SidStart
Definition: se.h:7
ULONG SidStart
Definition: se.h:24
struct _TOKEN_AUDIT_POLICY_INFORMATION * PTOKEN_AUDIT_POLICY_INFORMATION
BOOL WINAPI IsChild(_In_ HWND, _In_ HWND)
const LUID SeSecurityPrivilege
Definition: priv.c:25
BOOLEAN NTAPI SepTokenIsOwner(_In_ PACCESS_TOKEN _Token, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN TokenLocked)
Checks if a token belongs to the main user, being the owner.
Definition: access.c:177
PSID SeLocalSystemSid
Definition: sid.c:36
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
PSECURITY_DESCRIPTOR SePublicOpenSd
Definition: sd.c:18
#define OUT
Definition: typedefs.h:40
PACL SeUnrestrictedDacl
Definition: acl.c:21
PACL SePublicOpenUnrestrictedDacl
Definition: acl.c:20
VOID NTAPI SeAuditProcessExit(_In_ PEPROCESS Process)
Peforms a security auditing against a process that is about to be terminated.
Definition: audit.c:77
BOOLEAN NTAPI SepSidInToken(_In_ PACCESS_TOKEN _Token, _In_ PSID Sid)
Checks if a SID is present in a token.
Definition: access.c:149
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
PSID SeNetworkSid
Definition: sid.c:31
unsigned int ULONG
Definition: retypes.h:1
ACCESS_MASK * PACCESS_MASK
Definition: nt_native.h:41
#define ULONG_PTR
Definition: config.h:101
FORCEINLINE PACL SepGetDaclFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:79
const LUID SeUnsolicitedInputPrivilege
Definition: priv.c:23
BOOLEAN NTAPI SeRmInitPhase1(VOID)
Manages the phase 1 initialization of the security reference monitoring module of the kernel.
Definition: srm.c:211
PSID SeInteractiveSid
Definition: sid.c:33
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3776
PSID SeBatchSid
Definition: sid.c:32
PSID SeAnonymousLogonSid
Definition: se.h:159
const LUID SeUndockPrivilege
Definition: priv.c:42
VOID NTAPI SeQuerySecurityAccessMask(_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess)
Queries the access mask from a security information context.
Definition: semgr.c:427
NTSTATUS NTAPI SepCaptureSecurityQualityOfService(_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, _Out_ PBOOLEAN Present)
Captures the security quality of service data given the object attributes from an object.
Definition: sqos.c:52
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:388
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
static CODE_SEG("PAGE")
Definition: isapnp.c:1482
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Duplicates an access token, from an existing valid token.
Definition: token.c:995
PTOKEN SepCreateSystemAnonymousLogonTokenNoEveryone(VOID)
Creates the anonymous logon token for the system. This kind of token doesn't include the everyone SID...
Definition: token.c:2202
const LUID SeAuditPrivilege
Definition: priv.c:38
PSID SeNullSid
Definition: sid.c:22
PACL SeSystemAnonymousLogonDacl
Definition: acl.c:22
SECURITY_OPERATION_CODE
Definition: setypes.h:157
ULONG ACCESS_MASK
Definition: nt_native.h:40
_In_ ULONG AclLength
Definition: rtlfuncs.h:1842
struct _KNOWN_COMPOUND_ACE * PKNOWN_COMPOUND_ACE
NTSTATUS NTAPI SepCreateImpersonationTokenDacl(_In_ PTOKEN Token, _In_ PTOKEN PrimaryToken, _Out_ PACL *Dacl)
Allocates a discretionary access control list based on certain properties of a regular and primary ac...
Definition: acl.c:277
BOOLEAN NTAPI SeDetailedAuditingWithToken(_In_ PTOKEN Token)
Peforms a detailed security auditing with an access token.
Definition: audit.c:34
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
Definition: sd.c:17
VOID NTAPI SeAuditProcessCreate(_In_ PEPROCESS Process)
Peforms a security auditing against a process that is about to be created.
Definition: audit.c:56
struct _SECURITY_DESCRIPTOR * PISECURITY_DESCRIPTOR
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:388
#define _In_reads_bytes_(size)
Definition: ms_sal.h:321
BOOLEAN NTAPI SepInitSDs(VOID)
Initializes the known security descriptors in the system.
Definition: sd.c:37
PACL SepSelectAcl(_In_opt_ PACL ExplicitAcl, _In_ BOOLEAN ExplicitPresent, _In_ BOOLEAN ExplicitDefaulted, _In_opt_ PACL ParentAcl, _In_opt_ PACL DefaultAcl, _Out_ PULONG AclLength, _In_ PSID Owner, _In_ PSID Group, _Out_ PBOOLEAN AclPresent, _Out_ PBOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
Selects an ACL and returns it to the caller.
Definition: acl.c:799