dc/dc7/win32ss_2user_2ntuser_2security_8h_source.html

/*

 * PROJECT:         ReactOS Win32k subsystem

 * LICENSE:         GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)

 * PURPOSE:         Security infrastructure of NTUSER component of Win32k

 * COPYRIGHT:       Copyright 2022 George Bișoc <george.bisoc@reactos.org>

 */


#pragma once


//

// USER objects security rights

//


/* Desktop access rights */

#define DESKTOP_READ (STANDARD_RIGHTS_READ      | \

                      DESKTOP_ENUMERATE         | \

                      DESKTOP_READOBJECTS)


#define DESKTOP_WRITE (STANDARD_RIGHTS_WRITE    | \

                       DESKTOP_CREATEMENU       | \

                       DESKTOP_CREATEWINDOW     | \

                       DESKTOP_HOOKCONTROL      | \

                       DESKTOP_JOURNALPLAYBACK  | \

                       DESKTOP_JOURNALRECORD    | \

                       DESKTOP_WRITEOBJECTS)


#define DESKTOP_EXECUTE (STANDARD_RIGHTS_EXECUTE  | \

                         DESKTOP_SWITCHDESKTOP)


#define DESKTOP_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \

                            DESKTOP_CREATEMENU       | \

                            DESKTOP_CREATEWINDOW     | \

                            DESKTOP_ENUMERATE        | \

                            DESKTOP_HOOKCONTROL      | \

                            DESKTOP_JOURNALPLAYBACK  | \

                            DESKTOP_JOURNALRECORD    | \

                            DESKTOP_READOBJECTS      | \

                            DESKTOP_SWITCHDESKTOP    | \

                            DESKTOP_WRITEOBJECTS)


/* Window Station access rights */

#define WINSTA_READ (STANDARD_RIGHTS_READ     | \

                     WINSTA_ENUMDESKTOPS      | \

                     WINSTA_ENUMERATE         | \

                     WINSTA_READATTRIBUTES    | \

                     WINSTA_READSCREEN)


#define WINSTA_WRITE (STANDARD_RIGHTS_WRITE    | \

                      WINSTA_ACCESSCLIPBOARD   | \

                      WINSTA_CREATEDESKTOP     | \

                      WINSTA_WRITEATTRIBUTES)


#define WINSTA_EXECUTE (STANDARD_RIGHTS_EXECUTE  | \

                        WINSTA_ACCESSGLOBALATOMS | \

                        WINSTA_EXITWINDOWS)


#define WINSTA_ACCESS_ALL (STANDARD_RIGHTS_REQUIRED | \

                           WINSTA_ACCESSCLIPBOARD   | \

                           WINSTA_ACCESSGLOBALATOMS | \

                           WINSTA_CREATEDESKTOP     | \

                           WINSTA_ENUMDESKTOPS      | \

                           WINSTA_ENUMERATE         | \

                           WINSTA_EXITWINDOWS       | \

                           WINSTA_READATTRIBUTES    | \

                           WINSTA_READSCREEN        | \

                           WINSTA_WRITEATTRIBUTES)


//

// Function prototypes

//


HANDLE

IntCaptureCurrentAccessToken(VOID);


PVOID

IntAllocateSecurityBuffer(

    _In_ SIZE_T Length);


VOID

IntFreeSecurityBuffer(

    _In_ PVOID Buffer);


NTSTATUS

IntQueryUserSecurityIdentification(

    _Out_ PTOKEN_USER *User);


NTSTATUS

NTAPI

IntAssignDesktopSecurityOnParse(

    _In_ PWINSTATION_OBJECT WinSta,

    _In_ PDESKTOP Desktop,

    _In_ PACCESS_STATE AccessState);


NTSTATUS

NTAPI

IntCreateServiceSecurity(

    _Out_ PSECURITY_DESCRIPTOR *ServiceSd);


/* EOF */

NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26

Buffer
Definition: bufpool.h:45

void
Definition: nsiface.idl:2307

_Out_
#define _Out_
Definition: ms_sal.h:345

_In_
#define _In_
Definition: ms_sal.h:308

Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102

Desktop
Definition: globals.h:228

_ACCESS_STATE
Definition: setypes.h:224

_DESKTOP
Definition: desktop.h:4

_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301

_TOKEN_USER
Definition: setypes.h:1009

_WINSTATION_OBJECT
Definition: winsta.h:16

NTAPI
#define NTAPI
Definition: typedefs.h:36

SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:80

IntAssignDesktopSecurityOnParse
NTSTATUS NTAPI IntAssignDesktopSecurityOnParse(_In_ PWINSTATION_OBJECT WinSta, _In_ PDESKTOP Desktop, _In_ PACCESS_STATE AccessState)
Assigns a security descriptor to the desktop object during a desktop object parse procedure.
Definition: security.c:270

IntQueryUserSecurityIdentification
NTSTATUS IntQueryUserSecurityIdentification(_Out_ PTOKEN_USER *User)
Queries the authenticated user security identifier (SID) that is associated with the security context...
Definition: security.c:169

IntCaptureCurrentAccessToken
HANDLE IntCaptureCurrentAccessToken(VOID)

IntAllocateSecurityBuffer
PVOID IntAllocateSecurityBuffer(_In_ SIZE_T Length)
Allocates a buffer within UM (user mode) address space area. Such buffer is reserved for security pur...
Definition: security.c:97

IntCreateServiceSecurity
NTSTATUS NTAPI IntCreateServiceSecurity(_Out_ PSECURITY_DESCRIPTOR *ServiceSd)
Creates a security descriptor for the service.
Definition: security.c:327

IntFreeSecurityBuffer
VOID IntFreeSecurityBuffer(_In_ PVOID Buffer)
Frees an allocated security buffer from UM memory that is been previously allocated by IntAllocateSec...
Definition: security.c:133

AccessState
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:417