reactos/reactos/ntoskrnl/include/internal/se.h

/*
 *  ReactOS kernel
 *  Copyright (C) 2002 ReactOS Team
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */

#ifndef __NTOSKRNL_INCLUDE_INTERNAL_SE_H
#define __NTOSKRNL_INCLUDE_INTERNAL_SE_H


extern POBJECT_TYPE SepTokenObjectType;

/* SID Authorities */
extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority;
extern SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority;
extern SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority;
extern SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority;
extern SID_IDENTIFIER_AUTHORITY SeNtSidAuthority;

/* SIDs */
extern PSID SeNullSid;
extern PSID SeWorldSid;
extern PSID SeLocalSid;
extern PSID SeCreatorOwnerSid;
extern PSID SeCreatorGroupSid;
extern PSID SeCreatorOwnerServerSid;
extern PSID SeCreatorGroupServerSid;
extern PSID SeNtAuthoritySid;
extern PSID SeDialupSid;
extern PSID SeNetworkSid;
extern PSID SeBatchSid;
extern PSID SeInteractiveSid;
extern PSID SeServiceSid;
extern PSID SeAnonymousLogonSid;
extern PSID SePrincipalSelfSid;
extern PSID SeLocalSystemSid;
extern PSID SeAuthenticatedUserSid;
extern PSID SeRestrictedCodeSid;
extern PSID SeAliasAdminsSid;
extern PSID SeAliasUsersSid;
extern PSID SeAliasGuestsSid;
extern PSID SeAliasPowerUsersSid;
extern PSID SeAliasAccountOpsSid;
extern PSID SeAliasSystemOpsSid;
extern PSID SeAliasPrintOpsSid;
extern PSID SeAliasBackupOpsSid;

/* Privileges */
extern LUID SeCreateTokenPrivilege;
extern LUID SeAssignPrimaryTokenPrivilege;
extern LUID SeLockMemoryPrivilege;
extern LUID SeIncreaseQuotaPrivilege;
extern LUID SeUnsolicitedInputPrivilege;
extern LUID SeTcbPrivilege;
extern LUID SeSecurityPrivilege;
extern LUID SeTakeOwnershipPrivilege;
extern LUID SeLoadDriverPrivilege;
extern LUID SeCreatePagefilePrivilege;
extern LUID SeIncreaseBasePriorityPrivilege;
extern LUID SeSystemProfilePrivilege;
extern LUID SeSystemtimePrivilege;
extern LUID SeProfileSingleProcessPrivilege;
extern LUID SeCreatePermanentPrivilege;
extern LUID SeBackupPrivilege;
extern LUID SeRestorePrivilege;
extern LUID SeShutdownPrivilege;
extern LUID SeDebugPrivilege;
extern LUID SeAuditPrivilege;
extern LUID SeSystemEnvironmentPrivilege;
extern LUID SeChangeNotifyPrivilege;
extern LUID SeRemoteShutdownPrivilege;

/* DACLs */
extern PACL SePublicDefaultUnrestrictedDacl;
extern PACL SePublicOpenDacl;
extern PACL SePublicOpenUnrestrictedDacl;
extern PACL SeUnrestrictedDacl;

/* SDs */
extern PSECURITY_DESCRIPTOR SePublicDefaultSd;
extern PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd;
extern PSECURITY_DESCRIPTOR SePublicOpenSd;
extern PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd;
extern PSECURITY_DESCRIPTOR SeSystemDefaultSd;
extern PSECURITY_DESCRIPTOR SeUnrestrictedSd;


/* Functions */

BOOLEAN SeInit1(VOID);
BOOLEAN SeInit2(VOID);
BOOLEAN SeInitSRM(VOID);

VOID SepInitLuid(VOID);
VOID SepInitPrivileges(VOID);
BOOLEAN SepInitSecurityIDs(VOID);
BOOLEAN SepInitDACLs(VOID);
BOOLEAN SepInitSDs(VOID);

NTSTATUS STDCALL 
SepCreateImpersonationTokenDacl(PTOKEN Token, 
                                PTOKEN PrimaryToken,
                                PACL *Dacl);

VOID SepInitializeTokenImplementation(VOID);

NTSTATUS SepCreateSystemProcessToken(struct _EPROCESS* Process);
NTSTATUS SepInitializeNewProcess(struct _EPROCESS* NewProcess,
				 struct _EPROCESS* ParentProcess);

NTSTATUS SeExchangePrimaryToken(struct _EPROCESS* Process,
				PACCESS_TOKEN NewToken,
				PACCESS_TOKEN* OldTokenP);

NTSTATUS
SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
				ULONG PrivilegeCount,
				KPROCESSOR_MODE PreviousMode,
				PLUID_AND_ATTRIBUTES AllocatedMem,
				ULONG AllocatedLength,
				POOL_TYPE PoolType,
				ULONG d,
				PLUID_AND_ATTRIBUTES* Dest,
				PULONG Length);

VOID
SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege,
				KPROCESSOR_MODE PreviousMode,
				ULONG a);

BOOLEAN
SepPrivilegeCheck(PTOKEN Token,
		  PLUID_AND_ATTRIBUTES Privileges,
		  ULONG PrivilegeCount,
		  ULONG PrivilegeControl,
		  KPROCESSOR_MODE PreviousMode);

NTSTATUS
SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes  OPTIONAL,
                                   IN KPROCESSOR_MODE AccessMode,
                                   IN POOL_TYPE PoolType,
                                   IN BOOLEAN CaptureIfKernel,
                                   OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService,
                                   OUT PBOOLEAN Present);

VOID
SepReleaseSecurityQualityOfService(IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService  OPTIONAL,
                                   IN KPROCESSOR_MODE AccessMode,
                                   IN BOOLEAN CaptureIfKernel);

NTSTATUS
SepCaptureSid(IN PSID InputSid,
              IN KPROCESSOR_MODE AccessMode,
              IN POOL_TYPE PoolType,
              IN BOOLEAN CaptureIfKernel,
              OUT PSID *CapturedSid);

VOID
SepReleaseSid(IN PSID CapturedSid,
              IN KPROCESSOR_MODE AccessMode,
              IN BOOLEAN CaptureIfKernel);

NTSTATUS
SepCaptureAcl(IN PACL InputAcl,
              IN KPROCESSOR_MODE AccessMode,
              IN POOL_TYPE PoolType,
              IN BOOLEAN CaptureIfKernel,
              OUT PACL *CapturedAcl);

VOID
SepReleaseAcl(IN PACL CapturedAcl,
              IN KPROCESSOR_MODE AccessMode,
              IN BOOLEAN CaptureIfKernel);

#define SepAcquireTokenLockExclusive(Token)                                    \
  do {                                                                         \
    KeEnterCriticalRegion();                                                   \
    ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE);              \
  while(0)

#define SepAcquireTokenLockShared(Token)                                       \
  do {                                                                         \
    KeEnterCriticalRegion();                                                   \
    ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE);                 \
  while(0)

#define SepReleaseTokenLock(Token)                                             \
  do {                                                                         \
    ExReleaseResource(((PTOKEN)Token)->TokenLock);                             \
    KeLeaveCriticalRegion();                                                   \
  while(0)

#endif /* __NTOSKRNL_INCLUDE_INTERNAL_SE_H */

/* EOF */
Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00			`/*`
			`* ReactOS kernel`
			`* Copyright (C) 2002 ReactOS Team`
			`*`
			`* This program is free software; you can redistribute it and/or modify`
			`* it under the terms of the GNU General Public License as published by`
			`* the Free Software Foundation; either version 2 of the License, or`
			`* (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License`
			`* along with this program; if not, write to the Free Software`
			`* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.`
			`*/`

			`#ifndef __NTOSKRNL_INCLUDE_INTERNAL_SE_H`
			`#define __NTOSKRNL_INCLUDE_INTERNAL_SE_H`


			`extern POBJECT_TYPE SepTokenObjectType;`

			`/* SID Authorities */`
			`extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority;`
			`extern SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority;`
			`extern SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority;`
			`extern SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority;`
			`extern SID_IDENTIFIER_AUTHORITY SeNtSidAuthority;`

			`/* SIDs */`
			`extern PSID SeNullSid;`
			`extern PSID SeWorldSid;`
			`extern PSID SeLocalSid;`
			`extern PSID SeCreatorOwnerSid;`
			`extern PSID SeCreatorGroupSid;`
			`extern PSID SeCreatorOwnerServerSid;`
			`extern PSID SeCreatorGroupServerSid;`
			`extern PSID SeNtAuthoritySid;`
			`extern PSID SeDialupSid;`
			`extern PSID SeNetworkSid;`
			`extern PSID SeBatchSid;`
			`extern PSID SeInteractiveSid;`
			`extern PSID SeServiceSid;`
			`extern PSID SeAnonymousLogonSid;`
			`extern PSID SePrincipalSelfSid;`
			`extern PSID SeLocalSystemSid;`
			`extern PSID SeAuthenticatedUserSid;`
			`extern PSID SeRestrictedCodeSid;`
			`extern PSID SeAliasAdminsSid;`
			`extern PSID SeAliasUsersSid;`
			`extern PSID SeAliasGuestsSid;`
			`extern PSID SeAliasPowerUsersSid;`
			`extern PSID SeAliasAccountOpsSid;`
			`extern PSID SeAliasSystemOpsSid;`
			`extern PSID SeAliasPrintOpsSid;`
			`extern PSID SeAliasBackupOpsSid;`

			`/* Privileges */`
			`extern LUID SeCreateTokenPrivilege;`
			`extern LUID SeAssignPrimaryTokenPrivilege;`
			`extern LUID SeLockMemoryPrivilege;`
			`extern LUID SeIncreaseQuotaPrivilege;`
			`extern LUID SeUnsolicitedInputPrivilege;`
			`extern LUID SeTcbPrivilege;`
			`extern LUID SeSecurityPrivilege;`
			`extern LUID SeTakeOwnershipPrivilege;`
			`extern LUID SeLoadDriverPrivilege;`
			`extern LUID SeCreatePagefilePrivilege;`
			`extern LUID SeIncreaseBasePriorityPrivilege;`
			`extern LUID SeSystemProfilePrivilege;`
			`extern LUID SeSystemtimePrivilege;`
			`extern LUID SeProfileSingleProcessPrivilege;`
			`extern LUID SeCreatePermanentPrivilege;`
			`extern LUID SeBackupPrivilege;`
			`extern LUID SeRestorePrivilege;`
			`extern LUID SeShutdownPrivilege;`
			`extern LUID SeDebugPrivilege;`
			`extern LUID SeAuditPrivilege;`
			`extern LUID SeSystemEnvironmentPrivilege;`
			`extern LUID SeChangeNotifyPrivilege;`
			`extern LUID SeRemoteShutdownPrivilege;`

			`/* DACLs */`
			`extern PACL SePublicDefaultUnrestrictedDacl;`
			`extern PACL SePublicOpenDacl;`
			`extern PACL SePublicOpenUnrestrictedDacl;`
			`extern PACL SeUnrestrictedDacl;`

Added missing Acl and SD functions from ntdll. svn path=/trunk/; revision=4157 2003-02-15 22:29:45 +00:00			`/* SDs */`
			`extern PSECURITY_DESCRIPTOR SePublicDefaultSd;`
			`extern PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd;`
			`extern PSECURITY_DESCRIPTOR SePublicOpenSd;`
			`extern PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd;`
			`extern PSECURITY_DESCRIPTOR SeSystemDefaultSd;`
			`extern PSECURITY_DESCRIPTOR SeUnrestrictedSd;`

Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00
			`/* Functions */`

			`BOOLEAN SeInit1(VOID);`
			`BOOLEAN SeInit2(VOID);`
Added missing Acl and SD functions from ntdll. svn path=/trunk/; revision=4157 2003-02-15 22:29:45 +00:00			`BOOLEAN SeInitSRM(VOID);`
Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00
			`VOID SepInitLuid(VOID);`
			`VOID SepInitPrivileges(VOID);`
			`BOOLEAN SepInitSecurityIDs(VOID);`
			`BOOLEAN SepInitDACLs(VOID);`
			`BOOLEAN SepInitSDs(VOID);`

- Fix definitions of SecurityAnonymous, SecurityIdentification, SecurityImpersonation, SecurityDelegation. - Fix prototype of NtDuplicateToken and change DuplicateTokenEx accordingly. - Implement NtOpenThreadToken[Ex] (complete rewrite), PsDisableImpersonation and PsRestoreImpersonation. svn path=/trunk/; revision=11999 2004-12-10 16:50:38 +00:00			`NTSTATUS STDCALL`
Fix my previous patch and fix ACCESS_TOKEN being declared as a structure. This is incompatible with DDK/W32API because ACCESS_TOKEN is a PVOID. The real structure is TOKEN. Also, structure has been updated. svn path=/trunk/; revision=12740 2005-01-02 23:12:40 +00:00			`SepCreateImpersonationTokenDacl(PTOKEN Token,`
			`PTOKEN PrimaryToken,`
- Fix definitions of SecurityAnonymous, SecurityIdentification, SecurityImpersonation, SecurityDelegation. - Fix prototype of NtDuplicateToken and change DuplicateTokenEx accordingly. - Implement NtOpenThreadToken[Ex] (complete rewrite), PsDisableImpersonation and PsRestoreImpersonation. svn path=/trunk/; revision=11999 2004-12-10 16:50:38 +00:00			`PACL *Dacl);`

Fixed token type initialization. svn path=/trunk/; revision=2998 2002-06-04 13:44:06 +00:00			`VOID SepInitializeTokenImplementation(VOID);`

ntoskrnl/ps/process.c * Call SepCreateSystemProcessToken() when creating the initial system process. Cleanup the token during in PiDeleteProcess(). * Call SepInitializeNewProcess() during NtCreateProcess to copy the parent processes token to the new process. ntoskrnl/include/internal/se.h ntoskrnl/se/token.c * Change name of SepDuplicationToken() [which was unimplemented] to SepDuplicateToken(). Implement it. * Implement new functions (which are used by process.c) SepInitializeNewProcess() and SepCreateSystemToken(). * Correctly (I think) set Token->ImpersonationLevel in NtCreateToken(). apps/tests/tokentest/tokentest.c * Dump the current processes token. svn path=/trunk/; revision=3113 2002-06-17 22:52:32 +00:00			`NTSTATUS SepCreateSystemProcessToken(struct _EPROCESS* Process);`
			`NTSTATUS SepInitializeNewProcess(struct _EPROCESS* NewProcess,`
Fix some prototypes. svn path=/trunk/; revision=8722 2004-03-14 18:13:19 +00:00			`struct _EPROCESS* ParentProcess);`
Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00
			`NTSTATUS SeExchangePrimaryToken(struct _EPROCESS* Process,`
Reverted latest changes. svn path=/trunk/; revision=3473 2002-09-08 10:23:54 +00:00			`PACCESS_TOKEN NewToken,`
			`PACCESS_TOKEN* OldTokenP);`
Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00
- Implemented RtlAdjustPrivileges(). - Implemented NtAdjustPrivilegesToken() partially. - Fixed declaration of LUID. svn path=/trunk/; revision=4804 2003-05-31 11:10:30 +00:00			`NTSTATUS`
			`SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,`
			`ULONG PrivilegeCount,`
			`KPROCESSOR_MODE PreviousMode,`
			`PLUID_AND_ATTRIBUTES AllocatedMem,`
			`ULONG AllocatedLength,`
			`POOL_TYPE PoolType,`
			`ULONG d,`
			`PLUID_AND_ATTRIBUTES* Dest,`
			`PULONG Length);`

			`VOID`
			`SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege,`
			`KPROCESSOR_MODE PreviousMode,`
			`ULONG a);`
Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00
- Move access checks from NtAccessCheck() to SeAccessCheck(). - Check for 'take ownership' privilege. svn path=/trunk/; revision=10111 2004-07-14 14:25:31 +00:00			`BOOLEAN`
Fix my previous patch and fix ACCESS_TOKEN being declared as a structure. This is incompatible with DDK/W32API because ACCESS_TOKEN is a PVOID. The real structure is TOKEN. Also, structure has been updated. svn path=/trunk/; revision=12740 2005-01-02 23:12:40 +00:00			`SepPrivilegeCheck(PTOKEN Token,`
- Move access checks from NtAccessCheck() to SeAccessCheck(). - Check for 'take ownership' privilege. svn path=/trunk/; revision=10111 2004-07-14 14:25:31 +00:00			`PLUID_AND_ATTRIBUTES Privileges,`
			`ULONG PrivilegeCount,`
			`ULONG PrivilegeControl,`
			`KPROCESSOR_MODE PreviousMode);`

Thomas Weidenmueller <w3seek@reactos.com> - Fix various security structures and constants - Add code to capture quality of service structures and ACLs - Secure buffer access in NtQueryInformationToken, NtSetInformationToken, NtNotifyChangeDirectoryFile and NtQueryDirectoryFile svn path=/trunk/; revision=13984 2005-03-12 22:16:02 +00:00			`NTSTATUS`
			`SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,`
			`IN KPROCESSOR_MODE AccessMode,`
			`IN POOL_TYPE PoolType,`
			`IN BOOLEAN CaptureIfKernel,`
			`OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService,`
			`OUT PBOOLEAN Present);`

			`VOID`
			`SepReleaseSecurityQualityOfService(IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL,`
			`IN KPROCESSOR_MODE AccessMode,`
			`IN BOOLEAN CaptureIfKernel);`

			`NTSTATUS`
			`SepCaptureSid(IN PSID InputSid,`
			`IN KPROCESSOR_MODE AccessMode,`
			`IN POOL_TYPE PoolType,`
			`IN BOOLEAN CaptureIfKernel,`
			`OUT PSID *CapturedSid);`

			`VOID`
			`SepReleaseSid(IN PSID CapturedSid,`
			`IN KPROCESSOR_MODE AccessMode,`
			`IN BOOLEAN CaptureIfKernel);`

			`NTSTATUS`
			`SepCaptureAcl(IN PACL InputAcl,`
			`IN KPROCESSOR_MODE AccessMode,`
			`IN POOL_TYPE PoolType,`
			`IN BOOLEAN CaptureIfKernel,`
			`OUT PACL *CapturedAcl);`

			`VOID`
			`SepReleaseAcl(IN PACL CapturedAcl,`
			`IN KPROCESSOR_MODE AccessMode,`
			`IN BOOLEAN CaptureIfKernel);`

			`#define SepAcquireTokenLockExclusive(Token) \`
			`do { \`
			`KeEnterCriticalRegion(); \`
			`ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE); \`
			`while(0)`

			`#define SepAcquireTokenLockShared(Token) \`
			`do { \`
			`KeEnterCriticalRegion(); \`
			`ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE); \`
			`while(0)`

			`#define SepReleaseTokenLock(Token) \`
			`do { \`
			`ExReleaseResource(((PTOKEN)Token)->TokenLock); \`
			`KeLeaveCriticalRegion(); \`
			`while(0)`
Started security manager initialization. Some cleanup. svn path=/trunk/; revision=2637 2002-02-20 20:16:49 +00:00
			`#endif /* __NTOSKRNL_INCLUDE_INTERNAL_SE_H */`

Fixed warnings and errors so ReactOS can be compiled with GCC 3.2. Removed unused ntoskrnl/rtl/bitops.c svn path=/trunk/; revision=2908 2002-05-05 14:57:45 +00:00			`/* EOF */`