2002-02-20 20:16:49 +00:00
|
|
|
/*
|
|
|
|
* ReactOS kernel
|
|
|
|
* Copyright (C) 2002 ReactOS Team
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef __NTOSKRNL_INCLUDE_INTERNAL_SE_H
|
|
|
|
#define __NTOSKRNL_INCLUDE_INTERNAL_SE_H
|
|
|
|
|
|
|
|
|
|
|
|
extern POBJECT_TYPE SepTokenObjectType;
|
|
|
|
|
|
|
|
/* SID Authorities */
|
|
|
|
extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority;
|
|
|
|
extern SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority;
|
|
|
|
extern SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority;
|
|
|
|
extern SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority;
|
|
|
|
extern SID_IDENTIFIER_AUTHORITY SeNtSidAuthority;
|
|
|
|
|
|
|
|
/* SIDs */
|
|
|
|
extern PSID SeNullSid;
|
|
|
|
extern PSID SeWorldSid;
|
|
|
|
extern PSID SeLocalSid;
|
|
|
|
extern PSID SeCreatorOwnerSid;
|
|
|
|
extern PSID SeCreatorGroupSid;
|
|
|
|
extern PSID SeCreatorOwnerServerSid;
|
|
|
|
extern PSID SeCreatorGroupServerSid;
|
|
|
|
extern PSID SeNtAuthoritySid;
|
|
|
|
extern PSID SeDialupSid;
|
|
|
|
extern PSID SeNetworkSid;
|
|
|
|
extern PSID SeBatchSid;
|
|
|
|
extern PSID SeInteractiveSid;
|
|
|
|
extern PSID SeServiceSid;
|
|
|
|
extern PSID SeAnonymousLogonSid;
|
|
|
|
extern PSID SePrincipalSelfSid;
|
|
|
|
extern PSID SeLocalSystemSid;
|
|
|
|
extern PSID SeAuthenticatedUserSid;
|
|
|
|
extern PSID SeRestrictedCodeSid;
|
|
|
|
extern PSID SeAliasAdminsSid;
|
|
|
|
extern PSID SeAliasUsersSid;
|
|
|
|
extern PSID SeAliasGuestsSid;
|
|
|
|
extern PSID SeAliasPowerUsersSid;
|
|
|
|
extern PSID SeAliasAccountOpsSid;
|
|
|
|
extern PSID SeAliasSystemOpsSid;
|
|
|
|
extern PSID SeAliasPrintOpsSid;
|
|
|
|
extern PSID SeAliasBackupOpsSid;
|
|
|
|
|
|
|
|
/* Privileges */
|
|
|
|
extern LUID SeCreateTokenPrivilege;
|
|
|
|
extern LUID SeAssignPrimaryTokenPrivilege;
|
|
|
|
extern LUID SeLockMemoryPrivilege;
|
|
|
|
extern LUID SeIncreaseQuotaPrivilege;
|
|
|
|
extern LUID SeUnsolicitedInputPrivilege;
|
|
|
|
extern LUID SeTcbPrivilege;
|
|
|
|
extern LUID SeSecurityPrivilege;
|
|
|
|
extern LUID SeTakeOwnershipPrivilege;
|
|
|
|
extern LUID SeLoadDriverPrivilege;
|
|
|
|
extern LUID SeCreatePagefilePrivilege;
|
|
|
|
extern LUID SeIncreaseBasePriorityPrivilege;
|
|
|
|
extern LUID SeSystemProfilePrivilege;
|
|
|
|
extern LUID SeSystemtimePrivilege;
|
|
|
|
extern LUID SeProfileSingleProcessPrivilege;
|
|
|
|
extern LUID SeCreatePermanentPrivilege;
|
|
|
|
extern LUID SeBackupPrivilege;
|
|
|
|
extern LUID SeRestorePrivilege;
|
|
|
|
extern LUID SeShutdownPrivilege;
|
|
|
|
extern LUID SeDebugPrivilege;
|
|
|
|
extern LUID SeAuditPrivilege;
|
|
|
|
extern LUID SeSystemEnvironmentPrivilege;
|
|
|
|
extern LUID SeChangeNotifyPrivilege;
|
|
|
|
extern LUID SeRemoteShutdownPrivilege;
|
|
|
|
|
|
|
|
/* DACLs */
|
|
|
|
extern PACL SePublicDefaultUnrestrictedDacl;
|
|
|
|
extern PACL SePublicOpenDacl;
|
|
|
|
extern PACL SePublicOpenUnrestrictedDacl;
|
|
|
|
extern PACL SeUnrestrictedDacl;
|
|
|
|
|
2003-02-15 22:29:45 +00:00
|
|
|
/* SDs */
|
|
|
|
extern PSECURITY_DESCRIPTOR SePublicDefaultSd;
|
|
|
|
extern PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd;
|
|
|
|
extern PSECURITY_DESCRIPTOR SePublicOpenSd;
|
|
|
|
extern PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd;
|
|
|
|
extern PSECURITY_DESCRIPTOR SeSystemDefaultSd;
|
|
|
|
extern PSECURITY_DESCRIPTOR SeUnrestrictedSd;
|
|
|
|
|
2002-02-20 20:16:49 +00:00
|
|
|
|
|
|
|
/* Functions */
|
|
|
|
|
|
|
|
BOOLEAN SeInit1(VOID);
|
|
|
|
BOOLEAN SeInit2(VOID);
|
2003-02-15 22:29:45 +00:00
|
|
|
BOOLEAN SeInitSRM(VOID);
|
2002-02-20 20:16:49 +00:00
|
|
|
|
|
|
|
VOID SepInitLuid(VOID);
|
|
|
|
VOID SepInitPrivileges(VOID);
|
|
|
|
BOOLEAN SepInitSecurityIDs(VOID);
|
|
|
|
BOOLEAN SepInitDACLs(VOID);
|
|
|
|
BOOLEAN SepInitSDs(VOID);
|
|
|
|
|
2004-12-10 16:50:38 +00:00
|
|
|
NTSTATUS STDCALL
|
2005-01-02 23:12:40 +00:00
|
|
|
SepCreateImpersonationTokenDacl(PTOKEN Token,
|
|
|
|
PTOKEN PrimaryToken,
|
2004-12-10 16:50:38 +00:00
|
|
|
PACL *Dacl);
|
|
|
|
|
2002-06-04 13:44:06 +00:00
|
|
|
VOID SepInitializeTokenImplementation(VOID);
|
|
|
|
|
2002-06-17 22:52:32 +00:00
|
|
|
NTSTATUS SepCreateSystemProcessToken(struct _EPROCESS* Process);
|
|
|
|
NTSTATUS SepInitializeNewProcess(struct _EPROCESS* NewProcess,
|
2004-03-14 18:13:19 +00:00
|
|
|
struct _EPROCESS* ParentProcess);
|
2002-02-20 20:16:49 +00:00
|
|
|
|
|
|
|
NTSTATUS SeExchangePrimaryToken(struct _EPROCESS* Process,
|
2002-09-08 10:23:54 +00:00
|
|
|
PACCESS_TOKEN NewToken,
|
|
|
|
PACCESS_TOKEN* OldTokenP);
|
2002-02-20 20:16:49 +00:00
|
|
|
|
2003-05-31 11:10:30 +00:00
|
|
|
NTSTATUS
|
|
|
|
SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
|
|
|
|
ULONG PrivilegeCount,
|
|
|
|
KPROCESSOR_MODE PreviousMode,
|
|
|
|
PLUID_AND_ATTRIBUTES AllocatedMem,
|
|
|
|
ULONG AllocatedLength,
|
|
|
|
POOL_TYPE PoolType,
|
|
|
|
ULONG d,
|
|
|
|
PLUID_AND_ATTRIBUTES* Dest,
|
|
|
|
PULONG Length);
|
|
|
|
|
|
|
|
VOID
|
|
|
|
SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege,
|
|
|
|
KPROCESSOR_MODE PreviousMode,
|
|
|
|
ULONG a);
|
2002-02-20 20:16:49 +00:00
|
|
|
|
2004-07-14 14:25:31 +00:00
|
|
|
BOOLEAN
|
2005-01-02 23:12:40 +00:00
|
|
|
SepPrivilegeCheck(PTOKEN Token,
|
2004-07-14 14:25:31 +00:00
|
|
|
PLUID_AND_ATTRIBUTES Privileges,
|
|
|
|
ULONG PrivilegeCount,
|
|
|
|
ULONG PrivilegeControl,
|
|
|
|
KPROCESSOR_MODE PreviousMode);
|
|
|
|
|
2005-03-12 22:16:02 +00:00
|
|
|
NTSTATUS
|
|
|
|
SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
|
|
|
|
IN KPROCESSOR_MODE AccessMode,
|
|
|
|
IN POOL_TYPE PoolType,
|
|
|
|
IN BOOLEAN CaptureIfKernel,
|
|
|
|
OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService,
|
|
|
|
OUT PBOOLEAN Present);
|
|
|
|
|
|
|
|
VOID
|
|
|
|
SepReleaseSecurityQualityOfService(IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL,
|
|
|
|
IN KPROCESSOR_MODE AccessMode,
|
|
|
|
IN BOOLEAN CaptureIfKernel);
|
|
|
|
|
|
|
|
NTSTATUS
|
|
|
|
SepCaptureSid(IN PSID InputSid,
|
|
|
|
IN KPROCESSOR_MODE AccessMode,
|
|
|
|
IN POOL_TYPE PoolType,
|
|
|
|
IN BOOLEAN CaptureIfKernel,
|
|
|
|
OUT PSID *CapturedSid);
|
|
|
|
|
|
|
|
VOID
|
|
|
|
SepReleaseSid(IN PSID CapturedSid,
|
|
|
|
IN KPROCESSOR_MODE AccessMode,
|
|
|
|
IN BOOLEAN CaptureIfKernel);
|
|
|
|
|
|
|
|
NTSTATUS
|
|
|
|
SepCaptureAcl(IN PACL InputAcl,
|
|
|
|
IN KPROCESSOR_MODE AccessMode,
|
|
|
|
IN POOL_TYPE PoolType,
|
|
|
|
IN BOOLEAN CaptureIfKernel,
|
|
|
|
OUT PACL *CapturedAcl);
|
|
|
|
|
|
|
|
VOID
|
|
|
|
SepReleaseAcl(IN PACL CapturedAcl,
|
|
|
|
IN KPROCESSOR_MODE AccessMode,
|
|
|
|
IN BOOLEAN CaptureIfKernel);
|
|
|
|
|
|
|
|
#define SepAcquireTokenLockExclusive(Token) \
|
|
|
|
do { \
|
|
|
|
KeEnterCriticalRegion(); \
|
|
|
|
ExAcquireResourceExclusive(((PTOKEN)Token)->TokenLock, TRUE); \
|
|
|
|
while(0)
|
|
|
|
|
|
|
|
#define SepAcquireTokenLockShared(Token) \
|
|
|
|
do { \
|
|
|
|
KeEnterCriticalRegion(); \
|
|
|
|
ExAcquireResourceShared(((PTOKEN)Token)->TokenLock, TRUE); \
|
|
|
|
while(0)
|
|
|
|
|
|
|
|
#define SepReleaseTokenLock(Token) \
|
|
|
|
do { \
|
|
|
|
ExReleaseResource(((PTOKEN)Token)->TokenLock); \
|
|
|
|
KeLeaveCriticalRegion(); \
|
|
|
|
while(0)
|
2002-02-20 20:16:49 +00:00
|
|
|
|
|
|
|
#endif /* __NTOSKRNL_INCLUDE_INTERNAL_SE_H */
|
|
|
|
|
2002-05-05 14:57:45 +00:00
|
|
|
/* EOF */
|