2005-09-30 21:28:29 +00:00
|
|
|
/*
|
|
|
|
* authz.h
|
|
|
|
*
|
|
|
|
* Authorization Framework
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS NOT COPYRIGHTED
|
|
|
|
*
|
|
|
|
* This source code is offered for use in the public domain. You may
|
|
|
|
* use, modify or distribute it freely.
|
|
|
|
*
|
|
|
|
* This code is distributed in the hope that it will be useful but
|
|
|
|
* WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
|
|
|
|
* DISCLAIMED. This includes but is not limited to warranties of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
#ifndef __AUTHZ_H
|
|
|
|
#define __AUTHZ_H
|
|
|
|
|
|
|
|
#if !defined(_AUTHZ_)
|
|
|
|
#define AUTHZAPI DECLSPEC_IMPORT
|
|
|
|
#else
|
2009-08-20 13:45:01 +00:00
|
|
|
#define AUTHZAPI
|
2005-09-30 21:28:29 +00:00
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef __cplusplus
|
|
|
|
extern "C" {
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#define AUTHZ_ACCESS_CHECK_NO_DEEP_COPY_SD 0x1
|
|
|
|
|
|
|
|
#define AUTHZ_GENERATE_SUCCESS_AUDIT 0x1
|
|
|
|
#define AUTHZ_GENERATE_FAILURE_AUDIT 0x2
|
|
|
|
|
|
|
|
#define AUTHZ_SKIP_TOKEN_GROUPS 0x2
|
|
|
|
#define AUTHZ_REQUIRE_S4U_LOGON 0x4
|
|
|
|
|
|
|
|
#define AUTHZ_NO_SUCCESS_AUDIT 0x1
|
|
|
|
#define AUTHZ_NO_FAILURE_AUDIT 0x2
|
|
|
|
#define AUTHZ_NO_ALLOC_STRINGS 0x4
|
|
|
|
|
|
|
|
#define AUTHZ_RM_FLAG_NO_AUDIT 0x1
|
|
|
|
#define AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION 0x2
|
|
|
|
|
|
|
|
typedef HANDLE AUTHZ_CLIENT_CONTEXT_HANDLE, *PAUTHZ_CLIENT_CONTEXT_HANDLE;
|
|
|
|
typedef HANDLE AUTHZ_AUDIT_INFO_HANDLE, *PAUTHZ_AUDIT_INFO_HANDLE;
|
|
|
|
typedef HANDLE AUTHZ_AUDIT_EVENT_HANDLE, *PAUTHZ_AUDIT_EVENT_HANDLE;
|
|
|
|
typedef HANDLE AUTHZ_AUDIT_EVENT_TYPE_HANDLE, *PAUTHZ_AUDIT_EVENT_TYPE_HANDLE;
|
|
|
|
typedef HANDLE AUTHZ_ACCESS_CHECK_RESULTS_HANDLE, *PAUTHZ_ACCESS_CHECK_RESULTS_HANDLE;
|
|
|
|
typedef HANDLE AUTHZ_RESOURCE_MANAGER_HANDLE, *PAUTHZ_RESOURCE_MANAGER_HANDLE;
|
|
|
|
typedef HANDLE AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE, *PAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE;
|
|
|
|
|
|
|
|
#if !defined(_ADTGEN_H)
|
|
|
|
/* FIXME - AUDIT_PARAMS is defined in adtgen.h!!!!! */
|
|
|
|
typedef PVOID PAUDIT_PARAMS;
|
|
|
|
#endif
|
|
|
|
|
|
|
|
typedef enum _AUTHZ_CONTEXT_INFORMATION_CLASS
|
|
|
|
{
|
|
|
|
AuthzContextInfoUserSid = 1,
|
|
|
|
AuthzContextInfoGroupsSids,
|
|
|
|
AuthzContextInfoRestrictedSids,
|
|
|
|
AuthzContextInfoPrivileges,
|
|
|
|
AuthzContextInfoExpirationTime,
|
|
|
|
AuthzContextInfoServerContext,
|
|
|
|
AuthzContextInfoIdentifier,
|
|
|
|
AuthzContextInfoSource,
|
|
|
|
AuthzContextInfoAll,
|
|
|
|
AuthzContextInfoAuthenticationId
|
|
|
|
} AUTHZ_CONTEXT_INFORMATION_CLASS, *PAUTHZ_CONTEXT_INFORMATION_CLASS;
|
|
|
|
|
|
|
|
typedef struct _AUTHZ_ACCESS_REQUEST
|
|
|
|
{
|
|
|
|
ACCESS_MASK DesiredAccess;
|
|
|
|
PSID PrincipalSelfSid;
|
|
|
|
POBJECT_TYPE_LIST ObjectTypeList;
|
|
|
|
DWORD ObjectTypeListLength;
|
|
|
|
PVOID OptionalArguments;
|
|
|
|
} AUTHZ_ACCESS_REQUEST, *PAUTHZ_ACCESS_REQUEST;
|
|
|
|
|
|
|
|
typedef struct _AUTHZ_ACCESS_REPLY
|
|
|
|
{
|
|
|
|
DWORD ResultListLength;
|
|
|
|
PACCESS_MASK GrantedAccessMask;
|
|
|
|
PDWORD SaclEvaluationResults;
|
2006-06-23 16:30:22 +00:00
|
|
|
PDWORD Error;
|
2005-09-30 21:28:29 +00:00
|
|
|
} AUTHZ_ACCESS_REPLY, *PAUTHZ_ACCESS_REPLY;
|
|
|
|
|
|
|
|
typedef struct _AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET
|
|
|
|
{
|
|
|
|
PWSTR szObjectTypeName;
|
|
|
|
DWORD dwOffset;
|
|
|
|
} AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET, *PAUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET;
|
|
|
|
|
|
|
|
typedef struct _AUTHZ_SOURCE_SCHEMA_REGISTRATION
|
|
|
|
{
|
|
|
|
DWORD dwFlags;
|
|
|
|
PWSTR szEventSourceName;
|
|
|
|
PWSTR szEventMessageFile;
|
|
|
|
PWSTR szEventSourceXmlSchemaFile;
|
|
|
|
PWSTR szEventAccessStringsFile;
|
|
|
|
PWSTR szExecutableImagePath;
|
|
|
|
PVOID pReserved;
|
|
|
|
DWORD dwObjectTypeNameCount;
|
|
|
|
AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET ObjectTypeNames[ANYSIZE_ARRAY];
|
|
|
|
} AUTHZ_SOURCE_SCHEMA_REGISTRATION, *PAUTHZ_SOURCE_SCHEMA_REGISTRATION;
|
|
|
|
|
|
|
|
typedef BOOL (CALLBACK *PFN_AUTHZ_DYNAMIC_ACCESS_CHECK)(IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
|
|
|
|
IN PACE_HEADER pAce,
|
|
|
|
IN PVOID pArgs OPTIONAL,
|
|
|
|
IN OUT PBOOL pbAceApplicable);
|
|
|
|
|
|
|
|
typedef BOOL (CALLBACK *PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS)(IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
|
|
|
|
IN PVOID Args,
|
|
|
|
OUT PSID_AND_ATTRIBUTES* pSidAttrArray,
|
|
|
|
OUT PDWORD pSidCount,
|
|
|
|
OUT PSID_AND_ATTRIBUTES* pRestrictedSidAttrArray,
|
|
|
|
OUT PDWORD pRestrictedSidCount);
|
|
|
|
|
|
|
|
typedef VOID (CALLBACK *PFN_AUTHZ_FREE_DYNAMIC_GROUPS)(IN PSID_AND_ATTRIBUTES pSidAttrArray);
|
|
|
|
|
|
|
|
AUTHZAPI
|
|
|
|
BOOL
|
|
|
|
WINAPI
|
|
|
|
AuthzAccessCheck(IN DWORD flags,
|
|
|
|
IN AUTHZ_CLIENT_CONTEXT_HANDLE AuthzClientContext,
|
|
|
|
IN PAUTHZ_ACCESS_REQUEST pRequest,
|
|
|
|
IN AUTHZ_AUDIT_INFO_HANDLE AuditInfo,
|
|
|
|
IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
|
|
|
|
IN PSECURITY_DESCRIPTOR* OptionalSecurityDescriptorArray,
|
|
|
|
IN DWORD OptionalSecurityDescriptorCount OPTIONAL,
|
|
|
|
IN OUT PAUTHZ_ACCESS_REPLY pReply,
|
|
|
|
OUT PAUTHZ_ACCESS_CHECK_RESULTS_HANDLE pAuthzHandle);
|
|
|
|
|
|
|
|
AUTHZAPI
|
|
|
|
BOOL
|
|
|
|
WINAPI
|
|
|
|
AuthzAddSidsToContext(IN AUTHZ_CLIENT_CONTEXT_HANDLE OrigClientContext,
|
|
|
|
IN PSID_AND_ATTRIBUTES Sids,
|
|
|
|
IN DWORD SidCount,
|
|
|
|
IN PSID_AND_ATTRIBUTES RestrictedSids,
|
|
|
|
IN DWORD RestrictedSidCount,
|
|
|
|
OUT PAUTHZ_CLIENT_CONTEXT_HANDLE pNewClientContext);
|
|
|
|
|
|
|
|
AUTHZAPI
|
|
|
|
BOOL
|
|
|
|
WINAPI
|
|
|
|
AuthzCachedAccessCheck(IN DWORD Flags,
|
|
|
|
IN AUTHZ_ACCESS_CHECK_RESULTS_HANDLE AuthzHandle,
|
|
|
|
IN PAUTHZ_ACCESS_REQUEST pRequest,
|
|
|
|
IN AUTHZ_AUDIT_EVENT_HANDLE AuditInfo,
|
|
|
|
OUT PAUTHZ_ACCESS_REPLY pReply);
|
|
|
|
|
|
|
|
AUTHZAPI
|
|
|
|
BOOL
|
|
|
|
WINAPI
|
|
|
|
AuthzEnumerateSecurityEventSources(IN DWORD dwFlags,
|
|
|
|
OUT PAUTHZ_SOURCE_SCHEMA_REGISTRATION Buffer,
|
|
|
|
OUT PDWORD pdwCount,
|
|
|
|
IN OUT PDWORD pdwLength);
|
|
|
|
|
|
|
|
AUTHZAPI
|
|
|
|
BOOL
|
|
|
|
WINAPI
|
|
|
|
AuthzFreeAuditEvent(IN AUTHZ_AUDIT_EVENT_HANDLE pAuditEventInfo);
|
|
|
|
|
|
|
|
AUTHZAPI
|
|
|
|
BOOL
|
|
|
|
WINAPI
|
|
|
|
AuthzFreeContext(IN AUTHZ_CLIENT_CONTEXT_HANDLE AuthzClientContext);
|
|
|
|
|
|
|
|
AUTHZAPI
|
|
|
|
BOOL
|
|
|
|
WINAPI
|
|
|
|
AuthzFreeHandle(IN AUTHZ_ACCESS_CHECK_RESULTS_HANDLE AuthzHandle);
|
|
|
|
|
|
|
|
AUTHZAPI
|
|
|
|
BOOL
|
|
|
|
WINAPI
|
|
|
|
AuthzFreeResourceManager(IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager);
|
|
|
|
|
|
|
|
AUTHZAPI
|
|
|
|
BOOL
|
|
|
|
WINAPI
|
|
|
|
AuthzGetInformationFromContext(IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
|
|
|
|
IN AUTHZ_CONTEXT_INFORMATION_CLASS InfoClass,
|
|
|
|
IN DWORD BufferSize,
|
|
|
|
OUT PDWORD pSizeRequired,
|
|
|
|
OUT PVOID Buffer);
|
|
|
|
|
|
|
|
AUTHZAPI
|
|
|
|
BOOL
|
|
|
|
WINAPI
|
|
|
|
AuthzInitializeContextFromAuthzContext(IN DWORD flags,
|
|
|
|
IN AUTHZ_CLIENT_CONTEXT_HANDLE AuthzHandle,
|
|
|
|
IN PLARGE_INTEGER ExpirationTime,
|
|
|
|
IN LUID Identifier,
|
|
|
|
IN PVOID DynamicGroupArgs,
|
|
|
|
OUT PAUTHZ_CLIENT_CONTEXT_HANDLE phNewAuthzHandle);
|
|
|
|
|
|
|
|
AUTHZAPI
|
|
|
|
BOOL
|
|
|
|
WINAPI
|
|
|
|
AuthzInitializeContextFromSid(IN DWORD Flags,
|
|
|
|
IN PSID UserSid,
|
|
|
|
IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager,
|
|
|
|
IN PLARGE_INTEGER pExpirationTime,
|
|
|
|
IN LUID Identifier,
|
|
|
|
IN PVOID DynamicGroupArgs,
|
|
|
|
OUT PAUTHZ_CLIENT_CONTEXT_HANDLE pAuthzClientContext);
|
|
|
|
|
|
|
|
AUTHZAPI
|
|
|
|
BOOL
|
|
|
|
WINAPI
|
|
|
|
AuthzInitializeContextFromToken(IN DWORD Flags,
|
|
|
|
IN HANDLE TokenHandle,
|
|
|
|
IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager,
|
|
|
|
IN PLARGE_INTEGER pExpirationTime,
|
|
|
|
IN LUID Identifier,
|
|
|
|
IN PVOID DynamicGroupArgs,
|
|
|
|
OUT PAUTHZ_CLIENT_CONTEXT_HANDLE pAuthzClientContext);
|
|
|
|
|
|
|
|
AUTHZAPI
|
|
|
|
BOOL
|
2010-10-13 14:30:49 +00:00
|
|
|
WINAPIV
|
2005-09-30 21:28:29 +00:00
|
|
|
AuthzInitializeObjectAccessAuditEvent(IN DWORD Flags,
|
|
|
|
IN AUTHZ_AUDIT_EVENT_TYPE_HANDLE hAuditEventType,
|
|
|
|
IN PWSTR szOperationType,
|
|
|
|
IN PWSTR szObjectType,
|
|
|
|
IN PWSTR szObjectName,
|
|
|
|
IN PWSTR szAdditionalInfo,
|
|
|
|
OUT PAUTHZ_AUDIT_EVENT_HANDLE phAuditEvent,
|
2010-10-13 14:54:37 +00:00
|
|
|
IN DWORD dwAdditionalParameterCount,
|
|
|
|
...);
|
2005-09-30 21:28:29 +00:00
|
|
|
|
|
|
|
AUTHZAPI
|
|
|
|
BOOL
|
2010-10-13 14:30:49 +00:00
|
|
|
WINAPIV
|
2005-09-30 21:28:29 +00:00
|
|
|
AuthzInitializeObjectAccessAuditEvent2(IN DWORD Flags,
|
|
|
|
IN AUTHZ_AUDIT_EVENT_TYPE_HANDLE hAuditEventType,
|
|
|
|
IN PWSTR szOperationType,
|
|
|
|
IN PWSTR szObjectType,
|
|
|
|
IN PWSTR szObjectName,
|
|
|
|
IN PWSTR szAdditionalInfo,
|
|
|
|
IN PWSTR szAdditionalInfo2,
|
|
|
|
OUT PAUTHZ_AUDIT_EVENT_HANDLE phAuditEvent,
|
2010-10-13 14:54:37 +00:00
|
|
|
IN DWORD dwAdditionalParameterCount,
|
|
|
|
...);
|
2005-09-30 21:28:29 +00:00
|
|
|
|
|
|
|
AUTHZAPI
|
|
|
|
BOOL
|
|
|
|
WINAPI
|
|
|
|
AuthzInitializeResourceManager(IN DWORD flags,
|
|
|
|
IN PFN_AUTHZ_DYNAMIC_ACCESS_CHECK pfnAccessCheck,
|
|
|
|
IN PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS pfnComputeDynamicGroups,
|
|
|
|
IN PFN_AUTHZ_FREE_DYNAMIC_GROUPS pfnFreeDynamicGroups,
|
|
|
|
IN PCWSTR ResourceManagerName,
|
|
|
|
IN PAUTHZ_RESOURCE_MANAGER_HANDLE pAuthzResourceManager);
|
|
|
|
|
|
|
|
AUTHZAPI
|
|
|
|
BOOL
|
|
|
|
WINAPI
|
|
|
|
AuthzInstallSecurityEventSource(IN DWORD dwFlags,
|
|
|
|
IN PAUTHZ_SOURCE_SCHEMA_REGISTRATION pRegistration);
|
|
|
|
|
|
|
|
AUTHZAPI
|
|
|
|
BOOL
|
|
|
|
WINAPI
|
|
|
|
AuthzOpenObjectAudit(IN DWORD Flags,
|
|
|
|
IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
|
|
|
|
IN PAUTHZ_ACCESS_REQUEST pRequest,
|
|
|
|
IN AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent,
|
|
|
|
IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
|
|
|
|
IN PSECURITY_DESCRIPTOR* SecurityDescriptorArray,
|
|
|
|
IN DWORD SecurityDescriptorCount,
|
|
|
|
OUT PAUTHZ_ACCESS_REPLY pReply);
|
|
|
|
|
|
|
|
AUTHZAPI
|
|
|
|
BOOL
|
|
|
|
WINAPI
|
|
|
|
AuthzRegisterSecurityEventSource(IN DWORD dwFlags,
|
|
|
|
IN PCWSTR szEventSourceName,
|
|
|
|
IN PAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE phEventProvider);
|
|
|
|
|
|
|
|
AUTHZAPI
|
|
|
|
BOOL
|
2010-10-13 14:30:49 +00:00
|
|
|
WINAPIV
|
2005-09-30 21:28:29 +00:00
|
|
|
AuthzReportSecurityEvent(IN DWORD dwFlags,
|
|
|
|
IN AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE hEventProvider,
|
|
|
|
IN DWORD dwAuditId,
|
|
|
|
IN PSID pUserSid OPTIONAL,
|
|
|
|
IN DWORD dwCount,
|
|
|
|
...);
|
|
|
|
|
|
|
|
AUTHZAPI
|
|
|
|
BOOL
|
|
|
|
WINAPI
|
|
|
|
AuthzReportSecurityEventFromParams(IN DWORD dwFlags,
|
|
|
|
IN AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE hEventProvider,
|
|
|
|
IN DWORD dwAuditId,
|
|
|
|
IN PSID pUserSid OPTIONAL,
|
|
|
|
IN PAUDIT_PARAMS pParams);
|
|
|
|
|
|
|
|
AUTHZAPI
|
|
|
|
BOOL
|
|
|
|
WINAPI
|
|
|
|
AuthzUninstallSecurityEventSource(IN DWORD dwFlags,
|
|
|
|
IN PWSTR szEventSourceName);
|
|
|
|
|
|
|
|
AUTHZAPI
|
|
|
|
BOOL
|
|
|
|
WINAPI
|
|
|
|
AuthzUnregisterSecurityEventSource(IN DWORD dwFlags,
|
|
|
|
IN OUT PAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE phEventProvider);
|
|
|
|
|
|
|
|
#ifdef __cplusplus
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
#endif /* __AUTHZ_H */
|