[NTOS:SE] Annotate the remaining functions with SAL

This commit is contained in:
George Bișoc 2021-08-20 11:48:19 +02:00
parent 6413009c10
commit 8567d8145e
No known key found for this signature in database
GPG key ID: 688C4FBE25D7DEF6
12 changed files with 604 additions and 568 deletions

View file

@ -36,7 +36,8 @@ typedef struct _TOKEN_AUDIT_POLICY_INFORMATION
FORCEINLINE
PSID
SepGetGroupFromDescriptor(PVOID _Descriptor)
SepGetGroupFromDescriptor(
_Inout_ PVOID _Descriptor)
{
PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
PISECURITY_DESCRIPTOR_RELATIVE SdRel;
@ -55,7 +56,8 @@ SepGetGroupFromDescriptor(PVOID _Descriptor)
FORCEINLINE
PSID
SepGetOwnerFromDescriptor(PVOID _Descriptor)
SepGetOwnerFromDescriptor(
_Inout_ PVOID _Descriptor)
{
PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
PISECURITY_DESCRIPTOR_RELATIVE SdRel;
@ -74,7 +76,8 @@ SepGetOwnerFromDescriptor(PVOID _Descriptor)
FORCEINLINE
PACL
SepGetDaclFromDescriptor(PVOID _Descriptor)
SepGetDaclFromDescriptor(
_Inout_ PVOID _Descriptor)
{
PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
PISECURITY_DESCRIPTOR_RELATIVE SdRel;
@ -95,7 +98,8 @@ SepGetDaclFromDescriptor(PVOID _Descriptor)
FORCEINLINE
PACL
SepGetSaclFromDescriptor(PVOID _Descriptor)
SepGetSaclFromDescriptor(
_Inout_ PVOID _Descriptor)
{
PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
PISECURITY_DESCRIPTOR_RELATIVE SdRel;
@ -236,27 +240,24 @@ extern PTOKEN SeAnonymousLogonTokenNoEveryone;
BOOLEAN
NTAPI
SepTokenIsOwner(
IN PACCESS_TOKEN _Token,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN BOOLEAN TokenLocked
);
_In_ PACCESS_TOKEN _Token,
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_In_ BOOLEAN TokenLocked);
BOOLEAN
NTAPI
SepSidInToken(
IN PACCESS_TOKEN _Token,
IN PSID Sid
);
_In_ PACCESS_TOKEN _Token,
_In_ PSID Sid);
BOOLEAN
NTAPI
SepSidInTokenEx(
IN PACCESS_TOKEN _Token,
IN PSID PrincipalSelfSid,
IN PSID _Sid,
IN BOOLEAN Deny,
IN BOOLEAN Restricted
);
_In_ PACCESS_TOKEN _Token,
_In_ PSID PrincipalSelfSid,
_In_ PSID _Sid,
_In_ BOOLEAN Deny,
_In_ BOOLEAN Restricted);
BOOLEAN
NTAPI
@ -301,69 +302,62 @@ SeRmInitPhase1(VOID);
VOID
NTAPI
SeDeassignPrimaryToken(struct _EPROCESS *Process);
SeDeassignPrimaryToken(
_Inout_ PEPROCESS Process);
NTSTATUS
NTAPI
SeSubProcessToken(
IN PTOKEN Parent,
OUT PTOKEN *Token,
IN BOOLEAN InUse,
IN ULONG SessionId
);
_In_ PTOKEN Parent,
_Out_ PTOKEN *Token,
_In_ BOOLEAN InUse,
_In_ ULONG SessionId);
NTSTATUS
NTAPI
SeInitializeProcessAuditName(
IN PFILE_OBJECT FileObject,
IN BOOLEAN DoAudit,
OUT POBJECT_NAME_INFORMATION *AuditInfo
);
_In_ PFILE_OBJECT FileObject,
_In_ BOOLEAN DoAudit,
_Out_ POBJECT_NAME_INFORMATION *AuditInfo);
NTSTATUS
NTAPI
SeCreateAccessStateEx(
IN PETHREAD Thread,
IN PEPROCESS Process,
IN OUT PACCESS_STATE AccessState,
IN PAUX_ACCESS_DATA AuxData,
IN ACCESS_MASK Access,
IN PGENERIC_MAPPING GenericMapping
);
_In_ PETHREAD Thread,
_In_ PEPROCESS Process,
_In_ OUT PACCESS_STATE AccessState,
_In_ PAUX_ACCESS_DATA AuxData,
_In_ ACCESS_MASK Access,
_In_ PGENERIC_MAPPING GenericMapping);
NTSTATUS
NTAPI
SeIsTokenChild(
IN PTOKEN Token,
OUT PBOOLEAN IsChild
);
_In_ PTOKEN Token,
_Out_ PBOOLEAN IsChild);
NTSTATUS
NTAPI
SeIsTokenSibling(
IN PTOKEN Token,
OUT PBOOLEAN IsSibling
);
_In_ PTOKEN Token,
_Out_ PBOOLEAN IsSibling);
NTSTATUS
NTAPI
SepCreateImpersonationTokenDacl(
_In_ PTOKEN Token,
_In_ PTOKEN PrimaryToken,
_Out_ PACL* Dacl
);
_Out_ PACL* Dacl);
NTSTATUS
NTAPI
SepRmInsertLogonSessionIntoToken(
_Inout_ PTOKEN Token
);
_Inout_ PTOKEN Token);
NTSTATUS
NTAPI
SepRmRemoveLogonSessionFromToken(
_Inout_ PTOKEN Token
);
_Inout_ PTOKEN Token);
CODE_SEG("INIT")
VOID
@ -385,63 +379,61 @@ SepCreateSystemAnonymousLogonTokenNoEveryone(VOID);
BOOLEAN
NTAPI
SeDetailedAuditingWithToken(IN PTOKEN Token);
SeDetailedAuditingWithToken(
_In_ PTOKEN Token);
VOID
NTAPI
SeAuditProcessExit(IN PEPROCESS Process);
SeAuditProcessExit(
_In_ PEPROCESS Process);
VOID
NTAPI
SeAuditProcessCreate(IN PEPROCESS Process);
SeAuditProcessCreate(
_In_ PEPROCESS Process);
NTSTATUS
NTAPI
SeExchangePrimaryToken(
_In_ PEPROCESS Process,
_In_ PACCESS_TOKEN NewAccessToken,
_Out_ PACCESS_TOKEN* OldAccessToken
);
_Out_ PACCESS_TOKEN* OldAccessToken);
VOID
NTAPI
SeCaptureSubjectContextEx(
IN PETHREAD Thread,
IN PEPROCESS Process,
OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
);
_In_ PETHREAD Thread,
_In_ PEPROCESS Process,
_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext);
NTSTATUS
NTAPI
SeCaptureLuidAndAttributesArray(
PLUID_AND_ATTRIBUTES Src,
ULONG PrivilegeCount,
KPROCESSOR_MODE PreviousMode,
PLUID_AND_ATTRIBUTES AllocatedMem,
ULONG AllocatedLength,
POOL_TYPE PoolType,
BOOLEAN CaptureIfKernel,
PLUID_AND_ATTRIBUTES* Dest,
PULONG Length
);
_In_ PLUID_AND_ATTRIBUTES Src,
_In_ ULONG PrivilegeCount,
_In_ KPROCESSOR_MODE PreviousMode,
_In_ PLUID_AND_ATTRIBUTES AllocatedMem,
_In_ ULONG AllocatedLength,
_In_ POOL_TYPE PoolType,
_In_ BOOLEAN CaptureIfKernel,
_Out_ PLUID_AND_ATTRIBUTES* Dest,
_Inout_ PULONG Length);
VOID
NTAPI
SeReleaseLuidAndAttributesArray(
PLUID_AND_ATTRIBUTES Privilege,
KPROCESSOR_MODE PreviousMode,
BOOLEAN CaptureIfKernel
);
_In_ PLUID_AND_ATTRIBUTES Privilege,
_In_ KPROCESSOR_MODE PreviousMode,
_In_ BOOLEAN CaptureIfKernel);
BOOLEAN
NTAPI
SepPrivilegeCheck(
PTOKEN Token,
PLUID_AND_ATTRIBUTES Privileges,
ULONG PrivilegeCount,
ULONG PrivilegeControl,
KPROCESSOR_MODE PreviousMode
);
_In_ PTOKEN Token,
_In_ PLUID_AND_ATTRIBUTES Privileges,
_In_ ULONG PrivilegeCount,
_In_ ULONG PrivilegeControl,
_In_ KPROCESSOR_MODE PreviousMode);
NTSTATUS
NTAPI
@ -456,11 +448,10 @@ SePrivilegePolicyCheck(
BOOLEAN
NTAPI
SeCheckPrivilegedObject(
IN LUID PrivilegeValue,
IN HANDLE ObjectHandle,
IN ACCESS_MASK DesiredAccess,
IN KPROCESSOR_MODE PreviousMode
);
_In_ LUID PrivilegeValue,
_In_ HANDLE ObjectHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ KPROCESSOR_MODE PreviousMode);
NTSTATUS
NTAPI
@ -471,8 +462,7 @@ SepDuplicateToken(
_In_ TOKEN_TYPE TokenType,
_In_ SECURITY_IMPERSONATION_LEVEL Level,
_In_ KPROCESSOR_MODE PreviousMode,
_Out_ PTOKEN* NewAccessToken
);
_Out_ PTOKEN* NewAccessToken);
NTSTATUS
NTAPI
@ -482,34 +472,30 @@ SepCaptureSecurityQualityOfService(
_In_ POOL_TYPE PoolType,
_In_ BOOLEAN CaptureIfKernel,
_Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService,
_Out_ PBOOLEAN Present
);
_Out_ PBOOLEAN Present);
VOID
NTAPI
SepReleaseSecurityQualityOfService(
_In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService,
_In_ KPROCESSOR_MODE AccessMode,
_In_ BOOLEAN CaptureIfKernel
);
_In_ BOOLEAN CaptureIfKernel);
NTSTATUS
NTAPI
SepCaptureSid(
IN PSID InputSid,
IN KPROCESSOR_MODE AccessMode,
IN POOL_TYPE PoolType,
IN BOOLEAN CaptureIfKernel,
OUT PSID *CapturedSid
);
_In_ PSID InputSid,
_In_ KPROCESSOR_MODE AccessMode,
_In_ POOL_TYPE PoolType,
_In_ BOOLEAN CaptureIfKernel,
_Out_ PSID *CapturedSid);
VOID
NTAPI
SepReleaseSid(
IN PSID CapturedSid,
IN KPROCESSOR_MODE AccessMode,
IN BOOLEAN CaptureIfKernel
);
_In_ PSID CapturedSid,
_In_ KPROCESSOR_MODE AccessMode,
_In_ BOOLEAN CaptureIfKernel);
NTSTATUS
NTAPI
@ -540,20 +526,18 @@ SeComputeQuotaInformationSize(
NTSTATUS
NTAPI
SepCaptureAcl(
IN PACL InputAcl,
IN KPROCESSOR_MODE AccessMode,
IN POOL_TYPE PoolType,
IN BOOLEAN CaptureIfKernel,
OUT PACL *CapturedAcl
);
_In_ PACL InputAcl,
_In_ KPROCESSOR_MODE AccessMode,
_In_ POOL_TYPE PoolType,
_In_ BOOLEAN CaptureIfKernel,
_Out_ PACL *CapturedAcl);
VOID
NTAPI
SepReleaseAcl(
IN PACL CapturedAcl,
IN KPROCESSOR_MODE AccessMode,
IN BOOLEAN CaptureIfKernel
);
_In_ PACL CapturedAcl,
_In_ KPROCESSOR_MODE AccessMode,
_In_ BOOLEAN CaptureIfKernel);
NTSTATUS
SepPropagateAcl(
@ -584,32 +568,29 @@ SepSelectAcl(
NTSTATUS
NTAPI
SeDefaultObjectMethod(
PVOID Object,
SECURITY_OPERATION_CODE OperationType,
PSECURITY_INFORMATION SecurityInformation,
PSECURITY_DESCRIPTOR NewSecurityDescriptor,
PULONG ReturnLength,
PSECURITY_DESCRIPTOR *OldSecurityDescriptor,
POOL_TYPE PoolType,
PGENERIC_MAPPING GenericMapping
);
_In_ PVOID Object,
_In_ SECURITY_OPERATION_CODE OperationType,
_In_ PSECURITY_INFORMATION SecurityInformation,
_Inout_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_Inout_opt_ PULONG ReturnLength,
_Inout_opt_ PSECURITY_DESCRIPTOR *OldSecurityDescriptor,
_In_ POOL_TYPE PoolType,
_In_ PGENERIC_MAPPING GenericMapping);
NTSTATUS
NTAPI
SeSetWorldSecurityDescriptor(
SECURITY_INFORMATION SecurityInformation,
PISECURITY_DESCRIPTOR SecurityDescriptor,
PULONG BufferLength
);
_In_ SECURITY_INFORMATION SecurityInformation,
_In_ PISECURITY_DESCRIPTOR SecurityDescriptor,
_In_ PULONG BufferLength);
NTSTATUS
NTAPI
SeCopyClientToken(
IN PACCESS_TOKEN Token,
IN SECURITY_IMPERSONATION_LEVEL Level,
IN KPROCESSOR_MODE PreviousMode,
OUT PACCESS_TOKEN* NewToken
);
_In_ PACCESS_TOKEN Token,
_In_ SECURITY_IMPERSONATION_LEVEL Level,
_In_ KPROCESSOR_MODE PreviousMode,
_Out_ PACCESS_TOKEN* NewToken);
NTSTATUS
NTAPI
@ -620,20 +601,25 @@ SepRegQueryHelper(
_In_ ULONG DataLength,
_Out_ PVOID ValueData);
VOID NTAPI
SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
OUT PACCESS_MASK DesiredAccess);
VOID
NTAPI
SeQuerySecurityAccessMask(
_In_ SECURITY_INFORMATION SecurityInformation,
_Out_ PACCESS_MASK DesiredAccess);
VOID NTAPI
SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
OUT PACCESS_MASK DesiredAccess);
VOID
NTAPI
SeSetSecurityAccessMask(
_In_ SECURITY_INFORMATION SecurityInformation,
_Out_ PACCESS_MASK DesiredAccess);
BOOLEAN
NTAPI
SeFastTraverseCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PACCESS_STATE AccessState,
IN ACCESS_MASK DesiredAccess,
IN KPROCESSOR_MODE AccessMode);
SeFastTraverseCheck(
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_In_ PACCESS_STATE AccessState,
_In_ ACCESS_MASK DesiredAccess,
_In_ KPROCESSOR_MODE AccessMode);
BOOLEAN
NTAPI
@ -651,17 +637,17 @@ SePrivilegedServiceAuditAlarm(
NTSTATUS
SepRmReferenceLogonSession(
PLUID LogonLuid);
_Inout_ PLUID LogonLuid);
NTSTATUS
SepRmDereferenceLogonSession(
PLUID LogonLuid);
_Inout_ PLUID LogonLuid);
NTSTATUS
NTAPI
SeGetLogonIdDeviceMap(
IN PLUID LogonId,
OUT PDEVICE_MAP * DeviceMap);
_In_ PLUID LogonId,
_Out_ PDEVICE_MAP *DeviceMap);
#endif

View file

@ -45,11 +45,12 @@ ERESOURCE SepSubjectContextLock;
*/
BOOLEAN
NTAPI
SepSidInTokenEx(IN PACCESS_TOKEN _Token,
IN PSID PrincipalSelfSid,
IN PSID _Sid,
IN BOOLEAN Deny,
IN BOOLEAN Restricted)
SepSidInTokenEx(
_In_ PACCESS_TOKEN _Token,
_In_ PSID PrincipalSelfSid,
_In_ PSID _Sid,
_In_ BOOLEAN Deny,
_In_ BOOLEAN Restricted)
{
ULONG i;
PTOKEN Token = (PTOKEN)_Token;
@ -145,8 +146,9 @@ SepSidInTokenEx(IN PACCESS_TOKEN _Token,
*/
BOOLEAN
NTAPI
SepSidInToken(IN PACCESS_TOKEN _Token,
IN PSID Sid)
SepSidInToken(
_In_ PACCESS_TOKEN _Token,
_In_ PSID Sid)
{
/* Call extended API */
return SepSidInTokenEx(_Token, NULL, Sid, FALSE, FALSE);
@ -172,9 +174,10 @@ SepSidInToken(IN PACCESS_TOKEN _Token,
*/
BOOLEAN
NTAPI
SepTokenIsOwner(IN PACCESS_TOKEN _Token,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN BOOLEAN TokenLocked)
SepTokenIsOwner(
_In_ PACCESS_TOKEN _Token,
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_In_ BOOLEAN TokenLocked)
{
PSID Sid;
BOOLEAN Result;
@ -216,8 +219,9 @@ SepTokenIsOwner(IN PACCESS_TOKEN _Token,
*/
VOID
NTAPI
SeGetTokenControlInformation(IN PACCESS_TOKEN _Token,
OUT PTOKEN_CONTROL TokenControl)
SeGetTokenControlInformation(
_In_ PACCESS_TOKEN _Token,
_Out_ PTOKEN_CONTROL TokenControl)
{
PTOKEN Token = _Token;
PAGED_CODE();
@ -274,13 +278,14 @@ SeGetTokenControlInformation(IN PACCESS_TOKEN _Token,
*/
NTSTATUS
NTAPI
SepCreateClientSecurity(IN PACCESS_TOKEN Token,
IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
IN BOOLEAN ServerIsRemote,
IN TOKEN_TYPE TokenType,
IN BOOLEAN ThreadEffectiveOnly,
IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
OUT PSECURITY_CLIENT_CONTEXT ClientContext)
SepCreateClientSecurity(
_In_ PACCESS_TOKEN Token,
_In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
_In_ BOOLEAN ServerIsRemote,
_In_ TOKEN_TYPE TokenType,
_In_ BOOLEAN ThreadEffectiveOnly,
_In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
_Out_ PSECURITY_CLIENT_CONTEXT ClientContext)
{
NTSTATUS Status;
PACCESS_TOKEN NewToken;
@ -382,9 +387,10 @@ SepCreateClientSecurity(IN PACCESS_TOKEN Token,
*/
VOID
NTAPI
SeCaptureSubjectContextEx(IN PETHREAD Thread,
IN PEPROCESS Process,
OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
SeCaptureSubjectContextEx(
_In_ PETHREAD Thread,
_In_ PEPROCESS Process,
_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
{
BOOLEAN CopyOnOpen, EffectiveOnly;
@ -425,7 +431,8 @@ SeCaptureSubjectContextEx(IN PETHREAD Thread,
*/
VOID
NTAPI
SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
SeCaptureSubjectContext(
_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
{
/* Call the extended API */
SeCaptureSubjectContextEx(PsGetCurrentThread(),
@ -446,7 +453,8 @@ SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
*/
VOID
NTAPI
SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
SeLockSubjectContext(
_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
{
PTOKEN PrimaryToken, ClientToken;
PAGED_CODE();
@ -476,7 +484,8 @@ SeLockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
*/
VOID
NTAPI
SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
SeUnlockSubjectContext(
_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
{
PTOKEN PrimaryToken, ClientToken;
PAGED_CODE();
@ -508,7 +517,8 @@ SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
*/
VOID
NTAPI
SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
SeReleaseSubjectContext(
_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
{
PAGED_CODE();
@ -531,7 +541,7 @@ SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
* @param[in] Process
* Valid process object where subject context is to be captured.
*
* @param[in, out] AccessState
* @param[in,out] AccessState
* An initialized returned parameter to an access state.
*
* @param[in] AuxData
@ -548,12 +558,13 @@ SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
*/
NTSTATUS
NTAPI
SeCreateAccessStateEx(IN PETHREAD Thread,
IN PEPROCESS Process,
IN OUT PACCESS_STATE AccessState,
IN PAUX_ACCESS_DATA AuxData,
IN ACCESS_MASK Access,
IN PGENERIC_MAPPING GenericMapping)
SeCreateAccessStateEx(
_In_ PETHREAD Thread,
_In_ PEPROCESS Process,
_Inout_ PACCESS_STATE AccessState,
_In_ PAUX_ACCESS_DATA AuxData,
_In_ ACCESS_MASK Access,
_In_ PGENERIC_MAPPING GenericMapping)
{
ACCESS_MASK AccessMask = Access;
PTOKEN Token;
@ -608,7 +619,7 @@ SeCreateAccessStateEx(IN PETHREAD Thread,
* @brief
* Creates an access state.
*
* @param[in, out] AccessState
* @param[in,out] AccessState
* An initialized returned parameter to an access state.
*
* @param[in] AuxData
@ -625,10 +636,11 @@ SeCreateAccessStateEx(IN PETHREAD Thread,
*/
NTSTATUS
NTAPI
SeCreateAccessState(IN OUT PACCESS_STATE AccessState,
IN PAUX_ACCESS_DATA AuxData,
IN ACCESS_MASK Access,
IN PGENERIC_MAPPING GenericMapping)
SeCreateAccessState(
_Inout_ PACCESS_STATE AccessState,
_In_ PAUX_ACCESS_DATA AuxData,
_In_ ACCESS_MASK Access,
_In_ PGENERIC_MAPPING GenericMapping)
{
PAGED_CODE();
@ -653,7 +665,8 @@ SeCreateAccessState(IN OUT PACCESS_STATE AccessState,
*/
VOID
NTAPI
SeDeleteAccessState(IN PACCESS_STATE AccessState)
SeDeleteAccessState(
_In_ PACCESS_STATE AccessState)
{
PAUX_ACCESS_DATA AuxData;
PAGED_CODE();
@ -695,8 +708,9 @@ SeDeleteAccessState(IN PACCESS_STATE AccessState)
*/
VOID
NTAPI
SeSetAccessStateGenericMapping(IN PACCESS_STATE AccessState,
IN PGENERIC_MAPPING GenericMapping)
SeSetAccessStateGenericMapping(
_In_ PACCESS_STATE AccessState,
_In_ PGENERIC_MAPPING GenericMapping)
{
PAGED_CODE();
@ -725,10 +739,11 @@ SeSetAccessStateGenericMapping(IN PACCESS_STATE AccessState,
*/
NTSTATUS
NTAPI
SeCreateClientSecurity(IN PETHREAD Thread,
IN PSECURITY_QUALITY_OF_SERVICE Qos,
IN BOOLEAN RemoteClient,
OUT PSECURITY_CLIENT_CONTEXT ClientContext)
SeCreateClientSecurity(
_In_ PETHREAD Thread,
_In_ PSECURITY_QUALITY_OF_SERVICE Qos,
_In_ BOOLEAN RemoteClient,
_Out_ PSECURITY_CLIENT_CONTEXT ClientContext)
{
TOKEN_TYPE TokenType;
BOOLEAN ThreadEffectiveOnly;
@ -786,10 +801,11 @@ SeCreateClientSecurity(IN PETHREAD Thread,
*/
NTSTATUS
NTAPI
SeCreateClientSecurityFromSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
IN BOOLEAN ServerIsRemote,
OUT PSECURITY_CLIENT_CONTEXT ClientContext)
SeCreateClientSecurityFromSubjectContext(
_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
_In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
_In_ BOOLEAN ServerIsRemote,
_Out_ PSECURITY_CLIENT_CONTEXT ClientContext)
{
PACCESS_TOKEN Token;
NTSTATUS Status;
@ -837,8 +853,9 @@ SeCreateClientSecurityFromSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectCon
*/
NTSTATUS
NTAPI
SeImpersonateClientEx(IN PSECURITY_CLIENT_CONTEXT ClientContext,
IN PETHREAD ServerThread OPTIONAL)
SeImpersonateClientEx(
_In_ PSECURITY_CLIENT_CONTEXT ClientContext,
_In_opt_ PETHREAD ServerThread)
{
BOOLEAN EffectiveOnly;
PAGED_CODE();
@ -881,8 +898,9 @@ SeImpersonateClientEx(IN PSECURITY_CLIENT_CONTEXT ClientContext,
*/
VOID
NTAPI
SeImpersonateClient(IN PSECURITY_CLIENT_CONTEXT ClientContext,
IN PETHREAD ServerThread OPTIONAL)
SeImpersonateClient(
_In_ PSECURITY_CLIENT_CONTEXT ClientContext,
_In_opt_ PETHREAD ServerThread)
{
PAGED_CODE();

View file

@ -66,18 +66,19 @@
* The function is currently incomplete!
*/
BOOLEAN NTAPI
SepAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_TYPE_LIST ObjectTypeList,
IN ULONG ObjectTypeListLength,
IN ACCESS_MASK PreviouslyGrantedAccess,
OUT PPRIVILEGE_SET* Privileges,
IN PGENERIC_MAPPING GenericMapping,
IN KPROCESSOR_MODE AccessMode,
OUT PACCESS_MASK GrantedAccessList,
OUT PNTSTATUS AccessStatusList,
IN BOOLEAN UseResultList)
SepAccessCheck(
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
_In_ ACCESS_MASK DesiredAccess,
_In_ POBJECT_TYPE_LIST ObjectTypeList,
_In_ ULONG ObjectTypeListLength,
_In_ ACCESS_MASK PreviouslyGrantedAccess,
_Out_ PPRIVILEGE_SET* Privileges,
_In_ PGENERIC_MAPPING GenericMapping,
_In_ KPROCESSOR_MODE AccessMode,
_Out_ PACCESS_MASK GrantedAccessList,
_Out_ PNTSTATUS AccessStatusList,
_In_ BOOLEAN UseResultList)
{
ACCESS_MASK RemainingAccess;
ACCESS_MASK TempAccess;
@ -342,7 +343,8 @@ ReturnCommonStatus:
* Returns a SID that represents the main user (owner).
*/
static PSID
SepGetSDOwner(IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
SepGetSDOwner(
_In_ PSECURITY_DESCRIPTOR _SecurityDescriptor)
{
PISECURITY_DESCRIPTOR SecurityDescriptor = _SecurityDescriptor;
PSID Owner;
@ -368,7 +370,8 @@ SepGetSDOwner(IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
* Returns a SID that represents a group.
*/
static PSID
SepGetSDGroup(IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
SepGetSDGroup(
_In_ PSECURITY_DESCRIPTOR _SecurityDescriptor)
{
PISECURITY_DESCRIPTOR SecurityDescriptor = _SecurityDescriptor;
PSID Group;
@ -394,7 +397,8 @@ SepGetSDGroup(IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
*/
static
ULONG
SepGetPrivilegeSetLength(IN PPRIVILEGE_SET PrivilegeSet)
SepGetPrivilegeSetLength(
_In_ PPRIVILEGE_SET PrivilegeSet)
{
if (PrivilegeSet == NULL)
return 0;
@ -452,16 +456,17 @@ SepGetPrivilegeSetLength(IN PPRIVILEGE_SET PrivilegeSet)
*/
BOOLEAN
NTAPI
SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN BOOLEAN SubjectContextLocked,
IN ACCESS_MASK DesiredAccess,
IN ACCESS_MASK PreviouslyGrantedAccess,
OUT PPRIVILEGE_SET* Privileges,
IN PGENERIC_MAPPING GenericMapping,
IN KPROCESSOR_MODE AccessMode,
OUT PACCESS_MASK GrantedAccess,
OUT PNTSTATUS AccessStatus)
SeAccessCheck(
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
_In_ BOOLEAN SubjectContextLocked,
_In_ ACCESS_MASK DesiredAccess,
_In_ ACCESS_MASK PreviouslyGrantedAccess,
_Out_ PPRIVILEGE_SET* Privileges,
_In_ PGENERIC_MAPPING GenericMapping,
_In_ KPROCESSOR_MODE AccessMode,
_Out_ PACCESS_MASK GrantedAccess,
_Out_ PNTSTATUS AccessStatus)
{
BOOLEAN ret;
@ -593,10 +598,11 @@ SeAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
*/
BOOLEAN
NTAPI
SeFastTraverseCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PACCESS_STATE AccessState,
IN ACCESS_MASK DesiredAccess,
IN KPROCESSOR_MODE AccessMode)
SeFastTraverseCheck(
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_In_ PACCESS_STATE AccessState,
_In_ ACCESS_MASK DesiredAccess,
_In_ KPROCESSOR_MODE AccessMode)
{
PACL Dacl;
ULONG AceIndex;
@ -702,14 +708,15 @@ SeFastTraverseCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
*/
NTSTATUS
NTAPI
NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN HANDLE TokenHandle,
IN ACCESS_MASK DesiredAccess,
IN PGENERIC_MAPPING GenericMapping,
OUT PPRIVILEGE_SET PrivilegeSet OPTIONAL,
IN OUT PULONG PrivilegeSetLength,
OUT PACCESS_MASK GrantedAccess,
OUT PNTSTATUS AccessStatus)
NtAccessCheck(
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_In_ HANDLE TokenHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ PGENERIC_MAPPING GenericMapping,
_Out_opt_ PPRIVILEGE_SET PrivilegeSet,
_Inout_ PULONG PrivilegeSetLength,
_Out_ PACCESS_MASK GrantedAccess,
_Out_ PNTSTATUS AccessStatus)
{
PSECURITY_DESCRIPTOR CapturedSecurityDescriptor = NULL;
SECURITY_SUBJECT_CONTEXT SubjectSecurityContext;
@ -988,17 +995,18 @@ NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
*/
NTSTATUS
NTAPI
NtAccessCheckByType(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSID PrincipalSelfSid,
IN HANDLE ClientToken,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_TYPE_LIST ObjectTypeList,
IN ULONG ObjectTypeLength,
IN PGENERIC_MAPPING GenericMapping,
IN PPRIVILEGE_SET PrivilegeSet,
IN OUT PULONG PrivilegeSetLength,
OUT PACCESS_MASK GrantedAccess,
OUT PNTSTATUS AccessStatus)
NtAccessCheckByType(
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_In_ PSID PrincipalSelfSid,
_In_ HANDLE ClientToken,
_In_ ACCESS_MASK DesiredAccess,
_In_ POBJECT_TYPE_LIST ObjectTypeList,
_In_ ULONG ObjectTypeLength,
_In_ PGENERIC_MAPPING GenericMapping,
_In_ PPRIVILEGE_SET PrivilegeSet,
_Inout_ PULONG PrivilegeSetLength,
_Out_ PACCESS_MASK GrantedAccess,
_Out_ PNTSTATUS AccessStatus)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
@ -1049,17 +1057,18 @@ NtAccessCheckByType(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
*/
NTSTATUS
NTAPI
NtAccessCheckByTypeResultList(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSID PrincipalSelfSid,
IN HANDLE ClientToken,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_TYPE_LIST ObjectTypeList,
IN ULONG ObjectTypeLength,
IN PGENERIC_MAPPING GenericMapping,
IN PPRIVILEGE_SET PrivilegeSet,
IN OUT PULONG PrivilegeSetLength,
OUT PACCESS_MASK GrantedAccess,
OUT PNTSTATUS AccessStatus)
NtAccessCheckByTypeResultList(
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_In_ PSID PrincipalSelfSid,
_In_ HANDLE ClientToken,
_In_ ACCESS_MASK DesiredAccess,
_In_ POBJECT_TYPE_LIST ObjectTypeList,
_In_ ULONG ObjectTypeLength,
_In_ PGENERIC_MAPPING GenericMapping,
_In_ PPRIVILEGE_SET PrivilegeSet,
_Inout_ PULONG PrivilegeSetLength,
_Out_ PACCESS_MASK GrantedAccess,
_Out_ PNTSTATUS AccessStatus)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;

View file

@ -349,11 +349,12 @@ SepCreateImpersonationTokenDacl(
*/
NTSTATUS
NTAPI
SepCaptureAcl(IN PACL InputAcl,
IN KPROCESSOR_MODE AccessMode,
IN POOL_TYPE PoolType,
IN BOOLEAN CaptureIfKernel,
OUT PACL *CapturedAcl)
SepCaptureAcl(
_In_ PACL InputAcl,
_In_ KPROCESSOR_MODE AccessMode,
_In_ POOL_TYPE PoolType,
_In_ BOOLEAN CaptureIfKernel,
_Out_ PACL *CapturedAcl)
{
PACL NewAcl;
ULONG AclSize = 0;
@ -455,9 +456,10 @@ SepCaptureAcl(IN PACL InputAcl,
*/
VOID
NTAPI
SepReleaseAcl(IN PACL CapturedAcl,
IN KPROCESSOR_MODE AccessMode,
IN BOOLEAN CaptureIfKernel)
SepReleaseAcl(
_In_ PACL CapturedAcl,
_In_ KPROCESSOR_MODE AccessMode,
_In_ BOOLEAN CaptureIfKernel)
{
PAGED_CODE();

View file

@ -31,7 +31,8 @@ UNICODE_STRING SeSubsystemName = RTL_CONSTANT_STRING(L"Security");
*/
BOOLEAN
NTAPI
SeDetailedAuditingWithToken(IN PTOKEN Token)
SeDetailedAuditingWithToken(
_In_ PTOKEN Token)
{
/* FIXME */
return FALSE;
@ -52,7 +53,8 @@ SeDetailedAuditingWithToken(IN PTOKEN Token)
*/
VOID
NTAPI
SeAuditProcessCreate(IN PEPROCESS Process)
SeAuditProcessCreate(
_In_ PEPROCESS Process)
{
/* FIXME */
}
@ -72,7 +74,8 @@ SeAuditProcessCreate(IN PEPROCESS Process)
*/
VOID
NTAPI
SeAuditProcessExit(IN PEPROCESS Process)
SeAuditProcessExit(
_In_ PEPROCESS Process)
{
/* FIXME */
}
@ -99,9 +102,10 @@ SeAuditProcessExit(IN PEPROCESS Process)
*/
NTSTATUS
NTAPI
SeInitializeProcessAuditName(IN PFILE_OBJECT FileObject,
IN BOOLEAN DoAudit,
OUT POBJECT_NAME_INFORMATION *AuditInfo)
SeInitializeProcessAuditName(
_In_ PFILE_OBJECT FileObject,
_In_ BOOLEAN DoAudit,
_Out_ POBJECT_NAME_INFORMATION *AuditInfo)
{
OBJECT_NAME_INFORMATION LocalNameInfo;
POBJECT_NAME_INFORMATION ObjectNameInfo = NULL;
@ -192,8 +196,9 @@ SeInitializeProcessAuditName(IN PFILE_OBJECT FileObject,
*/
NTSTATUS
NTAPI
SeLocateProcessImageName(IN PEPROCESS Process,
OUT PUNICODE_STRING *ProcessImageName)
SeLocateProcessImageName(
_In_ PEPROCESS Process,
_Out_ PUNICODE_STRING *ProcessImageName)
{
POBJECT_NAME_INFORMATION AuditName;
PUNICODE_STRING ImageName;
@ -280,9 +285,9 @@ SeLocateProcessImageName(IN PEPROCESS Process,
VOID
NTAPI
SepAdtCloseObjectAuditAlarm(
PUNICODE_STRING SubsystemName,
PVOID HandleId,
PSID Sid)
_In_ PUNICODE_STRING SubsystemName,
_In_ PVOID HandleId,
_In_ PSID Sid)
{
UNIMPLEMENTED;
}
@ -325,7 +330,7 @@ SepAdtCloseObjectAuditAlarm(
VOID
NTAPI
SepAdtPrivilegedServiceAuditAlarm(
PSECURITY_SUBJECT_CONTEXT SubjectContext,
_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
_In_opt_ PUNICODE_STRING SubsystemName,
_In_opt_ PUNICODE_STRING ServiceName,
_In_ PTOKEN Token,
@ -1060,9 +1065,10 @@ Cleanup:
*/
VOID
NTAPI
SeAuditHardLinkCreation(IN PUNICODE_STRING FileName,
IN PUNICODE_STRING LinkName,
IN BOOLEAN bSuccess)
SeAuditHardLinkCreation(
_In_ PUNICODE_STRING FileName,
_In_ PUNICODE_STRING LinkName,
_In_ BOOLEAN bSuccess)
{
UNIMPLEMENTED;
}
@ -1085,8 +1091,9 @@ SeAuditHardLinkCreation(IN PUNICODE_STRING FileName,
*/
BOOLEAN
NTAPI
SeAuditingFileEvents(IN BOOLEAN AccessGranted,
IN PSECURITY_DESCRIPTOR SecurityDescriptor)
SeAuditingFileEvents(
_In_ BOOLEAN AccessGranted,
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor)
{
UNIMPLEMENTED;
return FALSE;
@ -1114,9 +1121,10 @@ SeAuditingFileEvents(IN BOOLEAN AccessGranted,
*/
BOOLEAN
NTAPI
SeAuditingFileEventsWithContext(IN BOOLEAN AccessGranted,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL)
SeAuditingFileEventsWithContext(
_In_ BOOLEAN AccessGranted,
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)
{
UNIMPLEMENTED_ONCE;
return FALSE;
@ -1140,8 +1148,9 @@ SeAuditingFileEventsWithContext(IN BOOLEAN AccessGranted,
*/
BOOLEAN
NTAPI
SeAuditingHardLinkEvents(IN BOOLEAN AccessGranted,
IN PSECURITY_DESCRIPTOR SecurityDescriptor)
SeAuditingHardLinkEvents(
_In_ BOOLEAN AccessGranted,
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor)
{
UNIMPLEMENTED;
return FALSE;
@ -1169,9 +1178,10 @@ SeAuditingHardLinkEvents(IN BOOLEAN AccessGranted,
*/
BOOLEAN
NTAPI
SeAuditingHardLinkEventsWithContext(IN BOOLEAN AccessGranted,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL)
SeAuditingHardLinkEventsWithContext(
_In_ BOOLEAN AccessGranted,
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)
{
UNIMPLEMENTED;
return FALSE;
@ -1199,9 +1209,10 @@ SeAuditingHardLinkEventsWithContext(IN BOOLEAN AccessGranted,
*/
BOOLEAN
NTAPI
SeAuditingFileOrGlobalEvents(IN BOOLEAN AccessGranted,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)
SeAuditingFileOrGlobalEvents(
_In_ BOOLEAN AccessGranted,
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)
{
UNIMPLEMENTED;
return FALSE;
@ -1227,9 +1238,10 @@ SeAuditingFileOrGlobalEvents(IN BOOLEAN AccessGranted,
*/
VOID
NTAPI
SeCloseObjectAuditAlarm(IN PVOID Object,
IN HANDLE Handle,
IN BOOLEAN PerformAction)
SeCloseObjectAuditAlarm(
_In_ PVOID Object,
_In_ HANDLE Handle,
_In_ BOOLEAN PerformAction)
{
UNIMPLEMENTED;
}
@ -1249,8 +1261,9 @@ SeCloseObjectAuditAlarm(IN PVOID Object,
* Nothing.
*/
VOID NTAPI
SeDeleteObjectAuditAlarm(IN PVOID Object,
IN HANDLE Handle)
SeDeleteObjectAuditAlarm(
_In_ PVOID Object,
_In_ HANDLE Handle)
{
UNIMPLEMENTED;
}
@ -1298,15 +1311,16 @@ SeDeleteObjectAuditAlarm(IN PVOID Object,
*/
VOID
NTAPI
SeOpenObjectAuditAlarm(IN PUNICODE_STRING ObjectTypeName,
IN PVOID Object OPTIONAL,
IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PACCESS_STATE AccessState,
IN BOOLEAN ObjectCreated,
IN BOOLEAN AccessGranted,
IN KPROCESSOR_MODE AccessMode,
OUT PBOOLEAN GenerateOnClose)
SeOpenObjectAuditAlarm(
_In_ PUNICODE_STRING ObjectTypeName,
_In_opt_ PVOID Object,
_In_opt_ PUNICODE_STRING AbsoluteObjectName,
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_In_ PACCESS_STATE AccessState,
_In_ BOOLEAN ObjectCreated,
_In_ BOOLEAN AccessGranted,
_In_ KPROCESSOR_MODE AccessMode,
_Out_ PBOOLEAN GenerateOnClose)
{
PAGED_CODE();
@ -1360,15 +1374,16 @@ SeOpenObjectAuditAlarm(IN PUNICODE_STRING ObjectTypeName,
* Nothing.
*/
VOID NTAPI
SeOpenObjectForDeleteAuditAlarm(IN PUNICODE_STRING ObjectTypeName,
IN PVOID Object OPTIONAL,
IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PACCESS_STATE AccessState,
IN BOOLEAN ObjectCreated,
IN BOOLEAN AccessGranted,
IN KPROCESSOR_MODE AccessMode,
OUT PBOOLEAN GenerateOnClose)
SeOpenObjectForDeleteAuditAlarm(
_In_ PUNICODE_STRING ObjectTypeName,
_In_opt_ PVOID Object,
_In_opt_ PUNICODE_STRING AbsoluteObjectName,
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_In_ PACCESS_STATE AccessState,
_In_ BOOLEAN ObjectCreated,
_In_ BOOLEAN AccessGranted,
_In_ KPROCESSOR_MODE AccessMode,
_Out_ PBOOLEAN GenerateOnClose)
{
UNIMPLEMENTED;
}
@ -1404,12 +1419,13 @@ SeOpenObjectForDeleteAuditAlarm(IN PUNICODE_STRING ObjectTypeName,
*/
VOID
NTAPI
SePrivilegeObjectAuditAlarm(IN HANDLE Handle,
IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
IN ACCESS_MASK DesiredAccess,
IN PPRIVILEGE_SET Privileges,
IN BOOLEAN AccessGranted,
IN KPROCESSOR_MODE CurrentMode)
SePrivilegeObjectAuditAlarm(
_In_ HANDLE Handle,
_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
_In_ ACCESS_MASK DesiredAccess,
_In_ PPRIVILEGE_SET Privileges,
_In_ BOOLEAN AccessGranted,
_In_ KPROCESSOR_MODE CurrentMode)
{
UNIMPLEMENTED;
}
@ -1441,9 +1457,9 @@ SePrivilegeObjectAuditAlarm(IN HANDLE Handle,
NTSTATUS
NTAPI
NtCloseObjectAuditAlarm(
PUNICODE_STRING SubsystemName,
PVOID HandleId,
BOOLEAN GenerateOnClose)
_In_ PUNICODE_STRING SubsystemName,
_In_ PVOID HandleId,
_In_ BOOLEAN GenerateOnClose)
{
SECURITY_SUBJECT_CONTEXT SubjectContext;
UNICODE_STRING CapturedSubsystemName;
@ -1557,9 +1573,10 @@ Cleanup:
* To be added...
*/
NTSTATUS NTAPI
NtDeleteObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
IN PVOID HandleId,
IN BOOLEAN GenerateOnClose)
NtDeleteObjectAuditAlarm(
_In_ PUNICODE_STRING SubsystemName,
_In_ PVOID HandleId,
_In_ BOOLEAN GenerateOnClose)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
@ -1969,7 +1986,7 @@ NtPrivilegedServiceAuditAlarm(
_In_opt_ PUNICODE_STRING ServiceName,
_In_ HANDLE ClientTokenHandle,
_In_ PPRIVILEGE_SET Privileges,
_In_ BOOLEAN AccessGranted )
_In_ BOOLEAN AccessGranted)
{
KPROCESSOR_MODE PreviousMode;
PTOKEN ClientToken;
@ -2147,12 +2164,13 @@ Cleanup:
* To be added...
*/
NTSTATUS NTAPI
NtPrivilegeObjectAuditAlarm(IN PUNICODE_STRING SubsystemName,
IN PVOID HandleId,
IN HANDLE ClientToken,
IN ULONG DesiredAccess,
IN PPRIVILEGE_SET Privileges,
IN BOOLEAN AccessGranted)
NtPrivilegeObjectAuditAlarm(
_In_ PUNICODE_STRING SubsystemName,
_In_ PVOID HandleId,
_In_ HANDLE ClientToken,
_In_ ULONG DesiredAccess,
_In_ PPRIVILEGE_SET Privileges,
_In_ BOOLEAN AccessGranted)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;

View file

@ -99,11 +99,12 @@ SepInitPrivileges(VOID)
*/
BOOLEAN
NTAPI
SepPrivilegeCheck(PTOKEN Token,
PLUID_AND_ATTRIBUTES Privileges,
ULONG PrivilegeCount,
ULONG PrivilegeControl,
KPROCESSOR_MODE PreviousMode)
SepPrivilegeCheck(
_In_ PTOKEN Token,
_In_ PLUID_AND_ATTRIBUTES Privileges,
_In_ ULONG PrivilegeCount,
_In_ ULONG PrivilegeControl,
_In_ KPROCESSOR_MODE PreviousMode)
{
ULONG i;
ULONG j;
@ -185,9 +186,9 @@ SepPrivilegeCheck(PTOKEN Token,
NTSTATUS
NTAPI
SepSinglePrivilegeCheck(
LUID PrivilegeValue,
PTOKEN Token,
KPROCESSOR_MODE PreviousMode)
_In_ LUID PrivilegeValue,
_In_ PTOKEN Token,
_In_ KPROCESSOR_MODE PreviousMode)
{
LUID_AND_ATTRIBUTES Privilege;
PAGED_CODE();
@ -430,15 +431,16 @@ SeCheckAuditPrivilege(
*/
NTSTATUS
NTAPI
SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
ULONG PrivilegeCount,
KPROCESSOR_MODE PreviousMode,
PLUID_AND_ATTRIBUTES AllocatedMem,
ULONG AllocatedLength,
POOL_TYPE PoolType,
BOOLEAN CaptureIfKernel,
PLUID_AND_ATTRIBUTES *Dest,
PULONG Length)
SeCaptureLuidAndAttributesArray(
_In_ PLUID_AND_ATTRIBUTES Src,
_In_ ULONG PrivilegeCount,
_In_ KPROCESSOR_MODE PreviousMode,
_In_opt_ PLUID_AND_ATTRIBUTES AllocatedMem,
_In_opt_ ULONG AllocatedLength,
_In_ POOL_TYPE PoolType,
_In_ BOOLEAN CaptureIfKernel,
_Out_ PLUID_AND_ATTRIBUTES *Dest,
_Inout_ PULONG Length)
{
ULONG BufferSize;
NTSTATUS Status = STATUS_SUCCESS;
@ -543,9 +545,10 @@ SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src,
*/
VOID
NTAPI
SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege,
KPROCESSOR_MODE PreviousMode,
BOOLEAN CaptureIfKernel)
SeReleaseLuidAndAttributesArray(
_In_ PLUID_AND_ATTRIBUTES Privilege,
_In_ KPROCESSOR_MODE PreviousMode,
_In_ BOOLEAN CaptureIfKernel)
{
PAGED_CODE();
@ -576,8 +579,9 @@ SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege,
*/
NTSTATUS
NTAPI
SeAppendPrivileges(IN OUT PACCESS_STATE AccessState,
IN PPRIVILEGE_SET Privileges)
SeAppendPrivileges(
_Inout_ PACCESS_STATE AccessState,
_In_ PPRIVILEGE_SET Privileges)
{
PAUX_ACCESS_DATA AuxData;
ULONG OldPrivilegeSetSize;
@ -656,7 +660,8 @@ SeAppendPrivileges(IN OUT PACCESS_STATE AccessState,
*/
VOID
NTAPI
SeFreePrivileges(IN PPRIVILEGE_SET Privileges)
SeFreePrivileges(
_In_ PPRIVILEGE_SET Privileges)
{
PAGED_CODE();
ExFreePoolWithTag(Privileges, TAG_PRIVILEGE_SET);
@ -684,9 +689,10 @@ SeFreePrivileges(IN PPRIVILEGE_SET Privileges)
*/
BOOLEAN
NTAPI
SePrivilegeCheck(PPRIVILEGE_SET Privileges,
PSECURITY_SUBJECT_CONTEXT SubjectContext,
KPROCESSOR_MODE PreviousMode)
SePrivilegeCheck(
_In_ PPRIVILEGE_SET Privileges,
_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
_In_ KPROCESSOR_MODE PreviousMode)
{
PACCESS_TOKEN Token = NULL;
@ -729,8 +735,9 @@ SePrivilegeCheck(PPRIVILEGE_SET Privileges,
*/
BOOLEAN
NTAPI
SeSinglePrivilegeCheck(IN LUID PrivilegeValue,
IN KPROCESSOR_MODE PreviousMode)
SeSinglePrivilegeCheck(
_In_ LUID PrivilegeValue,
_In_ KPROCESSOR_MODE PreviousMode)
{
SECURITY_SUBJECT_CONTEXT SubjectContext;
PRIVILEGE_SET Priv;
@ -787,10 +794,11 @@ SeSinglePrivilegeCheck(IN LUID PrivilegeValue,
*/
BOOLEAN
NTAPI
SeCheckPrivilegedObject(IN LUID PrivilegeValue,
IN HANDLE ObjectHandle,
IN ACCESS_MASK DesiredAccess,
IN KPROCESSOR_MODE PreviousMode)
SeCheckPrivilegedObject(
_In_ LUID PrivilegeValue,
_In_ HANDLE ObjectHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ KPROCESSOR_MODE PreviousMode)
{
SECURITY_SUBJECT_CONTEXT SubjectContext;
PRIVILEGE_SET Priv;
@ -851,9 +859,10 @@ SeCheckPrivilegedObject(IN LUID PrivilegeValue,
*/
NTSTATUS
NTAPI
NtPrivilegeCheck(IN HANDLE ClientToken,
IN PPRIVILEGE_SET RequiredPrivileges,
OUT PBOOLEAN Result)
NtPrivilegeCheck(
_In_ HANDLE ClientToken,
_In_ PPRIVILEGE_SET RequiredPrivileges,
_Out_ PBOOLEAN Result)
{
PLUID_AND_ATTRIBUTES Privileges;
PTOKEN Token;

View file

@ -152,9 +152,10 @@ SepInitSDs(VOID)
*/
NTSTATUS
NTAPI
SeSetWorldSecurityDescriptor(SECURITY_INFORMATION SecurityInformation,
PISECURITY_DESCRIPTOR SecurityDescriptor,
PULONG BufferLength)
SeSetWorldSecurityDescriptor(
_In_ SECURITY_INFORMATION SecurityInformation,
_In_ PISECURITY_DESCRIPTOR SecurityDescriptor,
_In_ PULONG BufferLength)
{
ULONG Current;
ULONG SidSize;
@ -263,9 +264,9 @@ SeSetWorldSecurityDescriptor(SECURITY_INFORMATION SecurityInformation,
static
ULONG
DetermineSIDSize(
PISID Sid,
PULONG OutSAC,
KPROCESSOR_MODE ProcessorMode)
_In_ PISID Sid,
_Inout_ PULONG OutSAC,
_In_ KPROCESSOR_MODE ProcessorMode)
{
ULONG Size;
@ -309,8 +310,8 @@ DetermineSIDSize(
static
ULONG
DetermineACLSize(
PACL Acl,
KPROCESSOR_MODE ProcessorMode)
_In_ PACL Acl,
_In_ KPROCESSOR_MODE ProcessorMode)
{
ULONG Size;
@ -359,11 +360,11 @@ DetermineACLSize(
NTSTATUS
NTAPI
SeCaptureSecurityDescriptor(
IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor,
IN KPROCESSOR_MODE CurrentMode,
IN POOL_TYPE PoolType,
IN BOOLEAN CaptureIfKernel,
OUT PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
_In_ PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor,
_In_ KPROCESSOR_MODE CurrentMode,
_In_ POOL_TYPE PoolType,
_In_ BOOLEAN CaptureIfKernel,
_Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
{
PISECURITY_DESCRIPTOR OriginalDescriptor = _OriginalSecurityDescriptor;
SECURITY_DESCRIPTOR DescriptorCopy;
@ -732,9 +733,10 @@ SeQuerySecurityDescriptorInfo(
*/
NTSTATUS
NTAPI
SeReleaseSecurityDescriptor(IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor,
IN KPROCESSOR_MODE CurrentMode,
IN BOOLEAN CaptureIfKernelMode)
SeReleaseSecurityDescriptor(
_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor,
_In_ KPROCESSOR_MODE CurrentMode,
_In_ BOOLEAN CaptureIfKernelMode)
{
PAGED_CODE();
@ -998,8 +1000,9 @@ SeSetSecurityDescriptorInfoEx(
* FALSE otherwise.
*/
BOOLEAN NTAPI
SeValidSecurityDescriptor(IN ULONG Length,
IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
SeValidSecurityDescriptor(
_In_ ULONG Length,
_In_ PSECURITY_DESCRIPTOR _SecurityDescriptor)
{
ULONG SdLength;
PISID Sid;

View file

@ -325,14 +325,14 @@ SeInitSystem(VOID)
* @param[in] SecurityInformation
* Auxiliary security information of the object.
*
* @param[in] SecurityDescriptor
* @param[in,out] SecurityDescriptor
* A security descriptor. This SD is used accordingly to the operation type
* requested by the caller.
*
* @param[in] ReturnLength
* @param[in,out] ReturnLength
* The length size of the queried security descriptor, in bytes.
*
* @param[in] OldSecurityDescriptor
* @param[in,out] OldSecurityDescriptor
* The old SD that belonged to the object, in case we're either deleting
* or replacing it.
*
@ -348,14 +348,15 @@ SeInitSystem(VOID)
*/
NTSTATUS
NTAPI
SeDefaultObjectMethod(IN PVOID Object,
IN SECURITY_OPERATION_CODE OperationType,
IN PSECURITY_INFORMATION SecurityInformation,
IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
IN OUT PULONG ReturnLength OPTIONAL,
IN OUT PSECURITY_DESCRIPTOR *OldSecurityDescriptor,
IN POOL_TYPE PoolType,
IN PGENERIC_MAPPING GenericMapping)
SeDefaultObjectMethod(
_In_ PVOID Object,
_In_ SECURITY_OPERATION_CODE OperationType,
_In_ PSECURITY_INFORMATION SecurityInformation,
_Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_Inout_opt_ PULONG ReturnLength,
_Inout_ PSECURITY_DESCRIPTOR *OldSecurityDescriptor,
_In_ POOL_TYPE PoolType,
_In_ PGENERIC_MAPPING GenericMapping)
{
PAGED_CODE();
@ -423,8 +424,9 @@ SeDefaultObjectMethod(IN PVOID Object,
*/
VOID
NTAPI
SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
OUT PACCESS_MASK DesiredAccess)
SeQuerySecurityAccessMask(
_In_ SECURITY_INFORMATION SecurityInformation,
_Out_ PACCESS_MASK DesiredAccess)
{
*DesiredAccess = 0;
@ -455,8 +457,9 @@ SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
*/
VOID
NTAPI
SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
OUT PACCESS_MASK DesiredAccess)
SeSetSecurityAccessMask(
_In_ SECURITY_INFORMATION SecurityInformation,
_Out_ PACCESS_MASK DesiredAccess)
{
*DesiredAccess = 0;

View file

@ -303,11 +303,12 @@ SepInitSecurityIDs(VOID)
*/
NTSTATUS
NTAPI
SepCaptureSid(IN PSID InputSid,
IN KPROCESSOR_MODE AccessMode,
IN POOL_TYPE PoolType,
IN BOOLEAN CaptureIfKernel,
OUT PSID *CapturedSid)
SepCaptureSid(
_In_ PSID InputSid,
_In_ KPROCESSOR_MODE AccessMode,
_In_ POOL_TYPE PoolType,
_In_ BOOLEAN CaptureIfKernel,
_Out_ PSID *CapturedSid)
{
ULONG SidSize = 0;
PISID NewSid, Sid = (PISID)InputSid;
@ -388,9 +389,10 @@ SepCaptureSid(IN PSID InputSid,
*/
VOID
NTAPI
SepReleaseSid(IN PSID CapturedSid,
IN KPROCESSOR_MODE AccessMode,
IN BOOLEAN CaptureIfKernel)
SepReleaseSid(
_In_ PSID CapturedSid,
_In_ KPROCESSOR_MODE AccessMode,
_In_ BOOLEAN CaptureIfKernel)
{
PAGED_CODE();

View file

@ -24,7 +24,7 @@ typedef struct _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION
VOID
NTAPI
SepRmCommandServerThread(
PVOID StartContext);
_In_ PVOID StartContext);
static
NTSTATUS
@ -34,7 +34,7 @@ SepCleanupLUIDDeviceMapDirectory(
static
NTSTATUS
SepRmCreateLogonSession(
PLUID LogonLuid);
_In_ PLUID LogonLuid);
/* GLOBALS ********************************************************************/
@ -322,7 +322,7 @@ SepAdtInitializeBounds(VOID)
static
NTSTATUS
SepRmSetAuditEvent(
PSEP_RM_API_MESSAGE Message)
_Inout_ PSEP_RM_API_MESSAGE Message)
{
ULONG i;
PAGED_CODE();
@ -496,7 +496,7 @@ SepRmRemoveLogonSessionFromToken(
* respective logon sessions management within the kernel,
* as in form of a SEP_LOGON_SESSION_REFERENCES data structure.
*
* @param[in,out] LogonLuid
* @param[in] LogonLuid
* A logon ID represented as a LUID. This LUID is used to create
* our logon session and add it to the sessions database.
*
@ -510,7 +510,7 @@ SepRmRemoveLogonSessionFromToken(
static
NTSTATUS
SepRmCreateLogonSession(
PLUID LogonLuid)
_In_ PLUID LogonLuid)
{
PSEP_LOGON_SESSION_REFERENCES CurrentSession, NewSession;
NTSTATUS Status;
@ -682,7 +682,7 @@ Leave:
* @brief
* References a logon session.
*
* @param[in,out] LogonLuid
* @param[in] LogonLuid
* A valid LUID that points to the logon session in the database that
* we're going to reference it.
*
@ -693,7 +693,7 @@ Leave:
*/
NTSTATUS
SepRmReferenceLogonSession(
PLUID LogonLuid)
_In_ PLUID LogonLuid)
{
PSEP_LOGON_SESSION_REFERENCES CurrentSession;
@ -996,7 +996,7 @@ AllocateLinksAgain:
* that means the session is no longer used and can be safely deleted
* from the logon sessions database.
*
* @param[in,out] LogonLuid
* @param[in] LogonLuid
* A logon session ID to de-reference.
*
* @return
@ -1006,7 +1006,7 @@ AllocateLinksAgain:
*/
NTSTATUS
SepRmDereferenceLogonSession(
PLUID LogonLuid)
_In_ PLUID LogonLuid)
{
ULONG RefCount;
PDEVICE_MAP DeviceMap;
@ -1224,7 +1224,7 @@ Cleanup:
VOID
NTAPI
SepRmCommandServerThread(
PVOID StartContext)
_In_ PVOID StartContext)
{
SEP_RM_API_MESSAGE Message;
PPORT_MESSAGE ReplyMessage;
@ -1345,9 +1345,8 @@ SepRmCommandServerThread(
NTSTATUS
NTAPI
SeGetLogonIdDeviceMap(
IN PLUID LogonId,
OUT PDEVICE_MAP * DeviceMap
)
_In_ PLUID LogonId,
_Out_ PDEVICE_MAP *DeviceMap)
{
NTSTATUS Status;
WCHAR Buffer[63];
@ -1571,7 +1570,7 @@ SeMarkLogonSessionForTerminationNotification(
NTSTATUS
NTAPI
SeRegisterLogonSessionTerminatedRoutine(
IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
_In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
{
PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION Notification;
PAGED_CODE();
@ -1620,7 +1619,7 @@ SeRegisterLogonSessionTerminatedRoutine(
NTSTATUS
NTAPI
SeUnregisterLogonSessionTerminatedRoutine(
IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
_In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
{
PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION Current, Previous = NULL;
NTSTATUS Status;

View file

@ -611,7 +611,8 @@ SepRemovePrivilegeToken(
*/
VOID
NTAPI
SepFreeProxyData(PVOID ProxyData)
SepFreeProxyData(
_Inout_ PVOID ProxyData)
{
UNIMPLEMENTED;
}
@ -624,7 +625,7 @@ SepFreeProxyData(PVOID ProxyData)
* @param[out] Dest
* The destination path where the proxy data is to be copied to.
*
* @param[out] Src
* @param[in] Src
* The source path where the proxy data is be copied from.
*
* @return
@ -632,8 +633,9 @@ SepFreeProxyData(PVOID ProxyData)
*/
NTSTATUS
NTAPI
SepCopyProxyData(PVOID* Dest,
PVOID Src)
SepCopyProxyData(
_Out_ PVOID* Dest,
_In_ PVOID Src)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
@ -744,7 +746,7 @@ SeExchangePrimaryToken(
* @brief
* Removes the primary token of a process.
*
* @param[in, out] Process
* @param[in,out] Process
* The process instance with the access token to be removed.
*
* @return
@ -752,7 +754,8 @@ SeExchangePrimaryToken(
*/
VOID
NTAPI
SeDeassignPrimaryToken(PEPROCESS Process)
SeDeassignPrimaryToken(
_Inout_ PEPROCESS Process)
{
PTOKEN OldToken;
@ -780,8 +783,9 @@ SeDeassignPrimaryToken(PEPROCESS Process)
* Returns the total length of a SID size.
*/
static ULONG
RtlLengthSidAndAttributes(ULONG Count,
PSID_AND_ATTRIBUTES Src)
RtlLengthSidAndAttributes(
_In_ ULONG Count,
_In_ PSID_AND_ATTRIBUTES Src)
{
ULONG i;
ULONG uLength;
@ -1216,10 +1220,11 @@ Quit:
*/
NTSTATUS
NTAPI
SeSubProcessToken(IN PTOKEN ParentToken,
OUT PTOKEN *Token,
IN BOOLEAN InUse,
IN ULONG SessionId)
SeSubProcessToken(
_In_ PTOKEN ParentToken,
_Out_ PTOKEN *Token,
_In_ BOOLEAN InUse,
_In_ ULONG SessionId)
{
PTOKEN NewToken;
OBJECT_ATTRIBUTES ObjectAttributes;
@ -1275,8 +1280,9 @@ SeSubProcessToken(IN PTOKEN ParentToken,
*/
NTSTATUS
NTAPI
SeIsTokenChild(IN PTOKEN Token,
OUT PBOOLEAN IsChild)
SeIsTokenChild(
_In_ PTOKEN Token,
_Out_ PBOOLEAN IsChild)
{
PTOKEN ProcessToken;
LUID ProcessTokenId, CallerParentId;
@ -1323,8 +1329,9 @@ SeIsTokenChild(IN PTOKEN Token,
*/
NTSTATUS
NTAPI
SeIsTokenSibling(IN PTOKEN Token,
OUT PBOOLEAN IsSibling)
SeIsTokenSibling(
_In_ PTOKEN Token,
_Out_ PBOOLEAN IsSibling)
{
PTOKEN ProcessToken;
LUID ProcessParentId, ProcessAuthId;
@ -1382,10 +1389,11 @@ SeIsTokenSibling(IN PTOKEN Token,
*/
NTSTATUS
NTAPI
SeCopyClientToken(IN PACCESS_TOKEN Token,
IN SECURITY_IMPERSONATION_LEVEL Level,
IN KPROCESSOR_MODE PreviousMode,
OUT PACCESS_TOKEN* NewToken)
SeCopyClientToken(
_In_ PACCESS_TOKEN Token,
_In_ SECURITY_IMPERSONATION_LEVEL Level,
_In_ KPROCESSOR_MODE PreviousMode,
_Out_ PACCESS_TOKEN* NewToken)
{
NTSTATUS Status;
OBJECT_ATTRIBUTES ObjectAttributes;
@ -1423,7 +1431,8 @@ SeCopyClientToken(IN PACCESS_TOKEN Token,
*/
VOID
NTAPI
SepDeleteToken(PVOID ObjectBody)
SepDeleteToken(
_In_ PVOID ObjectBody)
{
NTSTATUS Status;
PTOKEN AccessToken = (PTOKEN)ObjectBody;
@ -1503,8 +1512,9 @@ SepInitializeTokenImplementation(VOID)
*/
VOID
NTAPI
SeAssignPrimaryToken(IN PEPROCESS Process,
IN PTOKEN Token)
SeAssignPrimaryToken(
_In_ PEPROCESS Process,
_In_ PTOKEN Token)
{
PAGED_CODE();
@ -2180,12 +2190,13 @@ SepCreateSystemAnonymousLogonTokenNoEveryone(VOID)
*/
NTSTATUS
NTAPI
SeFilterToken(IN PACCESS_TOKEN ExistingToken,
IN ULONG Flags,
IN PTOKEN_GROUPS SidsToDisable OPTIONAL,
IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL,
IN PTOKEN_GROUPS RestrictedSids OPTIONAL,
OUT PACCESS_TOKEN * FilteredToken)
SeFilterToken(
_In_ PACCESS_TOKEN ExistingToken,
_In_ ULONG Flags,
_In_opt_ PTOKEN_GROUPS SidsToDisable,
_In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete,
_In_opt_ PTOKEN_GROUPS RestrictedSids,
_Out_ PACCESS_TOKEN * FilteredToken)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
@ -2575,8 +2586,9 @@ SeQueryInformationToken(
*/
NTSTATUS
NTAPI
SeQuerySessionIdToken(IN PACCESS_TOKEN Token,
IN PULONG pSessionId)
SeQuerySessionIdToken(
_In_ PACCESS_TOKEN Token,
_Out_ PULONG pSessionId)
{
PAGED_CODE();
@ -2606,8 +2618,9 @@ SeQuerySessionIdToken(IN PACCESS_TOKEN Token,
*/
NTSTATUS
NTAPI
SeQueryAuthenticationIdToken(IN PACCESS_TOKEN Token,
OUT PLUID LogonId)
SeQueryAuthenticationIdToken(
_In_ PACCESS_TOKEN Token,
_Out_ PLUID LogonId)
{
PAGED_CODE();
@ -2628,7 +2641,8 @@ SeQueryAuthenticationIdToken(IN PACCESS_TOKEN Token,
*/
SECURITY_IMPERSONATION_LEVEL
NTAPI
SeTokenImpersonationLevel(IN PACCESS_TOKEN Token)
SeTokenImpersonationLevel(
_In_ PACCESS_TOKEN Token)
{
PAGED_CODE();
@ -2646,8 +2660,10 @@ SeTokenImpersonationLevel(IN PACCESS_TOKEN Token)
* @return
* Returns the token type from a valid token.
*/
TOKEN_TYPE NTAPI
SeTokenType(IN PACCESS_TOKEN Token)
TOKEN_TYPE
NTAPI
SeTokenType(
_In_ PACCESS_TOKEN Token)
{
PAGED_CODE();
@ -2669,7 +2685,8 @@ SeTokenType(IN PACCESS_TOKEN Token)
*/
BOOLEAN
NTAPI
SeTokenIsAdmin(IN PACCESS_TOKEN Token)
SeTokenIsAdmin(
_In_ PACCESS_TOKEN Token)
{
PAGED_CODE();
@ -2691,7 +2708,8 @@ SeTokenIsAdmin(IN PACCESS_TOKEN Token)
*/
BOOLEAN
NTAPI
SeTokenIsRestricted(IN PACCESS_TOKEN Token)
SeTokenIsRestricted(
_In_ PACCESS_TOKEN Token)
{
PAGED_CODE();
@ -2715,7 +2733,8 @@ SeTokenIsRestricted(IN PACCESS_TOKEN Token)
*/
BOOLEAN
NTAPI
SeTokenIsWriteRestricted(IN PACCESS_TOKEN Token)
SeTokenIsWriteRestricted(
_In_ PACCESS_TOKEN Token)
{
PAGED_CODE();
@ -4192,13 +4211,15 @@ NtDuplicateToken(
* @return
* To be added...
*/
NTSTATUS NTAPI
NtAdjustGroupsToken(IN HANDLE TokenHandle,
IN BOOLEAN ResetToDefault,
IN PTOKEN_GROUPS NewState,
IN ULONG BufferLength,
OUT PTOKEN_GROUPS PreviousState OPTIONAL,
OUT PULONG ReturnLength)
NTSTATUS
NTAPI
NtAdjustGroupsToken(
_In_ HANDLE TokenHandle,
_In_ BOOLEAN ResetToDefault,
_In_ PTOKEN_GROUPS NewState,
_In_ ULONG BufferLength,
_Out_opt_ PTOKEN_GROUPS PreviousState,
_Out_ PULONG ReturnLength)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
@ -4946,11 +4967,12 @@ Cleanup:
*/
NTSTATUS
NTAPI
NtOpenThreadTokenEx(IN HANDLE ThreadHandle,
IN ACCESS_MASK DesiredAccess,
IN BOOLEAN OpenAsSelf,
IN ULONG HandleAttributes,
OUT PHANDLE TokenHandle)
NtOpenThreadTokenEx(
_In_ HANDLE ThreadHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ BOOLEAN OpenAsSelf,
_In_ ULONG HandleAttributes,
_Out_ PHANDLE TokenHandle)
{
PETHREAD Thread;
HANDLE hToken;
@ -5145,11 +5167,13 @@ NtOpenThreadTokenEx(IN HANDLE ThreadHandle,
* @return
* See NtOpenThreadTokenEx.
*/
NTSTATUS NTAPI
NtOpenThreadToken(IN HANDLE ThreadHandle,
IN ACCESS_MASK DesiredAccess,
IN BOOLEAN OpenAsSelf,
OUT PHANDLE TokenHandle)
NTSTATUS
NTAPI
NtOpenThreadToken(
_In_ HANDLE ThreadHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ BOOLEAN OpenAsSelf,
_Out_ PHANDLE TokenHandle)
{
return NtOpenThreadTokenEx(ThreadHandle, DesiredAccess, OpenAsSelf, 0,
TokenHandle);
@ -5286,12 +5310,13 @@ NtCompareTokens(
*/
NTSTATUS
NTAPI
NtFilterToken(IN HANDLE ExistingTokenHandle,
IN ULONG Flags,
IN PTOKEN_GROUPS SidsToDisable OPTIONAL,
IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL,
IN PTOKEN_GROUPS RestrictedSids OPTIONAL,
OUT PHANDLE NewTokenHandle)
NtFilterToken(
_In_ HANDLE ExistingTokenHandle,
_In_ ULONG Flags,
_In_opt_ PTOKEN_GROUPS SidsToDisable,
_In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete,
_In_opt_ PTOKEN_GROUPS RestrictedSids,
_Out_ PHANDLE NewTokenHandle)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;

View file

@ -37,8 +37,7 @@ SeCaptureSecurityDescriptor(
_In_ KPROCESSOR_MODE CurrentMode,
_In_ POOL_TYPE PoolType,
_In_ BOOLEAN CaptureIfKernel,
_Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor
);
_Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor);
NTKERNELAPI
NTSTATUS
@ -46,8 +45,7 @@ NTAPI
SeReleaseSecurityDescriptor(
_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor,
_In_ KPROCESSOR_MODE CurrentMode,
_In_ BOOLEAN CaptureIfKernelMode
);
_In_ BOOLEAN CaptureIfKernelMode);
//
// Access States
@ -56,18 +54,16 @@ NTKERNELAPI
NTSTATUS
NTAPI
SeCreateAccessState(
PACCESS_STATE AccessState,
PAUX_ACCESS_DATA AuxData,
ACCESS_MASK Access,
PGENERIC_MAPPING GenericMapping
);
_In_ PACCESS_STATE AccessState,
_In_ PAUX_ACCESS_DATA AuxData,
_In_ ACCESS_MASK Access,
_In_ PGENERIC_MAPPING GenericMapping);
NTKERNELAPI
VOID
NTAPI
SeDeleteAccessState(
_In_ PACCESS_STATE AccessState
);
_In_ PACCESS_STATE AccessState);
//
// Impersonation
@ -76,8 +72,7 @@ NTKERNELAPI
SECURITY_IMPERSONATION_LEVEL
NTAPI
SeTokenImpersonationLevel(
_In_ PACCESS_TOKEN Token
);
_In_ PACCESS_TOKEN Token);
#endif
@ -95,8 +90,7 @@ NtAccessCheck(
_Out_ PPRIVILEGE_SET PrivilegeSet,
_Out_ PULONG ReturnLength,
_Out_ PACCESS_MASK GrantedAccess,
_Out_ PNTSTATUS AccessStatus
);
_Out_ PNTSTATUS AccessStatus);
NTSTATUS
NTAPI
@ -111,8 +105,7 @@ NtAccessCheckByType(
_In_ PPRIVILEGE_SET PrivilegeSet,
_Inout_ PULONG PrivilegeSetLength,
_Out_ PACCESS_MASK GrantedAccess,
_Out_ PNTSTATUS AccessStatus
);
_Out_ PNTSTATUS AccessStatus);
NTSTATUS
NTAPI
@ -127,8 +120,7 @@ NtAccessCheckByTypeResultList(
_In_ PPRIVILEGE_SET PrivilegeSet,
_Inout_ PULONG PrivilegeSetLength,
_Out_ PACCESS_MASK GrantedAccess,
_Out_ PNTSTATUS AccessStatus
);
_Out_ PNTSTATUS AccessStatus);
_Must_inspect_result_
__kernel_entry NTSYSCALLAPI
@ -145,8 +137,7 @@ NtAccessCheckAndAuditAlarm(
_In_ BOOLEAN ObjectCreation,
_Out_ PACCESS_MASK GrantedAccess,
_Out_ PNTSTATUS AccessStatus,
_Out_ PBOOLEAN GenerateOnClose
);
_Out_ PBOOLEAN GenerateOnClose);
_Must_inspect_result_
__kernel_entry
@ -159,8 +150,7 @@ NtAdjustGroupsToken(
_In_opt_ PTOKEN_GROUPS NewState,
_In_opt_ ULONG BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState,
_Out_ PULONG ReturnLength
);
_Out_ PULONG ReturnLength);
_Must_inspect_result_
__kernel_entry
@ -173,25 +163,22 @@ NtAdjustPrivilegesToken(
_In_opt_ PTOKEN_PRIVILEGES NewState,
_In_ ULONG BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState,
_When_(PreviousState != NULL, _Out_) PULONG ReturnLength
);
_When_(PreviousState != NULL, _Out_) PULONG ReturnLength);
NTSYSCALLAPI
NTSTATUS
NTAPI
NtAllocateLocallyUniqueId(
_Out_ LUID *LocallyUniqueId
);
_Out_ LUID *LocallyUniqueId);
NTSYSCALLAPI
NTSTATUS
NTAPI
NtAllocateUuids(
PULARGE_INTEGER Time,
PULONG Range,
PULONG Sequence,
PUCHAR Seed
);
_Out_ PULARGE_INTEGER Time,
_Out_ PULONG Range,
_Out_ PULONG Sequence,
_Out_ PUCHAR Seed);
NTSYSCALLAPI
NTSTATUS
@ -218,8 +205,7 @@ NtCreateToken(
_In_opt_ PTOKEN_OWNER TokenOwner,
_In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
_In_opt_ PTOKEN_DEFAULT_DACL TokenDefaultDacl,
_In_ PTOKEN_SOURCE TokenSource
);
_In_ PTOKEN_SOURCE TokenSource);
_Must_inspect_result_
__kernel_entry
@ -232,15 +218,13 @@ NtDuplicateToken(
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
_In_ BOOLEAN EffectiveOnly,
_In_ TOKEN_TYPE TokenType,
_Out_ PHANDLE NewTokenHandle
);
_Out_ PHANDLE NewTokenHandle);
NTSYSCALLAPI
NTSTATUS
NTAPI
NtImpersonateAnonymousToken(
_In_ HANDLE ThreadHandle
);
_In_ HANDLE ThreadHandle);
__kernel_entry
NTSYSCALLAPI
@ -258,8 +242,7 @@ NtOpenObjectAuditAlarm(
_In_opt_ PPRIVILEGE_SET Privileges,
_In_ BOOLEAN ObjectCreation,
_In_ BOOLEAN AccessGranted,
_Out_ PBOOLEAN GenerateOnClose
);
_Out_ PBOOLEAN GenerateOnClose);
NTSYSCALLAPI
NTSTATUS
@ -268,8 +251,7 @@ NtOpenProcessTokenEx(
_In_ HANDLE ProcessHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ ULONG HandleAttributes,
_Out_ PHANDLE TokenHandle
);
_Out_ PHANDLE TokenHandle);
_Must_inspect_result_
__kernel_entry
@ -279,8 +261,7 @@ NTAPI
NtPrivilegeCheck(
_In_ HANDLE ClientToken,
_Inout_ PPRIVILEGE_SET RequiredPrivileges,
_Out_ PBOOLEAN Result
);
_Out_ PBOOLEAN Result);
NTSYSCALLAPI
NTSTATUS
@ -290,8 +271,7 @@ NtPrivilegedServiceAuditAlarm(
_In_ PUNICODE_STRING ServiceName,
_In_ HANDLE ClientToken,
_In_ PPRIVILEGE_SET Privileges,
_In_ BOOLEAN AccessGranted
);
_In_ BOOLEAN AccessGranted);
__kernel_entry
NTSYSCALLAPI
@ -303,8 +283,7 @@ NtPrivilegeObjectAuditAlarm(
_In_ HANDLE ClientToken,
_In_ ACCESS_MASK DesiredAccess,
_In_ PPRIVILEGE_SET Privileges,
_In_ BOOLEAN AccessGranted
);
_In_ BOOLEAN AccessGranted);
_When_(TokenInformationClass == TokenAccessInformation,
_At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION))))
@ -318,8 +297,7 @@ NtQueryInformationToken(
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
_Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation,
_In_ ULONG TokenInformationLength,
_Out_ PULONG ReturnLength
);
_Out_ PULONG ReturnLength);
_Must_inspect_result_
__kernel_entry
@ -330,8 +308,7 @@ NtSetInformationToken(
_In_ HANDLE TokenHandle,
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
_In_reads_bytes_(TokenInformationLength) PVOID TokenInformation,
_In_ ULONG TokenInformationLength
);
_In_ ULONG TokenInformationLength);
NTSYSAPI
NTSTATUS
@ -344,8 +321,7 @@ ZwAccessCheck(
_Out_ PPRIVILEGE_SET PrivilegeSet,
_Out_ PULONG ReturnLength,
_Out_ PACCESS_MASK GrantedAccess,
_Out_ PNTSTATUS AccessStatus
);
_Out_ PNTSTATUS AccessStatus);
NTSYSAPI
NTSTATUS
@ -356,8 +332,7 @@ ZwAdjustGroupsToken(
_In_ PTOKEN_GROUPS NewState,
_In_ ULONG BufferLength,
_Out_opt_ PTOKEN_GROUPS PreviousState,
_Out_ PULONG ReturnLength
);
_Out_ PULONG ReturnLength);
_Must_inspect_result_
NTSYSAPI
@ -369,25 +344,22 @@ ZwAdjustPrivilegesToken(
_In_opt_ PTOKEN_PRIVILEGES NewState,
_In_ ULONG BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState,
_When_(PreviousState != NULL, _Out_) PULONG ReturnLength
);
_When_(PreviousState != NULL, _Out_) PULONG ReturnLength);
NTSYSAPI
NTSTATUS
NTAPI
ZwAllocateLocallyUniqueId(
_Out_ LUID *LocallyUniqueId
);
_Out_ LUID *LocallyUniqueId);
NTSYSAPI
NTSTATUS
NTAPI
ZwAllocateUuids(
PULARGE_INTEGER Time,
PULONG Range,
PULONG Sequence,
PUCHAR Seed
);
_Out_ PULARGE_INTEGER Time,
_Out_ PULONG Range,
_Out_ PULONG Sequence,
_Out_ PUCHAR Seed);
NTSYSAPI
NTSTATUS
@ -405,8 +377,7 @@ ZwCreateToken(
_In_ PTOKEN_OWNER TokenOwner,
_In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
_In_ PTOKEN_DEFAULT_DACL TokenDefaultDacl,
_In_ PTOKEN_SOURCE TokenSource
);
_In_ PTOKEN_SOURCE TokenSource);
_IRQL_requires_max_(PASSIVE_LEVEL)
NTSYSAPI
@ -418,15 +389,13 @@ ZwDuplicateToken(
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
_In_ BOOLEAN EffectiveOnly,
_In_ TOKEN_TYPE TokenType,
_Out_ PHANDLE NewTokenHandle
);
_Out_ PHANDLE NewTokenHandle);
NTSYSAPI
NTSTATUS
NTAPI
ZwImpersonateAnonymousToken(
_In_ HANDLE Thread
);
_In_ HANDLE Thread);
NTSYSAPI
NTSTATUS
@ -443,8 +412,7 @@ ZwOpenObjectAuditAlarm(
_In_ PPRIVILEGE_SET Privileges,
_In_ BOOLEAN ObjectCreation,
_In_ BOOLEAN AccessGranted,
_Out_ PBOOLEAN GenerateOnClose
);
_Out_ PBOOLEAN GenerateOnClose);
_IRQL_requires_max_(PASSIVE_LEVEL)
NTSYSAPI
@ -453,8 +421,7 @@ NTAPI
ZwOpenProcessToken(
_In_ HANDLE ProcessHandle,
_In_ ACCESS_MASK DesiredAccess,
_Out_ PHANDLE TokenHandle
);
_Out_ PHANDLE TokenHandle);
NTSYSAPI
NTSTATUS
@ -463,8 +430,7 @@ ZwOpenProcessTokenEx(
_In_ HANDLE ProcessHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ ULONG HandleAttributes,
_Out_ PHANDLE TokenHandle
);
_Out_ PHANDLE TokenHandle);
NTSYSAPI
NTSTATUS
@ -472,8 +438,7 @@ NTAPI
ZwPrivilegeCheck(
_In_ HANDLE ClientToken,
_In_ PPRIVILEGE_SET RequiredPrivileges,
_In_ PBOOLEAN Result
);
_In_ PBOOLEAN Result);
NTSYSAPI
NTSTATUS
@ -483,8 +448,7 @@ ZwPrivilegedServiceAuditAlarm(
_In_ PUNICODE_STRING ServiceName,
_In_ HANDLE ClientToken,
_In_ PPRIVILEGE_SET Privileges,
_In_ BOOLEAN AccessGranted
);
_In_ BOOLEAN AccessGranted);
NTSYSAPI
NTSTATUS
@ -495,8 +459,7 @@ ZwPrivilegeObjectAuditAlarm(
_In_ HANDLE ClientToken,
_In_ ULONG DesiredAccess,
_In_ PPRIVILEGE_SET Privileges,
_In_ BOOLEAN AccessGranted
);
_In_ BOOLEAN AccessGranted);
_IRQL_requires_max_(PASSIVE_LEVEL)
NTSYSAPI
@ -507,8 +470,7 @@ ZwQueryInformationToken(
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
_Out_writes_bytes_to_opt_(Length,*ResultLength) PVOID TokenInformation,
_In_ ULONG Length,
_Out_ PULONG ResultLength
);
_Out_ PULONG ResultLength);
NTSYSAPI
NTSTATUS
@ -517,6 +479,6 @@ ZwSetInformationToken(
_In_ HANDLE TokenHandle,
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
_Out_ PVOID TokenInformation,
_In_ ULONG TokenInformationLength
);
_In_ ULONG TokenInformationLength);
#endif