/*
* authz.h
*
* Authorization Framework
*
* THIS SOFTWARE IS NOT COPYRIGHTED
*
* This source code is offered for use in the public domain. You may
* use, modify or distribute it freely.
*
* This code is distributed in the hope that it will be useful but
* WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
* DISCLAIMED. This includes but is not limited to warranties of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*
*/
#ifndef __AUTHZ_H
#define __AUTHZ_H
#if !defined(_AUTHZ_)
#define AUTHZAPI DECLSPEC_IMPORT
#else
#define AUTHZAPI
#endif
#ifdef __cplusplus
extern "C" {
#endif
#define AUTHZ_ACCESS_CHECK_NO_DEEP_COPY_SD 0x1
#define AUTHZ_GENERATE_SUCCESS_AUDIT 0x1
#define AUTHZ_GENERATE_FAILURE_AUDIT 0x2
#define AUTHZ_SKIP_TOKEN_GROUPS 0x2
#define AUTHZ_REQUIRE_S4U_LOGON 0x4
#define AUTHZ_NO_SUCCESS_AUDIT 0x1
#define AUTHZ_NO_FAILURE_AUDIT 0x2
#define AUTHZ_NO_ALLOC_STRINGS 0x4
#define AUTHZ_RM_FLAG_NO_AUDIT 0x1
#define AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION 0x2
typedef HANDLE AUTHZ_CLIENT_CONTEXT_HANDLE, *PAUTHZ_CLIENT_CONTEXT_HANDLE;
typedef HANDLE AUTHZ_AUDIT_INFO_HANDLE, *PAUTHZ_AUDIT_INFO_HANDLE;
typedef HANDLE AUTHZ_AUDIT_EVENT_HANDLE, *PAUTHZ_AUDIT_EVENT_HANDLE;
typedef HANDLE AUTHZ_AUDIT_EVENT_TYPE_HANDLE, *PAUTHZ_AUDIT_EVENT_TYPE_HANDLE;
typedef HANDLE AUTHZ_ACCESS_CHECK_RESULTS_HANDLE, *PAUTHZ_ACCESS_CHECK_RESULTS_HANDLE;
typedef HANDLE AUTHZ_RESOURCE_MANAGER_HANDLE, *PAUTHZ_RESOURCE_MANAGER_HANDLE;
typedef HANDLE AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE, *PAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE;
#if !defined(_ADTGEN_H)
/* FIXME - AUDIT_PARAMS is defined in adtgen.h!!!!! */
typedef PVOID PAUDIT_PARAMS;
#endif
typedef enum _AUTHZ_CONTEXT_INFORMATION_CLASS
{
AuthzContextInfoUserSid = 1,
AuthzContextInfoGroupsSids,
AuthzContextInfoRestrictedSids,
AuthzContextInfoPrivileges,
AuthzContextInfoExpirationTime,
AuthzContextInfoServerContext,
AuthzContextInfoIdentifier,
AuthzContextInfoSource,
AuthzContextInfoAll,
AuthzContextInfoAuthenticationId
} AUTHZ_CONTEXT_INFORMATION_CLASS, *PAUTHZ_CONTEXT_INFORMATION_CLASS;
typedef struct _AUTHZ_ACCESS_REQUEST
{
ACCESS_MASK DesiredAccess;
PSID PrincipalSelfSid;
POBJECT_TYPE_LIST ObjectTypeList;
DWORD ObjectTypeListLength;
PVOID OptionalArguments;
} AUTHZ_ACCESS_REQUEST, *PAUTHZ_ACCESS_REQUEST;
typedef struct _AUTHZ_ACCESS_REPLY
{
DWORD ResultListLength;
PACCESS_MASK GrantedAccessMask;
PDWORD SaclEvaluationResults;
PDWORD Error;
} AUTHZ_ACCESS_REPLY, *PAUTHZ_ACCESS_REPLY;
typedef struct _AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET
{
PWSTR szObjectTypeName;
DWORD dwOffset;
} AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET, *PAUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET;
typedef struct _AUTHZ_SOURCE_SCHEMA_REGISTRATION
{
DWORD dwFlags;
PWSTR szEventSourceName;
PWSTR szEventMessageFile;
PWSTR szEventSourceXmlSchemaFile;
PWSTR szEventAccessStringsFile;
PWSTR szExecutableImagePath;
PVOID pReserved;
DWORD dwObjectTypeNameCount;
AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET ObjectTypeNames[ANYSIZE_ARRAY];
} AUTHZ_SOURCE_SCHEMA_REGISTRATION, *PAUTHZ_SOURCE_SCHEMA_REGISTRATION;
typedef BOOL (CALLBACK *PFN_AUTHZ_DYNAMIC_ACCESS_CHECK)(IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
IN PACE_HEADER pAce,
IN PVOID pArgs OPTIONAL,
IN OUT PBOOL pbAceApplicable);
typedef BOOL (CALLBACK *PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS)(IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
IN PVOID Args,
OUT PSID_AND_ATTRIBUTES* pSidAttrArray,
OUT PDWORD pSidCount,
OUT PSID_AND_ATTRIBUTES* pRestrictedSidAttrArray,
OUT PDWORD pRestrictedSidCount);
typedef VOID (CALLBACK *PFN_AUTHZ_FREE_DYNAMIC_GROUPS)(IN PSID_AND_ATTRIBUTES pSidAttrArray);
AUTHZAPI
BOOL
WINAPI
AuthzAccessCheck(IN DWORD flags,
IN AUTHZ_CLIENT_CONTEXT_HANDLE AuthzClientContext,
IN PAUTHZ_ACCESS_REQUEST pRequest,
IN AUTHZ_AUDIT_INFO_HANDLE AuditInfo,
IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
IN PSECURITY_DESCRIPTOR* OptionalSecurityDescriptorArray,
IN DWORD OptionalSecurityDescriptorCount OPTIONAL,
IN OUT PAUTHZ_ACCESS_REPLY pReply,
OUT PAUTHZ_ACCESS_CHECK_RESULTS_HANDLE pAuthzHandle);
AUTHZAPI
BOOL
WINAPI
AuthzAddSidsToContext(IN AUTHZ_CLIENT_CONTEXT_HANDLE OrigClientContext,
IN PSID_AND_ATTRIBUTES Sids,
IN DWORD SidCount,
IN PSID_AND_ATTRIBUTES RestrictedSids,
IN DWORD RestrictedSidCount,
OUT PAUTHZ_CLIENT_CONTEXT_HANDLE pNewClientContext);
AUTHZAPI
BOOL
WINAPI
AuthzCachedAccessCheck(IN DWORD Flags,
IN AUTHZ_ACCESS_CHECK_RESULTS_HANDLE AuthzHandle,
IN PAUTHZ_ACCESS_REQUEST pRequest,
IN AUTHZ_AUDIT_EVENT_HANDLE AuditInfo,
OUT PAUTHZ_ACCESS_REPLY pReply);
AUTHZAPI
BOOL
WINAPI
AuthzEnumerateSecurityEventSources(IN DWORD dwFlags,
OUT PAUTHZ_SOURCE_SCHEMA_REGISTRATION Buffer,
OUT PDWORD pdwCount,
IN OUT PDWORD pdwLength);
AUTHZAPI
BOOL
WINAPI
AuthzFreeAuditEvent(IN AUTHZ_AUDIT_EVENT_HANDLE pAuditEventInfo);
AUTHZAPI
BOOL
WINAPI
AuthzFreeContext(IN AUTHZ_CLIENT_CONTEXT_HANDLE AuthzClientContext);
AUTHZAPI
BOOL
WINAPI
AuthzFreeHandle(IN AUTHZ_ACCESS_CHECK_RESULTS_HANDLE AuthzHandle);
AUTHZAPI
BOOL
WINAPI
AuthzFreeResourceManager(IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager);
AUTHZAPI
BOOL
WINAPI
AuthzGetInformationFromContext(IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
IN AUTHZ_CONTEXT_INFORMATION_CLASS InfoClass,
IN DWORD BufferSize,
OUT PDWORD pSizeRequired,
OUT PVOID Buffer);
AUTHZAPI
BOOL
WINAPI
AuthzInitializeContextFromAuthzContext(IN DWORD flags,
IN AUTHZ_CLIENT_CONTEXT_HANDLE AuthzHandle,
IN PLARGE_INTEGER ExpirationTime,
IN LUID Identifier,
IN PVOID DynamicGroupArgs,
OUT PAUTHZ_CLIENT_CONTEXT_HANDLE phNewAuthzHandle);
AUTHZAPI
BOOL
WINAPI
AuthzInitializeContextFromSid(IN DWORD Flags,
IN PSID UserSid,
IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager,
IN PLARGE_INTEGER pExpirationTime,
IN LUID Identifier,
IN PVOID DynamicGroupArgs,
OUT PAUTHZ_CLIENT_CONTEXT_HANDLE pAuthzClientContext);
AUTHZAPI
BOOL
WINAPI
AuthzInitializeContextFromToken(IN DWORD Flags,
IN HANDLE TokenHandle,
IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager,
IN PLARGE_INTEGER pExpirationTime,
IN LUID Identifier,
IN PVOID DynamicGroupArgs,
OUT PAUTHZ_CLIENT_CONTEXT_HANDLE pAuthzClientContext);
AUTHZAPI
BOOL
WINAPIV
AuthzInitializeObjectAccessAuditEvent(IN DWORD Flags,
IN AUTHZ_AUDIT_EVENT_TYPE_HANDLE hAuditEventType,
IN PWSTR szOperationType,
IN PWSTR szObjectType,
IN PWSTR szObjectName,
IN PWSTR szAdditionalInfo,
OUT PAUTHZ_AUDIT_EVENT_HANDLE phAuditEvent,
IN DWORD dwAdditionalParameterCount,
...);
AUTHZAPI
BOOL
WINAPIV
AuthzInitializeObjectAccessAuditEvent2(IN DWORD Flags,
IN AUTHZ_AUDIT_EVENT_TYPE_HANDLE hAuditEventType,
IN PWSTR szOperationType,
IN PWSTR szObjectType,
IN PWSTR szObjectName,
IN PWSTR szAdditionalInfo,
IN PWSTR szAdditionalInfo2,
OUT PAUTHZ_AUDIT_EVENT_HANDLE phAuditEvent,
IN DWORD dwAdditionalParameterCount,
...);
AUTHZAPI
BOOL
WINAPI
AuthzInitializeResourceManager(IN DWORD flags,
IN PFN_AUTHZ_DYNAMIC_ACCESS_CHECK pfnAccessCheck,
IN PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS pfnComputeDynamicGroups,
IN PFN_AUTHZ_FREE_DYNAMIC_GROUPS pfnFreeDynamicGroups,
IN PCWSTR ResourceManagerName,
IN PAUTHZ_RESOURCE_MANAGER_HANDLE pAuthzResourceManager);
AUTHZAPI
BOOL
WINAPI
AuthzInstallSecurityEventSource(IN DWORD dwFlags,
IN PAUTHZ_SOURCE_SCHEMA_REGISTRATION pRegistration);
AUTHZAPI
BOOL
WINAPI
AuthzOpenObjectAudit(IN DWORD Flags,
IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
IN PAUTHZ_ACCESS_REQUEST pRequest,
IN AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent,
IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
IN PSECURITY_DESCRIPTOR* SecurityDescriptorArray,
IN DWORD SecurityDescriptorCount,
OUT PAUTHZ_ACCESS_REPLY pReply);
AUTHZAPI
BOOL
WINAPI
AuthzRegisterSecurityEventSource(IN DWORD dwFlags,
IN PCWSTR szEventSourceName,
IN PAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE phEventProvider);
AUTHZAPI
BOOL
WINAPIV
AuthzReportSecurityEvent(IN DWORD dwFlags,
IN AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE hEventProvider,
IN DWORD dwAuditId,
IN PSID pUserSid OPTIONAL,
IN DWORD dwCount,
...);
AUTHZAPI
BOOL
WINAPI
AuthzReportSecurityEventFromParams(IN DWORD dwFlags,
IN AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE hEventProvider,
IN DWORD dwAuditId,
IN PSID pUserSid OPTIONAL,
IN PAUDIT_PARAMS pParams);
AUTHZAPI
BOOL
WINAPI
AuthzUninstallSecurityEventSource(IN DWORD dwFlags,
IN PWSTR szEventSourceName);
AUTHZAPI
BOOL
WINAPI
AuthzUnregisterSecurityEventSource(IN DWORD dwFlags,
IN OUT PAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE phEventProvider);
#ifdef __cplusplus
}
#endif
#endif /* __AUTHZ_H */