/****************************************************************************** * Security Manager Functions * ******************************************************************************/ #if (NTDDI_VERSION >= NTDDI_WIN2K) $if (_WDMDDK_) _IRQL_requires_max_(PASSIVE_LEVEL) NTKERNELAPI BOOLEAN NTAPI SeAccessCheck( _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _In_ BOOLEAN SubjectContextLocked, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Outptr_opt_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus); _IRQL_requires_max_(PASSIVE_LEVEL) NTKERNELAPI NTSTATUS NTAPI SeAssignSecurity( _In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor, _In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor, _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, _In_ BOOLEAN IsDirectoryObject, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PGENERIC_MAPPING GenericMapping, _In_ POOL_TYPE PoolType); NTKERNELAPI NTSTATUS NTAPI SeAssignSecurityEx( _In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor, _In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor, _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, _In_opt_ GUID *ObjectType, _In_ BOOLEAN IsDirectoryObject, _In_ ULONG AutoInheritFlags, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PGENERIC_MAPPING GenericMapping, _In_ POOL_TYPE PoolType); _IRQL_requires_max_(PASSIVE_LEVEL) NTKERNELAPI NTSTATUS NTAPI SeDeassignSecurity( _Inout_ PSECURITY_DESCRIPTOR *SecurityDescriptor); _IRQL_requires_max_(PASSIVE_LEVEL) NTKERNELAPI BOOLEAN NTAPI SeValidSecurityDescriptor( _In_ ULONG Length, _In_reads_bytes_(Length) PSECURITY_DESCRIPTOR SecurityDescriptor); NTKERNELAPI ULONG NTAPI SeObjectCreateSaclAccessBits( _In_ PSECURITY_DESCRIPTOR SecurityDescriptor); NTKERNELAPI VOID NTAPI SeReleaseSubjectContext( _Inout_ PSECURITY_SUBJECT_CONTEXT SubjectContext); NTKERNELAPI VOID NTAPI SeUnlockSubjectContext( _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext); NTKERNELAPI VOID NTAPI SeCaptureSubjectContext( _Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext); NTKERNELAPI VOID NTAPI SeLockSubjectContext( _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext); $endif (_WDMDDK_) $if (_NTDDK_) _IRQL_requires_max_(PASSIVE_LEVEL) NTKERNELAPI BOOLEAN NTAPI SeSinglePrivilegeCheck( _In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode); $endif (_NTDDK_) $if (_NTIFS_) NTKERNELAPI VOID NTAPI SeReleaseSubjectContext( _Inout_ PSECURITY_SUBJECT_CONTEXT SubjectContext); NTKERNELAPI BOOLEAN NTAPI SePrivilegeCheck( _Inout_ PPRIVILEGE_SET RequiredPrivileges, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE AccessMode); NTKERNELAPI VOID NTAPI SeOpenObjectAuditAlarm( _In_ PUNICODE_STRING ObjectTypeName, _In_opt_ PVOID Object, _In_opt_ PUNICODE_STRING AbsoluteObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ BOOLEAN ObjectCreated, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE AccessMode, _Out_ PBOOLEAN GenerateOnClose); NTKERNELAPI VOID NTAPI SeOpenObjectForDeleteAuditAlarm( _In_ PUNICODE_STRING ObjectTypeName, _In_opt_ PVOID Object, _In_opt_ PUNICODE_STRING AbsoluteObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ BOOLEAN ObjectCreated, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE AccessMode, _Out_ PBOOLEAN GenerateOnClose); NTKERNELAPI VOID NTAPI SeDeleteObjectAuditAlarm( _In_ PVOID Object, _In_ HANDLE Handle); NTKERNELAPI TOKEN_TYPE NTAPI SeTokenType( _In_ PACCESS_TOKEN Token); NTKERNELAPI BOOLEAN NTAPI SeTokenIsAdmin( _In_ PACCESS_TOKEN Token); NTKERNELAPI BOOLEAN NTAPI SeTokenIsRestricted( _In_ PACCESS_TOKEN Token); NTKERNELAPI NTSTATUS NTAPI SeQueryAuthenticationIdToken( _In_ PACCESS_TOKEN Token, _Out_ PLUID AuthenticationId); NTKERNELAPI NTSTATUS NTAPI SeQuerySessionIdToken( _In_ PACCESS_TOKEN Token, _Out_ PULONG SessionId); NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurity( _In_ PETHREAD ClientThread, _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, _In_ BOOLEAN RemoteSession, _Out_ PSECURITY_CLIENT_CONTEXT ClientContext); NTKERNELAPI VOID NTAPI SeImpersonateClient( _In_ PSECURITY_CLIENT_CONTEXT ClientContext, _In_opt_ PETHREAD ServerThread); NTKERNELAPI NTSTATUS NTAPI SeImpersonateClientEx( _In_ PSECURITY_CLIENT_CONTEXT ClientContext, _In_opt_ PETHREAD ServerThread); NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurityFromSubjectContext( _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, _In_ BOOLEAN ServerIsRemote, _Out_ PSECURITY_CLIENT_CONTEXT ClientContext); NTKERNELAPI NTSTATUS NTAPI SeQuerySecurityDescriptorInfo( _In_ PSECURITY_INFORMATION SecurityInformation, _Out_writes_bytes_(*Length) PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PULONG Length, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor); NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfo( _In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping); NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfoEx( _In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR ModificationDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ ULONG AutoInheritFlags, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping); NTKERNELAPI NTSTATUS NTAPI SeAppendPrivileges( _Inout_ PACCESS_STATE AccessState, _In_ PPRIVILEGE_SET Privileges); NTKERNELAPI BOOLEAN NTAPI SeAuditingFileEvents( _In_ BOOLEAN AccessGranted, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor); NTKERNELAPI BOOLEAN NTAPI SeAuditingFileOrGlobalEvents( _In_ BOOLEAN AccessGranted, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext); VOID NTAPI SeSetAccessStateGenericMapping( _Inout_ PACCESS_STATE AccessState, _In_ PGENERIC_MAPPING GenericMapping); NTKERNELAPI NTSTATUS NTAPI SeRegisterLogonSessionTerminatedRoutine( _In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine); NTKERNELAPI NTSTATUS NTAPI SeUnregisterLogonSessionTerminatedRoutine( _In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine); NTKERNELAPI NTSTATUS NTAPI SeMarkLogonSessionForTerminationNotification( _In_ PLUID LogonId); NTKERNELAPI NTSTATUS NTAPI SeQueryInformationToken( _In_ PACCESS_TOKEN Token, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Outptr_result_buffer_(_Inexpressible_(token-dependent)) PVOID *TokenInformation); $endif (_NTIFS_) #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ $if (_NTIFS_) #if (NTDDI_VERSION >= NTDDI_WIN2KSP3) NTKERNELAPI BOOLEAN NTAPI SeAuditingHardLinkEvents( _In_ BOOLEAN AccessGranted, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor); #endif #if (NTDDI_VERSION >= NTDDI_WINXP) NTKERNELAPI NTSTATUS NTAPI SeFilterToken( _In_ PACCESS_TOKEN ExistingToken, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Outptr_ PACCESS_TOKEN *FilteredToken); NTKERNELAPI VOID NTAPI SeAuditHardLinkCreation( _In_ PUNICODE_STRING FileName, _In_ PUNICODE_STRING LinkName, _In_ BOOLEAN bSuccess); #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ #if (NTDDI_VERSION >= NTDDI_WINXPSP2) NTKERNELAPI BOOLEAN NTAPI SeAuditingFileEventsWithContext( _In_ BOOLEAN AccessGranted, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext); NTKERNELAPI BOOLEAN NTAPI SeAuditingHardLinkEventsWithContext( _In_ BOOLEAN AccessGranted, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext); #endif $endif (_NTIFS_) $if (_WDMDDK_) #if (NTDDI_VERSION >= NTDDI_WS03SP1) _At_(AuditParameters->ParameterCount, _Const_) NTSTATUS NTAPI SeSetAuditParameter( _Inout_ PSE_ADT_PARAMETER_ARRAY AuditParameters, _In_ SE_ADT_PARAMETER_TYPE Type, _In_range_(<,SE_MAX_AUDIT_PARAMETERS) ULONG Index, _In_reads_(_Inexpressible_("depends on SE_ADT_PARAMETER_TYPE")) PVOID Data); NTSTATUS NTAPI SeReportSecurityEvent( _In_ ULONG Flags, _In_ PUNICODE_STRING SourceName, _In_opt_ PSID UserSid, _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters); #endif /* (NTDDI_VERSION >= NTDDI_WS03SP1) */ $endif (_WDMDDK_) $if (_WDMDDK_ || _NTIFS_) #if (NTDDI_VERSION >= NTDDI_VISTA) $endif (_WDMDDK_ || _NTIFS_) $if (_WDMDDK_) NTKERNELAPI ULONG NTAPI SeComputeAutoInheritByObjectType( _In_ PVOID ObjectType, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSECURITY_DESCRIPTOR ParentSecurityDescriptor); #ifdef SE_NTFS_WORLD_CACHE VOID NTAPI SeGetWorldRights( _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PGENERIC_MAPPING GenericMapping, _Out_ PACCESS_MASK GrantedAccess); #endif /* SE_NTFS_WORLD_CACHE */ $endif (_WDMDDK_) $if (_NTIFS_) NTKERNELAPI VOID NTAPI SeOpenObjectAuditAlarmWithTransaction( _In_ PUNICODE_STRING ObjectTypeName, _In_opt_ PVOID Object, _In_opt_ PUNICODE_STRING AbsoluteObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ BOOLEAN ObjectCreated, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE AccessMode, _In_opt_ GUID *TransactionId, _Out_ PBOOLEAN GenerateOnClose); NTKERNELAPI VOID NTAPI SeOpenObjectForDeleteAuditAlarmWithTransaction( _In_ PUNICODE_STRING ObjectTypeName, _In_opt_ PVOID Object, _In_opt_ PUNICODE_STRING AbsoluteObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ BOOLEAN ObjectCreated, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE AccessMode, _In_opt_ GUID *TransactionId, _Out_ PBOOLEAN GenerateOnClose); NTKERNELAPI VOID NTAPI SeExamineSacl( _In_ PACL Sacl, _In_ PACCESS_TOKEN Token, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateAudit, _Out_ PBOOLEAN GenerateAlarm); NTKERNELAPI VOID NTAPI SeDeleteObjectAuditAlarmWithTransaction( _In_ PVOID Object, _In_ HANDLE Handle, _In_opt_ GUID *TransactionId); NTKERNELAPI VOID NTAPI SeQueryTokenIntegrity( _In_ PACCESS_TOKEN Token, _Inout_ PSID_AND_ATTRIBUTES IntegritySA); NTKERNELAPI NTSTATUS NTAPI SeSetSessionIdToken( _In_ PACCESS_TOKEN Token, _In_ ULONG SessionId); NTKERNELAPI VOID NTAPI SeAuditHardLinkCreationWithTransaction( _In_ PUNICODE_STRING FileName, _In_ PUNICODE_STRING LinkName, _In_ BOOLEAN bSuccess, _In_opt_ GUID *TransactionId); NTKERNELAPI VOID NTAPI SeAuditTransactionStateChange( _In_ GUID *TransactionId, _In_ GUID *ResourceManagerId, _In_ ULONG NewTransactionState); $endif (_NTIFS_) $if (_WDMDDK_ || _NTIFS_) #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ $endif (_WDMDDK_ || _NTIFS_) $if (_NTIFS_) #if (NTDDI_VERSION >= NTDDI_VISTA || (NTDDI_VERSION >= NTDDI_WINXPSP2 && NTDDI_VERSION < NTDDI_WS03)) NTKERNELAPI BOOLEAN NTAPI SeTokenIsWriteRestricted( _In_ PACCESS_TOKEN Token); #endif #if (NTDDI_VERSION >= NTDDI_WIN7) NTKERNELAPI BOOLEAN NTAPI SeAuditingAnyFileEventsWithContext( _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _Out_opt_ PBOOLEAN StagingEnabled); NTKERNELAPI VOID NTAPI SeExamineGlobalSacl( _In_ PUNICODE_STRING ObjectType, _In_ PACL ResourceSacl, _In_ PACCESS_TOKEN Token, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN AccessGranted, _Inout_ PBOOLEAN GenerateAudit, _Inout_opt_ PBOOLEAN GenerateAlarm); NTKERNELAPI VOID NTAPI SeMaximumAuditMaskFromGlobalSacl( _In_opt_ PUNICODE_STRING ObjectTypeName, _In_ ACCESS_MASK GrantedAccess, _In_ PACCESS_TOKEN Token, _Inout_ PACCESS_MASK AuditMask); #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ NTSTATUS NTAPI SeReportSecurityEventWithSubCategory( _In_ ULONG Flags, _In_ PUNICODE_STRING SourceName, _In_opt_ PSID UserSid, _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters, _In_ ULONG AuditSubcategoryId); BOOLEAN NTAPI SeAccessCheckFromState( _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PTOKEN_ACCESS_INFORMATION PrimaryTokenInformation, _In_opt_ PTOKEN_ACCESS_INFORMATION ClientTokenInformation, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Outptr_opt_result_maybenull_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus); NTKERNELAPI VOID NTAPI SeFreePrivileges( _In_ PPRIVILEGE_SET Privileges); NTSTATUS NTAPI SeLocateProcessImageName( _Inout_ PEPROCESS Process, _Outptr_ PUNICODE_STRING *pImageFileName); #define SeLengthSid( Sid ) \ (8 + (4 * ((SID *)Sid)->SubAuthorityCount)) #define SeDeleteClientSecurity(C) { \ if (SeTokenType((C)->ClientToken) == TokenPrimary) { \ PsDereferencePrimaryToken( (C)->ClientToken ); \ } else { \ PsDereferenceImpersonationToken( (C)->ClientToken ); \ } \ } #define SeStopImpersonatingClient() PsRevertToSelf() #define SeQuerySubjectContextToken( SubjectContext ) \ ( ARGUMENT_PRESENT( \ ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \ ) ? \ ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \ ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken ) extern NTKERNELAPI PSE_EXPORTS SeExports; $endif (_NTIFS_)