mirror of
https://github.com/reactos/reactos.git
synced 2024-12-28 10:04:49 +00:00
edcf3f5363
The newly updated SAL2 annotations reflect those from Process Hacker. Also these syscalls must have their function's status code checked, as most of other Native syscalls have them checked.
504 lines
12 KiB
C
504 lines
12 KiB
C
/*++ NDK Version: 0098
|
|
|
|
Copyright (c) Alex Ionescu. All rights reserved.
|
|
|
|
Header Name:
|
|
|
|
sefuncs.h
|
|
|
|
Abstract:
|
|
|
|
Function definitions for the security manager.
|
|
|
|
Author:
|
|
|
|
Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
|
|
George Bișoc (george.bisoc@reactos.org) - Updated - 23-Apr-2023
|
|
|
|
--*/
|
|
|
|
#ifndef _SEFUNCS_H
|
|
#define _SEFUNCS_H
|
|
|
|
//
|
|
// Dependencies
|
|
//
|
|
#include <umtypes.h>
|
|
|
|
#ifndef NTOS_MODE_USER
|
|
|
|
//
|
|
// Security Descriptors
|
|
//
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
SeCaptureSecurityDescriptor(
|
|
_In_ PSECURITY_DESCRIPTOR OriginalSecurityDescriptor,
|
|
_In_ KPROCESSOR_MODE CurrentMode,
|
|
_In_ POOL_TYPE PoolType,
|
|
_In_ BOOLEAN CaptureIfKernel,
|
|
_Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor);
|
|
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
SeReleaseSecurityDescriptor(
|
|
_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor,
|
|
_In_ KPROCESSOR_MODE CurrentMode,
|
|
_In_ BOOLEAN CaptureIfKernelMode);
|
|
|
|
//
|
|
// Access States
|
|
//
|
|
NTKERNELAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
SeCreateAccessState(
|
|
_In_ PACCESS_STATE AccessState,
|
|
_In_ PAUX_ACCESS_DATA AuxData,
|
|
_In_ ACCESS_MASK Access,
|
|
_In_ PGENERIC_MAPPING GenericMapping);
|
|
|
|
NTKERNELAPI
|
|
VOID
|
|
NTAPI
|
|
SeDeleteAccessState(
|
|
_In_ PACCESS_STATE AccessState);
|
|
|
|
//
|
|
// Impersonation
|
|
//
|
|
NTKERNELAPI
|
|
SECURITY_IMPERSONATION_LEVEL
|
|
NTAPI
|
|
SeTokenImpersonationLevel(
|
|
_In_ PACCESS_TOKEN Token);
|
|
|
|
#endif
|
|
|
|
//
|
|
// Native Calls
|
|
//
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAccessCheck(
|
|
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
_In_ HANDLE ClientToken,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ PGENERIC_MAPPING GenericMapping,
|
|
_Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet,
|
|
_Inout_ PULONG PrivilegeSetLength,
|
|
_Out_ PACCESS_MASK GrantedAccess,
|
|
_Out_ PNTSTATUS AccessStatus);
|
|
|
|
_Must_inspect_result_
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAccessCheckByType(
|
|
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
_In_opt_ PSID PrincipalSelfSid,
|
|
_In_ HANDLE ClientToken,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
|
|
_In_ ULONG ObjectTypeListLength,
|
|
_In_ PGENERIC_MAPPING GenericMapping,
|
|
_Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet,
|
|
_Inout_ PULONG PrivilegeSetLength,
|
|
_Out_ PACCESS_MASK GrantedAccess,
|
|
_Out_ PNTSTATUS AccessStatus);
|
|
|
|
_Must_inspect_result_
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAccessCheckByTypeResultList(
|
|
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
_In_opt_ PSID PrincipalSelfSid,
|
|
_In_ HANDLE ClientToken,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
|
|
_In_ ULONG ObjectTypeListLength,
|
|
_In_ PGENERIC_MAPPING GenericMapping,
|
|
_Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet,
|
|
_Inout_ PULONG PrivilegeSetLength,
|
|
_Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess,
|
|
_Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus);
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAccessCheckAndAuditAlarm(
|
|
_In_ PUNICODE_STRING SubsystemName,
|
|
_In_opt_ PVOID HandleId,
|
|
_In_ PUNICODE_STRING ObjectTypeName,
|
|
_In_ PUNICODE_STRING ObjectName,
|
|
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ PGENERIC_MAPPING GenericMapping,
|
|
_In_ BOOLEAN ObjectCreation,
|
|
_Out_ PACCESS_MASK GrantedAccess,
|
|
_Out_ PNTSTATUS AccessStatus,
|
|
_Out_ PBOOLEAN GenerateOnClose);
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAdjustGroupsToken(
|
|
_In_ HANDLE TokenHandle,
|
|
_In_ BOOLEAN ResetToDefault,
|
|
_In_opt_ PTOKEN_GROUPS NewState,
|
|
_In_opt_ ULONG BufferLength,
|
|
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState,
|
|
_When_(PreviousState != NULL, _Out_) PULONG ReturnLength);
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAdjustPrivilegesToken(
|
|
_In_ HANDLE TokenHandle,
|
|
_In_ BOOLEAN DisableAllPrivileges,
|
|
_In_opt_ PTOKEN_PRIVILEGES NewState,
|
|
_In_ ULONG BufferLength,
|
|
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState,
|
|
_When_(PreviousState != NULL, _Out_) PULONG ReturnLength);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAllocateLocallyUniqueId(
|
|
_Out_ LUID *LocallyUniqueId);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAllocateUuids(
|
|
_Out_ PULARGE_INTEGER Time,
|
|
_Out_ PULONG Range,
|
|
_Out_ PULONG Sequence,
|
|
_Out_ PUCHAR Seed);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtCompareTokens(
|
|
_In_ HANDLE FirstTokenHandle,
|
|
_In_ HANDLE SecondTokenHandle,
|
|
_Out_ PBOOLEAN Equal);
|
|
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtCreateToken(
|
|
_Out_ PHANDLE TokenHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_ TOKEN_TYPE TokenType,
|
|
_In_ PLUID AuthenticationId,
|
|
_In_ PLARGE_INTEGER ExpirationTime,
|
|
_In_ PTOKEN_USER TokenUser,
|
|
_In_ PTOKEN_GROUPS TokenGroups,
|
|
_In_ PTOKEN_PRIVILEGES TokenPrivileges,
|
|
_In_opt_ PTOKEN_OWNER TokenOwner,
|
|
_In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
|
|
_In_opt_ PTOKEN_DEFAULT_DACL TokenDefaultDacl,
|
|
_In_ PTOKEN_SOURCE TokenSource);
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtDuplicateToken(
|
|
_In_ HANDLE ExistingTokenHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_ BOOLEAN EffectiveOnly,
|
|
_In_ TOKEN_TYPE TokenType,
|
|
_Out_ PHANDLE NewTokenHandle);
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtFilterToken(
|
|
_In_ HANDLE ExistingTokenHandle,
|
|
_In_ ULONG Flags,
|
|
_In_opt_ PTOKEN_GROUPS SidsToDisable,
|
|
_In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete,
|
|
_In_opt_ PTOKEN_GROUPS RestrictedSids,
|
|
_Out_ PHANDLE NewTokenHandle);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtImpersonateAnonymousToken(
|
|
_In_ HANDLE ThreadHandle);
|
|
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtOpenObjectAuditAlarm(
|
|
_In_ PUNICODE_STRING SubsystemName,
|
|
_In_opt_ PVOID HandleId,
|
|
_In_ PUNICODE_STRING ObjectTypeName,
|
|
_In_ PUNICODE_STRING ObjectName,
|
|
_In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
_In_ HANDLE ClientToken,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ ACCESS_MASK GrantedAccess,
|
|
_In_opt_ PPRIVILEGE_SET Privileges,
|
|
_In_ BOOLEAN ObjectCreation,
|
|
_In_ BOOLEAN AccessGranted,
|
|
_Out_ PBOOLEAN GenerateOnClose);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtOpenProcessTokenEx(
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ ULONG HandleAttributes,
|
|
_Out_ PHANDLE TokenHandle);
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtPrivilegeCheck(
|
|
_In_ HANDLE ClientToken,
|
|
_Inout_ PPRIVILEGE_SET RequiredPrivileges,
|
|
_Out_ PBOOLEAN Result);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtPrivilegedServiceAuditAlarm(
|
|
_In_ PUNICODE_STRING SubsystemName,
|
|
_In_ PUNICODE_STRING ServiceName,
|
|
_In_ HANDLE ClientToken,
|
|
_In_ PPRIVILEGE_SET Privileges,
|
|
_In_ BOOLEAN AccessGranted);
|
|
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtPrivilegeObjectAuditAlarm(
|
|
_In_ PUNICODE_STRING SubsystemName,
|
|
_In_opt_ PVOID HandleId,
|
|
_In_ HANDLE ClientToken,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ PPRIVILEGE_SET Privileges,
|
|
_In_ BOOLEAN AccessGranted);
|
|
|
|
_When_(TokenInformationClass == TokenAccessInformation,
|
|
_At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION))))
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQueryInformationToken(
|
|
_In_ HANDLE TokenHandle,
|
|
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
|
|
_Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation,
|
|
_In_ ULONG TokenInformationLength,
|
|
_Out_ PULONG ReturnLength);
|
|
|
|
_Must_inspect_result_
|
|
__kernel_entry
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetInformationToken(
|
|
_In_ HANDLE TokenHandle,
|
|
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
|
|
_In_reads_bytes_(TokenInformationLength) PVOID TokenInformation,
|
|
_In_ ULONG TokenInformationLength);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAccessCheck(
|
|
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
_In_ HANDLE ClientToken,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ PGENERIC_MAPPING GenericMapping,
|
|
_Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet,
|
|
_Out_ PULONG PrivilegeSetLength,
|
|
_Out_ PACCESS_MASK GrantedAccess,
|
|
_Out_ PNTSTATUS AccessStatus);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAdjustGroupsToken(
|
|
_In_ HANDLE TokenHandle,
|
|
_In_ BOOLEAN ResetToDefault,
|
|
_In_ PTOKEN_GROUPS NewState,
|
|
_In_ ULONG BufferLength,
|
|
_Out_opt_ PTOKEN_GROUPS PreviousState,
|
|
_Out_ PULONG ReturnLength);
|
|
|
|
_Must_inspect_result_
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAdjustPrivilegesToken(
|
|
_In_ HANDLE TokenHandle,
|
|
_In_ BOOLEAN DisableAllPrivileges,
|
|
_In_opt_ PTOKEN_PRIVILEGES NewState,
|
|
_In_ ULONG BufferLength,
|
|
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState,
|
|
_When_(PreviousState != NULL, _Out_) PULONG ReturnLength);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAllocateLocallyUniqueId(
|
|
_Out_ LUID *LocallyUniqueId);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwAllocateUuids(
|
|
_Out_ PULARGE_INTEGER Time,
|
|
_Out_ PULONG Range,
|
|
_Out_ PULONG Sequence,
|
|
_Out_ PUCHAR Seed);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwCreateToken(
|
|
_Out_ PHANDLE TokenHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_ TOKEN_TYPE TokenType,
|
|
_In_ PLUID AuthenticationId,
|
|
_In_ PLARGE_INTEGER ExpirationTime,
|
|
_In_ PTOKEN_USER TokenUser,
|
|
_In_ PTOKEN_GROUPS TokenGroups,
|
|
_In_ PTOKEN_PRIVILEGES TokenPrivileges,
|
|
_In_ PTOKEN_OWNER TokenOwner,
|
|
_In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup,
|
|
_In_ PTOKEN_DEFAULT_DACL TokenDefaultDacl,
|
|
_In_ PTOKEN_SOURCE TokenSource);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwDuplicateToken(
|
|
_In_ HANDLE ExistingTokenHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_ BOOLEAN EffectiveOnly,
|
|
_In_ TOKEN_TYPE TokenType,
|
|
_Out_ PHANDLE NewTokenHandle);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwImpersonateAnonymousToken(
|
|
_In_ HANDLE Thread);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenObjectAuditAlarm(
|
|
_In_ PUNICODE_STRING SubsystemName,
|
|
_In_ PVOID HandleId,
|
|
_In_ PUNICODE_STRING ObjectTypeName,
|
|
_In_ PUNICODE_STRING ObjectName,
|
|
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
_In_ HANDLE ClientToken,
|
|
_In_ ULONG DesiredAccess,
|
|
_In_ ULONG GrantedAccess,
|
|
_In_ PPRIVILEGE_SET Privileges,
|
|
_In_ BOOLEAN ObjectCreation,
|
|
_In_ BOOLEAN AccessGranted,
|
|
_Out_ PBOOLEAN GenerateOnClose);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenProcessToken(
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_Out_ PHANDLE TokenHandle);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwOpenProcessTokenEx(
|
|
_In_ HANDLE ProcessHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ ULONG HandleAttributes,
|
|
_Out_ PHANDLE TokenHandle);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwPrivilegeCheck(
|
|
_In_ HANDLE ClientToken,
|
|
_In_ PPRIVILEGE_SET RequiredPrivileges,
|
|
_In_ PBOOLEAN Result);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwPrivilegedServiceAuditAlarm(
|
|
_In_ PUNICODE_STRING SubsystemName,
|
|
_In_ PUNICODE_STRING ServiceName,
|
|
_In_ HANDLE ClientToken,
|
|
_In_ PPRIVILEGE_SET Privileges,
|
|
_In_ BOOLEAN AccessGranted);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwPrivilegeObjectAuditAlarm(
|
|
_In_ PUNICODE_STRING SubsystemName,
|
|
_In_ PVOID HandleId,
|
|
_In_ HANDLE ClientToken,
|
|
_In_ ULONG DesiredAccess,
|
|
_In_ PPRIVILEGE_SET Privileges,
|
|
_In_ BOOLEAN AccessGranted);
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwQueryInformationToken(
|
|
_In_ HANDLE TokenHandle,
|
|
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
|
|
_Out_writes_bytes_to_opt_(Length,*ResultLength) PVOID TokenInformation,
|
|
_In_ ULONG Length,
|
|
_Out_ PULONG ResultLength);
|
|
|
|
NTSYSAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
ZwSetInformationToken(
|
|
_In_ HANDLE TokenHandle,
|
|
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
|
|
_Out_ PVOID TokenInformation,
|
|
_In_ ULONG TokenInformationLength);
|
|
|
|
#endif
|