Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-11-03 21:34:00 +00:00
Code Issues Projects Releases Packages Wiki Activity
reactos/ntoskrnl/include/internal/se.h
Pierre Schweitzer 59806f7eb0
[NTOSKRNL] Stub SeGetLogonIdDeviceMap
2019-06-01 18:37:47 +02:00

615 lines
14 KiB
C
Raw Blame History

#pragma once
typedef struct _KNOWN_ACE
{
ACE_HEADER Header;
ACCESS_MASK Mask;
ULONG SidStart;
} KNOWN_ACE, *PKNOWN_ACE;
typedef struct _KNOWN_OBJECT_ACE
{
ACE_HEADER Header;
ACCESS_MASK Mask;
ULONG Flags;
ULONG SidStart;
} KNOWN_OBJECT_ACE, *PKNOWN_OBJECT_ACE;
typedef struct _KNOWN_COMPOUND_ACE
{
ACE_HEADER Header;
ACCESS_MASK Mask;
USHORT CompoundAceType;
USHORT Reserved;
ULONG SidStart;
} KNOWN_COMPOUND_ACE, *PKNOWN_COMPOUND_ACE;
FORCEINLINE
PSID
SepGetGroupFromDescriptor(PVOID _Descriptor)
{
PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
PISECURITY_DESCRIPTOR_RELATIVE SdRel;
if (Descriptor->Control & SE_SELF_RELATIVE)
{
SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor;
if (!SdRel->Group) return NULL;
return (PSID)((ULONG_PTR)Descriptor + SdRel->Group);
}
else
{
return Descriptor->Group;
}
}
FORCEINLINE
PSID
SepGetOwnerFromDescriptor(PVOID _Descriptor)
{
PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
PISECURITY_DESCRIPTOR_RELATIVE SdRel;
if (Descriptor->Control & SE_SELF_RELATIVE)
{
SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor;
if (!SdRel->Owner) return NULL;
return (PSID)((ULONG_PTR)Descriptor + SdRel->Owner);
}
else
{
return Descriptor->Owner;
}
}
FORCEINLINE
PACL
SepGetDaclFromDescriptor(PVOID _Descriptor)
{
PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
PISECURITY_DESCRIPTOR_RELATIVE SdRel;
if (!(Descriptor->Control & SE_DACL_PRESENT)) return NULL;
if (Descriptor->Control & SE_SELF_RELATIVE)
{
SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor;
if (!SdRel->Dacl) return NULL;
return (PACL)((ULONG_PTR)Descriptor + SdRel->Dacl);
}
else
{
return Descriptor->Dacl;
}
}
FORCEINLINE
PACL
SepGetSaclFromDescriptor(PVOID _Descriptor)
{
PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
PISECURITY_DESCRIPTOR_RELATIVE SdRel;
if (!(Descriptor->Control & SE_SACL_PRESENT)) return NULL;
if (Descriptor->Control & SE_SELF_RELATIVE)
{
SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor;
if (!SdRel->Sacl) return NULL;
return (PACL)((ULONG_PTR)Descriptor + SdRel->Sacl);
}
else
{
return Descriptor->Sacl;
}
}
#ifndef RTL_H
/* SID Authorities */
extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority;
extern SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority;
extern SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority;
extern SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority;
extern SID_IDENTIFIER_AUTHORITY SeNtSidAuthority;
/* SIDs */
extern PSID SeNullSid;
extern PSID SeWorldSid;
extern PSID SeLocalSid;
extern PSID SeCreatorOwnerSid;
extern PSID SeCreatorGroupSid;
extern PSID SeCreatorOwnerServerSid;
extern PSID SeCreatorGroupServerSid;
extern PSID SeNtAuthoritySid;
extern PSID SeDialupSid;
extern PSID SeNetworkSid;
extern PSID SeBatchSid;
extern PSID SeInteractiveSid;
extern PSID SeServiceSid;
extern PSID SeAnonymousLogonSid;
extern PSID SePrincipalSelfSid;
extern PSID SeLocalSystemSid;
extern PSID SeAuthenticatedUserSid;
extern PSID SeRestrictedCodeSid;
extern PSID SeAliasAdminsSid;
extern PSID SeAliasUsersSid;
extern PSID SeAliasGuestsSid;
extern PSID SeAliasPowerUsersSid;
extern PSID SeAliasAccountOpsSid;
extern PSID SeAliasSystemOpsSid;
extern PSID SeAliasPrintOpsSid;
extern PSID SeAliasBackupOpsSid;
extern PSID SeAuthenticatedUsersSid;
extern PSID SeRestrictedSid;
extern PSID SeAnonymousLogonSid;
extern PSID SeLocalServiceSid;
extern PSID SeNetworkServiceSid;
/* Privileges */
extern const LUID SeCreateTokenPrivilege;
extern const LUID SeAssignPrimaryTokenPrivilege;
extern const LUID SeLockMemoryPrivilege;
extern const LUID SeIncreaseQuotaPrivilege;
extern const LUID SeUnsolicitedInputPrivilege;
extern const LUID SeTcbPrivilege;
extern const LUID SeSecurityPrivilege;
extern const LUID SeTakeOwnershipPrivilege;
extern const LUID SeLoadDriverPrivilege;
extern const LUID SeSystemProfilePrivilege;
extern const LUID SeSystemtimePrivilege;
extern const LUID SeProfileSingleProcessPrivilege;
extern const LUID SeIncreaseBasePriorityPrivilege;
extern const LUID SeCreatePagefilePrivilege;
extern const LUID SeCreatePermanentPrivilege;
extern const LUID SeBackupPrivilege;
extern const LUID SeRestorePrivilege;
extern const LUID SeShutdownPrivilege;
extern const LUID SeDebugPrivilege;
extern const LUID SeAuditPrivilege;
extern const LUID SeSystemEnvironmentPrivilege;
extern const LUID SeChangeNotifyPrivilege;
extern const LUID SeRemoteShutdownPrivilege;
extern const LUID SeUndockPrivilege;
extern const LUID SeSyncAgentPrivilege;
extern const LUID SeEnableDelegationPrivilege;
extern const LUID SeManageVolumePrivilege;
extern const LUID SeImpersonatePrivilege;
extern const LUID SeCreateGlobalPrivilege;
extern const LUID SeTrustedCredmanPrivilege;
extern const LUID SeRelabelPrivilege;
extern const LUID SeIncreaseWorkingSetPrivilege;
extern const LUID SeTimeZonePrivilege;
extern const LUID SeCreateSymbolicLinkPrivilege;
/* DACLs */
extern PACL SePublicDefaultUnrestrictedDacl;
extern PACL SePublicOpenDacl;
extern PACL SePublicOpenUnrestrictedDacl;
extern PACL SeUnrestrictedDacl;
/* SDs */
extern PSECURITY_DESCRIPTOR SePublicDefaultSd;
extern PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd;
extern PSECURITY_DESCRIPTOR SePublicOpenSd;
extern PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd;
extern PSECURITY_DESCRIPTOR SeSystemDefaultSd;
extern PSECURITY_DESCRIPTOR SeUnrestrictedSd;
#define SepAcquireTokenLockExclusive(Token) \
{ \
KeEnterCriticalRegion(); \
ExAcquireResourceExclusiveLite(((PTOKEN)Token)->TokenLock, TRUE); \
}
#define SepAcquireTokenLockShared(Token) \
{ \
KeEnterCriticalRegion(); \
ExAcquireResourceSharedLite(((PTOKEN)Token)->TokenLock, TRUE); \
}
#define SepReleaseTokenLock(Token) \
{ \
ExReleaseResourceLite(((PTOKEN)Token)->TokenLock); \
KeLeaveCriticalRegion(); \
}
//
// Token Functions
//
BOOLEAN
NTAPI
SepTokenIsOwner(
IN PACCESS_TOKEN _Token,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN BOOLEAN TokenLocked
);
BOOLEAN
NTAPI
SepSidInToken(
IN PACCESS_TOKEN _Token,
IN PSID Sid
);
BOOLEAN
NTAPI
SepSidInTokenEx(
IN PACCESS_TOKEN _Token,
IN PSID PrincipalSelfSid,
IN PSID _Sid,
IN BOOLEAN Deny,
IN BOOLEAN Restricted
);
/* Functions */
INIT_FUNCTION
BOOLEAN
NTAPI
SeInitSystem(VOID);
INIT_FUNCTION
VOID
NTAPI
SepInitPrivileges(VOID);
INIT_FUNCTION
BOOLEAN
NTAPI
SepInitSecurityIDs(VOID);
INIT_FUNCTION
BOOLEAN
NTAPI
SepInitDACLs(VOID);
INIT_FUNCTION
BOOLEAN
NTAPI
SepInitSDs(VOID);
BOOLEAN
NTAPI
SeRmInitPhase0(VOID);
BOOLEAN
NTAPI
SeRmInitPhase1(VOID);
VOID
NTAPI
SeDeassignPrimaryToken(struct _EPROCESS *Process);
NTSTATUS
NTAPI
SeSubProcessToken(
IN PTOKEN Parent,
OUT PTOKEN *Token,
IN BOOLEAN InUse,
IN ULONG SessionId
);
NTSTATUS
NTAPI
SeInitializeProcessAuditName(
IN PFILE_OBJECT FileObject,
IN BOOLEAN DoAudit,
OUT POBJECT_NAME_INFORMATION *AuditInfo
);
NTSTATUS
NTAPI
SeCreateAccessStateEx(
IN PETHREAD Thread,
IN PEPROCESS Process,
IN OUT PACCESS_STATE AccessState,
IN PAUX_ACCESS_DATA AuxData,
IN ACCESS_MASK Access,
IN PGENERIC_MAPPING GenericMapping
);
NTSTATUS
NTAPI
SeIsTokenChild(
IN PTOKEN Token,
OUT PBOOLEAN IsChild
);
NTSTATUS
NTAPI
SeIsTokenSibling(
IN PTOKEN Token,
OUT PBOOLEAN IsSibling
);
NTSTATUS
NTAPI
SepCreateImpersonationTokenDacl(
_In_ PTOKEN Token,
_In_ PTOKEN PrimaryToken,
_Out_ PACL* Dacl
);
INIT_FUNCTION
VOID
NTAPI
SepInitializeTokenImplementation(VOID);
PTOKEN
NTAPI
SepCreateSystemProcessToken(VOID);
BOOLEAN
NTAPI
SeDetailedAuditingWithToken(IN PTOKEN Token);
VOID
NTAPI
SeAuditProcessExit(IN PEPROCESS Process);
VOID
NTAPI
SeAuditProcessCreate(IN PEPROCESS Process);
NTSTATUS
NTAPI
SeExchangePrimaryToken(
_In_ PEPROCESS Process,
_In_ PACCESS_TOKEN NewAccessToken,
_Out_ PACCESS_TOKEN* OldAccessToken
);
VOID
NTAPI
SeCaptureSubjectContextEx(
IN PETHREAD Thread,
IN PEPROCESS Process,
OUT PSECURITY_SUBJECT_CONTEXT SubjectContext
);
NTSTATUS
NTAPI
SeCaptureLuidAndAttributesArray(
PLUID_AND_ATTRIBUTES Src,
ULONG PrivilegeCount,
KPROCESSOR_MODE PreviousMode,
PLUID_AND_ATTRIBUTES AllocatedMem,
ULONG AllocatedLength,
POOL_TYPE PoolType,
BOOLEAN CaptureIfKernel,
PLUID_AND_ATTRIBUTES* Dest,
PULONG Length
);
VOID
NTAPI
SeReleaseLuidAndAttributesArray(
PLUID_AND_ATTRIBUTES Privilege,
KPROCESSOR_MODE PreviousMode,
BOOLEAN CaptureIfKernel
);
BOOLEAN
NTAPI
SepPrivilegeCheck(
PTOKEN Token,
PLUID_AND_ATTRIBUTES Privileges,
ULONG PrivilegeCount,
ULONG PrivilegeControl,
KPROCESSOR_MODE PreviousMode
);
NTSTATUS
NTAPI
SePrivilegePolicyCheck(
_Inout_ PACCESS_MASK DesiredAccess,
_Inout_ PACCESS_MASK GrantedAccess,
_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
_In_ PTOKEN Token,
_Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet,
_In_ KPROCESSOR_MODE PreviousMode);
BOOLEAN
NTAPI
SeCheckPrivilegedObject(
IN LUID PrivilegeValue,
IN HANDLE ObjectHandle,
IN ACCESS_MASK DesiredAccess,
IN KPROCESSOR_MODE PreviousMode
);
NTSTATUS
NTAPI
SepDuplicateToken(
_In_ PTOKEN Token,
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
_In_ BOOLEAN EffectiveOnly,
_In_ TOKEN_TYPE TokenType,
_In_ SECURITY_IMPERSONATION_LEVEL Level,
_In_ KPROCESSOR_MODE PreviousMode,
_Out_ PTOKEN* NewAccessToken
);
NTSTATUS
NTAPI
SepCaptureSecurityQualityOfService(
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
IN KPROCESSOR_MODE AccessMode,
IN POOL_TYPE PoolType,
IN BOOLEAN CaptureIfKernel,
OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService,
OUT PBOOLEAN Present
);
VOID
NTAPI
SepReleaseSecurityQualityOfService(
IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL,
IN KPROCESSOR_MODE AccessMode,
IN BOOLEAN CaptureIfKernel
);
NTSTATUS
NTAPI
SepCaptureSid(
IN PSID InputSid,
IN KPROCESSOR_MODE AccessMode,
IN POOL_TYPE PoolType,
IN BOOLEAN CaptureIfKernel,
OUT PSID *CapturedSid
);
VOID
NTAPI
SepReleaseSid(
IN PSID CapturedSid,
IN KPROCESSOR_MODE AccessMode,
IN BOOLEAN CaptureIfKernel
);
NTSTATUS
NTAPI
SeCaptureSidAndAttributesArray(
_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes,
_In_ ULONG AttributeCount,
_In_ KPROCESSOR_MODE PreviousMode,
_In_opt_ PVOID AllocatedMem,
_In_ ULONG AllocatedLength,
_In_ POOL_TYPE PoolType,
_In_ BOOLEAN CaptureIfKernel,
_Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes,
_Out_ PULONG ResultLength);
VOID
NTAPI
SeReleaseSidAndAttributesArray(
_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes,
_In_ KPROCESSOR_MODE AccessMode,
_In_ BOOLEAN CaptureIfKernel);
NTSTATUS
NTAPI
SeComputeQuotaInformationSize(
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_Out_ PULONG QuotaInfoSize);
NTSTATUS
NTAPI
SepCaptureAcl(
IN PACL InputAcl,
IN KPROCESSOR_MODE AccessMode,
IN POOL_TYPE PoolType,
IN BOOLEAN CaptureIfKernel,
OUT PACL *CapturedAcl
);
VOID
NTAPI
SepReleaseAcl(
IN PACL CapturedAcl,
IN KPROCESSOR_MODE AccessMode,
IN BOOLEAN CaptureIfKernel
);
NTSTATUS
SepPropagateAcl(
_Out_writes_bytes_opt_(DaclLength) PACL AclDest,
_Inout_ PULONG AclLength,
_In_reads_bytes_(AclSource->AclSize) PACL AclSource,
_In_ PSID Owner,
_In_ PSID Group,
_In_ BOOLEAN IsInherited,
_In_ BOOLEAN IsDirectoryObject,
_In_ PGENERIC_MAPPING GenericMapping);
PACL
SepSelectAcl(
_In_opt_ PACL ExplicitAcl,
_In_ BOOLEAN ExplicitPresent,
_In_ BOOLEAN ExplicitDefaulted,
_In_opt_ PACL ParentAcl,
_In_opt_ PACL DefaultAcl,
_Out_ PULONG AclLength,
_In_ PSID Owner,
_In_ PSID Group,
_Out_ PBOOLEAN AclPresent,
_Out_ PBOOLEAN IsInherited,
_In_ BOOLEAN IsDirectoryObject,
_In_ PGENERIC_MAPPING GenericMapping);
NTSTATUS
NTAPI
SeDefaultObjectMethod(
PVOID Object,
SECURITY_OPERATION_CODE OperationType,
PSECURITY_INFORMATION SecurityInformation,
PSECURITY_DESCRIPTOR NewSecurityDescriptor,
PULONG ReturnLength,
PSECURITY_DESCRIPTOR *OldSecurityDescriptor,
POOL_TYPE PoolType,
PGENERIC_MAPPING GenericMapping
);
NTSTATUS
NTAPI
SeSetWorldSecurityDescriptor(
SECURITY_INFORMATION SecurityInformation,
PISECURITY_DESCRIPTOR SecurityDescriptor,
PULONG BufferLength
);
NTSTATUS
NTAPI
SeCopyClientToken(
IN PACCESS_TOKEN Token,
IN SECURITY_IMPERSONATION_LEVEL Level,
IN KPROCESSOR_MODE PreviousMode,
OUT PACCESS_TOKEN* NewToken
);
VOID NTAPI
SeQuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
OUT PACCESS_MASK DesiredAccess);
VOID NTAPI
SeSetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation,
OUT PACCESS_MASK DesiredAccess);
BOOLEAN
NTAPI
SeFastTraverseCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PACCESS_STATE AccessState,
IN ACCESS_MASK DesiredAccess,
IN KPROCESSOR_MODE AccessMode);
BOOLEAN
NTAPI
SeCheckAuditPrivilege(
_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
_In_ KPROCESSOR_MODE PreviousMode);
VOID
NTAPI
SePrivilegedServiceAuditAlarm(
_In_opt_ PUNICODE_STRING ServiceName,
_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
_In_ PPRIVILEGE_SET PrivilegeSet,
_In_ BOOLEAN AccessGranted);
NTSTATUS
SepRmReferenceLogonSession(
PLUID LogonLuid);
NTSTATUS
SepRmDereferenceLogonSession(
PLUID LogonLuid);
NTSTATUS
NTAPI
SeGetLogonIdDeviceMap(
IN PLUID LogonId,
OUT PDEVICE_MAP * DeviceMap);
#endif
/* EOF */
Reference in a new issue View git blame Copy permalink