mirror of
https://github.com/reactos/reactos.git
synced 2024-10-05 17:06:29 +00:00
678 lines
16 KiB
C
678 lines
16 KiB
C
#pragma once
|
|
|
|
typedef struct _KNOWN_ACE
|
|
{
|
|
ACE_HEADER Header;
|
|
ACCESS_MASK Mask;
|
|
ULONG SidStart;
|
|
} KNOWN_ACE, *PKNOWN_ACE;
|
|
|
|
typedef struct _KNOWN_OBJECT_ACE
|
|
{
|
|
ACE_HEADER Header;
|
|
ACCESS_MASK Mask;
|
|
ULONG Flags;
|
|
ULONG SidStart;
|
|
} KNOWN_OBJECT_ACE, *PKNOWN_OBJECT_ACE;
|
|
|
|
typedef struct _KNOWN_COMPOUND_ACE
|
|
{
|
|
ACE_HEADER Header;
|
|
ACCESS_MASK Mask;
|
|
USHORT CompoundAceType;
|
|
USHORT Reserved;
|
|
ULONG SidStart;
|
|
} KNOWN_COMPOUND_ACE, *PKNOWN_COMPOUND_ACE;
|
|
|
|
typedef struct _ACCESS_CHECK_RIGHTS
|
|
{
|
|
ACCESS_MASK RemainingAccessRights;
|
|
ACCESS_MASK GrantedAccessRights;
|
|
ACCESS_MASK DeniedAccessRights;
|
|
} ACCESS_CHECK_RIGHTS, *PACCESS_CHECK_RIGHTS;
|
|
|
|
typedef enum _ACCESS_CHECK_RIGHT_TYPE
|
|
{
|
|
AccessCheckMaximum,
|
|
AccessCheckRegular
|
|
} ACCESS_CHECK_RIGHT_TYPE;
|
|
|
|
typedef struct _TOKEN_AUDIT_POLICY_INFORMATION
|
|
{
|
|
ULONG PolicyCount;
|
|
struct
|
|
{
|
|
ULONG Category;
|
|
UCHAR Value;
|
|
} Policies[1];
|
|
} TOKEN_AUDIT_POLICY_INFORMATION, *PTOKEN_AUDIT_POLICY_INFORMATION;
|
|
|
|
#define TOKEN_CREATE_METHOD 0xCUL
|
|
#define TOKEN_DUPLICATE_METHOD 0xDUL
|
|
#define TOKEN_FILTER_METHOD 0xFUL
|
|
|
|
FORCEINLINE
|
|
PSID
|
|
SepGetGroupFromDescriptor(
|
|
_Inout_ PVOID _Descriptor)
|
|
{
|
|
PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
|
|
PISECURITY_DESCRIPTOR_RELATIVE SdRel;
|
|
|
|
if (Descriptor->Control & SE_SELF_RELATIVE)
|
|
{
|
|
SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor;
|
|
if (!SdRel->Group) return NULL;
|
|
return (PSID)((ULONG_PTR)Descriptor + SdRel->Group);
|
|
}
|
|
else
|
|
{
|
|
return Descriptor->Group;
|
|
}
|
|
}
|
|
|
|
FORCEINLINE
|
|
PSID
|
|
SepGetOwnerFromDescriptor(
|
|
_Inout_ PVOID _Descriptor)
|
|
{
|
|
PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
|
|
PISECURITY_DESCRIPTOR_RELATIVE SdRel;
|
|
|
|
if (Descriptor->Control & SE_SELF_RELATIVE)
|
|
{
|
|
SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor;
|
|
if (!SdRel->Owner) return NULL;
|
|
return (PSID)((ULONG_PTR)Descriptor + SdRel->Owner);
|
|
}
|
|
else
|
|
{
|
|
return Descriptor->Owner;
|
|
}
|
|
}
|
|
|
|
FORCEINLINE
|
|
PACL
|
|
SepGetDaclFromDescriptor(
|
|
_Inout_ PVOID _Descriptor)
|
|
{
|
|
PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
|
|
PISECURITY_DESCRIPTOR_RELATIVE SdRel;
|
|
|
|
if (!(Descriptor->Control & SE_DACL_PRESENT)) return NULL;
|
|
|
|
if (Descriptor->Control & SE_SELF_RELATIVE)
|
|
{
|
|
SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor;
|
|
if (!SdRel->Dacl) return NULL;
|
|
return (PACL)((ULONG_PTR)Descriptor + SdRel->Dacl);
|
|
}
|
|
else
|
|
{
|
|
return Descriptor->Dacl;
|
|
}
|
|
}
|
|
|
|
FORCEINLINE
|
|
PACL
|
|
SepGetSaclFromDescriptor(
|
|
_Inout_ PVOID _Descriptor)
|
|
{
|
|
PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
|
|
PISECURITY_DESCRIPTOR_RELATIVE SdRel;
|
|
|
|
if (!(Descriptor->Control & SE_SACL_PRESENT)) return NULL;
|
|
|
|
if (Descriptor->Control & SE_SELF_RELATIVE)
|
|
{
|
|
SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor;
|
|
if (!SdRel->Sacl) return NULL;
|
|
return (PACL)((ULONG_PTR)Descriptor + SdRel->Sacl);
|
|
}
|
|
else
|
|
{
|
|
return Descriptor->Sacl;
|
|
}
|
|
}
|
|
|
|
#ifndef RTL_H
|
|
|
|
/* SID Authorities */
|
|
extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority;
|
|
extern SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority;
|
|
extern SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority;
|
|
extern SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority;
|
|
extern SID_IDENTIFIER_AUTHORITY SeNtSidAuthority;
|
|
|
|
/* SIDs */
|
|
extern PSID SeNullSid;
|
|
extern PSID SeWorldSid;
|
|
extern PSID SeLocalSid;
|
|
extern PSID SeCreatorOwnerSid;
|
|
extern PSID SeCreatorGroupSid;
|
|
extern PSID SeCreatorOwnerServerSid;
|
|
extern PSID SeCreatorGroupServerSid;
|
|
extern PSID SeNtAuthoritySid;
|
|
extern PSID SeDialupSid;
|
|
extern PSID SeNetworkSid;
|
|
extern PSID SeBatchSid;
|
|
extern PSID SeInteractiveSid;
|
|
extern PSID SeServiceSid;
|
|
extern PSID SeAnonymousLogonSid;
|
|
extern PSID SePrincipalSelfSid;
|
|
extern PSID SeLocalSystemSid;
|
|
extern PSID SeAuthenticatedUserSid;
|
|
extern PSID SeRestrictedCodeSid;
|
|
extern PSID SeAliasAdminsSid;
|
|
extern PSID SeAliasUsersSid;
|
|
extern PSID SeAliasGuestsSid;
|
|
extern PSID SeAliasPowerUsersSid;
|
|
extern PSID SeAliasAccountOpsSid;
|
|
extern PSID SeAliasSystemOpsSid;
|
|
extern PSID SeAliasPrintOpsSid;
|
|
extern PSID SeAliasBackupOpsSid;
|
|
extern PSID SeAuthenticatedUsersSid;
|
|
extern PSID SeRestrictedSid;
|
|
extern PSID SeAnonymousLogonSid;
|
|
extern PSID SeLocalServiceSid;
|
|
extern PSID SeNetworkServiceSid;
|
|
|
|
/* Privileges */
|
|
extern const LUID SeCreateTokenPrivilege;
|
|
extern const LUID SeAssignPrimaryTokenPrivilege;
|
|
extern const LUID SeLockMemoryPrivilege;
|
|
extern const LUID SeIncreaseQuotaPrivilege;
|
|
extern const LUID SeUnsolicitedInputPrivilege;
|
|
extern const LUID SeTcbPrivilege;
|
|
extern const LUID SeSecurityPrivilege;
|
|
extern const LUID SeTakeOwnershipPrivilege;
|
|
extern const LUID SeLoadDriverPrivilege;
|
|
extern const LUID SeSystemProfilePrivilege;
|
|
extern const LUID SeSystemtimePrivilege;
|
|
extern const LUID SeProfileSingleProcessPrivilege;
|
|
extern const LUID SeIncreaseBasePriorityPrivilege;
|
|
extern const LUID SeCreatePagefilePrivilege;
|
|
extern const LUID SeCreatePermanentPrivilege;
|
|
extern const LUID SeBackupPrivilege;
|
|
extern const LUID SeRestorePrivilege;
|
|
extern const LUID SeShutdownPrivilege;
|
|
extern const LUID SeDebugPrivilege;
|
|
extern const LUID SeAuditPrivilege;
|
|
extern const LUID SeSystemEnvironmentPrivilege;
|
|
extern const LUID SeChangeNotifyPrivilege;
|
|
extern const LUID SeRemoteShutdownPrivilege;
|
|
extern const LUID SeUndockPrivilege;
|
|
extern const LUID SeSyncAgentPrivilege;
|
|
extern const LUID SeEnableDelegationPrivilege;
|
|
extern const LUID SeManageVolumePrivilege;
|
|
extern const LUID SeImpersonatePrivilege;
|
|
extern const LUID SeCreateGlobalPrivilege;
|
|
extern const LUID SeTrustedCredmanPrivilege;
|
|
extern const LUID SeRelabelPrivilege;
|
|
extern const LUID SeIncreaseWorkingSetPrivilege;
|
|
extern const LUID SeTimeZonePrivilege;
|
|
extern const LUID SeCreateSymbolicLinkPrivilege;
|
|
|
|
/* DACLs */
|
|
extern PACL SePublicDefaultUnrestrictedDacl;
|
|
extern PACL SePublicOpenDacl;
|
|
extern PACL SePublicOpenUnrestrictedDacl;
|
|
extern PACL SeUnrestrictedDacl;
|
|
extern PACL SeSystemAnonymousLogonDacl;
|
|
|
|
/* SDs */
|
|
extern PSECURITY_DESCRIPTOR SePublicDefaultSd;
|
|
extern PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd;
|
|
extern PSECURITY_DESCRIPTOR SePublicOpenSd;
|
|
extern PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd;
|
|
extern PSECURITY_DESCRIPTOR SeSystemDefaultSd;
|
|
extern PSECURITY_DESCRIPTOR SeUnrestrictedSd;
|
|
extern PSECURITY_DESCRIPTOR SeSystemAnonymousLogonSd;
|
|
|
|
/* Anonymous Logon Tokens */
|
|
extern PTOKEN SeAnonymousLogonToken;
|
|
extern PTOKEN SeAnonymousLogonTokenNoEveryone;
|
|
|
|
|
|
#define SepAcquireTokenLockExclusive(Token) \
|
|
{ \
|
|
KeEnterCriticalRegion(); \
|
|
ExAcquireResourceExclusiveLite(((PTOKEN)Token)->TokenLock, TRUE); \
|
|
}
|
|
#define SepAcquireTokenLockShared(Token) \
|
|
{ \
|
|
KeEnterCriticalRegion(); \
|
|
ExAcquireResourceSharedLite(((PTOKEN)Token)->TokenLock, TRUE); \
|
|
}
|
|
|
|
#define SepReleaseTokenLock(Token) \
|
|
{ \
|
|
ExReleaseResourceLite(((PTOKEN)Token)->TokenLock); \
|
|
KeLeaveCriticalRegion(); \
|
|
}
|
|
|
|
//
|
|
// Token Functions
|
|
//
|
|
BOOLEAN
|
|
NTAPI
|
|
SepTokenIsOwner(
|
|
_In_ PACCESS_TOKEN _Token,
|
|
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
_In_ BOOLEAN TokenLocked);
|
|
|
|
BOOLEAN
|
|
NTAPI
|
|
SepSidInToken(
|
|
_In_ PACCESS_TOKEN _Token,
|
|
_In_ PSID Sid);
|
|
|
|
BOOLEAN
|
|
NTAPI
|
|
SepSidInTokenEx(
|
|
_In_ PACCESS_TOKEN _Token,
|
|
_In_ PSID PrincipalSelfSid,
|
|
_In_ PSID _Sid,
|
|
_In_ BOOLEAN Deny,
|
|
_In_ BOOLEAN Restricted);
|
|
|
|
BOOLEAN
|
|
NTAPI
|
|
SeTokenCanImpersonate(
|
|
_In_ PTOKEN ProcessToken,
|
|
_In_ PTOKEN TokenToImpersonate,
|
|
_In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel);
|
|
|
|
/* Functions */
|
|
CODE_SEG("INIT")
|
|
BOOLEAN
|
|
NTAPI
|
|
SeInitSystem(VOID);
|
|
|
|
CODE_SEG("INIT")
|
|
VOID
|
|
NTAPI
|
|
SepInitPrivileges(VOID);
|
|
|
|
CODE_SEG("INIT")
|
|
BOOLEAN
|
|
NTAPI
|
|
SepInitSecurityIDs(VOID);
|
|
|
|
CODE_SEG("INIT")
|
|
BOOLEAN
|
|
NTAPI
|
|
SepInitDACLs(VOID);
|
|
|
|
CODE_SEG("INIT")
|
|
BOOLEAN
|
|
NTAPI
|
|
SepInitSDs(VOID);
|
|
|
|
BOOLEAN
|
|
NTAPI
|
|
SeRmInitPhase0(VOID);
|
|
|
|
BOOLEAN
|
|
NTAPI
|
|
SeRmInitPhase1(VOID);
|
|
|
|
VOID
|
|
NTAPI
|
|
SeDeassignPrimaryToken(
|
|
_Inout_ PEPROCESS Process);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
SeSubProcessToken(
|
|
_In_ PTOKEN Parent,
|
|
_Out_ PTOKEN *Token,
|
|
_In_ BOOLEAN InUse,
|
|
_In_ ULONG SessionId);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
SeInitializeProcessAuditName(
|
|
_In_ PFILE_OBJECT FileObject,
|
|
_In_ BOOLEAN DoAudit,
|
|
_Out_ POBJECT_NAME_INFORMATION *AuditInfo);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
SeCreateAccessStateEx(
|
|
_In_ PETHREAD Thread,
|
|
_In_ PEPROCESS Process,
|
|
_In_ OUT PACCESS_STATE AccessState,
|
|
_In_ PAUX_ACCESS_DATA AuxData,
|
|
_In_ ACCESS_MASK Access,
|
|
_In_ PGENERIC_MAPPING GenericMapping);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
SeIsTokenChild(
|
|
_In_ PTOKEN Token,
|
|
_Out_ PBOOLEAN IsChild);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
SeIsTokenSibling(
|
|
_In_ PTOKEN Token,
|
|
_Out_ PBOOLEAN IsSibling);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
SepCreateImpersonationTokenDacl(
|
|
_In_ PTOKEN Token,
|
|
_In_ PTOKEN PrimaryToken,
|
|
_Out_ PACL* Dacl);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
SepRmInsertLogonSessionIntoToken(
|
|
_Inout_ PTOKEN Token);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
SepRmRemoveLogonSessionFromToken(
|
|
_Inout_ PTOKEN Token);
|
|
|
|
CODE_SEG("INIT")
|
|
VOID
|
|
NTAPI
|
|
SepInitializeTokenImplementation(VOID);
|
|
|
|
CODE_SEG("INIT")
|
|
PTOKEN
|
|
NTAPI
|
|
SepCreateSystemProcessToken(VOID);
|
|
|
|
CODE_SEG("INIT")
|
|
PTOKEN
|
|
SepCreateSystemAnonymousLogonToken(VOID);
|
|
|
|
CODE_SEG("INIT")
|
|
PTOKEN
|
|
SepCreateSystemAnonymousLogonTokenNoEveryone(VOID);
|
|
|
|
BOOLEAN
|
|
NTAPI
|
|
SeDetailedAuditingWithToken(
|
|
_In_ PTOKEN Token);
|
|
|
|
VOID
|
|
NTAPI
|
|
SeAuditProcessExit(
|
|
_In_ PEPROCESS Process);
|
|
|
|
VOID
|
|
NTAPI
|
|
SeAuditProcessCreate(
|
|
_In_ PEPROCESS Process);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
SeExchangePrimaryToken(
|
|
_In_ PEPROCESS Process,
|
|
_In_ PACCESS_TOKEN NewAccessToken,
|
|
_Out_ PACCESS_TOKEN* OldAccessToken);
|
|
|
|
VOID
|
|
NTAPI
|
|
SeCaptureSubjectContextEx(
|
|
_In_ PETHREAD Thread,
|
|
_In_ PEPROCESS Process,
|
|
_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
SeCaptureLuidAndAttributesArray(
|
|
_In_ PLUID_AND_ATTRIBUTES Src,
|
|
_In_ ULONG PrivilegeCount,
|
|
_In_ KPROCESSOR_MODE PreviousMode,
|
|
_In_ PLUID_AND_ATTRIBUTES AllocatedMem,
|
|
_In_ ULONG AllocatedLength,
|
|
_In_ POOL_TYPE PoolType,
|
|
_In_ BOOLEAN CaptureIfKernel,
|
|
_Out_ PLUID_AND_ATTRIBUTES* Dest,
|
|
_Inout_ PULONG Length);
|
|
|
|
VOID
|
|
NTAPI
|
|
SeReleaseLuidAndAttributesArray(
|
|
_In_ PLUID_AND_ATTRIBUTES Privilege,
|
|
_In_ KPROCESSOR_MODE PreviousMode,
|
|
_In_ BOOLEAN CaptureIfKernel);
|
|
|
|
BOOLEAN
|
|
NTAPI
|
|
SepPrivilegeCheck(
|
|
_In_ PTOKEN Token,
|
|
_In_ PLUID_AND_ATTRIBUTES Privileges,
|
|
_In_ ULONG PrivilegeCount,
|
|
_In_ ULONG PrivilegeControl,
|
|
_In_ KPROCESSOR_MODE PreviousMode);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
SePrivilegePolicyCheck(
|
|
_Inout_ PACCESS_MASK DesiredAccess,
|
|
_Inout_ PACCESS_MASK GrantedAccess,
|
|
_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
|
_In_ PTOKEN Token,
|
|
_Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet,
|
|
_In_ KPROCESSOR_MODE PreviousMode);
|
|
|
|
BOOLEAN
|
|
NTAPI
|
|
SeCheckPrivilegedObject(
|
|
_In_ LUID PrivilegeValue,
|
|
_In_ HANDLE ObjectHandle,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ KPROCESSOR_MODE PreviousMode);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
SepDuplicateToken(
|
|
_In_ PTOKEN Token,
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_ BOOLEAN EffectiveOnly,
|
|
_In_ TOKEN_TYPE TokenType,
|
|
_In_ SECURITY_IMPERSONATION_LEVEL Level,
|
|
_In_ KPROCESSOR_MODE PreviousMode,
|
|
_Out_ PTOKEN* NewAccessToken);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
SepCaptureSecurityQualityOfService(
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
_In_ KPROCESSOR_MODE AccessMode,
|
|
_In_ POOL_TYPE PoolType,
|
|
_In_ BOOLEAN CaptureIfKernel,
|
|
_Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService,
|
|
_Out_ PBOOLEAN Present);
|
|
|
|
VOID
|
|
NTAPI
|
|
SepReleaseSecurityQualityOfService(
|
|
_In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService,
|
|
_In_ KPROCESSOR_MODE AccessMode,
|
|
_In_ BOOLEAN CaptureIfKernel);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
SepCaptureSid(
|
|
_In_ PSID InputSid,
|
|
_In_ KPROCESSOR_MODE AccessMode,
|
|
_In_ POOL_TYPE PoolType,
|
|
_In_ BOOLEAN CaptureIfKernel,
|
|
_Out_ PSID *CapturedSid);
|
|
|
|
VOID
|
|
NTAPI
|
|
SepReleaseSid(
|
|
_In_ PSID CapturedSid,
|
|
_In_ KPROCESSOR_MODE AccessMode,
|
|
_In_ BOOLEAN CaptureIfKernel);
|
|
|
|
PSID
|
|
NTAPI
|
|
SepGetSidFromAce(
|
|
_In_ UCHAR AceType,
|
|
_In_ PACE Ace);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
SeCaptureSidAndAttributesArray(
|
|
_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes,
|
|
_In_ ULONG AttributeCount,
|
|
_In_ KPROCESSOR_MODE PreviousMode,
|
|
_In_opt_ PVOID AllocatedMem,
|
|
_In_ ULONG AllocatedLength,
|
|
_In_ POOL_TYPE PoolType,
|
|
_In_ BOOLEAN CaptureIfKernel,
|
|
_Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes,
|
|
_Out_ PULONG ResultLength);
|
|
|
|
VOID
|
|
NTAPI
|
|
SeReleaseSidAndAttributesArray(
|
|
_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes,
|
|
_In_ KPROCESSOR_MODE AccessMode,
|
|
_In_ BOOLEAN CaptureIfKernel);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
SeComputeQuotaInformationSize(
|
|
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
_Out_ PULONG QuotaInfoSize);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
SepCaptureAcl(
|
|
_In_ PACL InputAcl,
|
|
_In_ KPROCESSOR_MODE AccessMode,
|
|
_In_ POOL_TYPE PoolType,
|
|
_In_ BOOLEAN CaptureIfKernel,
|
|
_Out_ PACL *CapturedAcl);
|
|
|
|
VOID
|
|
NTAPI
|
|
SepReleaseAcl(
|
|
_In_ PACL CapturedAcl,
|
|
_In_ KPROCESSOR_MODE AccessMode,
|
|
_In_ BOOLEAN CaptureIfKernel);
|
|
|
|
NTSTATUS
|
|
SepPropagateAcl(
|
|
_Out_writes_bytes_opt_(DaclLength) PACL AclDest,
|
|
_Inout_ PULONG AclLength,
|
|
_In_reads_bytes_(AclSource->AclSize) PACL AclSource,
|
|
_In_ PSID Owner,
|
|
_In_ PSID Group,
|
|
_In_ BOOLEAN IsInherited,
|
|
_In_ BOOLEAN IsDirectoryObject,
|
|
_In_ PGENERIC_MAPPING GenericMapping);
|
|
|
|
PACL
|
|
SepSelectAcl(
|
|
_In_opt_ PACL ExplicitAcl,
|
|
_In_ BOOLEAN ExplicitPresent,
|
|
_In_ BOOLEAN ExplicitDefaulted,
|
|
_In_opt_ PACL ParentAcl,
|
|
_In_opt_ PACL DefaultAcl,
|
|
_Out_ PULONG AclLength,
|
|
_In_ PSID Owner,
|
|
_In_ PSID Group,
|
|
_Out_ PBOOLEAN AclPresent,
|
|
_Out_ PBOOLEAN IsInherited,
|
|
_In_ BOOLEAN IsDirectoryObject,
|
|
_In_ PGENERIC_MAPPING GenericMapping);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
SeDefaultObjectMethod(
|
|
_In_ PVOID Object,
|
|
_In_ SECURITY_OPERATION_CODE OperationType,
|
|
_In_ PSECURITY_INFORMATION SecurityInformation,
|
|
_Inout_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
_Inout_opt_ PULONG ReturnLength,
|
|
_Inout_opt_ PSECURITY_DESCRIPTOR *OldSecurityDescriptor,
|
|
_In_ POOL_TYPE PoolType,
|
|
_In_ PGENERIC_MAPPING GenericMapping);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
SeSetWorldSecurityDescriptor(
|
|
_In_ SECURITY_INFORMATION SecurityInformation,
|
|
_In_ PISECURITY_DESCRIPTOR SecurityDescriptor,
|
|
_In_ PULONG BufferLength);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
SeCopyClientToken(
|
|
_In_ PACCESS_TOKEN Token,
|
|
_In_ SECURITY_IMPERSONATION_LEVEL Level,
|
|
_In_ KPROCESSOR_MODE PreviousMode,
|
|
_Out_ PACCESS_TOKEN* NewToken);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
SepRegQueryHelper(
|
|
_In_ PCWSTR KeyName,
|
|
_In_ PCWSTR ValueName,
|
|
_In_ ULONG ValueType,
|
|
_In_ ULONG DataLength,
|
|
_Out_ PVOID ValueData);
|
|
|
|
VOID
|
|
NTAPI
|
|
SeQuerySecurityAccessMask(
|
|
_In_ SECURITY_INFORMATION SecurityInformation,
|
|
_Out_ PACCESS_MASK DesiredAccess);
|
|
|
|
VOID
|
|
NTAPI
|
|
SeSetSecurityAccessMask(
|
|
_In_ SECURITY_INFORMATION SecurityInformation,
|
|
_Out_ PACCESS_MASK DesiredAccess);
|
|
|
|
BOOLEAN
|
|
NTAPI
|
|
SeFastTraverseCheck(
|
|
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
_In_ PACCESS_STATE AccessState,
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
_In_ KPROCESSOR_MODE AccessMode);
|
|
|
|
BOOLEAN
|
|
NTAPI
|
|
SeCheckAuditPrivilege(
|
|
_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
|
_In_ KPROCESSOR_MODE PreviousMode);
|
|
|
|
VOID
|
|
NTAPI
|
|
SePrivilegedServiceAuditAlarm(
|
|
_In_opt_ PUNICODE_STRING ServiceName,
|
|
_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
|
|
_In_ PPRIVILEGE_SET PrivilegeSet,
|
|
_In_ BOOLEAN AccessGranted);
|
|
|
|
NTSTATUS
|
|
SepRmReferenceLogonSession(
|
|
_Inout_ PLUID LogonLuid);
|
|
|
|
NTSTATUS
|
|
SepRmDereferenceLogonSession(
|
|
_Inout_ PLUID LogonLuid);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
SeGetLogonIdDeviceMap(
|
|
_In_ PLUID LogonId,
|
|
_Out_ PDEVICE_MAP *DeviceMap);
|
|
|
|
#endif
|
|
|
|
/* EOF */
|