reactos/include/xdk/sefuncs.h
Timo Kreuzer 5f2d67cb35 Sync to trunk head (r47736)
svn path=/branches/reactos-yarotows/; revision=47746
2010-06-10 20:57:03 +00:00

582 lines
13 KiB
C

/******************************************************************************
* Security Manager Functions *
******************************************************************************/
#if (NTDDI_VERSION >= NTDDI_WIN2K)
$if (_WDMDDK_)
NTKERNELAPI
BOOLEAN
NTAPI
SeAccessCheck(
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
IN BOOLEAN SubjectContextLocked,
IN ACCESS_MASK DesiredAccess,
IN ACCESS_MASK PreviouslyGrantedAccess,
OUT PPRIVILEGE_SET *Privileges OPTIONAL,
IN PGENERIC_MAPPING GenericMapping,
IN KPROCESSOR_MODE AccessMode,
OUT PACCESS_MASK GrantedAccess,
OUT PNTSTATUS AccessStatus);
NTKERNELAPI
NTSTATUS
NTAPI
SeAssignSecurity(
IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL,
IN PSECURITY_DESCRIPTOR ExplicitDescriptor OPTIONAL,
OUT PSECURITY_DESCRIPTOR *NewDescriptor,
IN BOOLEAN IsDirectoryObject,
IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
IN PGENERIC_MAPPING GenericMapping,
IN POOL_TYPE PoolType);
NTKERNELAPI
NTSTATUS
NTAPI
SeAssignSecurityEx(
IN PSECURITY_DESCRIPTOR ParentDescriptor OPTIONAL,
IN PSECURITY_DESCRIPTOR ExplicitDescriptor OPTIONAL,
OUT PSECURITY_DESCRIPTOR *NewDescriptor,
IN GUID *ObjectType OPTIONAL,
IN BOOLEAN IsDirectoryObject,
IN ULONG AutoInheritFlags,
IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
IN PGENERIC_MAPPING GenericMapping,
IN POOL_TYPE PoolType);
NTKERNELAPI
NTSTATUS
NTAPI
SeDeassignSecurity(
IN OUT PSECURITY_DESCRIPTOR *SecurityDescriptor);
NTKERNELAPI
BOOLEAN
NTAPI
SeValidSecurityDescriptor(
IN ULONG Length,
IN PSECURITY_DESCRIPTOR SecurityDescriptor);
NTKERNELAPI
ULONG
NTAPI
SeObjectCreateSaclAccessBits(
IN PSECURITY_DESCRIPTOR SecurityDescriptor);
NTKERNELAPI
VOID
NTAPI
SeReleaseSubjectContext(
IN OUT PSECURITY_SUBJECT_CONTEXT SubjectContext);
NTKERNELAPI
VOID
NTAPI
SeUnlockSubjectContext(
IN PSECURITY_SUBJECT_CONTEXT SubjectContext);
NTKERNELAPI
VOID
NTAPI
SeCaptureSubjectContext(
OUT PSECURITY_SUBJECT_CONTEXT SubjectContext);
NTKERNELAPI
VOID
NTAPI
SeLockSubjectContext(
IN PSECURITY_SUBJECT_CONTEXT SubjectContext);
$endif (_WDMDDK_)
$if (_NTDDK_)
NTKERNELAPI
BOOLEAN
NTAPI
SeSinglePrivilegeCheck(
IN LUID PrivilegeValue,
IN KPROCESSOR_MODE PreviousMode);
$endif (_NTDDK_)
$if (_NTIFS_)
NTKERNELAPI
VOID
NTAPI
SeReleaseSubjectContext(
IN PSECURITY_SUBJECT_CONTEXT SubjectContext);
NTKERNELAPI
BOOLEAN
NTAPI
SePrivilegeCheck(
IN OUT PPRIVILEGE_SET RequiredPrivileges,
IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
IN KPROCESSOR_MODE AccessMode);
NTKERNELAPI
VOID
NTAPI
SeOpenObjectAuditAlarm(
IN PUNICODE_STRING ObjectTypeName,
IN PVOID Object OPTIONAL,
IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PACCESS_STATE AccessState,
IN BOOLEAN ObjectCreated,
IN BOOLEAN AccessGranted,
IN KPROCESSOR_MODE AccessMode,
OUT PBOOLEAN GenerateOnClose);
NTKERNELAPI
VOID
NTAPI
SeOpenObjectForDeleteAuditAlarm(
IN PUNICODE_STRING ObjectTypeName,
IN PVOID Object OPTIONAL,
IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PACCESS_STATE AccessState,
IN BOOLEAN ObjectCreated,
IN BOOLEAN AccessGranted,
IN KPROCESSOR_MODE AccessMode,
OUT PBOOLEAN GenerateOnClose);
NTKERNELAPI
VOID
NTAPI
SeDeleteObjectAuditAlarm(
IN PVOID Object,
IN HANDLE Handle);
NTKERNELAPI
TOKEN_TYPE
NTAPI
SeTokenType(
IN PACCESS_TOKEN Token);
NTKERNELAPI
BOOLEAN
NTAPI
SeTokenIsAdmin(
IN PACCESS_TOKEN Token);
NTKERNELAPI
BOOLEAN
NTAPI
SeTokenIsRestricted(
IN PACCESS_TOKEN Token);
NTKERNELAPI
NTSTATUS
NTAPI
SeQueryAuthenticationIdToken(
IN PACCESS_TOKEN Token,
OUT PLUID AuthenticationId);
NTKERNELAPI
NTSTATUS
NTAPI
SeQuerySessionIdToken(
IN PACCESS_TOKEN Token,
OUT PULONG SessionId);
NTKERNELAPI
NTSTATUS
NTAPI
SeCreateClientSecurity(
IN PETHREAD ClientThread,
IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
IN BOOLEAN RemoteSession,
OUT PSECURITY_CLIENT_CONTEXT ClientContext);
NTKERNELAPI
VOID
NTAPI
SeImpersonateClient(
IN PSECURITY_CLIENT_CONTEXT ClientContext,
IN PETHREAD ServerThread OPTIONAL);
NTKERNELAPI
NTSTATUS
NTAPI
SeImpersonateClientEx(
IN PSECURITY_CLIENT_CONTEXT ClientContext,
IN PETHREAD ServerThread OPTIONAL);
NTKERNELAPI
NTSTATUS
NTAPI
SeCreateClientSecurityFromSubjectContext(
IN PSECURITY_SUBJECT_CONTEXT SubjectContext,
IN PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
IN BOOLEAN ServerIsRemote,
OUT PSECURITY_CLIENT_CONTEXT ClientContext);
NTKERNELAPI
NTSTATUS
NTAPI
SeQuerySecurityDescriptorInfo(
IN PSECURITY_INFORMATION SecurityInformation,
OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
IN OUT PULONG Length,
IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor);
NTKERNELAPI
NTSTATUS
NTAPI
SeSetSecurityDescriptorInfo(
IN PVOID Object OPTIONAL,
IN PSECURITY_INFORMATION SecurityInformation,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
IN POOL_TYPE PoolType,
IN PGENERIC_MAPPING GenericMapping);
NTKERNELAPI
NTSTATUS
NTAPI
SeSetSecurityDescriptorInfoEx(
IN PVOID Object OPTIONAL,
IN PSECURITY_INFORMATION SecurityInformation,
IN PSECURITY_DESCRIPTOR ModificationDescriptor,
IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
IN ULONG AutoInheritFlags,
IN POOL_TYPE PoolType,
IN PGENERIC_MAPPING GenericMapping);
NTKERNELAPI
NTSTATUS
NTAPI
SeAppendPrivileges(
IN OUT PACCESS_STATE AccessState,
IN PPRIVILEGE_SET Privileges);
NTKERNELAPI
BOOLEAN
NTAPI
SeAuditingFileEvents(
IN BOOLEAN AccessGranted,
IN PSECURITY_DESCRIPTOR SecurityDescriptor);
NTKERNELAPI
BOOLEAN
NTAPI
SeAuditingFileOrGlobalEvents(
IN BOOLEAN AccessGranted,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext);
VOID
NTAPI
SeSetAccessStateGenericMapping(
IN OUT PACCESS_STATE AccessState,
IN PGENERIC_MAPPING GenericMapping);
NTKERNELAPI
NTSTATUS
NTAPI
SeRegisterLogonSessionTerminatedRoutine(
IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine);
NTKERNELAPI
NTSTATUS
NTAPI
SeUnregisterLogonSessionTerminatedRoutine(
IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine);
NTKERNELAPI
NTSTATUS
NTAPI
SeMarkLogonSessionForTerminationNotification(
IN PLUID LogonId);
NTKERNELAPI
NTSTATUS
NTAPI
SeQueryInformationToken(
IN PACCESS_TOKEN Token,
IN TOKEN_INFORMATION_CLASS TokenInformationClass,
OUT PVOID *TokenInformation);
$endif (_NTIFS_)
#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
$if (_NTIFS_)
#if (NTDDI_VERSION >= NTDDI_WIN2KSP3)
NTKERNELAPI
BOOLEAN
NTAPI
SeAuditingHardLinkEvents(
IN BOOLEAN AccessGranted,
IN PSECURITY_DESCRIPTOR SecurityDescriptor);
#endif
#if (NTDDI_VERSION >= NTDDI_WINXP)
NTKERNELAPI
NTSTATUS
NTAPI
SeFilterToken(
IN PACCESS_TOKEN ExistingToken,
IN ULONG Flags,
IN PTOKEN_GROUPS SidsToDisable OPTIONAL,
IN PTOKEN_PRIVILEGES PrivilegesToDelete OPTIONAL,
IN PTOKEN_GROUPS RestrictedSids OPTIONAL,
OUT PACCESS_TOKEN *FilteredToken);
NTKERNELAPI
VOID
NTAPI
SeAuditHardLinkCreation(
IN PUNICODE_STRING FileName,
IN PUNICODE_STRING LinkName,
IN BOOLEAN bSuccess);
#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
#if (NTDDI_VERSION >= NTDDI_WINXPSP2)
NTKERNELAPI
BOOLEAN
NTAPI
SeAuditingFileEventsWithContext(
IN BOOLEAN AccessGranted,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL);
NTKERNELAPI
BOOLEAN
NTAPI
SeAuditingHardLinkEventsWithContext(
IN BOOLEAN AccessGranted,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL);
#endif
$endif (_NTIFS_)
$if (_WDMDDK_)
#if (NTDDI_VERSION >= NTDDI_WS03SP1)
NTSTATUS
NTAPI
SeSetAuditParameter(
IN OUT PSE_ADT_PARAMETER_ARRAY AuditParameters,
IN SE_ADT_PARAMETER_TYPE Type,
IN ULONG Index,
IN PVOID Data);
NTSTATUS
NTAPI
SeReportSecurityEvent(
IN ULONG Flags,
IN PUNICODE_STRING SourceName,
IN PSID UserSid OPTIONAL,
IN PSE_ADT_PARAMETER_ARRAY AuditParameters);
#endif /* (NTDDI_VERSION >= NTDDI_WS03SP1) */
$endif (_WDMDDK_)
$if (_WDMDDK_ || _NTIFS_)
#if (NTDDI_VERSION >= NTDDI_VISTA)
$endif
$if (_WDMDDK_)
NTKERNELAPI
ULONG
NTAPI
SeComputeAutoInheritByObjectType(
IN PVOID ObjectType,
IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL,
IN PSECURITY_DESCRIPTOR ParentSecurityDescriptor OPTIONAL);
#ifdef SE_NTFS_WORLD_CACHE
VOID
NTAPI
SeGetWorldRights(
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PGENERIC_MAPPING GenericMapping,
OUT PACCESS_MASK GrantedAccess);
#endif /* SE_NTFS_WORLD_CACHE */
$endif (_WDMDDK_)
$if (_NTIFS_)
NTKERNELAPI
VOID
NTAPI
SeOpenObjectAuditAlarmWithTransaction(
IN PUNICODE_STRING ObjectTypeName,
IN PVOID Object OPTIONAL,
IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PACCESS_STATE AccessState,
IN BOOLEAN ObjectCreated,
IN BOOLEAN AccessGranted,
IN KPROCESSOR_MODE AccessMode,
IN GUID *TransactionId OPTIONAL,
OUT PBOOLEAN GenerateOnClose);
NTKERNELAPI
VOID
NTAPI
SeOpenObjectForDeleteAuditAlarmWithTransaction(
IN PUNICODE_STRING ObjectTypeName,
IN PVOID Object OPTIONAL,
IN PUNICODE_STRING AbsoluteObjectName OPTIONAL,
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PACCESS_STATE AccessState,
IN BOOLEAN ObjectCreated,
IN BOOLEAN AccessGranted,
IN KPROCESSOR_MODE AccessMode,
IN GUID *TransactionId OPTIONAL,
OUT PBOOLEAN GenerateOnClose);
NTKERNELAPI
VOID
NTAPI
SeExamineSacl(
IN PACL Sacl,
IN PACCESS_TOKEN Token,
IN ACCESS_MASK DesiredAccess,
IN BOOLEAN AccessGranted,
OUT PBOOLEAN GenerateAudit,
OUT PBOOLEAN GenerateAlarm);
NTKERNELAPI
VOID
NTAPI
SeDeleteObjectAuditAlarmWithTransaction(
IN PVOID Object,
IN HANDLE Handle,
IN GUID *TransactionId OPTIONAL);
NTKERNELAPI
VOID
NTAPI
SeQueryTokenIntegrity(
IN PACCESS_TOKEN Token,
IN OUT PSID_AND_ATTRIBUTES IntegritySA);
NTKERNELAPI
NTSTATUS
NTAPI
SeSetSessionIdToken(
IN PACCESS_TOKEN Token,
IN ULONG SessionId);
NTKERNELAPI
VOID
NTAPI
SeAuditHardLinkCreationWithTransaction(
IN PUNICODE_STRING FileName,
IN PUNICODE_STRING LinkName,
IN BOOLEAN bSuccess,
IN GUID *TransactionId OPTIONAL);
NTKERNELAPI
VOID
NTAPI
SeAuditTransactionStateChange(
IN GUID *TransactionId,
IN GUID *ResourceManagerId,
IN ULONG NewTransactionState);
$endif (_NTIFS_)
$if (_WDMDDK_ || _NTIFS_)
#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
$endif
$if (_NTIFS_)
#if (NTDDI_VERSION >= NTDDI_VISTA || (NTDDI_VERSION >= NTDDI_WINXPSP2 && NTDDI_VERSION < NTDDI_WS03))
NTKERNELAPI
BOOLEAN
NTAPI
SeTokenIsWriteRestricted(
IN PACCESS_TOKEN Token);
#endif
#if (NTDDI_VERSION >= NTDDI_WIN7)
NTKERNELAPI
BOOLEAN
NTAPI
SeAuditingAnyFileEventsWithContext(
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL);
NTKERNELAPI
VOID
NTAPI
SeExamineGlobalSacl(
IN PUNICODE_STRING ObjectType,
IN PACCESS_TOKEN Token,
IN ACCESS_MASK DesiredAccess,
IN BOOLEAN AccessGranted,
IN OUT PBOOLEAN GenerateAudit,
IN OUT PBOOLEAN GenerateAlarm OPTIONAL);
NTKERNELAPI
VOID
NTAPI
SeMaximumAuditMaskFromGlobalSacl(
IN PUNICODE_STRING ObjectTypeName OPTIONAL,
IN ACCESS_MASK GrantedAccess,
IN PACCESS_TOKEN Token,
IN OUT PACCESS_MASK AuditMask);
#endif /* (NTDDI_VERSION >= NTDDI_WIN7) */
NTSTATUS
NTAPI
SeReportSecurityEventWithSubCategory(
IN ULONG Flags,
IN PUNICODE_STRING SourceName,
IN PSID UserSid OPTIONAL,
IN PSE_ADT_PARAMETER_ARRAY AuditParameters,
IN ULONG AuditSubcategoryId);
BOOLEAN
NTAPI
SeAccessCheckFromState(
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
IN PTOKEN_ACCESS_INFORMATION PrimaryTokenInformation,
IN PTOKEN_ACCESS_INFORMATION ClientTokenInformation OPTIONAL,
IN ACCESS_MASK DesiredAccess,
IN ACCESS_MASK PreviouslyGrantedAccess,
OUT PPRIVILEGE_SET *Privileges OPTIONAL,
IN PGENERIC_MAPPING GenericMapping,
IN KPROCESSOR_MODE AccessMode,
OUT PACCESS_MASK GrantedAccess,
OUT PNTSTATUS AccessStatus);
NTKERNELAPI
VOID
NTAPI
SeFreePrivileges(
IN PPRIVILEGE_SET Privileges);
NTSTATUS
NTAPI
SeLocateProcessImageName(
IN OUT PEPROCESS Process,
OUT PUNICODE_STRING *pImageFileName);
#define SeLengthSid( Sid ) \
(8 + (4 * ((SID *)Sid)->SubAuthorityCount))
#define SeDeleteClientSecurity(C) { \
if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
PsDereferencePrimaryToken( (C)->ClientToken ); \
} else { \
PsDereferenceImpersonationToken( (C)->ClientToken ); \
} \
}
#define SeStopImpersonatingClient() PsRevertToSelf()
#define SeQuerySubjectContextToken( SubjectContext ) \
( ARGUMENT_PRESENT( \
((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \
) ? \
((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \
((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken )
extern NTKERNELAPI PSE_EXPORTS SeExports;
$endif (_NTIFS_)