xref: /reactos/ntoskrnl/include/internal/se.h (revision 463784c5) 
1 #pragma once
2 
3 typedef struct _KNOWN_ACE
4 {
5     ACE_HEADER Header;
6     ACCESS_MASK Mask;
7     ULONG SidStart;
8 } KNOWN_ACE, *PKNOWN_ACE;
9 
10 typedef struct _KNOWN_OBJECT_ACE
11 {
12     ACE_HEADER Header;
13     ACCESS_MASK Mask;
14     ULONG Flags;
15     ULONG SidStart;
16 } KNOWN_OBJECT_ACE, *PKNOWN_OBJECT_ACE;
17 
18 typedef struct _KNOWN_COMPOUND_ACE
19 {
20     ACE_HEADER Header;
21     ACCESS_MASK Mask;
22     USHORT CompoundAceType;
23     USHORT Reserved;
24     ULONG SidStart;
25 } KNOWN_COMPOUND_ACE, *PKNOWN_COMPOUND_ACE;
26 
27 typedef struct _TOKEN_AUDIT_POLICY_INFORMATION
28 {
29     ULONG PolicyCount;
30     struct
31     {
32         ULONG Category;
33         UCHAR Value;
34     } Policies[1];
35 } TOKEN_AUDIT_POLICY_INFORMATION, *PTOKEN_AUDIT_POLICY_INFORMATION;
36 
37 FORCEINLINE
38 PSID
39 SepGetGroupFromDescriptor(
40     _Inout_ PVOID _Descriptor)
41 {
42     PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
43     PISECURITY_DESCRIPTOR_RELATIVE SdRel;
44 
45     if (Descriptor->Control & SE_SELF_RELATIVE)
46     {
47         SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor;
48         if (!SdRel->Group) return NULL;
49         return (PSID)((ULONG_PTR)Descriptor + SdRel->Group);
50     }
51     else
52     {
53         return Descriptor->Group;
54     }
55 }
56 
57 FORCEINLINE
58 PSID
59 SepGetOwnerFromDescriptor(
60     _Inout_ PVOID _Descriptor)
61 {
62     PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
63     PISECURITY_DESCRIPTOR_RELATIVE SdRel;
64 
65     if (Descriptor->Control & SE_SELF_RELATIVE)
66     {
67         SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor;
68         if (!SdRel->Owner) return NULL;
69         return (PSID)((ULONG_PTR)Descriptor + SdRel->Owner);
70     }
71     else
72     {
73         return Descriptor->Owner;
74     }
75 }
76 
77 FORCEINLINE
78 PACL
79 SepGetDaclFromDescriptor(
80     _Inout_ PVOID _Descriptor)
81 {
82     PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
83     PISECURITY_DESCRIPTOR_RELATIVE SdRel;
84 
85     if (!(Descriptor->Control & SE_DACL_PRESENT)) return NULL;
86 
87     if (Descriptor->Control & SE_SELF_RELATIVE)
88     {
89         SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor;
90         if (!SdRel->Dacl) return NULL;
91         return (PACL)((ULONG_PTR)Descriptor + SdRel->Dacl);
92     }
93     else
94     {
95         return Descriptor->Dacl;
96     }
97 }
98 
99 FORCEINLINE
100 PACL
101 SepGetSaclFromDescriptor(
102     _Inout_ PVOID _Descriptor)
103 {
104     PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
105     PISECURITY_DESCRIPTOR_RELATIVE SdRel;
106 
107     if (!(Descriptor->Control & SE_SACL_PRESENT)) return NULL;
108 
109     if (Descriptor->Control & SE_SELF_RELATIVE)
110     {
111         SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor;
112         if (!SdRel->Sacl) return NULL;
113         return (PACL)((ULONG_PTR)Descriptor + SdRel->Sacl);
114     }
115     else
116     {
117         return Descriptor->Sacl;
118     }
119 }
120 
121 #ifndef RTL_H
122 
123 /* SID Authorities */
124 extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority;
125 extern SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority;
126 extern SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority;
127 extern SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority;
128 extern SID_IDENTIFIER_AUTHORITY SeNtSidAuthority;
129 
130 /* SIDs */
131 extern PSID SeNullSid;
132 extern PSID SeWorldSid;
133 extern PSID SeLocalSid;
134 extern PSID SeCreatorOwnerSid;
135 extern PSID SeCreatorGroupSid;
136 extern PSID SeCreatorOwnerServerSid;
137 extern PSID SeCreatorGroupServerSid;
138 extern PSID SeNtAuthoritySid;
139 extern PSID SeDialupSid;
140 extern PSID SeNetworkSid;
141 extern PSID SeBatchSid;
142 extern PSID SeInteractiveSid;
143 extern PSID SeServiceSid;
144 extern PSID SeAnonymousLogonSid;
145 extern PSID SePrincipalSelfSid;
146 extern PSID SeLocalSystemSid;
147 extern PSID SeAuthenticatedUserSid;
148 extern PSID SeRestrictedCodeSid;
149 extern PSID SeAliasAdminsSid;
150 extern PSID SeAliasUsersSid;
151 extern PSID SeAliasGuestsSid;
152 extern PSID SeAliasPowerUsersSid;
153 extern PSID SeAliasAccountOpsSid;
154 extern PSID SeAliasSystemOpsSid;
155 extern PSID SeAliasPrintOpsSid;
156 extern PSID SeAliasBackupOpsSid;
157 extern PSID SeAuthenticatedUsersSid;
158 extern PSID SeRestrictedSid;
159 extern PSID SeAnonymousLogonSid;
160 extern PSID SeLocalServiceSid;
161 extern PSID SeNetworkServiceSid;
162 
163 /* Privileges */
164 extern const LUID SeCreateTokenPrivilege;
165 extern const LUID SeAssignPrimaryTokenPrivilege;
166 extern const LUID SeLockMemoryPrivilege;
167 extern const LUID SeIncreaseQuotaPrivilege;
168 extern const LUID SeUnsolicitedInputPrivilege;
169 extern const LUID SeTcbPrivilege;
170 extern const LUID SeSecurityPrivilege;
171 extern const LUID SeTakeOwnershipPrivilege;
172 extern const LUID SeLoadDriverPrivilege;
173 extern const LUID SeSystemProfilePrivilege;
174 extern const LUID SeSystemtimePrivilege;
175 extern const LUID SeProfileSingleProcessPrivilege;
176 extern const LUID SeIncreaseBasePriorityPrivilege;
177 extern const LUID SeCreatePagefilePrivilege;
178 extern const LUID SeCreatePermanentPrivilege;
179 extern const LUID SeBackupPrivilege;
180 extern const LUID SeRestorePrivilege;
181 extern const LUID SeShutdownPrivilege;
182 extern const LUID SeDebugPrivilege;
183 extern const LUID SeAuditPrivilege;
184 extern const LUID SeSystemEnvironmentPrivilege;
185 extern const LUID SeChangeNotifyPrivilege;
186 extern const LUID SeRemoteShutdownPrivilege;
187 extern const LUID SeUndockPrivilege;
188 extern const LUID SeSyncAgentPrivilege;
189 extern const LUID SeEnableDelegationPrivilege;
190 extern const LUID SeManageVolumePrivilege;
191 extern const LUID SeImpersonatePrivilege;
192 extern const LUID SeCreateGlobalPrivilege;
193 extern const LUID SeTrustedCredmanPrivilege;
194 extern const LUID SeRelabelPrivilege;
195 extern const LUID SeIncreaseWorkingSetPrivilege;
196 extern const LUID SeTimeZonePrivilege;
197 extern const LUID SeCreateSymbolicLinkPrivilege;
198 
199 /* DACLs */
200 extern PACL SePublicDefaultUnrestrictedDacl;
201 extern PACL SePublicOpenDacl;
202 extern PACL SePublicOpenUnrestrictedDacl;
203 extern PACL SeUnrestrictedDacl;
204 extern PACL SeSystemAnonymousLogonDacl;
205 
206 /* SDs */
207 extern PSECURITY_DESCRIPTOR SePublicDefaultSd;
208 extern PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd;
209 extern PSECURITY_DESCRIPTOR SePublicOpenSd;
210 extern PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd;
211 extern PSECURITY_DESCRIPTOR SeSystemDefaultSd;
212 extern PSECURITY_DESCRIPTOR SeUnrestrictedSd;
213 extern PSECURITY_DESCRIPTOR SeSystemAnonymousLogonSd;
214 
215 /* Anonymous Logon Tokens */
216 extern PTOKEN SeAnonymousLogonToken;
217 extern PTOKEN SeAnonymousLogonTokenNoEveryone;
218 
219 
220 #define SepAcquireTokenLockExclusive(Token)                                    \
221 {                                                                              \
222     KeEnterCriticalRegion();                                                   \
223     ExAcquireResourceExclusiveLite(((PTOKEN)Token)->TokenLock, TRUE);          \
224 }
225 #define SepAcquireTokenLockShared(Token)                                       \
226 {                                                                              \
227     KeEnterCriticalRegion();                                                   \
228     ExAcquireResourceSharedLite(((PTOKEN)Token)->TokenLock, TRUE);             \
229 }
230 
231 #define SepReleaseTokenLock(Token)                                             \
232 {                                                                              \
233     ExReleaseResourceLite(((PTOKEN)Token)->TokenLock);                         \
234     KeLeaveCriticalRegion();                                                   \
235 }
236 
237 //
238 // Token Functions
239 //
240 BOOLEAN
241 NTAPI
242 SepTokenIsOwner(
243     _In_ PACCESS_TOKEN _Token,
244     _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
245     _In_ BOOLEAN TokenLocked);
246 
247 BOOLEAN
248 NTAPI
249 SepSidInToken(
250     _In_ PACCESS_TOKEN _Token,
251     _In_ PSID Sid);
252 
253 BOOLEAN
254 NTAPI
255 SepSidInTokenEx(
256     _In_ PACCESS_TOKEN _Token,
257     _In_ PSID PrincipalSelfSid,
258     _In_ PSID _Sid,
259     _In_ BOOLEAN Deny,
260     _In_ BOOLEAN Restricted);
261 
262 BOOLEAN
263 NTAPI
264 SeTokenCanImpersonate(
265     _In_ PTOKEN ProcessToken,
266     _In_ PTOKEN TokenToImpersonate,
267     _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel);
268 
269 /* Functions */
270 CODE_SEG("INIT")
271 BOOLEAN
272 NTAPI
273 SeInitSystem(VOID);
274 
275 CODE_SEG("INIT")
276 VOID
277 NTAPI
278 SepInitPrivileges(VOID);
279 
280 CODE_SEG("INIT")
281 BOOLEAN
282 NTAPI
283 SepInitSecurityIDs(VOID);
284 
285 CODE_SEG("INIT")
286 BOOLEAN
287 NTAPI
288 SepInitDACLs(VOID);
289 
290 CODE_SEG("INIT")
291 BOOLEAN
292 NTAPI
293 SepInitSDs(VOID);
294 
295 BOOLEAN
296 NTAPI
297 SeRmInitPhase0(VOID);
298 
299 BOOLEAN
300 NTAPI
301 SeRmInitPhase1(VOID);
302 
303 VOID
304 NTAPI
305 SeDeassignPrimaryToken(
306     _Inout_ PEPROCESS Process);
307 
308 NTSTATUS
309 NTAPI
310 SeSubProcessToken(
311     _In_ PTOKEN Parent,
312     _Out_ PTOKEN *Token,
313     _In_ BOOLEAN InUse,
314     _In_ ULONG SessionId);
315 
316 NTSTATUS
317 NTAPI
318 SeInitializeProcessAuditName(
319     _In_ PFILE_OBJECT FileObject,
320     _In_ BOOLEAN DoAudit,
321     _Out_ POBJECT_NAME_INFORMATION *AuditInfo);
322 
323 NTSTATUS
324 NTAPI
325 SeCreateAccessStateEx(
326     _In_ PETHREAD Thread,
327     _In_ PEPROCESS Process,
328     _In_ OUT PACCESS_STATE AccessState,
329     _In_ PAUX_ACCESS_DATA AuxData,
330     _In_ ACCESS_MASK Access,
331     _In_ PGENERIC_MAPPING GenericMapping);
332 
333 NTSTATUS
334 NTAPI
335 SeIsTokenChild(
336     _In_ PTOKEN Token,
337     _Out_ PBOOLEAN IsChild);
338 
339 NTSTATUS
340 NTAPI
341 SeIsTokenSibling(
342     _In_ PTOKEN Token,
343     _Out_ PBOOLEAN IsSibling);
344 
345 NTSTATUS
346 NTAPI
347 SepCreateImpersonationTokenDacl(
348     _In_ PTOKEN Token,
349     _In_ PTOKEN PrimaryToken,
350     _Out_ PACL* Dacl);
351 
352 NTSTATUS
353 NTAPI
354 SepRmInsertLogonSessionIntoToken(
355     _Inout_ PTOKEN Token);
356 
357 NTSTATUS
358 NTAPI
359 SepRmRemoveLogonSessionFromToken(
360     _Inout_ PTOKEN Token);
361 
362 CODE_SEG("INIT")
363 VOID
364 NTAPI
365 SepInitializeTokenImplementation(VOID);
366 
367 CODE_SEG("INIT")
368 PTOKEN
369 NTAPI
370 SepCreateSystemProcessToken(VOID);
371 
372 CODE_SEG("INIT")
373 PTOKEN
374 SepCreateSystemAnonymousLogonToken(VOID);
375 
376 CODE_SEG("INIT")
377 PTOKEN
378 SepCreateSystemAnonymousLogonTokenNoEveryone(VOID);
379 
380 BOOLEAN
381 NTAPI
382 SeDetailedAuditingWithToken(
383     _In_ PTOKEN Token);
384 
385 VOID
386 NTAPI
387 SeAuditProcessExit(
388     _In_ PEPROCESS Process);
389 
390 VOID
391 NTAPI
392 SeAuditProcessCreate(
393     _In_ PEPROCESS Process);
394 
395 NTSTATUS
396 NTAPI
397 SeExchangePrimaryToken(
398     _In_ PEPROCESS Process,
399     _In_ PACCESS_TOKEN NewAccessToken,
400     _Out_ PACCESS_TOKEN* OldAccessToken);
401 
402 VOID
403 NTAPI
404 SeCaptureSubjectContextEx(
405     _In_ PETHREAD Thread,
406     _In_ PEPROCESS Process,
407     _Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext);
408 
409 NTSTATUS
410 NTAPI
411 SeCaptureLuidAndAttributesArray(
412     _In_ PLUID_AND_ATTRIBUTES Src,
413     _In_ ULONG PrivilegeCount,
414     _In_ KPROCESSOR_MODE PreviousMode,
415     _In_ PLUID_AND_ATTRIBUTES AllocatedMem,
416     _In_ ULONG AllocatedLength,
417     _In_ POOL_TYPE PoolType,
418     _In_ BOOLEAN CaptureIfKernel,
419     _Out_ PLUID_AND_ATTRIBUTES* Dest,
420     _Inout_ PULONG Length);
421 
422 VOID
423 NTAPI
424 SeReleaseLuidAndAttributesArray(
425     _In_ PLUID_AND_ATTRIBUTES Privilege,
426     _In_ KPROCESSOR_MODE PreviousMode,
427     _In_ BOOLEAN CaptureIfKernel);
428 
429 BOOLEAN
430 NTAPI
431 SepPrivilegeCheck(
432     _In_ PTOKEN Token,
433     _In_ PLUID_AND_ATTRIBUTES Privileges,
434     _In_ ULONG PrivilegeCount,
435     _In_ ULONG PrivilegeControl,
436     _In_ KPROCESSOR_MODE PreviousMode);
437 
438 NTSTATUS
439 NTAPI
440 SePrivilegePolicyCheck(
441     _Inout_ PACCESS_MASK DesiredAccess,
442     _Inout_ PACCESS_MASK GrantedAccess,
443     _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
444     _In_ PTOKEN Token,
445     _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet,
446     _In_ KPROCESSOR_MODE PreviousMode);
447 
448 BOOLEAN
449 NTAPI
450 SeCheckPrivilegedObject(
451     _In_ LUID PrivilegeValue,
452     _In_ HANDLE ObjectHandle,
453     _In_ ACCESS_MASK DesiredAccess,
454     _In_ KPROCESSOR_MODE PreviousMode);
455 
456 NTSTATUS
457 NTAPI
458 SepDuplicateToken(
459     _In_ PTOKEN Token,
460     _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
461     _In_ BOOLEAN EffectiveOnly,
462     _In_ TOKEN_TYPE TokenType,
463     _In_ SECURITY_IMPERSONATION_LEVEL Level,
464     _In_ KPROCESSOR_MODE PreviousMode,
465     _Out_ PTOKEN* NewAccessToken);
466 
467 NTSTATUS
468 NTAPI
469 SepCaptureSecurityQualityOfService(
470     _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
471     _In_ KPROCESSOR_MODE AccessMode,
472     _In_ POOL_TYPE PoolType,
473     _In_ BOOLEAN CaptureIfKernel,
474     _Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService,
475     _Out_ PBOOLEAN Present);
476 
477 VOID
478 NTAPI
479 SepReleaseSecurityQualityOfService(
480     _In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService,
481     _In_ KPROCESSOR_MODE AccessMode,
482     _In_ BOOLEAN CaptureIfKernel);
483 
484 NTSTATUS
485 NTAPI
486 SepCaptureSid(
487     _In_ PSID InputSid,
488     _In_ KPROCESSOR_MODE AccessMode,
489     _In_ POOL_TYPE PoolType,
490     _In_ BOOLEAN CaptureIfKernel,
491     _Out_ PSID *CapturedSid);
492 
493 VOID
494 NTAPI
495 SepReleaseSid(
496     _In_ PSID CapturedSid,
497     _In_ KPROCESSOR_MODE AccessMode,
498     _In_ BOOLEAN CaptureIfKernel);
499 
500 NTSTATUS
501 NTAPI
502 SeCaptureSidAndAttributesArray(
503     _In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes,
504     _In_ ULONG AttributeCount,
505     _In_ KPROCESSOR_MODE PreviousMode,
506     _In_opt_ PVOID AllocatedMem,
507     _In_ ULONG AllocatedLength,
508     _In_ POOL_TYPE PoolType,
509     _In_ BOOLEAN CaptureIfKernel,
510     _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes,
511     _Out_ PULONG ResultLength);
512 
513 VOID
514 NTAPI
515 SeReleaseSidAndAttributesArray(
516     _In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes,
517     _In_ KPROCESSOR_MODE AccessMode,
518     _In_ BOOLEAN CaptureIfKernel);
519 
520 NTSTATUS
521 NTAPI
522 SeComputeQuotaInformationSize(
523     _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
524     _Out_ PULONG QuotaInfoSize);
525 
526 NTSTATUS
527 NTAPI
528 SepCaptureAcl(
529     _In_ PACL InputAcl,
530     _In_ KPROCESSOR_MODE AccessMode,
531     _In_ POOL_TYPE PoolType,
532     _In_ BOOLEAN CaptureIfKernel,
533     _Out_ PACL *CapturedAcl);
534 
535 VOID
536 NTAPI
537 SepReleaseAcl(
538     _In_ PACL CapturedAcl,
539     _In_ KPROCESSOR_MODE AccessMode,
540     _In_ BOOLEAN CaptureIfKernel);
541 
542 NTSTATUS
543 SepPropagateAcl(
544     _Out_writes_bytes_opt_(DaclLength) PACL AclDest,
545     _Inout_ PULONG AclLength,
546     _In_reads_bytes_(AclSource->AclSize) PACL AclSource,
547     _In_ PSID Owner,
548     _In_ PSID Group,
549     _In_ BOOLEAN IsInherited,
550     _In_ BOOLEAN IsDirectoryObject,
551     _In_ PGENERIC_MAPPING GenericMapping);
552 
553 PACL
554 SepSelectAcl(
555     _In_opt_ PACL ExplicitAcl,
556     _In_ BOOLEAN ExplicitPresent,
557     _In_ BOOLEAN ExplicitDefaulted,
558     _In_opt_ PACL ParentAcl,
559     _In_opt_ PACL DefaultAcl,
560     _Out_ PULONG AclLength,
561     _In_ PSID Owner,
562     _In_ PSID Group,
563     _Out_ PBOOLEAN AclPresent,
564     _Out_ PBOOLEAN IsInherited,
565     _In_ BOOLEAN IsDirectoryObject,
566     _In_ PGENERIC_MAPPING GenericMapping);
567 
568 NTSTATUS
569 NTAPI
570 SeDefaultObjectMethod(
571     _In_ PVOID Object,
572     _In_ SECURITY_OPERATION_CODE OperationType,
573     _In_ PSECURITY_INFORMATION SecurityInformation,
574     _Inout_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor,
575     _Inout_opt_ PULONG ReturnLength,
576     _Inout_opt_ PSECURITY_DESCRIPTOR *OldSecurityDescriptor,
577     _In_ POOL_TYPE PoolType,
578     _In_ PGENERIC_MAPPING GenericMapping);
579 
580 NTSTATUS
581 NTAPI
582 SeSetWorldSecurityDescriptor(
583     _In_ SECURITY_INFORMATION SecurityInformation,
584     _In_ PISECURITY_DESCRIPTOR SecurityDescriptor,
585     _In_ PULONG BufferLength);
586 
587 NTSTATUS
588 NTAPI
589 SeCopyClientToken(
590     _In_ PACCESS_TOKEN Token,
591     _In_ SECURITY_IMPERSONATION_LEVEL Level,
592     _In_ KPROCESSOR_MODE PreviousMode,
593     _Out_ PACCESS_TOKEN* NewToken);
594 
595 NTSTATUS
596 NTAPI
597 SepRegQueryHelper(
598     _In_ PCWSTR KeyName,
599     _In_ PCWSTR ValueName,
600     _In_ ULONG ValueType,
601     _In_ ULONG DataLength,
602     _Out_ PVOID ValueData);
603 
604 VOID
605 NTAPI
606 SeQuerySecurityAccessMask(
607     _In_ SECURITY_INFORMATION SecurityInformation,
608     _Out_ PACCESS_MASK DesiredAccess);
609 
610 VOID
611 NTAPI
612 SeSetSecurityAccessMask(
613     _In_ SECURITY_INFORMATION SecurityInformation,
614     _Out_ PACCESS_MASK DesiredAccess);
615 
616 BOOLEAN
617 NTAPI
618 SeFastTraverseCheck(
619     _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
620     _In_ PACCESS_STATE AccessState,
621     _In_ ACCESS_MASK DesiredAccess,
622     _In_ KPROCESSOR_MODE AccessMode);
623 
624 BOOLEAN
625 NTAPI
626 SeCheckAuditPrivilege(
627     _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
628     _In_ KPROCESSOR_MODE PreviousMode);
629 
630 VOID
631 NTAPI
632 SePrivilegedServiceAuditAlarm(
633     _In_opt_ PUNICODE_STRING ServiceName,
634     _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext,
635     _In_ PPRIVILEGE_SET PrivilegeSet,
636     _In_ BOOLEAN AccessGranted);
637 
638 NTSTATUS
639 SepRmReferenceLogonSession(
640     _Inout_ PLUID LogonLuid);
641 
642 NTSTATUS
643 SepRmDereferenceLogonSession(
644     _Inout_ PLUID LogonLuid);
645 
646 NTSTATUS
647 NTAPI
648 SeGetLogonIdDeviceMap(
649     _In_ PLUID LogonId,
650     _Out_ PDEVICE_MAP *DeviceMap);
651 
652 #endif
653 
654 /* EOF */
655