1 #pragma once 2 3 typedef struct _KNOWN_ACE 4 { 5 ACE_HEADER Header; 6 ACCESS_MASK Mask; 7 ULONG SidStart; 8 } KNOWN_ACE, *PKNOWN_ACE; 9 10 typedef struct _KNOWN_OBJECT_ACE 11 { 12 ACE_HEADER Header; 13 ACCESS_MASK Mask; 14 ULONG Flags; 15 ULONG SidStart; 16 } KNOWN_OBJECT_ACE, *PKNOWN_OBJECT_ACE; 17 18 typedef struct _KNOWN_COMPOUND_ACE 19 { 20 ACE_HEADER Header; 21 ACCESS_MASK Mask; 22 USHORT CompoundAceType; 23 USHORT Reserved; 24 ULONG SidStart; 25 } KNOWN_COMPOUND_ACE, *PKNOWN_COMPOUND_ACE; 26 27 typedef struct _TOKEN_AUDIT_POLICY_INFORMATION 28 { 29 ULONG PolicyCount; 30 struct 31 { 32 ULONG Category; 33 UCHAR Value; 34 } Policies[1]; 35 } TOKEN_AUDIT_POLICY_INFORMATION, *PTOKEN_AUDIT_POLICY_INFORMATION; 36 37 #define TOKEN_CREATE_METHOD 0xCUL 38 #define TOKEN_DUPLICATE_METHOD 0xDUL 39 #define TOKEN_FILTER_METHOD 0xFUL 40 41 FORCEINLINE 42 PSID 43 SepGetGroupFromDescriptor( 44 _Inout_ PVOID _Descriptor) 45 { 46 PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor; 47 PISECURITY_DESCRIPTOR_RELATIVE SdRel; 48 49 if (Descriptor->Control & SE_SELF_RELATIVE) 50 { 51 SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor; 52 if (!SdRel->Group) return NULL; 53 return (PSID)((ULONG_PTR)Descriptor + SdRel->Group); 54 } 55 else 56 { 57 return Descriptor->Group; 58 } 59 } 60 61 FORCEINLINE 62 PSID 63 SepGetOwnerFromDescriptor( 64 _Inout_ PVOID _Descriptor) 65 { 66 PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor; 67 PISECURITY_DESCRIPTOR_RELATIVE SdRel; 68 69 if (Descriptor->Control & SE_SELF_RELATIVE) 70 { 71 SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor; 72 if (!SdRel->Owner) return NULL; 73 return (PSID)((ULONG_PTR)Descriptor + SdRel->Owner); 74 } 75 else 76 { 77 return Descriptor->Owner; 78 } 79 } 80 81 FORCEINLINE 82 PACL 83 SepGetDaclFromDescriptor( 84 _Inout_ PVOID _Descriptor) 85 { 86 PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor; 87 PISECURITY_DESCRIPTOR_RELATIVE SdRel; 88 89 if (!(Descriptor->Control & SE_DACL_PRESENT)) return NULL; 90 91 if (Descriptor->Control & SE_SELF_RELATIVE) 92 { 93 SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor; 94 if (!SdRel->Dacl) return NULL; 95 return (PACL)((ULONG_PTR)Descriptor + SdRel->Dacl); 96 } 97 else 98 { 99 return Descriptor->Dacl; 100 } 101 } 102 103 FORCEINLINE 104 PACL 105 SepGetSaclFromDescriptor( 106 _Inout_ PVOID _Descriptor) 107 { 108 PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor; 109 PISECURITY_DESCRIPTOR_RELATIVE SdRel; 110 111 if (!(Descriptor->Control & SE_SACL_PRESENT)) return NULL; 112 113 if (Descriptor->Control & SE_SELF_RELATIVE) 114 { 115 SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor; 116 if (!SdRel->Sacl) return NULL; 117 return (PACL)((ULONG_PTR)Descriptor + SdRel->Sacl); 118 } 119 else 120 { 121 return Descriptor->Sacl; 122 } 123 } 124 125 #ifndef RTL_H 126 127 /* SID Authorities */ 128 extern SID_IDENTIFIER_AUTHORITY SeNullSidAuthority; 129 extern SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority; 130 extern SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority; 131 extern SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority; 132 extern SID_IDENTIFIER_AUTHORITY SeNtSidAuthority; 133 134 /* SIDs */ 135 extern PSID SeNullSid; 136 extern PSID SeWorldSid; 137 extern PSID SeLocalSid; 138 extern PSID SeCreatorOwnerSid; 139 extern PSID SeCreatorGroupSid; 140 extern PSID SeCreatorOwnerServerSid; 141 extern PSID SeCreatorGroupServerSid; 142 extern PSID SeNtAuthoritySid; 143 extern PSID SeDialupSid; 144 extern PSID SeNetworkSid; 145 extern PSID SeBatchSid; 146 extern PSID SeInteractiveSid; 147 extern PSID SeServiceSid; 148 extern PSID SeAnonymousLogonSid; 149 extern PSID SePrincipalSelfSid; 150 extern PSID SeLocalSystemSid; 151 extern PSID SeAuthenticatedUserSid; 152 extern PSID SeRestrictedCodeSid; 153 extern PSID SeAliasAdminsSid; 154 extern PSID SeAliasUsersSid; 155 extern PSID SeAliasGuestsSid; 156 extern PSID SeAliasPowerUsersSid; 157 extern PSID SeAliasAccountOpsSid; 158 extern PSID SeAliasSystemOpsSid; 159 extern PSID SeAliasPrintOpsSid; 160 extern PSID SeAliasBackupOpsSid; 161 extern PSID SeAuthenticatedUsersSid; 162 extern PSID SeRestrictedSid; 163 extern PSID SeAnonymousLogonSid; 164 extern PSID SeLocalServiceSid; 165 extern PSID SeNetworkServiceSid; 166 167 /* Privileges */ 168 extern const LUID SeCreateTokenPrivilege; 169 extern const LUID SeAssignPrimaryTokenPrivilege; 170 extern const LUID SeLockMemoryPrivilege; 171 extern const LUID SeIncreaseQuotaPrivilege; 172 extern const LUID SeUnsolicitedInputPrivilege; 173 extern const LUID SeTcbPrivilege; 174 extern const LUID SeSecurityPrivilege; 175 extern const LUID SeTakeOwnershipPrivilege; 176 extern const LUID SeLoadDriverPrivilege; 177 extern const LUID SeSystemProfilePrivilege; 178 extern const LUID SeSystemtimePrivilege; 179 extern const LUID SeProfileSingleProcessPrivilege; 180 extern const LUID SeIncreaseBasePriorityPrivilege; 181 extern const LUID SeCreatePagefilePrivilege; 182 extern const LUID SeCreatePermanentPrivilege; 183 extern const LUID SeBackupPrivilege; 184 extern const LUID SeRestorePrivilege; 185 extern const LUID SeShutdownPrivilege; 186 extern const LUID SeDebugPrivilege; 187 extern const LUID SeAuditPrivilege; 188 extern const LUID SeSystemEnvironmentPrivilege; 189 extern const LUID SeChangeNotifyPrivilege; 190 extern const LUID SeRemoteShutdownPrivilege; 191 extern const LUID SeUndockPrivilege; 192 extern const LUID SeSyncAgentPrivilege; 193 extern const LUID SeEnableDelegationPrivilege; 194 extern const LUID SeManageVolumePrivilege; 195 extern const LUID SeImpersonatePrivilege; 196 extern const LUID SeCreateGlobalPrivilege; 197 extern const LUID SeTrustedCredmanPrivilege; 198 extern const LUID SeRelabelPrivilege; 199 extern const LUID SeIncreaseWorkingSetPrivilege; 200 extern const LUID SeTimeZonePrivilege; 201 extern const LUID SeCreateSymbolicLinkPrivilege; 202 203 /* DACLs */ 204 extern PACL SePublicDefaultUnrestrictedDacl; 205 extern PACL SePublicOpenDacl; 206 extern PACL SePublicOpenUnrestrictedDacl; 207 extern PACL SeUnrestrictedDacl; 208 extern PACL SeSystemAnonymousLogonDacl; 209 210 /* SDs */ 211 extern PSECURITY_DESCRIPTOR SePublicDefaultSd; 212 extern PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd; 213 extern PSECURITY_DESCRIPTOR SePublicOpenSd; 214 extern PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd; 215 extern PSECURITY_DESCRIPTOR SeSystemDefaultSd; 216 extern PSECURITY_DESCRIPTOR SeUnrestrictedSd; 217 extern PSECURITY_DESCRIPTOR SeSystemAnonymousLogonSd; 218 219 /* Anonymous Logon Tokens */ 220 extern PTOKEN SeAnonymousLogonToken; 221 extern PTOKEN SeAnonymousLogonTokenNoEveryone; 222 223 224 #define SepAcquireTokenLockExclusive(Token) \ 225 { \ 226 KeEnterCriticalRegion(); \ 227 ExAcquireResourceExclusiveLite(((PTOKEN)Token)->TokenLock, TRUE); \ 228 } 229 #define SepAcquireTokenLockShared(Token) \ 230 { \ 231 KeEnterCriticalRegion(); \ 232 ExAcquireResourceSharedLite(((PTOKEN)Token)->TokenLock, TRUE); \ 233 } 234 235 #define SepReleaseTokenLock(Token) \ 236 { \ 237 ExReleaseResourceLite(((PTOKEN)Token)->TokenLock); \ 238 KeLeaveCriticalRegion(); \ 239 } 240 241 // 242 // Token Functions 243 // 244 BOOLEAN 245 NTAPI 246 SepTokenIsOwner( 247 _In_ PACCESS_TOKEN _Token, 248 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 249 _In_ BOOLEAN TokenLocked); 250 251 BOOLEAN 252 NTAPI 253 SepSidInToken( 254 _In_ PACCESS_TOKEN _Token, 255 _In_ PSID Sid); 256 257 BOOLEAN 258 NTAPI 259 SepSidInTokenEx( 260 _In_ PACCESS_TOKEN _Token, 261 _In_ PSID PrincipalSelfSid, 262 _In_ PSID _Sid, 263 _In_ BOOLEAN Deny, 264 _In_ BOOLEAN Restricted); 265 266 BOOLEAN 267 NTAPI 268 SeTokenCanImpersonate( 269 _In_ PTOKEN ProcessToken, 270 _In_ PTOKEN TokenToImpersonate, 271 _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel); 272 273 /* Functions */ 274 CODE_SEG("INIT") 275 BOOLEAN 276 NTAPI 277 SeInitSystem(VOID); 278 279 CODE_SEG("INIT") 280 VOID 281 NTAPI 282 SepInitPrivileges(VOID); 283 284 CODE_SEG("INIT") 285 BOOLEAN 286 NTAPI 287 SepInitSecurityIDs(VOID); 288 289 CODE_SEG("INIT") 290 BOOLEAN 291 NTAPI 292 SepInitDACLs(VOID); 293 294 CODE_SEG("INIT") 295 BOOLEAN 296 NTAPI 297 SepInitSDs(VOID); 298 299 BOOLEAN 300 NTAPI 301 SeRmInitPhase0(VOID); 302 303 BOOLEAN 304 NTAPI 305 SeRmInitPhase1(VOID); 306 307 VOID 308 NTAPI 309 SeDeassignPrimaryToken( 310 _Inout_ PEPROCESS Process); 311 312 NTSTATUS 313 NTAPI 314 SeSubProcessToken( 315 _In_ PTOKEN Parent, 316 _Out_ PTOKEN *Token, 317 _In_ BOOLEAN InUse, 318 _In_ ULONG SessionId); 319 320 NTSTATUS 321 NTAPI 322 SeInitializeProcessAuditName( 323 _In_ PFILE_OBJECT FileObject, 324 _In_ BOOLEAN DoAudit, 325 _Out_ POBJECT_NAME_INFORMATION *AuditInfo); 326 327 NTSTATUS 328 NTAPI 329 SeCreateAccessStateEx( 330 _In_ PETHREAD Thread, 331 _In_ PEPROCESS Process, 332 _In_ OUT PACCESS_STATE AccessState, 333 _In_ PAUX_ACCESS_DATA AuxData, 334 _In_ ACCESS_MASK Access, 335 _In_ PGENERIC_MAPPING GenericMapping); 336 337 NTSTATUS 338 NTAPI 339 SeIsTokenChild( 340 _In_ PTOKEN Token, 341 _Out_ PBOOLEAN IsChild); 342 343 NTSTATUS 344 NTAPI 345 SeIsTokenSibling( 346 _In_ PTOKEN Token, 347 _Out_ PBOOLEAN IsSibling); 348 349 NTSTATUS 350 NTAPI 351 SepCreateImpersonationTokenDacl( 352 _In_ PTOKEN Token, 353 _In_ PTOKEN PrimaryToken, 354 _Out_ PACL* Dacl); 355 356 NTSTATUS 357 NTAPI 358 SepRmInsertLogonSessionIntoToken( 359 _Inout_ PTOKEN Token); 360 361 NTSTATUS 362 NTAPI 363 SepRmRemoveLogonSessionFromToken( 364 _Inout_ PTOKEN Token); 365 366 CODE_SEG("INIT") 367 VOID 368 NTAPI 369 SepInitializeTokenImplementation(VOID); 370 371 CODE_SEG("INIT") 372 PTOKEN 373 NTAPI 374 SepCreateSystemProcessToken(VOID); 375 376 CODE_SEG("INIT") 377 PTOKEN 378 SepCreateSystemAnonymousLogonToken(VOID); 379 380 CODE_SEG("INIT") 381 PTOKEN 382 SepCreateSystemAnonymousLogonTokenNoEveryone(VOID); 383 384 BOOLEAN 385 NTAPI 386 SeDetailedAuditingWithToken( 387 _In_ PTOKEN Token); 388 389 VOID 390 NTAPI 391 SeAuditProcessExit( 392 _In_ PEPROCESS Process); 393 394 VOID 395 NTAPI 396 SeAuditProcessCreate( 397 _In_ PEPROCESS Process); 398 399 NTSTATUS 400 NTAPI 401 SeExchangePrimaryToken( 402 _In_ PEPROCESS Process, 403 _In_ PACCESS_TOKEN NewAccessToken, 404 _Out_ PACCESS_TOKEN* OldAccessToken); 405 406 VOID 407 NTAPI 408 SeCaptureSubjectContextEx( 409 _In_ PETHREAD Thread, 410 _In_ PEPROCESS Process, 411 _Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext); 412 413 NTSTATUS 414 NTAPI 415 SeCaptureLuidAndAttributesArray( 416 _In_ PLUID_AND_ATTRIBUTES Src, 417 _In_ ULONG PrivilegeCount, 418 _In_ KPROCESSOR_MODE PreviousMode, 419 _In_ PLUID_AND_ATTRIBUTES AllocatedMem, 420 _In_ ULONG AllocatedLength, 421 _In_ POOL_TYPE PoolType, 422 _In_ BOOLEAN CaptureIfKernel, 423 _Out_ PLUID_AND_ATTRIBUTES* Dest, 424 _Inout_ PULONG Length); 425 426 VOID 427 NTAPI 428 SeReleaseLuidAndAttributesArray( 429 _In_ PLUID_AND_ATTRIBUTES Privilege, 430 _In_ KPROCESSOR_MODE PreviousMode, 431 _In_ BOOLEAN CaptureIfKernel); 432 433 BOOLEAN 434 NTAPI 435 SepPrivilegeCheck( 436 _In_ PTOKEN Token, 437 _In_ PLUID_AND_ATTRIBUTES Privileges, 438 _In_ ULONG PrivilegeCount, 439 _In_ ULONG PrivilegeControl, 440 _In_ KPROCESSOR_MODE PreviousMode); 441 442 NTSTATUS 443 NTAPI 444 SePrivilegePolicyCheck( 445 _Inout_ PACCESS_MASK DesiredAccess, 446 _Inout_ PACCESS_MASK GrantedAccess, 447 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, 448 _In_ PTOKEN Token, 449 _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet, 450 _In_ KPROCESSOR_MODE PreviousMode); 451 452 BOOLEAN 453 NTAPI 454 SeCheckPrivilegedObject( 455 _In_ LUID PrivilegeValue, 456 _In_ HANDLE ObjectHandle, 457 _In_ ACCESS_MASK DesiredAccess, 458 _In_ KPROCESSOR_MODE PreviousMode); 459 460 NTSTATUS 461 NTAPI 462 SepDuplicateToken( 463 _In_ PTOKEN Token, 464 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 465 _In_ BOOLEAN EffectiveOnly, 466 _In_ TOKEN_TYPE TokenType, 467 _In_ SECURITY_IMPERSONATION_LEVEL Level, 468 _In_ KPROCESSOR_MODE PreviousMode, 469 _Out_ PTOKEN* NewAccessToken); 470 471 NTSTATUS 472 NTAPI 473 SepCaptureSecurityQualityOfService( 474 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 475 _In_ KPROCESSOR_MODE AccessMode, 476 _In_ POOL_TYPE PoolType, 477 _In_ BOOLEAN CaptureIfKernel, 478 _Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, 479 _Out_ PBOOLEAN Present); 480 481 VOID 482 NTAPI 483 SepReleaseSecurityQualityOfService( 484 _In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService, 485 _In_ KPROCESSOR_MODE AccessMode, 486 _In_ BOOLEAN CaptureIfKernel); 487 488 NTSTATUS 489 NTAPI 490 SepCaptureSid( 491 _In_ PSID InputSid, 492 _In_ KPROCESSOR_MODE AccessMode, 493 _In_ POOL_TYPE PoolType, 494 _In_ BOOLEAN CaptureIfKernel, 495 _Out_ PSID *CapturedSid); 496 497 VOID 498 NTAPI 499 SepReleaseSid( 500 _In_ PSID CapturedSid, 501 _In_ KPROCESSOR_MODE AccessMode, 502 _In_ BOOLEAN CaptureIfKernel); 503 504 NTSTATUS 505 NTAPI 506 SeCaptureSidAndAttributesArray( 507 _In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, 508 _In_ ULONG AttributeCount, 509 _In_ KPROCESSOR_MODE PreviousMode, 510 _In_opt_ PVOID AllocatedMem, 511 _In_ ULONG AllocatedLength, 512 _In_ POOL_TYPE PoolType, 513 _In_ BOOLEAN CaptureIfKernel, 514 _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, 515 _Out_ PULONG ResultLength); 516 517 VOID 518 NTAPI 519 SeReleaseSidAndAttributesArray( 520 _In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, 521 _In_ KPROCESSOR_MODE AccessMode, 522 _In_ BOOLEAN CaptureIfKernel); 523 524 NTSTATUS 525 NTAPI 526 SeComputeQuotaInformationSize( 527 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 528 _Out_ PULONG QuotaInfoSize); 529 530 NTSTATUS 531 NTAPI 532 SepCaptureAcl( 533 _In_ PACL InputAcl, 534 _In_ KPROCESSOR_MODE AccessMode, 535 _In_ POOL_TYPE PoolType, 536 _In_ BOOLEAN CaptureIfKernel, 537 _Out_ PACL *CapturedAcl); 538 539 VOID 540 NTAPI 541 SepReleaseAcl( 542 _In_ PACL CapturedAcl, 543 _In_ KPROCESSOR_MODE AccessMode, 544 _In_ BOOLEAN CaptureIfKernel); 545 546 NTSTATUS 547 SepPropagateAcl( 548 _Out_writes_bytes_opt_(DaclLength) PACL AclDest, 549 _Inout_ PULONG AclLength, 550 _In_reads_bytes_(AclSource->AclSize) PACL AclSource, 551 _In_ PSID Owner, 552 _In_ PSID Group, 553 _In_ BOOLEAN IsInherited, 554 _In_ BOOLEAN IsDirectoryObject, 555 _In_ PGENERIC_MAPPING GenericMapping); 556 557 PACL 558 SepSelectAcl( 559 _In_opt_ PACL ExplicitAcl, 560 _In_ BOOLEAN ExplicitPresent, 561 _In_ BOOLEAN ExplicitDefaulted, 562 _In_opt_ PACL ParentAcl, 563 _In_opt_ PACL DefaultAcl, 564 _Out_ PULONG AclLength, 565 _In_ PSID Owner, 566 _In_ PSID Group, 567 _Out_ PBOOLEAN AclPresent, 568 _Out_ PBOOLEAN IsInherited, 569 _In_ BOOLEAN IsDirectoryObject, 570 _In_ PGENERIC_MAPPING GenericMapping); 571 572 NTSTATUS 573 NTAPI 574 SeDefaultObjectMethod( 575 _In_ PVOID Object, 576 _In_ SECURITY_OPERATION_CODE OperationType, 577 _In_ PSECURITY_INFORMATION SecurityInformation, 578 _Inout_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, 579 _Inout_opt_ PULONG ReturnLength, 580 _Inout_opt_ PSECURITY_DESCRIPTOR *OldSecurityDescriptor, 581 _In_ POOL_TYPE PoolType, 582 _In_ PGENERIC_MAPPING GenericMapping); 583 584 NTSTATUS 585 NTAPI 586 SeSetWorldSecurityDescriptor( 587 _In_ SECURITY_INFORMATION SecurityInformation, 588 _In_ PISECURITY_DESCRIPTOR SecurityDescriptor, 589 _In_ PULONG BufferLength); 590 591 NTSTATUS 592 NTAPI 593 SeCopyClientToken( 594 _In_ PACCESS_TOKEN Token, 595 _In_ SECURITY_IMPERSONATION_LEVEL Level, 596 _In_ KPROCESSOR_MODE PreviousMode, 597 _Out_ PACCESS_TOKEN* NewToken); 598 599 NTSTATUS 600 NTAPI 601 SepRegQueryHelper( 602 _In_ PCWSTR KeyName, 603 _In_ PCWSTR ValueName, 604 _In_ ULONG ValueType, 605 _In_ ULONG DataLength, 606 _Out_ PVOID ValueData); 607 608 VOID 609 NTAPI 610 SeQuerySecurityAccessMask( 611 _In_ SECURITY_INFORMATION SecurityInformation, 612 _Out_ PACCESS_MASK DesiredAccess); 613 614 VOID 615 NTAPI 616 SeSetSecurityAccessMask( 617 _In_ SECURITY_INFORMATION SecurityInformation, 618 _Out_ PACCESS_MASK DesiredAccess); 619 620 BOOLEAN 621 NTAPI 622 SeFastTraverseCheck( 623 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 624 _In_ PACCESS_STATE AccessState, 625 _In_ ACCESS_MASK DesiredAccess, 626 _In_ KPROCESSOR_MODE AccessMode); 627 628 BOOLEAN 629 NTAPI 630 SeCheckAuditPrivilege( 631 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, 632 _In_ KPROCESSOR_MODE PreviousMode); 633 634 VOID 635 NTAPI 636 SePrivilegedServiceAuditAlarm( 637 _In_opt_ PUNICODE_STRING ServiceName, 638 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, 639 _In_ PPRIVILEGE_SET PrivilegeSet, 640 _In_ BOOLEAN AccessGranted); 641 642 NTSTATUS 643 SepRmReferenceLogonSession( 644 _Inout_ PLUID LogonLuid); 645 646 NTSTATUS 647 SepRmDereferenceLogonSession( 648 _Inout_ PLUID LogonLuid); 649 650 NTSTATUS 651 NTAPI 652 SeGetLogonIdDeviceMap( 653 _In_ PLUID LogonId, 654 _Out_ PDEVICE_MAP *DeviceMap); 655 656 #endif 657 658 /* EOF */ 659