1 /*++ NDK Version: 0098 2 3 Copyright (c) Alex Ionescu. All rights reserved. 4 5 Header Name: 6 7 sefuncs.h 8 9 Abstract: 10 11 Function definitions for the security manager. 12 13 Author: 14 15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 16 17 --*/ 18 19 #ifndef _SEFUNCS_H 20 #define _SEFUNCS_H 21 22 // 23 // Dependencies 24 // 25 #include <umtypes.h> 26 27 #ifndef NTOS_MODE_USER 28 29 // 30 // Security Descriptors 31 // 32 NTKERNELAPI 33 NTSTATUS 34 NTAPI 35 SeCaptureSecurityDescriptor( 36 _In_ PSECURITY_DESCRIPTOR OriginalSecurityDescriptor, 37 _In_ KPROCESSOR_MODE CurrentMode, 38 _In_ POOL_TYPE PoolType, 39 _In_ BOOLEAN CaptureIfKernel, 40 _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor 41 ); 42 43 NTKERNELAPI 44 NTSTATUS 45 NTAPI 46 SeReleaseSecurityDescriptor( 47 _In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, 48 _In_ KPROCESSOR_MODE CurrentMode, 49 _In_ BOOLEAN CaptureIfKernelMode 50 ); 51 52 // 53 // Access States 54 // 55 NTKERNELAPI 56 NTSTATUS 57 NTAPI 58 SeCreateAccessState( 59 PACCESS_STATE AccessState, 60 PAUX_ACCESS_DATA AuxData, 61 ACCESS_MASK Access, 62 PGENERIC_MAPPING GenericMapping 63 ); 64 65 NTKERNELAPI 66 VOID 67 NTAPI 68 SeDeleteAccessState( 69 _In_ PACCESS_STATE AccessState 70 ); 71 72 // 73 // Impersonation 74 // 75 NTKERNELAPI 76 SECURITY_IMPERSONATION_LEVEL 77 NTAPI 78 SeTokenImpersonationLevel( 79 _In_ PACCESS_TOKEN Token 80 ); 81 82 #endif 83 84 // 85 // Native Calls 86 // 87 NTSYSCALLAPI 88 NTSTATUS 89 NTAPI 90 NtAccessCheck( 91 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 92 _In_ HANDLE ClientToken, 93 _In_ ACCESS_MASK DesiredAccess, 94 _In_ PGENERIC_MAPPING GenericMapping, 95 _Out_ PPRIVILEGE_SET PrivilegeSet, 96 _Out_ PULONG ReturnLength, 97 _Out_ PACCESS_MASK GrantedAccess, 98 _Out_ PNTSTATUS AccessStatus 99 ); 100 101 NTSTATUS 102 NTAPI 103 NtAccessCheckByType( 104 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 105 _In_ PSID PrincipalSelfSid, 106 _In_ HANDLE ClientToken, 107 _In_ ACCESS_MASK DesiredAccess, 108 _In_ POBJECT_TYPE_LIST ObjectTypeList, 109 _In_ ULONG ObjectTypeLength, 110 _In_ PGENERIC_MAPPING GenericMapping, 111 _In_ PPRIVILEGE_SET PrivilegeSet, 112 _Inout_ PULONG PrivilegeSetLength, 113 _Out_ PACCESS_MASK GrantedAccess, 114 _Out_ PNTSTATUS AccessStatus 115 ); 116 117 NTSTATUS 118 NTAPI 119 NtAccessCheckByTypeResultList( 120 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 121 _In_ PSID PrincipalSelfSid, 122 _In_ HANDLE ClientToken, 123 _In_ ACCESS_MASK DesiredAccess, 124 _In_ POBJECT_TYPE_LIST ObjectTypeList, 125 _In_ ULONG ObjectTypeLength, 126 _In_ PGENERIC_MAPPING GenericMapping, 127 _In_ PPRIVILEGE_SET PrivilegeSet, 128 _Inout_ PULONG PrivilegeSetLength, 129 _Out_ PACCESS_MASK GrantedAccess, 130 _Out_ PNTSTATUS AccessStatus 131 ); 132 133 _Must_inspect_result_ 134 __kernel_entry NTSYSCALLAPI 135 NTSTATUS 136 NTAPI 137 NtAccessCheckAndAuditAlarm( 138 _In_ PUNICODE_STRING SubsystemName, 139 _In_opt_ PVOID HandleId, 140 _In_ PUNICODE_STRING ObjectTypeName, 141 _In_ PUNICODE_STRING ObjectName, 142 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 143 _In_ ACCESS_MASK DesiredAccess, 144 _In_ PGENERIC_MAPPING GenericMapping, 145 _In_ BOOLEAN ObjectCreation, 146 _Out_ PACCESS_MASK GrantedAccess, 147 _Out_ PNTSTATUS AccessStatus, 148 _Out_ PBOOLEAN GenerateOnClose 149 ); 150 151 _Must_inspect_result_ 152 __kernel_entry 153 NTSYSCALLAPI 154 NTSTATUS 155 NTAPI 156 NtAdjustGroupsToken( 157 _In_ HANDLE TokenHandle, 158 _In_ BOOLEAN ResetToDefault, 159 _In_opt_ PTOKEN_GROUPS NewState, 160 _In_opt_ ULONG BufferLength, 161 _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, 162 _Out_ PULONG ReturnLength 163 ); 164 165 _Must_inspect_result_ 166 __kernel_entry 167 NTSYSCALLAPI 168 NTSTATUS 169 NTAPI 170 NtAdjustPrivilegesToken( 171 _In_ HANDLE TokenHandle, 172 _In_ BOOLEAN DisableAllPrivileges, 173 _In_opt_ PTOKEN_PRIVILEGES NewState, 174 _In_ ULONG BufferLength, 175 _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, 176 _When_(PreviousState != NULL, _Out_) PULONG ReturnLength 177 ); 178 179 NTSYSCALLAPI 180 NTSTATUS 181 NTAPI 182 NtAllocateLocallyUniqueId( 183 _Out_ LUID *LocallyUniqueId 184 ); 185 186 NTSYSCALLAPI 187 NTSTATUS 188 NTAPI 189 NtAllocateUuids( 190 PULARGE_INTEGER Time, 191 PULONG Range, 192 PULONG Sequence, 193 PUCHAR Seed 194 ); 195 196 NTSYSCALLAPI 197 NTSTATUS 198 NTAPI 199 NtCompareTokens( 200 _In_ HANDLE FirstTokenHandle, 201 _In_ HANDLE SecondTokenHandle, 202 _Out_ PBOOLEAN Equal); 203 204 __kernel_entry 205 NTSYSCALLAPI 206 NTSTATUS 207 NTAPI 208 NtCreateToken( 209 _Out_ PHANDLE TokenHandle, 210 _In_ ACCESS_MASK DesiredAccess, 211 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 212 _In_ TOKEN_TYPE TokenType, 213 _In_ PLUID AuthenticationId, 214 _In_ PLARGE_INTEGER ExpirationTime, 215 _In_ PTOKEN_USER TokenUser, 216 _In_ PTOKEN_GROUPS TokenGroups, 217 _In_ PTOKEN_PRIVILEGES TokenPrivileges, 218 _In_opt_ PTOKEN_OWNER TokenOwner, 219 _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, 220 _In_opt_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, 221 _In_ PTOKEN_SOURCE TokenSource 222 ); 223 224 _Must_inspect_result_ 225 __kernel_entry 226 NTSYSCALLAPI 227 NTSTATUS 228 NTAPI 229 NtDuplicateToken( 230 _In_ HANDLE ExistingTokenHandle, 231 _In_ ACCESS_MASK DesiredAccess, 232 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 233 _In_ BOOLEAN EffectiveOnly, 234 _In_ TOKEN_TYPE TokenType, 235 _Out_ PHANDLE NewTokenHandle 236 ); 237 238 NTSYSCALLAPI 239 NTSTATUS 240 NTAPI 241 NtImpersonateAnonymousToken( 242 _In_ HANDLE Thread 243 ); 244 245 __kernel_entry 246 NTSYSCALLAPI 247 NTSTATUS 248 NTAPI 249 NtOpenObjectAuditAlarm( 250 _In_ PUNICODE_STRING SubsystemName, 251 _In_opt_ PVOID HandleId, 252 _In_ PUNICODE_STRING ObjectTypeName, 253 _In_ PUNICODE_STRING ObjectName, 254 _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, 255 _In_ HANDLE ClientToken, 256 _In_ ACCESS_MASK DesiredAccess, 257 _In_ ACCESS_MASK GrantedAccess, 258 _In_opt_ PPRIVILEGE_SET Privileges, 259 _In_ BOOLEAN ObjectCreation, 260 _In_ BOOLEAN AccessGranted, 261 _Out_ PBOOLEAN GenerateOnClose 262 ); 263 264 NTSYSCALLAPI 265 NTSTATUS 266 NTAPI 267 NtOpenProcessTokenEx( 268 _In_ HANDLE ProcessHandle, 269 _In_ ACCESS_MASK DesiredAccess, 270 _In_ ULONG HandleAttributes, 271 _Out_ PHANDLE TokenHandle 272 ); 273 274 _Must_inspect_result_ 275 __kernel_entry 276 NTSYSCALLAPI 277 NTSTATUS 278 NTAPI 279 NtPrivilegeCheck( 280 _In_ HANDLE ClientToken, 281 _Inout_ PPRIVILEGE_SET RequiredPrivileges, 282 _Out_ PBOOLEAN Result 283 ); 284 285 NTSYSCALLAPI 286 NTSTATUS 287 NTAPI 288 NtPrivilegedServiceAuditAlarm( 289 _In_ PUNICODE_STRING SubsystemName, 290 _In_ PUNICODE_STRING ServiceName, 291 _In_ HANDLE ClientToken, 292 _In_ PPRIVILEGE_SET Privileges, 293 _In_ BOOLEAN AccessGranted 294 ); 295 296 __kernel_entry 297 NTSYSCALLAPI 298 NTSTATUS 299 NTAPI 300 NtPrivilegeObjectAuditAlarm( 301 _In_ PUNICODE_STRING SubsystemName, 302 _In_opt_ PVOID HandleId, 303 _In_ HANDLE ClientToken, 304 _In_ ACCESS_MASK DesiredAccess, 305 _In_ PPRIVILEGE_SET Privileges, 306 _In_ BOOLEAN AccessGranted 307 ); 308 309 _When_(TokenInformationClass == TokenAccessInformation, 310 _At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))) 311 _Must_inspect_result_ 312 __kernel_entry 313 NTSYSCALLAPI 314 NTSTATUS 315 NTAPI 316 NtQueryInformationToken( 317 _In_ HANDLE TokenHandle, 318 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, 319 _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, 320 _In_ ULONG TokenInformationLength, 321 _Out_ PULONG ReturnLength 322 ); 323 324 _Must_inspect_result_ 325 __kernel_entry 326 NTSYSCALLAPI 327 NTSTATUS 328 NTAPI 329 NtSetInformationToken( 330 _In_ HANDLE TokenHandle, 331 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, 332 _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, 333 _In_ ULONG TokenInformationLength 334 ); 335 336 NTSYSAPI 337 NTSTATUS 338 NTAPI 339 ZwAccessCheck( 340 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 341 _In_ HANDLE ClientToken, 342 _In_ ACCESS_MASK DesiredAccess, 343 _In_ PGENERIC_MAPPING GenericMapping, 344 _Out_ PPRIVILEGE_SET PrivilegeSet, 345 _Out_ PULONG ReturnLength, 346 _Out_ PACCESS_MASK GrantedAccess, 347 _Out_ PNTSTATUS AccessStatus 348 ); 349 350 NTSYSAPI 351 NTSTATUS 352 NTAPI 353 ZwAdjustGroupsToken( 354 _In_ HANDLE TokenHandle, 355 _In_ BOOLEAN ResetToDefault, 356 _In_ PTOKEN_GROUPS NewState, 357 _In_ ULONG BufferLength, 358 _Out_opt_ PTOKEN_GROUPS PreviousState, 359 _Out_ PULONG ReturnLength 360 ); 361 362 _Must_inspect_result_ 363 NTSYSAPI 364 NTSTATUS 365 NTAPI 366 ZwAdjustPrivilegesToken( 367 _In_ HANDLE TokenHandle, 368 _In_ BOOLEAN DisableAllPrivileges, 369 _In_opt_ PTOKEN_PRIVILEGES NewState, 370 _In_ ULONG BufferLength, 371 _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, 372 _When_(PreviousState != NULL, _Out_) PULONG ReturnLength 373 ); 374 375 NTSYSAPI 376 NTSTATUS 377 NTAPI 378 ZwAllocateLocallyUniqueId( 379 _Out_ LUID *LocallyUniqueId 380 ); 381 382 NTSYSAPI 383 NTSTATUS 384 NTAPI 385 ZwAllocateUuids( 386 PULARGE_INTEGER Time, 387 PULONG Range, 388 PULONG Sequence, 389 PUCHAR Seed 390 ); 391 392 NTSYSAPI 393 NTSTATUS 394 NTAPI 395 ZwCreateToken( 396 _Out_ PHANDLE TokenHandle, 397 _In_ ACCESS_MASK DesiredAccess, 398 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 399 _In_ TOKEN_TYPE TokenType, 400 _In_ PLUID AuthenticationId, 401 _In_ PLARGE_INTEGER ExpirationTime, 402 _In_ PTOKEN_USER TokenUser, 403 _In_ PTOKEN_GROUPS TokenGroups, 404 _In_ PTOKEN_PRIVILEGES TokenPrivileges, 405 _In_ PTOKEN_OWNER TokenOwner, 406 _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, 407 _In_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, 408 _In_ PTOKEN_SOURCE TokenSource 409 ); 410 411 _IRQL_requires_max_(PASSIVE_LEVEL) 412 NTSYSAPI 413 NTSTATUS 414 NTAPI 415 ZwDuplicateToken( 416 _In_ HANDLE ExistingTokenHandle, 417 _In_ ACCESS_MASK DesiredAccess, 418 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 419 _In_ BOOLEAN EffectiveOnly, 420 _In_ TOKEN_TYPE TokenType, 421 _Out_ PHANDLE NewTokenHandle 422 ); 423 424 NTSYSAPI 425 NTSTATUS 426 NTAPI 427 ZwImpersonateAnonymousToken( 428 _In_ HANDLE Thread 429 ); 430 431 NTSYSAPI 432 NTSTATUS 433 NTAPI 434 ZwOpenObjectAuditAlarm( 435 _In_ PUNICODE_STRING SubsystemName, 436 _In_ PVOID HandleId, 437 _In_ PUNICODE_STRING ObjectTypeName, 438 _In_ PUNICODE_STRING ObjectName, 439 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 440 _In_ HANDLE ClientToken, 441 _In_ ULONG DesiredAccess, 442 _In_ ULONG GrantedAccess, 443 _In_ PPRIVILEGE_SET Privileges, 444 _In_ BOOLEAN ObjectCreation, 445 _In_ BOOLEAN AccessGranted, 446 _Out_ PBOOLEAN GenerateOnClose 447 ); 448 449 _IRQL_requires_max_(PASSIVE_LEVEL) 450 NTSYSAPI 451 NTSTATUS 452 NTAPI 453 ZwOpenProcessToken( 454 _In_ HANDLE ProcessHandle, 455 _In_ ACCESS_MASK DesiredAccess, 456 _Out_ PHANDLE TokenHandle 457 ); 458 459 NTSYSAPI 460 NTSTATUS 461 NTAPI 462 ZwOpenProcessTokenEx( 463 _In_ HANDLE ProcessHandle, 464 _In_ ACCESS_MASK DesiredAccess, 465 _In_ ULONG HandleAttributes, 466 _Out_ PHANDLE TokenHandle 467 ); 468 469 NTSYSAPI 470 NTSTATUS 471 NTAPI 472 ZwPrivilegeCheck( 473 _In_ HANDLE ClientToken, 474 _In_ PPRIVILEGE_SET RequiredPrivileges, 475 _In_ PBOOLEAN Result 476 ); 477 478 NTSYSAPI 479 NTSTATUS 480 NTAPI 481 ZwPrivilegedServiceAuditAlarm( 482 _In_ PUNICODE_STRING SubsystemName, 483 _In_ PUNICODE_STRING ServiceName, 484 _In_ HANDLE ClientToken, 485 _In_ PPRIVILEGE_SET Privileges, 486 _In_ BOOLEAN AccessGranted 487 ); 488 489 NTSYSAPI 490 NTSTATUS 491 NTAPI 492 ZwPrivilegeObjectAuditAlarm( 493 _In_ PUNICODE_STRING SubsystemName, 494 _In_ PVOID HandleId, 495 _In_ HANDLE ClientToken, 496 _In_ ULONG DesiredAccess, 497 _In_ PPRIVILEGE_SET Privileges, 498 _In_ BOOLEAN AccessGranted 499 ); 500 501 _IRQL_requires_max_(PASSIVE_LEVEL) 502 NTSYSAPI 503 NTSTATUS 504 NTAPI 505 ZwQueryInformationToken( 506 _In_ HANDLE TokenHandle, 507 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, 508 _Out_writes_bytes_to_opt_(Length,*ResultLength) PVOID TokenInformation, 509 _In_ ULONG Length, 510 _Out_ PULONG ResultLength 511 ); 512 513 NTSYSAPI 514 NTSTATUS 515 NTAPI 516 ZwSetInformationToken( 517 _In_ HANDLE TokenHandle, 518 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, 519 _Out_ PVOID TokenInformation, 520 _In_ ULONG TokenInformationLength 521 ); 522 #endif 523