1 /*++ NDK Version: 0098 2 3 Copyright (c) Alex Ionescu. All rights reserved. 4 5 Header Name: 6 7 sefuncs.h 8 9 Abstract: 10 11 Function definitions for the security manager. 12 13 Author: 14 15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 16 17 --*/ 18 19 #ifndef _SEFUNCS_H 20 #define _SEFUNCS_H 21 22 // 23 // Dependencies 24 // 25 #include <umtypes.h> 26 27 #ifndef NTOS_MODE_USER 28 29 // 30 // Security Descriptors 31 // 32 NTKERNELAPI 33 NTSTATUS 34 NTAPI 35 SeCaptureSecurityDescriptor( 36 _In_ PSECURITY_DESCRIPTOR OriginalSecurityDescriptor, 37 _In_ KPROCESSOR_MODE CurrentMode, 38 _In_ POOL_TYPE PoolType, 39 _In_ BOOLEAN CaptureIfKernel, 40 _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor); 41 42 NTKERNELAPI 43 NTSTATUS 44 NTAPI 45 SeReleaseSecurityDescriptor( 46 _In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, 47 _In_ KPROCESSOR_MODE CurrentMode, 48 _In_ BOOLEAN CaptureIfKernelMode); 49 50 // 51 // Access States 52 // 53 NTKERNELAPI 54 NTSTATUS 55 NTAPI 56 SeCreateAccessState( 57 _In_ PACCESS_STATE AccessState, 58 _In_ PAUX_ACCESS_DATA AuxData, 59 _In_ ACCESS_MASK Access, 60 _In_ PGENERIC_MAPPING GenericMapping); 61 62 NTKERNELAPI 63 VOID 64 NTAPI 65 SeDeleteAccessState( 66 _In_ PACCESS_STATE AccessState); 67 68 // 69 // Impersonation 70 // 71 NTKERNELAPI 72 SECURITY_IMPERSONATION_LEVEL 73 NTAPI 74 SeTokenImpersonationLevel( 75 _In_ PACCESS_TOKEN Token); 76 77 #endif 78 79 // 80 // Native Calls 81 // 82 NTSYSCALLAPI 83 NTSTATUS 84 NTAPI 85 NtAccessCheck( 86 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 87 _In_ HANDLE ClientToken, 88 _In_ ACCESS_MASK DesiredAccess, 89 _In_ PGENERIC_MAPPING GenericMapping, 90 _Out_ PPRIVILEGE_SET PrivilegeSet, 91 _Out_ PULONG ReturnLength, 92 _Out_ PACCESS_MASK GrantedAccess, 93 _Out_ PNTSTATUS AccessStatus); 94 95 NTSTATUS 96 NTAPI 97 NtAccessCheckByType( 98 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 99 _In_ PSID PrincipalSelfSid, 100 _In_ HANDLE ClientToken, 101 _In_ ACCESS_MASK DesiredAccess, 102 _In_ POBJECT_TYPE_LIST ObjectTypeList, 103 _In_ ULONG ObjectTypeLength, 104 _In_ PGENERIC_MAPPING GenericMapping, 105 _In_ PPRIVILEGE_SET PrivilegeSet, 106 _Inout_ PULONG PrivilegeSetLength, 107 _Out_ PACCESS_MASK GrantedAccess, 108 _Out_ PNTSTATUS AccessStatus); 109 110 NTSTATUS 111 NTAPI 112 NtAccessCheckByTypeResultList( 113 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 114 _In_ PSID PrincipalSelfSid, 115 _In_ HANDLE ClientToken, 116 _In_ ACCESS_MASK DesiredAccess, 117 _In_ POBJECT_TYPE_LIST ObjectTypeList, 118 _In_ ULONG ObjectTypeLength, 119 _In_ PGENERIC_MAPPING GenericMapping, 120 _In_ PPRIVILEGE_SET PrivilegeSet, 121 _Inout_ PULONG PrivilegeSetLength, 122 _Out_ PACCESS_MASK GrantedAccess, 123 _Out_ PNTSTATUS AccessStatus); 124 125 _Must_inspect_result_ 126 __kernel_entry NTSYSCALLAPI 127 NTSTATUS 128 NTAPI 129 NtAccessCheckAndAuditAlarm( 130 _In_ PUNICODE_STRING SubsystemName, 131 _In_opt_ PVOID HandleId, 132 _In_ PUNICODE_STRING ObjectTypeName, 133 _In_ PUNICODE_STRING ObjectName, 134 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 135 _In_ ACCESS_MASK DesiredAccess, 136 _In_ PGENERIC_MAPPING GenericMapping, 137 _In_ BOOLEAN ObjectCreation, 138 _Out_ PACCESS_MASK GrantedAccess, 139 _Out_ PNTSTATUS AccessStatus, 140 _Out_ PBOOLEAN GenerateOnClose); 141 142 _Must_inspect_result_ 143 __kernel_entry 144 NTSYSCALLAPI 145 NTSTATUS 146 NTAPI 147 NtAdjustGroupsToken( 148 _In_ HANDLE TokenHandle, 149 _In_ BOOLEAN ResetToDefault, 150 _In_opt_ PTOKEN_GROUPS NewState, 151 _In_opt_ ULONG BufferLength, 152 _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, 153 _When_(PreviousState != NULL, _Out_) PULONG ReturnLength); 154 155 _Must_inspect_result_ 156 __kernel_entry 157 NTSYSCALLAPI 158 NTSTATUS 159 NTAPI 160 NtAdjustPrivilegesToken( 161 _In_ HANDLE TokenHandle, 162 _In_ BOOLEAN DisableAllPrivileges, 163 _In_opt_ PTOKEN_PRIVILEGES NewState, 164 _In_ ULONG BufferLength, 165 _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, 166 _When_(PreviousState != NULL, _Out_) PULONG ReturnLength); 167 168 NTSYSCALLAPI 169 NTSTATUS 170 NTAPI 171 NtAllocateLocallyUniqueId( 172 _Out_ LUID *LocallyUniqueId); 173 174 NTSYSCALLAPI 175 NTSTATUS 176 NTAPI 177 NtAllocateUuids( 178 _Out_ PULARGE_INTEGER Time, 179 _Out_ PULONG Range, 180 _Out_ PULONG Sequence, 181 _Out_ PUCHAR Seed); 182 183 NTSYSCALLAPI 184 NTSTATUS 185 NTAPI 186 NtCompareTokens( 187 _In_ HANDLE FirstTokenHandle, 188 _In_ HANDLE SecondTokenHandle, 189 _Out_ PBOOLEAN Equal); 190 191 __kernel_entry 192 NTSYSCALLAPI 193 NTSTATUS 194 NTAPI 195 NtCreateToken( 196 _Out_ PHANDLE TokenHandle, 197 _In_ ACCESS_MASK DesiredAccess, 198 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 199 _In_ TOKEN_TYPE TokenType, 200 _In_ PLUID AuthenticationId, 201 _In_ PLARGE_INTEGER ExpirationTime, 202 _In_ PTOKEN_USER TokenUser, 203 _In_ PTOKEN_GROUPS TokenGroups, 204 _In_ PTOKEN_PRIVILEGES TokenPrivileges, 205 _In_opt_ PTOKEN_OWNER TokenOwner, 206 _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, 207 _In_opt_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, 208 _In_ PTOKEN_SOURCE TokenSource); 209 210 _Must_inspect_result_ 211 __kernel_entry 212 NTSYSCALLAPI 213 NTSTATUS 214 NTAPI 215 NtDuplicateToken( 216 _In_ HANDLE ExistingTokenHandle, 217 _In_ ACCESS_MASK DesiredAccess, 218 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 219 _In_ BOOLEAN EffectiveOnly, 220 _In_ TOKEN_TYPE TokenType, 221 _Out_ PHANDLE NewTokenHandle); 222 223 _Must_inspect_result_ 224 __kernel_entry 225 NTSYSCALLAPI 226 NTSTATUS 227 NTAPI 228 NtFilterToken( 229 _In_ HANDLE ExistingTokenHandle, 230 _In_ ULONG Flags, 231 _In_opt_ PTOKEN_GROUPS SidsToDisable, 232 _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, 233 _In_opt_ PTOKEN_GROUPS RestrictedSids, 234 _Out_ PHANDLE NewTokenHandle); 235 236 NTSYSCALLAPI 237 NTSTATUS 238 NTAPI 239 NtImpersonateAnonymousToken( 240 _In_ HANDLE ThreadHandle); 241 242 __kernel_entry 243 NTSYSCALLAPI 244 NTSTATUS 245 NTAPI 246 NtOpenObjectAuditAlarm( 247 _In_ PUNICODE_STRING SubsystemName, 248 _In_opt_ PVOID HandleId, 249 _In_ PUNICODE_STRING ObjectTypeName, 250 _In_ PUNICODE_STRING ObjectName, 251 _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, 252 _In_ HANDLE ClientToken, 253 _In_ ACCESS_MASK DesiredAccess, 254 _In_ ACCESS_MASK GrantedAccess, 255 _In_opt_ PPRIVILEGE_SET Privileges, 256 _In_ BOOLEAN ObjectCreation, 257 _In_ BOOLEAN AccessGranted, 258 _Out_ PBOOLEAN GenerateOnClose); 259 260 NTSYSCALLAPI 261 NTSTATUS 262 NTAPI 263 NtOpenProcessTokenEx( 264 _In_ HANDLE ProcessHandle, 265 _In_ ACCESS_MASK DesiredAccess, 266 _In_ ULONG HandleAttributes, 267 _Out_ PHANDLE TokenHandle); 268 269 _Must_inspect_result_ 270 __kernel_entry 271 NTSYSCALLAPI 272 NTSTATUS 273 NTAPI 274 NtPrivilegeCheck( 275 _In_ HANDLE ClientToken, 276 _Inout_ PPRIVILEGE_SET RequiredPrivileges, 277 _Out_ PBOOLEAN Result); 278 279 NTSYSCALLAPI 280 NTSTATUS 281 NTAPI 282 NtPrivilegedServiceAuditAlarm( 283 _In_ PUNICODE_STRING SubsystemName, 284 _In_ PUNICODE_STRING ServiceName, 285 _In_ HANDLE ClientToken, 286 _In_ PPRIVILEGE_SET Privileges, 287 _In_ BOOLEAN AccessGranted); 288 289 __kernel_entry 290 NTSYSCALLAPI 291 NTSTATUS 292 NTAPI 293 NtPrivilegeObjectAuditAlarm( 294 _In_ PUNICODE_STRING SubsystemName, 295 _In_opt_ PVOID HandleId, 296 _In_ HANDLE ClientToken, 297 _In_ ACCESS_MASK DesiredAccess, 298 _In_ PPRIVILEGE_SET Privileges, 299 _In_ BOOLEAN AccessGranted); 300 301 _When_(TokenInformationClass == TokenAccessInformation, 302 _At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))) 303 _Must_inspect_result_ 304 __kernel_entry 305 NTSYSCALLAPI 306 NTSTATUS 307 NTAPI 308 NtQueryInformationToken( 309 _In_ HANDLE TokenHandle, 310 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, 311 _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, 312 _In_ ULONG TokenInformationLength, 313 _Out_ PULONG ReturnLength); 314 315 _Must_inspect_result_ 316 __kernel_entry 317 NTSYSCALLAPI 318 NTSTATUS 319 NTAPI 320 NtSetInformationToken( 321 _In_ HANDLE TokenHandle, 322 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, 323 _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, 324 _In_ ULONG TokenInformationLength); 325 326 NTSYSAPI 327 NTSTATUS 328 NTAPI 329 ZwAccessCheck( 330 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 331 _In_ HANDLE ClientToken, 332 _In_ ACCESS_MASK DesiredAccess, 333 _In_ PGENERIC_MAPPING GenericMapping, 334 _Out_ PPRIVILEGE_SET PrivilegeSet, 335 _Out_ PULONG ReturnLength, 336 _Out_ PACCESS_MASK GrantedAccess, 337 _Out_ PNTSTATUS AccessStatus); 338 339 NTSYSAPI 340 NTSTATUS 341 NTAPI 342 ZwAdjustGroupsToken( 343 _In_ HANDLE TokenHandle, 344 _In_ BOOLEAN ResetToDefault, 345 _In_ PTOKEN_GROUPS NewState, 346 _In_ ULONG BufferLength, 347 _Out_opt_ PTOKEN_GROUPS PreviousState, 348 _Out_ PULONG ReturnLength); 349 350 _Must_inspect_result_ 351 NTSYSAPI 352 NTSTATUS 353 NTAPI 354 ZwAdjustPrivilegesToken( 355 _In_ HANDLE TokenHandle, 356 _In_ BOOLEAN DisableAllPrivileges, 357 _In_opt_ PTOKEN_PRIVILEGES NewState, 358 _In_ ULONG BufferLength, 359 _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, 360 _When_(PreviousState != NULL, _Out_) PULONG ReturnLength); 361 362 NTSYSAPI 363 NTSTATUS 364 NTAPI 365 ZwAllocateLocallyUniqueId( 366 _Out_ LUID *LocallyUniqueId); 367 368 NTSYSAPI 369 NTSTATUS 370 NTAPI 371 ZwAllocateUuids( 372 _Out_ PULARGE_INTEGER Time, 373 _Out_ PULONG Range, 374 _Out_ PULONG Sequence, 375 _Out_ PUCHAR Seed); 376 377 NTSYSAPI 378 NTSTATUS 379 NTAPI 380 ZwCreateToken( 381 _Out_ PHANDLE TokenHandle, 382 _In_ ACCESS_MASK DesiredAccess, 383 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 384 _In_ TOKEN_TYPE TokenType, 385 _In_ PLUID AuthenticationId, 386 _In_ PLARGE_INTEGER ExpirationTime, 387 _In_ PTOKEN_USER TokenUser, 388 _In_ PTOKEN_GROUPS TokenGroups, 389 _In_ PTOKEN_PRIVILEGES TokenPrivileges, 390 _In_ PTOKEN_OWNER TokenOwner, 391 _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, 392 _In_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, 393 _In_ PTOKEN_SOURCE TokenSource); 394 395 _IRQL_requires_max_(PASSIVE_LEVEL) 396 NTSYSAPI 397 NTSTATUS 398 NTAPI 399 ZwDuplicateToken( 400 _In_ HANDLE ExistingTokenHandle, 401 _In_ ACCESS_MASK DesiredAccess, 402 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 403 _In_ BOOLEAN EffectiveOnly, 404 _In_ TOKEN_TYPE TokenType, 405 _Out_ PHANDLE NewTokenHandle); 406 407 NTSYSAPI 408 NTSTATUS 409 NTAPI 410 ZwImpersonateAnonymousToken( 411 _In_ HANDLE Thread); 412 413 NTSYSAPI 414 NTSTATUS 415 NTAPI 416 ZwOpenObjectAuditAlarm( 417 _In_ PUNICODE_STRING SubsystemName, 418 _In_ PVOID HandleId, 419 _In_ PUNICODE_STRING ObjectTypeName, 420 _In_ PUNICODE_STRING ObjectName, 421 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 422 _In_ HANDLE ClientToken, 423 _In_ ULONG DesiredAccess, 424 _In_ ULONG GrantedAccess, 425 _In_ PPRIVILEGE_SET Privileges, 426 _In_ BOOLEAN ObjectCreation, 427 _In_ BOOLEAN AccessGranted, 428 _Out_ PBOOLEAN GenerateOnClose); 429 430 _IRQL_requires_max_(PASSIVE_LEVEL) 431 NTSYSAPI 432 NTSTATUS 433 NTAPI 434 ZwOpenProcessToken( 435 _In_ HANDLE ProcessHandle, 436 _In_ ACCESS_MASK DesiredAccess, 437 _Out_ PHANDLE TokenHandle); 438 439 NTSYSAPI 440 NTSTATUS 441 NTAPI 442 ZwOpenProcessTokenEx( 443 _In_ HANDLE ProcessHandle, 444 _In_ ACCESS_MASK DesiredAccess, 445 _In_ ULONG HandleAttributes, 446 _Out_ PHANDLE TokenHandle); 447 448 NTSYSAPI 449 NTSTATUS 450 NTAPI 451 ZwPrivilegeCheck( 452 _In_ HANDLE ClientToken, 453 _In_ PPRIVILEGE_SET RequiredPrivileges, 454 _In_ PBOOLEAN Result); 455 456 NTSYSAPI 457 NTSTATUS 458 NTAPI 459 ZwPrivilegedServiceAuditAlarm( 460 _In_ PUNICODE_STRING SubsystemName, 461 _In_ PUNICODE_STRING ServiceName, 462 _In_ HANDLE ClientToken, 463 _In_ PPRIVILEGE_SET Privileges, 464 _In_ BOOLEAN AccessGranted); 465 466 NTSYSAPI 467 NTSTATUS 468 NTAPI 469 ZwPrivilegeObjectAuditAlarm( 470 _In_ PUNICODE_STRING SubsystemName, 471 _In_ PVOID HandleId, 472 _In_ HANDLE ClientToken, 473 _In_ ULONG DesiredAccess, 474 _In_ PPRIVILEGE_SET Privileges, 475 _In_ BOOLEAN AccessGranted); 476 477 _IRQL_requires_max_(PASSIVE_LEVEL) 478 NTSYSAPI 479 NTSTATUS 480 NTAPI 481 ZwQueryInformationToken( 482 _In_ HANDLE TokenHandle, 483 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, 484 _Out_writes_bytes_to_opt_(Length,*ResultLength) PVOID TokenInformation, 485 _In_ ULONG Length, 486 _Out_ PULONG ResultLength); 487 488 NTSYSAPI 489 NTSTATUS 490 NTAPI 491 ZwSetInformationToken( 492 _In_ HANDLE TokenHandle, 493 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, 494 _Out_ PVOID TokenInformation, 495 _In_ ULONG TokenInformationLength); 496 497 #endif 498