1 /*++ NDK Version: 0098 2 3 Copyright (c) Alex Ionescu. All rights reserved. 4 5 Header Name: 6 7 sefuncs.h 8 9 Abstract: 10 11 Function definitions for the security manager. 12 13 Author: 14 15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 16 17 --*/ 18 19 #ifndef _SEFUNCS_H 20 #define _SEFUNCS_H 21 22 // 23 // Dependencies 24 // 25 #include <umtypes.h> 26 27 #ifndef NTOS_MODE_USER 28 29 // 30 // Security Descriptors 31 // 32 NTKERNELAPI 33 NTSTATUS 34 NTAPI 35 SeCaptureSecurityDescriptor( 36 _In_ PSECURITY_DESCRIPTOR OriginalSecurityDescriptor, 37 _In_ KPROCESSOR_MODE CurrentMode, 38 _In_ POOL_TYPE PoolType, 39 _In_ BOOLEAN CaptureIfKernel, 40 _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor); 41 42 NTKERNELAPI 43 NTSTATUS 44 NTAPI 45 SeReleaseSecurityDescriptor( 46 _In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, 47 _In_ KPROCESSOR_MODE CurrentMode, 48 _In_ BOOLEAN CaptureIfKernelMode); 49 50 // 51 // Access States 52 // 53 NTKERNELAPI 54 NTSTATUS 55 NTAPI 56 SeCreateAccessState( 57 _In_ PACCESS_STATE AccessState, 58 _In_ PAUX_ACCESS_DATA AuxData, 59 _In_ ACCESS_MASK Access, 60 _In_ PGENERIC_MAPPING GenericMapping); 61 62 NTKERNELAPI 63 VOID 64 NTAPI 65 SeDeleteAccessState( 66 _In_ PACCESS_STATE AccessState); 67 68 // 69 // Impersonation 70 // 71 NTKERNELAPI 72 SECURITY_IMPERSONATION_LEVEL 73 NTAPI 74 SeTokenImpersonationLevel( 75 _In_ PACCESS_TOKEN Token); 76 77 #endif 78 79 // 80 // Native Calls 81 // 82 NTSYSCALLAPI 83 NTSTATUS 84 NTAPI 85 NtAccessCheck( 86 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 87 _In_ HANDLE ClientToken, 88 _In_ ACCESS_MASK DesiredAccess, 89 _In_ PGENERIC_MAPPING GenericMapping, 90 _Out_ PPRIVILEGE_SET PrivilegeSet, 91 _Out_ PULONG ReturnLength, 92 _Out_ PACCESS_MASK GrantedAccess, 93 _Out_ PNTSTATUS AccessStatus); 94 95 NTSTATUS 96 NTAPI 97 NtAccessCheckByType( 98 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 99 _In_ PSID PrincipalSelfSid, 100 _In_ HANDLE ClientToken, 101 _In_ ACCESS_MASK DesiredAccess, 102 _In_ POBJECT_TYPE_LIST ObjectTypeList, 103 _In_ ULONG ObjectTypeLength, 104 _In_ PGENERIC_MAPPING GenericMapping, 105 _In_ PPRIVILEGE_SET PrivilegeSet, 106 _Inout_ PULONG PrivilegeSetLength, 107 _Out_ PACCESS_MASK GrantedAccess, 108 _Out_ PNTSTATUS AccessStatus); 109 110 NTSTATUS 111 NTAPI 112 NtAccessCheckByTypeResultList( 113 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 114 _In_ PSID PrincipalSelfSid, 115 _In_ HANDLE ClientToken, 116 _In_ ACCESS_MASK DesiredAccess, 117 _In_ POBJECT_TYPE_LIST ObjectTypeList, 118 _In_ ULONG ObjectTypeLength, 119 _In_ PGENERIC_MAPPING GenericMapping, 120 _In_ PPRIVILEGE_SET PrivilegeSet, 121 _Inout_ PULONG PrivilegeSetLength, 122 _Out_ PACCESS_MASK GrantedAccess, 123 _Out_ PNTSTATUS AccessStatus); 124 125 _Must_inspect_result_ 126 __kernel_entry NTSYSCALLAPI 127 NTSTATUS 128 NTAPI 129 NtAccessCheckAndAuditAlarm( 130 _In_ PUNICODE_STRING SubsystemName, 131 _In_opt_ PVOID HandleId, 132 _In_ PUNICODE_STRING ObjectTypeName, 133 _In_ PUNICODE_STRING ObjectName, 134 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 135 _In_ ACCESS_MASK DesiredAccess, 136 _In_ PGENERIC_MAPPING GenericMapping, 137 _In_ BOOLEAN ObjectCreation, 138 _Out_ PACCESS_MASK GrantedAccess, 139 _Out_ PNTSTATUS AccessStatus, 140 _Out_ PBOOLEAN GenerateOnClose); 141 142 _Must_inspect_result_ 143 __kernel_entry 144 NTSYSCALLAPI 145 NTSTATUS 146 NTAPI 147 NtAdjustGroupsToken( 148 _In_ HANDLE TokenHandle, 149 _In_ BOOLEAN ResetToDefault, 150 _In_opt_ PTOKEN_GROUPS NewState, 151 _In_opt_ ULONG BufferLength, 152 _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, 153 _Out_ PULONG ReturnLength); 154 155 _Must_inspect_result_ 156 __kernel_entry 157 NTSYSCALLAPI 158 NTSTATUS 159 NTAPI 160 NtAdjustPrivilegesToken( 161 _In_ HANDLE TokenHandle, 162 _In_ BOOLEAN DisableAllPrivileges, 163 _In_opt_ PTOKEN_PRIVILEGES NewState, 164 _In_ ULONG BufferLength, 165 _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, 166 _When_(PreviousState != NULL, _Out_) PULONG ReturnLength); 167 168 NTSYSCALLAPI 169 NTSTATUS 170 NTAPI 171 NtAllocateLocallyUniqueId( 172 _Out_ LUID *LocallyUniqueId); 173 174 NTSYSCALLAPI 175 NTSTATUS 176 NTAPI 177 NtAllocateUuids( 178 _Out_ PULARGE_INTEGER Time, 179 _Out_ PULONG Range, 180 _Out_ PULONG Sequence, 181 _Out_ PUCHAR Seed); 182 183 NTSYSCALLAPI 184 NTSTATUS 185 NTAPI 186 NtCompareTokens( 187 _In_ HANDLE FirstTokenHandle, 188 _In_ HANDLE SecondTokenHandle, 189 _Out_ PBOOLEAN Equal); 190 191 __kernel_entry 192 NTSYSCALLAPI 193 NTSTATUS 194 NTAPI 195 NtCreateToken( 196 _Out_ PHANDLE TokenHandle, 197 _In_ ACCESS_MASK DesiredAccess, 198 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 199 _In_ TOKEN_TYPE TokenType, 200 _In_ PLUID AuthenticationId, 201 _In_ PLARGE_INTEGER ExpirationTime, 202 _In_ PTOKEN_USER TokenUser, 203 _In_ PTOKEN_GROUPS TokenGroups, 204 _In_ PTOKEN_PRIVILEGES TokenPrivileges, 205 _In_opt_ PTOKEN_OWNER TokenOwner, 206 _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, 207 _In_opt_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, 208 _In_ PTOKEN_SOURCE TokenSource); 209 210 _Must_inspect_result_ 211 __kernel_entry 212 NTSYSCALLAPI 213 NTSTATUS 214 NTAPI 215 NtDuplicateToken( 216 _In_ HANDLE ExistingTokenHandle, 217 _In_ ACCESS_MASK DesiredAccess, 218 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 219 _In_ BOOLEAN EffectiveOnly, 220 _In_ TOKEN_TYPE TokenType, 221 _Out_ PHANDLE NewTokenHandle); 222 223 NTSYSCALLAPI 224 NTSTATUS 225 NTAPI 226 NtImpersonateAnonymousToken( 227 _In_ HANDLE ThreadHandle); 228 229 __kernel_entry 230 NTSYSCALLAPI 231 NTSTATUS 232 NTAPI 233 NtOpenObjectAuditAlarm( 234 _In_ PUNICODE_STRING SubsystemName, 235 _In_opt_ PVOID HandleId, 236 _In_ PUNICODE_STRING ObjectTypeName, 237 _In_ PUNICODE_STRING ObjectName, 238 _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, 239 _In_ HANDLE ClientToken, 240 _In_ ACCESS_MASK DesiredAccess, 241 _In_ ACCESS_MASK GrantedAccess, 242 _In_opt_ PPRIVILEGE_SET Privileges, 243 _In_ BOOLEAN ObjectCreation, 244 _In_ BOOLEAN AccessGranted, 245 _Out_ PBOOLEAN GenerateOnClose); 246 247 NTSYSCALLAPI 248 NTSTATUS 249 NTAPI 250 NtOpenProcessTokenEx( 251 _In_ HANDLE ProcessHandle, 252 _In_ ACCESS_MASK DesiredAccess, 253 _In_ ULONG HandleAttributes, 254 _Out_ PHANDLE TokenHandle); 255 256 _Must_inspect_result_ 257 __kernel_entry 258 NTSYSCALLAPI 259 NTSTATUS 260 NTAPI 261 NtPrivilegeCheck( 262 _In_ HANDLE ClientToken, 263 _Inout_ PPRIVILEGE_SET RequiredPrivileges, 264 _Out_ PBOOLEAN Result); 265 266 NTSYSCALLAPI 267 NTSTATUS 268 NTAPI 269 NtPrivilegedServiceAuditAlarm( 270 _In_ PUNICODE_STRING SubsystemName, 271 _In_ PUNICODE_STRING ServiceName, 272 _In_ HANDLE ClientToken, 273 _In_ PPRIVILEGE_SET Privileges, 274 _In_ BOOLEAN AccessGranted); 275 276 __kernel_entry 277 NTSYSCALLAPI 278 NTSTATUS 279 NTAPI 280 NtPrivilegeObjectAuditAlarm( 281 _In_ PUNICODE_STRING SubsystemName, 282 _In_opt_ PVOID HandleId, 283 _In_ HANDLE ClientToken, 284 _In_ ACCESS_MASK DesiredAccess, 285 _In_ PPRIVILEGE_SET Privileges, 286 _In_ BOOLEAN AccessGranted); 287 288 _When_(TokenInformationClass == TokenAccessInformation, 289 _At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))) 290 _Must_inspect_result_ 291 __kernel_entry 292 NTSYSCALLAPI 293 NTSTATUS 294 NTAPI 295 NtQueryInformationToken( 296 _In_ HANDLE TokenHandle, 297 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, 298 _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, 299 _In_ ULONG TokenInformationLength, 300 _Out_ PULONG ReturnLength); 301 302 _Must_inspect_result_ 303 __kernel_entry 304 NTSYSCALLAPI 305 NTSTATUS 306 NTAPI 307 NtSetInformationToken( 308 _In_ HANDLE TokenHandle, 309 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, 310 _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, 311 _In_ ULONG TokenInformationLength); 312 313 NTSYSAPI 314 NTSTATUS 315 NTAPI 316 ZwAccessCheck( 317 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 318 _In_ HANDLE ClientToken, 319 _In_ ACCESS_MASK DesiredAccess, 320 _In_ PGENERIC_MAPPING GenericMapping, 321 _Out_ PPRIVILEGE_SET PrivilegeSet, 322 _Out_ PULONG ReturnLength, 323 _Out_ PACCESS_MASK GrantedAccess, 324 _Out_ PNTSTATUS AccessStatus); 325 326 NTSYSAPI 327 NTSTATUS 328 NTAPI 329 ZwAdjustGroupsToken( 330 _In_ HANDLE TokenHandle, 331 _In_ BOOLEAN ResetToDefault, 332 _In_ PTOKEN_GROUPS NewState, 333 _In_ ULONG BufferLength, 334 _Out_opt_ PTOKEN_GROUPS PreviousState, 335 _Out_ PULONG ReturnLength); 336 337 _Must_inspect_result_ 338 NTSYSAPI 339 NTSTATUS 340 NTAPI 341 ZwAdjustPrivilegesToken( 342 _In_ HANDLE TokenHandle, 343 _In_ BOOLEAN DisableAllPrivileges, 344 _In_opt_ PTOKEN_PRIVILEGES NewState, 345 _In_ ULONG BufferLength, 346 _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, 347 _When_(PreviousState != NULL, _Out_) PULONG ReturnLength); 348 349 NTSYSAPI 350 NTSTATUS 351 NTAPI 352 ZwAllocateLocallyUniqueId( 353 _Out_ LUID *LocallyUniqueId); 354 355 NTSYSAPI 356 NTSTATUS 357 NTAPI 358 ZwAllocateUuids( 359 _Out_ PULARGE_INTEGER Time, 360 _Out_ PULONG Range, 361 _Out_ PULONG Sequence, 362 _Out_ PUCHAR Seed); 363 364 NTSYSAPI 365 NTSTATUS 366 NTAPI 367 ZwCreateToken( 368 _Out_ PHANDLE TokenHandle, 369 _In_ ACCESS_MASK DesiredAccess, 370 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 371 _In_ TOKEN_TYPE TokenType, 372 _In_ PLUID AuthenticationId, 373 _In_ PLARGE_INTEGER ExpirationTime, 374 _In_ PTOKEN_USER TokenUser, 375 _In_ PTOKEN_GROUPS TokenGroups, 376 _In_ PTOKEN_PRIVILEGES TokenPrivileges, 377 _In_ PTOKEN_OWNER TokenOwner, 378 _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, 379 _In_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, 380 _In_ PTOKEN_SOURCE TokenSource); 381 382 _IRQL_requires_max_(PASSIVE_LEVEL) 383 NTSYSAPI 384 NTSTATUS 385 NTAPI 386 ZwDuplicateToken( 387 _In_ HANDLE ExistingTokenHandle, 388 _In_ ACCESS_MASK DesiredAccess, 389 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 390 _In_ BOOLEAN EffectiveOnly, 391 _In_ TOKEN_TYPE TokenType, 392 _Out_ PHANDLE NewTokenHandle); 393 394 NTSYSAPI 395 NTSTATUS 396 NTAPI 397 ZwImpersonateAnonymousToken( 398 _In_ HANDLE Thread); 399 400 NTSYSAPI 401 NTSTATUS 402 NTAPI 403 ZwOpenObjectAuditAlarm( 404 _In_ PUNICODE_STRING SubsystemName, 405 _In_ PVOID HandleId, 406 _In_ PUNICODE_STRING ObjectTypeName, 407 _In_ PUNICODE_STRING ObjectName, 408 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 409 _In_ HANDLE ClientToken, 410 _In_ ULONG DesiredAccess, 411 _In_ ULONG GrantedAccess, 412 _In_ PPRIVILEGE_SET Privileges, 413 _In_ BOOLEAN ObjectCreation, 414 _In_ BOOLEAN AccessGranted, 415 _Out_ PBOOLEAN GenerateOnClose); 416 417 _IRQL_requires_max_(PASSIVE_LEVEL) 418 NTSYSAPI 419 NTSTATUS 420 NTAPI 421 ZwOpenProcessToken( 422 _In_ HANDLE ProcessHandle, 423 _In_ ACCESS_MASK DesiredAccess, 424 _Out_ PHANDLE TokenHandle); 425 426 NTSYSAPI 427 NTSTATUS 428 NTAPI 429 ZwOpenProcessTokenEx( 430 _In_ HANDLE ProcessHandle, 431 _In_ ACCESS_MASK DesiredAccess, 432 _In_ ULONG HandleAttributes, 433 _Out_ PHANDLE TokenHandle); 434 435 NTSYSAPI 436 NTSTATUS 437 NTAPI 438 ZwPrivilegeCheck( 439 _In_ HANDLE ClientToken, 440 _In_ PPRIVILEGE_SET RequiredPrivileges, 441 _In_ PBOOLEAN Result); 442 443 NTSYSAPI 444 NTSTATUS 445 NTAPI 446 ZwPrivilegedServiceAuditAlarm( 447 _In_ PUNICODE_STRING SubsystemName, 448 _In_ PUNICODE_STRING ServiceName, 449 _In_ HANDLE ClientToken, 450 _In_ PPRIVILEGE_SET Privileges, 451 _In_ BOOLEAN AccessGranted); 452 453 NTSYSAPI 454 NTSTATUS 455 NTAPI 456 ZwPrivilegeObjectAuditAlarm( 457 _In_ PUNICODE_STRING SubsystemName, 458 _In_ PVOID HandleId, 459 _In_ HANDLE ClientToken, 460 _In_ ULONG DesiredAccess, 461 _In_ PPRIVILEGE_SET Privileges, 462 _In_ BOOLEAN AccessGranted); 463 464 _IRQL_requires_max_(PASSIVE_LEVEL) 465 NTSYSAPI 466 NTSTATUS 467 NTAPI 468 ZwQueryInformationToken( 469 _In_ HANDLE TokenHandle, 470 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, 471 _Out_writes_bytes_to_opt_(Length,*ResultLength) PVOID TokenInformation, 472 _In_ ULONG Length, 473 _Out_ PULONG ResultLength); 474 475 NTSYSAPI 476 NTSTATUS 477 NTAPI 478 ZwSetInformationToken( 479 _In_ HANDLE TokenHandle, 480 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, 481 _Out_ PVOID TokenInformation, 482 _In_ ULONG TokenInformationLength); 483 484 #endif 485