1 /****************************************************************************** 2 * Security Manager Functions * 3 ******************************************************************************/ 4 5 #if (NTDDI_VERSION >= NTDDI_WIN2K) 6 $if (_WDMDDK_) 7 _IRQL_requires_max_(PASSIVE_LEVEL) 8 NTKERNELAPI 9 BOOLEAN 10 NTAPI 11 SeAccessCheck( 12 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 13 _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, 14 _In_ BOOLEAN SubjectContextLocked, 15 _In_ ACCESS_MASK DesiredAccess, 16 _In_ ACCESS_MASK PreviouslyGrantedAccess, 17 _Outptr_opt_ PPRIVILEGE_SET *Privileges, 18 _In_ PGENERIC_MAPPING GenericMapping, 19 _In_ KPROCESSOR_MODE AccessMode, 20 _Out_ PACCESS_MASK GrantedAccess, 21 _Out_ PNTSTATUS AccessStatus); 22 23 _IRQL_requires_max_(PASSIVE_LEVEL) 24 NTKERNELAPI 25 NTSTATUS 26 NTAPI 27 SeAssignSecurity( 28 _In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor, 29 _In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor, 30 _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, 31 _In_ BOOLEAN IsDirectoryObject, 32 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, 33 _In_ PGENERIC_MAPPING GenericMapping, 34 _In_ POOL_TYPE PoolType); 35 36 NTKERNELAPI 37 NTSTATUS 38 NTAPI 39 SeAssignSecurityEx( 40 _In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor, 41 _In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor, 42 _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, 43 _In_opt_ GUID *ObjectType, 44 _In_ BOOLEAN IsDirectoryObject, 45 _In_ ULONG AutoInheritFlags, 46 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, 47 _In_ PGENERIC_MAPPING GenericMapping, 48 _In_ POOL_TYPE PoolType); 49 50 _IRQL_requires_max_(PASSIVE_LEVEL) 51 NTKERNELAPI 52 NTSTATUS 53 NTAPI 54 SeDeassignSecurity( 55 _Inout_ PSECURITY_DESCRIPTOR *SecurityDescriptor); 56 57 _IRQL_requires_max_(PASSIVE_LEVEL) 58 NTKERNELAPI 59 BOOLEAN 60 NTAPI 61 SeValidSecurityDescriptor( 62 _In_ ULONG Length, 63 _In_reads_bytes_(Length) PSECURITY_DESCRIPTOR SecurityDescriptor); 64 65 NTKERNELAPI 66 ULONG 67 NTAPI 68 SeObjectCreateSaclAccessBits( 69 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor); 70 71 NTKERNELAPI 72 VOID 73 NTAPI 74 SeReleaseSubjectContext( 75 _Inout_ PSECURITY_SUBJECT_CONTEXT SubjectContext); 76 77 NTKERNELAPI 78 VOID 79 NTAPI 80 SeUnlockSubjectContext( 81 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext); 82 83 NTKERNELAPI 84 VOID 85 NTAPI 86 SeCaptureSubjectContext( 87 _Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext); 88 89 NTKERNELAPI 90 VOID 91 NTAPI 92 SeLockSubjectContext( 93 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext); 94 $endif (_WDMDDK_) 95 96 $if (_NTDDK_) 97 _IRQL_requires_max_(PASSIVE_LEVEL) 98 NTKERNELAPI 99 BOOLEAN 100 NTAPI 101 SeSinglePrivilegeCheck( 102 _In_ LUID PrivilegeValue, 103 _In_ KPROCESSOR_MODE PreviousMode); 104 $endif (_NTDDK_) 105 $if (_NTIFS_) 106 107 NTKERNELAPI 108 VOID 109 NTAPI 110 SeReleaseSubjectContext( 111 _Inout_ PSECURITY_SUBJECT_CONTEXT SubjectContext); 112 113 NTKERNELAPI 114 BOOLEAN 115 NTAPI 116 SePrivilegeCheck( 117 _Inout_ PPRIVILEGE_SET RequiredPrivileges, 118 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, 119 _In_ KPROCESSOR_MODE AccessMode); 120 121 NTKERNELAPI 122 VOID 123 NTAPI 124 SeOpenObjectAuditAlarm( 125 _In_ PUNICODE_STRING ObjectTypeName, 126 _In_opt_ PVOID Object, 127 _In_opt_ PUNICODE_STRING AbsoluteObjectName, 128 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 129 _In_ PACCESS_STATE AccessState, 130 _In_ BOOLEAN ObjectCreated, 131 _In_ BOOLEAN AccessGranted, 132 _In_ KPROCESSOR_MODE AccessMode, 133 _Out_ PBOOLEAN GenerateOnClose); 134 135 NTKERNELAPI 136 VOID 137 NTAPI 138 SeOpenObjectForDeleteAuditAlarm( 139 _In_ PUNICODE_STRING ObjectTypeName, 140 _In_opt_ PVOID Object, 141 _In_opt_ PUNICODE_STRING AbsoluteObjectName, 142 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 143 _In_ PACCESS_STATE AccessState, 144 _In_ BOOLEAN ObjectCreated, 145 _In_ BOOLEAN AccessGranted, 146 _In_ KPROCESSOR_MODE AccessMode, 147 _Out_ PBOOLEAN GenerateOnClose); 148 149 NTKERNELAPI 150 VOID 151 NTAPI 152 SeDeleteObjectAuditAlarm( 153 _In_ PVOID Object, 154 _In_ HANDLE Handle); 155 156 NTKERNELAPI 157 TOKEN_TYPE 158 NTAPI 159 SeTokenType( 160 _In_ PACCESS_TOKEN Token); 161 162 NTKERNELAPI 163 BOOLEAN 164 NTAPI 165 SeTokenIsAdmin( 166 _In_ PACCESS_TOKEN Token); 167 168 NTKERNELAPI 169 BOOLEAN 170 NTAPI 171 SeTokenIsRestricted( 172 _In_ PACCESS_TOKEN Token); 173 174 NTKERNELAPI 175 NTSTATUS 176 NTAPI 177 SeQueryAuthenticationIdToken( 178 _In_ PACCESS_TOKEN Token, 179 _Out_ PLUID AuthenticationId); 180 181 NTKERNELAPI 182 NTSTATUS 183 NTAPI 184 SeQuerySessionIdToken( 185 _In_ PACCESS_TOKEN Token, 186 _Out_ PULONG SessionId); 187 188 NTKERNELAPI 189 NTSTATUS 190 NTAPI 191 SeCreateClientSecurity( 192 _In_ PETHREAD ClientThread, 193 _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, 194 _In_ BOOLEAN RemoteSession, 195 _Out_ PSECURITY_CLIENT_CONTEXT ClientContext); 196 197 NTKERNELAPI 198 VOID 199 NTAPI 200 SeImpersonateClient( 201 _In_ PSECURITY_CLIENT_CONTEXT ClientContext, 202 _In_opt_ PETHREAD ServerThread); 203 204 NTKERNELAPI 205 NTSTATUS 206 NTAPI 207 SeImpersonateClientEx( 208 _In_ PSECURITY_CLIENT_CONTEXT ClientContext, 209 _In_opt_ PETHREAD ServerThread); 210 211 NTKERNELAPI 212 NTSTATUS 213 NTAPI 214 SeCreateClientSecurityFromSubjectContext( 215 _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, 216 _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, 217 _In_ BOOLEAN ServerIsRemote, 218 _Out_ PSECURITY_CLIENT_CONTEXT ClientContext); 219 220 NTKERNELAPI 221 NTSTATUS 222 NTAPI 223 SeQuerySecurityDescriptorInfo( 224 _In_ PSECURITY_INFORMATION SecurityInformation, 225 _Out_writes_bytes_(*Length) PSECURITY_DESCRIPTOR SecurityDescriptor, 226 _Inout_ PULONG Length, 227 _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor); 228 229 NTKERNELAPI 230 NTSTATUS 231 NTAPI 232 SeSetSecurityDescriptorInfo( 233 _In_opt_ PVOID Object, 234 _In_ PSECURITY_INFORMATION SecurityInformation, 235 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 236 _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, 237 _In_ POOL_TYPE PoolType, 238 _In_ PGENERIC_MAPPING GenericMapping); 239 240 NTKERNELAPI 241 NTSTATUS 242 NTAPI 243 SeSetSecurityDescriptorInfoEx( 244 _In_opt_ PVOID Object, 245 _In_ PSECURITY_INFORMATION SecurityInformation, 246 _In_ PSECURITY_DESCRIPTOR ModificationDescriptor, 247 _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, 248 _In_ ULONG AutoInheritFlags, 249 _In_ POOL_TYPE PoolType, 250 _In_ PGENERIC_MAPPING GenericMapping); 251 252 NTKERNELAPI 253 NTSTATUS 254 NTAPI 255 SeAppendPrivileges( 256 _Inout_ PACCESS_STATE AccessState, 257 _In_ PPRIVILEGE_SET Privileges); 258 259 NTKERNELAPI 260 BOOLEAN 261 NTAPI 262 SeAuditingFileEvents( 263 _In_ BOOLEAN AccessGranted, 264 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor); 265 266 NTKERNELAPI 267 BOOLEAN 268 NTAPI 269 SeAuditingFileOrGlobalEvents( 270 _In_ BOOLEAN AccessGranted, 271 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 272 _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext); 273 274 VOID 275 NTAPI 276 SeSetAccessStateGenericMapping( 277 _Inout_ PACCESS_STATE AccessState, 278 _In_ PGENERIC_MAPPING GenericMapping); 279 280 NTKERNELAPI 281 NTSTATUS 282 NTAPI 283 SeRegisterLogonSessionTerminatedRoutine( 284 _In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine); 285 286 NTKERNELAPI 287 NTSTATUS 288 NTAPI 289 SeUnregisterLogonSessionTerminatedRoutine( 290 _In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine); 291 292 NTKERNELAPI 293 NTSTATUS 294 NTAPI 295 SeMarkLogonSessionForTerminationNotification( 296 _In_ PLUID LogonId); 297 298 NTKERNELAPI 299 NTSTATUS 300 NTAPI 301 SeQueryInformationToken( 302 _In_ PACCESS_TOKEN Token, 303 _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, 304 _Outptr_result_buffer_(_Inexpressible_(token-dependent)) PVOID *TokenInformation); 305 $endif (_NTIFS_) 306 307 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 308 $if (_NTIFS_) 309 #if (NTDDI_VERSION >= NTDDI_WIN2KSP3) 310 NTKERNELAPI 311 BOOLEAN 312 NTAPI 313 SeAuditingHardLinkEvents( 314 _In_ BOOLEAN AccessGranted, 315 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor); 316 #endif 317 318 #if (NTDDI_VERSION >= NTDDI_WINXP) 319 320 NTKERNELAPI 321 NTSTATUS 322 NTAPI 323 SeFilterToken( 324 _In_ PACCESS_TOKEN ExistingToken, 325 _In_ ULONG Flags, 326 _In_opt_ PTOKEN_GROUPS SidsToDisable, 327 _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, 328 _In_opt_ PTOKEN_GROUPS RestrictedSids, 329 _Outptr_ PACCESS_TOKEN *FilteredToken); 330 331 NTKERNELAPI 332 VOID 333 NTAPI 334 SeAuditHardLinkCreation( 335 _In_ PUNICODE_STRING FileName, 336 _In_ PUNICODE_STRING LinkName, 337 _In_ BOOLEAN bSuccess); 338 339 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 340 341 #if (NTDDI_VERSION >= NTDDI_WINXPSP2) 342 343 NTKERNELAPI 344 BOOLEAN 345 NTAPI 346 SeAuditingFileEventsWithContext( 347 _In_ BOOLEAN AccessGranted, 348 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 349 _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext); 350 351 NTKERNELAPI 352 BOOLEAN 353 NTAPI 354 SeAuditingHardLinkEventsWithContext( 355 _In_ BOOLEAN AccessGranted, 356 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 357 _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext); 358 359 #endif 360 $endif (_NTIFS_) 361 362 $if (_WDMDDK_) 363 #if (NTDDI_VERSION >= NTDDI_WS03SP1) 364 365 _At_(AuditParameters->ParameterCount, _Const_) 366 NTSTATUS 367 NTAPI 368 SeSetAuditParameter( 369 _Inout_ PSE_ADT_PARAMETER_ARRAY AuditParameters, 370 _In_ SE_ADT_PARAMETER_TYPE Type, 371 _In_range_(<,SE_MAX_AUDIT_PARAMETERS) ULONG Index, 372 _In_reads_(_Inexpressible_("depends on SE_ADT_PARAMETER_TYPE")) 373 PVOID Data); 374 375 NTSTATUS 376 NTAPI 377 SeReportSecurityEvent( 378 _In_ ULONG Flags, 379 _In_ PUNICODE_STRING SourceName, 380 _In_opt_ PSID UserSid, 381 _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters); 382 383 #endif /* (NTDDI_VERSION >= NTDDI_WS03SP1) */ 384 $endif (_WDMDDK_) 385 386 $if (_WDMDDK_ || _NTIFS_) 387 #if (NTDDI_VERSION >= NTDDI_VISTA) 388 $endif (_WDMDDK_ || _NTIFS_) 389 $if (_WDMDDK_) 390 NTKERNELAPI 391 ULONG 392 NTAPI 393 SeComputeAutoInheritByObjectType( 394 _In_ PVOID ObjectType, 395 _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, 396 _In_opt_ PSECURITY_DESCRIPTOR ParentSecurityDescriptor); 397 398 #ifdef SE_NTFS_WORLD_CACHE 399 VOID 400 NTAPI 401 SeGetWorldRights( 402 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 403 _In_ PGENERIC_MAPPING GenericMapping, 404 _Out_ PACCESS_MASK GrantedAccess); 405 #endif /* SE_NTFS_WORLD_CACHE */ 406 $endif (_WDMDDK_) 407 $if (_NTIFS_) 408 409 NTKERNELAPI 410 VOID 411 NTAPI 412 SeOpenObjectAuditAlarmWithTransaction( 413 _In_ PUNICODE_STRING ObjectTypeName, 414 _In_opt_ PVOID Object, 415 _In_opt_ PUNICODE_STRING AbsoluteObjectName, 416 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 417 _In_ PACCESS_STATE AccessState, 418 _In_ BOOLEAN ObjectCreated, 419 _In_ BOOLEAN AccessGranted, 420 _In_ KPROCESSOR_MODE AccessMode, 421 _In_opt_ GUID *TransactionId, 422 _Out_ PBOOLEAN GenerateOnClose); 423 424 NTKERNELAPI 425 VOID 426 NTAPI 427 SeOpenObjectForDeleteAuditAlarmWithTransaction( 428 _In_ PUNICODE_STRING ObjectTypeName, 429 _In_opt_ PVOID Object, 430 _In_opt_ PUNICODE_STRING AbsoluteObjectName, 431 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 432 _In_ PACCESS_STATE AccessState, 433 _In_ BOOLEAN ObjectCreated, 434 _In_ BOOLEAN AccessGranted, 435 _In_ KPROCESSOR_MODE AccessMode, 436 _In_opt_ GUID *TransactionId, 437 _Out_ PBOOLEAN GenerateOnClose); 438 439 NTKERNELAPI 440 VOID 441 NTAPI 442 SeExamineSacl( 443 _In_ PACL Sacl, 444 _In_ PACCESS_TOKEN Token, 445 _In_ ACCESS_MASK DesiredAccess, 446 _In_ BOOLEAN AccessGranted, 447 _Out_ PBOOLEAN GenerateAudit, 448 _Out_ PBOOLEAN GenerateAlarm); 449 450 NTKERNELAPI 451 VOID 452 NTAPI 453 SeDeleteObjectAuditAlarmWithTransaction( 454 _In_ PVOID Object, 455 _In_ HANDLE Handle, 456 _In_opt_ GUID *TransactionId); 457 458 NTKERNELAPI 459 VOID 460 NTAPI 461 SeQueryTokenIntegrity( 462 _In_ PACCESS_TOKEN Token, 463 _Inout_ PSID_AND_ATTRIBUTES IntegritySA); 464 465 NTKERNELAPI 466 NTSTATUS 467 NTAPI 468 SeSetSessionIdToken( 469 _In_ PACCESS_TOKEN Token, 470 _In_ ULONG SessionId); 471 472 NTKERNELAPI 473 VOID 474 NTAPI 475 SeAuditHardLinkCreationWithTransaction( 476 _In_ PUNICODE_STRING FileName, 477 _In_ PUNICODE_STRING LinkName, 478 _In_ BOOLEAN bSuccess, 479 _In_opt_ GUID *TransactionId); 480 481 NTKERNELAPI 482 VOID 483 NTAPI 484 SeAuditTransactionStateChange( 485 _In_ GUID *TransactionId, 486 _In_ GUID *ResourceManagerId, 487 _In_ ULONG NewTransactionState); 488 $endif (_NTIFS_) 489 $if (_WDMDDK_ || _NTIFS_) 490 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 491 $endif (_WDMDDK_ || _NTIFS_) 492 $if (_NTIFS_) 493 494 #if (NTDDI_VERSION >= NTDDI_VISTA || (NTDDI_VERSION >= NTDDI_WINXPSP2 && NTDDI_VERSION < NTDDI_WS03)) 495 NTKERNELAPI 496 BOOLEAN 497 NTAPI 498 SeTokenIsWriteRestricted( 499 _In_ PACCESS_TOKEN Token); 500 #endif 501 502 #if (NTDDI_VERSION >= NTDDI_WIN7) 503 504 NTKERNELAPI 505 BOOLEAN 506 NTAPI 507 SeAuditingAnyFileEventsWithContext( 508 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 509 _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, 510 _Out_opt_ PBOOLEAN StagingEnabled); 511 512 NTKERNELAPI 513 VOID 514 NTAPI 515 SeExamineGlobalSacl( 516 _In_ PUNICODE_STRING ObjectType, 517 _In_ PACL ResourceSacl, 518 _In_ PACCESS_TOKEN Token, 519 _In_ ACCESS_MASK DesiredAccess, 520 _In_ BOOLEAN AccessGranted, 521 _Inout_ PBOOLEAN GenerateAudit, 522 _Inout_opt_ PBOOLEAN GenerateAlarm); 523 524 NTKERNELAPI 525 VOID 526 NTAPI 527 SeMaximumAuditMaskFromGlobalSacl( 528 _In_opt_ PUNICODE_STRING ObjectTypeName, 529 _In_ ACCESS_MASK GrantedAccess, 530 _In_ PACCESS_TOKEN Token, 531 _Inout_ PACCESS_MASK AuditMask); 532 533 #endif /* (NTDDI_VERSION >= NTDDI_WIN7) */ 534 535 NTSTATUS 536 NTAPI 537 SeReportSecurityEventWithSubCategory( 538 _In_ ULONG Flags, 539 _In_ PUNICODE_STRING SourceName, 540 _In_opt_ PSID UserSid, 541 _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters, 542 _In_ ULONG AuditSubcategoryId); 543 544 BOOLEAN 545 NTAPI 546 SeAccessCheckFromState( 547 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 548 _In_ PTOKEN_ACCESS_INFORMATION PrimaryTokenInformation, 549 _In_opt_ PTOKEN_ACCESS_INFORMATION ClientTokenInformation, 550 _In_ ACCESS_MASK DesiredAccess, 551 _In_ ACCESS_MASK PreviouslyGrantedAccess, 552 _Outptr_opt_result_maybenull_ PPRIVILEGE_SET *Privileges, 553 _In_ PGENERIC_MAPPING GenericMapping, 554 _In_ KPROCESSOR_MODE AccessMode, 555 _Out_ PACCESS_MASK GrantedAccess, 556 _Out_ PNTSTATUS AccessStatus); 557 558 NTKERNELAPI 559 VOID 560 NTAPI 561 SeFreePrivileges( 562 _In_ PPRIVILEGE_SET Privileges); 563 564 NTSTATUS 565 NTAPI 566 SeLocateProcessImageName( 567 _Inout_ PEPROCESS Process, 568 _Outptr_ PUNICODE_STRING *pImageFileName); 569 570 #define SeLengthSid( Sid ) \ 571 (8 + (4 * ((SID *)Sid)->SubAuthorityCount)) 572 573 #define SeDeleteClientSecurity(C) { \ 574 if (SeTokenType((C)->ClientToken) == TokenPrimary) { \ 575 PsDereferencePrimaryToken( (C)->ClientToken ); \ 576 } else { \ 577 PsDereferenceImpersonationToken( (C)->ClientToken ); \ 578 } \ 579 } 580 581 #define SeStopImpersonatingClient() PsRevertToSelf() 582 583 #define SeQuerySubjectContextToken( SubjectContext ) \ 584 ( ARGUMENT_PRESENT( \ 585 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken \ 586 ) ? \ 587 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->ClientToken : \ 588 ((PSECURITY_SUBJECT_CONTEXT) SubjectContext)->PrimaryToken ) 589 590 extern NTKERNELAPI PSE_EXPORTS SeExports; 591 592 $endif (_NTIFS_) 593