xref: /reactos/win32ss/user/ntuser/security.h (revision 84344399) 
1 /*
2  * PROJECT:         ReactOS Win32k subsystem
3  * LICENSE:         GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
4  * PURPOSE:         Security infrastructure of NTUSER component of Win32k
5  * COPYRIGHT:       Copyright 2022 George Bișoc <george.bisoc@reactos.org>
6  */
7 
8 #pragma once
9 
10 //
11 // USER objects security rights
12 //
13 
14 /* Desktop access rights */
15 #define DESKTOP_READ (STANDARD_RIGHTS_READ      | \
16                       DESKTOP_ENUMERATE         | \
17                       DESKTOP_READOBJECTS)
18 
19 #define DESKTOP_WRITE (STANDARD_RIGHTS_WRITE    | \
20                        DESKTOP_CREATEMENU       | \
21                        DESKTOP_CREATEWINDOW     | \
22                        DESKTOP_HOOKCONTROL      | \
23                        DESKTOP_JOURNALPLAYBACK  | \
24                        DESKTOP_JOURNALRECORD    | \
25                        DESKTOP_WRITEOBJECTS)
26 
27 #define DESKTOP_EXECUTE (STANDARD_RIGHTS_EXECUTE  | \
28                          DESKTOP_SWITCHDESKTOP)
29 
30 #define DESKTOP_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
31                             DESKTOP_CREATEMENU       | \
32                             DESKTOP_CREATEWINDOW     | \
33                             DESKTOP_ENUMERATE        | \
34                             DESKTOP_HOOKCONTROL      | \
35                             DESKTOP_JOURNALPLAYBACK  | \
36                             DESKTOP_JOURNALRECORD    | \
37                             DESKTOP_READOBJECTS      | \
38                             DESKTOP_SWITCHDESKTOP    | \
39                             DESKTOP_WRITEOBJECTS)
40 
41 /* Window Station access rights */
42 #define WINSTA_READ (STANDARD_RIGHTS_READ     | \
43                      WINSTA_ENUMDESKTOPS      | \
44                      WINSTA_ENUMERATE         | \
45                      WINSTA_READATTRIBUTES    | \
46                      WINSTA_READSCREEN)
47 
48 #define WINSTA_WRITE (STANDARD_RIGHTS_WRITE    | \
49                       WINSTA_ACCESSCLIPBOARD   | \
50                       WINSTA_CREATEDESKTOP     | \
51                       WINSTA_WRITEATTRIBUTES)
52 
53 #define WINSTA_EXECUTE (STANDARD_RIGHTS_EXECUTE  | \
54                         WINSTA_ACCESSGLOBALATOMS | \
55                         WINSTA_EXITWINDOWS)
56 
57 #define WINSTA_ACCESS_ALL (STANDARD_RIGHTS_REQUIRED | \
58                            WINSTA_ACCESSCLIPBOARD   | \
59                            WINSTA_ACCESSGLOBALATOMS | \
60                            WINSTA_CREATEDESKTOP     | \
61                            WINSTA_ENUMDESKTOPS      | \
62                            WINSTA_ENUMERATE         | \
63                            WINSTA_EXITWINDOWS       | \
64                            WINSTA_READATTRIBUTES    | \
65                            WINSTA_READSCREEN        | \
66                            WINSTA_WRITEATTRIBUTES)
67 
68 //
69 // Function prototypes
70 //
71 
72 HANDLE
73 IntCaptureCurrentAccessToken(VOID);
74 
75 PVOID
76 IntAllocateSecurityBuffer(
77     _In_ SIZE_T Length);
78 
79 VOID
80 IntFreeSecurityBuffer(
81     _In_ PVOID Buffer);
82 
83 NTSTATUS
84 IntQueryUserSecurityIdentification(
85     _Out_ PTOKEN_USER *User);
86 
87 NTSTATUS
88 NTAPI
89 IntAssignDesktopSecurityOnParse(
90     _In_ PWINSTATION_OBJECT WinSta,
91     _In_ PDESKTOP Desktop,
92     _In_ PACCESS_STATE AccessState);
93 
94 NTSTATUS
95 NTAPI
96 IntCreateServiceSecurity(
97     _Out_ PSECURITY_DESCRIPTOR *ServiceSd);
98 
99 /* EOF */
100