test: sep.h Source File

00001 /*++ 00002 00003 Copyright (c) 1989 Microsoft Corporation 00004 00005 Module Name: 00006 00007 sep.h 00008 00009 Abstract: 00010 00011 This module contains the internal (private) declarations needed by the 00012 Kernel mode security routines. 00013 00014 Author: 00015 00016 Gary Kimura (GaryKi) 31-Mar-1989 00017 Jim Kelly (JimK) 2-Mar-1990 00018 00019 Revision History: 00020 00021 00022 --*/ 00023 00024 #ifndef _SEP_ 00025 #define _SEP_ 00026 00027 #include "ntos.h" 00028 #include <ntrmlsa.h> 00029 #include "seopaque.h" 00030 00031 00032 00034 // // 00035 // SE Diagnostics // 00036 // // 00038 00039 00040 00041 #if DBG 00042 #define SE_DIAGNOSTICS_ENABLED 1 00043 #endif // DBG 00044 00045 00046 // 00047 // These definitions are useful diagnostics aids 00048 // 00049 00050 #if SE_DIAGNOSTICS_ENABLED 00051 00052 // 00053 // Test for enabled diagnostic 00054 // 00055 00056 #define IF_SE_GLOBAL( FlagName ) \ 00057 if (SeGlobalFlag & (SE_DIAG_##FlagName)) 00058 00059 // 00060 // Diagnostics print statement 00061 // 00062 00063 #define SeDiagPrint( FlagName, _Text_ ) \ 00064 IF_SE_GLOBAL( FlagName ) \ 00065 DbgPrint _Text_ 00066 00067 00068 #else 00069 00070 // 00071 // diagnostics not enabled - No diagnostics included in build 00072 // 00073 00074 00075 // 00076 // Test for diagnostics enabled 00077 // 00078 00079 #define IF_SE_GLOBAL( FlagName ) if (FALSE) 00080 00081 // 00082 // Diagnostics print statement (expands to no-op) 00083 // 00084 00085 #define SeDiagPrint( FlagName, _Text_ ) ; 00086 00087 #endif // SE_DIAGNOSTICS_ENABLED 00088 00089 00090 00091 00092 // 00093 // The following flags enable or disable various diagnostic 00094 // capabilities within SE code. These flags are set in 00095 // SeGlobalFlag (only available within a DBG system). 00096 // 00097 // SD_TRACKING - Display information about create/deletion of 00098 // shared security descriptors 00099 // 00100 // 00101 00102 #define SE_DIAG_SD_TRACKING ((ULONG) 0x00000001L) 00103 00104 00105 00106 00107 00108 // 00109 // Control flag manipulation macros 00110 // 00111 00112 // 00113 // Macro to query whether or not control flags ALL on 00114 // or not (ie, returns FALSE if any of the flags are not set) 00115 // 00116 00117 #define SepAreFlagsSet( Mask, Bits ) \ 00118 ( \ 00119 ((Mask) & ( Bits )) == ( Bits ) \ 00120 ) 00121 00122 // 00123 // Macro to set the specified control bits in the given Security Descriptor 00124 // 00125 00126 #define SepSetFlags( Mask, Bits ) \ 00127 ( \ 00128 ( Mask ) |= ( Bits ) \ 00129 ) 00130 00131 // 00132 // Macro to clear the passed control bits in the given Security Descriptor 00133 // 00134 00135 #define SepClearFlags( Mask, Bits ) \ 00136 ( \ 00137 ( Mask ) &= ~( Bits ) \ 00138 ) 00139 00140 00141 00142 00143 // 00144 // Macro to determine the size of a PRIVILEGE_SET 00145 // 00146 00147 #define SepPrivilegeSetSize( PrivilegeSet ) \ 00148 ( ( PrivilegeSet ) == NULL ? 0 : \ 00149 ((( PrivilegeSet )->PrivilegeCount > 0) \ 00150 ? \ 00151 ((ULONG)sizeof(PRIVILEGE_SET) + \ 00152 ( \ 00153 (( PrivilegeSet )->PrivilegeCount - ANYSIZE_ARRAY) * \ 00154 (ULONG)sizeof(LUID_AND_ATTRIBUTES) \ 00155 ) \ 00156 ) \ 00157 : ((ULONG)sizeof(PRIVILEGE_SET) - (ULONG)sizeof(LUID_AND_ATTRIBUTES)) \ 00158 )) 00159 00160 00161 // 00162 // Return the effective token from a SecurityContext 00163 // 00164 00165 #define EffectiveToken( SubjectSecurityContext ) ( \ 00166 (SubjectSecurityContext)->ClientToken ? \ 00167 (SubjectSecurityContext)->ClientToken : \ 00168 (SubjectSecurityContext)->PrimaryToken \ 00169 ) \ 00170 00171 00172 // 00173 // Return a pointer to the Sid of the User of a given token 00174 // 00175 00176 #define SepTokenUserSid( Token ) ((PTOKEN)(Token))->UserAndGroups->Sid 00177 00178 00179 // 00180 // Return the AuthenticationId from a given token 00181 // 00182 00183 #define SepTokenAuthenticationId( Token ) (((PTOKEN)(Token))->AuthenticationId) 00184 00185 00186 00187 // 00188 // 00189 // BOOLEAN 00190 // SepBadImpersonationLevel( 00191 // IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, 00192 // IN BOOLEAN ServerIsRemote 00193 // ) 00194 // 00195 // Routine Description: 00196 // 00197 // Determine whether a client is trying to impersonate innappropriately 00198 // This routine should only be called if a thread requesting impersonation 00199 // is itself already impersonating a client of its own. This routine 00200 // indicates whether the client is attempting to violate the level of 00201 // impersonation granted to it by its client. 00202 // 00203 // Arguments: 00204 // 00205 // ImpersonationLevel - Is the impersonation level of the client's 00206 // effective token. 00207 // 00208 // ServerIsRemote - Is a boolean flag indicating whether the client 00209 // is requesting impersonation services to a remote system. TRUE 00210 // indicates the session is a remote session, FALSE indicates the 00211 // session is a local session. Delegation level is necessary to 00212 // achieve a remote session. 00213 // 00214 // Return Value: 00215 // 00216 // TRUE - Indicates that the impersonation level of the client's client 00217 // token is innapropriate for the attempted impersonation. 00218 // An error (STATUS_BAD_IMPERSONATION_LEVEL) should be generated. 00219 // 00220 // FALSE - Indicates the impersonation attempt is not bad, and should 00221 // be allowed. 00222 // 00223 // 00224 00225 #define SepBadImpersonationLevel(IL,SIR) (( \ 00226 ((IL) == SecurityAnonymous) || ((IL) == SecurityIdentification) || \ 00227 ( (SIR) && ((IL) != SecurityDelegation) ) \ 00228 ) ? TRUE : FALSE ) 00229 00230 00231 00232 //++ 00233 // 00234 // BOOL 00235 // IsValidElementCount( 00236 // IN ULONG Count, 00237 // IN <STRUCTURE> 00238 // ); 00239 // 00240 //-- 00241 00242 #define IsValidElementCount( Count, STRUCTURE ) \ 00243 ( Count < ( (ULONG_PTR) ( (PUCHAR) ( (PUCHAR) (LONG_PTR)(LONG)0xFFFFFFFF - (PUCHAR) MM_SYSTEM_RANGE_START ) + 1 ) \ 00244 / sizeof( STRUCTURE ) ) ) 00245 00246 00247 00249 // // 00250 // Constants // 00251 // // 00253 00254 #define SEP_MAX_GROUP_COUNT 4096 00255 #define SEP_MAX_PRIVILEGE_COUNT 4096 00256 00257 00259 // // 00260 // Private Data types // 00261 // // 00263 00264 00265 extern HANDLE SepLsaHandle; 00266 00267 extern BOOLEAN SepAuditShutdownEvents; 00268 00269 // 00270 // Spinlock protecting the queue of work being passed to LSA 00271 // 00272 00273 extern ERESOURCE SepLsaQueueLock; 00274 00275 extern ULONG SepLsaQueueLength; 00276 00277 // 00278 // Doubly linked list of work items queued to worker threads. 00279 // 00280 00281 extern LIST_ENTRY SepLsaQueue; 00282 00283 00284 // #define SepAcquireTokenReadLock(T) KeEnterCriticalRegion(); \ 00285 // ExAcquireResourceShared(&SepTokenLock, TRUE) 00286 00287 #define SepLockLsaQueue() KeEnterCriticalRegion(); \ 00288 ExAcquireResourceExclusive(&SepLsaQueueLock, TRUE) 00289 00290 #define SepUnlockLsaQueue() ExReleaseResource(&SepLsaQueueLock); \ 00291 KeLeaveCriticalRegion() 00292 00293 #define SepWorkListHead() ((PSEP_LSA_WORK_ITEM)(&SepLsaQueue)->Flink) 00294 00295 #ifndef ExAllocatePool 00296 #define ExAllocatePool(a,b) ExAllocatePoolWithTag(a,b,' eS') 00297 #endif 00298 #ifndef ExAllocatePoolWithQuota 00299 #define ExAllocatePoolWithQuota(a,b) ExAllocatePoolWithQuotaTag(a,b,' eS') 00300 #endif 00301 00302 typedef 00303 VOID 00304 (*PSEP_LSA_WORKER_CLEANUP_ROUTINE)( 00305 IN PVOID Parameter 00306 ); 00307 00308 00309 typedef enum _SEP_LSA_WORK_ITEM_TAG { 00310 SepDeleteLogon, 00311 SepAuditRecord 00312 } SEP_LSA_WORK_ITEM_TAG, *PSEP_LSA_WORK_ITEM_TAG; 00313 00314 00315 00316 00317 00318 typedef struct _SEP_LSA_WORK_ITEM { 00319 00320 // 00321 // This field must be the first field of this structure 00322 // 00323 00324 LIST_ENTRY List; 00325 00326 // 00327 // Command Params Memory type 00328 // 00329 00330 SEP_RM_LSA_MEMORY_TYPE CommandParamsMemoryType; 00331 00332 // 00333 // Tag describing what kind of structure we've got 00334 // 00335 00336 SEP_LSA_WORK_ITEM_TAG Tag; 00337 00338 // 00339 // The following union contains the data to be passed 00340 // to LSA. 00341 // 00342 00343 union { 00344 00345 PVOID BaseAddress; 00346 LUID LogonId; 00347 00348 } CommandParams; 00349 00350 // 00351 // These fields must be filled in by the caller of SepRmCallLsa 00352 // 00353 00354 LSA_COMMAND_NUMBER CommandNumber; 00355 ULONG CommandParamsLength; 00356 PVOID ReplyBuffer; 00357 ULONG ReplyBufferLength; 00358 00359 // 00360 // CleanupFunction (if specified) will be called with CleanupParameter 00361 // as its argument before the SEP_LSA_WORK_ITEM is freed by SepRmCallLsa 00362 // 00363 00364 PSEP_LSA_WORKER_CLEANUP_ROUTINE CleanupFunction; 00365 PVOID CleanupParameter; 00366 00367 } SEP_LSA_WORK_ITEM, *PSEP_LSA_WORK_ITEM; 00368 00369 00370 typedef struct _SEP_WORK_ITEM { 00371 00372 WORK_QUEUE_ITEM WorkItem; 00373 00374 } SEP_WORK_ITEM, *PSEP_WORK_ITEM; 00375 00376 extern SEP_WORK_ITEM SepExWorkItem; 00377 00378 00379 00380 00381 00382 00383 00385 // // 00386 // Private Routines // 00387 // // 00389 00390 BOOLEAN 00391 SepDevelopmentTest( VOID ); //Used only for development testing 00392 00393 00394 BOOLEAN 00395 SepInitializationPhase0( VOID ); 00396 00397 BOOLEAN 00398 SepInitializationPhase1( VOID ); 00399 00400 BOOLEAN 00401 SepVariableInitialization( VOID ); 00402 00403 NTSTATUS 00404 SepCreateToken( 00405 OUT PHANDLE TokenHandle, 00406 IN KPROCESSOR_MODE RequestorMode, 00407 IN ACCESS_MASK DesiredAccess, 00408 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 00409 IN TOKEN_TYPE TokenType, 00410 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel OPTIONAL, 00411 IN PLUID AuthenticationId, 00412 IN PLARGE_INTEGER ExpirationTime, 00413 IN PSID_AND_ATTRIBUTES User, 00414 IN ULONG GroupCount, 00415 IN PSID_AND_ATTRIBUTES Groups, 00416 IN ULONG GroupsLength, 00417 IN ULONG PrivilegeCount, 00418 IN PLUID_AND_ATTRIBUTES Privileges, 00419 IN ULONG PrivilegesLength, 00420 IN PSID Owner OPTIONAL, 00421 IN PSID PrimaryGroup, 00422 IN PACL DefaultDacl OPTIONAL, 00423 IN PTOKEN_SOURCE TokenSource, 00424 IN BOOLEAN SystemToken, 00425 IN PSECURITY_TOKEN_PROXY_DATA ProxyData OPTIONAL, 00426 IN PSECURITY_TOKEN_AUDIT_DATA AuditData OPTIONAL 00427 ); 00428 00429 NTSTATUS 00430 SepReferenceLogonSession( 00431 IN PLUID LogonId 00432 ); 00433 00434 VOID 00435 SepDeReferenceLogonSession( 00436 IN PLUID LogonId 00437 ); 00438 00439 VOID 00440 SepLockSubjectContext( 00441 IN PSECURITY_SUBJECT_CONTEXT SubjectContext 00442 ); 00443 00444 VOID 00445 SepFreeSubjectContext( 00446 IN PSECURITY_SUBJECT_CONTEXT SubjectContext 00447 ); 00448 00449 VOID 00450 SepGetDefaultsSubjectContext( 00451 IN PSECURITY_SUBJECT_CONTEXT SubjectContext, 00452 OUT PSID *Owner, 00453 OUT PSID *Group, 00454 OUT PSID *ServerOwner, 00455 OUT PSID *ServerGroup, 00456 OUT PACL *Dacl 00457 ); 00458 00459 BOOLEAN 00460 SepValidOwnerSubjectContext( 00461 IN PSECURITY_SUBJECT_CONTEXT SubjectContext, 00462 IN PSID Owner, 00463 IN BOOLEAN ServerObject 00464 ); 00465 00466 BOOLEAN 00467 SepIdAssignableAsGroup( 00468 IN PACCESS_TOKEN Token, 00469 IN PSID Group 00470 ); 00471 00472 BOOLEAN 00473 SepCheckAcl ( 00474 IN PACL Acl, 00475 IN ULONG Length 00476 ); 00477 00478 BOOLEAN 00479 SepAuditAlarm ( 00480 IN PUNICODE_STRING SubsystemName, 00481 IN PVOID HandleId, 00482 IN PUNICODE_STRING ObjectTypeName, 00483 IN PUNICODE_STRING ObjectName, 00484 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 00485 IN ACCESS_MASK DesiredAccess, 00486 IN BOOLEAN ObjectCreation, 00487 IN ACCESS_MASK GrantedAccess, 00488 OUT PBOOLEAN GenerateOnClose 00489 ); 00490 00491 BOOLEAN 00492 SepSinglePrivilegeCheck ( 00493 LUID DesiredPrivilege, 00494 IN PACCESS_TOKEN EffectiveToken, 00495 IN KPROCESSOR_MODE PreviousMode 00496 ); 00497 00498 NTSTATUS 00499 SepRmCallLsa( 00500 PSEP_WORK_ITEM SepWorkItem 00501 ); 00502 00503 BOOLEAN 00504 SepInitializeWorkList( 00505 VOID 00506 ); 00507 00508 BOOLEAN 00509 SepRmInitPhase0( 00510 ); 00511 00512 VOID 00513 SepConcatenatePrivileges( 00514 IN PPRIVILEGE_SET TargetPrivilegeSet, 00515 IN ULONG TargetBufferSize, 00516 IN PPRIVILEGE_SET SourcePrivilegeSet 00517 ); 00518 00519 BOOLEAN 00520 SepTokenIsOwner( 00521 IN PACCESS_TOKEN Token, 00522 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 00523 IN BOOLEAN TokenLocked 00524 ); 00525 00526 VOID 00527 SepPrintAcl ( 00528 IN PACL Acl 00529 ); 00530 00531 VOID 00532 SepPrintSid( 00533 IN PSID Sid 00534 ); 00535 00536 VOID 00537 SepDumpSecurityDescriptor( 00538 IN PSECURITY_DESCRIPTOR SecurityDescriptor, 00539 IN PSZ TitleString 00540 ); 00541 00542 BOOLEAN 00543 SepSidTranslation( 00544 PSID Sid, 00545 PSTRING AccountName 00546 ); 00547 00548 VOID 00549 SepDumpTokenInfo( 00550 IN PACCESS_TOKEN Token 00551 ); 00552 00553 VOID 00554 SepDumpString( 00555 IN PUNICODE_STRING String 00556 ); 00557 00558 BOOLEAN 00559 SepSidInToken ( 00560 IN PACCESS_TOKEN Token, 00561 IN PSID PrincipalSelfSid, 00562 IN PSID Sid, 00563 IN BOOLEAN DenyAce 00564 ); 00565 00566 00567 VOID 00568 SepExamineSacl( 00569 IN PACL Sacl, 00570 IN PACCESS_TOKEN Token, 00571 IN ACCESS_MASK DesiredAccess, 00572 IN BOOLEAN AccessGranted, 00573 OUT PBOOLEAN GenerateAudit, 00574 OUT PBOOLEAN GenerateAlarm 00575 ); 00576 00577 00578 VOID 00579 SepCopyString ( 00580 IN PUNICODE_STRING SourceString, 00581 OUT PUNICODE_STRING *DestString 00582 ); 00583 00584 VOID 00585 SepAssemblePrivileges( 00586 IN ULONG PrivilegeCount, 00587 IN BOOLEAN SystemSecurity, 00588 IN BOOLEAN WriteOwner, 00589 OUT PPRIVILEGE_SET *Privileges 00590 ); 00591 00592 00593 PUNICODE_STRING 00594 SepQueryTypeString( 00595 IN PVOID Object 00596 ); 00597 00598 00599 POBJECT_NAME_INFORMATION 00600 SepQueryNameString( 00601 IN PVOID Object 00602 ); 00603 00604 BOOLEAN 00605 SepFilterPrivilegeAudits( 00606 IN PPRIVILEGE_SET PrivilegeSet 00607 ); 00608 00609 BOOLEAN 00610 SepQueueWorkItem( 00611 IN PSEP_LSA_WORK_ITEM LsaWorkItem, 00612 IN BOOLEAN ForceQueue 00613 ); 00614 00615 PSEP_LSA_WORK_ITEM 00616 SepDequeueWorkItem( 00617 VOID 00618 ); 00619 00620 VOID 00621 SepAdtGenerateDiscardAudit( 00622 VOID 00623 ); 00624 00625 BOOLEAN 00626 SepAdtValidateAuditBounds( 00627 ULONG Upper, 00628 ULONG Lower 00629 ); 00630 00631 NTSTATUS 00632 SepAdtInitializeCrashOnFail( 00633 VOID 00634 ); 00635 00636 BOOLEAN 00637 SepAdtInitializePrivilegeAuditing( 00638 VOID 00639 ); 00640 00641 NTSTATUS 00642 SepCopyProxyData ( 00643 OUT PSECURITY_TOKEN_PROXY_DATA * DestProxyData, 00644 IN PSECURITY_TOKEN_PROXY_DATA SourceProxyData 00645 ); 00646 00647 VOID 00648 SepFreeProxyData ( 00649 IN PSECURITY_TOKEN_PROXY_DATA ProxyData 00650 ); 00651 00652 NTSTATUS 00653 SepProbeAndCaptureQosData( 00654 IN PSECURITY_ADVANCED_QUALITY_OF_SERVICE CapturedSecurityQos 00655 ); 00656 00657 PACCESS_TOKEN 00658 SeMakeAnonymousToken (); 00659 00660 #endif // _SEP_