|
|
dd89bb |
#ifndef _NT_SECURITY_H_
|
|
|
dd89bb |
#define _NT_SECURITY_H_
|
|
|
dd89bb |
|
|
|
dd89bb |
#include <psxtypes/psxtypes.h>
|
|
|
dd89bb |
#include "nt_object.h"
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef enum _nt_audit_event_type {
|
|
|
dd89bb |
NT_AUDIT_EVENT_OBJECT_ACCESS,
|
|
|
dd89bb |
NT_AUDIT_EVENT_DIRECTORY_SERVICE_ACCESS
|
|
|
dd89bb |
} nt_audit_event_type;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
/* audit flag bits */
|
|
|
dd89bb |
#define NT_AUDIT_ALLOW_NO_PRIVILEGE 0x01
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_privilege_set {
|
|
|
dd89bb |
uint32_t privilege_count;
|
|
|
dd89bb |
uint32_t control;
|
|
|
dd89bb |
nt_luid_and_attributes privilege[];
|
|
|
dd89bb |
} nt_privilege_set;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_object_type_list {
|
|
|
dd89bb |
int32_t level;
|
|
|
dd89bb |
int32_t sbz;
|
|
|
dd89bb |
nt_guid * object_type;
|
|
|
dd89bb |
} nt_object_type_list;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_privilege_check(
|
|
|
dd89bb |
__in void * htoken,
|
|
|
dd89bb |
__in nt_privilege_set * required_privileges,
|
|
|
dd89bb |
__out unsigned char * result);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_privilege_object_audit_alarm(
|
|
|
dd89bb |
__in nt_unicode_string * subsystem_name,
|
|
|
dd89bb |
__in void * handle_id,
|
|
|
dd89bb |
__in void * htoken,
|
|
|
dd89bb |
__in uint32_t desired_access,
|
|
|
dd89bb |
__in nt_privilege_set * privileges,
|
|
|
dd89bb |
__in unsigned char access_granted);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_privileged_service_audit_alarm(
|
|
|
dd89bb |
__in nt_unicode_string * subsystem_name,
|
|
|
dd89bb |
__in nt_unicode_string * service_name,
|
|
|
dd89bb |
__in void * htoken,
|
|
|
dd89bb |
__in nt_privilege_set * privileges,
|
|
|
dd89bb |
__in unsigned char access_granted);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_access_check(
|
|
|
dd89bb |
__in nt_security_descriptor * sec_desc,
|
|
|
dd89bb |
__in void * htoken,
|
|
|
dd89bb |
__in uint32_t desired_access,
|
|
|
dd89bb |
__in nt_generic_mapping * generic_mapping,
|
|
|
dd89bb |
__in nt_privilege_set * privilege_set,
|
|
|
dd89bb |
__in uint32_t * privilege_set_length,
|
|
|
dd89bb |
__out uint32_t * granted_access,
|
|
|
dd89bb |
__out unsigned char * access_status);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_access_check_and_audit_alarm(
|
|
|
dd89bb |
__in nt_unicode_string * subsystem_name,
|
|
|
dd89bb |
__in void * handle_id,
|
|
|
dd89bb |
__in nt_unicode_string * object_type_name,
|
|
|
dd89bb |
__in nt_unicode_string * object_name,
|
|
|
dd89bb |
__in nt_security_descriptor * sec_desc,
|
|
|
dd89bb |
__in uint32_t desired_access,
|
|
|
dd89bb |
__in nt_generic_mapping * generic_mapping,
|
|
|
dd89bb |
__in unsigned char object_creation,
|
|
|
dd89bb |
__out uint32_t * granted_access,
|
|
|
dd89bb |
__out unsigned char * access_status,
|
|
|
dd89bb |
__out unsigned char * generate_on_close);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_access_check_by_type(
|
|
|
dd89bb |
__in nt_security_descriptor * sec_desc,
|
|
|
dd89bb |
__in nt_sid * principal_self_sid,
|
|
|
dd89bb |
__in void * htoken,
|
|
|
dd89bb |
__in uint32_t desired_access,
|
|
|
dd89bb |
__in nt_object_type_list * obj_type_list,
|
|
|
dd89bb |
__in uint32_t obj_type_list_length,
|
|
|
dd89bb |
__in nt_generic_mapping * generic_mapping,
|
|
|
dd89bb |
__in nt_privilege_set * privilege_set,
|
|
|
dd89bb |
__in uint32_t * privilege_set_length,
|
|
|
dd89bb |
__out uint32_t * granted_access,
|
|
|
dd89bb |
__out unsigned char * access_status);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_access_check_by_type_and_audit_alarm(
|
|
|
dd89bb |
__in nt_unicode_string * subsystem_name,
|
|
|
dd89bb |
__in void * handle_id,
|
|
|
dd89bb |
__in nt_unicode_string * object_type_name,
|
|
|
dd89bb |
__in nt_unicode_string * object_name,
|
|
|
dd89bb |
__in nt_security_descriptor * sec_desc,
|
|
|
dd89bb |
__in nt_sid * principal_self_sid,
|
|
|
dd89bb |
__in uint32_t desired_access,
|
|
|
dd89bb |
__in nt_audit_event_type audit_type,
|
|
|
dd89bb |
__in uint32_t augid_flags,
|
|
|
dd89bb |
__in nt_object_type_list * obj_type_list,
|
|
|
dd89bb |
__in uint32_t obj_type_list_length,
|
|
|
dd89bb |
__in nt_generic_mapping * generic_mapping,
|
|
|
dd89bb |
__in unsigned char object_creation,
|
|
|
dd89bb |
__out uint32_t * granted_access,
|
|
|
dd89bb |
__out uint32_t * access_status,
|
|
|
dd89bb |
__out unsigned char * generate_on_close);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_access_check_by_type_result_list(
|
|
|
dd89bb |
__in nt_security_descriptor * sec_desc,
|
|
|
dd89bb |
__in nt_sid * principal_self_sid,
|
|
|
dd89bb |
__in void * htoken,
|
|
|
dd89bb |
__in uint32_t desired_access,
|
|
|
dd89bb |
__in nt_object_type_list * obj_type_list,
|
|
|
dd89bb |
__in uint32_t obj_type_list_length,
|
|
|
dd89bb |
__in nt_generic_mapping * generic_mapping,
|
|
|
dd89bb |
__in nt_privilege_set * privilege_set,
|
|
|
dd89bb |
__in uint32_t * privilege_set_length,
|
|
|
dd89bb |
__out uint32_t * granted_access_list,
|
|
|
dd89bb |
__out uint32_t * access_status_list);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_access_check_by_type_result_list_and_audit_alarm(
|
|
|
dd89bb |
__in nt_unicode_string * subsystem_name,
|
|
|
dd89bb |
__in void * handle_id,
|
|
|
dd89bb |
__in nt_unicode_string * object_type_name,
|
|
|
dd89bb |
__in nt_unicode_string * object_name,
|
|
|
dd89bb |
__in nt_security_descriptor * sec_desc,
|
|
|
dd89bb |
__in nt_sid * principal_self_sid,
|
|
|
dd89bb |
__in uint32_t desired_access,
|
|
|
dd89bb |
__in nt_audit_event_type audit_type,
|
|
|
dd89bb |
__in uint32_t augid_flags,
|
|
|
dd89bb |
__in nt_object_type_list * obj_type_list,
|
|
|
dd89bb |
__in uint32_t obj_type_list_length,
|
|
|
dd89bb |
__in nt_generic_mapping * generic_mapping,
|
|
|
dd89bb |
__in unsigned char object_creation,
|
|
|
dd89bb |
__out uint32_t * granted_access_list,
|
|
|
dd89bb |
__out uint32_t * access_status_list,
|
|
|
dd89bb |
__out uint32_t * generate_on_close);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_access_check_by_type_result_list_and_audit_alarm_by_handle(
|
|
|
dd89bb |
__in nt_unicode_string * subsystem_name,
|
|
|
dd89bb |
__in void * handle_id,
|
|
|
dd89bb |
__in void * htoken,
|
|
|
dd89bb |
__in nt_unicode_string * object_type_name,
|
|
|
dd89bb |
__in nt_unicode_string * object_name,
|
|
|
dd89bb |
__in nt_security_descriptor * sec_desc,
|
|
|
dd89bb |
__in nt_sid * principal_self_sid,
|
|
|
dd89bb |
__in uint32_t desired_access,
|
|
|
dd89bb |
__in nt_audit_event_type audit_type,
|
|
|
dd89bb |
__in uint32_t augid_flags,
|
|
|
dd89bb |
__in nt_object_type_list * obj_type_list,
|
|
|
dd89bb |
__in uint32_t obj_type_list_length,
|
|
|
dd89bb |
__in nt_generic_mapping * generic_mapping,
|
|
|
dd89bb |
__in unsigned char object_creation,
|
|
|
dd89bb |
__out uint32_t * granted_access_list,
|
|
|
dd89bb |
__out uint32_t * access_status_list,
|
|
|
dd89bb |
__out uint32_t * generate_on_close);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_open_object_audit_alarm(
|
|
|
dd89bb |
__in nt_unicode_string * subsystem_name,
|
|
|
dd89bb |
__in void ** handle_id,
|
|
|
dd89bb |
__in nt_unicode_string * object_type_name,
|
|
|
dd89bb |
__in nt_unicode_string * object_name,
|
|
|
dd89bb |
__in nt_security_descriptor * sec_desc,
|
|
|
dd89bb |
__in void * htoken,
|
|
|
dd89bb |
__in uint32_t desired_access,
|
|
|
dd89bb |
__in uint32_t granted_access,
|
|
|
dd89bb |
__in nt_privilege_set * privileges __optional,
|
|
|
dd89bb |
__in unsigned char object_creation,
|
|
|
dd89bb |
__in unsigned char access_granted,
|
|
|
dd89bb |
__out unsigned char * generate_on_close);
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_close_object_audit_alarm(
|
|
|
dd89bb |
__in nt_unicode_string * subsystem_name,
|
|
|
dd89bb |
__in void * handle_id,
|
|
|
dd89bb |
__out unsigned char * generate_on_close);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_delete_object_audit_alarm(
|
|
|
dd89bb |
__in nt_unicode_string * subsystem_name,
|
|
|
dd89bb |
__in void * handle_id,
|
|
|
dd89bb |
__out unsigned char * generate_on_close);
|
|
|
dd89bb |
|
|
|
dd89bb |
#endif
|