huwcampbell.com
Reactos
1/*
2 * authz.h
3 *
4 * Authorization Framework
5 *
6 * THIS SOFTWARE IS NOT COPYRIGHTED
7 *
8 * This source code is offered for use in the public domain. You may
9 * use, modify or distribute it freely.
10 *
11 * This code is distributed in the hope that it will be useful but
12 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
13 * DISCLAIMED. This includes but is not limited to warranties of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
15 *
16 */
17#ifndef __AUTHZ_H
18#define __AUTHZ_H
19
20#if !defined(_AUTHZ_)
21#define AUTHZAPI DECLSPEC_IMPORT
22#else
23#define AUTHZAPI
24#endif
25
26#ifdef __cplusplus
27extern "C" {
28#endif
29
30#define AUTHZ_ACCESS_CHECK_NO_DEEP_COPY_SD 0x1
31
32#define AUTHZ_GENERATE_SUCCESS_AUDIT 0x1
33#define AUTHZ_GENERATE_FAILURE_AUDIT 0x2
34
35#define AUTHZ_SKIP_TOKEN_GROUPS 0x2
36#define AUTHZ_REQUIRE_S4U_LOGON 0x4
37
38#define AUTHZ_NO_SUCCESS_AUDIT 0x1
39#define AUTHZ_NO_FAILURE_AUDIT 0x2
40#define AUTHZ_NO_ALLOC_STRINGS 0x4
41
42#define AUTHZ_RM_FLAG_NO_AUDIT 0x1
43#define AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION 0x2
44
45typedef HANDLE AUTHZ_CLIENT_CONTEXT_HANDLE, *PAUTHZ_CLIENT_CONTEXT_HANDLE;
46typedef HANDLE AUTHZ_AUDIT_INFO_HANDLE, *PAUTHZ_AUDIT_INFO_HANDLE;
47typedef HANDLE AUTHZ_AUDIT_EVENT_HANDLE, *PAUTHZ_AUDIT_EVENT_HANDLE;
48typedef HANDLE AUTHZ_AUDIT_EVENT_TYPE_HANDLE, *PAUTHZ_AUDIT_EVENT_TYPE_HANDLE;
49typedef HANDLE AUTHZ_ACCESS_CHECK_RESULTS_HANDLE, *PAUTHZ_ACCESS_CHECK_RESULTS_HANDLE;
50typedef HANDLE AUTHZ_RESOURCE_MANAGER_HANDLE, *PAUTHZ_RESOURCE_MANAGER_HANDLE;
51typedef HANDLE AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE, *PAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE;
52
53#if !defined(_ADTGEN_H)
54/* FIXME - AUDIT_PARAMS is defined in adtgen.h!!!!! */
55typedef PVOID PAUDIT_PARAMS;
56#endif
57
58typedef enum _AUTHZ_CONTEXT_INFORMATION_CLASS
59{
60 AuthzContextInfoUserSid = 1,
61 AuthzContextInfoGroupsSids,
62 AuthzContextInfoRestrictedSids,
63 AuthzContextInfoPrivileges,
64 AuthzContextInfoExpirationTime,
65 AuthzContextInfoServerContext,
66 AuthzContextInfoIdentifier,
67 AuthzContextInfoSource,
68 AuthzContextInfoAll,
69 AuthzContextInfoAuthenticationId
70} AUTHZ_CONTEXT_INFORMATION_CLASS, *PAUTHZ_CONTEXT_INFORMATION_CLASS;
71
72typedef struct _AUTHZ_ACCESS_REQUEST
73{
74 ACCESS_MASK DesiredAccess;
75 PSID PrincipalSelfSid;
76 POBJECT_TYPE_LIST ObjectTypeList;
77 DWORD ObjectTypeListLength;
78 PVOID OptionalArguments;
79} AUTHZ_ACCESS_REQUEST, *PAUTHZ_ACCESS_REQUEST;
80
81typedef struct _AUTHZ_ACCESS_REPLY
82{
83 DWORD ResultListLength;
84 PACCESS_MASK GrantedAccessMask;
85 PDWORD SaclEvaluationResults;
86 PDWORD Error;
87} AUTHZ_ACCESS_REPLY, *PAUTHZ_ACCESS_REPLY;
88
89typedef struct _AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET
90{
91 PWSTR szObjectTypeName;
92 DWORD dwOffset;
93} AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET, *PAUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET;
94
95typedef struct _AUTHZ_SOURCE_SCHEMA_REGISTRATION
96{
97 DWORD dwFlags;
98 PWSTR szEventSourceName;
99 PWSTR szEventMessageFile;
100 PWSTR szEventSourceXmlSchemaFile;
101 PWSTR szEventAccessStringsFile;
102 PWSTR szExecutableImagePath;
103 PVOID pReserved;
104 DWORD dwObjectTypeNameCount;
105 AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET ObjectTypeNames[ANYSIZE_ARRAY];
106} AUTHZ_SOURCE_SCHEMA_REGISTRATION, *PAUTHZ_SOURCE_SCHEMA_REGISTRATION;
107
108typedef BOOL (CALLBACK *PFN_AUTHZ_DYNAMIC_ACCESS_CHECK)(IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
109 IN PACE_HEADER pAce,
110 IN PVOID pArgs OPTIONAL,
111 IN OUT PBOOL pbAceApplicable);
112
113typedef BOOL (CALLBACK *PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS)(IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
114 IN PVOID Args,
115 OUT PSID_AND_ATTRIBUTES* pSidAttrArray,
116 OUT PDWORD pSidCount,
117 OUT PSID_AND_ATTRIBUTES* pRestrictedSidAttrArray,
118 OUT PDWORD pRestrictedSidCount);
119
120typedef VOID (CALLBACK *PFN_AUTHZ_FREE_DYNAMIC_GROUPS)(IN PSID_AND_ATTRIBUTES pSidAttrArray);
121
122AUTHZAPI
123BOOL
124WINAPI
125AuthzAccessCheck(IN DWORD flags,
126 IN AUTHZ_CLIENT_CONTEXT_HANDLE AuthzClientContext,
127 IN PAUTHZ_ACCESS_REQUEST pRequest,
128 IN AUTHZ_AUDIT_INFO_HANDLE AuditInfo,
129 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
130 IN PSECURITY_DESCRIPTOR* OptionalSecurityDescriptorArray,
131 IN DWORD OptionalSecurityDescriptorCount OPTIONAL,
132 IN OUT PAUTHZ_ACCESS_REPLY pReply,
133 OUT PAUTHZ_ACCESS_CHECK_RESULTS_HANDLE pAuthzHandle);
134
135AUTHZAPI
136BOOL
137WINAPI
138AuthzAddSidsToContext(IN AUTHZ_CLIENT_CONTEXT_HANDLE OrigClientContext,
139 IN PSID_AND_ATTRIBUTES Sids,
140 IN DWORD SidCount,
141 IN PSID_AND_ATTRIBUTES RestrictedSids,
142 IN DWORD RestrictedSidCount,
143 OUT PAUTHZ_CLIENT_CONTEXT_HANDLE pNewClientContext);
144
145AUTHZAPI
146BOOL
147WINAPI
148AuthzCachedAccessCheck(IN DWORD Flags,
149 IN AUTHZ_ACCESS_CHECK_RESULTS_HANDLE AuthzHandle,
150 IN PAUTHZ_ACCESS_REQUEST pRequest,
151 IN AUTHZ_AUDIT_EVENT_HANDLE AuditInfo,
152 OUT PAUTHZ_ACCESS_REPLY pReply);
153
154AUTHZAPI
155BOOL
156WINAPI
157AuthzEnumerateSecurityEventSources(IN DWORD dwFlags,
158 OUT PAUTHZ_SOURCE_SCHEMA_REGISTRATION Buffer,
159 OUT PDWORD pdwCount,
160 IN OUT PDWORD pdwLength);
161
162AUTHZAPI
163BOOL
164WINAPI
165AuthzFreeAuditEvent(IN AUTHZ_AUDIT_EVENT_HANDLE pAuditEventInfo);
166
167AUTHZAPI
168BOOL
169WINAPI
170AuthzFreeContext(IN AUTHZ_CLIENT_CONTEXT_HANDLE AuthzClientContext);
171
172AUTHZAPI
173BOOL
174WINAPI
175AuthzFreeHandle(IN AUTHZ_ACCESS_CHECK_RESULTS_HANDLE AuthzHandle);
176
177AUTHZAPI
178BOOL
179WINAPI
180AuthzFreeResourceManager(IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager);
181
182AUTHZAPI
183BOOL
184WINAPI
185AuthzGetInformationFromContext(IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
186 IN AUTHZ_CONTEXT_INFORMATION_CLASS InfoClass,
187 IN DWORD BufferSize,
188 OUT PDWORD pSizeRequired,
189 OUT PVOID Buffer);
190
191AUTHZAPI
192BOOL
193WINAPI
194AuthzInitializeContextFromAuthzContext(IN DWORD flags,
195 IN AUTHZ_CLIENT_CONTEXT_HANDLE AuthzHandle,
196 IN PLARGE_INTEGER ExpirationTime,
197 IN LUID Identifier,
198 IN PVOID DynamicGroupArgs,
199 OUT PAUTHZ_CLIENT_CONTEXT_HANDLE phNewAuthzHandle);
200
201AUTHZAPI
202BOOL
203WINAPI
204AuthzInitializeContextFromSid(IN DWORD Flags,
205 IN PSID UserSid,
206 IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager,
207 IN PLARGE_INTEGER pExpirationTime,
208 IN LUID Identifier,
209 IN PVOID DynamicGroupArgs,
210 OUT PAUTHZ_CLIENT_CONTEXT_HANDLE pAuthzClientContext);
211
212AUTHZAPI
213BOOL
214WINAPI
215AuthzInitializeContextFromToken(IN DWORD Flags,
216 IN HANDLE TokenHandle,
217 IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager,
218 IN PLARGE_INTEGER pExpirationTime,
219 IN LUID Identifier,
220 IN PVOID DynamicGroupArgs,
221 OUT PAUTHZ_CLIENT_CONTEXT_HANDLE pAuthzClientContext);
222
223AUTHZAPI
224BOOL
225WINAPIV
226AuthzInitializeObjectAccessAuditEvent(IN DWORD Flags,
227 IN AUTHZ_AUDIT_EVENT_TYPE_HANDLE hAuditEventType,
228 IN PWSTR szOperationType,
229 IN PWSTR szObjectType,
230 IN PWSTR szObjectName,
231 IN PWSTR szAdditionalInfo,
232 OUT PAUTHZ_AUDIT_EVENT_HANDLE phAuditEvent,
233 IN DWORD dwAdditionalParameterCount,
234 ...);
235
236AUTHZAPI
237BOOL
238WINAPIV
239AuthzInitializeObjectAccessAuditEvent2(IN DWORD Flags,
240 IN AUTHZ_AUDIT_EVENT_TYPE_HANDLE hAuditEventType,
241 IN PWSTR szOperationType,
242 IN PWSTR szObjectType,
243 IN PWSTR szObjectName,
244 IN PWSTR szAdditionalInfo,
245 IN PWSTR szAdditionalInfo2,
246 OUT PAUTHZ_AUDIT_EVENT_HANDLE phAuditEvent,
247 IN DWORD dwAdditionalParameterCount,
248 ...);
249
250AUTHZAPI
251BOOL
252WINAPI
253AuthzInitializeResourceManager(IN DWORD flags,
254 IN PFN_AUTHZ_DYNAMIC_ACCESS_CHECK pfnAccessCheck,
255 IN PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS pfnComputeDynamicGroups,
256 IN PFN_AUTHZ_FREE_DYNAMIC_GROUPS pfnFreeDynamicGroups,
257 IN PCWSTR ResourceManagerName,
258 IN PAUTHZ_RESOURCE_MANAGER_HANDLE pAuthzResourceManager);
259
260AUTHZAPI
261BOOL
262WINAPI
263AuthzInstallSecurityEventSource(IN DWORD dwFlags,
264 IN PAUTHZ_SOURCE_SCHEMA_REGISTRATION pRegistration);
265
266AUTHZAPI
267BOOL
268WINAPI
269AuthzOpenObjectAudit(IN DWORD Flags,
270 IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
271 IN PAUTHZ_ACCESS_REQUEST pRequest,
272 IN AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent,
273 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
274 IN PSECURITY_DESCRIPTOR* SecurityDescriptorArray,
275 IN DWORD SecurityDescriptorCount,
276 OUT PAUTHZ_ACCESS_REPLY pReply);
277
278AUTHZAPI
279BOOL
280WINAPI
281AuthzRegisterSecurityEventSource(IN DWORD dwFlags,
282 IN PCWSTR szEventSourceName,
283 IN PAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE phEventProvider);
284
285AUTHZAPI
286BOOL
287WINAPIV
288AuthzReportSecurityEvent(IN DWORD dwFlags,
289 IN AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE hEventProvider,
290 IN DWORD dwAuditId,
291 IN PSID pUserSid OPTIONAL,
292 IN DWORD dwCount,
293 ...);
294
295AUTHZAPI
296BOOL
297WINAPI
298AuthzReportSecurityEventFromParams(IN DWORD dwFlags,
299 IN AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE hEventProvider,
300 IN DWORD dwAuditId,
301 IN PSID pUserSid OPTIONAL,
302 IN PAUDIT_PARAMS pParams);
303
304AUTHZAPI
305BOOL
306WINAPI
307AuthzUninstallSecurityEventSource(IN DWORD dwFlags,
308 IN PWSTR szEventSourceName);
309
310AUTHZAPI
311BOOL
312WINAPI
313AuthzUnregisterSecurityEventSource(IN DWORD dwFlags,
314 IN OUT PAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE phEventProvider);
315
316#ifdef __cplusplus
317}
318#endif
319#endif /* __AUTHZ_H */