Home | History | Annotate | Download | only in include 
      1 /**
      2  * This file has no copyright assigned and is placed in the Public Domain.
      3  * This file is part of the mingw-w64 runtime package.
      4  * No warranty is given; refer to the file DISCLAIMER.PD within this package.
      5  */
      6 #ifndef __AUTHZ_H__
      7 #define __AUTHZ_H__
      8 
      9 #ifdef __cplusplus
     10 extern "C" {
     11 #endif
     12 
     13 #ifndef _AUTHZ_
     14 #define AUTHZAPI DECLSPEC_IMPORT
     15 #else
     16 #define AUTHZAPI
     17 #endif
     18 
     19 #include <windows.h>
     20 #include <adtgen.h>
     21 
     22 #define AUTHZ_SKIP_TOKEN_GROUPS 0x2
     23 #define AUTHZ_REQUIRE_S4U_LOGON 0x4
     24 
     25   DECLARE_HANDLE(AUTHZ_ACCESS_CHECK_RESULTS_HANDLE);
     26   DECLARE_HANDLE(AUTHZ_CLIENT_CONTEXT_HANDLE);
     27   DECLARE_HANDLE(AUTHZ_RESOURCE_MANAGER_HANDLE);
     28   DECLARE_HANDLE(AUTHZ_AUDIT_EVENT_HANDLE);
     29   DECLARE_HANDLE(AUTHZ_AUDIT_EVENT_TYPE_HANDLE);
     30   DECLARE_HANDLE(AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE);
     31 
     32   typedef AUTHZ_ACCESS_CHECK_RESULTS_HANDLE *PAUTHZ_ACCESS_CHECK_RESULTS_HANDLE;
     33   typedef AUTHZ_CLIENT_CONTEXT_HANDLE *PAUTHZ_CLIENT_CONTEXT_HANDLE;
     34   typedef AUTHZ_RESOURCE_MANAGER_HANDLE *PAUTHZ_RESOURCE_MANAGER_HANDLE;
     35   typedef AUTHZ_AUDIT_EVENT_HANDLE *PAUTHZ_AUDIT_EVENT_HANDLE;
     36   typedef AUTHZ_AUDIT_EVENT_TYPE_HANDLE *PAUTHZ_AUDIT_EVENT_TYPE_HANDLE;
     37   typedef AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE *PAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE;
     38 
     39   typedef struct _AUTHZ_ACCESS_REQUEST {
     40     ACCESS_MASK DesiredAccess;
     41     PSID PrincipalSelfSid;
     42     POBJECT_TYPE_LIST ObjectTypeList;
     43     DWORD ObjectTypeListLength;
     44     PVOID OptionalArguments;
     45   } AUTHZ_ACCESS_REQUEST,*PAUTHZ_ACCESS_REQUEST;
     46 
     47 #define AUTHZ_GENERATE_SUCCESS_AUDIT 0x1
     48 #define AUTHZ_GENERATE_FAILURE_AUDIT 0x2
     49 
     50   typedef struct _AUTHZ_ACCESS_REPLY {
     51     DWORD ResultListLength;
     52     PACCESS_MASK GrantedAccessMask;
     53     PDWORD SaclEvaluationResults;
     54     PDWORD Error;
     55   } AUTHZ_ACCESS_REPLY,*PAUTHZ_ACCESS_REPLY;
     56 
     57   typedef WINBOOL (CALLBACK *PFN_AUTHZ_DYNAMIC_ACCESS_CHECK)(AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,PACE_HEADER pAce,PVOID pArgs,PBOOL pbAceApplicable);
     58   typedef WINBOOL (CALLBACK *PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS)(AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,PVOID Args,PSID_AND_ATTRIBUTES *pSidAttrArray,PDWORD pSidCount,PSID_AND_ATTRIBUTES *pRestrictedSidAttrArray,PDWORD pRestrictedSidCount);
     59   typedef VOID (CALLBACK *PFN_AUTHZ_FREE_DYNAMIC_GROUPS)(PSID_AND_ATTRIBUTES pSidAttrArray);
     60 
     61   typedef enum _AUTHZ_CONTEXT_INFORMATION_CLASS {
     62     AuthzContextInfoUserSid = 1,AuthzContextInfoGroupsSids,AuthzContextInfoRestrictedSids,AuthzContextInfoPrivileges,AuthzContextInfoExpirationTime,
     63     AuthzContextInfoServerContext,AuthzContextInfoIdentifier,AuthzContextInfoSource,AuthzContextInfoAll,AuthzContextInfoAuthenticationId
     64   } AUTHZ_CONTEXT_INFORMATION_CLASS;
     65 
     66   typedef enum _AUTHZ_AUDIT_EVENT_INFORMATION_CLASS {
     67     AuthzAuditEventInfoFlags = 1,AuthzAuditEventInfoOperationType,AuthzAuditEventInfoObjectType,AuthzAuditEventInfoObjectName,
     68     AuthzAuditEventInfoAdditionalInfo,
     69   } AUTHZ_AUDIT_EVENT_INFORMATION_CLASS;
     70 
     71 #define AUTHZ_ACCESS_CHECK_NO_DEEP_COPY_SD 0x00000001
     72 
     73 #define AUTHZ_RM_FLAG_NO_AUDIT 0x1
     74 #define AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION 0x2
     75 #define AUTHZ_VALID_RM_INIT_FLAGS (AUTHZ_RM_FLAG_NO_AUDIT | AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION)
     76 
     77 #define AUTHZ_NO_SUCCESS_AUDIT 0x00000001
     78 #define AUTHZ_NO_FAILURE_AUDIT 0x00000002
     79 #define AUTHZ_NO_ALLOC_STRINGS 0x00000004
     80 #define AUTHZ_VALID_OBJECT_ACCESS_AUDIT_FLAGS (AUTHZ_NO_SUCCESS_AUDIT | AUTHZ_NO_FAILURE_AUDIT | AUTHZ_NO_ALLOC_STRINGS)
     81 
     82   AUTHZAPI WINBOOL WINAPI AuthzAccessCheck(DWORD Flags,AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,PAUTHZ_ACCESS_REQUEST pRequest,AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent,PSECURITY_DESCRIPTOR pSecurityDescriptor,PSECURITY_DESCRIPTOR *OptionalSecurityDescriptorArray,DWORD OptionalSecurityDescriptorCount,PAUTHZ_ACCESS_REPLY pReply,PAUTHZ_ACCESS_CHECK_RESULTS_HANDLE phAccessCheckResults);
     83   AUTHZAPI WINBOOL WINAPI AuthzCachedAccessCheck(DWORD Flags,AUTHZ_ACCESS_CHECK_RESULTS_HANDLE hAccessCheckResults,PAUTHZ_ACCESS_REQUEST pRequest,AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent,PAUTHZ_ACCESS_REPLY pReply);
     84   AUTHZAPI WINBOOL WINAPI AuthzOpenObjectAudit(DWORD Flags,AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,PAUTHZ_ACCESS_REQUEST pRequest,AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent,PSECURITY_DESCRIPTOR pSecurityDescriptor,PSECURITY_DESCRIPTOR *OptionalSecurityDescriptorArray,DWORD OptionalSecurityDescriptorCount,PAUTHZ_ACCESS_REPLY pReply);
     85   AUTHZAPI WINBOOL WINAPI AuthzFreeHandle(AUTHZ_ACCESS_CHECK_RESULTS_HANDLE hAccessCheckResults);
     86   AUTHZAPI WINBOOL WINAPI AuthzInitializeResourceManager(DWORD Flags,PFN_AUTHZ_DYNAMIC_ACCESS_CHECK pfnDynamicAccessCheck,PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS pfnComputeDynamicGroups,PFN_AUTHZ_FREE_DYNAMIC_GROUPS pfnFreeDynamicGroups,PCWSTR szResourceManagerName,PAUTHZ_RESOURCE_MANAGER_HANDLE phAuthzResourceManager);
     87   AUTHZAPI WINBOOL WINAPI AuthzFreeResourceManager(AUTHZ_RESOURCE_MANAGER_HANDLE hAuthzResourceManager);
     88   AUTHZAPI WINBOOL WINAPI AuthzInitializeContextFromToken(DWORD Flags,HANDLE TokenHandle,AUTHZ_RESOURCE_MANAGER_HANDLE hAuthzResourceManager,PLARGE_INTEGER pExpirationTime,LUID Identifier,PVOID DynamicGroupArgs,PAUTHZ_CLIENT_CONTEXT_HANDLE phAuthzClientContext);
     89   AUTHZAPI WINBOOL WINAPI AuthzInitializeContextFromSid(DWORD Flags,PSID UserSid,AUTHZ_RESOURCE_MANAGER_HANDLE hAuthzResourceManager,PLARGE_INTEGER pExpirationTime,LUID Identifier,PVOID DynamicGroupArgs,PAUTHZ_CLIENT_CONTEXT_HANDLE phAuthzClientContext);
     90   AUTHZAPI WINBOOL WINAPI AuthzInitializeContextFromAuthzContext(DWORD Flags,AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,PLARGE_INTEGER pExpirationTime,LUID Identifier,PVOID DynamicGroupArgs,PAUTHZ_CLIENT_CONTEXT_HANDLE phNewAuthzClientContext);
     91   AUTHZAPI WINBOOL WINAPI AuthzAddSidsToContext(AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,PSID_AND_ATTRIBUTES Sids,DWORD SidCount,PSID_AND_ATTRIBUTES RestrictedSids,DWORD RestrictedSidCount,PAUTHZ_CLIENT_CONTEXT_HANDLE phNewAuthzClientContext);
     92   AUTHZAPI WINBOOL WINAPI AuthzGetInformationFromContext(AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,AUTHZ_CONTEXT_INFORMATION_CLASS InfoClass,DWORD BufferSize,PDWORD pSizeRequired,PVOID Buffer);
     93   AUTHZAPI WINBOOL WINAPI AuthzFreeContext(AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext);
     94   AUTHZAPI WINBOOL WINAPIV AuthzInitializeObjectAccessAuditEvent(DWORD Flags,AUTHZ_AUDIT_EVENT_TYPE_HANDLE hAuditEventType,PWSTR szOperationType,PWSTR szObjectType,PWSTR szObjectName,PWSTR szAdditionalInfo,PAUTHZ_AUDIT_EVENT_HANDLE phAuditEvent,DWORD dwAdditionalParameterCount,...);
     95   AUTHZAPI WINBOOL WINAPIV AuthzInitializeObjectAccessAuditEvent2(DWORD Flags,AUTHZ_AUDIT_EVENT_TYPE_HANDLE hAuditEventType,PWSTR szOperationType,PWSTR szObjectType,PWSTR szObjectName,PWSTR szAdditionalInfo,PWSTR szAdditionalInfo2,PAUTHZ_AUDIT_EVENT_HANDLE phAuditEvent,DWORD dwAdditionalParameterCount,...);
     96   AUTHZAPI WINBOOL WINAPI AuthzGetInformationFromAuditEvent(AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent,AUTHZ_AUDIT_EVENT_INFORMATION_CLASS InfoClass,DWORD BufferSize,PDWORD pSizeRequired,PVOID Buffer);
     97   AUTHZAPI WINBOOL WINAPI AuthzFreeAuditEvent(AUTHZ_AUDIT_EVENT_HANDLE hAuditEvent);
     98 
     99   typedef struct _AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET {
    100     PWSTR szObjectTypeName;
    101     DWORD dwOffset;
    102   } AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET,*PAUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET;
    103 
    104   typedef struct _AUTHZ_SOURCE_SCHEMA_REGISTRATION {
    105     DWORD dwFlags;
    106     PWSTR szEventSourceName;
    107     PWSTR szEventMessageFile;
    108     PWSTR szEventSourceXmlSchemaFile;
    109     PWSTR szEventAccessStringsFile;
    110     PWSTR szExecutableImagePath;
    111     PVOID pReserved;
    112     DWORD dwObjectTypeNameCount;
    113     AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET ObjectTypeNames[ANYSIZE_ARRAY];
    114   } AUTHZ_SOURCE_SCHEMA_REGISTRATION,*PAUTHZ_SOURCE_SCHEMA_REGISTRATION;
    115 
    116 #define AUTHZ_FLAG_ALLOW_MULTIPLE_SOURCE_INSTANCES 0x1
    117 
    118   AUTHZAPI WINBOOL WINAPI AuthzInstallSecurityEventSource(DWORD dwFlags,PAUTHZ_SOURCE_SCHEMA_REGISTRATION pRegistration);
    119   AUTHZAPI WINBOOL WINAPI AuthzUninstallSecurityEventSource(DWORD dwFlags,PCWSTR szEventSourceName);
    120   AUTHZAPI WINBOOL WINAPI AuthzEnumerateSecurityEventSources(DWORD dwFlags,PAUTHZ_SOURCE_SCHEMA_REGISTRATION Buffer,PDWORD pdwCount,PDWORD pdwLength);
    121   AUTHZAPI WINBOOL WINAPI AuthzRegisterSecurityEventSource(DWORD dwFlags,PCWSTR szEventSourceName,PAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE phEventProvider);
    122   AUTHZAPI WINBOOL WINAPI AuthzUnregisterSecurityEventSource(DWORD dwFlags,PAUTHZ_SECURITY_EVENT_PROVIDER_HANDLE phEventProvider);
    123   AUTHZAPI WINBOOL WINAPIV AuthzReportSecurityEvent(DWORD dwFlags,AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE hEventProvider,DWORD dwAuditId,PSID pUserSid,DWORD dwCount,...);
    124   AUTHZAPI WINBOOL WINAPI AuthzReportSecurityEventFromParams(DWORD dwFlags,AUTHZ_SECURITY_EVENT_PROVIDER_HANDLE hEventProvider,DWORD dwAuditId,PSID pUserSid,PAUDIT_PARAMS pParams);
    125 
    126 #if (_WIN32_WINNT >= 0x0601)
    127 typedef enum _AUTHZ_SECURITY_ATTRIBUTE_OPERATION {
    128   AUTHZ_SECURITY_ATTRIBUTE_OPERATION_NONE          = 0,
    129   AUTHZ_SECURITY_ATTRIBUTE_OPERATION_REPLACE_ALL,
    130   AUTHZ_SECURITY_ATTRIBUTE_OPERATION_ADD,
    131   AUTHZ_SECURITY_ATTRIBUTE_OPERATION_DELETE,
    132   AUTHZ_SECURITY_ATTRIBUTE_OPERATION_REPLACE
    133 } AUTHZ_SECURITY_ATTRIBUTE_OPERATION, *PAUTHZ_SECURITY_ATTRIBUTE_OPERATION;
    134 
    135 typedef struct _AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE {
    136   ULONG64 Version;
    137   PWSTR   pName;
    138 } AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE, *PAUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE;
    139 
    140 typedef struct _AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE {
    141   PVOID pValue;
    142   ULONG ValueLength;
    143 } AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE, *PAUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE;
    144 
    145 #define AUTHZ_SECURITY_ATTRIBUTE_NON_INHERITABLE 0x0001
    146 #define AUTHZ_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE 0x0002
    147 
    148 typedef struct _AUTHZ_SECURITY_ATTRIBUTE_V1 {
    149   PWSTR  pName;
    150   USHORT ValueType;
    151   ULONG  Flags;
    152   ULONG  ValueCount;
    153   union {
    154     PLONG64                                      pInt64;
    155     PULONG64                                     pUint64;
    156     PWSTR                                        ppString;
    157     PAUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE         pFqbn;
    158     PAUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE pOctetString;
    159   } Values;
    160 } AUTHZ_SECURITY_ATTRIBUTE_V1, *PAUTHZ_SECURITY_ATTRIBUTE_V1;
    161 
    162 typedef struct _AUTHZ_SECURITY_ATTRIBUTES_INFORMATION {
    163   USHORT Version;
    164   USHORT Reserved;
    165   ULONG  AttributeCount;
    166   union {
    167     PAUTHZ_SECURITY_ATTRIBUTE_V1 pAttributeV1;
    168   } Attribute;
    169 } AUTHZ_SECURITY_ATTRIBUTES_INFORMATION, *PAUTHZ_SECURITY_ATTRIBUTES_INFORMATION;
    170 
    171 AUTHZAPI WINBOOL WINAPI AuthzModifySecurityAttributes(
    172   AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
    173   PAUTHZ_SECURITY_ATTRIBUTE_OPERATION pOperations,
    174   PAUTHZ_SECURITY_ATTRIBUTES_INFORMATION pAttributes
    175 );
    176 #endif /*(_WIN32_WINNT >= 0x0601)*/
    177 
    178 #ifdef __cplusplus
    179 }
    180 #endif
    181 
    182 #endif
    183