include/authz.h

   1 /*
   2  * Copyright (C) 2016 Alistair Leslie-Hughes
   3  *
   4  * This library is free software; you can redistribute it and/or
   5  * modify it under the terms of the GNU Lesser General Public
   6  * License as published by the Free Software Foundation; either
   7  * version 2.1 of the License, or (at your option) any later version.
   8  *
   9  * This library is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  12  * Lesser General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU Lesser General Public
  15  * License along with this library; if not, write to the Free Software
  16  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
  17  */
  18
  19 #ifndef __AUTHZ_H__
  20 #define __AUTHZ_H__
  21
  22 #ifdef __cplusplus
  23 extern "C" {
  24 #endif
  25
  26 DECLARE_HANDLE(AUTHZ_ACCESS_CHECK_RESULTS_HANDLE);
  27 DECLARE_HANDLE(AUTHZ_CLIENT_CONTEXT_HANDLE);
  28 DECLARE_HANDLE(AUTHZ_RESOURCE_MANAGER_HANDLE);
  29 DECLARE_HANDLE(AUTHZ_AUDIT_EVENT_HANDLE);
  30
  31 typedef AUTHZ_ACCESS_CHECK_RESULTS_HANDLE *PAUTHZ_ACCESS_CHECK_RESULTS_HANDLE;
  32 typedef AUTHZ_CLIENT_CONTEXT_HANDLE *PAUTHZ_CLIENT_CONTEXT_HANDLE;
  33
  34 typedef BOOL (CALLBACK *PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS) (
  35         AUTHZ_CLIENT_CONTEXT_HANDLE handle, void *args,
  36         PSID_AND_ATTRIBUTES *sid_attr_array, DWORD *sid_cnt,
  37         PSID_AND_ATTRIBUTES *restricted_sid_attr_array,
  38         DWORD *restricted_sid_cnt);
  39
  40 typedef BOOL (CALLBACK *PFN_AUTHZ_DYNAMIC_ACCESS_CHECK) (
  41         AUTHZ_CLIENT_CONTEXT_HANDLE handle, PACE_HEADER ace,
  42         void *args, BOOL *ace_applicable);
  43
  44 typedef VOID (CALLBACK *PFN_AUTHZ_FREE_DYNAMIC_GROUPS) (
  45         PSID_AND_ATTRIBUTES sid_attr_array);
  46
  47 typedef struct _AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET
  48 {
  49     WCHAR *szObjectTypeName;
  50     DWORD dwOffset;
  51 } AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET, *PAUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET;
  52
  53 typedef struct _AUTHZ_ACCESS_REQUEST
  54 {
  55     ACCESS_MASK       DesiredAccess;
  56     PSID              PrincipalSelfSid;
  57     POBJECT_TYPE_LIST ObjectTypeList;
  58     DWORD             ObjectTypeListLength;
  59     void              *OptionalArguments;
  60 } AUTHZ_ACCESS_REQUEST, *PAUTHZ_ACCESS_REQUEST;
  61
  62
  63 #define AUTHZ_GENERATE_SUCCESS_AUDIT 0x1
  64 #define AUTHZ_GENERATE_FAILURE_AUDIT 0x2
  65
  66 typedef struct _AUTHZ_ACCESS_REPLY
  67 {
  68     DWORD       ResultListLength;
  69     ACCESS_MASK *GrantedAccessMask;
  70     DWORD       *SaclEvaluationResults;
  71     DWORD       *Error;
  72 } AUTHZ_ACCESS_REPLY, *PAUTHZ_ACCESS_REPLY;
  73
  74 typedef struct _AUTHZ_SOURCE_SCHEMA_REGISTRATION
  75 {
  76     DWORD dwFlags;
  77     WCHAR *szEventSourceName;
  78     WCHAR *szEventMessageFile;
  79     WCHAR *szEventSourceXmlSchemaFile;
  80     WCHAR *szEventAccessStringsFile;
  81     WCHAR *szExecutableImagePath;
  82
  83     union
  84     {
  85         void *pReserved;
  86         GUID *pProviderGuid;
  87     } DUMMYUNIONNAME;
  88
  89     DWORD dwObjectTypeNameCount;
  90     AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET ObjectTypeNames[ANYSIZE_ARRAY];
  91 } AUTHZ_SOURCE_SCHEMA_REGISTRATION, *PAUTHZ_SOURCE_SCHEMA_REGISTRATION;
  92
  93 BOOL WINAPI AuthzInitializeResourceManager(DWORD flags, PFN_AUTHZ_DYNAMIC_ACCESS_CHECK access_checker,
  94         PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS compute_dyn_groups, PFN_AUTHZ_FREE_DYNAMIC_GROUPS free_dyn_groups,
  95         const WCHAR *managername, AUTHZ_RESOURCE_MANAGER_HANDLE *handle );
  96
  97 BOOL WINAPI AuthzInstallSecurityEventSource(DWORD flags, AUTHZ_SOURCE_SCHEMA_REGISTRATION *registration);
  98
  99 BOOL WINAPI AuthzAccessCheck(DWORD flags, AUTHZ_CLIENT_CONTEXT_HANDLE client_context,
 100         AUTHZ_ACCESS_REQUEST *request, AUTHZ_AUDIT_EVENT_HANDLE audit_event,
 101         PSECURITY_DESCRIPTOR security, PSECURITY_DESCRIPTOR *optional_security,
 102         DWORD optional_security_count, AUTHZ_ACCESS_REPLY *reply,
 103         AUTHZ_ACCESS_CHECK_RESULTS_HANDLE *access_check_result);
 104
 105 BOOL WINAPI AuthzFreeContext(AUTHZ_CLIENT_CONTEXT_HANDLE client_context);
 106
 107 BOOL WINAPI AuthzInitializeContextFromSid(DWORD flags, PSID sid,
 108         AUTHZ_RESOURCE_MANAGER_HANDLE resource_manager, LARGE_INTEGER *expire_time,
 109         LUID id, void *dynamic_group, AUTHZ_CLIENT_CONTEXT_HANDLE *client_context);
 110
 111 BOOL WINAPI AuthzInitializeContextFromToken(DWORD flags, HANDLE token_handle,
 112         AUTHZ_RESOURCE_MANAGER_HANDLE resource_manager, LARGE_INTEGER *expire_time,
 113         LUID id, void *dynamic_group, AUTHZ_CLIENT_CONTEXT_HANDLE *client_context);
 114
 115 #ifdef __cplusplus
 116 }
 117 #endif
 118
 119 #endif