1 files changed, 133 insertions, 0 deletions
diff --git a/userland.h b/userland.h
new file mode 100644
index 0000000..03764fb
--- /dev/null
+++ b/userland.h
@@ -0,0 +1,133 @@
+/*
+ * Copyright (c) 2004 Security Architects Corporation. All rights reserved.
+ *
+ * Module Name:
+ *
+ *              userland.h
+ *
+ * Abstract:
+ *
+ *              This module defines various types used by userland interacting routines.
+ *
+ * Author:
+ *
+ *              Eugene Tsyrklevich 18-Apr-2004
+ *
+ * Revision History:
+ *
+ *              None.
+ */
+#ifndef __USERLAND_H__
+#define __USERLAND_H__
+#include <NTDDK.h>
+#include "policy.h"
+#include "misc.h"
+/* number of seconds to wait for userland agent to reply */
+#define USERLAND_REQUEST_TIMEOUT                5
+#define USERLAND_SID_RESOLVE_REQUEST    1
+#define USERLAND_ASK_USER_REQUEST               2
+/*
+ * all userland requests start with the following header
+ */
+typedef struct _USERLAND_REQUEST_HEADER
+{
+        struct _USERLAND_REQUEST_HEADER *Next;
+        USHORT                                          RequestType;
+        USHORT                                          RequestSize;
+        ULONG                                           ProcessId;
+        UCHAR                                           SeqId;                          /* Sequence id, will roll over but that's fine */
+} USERLAND_REQUEST_HEADER, *PUSERLAND_REQUEST_HEADER;
+/* binary SID -> ASCII name resolve request */
+typedef struct _SID_RESOLVE_REQUEST
+{
+        USERLAND_REQUEST_HEADER         RequestHeader;
+        PSID_AND_ATTRIBUTES                     PUserSidAndAttributes;
+} SID_RESOLVE_REQUEST, *PSID_RESOLVE_REQUEST;
+/* Ask user request */
+typedef struct _ASK_USER_REQUEST
+{
+        USERLAND_REQUEST_HEADER         RequestHeader;
+        RULE_TYPE                                       RuleType;
+        UCHAR                                           OperationType;
+        USHORT                                          ObjectNameLength;
+        USHORT                                          ProcessNameLength;
+        WCHAR                                           ObjectName[ANYSIZE_ARRAY];
+        /* ProcessName follows the zero-terminated ObjectName */
+//      WCHAR                                           ProcessName[ANYSIZE_ARRAY];
+} ASK_USER_REQUEST, *PASK_USER_REQUEST;
+/*
+ * all userland replies start with the following header
+ */
+typedef struct _USERLAND_REPLY_HEADER
+{
+        ULONG                                           ProcessId;
+        USHORT                                          ReplySize;
+        UCHAR                                           SeqId;                          /* Sequence id, will roll over but that's fine */
+} USERLAND_REPLY_HEADER, *PUSERLAND_REPLY_HEADER;
+/* binary SID -> ASCII name resolve reply */
+typedef struct _SID_RESOLVE_REPLY
+{
+        USERLAND_REPLY_HEADER           ReplyHeader;
+        USHORT                                          UserNameLength;
+        WCHAR                                           UserName[ANYSIZE_ARRAY];
+} SID_RESOLVE_REPLY, *PSID_RESOLVE_REPLY;
+/* Ask user reply */
+typedef struct _ASK_USER_REPLY
+{
+        USERLAND_REPLY_HEADER           ReplyHeader;
+        ACTION_TYPE                                     Action;
+} ASK_USER_REPLY, *PASK_USER_REPLY;
+extern BOOLEAN                                          ActiveUserAgent;
+extern PUSERLAND_REQUEST_HEADER         UserlandRequestList;
+extern KSPIN_LOCK                                       gUserlandRequestListSpinLock;
+extern PKEVENT                                          UserlandRequestUserEvent;
+BOOLEAN InitUserland();
+BOOLEAN UserlandPostBootup();
+VOID    ShutdownUserland();
+typedef struct _IMAGE_PID_ENTRY *PIMAGE_PID_ENTRY;
+BOOLEAN IssueUserlandSidResolveRequest(PIMAGE_PID_ENTRY Process);
+ACTION_TYPE     IssueUserlandAskUserRequest(RULE_TYPE RuleType, UCHAR OperationType, PCHAR ObjectName);
+#endif  /* __USERLAND_H__ */
+\ No newline at end of file

diff --git a/userland.h b/userland.h new file mode 100644 index 0000000..03764fb --- /dev/null +++ b/userland.h
@@ -0,0 +1,133 @@
	1	/*
	2	* Copyright (c) 2004 Security Architects Corporation. All rights reserved.
	3	*
	4	* Module Name:
	5	*
	6	* userland.h
	7	*
	8	* Abstract:
	9	*
	10	* This module defines various types used by userland interacting routines.
	11	*
	12	* Author:
	13	*
	14	* Eugene Tsyrklevich 18-Apr-2004
	15	*
	16	* Revision History:
	17	*
	18	* None.
	19	*/
	20
	21	#ifndef __USERLAND_H__
	22	#define __USERLAND_H__
	23
	24
	25	#include <NTDDK.h>
	26	#include "policy.h"
	27	#include "misc.h"
	28
	29
	30	/* number of seconds to wait for userland agent to reply */
	31	#define USERLAND_REQUEST_TIMEOUT 5
	32
	33
	34	#define USERLAND_SID_RESOLVE_REQUEST 1
	35	#define USERLAND_ASK_USER_REQUEST 2
	36
	37
	38	/*
	39	* all userland requests start with the following header
	40	*/
	41
	42	typedef struct _USERLAND_REQUEST_HEADER
	43	{
	44	struct _USERLAND_REQUEST_HEADER *Next;
	45
	46	USHORT RequestType;
	47	USHORT RequestSize;
	48	ULONG ProcessId;
	49	UCHAR SeqId; /* Sequence id, will roll over but that's fine */
	50
	51	} USERLAND_REQUEST_HEADER, *PUSERLAND_REQUEST_HEADER;
	52
	53
	54	/* binary SID -> ASCII name resolve request */
	55
	56	typedef struct _SID_RESOLVE_REQUEST
	57	{
	58	USERLAND_REQUEST_HEADER RequestHeader;
	59	PSID_AND_ATTRIBUTES PUserSidAndAttributes;
	60
	61	} SID_RESOLVE_REQUEST, *PSID_RESOLVE_REQUEST;
	62
	63
	64	/* Ask user request */
	65
	66	typedef struct _ASK_USER_REQUEST
	67	{
	68	USERLAND_REQUEST_HEADER RequestHeader;
	69	RULE_TYPE RuleType;
	70	UCHAR OperationType;
	71	USHORT ObjectNameLength;
	72	USHORT ProcessNameLength;
	73
	74	WCHAR ObjectName[ANYSIZE_ARRAY];
	75
	76	/* ProcessName follows the zero-terminated ObjectName */
	77	// WCHAR ProcessName[ANYSIZE_ARRAY];
	78
	79	} ASK_USER_REQUEST, *PASK_USER_REQUEST;
	80
	81
	82
	83	/*
	84	* all userland replies start with the following header
	85	*/
	86
	87	typedef struct _USERLAND_REPLY_HEADER
	88	{
	89	ULONG ProcessId;
	90	USHORT ReplySize;
	91	UCHAR SeqId; /* Sequence id, will roll over but that's fine */
	92
	93	} USERLAND_REPLY_HEADER, *PUSERLAND_REPLY_HEADER;
	94
	95
	96	/* binary SID -> ASCII name resolve reply */
	97
	98	typedef struct _SID_RESOLVE_REPLY
	99	{
	100	USERLAND_REPLY_HEADER ReplyHeader;
	101	USHORT UserNameLength;
	102	WCHAR UserName[ANYSIZE_ARRAY];
	103
	104	} SID_RESOLVE_REPLY, *PSID_RESOLVE_REPLY;
	105
	106
	107	/* Ask user reply */
	108
	109	typedef struct _ASK_USER_REPLY
	110	{
	111	USERLAND_REPLY_HEADER ReplyHeader;
	112	ACTION_TYPE Action;
	113
	114	} ASK_USER_REPLY, *PASK_USER_REPLY;
	115
	116
	117	extern BOOLEAN ActiveUserAgent;
	118	extern PUSERLAND_REQUEST_HEADER UserlandRequestList;
	119	extern KSPIN_LOCK gUserlandRequestListSpinLock;
	120	extern PKEVENT UserlandRequestUserEvent;
	121
	122
	123	BOOLEAN InitUserland();
	124	BOOLEAN UserlandPostBootup();
	125	VOID ShutdownUserland();
	126
	127	typedef struct _IMAGE_PID_ENTRY *PIMAGE_PID_ENTRY;
	128
	129	BOOLEAN IssueUserlandSidResolveRequest(PIMAGE_PID_ENTRY Process);
	130	ACTION_TYPE IssueUserlandAskUserRequest(RULE_TYPE RuleType, UCHAR OperationType, PCHAR ObjectName);
	131
	132
	133	#endif /* __USERLAND_H__ */ \ No newline at end of file