MCROSOFTS PROFESS1ONA REFERENCE
`
`TM
`
`M1 ROSOIT
`WINDOWS
`
`Programmer
`Reference
`
`System Services
`
`Multimedia
`
`Extensions and
`
`Application Notes
`
`Petitioner Microsoft Corporation, Ex. 1023, Cover
`
`

`

`
`
`VOLUME 2
`
`Micmsoft®
`
`ZEUIAA
`
`ZCU
`
`(79g?
`Qua
`g8
`OB
`(DB
`9%
`m”
`
`J3WWJOJd
`oouaijo
`
`
`
`Petitioner Microsoft Corporation, EX. 1023, Spine
`
`Petitioner Microsoft Corporation, Ex. 1023, Spine
`
`

`

`PUBLISHED BY
`
`Microsoft Press
`
`Division of Microsoft Corporation
`One Microsoft Way
`Redmond Washington
`
`98052-6399
`
`Copyright
`
`1993 by Microsoft Corporation All rights reserved
`
`to change without notice Companies names and data used in examples herein
`Information in this document
`is subject
`are fictitious unless otherwise noted No part of this document may be reproduced or transmitted in any form or by any
`means electronic or mechanical
`for any purpose without the express written permission of Microsoft Corporation
`
`Includes
`
`Contents
`
`Microsoft Corporation
`
`device interface
`
`--
`
`Library of Congress Cataloging-in-Publication Data
`Microsoft Win32 programmers reference
`cm
`indexes
`Window management
`and graphics
`System services multimedia extensions and application
`Functions AG --
`Functions HZ --
`notes --
`Messages structures and macros ISBN 1-55615-515-8
`ISBN 1-55615-516-6
`-- ISBN 1-55615-517-4
`
`--
`
`ISBN 1-55615-518-2
`Windows NT
`Win 32
`Microsoft Corporation
`
`-- ISBN 1-55615-519-0
`
`Computer software--Development
`
`QA76.76.O63M524
`005.4469--dc2O
`
`1993
`
`Printed and bound in the United States of America
`
`AG-M
`
`--
`
`Microsoft
`
`93-15990
`
`CIP
`
`Distributed to the book trade in Canada by Macmillan of Canada
`
`division of Canada Publishing Corporation
`
`Distributed to the book trade outside the United States and Canada by Penguin Books Ltd
`
`Penguin Books Ltd Harmondsworth Middlesex England
`Penguin Books Australia Ltd Ringwood Victoria Australia
`10 New Zealand
`Penguin Books N.Z Ltd 182-190 Wairau Road Auckland
`
`British Cataloging-in-Publication Data available
`
`PostScript
`
`is
`
`of Apple
`
`is
`
`registered
`
`trademark of ElseWare Corporation Hewlett-Packard
`
`HP LaserJet
`trademark of Intel Corporation
`
`trademark of Adobe Systems Inc Macintosh
`are registered trademarks
`and TrueType
`registered
`trademarks of Asymetrix Corporation Kodak
`Inc Asymetrix and ToulBook
`Computer
`are registered
`trademark of Eastman Kodak Company PANOSE is
`and PCL are registered
`Company Intel
`trademarks of Hewlett-Packard
`IBM OS/2 and AT are registered
`and PC/XT is
`of International Business Machines Corporation
`Microsoft MS MS-DOS QuickC and Code View are registered trademarks and Windows Win32 Win32s Windows NT
`of Microsoft Corporation OS/2 is
`trademark
`licensed to Microsoft
`Visual Basic and QBasic are trademarks
`of MIPS Computer Systems Inc Anal Monotype and Times New Roman
`Corporation MIPS is
`registered trademark
`and Bookman Old Style Century Gothic and Century Schoolbook
`are trademarks
`of Monotype
`are registered trademarks
`Corporation PLC Motorola is
`trademark of Motorola Inc Nokia is
`registered trademark of Nokia Corpora
`registered
`tion Novell and NetWare are registered trademarks
`registered trademark of Ing
`Oliyetti
`trademark
`of Seiko Epson Corporation
`trademark
`of Roland Corporation Epson is
`registered trademark of UNIX Systems Laborato
`trademark of Unicode Incorporated UNIX is
`registered trademark of Yamaha Corporation of America Paintbrush is
`trademark of ZSoft Corporation
`U.S Patent No 4974159
`Document No PC52821-0593
`
`trademarks
`
`trademark
`
`is
`
`registered
`
`registered
`
`Roland
`
`is
`
`registered
`
`of Novell
`
`Inc Olivetti
`
`is
`
`registered
`
`Unicode
`
`is
`
`registered
`ries Yamaha is
`
`Petitioner Microsoft Corporation, Ex. 1023, p. i
`
`

`

`Chapter 49 Security
`
`125
`
`49.1 About Security
`The security provisions of Microsoft Windows NT are available to Windows-
`based applications automatically Every application running on the system is
`to the security imposed by the particular configuration of the local
`implementation of Windows NT
`
`subject
`
`The security functions in the Win32 application programming interface API
`to an object An
`allow an application to selectively grant and deny access
`application can specify many different kinds of access for particular users and
`groups of users The operating system grants or denies access
`to an object based
`on
`comparison of the security provisions stored with an object with the access
`token associated with the process or thread requesting the
`rights specified in
`access These security functions allow an application to query and manipulate the
`security features of both an object and
`process or thread
`
`The impact of Windows security on most Windows functions is minimal and
`Windows-based application not requiring security functionality usually does not
`need to incorporate any special code However
`developer can use the security
`features of Windows NT to provide
`number of services in Windows-based
`system-wide resource
`application Generally any application that manipulates
`such as the system time must use the security system to gain access
`resource
`security-aware application might allow the user to query the security
`file provide specialized feedback when access
`attributes of
`secure file is
`to
`denied or customize the security attributes of
`file or group of files so that only
`subset of other users on
`network has access
`to the information
`
`to that
`
`release of Windows NT is designed to support C2-level security as
`The first
`defined by the US Department of Defense Some of the most important
`requirements of C2-level security are shown in the following list
`
`It must be possible to control access
`resource This access control must
`include or exclude individual users or named groups of users
`
`to
`
`Memory must be protected so its contents cannot be read after it
`
`is freed by
`
`process
`
`unique manner when they log on All
`Users must identify themselves in
`auditable actions must identify the user performing the action
`
`System administrators must be able to audit security-related events Access to
`this audit data must be limited to authorized administrators
`
`The system must protect itself from external interference or tampering such as
`modification of the running system or of system files stored on disk
`
`Petitioner Microsoft Corporation, Ex. 1023, p. 125
`
`

`

`126
`
`Microsoft W1n32 Programmers Reference Volume
`
`492 Security Model
`All named objects in Windows NT and some unnamed objects can be secured
`in Windows are described by
`The security attributes of each securable object
`the owner of the object and by
`information about
`security descriptor that contains
`list ACL identifying the users and groups allowed or denied
`an access-control
`to the object An ACL contains an entry for each user global group or
`access
`to the object Each of these
`local group alias being allowed or denied access
`entries is an access-control entry ACE
`
`user is assigned an access token containing identifiers that represent
`At logon
`the user and any groups to which the user belongs Every process run on behalf of
`token When
`this user will have
`copy of this particular access
`process attempts
`to use an object
`the system compares the security attributes listed in the access
`token with the ACEs in the objects ACL The system compares the access
`token
`with each ACE until access
`there are no more
`is either granted or denied or until
`token And if
`ACEs to check Conceivably
`several ACEs could apply to
`rights granted by each ACE accumulate For example if one
`occurs the access
`ACE grants read access
`token and another ACE grants
`group in an access
`write access to the user who is also member of the group the user will have
`to the object when the access check is complete
`both read and write access
`
`this
`
`to
`
`The following illustration shows the relationship between these blocks of security
`information
`
`9cess or Thread
`
`Object
`
`Access token
`
`User identifier
`
`Group identifier
`
`Privilege information
`
`Other access
`
`information
`
`Security descriptor
`
`Owner identifier
`
`Group identifier
`
`ACL
`
`ACE
`
`ACE
`_________________
`
`_________________
`ACE
`
`The system checks
`in the ACL until
`
`it
`
`each ACE
`
`finds one
`
`that applies to the user or
`
`group represented by the
`token or until
`access
`are no more ACEs
`
`there
`
`Typically the application protecting an object is
`server
`in that it defines the
`users and groups with access
`to the object The application interacts with clients
`when they attempt to gain access
`to the object Users and groups are identified by
`security identifiers SIDs An SID is
`structure of variable length that uniquely
`user or group SIDs are stored in
`security database that an
`application can query by calling Win32 functions With one exception an SID is
`
`identifies
`
`Petitioner Microsoft Corporation, Ex. 1023, p. 126
`
`

`

`Chapter 49 Security
`
`127
`
`used to identify
`reassigned to another user or group For
`user or group is never
`the only SID that will not be the same from logon to logon is the
`given account
`logon-identifier SID In the model represented by the preceding illustration SIDs
`would be used to identify the following
`
`The owner and group in the security descriptor
`The recipient of the access being granted by each ACE
`
`token
`
`The user and groups in the access
`Security descriptors SIDs and ACLs are treated by applications as opaque
`structures and are intended to be manipulated only by using Win32 functions
`these structures remain syntactically accurate and prevents
`This helps ensure that
`future enhancements
`to the security system from breaking existing code
`
`Pointers to doubleword values or structures must be aligned on doubleword
`boundaries However
`the exception is strings for which alignment
`is not critical
`All Win32 memory-allocation functions return handles of doubleword-aligned
`memory objects
`
`49.2.1 Access Tokens
`
`When
`user logs on the system verifies the users password by comparing it with
`security database If the password is authenticated the
`information stored in
`token and attaches it
`to the users process This access
`an access
`interactions with securable objects and
`
`system produces
`token identifies the user in all subsequent
`
`contains
`
`the following information about
`
`process
`
`TheusersSID
`
`Group SIDs
`
`Privileges
`
`An owner SID
`
`The SID for the primary group
`
`The default discretionary access-control
`
`list ACL
`
`The source of the access
`
`token
`
`Whether the token is
`
`primary or impersonation token
`
`Current impersonation levels
`
`Other statistics
`
`thread can have one assigned
`Every process must have an access
`token but even
`to it When
`token it supersedes the token of the process
`thread has an access
`that owns the thread This allows individual
`threads of
`
`server process to
`token with the thread The
`clients access
`impersonate clients by associating
`only exception to this is any action requiring the SE_TCB_NAME privilege This
`
`Petitioner Microsoft Corporation, Ex. 1023, p. 127
`
`

`

`128
`
`Microsoft Win32 Programmers Reference Volume
`
`privilege is always checked against the process token even if
`has an impersonation token
`
`the current thread
`
`For more information about privileges see Section 49.2.7 Privileges For more
`information about security identifiers SIDs see Section 49.2.6 Security
`Identifiers SIDs For more information about discretionary ACLs see Section
`Lists ACLs For more information about
`49.2.3 Access-control
`the
`token see the following token structures and enumerated
`components of an access
`types in Microsoft Win32 Programmers Reference Volume
`
`Structure or type
`
`TOKEN_CONTROL
`
`TOKEN_DEFAULT_DACL
`
`TOKEN_GROUPS
`
`TOKEN_INFORMATION_CLASS
`
`TOKEN_OWNER
`TOKEN_PRIMARY_GROUP
`
`TOKEN_PRIVILEGES
`
`TOKEN_SOURCE
`
`TOKEN_STATISTICS
`TOKEN_TYPE
`
`TOKEN_USER
`
`Specifies
`
`Information useful
`
`in identifying an access
`
`token
`
`The default discretionary ACL for an access
`token
`
`Specifies the SJDs of the access tokens
`groups and whether any privileges are
`enabled
`
`Information being set in or retrieved from an
`access token
`
`The SID of an access tokens owner
`The SB of the access tokens primary group
`The privileges associated with an access
`token and whether the privileges are enabled
`
`The source of an access token
`
`Statistics associated with an access token
`
`Whether an access token is being used as an
`impersonation token
`
`The SID of an access tokens user
`
`Following are the functions an application can use to manipulate access
`
`tokens
`
`Function
`
`Description
`
`AdjustTokenGroups
`
`Changes the group information in an access token
`
`AdjustTokenPrivileges
`
`GetTokenlnformation
`
`OpenProcessToken
`
`OpenThreadToken
`
`SetTokenlnformation
`
`Changes the privileges in an access token
`
`Retrieves information about
`
`token
`
`Retrieves the handle of the access token for process
`
`Retrieves the handle of the access token for
`
`thread
`
`tokens owner primary group or default
`Changes
`discretionary ACL
`
`Petitioner Microsoft Corporation, Ex. 1023, p. 128
`
`