ReactOS 0.4.15-dev-7704-gc07eb9f
subject.c
Go to the documentation of this file.
1/*
2 * PROJECT: ReactOS Kernel
3 * LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
4 * PURPOSE: Security subject context support routines
5 * COPYRIGHT: Copyright Alex Ionescu <alex@relsoft.net>
6 */
7
8/* INCLUDES *******************************************************************/
9
10#include <ntoskrnl.h>
11#define NDEBUG
12#include <debug.h>
13
14/* GLOBALS ********************************************************************/
15
17
18/* PUBLIC FUNCTIONS ***********************************************************/
19
39VOID
45{
47
48 PAGED_CODE();
49
50 /* Save the unique ID */
51 SubjectContext->ProcessAuditId = Process->UniqueProcessId;
52
53 /* Check if we have a thread */
54 if (!Thread)
55 {
56 /* We don't, so no token */
57 SubjectContext->ClientToken = NULL;
58 }
59 else
60 {
61 /* Get the impersonation token */
65 &SubjectContext->ImpersonationLevel);
66 }
67
68 /* Get the primary token */
70}
71
83VOID
87{
88 /* Call the extended API */
92}
93
105VOID
106NTAPI
109{
110 PTOKEN PrimaryToken, ClientToken;
111 PAGED_CODE();
112
113 /* Read both tokens */
114 PrimaryToken = SubjectContext->PrimaryToken;
115 ClientToken = SubjectContext->ClientToken;
116
117 /* Always lock the primary */
118 SepAcquireTokenLockShared(PrimaryToken);
119
120 /* Lock the impersonation one if it's there */
121 if (!ClientToken) return;
122 SepAcquireTokenLockShared(ClientToken);
123}
124
136VOID
137NTAPI
140{
141 PTOKEN PrimaryToken, ClientToken;
142 PAGED_CODE();
143
144 /* Read both tokens */
145 PrimaryToken = SubjectContext->PrimaryToken;
146 ClientToken = SubjectContext->ClientToken;
147
148 /* Unlock the impersonation one if it's there */
149 if (ClientToken)
150 {
151 SepReleaseTokenLock(ClientToken);
152 }
153
154 /* Always unlock the primary one */
155 SepReleaseTokenLock(PrimaryToken);
156}
157
169VOID
170NTAPI
173{
174 PAGED_CODE();
175
176 /* Drop reference on the primary */
178 SubjectContext->PrimaryToken = NULL;
179
180 /* Drop reference on the impersonation, if there was one */
182 SubjectContext->ClientToken = NULL;
183}
184
185/* EOF */
#define PAGED_CODE()
unsigned char BOOLEAN
#define NULL
Definition: types.h:112
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
ULONG ERESOURCE
Definition: env_spec_w32.h:594
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2246
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:223
#define PsDereferenceImpersonationToken(T)
Definition: imports.h:298
#define _Out_
Definition: ms_sal.h:345
#define _In_
Definition: ms_sal.h:308
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:410
#define SepAcquireTokenLockShared(Token)
Definition: se.h:290
#define SepReleaseTokenLock(Token)
Definition: se.h:296
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
PACCESS_TOKEN NTAPI PsReferenceImpersonationToken(IN PETHREAD Thread, OUT PBOOLEAN CopyOnOpen, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:871
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:167
VOID NTAPI SeCaptureSubjectContextEx(_In_ PETHREAD Thread, _In_ PEPROCESS Process, _Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
An extended function that captures the security subject context based upon the specified thread and p...
Definition: subject.c:41
VOID NTAPI SeLockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Locks both the referenced primary and client access tokens of a security subject context.
Definition: subject.c:107
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
Definition: subject.c:171
VOID NTAPI SeUnlockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Unlocks both the referenced primary and client access tokens of a security subject context.
Definition: subject.c:138
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
Definition: subject.c:85
ERESOURCE SepSubjectContextLock
Definition: subject.c:16
#define NTAPI
Definition: typedefs.h:36
_Out_ PBOOLEAN CopyOnOpen
Definition: psfuncs.h:154
#define PsGetCurrentProcess
Definition: psfuncs.h:17