ReactOS  0.4.15-dev-4927-gfe8f806
subject.c
Go to the documentation of this file.
1 /*
2  * PROJECT: ReactOS Kernel
3  * LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
4  * PURPOSE: Security subject context support routines
5  * COPYRIGHT: Copyright Alex Ionescu <alex@relsoft.net>
6  */
7 
8 /* INCLUDES *******************************************************************/
9 
10 #include <ntoskrnl.h>
11 #define NDEBUG
12 #include <debug.h>
13 
14 /* GLOBALS ********************************************************************/
15 
17 
18 /* PUBLIC FUNCTIONS ***********************************************************/
19 
39 VOID
40 NTAPI
45 {
47 
48  PAGED_CODE();
49 
50  /* Save the unique ID */
51  SubjectContext->ProcessAuditId = Process->UniqueProcessId;
52 
53  /* Check if we have a thread */
54  if (!Thread)
55  {
56  /* We don't, so no token */
57  SubjectContext->ClientToken = NULL;
58  }
59  else
60  {
61  /* Get the impersonation token */
63  &CopyOnOpen,
65  &SubjectContext->ImpersonationLevel);
66  }
67 
68  /* Get the primary token */
70 }
71 
83 VOID
84 NTAPI
87 {
88  /* Call the extended API */
92 }
93 
105 VOID
106 NTAPI
109 {
110  PTOKEN PrimaryToken, ClientToken;
111  PAGED_CODE();
112 
113  /* Read both tokens */
114  PrimaryToken = SubjectContext->PrimaryToken;
115  ClientToken = SubjectContext->ClientToken;
116 
117  /* Always lock the primary */
118  SepAcquireTokenLockShared(PrimaryToken);
119 
120  /* Lock the impersonation one if it's there */
121  if (!ClientToken) return;
122  SepAcquireTokenLockShared(ClientToken);
123 }
124 
136 VOID
137 NTAPI
140 {
141  PTOKEN PrimaryToken, ClientToken;
142  PAGED_CODE();
143 
144  /* Read both tokens */
145  PrimaryToken = SubjectContext->PrimaryToken;
146  ClientToken = SubjectContext->ClientToken;
147 
148  /* Unlock the impersonation one if it's there */
149  if (ClientToken)
150  {
151  SepReleaseTokenLock(ClientToken);
152  }
153 
154  /* Always unlock the primary one */
155  SepReleaseTokenLock(PrimaryToken);
156 }
157 
169 VOID
170 NTAPI
173 {
174  PAGED_CODE();
175 
176  /* Drop reference on the primary */
178  SubjectContext->PrimaryToken = NULL;
179 
180  /* Drop reference on the impersonation, if there was one */
182  SubjectContext->ClientToken = NULL;
183 }
184 
185 /* EOF */
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
#define _Out_
Definition: ms_sal.h:345
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
_Out_ PBOOLEAN CopyOnOpen
Definition: psfuncs.h:154
VOID NTAPI SeUnlockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Unlocks both the referenced primary and client access tokens of a security subject context.
Definition: subject.c:138
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
ERESOURCE SepSubjectContextLock
Definition: subject.c:16
#define PsGetCurrentProcess
Definition: psfuncs.h:17
VOID NTAPI SeLockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Locks both the referenced primary and client access tokens of a security subject context.
Definition: subject.c:107
unsigned char BOOLEAN
#define _In_
Definition: ms_sal.h:308
VOID NTAPI SeCaptureSubjectContextEx(_In_ PETHREAD Thread, _In_ PEPROCESS Process, _Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
An extended function that captures the security subject context based upon the specified thread and p...
Definition: subject.c:41
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2652
#define SepReleaseTokenLock(Token)
Definition: se.h:286
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
PACCESS_TOKEN NTAPI PsReferenceImpersonationToken(IN PETHREAD Thread, OUT PBOOLEAN CopyOnOpen, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:849
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
Definition: subject.c:85
#define NULL
Definition: types.h:112
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:167
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
#define SepAcquireTokenLockShared(Token)
Definition: se.h:280
ULONG ERESOURCE
Definition: env_spec_w32.h:594
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
Definition: subject.c:171
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:401
#define PAGED_CODE()
VOID NTAPI PsDereferenceImpersonationToken(IN PACCESS_TOKEN ImpersonationToken)
Definition: security.c:888