ReactOS 0.4.15-dev-8339-g4028de8
sefuncs.h File Reference

Go to the source code of this file.

Macros

#define SeLengthSid(Sid)    (8 + (4 * ((SID *)Sid)->SubAuthorityCount))
 
#define SeDeleteClientSecurity(C)
 
#define SeStopImpersonatingClient()   PsRevertToSelf()
 
#define SeQuerySubjectContextToken(SubjectContext)
 

Functions

 $if (_WDMDDK_) _IRQL_requires_max_(PASSIVE_LEVEL) NTKERNELAPI BOOLEAN NTAPI SeAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor
 
 _IRQL_requires_max_ (PASSIVE_LEVEL) NTKERNELAPI NTSTATUS NTAPI SeAssignSecurity(_In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor
 Queries information details about a security descriptor.
 
NTKERNELAPI NTSTATUS NTAPI SeAssignSecurityEx (_In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor, _In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor, _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, _In_opt_ GUID *ObjectType, _In_ BOOLEAN IsDirectoryObject, _In_ ULONG AutoInheritFlags, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PGENERIC_MAPPING GenericMapping, _In_ POOL_TYPE PoolType)
 
 _In_reads_bytes_ (Length) PSECURITY_DESCRIPTOR SecurityDescriptor)
 
NTKERNELAPI ULONG NTAPI SeObjectCreateSaclAccessBits (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor)
 
NTKERNELAPI VOID NTAPI SeReleaseSubjectContext (_Inout_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
 
NTKERNELAPI VOID NTAPI SeUnlockSubjectContext (_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
 Unlocks both the referenced primary and client access tokens of a security subject context.
 
NTKERNELAPI VOID NTAPI SeCaptureSubjectContext (_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
 Captures the security subject context of the calling thread and calling process.
 
NTKERNELAPI VOID NTAPI SeLockSubjectContext (_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
 Locks both the referenced primary and client access tokens of a security subject context.
 
 $endif (_WDMDDK_) $if(_NTDDK_) _IRQL_requires_max_(PASSIVE_LEVEL) NTKERNELAPI BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue
 
 $endif (_NTDDK_) $if(_NTIFS_) NTKERNELAPI VOID NTAPI SeReleaseSubjectContext(_Inout_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
 
NTKERNELAPI BOOLEAN NTAPI SePrivilegeCheck (_Inout_ PPRIVILEGE_SET RequiredPrivileges, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE AccessMode)
 
NTKERNELAPI VOID NTAPI SeOpenObjectAuditAlarm (_In_ PUNICODE_STRING ObjectTypeName, _In_opt_ PVOID Object, _In_opt_ PUNICODE_STRING AbsoluteObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ BOOLEAN ObjectCreated, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE AccessMode, _Out_ PBOOLEAN GenerateOnClose)
 Creates an audit with alarm notification of an object that is being opened.
 
NTKERNELAPI VOID NTAPI SeOpenObjectForDeleteAuditAlarm (_In_ PUNICODE_STRING ObjectTypeName, _In_opt_ PVOID Object, _In_opt_ PUNICODE_STRING AbsoluteObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ BOOLEAN ObjectCreated, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE AccessMode, _Out_ PBOOLEAN GenerateOnClose)
 Creates an audit with alarm notification of an object that is being opened for deletion.
 
NTKERNELAPI VOID NTAPI SeDeleteObjectAuditAlarm (_In_ PVOID Object, _In_ HANDLE Handle)
 Deletes an alarm audit of an object.
 
NTKERNELAPI TOKEN_TYPE NTAPI SeTokenType (_In_ PACCESS_TOKEN Token)
 Gathers the token type of an access token. A token ca be either a primary token or impersonation token.
 
NTKERNELAPI BOOLEAN NTAPI SeTokenIsAdmin (_In_ PACCESS_TOKEN Token)
 Determines if a token is either an admin token or not. Such condition is checked based upon TOKEN_HAS_ADMIN_GROUP flag, which means if the respective access token belongs to an administrator group or not.
 
NTKERNELAPI BOOLEAN NTAPI SeTokenIsRestricted (_In_ PACCESS_TOKEN Token)
 Determines if a token is restricted or not, based upon the token flags.
 
NTKERNELAPI NTSTATUS NTAPI SeQueryAuthenticationIdToken (_In_ PACCESS_TOKEN Token, _Out_ PLUID AuthenticationId)
 Queries the authentication ID of an access token.
 
NTKERNELAPI NTSTATUS NTAPI SeQuerySessionIdToken (_In_ PACCESS_TOKEN Token, _Out_ PULONG SessionId)
 Queries the session ID of an access token.
 
NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurity (_In_ PETHREAD ClientThread, _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, _In_ BOOLEAN RemoteSession, _Out_ PSECURITY_CLIENT_CONTEXT ClientContext)
 Creates a client security context.
 
NTKERNELAPI VOID NTAPI SeImpersonateClient (_In_ PSECURITY_CLIENT_CONTEXT ClientContext, _In_opt_ PETHREAD ServerThread)
 Impersonates a client user.
 
NTKERNELAPI NTSTATUS NTAPI SeImpersonateClientEx (_In_ PSECURITY_CLIENT_CONTEXT ClientContext, _In_opt_ PETHREAD ServerThread)
 Extended function that impersonates a client.
 
NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurityFromSubjectContext (_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, _In_ BOOLEAN ServerIsRemote, _Out_ PSECURITY_CLIENT_CONTEXT ClientContext)
 Creates a client security context based upon the captured security subject context.
 
NTKERNELAPI NTSTATUS NTAPI SeQuerySecurityDescriptorInfo (_In_ PSECURITY_INFORMATION SecurityInformation, _Out_writes_bytes_(*Length) PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PULONG Length, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor)
 
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfo (_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
 
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfoEx (_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR ModificationDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ ULONG AutoInheritFlags, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
 
NTKERNELAPI NTSTATUS NTAPI SeAppendPrivileges (_Inout_ PACCESS_STATE AccessState, _In_ PPRIVILEGE_SET Privileges)
 Appends additional privileges.
 
NTKERNELAPI BOOLEAN NTAPI SeAuditingFileEvents (_In_ BOOLEAN AccessGranted, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor)
 Determines whether auditing against file events is being done or not.
 
NTKERNELAPI BOOLEAN NTAPI SeAuditingFileOrGlobalEvents (_In_ BOOLEAN AccessGranted, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)
 Determines whether auditing against files or global events with subject context is being done or not.
 
VOID NTAPI SeSetAccessStateGenericMapping (_Inout_ PACCESS_STATE AccessState, _In_ PGENERIC_MAPPING GenericMapping)
 
NTKERNELAPI NTSTATUS NTAPI SeRegisterLogonSessionTerminatedRoutine (_In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
 Registers a callback that will be called once a logon session terminates.
 
NTKERNELAPI NTSTATUS NTAPI SeUnregisterLogonSessionTerminatedRoutine (_In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
 Un-registers a callback routine, previously registered by SeRegisterLogonSessionTerminatedRoutine function.
 
NTKERNELAPI NTSTATUS NTAPI SeMarkLogonSessionForTerminationNotification (_In_ PLUID LogonId)
 Marks a logon session for future termination, given its logon ID. This triggers a callout (the registered callback) when the logon is no longer used by anyone, that is, no token is still referencing the speciffied logon session.
 
NTKERNELAPI NTSTATUS NTAPI SeQueryInformationToken (_In_ PACCESS_TOKEN Token, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Outptr_result_buffer_(_Inexpressible_(token-dependent)) PVOID *TokenInformation)
 Queries information details about the given token to the call. The difference between NtQueryInformationToken and this routine is that the system call has user mode buffer data probing and additional protection checks whereas this routine doesn't have any of these. The routine is used exclusively in kernel mode.
 
 $endif (_NTIFS_) $if(_NTIFS_) NTKERNELAPI BOOLEAN NTAPI SeAuditingHardLinkEvents(_In_ BOOLEAN AccessGranted
 
NTKERNELAPI NTSTATUS NTAPI SeFilterToken (_In_ PACCESS_TOKEN ExistingToken, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Outptr_ PACCESS_TOKEN *FilteredToken)
 
NTKERNELAPI VOID NTAPI SeAuditHardLinkCreation (_In_ PUNICODE_STRING FileName, _In_ PUNICODE_STRING LinkName, _In_ BOOLEAN bSuccess)
 Performs an audit against a hard link creation.
 
NTKERNELAPI BOOLEAN NTAPI SeAuditingFileEventsWithContext (_In_ BOOLEAN AccessGranted, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)
 Determines whether auditing against file events with subject context is being done or not.
 
NTKERNELAPI BOOLEAN NTAPI SeAuditingHardLinkEventsWithContext (_In_ BOOLEAN AccessGranted, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)
 Determines whether auditing against hard links events with subject context is being done or not.
 
NTSTATUS NTAPI SeReportSecurityEvent (_In_ ULONG Flags, _In_ PUNICODE_STRING SourceName, _In_opt_ PSID UserSid, _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters)
 Report a security event to the security manager.
 
NTKERNELAPI VOID NTAPI SeOpenObjectForDeleteAuditAlarmWithTransaction (_In_ PUNICODE_STRING ObjectTypeName, _In_opt_ PVOID Object, _In_opt_ PUNICODE_STRING AbsoluteObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ BOOLEAN ObjectCreated, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE AccessMode, _In_opt_ GUID *TransactionId, _Out_ PBOOLEAN GenerateOnClose)
 
NTKERNELAPI VOID NTAPI SeExamineSacl (_In_ PACL Sacl, _In_ PACCESS_TOKEN Token, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateAudit, _Out_ PBOOLEAN GenerateAlarm)
 
NTKERNELAPI VOID NTAPI SeDeleteObjectAuditAlarmWithTransaction (_In_ PVOID Object, _In_ HANDLE Handle, _In_opt_ GUID *TransactionId)
 
NTKERNELAPI VOID NTAPI SeQueryTokenIntegrity (_In_ PACCESS_TOKEN Token, _Inout_ PSID_AND_ATTRIBUTES IntegritySA)
 
NTKERNELAPI NTSTATUS NTAPI SeSetSessionIdToken (_In_ PACCESS_TOKEN Token, _In_ ULONG SessionId)
 
NTKERNELAPI VOID NTAPI SeAuditHardLinkCreationWithTransaction (_In_ PUNICODE_STRING FileName, _In_ PUNICODE_STRING LinkName, _In_ BOOLEAN bSuccess, _In_opt_ GUID *TransactionId)
 
NTKERNELAPI VOID NTAPI SeAuditTransactionStateChange (_In_ GUID *TransactionId, _In_ GUID *ResourceManagerId, _In_ ULONG NewTransactionState)
 
NTKERNELAPI BOOLEAN NTAPI SeAuditingAnyFileEventsWithContext (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _Out_opt_ PBOOLEAN StagingEnabled)
 
NTKERNELAPI VOID NTAPI SeExamineGlobalSacl (_In_ PUNICODE_STRING ObjectType, _In_ PACL ResourceSacl, _In_ PACCESS_TOKEN Token, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN AccessGranted, _Inout_ PBOOLEAN GenerateAudit, _Inout_opt_ PBOOLEAN GenerateAlarm)
 
NTKERNELAPI VOID NTAPI SeMaximumAuditMaskFromGlobalSacl (_In_opt_ PUNICODE_STRING ObjectTypeName, _In_ ACCESS_MASK GrantedAccess, _In_ PACCESS_TOKEN Token, _Inout_ PACCESS_MASK AuditMask)
 
NTSTATUS NTAPI SeReportSecurityEventWithSubCategory (_In_ ULONG Flags, _In_ PUNICODE_STRING SourceName, _In_opt_ PSID UserSid, _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters, _In_ ULONG AuditSubcategoryId)
 
BOOLEAN NTAPI SeAccessCheckFromState (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PTOKEN_ACCESS_INFORMATION PrimaryTokenInformation, _In_opt_ PTOKEN_ACCESS_INFORMATION ClientTokenInformation, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Outptr_opt_result_maybenull_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
NTKERNELAPI VOID NTAPI SeFreePrivileges (_In_ PPRIVILEGE_SET Privileges)
 Frees a set of privileges.
 
NTSTATUS NTAPI SeLocateProcessImageName (_Inout_ PEPROCESS Process, _Outptr_ PUNICODE_STRING *pImageFileName)
 

Variables

_In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN SubjectContextLocked
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK DesiredAccess
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK PreviouslyGrantedAccess
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SETPrivileges
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING GenericMapping
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE AccessMode
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
 
_In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor
 
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTORNewDescriptor
 
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
 
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext
 
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN _In_ PSECURITY_SUBJECT_CONTEXT _In_ PGENERIC_MAPPING _In_ POOL_TYPE PoolType
 
_In_ KPROCESSOR_MODE PreviousMode
 
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor
 
_In_opt_ PSECURITY_DESCRIPTOR _In_opt_ PSECURITY_DESCRIPTOR ParentSecurityDescriptor
 
_In_opt_ PVOID Object
 
_In_opt_ PVOID _In_opt_ PUNICODE_STRING AbsoluteObjectName
 
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
 
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN ObjectCreated
 
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
 
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUIDTransactionId
 
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
 
NTKERNELAPI PSE_EXPORTS SeExports
 

Macro Definition Documentation

◆ SeDeleteClientSecurity

#define SeDeleteClientSecurity (   C)
Value:
{ \
if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
PsDereferencePrimaryToken( (C)->ClientToken ); \
} else { \
PsDereferenceImpersonationToken( (C)->ClientToken ); \
} \
}
Definition: terminate.cpp:24
@ TokenPrimary
Definition: imports.h:273
NTKERNELAPI TOKEN_TYPE NTAPI SeTokenType(_In_ PACCESS_TOKEN Token)
Gathers the token type of an access token. A token ca be either a primary token or impersonation toke...
Definition: token.c:2080

Definition at line 573 of file sefuncs.h.

◆ SeLengthSid

#define SeLengthSid (   Sid)     (8 + (4 * ((SID *)Sid)->SubAuthorityCount))

Definition at line 570 of file sefuncs.h.

◆ SeQuerySubjectContextToken

#define SeQuerySubjectContextToken (   SubjectContext)
Value:
) ? \
#define ARGUMENT_PRESENT(ArgumentPointer)
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: sefuncs.h:32
struct _SECURITY_SUBJECT_CONTEXT * PSECURITY_SUBJECT_CONTEXT

Definition at line 583 of file sefuncs.h.

◆ SeStopImpersonatingClient

#define SeStopImpersonatingClient ( )    PsRevertToSelf()

Definition at line 581 of file sefuncs.h.

Function Documentation

◆ $endif() [1/3]

$endif ( _NTDDK_  )

Definition at line 1144 of file iofuncs.h.

2502{
2503 PriorityInfo->Size = sizeof(IO_PRIORITY_INFO);
2504 PriorityInfo->ThreadPriority = 0xffff;
2505 PriorityInfo->IoPriority = IoPriorityNormal;
2506 PriorityInfo->PagePriority = 0;
2507}
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD _Inout_ PIO_PRIORITY_INFO PriorityInfo
Definition: fltkernel.h:2654
struct _IO_PRIORITY_INFO IO_PRIORITY_INFO
@ IoPriorityNormal
Definition: iotypes.h:1233

◆ $endif() [2/3]

$endif ( _NTIFS_  )

Definition at line 396 of file rtlfuncs.h.

2839{
2841 ret.QuadPart = SignedInteger;
2842 return ret;
2843}
return ret
Definition: rtlfuncs.h:3090

◆ $endif() [3/3]

$endif ( _WDMDDK_  )

Definition at line 85 of file ke.h.

226{
229} NEON128, *PNEON128;
NEON128
Definition: ke.h:229
* PNEON128
Definition: ke.h:229
@ High
Definition: strmini.h:378
@ Low
Definition: strmini.h:380
int64_t LONGLONG
Definition: typedefs.h:68
uint64_t ULONGLONG
Definition: typedefs.h:67

◆ $if()

$if ( _WDMDDK_  )

Kernel definitions for ARM64

Kernel definitions for AMD64

Kernel definitions for ARM

Definition at line 1 of file ke.h.

31{
32 ULONG Dummy;
KFLOATING_SAVE
Definition: ke.h:33
* PKFLOATING_SAVE
Definition: ke.h:33
uint32_t ULONG
Definition: typedefs.h:59

◆ _In_reads_bytes_()

_In_reads_bytes_ ( Length  )

◆ _IRQL_requires_max_()

_IRQL_requires_max_ ( PASSIVE_LEVEL  )

Queries information details about a security descriptor.

Computes the quota size of a security descriptor.

Assigns a security descriptor for a new object.

An extended function that assigns a security descriptor for a new object.

Frees a security descriptor.

An extended function that sets new information data to a security descriptor.

Modifies some information data about a security descriptor.

Parameters
[in]SecurityInformationSecurity information details to be queried from a security descriptor.
[out]SecurityDescriptorThe returned security descriptor with security information data.
[in,out]LengthThe returned length of a security descriptor.
[in,out]ObjectsSecurityDescriptorThe returned object security descriptor.
Returns
Returns STATUS_SUCCESS if the operations have been completed successfully and that the specific information about the security descriptor has been queried. STATUS_BUFFER_TOO_SMALL is returned if the buffer size is too small to contain the queried info about the security descriptor.
Parameters
[in]ObjectIf specified, the function will use this arbitrary object that points to an object security descriptor.
[in]SecurityInformationSecurity information details to be set.
[in]SecurityDescriptorA security descriptor where its info is to be changed.
[in,out]ObjectsSecurityDescriptorThe returned pointer to security descriptor objects.
[in]PoolTypePool type for the new security descriptor to allocate.
[in]GenericMappingThe generic mapping of access rights masks.
Returns
See SeSetSecurityDescriptorInfoEx.
Parameters
[in]ObjectIf specified, the function will use this arbitrary object that points to an object security descriptor.
[in]SecurityInformationSecurity information details to be set.
[in]SecurityDescriptorA security descriptor where its info is to be changed.
[in,out]ObjectsSecurityDescriptorThe returned pointer to security descriptor objects.
[in]AutoInheritFlagsFlags bitmask inheritation, influencing how the security descriptor can be inherited and if it can be in the first place.
[in]PoolTypePool type for the new security descriptor to allocate.
[in]GenericMappingThe generic mapping of access rights masks.
Returns
Returns STATUS_SUCCESS if the operations have been completed without problems and that new info has been set to the security descriptor. STATUS_NO_SECURITY_ON_OBJECT is returned if the object does not have a security descriptor. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the new security descriptor with new info set has failed.
Parameters
[in]SecurityDescriptorA security descriptor to be freed from memory.
Returns
Returns STATUS_SUCCESS.
Parameters
[in]_ParentDescriptorA security descriptor of the parent object that is being created.
[in]_ExplicitDescriptorAn explicit security descriptor that is applied to a new object.
[out]NewDescriptorThe new allocated security descriptor.
[in]ObjectTypeThe type of the new object.
[in]IsDirectoryObjectSet this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]AutoInheritFlagsAutomatic inheritance flags that influence how access control entries within ACLs from security descriptors are inherited.
[in]SubjectContextSecurity subject context of the new object.
[in]GenericMappingGeneric mapping of access mask rights.
[in]PoolTypeThis parameter is unused.
Returns
Returns STATUS_SUCCESS if the operations have been completed successfully and that the security descriptor has been assigned to the new object. STATUS_NO_TOKEN is returned if the caller hasn't supplied a valid argument to a security subject context. STATUS_INVALID_OWNER is returned if the caller hasn't supplied a parent descriptor that belongs to the main user (owner). STATUS_INVALID_PRIMARY_GROUP is returned by the same reason as with the previous NTSTATUS code. The two NTSTATUS codes are returned if the calling thread stated that the owner and/or group is defaulted to the parent descriptor (SEF_DEFAULT_OWNER_FROM_PARENT and/or SEF_DEFAULT_GROUP_FROM_PARENT respectively). STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the descriptor buffer has failed. A failure NTSTATUS is returned otherwise.
Parameters
[in]ParentDescriptorA security descriptor of the parent object that is being created.
[in]ExplicitDescriptorAn explicit security descriptor that is applied to a new object.
[out]NewDescriptorThe new allocated security descriptor.
[in]IsDirectoryObjectSet this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]SubjectContextSecurity subject context of the new object.
[in]GenericMappingGeneric mapping of access mask rights.
[in]PoolTypeThis parameter is unused.
Returns
See SeAssignSecurityEx.
Parameters
[in]SecurityDescriptorA security descriptor.
[out]QuotaInfoSizeThe returned quota size of the given security descriptor to the caller. The function may return 0 to this parameter if the descriptor doesn't have a group or a discretionary access control list (DACL) even.
Returns
Returns STATUS_SUCCESS if the quota size of a security descriptor has been computed successfully. STATUS_UNKNOWN_REVISION is returned if the security descriptor has an invalid revision.

Definition at line 923 of file Messaging.c.

75{
76 PFLT_SERVER_PORT_OBJECT PortObject;
78
79 /* The caller must allow at least one connection */
80 if (MaxConnections == 0)
81 {
83 }
84
85 /* The request must be for a kernel handle */
86 if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
87 {
89 }
90
91 /*
92 * Get rundown protection on the target to stop the owner
93 * from unloading whilst this port object is open. It gets
94 * removed in the FltpServerPortClose callback
95 */
97 if (!NT_SUCCESS(Status))
98 {
99 return Status;
100 }
101
102 /* Create the server port object for this filter */
107 NULL,
109 0,
110 0,
111 (PVOID *)&PortObject);
112 if (NT_SUCCESS(Status))
113 {
114 /* Zero out the struct */
115 RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
116
117 /* Increment the ref count on the target filter */
119
120 /* Setup the filter port object */
121 PortObject->Filter = Filter;
125 PortObject->Cookie = ServerPortCookie;
126 PortObject->MaxConnections = MaxConnections;
127
128 /* Insert the object */
129 Status = ObInsertObject(PortObject,
130 NULL,
132 0,
133 NULL,
135 if (NT_SUCCESS(Status))
136 {
137 /* Lock the connection list */
139
140 /* Add the new port object to the connection list and increment the count */
143
144 /* Unlock the connection list*/
146 }
147 }
148
149 if (!NT_SUCCESS(Status))
150 {
151 /* Allow the filter to be cleaned up */
153 }
154
155 return Status;
156}
static const INTERNET_PORT ServerPort
Definition: CWebService.cpp:11
POBJECT_TYPE ServerPortObjectType
Definition: Messaging.c:24
VOID FLTAPI FltObjectDereference(_Inout_ PVOID Object)
Definition: Object.c:53
NTSTATUS FLTAPI FltObjectReference(_Inout_ PVOID Object)
Definition: Object.c:41
LONG NTSTATUS
Definition: precomp.h:26
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
#define NULL
Definition: types.h:112
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33
#define InsertTailList(ListHead, Entry)
_Must_inspect_result_ _In_opt_ PFLT_FILTER Filter
Definition: fltkernel.h:1801
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1877
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1875
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1874
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1876
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
Status
Definition: gdiplustypes.h:25
VOID FASTCALL ExAcquireFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:23
VOID FASTCALL ExReleaseFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:31
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
static LONG MaxConnections
#define KernelMode
Definition: asm.h:34
#define FILE_READ_DATA
Definition: nt_native.h:628
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:455
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2935
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:1039
FLT_MUTEX_LIST_HEAD ConnectionList
Definition: fltmgrint.h:121
LIST_ENTRY mList
Definition: fltmgrint.h:56
FAST_MUTEX mLock
Definition: fltmgrint.h:55
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
PFLT_MESSAGE_NOTIFY MessageNotify
Definition: fltmgrint.h:193
PFLT_CONNECT_NOTIFY ConnectNotify
Definition: fltmgrint.h:191
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135

◆ SeAccessCheckFromState()

BOOLEAN NTAPI SeAccessCheckFromState ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PTOKEN_ACCESS_INFORMATION  PrimaryTokenInformation,
_In_opt_ PTOKEN_ACCESS_INFORMATION  ClientTokenInformation,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ACCESS_MASK  PreviouslyGrantedAccess,
_Outptr_opt_result_maybenull_ PPRIVILEGE_SET Privileges,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ KPROCESSOR_MODE  AccessMode,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ SeAppendPrivileges()

NTKERNELAPI NTSTATUS NTAPI SeAppendPrivileges ( _Inout_ PACCESS_STATE  AccessState,
_In_ PPRIVILEGE_SET  Privileges 
)

Appends additional privileges.

Parameters
[in]AccessStateAccess request to append.
[in]PrivilegesSet of new privileges to append.
Returns
Returns STATUS_SUCCESS if the privileges have been successfully appended. Otherwise STATUS_INSUFFICIENT_RESOURCES is returned, indicating that pool allocation has failed for the buffer to hold the new set of privileges.

Definition at line 588 of file priv.c.

591{
592 PAUX_ACCESS_DATA AuxData;
593 ULONG OldPrivilegeSetSize;
594 ULONG NewPrivilegeSetSize;
595 PPRIVILEGE_SET PrivilegeSet;
596
597 PAGED_CODE();
598
599 /* Get the Auxiliary Data */
600 AuxData = AccessState->AuxData;
601
602 /* Calculate the size of the old privilege set */
603 OldPrivilegeSetSize = sizeof(PRIVILEGE_SET) +
604 (AuxData->PrivilegeSet->PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
605
606 if (AuxData->PrivilegeSet->PrivilegeCount +
607 Privileges->PrivilegeCount > INITIAL_PRIVILEGE_COUNT)
608 {
609 /* Calculate the size of the new privilege set */
610 NewPrivilegeSetSize = OldPrivilegeSetSize +
611 Privileges->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
612
613 /* Allocate a new privilege set */
614 PrivilegeSet = ExAllocatePoolWithTag(PagedPool,
615 NewPrivilegeSetSize,
617 if (PrivilegeSet == NULL)
619
620 /* Copy original privileges from the acess state */
621 RtlCopyMemory(PrivilegeSet,
622 AuxData->PrivilegeSet,
623 OldPrivilegeSetSize);
624
625 /* Append privileges from the privilege set*/
626 RtlCopyMemory((PVOID)((ULONG_PTR)PrivilegeSet + OldPrivilegeSetSize),
628 Privileges->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
629
630 /* Adjust the number of privileges in the new privilege set */
631 PrivilegeSet->PrivilegeCount += Privileges->PrivilegeCount;
632
633 /* Free the old privilege set if it was allocated */
634 if (AccessState->PrivilegesAllocated != FALSE)
636
637 /* Now we are using an allocated privilege set */
638 AccessState->PrivilegesAllocated = TRUE;
639
640 /* Assign the new privileges to the access state */
641 AuxData->PrivilegeSet = PrivilegeSet;
642 }
643 else
644 {
645 /* Append privileges */
646 RtlCopyMemory((PVOID)((ULONG_PTR)AuxData->PrivilegeSet + OldPrivilegeSetSize),
648 Privileges->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
649
650 /* Adjust the number of privileges in the target privilege set */
651 AuxData->PrivilegeSet->PrivilegeCount += Privileges->PrivilegeCount;
652 }
653
654 return STATUS_SUCCESS;
655}
#define PAGED_CODE()
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
#define PagedPool
Definition: env_spec_w32.h:308
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1109
#define STATUS_SUCCESS
Definition: shellext.h:65
PPRIVILEGE_SET PrivilegeSet
Definition: setypes.h:258
$ULONG PrivilegeCount
Definition: setypes.h:86
#define TAG_PRIVILEGE_SET
Definition: tag.h:157
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
uint32_t ULONG_PTR
Definition: typedefs.h:65
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:17
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:417
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
#define INITIAL_PRIVILEGE_COUNT
Definition: setypes.h:172
struct _PRIVILEGE_SET PRIVILEGE_SET

Referenced by IopCheckBackupRestorePrivilege(), IopParseDevice(), NpCreateClientEnd(), NpCreateExistingNamedPipe(), ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObpCheckTraverseAccess(), and START_TEST().

◆ SeAssignSecurityEx()

NTKERNELAPI NTSTATUS NTAPI SeAssignSecurityEx ( _In_opt_ PSECURITY_DESCRIPTOR  ParentDescriptor,
_In_opt_ PSECURITY_DESCRIPTOR  ExplicitDescriptor,
_Out_ PSECURITY_DESCRIPTOR NewDescriptor,
_In_opt_ GUID ObjectType,
_In_ BOOLEAN  IsDirectoryObject,
_In_ ULONG  AutoInheritFlags,
_In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ POOL_TYPE  PoolType 
)

◆ SeAuditHardLinkCreation()

NTKERNELAPI VOID NTAPI SeAuditHardLinkCreation ( _In_ PUNICODE_STRING  FileName,
_In_ PUNICODE_STRING  LinkName,
_In_ BOOLEAN  bSuccess 
)

Performs an audit against a hard link creation.

@unimplemented

Parameters
[in]FileNameA Unicode string that points to the name of the file.
[in]LinkNameA Unicode string that points to a link.
[out]bSuccessIf TRUE, the function has successfully audited the hard link and security access can be granted, FALSE otherwise.
Returns
Nothing.

Definition at line 967 of file audit.c.

971{
973}
#define UNIMPLEMENTED
Definition: debug.h:118

◆ SeAuditHardLinkCreationWithTransaction()

NTKERNELAPI VOID NTAPI SeAuditHardLinkCreationWithTransaction ( _In_ PUNICODE_STRING  FileName,
_In_ PUNICODE_STRING  LinkName,
_In_ BOOLEAN  bSuccess,
_In_opt_ GUID TransactionId 
)

◆ SeAuditingAnyFileEventsWithContext()

NTKERNELAPI BOOLEAN NTAPI SeAuditingAnyFileEventsWithContext ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSECURITY_SUBJECT_CONTEXT  SubjectSecurityContext,
_Out_opt_ PBOOLEAN  StagingEnabled 
)

◆ SeAuditingFileEvents()

NTKERNELAPI BOOLEAN NTAPI SeAuditingFileEvents ( _In_ BOOLEAN  AccessGranted,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor 
)

Determines whether auditing against file events is being done or not.

@unimplemented

Parameters
[in]AccessGrantedIf set to TRUE, the access attempt is deemed as successful otherwise set it to FALSE.
[in]SecurityDescriptorA security descriptor.
Returns
Returns TRUE if auditing is being currently done, FALSE otherwise.

Definition at line 993 of file audit.c.

996{
998 return FALSE;
999}

◆ SeAuditingFileEventsWithContext()

NTKERNELAPI BOOLEAN NTAPI SeAuditingFileEventsWithContext ( _In_ BOOLEAN  AccessGranted,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSECURITY_SUBJECT_CONTEXT  SubjectSecurityContext 
)

Determines whether auditing against file events with subject context is being done or not.

@unimplemented

Parameters
[in]AccessGrantedIf set to TRUE, the access attempt is deemed as successful otherwise set it to FALSE.
[in]SecurityDescriptorA security descriptor.
[in]SubjectSecurityContextIf specified, the function will check if security auditing is currently being done with this context.
Returns
Returns TRUE if auditing is being currently done, FALSE otherwise.

Definition at line 1023 of file audit.c.

1027{
1029 return FALSE;
1030}
#define UNIMPLEMENTED_ONCE
Definition: typedefs.h:30

◆ SeAuditingFileOrGlobalEvents()

NTKERNELAPI BOOLEAN NTAPI SeAuditingFileOrGlobalEvents ( _In_ BOOLEAN  AccessGranted,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PSECURITY_SUBJECT_CONTEXT  SubjectSecurityContext 
)

Determines whether auditing against files or global events with subject context is being done or not.

@unimplemented

Parameters
[in]AccessGrantedIf set to TRUE, the access attempt is deemed as successful otherwise set it to FALSE.
[in]SecurityDescriptorA security descriptor.
[in]SubjectSecurityContextIf specified, the function will check if security auditing is currently being done with this context.
Returns
Returns TRUE if auditing is being currently done, FALSE otherwise.

Definition at line 1111 of file audit.c.

1115{
1117 return FALSE;
1118}

◆ SeAuditingHardLinkEventsWithContext()

NTKERNELAPI BOOLEAN NTAPI SeAuditingHardLinkEventsWithContext ( _In_ BOOLEAN  AccessGranted,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSECURITY_SUBJECT_CONTEXT  SubjectSecurityContext 
)

Determines whether auditing against hard links events with subject context is being done or not.

@unimplemented

Parameters
[in]AccessGrantedIf set to TRUE, the access attempt is deemed as successful otherwise set it to FALSE.
[in]SecurityDescriptorA security descriptor.
[in]SubjectSecurityContextIf specified, the function will check if security auditing is currently being done with this context.
Returns
Returns TRUE if auditing is being currently done, FALSE otherwise.

Definition at line 1080 of file audit.c.

1084{
1086 return FALSE;
1087}

◆ SeAuditTransactionStateChange()

NTKERNELAPI VOID NTAPI SeAuditTransactionStateChange ( _In_ GUID TransactionId,
_In_ GUID ResourceManagerId,
_In_ ULONG  NewTransactionState 
)

◆ SeCaptureSubjectContext()

NTKERNELAPI VOID NTAPI SeCaptureSubjectContext ( _Out_ PSECURITY_SUBJECT_CONTEXT  SubjectContext)

Captures the security subject context of the calling thread and calling process.

Parameters
[out]SubjectContextThe returned security subject context.
Returns
Nothing.

Definition at line 85 of file subject.c.

87{
88 /* Call the extended API */
92}
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2246
VOID NTAPI SeCaptureSubjectContextEx(_In_ PETHREAD Thread, _In_ PEPROCESS Process, _Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
An extended function that captures the security subject context based upon the specified thread and p...
Definition: subject.c:41
#define PsGetCurrentProcess
Definition: psfuncs.h:17

Referenced by create_directory_fcb(), create_subvol(), fcb_get_sd(), FilterToken(), HasPrivilege(), KsCreateDefaultSecurity(), mknod(), nfs41_get_sec_ctx(), nfs41_GetLUID(), nfs41_UpcallCreate(), NtCloseObjectAuditAlarm(), NtOpenObjectAuditAlarm(), NtPrivilegedServiceAuditAlarm(), NtSetUuidSeed(), RxStartMinirdr(), SeCheckPrivilegedObject(), SepAccessCheck(), SepAccessCheckAndAuditAlarm(), SeReportSecurityEvent(), SeSinglePrivilegeCheck(), set_link_information(), set_rename_information(), START_TEST(), SystemThread(), UDFCheckAccessRights(), and UDFSetAccessRights().

◆ SeCreateClientSecurity()

NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurity ( _In_ PETHREAD  Thread,
_In_ PSECURITY_QUALITY_OF_SERVICE  Qos,
_In_ BOOLEAN  RemoteClient,
_Out_ PSECURITY_CLIENT_CONTEXT  ClientContext 
)

Creates a client security context.

Parameters
[in]ThreadThread object of the client where impersonation has to begin.
[in]QosQuality of service to specify what kind of impersonation to be done.
[in]RemoteClientIf set to TRUE, the client that we're going to impersonate is remote.
[out]ClientContextThe returned security client context.
Returns
See SepCreateClientSecurity.

Definition at line 162 of file client.c.

167{
169 BOOLEAN ThreadEffectiveOnly;
173 PAGED_CODE();
174
175 /* Reference the correct token */
177 &TokenType,
178 &ThreadEffectiveOnly,
180
181 /* Create client security from it */
183 Qos,
184 RemoteClient,
185 TokenType,
186 ThreadEffectiveOnly,
189
190 /* Check if we failed or static tracking was used */
191 if (!(NT_SUCCESS(Status)) || (Qos->ContextTrackingMode == SECURITY_STATIC_TRACKING))
192 {
193 /* Dereference our copy since it's not being used */
195 }
196
197 /* Return status */
198 return Status;
199}
unsigned char BOOLEAN
TOKEN_TYPE
Definition: asmpp.cpp:29
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:411
_In_ PVOID ClientContext
Definition: netioddk.h:55
NTSTATUS NTAPI SepCreateClientSecurity(_In_ PACCESS_TOKEN Token, _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, _In_ BOOLEAN ServerIsRemote, _In_ TOKEN_TYPE TokenType, _In_ BOOLEAN ThreadEffectiveOnly, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _Out_ PSECURITY_CLIENT_CONTEXT ClientContext)
Creates a client security context based upon an access token.
Definition: client.c:53
PACCESS_TOKEN NTAPI PsReferenceEffectiveToken(IN PETHREAD Thread, OUT IN PTOKEN_TYPE TokenType, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:802
#define ObDereferenceObject
Definition: obfuncs.h:203
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:156
#define SECURITY_STATIC_TRACKING
Definition: setypes.h:104

◆ SeCreateClientSecurityFromSubjectContext()

NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurityFromSubjectContext ( _In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext,
_In_ PSECURITY_QUALITY_OF_SERVICE  ClientSecurityQos,
_In_ BOOLEAN  ServerIsRemote,
_Out_ PSECURITY_CLIENT_CONTEXT  ClientContext 
)

Creates a client security context based upon the captured security subject context.

Parameters
[in]SubjectContextThe captured subject context where client security is to be created from.
[in]ClientSecurityQosQuality of service to specify what kind of impersonation to be done.
[in]ServerIsRemoteIf set to TRUE, the client that we're going to impersonate is remote.
[out]ClientContextThe returned security client context.
Returns
See SepCreateClientSecurity.

Definition at line 224 of file client.c.

229{
232 PAGED_CODE();
233
234 /* Get the right token and reference it */
237
238 /* Create the context */
240 ClientSecurityQos,
241 ServerIsRemote,
242 SubjectContext->ClientToken ?
244 FALSE,
245 SubjectContext->ImpersonationLevel,
247
248 /* Check if we failed or static tracking was used */
249 if (!(NT_SUCCESS(Status)) ||
250 (ClientSecurityQos->ContextTrackingMode == SECURITY_STATIC_TRACKING))
251 {
252 /* Dereference our copy since it's not being used */
254 }
255
256 /* Return status */
257 return Status;
258}
@ TokenImpersonation
Definition: imports.h:274
#define ObReferenceObject
Definition: obfuncs.h:204
#define SeQuerySubjectContextToken(SubjectContext)
Definition: sefuncs.h:583

Referenced by nfs41_get_sec_ctx(), nfs41_GetLUID(), and nfs41_UpcallCreate().

◆ SeDeleteObjectAuditAlarm()

NTKERNELAPI VOID NTAPI SeDeleteObjectAuditAlarm ( _In_ PVOID  Object,
_In_ HANDLE  Handle 
)

Deletes an alarm audit of an object.

@unimplemented

Parameters
[in]ObjectAn arbitrary pointer data that points to the object.
[in]HandleA handle of the said object.
Returns
Nothing.

Definition at line 1163 of file audit.c.

1166{
1168}

◆ SeDeleteObjectAuditAlarmWithTransaction()

NTKERNELAPI VOID NTAPI SeDeleteObjectAuditAlarmWithTransaction ( _In_ PVOID  Object,
_In_ HANDLE  Handle,
_In_opt_ GUID TransactionId 
)

◆ SeExamineGlobalSacl()

NTKERNELAPI VOID NTAPI SeExamineGlobalSacl ( _In_ PUNICODE_STRING  ObjectType,
_In_ PACL  ResourceSacl,
_In_ PACCESS_TOKEN  Token,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  AccessGranted,
_Inout_ PBOOLEAN  GenerateAudit,
_Inout_opt_ PBOOLEAN  GenerateAlarm 
)

◆ SeExamineSacl()

NTKERNELAPI VOID NTAPI SeExamineSacl ( _In_ PACL  Sacl,
_In_ PACCESS_TOKEN  Token,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  AccessGranted,
_Out_ PBOOLEAN  GenerateAudit,
_Out_ PBOOLEAN  GenerateAlarm 
)

◆ SeFilterToken()

NTKERNELAPI NTSTATUS NTAPI SeFilterToken ( _In_ PACCESS_TOKEN  ExistingToken,
_In_ ULONG  Flags,
_In_opt_ PTOKEN_GROUPS  SidsToDisable,
_In_opt_ PTOKEN_PRIVILEGES  PrivilegesToDelete,
_In_opt_ PTOKEN_GROUPS  RestrictedSids,
_Outptr_ PACCESS_TOKEN FilteredToken 
)

◆ SeFreePrivileges()

NTKERNELAPI VOID NTAPI SeFreePrivileges ( _In_ PPRIVILEGE_SET  Privileges)

Frees a set of privileges.

Parameters
[in]PrivilegesSet of privileges array to be freed.
Returns
Nothing.

Definition at line 669 of file priv.c.

Referenced by IopParseDevice(), NpCreateClientEnd(), NpCreateExistingNamedPipe(), ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObpCheckTraverseAccess(), SepAccessCheck(), and START_TEST().

◆ SeImpersonateClient()

NTKERNELAPI VOID NTAPI SeImpersonateClient ( _In_ PSECURITY_CLIENT_CONTEXT  ClientContext,
_In_opt_ PETHREAD  ServerThread 
)

Impersonates a client user.

Parameters
[in]ClientContextA valid client context.
[in]ServerThreadThe thread where impersonation is to be done.
Returns
Nothing.

Definition at line 321 of file client.c.

324{
325 PAGED_CODE();
326
327 /* Call the new API */
329}
UINT CALLBACK ServerThread(_Inout_ PVOID Parameter)
NTSTATUS NTAPI SeImpersonateClientEx(_In_ PSECURITY_CLIENT_CONTEXT ClientContext, _In_opt_ PETHREAD ServerThread)
Extended function that impersonates a client.
Definition: client.c:276

◆ SeImpersonateClientEx()

NTKERNELAPI NTSTATUS NTAPI SeImpersonateClientEx ( _In_ PSECURITY_CLIENT_CONTEXT  ClientContext,
_In_opt_ PETHREAD  ServerThread 
)

Extended function that impersonates a client.

Parameters
[in]ClientContextA valid client context.
[in]ServerThreadThe thread where impersonation is to be done.
Returns
STATUS_SUCCESS is returned if the calling thread successfully impersonates the client. A failure NTSTATUS code is returned otherwise.

Definition at line 276 of file client.c.

279{
281 PAGED_CODE();
282
283 /* Check if direct access is requested */
284 if (!ClientContext->DirectlyAccessClientToken)
285 {
286 /* No, so get the flag from QOS */
287 EffectiveOnly = ClientContext->SecurityQos.EffectiveOnly;
288 }
289 else
290 {
291 /* Yes, so see if direct access should be effective only */
292 EffectiveOnly = ClientContext->DirectAccessEffectiveOnly;
293 }
294
295 /* Use the current thread if one was not passed */
297
298 /* Call the lower layer routine */
300 ClientContext->ClientToken,
301 TRUE,
303 ClientContext->SecurityQos.ImpersonationLevel);
304}
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:410
NTSTATUS NTAPI PsImpersonateClient(IN PETHREAD Thread, IN PACCESS_TOKEN Token, IN BOOLEAN CopyOnOpen, IN BOOLEAN EffectiveOnly, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:610

Referenced by CmpCmdHiveOpen(), handle_upcall(), NpImpersonateClientContext(), NtImpersonateClientOfPort(), and SeImpersonateClient().

◆ SeLocateProcessImageName()

NTSTATUS NTAPI SeLocateProcessImageName ( _Inout_ PEPROCESS  Process,
_Outptr_ PUNICODE_STRING pImageFileName 
)

◆ SeLockSubjectContext()

NTKERNELAPI VOID NTAPI SeLockSubjectContext ( _In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext)

Locks both the referenced primary and client access tokens of a security subject context.

Parameters
[in]SubjectContextA valid security context with both referenced tokens.
Returns
Nothing.

Definition at line 107 of file subject.c.

109{
110 PTOKEN PrimaryToken, ClientToken;
111 PAGED_CODE();
112
113 /* Read both tokens */
114 PrimaryToken = SubjectContext->PrimaryToken;
115 ClientToken = SubjectContext->ClientToken;
116
117 /* Always lock the primary */
118 SepAcquireTokenLockShared(PrimaryToken);
119
120 /* Lock the impersonation one if it's there */
121 if (!ClientToken) return;
122 SepAcquireTokenLockShared(ClientToken);
123}
#define SepAcquireTokenLockShared(Token)
Definition: se.h:290

Referenced by create_stream(), FatExplicitDeviceAccessGranted(), file_create(), FilterToken(), HasPrivilege(), IopParseDevice(), NpCreateClientEnd(), NpCreateExistingNamedPipe(), NpCreateNewNamedPipe(), ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObpCheckObjectReference(), ObpCheckTraverseAccess(), open_file2(), SeAccessCheck(), and START_TEST().

◆ SeMarkLogonSessionForTerminationNotification()

NTKERNELAPI NTSTATUS NTAPI SeMarkLogonSessionForTerminationNotification ( _In_ PLUID  LogonId)

Marks a logon session for future termination, given its logon ID. This triggers a callout (the registered callback) when the logon is no longer used by anyone, that is, no token is still referencing the speciffied logon session.

Parameters
[in]LogonIdThe ID of the logon session.
Returns
STATUS_SUCCESS if the logon session is marked for termination notification successfully, STATUS_NOT_FOUND if the logon session couldn't be found otherwise.

Definition at line 1510 of file srm.c.

1512{
1513 PSEP_LOGON_SESSION_REFERENCES SessionToMark;
1514 PAGED_CODE();
1515
1516 DPRINT("SeMarkLogonSessionForTerminationNotification(%08lx:%08lx)\n",
1517 LogonId->HighPart, LogonId->LowPart);
1518
1519 /* Acquire the database lock */
1521
1522 /* Loop over the existing logon sessions */
1523 for (SessionToMark = SepLogonSessions;
1524 SessionToMark != NULL;
1525 SessionToMark = SessionToMark->Next)
1526 {
1527 /* Does the logon with the given ID exist? */
1528 if (RtlEqualLuid(&SessionToMark->LogonId, LogonId))
1529 {
1530 /* We found it */
1531 break;
1532 }
1533 }
1534
1535 /*
1536 * We've exhausted all the remaining logon sessions and
1537 * couldn't find one with the provided ID.
1538 */
1539 if (SessionToMark == NULL)
1540 {
1541 DPRINT1("SeMarkLogonSessionForTerminationNotification(): Logon session couldn't be found!\n");
1543 return STATUS_NOT_FOUND;
1544 }
1545
1546 /* Mark the logon session for termination */
1548 DPRINT("SeMarkLogonSessionForTerminationNotification(): Logon session marked for termination with success!\n");
1549
1550 /* Release the database lock */
1552 return STATUS_SUCCESS;
1553}
#define DPRINT1
Definition: precomp.h:8
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
KGUARDED_MUTEX SepRmDbLock
Definition: srm.c:61
PSEP_LOGON_SESSION_REFERENCES SepLogonSessions
Definition: srm.c:62
#define STATUS_NOT_FOUND
Definition: shellext.h:72
#define DPRINT
Definition: sndvol32.h:73
struct _SEP_LOGON_SESSION_REFERENCES * Next
Definition: setypes.h:169
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
#define SEP_LOGON_SESSION_TERMINATION_NOTIFY
Definition: setypes.h:708

Referenced by LogonMarkTermination().

◆ SeMaximumAuditMaskFromGlobalSacl()

NTKERNELAPI VOID NTAPI SeMaximumAuditMaskFromGlobalSacl ( _In_opt_ PUNICODE_STRING  ObjectTypeName,
_In_ ACCESS_MASK  GrantedAccess,
_In_ PACCESS_TOKEN  Token,
_Inout_ PACCESS_MASK  AuditMask 
)

◆ SeObjectCreateSaclAccessBits()

NTKERNELAPI ULONG NTAPI SeObjectCreateSaclAccessBits ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor)

◆ SeOpenObjectAuditAlarm()

NTKERNELAPI VOID NTAPI SeOpenObjectAuditAlarm ( _In_ PUNICODE_STRING  ObjectTypeName,
_In_opt_ PVOID  Object,
_In_opt_ PUNICODE_STRING  AbsoluteObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PACCESS_STATE  AccessState,
_In_ BOOLEAN  ObjectCreated,
_In_ BOOLEAN  AccessGranted,
_In_ KPROCESSOR_MODE  AccessMode,
_Out_ PBOOLEAN  GenerateOnClose 
)

Creates an audit with alarm notification of an object that is being opened.

@unimplemented

Parameters
[in]ObjectTypeNameA Unicode string that points to the object type name.
[in]ObjectIf specified, the function will use this parameter to directly open the object.
[in]AbsoluteObjectNameIf specified, the function will use this parameter to directly open the object through the absolute name of the object.
[in]SecurityDescriptorA security descriptor.
[in]AccessStateAn access state right mask when opening the object.
[in]ObjectCreatedSet this to TRUE if the object has been fully created, FALSE otherwise.
[in]AccessGrantedSet this to TRUE if access was deemed as granted.
[in]AccessModeProcessor level access mode.
[out]GenerateOnCloseA boolean flag returned to the caller once audit generation procedure finishes.
Returns
Nothing.

Definition at line 1213 of file audit.c.

1223{
1224 PAGED_CODE();
1225
1226 /* Audits aren't done on kernel-mode access */
1227 if (AccessMode == KernelMode) return;
1228
1229 /* Otherwise, unimplemented! */
1230 //UNIMPLEMENTED;
1231 return;
1232}
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396

Referenced by IopParseDevice(), NpCreateClientEnd(), NpCreateExistingNamedPipe(), and ObCheckObjectAccess().

◆ SeOpenObjectForDeleteAuditAlarm()

NTKERNELAPI VOID NTAPI SeOpenObjectForDeleteAuditAlarm ( _In_ PUNICODE_STRING  ObjectTypeName,
_In_opt_ PVOID  Object,
_In_opt_ PUNICODE_STRING  AbsoluteObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PACCESS_STATE  AccessState,
_In_ BOOLEAN  ObjectCreated,
_In_ BOOLEAN  AccessGranted,
_In_ KPROCESSOR_MODE  AccessMode,
_Out_ PBOOLEAN  GenerateOnClose 
)

Creates an audit with alarm notification of an object that is being opened for deletion.

@unimplemented

Parameters
[in]ObjectTypeNameA Unicode string that points to the object type name.
[in]ObjectIf specified, the function will use this parameter to directly open the object.
[in]AbsoluteObjectNameIf specified, the function will use this parameter to directly open the object through the absolute name of the object.
[in]SecurityDescriptorA security descriptor.
[in]AccessStateAn access state right mask when opening the object.
[in]ObjectCreatedSet this to TRUE if the object has been fully created, FALSE otherwise.
[in]AccessGrantedSet this to TRUE if access was deemed as granted.
[in]AccessModeProcessor level access mode.
[out]GenerateOnCloseA boolean flag returned to the caller once audit generation procedure finishes.
Returns
Nothing.

Definition at line 1276 of file audit.c.

1286{
1288}

◆ SeOpenObjectForDeleteAuditAlarmWithTransaction()

NTKERNELAPI VOID NTAPI SeOpenObjectForDeleteAuditAlarmWithTransaction ( _In_ PUNICODE_STRING  ObjectTypeName,
_In_opt_ PVOID  Object,
_In_opt_ PUNICODE_STRING  AbsoluteObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PACCESS_STATE  AccessState,
_In_ BOOLEAN  ObjectCreated,
_In_ BOOLEAN  AccessGranted,
_In_ KPROCESSOR_MODE  AccessMode,
_In_opt_ GUID TransactionId,
_Out_ PBOOLEAN  GenerateOnClose 
)

◆ SePrivilegeCheck()

NTKERNELAPI BOOLEAN NTAPI SePrivilegeCheck ( _Inout_ PPRIVILEGE_SET  RequiredPrivileges,
_In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext,
_In_ KPROCESSOR_MODE  AccessMode 
)

◆ SeQueryAuthenticationIdToken()

NTKERNELAPI NTSTATUS NTAPI SeQueryAuthenticationIdToken ( _In_ PACCESS_TOKEN  Token,
_Out_ PLUID  LogonId 
)

Queries the authentication ID of an access token.

Parameters
[in]TokenA valid access token where the authentication ID has to be gathered.
[out]pSessionIdThe returned pointer to an authentication ID to the caller.
Returns
Returns STATUS_SUCCESS.

Definition at line 2036 of file token.c.

2039{
2040 PAGED_CODE();
2041
2042 *LogonId = ((PTOKEN)Token)->AuthenticationId;
2043
2044 return STATUS_SUCCESS;
2045}
struct _TOKEN * PTOKEN

Referenced by GetProcessLuid(), KsecGetKeyData(), nfs41_GetLUID(), NtSetUuidSeed(), ObpReferenceDeviceMap(), ObpSetCurrentProcessDeviceMap(), RxGetUid(), and RxInitializeVNetRootParameters().

◆ SeQueryInformationToken()

NTKERNELAPI NTSTATUS NTAPI SeQueryInformationToken ( _In_ PACCESS_TOKEN  AccessToken,
_In_ TOKEN_INFORMATION_CLASS  TokenInformationClass,
_Outptr_result_buffer_(_Inexpressible_(token-dependent)) PVOID TokenInformation 
)

Queries information details about the given token to the call. The difference between NtQueryInformationToken and this routine is that the system call has user mode buffer data probing and additional protection checks whereas this routine doesn't have any of these. The routine is used exclusively in kernel mode.

Parameters
[in]AccessTokenAn access token to be given.
[in]TokenInformationClassToken information class.
[out]TokenInformationBuffer with retrieved information. Such information is arbitrary, depending on the requested information class.
Returns
Returns STATUS_SUCCESS if the operation to query the desired information has completed successfully. STATUS_INSUFFICIENT_RESOURCES is returned if pool memory allocation has failed to satisfy an operation. Otherwise STATUS_INVALID_INFO_CLASS is returned indicating that the information class provided is not supported by the routine.
Remarks
Only certain information classes are not implemented in this function and these are TokenOrigin, TokenGroupsAndPrivileges, TokenRestrictedSids and TokenSandBoxInert. The following classes are implemented in NtQueryInformationToken only.

Definition at line 95 of file tokencls.c.

99{
101 PTOKEN Token = (PTOKEN)AccessToken;
103 union
104 {
105 PSID PSid;
106 ULONG Ulong;
107 } Unused;
108
109 PAGED_CODE();
110
111 /* Lock the token */
113
114 switch (TokenInformationClass)
115 {
116 case TokenUser:
117 {
118 PTOKEN_USER tu;
119
120 DPRINT("SeQueryInformationToken(TokenUser)\n");
121 RequiredLength = sizeof(TOKEN_USER) +
122 RtlLengthSid(Token->UserAndGroups[0].Sid);
123
124 /* Allocate the output buffer */
126 if (tu == NULL)
127 {
129 break;
130 }
131
133 &Token->UserAndGroups[0],
134 RequiredLength - sizeof(TOKEN_USER),
135 &tu->User,
136 (PSID)(tu + 1),
137 &Unused.PSid,
138 &Unused.Ulong);
139
140 /* Return the structure */
141 *TokenInformation = tu;
143 break;
144 }
145
146 case TokenGroups:
147 {
148 PTOKEN_GROUPS tg;
149 ULONG SidLen;
150 PSID Sid;
151
152 DPRINT("SeQueryInformationToken(TokenGroups)\n");
153 RequiredLength = sizeof(tg->GroupCount) +
154 RtlLengthSidAndAttributes(Token->UserAndGroupCount - 1, &Token->UserAndGroups[1]);
155
156 SidLen = RequiredLength - sizeof(tg->GroupCount) -
157 ((Token->UserAndGroupCount - 1) * sizeof(SID_AND_ATTRIBUTES));
158
159 /* Allocate the output buffer */
161 if (tg == NULL)
162 {
164 break;
165 }
166
167 Sid = (PSID)((ULONG_PTR)tg + sizeof(tg->GroupCount) +
168 ((Token->UserAndGroupCount - 1) * sizeof(SID_AND_ATTRIBUTES)));
169
170 tg->GroupCount = Token->UserAndGroupCount - 1;
171 Status = RtlCopySidAndAttributesArray(Token->UserAndGroupCount - 1,
172 &Token->UserAndGroups[1],
173 SidLen,
174 &tg->Groups[0],
175 Sid,
176 &Unused.PSid,
177 &Unused.Ulong);
178
179 /* Return the structure */
180 *TokenInformation = tg;
182 break;
183 }
184
185 case TokenPrivileges:
186 {
188
189 DPRINT("SeQueryInformationToken(TokenPrivileges)\n");
190 RequiredLength = sizeof(tp->PrivilegeCount) +
191 (Token->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
192
193 /* Allocate the output buffer */
195 if (tp == NULL)
196 {
198 break;
199 }
200
201 tp->PrivilegeCount = Token->PrivilegeCount;
202 RtlCopyLuidAndAttributesArray(Token->PrivilegeCount,
203 Token->Privileges,
204 &tp->Privileges[0]);
205
206 /* Return the structure */
207 *TokenInformation = tp;
209 break;
210 }
211
212 case TokenOwner:
213 {
214 PTOKEN_OWNER to;
215 ULONG SidLen;
216
217 DPRINT("SeQueryInformationToken(TokenOwner)\n");
218 SidLen = RtlLengthSid(Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
219 RequiredLength = sizeof(TOKEN_OWNER) + SidLen;
220
221 /* Allocate the output buffer */
223 if (to == NULL)
224 {
226 break;
227 }
228
229 to->Owner = (PSID)(to + 1);
230 Status = RtlCopySid(SidLen,
231 to->Owner,
232 Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
233
234 /* Return the structure */
235 *TokenInformation = to;
237 break;
238 }
239
241 {
243 ULONG SidLen;
244
245 DPRINT("SeQueryInformationToken(TokenPrimaryGroup)\n");
246 SidLen = RtlLengthSid(Token->PrimaryGroup);
247 RequiredLength = sizeof(TOKEN_PRIMARY_GROUP) + SidLen;
248
249 /* Allocate the output buffer */
251 if (tpg == NULL)
252 {
254 break;
255 }
256
257 tpg->PrimaryGroup = (PSID)(tpg + 1);
258 Status = RtlCopySid(SidLen,
259 tpg->PrimaryGroup,
260 Token->PrimaryGroup);
261
262 /* Return the structure */
263 *TokenInformation = tpg;
265 break;
266 }
267
268 case TokenDefaultDacl:
269 {
271
272 DPRINT("SeQueryInformationToken(TokenDefaultDacl)\n");
274
275 if (Token->DefaultDacl != NULL)
276 RequiredLength += Token->DefaultDacl->AclSize;
277
278 /* Allocate the output buffer */
280 if (tdd == NULL)
281 {
283 break;
284 }
285
286 if (Token->DefaultDacl != NULL)
287 {
288 tdd->DefaultDacl = (PACL)(tdd + 1);
290 Token->DefaultDacl,
291 Token->DefaultDacl->AclSize);
292 }
293 else
294 {
295 tdd->DefaultDacl = NULL;
296 }
297
298 /* Return the structure */
299 *TokenInformation = tdd;
301 break;
302 }
303
304 case TokenSource:
305 {
306 PTOKEN_SOURCE ts;
307
308 DPRINT("SeQueryInformationToken(TokenSource)\n");
310
311 /* Allocate the output buffer */
313 if (ts == NULL)
314 {
316 break;
317 }
318
319 *ts = Token->TokenSource;
320
321 /* Return the structure */
322 *TokenInformation = ts;
324 break;
325 }
326
327 case TokenType:
328 {
329 PTOKEN_TYPE tt;
330
331 DPRINT("SeQueryInformationToken(TokenType)\n");
332 RequiredLength = sizeof(TOKEN_TYPE);
333
334 /* Allocate the output buffer */
336 if (tt == NULL)
337 {
339 break;
340 }
341
342 *tt = Token->TokenType;
343
344 /* Return the structure */
345 *TokenInformation = tt;
347 break;
348 }
349
351 {
353
354 DPRINT("SeQueryInformationToken(TokenImpersonationLevel)\n");
356
357 /* Fail if the token is not an impersonation token */
358 if (Token->TokenType != TokenImpersonation)
359 {
361 break;
362 }
363
364 /* Allocate the output buffer */
366 if (sil == NULL)
367 {
369 break;
370 }
371
372 *sil = Token->ImpersonationLevel;
373
374 /* Return the structure */
375 *TokenInformation = sil;
377 break;
378 }
379
380 case TokenStatistics:
381 {
383
384 DPRINT("SeQueryInformationToken(TokenStatistics)\n");
386
387 /* Allocate the output buffer */
389 if (ts == NULL)
390 {
392 break;
393 }
394
395 ts->TokenId = Token->TokenId;
396 ts->AuthenticationId = Token->AuthenticationId;
397 ts->ExpirationTime = Token->ExpirationTime;
398 ts->TokenType = Token->TokenType;
399 ts->ImpersonationLevel = Token->ImpersonationLevel;
400 ts->DynamicCharged = Token->DynamicCharged;
401 ts->DynamicAvailable = SepComputeAvailableDynamicSpace(Token->DynamicCharged, Token->PrimaryGroup, Token->DefaultDacl);
402 ts->GroupCount = Token->UserAndGroupCount - 1;
403 ts->PrivilegeCount = Token->PrivilegeCount;
404 ts->ModifiedId = Token->ModifiedId;
405
406 /* Return the structure */
407 *TokenInformation = ts;
409 break;
410 }
411
412 case TokenSessionId:
413 {
414 DPRINT("SeQueryInformationToken(TokenSessionId)\n");
415 Status = SeQuerySessionIdToken(Token, (PULONG)TokenInformation);
416 break;
417 }
418
419 default:
420 DPRINT1("SeQueryInformationToken(%d) invalid information class\n", TokenInformationClass);
422 break;
423 }
424
425 /* Release the lock of the token */
427
428 return Status;
429}
_In_ uint64_t _In_ uint64_t _In_ uint64_t _In_opt_ traverse_ptr * tp
Definition: btrfs.c:2996
NTSYSAPI BOOLEAN WINAPI RtlCopySid(DWORD, PSID, PSID)
#define Unused(x)
Definition: atlwin.h:28
enum _SECURITY_IMPERSONATION_LEVEL * PSECURITY_IMPERSONATION_LEVEL
struct _TOKEN_SOURCE TOKEN_SOURCE
struct _SID * PSID
Definition: eventlog.c:35
struct _ACL * PACL
Definition: security.c:105
NTSYSAPI VOID NTAPI RtlCopyLuidAndAttributesArray(ULONG Count, PLUID_AND_ATTRIBUTES Src, PLUID_AND_ATTRIBUTES Dest)
Definition: luid.c:33
NTSYSAPI NTSTATUS NTAPI RtlCopySidAndAttributesArray(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src, _In_ ULONG SidAreaSize, _In_ PSID_AND_ATTRIBUTES Dest, _In_ PSID SidArea, _Out_ PSID *RemainingSidArea, _Out_ PULONG RemainingSidAreaSize)
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1145
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
Definition: sefuncs.h:317
ULONG RtlLengthSidAndAttributes(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src)
Computes the length size of a SID.
Definition: token.c:965
ULONG SepComputeAvailableDynamicSpace(_In_ ULONG DynamicCharged, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl)
Computes the exact available dynamic area of an access token whilst querying token statistics.
Definition: token.c:659
#define SepReleaseTokenLock(Token)
Definition: se.h:296
NTSTATUS NTAPI SeQuerySessionIdToken(_In_ PACCESS_TOKEN Token, _Out_ PULONG pSessionId)
Queries the session ID of an access token.
Definition: token.c:2004
#define STATUS_INVALID_INFO_CLASS
Definition: ntstatus.h:240
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
Definition: setypes.h:1018
$ULONG GroupCount
Definition: setypes.h:1014
PSID Owner
Definition: setypes.h:1028
LUID AuthenticationId
Definition: setypes.h:1087
TOKEN_TYPE TokenType
Definition: setypes.h:1089
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:1090
LARGE_INTEGER ExpirationTime
Definition: setypes.h:1088
$ULONG DynamicAvailable
Definition: setypes.h:1092
$ULONG PrivilegeCount
Definition: setypes.h:1094
$ULONG DynamicCharged
Definition: setypes.h:1091
$ULONG GroupCount
Definition: setypes.h:1093
SID_AND_ATTRIBUTES User
Definition: setypes.h:1010
#define TAG_SE
Definition: tag.h:150
uint32_t * PULONG
Definition: typedefs.h:59
unsigned long Ulong
Definition: utypes.h:42
_In_ ULONG _Out_opt_ PULONG RequiredLength
Definition: wmifuncs.h:30
struct _TOKEN_PRIMARY_GROUP TOKEN_PRIMARY_GROUP
struct _TOKEN_USER TOKEN_USER
@ TokenDefaultDacl
Definition: setypes.h:971
@ TokenSource
Definition: setypes.h:972
@ TokenStatistics
Definition: setypes.h:975
@ TokenImpersonationLevel
Definition: setypes.h:974
@ TokenGroups
Definition: setypes.h:967
@ TokenPrivileges
Definition: setypes.h:968
@ TokenUser
Definition: setypes.h:966
@ TokenPrimaryGroup
Definition: setypes.h:970
@ TokenSessionId
Definition: setypes.h:977
@ TokenOwner
Definition: setypes.h:969
struct _TOKEN_STATISTICS TOKEN_STATISTICS
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
enum _TOKEN_TYPE * PTOKEN_TYPE
struct _TOKEN_DEFAULT_DACL TOKEN_DEFAULT_DACL
struct _TOKEN_OWNER TOKEN_OWNER

Referenced by find_gid(), NtSecureConnectPort(), START_TEST(), and TestsSeQueryInformationToken().

◆ SeQuerySecurityDescriptorInfo()

◆ SeQuerySessionIdToken()

NTKERNELAPI NTSTATUS NTAPI SeQuerySessionIdToken ( _In_ PACCESS_TOKEN  Token,
_Out_ PULONG  pSessionId 
)

Queries the session ID of an access token.

Parameters
[in]TokenA valid access token where the session ID has to be gathered.
[out]pSessionIdThe returned pointer to a session ID to the caller.
Returns
Returns STATUS_SUCCESS.

Definition at line 2004 of file token.c.

2007{
2008 PAGED_CODE();
2009
2010 /* Lock the token */
2012
2013 *pSessionId = ((PTOKEN)Token)->SessionId;
2014
2015 /* Unlock the token */
2017
2018 return STATUS_SUCCESS;
2019}

Referenced by NtQueryInformationToken(), RxGetSessionId(), RxInitializeVNetRootParameters(), and SeQueryInformationToken().

◆ SeQueryTokenIntegrity()

NTKERNELAPI VOID NTAPI SeQueryTokenIntegrity ( _In_ PACCESS_TOKEN  Token,
_Inout_ PSID_AND_ATTRIBUTES  IntegritySA 
)

◆ SeRegisterLogonSessionTerminatedRoutine()

NTKERNELAPI NTSTATUS NTAPI SeRegisterLogonSessionTerminatedRoutine ( _In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE  CallbackRoutine)

Registers a callback that will be called once a logon session terminates.

Parameters
[in]CallbackRoutineCallback routine address.
Returns
Returns STATUS_SUCCESS if the callback routine was registered successfully. STATUS_INVALID_PARAMETER is returned if the caller did not provide a callback routine. STATUS_INSUFFICIENT_RESOURCES is returned if the callback notification data couldn't be allocated because of lack of memory pool resources.

Definition at line 1572 of file srm.c.

1574{
1576 PAGED_CODE();
1577
1578 /* Fail, if we don not have a callback routine */
1579 if (CallbackRoutine == NULL)
1581
1582 /* Allocate a new notification item */
1586 if (Notification == NULL)
1588
1589 /* Acquire the database lock */
1591
1592 /* Set the callback routine */
1593 Notification->CallbackRoutine = CallbackRoutine;
1594
1595 /* Insert the new notification item into the list */
1598
1599 /* Release the database lock */
1601
1602 return STATUS_SUCCESS;
1603}
_Must_inspect_result_ _In_ PFLT_GET_OPERATION_STATUS_CALLBACK CallbackRoutine
Definition: fltkernel.h:1035
PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION SepLogonNotifications
Definition: srm.c:63
#define TAG_LOGON_NOTIFICATION
Definition: tag.h:164
_In_ PWDFDEVICE_INIT _In_ PFN_WDF_DEVICE_SHUTDOWN_NOTIFICATION Notification
Definition: wdfcontrol.h:115

◆ SeReleaseSubjectContext()

NTKERNELAPI VOID NTAPI SeReleaseSubjectContext ( _Inout_ PSECURITY_SUBJECT_CONTEXT  SubjectContext)

◆ SeReportSecurityEvent()

NTSTATUS NTAPI SeReportSecurityEvent ( _In_ ULONG  Flags,
_In_ PUNICODE_STRING  SourceName,
_In_opt_ PSID  UserSid,
_In_ PSE_ADT_PARAMETER_ARRAY  AuditParameters 
)

Report a security event to the security manager.

@unimplemented

Parameters
[in]FlagsFlags that influence how the event should be reported.
[in]SourceNameA Unicode string that represents the source name of the event.
[in]UserSidThe SID that represents a user that initiated the reporting.
[in]AuditParametersAn array of parameters for auditing purposes. This is used for reporting the event which the security manager will take care subsequently of doing eventual security auditing.
Returns
Returns STATUS_SUCCESS if the security event has been reported. STATUS_INVALID_PARAMETER is returned if one of the parameters do not satisfy the requirements expected by the function.

Definition at line 508 of file semgr.c.

513{
515 PTOKEN EffectiveToken;
516 PISID Sid;
518
519 /* Validate parameters */
520 if ((Flags != 0) ||
521 (SourceName == NULL) ||
522 (SourceName->Buffer == NULL) ||
523 (SourceName->Length == 0) ||
524 (AuditParameters == NULL) ||
525 (AuditParameters->ParameterCount > SE_MAX_AUDIT_PARAMETERS - 4))
526 {
528 }
529
530 /* Validate the source name */
532 if (!NT_SUCCESS(Status))
533 {
534 return Status;
535 }
536
537 /* Check if we have a user SID */
538 if (UserSid != NULL)
539 {
540 /* Validate it */
541 if (!RtlValidSid(UserSid))
542 {
544 }
545
546 /* Use the user SID */
547 Sid = UserSid;
548 }
549 else
550 {
551 /* No user SID, capture the security subject context */
553
554 /* Extract the effective token */
555 EffectiveToken = SubjectContext.ClientToken ?
556 SubjectContext.ClientToken : SubjectContext.PrimaryToken;
557
558 /* Use the user-and-groups SID */
559 Sid = EffectiveToken->UserAndGroups->Sid;
560 }
561
563
564 /* Check if we captured the subject context */
565 if (Sid != UserSid)
566 {
567 /* Release it */
569 }
570
571 /* Return success */
572 return STATUS_SUCCESS;
573}
WCHAR SourceName[256]
Definition: arping.c:28
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
NTSYSAPI NTSTATUS NTAPI RtlValidateUnicodeString(_In_ ULONG Flags, _In_ PCUNICODE_STRING String)
Definition: unicode.c:2605
PSID_AND_ATTRIBUTES UserAndGroups
Definition: setypes.h:233
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
Definition: subject.c:171
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
Definition: subject.c:85
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
#define SE_MAX_AUDIT_PARAMETERS
Definition: setypes.h:256

◆ SeReportSecurityEventWithSubCategory()

NTSTATUS NTAPI SeReportSecurityEventWithSubCategory ( _In_ ULONG  Flags,
_In_ PUNICODE_STRING  SourceName,
_In_opt_ PSID  UserSid,
_In_ PSE_ADT_PARAMETER_ARRAY  AuditParameters,
_In_ ULONG  AuditSubcategoryId 
)

◆ SeSetAccessStateGenericMapping()

VOID NTAPI SeSetAccessStateGenericMapping ( _Inout_ PACCESS_STATE  AccessState,
_In_ PGENERIC_MAPPING  GenericMapping 
)

◆ SeSetSecurityDescriptorInfo()

NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfo ( _In_opt_ PVOID  Object,
_In_ PSECURITY_INFORMATION  SecurityInformation,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_Inout_ PSECURITY_DESCRIPTOR ObjectsSecurityDescriptor,
_In_ POOL_TYPE  PoolType,
_In_ PGENERIC_MAPPING  GenericMapping 
)

◆ SeSetSecurityDescriptorInfoEx()

NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfoEx ( _In_opt_ PVOID  Object,
_In_ PSECURITY_INFORMATION  SecurityInformation,
_In_ PSECURITY_DESCRIPTOR  ModificationDescriptor,
_Inout_ PSECURITY_DESCRIPTOR ObjectsSecurityDescriptor,
_In_ ULONG  AutoInheritFlags,
_In_ POOL_TYPE  PoolType,
_In_ PGENERIC_MAPPING  GenericMapping 
)

◆ SeSetSessionIdToken()

NTKERNELAPI NTSTATUS NTAPI SeSetSessionIdToken ( _In_ PACCESS_TOKEN  Token,
_In_ ULONG  SessionId 
)

◆ SeTokenIsAdmin()

NTKERNELAPI BOOLEAN NTAPI SeTokenIsAdmin ( _In_ PACCESS_TOKEN  Token)

Determines if a token is either an admin token or not. Such condition is checked based upon TOKEN_HAS_ADMIN_GROUP flag, which means if the respective access token belongs to an administrator group or not.

Parameters
[in]TokenA valid access token to determine if such token is admin or not.
Returns
Returns TRUE if the token is an admin one, FALSE otherwise.

Definition at line 2103 of file token.c.

2105{
2106 PAGED_CODE();
2107
2108 // NOTE: Win7+ instead really checks the list of groups in the token
2109 // (since TOKEN_HAS_ADMIN_GROUP == TOKEN_WRITE_RESTRICTED ...)
2110 return (((PTOKEN)Token)->TokenFlags & TOKEN_HAS_ADMIN_GROUP) != 0;
2111}
#define TOKEN_HAS_ADMIN_GROUP
Definition: setypes.h:1182

Referenced by PsImpersonateClient(), and SepAccessCheckWorker().

◆ SeTokenIsRestricted()

NTKERNELAPI BOOLEAN NTAPI SeTokenIsRestricted ( _In_ PACCESS_TOKEN  Token)

Determines if a token is restricted or not, based upon the token flags.

Parameters
[in]TokenA valid access token to determine if such token is restricted.
Returns
Returns TRUE if the token is restricted, FALSE otherwise.

Definition at line 2126 of file token.c.

2128{
2129 PAGED_CODE();
2130
2131 return (((PTOKEN)Token)->TokenFlags & TOKEN_IS_RESTRICTED) != 0;
2132}
#define TOKEN_IS_RESTRICTED
Definition: setypes.h:1183

Referenced by NtQueryInformationToken(), PsImpersonateClient(), RxInitializeVNetRootParameters(), SepAccessCheckWorker(), SepCompareTokens(), SepDumpTokenDebugInfo(), SepImpersonateAnonymousToken(), and SeTokenCanImpersonate().

◆ SeTokenType()

NTKERNELAPI TOKEN_TYPE NTAPI SeTokenType ( _In_ PACCESS_TOKEN  Token)

Gathers the token type of an access token. A token ca be either a primary token or impersonation token.

Parameters
[in]TokenA valid access token where the token type has to be gathered.
Returns
Returns the token type from a valid token.

Definition at line 2080 of file token.c.

2082{
2083 PAGED_CODE();
2084
2085 return ((PTOKEN)Token)->TokenType;
2086}

◆ SeUnlockSubjectContext()

NTKERNELAPI VOID NTAPI SeUnlockSubjectContext ( _In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext)

Unlocks both the referenced primary and client access tokens of a security subject context.

Parameters
[in]SubjectContextA valid security context with both referenced tokens.
Returns
Nothing.

Definition at line 138 of file subject.c.

140{
141 PTOKEN PrimaryToken, ClientToken;
142 PAGED_CODE();
143
144 /* Read both tokens */
145 PrimaryToken = SubjectContext->PrimaryToken;
146 ClientToken = SubjectContext->ClientToken;
147
148 /* Unlock the impersonation one if it's there */
149 if (ClientToken)
150 {
151 SepReleaseTokenLock(ClientToken);
152 }
153
154 /* Always unlock the primary one */
155 SepReleaseTokenLock(PrimaryToken);
156}

Referenced by create_stream(), FatExplicitDeviceAccessGranted(), file_create(), FilterToken(), HasPrivilege(), IopParseDevice(), NpCreateClientEnd(), NpCreateExistingNamedPipe(), NpCreateNewNamedPipe(), ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObpCheckObjectReference(), ObpCheckTraverseAccess(), open_file2(), SeAccessCheck(), START_TEST(), and TestSeAssignSecurity().

◆ SeUnregisterLogonSessionTerminatedRoutine()

NTKERNELAPI NTSTATUS NTAPI SeUnregisterLogonSessionTerminatedRoutine ( _In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE  CallbackRoutine)

Un-registers a callback routine, previously registered by SeRegisterLogonSessionTerminatedRoutine function.

Parameters
[in]CallbackRoutineCallback routine address to un-register.
Returns
Returns STATUS_SUCCESS if the callback routine was un-registered successfully. STATUS_INVALID_PARAMETER is returned if the caller did not provide a callback routine. STATUS_NOT_FOUND is returned if the callback notification item couldn't be found.

Definition at line 1621 of file srm.c.

1623{
1626 PAGED_CODE();
1627
1628 /* Fail, if we don not have a callback routine */
1629 if (CallbackRoutine == NULL)
1631
1632 /* Acquire the database lock */
1634
1635 /* Loop all registered notification items */
1636 for (Current = SepLogonNotifications;
1637 Current != NULL;
1638 Current = Current->Next)
1639 {
1640 /* Check if the callback routine matches the provided one */
1641 if (Current->CallbackRoutine == CallbackRoutine)
1642 break;
1643
1644 Previous = Current;
1645 }
1646
1647 if (Current == NULL)
1648 {
1650 }
1651 else
1652 {
1653 /* Remove the current notification item from the list */
1654 if (Previous == NULL)
1655 SepLogonNotifications = Current->Next;
1656 else
1657 Previous->Next = Current->Next;
1658
1659 /* Free the current notification item */
1660 ExFreePoolWithTag(Current,
1662
1664 }
1665
1666 /* Release the database lock */
1668
1669 return Status;
1670}
struct _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION * Next
Definition: srm.c:20
PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
Definition: srm.c:21

Variable Documentation

◆ AbsoluteObjectName

_In_opt_ PVOID _In_opt_ PUNICODE_STRING AbsoluteObjectName

Definition at line 415 of file sefuncs.h.

◆ AccessGranted

◆ AccessMode

◆ AccessState

◆ AccessStatus

◆ DesiredAccess

◆ ExplicitDescriptor

_In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor

Definition at line 29 of file sefuncs.h.

Referenced by TestSeAssignSecurity().

◆ GenerateOnClose

◆ GenericMapping

◆ GrantedAccess

Definition at line 20 of file sefuncs.h.

Referenced by $endif(), $include(), AccessCheck(), AccessCheckAndAuditAlarmA(), AccessCheckAndAuditAlarmW(), AccessCheckByType(), AccessCheckByTypeResultList(), AccessCheckEmptyMappingTest(), AccessGrantedMultipleObjectsTests(), AccessGrantedNoDaclTests(), AccessGrantedTests(), AreAllAccessesGranted(), AreAnyAccessesGranted(), CheckTokenMembership(), CloseProc(), DenyAccessTests(), ExpDesktopClose(), ExpDesktopOpen(), FatExplicitDeviceAccessGranted(), GrantedAccessTests(), IoCheckDesiredAccess(), IopParseDevice(), LocalmonXcvOpenPort(), NetUserAdd(), NpCreateClientEnd(), NpCreateExistingNamedPipe(), NtAccessCheck(), NtAccessCheckAndAuditAlarm(), NtAccessCheckByType(), NtAccessCheckByTypeAndAuditAlarm(), NtAccessCheckByTypeResultList(), NtOpenObjectAuditAlarm(), NtWaitForMultipleObjects(), ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObjectOpenAuditAlarmA(), ObjectOpenAuditAlarmW(), ObpCheckObjectReference(), ObpCheckTraverseAccess(), ObpCloseHandleTableEntry(), ObpCreateHandle(), ObpCreateUnnamedHandle(), ObpDecrementHandleCount(), ObpEnumFindHandleProcedure(), ObpReferenceProcessObjectByHandle(), ObReferenceFileObjectForWrite(), ObReferenceObjectByHandle(), OpenProc(), ParamsValidationTests(), ParamValidationNoObjsList(), PrintAccessStatusAndGrantedAccess(), RtlAreAnyAccessesGranted(), SamCreateUser2InDomain(), SamrCreateUser2InDomain(), SeAccessCheck(), SepAccessCheck(), SepAccessCheckAndAuditAlarm(), SepOpenObjectAuditAlarm(), SePrivilegePolicyCheck(), test_RtlAreAllAccessesGranted(), test_RtlAreAnyAccessesGranted(), and TestDuplicate().

◆ IsDirectoryObject

◆ NewDescriptor

◆ Object

Definition at line 414 of file sefuncs.h.

◆ ObjectCreated

◆ ParentSecurityDescriptor

Definition at line 396 of file sefuncs.h.

◆ PoolType

◆ PreviouslyGrantedAccess

◆ PreviousMode

_In_ KPROCESSOR_MODE PreviousMode

Definition at line 103 of file sefuncs.h.

Referenced by _IRQL_requires_max_(), DbgkOpenProcessDebugPort(), DefaultQueryInfoBufferCheck(), DefaultSetInfoBufferCheck(), ExpRaiseHardError(), IopCheckBackupRestorePrivilege(), IopDeviceFsIoControl(), IopFinalizeAsynchronousIo(), IopPerformSynchronousRequest(), IopQueryName(), IopQueryNameInternal(), IopUnloadDriver(), KdbEnterDebuggerException(), KdpCommandString(), KdpPrint(), KdpPrintFromUser(), KdpPrompt(), KdpStub(), KdpSymbol(), KdpTrap(), KeContextToTrapFrame(), KeFlushQueueApc(), KiApcInterrupt(), KiContinue(), KiDispatchException(), KiRaiseException(), KiSoftwareInterruptHandler(), LpcpCopyRequestData(), LpcpCreatePort(), LpcRequestPort(), LpcRequestWaitReplyPort(), MiAccessCheck(), MiDoMappedCopy(), MiDoPoolCopy(), MiQueryMemoryBasicInformation(), MiQueryMemorySectionName(), MmCopyVirtualMemory(), MmCreateArm3Section(), NpCreateClientEnd(), NpCreateExistingNamedPipe(), NtAcceptConnectPort(), NtAddAtom(), NtAdjustGroupsToken(), NtAdjustPrivilegesToken(), NtAlertResumeThread(), NtAlertThread(), NtAllocateLocallyUniqueId(), NtAllocateUuids(), NtAllocateVirtualMemory(), NtAssignProcessToJobObject(), NtCancelIoFile(), NtCancelTimer(), NtCloseObjectAuditAlarm(), NtCompareTokens(), NtCompleteConnectPort(), NtCreateDebugObject(), NtCreateDirectoryObject(), NtCreateEvent(), NtCreateEventPair(), NtCreateIoCompletion(), NtCreateJobObject(), NtCreateKey(), NtCreateMutant(), NtCreatePagingFile(), NtCreateProcessEx(), NtCreateProfile(), NtCreateSection(), NtCreateSemaphore(), NtCreateSymbolicLinkObject(), NtCreateTimer(), NtCreateToken(), NtDebugActiveProcess(), NtDebugContinue(), NtDelayExecution(), NtDeleteValueKey(), NtDisplayString(), NtDuplicateObject(), NtDuplicateToken(), NtEnumerateKey(), NtEnumerateValueKey(), NtExtendSection(), NtFilterToken(), NtFindAtom(), NtFlushBuffersFile(), NtFlushVirtualMemory(), NtFreeVirtualMemory(), NtGetContextThread(), NtGetWriteWatch(), NtImpersonateAnonymousToken(), NtImpersonateClientOfPort(), NtImpersonateThread(), NtIsProcessInJob(), NtLoadDriver(), NtLoadKeyEx(), NtLockFile(), NtLockProductActivationKeys(), NtLockVirtualMemory(), NtMakePermanentObject(), NtMapViewOfSection(), NtNotifyChangeDirectoryFile(), NtOpenDirectoryObject(), NtOpenEvent(), NtOpenEventPair(), NtOpenIoCompletion(), NtOpenJobObject(), NtOpenKey(), NtOpenMutant(), NtOpenProcess(), NtOpenProcessTokenEx(), NtOpenSection(), NtOpenSemaphore(), NtOpenSymbolicLinkObject(), NtOpenThread(), NtOpenThreadTokenEx(), NtOpenTimer(), NtPowerInformation(), NtPrivilegeCheck(), NtPrivilegedServiceAuditAlarm(), NtProtectVirtualMemory(), NtPulseEvent(), NtQueryDirectoryFile(), NtQueryDirectoryObject(), NtQueryEvent(), NtQueryInformationAtom(), NtQueryInformationFile(), NtQueryInformationJobObject(), NtQueryInformationProcess(), NtQueryInformationThread(), NtQueryInformationToken(), NtQueryIntervalProfile(), NtQueryIoCompletion(), NtQueryKey(), NtQueryMutant(), NtQueryObject(), NtQueryOpenSubKeys(), NtQueryPerformanceCounter(), NtQuerySection(), NtQuerySecurityObject(), NtQuerySemaphore(), NtQuerySymbolicLinkObject(), NtQuerySystemEnvironmentValue(), NtQuerySystemInformation(), NtQuerySystemTime(), NtQueryTimer(), NtQueryTimerResolution(), NtQueryValueKey(), NtQueryVirtualMemory(), NtQueryVolumeInformationFile(), NtRaiseHardError(), NtReadFile(), NtReadVirtualMemory(), NtReleaseMutant(), NtReleaseSemaphore(), NtRemoveIoCompletion(), NtRemoveProcessDebug(), NtReplyPort(), NtReplyWaitReceivePortEx(), NtRequestPort(), NtRequestWaitReplyPort(), NtResetEvent(), NtResetWriteWatch(), NtResumeProcess(), NtResumeThread(), NtSaveKeyEx(), NtSaveMergedKeys(), NtSecureConnectPort(), NtSetContextThread(), NtSetDefaultHardErrorPort(), NtSetEvent(), NtSetHighEventPair(), NtSetHighWaitLowEventPair(), NtSetInformationDebugObject(), NtSetInformationFile(), NtSetInformationJobObject(), NtSetInformationObject(), NtSetInformationProcess(), NtSetInformationThread(), NtSetInformationToken(), NtSetLowEventPair(), NtSetLowWaitHighEventPair(), NtSetSecurityObject(), NtSetSystemEnvironmentValue(), NtSetSystemInformation(), NtSetSystemPowerState(), NtSetSystemTime(), NtSetThreadExecutionState(), NtSetTimer(), NtSetTimerResolution(), NtSetValueKey(), NtSetVolumeInformationFile(), NtSignalAndWaitForSingleObject(), NtStartProfile(), NtStopProfile(), NtSuspendProcess(), NtSuspendThread(), NtTerminateJobObject(), NtUnloadKey2(), NtUnlockFile(), NtUnlockVirtualMemory(), NtUnmapViewOfSection(), NtWaitForDebugEvent(), NtWaitForMultipleObjects(), NtWaitForSingleObject(), NtWaitHighEventPair(), NtWaitLowEventPair(), NtWriteFile(), NtWriteVirtualMemory(), ObDuplicateObject(), ObInsertObject(), ObpAllocateObject(), ObpValidateAttributes(), ObSetHandleAttributes(), OpenRemoteDatabase(), PsGetContextThread(), PspCreateProcess(), PspCreateThread(), PspSetPrimaryToken(), PspSetQuotaLimits(), PsSetContextThread(), QSI_DEF(), SeCaptureLuidAndAttributesArray(), SeCaptureObjectTypeList(), SeCaptureSidAndAttributesArray(), SeCheckAuditPrivilege(), SeCheckPrivilegedObject(), SeCopyClientToken(), SepAccessCheck(), SepCreateToken(), SepDuplicateToken(), SepImpersonateAnonymousToken(), SepOpenThreadToken(), SepPerformTokenFiltering(), SepPrivilegeCheck(), SePrivilegeCheck(), SePrivilegePolicyCheck(), SepSinglePrivilegeCheck(), SeReleaseLuidAndAttributesArray(), SeReleaseObjectTypeList(), SeSinglePrivilegeCheck(), SSI_DEF(), WmipOpenGuidForEvents(), and WmipRegisterGuids().

◆ Privileges

◆ SecurityDescriptor

◆ SeExports

◆ SubjectContext

◆ SubjectContextLocked

Definition at line 14 of file sefuncs.h.

Referenced by SeAccessCheck().

◆ SubjectSecurityContext

◆ TransactionId