ReactOS  0.4.15-dev-3302-ga37d9a4
sefuncs.h File Reference

Go to the source code of this file.

Macros

#define SeLengthSid(Sid)   (8 + (4 * ((SID *)Sid)->SubAuthorityCount))
 
#define SeDeleteClientSecurity(C)
 
#define SeStopImpersonatingClient()   PsRevertToSelf()
 
#define SeQuerySubjectContextToken(SubjectContext)
 

Functions

 $if (_WDMDDK_) _IRQL_requires_max_(PASSIVE_LEVEL) NTKERNELAPI BOOLEAN NTAPI SeAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor
 
 _IRQL_requires_max_ (PASSIVE_LEVEL) NTKERNELAPI NTSTATUS NTAPI SeAssignSecurity(_In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor
 Queries information details about a security descriptor. More...
 
NTKERNELAPI NTSTATUS NTAPI SeAssignSecurityEx (_In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor, _In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor, _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, _In_opt_ GUID *ObjectType, _In_ BOOLEAN IsDirectoryObject, _In_ ULONG AutoInheritFlags, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PGENERIC_MAPPING GenericMapping, _In_ POOL_TYPE PoolType)
 
 _In_reads_bytes_ (Length) PSECURITY_DESCRIPTOR SecurityDescriptor)
 
NTKERNELAPI ULONG NTAPI SeObjectCreateSaclAccessBits (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor)
 
NTKERNELAPI VOID NTAPI SeReleaseSubjectContext (_Inout_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
 
NTKERNELAPI VOID NTAPI SeUnlockSubjectContext (_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
 Unlocks both the referenced primary and client access tokens of a security subject context. More...
 
NTKERNELAPI VOID NTAPI SeCaptureSubjectContext (_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
 Captures the security subject context of the calling thread and calling process. More...
 
NTKERNELAPI VOID NTAPI SeLockSubjectContext (_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
 Locks both the referenced primary and client access tokens of a security subject context. More...
 
 $endif (_WDMDDK_) $if(_NTDDK_) _IRQL_requires_max_(PASSIVE_LEVEL) NTKERNELAPI BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue
 
 $endif (_NTDDK_) $if(_NTIFS_) NTKERNELAPI VOID NTAPI SeReleaseSubjectContext(_Inout_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
 
NTKERNELAPI BOOLEAN NTAPI SePrivilegeCheck (_Inout_ PPRIVILEGE_SET RequiredPrivileges, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE AccessMode)
 
NTKERNELAPI VOID NTAPI SeOpenObjectAuditAlarm (_In_ PUNICODE_STRING ObjectTypeName, _In_opt_ PVOID Object, _In_opt_ PUNICODE_STRING AbsoluteObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ BOOLEAN ObjectCreated, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE AccessMode, _Out_ PBOOLEAN GenerateOnClose)
 Creates an audit with alarm notification of an object that is being opened. More...
 
NTKERNELAPI VOID NTAPI SeOpenObjectForDeleteAuditAlarm (_In_ PUNICODE_STRING ObjectTypeName, _In_opt_ PVOID Object, _In_opt_ PUNICODE_STRING AbsoluteObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ BOOLEAN ObjectCreated, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE AccessMode, _Out_ PBOOLEAN GenerateOnClose)
 Creates an audit with alarm notification of an object that is being opened for deletion. More...
 
NTKERNELAPI VOID NTAPI SeDeleteObjectAuditAlarm (_In_ PVOID Object, _In_ HANDLE Handle)
 Deletes an alarm audit of an object. More...
 
NTKERNELAPI TOKEN_TYPE NTAPI SeTokenType (_In_ PACCESS_TOKEN Token)
 Gathers the token type of an access token. A token ca be either a primary token or impersonation token. More...
 
NTKERNELAPI BOOLEAN NTAPI SeTokenIsAdmin (_In_ PACCESS_TOKEN Token)
 Determines if a token is either an admin token or not. Such condition is checked based upon TOKEN_HAS_ADMIN_GROUP flag, which means if the respective access token belongs to an administrator group or not. More...
 
NTKERNELAPI BOOLEAN NTAPI SeTokenIsRestricted (_In_ PACCESS_TOKEN Token)
 Determines if a token is restricted or not, based upon the token flags. More...
 
NTKERNELAPI NTSTATUS NTAPI SeQueryAuthenticationIdToken (_In_ PACCESS_TOKEN Token, _Out_ PLUID AuthenticationId)
 Queries the authentication ID of an access token. More...
 
NTKERNELAPI NTSTATUS NTAPI SeQuerySessionIdToken (_In_ PACCESS_TOKEN Token, _Out_ PULONG SessionId)
 Queries the session ID of an access token. More...
 
NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurity (_In_ PETHREAD ClientThread, _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, _In_ BOOLEAN RemoteSession, _Out_ PSECURITY_CLIENT_CONTEXT ClientContext)
 Creates a client security context. More...
 
NTKERNELAPI VOID NTAPI SeImpersonateClient (_In_ PSECURITY_CLIENT_CONTEXT ClientContext, _In_opt_ PETHREAD ServerThread)
 Impersonates a client user. More...
 
NTKERNELAPI NTSTATUS NTAPI SeImpersonateClientEx (_In_ PSECURITY_CLIENT_CONTEXT ClientContext, _In_opt_ PETHREAD ServerThread)
 Extended function that impersonates a client. More...
 
NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurityFromSubjectContext (_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, _In_ BOOLEAN ServerIsRemote, _Out_ PSECURITY_CLIENT_CONTEXT ClientContext)
 Creates a client security context based upon the captured security subject context. More...
 
NTKERNELAPI NTSTATUS NTAPI SeQuerySecurityDescriptorInfo (_In_ PSECURITY_INFORMATION SecurityInformation, _Out_writes_bytes_(*Length) PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PULONG Length, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor)
 
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfo (_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
 
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfoEx (_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR ModificationDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ ULONG AutoInheritFlags, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
 
NTKERNELAPI NTSTATUS NTAPI SeAppendPrivileges (_Inout_ PACCESS_STATE AccessState, _In_ PPRIVILEGE_SET Privileges)
 Appends additional privileges. More...
 
NTKERNELAPI BOOLEAN NTAPI SeAuditingFileEvents (_In_ BOOLEAN AccessGranted, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor)
 Determines whether auditing against file events is being done or not. More...
 
NTKERNELAPI BOOLEAN NTAPI SeAuditingFileOrGlobalEvents (_In_ BOOLEAN AccessGranted, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)
 Determines whether auditing against files or global events with subject context is being done or not. More...
 
VOID NTAPI SeSetAccessStateGenericMapping (_Inout_ PACCESS_STATE AccessState, _In_ PGENERIC_MAPPING GenericMapping)
 
NTKERNELAPI NTSTATUS NTAPI SeRegisterLogonSessionTerminatedRoutine (_In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
 Registers a callback that will be called once a logon session terminates. More...
 
NTKERNELAPI NTSTATUS NTAPI SeUnregisterLogonSessionTerminatedRoutine (_In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
 Un-registers a callback routine, previously registered by SeRegisterLogonSessionTerminatedRoutine function. More...
 
NTKERNELAPI NTSTATUS NTAPI SeMarkLogonSessionForTerminationNotification (_In_ PLUID LogonId)
 Marks a logon session for future termination, given its logon ID. This triggers a callout (the registered callback) when the logon is no longer used by anyone, that is, no token is still referencing the speciffied logon session. More...
 
NTKERNELAPI NTSTATUS NTAPI SeQueryInformationToken (_In_ PACCESS_TOKEN Token, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Outptr_result_buffer_(_Inexpressible_(token-dependent)) PVOID *TokenInformation)
 Queries information details about the given token to the call. The difference between NtQueryInformationToken and this routine is that the system call has user mode buffer data probing and additional protection checks whereas this routine doesn't have any of these. The routine is used exclusively in kernel mode. More...
 
 $endif (_NTIFS_) $if(_NTIFS_) NTKERNELAPI BOOLEAN NTAPI SeAuditingHardLinkEvents(_In_ BOOLEAN AccessGranted
 
NTKERNELAPI NTSTATUS NTAPI SeFilterToken (_In_ PACCESS_TOKEN ExistingToken, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Outptr_ PACCESS_TOKEN *FilteredToken)
 
NTKERNELAPI VOID NTAPI SeAuditHardLinkCreation (_In_ PUNICODE_STRING FileName, _In_ PUNICODE_STRING LinkName, _In_ BOOLEAN bSuccess)
 Performs an audit against a hard link creation. More...
 
NTKERNELAPI BOOLEAN NTAPI SeAuditingFileEventsWithContext (_In_ BOOLEAN AccessGranted, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)
 Determines whether auditing against file events with subject context is being done or not. More...
 
NTKERNELAPI BOOLEAN NTAPI SeAuditingHardLinkEventsWithContext (_In_ BOOLEAN AccessGranted, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)
 Determines whether auditing against hard links events with subject context is being done or not. More...
 
NTSTATUS NTAPI SeReportSecurityEvent (_In_ ULONG Flags, _In_ PUNICODE_STRING SourceName, _In_opt_ PSID UserSid, _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters)
 Report a security event to the security manager. More...
 
NTKERNELAPI VOID NTAPI SeOpenObjectForDeleteAuditAlarmWithTransaction (_In_ PUNICODE_STRING ObjectTypeName, _In_opt_ PVOID Object, _In_opt_ PUNICODE_STRING AbsoluteObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ BOOLEAN ObjectCreated, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE AccessMode, _In_opt_ GUID *TransactionId, _Out_ PBOOLEAN GenerateOnClose)
 
NTKERNELAPI VOID NTAPI SeExamineSacl (_In_ PACL Sacl, _In_ PACCESS_TOKEN Token, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateAudit, _Out_ PBOOLEAN GenerateAlarm)
 
NTKERNELAPI VOID NTAPI SeDeleteObjectAuditAlarmWithTransaction (_In_ PVOID Object, _In_ HANDLE Handle, _In_opt_ GUID *TransactionId)
 
NTKERNELAPI VOID NTAPI SeQueryTokenIntegrity (_In_ PACCESS_TOKEN Token, _Inout_ PSID_AND_ATTRIBUTES IntegritySA)
 
NTKERNELAPI NTSTATUS NTAPI SeSetSessionIdToken (_In_ PACCESS_TOKEN Token, _In_ ULONG SessionId)
 
NTKERNELAPI VOID NTAPI SeAuditHardLinkCreationWithTransaction (_In_ PUNICODE_STRING FileName, _In_ PUNICODE_STRING LinkName, _In_ BOOLEAN bSuccess, _In_opt_ GUID *TransactionId)
 
NTKERNELAPI VOID NTAPI SeAuditTransactionStateChange (_In_ GUID *TransactionId, _In_ GUID *ResourceManagerId, _In_ ULONG NewTransactionState)
 
NTKERNELAPI BOOLEAN NTAPI SeAuditingAnyFileEventsWithContext (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _Out_opt_ PBOOLEAN StagingEnabled)
 
NTKERNELAPI VOID NTAPI SeExamineGlobalSacl (_In_ PUNICODE_STRING ObjectType, _In_ PACL ResourceSacl, _In_ PACCESS_TOKEN Token, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN AccessGranted, _Inout_ PBOOLEAN GenerateAudit, _Inout_opt_ PBOOLEAN GenerateAlarm)
 
NTKERNELAPI VOID NTAPI SeMaximumAuditMaskFromGlobalSacl (_In_opt_ PUNICODE_STRING ObjectTypeName, _In_ ACCESS_MASK GrantedAccess, _In_ PACCESS_TOKEN Token, _Inout_ PACCESS_MASK AuditMask)
 
NTSTATUS NTAPI SeReportSecurityEventWithSubCategory (_In_ ULONG Flags, _In_ PUNICODE_STRING SourceName, _In_opt_ PSID UserSid, _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters, _In_ ULONG AuditSubcategoryId)
 
BOOLEAN NTAPI SeAccessCheckFromState (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PTOKEN_ACCESS_INFORMATION PrimaryTokenInformation, _In_opt_ PTOKEN_ACCESS_INFORMATION ClientTokenInformation, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Outptr_opt_result_maybenull_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
NTKERNELAPI VOID NTAPI SeFreePrivileges (_In_ PPRIVILEGE_SET Privileges)
 Frees a set of privileges. More...
 
NTSTATUS NTAPI SeLocateProcessImageName (_Inout_ PEPROCESS Process, _Outptr_ PUNICODE_STRING *pImageFileName)
 

Variables

_In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN SubjectContextLocked
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK DesiredAccess
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK PreviouslyGrantedAccess
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SETPrivileges
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING GenericMapping
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE AccessMode
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
 
_In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor
 
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTORNewDescriptor
 
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
 
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext
 
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN _In_ PSECURITY_SUBJECT_CONTEXT _In_ PGENERIC_MAPPING _In_ POOL_TYPE PoolType
 
_In_ KPROCESSOR_MODE PreviousMode
 
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor
 
_In_opt_ PSECURITY_DESCRIPTOR _In_opt_ PSECURITY_DESCRIPTOR ParentSecurityDescriptor
 
_In_opt_ PVOID Object
 
_In_opt_ PVOID _In_opt_ PUNICODE_STRING AbsoluteObjectName
 
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
 
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN ObjectCreated
 
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
 
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUIDTransactionId
 
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
 
NTKERNELAPI PSE_EXPORTS SeExports
 

Macro Definition Documentation

◆ SeDeleteClientSecurity

#define SeDeleteClientSecurity (   C)
Value:
{ \
if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
PsDereferencePrimaryToken( (C)->ClientToken ); \
} else { \
PsDereferenceImpersonationToken( (C)->ClientToken ); \
} \
}
Definition: terminate.cpp:23
NTKERNELAPI TOKEN_TYPE NTAPI SeTokenType(_In_ PACCESS_TOKEN Token)
Gathers the token type of an access token. A token ca be either a primary token or impersonation toke...
Definition: token.c:2755

Definition at line 573 of file sefuncs.h.

◆ SeLengthSid

#define SeLengthSid (   Sid)    (8 + (4 * ((SID *)Sid)->SubAuthorityCount))

Definition at line 570 of file sefuncs.h.

◆ SeQuerySubjectContextToken

#define SeQuerySubjectContextToken (   SubjectContext)
Value:
) ? \
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: sefuncs.h:29
#define ARGUMENT_PRESENT(ArgumentPointer)
struct _SECURITY_SUBJECT_CONTEXT * PSECURITY_SUBJECT_CONTEXT

Definition at line 583 of file sefuncs.h.

◆ SeStopImpersonatingClient

#define SeStopImpersonatingClient ( )    PsRevertToSelf()

Definition at line 581 of file sefuncs.h.

Function Documentation

◆ $endif() [1/3]

$endif ( _WDMDDK_  )

Definition at line 202 of file ke.h.

226 {
227  ULONGLONG Low;
228  LONGLONG High;
229 } NEON128, *PNEON128;
Definition: strmini.h:380
int64_t LONGLONG
Definition: typedefs.h:68
uint64_t ULONGLONG
Definition: typedefs.h:67
Definition: strmini.h:378
NEON128
Definition: ke.h:229
* PNEON128
Definition: ke.h:229

◆ $endif() [2/3]

$endif ( _NTDDK_  )

Definition at line 2494 of file iofuncs.h.

2502 {
2503  PriorityInfo->Size = sizeof(IO_PRIORITY_INFO);
2504  PriorityInfo->ThreadPriority = 0xffff;
2505  PriorityInfo->IoPriority = IoPriorityNormal;
2506  PriorityInfo->PagePriority = 0;
2507 }
struct _IO_PRIORITY_INFO IO_PRIORITY_INFO
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD _Inout_ PIO_PRIORITY_INFO PriorityInfo
Definition: fltkernel.h:2652

◆ $endif() [3/3]

$endif ( _NTIFS_  )

Definition at line 2825 of file rtlfuncs.h.

2839 {
2841  ret.QuadPart = SignedInteger;
2842  return ret;
2843 }
return ret
Definition: rtlfuncs.h:3090

◆ $if()

$if ( _WDMDDK_  )

Kernel definitions for AMD64

Kernel definitions for ARM

Definition at line 1 of file ke.h.

31 {
32  ULONG Dummy;
struct _KFLOATING_SAVE KFLOATING_SAVE
struct _KFLOATING_SAVE * PKFLOATING_SAVE
unsigned int ULONG
Definition: retypes.h:1

◆ _In_reads_bytes_()

_In_reads_bytes_ ( Length  )

◆ _IRQL_requires_max_()

_IRQL_requires_max_ ( PASSIVE_LEVEL  )

Queries information details about a security descriptor.

Computes the quota size of a security descriptor.

Assigns a security descriptor for a new object.

An extended function that assigns a security descriptor for a new object.

Frees a security descriptor.

An extended function that sets new information data to a security descriptor.

Modifies some information data about a security descriptor.

Parameters
[in]SecurityInformationSecurity information details to be queried from a security descriptor.
[out]SecurityDescriptorThe returned security descriptor with security information data.
[in,out]LengthThe returned length of a security descriptor.
[in,out]ObjectsSecurityDescriptorThe returned object security descriptor.
Returns
Returns STATUS_SUCCESS if the operations have been completed successfully and that the specific information about the security descriptor has been queried. STATUS_BUFFER_TOO_SMALL is returned if the buffer size is too small to contain the queried info about the security descriptor.
Parameters
[in]ObjectIf specified, the function will use this arbitrary object that points to an object security descriptor.
[in]SecurityInformationSecurity information details to be set.
[in]SecurityDescriptorA security descriptor where its info is to be changed.
[in,out]ObjectsSecurityDescriptorThe returned pointer to security descriptor objects.
[in]PoolTypePool type for the new security descriptor to allocate.
[in]GenericMappingThe generic mapping of access rights masks.
Returns
See SeSetSecurityDescriptorInfoEx.
Parameters
[in]ObjectIf specified, the function will use this arbitrary object that points to an object security descriptor.
[in]SecurityInformationSecurity information details to be set.
[in]SecurityDescriptorA security descriptor where its info is to be changed.
[in,out]ObjectsSecurityDescriptorThe returned pointer to security descriptor objects.
[in]AutoInheritFlagsFlags bitmask inheritation, influencing how the security descriptor can be inherited and if it can be in the first place.
[in]PoolTypePool type for the new security descriptor to allocate.
[in]GenericMappingThe generic mapping of access rights masks.
Returns
Returns STATUS_SUCCESS if the operations have been completed without problems and that new info has been set to the security descriptor. STATUS_NO_SECURITY_ON_OBJECT is returned if the object does not have a security descriptor. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the new security descriptor with new info set has failed.
Parameters
[in]SecurityDescriptorA security descriptor to be freed from memory.
Returns
Returns STATUS_SUCCESS.
Parameters
[in]_ParentDescriptorA security descriptor of the parent object that is being created.
[in]_ExplicitDescriptorAn explicit security descriptor that is applied to a new object.
[out]NewDescriptorThe new allocated security descriptor.
[in]ObjectTypeThe type of the new object.
[in]IsDirectoryObjectSet this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]AutoInheritFlagsAutomatic inheritance flags that influence how access control entries within ACLs from security descriptors are inherited.
[in]SubjectContextSecurity subject context of the new object.
[in]GenericMappingGeneric mapping of access mask rights.
[in]PoolTypeThis parameter is unused.
Returns
Returns STATUS_SUCCESS if the operations have been completed successfully and that the security descriptor has been assigned to the new object. STATUS_NO_TOKEN is returned if the caller hasn't supplied a valid argument to a security subject context. STATUS_INVALID_OWNER is returned if the caller hasn't supplied a parent descriptor that belongs to the main user (owner). STATUS_INVALID_PRIMARY_GROUP is returned by the same reason as with the previous NTSTATUS code. The two NTSTATUS codes are returned if the calling thread stated that the owner and/or group is defaulted to the parent descriptor (SEF_DEFAULT_OWNER_FROM_PARENT and/or SEF_DEFAULT_GROUP_FROM_PARENT respectively). STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the descriptor buffer has failed. A failure NTSTATUS is returned otherwise.
Parameters
[in]ParentDescriptorA security descriptor of the parent object that is being created.
[in]ExplicitDescriptorAn explicit security descriptor that is applied to a new object.
[out]NewDescriptorThe new allocated security descriptor.
[in]IsDirectoryObjectSet this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]SubjectContextSecurity subject context of the new object.
[in]GenericMappingGeneric mapping of access mask rights.
[in]PoolTypeThis parameter is unused.
Returns
See SeAssignSecurityEx.
Parameters
[in]SecurityDescriptorA security descriptor.
[out]QuotaInfoSizeThe returned quota size of the given security descriptor to the caller. The function may return 0 to this parameter if the descriptor doesn't have a group or a discretionary access control list (DACL) even.
Returns
Returns STATUS_SUCCESS if the quota size of a security descriptor has been computed successfully. STATUS_UNKNOWN_REVISION is returned if the security descriptor has an invalid revision.

Definition at line 64 of file Messaging.c.

75 {
76  PFLT_SERVER_PORT_OBJECT PortObject;
78 
79  /* The caller must allow at least one connection */
80  if (MaxConnections == 0)
81  {
83  }
84 
85  /* The request must be for a kernel handle */
86  if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
87  {
89  }
90 
91  /*
92  * Get rundown protection on the target to stop the owner
93  * from unloading whilst this port object is open. It gets
94  * removed in the FltpServerPortClose callback
95  */
97  if (!NT_SUCCESS(Status))
98  {
99  return Status;
100  }
101 
102  /* Create the server port object for this filter */
106  KernelMode,
107  NULL,
108  sizeof(FLT_SERVER_PORT_OBJECT),
109  0,
110  0,
111  (PVOID *)&PortObject);
112  if (NT_SUCCESS(Status))
113  {
114  /* Zero out the struct */
115  RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
116 
117  /* Increment the ref count on the target filter */
119 
120  /* Setup the filter port object */
121  PortObject->Filter = Filter;
122  PortObject->ConnectNotify = ConnectNotifyCallback;
124  PortObject->MessageNotify = MessageNotifyCallback;
125  PortObject->Cookie = ServerPortCookie;
126  PortObject->MaxConnections = MaxConnections;
127 
128  /* Insert the object */
129  Status = ObInsertObject(PortObject,
130  NULL,
132  0,
133  NULL,
135  if (NT_SUCCESS(Status))
136  {
137  /* Lock the connection list */
139 
140  /* Add the new port object to the connection list and increment the count */
143 
144  /* Unlock the connection list*/
146  }
147  }
148 
149  if (!NT_SUCCESS(Status))
150  {
151  /* Allow the filter to be cleaned up */
153  }
154 
155  return Status;
156 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
_Must_inspect_result_ _Outptr_ PFLT_PORT * ServerPort
Definition: fltkernel.h:1872
PFLT_CONNECT_NOTIFY ConnectNotify
Definition: fltmgrint.h:191
VOID FLTAPI FltObjectDereference(_Inout_ PVOID Object)
Definition: Object.c:53
LONG NTSTATUS
Definition: precomp.h:26
#define InsertTailList(ListHead, Entry)
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
VOID FASTCALL ExReleaseFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:31
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
LIST_ENTRY mList
Definition: fltmgrint.h:56
_Must_inspect_result_ _In_opt_ PFLT_FILTER Filter
Definition: fltkernel.h:1801
#define FILE_READ_DATA
Definition: nt_native.h:628
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:952
Status
Definition: gdiplustypes.h:24
POBJECT_TYPE ServerPortObjectType
Definition: Messaging.c:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1872
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1872
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2931
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
VOID FASTCALL ExAcquireFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:23
NTSTATUS FLTAPI FltObjectReference(_Inout_ PVOID Object)
Definition: Object.c:41
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1872
#define NULL
Definition: types.h:112
FAST_MUTEX mLock
Definition: fltmgrint.h:55
PFLT_MESSAGE_NOTIFY MessageNotify
Definition: fltmgrint.h:193
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY _In_ LONG MaxConnections
Definition: fltkernel.h:1872
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1872
FLT_MUTEX_LIST_HEAD ConnectionList
Definition: fltmgrint.h:121

◆ SeAccessCheckFromState()

BOOLEAN NTAPI SeAccessCheckFromState ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PTOKEN_ACCESS_INFORMATION  PrimaryTokenInformation,
_In_opt_ PTOKEN_ACCESS_INFORMATION  ClientTokenInformation,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ACCESS_MASK  PreviouslyGrantedAccess,
_Outptr_opt_result_maybenull_ PPRIVILEGE_SET Privileges,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ KPROCESSOR_MODE  AccessMode,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ SeAppendPrivileges()

NTKERNELAPI NTSTATUS NTAPI SeAppendPrivileges ( _Inout_ PACCESS_STATE  AccessState,
_In_ PPRIVILEGE_SET  Privileges 
)

Appends additional privileges.

Parameters
[in]AccessStateAccess request to append.
[in]PrivilegesSet of new privileges to append.
Returns
Returns STATUS_SUCCESS if the privileges have been successfully appended. Otherwise STATUS_INSUFFICIENT_RESOURCES is returned, indicating that pool allocation has failed for the buffer to hold the new set of privileges.

Definition at line 588 of file priv.c.

591 {
592  PAUX_ACCESS_DATA AuxData;
593  ULONG OldPrivilegeSetSize;
594  ULONG NewPrivilegeSetSize;
595  PPRIVILEGE_SET PrivilegeSet;
596 
597  PAGED_CODE();
598 
599  /* Get the Auxiliary Data */
600  AuxData = AccessState->AuxData;
601 
602  /* Calculate the size of the old privilege set */
603  OldPrivilegeSetSize = sizeof(PRIVILEGE_SET) +
604  (AuxData->PrivilegeSet->PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
605 
606  if (AuxData->PrivilegeSet->PrivilegeCount +
607  Privileges->PrivilegeCount > INITIAL_PRIVILEGE_COUNT)
608  {
609  /* Calculate the size of the new privilege set */
610  NewPrivilegeSetSize = OldPrivilegeSetSize +
611  Privileges->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
612 
613  /* Allocate a new privilege set */
614  PrivilegeSet = ExAllocatePoolWithTag(PagedPool,
615  NewPrivilegeSetSize,
617  if (PrivilegeSet == NULL)
619 
620  /* Copy original privileges from the acess state */
621  RtlCopyMemory(PrivilegeSet,
622  AuxData->PrivilegeSet,
623  OldPrivilegeSetSize);
624 
625  /* Append privileges from the privilege set*/
626  RtlCopyMemory((PVOID)((ULONG_PTR)PrivilegeSet + OldPrivilegeSetSize),
628  Privileges->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
629 
630  /* Adjust the number of privileges in the new privilege set */
631  PrivilegeSet->PrivilegeCount += Privileges->PrivilegeCount;
632 
633  /* Free the old privilege set if it was allocated */
634  if (AccessState->PrivilegesAllocated != FALSE)
636 
637  /* Now we are using an allocated privilege set */
638  AccessState->PrivilegesAllocated = TRUE;
639 
640  /* Assign the new privileges to the access state */
641  AuxData->PrivilegeSet = PrivilegeSet;
642  }
643  else
644  {
645  /* Append privileges */
646  RtlCopyMemory((PVOID)((ULONG_PTR)AuxData->PrivilegeSet + OldPrivilegeSetSize),
648  Privileges->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
649 
650  /* Adjust the number of privileges in the target privilege set */
651  AuxData->PrivilegeSet->PrivilegeCount += Privileges->PrivilegeCount;
652  }
653 
654  return STATUS_SUCCESS;
655 }
PPRIVILEGE_SET PrivilegeSet
Definition: setypes.h:234
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
struct _PRIVILEGE_SET PRIVILEGE_SET
#define TRUE
Definition: types.h:120
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
uint32_t ULONG_PTR
Definition: typedefs.h:65
#define FALSE
Definition: types.h:117
$ULONG PrivilegeCount
Definition: setypes.h:86
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
#define NULL
Definition: types.h:112
#define INITIAL_PRIVILEGE_COUNT
Definition: setypes.h:159
unsigned int ULONG
Definition: retypes.h:1
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define TAG_PRIVILEGE_SET
Definition: tag.h:180
#define STATUS_SUCCESS
Definition: shellext.h:65
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define PAGED_CODE()

Referenced by IopCheckBackupRestorePrivilege(), IopParseDevice(), NpCreateClientEnd(), NpCreateExistingNamedPipe(), ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObpCheckTraverseAccess(), and START_TEST().

◆ SeAssignSecurityEx()

NTKERNELAPI NTSTATUS NTAPI SeAssignSecurityEx ( _In_opt_ PSECURITY_DESCRIPTOR  ParentDescriptor,
_In_opt_ PSECURITY_DESCRIPTOR  ExplicitDescriptor,
_Out_ PSECURITY_DESCRIPTOR NewDescriptor,
_In_opt_ GUID ObjectType,
_In_ BOOLEAN  IsDirectoryObject,
_In_ ULONG  AutoInheritFlags,
_In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ POOL_TYPE  PoolType 
)

◆ SeAuditHardLinkCreation()

NTKERNELAPI VOID NTAPI SeAuditHardLinkCreation ( _In_ PUNICODE_STRING  FileName,
_In_ PUNICODE_STRING  LinkName,
_In_ BOOLEAN  bSuccess 
)

Performs an audit against a hard link creation.

@unimplemented

Parameters
[in]FileNameA Unicode string that points to the name of the file.
[in]LinkNameA Unicode string that points to a link.
[out]bSuccessIf TRUE, the function has successfully audited the hard link and security access can be granted, FALSE otherwise.
Returns
Nothing.

Definition at line 1068 of file audit.c.

1072 {
1073  UNIMPLEMENTED;
1074 }
#define UNIMPLEMENTED
Definition: debug.h:115

◆ SeAuditHardLinkCreationWithTransaction()

NTKERNELAPI VOID NTAPI SeAuditHardLinkCreationWithTransaction ( _In_ PUNICODE_STRING  FileName,
_In_ PUNICODE_STRING  LinkName,
_In_ BOOLEAN  bSuccess,
_In_opt_ GUID TransactionId 
)

◆ SeAuditingAnyFileEventsWithContext()

NTKERNELAPI BOOLEAN NTAPI SeAuditingAnyFileEventsWithContext ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSECURITY_SUBJECT_CONTEXT  SubjectSecurityContext,
_Out_opt_ PBOOLEAN  StagingEnabled 
)

◆ SeAuditingFileEvents()

NTKERNELAPI BOOLEAN NTAPI SeAuditingFileEvents ( _In_ BOOLEAN  AccessGranted,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor 
)

Determines whether auditing against file events is being done or not.

@unimplemented

Parameters
[in]AccessGrantedIf set to TRUE, the access attempt is deemed as successful otherwise set it to FALSE.
[in]SecurityDescriptorA security descriptor.
Returns
Returns TRUE if auditing is being currently done, FALSE otherwise.

Definition at line 1094 of file audit.c.

1097 {
1098  UNIMPLEMENTED;
1099  return FALSE;
1100 }
#define FALSE
Definition: types.h:117
#define UNIMPLEMENTED
Definition: debug.h:115

◆ SeAuditingFileEventsWithContext()

NTKERNELAPI BOOLEAN NTAPI SeAuditingFileEventsWithContext ( _In_ BOOLEAN  AccessGranted,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSECURITY_SUBJECT_CONTEXT  SubjectSecurityContext 
)

Determines whether auditing against file events with subject context is being done or not.

@unimplemented

Parameters
[in]AccessGrantedIf set to TRUE, the access attempt is deemed as successful otherwise set it to FALSE.
[in]SecurityDescriptorA security descriptor.
[in]SubjectSecurityContextIf specified, the function will check if security auditing is currently being done with this context.
Returns
Returns TRUE if auditing is being currently done, FALSE otherwise.

Definition at line 1124 of file audit.c.

1128 {
1130  return FALSE;
1131 }
#define FALSE
Definition: types.h:117
#define UNIMPLEMENTED_ONCE
Definition: typedefs.h:30

◆ SeAuditingFileOrGlobalEvents()

NTKERNELAPI BOOLEAN NTAPI SeAuditingFileOrGlobalEvents ( _In_ BOOLEAN  AccessGranted,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PSECURITY_SUBJECT_CONTEXT  SubjectSecurityContext 
)

Determines whether auditing against files or global events with subject context is being done or not.

@unimplemented

Parameters
[in]AccessGrantedIf set to TRUE, the access attempt is deemed as successful otherwise set it to FALSE.
[in]SecurityDescriptorA security descriptor.
[in]SubjectSecurityContextIf specified, the function will check if security auditing is currently being done with this context.
Returns
Returns TRUE if auditing is being currently done, FALSE otherwise.

Definition at line 1212 of file audit.c.

1216 {
1217  UNIMPLEMENTED;
1218  return FALSE;
1219 }
#define FALSE
Definition: types.h:117
#define UNIMPLEMENTED
Definition: debug.h:115

◆ SeAuditingHardLinkEventsWithContext()

NTKERNELAPI BOOLEAN NTAPI SeAuditingHardLinkEventsWithContext ( _In_ BOOLEAN  AccessGranted,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSECURITY_SUBJECT_CONTEXT  SubjectSecurityContext 
)

Determines whether auditing against hard links events with subject context is being done or not.

@unimplemented

Parameters
[in]AccessGrantedIf set to TRUE, the access attempt is deemed as successful otherwise set it to FALSE.
[in]SecurityDescriptorA security descriptor.
[in]SubjectSecurityContextIf specified, the function will check if security auditing is currently being done with this context.
Returns
Returns TRUE if auditing is being currently done, FALSE otherwise.

Definition at line 1181 of file audit.c.

1185 {
1186  UNIMPLEMENTED;
1187  return FALSE;
1188 }
#define FALSE
Definition: types.h:117
#define UNIMPLEMENTED
Definition: debug.h:115

◆ SeAuditTransactionStateChange()

NTKERNELAPI VOID NTAPI SeAuditTransactionStateChange ( _In_ GUID TransactionId,
_In_ GUID ResourceManagerId,
_In_ ULONG  NewTransactionState 
)

◆ SeCaptureSubjectContext()

NTKERNELAPI VOID NTAPI SeCaptureSubjectContext ( _Out_ PSECURITY_SUBJECT_CONTEXT  SubjectContext)

Captures the security subject context of the calling thread and calling process.

Parameters
[out]SubjectContextThe returned security subject context.
Returns
Nothing.

Definition at line 434 of file access.c.

436 {
437  /* Call the extended API */
441 }
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
VOID NTAPI SeCaptureSubjectContextEx(_In_ PETHREAD Thread, _In_ PEPROCESS Process, _Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
An extended function that captures the security subject context based upon the specified thread and p...
Definition: access.c:390
#define PsGetCurrentProcess
Definition: psfuncs.h:17

Referenced by create_directory_fcb(), create_subvol(), fcb_get_sd(), HasPrivilege(), KsCreateDefaultSecurity(), mknod(), nfs41_get_sec_ctx(), nfs41_GetLUID(), nfs41_UpcallCreate(), NtAccessCheck(), NtCloseObjectAuditAlarm(), NtOpenObjectAuditAlarm(), NtPrivilegedServiceAuditAlarm(), NtSetUuidSeed(), RxStartMinirdr(), SeCheckPrivilegedObject(), SepAccessCheckAndAuditAlarm(), SeReportSecurityEvent(), SeSinglePrivilegeCheck(), set_link_information(), set_rename_information(), START_TEST(), SystemThread(), UDFCheckAccessRights(), and UDFSetAccessRights().

◆ SeCreateClientSecurity()

NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurity ( _In_ PETHREAD  Thread,
_In_ PSECURITY_QUALITY_OF_SERVICE  Qos,
_In_ BOOLEAN  RemoteClient,
_Out_ PSECURITY_CLIENT_CONTEXT  ClientContext 
)

Creates a client security context.

Parameters
[in]ThreadThread object of the client where impersonation has to begin.
[in]QosQuality of service to specify what kind of impersonation to be done.
[in]RemoteClientIf set to TRUE, the client that we're going to impersonate is remote.
[out]ClientContextThe returned security client context.
Returns
See SepCreateClientSecurity.

Definition at line 742 of file access.c.

747 {
749  BOOLEAN ThreadEffectiveOnly;
753  PAGED_CODE();
754 
755  /* Reference the correct token */
757  &TokenType,
758  &ThreadEffectiveOnly,
760 
761  /* Create client security from it */
763  Qos,
764  RemoteClient,
765  TokenType,
766  ThreadEffectiveOnly,
768  ClientContext);
769 
770  /* Check if we failed or static tracking was used */
771  if (!(NT_SUCCESS(Status)) || (Qos->ContextTrackingMode == SECURITY_STATIC_TRACKING))
772  {
773  /* Dereference our copy since it's not being used */
775  }
776 
777  /* Return status */
778  return Status;
779 }
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
NTSTATUS NTAPI SepCreateClientSecurity(_In_ PACCESS_TOKEN Token, _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, _In_ BOOLEAN ServerIsRemote, _In_ TOKEN_TYPE TokenType, _In_ BOOLEAN ThreadEffectiveOnly, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _Out_ PSECURITY_CLIENT_CONTEXT ClientContext)
Creates a client security context based upon an access token.
Definition: access.c:281
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
unsigned char BOOLEAN
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_In_ PVOID ClientContext
Definition: netioddk.h:55
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:154
#define ObDereferenceObject
Definition: obfuncs.h:203
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2652
PACCESS_TOKEN NTAPI PsReferenceEffectiveToken(IN PETHREAD Thread, OUT IN PTOKEN_TYPE TokenType, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:780
enum _TOKEN_TYPE TOKEN_TYPE
#define SECURITY_STATIC_TRACKING
Definition: setypes.h:104
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:388
#define PAGED_CODE()

◆ SeCreateClientSecurityFromSubjectContext()

NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurityFromSubjectContext ( _In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext,
_In_ PSECURITY_QUALITY_OF_SERVICE  ClientSecurityQos,
_In_ BOOLEAN  ServerIsRemote,
_Out_ PSECURITY_CLIENT_CONTEXT  ClientContext 
)

Creates a client security context based upon the captured security subject context.

Parameters
[in]SubjectContextThe captured subject context where client security is to be created from.
[in]ClientSecurityQosQuality of service to specify what kind of impersonation to be done.
[in]ServerIsRemoteIf set to TRUE, the client that we're going to impersonate is remote.
[out]ClientContextThe returned security client context.
Returns
See SepCreateClientSecurity.

Definition at line 804 of file access.c.

809 {
812  PAGED_CODE();
813 
814  /* Get the right token and reference it */
817 
818  /* Create the context */
820  ClientSecurityQos,
821  ServerIsRemote,
822  SubjectContext->ClientToken ?
824  FALSE,
825  SubjectContext->ImpersonationLevel,
826  ClientContext);
827 
828  /* Check if we failed or static tracking was used */
829  if (!(NT_SUCCESS(Status)) ||
830  (ClientSecurityQos->ContextTrackingMode == SECURITY_STATIC_TRACKING))
831  {
832  /* Dereference our copy since it's not being used */
834  }
835 
836  /* Return status */
837  return Status;
838 }
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
NTSTATUS NTAPI SepCreateClientSecurity(_In_ PACCESS_TOKEN Token, _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, _In_ BOOLEAN ServerIsRemote, _In_ TOKEN_TYPE TokenType, _In_ BOOLEAN ThreadEffectiveOnly, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _Out_ PSECURITY_CLIENT_CONTEXT ClientContext)
Creates a client security context based upon an access token.
Definition: access.c:281
#define FALSE
Definition: types.h:117
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_In_ PVOID ClientContext
Definition: netioddk.h:55
#define ObDereferenceObject
Definition: obfuncs.h:203
#define SeQuerySubjectContextToken(SubjectContext)
Definition: sefuncs.h:583
#define SECURITY_STATIC_TRACKING
Definition: setypes.h:104
#define ObReferenceObject
Definition: obfuncs.h:204
#define PAGED_CODE()

Referenced by nfs41_get_sec_ctx(), nfs41_GetLUID(), and nfs41_UpcallCreate().

◆ SeDeleteObjectAuditAlarm()

NTKERNELAPI VOID NTAPI SeDeleteObjectAuditAlarm ( _In_ PVOID  Object,
_In_ HANDLE  Handle 
)

Deletes an alarm audit of an object.

@unimplemented

Parameters
[in]ObjectAn arbitrary pointer data that points to the object.
[in]HandleA handle of the said object.
Returns
Nothing.

Definition at line 1264 of file audit.c.

1267 {
1268  UNIMPLEMENTED;
1269 }
#define UNIMPLEMENTED
Definition: debug.h:115

◆ SeDeleteObjectAuditAlarmWithTransaction()

NTKERNELAPI VOID NTAPI SeDeleteObjectAuditAlarmWithTransaction ( _In_ PVOID  Object,
_In_ HANDLE  Handle,
_In_opt_ GUID TransactionId 
)

◆ SeExamineGlobalSacl()

NTKERNELAPI VOID NTAPI SeExamineGlobalSacl ( _In_ PUNICODE_STRING  ObjectType,
_In_ PACL  ResourceSacl,
_In_ PACCESS_TOKEN  Token,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  AccessGranted,
_Inout_ PBOOLEAN  GenerateAudit,
_Inout_opt_ PBOOLEAN  GenerateAlarm 
)

◆ SeExamineSacl()

NTKERNELAPI VOID NTAPI SeExamineSacl ( _In_ PACL  Sacl,
_In_ PACCESS_TOKEN  Token,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  AccessGranted,
_Out_ PBOOLEAN  GenerateAudit,
_Out_ PBOOLEAN  GenerateAlarm 
)

◆ SeFilterToken()

NTKERNELAPI NTSTATUS NTAPI SeFilterToken ( _In_ PACCESS_TOKEN  ExistingToken,
_In_ ULONG  Flags,
_In_opt_ PTOKEN_GROUPS  SidsToDisable,
_In_opt_ PTOKEN_PRIVILEGES  PrivilegesToDelete,
_In_opt_ PTOKEN_GROUPS  RestrictedSids,
_Outptr_ PACCESS_TOKEN FilteredToken 
)

◆ SeFreePrivileges()

NTKERNELAPI VOID NTAPI SeFreePrivileges ( _In_ PPRIVILEGE_SET  Privileges)

Frees a set of privileges.

Parameters
[in]PrivilegesSet of privileges array to be freed.
Returns
Nothing.

Definition at line 669 of file priv.c.

671 {
672  PAGED_CODE();
674 }
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
#define TAG_PRIVILEGE_SET
Definition: tag.h:180
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define PAGED_CODE()

Referenced by IopParseDevice(), NpCreateClientEnd(), NpCreateExistingNamedPipe(), NtAccessCheck(), ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObpCheckTraverseAccess(), and START_TEST().

◆ SeImpersonateClient()

NTKERNELAPI VOID NTAPI SeImpersonateClient ( _In_ PSECURITY_CLIENT_CONTEXT  ClientContext,
_In_opt_ PETHREAD  ServerThread 
)

Impersonates a client user.

Parameters
[in]ClientContextA valid client context.
[in]ServerThreadThe thread where impersonation is to be done.
Returns
Nothing.

Definition at line 901 of file access.c.

904 {
905  PAGED_CODE();
906 
907  /* Call the new API */
909 }
UINT CALLBACK ServerThread(_Inout_ PVOID Parameter)
_In_ PVOID ClientContext
Definition: netioddk.h:55
NTSTATUS NTAPI SeImpersonateClientEx(_In_ PSECURITY_CLIENT_CONTEXT ClientContext, _In_opt_ PETHREAD ServerThread)
Extended function that impersonates a client.
Definition: access.c:856
#define PAGED_CODE()

◆ SeImpersonateClientEx()

NTKERNELAPI NTSTATUS NTAPI SeImpersonateClientEx ( _In_ PSECURITY_CLIENT_CONTEXT  ClientContext,
_In_opt_ PETHREAD  ServerThread 
)

Extended function that impersonates a client.

Parameters
[in]ClientContextA valid client context.
[in]ServerThreadThe thread where impersonation is to be done.
Returns
STATUS_SUCCESS is returned if the calling thread successfully impersonates the client. A failure NTSTATUS code is returned otherwise.

Definition at line 856 of file access.c.

859 {
861  PAGED_CODE();
862 
863  /* Check if direct access is requested */
864  if (!ClientContext->DirectlyAccessClientToken)
865  {
866  /* No, so get the flag from QOS */
867  EffectiveOnly = ClientContext->SecurityQos.EffectiveOnly;
868  }
869  else
870  {
871  /* Yes, so see if direct access should be effective only */
872  EffectiveOnly = ClientContext->DirectAccessEffectiveOnly;
873  }
874 
875  /* Use the current thread if one was not passed */
877 
878  /* Call the lower layer routine */
880  ClientContext->ClientToken,
881  TRUE,
883  ClientContext->SecurityQos.ImpersonationLevel);
884 }
NTSTATUS NTAPI PsImpersonateClient(IN PETHREAD Thread, IN PACCESS_TOKEN Token, IN BOOLEAN CopyOnOpen, IN BOOLEAN EffectiveOnly, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:610
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
#define TRUE
Definition: types.h:120
unsigned char BOOLEAN
UINT CALLBACK ServerThread(_Inout_ PVOID Parameter)
_In_ PVOID ClientContext
Definition: netioddk.h:55
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:388
#define PAGED_CODE()

Referenced by CmpCmdHiveOpen(), handle_upcall(), NpImpersonateClientContext(), NtImpersonateClientOfPort(), and SeImpersonateClient().

◆ SeLocateProcessImageName()

NTSTATUS NTAPI SeLocateProcessImageName ( _Inout_ PEPROCESS  Process,
_Outptr_ PUNICODE_STRING pImageFileName 
)

◆ SeLockSubjectContext()

NTKERNELAPI VOID NTAPI SeLockSubjectContext ( _In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext)

Locks both the referenced primary and client access tokens of a security subject context.

Parameters
[in]SubjectContextA valid security context with both referenced tokens.
Returns
Nothing.

Definition at line 456 of file access.c.

458 {
459  PTOKEN PrimaryToken, ClientToken;
460  PAGED_CODE();
461 
462  /* Read both tokens */
463  PrimaryToken = SubjectContext->PrimaryToken;
464  ClientToken = SubjectContext->ClientToken;
465 
466  /* Always lock the primary */
467  SepAcquireTokenLockShared(PrimaryToken);
468 
469  /* Lock the impersonation one if it's there */
470  if (!ClientToken) return;
471  SepAcquireTokenLockShared(ClientToken);
472 }
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
#define SepAcquireTokenLockShared(Token)
Definition: se.h:225
#define PAGED_CODE()

Referenced by create_stream(), FatExplicitDeviceAccessGranted(), file_create(), HasPrivilege(), IopParseDevice(), NpCreateClientEnd(), NpCreateExistingNamedPipe(), NpCreateNewNamedPipe(), ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObpCheckObjectReference(), ObpCheckTraverseAccess(), open_file2(), SeAccessCheck(), and START_TEST().

◆ SeMarkLogonSessionForTerminationNotification()

NTKERNELAPI NTSTATUS NTAPI SeMarkLogonSessionForTerminationNotification ( _In_ PLUID  LogonId)

Marks a logon session for future termination, given its logon ID. This triggers a callout (the registered callback) when the logon is no longer used by anyone, that is, no token is still referencing the speciffied logon session.

Parameters
[in]LogonIdThe ID of the logon session.
Returns
STATUS_SUCCESS if the logon session is marked for termination notification successfully, STATUS_NOT_FOUND if the logon session couldn't be found otherwise.

Definition at line 1510 of file srm.c.

1512 {
1513  PSEP_LOGON_SESSION_REFERENCES SessionToMark;
1514  PAGED_CODE();
1515 
1516  DPRINT("SeMarkLogonSessionForTerminationNotification(%08lx:%08lx)\n",
1517  LogonId->HighPart, LogonId->LowPart);
1518 
1519  /* Acquire the database lock */
1521 
1522  /* Loop over the existing logon sessions */
1523  for (SessionToMark = SepLogonSessions;
1524  SessionToMark != NULL;
1525  SessionToMark = SessionToMark->Next)
1526  {
1527  /* Does the logon with the given ID exist? */
1528  if (RtlEqualLuid(&SessionToMark->LogonId, LogonId))
1529  {
1530  /* We found it */
1531  break;
1532  }
1533  }
1534 
1535  /*
1536  * We've exhausted all the remaining logon sessions and
1537  * couldn't find one with the provided ID.
1538  */
1539  if (SessionToMark == NULL)
1540  {
1541  DPRINT1("SeMarkLogonSessionForTerminationNotification(): Logon session couldn't be found!\n");
1543  return STATUS_NOT_FOUND;
1544  }
1545 
1546  /* Mark the logon session for termination */
1547  SessionToMark->Flags |= SEP_LOGON_SESSION_TERMINATION_NOTIFY;
1548  DPRINT("SeMarkLogonSessionForTerminationNotification(): Logon session marked for termination with success!\n");
1549 
1550  /* Release the database lock */
1552  return STATUS_SUCCESS;
1553 }
#define SEP_LOGON_SESSION_TERMINATION_NOTIFY
Definition: setypes.h:695
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
#define STATUS_NOT_FOUND
Definition: shellext.h:72
struct _SEP_LOGON_SESSION_REFERENCES * Next
Definition: setypes.h:159
PSEP_LOGON_SESSION_REFERENCES SepLogonSessions
Definition: srm.c:62
#define NULL
Definition: types.h:112
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
#define DPRINT1
Definition: precomp.h:8
#define STATUS_SUCCESS
Definition: shellext.h:65
#define DPRINT
Definition: sndvol32.h:71
#define PAGED_CODE()
KGUARDED_MUTEX SepRmDbLock
Definition: srm.c:61

Referenced by LogonMarkTermination().

◆ SeMaximumAuditMaskFromGlobalSacl()

NTKERNELAPI VOID NTAPI SeMaximumAuditMaskFromGlobalSacl ( _In_opt_ PUNICODE_STRING  ObjectTypeName,
_In_ ACCESS_MASK  GrantedAccess,
_In_ PACCESS_TOKEN  Token,
_Inout_ PACCESS_MASK  AuditMask 
)

◆ SeObjectCreateSaclAccessBits()

NTKERNELAPI ULONG NTAPI SeObjectCreateSaclAccessBits ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor)

◆ SeOpenObjectAuditAlarm()

NTKERNELAPI VOID NTAPI SeOpenObjectAuditAlarm ( _In_ PUNICODE_STRING  ObjectTypeName,
_In_opt_ PVOID  Object,
_In_opt_ PUNICODE_STRING  AbsoluteObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PACCESS_STATE  AccessState,
_In_ BOOLEAN  ObjectCreated,
_In_ BOOLEAN  AccessGranted,
_In_ KPROCESSOR_MODE  AccessMode,
_Out_ PBOOLEAN  GenerateOnClose 
)

Creates an audit with alarm notification of an object that is being opened.

@unimplemented

Parameters
[in]ObjectTypeNameA Unicode string that points to the object type name.
[in]ObjectIf specified, the function will use this parameter to directly open the object.
[in]AbsoluteObjectNameIf specified, the function will use this parameter to directly open the object through the absolute name of the object.
[in]SecurityDescriptorA security descriptor.
[in]AccessStateAn access state right mask when opening the object.
[in]ObjectCreatedSet this to TRUE if the object has been fully created, FALSE otherwise.
[in]AccessGrantedSet this to TRUE if access was deemed as granted.
[in]AccessModeProcessor level access mode.
[out]GenerateOnCloseA boolean flag returned to the caller once audit generation procedure finishes.
Returns
Nothing.

Definition at line 1314 of file audit.c.

1324 {
1325  PAGED_CODE();
1326 
1327  /* Audits aren't done on kernel-mode access */
1328  if (AccessMode == KernelMode) return;
1329 
1330  /* Otherwise, unimplemented! */
1331  //UNIMPLEMENTED;
1332  return;
1333 }
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
#define PAGED_CODE()

Referenced by IopParseDevice(), NpCreateClientEnd(), NpCreateExistingNamedPipe(), and ObCheckObjectAccess().

◆ SeOpenObjectForDeleteAuditAlarm()

NTKERNELAPI VOID NTAPI SeOpenObjectForDeleteAuditAlarm ( _In_ PUNICODE_STRING  ObjectTypeName,
_In_opt_ PVOID  Object,
_In_opt_ PUNICODE_STRING  AbsoluteObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PACCESS_STATE  AccessState,
_In_ BOOLEAN  ObjectCreated,
_In_ BOOLEAN  AccessGranted,
_In_ KPROCESSOR_MODE  AccessMode,
_Out_ PBOOLEAN  GenerateOnClose 
)

Creates an audit with alarm notification of an object that is being opened for deletion.

@unimplemented

Parameters
[in]ObjectTypeNameA Unicode string that points to the object type name.
[in]ObjectIf specified, the function will use this parameter to directly open the object.
[in]AbsoluteObjectNameIf specified, the function will use this parameter to directly open the object through the absolute name of the object.
[in]SecurityDescriptorA security descriptor.
[in]AccessStateAn access state right mask when opening the object.
[in]ObjectCreatedSet this to TRUE if the object has been fully created, FALSE otherwise.
[in]AccessGrantedSet this to TRUE if access was deemed as granted.
[in]AccessModeProcessor level access mode.
[out]GenerateOnCloseA boolean flag returned to the caller once audit generation procedure finishes.
Returns
Nothing.

Definition at line 1377 of file audit.c.

1387 {
1388  UNIMPLEMENTED;
1389 }
#define UNIMPLEMENTED
Definition: debug.h:115

◆ SeOpenObjectForDeleteAuditAlarmWithTransaction()

NTKERNELAPI VOID NTAPI SeOpenObjectForDeleteAuditAlarmWithTransaction ( _In_ PUNICODE_STRING  ObjectTypeName,
_In_opt_ PVOID  Object,
_In_opt_ PUNICODE_STRING  AbsoluteObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PACCESS_STATE  AccessState,
_In_ BOOLEAN  ObjectCreated,
_In_ BOOLEAN  AccessGranted,
_In_ KPROCESSOR_MODE  AccessMode,
_In_opt_ GUID TransactionId,
_Out_ PBOOLEAN  GenerateOnClose 
)

◆ SePrivilegeCheck()

NTKERNELAPI BOOLEAN NTAPI SePrivilegeCheck ( _Inout_ PPRIVILEGE_SET  RequiredPrivileges,
_In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext,
_In_ KPROCESSOR_MODE  AccessMode 
)

◆ SeQueryAuthenticationIdToken()

NTKERNELAPI NTSTATUS NTAPI SeQueryAuthenticationIdToken ( _In_ PACCESS_TOKEN  Token,
_Out_ PLUID  LogonId 
)

Queries the authentication ID of an access token.

Parameters
[in]TokenA valid access token where the authentication ID has to be gathered.
[out]pSessionIdThe returned pointer to an authentication ID to the caller.
Returns
Returns STATUS_SUCCESS.

Definition at line 2711 of file token.c.

2714 {
2715  PAGED_CODE();
2716 
2717  *LogonId = ((PTOKEN)Token)->AuthenticationId;
2718 
2719  return STATUS_SUCCESS;
2720 }
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
struct _TOKEN * PTOKEN
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
#define STATUS_SUCCESS
Definition: shellext.h:65
#define PAGED_CODE()

Referenced by GetProcessLuid(), KsecGetKeyData(), nfs41_GetLUID(), NtSetUuidSeed(), ObpReferenceDeviceMap(), ObpSetCurrentProcessDeviceMap(), RxGetUid(), and RxInitializeVNetRootParameters().

◆ SeQueryInformationToken()

NTKERNELAPI NTSTATUS NTAPI SeQueryInformationToken ( _In_ PACCESS_TOKEN  AccessToken,
_In_ TOKEN_INFORMATION_CLASS  TokenInformationClass,
_Outptr_result_buffer_(_Inexpressible_(token-dependent)) PVOID TokenInformation 
)

Queries information details about the given token to the call. The difference between NtQueryInformationToken and this routine is that the system call has user mode buffer data probing and additional protection checks whereas this routine doesn't have any of these. The routine is used exclusively in kernel mode.

Parameters
[in]AccessTokenAn access token to be given.
[in]TokenInformationClassToken information class.
[out]TokenInformationBuffer with retrieved information. Such information is arbitrary, depending on the requested information class.
Returns
Returns STATUS_SUCCESS if the operation to query the desired information has completed successfully. STATUS_INSUFFICIENT_RESOURCES is returned if pool memory allocation has failed to satisfy an operation. Otherwise STATUS_INVALID_INFO_CLASS is returned indicating that the information class provided is not supported by the routine.
Remarks
Only certain information classes are not implemented in this function and these are TokenOrigin, TokenGroupsAndPrivileges, TokenRestrictedSids and TokenSandBoxInert. The following classes are implemented in NtQueryInformationToken only.

Definition at line 2328 of file token.c.

2332 {
2333  NTSTATUS Status;
2334  PTOKEN Token = (PTOKEN)AccessToken;
2336  union
2337  {
2338  PSID PSid;
2339  ULONG Ulong;
2340  } Unused;
2341 
2342  PAGED_CODE();
2343 
2344  /* Lock the token */
2346 
2347  switch (TokenInformationClass)
2348  {
2349  case TokenUser:
2350  {
2351  PTOKEN_USER tu;
2352 
2353  DPRINT("SeQueryInformationToken(TokenUser)\n");
2354  RequiredLength = sizeof(TOKEN_USER) +
2355  RtlLengthSid(Token->UserAndGroups[0].Sid);
2356 
2357  /* Allocate the output buffer */
2359  if (tu == NULL)
2360  {
2362  break;
2363  }
2364 
2366  &Token->UserAndGroups[0],
2367  RequiredLength - sizeof(TOKEN_USER),
2368  &tu->User,
2369  (PSID)(tu + 1),
2370  &Unused.PSid,
2371  &Unused.Ulong);
2372 
2373  /* Return the structure */
2374  *TokenInformation = tu;
2376  break;
2377  }
2378 
2379  case TokenGroups:
2380  {
2381  PTOKEN_GROUPS tg;
2382  ULONG SidLen;
2383  PSID Sid;
2384 
2385  DPRINT("SeQueryInformationToken(TokenGroups)\n");
2386  RequiredLength = sizeof(tg->GroupCount) +
2387  RtlLengthSidAndAttributes(Token->UserAndGroupCount - 1, &Token->UserAndGroups[1]);
2388 
2389  SidLen = RequiredLength - sizeof(tg->GroupCount) -
2390  ((Token->UserAndGroupCount - 1) * sizeof(SID_AND_ATTRIBUTES));
2391 
2392  /* Allocate the output buffer */
2394  if (tg == NULL)
2395  {
2397  break;
2398  }
2399 
2400  Sid = (PSID)((ULONG_PTR)tg + sizeof(tg->GroupCount) +
2401  ((Token->UserAndGroupCount - 1) * sizeof(SID_AND_ATTRIBUTES)));
2402 
2403  tg->GroupCount = Token->UserAndGroupCount - 1;
2404  Status = RtlCopySidAndAttributesArray(Token->UserAndGroupCount - 1,
2405  &Token->UserAndGroups[1],
2406  SidLen,
2407  &tg->Groups[0],
2408  Sid,
2409  &Unused.PSid,
2410  &Unused.Ulong);
2411 
2412  /* Return the structure */
2413  *TokenInformation = tg;
2415  break;
2416  }
2417 
2418  case TokenPrivileges:
2419  {
2421 
2422  DPRINT("SeQueryInformationToken(TokenPrivileges)\n");
2423  RequiredLength = sizeof(tp->PrivilegeCount) +
2424  (Token->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
2425 
2426  /* Allocate the output buffer */
2428  if (tp == NULL)
2429  {
2431  break;
2432  }
2433 
2434  tp->PrivilegeCount = Token->PrivilegeCount;
2435  RtlCopyLuidAndAttributesArray(Token->PrivilegeCount,
2436  Token->Privileges,
2437  &tp->Privileges[0]);
2438 
2439  /* Return the structure */
2440  *TokenInformation = tp;
2442  break;
2443  }
2444 
2445  case TokenOwner:
2446  {
2447  PTOKEN_OWNER to;
2448  ULONG SidLen;
2449 
2450  DPRINT("SeQueryInformationToken(TokenOwner)\n");
2451  SidLen = RtlLengthSid(Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
2452  RequiredLength = sizeof(TOKEN_OWNER) + SidLen;
2453 
2454  /* Allocate the output buffer */
2456  if (to == NULL)
2457  {
2459  break;
2460  }
2461 
2462  to->Owner = (PSID)(to + 1);
2463  Status = RtlCopySid(SidLen,
2464  to->Owner,
2465  Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
2466 
2467  /* Return the structure */
2468  *TokenInformation = to;
2470  break;
2471  }
2472 
2473  case TokenPrimaryGroup:
2474  {
2476  ULONG SidLen;
2477 
2478  DPRINT("SeQueryInformationToken(TokenPrimaryGroup)\n");
2479  SidLen = RtlLengthSid(Token->PrimaryGroup);
2480  RequiredLength = sizeof(TOKEN_PRIMARY_GROUP) + SidLen;
2481 
2482  /* Allocate the output buffer */
2484  if (tpg == NULL)
2485  {
2487  break;
2488  }
2489 
2490  tpg->PrimaryGroup = (PSID)(tpg + 1);
2491  Status = RtlCopySid(SidLen,
2492  tpg->PrimaryGroup,
2493  Token->PrimaryGroup);
2494 
2495  /* Return the structure */
2496  *TokenInformation = tpg;
2498  break;
2499  }
2500 
2501  case TokenDefaultDacl:
2502  {
2503  PTOKEN_DEFAULT_DACL tdd;
2504 
2505  DPRINT("SeQueryInformationToken(TokenDefaultDacl)\n");
2507 
2508  if (Token->DefaultDacl != NULL)
2509  RequiredLength += Token->DefaultDacl->AclSize;
2510 
2511  /* Allocate the output buffer */
2513  if (tdd == NULL)
2514  {
2516  break;
2517  }
2518 
2519  if (Token->DefaultDacl != NULL)
2520  {
2521  tdd->DefaultDacl = (PACL)(tdd + 1);
2523  Token->DefaultDacl,
2524  Token->DefaultDacl->AclSize);
2525  }
2526  else
2527  {
2528  tdd->DefaultDacl = NULL;
2529  }
2530 
2531  /* Return the structure */
2532  *TokenInformation = tdd;
2534  break;
2535  }
2536 
2537  case TokenSource:
2538  {
2539  PTOKEN_SOURCE ts;
2540 
2541  DPRINT("SeQueryInformationToken(TokenSource)\n");
2542  RequiredLength = sizeof(TOKEN_SOURCE);
2543 
2544  /* Allocate the output buffer */
2546  if (ts == NULL)
2547  {
2549  break;
2550  }
2551 
2552  *ts = Token->TokenSource;
2553 
2554  /* Return the structure */
2555  *TokenInformation = ts;
2557  break;
2558  }
2559 
2560  case TokenType:
2561  {
2562  PTOKEN_TYPE tt;
2563 
2564  DPRINT("SeQueryInformationToken(TokenType)\n");
2565  RequiredLength = sizeof(TOKEN_TYPE);
2566 
2567  /* Allocate the output buffer */
2569  if (tt == NULL)
2570  {
2572  break;
2573  }
2574 
2575  *tt = Token->TokenType;
2576 
2577  /* Return the structure */
2578  *TokenInformation = tt;
2580  break;
2581  }
2582 
2584  {
2586 
2587  DPRINT("SeQueryInformationToken(TokenImpersonationLevel)\n");
2589 
2590  /* Fail if the token is not an impersonation token */
2591  if (Token->TokenType != TokenImpersonation)
2592  {
2594  break;
2595  }
2596 
2597  /* Allocate the output buffer */
2599  if (sil == NULL)
2600  {
2602  break;
2603  }
2604 
2605  *sil = Token->ImpersonationLevel;
2606 
2607  /* Return the structure */
2608  *TokenInformation = sil;
2610  break;
2611  }
2612 
2613  case TokenStatistics:
2614  {
2615  PTOKEN_STATISTICS ts;
2616 
2617  DPRINT("SeQueryInformationToken(TokenStatistics)\n");
2618  RequiredLength = sizeof(TOKEN_STATISTICS);
2619 
2620  /* Allocate the output buffer */
2622  if (ts == NULL)
2623  {
2625  break;
2626  }
2627 
2628  ts->TokenId = Token->TokenId;
2629  ts->AuthenticationId = Token->AuthenticationId;
2630  ts->ExpirationTime = Token->ExpirationTime;
2631  ts->TokenType = Token->TokenType;
2632  ts->ImpersonationLevel = Token->ImpersonationLevel;
2633  ts->DynamicCharged = Token->DynamicCharged;
2634  ts->DynamicAvailable = Token->DynamicAvailable;
2635  ts->GroupCount = Token->UserAndGroupCount - 1;
2636  ts->PrivilegeCount = Token->PrivilegeCount;
2637  ts->ModifiedId = Token->ModifiedId;
2638 
2639  /* Return the structure */
2640  *TokenInformation = ts;
2642  break;
2643  }
2644 
2645  case TokenSessionId:
2646  {
2647  DPRINT("SeQueryInformationToken(TokenSessionId)\n");
2648  Status = SeQuerySessionIdToken(Token, (PULONG)TokenInformation);
2649  break;
2650  }
2651 
2652  default:
2653  DPRINT1("SeQueryInformationToken(%d) invalid information class\n", TokenInformationClass);
2655  break;
2656  }
2657 
2658  /* Release the lock of the token */
2660 
2661  return Status;
2662 }
LUID AuthenticationId
Definition: setypes.h:1052
enum _SECURITY_IMPERSONATION_LEVEL * PSECURITY_IMPERSONATION_LEVEL
_Must_inspect_result_ typedef _In_ PVOID Unused
Definition: iotypes.h:1166
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
struct _TOKEN_DEFAULT_DACL TOKEN_DEFAULT_DACL
enum _TOKEN_TYPE * PTOKEN_TYPE
$ULONG GroupCount
Definition: setypes.h:1058
$ULONG DynamicCharged
Definition: setypes.h:1056
NTSYSAPI NTSTATUS NTAPI RtlCopySidAndAttributesArray(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src, _In_ ULONG SidAreaSize, _In_ PSID_AND_ATTRIBUTES Dest, _In_ PSID SidArea, _Out_ PSID *RemainingSidArea, _Out_ PULONG RemainingSidAreaSize)
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
struct _TOKEN_USER TOKEN_USER
uint32_t ULONG_PTR
Definition: typedefs.h:65
static ULONG RtlLengthSidAndAttributes(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src)
Computes the length size of a SID.
Definition: token.c:823
NTSYSAPI VOID NTAPI RtlCopyLuidAndAttributesArray(ULONG Count, PLUID_AND_ATTRIBUTES Src, PLUID_AND_ATTRIBUTES Dest)
Definition: luid.c:33
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
PSID Owner
Definition: setypes.h:993
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
TOKEN_TYPE TokenType
Definition: setypes.h:1054
_In_ uint64_t _In_ uint64_t _In_ uint64_t _In_opt_ traverse_ptr * tp
Definition: btrfs.c:2930
struct _ACL * PACL
Definition: security.c:104
Status
Definition: gdiplustypes.h:24
#define TAG_SE
Definition: tag.h:173
LARGE_INTEGER ExpirationTime
Definition: setypes.h:1053
struct _TOKEN_OWNER TOKEN_OWNER
struct _TOKEN_SOURCE TOKEN_SOURCE
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:1055
struct _SID * PSID
Definition: eventlog.c:35
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
#define STATUS_INVALID_INFO_CLASS
Definition: ntstatus.h:240
#define SepReleaseTokenLock(Token)
Definition: se.h:231
NTSYSAPI BOOLEAN WINAPI RtlCopySid(DWORD, PSID, PSID)
enum _TOKEN_TYPE TOKEN_TYPE
$ULONG PrivilegeCount
Definition: setypes.h:1059
struct _TOKEN * PTOKEN
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
Definition: setypes.h:983
_In_ ULONG _Out_opt_ PULONG RequiredLength
Definition: wmifuncs.h:29
unsigned int * PULONG
Definition: retypes.h:1
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
$ULONG GroupCount
Definition: setypes.h:979
#define SepAcquireTokenLockShared(Token)
Definition: se.h:225
unsigned int ULONG
Definition: retypes.h:1
SID_AND_ATTRIBUTES User
Definition: setypes.h:975
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define STATUS_SUCCESS
Definition: shellext.h:65
#define DPRINT
Definition: sndvol32.h:71
NTSTATUS NTAPI SeQuerySessionIdToken(_In_ PACCESS_TOKEN Token, _Out_ PULONG pSessionId)
Queries the session ID of an access token.
Definition: token.c:2679
$ULONG DynamicAvailable
Definition: setypes.h:1057
struct _TOKEN_STATISTICS TOKEN_STATISTICS
unsigned long Ulong
Definition: utypes.h:42
struct _TOKEN_PRIMARY_GROUP TOKEN_PRIMARY_GROUP
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
Definition: sefuncs.h:297
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:388
#define PAGED_CODE()

Referenced by find_gid(), NtSecureConnectPort(), START_TEST(), and TestsSeQueryInformationToken().

◆ SeQuerySecurityDescriptorInfo()

◆ SeQuerySessionIdToken()

NTKERNELAPI NTSTATUS NTAPI SeQuerySessionIdToken ( _In_ PACCESS_TOKEN  Token,
_Out_ PULONG  pSessionId 
)

Queries the session ID of an access token.

Parameters
[in]TokenA valid access token where the session ID has to be gathered.
[out]pSessionIdThe returned pointer to a session ID to the caller.
Returns
Returns STATUS_SUCCESS.

Definition at line 2679 of file token.c.

2682 {
2683  PAGED_CODE();
2684 
2685  /* Lock the token */
2687 
2688  *pSessionId = ((PTOKEN)Token)->SessionId;
2689 
2690  /* Unlock the token */
2692 
2693  return STATUS_SUCCESS;
2694 }
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define SepReleaseTokenLock(Token)
Definition: se.h:231
struct _TOKEN * PTOKEN
#define SepAcquireTokenLockShared(Token)
Definition: se.h:225
#define STATUS_SUCCESS
Definition: shellext.h:65
#define PAGED_CODE()

Referenced by NtQueryInformationToken(), RxGetSessionId(), RxInitializeVNetRootParameters(), and SeQueryInformationToken().

◆ SeQueryTokenIntegrity()

NTKERNELAPI VOID NTAPI SeQueryTokenIntegrity ( _In_ PACCESS_TOKEN  Token,
_Inout_ PSID_AND_ATTRIBUTES  IntegritySA 
)

◆ SeRegisterLogonSessionTerminatedRoutine()

NTKERNELAPI NTSTATUS NTAPI SeRegisterLogonSessionTerminatedRoutine ( _In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE  CallbackRoutine)

Registers a callback that will be called once a logon session terminates.

Parameters
[in]CallbackRoutineCallback routine address.
Returns
Returns STATUS_SUCCESS if the callback routine was registered successfully. STATUS_INVALID_PARAMETER is returned if the caller did not provide a callback routine. STATUS_INSUFFICIENT_RESOURCES is returned if the callback notification data couldn't be allocated because of lack of memory pool resources.

Definition at line 1572 of file srm.c.

1574 {
1576  PAGED_CODE();
1577 
1578  /* Fail, if we don not have a callback routine */
1579  if (CallbackRoutine == NULL)
1580  return STATUS_INVALID_PARAMETER;
1581 
1582  /* Allocate a new notification item */
1586  if (Notification == NULL)
1588 
1589  /* Acquire the database lock */
1591 
1592  /* Set the callback routine */
1593  Notification->CallbackRoutine = CallbackRoutine;
1594 
1595  /* Insert the new notification item into the list */
1598 
1599  /* Release the database lock */
1601 
1602  return STATUS_SUCCESS;
1603 }
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
_Must_inspect_result_ _In_ PFLT_GET_OPERATION_STATUS_CALLBACK CallbackRoutine
Definition: fltkernel.h:1035
#define TAG_LOGON_NOTIFICATION
Definition: tag.h:187
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION SepLogonNotifications
Definition: srm.c:63
_In_ PWDFDEVICE_INIT _In_ PFN_WDF_DEVICE_SHUTDOWN_NOTIFICATION Notification
Definition: wdfcontrol.h:113
#define NULL
Definition: types.h:112
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
#define STATUS_SUCCESS
Definition: shellext.h:65
#define PAGED_CODE()
KGUARDED_MUTEX SepRmDbLock
Definition: srm.c:61

◆ SeReleaseSubjectContext()

NTKERNELAPI VOID NTAPI SeReleaseSubjectContext ( _Inout_ PSECURITY_SUBJECT_CONTEXT  SubjectContext)

◆ SeReportSecurityEvent()

NTSTATUS NTAPI SeReportSecurityEvent ( _In_ ULONG  Flags,
_In_ PUNICODE_STRING  SourceName,
_In_opt_ PSID  UserSid,
_In_ PSE_ADT_PARAMETER_ARRAY  AuditParameters 
)

Report a security event to the security manager.

@unimplemented

Parameters
[in]FlagsFlags that influence how the event should be reported.
[in]SourceNameA Unicode string that represents the source name of the event.
[in]UserSidThe SID that represents a user that initiated the reporting.
[in]AuditParametersAn array of parameters for auditing purposes. This is used for reporting the event which the security manager will take care subsequently of doing eventual security auditing.
Returns
Returns STATUS_SUCCESS if the security event has been reported. STATUS_INVALID_PARAMETER is returned if one of the parameters do not satisfy the requirements expected by the function.

Definition at line 508 of file semgr.c.

513 {
515  PTOKEN EffectiveToken;
516  PISID Sid;
518 
519  /* Validate parameters */
520  if ((Flags != 0) ||
521  (SourceName == NULL) ||
522  (SourceName->Buffer == NULL) ||
523  (SourceName->Length == 0) ||
524  (AuditParameters == NULL) ||
525  (AuditParameters->ParameterCount > SE_MAX_AUDIT_PARAMETERS - 4))
526  {
528  }
529 
530  /* Validate the source name */
532  if (!NT_SUCCESS(Status))
533  {
534  return Status;
535  }
536 
537  /* Check if we have a user SID */
538  if (UserSid != NULL)
539  {
540  /* Validate it */
541  if (!RtlValidSid(UserSid))
542  {
544  }
545 
546  /* Use the user SID */
547  Sid = UserSid;
548  }
549  else
550  {
551  /* No user SID, capture the security subject context */
553 
554  /* Extract the effective token */
555  EffectiveToken = SubjectContext.ClientToken ?
556  SubjectContext.ClientToken : SubjectContext.PrimaryToken;
557 
558  /* Use the user-and-groups SID */
559  Sid = EffectiveToken->UserAndGroups->Sid;
560  }
561 
563 
564  /* Check if we captured the subject context */
565  if (Sid != UserSid)
566  {
567  /* Release it */
569  }
570 
571  /* Return success */
572  return STATUS_SUCCESS;
573 }
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
#define SE_MAX_AUDIT_PARAMETERS
Definition: setypes.h:243
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
NTSYSAPI NTSTATUS NTAPI RtlValidateUnicodeString(_In_ ULONG Flags, _In_ PCUNICODE_STRING String)
Definition: unicode.c:2559
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
Status
Definition: gdiplustypes.h:24
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
Definition: access.c:434
#define NULL
Definition: types.h:112
WCHAR SourceName[256]
Definition: arping.c:28
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
Definition: access.c:520
#define UNIMPLEMENTED
Definition: debug.h:115
PSID_AND_ATTRIBUTES UserAndGroups
Definition: setypes.h:215
#define STATUS_SUCCESS
Definition: shellext.h:65

◆ SeReportSecurityEventWithSubCategory()

NTSTATUS NTAPI SeReportSecurityEventWithSubCategory ( _In_ ULONG  Flags,
_In_ PUNICODE_STRING  SourceName,
_In_opt_ PSID  UserSid,
_In_ PSE_ADT_PARAMETER_ARRAY  AuditParameters,
_In_ ULONG  AuditSubcategoryId 
)

◆ SeSetAccessStateGenericMapping()

VOID NTAPI SeSetAccessStateGenericMapping ( _Inout_ PACCESS_STATE  AccessState,
_In_ PGENERIC_MAPPING  GenericMapping 
)

◆ SeSetSecurityDescriptorInfo()

NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfo ( _In_opt_ PVOID  Object,
_In_ PSECURITY_INFORMATION  SecurityInformation,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_Inout_ PSECURITY_DESCRIPTOR ObjectsSecurityDescriptor,
_In_ POOL_TYPE  PoolType,
_In_ PGENERIC_MAPPING  GenericMapping 
)

◆ SeSetSecurityDescriptorInfoEx()

NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfoEx ( _In_opt_ PVOID  Object,
_In_ PSECURITY_INFORMATION  SecurityInformation,
_In_ PSECURITY_DESCRIPTOR  ModificationDescriptor,
_Inout_ PSECURITY_DESCRIPTOR ObjectsSecurityDescriptor,
_In_ ULONG  AutoInheritFlags,
_In_ POOL_TYPE  PoolType,
_In_ PGENERIC_MAPPING  GenericMapping 
)

◆ SeSetSessionIdToken()

NTKERNELAPI NTSTATUS NTAPI SeSetSessionIdToken ( _In_ PACCESS_TOKEN  Token,
_In_ ULONG  SessionId 
)

◆ SeTokenIsAdmin()

NTKERNELAPI BOOLEAN NTAPI SeTokenIsAdmin ( _In_ PACCESS_TOKEN  Token)

Determines if a token is either an admin token or not. Such condition is checked based upon TOKEN_HAS_ADMIN_GROUP flag, which means if the respective access token belongs to an administrator group or not.

Parameters
[in]TokenA valid access token to determine if such token is admin or not.
Returns
Returns TRUE if the token is an admin one, FALSE otherwise.

Definition at line 2778 of file token.c.

2780 {
2781  PAGED_CODE();
2782 
2783  // NOTE: Win7+ instead really checks the list of groups in the token
2784  // (since TOKEN_HAS_ADMIN_GROUP == TOKEN_WRITE_RESTRICTED ...)
2785  return (((PTOKEN)Token)->TokenFlags & TOKEN_HAS_ADMIN_GROUP) != 0;
2786 }
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define TOKEN_HAS_ADMIN_GROUP
Definition: setypes.h:1147
#define PAGED_CODE()

Referenced by PsImpersonateClient().

◆ SeTokenIsRestricted()

NTKERNELAPI BOOLEAN NTAPI SeTokenIsRestricted ( _In_ PACCESS_TOKEN  Token)

Determines if a token is restricted or not, based upon the token flags.

Parameters
[in]TokenA valid access token to determine if such token is restricted.
Returns
Returns TRUE if the token is restricted, FALSE otherwise.

Definition at line 2801 of file token.c.

2803 {
2804  PAGED_CODE();
2805 
2806  return (((PTOKEN)Token)->TokenFlags & TOKEN_IS_RESTRICTED) != 0;
2807 }
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define TOKEN_IS_RESTRICTED
Definition: setypes.h:1148
#define PAGED_CODE()

Referenced by PsImpersonateClient(), RxInitializeVNetRootParameters(), SepCompareTokens(), SepImpersonateAnonymousToken(), and SeTokenCanImpersonate().

◆ SeTokenType()

NTKERNELAPI TOKEN_TYPE NTAPI SeTokenType ( _In_ PACCESS_TOKEN  Token)

Gathers the token type of an access token. A token ca be either a primary token or impersonation token.

Parameters
[in]TokenA valid access token where the token type has to be gathered.
Returns
Returns the token type from a valid token.

Definition at line 2755 of file token.c.

2757 {
2758  PAGED_CODE();
2759 
2760  return ((PTOKEN)Token)->TokenType;
2761 }
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define PAGED_CODE()

◆ SeUnlockSubjectContext()

NTKERNELAPI VOID NTAPI SeUnlockSubjectContext ( _In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext)

Unlocks both the referenced primary and client access tokens of a security subject context.

Parameters
[in]SubjectContextA valid security context with both referenced tokens.
Returns
Nothing.

Definition at line 487 of file access.c.

489 {
490  PTOKEN PrimaryToken, ClientToken;
491  PAGED_CODE();
492 
493  /* Read both tokens */
494  PrimaryToken = SubjectContext->PrimaryToken;
495  ClientToken = SubjectContext->ClientToken;
496 
497  /* Unlock the impersonation one if it's there */
498  if (ClientToken)
499  {
500  SepReleaseTokenLock(ClientToken);
501  }
502 
503  /* Always unlock the primary one */
504  SepReleaseTokenLock(PrimaryToken);
505 }
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
#define SepReleaseTokenLock(Token)
Definition: se.h:231
#define PAGED_CODE()

Referenced by create_stream(), FatExplicitDeviceAccessGranted(), file_create(), HasPrivilege(), IopParseDevice(), NpCreateClientEnd(), NpCreateExistingNamedPipe(), NpCreateNewNamedPipe(), ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObpCheckObjectReference(), ObpCheckTraverseAccess(), open_file2(), SeAccessCheck(), START_TEST(), and TestSeAssignSecurity().

◆ SeUnregisterLogonSessionTerminatedRoutine()

NTKERNELAPI NTSTATUS NTAPI SeUnregisterLogonSessionTerminatedRoutine ( _In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE  CallbackRoutine)

Un-registers a callback routine, previously registered by SeRegisterLogonSessionTerminatedRoutine function.

Parameters
[in]CallbackRoutineCallback routine address to un-register.
Returns
Returns STATUS_SUCCESS if the callback routine was un-registered successfully. STATUS_INVALID_PARAMETER is returned if the caller did not provide a callback routine. STATUS_NOT_FOUND is returned if the callback notification item couldn't be found.

Definition at line 1621 of file srm.c.

1623 {
1625  NTSTATUS Status;
1626  PAGED_CODE();
1627 
1628  /* Fail, if we don not have a callback routine */
1629  if (CallbackRoutine == NULL)
1630  return STATUS_INVALID_PARAMETER;
1631 
1632  /* Acquire the database lock */
1634 
1635  /* Loop all registered notification items */
1636  for (Current = SepLogonNotifications;
1637  Current != NULL;
1638  Current = Current->Next)
1639  {
1640  /* Check if the callback routine matches the provided one */
1641  if (Current->CallbackRoutine == CallbackRoutine)
1642  break;
1643 
1644  Previous = Current;
1645  }
1646 
1647  if (Current == NULL)
1648  {
1650  }
1651  else
1652  {
1653  /* Remove the current notification item from the list */
1654  if (Previous == NULL)
1655  SepLogonNotifications = Current->Next;
1656  else
1657  Previous->Next = Current->Next;
1658 
1659  /* Free the current notification item */
1660  ExFreePoolWithTag(Current,
1662 
1664  }
1665 
1666  /* Release the database lock */
1668 
1669  return Status;
1670 }
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
_Must_inspect_result_ _In_ PFLT_GET_OPERATION_STATUS_CALLBACK CallbackRoutine
Definition: fltkernel.h:1035
PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
Definition: srm.c:21
#define TAG_LOGON_NOTIFICATION
Definition: tag.h:187
Status
Definition: gdiplustypes.h:24
#define STATUS_NOT_FOUND
Definition: shellext.h:72
PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION SepLogonNotifications
Definition: srm.c:63
struct _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION * Next
Definition: srm.c:20
#define NULL
Definition: types.h:112
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
#define STATUS_SUCCESS
Definition: shellext.h:65
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define PAGED_CODE()
KGUARDED_MUTEX SepRmDbLock
Definition: srm.c:61

Variable Documentation

◆ AbsoluteObjectName

_In_opt_ PVOID _In_opt_ PUNICODE_STRING AbsoluteObjectName

Definition at line 414 of file sefuncs.h.

◆ AccessGranted

◆ AccessMode

◆ AccessState

◆ AccessStatus

◆ DesiredAccess

◆ ExplicitDescriptor

_In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor

Definition at line 29 of file sefuncs.h.

Referenced by TestSeAssignSecurity().

◆ GenerateOnClose

◆ GenericMapping

◆ GrantedAccess

◆ IsDirectoryObject

◆ NewDescriptor

◆ Object

Definition at line 414 of file sefuncs.h.

◆ ObjectCreated

◆ ParentSecurityDescriptor

Definition at line 395 of file sefuncs.h.

◆ PoolType

◆ PreviouslyGrantedAccess

◆ PreviousMode

_In_ KPROCESSOR_MODE PreviousMode

Definition at line 103 of file sefuncs.h.

Referenced by _IRQL_requires_max_(), DbgkOpenProcessDebugPort(), DefaultQueryInfoBufferCheck(), DefaultSetInfoBufferCheck(), ExpRaiseHardError(), IopCheckBackupRestorePrivilege(), IopDeviceFsIoControl(), IopFinalizeAsynchronousIo(), IopPerformSynchronousRequest(), IopQueryName(), IopQueryNameInternal(), IopUnloadDriver(), KdbEnterDebuggerException(), KdpCommandString(), KdpPrint(), KdpPrintFromUser(), KdpPrompt(), KdpStub(), KdpSymbol(), KdpTrap(), KeContextToTrapFrame(), KeFlushQueueApc(), KiApcInterrupt(), KiContinue(), KiDispatchException(), KiRaiseException(), KiSoftwareInterruptHandler(), LpcpCopyRequestData(), LpcpCreatePort(), LpcRequestPort(), LpcRequestWaitReplyPort(), MiAccessCheck(), MiDoMappedCopy(), MiDoPoolCopy(), MiQueryMemoryBasicInformation(), MiQueryMemorySectionName(), MmCopyVirtualMemory(), MmCreateArm3Section(), NpCreateClientEnd(), NpCreateExistingNamedPipe(), NtAcceptConnectPort(), NtAccessCheck(), NtAddAtom(), NtAdjustGroupsToken(), NtAdjustPrivilegesToken(), NtAlertResumeThread(), NtAlertThread(), NtAllocateLocallyUniqueId(), NtAllocateUuids(), NtAllocateVirtualMemory(), NtAssignProcessToJobObject(), NtCancelIoFile(), NtCancelTimer(), NtCloseObjectAuditAlarm(), NtCompareTokens(), NtCompleteConnectPort(), NtCreateDebugObject(), NtCreateDirectoryObject(), NtCreateEvent(), NtCreateEventPair(), NtCreateIoCompletion(), NtCreateJobObject(), NtCreateKey(), NtCreateMutant(), NtCreatePagingFile(), NtCreateProcessEx(), NtCreateProfile(), NtCreateSection(), NtCreateSemaphore(), NtCreateSymbolicLinkObject(), NtCreateTimer(), NtCreateToken(), NtDebugActiveProcess(), NtDebugContinue(), NtDelayExecution(), NtDeleteValueKey(), NtDisplayString(), NtDuplicateObject(), NtDuplicateToken(), NtEnumerateKey(), NtEnumerateValueKey(), NtExtendSection(), NtFindAtom(), NtFlushBuffersFile(), NtFlushVirtualMemory(), NtFreeVirtualMemory(), NtGetContextThread(), NtGetWriteWatch(), NtImpersonateAnonymousToken(), NtImpersonateClientOfPort(), NtImpersonateThread(), NtIsProcessInJob(), NtLoadDriver(), NtLoadKeyEx(), NtLockFile(), NtLockProductActivationKeys(), NtLockVirtualMemory(), NtMakePermanentObject(), NtMapViewOfSection(), NtNotifyChangeDirectoryFile(), NtOpenDirectoryObject(), NtOpenEvent(), NtOpenEventPair(), NtOpenIoCompletion(), NtOpenJobObject(), NtOpenKey(), NtOpenMutant(), NtOpenProcess(), NtOpenProcessTokenEx(), NtOpenSection(), NtOpenSemaphore(), NtOpenSymbolicLinkObject(), NtOpenThread(), NtOpenThreadTokenEx(), NtOpenTimer(), NtPowerInformation(), NtPrivilegeCheck(), NtPrivilegedServiceAuditAlarm(), NtProtectVirtualMemory(), NtPulseEvent(), NtQueryDirectoryFile(), NtQueryDirectoryObject(), NtQueryEvent(), NtQueryInformationAtom(), NtQueryInformationFile(), NtQueryInformationJobObject(), NtQueryInformationProcess(), NtQueryInformationThread(), NtQueryInformationToken(), NtQueryIntervalProfile(), NtQueryIoCompletion(), NtQueryKey(), NtQueryMutant(), NtQueryObject(), NtQueryOpenSubKeys(), NtQueryPerformanceCounter(), NtQuerySection(), NtQuerySecurityObject(), NtQuerySemaphore(), NtQuerySymbolicLinkObject(), NtQuerySystemEnvironmentValue(), NtQuerySystemInformation(), NtQuerySystemTime(), NtQueryTimer(), NtQueryTimerResolution(), NtQueryValueKey(), NtQueryVirtualMemory(), NtQueryVolumeInformationFile(), NtRaiseHardError(), NtReadFile(), NtReadVirtualMemory(), NtReleaseMutant(), NtReleaseSemaphore(), NtRemoveIoCompletion(), NtRemoveProcessDebug(), NtReplyPort(), NtReplyWaitReceivePortEx(), NtRequestPort(), NtRequestWaitReplyPort(), NtResetEvent(), NtResetWriteWatch(), NtResumeProcess(), NtResumeThread(), NtSaveKeyEx(), NtSaveMergedKeys(), NtSecureConnectPort(), NtSetContextThread(), NtSetDefaultHardErrorPort(), NtSetEvent(), NtSetHighEventPair(), NtSetHighWaitLowEventPair(), NtSetInformationDebugObject(), NtSetInformationFile(), NtSetInformationJobObject(), NtSetInformationObject(), NtSetInformationProcess(), NtSetInformationThread(), NtSetInformationToken(), NtSetLowEventPair(), NtSetLowWaitHighEventPair(), NtSetSecurityObject(), NtSetSystemEnvironmentValue(), NtSetSystemInformation(), NtSetSystemPowerState(), NtSetSystemTime(), NtSetThreadExecutionState(), NtSetTimer(), NtSetTimerResolution(), NtSetValueKey(), NtSetVolumeInformationFile(), NtSignalAndWaitForSingleObject(), NtStartProfile(), NtStopProfile(), NtSuspendProcess(), NtSuspendThread(), NtTerminateJobObject(), NtUnloadKey2(), NtUnlockFile(), NtUnlockVirtualMemory(), NtUnmapViewOfSection(), NtWaitForDebugEvent(), NtWaitForMultipleObjects(), NtWaitForSingleObject(), NtWaitHighEventPair(), NtWaitLowEventPair(), NtWriteFile(), NtWriteVirtualMemory(), ObDuplicateObject(), ObInsertObject(), ObpAllocateObject(), ObpValidateAttributes(), ObSetHandleAttributes(), OpenRemoteDatabase(), PsGetContextThread(), PspCreateProcess(), PspCreateThread(), PspSetPrimaryToken(), PspSetQuotaLimits(), PsSetContextThread(), QSI_DEF(), SeCaptureLuidAndAttributesArray(), SeCaptureObjectTypeList(), SeCaptureSidAndAttributesArray(), SeCheckAuditPrivilege(), SeCheckPrivilegedObject(), SeCopyClientToken(), SepCreateToken(), SepDuplicateToken(), SepImpersonateAnonymousToken(), SepPrivilegeCheck(), SePrivilegeCheck(), SePrivilegePolicyCheck(), SepSinglePrivilegeCheck(), SeReleaseLuidAndAttributesArray(), SeReleaseObjectTypeList(), SeSinglePrivilegeCheck(), SSI_DEF(), WmipOpenGuidForEvents(), and WmipRegisterGuids().

◆ Privileges

◆ SecurityDescriptor

◆ SeExports

◆ SubjectContext

◆ SubjectContextLocked

Definition at line 13 of file sefuncs.h.

Referenced by SeAccessCheck().

◆ SubjectSecurityContext

◆ TransactionId