ReactOS  0.4.15-dev-4869-g35a816a
sefuncs.h File Reference

Go to the source code of this file.

Macros

#define SeLengthSid(Sid)   (8 + (4 * ((SID *)Sid)->SubAuthorityCount))
 
#define SeDeleteClientSecurity(C)
 
#define SeStopImpersonatingClient()   PsRevertToSelf()
 
#define SeQuerySubjectContextToken(SubjectContext)
 

Functions

 $if (_WDMDDK_) _IRQL_requires_max_(PASSIVE_LEVEL) NTKERNELAPI BOOLEAN NTAPI SeAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor
 
 _IRQL_requires_max_ (PASSIVE_LEVEL) NTKERNELAPI NTSTATUS NTAPI SeAssignSecurity(_In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor
 Queries information details about a security descriptor. More...
 
NTKERNELAPI NTSTATUS NTAPI SeAssignSecurityEx (_In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor, _In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor, _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, _In_opt_ GUID *ObjectType, _In_ BOOLEAN IsDirectoryObject, _In_ ULONG AutoInheritFlags, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PGENERIC_MAPPING GenericMapping, _In_ POOL_TYPE PoolType)
 
 _In_reads_bytes_ (Length) PSECURITY_DESCRIPTOR SecurityDescriptor)
 
NTKERNELAPI ULONG NTAPI SeObjectCreateSaclAccessBits (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor)
 
NTKERNELAPI VOID NTAPI SeReleaseSubjectContext (_Inout_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
 
NTKERNELAPI VOID NTAPI SeUnlockSubjectContext (_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
 Unlocks both the referenced primary and client access tokens of a security subject context. More...
 
NTKERNELAPI VOID NTAPI SeCaptureSubjectContext (_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
 Captures the security subject context of the calling thread and calling process. More...
 
NTKERNELAPI VOID NTAPI SeLockSubjectContext (_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
 Locks both the referenced primary and client access tokens of a security subject context. More...
 
 $endif (_WDMDDK_) $if(_NTDDK_) _IRQL_requires_max_(PASSIVE_LEVEL) NTKERNELAPI BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue
 
 $endif (_NTDDK_) $if(_NTIFS_) NTKERNELAPI VOID NTAPI SeReleaseSubjectContext(_Inout_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
 
NTKERNELAPI BOOLEAN NTAPI SePrivilegeCheck (_Inout_ PPRIVILEGE_SET RequiredPrivileges, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE AccessMode)
 
NTKERNELAPI VOID NTAPI SeOpenObjectAuditAlarm (_In_ PUNICODE_STRING ObjectTypeName, _In_opt_ PVOID Object, _In_opt_ PUNICODE_STRING AbsoluteObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ BOOLEAN ObjectCreated, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE AccessMode, _Out_ PBOOLEAN GenerateOnClose)
 Creates an audit with alarm notification of an object that is being opened. More...
 
NTKERNELAPI VOID NTAPI SeOpenObjectForDeleteAuditAlarm (_In_ PUNICODE_STRING ObjectTypeName, _In_opt_ PVOID Object, _In_opt_ PUNICODE_STRING AbsoluteObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ BOOLEAN ObjectCreated, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE AccessMode, _Out_ PBOOLEAN GenerateOnClose)
 Creates an audit with alarm notification of an object that is being opened for deletion. More...
 
NTKERNELAPI VOID NTAPI SeDeleteObjectAuditAlarm (_In_ PVOID Object, _In_ HANDLE Handle)
 Deletes an alarm audit of an object. More...
 
NTKERNELAPI TOKEN_TYPE NTAPI SeTokenType (_In_ PACCESS_TOKEN Token)
 Gathers the token type of an access token. A token ca be either a primary token or impersonation token. More...
 
NTKERNELAPI BOOLEAN NTAPI SeTokenIsAdmin (_In_ PACCESS_TOKEN Token)
 Determines if a token is either an admin token or not. Such condition is checked based upon TOKEN_HAS_ADMIN_GROUP flag, which means if the respective access token belongs to an administrator group or not. More...
 
NTKERNELAPI BOOLEAN NTAPI SeTokenIsRestricted (_In_ PACCESS_TOKEN Token)
 Determines if a token is restricted or not, based upon the token flags. More...
 
NTKERNELAPI NTSTATUS NTAPI SeQueryAuthenticationIdToken (_In_ PACCESS_TOKEN Token, _Out_ PLUID AuthenticationId)
 Queries the authentication ID of an access token. More...
 
NTKERNELAPI NTSTATUS NTAPI SeQuerySessionIdToken (_In_ PACCESS_TOKEN Token, _Out_ PULONG SessionId)
 Queries the session ID of an access token. More...
 
NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurity (_In_ PETHREAD ClientThread, _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, _In_ BOOLEAN RemoteSession, _Out_ PSECURITY_CLIENT_CONTEXT ClientContext)
 Creates a client security context. More...
 
NTKERNELAPI VOID NTAPI SeImpersonateClient (_In_ PSECURITY_CLIENT_CONTEXT ClientContext, _In_opt_ PETHREAD ServerThread)
 Impersonates a client user. More...
 
NTKERNELAPI NTSTATUS NTAPI SeImpersonateClientEx (_In_ PSECURITY_CLIENT_CONTEXT ClientContext, _In_opt_ PETHREAD ServerThread)
 Extended function that impersonates a client. More...
 
NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurityFromSubjectContext (_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, _In_ BOOLEAN ServerIsRemote, _Out_ PSECURITY_CLIENT_CONTEXT ClientContext)
 Creates a client security context based upon the captured security subject context. More...
 
NTKERNELAPI NTSTATUS NTAPI SeQuerySecurityDescriptorInfo (_In_ PSECURITY_INFORMATION SecurityInformation, _Out_writes_bytes_(*Length) PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PULONG Length, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor)
 
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfo (_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
 
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfoEx (_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR ModificationDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ ULONG AutoInheritFlags, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
 
NTKERNELAPI NTSTATUS NTAPI SeAppendPrivileges (_Inout_ PACCESS_STATE AccessState, _In_ PPRIVILEGE_SET Privileges)
 Appends additional privileges. More...
 
NTKERNELAPI BOOLEAN NTAPI SeAuditingFileEvents (_In_ BOOLEAN AccessGranted, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor)
 Determines whether auditing against file events is being done or not. More...
 
NTKERNELAPI BOOLEAN NTAPI SeAuditingFileOrGlobalEvents (_In_ BOOLEAN AccessGranted, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)
 Determines whether auditing against files or global events with subject context is being done or not. More...
 
VOID NTAPI SeSetAccessStateGenericMapping (_Inout_ PACCESS_STATE AccessState, _In_ PGENERIC_MAPPING GenericMapping)
 
NTKERNELAPI NTSTATUS NTAPI SeRegisterLogonSessionTerminatedRoutine (_In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
 Registers a callback that will be called once a logon session terminates. More...
 
NTKERNELAPI NTSTATUS NTAPI SeUnregisterLogonSessionTerminatedRoutine (_In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
 Un-registers a callback routine, previously registered by SeRegisterLogonSessionTerminatedRoutine function. More...
 
NTKERNELAPI NTSTATUS NTAPI SeMarkLogonSessionForTerminationNotification (_In_ PLUID LogonId)
 Marks a logon session for future termination, given its logon ID. This triggers a callout (the registered callback) when the logon is no longer used by anyone, that is, no token is still referencing the speciffied logon session. More...
 
NTKERNELAPI NTSTATUS NTAPI SeQueryInformationToken (_In_ PACCESS_TOKEN Token, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Outptr_result_buffer_(_Inexpressible_(token-dependent)) PVOID *TokenInformation)
 Queries information details about the given token to the call. The difference between NtQueryInformationToken and this routine is that the system call has user mode buffer data probing and additional protection checks whereas this routine doesn't have any of these. The routine is used exclusively in kernel mode. More...
 
 $endif (_NTIFS_) $if(_NTIFS_) NTKERNELAPI BOOLEAN NTAPI SeAuditingHardLinkEvents(_In_ BOOLEAN AccessGranted
 
NTKERNELAPI NTSTATUS NTAPI SeFilterToken (_In_ PACCESS_TOKEN ExistingToken, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Outptr_ PACCESS_TOKEN *FilteredToken)
 
NTKERNELAPI VOID NTAPI SeAuditHardLinkCreation (_In_ PUNICODE_STRING FileName, _In_ PUNICODE_STRING LinkName, _In_ BOOLEAN bSuccess)
 Performs an audit against a hard link creation. More...
 
NTKERNELAPI BOOLEAN NTAPI SeAuditingFileEventsWithContext (_In_ BOOLEAN AccessGranted, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)
 Determines whether auditing against file events with subject context is being done or not. More...
 
NTKERNELAPI BOOLEAN NTAPI SeAuditingHardLinkEventsWithContext (_In_ BOOLEAN AccessGranted, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)
 Determines whether auditing against hard links events with subject context is being done or not. More...
 
NTSTATUS NTAPI SeReportSecurityEvent (_In_ ULONG Flags, _In_ PUNICODE_STRING SourceName, _In_opt_ PSID UserSid, _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters)
 Report a security event to the security manager. More...
 
NTKERNELAPI VOID NTAPI SeOpenObjectForDeleteAuditAlarmWithTransaction (_In_ PUNICODE_STRING ObjectTypeName, _In_opt_ PVOID Object, _In_opt_ PUNICODE_STRING AbsoluteObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ BOOLEAN ObjectCreated, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE AccessMode, _In_opt_ GUID *TransactionId, _Out_ PBOOLEAN GenerateOnClose)
 
NTKERNELAPI VOID NTAPI SeExamineSacl (_In_ PACL Sacl, _In_ PACCESS_TOKEN Token, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateAudit, _Out_ PBOOLEAN GenerateAlarm)
 
NTKERNELAPI VOID NTAPI SeDeleteObjectAuditAlarmWithTransaction (_In_ PVOID Object, _In_ HANDLE Handle, _In_opt_ GUID *TransactionId)
 
NTKERNELAPI VOID NTAPI SeQueryTokenIntegrity (_In_ PACCESS_TOKEN Token, _Inout_ PSID_AND_ATTRIBUTES IntegritySA)
 
NTKERNELAPI NTSTATUS NTAPI SeSetSessionIdToken (_In_ PACCESS_TOKEN Token, _In_ ULONG SessionId)
 
NTKERNELAPI VOID NTAPI SeAuditHardLinkCreationWithTransaction (_In_ PUNICODE_STRING FileName, _In_ PUNICODE_STRING LinkName, _In_ BOOLEAN bSuccess, _In_opt_ GUID *TransactionId)
 
NTKERNELAPI VOID NTAPI SeAuditTransactionStateChange (_In_ GUID *TransactionId, _In_ GUID *ResourceManagerId, _In_ ULONG NewTransactionState)
 
NTKERNELAPI BOOLEAN NTAPI SeAuditingAnyFileEventsWithContext (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _Out_opt_ PBOOLEAN StagingEnabled)
 
NTKERNELAPI VOID NTAPI SeExamineGlobalSacl (_In_ PUNICODE_STRING ObjectType, _In_ PACL ResourceSacl, _In_ PACCESS_TOKEN Token, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN AccessGranted, _Inout_ PBOOLEAN GenerateAudit, _Inout_opt_ PBOOLEAN GenerateAlarm)
 
NTKERNELAPI VOID NTAPI SeMaximumAuditMaskFromGlobalSacl (_In_opt_ PUNICODE_STRING ObjectTypeName, _In_ ACCESS_MASK GrantedAccess, _In_ PACCESS_TOKEN Token, _Inout_ PACCESS_MASK AuditMask)
 
NTSTATUS NTAPI SeReportSecurityEventWithSubCategory (_In_ ULONG Flags, _In_ PUNICODE_STRING SourceName, _In_opt_ PSID UserSid, _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters, _In_ ULONG AuditSubcategoryId)
 
BOOLEAN NTAPI SeAccessCheckFromState (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PTOKEN_ACCESS_INFORMATION PrimaryTokenInformation, _In_opt_ PTOKEN_ACCESS_INFORMATION ClientTokenInformation, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Outptr_opt_result_maybenull_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
NTKERNELAPI VOID NTAPI SeFreePrivileges (_In_ PPRIVILEGE_SET Privileges)
 Frees a set of privileges. More...
 
NTSTATUS NTAPI SeLocateProcessImageName (_Inout_ PEPROCESS Process, _Outptr_ PUNICODE_STRING *pImageFileName)
 

Variables

_In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN SubjectContextLocked
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK DesiredAccess
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK PreviouslyGrantedAccess
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SETPrivileges
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING GenericMapping
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE AccessMode
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
 
_In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor
 
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTORNewDescriptor
 
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
 
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext
 
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN _In_ PSECURITY_SUBJECT_CONTEXT _In_ PGENERIC_MAPPING _In_ POOL_TYPE PoolType
 
_In_ KPROCESSOR_MODE PreviousMode
 
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor
 
_In_opt_ PSECURITY_DESCRIPTOR _In_opt_ PSECURITY_DESCRIPTOR ParentSecurityDescriptor
 
_In_opt_ PVOID Object
 
_In_opt_ PVOID _In_opt_ PUNICODE_STRING AbsoluteObjectName
 
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
 
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN ObjectCreated
 
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
 
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUIDTransactionId
 
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
 
NTKERNELAPI PSE_EXPORTS SeExports
 

Macro Definition Documentation

◆ SeDeleteClientSecurity

#define SeDeleteClientSecurity (   C)
Value:
{ \
if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
PsDereferencePrimaryToken( (C)->ClientToken ); \
} else { \
PsDereferenceImpersonationToken( (C)->ClientToken ); \
} \
}
Definition: terminate.cpp:23
NTKERNELAPI TOKEN_TYPE NTAPI SeTokenType(_In_ PACCESS_TOKEN Token)
Gathers the token type of an access token. A token ca be either a primary token or impersonation toke...
Definition: token.c:1726

Definition at line 573 of file sefuncs.h.

◆ SeLengthSid

#define SeLengthSid (   Sid)    (8 + (4 * ((SID *)Sid)->SubAuthorityCount))

Definition at line 570 of file sefuncs.h.

◆ SeQuerySubjectContextToken

#define SeQuerySubjectContextToken (   SubjectContext)
Value:
) ? \
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: sefuncs.h:29
#define ARGUMENT_PRESENT(ArgumentPointer)
struct _SECURITY_SUBJECT_CONTEXT * PSECURITY_SUBJECT_CONTEXT

Definition at line 583 of file sefuncs.h.

◆ SeStopImpersonatingClient

#define SeStopImpersonatingClient ( )    PsRevertToSelf()

Definition at line 581 of file sefuncs.h.

Function Documentation

◆ $endif() [1/3]

$endif ( _WDMDDK_  )

Definition at line 202 of file ke.h.

226 {
227  ULONGLONG Low;
228  LONGLONG High;
229 } NEON128, *PNEON128;
Definition: strmini.h:380
NEON128 NEON128
Definition: ke.h:56
int64_t LONGLONG
Definition: typedefs.h:68
uint64_t ULONGLONG
Definition: typedefs.h:67
Definition: strmini.h:378
NEON128 * PNEON128
Definition: ke.h:56

◆ $endif() [2/3]

$endif ( _NTDDK_  )

Definition at line 2494 of file iofuncs.h.

2502 {
2503  PriorityInfo->Size = sizeof(IO_PRIORITY_INFO);
2504  PriorityInfo->ThreadPriority = 0xffff;
2505  PriorityInfo->IoPriority = IoPriorityNormal;
2506  PriorityInfo->PagePriority = 0;
2507 }
struct _IO_PRIORITY_INFO IO_PRIORITY_INFO
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD _Inout_ PIO_PRIORITY_INFO PriorityInfo
Definition: fltkernel.h:2652

◆ $endif() [3/3]

$endif ( _NTIFS_  )

Definition at line 2825 of file rtlfuncs.h.

2839 {
2841  ret.QuadPart = SignedInteger;
2842  return ret;
2843 }
return ret
Definition: rtlfuncs.h:3090

◆ $if()

$if ( _WDMDDK_  )

Kernel definitions for ARM64

Kernel definitions for AMD64

Kernel definitions for ARM

Definition at line 1 of file ke.h.

31 {
32  ULONG Dummy;
struct _KFLOATING_SAVE KFLOATING_SAVE
struct _KFLOATING_SAVE * PKFLOATING_SAVE
unsigned int ULONG
Definition: retypes.h:1

◆ _In_reads_bytes_()

_In_reads_bytes_ ( Length  )

◆ _IRQL_requires_max_()

_IRQL_requires_max_ ( PASSIVE_LEVEL  )

Queries information details about a security descriptor.

Computes the quota size of a security descriptor.

Assigns a security descriptor for a new object.

An extended function that assigns a security descriptor for a new object.

Frees a security descriptor.

An extended function that sets new information data to a security descriptor.

Modifies some information data about a security descriptor.

Parameters
[in]SecurityInformationSecurity information details to be queried from a security descriptor.
[out]SecurityDescriptorThe returned security descriptor with security information data.
[in,out]LengthThe returned length of a security descriptor.
[in,out]ObjectsSecurityDescriptorThe returned object security descriptor.
Returns
Returns STATUS_SUCCESS if the operations have been completed successfully and that the specific information about the security descriptor has been queried. STATUS_BUFFER_TOO_SMALL is returned if the buffer size is too small to contain the queried info about the security descriptor.
Parameters
[in]ObjectIf specified, the function will use this arbitrary object that points to an object security descriptor.
[in]SecurityInformationSecurity information details to be set.
[in]SecurityDescriptorA security descriptor where its info is to be changed.
[in,out]ObjectsSecurityDescriptorThe returned pointer to security descriptor objects.
[in]PoolTypePool type for the new security descriptor to allocate.
[in]GenericMappingThe generic mapping of access rights masks.
Returns
See SeSetSecurityDescriptorInfoEx.
Parameters
[in]ObjectIf specified, the function will use this arbitrary object that points to an object security descriptor.
[in]SecurityInformationSecurity information details to be set.
[in]SecurityDescriptorA security descriptor where its info is to be changed.
[in,out]ObjectsSecurityDescriptorThe returned pointer to security descriptor objects.
[in]AutoInheritFlagsFlags bitmask inheritation, influencing how the security descriptor can be inherited and if it can be in the first place.
[in]PoolTypePool type for the new security descriptor to allocate.
[in]GenericMappingThe generic mapping of access rights masks.
Returns
Returns STATUS_SUCCESS if the operations have been completed without problems and that new info has been set to the security descriptor. STATUS_NO_SECURITY_ON_OBJECT is returned if the object does not have a security descriptor. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the new security descriptor with new info set has failed.
Parameters
[in]SecurityDescriptorA security descriptor to be freed from memory.
Returns
Returns STATUS_SUCCESS.
Parameters
[in]_ParentDescriptorA security descriptor of the parent object that is being created.
[in]_ExplicitDescriptorAn explicit security descriptor that is applied to a new object.
[out]NewDescriptorThe new allocated security descriptor.
[in]ObjectTypeThe type of the new object.
[in]IsDirectoryObjectSet this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]AutoInheritFlagsAutomatic inheritance flags that influence how access control entries within ACLs from security descriptors are inherited.
[in]SubjectContextSecurity subject context of the new object.
[in]GenericMappingGeneric mapping of access mask rights.
[in]PoolTypeThis parameter is unused.
Returns
Returns STATUS_SUCCESS if the operations have been completed successfully and that the security descriptor has been assigned to the new object. STATUS_NO_TOKEN is returned if the caller hasn't supplied a valid argument to a security subject context. STATUS_INVALID_OWNER is returned if the caller hasn't supplied a parent descriptor that belongs to the main user (owner). STATUS_INVALID_PRIMARY_GROUP is returned by the same reason as with the previous NTSTATUS code. The two NTSTATUS codes are returned if the calling thread stated that the owner and/or group is defaulted to the parent descriptor (SEF_DEFAULT_OWNER_FROM_PARENT and/or SEF_DEFAULT_GROUP_FROM_PARENT respectively). STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the descriptor buffer has failed. A failure NTSTATUS is returned otherwise.
Parameters
[in]ParentDescriptorA security descriptor of the parent object that is being created.
[in]ExplicitDescriptorAn explicit security descriptor that is applied to a new object.
[out]NewDescriptorThe new allocated security descriptor.
[in]IsDirectoryObjectSet this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]SubjectContextSecurity subject context of the new object.
[in]GenericMappingGeneric mapping of access mask rights.
[in]PoolTypeThis parameter is unused.
Returns
See SeAssignSecurityEx.
Parameters
[in]SecurityDescriptorA security descriptor.
[out]QuotaInfoSizeThe returned quota size of the given security descriptor to the caller. The function may return 0 to this parameter if the descriptor doesn't have a group or a discretionary access control list (DACL) even.
Returns
Returns STATUS_SUCCESS if the quota size of a security descriptor has been computed successfully. STATUS_UNKNOWN_REVISION is returned if the security descriptor has an invalid revision.

Definition at line 64 of file Messaging.c.

75 {
76  PFLT_SERVER_PORT_OBJECT PortObject;
78 
79  /* The caller must allow at least one connection */
80  if (MaxConnections == 0)
81  {
83  }
84 
85  /* The request must be for a kernel handle */
86  if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
87  {
89  }
90 
91  /*
92  * Get rundown protection on the target to stop the owner
93  * from unloading whilst this port object is open. It gets
94  * removed in the FltpServerPortClose callback
95  */
97  if (!NT_SUCCESS(Status))
98  {
99  return Status;
100  }
101 
102  /* Create the server port object for this filter */
106  KernelMode,
107  NULL,
108  sizeof(FLT_SERVER_PORT_OBJECT),
109  0,
110  0,
111  (PVOID *)&PortObject);
112  if (NT_SUCCESS(Status))
113  {
114  /* Zero out the struct */
115  RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
116 
117  /* Increment the ref count on the target filter */
119 
120  /* Setup the filter port object */
121  PortObject->Filter = Filter;
122  PortObject->ConnectNotify = ConnectNotifyCallback;
124  PortObject->MessageNotify = MessageNotifyCallback;
125  PortObject->Cookie = ServerPortCookie;
126  PortObject->MaxConnections = MaxConnections;
127 
128  /* Insert the object */
129  Status = ObInsertObject(PortObject,
130  NULL,
132  0,
133  NULL,
135  if (NT_SUCCESS(Status))
136  {
137  /* Lock the connection list */
139 
140  /* Add the new port object to the connection list and increment the count */
143 
144  /* Unlock the connection list*/
146  }
147  }
148 
149  if (!NT_SUCCESS(Status))
150  {
151  /* Allow the filter to be cleaned up */
153  }
154 
155  return Status;
156 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
_Must_inspect_result_ _Outptr_ PFLT_PORT * ServerPort
Definition: fltkernel.h:1872
PFLT_CONNECT_NOTIFY ConnectNotify
Definition: fltmgrint.h:191
VOID FLTAPI FltObjectDereference(_Inout_ PVOID Object)
Definition: Object.c:53
LONG NTSTATUS
Definition: precomp.h:26
#define InsertTailList(ListHead, Entry)
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
VOID FASTCALL ExReleaseFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:31
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
LIST_ENTRY mList
Definition: fltmgrint.h:56
_Must_inspect_result_ _In_opt_ PFLT_FILTER Filter
Definition: fltkernel.h:1801
#define FILE_READ_DATA
Definition: nt_native.h:628
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:951
Status
Definition: gdiplustypes.h:24
POBJECT_TYPE ServerPortObjectType
Definition: Messaging.c:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1872
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1872
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2935
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
VOID FASTCALL ExAcquireFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:23
NTSTATUS FLTAPI FltObjectReference(_Inout_ PVOID Object)
Definition: Object.c:41
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1872
#define NULL
Definition: types.h:112
FAST_MUTEX mLock
Definition: fltmgrint.h:55
PFLT_MESSAGE_NOTIFY MessageNotify
Definition: fltmgrint.h:193
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY _In_ LONG MaxConnections
Definition: fltkernel.h:1872
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1872
FLT_MUTEX_LIST_HEAD ConnectionList
Definition: fltmgrint.h:121

◆ SeAccessCheckFromState()

BOOLEAN NTAPI SeAccessCheckFromState ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PTOKEN_ACCESS_INFORMATION  PrimaryTokenInformation,
_In_opt_ PTOKEN_ACCESS_INFORMATION  ClientTokenInformation,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ACCESS_MASK  PreviouslyGrantedAccess,
_Outptr_opt_result_maybenull_ PPRIVILEGE_SET Privileges,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ KPROCESSOR_MODE  AccessMode,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ SeAppendPrivileges()

NTKERNELAPI NTSTATUS NTAPI SeAppendPrivileges ( _Inout_ PACCESS_STATE  AccessState,
_In_ PPRIVILEGE_SET  Privileges 
)

Appends additional privileges.

Parameters
[in]AccessStateAccess request to append.
[in]PrivilegesSet of new privileges to append.
Returns
Returns STATUS_SUCCESS if the privileges have been successfully appended. Otherwise STATUS_INSUFFICIENT_RESOURCES is returned, indicating that pool allocation has failed for the buffer to hold the new set of privileges.

Definition at line 588 of file priv.c.

591 {
592  PAUX_ACCESS_DATA AuxData;
593  ULONG OldPrivilegeSetSize;
594  ULONG NewPrivilegeSetSize;
595  PPRIVILEGE_SET PrivilegeSet;
596 
597  PAGED_CODE();
598 
599  /* Get the Auxiliary Data */
600  AuxData = AccessState->AuxData;
601 
602  /* Calculate the size of the old privilege set */
603  OldPrivilegeSetSize = sizeof(PRIVILEGE_SET) +
604  (AuxData->PrivilegeSet->PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
605 
606  if (AuxData->PrivilegeSet->PrivilegeCount +
607  Privileges->PrivilegeCount > INITIAL_PRIVILEGE_COUNT)
608  {
609  /* Calculate the size of the new privilege set */
610  NewPrivilegeSetSize = OldPrivilegeSetSize +
611  Privileges->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
612 
613  /* Allocate a new privilege set */
614  PrivilegeSet = ExAllocatePoolWithTag(PagedPool,
615  NewPrivilegeSetSize,
617  if (PrivilegeSet == NULL)
619 
620  /* Copy original privileges from the acess state */
621  RtlCopyMemory(PrivilegeSet,
622  AuxData->PrivilegeSet,
623  OldPrivilegeSetSize);
624 
625  /* Append privileges from the privilege set*/
626  RtlCopyMemory((PVOID)((ULONG_PTR)PrivilegeSet + OldPrivilegeSetSize),
628  Privileges->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
629 
630  /* Adjust the number of privileges in the new privilege set */
631  PrivilegeSet->PrivilegeCount += Privileges->PrivilegeCount;
632 
633  /* Free the old privilege set if it was allocated */
634  if (AccessState->PrivilegesAllocated != FALSE)
636 
637  /* Now we are using an allocated privilege set */
638  AccessState->PrivilegesAllocated = TRUE;
639 
640  /* Assign the new privileges to the access state */
641  AuxData->PrivilegeSet = PrivilegeSet;
642  }
643  else
644  {
645  /* Append privileges */
646  RtlCopyMemory((PVOID)((ULONG_PTR)AuxData->PrivilegeSet + OldPrivilegeSetSize),
648  Privileges->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
649 
650  /* Adjust the number of privileges in the target privilege set */
651  AuxData->PrivilegeSet->PrivilegeCount += Privileges->PrivilegeCount;
652  }
653 
654  return STATUS_SUCCESS;
655 }
PPRIVILEGE_SET PrivilegeSet
Definition: setypes.h:258
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
struct _PRIVILEGE_SET PRIVILEGE_SET
#define TRUE
Definition: types.h:120
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
uint32_t ULONG_PTR
Definition: typedefs.h:65
#define FALSE
Definition: types.h:117
$ULONG PrivilegeCount
Definition: setypes.h:86
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
#define NULL
Definition: types.h:112
#define INITIAL_PRIVILEGE_COUNT
Definition: setypes.h:172
unsigned int ULONG
Definition: retypes.h:1
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define TAG_PRIVILEGE_SET
Definition: tag.h:154
#define STATUS_SUCCESS
Definition: shellext.h:65
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define PAGED_CODE()

Referenced by IopCheckBackupRestorePrivilege(), IopParseDevice(), NpCreateClientEnd(), NpCreateExistingNamedPipe(), ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObpCheckTraverseAccess(), and START_TEST().

◆ SeAssignSecurityEx()

NTKERNELAPI NTSTATUS NTAPI SeAssignSecurityEx ( _In_opt_ PSECURITY_DESCRIPTOR  ParentDescriptor,
_In_opt_ PSECURITY_DESCRIPTOR  ExplicitDescriptor,
_Out_ PSECURITY_DESCRIPTOR NewDescriptor,
_In_opt_ GUID ObjectType,
_In_ BOOLEAN  IsDirectoryObject,
_In_ ULONG  AutoInheritFlags,
_In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ POOL_TYPE  PoolType 
)

◆ SeAuditHardLinkCreation()

NTKERNELAPI VOID NTAPI SeAuditHardLinkCreation ( _In_ PUNICODE_STRING  FileName,
_In_ PUNICODE_STRING  LinkName,
_In_ BOOLEAN  bSuccess 
)

Performs an audit against a hard link creation.

@unimplemented

Parameters
[in]FileNameA Unicode string that points to the name of the file.
[in]LinkNameA Unicode string that points to a link.
[out]bSuccessIf TRUE, the function has successfully audited the hard link and security access can be granted, FALSE otherwise.
Returns
Nothing.

Definition at line 967 of file audit.c.

971 {
973 }
#define UNIMPLEMENTED
Definition: debug.h:115

◆ SeAuditHardLinkCreationWithTransaction()

NTKERNELAPI VOID NTAPI SeAuditHardLinkCreationWithTransaction ( _In_ PUNICODE_STRING  FileName,
_In_ PUNICODE_STRING  LinkName,
_In_ BOOLEAN  bSuccess,
_In_opt_ GUID TransactionId 
)

◆ SeAuditingAnyFileEventsWithContext()

NTKERNELAPI BOOLEAN NTAPI SeAuditingAnyFileEventsWithContext ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSECURITY_SUBJECT_CONTEXT  SubjectSecurityContext,
_Out_opt_ PBOOLEAN  StagingEnabled 
)

◆ SeAuditingFileEvents()

NTKERNELAPI BOOLEAN NTAPI SeAuditingFileEvents ( _In_ BOOLEAN  AccessGranted,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor 
)

Determines whether auditing against file events is being done or not.

@unimplemented

Parameters
[in]AccessGrantedIf set to TRUE, the access attempt is deemed as successful otherwise set it to FALSE.
[in]SecurityDescriptorA security descriptor.
Returns
Returns TRUE if auditing is being currently done, FALSE otherwise.

Definition at line 993 of file audit.c.

996 {
998  return FALSE;
999 }
#define FALSE
Definition: types.h:117
#define UNIMPLEMENTED
Definition: debug.h:115

◆ SeAuditingFileEventsWithContext()

NTKERNELAPI BOOLEAN NTAPI SeAuditingFileEventsWithContext ( _In_ BOOLEAN  AccessGranted,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSECURITY_SUBJECT_CONTEXT  SubjectSecurityContext 
)

Determines whether auditing against file events with subject context is being done or not.

@unimplemented

Parameters
[in]AccessGrantedIf set to TRUE, the access attempt is deemed as successful otherwise set it to FALSE.
[in]SecurityDescriptorA security descriptor.
[in]SubjectSecurityContextIf specified, the function will check if security auditing is currently being done with this context.
Returns
Returns TRUE if auditing is being currently done, FALSE otherwise.

Definition at line 1023 of file audit.c.

1027 {
1029  return FALSE;
1030 }
#define FALSE
Definition: types.h:117
#define UNIMPLEMENTED_ONCE
Definition: typedefs.h:30

◆ SeAuditingFileOrGlobalEvents()

NTKERNELAPI BOOLEAN NTAPI SeAuditingFileOrGlobalEvents ( _In_ BOOLEAN  AccessGranted,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PSECURITY_SUBJECT_CONTEXT  SubjectSecurityContext 
)

Determines whether auditing against files or global events with subject context is being done or not.

@unimplemented

Parameters
[in]AccessGrantedIf set to TRUE, the access attempt is deemed as successful otherwise set it to FALSE.
[in]SecurityDescriptorA security descriptor.
[in]SubjectSecurityContextIf specified, the function will check if security auditing is currently being done with this context.
Returns
Returns TRUE if auditing is being currently done, FALSE otherwise.

Definition at line 1111 of file audit.c.

1115 {
1116  UNIMPLEMENTED;
1117  return FALSE;
1118 }
#define FALSE
Definition: types.h:117
#define UNIMPLEMENTED
Definition: debug.h:115

◆ SeAuditingHardLinkEventsWithContext()

NTKERNELAPI BOOLEAN NTAPI SeAuditingHardLinkEventsWithContext ( _In_ BOOLEAN  AccessGranted,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSECURITY_SUBJECT_CONTEXT  SubjectSecurityContext 
)

Determines whether auditing against hard links events with subject context is being done or not.

@unimplemented

Parameters
[in]AccessGrantedIf set to TRUE, the access attempt is deemed as successful otherwise set it to FALSE.
[in]SecurityDescriptorA security descriptor.
[in]SubjectSecurityContextIf specified, the function will check if security auditing is currently being done with this context.
Returns
Returns TRUE if auditing is being currently done, FALSE otherwise.

Definition at line 1080 of file audit.c.

1084 {
1085  UNIMPLEMENTED;
1086  return FALSE;
1087 }
#define FALSE
Definition: types.h:117
#define UNIMPLEMENTED
Definition: debug.h:115

◆ SeAuditTransactionStateChange()

NTKERNELAPI VOID NTAPI SeAuditTransactionStateChange ( _In_ GUID TransactionId,
_In_ GUID ResourceManagerId,
_In_ ULONG  NewTransactionState 
)

◆ SeCaptureSubjectContext()

NTKERNELAPI VOID NTAPI SeCaptureSubjectContext ( _Out_ PSECURITY_SUBJECT_CONTEXT  SubjectContext)

Captures the security subject context of the calling thread and calling process.

Parameters
[out]SubjectContextThe returned security subject context.
Returns
Nothing.

Definition at line 85 of file subject.c.

87 {
88  /* Call the extended API */
92 }
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
#define PsGetCurrentProcess
Definition: psfuncs.h:17
VOID NTAPI SeCaptureSubjectContextEx(_In_ PETHREAD Thread, _In_ PEPROCESS Process, _Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
An extended function that captures the security subject context based upon the specified thread and p...
Definition: subject.c:41

Referenced by create_directory_fcb(), create_subvol(), fcb_get_sd(), FilterToken(), HasPrivilege(), KsCreateDefaultSecurity(), mknod(), nfs41_get_sec_ctx(), nfs41_GetLUID(), nfs41_UpcallCreate(), NtAccessCheck(), NtCloseObjectAuditAlarm(), NtOpenObjectAuditAlarm(), NtPrivilegedServiceAuditAlarm(), NtSetUuidSeed(), RxStartMinirdr(), SeCheckPrivilegedObject(), SepAccessCheckAndAuditAlarm(), SeReportSecurityEvent(), SeSinglePrivilegeCheck(), set_link_information(), set_rename_information(), START_TEST(), SystemThread(), UDFCheckAccessRights(), and UDFSetAccessRights().

◆ SeCreateClientSecurity()

NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurity ( _In_ PETHREAD  Thread,
_In_ PSECURITY_QUALITY_OF_SERVICE  Qos,
_In_ BOOLEAN  RemoteClient,
_Out_ PSECURITY_CLIENT_CONTEXT  ClientContext 
)

Creates a client security context.

Parameters
[in]ThreadThread object of the client where impersonation has to begin.
[in]QosQuality of service to specify what kind of impersonation to be done.
[in]RemoteClientIf set to TRUE, the client that we're going to impersonate is remote.
[out]ClientContextThe returned security client context.
Returns
See SepCreateClientSecurity.

Definition at line 162 of file client.c.

167 {
169  BOOLEAN ThreadEffectiveOnly;
173  PAGED_CODE();
174 
175  /* Reference the correct token */
177  &TokenType,
178  &ThreadEffectiveOnly,
180 
181  /* Create client security from it */
183  Qos,
184  RemoteClient,
185  TokenType,
186  ThreadEffectiveOnly,
188  ClientContext);
189 
190  /* Check if we failed or static tracking was used */
191  if (!(NT_SUCCESS(Status)) || (Qos->ContextTrackingMode == SECURITY_STATIC_TRACKING))
192  {
193  /* Dereference our copy since it's not being used */
195  }
196 
197  /* Return status */
198  return Status;
199 }
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
unsigned char BOOLEAN
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_In_ PVOID ClientContext
Definition: netioddk.h:55
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:154
#define ObDereferenceObject
Definition: obfuncs.h:203
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2652
PACCESS_TOKEN NTAPI PsReferenceEffectiveToken(IN PETHREAD Thread, OUT IN PTOKEN_TYPE TokenType, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:780
enum _TOKEN_TYPE TOKEN_TYPE
NTSTATUS NTAPI SepCreateClientSecurity(_In_ PACCESS_TOKEN Token, _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, _In_ BOOLEAN ServerIsRemote, _In_ TOKEN_TYPE TokenType, _In_ BOOLEAN ThreadEffectiveOnly, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _Out_ PSECURITY_CLIENT_CONTEXT ClientContext)
Creates a client security context based upon an access token.
Definition: client.c:53
#define SECURITY_STATIC_TRACKING
Definition: setypes.h:104
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:401
#define PAGED_CODE()

◆ SeCreateClientSecurityFromSubjectContext()

NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurityFromSubjectContext ( _In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext,
_In_ PSECURITY_QUALITY_OF_SERVICE  ClientSecurityQos,
_In_ BOOLEAN  ServerIsRemote,
_Out_ PSECURITY_CLIENT_CONTEXT  ClientContext 
)

Creates a client security context based upon the captured security subject context.

Parameters
[in]SubjectContextThe captured subject context where client security is to be created from.
[in]ClientSecurityQosQuality of service to specify what kind of impersonation to be done.
[in]ServerIsRemoteIf set to TRUE, the client that we're going to impersonate is remote.
[out]ClientContextThe returned security client context.
Returns
See SepCreateClientSecurity.

Definition at line 224 of file client.c.

229 {
232  PAGED_CODE();
233 
234  /* Get the right token and reference it */
237 
238  /* Create the context */
240  ClientSecurityQos,
241  ServerIsRemote,
242  SubjectContext->ClientToken ?
244  FALSE,
245  SubjectContext->ImpersonationLevel,
246  ClientContext);
247 
248  /* Check if we failed or static tracking was used */
249  if (!(NT_SUCCESS(Status)) ||
250  (ClientSecurityQos->ContextTrackingMode == SECURITY_STATIC_TRACKING))
251  {
252  /* Dereference our copy since it's not being used */
254  }
255 
256  /* Return status */
257  return Status;
258 }
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define FALSE
Definition: types.h:117
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_In_ PVOID ClientContext
Definition: netioddk.h:55
#define ObDereferenceObject
Definition: obfuncs.h:203
#define SeQuerySubjectContextToken(SubjectContext)
Definition: sefuncs.h:583
NTSTATUS NTAPI SepCreateClientSecurity(_In_ PACCESS_TOKEN Token, _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, _In_ BOOLEAN ServerIsRemote, _In_ TOKEN_TYPE TokenType, _In_ BOOLEAN ThreadEffectiveOnly, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _Out_ PSECURITY_CLIENT_CONTEXT ClientContext)
Creates a client security context based upon an access token.
Definition: client.c:53
#define SECURITY_STATIC_TRACKING
Definition: setypes.h:104
#define ObReferenceObject
Definition: obfuncs.h:204
#define PAGED_CODE()

Referenced by nfs41_get_sec_ctx(), nfs41_GetLUID(), and nfs41_UpcallCreate().

◆ SeDeleteObjectAuditAlarm()

NTKERNELAPI VOID NTAPI SeDeleteObjectAuditAlarm ( _In_ PVOID  Object,
_In_ HANDLE  Handle 
)

Deletes an alarm audit of an object.

@unimplemented

Parameters
[in]ObjectAn arbitrary pointer data that points to the object.
[in]HandleA handle of the said object.
Returns
Nothing.

Definition at line 1163 of file audit.c.

1166 {
1167  UNIMPLEMENTED;
1168 }
#define UNIMPLEMENTED
Definition: debug.h:115

◆ SeDeleteObjectAuditAlarmWithTransaction()

NTKERNELAPI VOID NTAPI SeDeleteObjectAuditAlarmWithTransaction ( _In_ PVOID  Object,
_In_ HANDLE  Handle,
_In_opt_ GUID TransactionId 
)

◆ SeExamineGlobalSacl()

NTKERNELAPI VOID NTAPI SeExamineGlobalSacl ( _In_ PUNICODE_STRING  ObjectType,
_In_ PACL  ResourceSacl,
_In_ PACCESS_TOKEN  Token,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  AccessGranted,
_Inout_ PBOOLEAN  GenerateAudit,
_Inout_opt_ PBOOLEAN  GenerateAlarm 
)

◆ SeExamineSacl()

NTKERNELAPI VOID NTAPI SeExamineSacl ( _In_ PACL  Sacl,
_In_ PACCESS_TOKEN  Token,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  AccessGranted,
_Out_ PBOOLEAN  GenerateAudit,
_Out_ PBOOLEAN  GenerateAlarm 
)

◆ SeFilterToken()

NTKERNELAPI NTSTATUS NTAPI SeFilterToken ( _In_ PACCESS_TOKEN  ExistingToken,
_In_ ULONG  Flags,
_In_opt_ PTOKEN_GROUPS  SidsToDisable,
_In_opt_ PTOKEN_PRIVILEGES  PrivilegesToDelete,
_In_opt_ PTOKEN_GROUPS  RestrictedSids,
_Outptr_ PACCESS_TOKEN FilteredToken 
)

◆ SeFreePrivileges()

NTKERNELAPI VOID NTAPI SeFreePrivileges ( _In_ PPRIVILEGE_SET  Privileges)

Frees a set of privileges.

Parameters
[in]PrivilegesSet of privileges array to be freed.
Returns
Nothing.

Definition at line 669 of file priv.c.

671 {
672  PAGED_CODE();
674 }
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
#define TAG_PRIVILEGE_SET
Definition: tag.h:154
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define PAGED_CODE()

Referenced by IopParseDevice(), NpCreateClientEnd(), NpCreateExistingNamedPipe(), NtAccessCheck(), ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObpCheckTraverseAccess(), and START_TEST().

◆ SeImpersonateClient()

NTKERNELAPI VOID NTAPI SeImpersonateClient ( _In_ PSECURITY_CLIENT_CONTEXT  ClientContext,
_In_opt_ PETHREAD  ServerThread 
)

Impersonates a client user.

Parameters
[in]ClientContextA valid client context.
[in]ServerThreadThe thread where impersonation is to be done.
Returns
Nothing.

Definition at line 321 of file client.c.

324 {
325  PAGED_CODE();
326 
327  /* Call the new API */
329 }
NTSTATUS NTAPI SeImpersonateClientEx(_In_ PSECURITY_CLIENT_CONTEXT ClientContext, _In_opt_ PETHREAD ServerThread)
Extended function that impersonates a client.
Definition: client.c:276
UINT CALLBACK ServerThread(_Inout_ PVOID Parameter)
_In_ PVOID ClientContext
Definition: netioddk.h:55
#define PAGED_CODE()

◆ SeImpersonateClientEx()

NTKERNELAPI NTSTATUS NTAPI SeImpersonateClientEx ( _In_ PSECURITY_CLIENT_CONTEXT  ClientContext,
_In_opt_ PETHREAD  ServerThread 
)

Extended function that impersonates a client.

Parameters
[in]ClientContextA valid client context.
[in]ServerThreadThe thread where impersonation is to be done.
Returns
STATUS_SUCCESS is returned if the calling thread successfully impersonates the client. A failure NTSTATUS code is returned otherwise.

Definition at line 276 of file client.c.

279 {
281  PAGED_CODE();
282 
283  /* Check if direct access is requested */
284  if (!ClientContext->DirectlyAccessClientToken)
285  {
286  /* No, so get the flag from QOS */
287  EffectiveOnly = ClientContext->SecurityQos.EffectiveOnly;
288  }
289  else
290  {
291  /* Yes, so see if direct access should be effective only */
292  EffectiveOnly = ClientContext->DirectAccessEffectiveOnly;
293  }
294 
295  /* Use the current thread if one was not passed */
297 
298  /* Call the lower layer routine */
300  ClientContext->ClientToken,
301  TRUE,
303  ClientContext->SecurityQos.ImpersonationLevel);
304 }
NTSTATUS NTAPI PsImpersonateClient(IN PETHREAD Thread, IN PACCESS_TOKEN Token, IN BOOLEAN CopyOnOpen, IN BOOLEAN EffectiveOnly, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:610
#define PsGetCurrentThread()
Definition: env_spec_w32.h:81
#define TRUE
Definition: types.h:120
unsigned char BOOLEAN
UINT CALLBACK ServerThread(_Inout_ PVOID Parameter)
_In_ PVOID ClientContext
Definition: netioddk.h:55
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:401
#define PAGED_CODE()

Referenced by CmpCmdHiveOpen(), handle_upcall(), NpImpersonateClientContext(), NtImpersonateClientOfPort(), and SeImpersonateClient().

◆ SeLocateProcessImageName()

NTSTATUS NTAPI SeLocateProcessImageName ( _Inout_ PEPROCESS  Process,
_Outptr_ PUNICODE_STRING pImageFileName 
)

◆ SeLockSubjectContext()

NTKERNELAPI VOID NTAPI SeLockSubjectContext ( _In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext)

Locks both the referenced primary and client access tokens of a security subject context.

Parameters
[in]SubjectContextA valid security context with both referenced tokens.
Returns
Nothing.

Definition at line 107 of file subject.c.

109 {
110  PTOKEN PrimaryToken, ClientToken;
111  PAGED_CODE();
112 
113  /* Read both tokens */
114  PrimaryToken = SubjectContext->PrimaryToken;
115  ClientToken = SubjectContext->ClientToken;
116 
117  /* Always lock the primary */
118  SepAcquireTokenLockShared(PrimaryToken);
119 
120  /* Lock the impersonation one if it's there */
121  if (!ClientToken) return;
122  SepAcquireTokenLockShared(ClientToken);
123 }
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
#define SepAcquireTokenLockShared(Token)
Definition: se.h:280
#define PAGED_CODE()

Referenced by create_stream(), FatExplicitDeviceAccessGranted(), file_create(), FilterToken(), HasPrivilege(), IopParseDevice(), NpCreateClientEnd(), NpCreateExistingNamedPipe(), NpCreateNewNamedPipe(), ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObpCheckObjectReference(), ObpCheckTraverseAccess(), open_file2(), SeAccessCheck(), and START_TEST().

◆ SeMarkLogonSessionForTerminationNotification()

NTKERNELAPI NTSTATUS NTAPI SeMarkLogonSessionForTerminationNotification ( _In_ PLUID  LogonId)

Marks a logon session for future termination, given its logon ID. This triggers a callout (the registered callback) when the logon is no longer used by anyone, that is, no token is still referencing the speciffied logon session.

Parameters
[in]LogonIdThe ID of the logon session.
Returns
STATUS_SUCCESS if the logon session is marked for termination notification successfully, STATUS_NOT_FOUND if the logon session couldn't be found otherwise.

Definition at line 1510 of file srm.c.

1512 {
1513  PSEP_LOGON_SESSION_REFERENCES SessionToMark;
1514  PAGED_CODE();
1515 
1516  DPRINT("SeMarkLogonSessionForTerminationNotification(%08lx:%08lx)\n",
1517  LogonId->HighPart, LogonId->LowPart);
1518 
1519  /* Acquire the database lock */
1521 
1522  /* Loop over the existing logon sessions */
1523  for (SessionToMark = SepLogonSessions;
1524  SessionToMark != NULL;
1525  SessionToMark = SessionToMark->Next)
1526  {
1527  /* Does the logon with the given ID exist? */
1528  if (RtlEqualLuid(&SessionToMark->LogonId, LogonId))
1529  {
1530  /* We found it */
1531  break;
1532  }
1533  }
1534 
1535  /*
1536  * We've exhausted all the remaining logon sessions and
1537  * couldn't find one with the provided ID.
1538  */
1539  if (SessionToMark == NULL)
1540  {
1541  DPRINT1("SeMarkLogonSessionForTerminationNotification(): Logon session couldn't be found!\n");
1543  return STATUS_NOT_FOUND;
1544  }
1545 
1546  /* Mark the logon session for termination */
1547  SessionToMark->Flags |= SEP_LOGON_SESSION_TERMINATION_NOTIFY;
1548  DPRINT("SeMarkLogonSessionForTerminationNotification(): Logon session marked for termination with success!\n");
1549 
1550  /* Release the database lock */
1552  return STATUS_SUCCESS;
1553 }
#define SEP_LOGON_SESSION_TERMINATION_NOTIFY
Definition: setypes.h:708
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
#define STATUS_NOT_FOUND
Definition: shellext.h:72
struct _SEP_LOGON_SESSION_REFERENCES * Next
Definition: setypes.h:169
PSEP_LOGON_SESSION_REFERENCES SepLogonSessions
Definition: srm.c:62
#define NULL
Definition: types.h:112
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
#define DPRINT1
Definition: precomp.h:8
#define STATUS_SUCCESS
Definition: shellext.h:65
#define DPRINT
Definition: sndvol32.h:71
#define PAGED_CODE()
KGUARDED_MUTEX SepRmDbLock
Definition: srm.c:61

Referenced by LogonMarkTermination().

◆ SeMaximumAuditMaskFromGlobalSacl()

NTKERNELAPI VOID NTAPI SeMaximumAuditMaskFromGlobalSacl ( _In_opt_ PUNICODE_STRING  ObjectTypeName,
_In_ ACCESS_MASK  GrantedAccess,
_In_ PACCESS_TOKEN  Token,
_Inout_ PACCESS_MASK  AuditMask 
)

◆ SeObjectCreateSaclAccessBits()

NTKERNELAPI ULONG NTAPI SeObjectCreateSaclAccessBits ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor)

◆ SeOpenObjectAuditAlarm()

NTKERNELAPI VOID NTAPI SeOpenObjectAuditAlarm ( _In_ PUNICODE_STRING  ObjectTypeName,
_In_opt_ PVOID  Object,
_In_opt_ PUNICODE_STRING  AbsoluteObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PACCESS_STATE  AccessState,
_In_ BOOLEAN  ObjectCreated,
_In_ BOOLEAN  AccessGranted,
_In_ KPROCESSOR_MODE  AccessMode,
_Out_ PBOOLEAN  GenerateOnClose 
)

Creates an audit with alarm notification of an object that is being opened.

@unimplemented

Parameters
[in]ObjectTypeNameA Unicode string that points to the object type name.
[in]ObjectIf specified, the function will use this parameter to directly open the object.
[in]AbsoluteObjectNameIf specified, the function will use this parameter to directly open the object through the absolute name of the object.
[in]SecurityDescriptorA security descriptor.
[in]AccessStateAn access state right mask when opening the object.
[in]ObjectCreatedSet this to TRUE if the object has been fully created, FALSE otherwise.
[in]AccessGrantedSet this to TRUE if access was deemed as granted.
[in]AccessModeProcessor level access mode.
[out]GenerateOnCloseA boolean flag returned to the caller once audit generation procedure finishes.
Returns
Nothing.

Definition at line 1213 of file audit.c.

1223 {
1224  PAGED_CODE();
1225 
1226  /* Audits aren't done on kernel-mode access */
1227  if (AccessMode == KernelMode) return;
1228 
1229  /* Otherwise, unimplemented! */
1230  //UNIMPLEMENTED;
1231  return;
1232 }
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
#define PAGED_CODE()

Referenced by IopParseDevice(), NpCreateClientEnd(), NpCreateExistingNamedPipe(), and ObCheckObjectAccess().

◆ SeOpenObjectForDeleteAuditAlarm()

NTKERNELAPI VOID NTAPI SeOpenObjectForDeleteAuditAlarm ( _In_ PUNICODE_STRING  ObjectTypeName,
_In_opt_ PVOID  Object,
_In_opt_ PUNICODE_STRING  AbsoluteObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PACCESS_STATE  AccessState,
_In_ BOOLEAN  ObjectCreated,
_In_ BOOLEAN  AccessGranted,
_In_ KPROCESSOR_MODE  AccessMode,
_Out_ PBOOLEAN  GenerateOnClose 
)

Creates an audit with alarm notification of an object that is being opened for deletion.

@unimplemented

Parameters
[in]ObjectTypeNameA Unicode string that points to the object type name.
[in]ObjectIf specified, the function will use this parameter to directly open the object.
[in]AbsoluteObjectNameIf specified, the function will use this parameter to directly open the object through the absolute name of the object.
[in]SecurityDescriptorA security descriptor.
[in]AccessStateAn access state right mask when opening the object.
[in]ObjectCreatedSet this to TRUE if the object has been fully created, FALSE otherwise.
[in]AccessGrantedSet this to TRUE if access was deemed as granted.
[in]AccessModeProcessor level access mode.
[out]GenerateOnCloseA boolean flag returned to the caller once audit generation procedure finishes.
Returns
Nothing.

Definition at line 1276 of file audit.c.

1286 {
1287  UNIMPLEMENTED;
1288 }
#define UNIMPLEMENTED
Definition: debug.h:115

◆ SeOpenObjectForDeleteAuditAlarmWithTransaction()

NTKERNELAPI VOID NTAPI SeOpenObjectForDeleteAuditAlarmWithTransaction ( _In_ PUNICODE_STRING  ObjectTypeName,
_In_opt_ PVOID  Object,
_In_opt_ PUNICODE_STRING  AbsoluteObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PACCESS_STATE  AccessState,
_In_ BOOLEAN  ObjectCreated,
_In_ BOOLEAN  AccessGranted,
_In_ KPROCESSOR_MODE  AccessMode,
_In_opt_ GUID TransactionId,
_Out_ PBOOLEAN  GenerateOnClose 
)

◆ SePrivilegeCheck()

NTKERNELAPI BOOLEAN NTAPI SePrivilegeCheck ( _Inout_ PPRIVILEGE_SET  RequiredPrivileges,
_In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext,
_In_ KPROCESSOR_MODE  AccessMode 
)

◆ SeQueryAuthenticationIdToken()

NTKERNELAPI NTSTATUS NTAPI SeQueryAuthenticationIdToken ( _In_ PACCESS_TOKEN  Token,
_Out_ PLUID  LogonId 
)

Queries the authentication ID of an access token.

Parameters
[in]TokenA valid access token where the authentication ID has to be gathered.
[out]pSessionIdThe returned pointer to an authentication ID to the caller.
Returns
Returns STATUS_SUCCESS.

Definition at line 1682 of file token.c.

1685 {
1686  PAGED_CODE();
1687 
1688  *LogonId = ((PTOKEN)Token)->AuthenticationId;
1689 
1690  return STATUS_SUCCESS;
1691 }
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
struct _TOKEN * PTOKEN
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
#define STATUS_SUCCESS
Definition: shellext.h:65
#define PAGED_CODE()

Referenced by GetProcessLuid(), KsecGetKeyData(), nfs41_GetLUID(), NtSetUuidSeed(), ObpReferenceDeviceMap(), ObpSetCurrentProcessDeviceMap(), RxGetUid(), and RxInitializeVNetRootParameters().

◆ SeQueryInformationToken()

NTKERNELAPI NTSTATUS NTAPI SeQueryInformationToken ( _In_ PACCESS_TOKEN  AccessToken,
_In_ TOKEN_INFORMATION_CLASS  TokenInformationClass,
_Outptr_result_buffer_(_Inexpressible_(token-dependent)) PVOID TokenInformation 
)

Queries information details about the given token to the call. The difference between NtQueryInformationToken and this routine is that the system call has user mode buffer data probing and additional protection checks whereas this routine doesn't have any of these. The routine is used exclusively in kernel mode.

Parameters
[in]AccessTokenAn access token to be given.
[in]TokenInformationClassToken information class.
[out]TokenInformationBuffer with retrieved information. Such information is arbitrary, depending on the requested information class.
Returns
Returns STATUS_SUCCESS if the operation to query the desired information has completed successfully. STATUS_INSUFFICIENT_RESOURCES is returned if pool memory allocation has failed to satisfy an operation. Otherwise STATUS_INVALID_INFO_CLASS is returned indicating that the information class provided is not supported by the routine.
Remarks
Only certain information classes are not implemented in this function and these are TokenOrigin, TokenGroupsAndPrivileges, TokenRestrictedSids and TokenSandBoxInert. The following classes are implemented in NtQueryInformationToken only.

Definition at line 95 of file tokencls.c.

99 {
101  PTOKEN Token = (PTOKEN)AccessToken;
103  union
104  {
105  PSID PSid;
106  ULONG Ulong;
107  } Unused;
108 
109  PAGED_CODE();
110 
111  /* Lock the token */
113 
114  switch (TokenInformationClass)
115  {
116  case TokenUser:
117  {
118  PTOKEN_USER tu;
119 
120  DPRINT("SeQueryInformationToken(TokenUser)\n");
121  RequiredLength = sizeof(TOKEN_USER) +
122  RtlLengthSid(Token->UserAndGroups[0].Sid);
123 
124  /* Allocate the output buffer */
126  if (tu == NULL)
127  {
129  break;
130  }
131 
133  &Token->UserAndGroups[0],
134  RequiredLength - sizeof(TOKEN_USER),
135  &tu->User,
136  (PSID)(tu + 1),
137  &Unused.PSid,
138  &Unused.Ulong);
139 
140  /* Return the structure */
141  *TokenInformation = tu;
143  break;
144  }
145 
146  case TokenGroups:
147  {
148  PTOKEN_GROUPS tg;
149  ULONG SidLen;
150  PSID Sid;
151 
152  DPRINT("SeQueryInformationToken(TokenGroups)\n");
153  RequiredLength = sizeof(tg->GroupCount) +
154  RtlLengthSidAndAttributes(Token->UserAndGroupCount - 1, &Token->UserAndGroups[1]);
155 
156  SidLen = RequiredLength - sizeof(tg->GroupCount) -
157  ((Token->UserAndGroupCount - 1) * sizeof(SID_AND_ATTRIBUTES));
158 
159  /* Allocate the output buffer */
161  if (tg == NULL)
162  {
164  break;
165  }
166 
167  Sid = (PSID)((ULONG_PTR)tg + sizeof(tg->GroupCount) +
168  ((Token->UserAndGroupCount - 1) * sizeof(SID_AND_ATTRIBUTES)));
169 
170  tg->GroupCount = Token->UserAndGroupCount - 1;
171  Status = RtlCopySidAndAttributesArray(Token->UserAndGroupCount - 1,
172  &Token->UserAndGroups[1],
173  SidLen,
174  &tg->Groups[0],
175  Sid,
176  &Unused.PSid,
177  &Unused.Ulong);
178 
179  /* Return the structure */
180  *TokenInformation = tg;
182  break;
183  }
184 
185  case TokenPrivileges:
186  {
188 
189  DPRINT("SeQueryInformationToken(TokenPrivileges)\n");
190  RequiredLength = sizeof(tp->PrivilegeCount) +
191  (Token->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
192 
193  /* Allocate the output buffer */
195  if (tp == NULL)
196  {
198  break;
199  }
200 
201  tp->PrivilegeCount = Token->PrivilegeCount;
202  RtlCopyLuidAndAttributesArray(Token->PrivilegeCount,
203  Token->Privileges,
204  &tp->Privileges[0]);
205 
206  /* Return the structure */
207  *TokenInformation = tp;
209  break;
210  }
211 
212  case TokenOwner:
213  {
214  PTOKEN_OWNER to;
215  ULONG SidLen;
216 
217  DPRINT("SeQueryInformationToken(TokenOwner)\n");
218  SidLen = RtlLengthSid(Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
219  RequiredLength = sizeof(TOKEN_OWNER) + SidLen;
220 
221  /* Allocate the output buffer */
223  if (to == NULL)
224  {
226  break;
227  }
228 
229  to->Owner = (PSID)(to + 1);
230  Status = RtlCopySid(SidLen,
231  to->Owner,
232  Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
233 
234  /* Return the structure */
235  *TokenInformation = to;
237  break;
238  }
239 
240  case TokenPrimaryGroup:
241  {
243  ULONG SidLen;
244 
245  DPRINT("SeQueryInformationToken(TokenPrimaryGroup)\n");
246  SidLen = RtlLengthSid(Token->PrimaryGroup);
247  RequiredLength = sizeof(TOKEN_PRIMARY_GROUP) + SidLen;
248 
249  /* Allocate the output buffer */
251  if (tpg == NULL)
252  {
254  break;
255  }
256 
257  tpg->PrimaryGroup = (PSID)(tpg + 1);
258  Status = RtlCopySid(SidLen,
259  tpg->PrimaryGroup,
260  Token->PrimaryGroup);
261 
262  /* Return the structure */
263  *TokenInformation = tpg;
265  break;
266  }
267 
268  case TokenDefaultDacl:
269  {
271 
272  DPRINT("SeQueryInformationToken(TokenDefaultDacl)\n");
274 
275  if (Token->DefaultDacl != NULL)
276  RequiredLength += Token->DefaultDacl->AclSize;
277 
278  /* Allocate the output buffer */
280  if (tdd == NULL)
281  {
283  break;
284  }
285 
286  if (Token->DefaultDacl != NULL)
287  {
288  tdd->DefaultDacl = (PACL)(tdd + 1);
290  Token->DefaultDacl,
291  Token->DefaultDacl->AclSize);
292  }
293  else
294  {
295  tdd->DefaultDacl = NULL;
296  }
297 
298  /* Return the structure */
299  *TokenInformation = tdd;
301  break;
302  }
303 
304  case TokenSource:
305  {
306  PTOKEN_SOURCE ts;
307 
308  DPRINT("SeQueryInformationToken(TokenSource)\n");
309  RequiredLength = sizeof(TOKEN_SOURCE);
310 
311  /* Allocate the output buffer */
313  if (ts == NULL)
314  {
316  break;
317  }
318 
319  *ts = Token->TokenSource;
320 
321  /* Return the structure */
322  *TokenInformation = ts;
324  break;
325  }
326 
327  case TokenType:
328  {
329  PTOKEN_TYPE tt;
330 
331  DPRINT("SeQueryInformationToken(TokenType)\n");
332  RequiredLength = sizeof(TOKEN_TYPE);
333 
334  /* Allocate the output buffer */
336  if (tt == NULL)
337  {
339  break;
340  }
341 
342  *tt = Token->TokenType;
343 
344  /* Return the structure */
345  *TokenInformation = tt;
347  break;
348  }
349 
351  {
353 
354  DPRINT("SeQueryInformationToken(TokenImpersonationLevel)\n");
356 
357  /* Fail if the token is not an impersonation token */
358  if (Token->TokenType != TokenImpersonation)
359  {
361  break;
362  }
363 
364  /* Allocate the output buffer */
366  if (sil == NULL)
367  {
369  break;
370  }
371 
372  *sil = Token->ImpersonationLevel;
373 
374  /* Return the structure */
375  *TokenInformation = sil;
377  break;
378  }
379 
380  case TokenStatistics:
381  {
383 
384  DPRINT("SeQueryInformationToken(TokenStatistics)\n");
386 
387  /* Allocate the output buffer */
389  if (ts == NULL)
390  {
392  break;
393  }
394 
395  ts->TokenId = Token->TokenId;
396  ts->AuthenticationId = Token->AuthenticationId;
397  ts->ExpirationTime = Token->ExpirationTime;
398  ts->TokenType = Token->TokenType;
399  ts->ImpersonationLevel = Token->ImpersonationLevel;
400  ts->DynamicCharged = Token->DynamicCharged;
401  ts->DynamicAvailable = Token->DynamicAvailable;
402  ts->GroupCount = Token->UserAndGroupCount - 1;
403  ts->PrivilegeCount = Token->PrivilegeCount;
404  ts->ModifiedId = Token->ModifiedId;
405 
406  /* Return the structure */
407  *TokenInformation = ts;
409  break;
410  }
411 
412  case TokenSessionId:
413  {
414  DPRINT("SeQueryInformationToken(TokenSessionId)\n");
415  Status = SeQuerySessionIdToken(Token, (PULONG)TokenInformation);
416  break;
417  }
418 
419  default:
420  DPRINT1("SeQueryInformationToken(%d) invalid information class\n", TokenInformationClass);
422  break;
423  }
424 
425  /* Release the lock of the token */
427 
428  return Status;
429 }
LUID AuthenticationId
Definition: setypes.h:1083
enum _SECURITY_IMPERSONATION_LEVEL * PSECURITY_IMPERSONATION_LEVEL
_Must_inspect_result_ typedef _In_ PVOID Unused
Definition: iotypes.h:1166
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
struct _TOKEN_DEFAULT_DACL TOKEN_DEFAULT_DACL
enum _TOKEN_TYPE * PTOKEN_TYPE
$ULONG GroupCount
Definition: setypes.h:1089
$ULONG DynamicCharged
Definition: setypes.h:1087
NTSYSAPI NTSTATUS NTAPI RtlCopySidAndAttributesArray(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src, _In_ ULONG SidAreaSize, _In_ PSID_AND_ATTRIBUTES Dest, _In_ PSID SidArea, _Out_ PSID *RemainingSidArea, _Out_ PULONG RemainingSidAreaSize)
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
struct _TOKEN_USER TOKEN_USER
uint32_t ULONG_PTR
Definition: typedefs.h:65
NTSYSAPI VOID NTAPI RtlCopyLuidAndAttributesArray(ULONG Count, PLUID_AND_ATTRIBUTES Src, PLUID_AND_ATTRIBUTES Dest)
Definition: luid.c:33
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
PSID Owner
Definition: setypes.h:1024
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
TOKEN_TYPE TokenType
Definition: setypes.h:1085
_In_ uint64_t _In_ uint64_t _In_ uint64_t _In_opt_ traverse_ptr * tp
Definition: btrfs.c:2965
struct _ACL * PACL
Definition: security.c:104
Status
Definition: gdiplustypes.h:24
#define TAG_SE
Definition: tag.h:147
LARGE_INTEGER ExpirationTime
Definition: setypes.h:1084
struct _TOKEN_OWNER TOKEN_OWNER
struct _TOKEN_SOURCE TOKEN_SOURCE
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:1086
struct _SID * PSID
Definition: eventlog.c:35
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
#define STATUS_INVALID_INFO_CLASS
Definition: ntstatus.h:240
#define SepReleaseTokenLock(Token)
Definition: se.h:286
NTSYSAPI BOOLEAN WINAPI RtlCopySid(DWORD, PSID, PSID)
enum _TOKEN_TYPE TOKEN_TYPE
$ULONG PrivilegeCount
Definition: setypes.h:1090
struct _TOKEN * PTOKEN
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
Definition: setypes.h:1014
ULONG RtlLengthSidAndAttributes(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src)
Computes the length size of a SID.
Definition: token.c:824
_In_ ULONG _Out_opt_ PULONG RequiredLength
Definition: wmifuncs.h:29
unsigned int * PULONG
Definition: retypes.h:1
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
$ULONG GroupCount
Definition: setypes.h:1010
#define SepAcquireTokenLockShared(Token)
Definition: se.h:280
unsigned int ULONG
Definition: retypes.h:1
SID_AND_ATTRIBUTES User
Definition: setypes.h:1006
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define STATUS_SUCCESS
Definition: shellext.h:65
#define DPRINT
Definition: sndvol32.h:71
NTSTATUS NTAPI SeQuerySessionIdToken(_In_ PACCESS_TOKEN Token, _Out_ PULONG pSessionId)
Queries the session ID of an access token.
Definition: token.c:1650
$ULONG DynamicAvailable
Definition: setypes.h:1088
struct _TOKEN_STATISTICS TOKEN_STATISTICS
unsigned long Ulong
Definition: utypes.h:42
struct _TOKEN_PRIMARY_GROUP TOKEN_PRIMARY_GROUP
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
Definition: sefuncs.h:310
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:401
#define PAGED_CODE()

Referenced by find_gid(), NtSecureConnectPort(), START_TEST(), and TestsSeQueryInformationToken().

◆ SeQuerySecurityDescriptorInfo()

◆ SeQuerySessionIdToken()

NTKERNELAPI NTSTATUS NTAPI SeQuerySessionIdToken ( _In_ PACCESS_TOKEN  Token,
_Out_ PULONG  pSessionId 
)

Queries the session ID of an access token.

Parameters
[in]TokenA valid access token where the session ID has to be gathered.
[out]pSessionIdThe returned pointer to a session ID to the caller.
Returns
Returns STATUS_SUCCESS.

Definition at line 1650 of file token.c.

1653 {
1654  PAGED_CODE();
1655 
1656  /* Lock the token */
1658 
1659  *pSessionId = ((PTOKEN)Token)->SessionId;
1660 
1661  /* Unlock the token */
1663 
1664  return STATUS_SUCCESS;
1665 }
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define SepReleaseTokenLock(Token)
Definition: se.h:286
struct _TOKEN * PTOKEN
#define SepAcquireTokenLockShared(Token)
Definition: se.h:280
#define STATUS_SUCCESS
Definition: shellext.h:65
#define PAGED_CODE()

Referenced by NtQueryInformationToken(), RxGetSessionId(), RxInitializeVNetRootParameters(), and SeQueryInformationToken().

◆ SeQueryTokenIntegrity()

NTKERNELAPI VOID NTAPI SeQueryTokenIntegrity ( _In_ PACCESS_TOKEN  Token,
_Inout_ PSID_AND_ATTRIBUTES  IntegritySA 
)

◆ SeRegisterLogonSessionTerminatedRoutine()

NTKERNELAPI NTSTATUS NTAPI SeRegisterLogonSessionTerminatedRoutine ( _In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE  CallbackRoutine)

Registers a callback that will be called once a logon session terminates.

Parameters
[in]CallbackRoutineCallback routine address.
Returns
Returns STATUS_SUCCESS if the callback routine was registered successfully. STATUS_INVALID_PARAMETER is returned if the caller did not provide a callback routine. STATUS_INSUFFICIENT_RESOURCES is returned if the callback notification data couldn't be allocated because of lack of memory pool resources.

Definition at line 1572 of file srm.c.

1574 {
1576  PAGED_CODE();
1577 
1578  /* Fail, if we don not have a callback routine */
1579  if (CallbackRoutine == NULL)
1580  return STATUS_INVALID_PARAMETER;
1581 
1582  /* Allocate a new notification item */
1586  if (Notification == NULL)
1588 
1589  /* Acquire the database lock */
1591 
1592  /* Set the callback routine */
1593  Notification->CallbackRoutine = CallbackRoutine;
1594 
1595  /* Insert the new notification item into the list */
1598 
1599  /* Release the database lock */
1601 
1602  return STATUS_SUCCESS;
1603 }
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
_Must_inspect_result_ _In_ PFLT_GET_OPERATION_STATUS_CALLBACK CallbackRoutine
Definition: fltkernel.h:1035
#define TAG_LOGON_NOTIFICATION
Definition: tag.h:161
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION SepLogonNotifications
Definition: srm.c:63
_In_ PWDFDEVICE_INIT _In_ PFN_WDF_DEVICE_SHUTDOWN_NOTIFICATION Notification
Definition: wdfcontrol.h:113
#define NULL
Definition: types.h:112
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
#define STATUS_SUCCESS
Definition: shellext.h:65
#define PAGED_CODE()
KGUARDED_MUTEX SepRmDbLock
Definition: srm.c:61

◆ SeReleaseSubjectContext()

NTKERNELAPI VOID NTAPI SeReleaseSubjectContext ( _Inout_ PSECURITY_SUBJECT_CONTEXT  SubjectContext)

◆ SeReportSecurityEvent()

NTSTATUS NTAPI SeReportSecurityEvent ( _In_ ULONG  Flags,
_In_ PUNICODE_STRING  SourceName,
_In_opt_ PSID  UserSid,
_In_ PSE_ADT_PARAMETER_ARRAY  AuditParameters 
)

Report a security event to the security manager.

@unimplemented

Parameters
[in]FlagsFlags that influence how the event should be reported.
[in]SourceNameA Unicode string that represents the source name of the event.
[in]UserSidThe SID that represents a user that initiated the reporting.
[in]AuditParametersAn array of parameters for auditing purposes. This is used for reporting the event which the security manager will take care subsequently of doing eventual security auditing.
Returns
Returns STATUS_SUCCESS if the security event has been reported. STATUS_INVALID_PARAMETER is returned if one of the parameters do not satisfy the requirements expected by the function.

Definition at line 508 of file semgr.c.

513 {
515  PTOKEN EffectiveToken;
516  PISID Sid;
518 
519  /* Validate parameters */
520  if ((Flags != 0) ||
521  (SourceName == NULL) ||
522  (SourceName->Buffer == NULL) ||
523  (SourceName->Length == 0) ||
524  (AuditParameters == NULL) ||
525  (AuditParameters->ParameterCount > SE_MAX_AUDIT_PARAMETERS - 4))
526  {
528  }
529 
530  /* Validate the source name */
532  if (!NT_SUCCESS(Status))
533  {
534  return Status;
535  }
536 
537  /* Check if we have a user SID */
538  if (UserSid != NULL)
539  {
540  /* Validate it */
541  if (!RtlValidSid(UserSid))
542  {
544  }
545 
546  /* Use the user SID */
547  Sid = UserSid;
548  }
549  else
550  {
551  /* No user SID, capture the security subject context */
553 
554  /* Extract the effective token */
555  EffectiveToken = SubjectContext.ClientToken ?
556  SubjectContext.ClientToken : SubjectContext.PrimaryToken;
557 
558  /* Use the user-and-groups SID */
559  Sid = EffectiveToken->UserAndGroups->Sid;
560  }
561 
563 
564  /* Check if we captured the subject context */
565  if (Sid != UserSid)
566  {
567  /* Release it */
569  }
570 
571  /* Return success */
572  return STATUS_SUCCESS;
573 }
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
#define SE_MAX_AUDIT_PARAMETERS
Definition: setypes.h:256
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
NTSYSAPI NTSTATUS NTAPI RtlValidateUnicodeString(_In_ ULONG Flags, _In_ PCUNICODE_STRING String)
Definition: unicode.c:2559
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
Status
Definition: gdiplustypes.h:24
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
Definition: subject.c:85
#define NULL
Definition: types.h:112
WCHAR SourceName[256]
Definition: arping.c:28
#define UNIMPLEMENTED
Definition: debug.h:115
PSID_AND_ATTRIBUTES UserAndGroups
Definition: setypes.h:233
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
Definition: subject.c:171
#define STATUS_SUCCESS
Definition: shellext.h:65

◆ SeReportSecurityEventWithSubCategory()

NTSTATUS NTAPI SeReportSecurityEventWithSubCategory ( _In_ ULONG  Flags,
_In_ PUNICODE_STRING  SourceName,
_In_opt_ PSID  UserSid,
_In_ PSE_ADT_PARAMETER_ARRAY  AuditParameters,
_In_ ULONG  AuditSubcategoryId 
)

◆ SeSetAccessStateGenericMapping()

VOID NTAPI SeSetAccessStateGenericMapping ( _Inout_ PACCESS_STATE  AccessState,
_In_ PGENERIC_MAPPING  GenericMapping 
)

◆ SeSetSecurityDescriptorInfo()

NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfo ( _In_opt_ PVOID  Object,
_In_ PSECURITY_INFORMATION  SecurityInformation,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_Inout_ PSECURITY_DESCRIPTOR ObjectsSecurityDescriptor,
_In_ POOL_TYPE  PoolType,
_In_ PGENERIC_MAPPING  GenericMapping 
)

◆ SeSetSecurityDescriptorInfoEx()

NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfoEx ( _In_opt_ PVOID  Object,
_In_ PSECURITY_INFORMATION  SecurityInformation,
_In_ PSECURITY_DESCRIPTOR  ModificationDescriptor,
_Inout_ PSECURITY_DESCRIPTOR ObjectsSecurityDescriptor,
_In_ ULONG  AutoInheritFlags,
_In_ POOL_TYPE  PoolType,
_In_ PGENERIC_MAPPING  GenericMapping 
)

◆ SeSetSessionIdToken()

NTKERNELAPI NTSTATUS NTAPI SeSetSessionIdToken ( _In_ PACCESS_TOKEN  Token,
_In_ ULONG  SessionId 
)

◆ SeTokenIsAdmin()

NTKERNELAPI BOOLEAN NTAPI SeTokenIsAdmin ( _In_ PACCESS_TOKEN  Token)

Determines if a token is either an admin token or not. Such condition is checked based upon TOKEN_HAS_ADMIN_GROUP flag, which means if the respective access token belongs to an administrator group or not.

Parameters
[in]TokenA valid access token to determine if such token is admin or not.
Returns
Returns TRUE if the token is an admin one, FALSE otherwise.

Definition at line 1749 of file token.c.

1751 {
1752  PAGED_CODE();
1753 
1754  // NOTE: Win7+ instead really checks the list of groups in the token
1755  // (since TOKEN_HAS_ADMIN_GROUP == TOKEN_WRITE_RESTRICTED ...)
1756  return (((PTOKEN)Token)->TokenFlags & TOKEN_HAS_ADMIN_GROUP) != 0;
1757 }
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define TOKEN_HAS_ADMIN_GROUP
Definition: setypes.h:1178
#define PAGED_CODE()

Referenced by PsImpersonateClient().

◆ SeTokenIsRestricted()

NTKERNELAPI BOOLEAN NTAPI SeTokenIsRestricted ( _In_ PACCESS_TOKEN  Token)

Determines if a token is restricted or not, based upon the token flags.

Parameters
[in]TokenA valid access token to determine if such token is restricted.
Returns
Returns TRUE if the token is restricted, FALSE otherwise.

Definition at line 1772 of file token.c.

1774 {
1775  PAGED_CODE();
1776 
1777  return (((PTOKEN)Token)->TokenFlags & TOKEN_IS_RESTRICTED) != 0;
1778 }
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define TOKEN_IS_RESTRICTED
Definition: setypes.h:1179
#define PAGED_CODE()

Referenced by NtQueryInformationToken(), PsImpersonateClient(), RxInitializeVNetRootParameters(), SepAccessCheck(), SepCompareTokens(), SepImpersonateAnonymousToken(), and SeTokenCanImpersonate().

◆ SeTokenType()

NTKERNELAPI TOKEN_TYPE NTAPI SeTokenType ( _In_ PACCESS_TOKEN  Token)

Gathers the token type of an access token. A token ca be either a primary token or impersonation token.

Parameters
[in]TokenA valid access token where the token type has to be gathered.
Returns
Returns the token type from a valid token.

Definition at line 1726 of file token.c.

1728 {
1729  PAGED_CODE();
1730 
1731  return ((PTOKEN)Token)->TokenType;
1732 }
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define PAGED_CODE()

◆ SeUnlockSubjectContext()

NTKERNELAPI VOID NTAPI SeUnlockSubjectContext ( _In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext)

Unlocks both the referenced primary and client access tokens of a security subject context.

Parameters
[in]SubjectContextA valid security context with both referenced tokens.
Returns
Nothing.

Definition at line 138 of file subject.c.

140 {
141  PTOKEN PrimaryToken, ClientToken;
142  PAGED_CODE();
143 
144  /* Read both tokens */
145  PrimaryToken = SubjectContext->PrimaryToken;
146  ClientToken = SubjectContext->ClientToken;
147 
148  /* Unlock the impersonation one if it's there */
149  if (ClientToken)
150  {
151  SepReleaseTokenLock(ClientToken);
152  }
153 
154  /* Always unlock the primary one */
155  SepReleaseTokenLock(PrimaryToken);
156 }
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
#define SepReleaseTokenLock(Token)
Definition: se.h:286
#define PAGED_CODE()

Referenced by create_stream(), FatExplicitDeviceAccessGranted(), file_create(), FilterToken(), HasPrivilege(), IopParseDevice(), NpCreateClientEnd(), NpCreateExistingNamedPipe(), NpCreateNewNamedPipe(), ObCheckCreateObjectAccess(), ObCheckObjectAccess(), ObpCheckObjectReference(), ObpCheckTraverseAccess(), open_file2(), SeAccessCheck(), START_TEST(), and TestSeAssignSecurity().

◆ SeUnregisterLogonSessionTerminatedRoutine()

NTKERNELAPI NTSTATUS NTAPI SeUnregisterLogonSessionTerminatedRoutine ( _In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE  CallbackRoutine)

Un-registers a callback routine, previously registered by SeRegisterLogonSessionTerminatedRoutine function.

Parameters
[in]CallbackRoutineCallback routine address to un-register.
Returns
Returns STATUS_SUCCESS if the callback routine was un-registered successfully. STATUS_INVALID_PARAMETER is returned if the caller did not provide a callback routine. STATUS_NOT_FOUND is returned if the callback notification item couldn't be found.

Definition at line 1621 of file srm.c.

1623 {
1625  NTSTATUS Status;
1626  PAGED_CODE();
1627 
1628  /* Fail, if we don not have a callback routine */
1629  if (CallbackRoutine == NULL)
1630  return STATUS_INVALID_PARAMETER;
1631 
1632  /* Acquire the database lock */
1634 
1635  /* Loop all registered notification items */
1636  for (Current = SepLogonNotifications;
1637  Current != NULL;
1638  Current = Current->Next)
1639  {
1640  /* Check if the callback routine matches the provided one */
1641  if (Current->CallbackRoutine == CallbackRoutine)
1642  break;
1643 
1644  Previous = Current;
1645  }
1646 
1647  if (Current == NULL)
1648  {
1650  }
1651  else
1652  {
1653  /* Remove the current notification item from the list */
1654  if (Previous == NULL)
1655  SepLogonNotifications = Current->Next;
1656  else
1657  Previous->Next = Current->Next;
1658 
1659  /* Free the current notification item */
1660  ExFreePoolWithTag(Current,
1662 
1664  }
1665 
1666  /* Release the database lock */
1668 
1669  return Status;
1670 }
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
_Must_inspect_result_ _In_ PFLT_GET_OPERATION_STATUS_CALLBACK CallbackRoutine
Definition: fltkernel.h:1035
PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
Definition: srm.c:21
#define TAG_LOGON_NOTIFICATION
Definition: tag.h:161
Status
Definition: gdiplustypes.h:24
#define STATUS_NOT_FOUND
Definition: shellext.h:72
PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION SepLogonNotifications
Definition: srm.c:63
struct _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION * Next
Definition: srm.c:20
#define NULL
Definition: types.h:112
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
#define STATUS_SUCCESS
Definition: shellext.h:65
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define PAGED_CODE()
KGUARDED_MUTEX SepRmDbLock
Definition: srm.c:61

Variable Documentation

◆ AbsoluteObjectName

_In_opt_ PVOID _In_opt_ PUNICODE_STRING AbsoluteObjectName

Definition at line 414 of file sefuncs.h.

◆ AccessGranted

◆ AccessMode

◆ AccessState

◆ AccessStatus

◆ DesiredAccess

◆ ExplicitDescriptor

_In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor

Definition at line 29 of file sefuncs.h.

Referenced by TestSeAssignSecurity().

◆ GenerateOnClose

◆ GenericMapping

◆ GrantedAccess

◆ IsDirectoryObject

◆ NewDescriptor

◆ Object

Definition at line 414 of file sefuncs.h.

◆ ObjectCreated

◆ ParentSecurityDescriptor

Definition at line 395 of file sefuncs.h.

◆ PoolType

◆ PreviouslyGrantedAccess

◆ PreviousMode

_In_ KPROCESSOR_MODE PreviousMode

Definition at line 103 of file sefuncs.h.

Referenced by _IRQL_requires_max_(), DbgkOpenProcessDebugPort(), DefaultQueryInfoBufferCheck(), DefaultSetInfoBufferCheck(), ExpRaiseHardError(), IopCheckBackupRestorePrivilege(), IopDeviceFsIoControl(), IopFinalizeAsynchronousIo(), IopPerformSynchronousRequest(), IopQueryName(), IopQueryNameInternal(), IopUnloadDriver(), KdbEnterDebuggerException(), KdpCommandString(), KdpPrint(), KdpPrintFromUser(), KdpPrompt(), KdpStub(), KdpSymbol(), KdpTrap(), KeContextToTrapFrame(), KeFlushQueueApc(), KiApcInterrupt(), KiContinue(), KiDispatchException(), KiRaiseException(), KiSoftwareInterruptHandler(), LpcpCopyRequestData(), LpcpCreatePort(), LpcRequestPort(), LpcRequestWaitReplyPort(), MiAccessCheck(), MiDoMappedCopy(), MiDoPoolCopy(), MiQueryMemoryBasicInformation(), MiQueryMemorySectionName(), MmCopyVirtualMemory(), MmCreateArm3Section(), NpCreateClientEnd(), NpCreateExistingNamedPipe(), NtAcceptConnectPort(), NtAccessCheck(), NtAddAtom(), NtAdjustGroupsToken(), NtAdjustPrivilegesToken(), NtAlertResumeThread(), NtAlertThread(), NtAllocateLocallyUniqueId(), NtAllocateUuids(), NtAllocateVirtualMemory(), NtAssignProcessToJobObject(), NtCancelIoFile(), NtCancelTimer(), NtCloseObjectAuditAlarm(), NtCompareTokens(), NtCompleteConnectPort(), NtCreateDebugObject(), NtCreateDirectoryObject(), NtCreateEvent(), NtCreateEventPair(), NtCreateIoCompletion(), NtCreateJobObject(), NtCreateKey(), NtCreateMutant(), NtCreatePagingFile(), NtCreateProcessEx(), NtCreateProfile(), NtCreateSection(), NtCreateSemaphore(), NtCreateSymbolicLinkObject(), NtCreateTimer(), NtCreateToken(), NtDebugActiveProcess(), NtDebugContinue(), NtDelayExecution(), NtDeleteValueKey(), NtDisplayString(), NtDuplicateObject(), NtDuplicateToken(), NtEnumerateKey(), NtEnumerateValueKey(), NtExtendSection(), NtFilterToken(), NtFindAtom(), NtFlushBuffersFile(), NtFlushVirtualMemory(), NtFreeVirtualMemory(), NtGetContextThread(), NtGetWriteWatch(), NtImpersonateAnonymousToken(), NtImpersonateClientOfPort(), NtImpersonateThread(), NtIsProcessInJob(), NtLoadDriver(), NtLoadKeyEx(), NtLockFile(), NtLockProductActivationKeys(), NtLockVirtualMemory(), NtMakePermanentObject(), NtMapViewOfSection(), NtNotifyChangeDirectoryFile(), NtOpenDirectoryObject(), NtOpenEvent(), NtOpenEventPair(), NtOpenIoCompletion(), NtOpenJobObject(), NtOpenKey(), NtOpenMutant(), NtOpenProcess(), NtOpenProcessTokenEx(), NtOpenSection(), NtOpenSemaphore(), NtOpenSymbolicLinkObject(), NtOpenThread(), NtOpenThreadTokenEx(), NtOpenTimer(), NtPowerInformation(), NtPrivilegeCheck(), NtPrivilegedServiceAuditAlarm(), NtProtectVirtualMemory(), NtPulseEvent(), NtQueryDirectoryFile(), NtQueryDirectoryObject(), NtQueryEvent(), NtQueryInformationAtom(), NtQueryInformationFile(), NtQueryInformationJobObject(), NtQueryInformationProcess(), NtQueryInformationThread(), NtQueryInformationToken(), NtQueryIntervalProfile(), NtQueryIoCompletion(), NtQueryKey(), NtQueryMutant(), NtQueryObject(), NtQueryOpenSubKeys(), NtQueryPerformanceCounter(), NtQuerySection(), NtQuerySecurityObject(), NtQuerySemaphore(), NtQuerySymbolicLinkObject(), NtQuerySystemEnvironmentValue(), NtQuerySystemInformation(), NtQuerySystemTime(), NtQueryTimer(), NtQueryTimerResolution(), NtQueryValueKey(), NtQueryVirtualMemory(), NtQueryVolumeInformationFile(), NtRaiseHardError(), NtReadFile(), NtReadVirtualMemory(), NtReleaseMutant(), NtReleaseSemaphore(), NtRemoveIoCompletion(), NtRemoveProcessDebug(), NtReplyPort(), NtReplyWaitReceivePortEx(), NtRequestPort(), NtRequestWaitReplyPort(), NtResetEvent(), NtResetWriteWatch(), NtResumeProcess(), NtResumeThread(), NtSaveKeyEx(), NtSaveMergedKeys(), NtSecureConnectPort(), NtSetContextThread(), NtSetDefaultHardErrorPort(), NtSetEvent(), NtSetHighEventPair(), NtSetHighWaitLowEventPair(), NtSetInformationDebugObject(), NtSetInformationFile(), NtSetInformationJobObject(), NtSetInformationObject(), NtSetInformationProcess(), NtSetInformationThread(), NtSetInformationToken(), NtSetLowEventPair(), NtSetLowWaitHighEventPair(), NtSetSecurityObject(), NtSetSystemEnvironmentValue(), NtSetSystemInformation(), NtSetSystemPowerState(), NtSetSystemTime(), NtSetThreadExecutionState(), NtSetTimer(), NtSetTimerResolution(), NtSetValueKey(), NtSetVolumeInformationFile(), NtSignalAndWaitForSingleObject(), NtStartProfile(), NtStopProfile(), NtSuspendProcess(), NtSuspendThread(), NtTerminateJobObject(), NtUnloadKey2(), NtUnlockFile(), NtUnlockVirtualMemory(), NtUnmapViewOfSection(), NtWaitForDebugEvent(), NtWaitForMultipleObjects(), NtWaitForSingleObject(), NtWaitHighEventPair(), NtWaitLowEventPair(), NtWriteFile(), NtWriteVirtualMemory(), ObDuplicateObject(), ObInsertObject(), ObpAllocateObject(), ObpValidateAttributes(), ObSetHandleAttributes(), OpenRemoteDatabase(), PsGetContextThread(), PspCreateProcess(), PspCreateThread(), PspSetPrimaryToken(), PspSetQuotaLimits(), PsSetContextThread(), QSI_DEF(), SeCaptureLuidAndAttributesArray(), SeCaptureObjectTypeList(), SeCaptureSidAndAttributesArray(), SeCheckAuditPrivilege(), SeCheckPrivilegedObject(), SeCopyClientToken(), SepCreateToken(), SepDuplicateToken(), SepImpersonateAnonymousToken(), SepPerformTokenFiltering(), SepPrivilegeCheck(), SePrivilegeCheck(), SePrivilegePolicyCheck(), SepSinglePrivilegeCheck(), SeReleaseLuidAndAttributesArray(), SeReleaseObjectTypeList(), SeSinglePrivilegeCheck(), SSI_DEF(), WmipOpenGuidForEvents(), and WmipRegisterGuids().

◆ Privileges

◆ SecurityDescriptor

◆ SeExports

◆ SubjectContext

◆ SubjectContextLocked

Definition at line 13 of file sefuncs.h.

Referenced by SeAccessCheck().

◆ SubjectSecurityContext

◆ TransactionId