ReactOS  0.4.15-dev-2522-g9e0a3cd
sefuncs.h File Reference

Go to the source code of this file.

Macros

#define SeLengthSid(Sid)   (8 + (4 * ((SID *)Sid)->SubAuthorityCount))
 
#define SeDeleteClientSecurity(C)
 
#define SeStopImpersonatingClient()   PsRevertToSelf()
 
#define SeQuerySubjectContextToken(SubjectContext)
 

Functions

 $if (_WDMDDK_) _IRQL_requires_max_(PASSIVE_LEVEL) NTKERNELAPI BOOLEAN NTAPI SeAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor
 
 _IRQL_requires_max_ (PASSIVE_LEVEL) NTKERNELAPI NTSTATUS NTAPI SeAssignSecurity(_In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor
 
NTKERNELAPI NTSTATUS NTAPI SeAssignSecurityEx (_In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor, _In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor, _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, _In_opt_ GUID *ObjectType, _In_ BOOLEAN IsDirectoryObject, _In_ ULONG AutoInheritFlags, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PGENERIC_MAPPING GenericMapping, _In_ POOL_TYPE PoolType)
 
 _In_reads_bytes_ (Length) PSECURITY_DESCRIPTOR SecurityDescriptor)
 
NTKERNELAPI ULONG NTAPI SeObjectCreateSaclAccessBits (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor)
 
NTKERNELAPI VOID NTAPI SeReleaseSubjectContext (_Inout_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
 
NTKERNELAPI VOID NTAPI SeUnlockSubjectContext (_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
 
NTKERNELAPI VOID NTAPI SeCaptureSubjectContext (_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
 
NTKERNELAPI VOID NTAPI SeLockSubjectContext (_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
 
 $endif (_WDMDDK_) $if(_NTDDK_) _IRQL_requires_max_(PASSIVE_LEVEL) NTKERNELAPI BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue
 
 $endif (_NTDDK_) $if(_NTIFS_) NTKERNELAPI VOID NTAPI SeReleaseSubjectContext(_Inout_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
 
NTKERNELAPI BOOLEAN NTAPI SePrivilegeCheck (_Inout_ PPRIVILEGE_SET RequiredPrivileges, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE AccessMode)
 
NTKERNELAPI VOID NTAPI SeOpenObjectAuditAlarm (_In_ PUNICODE_STRING ObjectTypeName, _In_opt_ PVOID Object, _In_opt_ PUNICODE_STRING AbsoluteObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ BOOLEAN ObjectCreated, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE AccessMode, _Out_ PBOOLEAN GenerateOnClose)
 
NTKERNELAPI VOID NTAPI SeOpenObjectForDeleteAuditAlarm (_In_ PUNICODE_STRING ObjectTypeName, _In_opt_ PVOID Object, _In_opt_ PUNICODE_STRING AbsoluteObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ BOOLEAN ObjectCreated, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE AccessMode, _Out_ PBOOLEAN GenerateOnClose)
 
NTKERNELAPI VOID NTAPI SeDeleteObjectAuditAlarm (_In_ PVOID Object, _In_ HANDLE Handle)
 
NTKERNELAPI TOKEN_TYPE NTAPI SeTokenType (_In_ PACCESS_TOKEN Token)
 
NTKERNELAPI BOOLEAN NTAPI SeTokenIsAdmin (_In_ PACCESS_TOKEN Token)
 
NTKERNELAPI BOOLEAN NTAPI SeTokenIsRestricted (_In_ PACCESS_TOKEN Token)
 
NTKERNELAPI NTSTATUS NTAPI SeQueryAuthenticationIdToken (_In_ PACCESS_TOKEN Token, _Out_ PLUID AuthenticationId)
 
NTKERNELAPI NTSTATUS NTAPI SeQuerySessionIdToken (_In_ PACCESS_TOKEN Token, _Out_ PULONG SessionId)
 
NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurity (_In_ PETHREAD ClientThread, _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, _In_ BOOLEAN RemoteSession, _Out_ PSECURITY_CLIENT_CONTEXT ClientContext)
 
NTKERNELAPI VOID NTAPI SeImpersonateClient (_In_ PSECURITY_CLIENT_CONTEXT ClientContext, _In_opt_ PETHREAD ServerThread)
 
NTKERNELAPI NTSTATUS NTAPI SeImpersonateClientEx (_In_ PSECURITY_CLIENT_CONTEXT ClientContext, _In_opt_ PETHREAD ServerThread)
 
NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurityFromSubjectContext (_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos, _In_ BOOLEAN ServerIsRemote, _Out_ PSECURITY_CLIENT_CONTEXT ClientContext)
 
NTKERNELAPI NTSTATUS NTAPI SeQuerySecurityDescriptorInfo (_In_ PSECURITY_INFORMATION SecurityInformation, _Out_writes_bytes_(*Length) PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PULONG Length, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor)
 
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfo (_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
 
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfoEx (_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR ModificationDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ ULONG AutoInheritFlags, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
 
NTKERNELAPI NTSTATUS NTAPI SeAppendPrivileges (_Inout_ PACCESS_STATE AccessState, _In_ PPRIVILEGE_SET Privileges)
 
NTKERNELAPI BOOLEAN NTAPI SeAuditingFileEvents (_In_ BOOLEAN AccessGranted, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor)
 
NTKERNELAPI BOOLEAN NTAPI SeAuditingFileOrGlobalEvents (_In_ BOOLEAN AccessGranted, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)
 
VOID NTAPI SeSetAccessStateGenericMapping (_Inout_ PACCESS_STATE AccessState, _In_ PGENERIC_MAPPING GenericMapping)
 
NTKERNELAPI NTSTATUS NTAPI SeRegisterLogonSessionTerminatedRoutine (_In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
 
NTKERNELAPI NTSTATUS NTAPI SeUnregisterLogonSessionTerminatedRoutine (_In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine)
 
NTKERNELAPI NTSTATUS NTAPI SeMarkLogonSessionForTerminationNotification (_In_ PLUID LogonId)
 
NTKERNELAPI NTSTATUS NTAPI SeQueryInformationToken (_In_ PACCESS_TOKEN Token, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Outptr_result_buffer_(_Inexpressible_(token-dependent)) PVOID *TokenInformation)
 Queries information details about the given token to the call. The difference between NtQueryInformationToken and this routine is that the system call has user mode buffer data probing and additional protection checks whereas this routine doesn't have any of these. The routine is used exclusively in kernel mode. More...
 
 $endif (_NTIFS_) $if(_NTIFS_) NTKERNELAPI BOOLEAN NTAPI SeAuditingHardLinkEvents(_In_ BOOLEAN AccessGranted
 
NTKERNELAPI NTSTATUS NTAPI SeFilterToken (_In_ PACCESS_TOKEN ExistingToken, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Outptr_ PACCESS_TOKEN *FilteredToken)
 
NTKERNELAPI VOID NTAPI SeAuditHardLinkCreation (_In_ PUNICODE_STRING FileName, _In_ PUNICODE_STRING LinkName, _In_ BOOLEAN bSuccess)
 
NTKERNELAPI BOOLEAN NTAPI SeAuditingFileEventsWithContext (_In_ BOOLEAN AccessGranted, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)
 
NTKERNELAPI BOOLEAN NTAPI SeAuditingHardLinkEventsWithContext (_In_ BOOLEAN AccessGranted, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext)
 
NTSTATUS NTAPI SeReportSecurityEvent (_In_ ULONG Flags, _In_ PUNICODE_STRING SourceName, _In_opt_ PSID UserSid, _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters)
 
NTKERNELAPI VOID NTAPI SeOpenObjectForDeleteAuditAlarmWithTransaction (_In_ PUNICODE_STRING ObjectTypeName, _In_opt_ PVOID Object, _In_opt_ PUNICODE_STRING AbsoluteObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ BOOLEAN ObjectCreated, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE AccessMode, _In_opt_ GUID *TransactionId, _Out_ PBOOLEAN GenerateOnClose)
 
NTKERNELAPI VOID NTAPI SeExamineSacl (_In_ PACL Sacl, _In_ PACCESS_TOKEN Token, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateAudit, _Out_ PBOOLEAN GenerateAlarm)
 
NTKERNELAPI VOID NTAPI SeDeleteObjectAuditAlarmWithTransaction (_In_ PVOID Object, _In_ HANDLE Handle, _In_opt_ GUID *TransactionId)
 
NTKERNELAPI VOID NTAPI SeQueryTokenIntegrity (_In_ PACCESS_TOKEN Token, _Inout_ PSID_AND_ATTRIBUTES IntegritySA)
 
NTKERNELAPI NTSTATUS NTAPI SeSetSessionIdToken (_In_ PACCESS_TOKEN Token, _In_ ULONG SessionId)
 
NTKERNELAPI VOID NTAPI SeAuditHardLinkCreationWithTransaction (_In_ PUNICODE_STRING FileName, _In_ PUNICODE_STRING LinkName, _In_ BOOLEAN bSuccess, _In_opt_ GUID *TransactionId)
 
NTKERNELAPI VOID NTAPI SeAuditTransactionStateChange (_In_ GUID *TransactionId, _In_ GUID *ResourceManagerId, _In_ ULONG NewTransactionState)
 
NTKERNELAPI BOOLEAN NTAPI SeAuditingAnyFileEventsWithContext (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _Out_opt_ PBOOLEAN StagingEnabled)
 
NTKERNELAPI VOID NTAPI SeExamineGlobalSacl (_In_ PUNICODE_STRING ObjectType, _In_ PACL ResourceSacl, _In_ PACCESS_TOKEN Token, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN AccessGranted, _Inout_ PBOOLEAN GenerateAudit, _Inout_opt_ PBOOLEAN GenerateAlarm)
 
NTKERNELAPI VOID NTAPI SeMaximumAuditMaskFromGlobalSacl (_In_opt_ PUNICODE_STRING ObjectTypeName, _In_ ACCESS_MASK GrantedAccess, _In_ PACCESS_TOKEN Token, _Inout_ PACCESS_MASK AuditMask)
 
NTSTATUS NTAPI SeReportSecurityEventWithSubCategory (_In_ ULONG Flags, _In_ PUNICODE_STRING SourceName, _In_opt_ PSID UserSid, _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters, _In_ ULONG AuditSubcategoryId)
 
BOOLEAN NTAPI SeAccessCheckFromState (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PTOKEN_ACCESS_INFORMATION PrimaryTokenInformation, _In_opt_ PTOKEN_ACCESS_INFORMATION ClientTokenInformation, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Outptr_opt_result_maybenull_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
NTKERNELAPI VOID NTAPI SeFreePrivileges (_In_ PPRIVILEGE_SET Privileges)
 
NTSTATUS NTAPI SeLocateProcessImageName (_Inout_ PEPROCESS Process, _Outptr_ PUNICODE_STRING *pImageFileName)
 

Variables

_In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN SubjectContextLocked
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK DesiredAccess
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK PreviouslyGrantedAccess
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SETPrivileges
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING GenericMapping
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE AccessMode
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
 
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
 
_In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor
 
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTORNewDescriptor
 
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
 
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext
 
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN _In_ PSECURITY_SUBJECT_CONTEXT _In_ PGENERIC_MAPPING _In_ POOL_TYPE PoolType
 
_In_ KPROCESSOR_MODE PreviousMode
 
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor
 
_In_opt_ PSECURITY_DESCRIPTOR _In_opt_ PSECURITY_DESCRIPTOR ParentSecurityDescriptor
 
_In_opt_ PVOID Object
 
_In_opt_ PVOID _In_opt_ PUNICODE_STRING AbsoluteObjectName
 
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
 
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN ObjectCreated
 
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
 
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUIDTransactionId
 
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
 
NTKERNELAPI PSE_EXPORTS SeExports
 

Macro Definition Documentation

◆ SeDeleteClientSecurity

#define SeDeleteClientSecurity (   C)
Value:
{ \
if (SeTokenType((C)->ClientToken) == TokenPrimary) { \
PsDereferencePrimaryToken( (C)->ClientToken ); \
} else { \
PsDereferenceImpersonationToken( (C)->ClientToken ); \
} \
}
Definition: terminate.cpp:23
NTKERNELAPI TOKEN_TYPE NTAPI SeTokenType(_In_ PACCESS_TOKEN Token)

Definition at line 573 of file sefuncs.h.

◆ SeLengthSid

#define SeLengthSid (   Sid)    (8 + (4 * ((SID *)Sid)->SubAuthorityCount))

Definition at line 570 of file sefuncs.h.

◆ SeQuerySubjectContextToken

#define SeQuerySubjectContextToken (   SubjectContext)
Value:
) ? \
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: sefuncs.h:29
#define ARGUMENT_PRESENT(ArgumentPointer)
struct _SECURITY_SUBJECT_CONTEXT * PSECURITY_SUBJECT_CONTEXT

Definition at line 583 of file sefuncs.h.

◆ SeStopImpersonatingClient

#define SeStopImpersonatingClient ( )    PsRevertToSelf()

Definition at line 581 of file sefuncs.h.

Function Documentation

◆ $endif() [1/3]

$endif ( _WDMDDK_  )

Definition at line 202 of file ke.h.

226 {
227  ULONGLONG Low;
228  LONGLONG High;
229 } NEON128, *PNEON128;
Definition: strmini.h:380
int64_t LONGLONG
Definition: typedefs.h:68
uint64_t ULONGLONG
Definition: typedefs.h:67
Definition: strmini.h:378
NEON128
Definition: ke.h:229
* PNEON128
Definition: ke.h:229

◆ $endif() [2/3]

$endif ( _NTDDK_  )

Definition at line 2490 of file iofuncs.h.

2498 {
2499  PriorityInfo->Size = sizeof(IO_PRIORITY_INFO);
2500  PriorityInfo->ThreadPriority = 0xffff;
2501  PriorityInfo->IoPriority = IoPriorityNormal;
2502  PriorityInfo->PagePriority = 0;
2503 }
struct _IO_PRIORITY_INFO IO_PRIORITY_INFO
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD _Inout_ PIO_PRIORITY_INFO PriorityInfo
Definition: fltkernel.h:2653

◆ $endif() [3/3]

$endif ( _NTIFS_  )

Definition at line 2827 of file rtlfuncs.h.

2841 {
2843  ret.QuadPart = SignedInteger;
2844  return ret;
2845 }
return ret
Definition: rtlfuncs.h:3092

◆ $if()

$if ( _WDMDDK_  )

Kernel definitions for AMD64

Kernel definitions for ARM

Definition at line 1 of file ke.h.

31 {
32  ULONG Dummy;
struct _KFLOATING_SAVE KFLOATING_SAVE
struct _KFLOATING_SAVE * PKFLOATING_SAVE
unsigned int ULONG
Definition: retypes.h:1

◆ _In_reads_bytes_()

_In_reads_bytes_ ( Length  )

◆ _IRQL_requires_max_()

_IRQL_requires_max_ ( PASSIVE_LEVEL  )

Definition at line 64 of file Messaging.c.

75 {
76  PFLT_SERVER_PORT_OBJECT PortObject;
78 
79  /* The caller must allow at least one connection */
80  if (MaxConnections == 0)
81  {
83  }
84 
85  /* The request must be for a kernel handle */
86  if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
87  {
89  }
90 
91  /*
92  * Get rundown protection on the target to stop the owner
93  * from unloading whilst this port object is open. It gets
94  * removed in the FltpServerPortClose callback
95  */
97  if (!NT_SUCCESS(Status))
98  {
99  return Status;
100  }
101 
102  /* Create the server port object for this filter */
106  KernelMode,
107  NULL,
108  sizeof(FLT_SERVER_PORT_OBJECT),
109  0,
110  0,
111  (PVOID *)&PortObject);
112  if (NT_SUCCESS(Status))
113  {
114  /* Zero out the struct */
115  RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
116 
117  /* Increment the ref count on the target filter */
119 
120  /* Setup the filter port object */
121  PortObject->Filter = Filter;
122  PortObject->ConnectNotify = ConnectNotifyCallback;
124  PortObject->MessageNotify = MessageNotifyCallback;
125  PortObject->Cookie = ServerPortCookie;
126  PortObject->MaxConnections = MaxConnections;
127 
128  /* Insert the object */
129  Status = ObInsertObject(PortObject,
130  NULL,
132  0,
133  NULL,
135  if (NT_SUCCESS(Status))
136  {
137  /* Lock the connection list */
139 
140  /* Add the new port object to the connection list and increment the count */
143 
144  /* Unlock the connection list*/
146  }
147  }
148 
149  if (!NT_SUCCESS(Status))
150  {
151  /* Allow the filter to be cleaned up */
153  }
154 
155  return Status;
156 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
_Must_inspect_result_ _Outptr_ PFLT_PORT * ServerPort
Definition: fltkernel.h:1873
PFLT_CONNECT_NOTIFY ConnectNotify
Definition: fltmgrint.h:191
VOID FLTAPI FltObjectDereference(_Inout_ PVOID Object)
Definition: Object.c:53
LONG NTSTATUS
Definition: precomp.h:26
#define InsertTailList(ListHead, Entry)
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
VOID FASTCALL ExReleaseFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:31
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
LIST_ENTRY mList
Definition: fltmgrint.h:56
_Must_inspect_result_ _In_opt_ PFLT_FILTER Filter
Definition: fltkernel.h:1802
#define FILE_READ_DATA
Definition: nt_native.h:628
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:952
Status
Definition: gdiplustypes.h:24
POBJECT_TYPE ServerPortObjectType
Definition: Messaging.c:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1873
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1873
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2931
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
VOID FASTCALL ExAcquireFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:23
NTSTATUS FLTAPI FltObjectReference(_Inout_ PVOID Object)
Definition: Object.c:41
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1873
#define NULL
Definition: types.h:112
FAST_MUTEX mLock
Definition: fltmgrint.h:55
PFLT_MESSAGE_NOTIFY MessageNotify
Definition: fltmgrint.h:193
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY _In_ LONG MaxConnections
Definition: fltkernel.h:1873
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1873
FLT_MUTEX_LIST_HEAD ConnectionList
Definition: fltmgrint.h:121

◆ SeAccessCheckFromState()

BOOLEAN NTAPI SeAccessCheckFromState ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PTOKEN_ACCESS_INFORMATION  PrimaryTokenInformation,
_In_opt_ PTOKEN_ACCESS_INFORMATION  ClientTokenInformation,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ACCESS_MASK  PreviouslyGrantedAccess,
_Outptr_opt_result_maybenull_ PPRIVILEGE_SET Privileges,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ KPROCESSOR_MODE  AccessMode,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ SeAppendPrivileges()

NTKERNELAPI NTSTATUS NTAPI SeAppendPrivileges ( _Inout_ PACCESS_STATE  AccessState,
_In_ PPRIVILEGE_SET  Privileges 
)

◆ SeAssignSecurityEx()

NTKERNELAPI NTSTATUS NTAPI SeAssignSecurityEx ( _In_opt_ PSECURITY_DESCRIPTOR  ParentDescriptor,
_In_opt_ PSECURITY_DESCRIPTOR  ExplicitDescriptor,
_Out_ PSECURITY_DESCRIPTOR NewDescriptor,
_In_opt_ GUID ObjectType,
_In_ BOOLEAN  IsDirectoryObject,
_In_ ULONG  AutoInheritFlags,
_In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ POOL_TYPE  PoolType 
)

◆ SeAuditHardLinkCreation()

NTKERNELAPI VOID NTAPI SeAuditHardLinkCreation ( _In_ PUNICODE_STRING  FileName,
_In_ PUNICODE_STRING  LinkName,
_In_ BOOLEAN  bSuccess 
)

◆ SeAuditHardLinkCreationWithTransaction()

NTKERNELAPI VOID NTAPI SeAuditHardLinkCreationWithTransaction ( _In_ PUNICODE_STRING  FileName,
_In_ PUNICODE_STRING  LinkName,
_In_ BOOLEAN  bSuccess,
_In_opt_ GUID TransactionId 
)

◆ SeAuditingAnyFileEventsWithContext()

NTKERNELAPI BOOLEAN NTAPI SeAuditingAnyFileEventsWithContext ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSECURITY_SUBJECT_CONTEXT  SubjectSecurityContext,
_Out_opt_ PBOOLEAN  StagingEnabled 
)

◆ SeAuditingFileEvents()

NTKERNELAPI BOOLEAN NTAPI SeAuditingFileEvents ( _In_ BOOLEAN  AccessGranted,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor 
)

◆ SeAuditingFileEventsWithContext()

NTKERNELAPI BOOLEAN NTAPI SeAuditingFileEventsWithContext ( _In_ BOOLEAN  AccessGranted,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSECURITY_SUBJECT_CONTEXT  SubjectSecurityContext 
)

◆ SeAuditingFileOrGlobalEvents()

NTKERNELAPI BOOLEAN NTAPI SeAuditingFileOrGlobalEvents ( _In_ BOOLEAN  AccessGranted,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PSECURITY_SUBJECT_CONTEXT  SubjectSecurityContext 
)

◆ SeAuditingHardLinkEventsWithContext()

NTKERNELAPI BOOLEAN NTAPI SeAuditingHardLinkEventsWithContext ( _In_ BOOLEAN  AccessGranted,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSECURITY_SUBJECT_CONTEXT  SubjectSecurityContext 
)

◆ SeAuditTransactionStateChange()

NTKERNELAPI VOID NTAPI SeAuditTransactionStateChange ( _In_ GUID TransactionId,
_In_ GUID ResourceManagerId,
_In_ ULONG  NewTransactionState 
)

◆ SeCaptureSubjectContext()

NTKERNELAPI VOID NTAPI SeCaptureSubjectContext ( _Out_ PSECURITY_SUBJECT_CONTEXT  SubjectContext)

◆ SeCreateClientSecurity()

NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurity ( _In_ PETHREAD  ClientThread,
_In_ PSECURITY_QUALITY_OF_SERVICE  ClientSecurityQos,
_In_ BOOLEAN  RemoteSession,
_Out_ PSECURITY_CLIENT_CONTEXT  ClientContext 
)

◆ SeCreateClientSecurityFromSubjectContext()

NTKERNELAPI NTSTATUS NTAPI SeCreateClientSecurityFromSubjectContext ( _In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext,
_In_ PSECURITY_QUALITY_OF_SERVICE  ClientSecurityQos,
_In_ BOOLEAN  ServerIsRemote,
_Out_ PSECURITY_CLIENT_CONTEXT  ClientContext 
)

◆ SeDeleteObjectAuditAlarm()

NTKERNELAPI VOID NTAPI SeDeleteObjectAuditAlarm ( _In_ PVOID  Object,
_In_ HANDLE  Handle 
)

◆ SeDeleteObjectAuditAlarmWithTransaction()

NTKERNELAPI VOID NTAPI SeDeleteObjectAuditAlarmWithTransaction ( _In_ PVOID  Object,
_In_ HANDLE  Handle,
_In_opt_ GUID TransactionId 
)

◆ SeExamineGlobalSacl()

NTKERNELAPI VOID NTAPI SeExamineGlobalSacl ( _In_ PUNICODE_STRING  ObjectType,
_In_ PACL  ResourceSacl,
_In_ PACCESS_TOKEN  Token,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  AccessGranted,
_Inout_ PBOOLEAN  GenerateAudit,
_Inout_opt_ PBOOLEAN  GenerateAlarm 
)

◆ SeExamineSacl()

NTKERNELAPI VOID NTAPI SeExamineSacl ( _In_ PACL  Sacl,
_In_ PACCESS_TOKEN  Token,
_In_ ACCESS_MASK  DesiredAccess,
_In_ BOOLEAN  AccessGranted,
_Out_ PBOOLEAN  GenerateAudit,
_Out_ PBOOLEAN  GenerateAlarm 
)

◆ SeFilterToken()

NTKERNELAPI NTSTATUS NTAPI SeFilterToken ( _In_ PACCESS_TOKEN  ExistingToken,
_In_ ULONG  Flags,
_In_opt_ PTOKEN_GROUPS  SidsToDisable,
_In_opt_ PTOKEN_PRIVILEGES  PrivilegesToDelete,
_In_opt_ PTOKEN_GROUPS  RestrictedSids,
_Outptr_ PACCESS_TOKEN FilteredToken 
)

◆ SeFreePrivileges()

NTKERNELAPI VOID NTAPI SeFreePrivileges ( _In_ PPRIVILEGE_SET  Privileges)

◆ SeImpersonateClient()

NTKERNELAPI VOID NTAPI SeImpersonateClient ( _In_ PSECURITY_CLIENT_CONTEXT  ClientContext,
_In_opt_ PETHREAD  ServerThread 
)

◆ SeImpersonateClientEx()

NTKERNELAPI NTSTATUS NTAPI SeImpersonateClientEx ( _In_ PSECURITY_CLIENT_CONTEXT  ClientContext,
_In_opt_ PETHREAD  ServerThread 
)

◆ SeLocateProcessImageName()

NTSTATUS NTAPI SeLocateProcessImageName ( _Inout_ PEPROCESS  Process,
_Outptr_ PUNICODE_STRING pImageFileName 
)

◆ SeLockSubjectContext()

NTKERNELAPI VOID NTAPI SeLockSubjectContext ( _In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext)

◆ SeMarkLogonSessionForTerminationNotification()

NTKERNELAPI NTSTATUS NTAPI SeMarkLogonSessionForTerminationNotification ( _In_ PLUID  LogonId)

◆ SeMaximumAuditMaskFromGlobalSacl()

NTKERNELAPI VOID NTAPI SeMaximumAuditMaskFromGlobalSacl ( _In_opt_ PUNICODE_STRING  ObjectTypeName,
_In_ ACCESS_MASK  GrantedAccess,
_In_ PACCESS_TOKEN  Token,
_Inout_ PACCESS_MASK  AuditMask 
)

◆ SeObjectCreateSaclAccessBits()

NTKERNELAPI ULONG NTAPI SeObjectCreateSaclAccessBits ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor)

◆ SeOpenObjectAuditAlarm()

NTKERNELAPI VOID NTAPI SeOpenObjectAuditAlarm ( _In_ PUNICODE_STRING  ObjectTypeName,
_In_opt_ PVOID  Object,
_In_opt_ PUNICODE_STRING  AbsoluteObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PACCESS_STATE  AccessState,
_In_ BOOLEAN  ObjectCreated,
_In_ BOOLEAN  AccessGranted,
_In_ KPROCESSOR_MODE  AccessMode,
_Out_ PBOOLEAN  GenerateOnClose 
)

◆ SeOpenObjectForDeleteAuditAlarm()

NTKERNELAPI VOID NTAPI SeOpenObjectForDeleteAuditAlarm ( _In_ PUNICODE_STRING  ObjectTypeName,
_In_opt_ PVOID  Object,
_In_opt_ PUNICODE_STRING  AbsoluteObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PACCESS_STATE  AccessState,
_In_ BOOLEAN  ObjectCreated,
_In_ BOOLEAN  AccessGranted,
_In_ KPROCESSOR_MODE  AccessMode,
_Out_ PBOOLEAN  GenerateOnClose 
)

◆ SeOpenObjectForDeleteAuditAlarmWithTransaction()

NTKERNELAPI VOID NTAPI SeOpenObjectForDeleteAuditAlarmWithTransaction ( _In_ PUNICODE_STRING  ObjectTypeName,
_In_opt_ PVOID  Object,
_In_opt_ PUNICODE_STRING  AbsoluteObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PACCESS_STATE  AccessState,
_In_ BOOLEAN  ObjectCreated,
_In_ BOOLEAN  AccessGranted,
_In_ KPROCESSOR_MODE  AccessMode,
_In_opt_ GUID TransactionId,
_Out_ PBOOLEAN  GenerateOnClose 
)

◆ SePrivilegeCheck()

NTKERNELAPI BOOLEAN NTAPI SePrivilegeCheck ( _Inout_ PPRIVILEGE_SET  RequiredPrivileges,
_In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext,
_In_ KPROCESSOR_MODE  AccessMode 
)

◆ SeQueryAuthenticationIdToken()

NTKERNELAPI NTSTATUS NTAPI SeQueryAuthenticationIdToken ( _In_ PACCESS_TOKEN  Token,
_Out_ PLUID  AuthenticationId 
)

◆ SeQueryInformationToken()

NTKERNELAPI NTSTATUS NTAPI SeQueryInformationToken ( _In_ PACCESS_TOKEN  AccessToken,
_In_ TOKEN_INFORMATION_CLASS  TokenInformationClass,
_Outptr_result_buffer_(_Inexpressible_(token-dependent)) PVOID TokenInformation 
)

Queries information details about the given token to the call. The difference between NtQueryInformationToken and this routine is that the system call has user mode buffer data probing and additional protection checks whereas this routine doesn't have any of these. The routine is used exclusively in kernel mode.

Parameters
[in]AccessTokenAn access token to be given.
[in]TokenInformationClassToken information class.
[out]TokenInformationBuffer with retrieved information. Such information is arbitrary, depending on the requested information class.
Returns
Returns STATUS_SUCCESS if the operation to query the desired information has completed successfully. STATUS_INSUFFICIENT_RESOURCES is returned if pool memory allocation has failed to satisfy an operation. Otherwise STATUS_INVALID_INFO_CLASS is returned indicating that the information class provided is not supported by the routine.
Remarks
Only certain information classes are not implemented in this function and these are TokenOrigin, TokenGroupsAndPrivileges, TokenRestrictedSids and TokenSandBoxInert. The following classes are implemented in NtQueryInformationToken only.

Definition at line 1835 of file token.c.

1839 {
1840  NTSTATUS Status;
1841  PTOKEN Token = (PTOKEN)AccessToken;
1843  union
1844  {
1845  PSID PSid;
1846  ULONG Ulong;
1847  } Unused;
1848 
1849  PAGED_CODE();
1850 
1851  /* Lock the token */
1853 
1854  switch (TokenInformationClass)
1855  {
1856  case TokenUser:
1857  {
1858  PTOKEN_USER tu;
1859 
1860  DPRINT("SeQueryInformationToken(TokenUser)\n");
1861  RequiredLength = sizeof(TOKEN_USER) +
1862  RtlLengthSid(Token->UserAndGroups[0].Sid);
1863 
1864  /* Allocate the output buffer */
1866  if (tu == NULL)
1867  {
1869  break;
1870  }
1871 
1873  &Token->UserAndGroups[0],
1874  RequiredLength - sizeof(TOKEN_USER),
1875  &tu->User,
1876  (PSID)(tu + 1),
1877  &Unused.PSid,
1878  &Unused.Ulong);
1879 
1880  /* Return the structure */
1881  *TokenInformation = tu;
1883  break;
1884  }
1885 
1886  case TokenGroups:
1887  {
1888  PTOKEN_GROUPS tg;
1889  ULONG SidLen;
1890  PSID Sid;
1891 
1892  DPRINT("SeQueryInformationToken(TokenGroups)\n");
1893  RequiredLength = sizeof(tg->GroupCount) +
1894  RtlLengthSidAndAttributes(Token->UserAndGroupCount - 1, &Token->UserAndGroups[1]);
1895 
1896  SidLen = RequiredLength - sizeof(tg->GroupCount) -
1897  ((Token->UserAndGroupCount - 1) * sizeof(SID_AND_ATTRIBUTES));
1898 
1899  /* Allocate the output buffer */
1901  if (tg == NULL)
1902  {
1904  break;
1905  }
1906 
1907  Sid = (PSID)((ULONG_PTR)tg + sizeof(tg->GroupCount) +
1908  ((Token->UserAndGroupCount - 1) * sizeof(SID_AND_ATTRIBUTES)));
1909 
1910  tg->GroupCount = Token->UserAndGroupCount - 1;
1911  Status = RtlCopySidAndAttributesArray(Token->UserAndGroupCount - 1,
1912  &Token->UserAndGroups[1],
1913  SidLen,
1914  &tg->Groups[0],
1915  Sid,
1916  &Unused.PSid,
1917  &Unused.Ulong);
1918 
1919  /* Return the structure */
1920  *TokenInformation = tg;
1922  break;
1923  }
1924 
1925  case TokenPrivileges:
1926  {
1928 
1929  DPRINT("SeQueryInformationToken(TokenPrivileges)\n");
1930  RequiredLength = sizeof(tp->PrivilegeCount) +
1931  (Token->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
1932 
1933  /* Allocate the output buffer */
1935  if (tp == NULL)
1936  {
1938  break;
1939  }
1940 
1941  tp->PrivilegeCount = Token->PrivilegeCount;
1942  RtlCopyLuidAndAttributesArray(Token->PrivilegeCount,
1943  Token->Privileges,
1944  &tp->Privileges[0]);
1945 
1946  /* Return the structure */
1947  *TokenInformation = tp;
1949  break;
1950  }
1951 
1952  case TokenOwner:
1953  {
1954  PTOKEN_OWNER to;
1955  ULONG SidLen;
1956 
1957  DPRINT("SeQueryInformationToken(TokenOwner)\n");
1958  SidLen = RtlLengthSid(Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
1959  RequiredLength = sizeof(TOKEN_OWNER) + SidLen;
1960 
1961  /* Allocate the output buffer */
1963  if (to == NULL)
1964  {
1966  break;
1967  }
1968 
1969  to->Owner = (PSID)(to + 1);
1970  Status = RtlCopySid(SidLen,
1971  to->Owner,
1972  Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
1973 
1974  /* Return the structure */
1975  *TokenInformation = to;
1977  break;
1978  }
1979 
1980  case TokenPrimaryGroup:
1981  {
1983  ULONG SidLen;
1984 
1985  DPRINT("SeQueryInformationToken(TokenPrimaryGroup)\n");
1986  SidLen = RtlLengthSid(Token->PrimaryGroup);
1987  RequiredLength = sizeof(TOKEN_PRIMARY_GROUP) + SidLen;
1988 
1989  /* Allocate the output buffer */
1991  if (tpg == NULL)
1992  {
1994  break;
1995  }
1996 
1997  tpg->PrimaryGroup = (PSID)(tpg + 1);
1998  Status = RtlCopySid(SidLen,
1999  tpg->PrimaryGroup,
2000  Token->PrimaryGroup);
2001 
2002  /* Return the structure */
2003  *TokenInformation = tpg;
2005  break;
2006  }
2007 
2008  case TokenDefaultDacl:
2009  {
2010  PTOKEN_DEFAULT_DACL tdd;
2011 
2012  DPRINT("SeQueryInformationToken(TokenDefaultDacl)\n");
2014 
2015  if (Token->DefaultDacl != NULL)
2016  RequiredLength += Token->DefaultDacl->AclSize;
2017 
2018  /* Allocate the output buffer */
2020  if (tdd == NULL)
2021  {
2023  break;
2024  }
2025 
2026  if (Token->DefaultDacl != NULL)
2027  {
2028  tdd->DefaultDacl = (PACL)(tdd + 1);
2030  Token->DefaultDacl,
2031  Token->DefaultDacl->AclSize);
2032  }
2033  else
2034  {
2035  tdd->DefaultDacl = NULL;
2036  }
2037 
2038  /* Return the structure */
2039  *TokenInformation = tdd;
2041  break;
2042  }
2043 
2044  case TokenSource:
2045  {
2046  PTOKEN_SOURCE ts;
2047 
2048  DPRINT("SeQueryInformationToken(TokenSource)\n");
2049  RequiredLength = sizeof(TOKEN_SOURCE);
2050 
2051  /* Allocate the output buffer */
2053  if (ts == NULL)
2054  {
2056  break;
2057  }
2058 
2059  *ts = Token->TokenSource;
2060 
2061  /* Return the structure */
2062  *TokenInformation = ts;
2064  break;
2065  }
2066 
2067  case TokenType:
2068  {
2069  PTOKEN_TYPE tt;
2070 
2071  DPRINT("SeQueryInformationToken(TokenType)\n");
2072  RequiredLength = sizeof(TOKEN_TYPE);
2073 
2074  /* Allocate the output buffer */
2076  if (tt == NULL)
2077  {
2079  break;
2080  }
2081 
2082  *tt = Token->TokenType;
2083 
2084  /* Return the structure */
2085  *TokenInformation = tt;
2087  break;
2088  }
2089 
2091  {
2093 
2094  DPRINT("SeQueryInformationToken(TokenImpersonationLevel)\n");
2096 
2097  /* Fail if the token is not an impersonation token */
2098  if (Token->TokenType != TokenImpersonation)
2099  {
2101  break;
2102  }
2103 
2104  /* Allocate the output buffer */
2106  if (sil == NULL)
2107  {
2109  break;
2110  }
2111 
2112  *sil = Token->ImpersonationLevel;
2113 
2114  /* Return the structure */
2115  *TokenInformation = sil;
2117  break;
2118  }
2119 
2120  case TokenStatistics:
2121  {
2122  PTOKEN_STATISTICS ts;
2123 
2124  DPRINT("SeQueryInformationToken(TokenStatistics)\n");
2125  RequiredLength = sizeof(TOKEN_STATISTICS);
2126 
2127  /* Allocate the output buffer */
2129  if (ts == NULL)
2130  {
2132  break;
2133  }
2134 
2135  ts->TokenId = Token->TokenId;
2136  ts->AuthenticationId = Token->AuthenticationId;
2137  ts->ExpirationTime = Token->ExpirationTime;
2138  ts->TokenType = Token->TokenType;
2139  ts->ImpersonationLevel = Token->ImpersonationLevel;
2140  ts->DynamicCharged = Token->DynamicCharged;
2141  ts->DynamicAvailable = Token->DynamicAvailable;
2142  ts->GroupCount = Token->UserAndGroupCount - 1;
2143  ts->PrivilegeCount = Token->PrivilegeCount;
2144  ts->ModifiedId = Token->ModifiedId;
2145 
2146  /* Return the structure */
2147  *TokenInformation = ts;
2149  break;
2150  }
2151 
2152  case TokenSessionId:
2153  {
2154  DPRINT("SeQueryInformationToken(TokenSessionId)\n");
2155  Status = SeQuerySessionIdToken(Token, (PULONG)TokenInformation);
2156  break;
2157  }
2158 
2159  default:
2160  DPRINT1("SeQueryInformationToken(%d) invalid information class\n", TokenInformationClass);
2162  break;
2163  }
2164 
2165  /* Release the lock of the token */
2167 
2168  return Status;
2169 }
LUID AuthenticationId
Definition: setypes.h:1033
enum _SECURITY_IMPERSONATION_LEVEL * PSECURITY_IMPERSONATION_LEVEL
_Must_inspect_result_ typedef _In_ PVOID Unused
Definition: iotypes.h:1166
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
struct _TOKEN_DEFAULT_DACL TOKEN_DEFAULT_DACL
enum _TOKEN_TYPE * PTOKEN_TYPE
$ULONG GroupCount
Definition: setypes.h:1039
NTSTATUS NTAPI SeQuerySessionIdToken(IN PACCESS_TOKEN Token, IN PULONG pSessionId)
Definition: token.c:2176
$ULONG DynamicCharged
Definition: setypes.h:1037
NTSYSAPI NTSTATUS NTAPI RtlCopySidAndAttributesArray(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src, _In_ ULONG SidAreaSize, _In_ PSID_AND_ATTRIBUTES Dest, _In_ PSID SidArea, _Out_ PSID *RemainingSidArea, _Out_ PULONG RemainingSidAreaSize)
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
struct _TOKEN_USER TOKEN_USER
uint32_t ULONG_PTR
Definition: typedefs.h:65
NTSYSAPI VOID NTAPI RtlCopyLuidAndAttributesArray(ULONG Count, PLUID_AND_ATTRIBUTES Src, PLUID_AND_ATTRIBUTES Dest)
Definition: luid.c:33
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
PSID Owner
Definition: setypes.h:974
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
TOKEN_TYPE TokenType
Definition: setypes.h:1035
_In_ uint64_t _In_ uint64_t _In_ uint64_t _In_opt_ traverse_ptr * tp
Definition: btrfs.c:2930
struct _ACL * PACL
Definition: security.c:104
Status
Definition: gdiplustypes.h:24
#define TAG_SE
Definition: tag.h:173
LARGE_INTEGER ExpirationTime
Definition: setypes.h:1034
struct _TOKEN_OWNER TOKEN_OWNER
struct _TOKEN_SOURCE TOKEN_SOURCE
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:1036
struct _SID * PSID
Definition: eventlog.c:35
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
#define STATUS_INVALID_INFO_CLASS
Definition: ntstatus.h:240
#define SepReleaseTokenLock(Token)
Definition: se.h:217
NTSYSAPI BOOLEAN WINAPI RtlCopySid(DWORD, PSID, PSID)
enum _TOKEN_TYPE TOKEN_TYPE
$ULONG PrivilegeCount
Definition: setypes.h:1040
struct _TOKEN * PTOKEN
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
Definition: setypes.h:964
_In_ ULONG _Out_opt_ PULONG RequiredLength
Definition: wmifuncs.h:29
unsigned int * PULONG
Definition: retypes.h:1
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
$ULONG GroupCount
Definition: setypes.h:960
#define SepAcquireTokenLockShared(Token)
Definition: se.h:211
unsigned int ULONG
Definition: retypes.h:1
SID_AND_ATTRIBUTES User
Definition: setypes.h:956
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
static ULONG RtlLengthSidAndAttributes(ULONG Count, PSID_AND_ATTRIBUTES Src)
Definition: token.c:681
#define STATUS_SUCCESS
Definition: shellext.h:65
#define DPRINT
Definition: sndvol32.h:71
$ULONG DynamicAvailable
Definition: setypes.h:1038
struct _TOKEN_STATISTICS TOKEN_STATISTICS
unsigned long Ulong
Definition: utypes.h:42
struct _TOKEN_PRIMARY_GROUP TOKEN_PRIMARY_GROUP
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
Definition: sefuncs.h:318
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:417
#define PAGED_CODE()

Referenced by find_gid(), NtSecureConnectPort(), START_TEST(), and TestsSeQueryInformationToken().

◆ SeQuerySecurityDescriptorInfo()

◆ SeQuerySessionIdToken()

NTKERNELAPI NTSTATUS NTAPI SeQuerySessionIdToken ( _In_ PACCESS_TOKEN  Token,
_Out_ PULONG  SessionId 
)

◆ SeQueryTokenIntegrity()

NTKERNELAPI VOID NTAPI SeQueryTokenIntegrity ( _In_ PACCESS_TOKEN  Token,
_Inout_ PSID_AND_ATTRIBUTES  IntegritySA 
)

◆ SeRegisterLogonSessionTerminatedRoutine()

NTKERNELAPI NTSTATUS NTAPI SeRegisterLogonSessionTerminatedRoutine ( _In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE  CallbackRoutine)

◆ SeReleaseSubjectContext()

NTKERNELAPI VOID NTAPI SeReleaseSubjectContext ( _Inout_ PSECURITY_SUBJECT_CONTEXT  SubjectContext)

◆ SeReportSecurityEvent()

NTSTATUS NTAPI SeReportSecurityEvent ( _In_ ULONG  Flags,
_In_ PUNICODE_STRING  SourceName,
_In_opt_ PSID  UserSid,
_In_ PSE_ADT_PARAMETER_ARRAY  AuditParameters 
)

Definition at line 383 of file semgr.c.

388 {
390  PTOKEN EffectiveToken;
391  PISID Sid;
393 
394  /* Validate parameters */
395  if ((Flags != 0) ||
396  (SourceName == NULL) ||
397  (SourceName->Buffer == NULL) ||
398  (SourceName->Length == 0) ||
399  (AuditParameters == NULL) ||
400  (AuditParameters->ParameterCount > SE_MAX_AUDIT_PARAMETERS - 4))
401  {
403  }
404 
405  /* Validate the source name */
407  if (!NT_SUCCESS(Status))
408  {
409  return Status;
410  }
411 
412  /* Check if we have a user SID */
413  if (UserSid != NULL)
414  {
415  /* Validate it */
416  if (!RtlValidSid(UserSid))
417  {
419  }
420 
421  /* Use the user SID */
422  Sid = UserSid;
423  }
424  else
425  {
426  /* No user SID, capture the security subject context */
428 
429  /* Extract the effective token */
430  EffectiveToken = SubjectContext.ClientToken ?
431  SubjectContext.ClientToken : SubjectContext.PrimaryToken;
432 
433  /* Use the user-and-groups SID */
434  Sid = EffectiveToken->UserAndGroups->Sid;
435  }
436 
438 
439  /* Check if we captured the subject context */
440  if (Sid != UserSid)
441  {
442  /* Release it */
444  }
445 
446  /* Return success */
447  return STATUS_SUCCESS;
448 }
VOID NTAPI SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:301
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239
VOID NTAPI SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:360
#define SE_MAX_AUDIT_PARAMETERS
Definition: setypes.h:228
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
NTSYSAPI NTSTATUS NTAPI RtlValidateUnicodeString(_In_ ULONG Flags, _In_ PCUNICODE_STRING String)
Definition: unicode.c:2544
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
Status
Definition: gdiplustypes.h:24
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define NULL
Definition: types.h:112
WCHAR SourceName[256]
Definition: arping.c:28
#define UNIMPLEMENTED
Definition: debug.h:115
PSID_AND_ATTRIBUTES UserAndGroups
Definition: setypes.h:202
#define STATUS_SUCCESS
Definition: shellext.h:65

◆ SeReportSecurityEventWithSubCategory()

NTSTATUS NTAPI SeReportSecurityEventWithSubCategory ( _In_ ULONG  Flags,
_In_ PUNICODE_STRING  SourceName,
_In_opt_ PSID  UserSid,
_In_ PSE_ADT_PARAMETER_ARRAY  AuditParameters,
_In_ ULONG  AuditSubcategoryId 
)

◆ SeSetAccessStateGenericMapping()

VOID NTAPI SeSetAccessStateGenericMapping ( _Inout_ PACCESS_STATE  AccessState,
_In_ PGENERIC_MAPPING  GenericMapping 
)

◆ SeSetSecurityDescriptorInfo()

NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfo ( _In_opt_ PVOID  Object,
_In_ PSECURITY_INFORMATION  SecurityInformation,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_Inout_ PSECURITY_DESCRIPTOR ObjectsSecurityDescriptor,
_In_ POOL_TYPE  PoolType,
_In_ PGENERIC_MAPPING  GenericMapping 
)

◆ SeSetSecurityDescriptorInfoEx()

NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfoEx ( _In_opt_ PVOID  Object,
_In_ PSECURITY_INFORMATION  SecurityInformation,
_In_ PSECURITY_DESCRIPTOR  ModificationDescriptor,
_Inout_ PSECURITY_DESCRIPTOR ObjectsSecurityDescriptor,
_In_ ULONG  AutoInheritFlags,
_In_ POOL_TYPE  PoolType,
_In_ PGENERIC_MAPPING  GenericMapping 
)

◆ SeSetSessionIdToken()

NTKERNELAPI NTSTATUS NTAPI SeSetSessionIdToken ( _In_ PACCESS_TOKEN  Token,
_In_ ULONG  SessionId 
)

◆ SeTokenIsAdmin()

NTKERNELAPI BOOLEAN NTAPI SeTokenIsAdmin ( _In_ PACCESS_TOKEN  Token)

◆ SeTokenIsRestricted()

NTKERNELAPI BOOLEAN NTAPI SeTokenIsRestricted ( _In_ PACCESS_TOKEN  Token)

◆ SeTokenType()

NTKERNELAPI TOKEN_TYPE NTAPI SeTokenType ( _In_ PACCESS_TOKEN  Token)

◆ SeUnlockSubjectContext()

NTKERNELAPI VOID NTAPI SeUnlockSubjectContext ( _In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext)

◆ SeUnregisterLogonSessionTerminatedRoutine()

NTKERNELAPI NTSTATUS NTAPI SeUnregisterLogonSessionTerminatedRoutine ( _In_ PSE_LOGON_SESSION_TERMINATED_ROUTINE  CallbackRoutine)

Variable Documentation

◆ AbsoluteObjectName

_In_opt_ PVOID _In_opt_ PUNICODE_STRING AbsoluteObjectName

Definition at line 414 of file sefuncs.h.

◆ AccessGranted

◆ AccessMode

◆ AccessState

◆ AccessStatus

◆ DesiredAccess

◆ ExplicitDescriptor

_In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor

Definition at line 29 of file sefuncs.h.

Referenced by TestSeAssignSecurity().

◆ GenerateOnClose

◆ GenericMapping

◆ GrantedAccess

◆ IsDirectoryObject

◆ NewDescriptor

◆ Object

Definition at line 414 of file sefuncs.h.

◆ ObjectCreated

◆ ParentSecurityDescriptor

Definition at line 395 of file sefuncs.h.

◆ PoolType

◆ PreviouslyGrantedAccess

◆ PreviousMode

_In_ KPROCESSOR_MODE PreviousMode

Definition at line 103 of file sefuncs.h.

Referenced by _IRQL_requires_max_(), DbgkOpenProcessDebugPort(), DefaultQueryInfoBufferCheck(), DefaultSetInfoBufferCheck(), ExpRaiseHardError(), IopCheckBackupRestorePrivilege(), IopDeviceFsIoControl(), IopFinalizeAsynchronousIo(), IopPerformSynchronousRequest(), IopQueryName(), IopQueryNameInternal(), IopUnloadDriver(), KdbEnterDebuggerException(), KdpCommandString(), KdpPrint(), KdpPrintFromUser(), KdpPrompt(), KdpStub(), KdpSymbol(), KdpTrap(), KeContextToTrapFrame(), KeFlushQueueApc(), KiApcInterrupt(), KiContinue(), KiDispatchException(), KiRaiseException(), KiSoftwareInterruptHandler(), LpcpCopyRequestData(), LpcpCreatePort(), LpcRequestPort(), LpcRequestWaitReplyPort(), MiAccessCheck(), MiDoMappedCopy(), MiDoPoolCopy(), MiQueryMemoryBasicInformation(), MiQueryMemorySectionName(), MmCopyVirtualMemory(), MmCreateArm3Section(), NpCreateClientEnd(), NpCreateExistingNamedPipe(), NtAcceptConnectPort(), NtAccessCheck(), NtAddAtom(), NtAdjustPrivilegesToken(), NtAlertResumeThread(), NtAlertThread(), NtAllocateLocallyUniqueId(), NtAllocateUuids(), NtAllocateVirtualMemory(), NtAssignProcessToJobObject(), NtCancelIoFile(), NtCancelTimer(), NtCloseObjectAuditAlarm(), NtCompareTokens(), NtCompleteConnectPort(), NtCreateDebugObject(), NtCreateDirectoryObject(), NtCreateEvent(), NtCreateEventPair(), NtCreateIoCompletion(), NtCreateJobObject(), NtCreateKey(), NtCreateMutant(), NtCreatePagingFile(), NtCreateProcessEx(), NtCreateProfile(), NtCreateSection(), NtCreateSemaphore(), NtCreateSymbolicLinkObject(), NtCreateTimer(), NtCreateToken(), NtDebugActiveProcess(), NtDebugContinue(), NtDelayExecution(), NtDeleteValueKey(), NtDisplayString(), NtDuplicateObject(), NtDuplicateToken(), NtEnumerateKey(), NtEnumerateValueKey(), NtExtendSection(), NtFindAtom(), NtFlushBuffersFile(), NtFlushVirtualMemory(), NtFreeVirtualMemory(), NtGetContextThread(), NtGetWriteWatch(), NtImpersonateAnonymousToken(), NtImpersonateClientOfPort(), NtImpersonateThread(), NtIsProcessInJob(), NtLoadDriver(), NtLoadKeyEx(), NtLockFile(), NtLockProductActivationKeys(), NtLockVirtualMemory(), NtMakePermanentObject(), NtMapViewOfSection(), NtNotifyChangeDirectoryFile(), NtOpenDirectoryObject(), NtOpenEvent(), NtOpenEventPair(), NtOpenIoCompletion(), NtOpenJobObject(), NtOpenKey(), NtOpenMutant(), NtOpenProcess(), NtOpenProcessTokenEx(), NtOpenSection(), NtOpenSemaphore(), NtOpenSymbolicLinkObject(), NtOpenThread(), NtOpenThreadTokenEx(), NtOpenTimer(), NtPowerInformation(), NtPrivilegeCheck(), NtPrivilegedServiceAuditAlarm(), NtProtectVirtualMemory(), NtPulseEvent(), NtQueryDirectoryFile(), NtQueryDirectoryObject(), NtQueryEvent(), NtQueryInformationAtom(), NtQueryInformationFile(), NtQueryInformationJobObject(), NtQueryInformationProcess(), NtQueryInformationThread(), NtQueryInformationToken(), NtQueryIntervalProfile(), NtQueryIoCompletion(), NtQueryKey(), NtQueryMutant(), NtQueryObject(), NtQueryOpenSubKeys(), NtQueryPerformanceCounter(), NtQuerySection(), NtQuerySecurityObject(), NtQuerySemaphore(), NtQuerySymbolicLinkObject(), NtQuerySystemEnvironmentValue(), NtQuerySystemInformation(), NtQuerySystemTime(), NtQueryTimer(), NtQueryTimerResolution(), NtQueryValueKey(), NtQueryVirtualMemory(), NtQueryVolumeInformationFile(), NtRaiseHardError(), NtReadFile(), NtReadVirtualMemory(), NtReleaseMutant(), NtReleaseSemaphore(), NtRemoveIoCompletion(), NtRemoveProcessDebug(), NtReplyPort(), NtReplyWaitReceivePortEx(), NtRequestPort(), NtRequestWaitReplyPort(), NtResetEvent(), NtResetWriteWatch(), NtResumeProcess(), NtResumeThread(), NtSaveKeyEx(), NtSaveMergedKeys(), NtSecureConnectPort(), NtSetContextThread(), NtSetDefaultHardErrorPort(), NtSetEvent(), NtSetHighEventPair(), NtSetHighWaitLowEventPair(), NtSetInformationDebugObject(), NtSetInformationFile(), NtSetInformationJobObject(), NtSetInformationObject(), NtSetInformationProcess(), NtSetInformationThread(), NtSetInformationToken(), NtSetLowEventPair(), NtSetLowWaitHighEventPair(), NtSetSecurityObject(), NtSetSystemEnvironmentValue(), NtSetSystemInformation(), NtSetSystemPowerState(), NtSetSystemTime(), NtSetThreadExecutionState(), NtSetTimer(), NtSetTimerResolution(), NtSetValueKey(), NtSetVolumeInformationFile(), NtSignalAndWaitForSingleObject(), NtStartProfile(), NtStopProfile(), NtSuspendProcess(), NtSuspendThread(), NtTerminateJobObject(), NtUnloadKey2(), NtUnlockFile(), NtUnlockVirtualMemory(), NtUnmapViewOfSection(), NtWaitForDebugEvent(), NtWaitForMultipleObjects(), NtWaitForSingleObject(), NtWaitHighEventPair(), NtWaitLowEventPair(), NtWriteFile(), NtWriteVirtualMemory(), ObDuplicateObject(), ObInsertObject(), ObpAllocateObject(), ObpValidateAttributes(), ObSetHandleAttributes(), OpenRemoteDatabase(), PsGetContextThread(), PspCreateProcess(), PspCreateThread(), PspSetPrimaryToken(), PspSetQuotaLimits(), PsSetContextThread(), QSI_DEF(), SeCaptureLuidAndAttributesArray(), SeCaptureObjectTypeList(), SeCaptureSidAndAttributesArray(), SeCheckAuditPrivilege(), SeCheckPrivilegedObject(), SeCopyClientToken(), SepCreateToken(), SepDuplicateToken(), SepImpersonateAnonymousToken(), SepPrivilegeCheck(), SePrivilegeCheck(), SePrivilegePolicyCheck(), SepSinglePrivilegeCheck(), SeReleaseLuidAndAttributesArray(), SeReleaseObjectTypeList(), SeSinglePrivilegeCheck(), SSI_DEF(), WmipOpenGuidForEvents(), and WmipRegisterGuids().

◆ Privileges

◆ SecurityDescriptor

◆ SeExports

◆ SubjectContext

◆ SubjectContextLocked

Definition at line 13 of file sefuncs.h.

Referenced by SeAccessCheck().

◆ SubjectSecurityContext

◆ TransactionId