22#define Dbg (DEBUG_TRACE_ACCHKSUP)
31#pragma alloc_text(PAGE, FatCheckFileAccess)
32#pragma alloc_text(PAGE, FatCheckManageVolumeAccess)
33#pragma alloc_text(PAGE, FatCreateRestrictEveryoneToken)
34#pragma alloc_text(PAGE, FatExplicitDeviceAccessGranted)
68 DebugTrace( 0,
Dbg,
"DirentAttributes = %8lx\n", DirentAttributes);
309 EffectiveToken = &
AccessState->SubjectSecurityContext.ClientToken;
311 EffectiveToken = &
AccessState->SubjectSecurityContext.PrimaryToken;
314 OriginalAccessToken = *EffectiveToken;
329 *EffectiveToken = RestrictedAccessToken;
332#pragma prefast( suppress: 28175, "we're a file system, this is ok to touch" )
345 *EffectiveToken = OriginalAccessToken;
401 *RestrictedToken =
NULL;
BOOLEAN NTAPI SeAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext, _In_ BOOLEAN SubjectContextLocked, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK PreviouslyGrantedAccess, _Out_ PPRIVILEGE_SET *Privileges, _In_ PGENERIC_MAPPING GenericMapping, _In_ KPROCESSOR_MODE AccessMode, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access rights can be given to an object depending on the security descrip...
NTSTATUS FatCreateRestrictEveryoneToken(IN PACCESS_TOKEN Token, OUT PACCESS_TOKEN *RestrictedToken)
BOOLEAN FatCheckFileAccess(PIRP_CONTEXT IrpContext, IN UCHAR DirentAttributes, IN PACCESS_MASK DesiredAccess)
NTSTATUS FatExplicitDeviceAccessGranted(IN PIRP_CONTEXT IrpContext, IN PDEVICE_OBJECT DeviceObject, IN PACCESS_STATE AccessState, IN KPROCESSOR_MODE ProcessorMode)
BOOLEAN FatCheckManageVolumeAccess(_In_ PIRP_CONTEXT IrpContext, _In_ PACCESS_STATE AccessState, _In_ KPROCESSOR_MODE ProcessorMode)
#define NT_SUCCESS(StatCode)
#define FAT_DIRENT_ATTR_READ_ONLY
#define FAT_DIRENT_ATTR_VOLUME_ID
#define FAT_DIRENT_ATTR_DIRECTORY
#define FAT_DIRENT_ATTR_DEVICE
#define DebugTrace(INDENT, LEVEL, X, Y)
#define SE_MANAGE_VOLUME_PRIVILEGE
_In_ ACCESS_MASK AccessMask
#define SPECIFIC_RIGHTS_ALL
#define ACCESS_SYSTEM_SECURITY
#define FILE_READ_ATTRIBUTES
#define FILE_LIST_DIRECTORY
ACCESS_MASK * PACCESS_MASK
#define FILE_DELETE_CHILD
#define FILE_WRITE_ATTRIBUTES
#define FILE_ADD_SUBDIRECTORY
#define UNREFERENCED_PARAMETER(P)
#define ARGUMENT_PRESENT(ArgumentPointer)
PGENERIC_MAPPING NTAPI IoGetFileObjectGenericMapping(VOID)
BOOLEAN NTAPI SePrivilegeCheck(_In_ PPRIVILEGE_SET Privileges, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a set of privileges exist and match within a security subject context.
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
VOID NTAPI SeLockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Locks both the referenced primary and client access tokens of a security subject context.
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
VOID NTAPI SeUnlockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Unlocks both the referenced primary and client access tokens of a security subject context.
NTSTATUS NTAPI SeFilterToken(_In_ PACCESS_TOKEN ExistingToken, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PACCESS_TOKEN *FilteredToken)
Filters an access token from an existing token, making it more restricted than the previous one.
_In_ PDEVICE_OBJECT DeviceObject
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
#define ObDereferenceObject
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
#define PRIVILEGE_SET_ALL_NECESSARY