ReactOS  0.4.15-dev-1389-g828d5fa
sd.c File Reference
#include <ntoskrnl.h>
#include <debug.h>
Include dependency graph for sd.c:

Go to the source code of this file.

Macros

#define NDEBUG
 

Functions

BOOLEAN NTAPI SepInitSDs (VOID)
 
NTSTATUS NTAPI SeSetWorldSecurityDescriptor (SECURITY_INFORMATION SecurityInformation, PISECURITY_DESCRIPTOR SecurityDescriptor, PULONG BufferLength)
 
NTSTATUS NTAPI SepCaptureSecurityQualityOfService (IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, OUT PBOOLEAN Present)
 
VOID NTAPI SepReleaseSecurityQualityOfService (IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
 
static ULONG DetermineSIDSize (PISID Sid, PULONG OutSAC, KPROCESSOR_MODE ProcessorMode)
 
static ULONG DetermineACLSize (PACL Acl, KPROCESSOR_MODE ProcessorMode)
 
NTSTATUS NTAPI SeCaptureSecurityDescriptor (IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
 
 _IRQL_requires_max_ (PASSIVE_LEVEL)
 
NTSTATUS NTAPI SeReleaseSecurityDescriptor (IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN BOOLEAN CaptureIfKernelMode)
 
BOOLEAN NTAPI SeValidSecurityDescriptor (IN ULONG Length, IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
 

Variables

PSECURITY_DESCRIPTOR SePublicDefaultSd = NULL
 
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd = NULL
 
PSECURITY_DESCRIPTOR SePublicOpenSd = NULL
 
PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd = NULL
 
PSECURITY_DESCRIPTOR SeSystemDefaultSd = NULL
 
PSECURITY_DESCRIPTOR SeUnrestrictedSd = NULL
 

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 13 of file sd.c.

Function Documentation

◆ _IRQL_requires_max_()

_IRQL_requires_max_ ( PASSIVE_LEVEL  )

Definition at line 616 of file sd.c.

624 {
625  PISECURITY_DESCRIPTOR ObjectSd;
627  PSID Owner = NULL;
628  PSID Group = NULL;
629  PACL Dacl = NULL;
630  PACL Sacl = NULL;
631  ULONG OwnerLength = 0;
632  ULONG GroupLength = 0;
633  ULONG DaclLength = 0;
634  ULONG SaclLength = 0;
636  ULONG_PTR Current;
637  ULONG SdLength;
638 
639  PAGED_CODE();
640 
642 
643  if (*ObjectsSecurityDescriptor == NULL)
644  {
645  if (*Length < sizeof(SECURITY_DESCRIPTOR_RELATIVE))
646  {
649  }
650 
654  return STATUS_SUCCESS;
655  }
656 
657  ObjectSd = *ObjectsSecurityDescriptor;
658 
659  /* Calculate the required security descriptor length */
662  {
663  Owner = SepGetOwnerFromDescriptor(ObjectSd);
664  if (Owner != NULL)
665  {
666  OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
667  Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED);
668  }
669  }
670 
672  {
673  Group = SepGetGroupFromDescriptor(ObjectSd);
674  if (Group != NULL)
675  {
677  Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED);
678  }
679  }
680 
682  (ObjectSd->Control & SE_DACL_PRESENT))
683  {
684  Dacl = SepGetDaclFromDescriptor(ObjectSd);
685  if (Dacl != NULL)
686  {
687  DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
688  }
689 
690  Control |= (ObjectSd->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
691  }
692 
694  (ObjectSd->Control & SE_SACL_PRESENT))
695  {
696  Sacl = SepGetSaclFromDescriptor(ObjectSd);
697  if (Sacl != NULL)
698  {
699  SaclLength = ROUND_UP(Sacl->AclSize, 4);
700  }
701 
702  Control |= (ObjectSd->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
703  }
704 
705  SdLength = OwnerLength + GroupLength + DaclLength +
706  SaclLength + sizeof(SECURITY_DESCRIPTOR_RELATIVE);
707  if (*Length < SdLength)
708  {
709  *Length = SdLength;
711  }
712 
713  /* Build the new security descrtiptor */
716  RelSD->Control = Control;
717 
718  Current = (ULONG_PTR)(RelSD + 1);
719 
720  if (OwnerLength != 0)
721  {
722  RtlCopyMemory((PVOID)Current,
723  Owner,
724  OwnerLength);
725  RelSD->Owner = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
726  Current += OwnerLength;
727  }
728 
729  if (GroupLength != 0)
730  {
731  RtlCopyMemory((PVOID)Current,
732  Group,
733  GroupLength);
734  RelSD->Group = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
735  Current += GroupLength;
736  }
737 
738  if (DaclLength != 0)
739  {
740  RtlCopyMemory((PVOID)Current,
741  Dacl,
742  DaclLength);
743  RelSD->Dacl = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
744  Current += DaclLength;
745  }
746 
747  if (SaclLength != 0)
748  {
749  RtlCopyMemory((PVOID)Current,
750  Sacl,
751  SaclLength);
752  RelSD->Sacl = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
753  Current += SaclLength;
754  }
755 
756  *Length = SdLength;
757 
758  return STATUS_SUCCESS;
759 }
#define SE_SACL_PRESENT
Definition: setypes.h:769
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
#define SE_SELF_RELATIVE
Definition: setypes.h:780
#define ROUND_UP(n, align)
Definition: eventvwr.h:31
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_In_opt_ PSID Group
Definition: rtlfuncs.h:1605
NTSTATUS NTAPI RtlCreateSecurityDescriptorRelative(IN PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor, IN ULONG Revision)
Definition: sd.c:139
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
#define SE_DACL_PRESENT
Definition: setypes.h:767
#define SE_OWNER_DEFAULTED
Definition: setypes.h:765
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
uint32_t ULONG_PTR
Definition: typedefs.h:65
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
WORD SECURITY_DESCRIPTOR_CONTROL
Definition: lsa.idl:37
FORCEINLINE PACL SepGetSaclFromDescriptor(PVOID _Descriptor)
Definition: se.h:88
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
_In_ WDF_WMI_PROVIDER_CONTROL Control
Definition: wdfwmi.h:166
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
#define SE_DACL_DEFAULTED
Definition: setypes.h:768
FORCEINLINE PSID SepGetOwnerFromDescriptor(PVOID _Descriptor)
Definition: se.h:48
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1552
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
#define SE_GROUP_DEFAULTED
Definition: setypes.h:766
FORCEINLINE PSID SepGetGroupFromDescriptor(PVOID _Descriptor)
Definition: se.h:29
FORCEINLINE PACL SepGetDaclFromDescriptor(PVOID _Descriptor)
Definition: se.h:67
SECURITY_DESCRIPTOR_CONTROL Control
Definition: setypes.h:785
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1556
#define NULL
Definition: types.h:112
unsigned int ULONG
Definition: retypes.h:1
#define ULONG_PTR
Definition: config.h:101
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
Definition: rtlfuncs.h:1554
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
_In_ ULONG _In_ CONST SOCKADDR _In_ int GroupLength
Definition: ws2tcpip.h:710
#define STATUS_SUCCESS
Definition: shellext.h:65
#define SE_SACL_DEFAULTED
Definition: setypes.h:770
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
#define PAGED_CODE()

◆ DetermineACLSize()

static ULONG DetermineACLSize ( PACL  Acl,
KPROCESSOR_MODE  ProcessorMode 
)
static

Definition at line 411 of file sd.c.

414 {
415  ULONG Size;
416 
417  if (!Acl) return 0;
418 
419  if (ProcessorMode == KernelMode) return Acl->AclSize;
420 
421  /* Probe the buffers! */
423  ProbeForRead(Acl, Size, sizeof(ULONG));
424 
425  return Size;
426 }
USHORT AclSize
Definition: ms-dtyp.idl:296
IN PVOID IN PVOID IN USHORT IN USHORT Size
Definition: pci.h:361
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
unsigned int ULONG
Definition: retypes.h:1
#define ProbeForReadUshort(Ptr)
Definition: probe.h:63

Referenced by SeCaptureSecurityDescriptor().

◆ DetermineSIDSize()

static ULONG DetermineSIDSize ( PISID  Sid,
PULONG  OutSAC,
KPROCESSOR_MODE  ProcessorMode 
)
static

Definition at line 380 of file sd.c.

384 {
385  ULONG Size;
386 
387  if (!Sid)
388  {
389  *OutSAC = 0;
390  return 0;
391  }
392 
393  if (ProcessorMode != KernelMode)
394  {
395  /* Securely access the buffers! */
397  Size = RtlLengthRequiredSid(*OutSAC);
398  ProbeForRead(Sid, Size, sizeof(ULONG));
399  }
400  else
401  {
402  *OutSAC = Sid->SubAuthorityCount;
403  Size = RtlLengthRequiredSid(*OutSAC);
404  }
405 
406  return Size;
407 }
#define ProbeForReadUchar(Ptr)
Definition: probe.h:61
IN PVOID IN PVOID IN USHORT IN USHORT Size
Definition: pci.h:361
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
unsigned int ULONG
Definition: retypes.h:1
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54

Referenced by SeCaptureSecurityDescriptor().

◆ SeCaptureSecurityDescriptor()

NTSTATUS NTAPI SeCaptureSecurityDescriptor ( IN PSECURITY_DESCRIPTOR  _OriginalSecurityDescriptor,
IN KPROCESSOR_MODE  CurrentMode,
IN POOL_TYPE  PoolType,
IN BOOLEAN  CaptureIfKernel,
OUT PSECURITY_DESCRIPTOR CapturedSecurityDescriptor 
)

Definition at line 430 of file sd.c.

436 {
437  PISECURITY_DESCRIPTOR OriginalDescriptor = _OriginalSecurityDescriptor;
438  SECURITY_DESCRIPTOR DescriptorCopy;
440  ULONG OwnerSAC = 0, GroupSAC = 0;
441  ULONG OwnerSize = 0, GroupSize = 0;
442  ULONG SaclSize = 0, DaclSize = 0;
443  ULONG DescriptorSize = 0;
444  ULONG Offset;
445 
446  if (!OriginalDescriptor)
447  {
448  /* Nothing to do... */
449  *CapturedSecurityDescriptor = NULL;
450  return STATUS_SUCCESS;
451  }
452 
453  /* Quick path */
454  if (CurrentMode == KernelMode && !CaptureIfKernel)
455  {
456  /* Check descriptor version */
457  if (OriginalDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
458  {
460  }
461 
462  *CapturedSecurityDescriptor = _OriginalSecurityDescriptor;
463  return STATUS_SUCCESS;
464  }
465 
466  _SEH2_TRY
467  {
468  if (CurrentMode != KernelMode)
469  {
470  ProbeForRead(OriginalDescriptor,
472  sizeof(ULONG));
473  }
474 
475  /* Check the descriptor version */
476  if (OriginalDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
477  {
479  }
480 
481  if (CurrentMode != KernelMode)
482  {
483  /* Get the size of the descriptor */
484  DescriptorSize = (OriginalDescriptor->Control & SE_SELF_RELATIVE) ?
486 
487  /* Probe the entire security descriptor structure. The SIDs
488  * and ACLs will be probed and copied later though */
489  ProbeForRead(OriginalDescriptor, DescriptorSize, sizeof(ULONG));
490  }
491 
492  /* Now capture all fields and convert to an absolute descriptor */
493  DescriptorCopy.Revision = OriginalDescriptor->Revision;
494  DescriptorCopy.Sbz1 = OriginalDescriptor->Sbz1;
495  DescriptorCopy.Control = OriginalDescriptor->Control & ~SE_SELF_RELATIVE;
496  DescriptorCopy.Owner = SepGetOwnerFromDescriptor(OriginalDescriptor);
497  DescriptorCopy.Group = SepGetGroupFromDescriptor(OriginalDescriptor);
498  DescriptorCopy.Sacl = SepGetSaclFromDescriptor(OriginalDescriptor);
499  DescriptorCopy.Dacl = SepGetDaclFromDescriptor(OriginalDescriptor);
500  DescriptorSize = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
501 
502  /* Determine owner and group sizes */
503  OwnerSize = DetermineSIDSize(DescriptorCopy.Owner, &OwnerSAC, CurrentMode);
504  DescriptorSize += ROUND_UP(OwnerSize, sizeof(ULONG));
505  GroupSize = DetermineSIDSize(DescriptorCopy.Group, &GroupSAC, CurrentMode);
506  DescriptorSize += ROUND_UP(GroupSize, sizeof(ULONG));
507 
508  /* Determine the size of the ACLs */
509  if (DescriptorCopy.Control & SE_SACL_PRESENT)
510  {
511  /* Get the size and probe if user mode */
512  SaclSize = DetermineACLSize(DescriptorCopy.Sacl, CurrentMode);
513  DescriptorSize += ROUND_UP(SaclSize, sizeof(ULONG));
514  }
515 
516  if (DescriptorCopy.Control & SE_DACL_PRESENT)
517  {
518  /* Get the size and probe if user mode */
519  DaclSize = DetermineACLSize(DescriptorCopy.Dacl, CurrentMode);
520  DescriptorSize += ROUND_UP(DaclSize, sizeof(ULONG));
521  }
522  }
524  {
526  }
527  _SEH2_END;
528 
529  /*
530  * Allocate enough memory to store a complete copy of a self-relative
531  * security descriptor
532  */
534  DescriptorSize,
535  TAG_SD);
537 
538  RtlZeroMemory(NewDescriptor, DescriptorSize);
539  NewDescriptor->Revision = DescriptorCopy.Revision;
540  NewDescriptor->Sbz1 = DescriptorCopy.Sbz1;
541  NewDescriptor->Control = DescriptorCopy.Control | SE_SELF_RELATIVE;
542 
543  _SEH2_TRY
544  {
545  /*
546  * Setup the offsets and copy the SIDs and ACLs to the new
547  * self-relative security descriptor. Probing the pointers is not
548  * neccessary anymore as we did that when collecting the sizes!
549  * Make sure to validate the SIDs and ACLs *again* as they could have
550  * been modified in the meanwhile!
551  */
553 
554  if (DescriptorCopy.Owner)
555  {
556  if (!RtlValidSid(DescriptorCopy.Owner)) RtlRaiseStatus(STATUS_INVALID_SID);
559  DescriptorCopy.Owner,
560  OwnerSize);
561  Offset += ROUND_UP(OwnerSize, sizeof(ULONG));
562  }
563 
564  if (DescriptorCopy.Group)
565  {
566  if (!RtlValidSid(DescriptorCopy.Group)) RtlRaiseStatus(STATUS_INVALID_SID);
569  DescriptorCopy.Group,
570  GroupSize);
571  Offset += ROUND_UP(GroupSize, sizeof(ULONG));
572  }
573 
574  if (DescriptorCopy.Sacl)
575  {
576  if (!RtlValidAcl(DescriptorCopy.Sacl)) RtlRaiseStatus(STATUS_INVALID_ACL);
579  DescriptorCopy.Sacl,
580  SaclSize);
581  Offset += ROUND_UP(SaclSize, sizeof(ULONG));
582  }
583 
584  if (DescriptorCopy.Dacl)
585  {
586  if (!RtlValidAcl(DescriptorCopy.Dacl)) RtlRaiseStatus(STATUS_INVALID_ACL);
589  DescriptorCopy.Dacl,
590  DaclSize);
591  Offset += ROUND_UP(DaclSize, sizeof(ULONG));
592  }
593 
594  /* Make sure the size was correct */
595  ASSERT(Offset == DescriptorSize);
596  }
598  {
599  /* We failed to copy the data to the new descriptor */
602  }
603  _SEH2_END;
604 
605  /*
606  * We're finally done!
607  * Copy the pointer to the captured descriptor to to the caller.
608  */
609  *CapturedSecurityDescriptor = NewDescriptor;
610  return STATUS_SUCCESS;
611 }
#define SE_SACL_PRESENT
Definition: setypes.h:769
DECLSPEC_NORETURN NTSYSAPI VOID NTAPI RtlRaiseStatus(_In_ NTSTATUS Status)
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define SE_SELF_RELATIVE
Definition: setypes.h:780
#define ROUND_UP(n, align)
Definition: eventvwr.h:31
unsigned char * PUCHAR
Definition: retypes.h:3
#define SE_DACL_PRESENT
Definition: setypes.h:767
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:29
static ULONG DetermineACLSize(PACL Acl, KPROCESSOR_MODE ProcessorMode)
Definition: sd.c:411
_SEH2_TRY
Definition: create.c:4226
FORCEINLINE PACL SepGetSaclFromDescriptor(PVOID _Descriptor)
Definition: se.h:88
NTSYSAPI BOOLEAN NTAPI RtlValidAcl(PACL Acl)
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG SaclSize
Definition: rtlfuncs.h:1554
#define STATUS_INVALID_SID
Definition: ntstatus.h:356
#define TAG_SD
Definition: tag.h:176
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
FORCEINLINE PSID SepGetOwnerFromDescriptor(PVOID _Descriptor)
Definition: se.h:48
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
#define ASSERT(a)
Definition: mode.c:45
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
struct _SECURITY_DESCRIPTOR SECURITY_DESCRIPTOR
FORCEINLINE PSID SepGetGroupFromDescriptor(PVOID _Descriptor)
Definition: se.h:29
_In_ ULONG _In_ ULONG Offset
Definition: ntddpcm.h:101
FORCEINLINE PACL SepGetDaclFromDescriptor(PVOID _Descriptor)
Definition: se.h:67
_SEH2_END
Definition: create.c:4400
#define STATUS_INVALID_ACL
Definition: ntstatus.h:355
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG OwnerSize
Definition: rtlfuncs.h:1556
#define NULL
Definition: types.h:112
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG DaclSize
Definition: rtlfuncs.h:1552
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
#define STATUS_SUCCESS
Definition: shellext.h:65
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
#define SECURITY_DESCRIPTOR_REVISION1
Definition: setypes.h:59
#define STATUS_UNKNOWN_REVISION
Definition: ntstatus.h:324
static ULONG DetermineSIDSize(PISID Sid, PULONG OutSAC, KPROCESSOR_MODE ProcessorMode)
Definition: sd.c:380

Referenced by NtAccessCheck(), NtOpenObjectAuditAlarm(), NtSetSecurityObject(), ObpCaptureObjectCreateInformation(), ProbeAndCaptureObjectAttributes(), and SepAccessCheckAndAuditAlarm().

◆ SepCaptureSecurityQualityOfService()

NTSTATUS NTAPI SepCaptureSecurityQualityOfService ( IN POBJECT_ATTRIBUTES ObjectAttributes  OPTIONAL,
IN KPROCESSOR_MODE  AccessMode,
IN POOL_TYPE  PoolType,
IN BOOLEAN  CaptureIfKernel,
OUT PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService,
OUT PBOOLEAN  Present 
)

Definition at line 207 of file sd.c.

213 {
214  PSECURITY_QUALITY_OF_SERVICE CapturedQos;
216 
217  PAGED_CODE();
218 
219  ASSERT(CapturedSecurityQualityOfService);
220  ASSERT(Present);
221 
222  if (ObjectAttributes != NULL)
223  {
224  if (AccessMode != KernelMode)
225  {
227 
228  _SEH2_TRY
229  {
231  sizeof(OBJECT_ATTRIBUTES),
232  sizeof(ULONG));
233  if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
234  {
235  if (ObjectAttributes->SecurityQualityOfService != NULL)
236  {
237  ProbeForRead(ObjectAttributes->SecurityQualityOfService,
239  sizeof(ULONG));
240 
241  if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
243  {
244  /*
245  * Don't allocate memory here because ExAllocate should bugcheck
246  * the system if it's buggy, SEH would catch that! So make a local
247  * copy of the qos structure.
248  */
249  RtlCopyMemory(&SafeQos,
250  ObjectAttributes->SecurityQualityOfService,
252  *Present = TRUE;
253  }
254  else
255  {
257  }
258  }
259  else
260  {
261  *CapturedSecurityQualityOfService = NULL;
262  *Present = FALSE;
263  }
264  }
265  else
266  {
268  }
269  }
271  {
273  }
274  _SEH2_END;
275 
276  if (NT_SUCCESS(Status))
277  {
278  if (*Present)
279  {
280  CapturedQos = ExAllocatePoolWithTag(PoolType,
282  TAG_QOS);
283  if (CapturedQos != NULL)
284  {
285  RtlCopyMemory(CapturedQos,
286  &SafeQos,
288  *CapturedSecurityQualityOfService = CapturedQos;
289  }
290  else
291  {
293  }
294  }
295  else
296  {
297  *CapturedSecurityQualityOfService = NULL;
298  }
299  }
300  }
301  else
302  {
303  if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
304  {
305  if (CaptureIfKernel)
306  {
307  if (ObjectAttributes->SecurityQualityOfService != NULL)
308  {
309  if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
311  {
312  CapturedQos = ExAllocatePoolWithTag(PoolType,
314  TAG_QOS);
315  if (CapturedQos != NULL)
316  {
317  RtlCopyMemory(CapturedQos,
318  ObjectAttributes->SecurityQualityOfService,
320  *CapturedSecurityQualityOfService = CapturedQos;
321  *Present = TRUE;
322  }
323  else
324  {
326  }
327  }
328  else
329  {
331  }
332  }
333  else
334  {
335  *CapturedSecurityQualityOfService = NULL;
336  *Present = FALSE;
337  }
338  }
339  else
340  {
341  *CapturedSecurityQualityOfService = (PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService;
342  *Present = (ObjectAttributes->SecurityQualityOfService != NULL);
343  }
344  }
345  else
346  {
348  }
349  }
350  }
351  else
352  {
353  *CapturedSecurityQualityOfService = NULL;
354  *Present = FALSE;
355  }
356 
357  return Status;
358 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define TRUE
Definition: types.h:120
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
struct _SECURITY_QUALITY_OF_SERVICE * PSECURITY_QUALITY_OF_SERVICE
_SEH2_TRY
Definition: create.c:4226
#define FALSE
Definition: types.h:117
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
Status
Definition: gdiplustypes.h:24
#define ASSERT(a)
Definition: mode.c:45
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
_SEH2_END
Definition: create.c:4400
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
unsigned int ULONG
Definition: retypes.h:1
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define TAG_QOS
Definition: tag.h:177
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
#define PAGED_CODE()

Referenced by NtDuplicateToken().

◆ SepInitSDs()

BOOLEAN NTAPI SepInitSDs ( VOID  )

Definition at line 30 of file sd.c.

31 {
32  /* Create PublicDefaultSd */
34  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
35  if (SePublicDefaultSd == NULL)
36  return FALSE;
37 
41  TRUE,
43  FALSE);
44 
45  /* Create PublicDefaultUnrestrictedSd */
47  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
49  return FALSE;
50 
54  TRUE,
56  FALSE);
57 
58  /* Create PublicOpenSd */
60  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
61  if (SePublicOpenSd == NULL)
62  return FALSE;
63 
67  TRUE,
69  FALSE);
70 
71  /* Create PublicOpenUnrestrictedSd */
73  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
75  return FALSE;
76 
80  TRUE,
82  FALSE);
83 
84  /* Create SystemDefaultSd */
86  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
87  if (SeSystemDefaultSd == NULL)
88  return FALSE;
89 
93  TRUE,
95  FALSE);
96 
97  /* Create UnrestrictedSd */
99  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
100  if (SeUnrestrictedSd == NULL)
101  return FALSE;
102 
106  TRUE,
108  FALSE);
109 
110  return TRUE;
111 }
PACL SePublicDefaultUnrestrictedDacl
Definition: acl.c:20
#define TRUE
Definition: types.h:120
PSECURITY_DESCRIPTOR SePublicDefaultSd
Definition: sd.c:18
PACL SeSystemDefaultDacl
Definition: acl.c:19
PSECURITY_DESCRIPTOR SeUnrestrictedSd
Definition: sd.c:23
NTSTATUS NTAPI RtlCreateSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Revision)
Definition: sd.c:117
PSECURITY_DESCRIPTOR SePublicOpenSd
Definition: sd.c:20
NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN DaclPresent, IN PACL Dacl, IN BOOLEAN DaclDefaulted)
Definition: sd.c:303
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
#define FALSE
Definition: types.h:117
PACL SePublicOpenDacl
Definition: acl.c:21
#define TAG_SD
Definition: tag.h:176
PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
Definition: sd.c:21
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
Definition: sd.c:19
PACL SePublicDefaultDacl
Definition: acl.c:18
#define NULL
Definition: types.h:112
PACL SeUnrestrictedDacl
Definition: acl.c:23
PACL SePublicOpenUnrestrictedDacl
Definition: acl.c:22
PSECURITY_DESCRIPTOR SeSystemDefaultSd
Definition: sd.c:22

Referenced by SepInitializationPhase0().

◆ SepReleaseSecurityQualityOfService()

VOID NTAPI SepReleaseSecurityQualityOfService ( IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService  OPTIONAL,
IN KPROCESSOR_MODE  AccessMode,
IN BOOLEAN  CaptureIfKernel 
)

Definition at line 363 of file sd.c.

366 {
367  PAGED_CODE();
368 
369  if (CapturedSecurityQualityOfService != NULL &&
370  (AccessMode != KernelMode || CaptureIfKernel))
371  {
372  ExFreePoolWithTag(CapturedSecurityQualityOfService, TAG_QOS);
373  }
374 }
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
#define NULL
Definition: types.h:112
#define TAG_QOS
Definition: tag.h:177
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define PAGED_CODE()

Referenced by NtDuplicateToken().

◆ SeReleaseSecurityDescriptor()

NTSTATUS NTAPI SeReleaseSecurityDescriptor ( IN PSECURITY_DESCRIPTOR  CapturedSecurityDescriptor,
IN KPROCESSOR_MODE  CurrentMode,
IN BOOLEAN  CaptureIfKernelMode 
)

Definition at line 766 of file sd.c.

769 {
770  PAGED_CODE();
771 
772  /*
773  * WARNING! You need to call this function with the same value for CurrentMode
774  * and CaptureIfKernelMode that you previously passed to
775  * SeCaptureSecurityDescriptor() in order to avoid memory leaks!
776  */
777  if (CapturedSecurityDescriptor != NULL &&
778  (CurrentMode != KernelMode ||
779  (CurrentMode == KernelMode && CaptureIfKernelMode)))
780  {
781  /* Only delete the descriptor when SeCaptureSecurityDescriptor() allocated one! */
782  ExFreePoolWithTag(CapturedSecurityDescriptor, TAG_SD);
783  }
784 
785  return STATUS_SUCCESS;
786 }
#define TAG_SD
Definition: tag.h:176
#define NULL
Definition: types.h:112
#define STATUS_SUCCESS
Definition: shellext.h:65
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define PAGED_CODE()

Referenced by NtAccessCheck(), NtOpenObjectAuditAlarm(), NtSetSecurityObject(), ObInsertObject(), ObpReleaseObjectCreateInformation(), ReleaseCapturedObjectAttributes(), and SepAccessCheckAndAuditAlarm().

◆ SeSetWorldSecurityDescriptor()

NTSTATUS NTAPI SeSetWorldSecurityDescriptor ( SECURITY_INFORMATION  SecurityInformation,
PISECURITY_DESCRIPTOR  SecurityDescriptor,
PULONG  BufferLength 
)

Definition at line 115 of file sd.c.

118 {
119  ULONG Current;
120  ULONG SidSize;
121  ULONG SdSize;
124 
125  DPRINT("SeSetWorldSecurityDescriptor() called\n");
126 
127  if (SecurityInformation == 0)
128  {
129  return STATUS_ACCESS_DENIED;
130  }
131 
132  /* calculate the minimum size of the buffer */
133  SidSize = RtlLengthSid(SeWorldSid);
134  SdSize = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
136  SdSize += SidSize;
138  SdSize += SidSize;
140  {
141  SdSize += sizeof(ACL) + sizeof(ACE) + SidSize;
142  }
143 
144  if (*BufferLength < SdSize)
145  {
146  *BufferLength = SdSize;
148  }
149 
150  *BufferLength = SdSize;
151 
154  if (!NT_SUCCESS(Status))
155  {
156  return Status;
157  }
158 
159  Current = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
160 
162  {
163  RtlCopyMemory((PUCHAR)SdRel + Current, SeWorldSid, SidSize);
164  SdRel->Owner = Current;
165  Current += SidSize;
166  }
167 
169  {
170  RtlCopyMemory((PUCHAR)SdRel + Current, SeWorldSid, SidSize);
171  SdRel->Group = Current;
172  Current += SidSize;
173  }
174 
176  {
177  PACL Dacl = (PACL)((PUCHAR)SdRel + Current);
178  SdRel->Control |= SE_DACL_PRESENT;
179 
181  sizeof(ACL) + sizeof(ACE) + SidSize,
182  ACL_REVISION);
183  if (!NT_SUCCESS(Status))
184  return Status;
185 
187  ACL_REVISION,
188  GENERIC_ALL,
189  SeWorldSid);
190  if (!NT_SUCCESS(Status))
191  return Status;
192 
193  SdRel->Dacl = Current;
194  }
195 
197  {
198  /* FIXME - SdRel->Control |= SE_SACL_PRESENT; */
199  }
200 
201  return STATUS_SUCCESS;
202 }
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
Definition: wdfdevice.h:3767
#define GENERIC_ALL
Definition: nt_native.h:92
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
unsigned char * PUCHAR
Definition: retypes.h:3
LONG NTSTATUS
Definition: precomp.h:26
NTSTATUS NTAPI RtlCreateSecurityDescriptorRelative(IN PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor, IN ULONG Revision)
Definition: sd.c:139
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
#define SE_DACL_PRESENT
Definition: setypes.h:767
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
struct _ACL ACL
void DPRINT(...)
Definition: polytest.cpp:61
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
struct _ACL * PACL
Definition: security.c:104
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1552
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
PSID SeWorldSid
Definition: sid.c:27
SECURITY_DESCRIPTOR_CONTROL Control
Definition: setypes.h:785
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
#define ACL_REVISION
Definition: setypes.h:39
unsigned int ULONG
Definition: retypes.h:1
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define STATUS_SUCCESS
Definition: shellext.h:65
Definition: rtltypes.h:990
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125

Referenced by IopGetSetSecurityObject().

◆ SeValidSecurityDescriptor()

BOOLEAN NTAPI SeValidSecurityDescriptor ( IN ULONG  Length,
IN PSECURITY_DESCRIPTOR  _SecurityDescriptor 
)

Definition at line 960 of file sd.c.

962 {
963  ULONG SdLength;
964  PISID Sid;
965  PACL Acl;
967 
969  {
970  DPRINT1("Invalid Security Descriptor revision\n");
971  return FALSE;
972  }
973 
975  {
976  DPRINT1("Invalid Security Descriptor revision\n");
977  return FALSE;
978  }
979 
980  if (!(SecurityDescriptor->Control & SE_SELF_RELATIVE))
981  {
982  DPRINT1("No self-relative Security Descriptor\n");
983  return FALSE;
984  }
985 
986  SdLength = sizeof(SECURITY_DESCRIPTOR);
987 
988  /* Check Owner SID */
989  if (!SecurityDescriptor->Owner)
990  {
991  DPRINT1("No Owner SID\n");
992  return FALSE;
993  }
994 
995  if (SecurityDescriptor->Owner % sizeof(ULONG))
996  {
997  DPRINT1("Invalid Owner SID alignment\n");
998  return FALSE;
999  }
1000 
1002  if (Sid->Revision != SID_REVISION)
1003  {
1004  DPRINT1("Invalid Owner SID revision\n");
1005  return FALSE;
1006  }
1007 
1008  SdLength += (sizeof(SID) + (Sid->SubAuthorityCount - 1) * sizeof(ULONG));
1009  if (Length < SdLength)
1010  {
1011  DPRINT1("Invalid Owner SID size\n");
1012  return FALSE;
1013  }
1014 
1015  /* Check Group SID */
1016  if (SecurityDescriptor->Group)
1017  {
1018  if (SecurityDescriptor->Group % sizeof(ULONG))
1019  {
1020  DPRINT1("Invalid Group SID alignment\n");
1021  return FALSE;
1022  }
1023 
1025  if (Sid->Revision != SID_REVISION)
1026  {
1027  DPRINT1("Invalid Group SID revision\n");
1028  return FALSE;
1029  }
1030 
1031  SdLength += (sizeof(SID) + (Sid->SubAuthorityCount - 1) * sizeof(ULONG));
1032  if (Length < SdLength)
1033  {
1034  DPRINT1("Invalid Group SID size\n");
1035  return FALSE;
1036  }
1037  }
1038 
1039  /* Check DACL */
1040  if (SecurityDescriptor->Dacl)
1041  {
1042  if (SecurityDescriptor->Dacl % sizeof(ULONG))
1043  {
1044  DPRINT1("Invalid DACL alignment\n");
1045  return FALSE;
1046  }
1047 
1049  if ((Acl->AclRevision < MIN_ACL_REVISION) ||
1050  (Acl->AclRevision > MAX_ACL_REVISION))
1051  {
1052  DPRINT1("Invalid DACL revision\n");
1053  return FALSE;
1054  }
1055 
1056  SdLength += Acl->AclSize;
1057  if (Length < SdLength)
1058  {
1059  DPRINT1("Invalid DACL size\n");
1060  return FALSE;
1061  }
1062  }
1063 
1064  /* Check SACL */
1065  if (SecurityDescriptor->Sacl)
1066  {
1067  if (SecurityDescriptor->Sacl % sizeof(ULONG))
1068  {
1069  DPRINT1("Invalid SACL alignment\n");
1070  return FALSE;
1071  }
1072 
1074  if ((Acl->AclRevision < MIN_ACL_REVISION) ||
1075  (Acl->AclRevision > MAX_ACL_REVISION))
1076  {
1077  DPRINT1("Invalid SACL revision\n");
1078  return FALSE;
1079  }
1080 
1081  SdLength += Acl->AclSize;
1082  if (Length < SdLength)
1083  {
1084  DPRINT1("Invalid SACL size\n");
1085  return FALSE;
1086  }
1087  }
1088 
1089  return TRUE;
1090 }
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
#define SE_SELF_RELATIVE
Definition: setypes.h:780
#define SECURITY_DESCRIPTOR_MIN_LENGTH
Definition: setypes.h:761
struct _SID SID
#define MAX_ACL_REVISION
Definition: setypes.h:47
#define TRUE
Definition: types.h:120
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
USHORT AclSize
Definition: ms-dtyp.idl:296
#define SID_REVISION
Definition: setypes.h:453
uint32_t ULONG_PTR
Definition: typedefs.h:65
#define FALSE
Definition: types.h:117
struct _SID * PISID
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
struct _ACL * PACL
Definition: security.c:104
#define MIN_ACL_REVISION
Definition: setypes.h:46
struct _SID * PSID
Definition: eventlog.c:35
struct _SECURITY_DESCRIPTOR SECURITY_DESCRIPTOR
UCHAR AclRevision
Definition: ms-dtyp.idl:294
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
#define DPRINT1
Definition: precomp.h:8
unsigned int ULONG
Definition: retypes.h:1
BYTE Revision
Definition: ms-dtyp.idl:199
#define SECURITY_DESCRIPTOR_REVISION1
Definition: setypes.h:59

Variable Documentation

◆ SePublicDefaultSd

PSECURITY_DESCRIPTOR SePublicDefaultSd = NULL

◆ SePublicDefaultUnrestrictedSd

PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd = NULL

Definition at line 19 of file sd.c.

Referenced by ExpCreateSystemRootLink(), ObInitSystem(), and SepInitSDs().

◆ SePublicOpenSd

PSECURITY_DESCRIPTOR SePublicOpenSd = NULL

Definition at line 20 of file sd.c.

Referenced by SepInitSDs().

◆ SePublicOpenUnrestrictedSd

PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd = NULL

Definition at line 21 of file sd.c.

Referenced by SepInitSDs().

◆ SeSystemDefaultSd

PSECURITY_DESCRIPTOR SeSystemDefaultSd = NULL

Definition at line 22 of file sd.c.

Referenced by SepInitSDs().

◆ SeUnrestrictedSd

PSECURITY_DESCRIPTOR SeUnrestrictedSd = NULL

Definition at line 23 of file sd.c.

Referenced by SepInitSDs().