ReactOS  0.4.15-dev-2720-g5ee0925
sd.c File Reference
#include <ntoskrnl.h>
#include <debug.h>
Include dependency graph for sd.c:

Go to the source code of this file.

Macros

#define NDEBUG
 

Functions

BOOLEAN NTAPI SepInitSDs (VOID)
 
NTSTATUS NTAPI SeSetWorldSecurityDescriptor (SECURITY_INFORMATION SecurityInformation, PISECURITY_DESCRIPTOR SecurityDescriptor, PULONG BufferLength)
 
NTSTATUS NTAPI SepCaptureSecurityQualityOfService (IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, OUT PBOOLEAN Present)
 
VOID NTAPI SepReleaseSecurityQualityOfService (IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
 
static ULONG DetermineSIDSize (PISID Sid, PULONG OutSAC, KPROCESSOR_MODE ProcessorMode)
 
static ULONG DetermineACLSize (PACL Acl, KPROCESSOR_MODE ProcessorMode)
 
NTSTATUS NTAPI SeCaptureSecurityDescriptor (IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
 
 _IRQL_requires_max_ (PASSIVE_LEVEL)
 
NTSTATUS NTAPI SeReleaseSecurityDescriptor (IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN BOOLEAN CaptureIfKernelMode)
 
BOOLEAN NTAPI SeValidSecurityDescriptor (IN ULONG Length, IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
 

Variables

PSECURITY_DESCRIPTOR SePublicDefaultSd = NULL
 
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd = NULL
 
PSECURITY_DESCRIPTOR SePublicOpenSd = NULL
 
PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd = NULL
 
PSECURITY_DESCRIPTOR SeSystemDefaultSd = NULL
 
PSECURITY_DESCRIPTOR SeUnrestrictedSd = NULL
 
PSECURITY_DESCRIPTOR SeSystemAnonymousLogonSd = NULL
 

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 13 of file sd.c.

Function Documentation

◆ _IRQL_requires_max_()

_IRQL_requires_max_ ( PASSIVE_LEVEL  )

Definition at line 630 of file sd.c.

638 {
639  PISECURITY_DESCRIPTOR ObjectSd;
641  PSID Owner = NULL;
642  PSID Group = NULL;
643  PACL Dacl = NULL;
644  PACL Sacl = NULL;
645  ULONG OwnerLength = 0;
646  ULONG GroupLength = 0;
647  ULONG DaclLength = 0;
648  ULONG SaclLength = 0;
650  ULONG_PTR Current;
651  ULONG SdLength;
652 
653  PAGED_CODE();
654 
656 
657  if (*ObjectsSecurityDescriptor == NULL)
658  {
659  if (*Length < sizeof(SECURITY_DESCRIPTOR_RELATIVE))
660  {
663  }
664 
668  return STATUS_SUCCESS;
669  }
670 
671  ObjectSd = *ObjectsSecurityDescriptor;
672 
673  /* Calculate the required security descriptor length */
676  {
677  Owner = SepGetOwnerFromDescriptor(ObjectSd);
678  if (Owner != NULL)
679  {
680  OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
681  Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED);
682  }
683  }
684 
686  {
687  Group = SepGetGroupFromDescriptor(ObjectSd);
688  if (Group != NULL)
689  {
691  Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED);
692  }
693  }
694 
696  (ObjectSd->Control & SE_DACL_PRESENT))
697  {
698  Dacl = SepGetDaclFromDescriptor(ObjectSd);
699  if (Dacl != NULL)
700  {
701  DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
702  }
703 
704  Control |= (ObjectSd->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
705  }
706 
708  (ObjectSd->Control & SE_SACL_PRESENT))
709  {
710  Sacl = SepGetSaclFromDescriptor(ObjectSd);
711  if (Sacl != NULL)
712  {
713  SaclLength = ROUND_UP(Sacl->AclSize, 4);
714  }
715 
716  Control |= (ObjectSd->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
717  }
718 
719  SdLength = OwnerLength + GroupLength + DaclLength +
720  SaclLength + sizeof(SECURITY_DESCRIPTOR_RELATIVE);
721  if (*Length < SdLength)
722  {
723  *Length = SdLength;
725  }
726 
727  /* Build the new security descrtiptor */
730  RelSD->Control = Control;
731 
732  Current = (ULONG_PTR)(RelSD + 1);
733 
734  if (OwnerLength != 0)
735  {
736  RtlCopyMemory((PVOID)Current,
737  Owner,
738  OwnerLength);
739  RelSD->Owner = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
740  Current += OwnerLength;
741  }
742 
743  if (GroupLength != 0)
744  {
745  RtlCopyMemory((PVOID)Current,
746  Group,
747  GroupLength);
748  RelSD->Group = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
749  Current += GroupLength;
750  }
751 
752  if (DaclLength != 0)
753  {
754  RtlCopyMemory((PVOID)Current,
755  Dacl,
756  DaclLength);
757  RelSD->Dacl = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
758  Current += DaclLength;
759  }
760 
761  if (SaclLength != 0)
762  {
763  RtlCopyMemory((PVOID)Current,
764  Sacl,
765  SaclLength);
766  RelSD->Sacl = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
767  Current += SaclLength;
768  }
769 
770  *Length = SdLength;
771 
772  return STATUS_SUCCESS;
773 }
#define SE_SACL_PRESENT
Definition: setypes.h:769
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
#define SE_SELF_RELATIVE
Definition: setypes.h:780
#define ROUND_UP(n, align)
Definition: eventvwr.h:31
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_In_opt_ PSID Group
Definition: rtlfuncs.h:1605
NTSTATUS NTAPI RtlCreateSecurityDescriptorRelative(IN PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor, IN ULONG Revision)
Definition: sd.c:139
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
#define SE_DACL_PRESENT
Definition: setypes.h:767
#define SE_OWNER_DEFAULTED
Definition: setypes.h:765
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
uint32_t ULONG_PTR
Definition: typedefs.h:65
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
WORD SECURITY_DESCRIPTOR_CONTROL
Definition: lsa.idl:37
FORCEINLINE PACL SepGetSaclFromDescriptor(PVOID _Descriptor)
Definition: se.h:98
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
_In_ WDF_WMI_PROVIDER_CONTROL Control
Definition: wdfwmi.h:166
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
#define SE_DACL_DEFAULTED
Definition: setypes.h:768
FORCEINLINE PSID SepGetOwnerFromDescriptor(PVOID _Descriptor)
Definition: se.h:58
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1552
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
#define SE_GROUP_DEFAULTED
Definition: setypes.h:766
FORCEINLINE PSID SepGetGroupFromDescriptor(PVOID _Descriptor)
Definition: se.h:39
FORCEINLINE PACL SepGetDaclFromDescriptor(PVOID _Descriptor)
Definition: se.h:77
SECURITY_DESCRIPTOR_CONTROL Control
Definition: setypes.h:785
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1556
#define NULL
Definition: types.h:112
unsigned int ULONG
Definition: retypes.h:1
#define ULONG_PTR
Definition: config.h:101
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
Definition: rtlfuncs.h:1554
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
_In_ ULONG _In_ CONST SOCKADDR _In_ int GroupLength
Definition: ws2tcpip.h:710
#define STATUS_SUCCESS
Definition: shellext.h:65
#define SE_SACL_DEFAULTED
Definition: setypes.h:770
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
#define PAGED_CODE()

◆ DetermineACLSize()

static ULONG DetermineACLSize ( PACL  Acl,
KPROCESSOR_MODE  ProcessorMode 
)
static

Definition at line 425 of file sd.c.

428 {
429  ULONG Size;
430 
431  if (!Acl) return 0;
432 
433  if (ProcessorMode == KernelMode) return Acl->AclSize;
434 
435  /* Probe the buffers! */
437  ProbeForRead(Acl, Size, sizeof(ULONG));
438 
439  return Size;
440 }
USHORT AclSize
Definition: ms-dtyp.idl:296
IN PVOID IN PVOID IN USHORT IN USHORT Size
Definition: pci.h:361
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
unsigned int ULONG
Definition: retypes.h:1
#define ProbeForReadUshort(Ptr)
Definition: probe.h:63

Referenced by SeCaptureSecurityDescriptor().

◆ DetermineSIDSize()

static ULONG DetermineSIDSize ( PISID  Sid,
PULONG  OutSAC,
KPROCESSOR_MODE  ProcessorMode 
)
static

Definition at line 394 of file sd.c.

398 {
399  ULONG Size;
400 
401  if (!Sid)
402  {
403  *OutSAC = 0;
404  return 0;
405  }
406 
407  if (ProcessorMode != KernelMode)
408  {
409  /* Securely access the buffers! */
411  Size = RtlLengthRequiredSid(*OutSAC);
412  ProbeForRead(Sid, Size, sizeof(ULONG));
413  }
414  else
415  {
416  *OutSAC = Sid->SubAuthorityCount;
417  Size = RtlLengthRequiredSid(*OutSAC);
418  }
419 
420  return Size;
421 }
#define ProbeForReadUchar(Ptr)
Definition: probe.h:61
IN PVOID IN PVOID IN USHORT IN USHORT Size
Definition: pci.h:361
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
unsigned int ULONG
Definition: retypes.h:1
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54

Referenced by SeCaptureSecurityDescriptor().

◆ SeCaptureSecurityDescriptor()

NTSTATUS NTAPI SeCaptureSecurityDescriptor ( IN PSECURITY_DESCRIPTOR  _OriginalSecurityDescriptor,
IN KPROCESSOR_MODE  CurrentMode,
IN POOL_TYPE  PoolType,
IN BOOLEAN  CaptureIfKernel,
OUT PSECURITY_DESCRIPTOR CapturedSecurityDescriptor 
)

Definition at line 444 of file sd.c.

450 {
451  PISECURITY_DESCRIPTOR OriginalDescriptor = _OriginalSecurityDescriptor;
452  SECURITY_DESCRIPTOR DescriptorCopy;
454  ULONG OwnerSAC = 0, GroupSAC = 0;
455  ULONG OwnerSize = 0, GroupSize = 0;
456  ULONG SaclSize = 0, DaclSize = 0;
457  ULONG DescriptorSize = 0;
458  ULONG Offset;
459 
460  if (!OriginalDescriptor)
461  {
462  /* Nothing to do... */
463  *CapturedSecurityDescriptor = NULL;
464  return STATUS_SUCCESS;
465  }
466 
467  /* Quick path */
468  if (CurrentMode == KernelMode && !CaptureIfKernel)
469  {
470  /* Check descriptor version */
471  if (OriginalDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
472  {
474  }
475 
476  *CapturedSecurityDescriptor = _OriginalSecurityDescriptor;
477  return STATUS_SUCCESS;
478  }
479 
480  _SEH2_TRY
481  {
482  if (CurrentMode != KernelMode)
483  {
484  ProbeForRead(OriginalDescriptor,
486  sizeof(ULONG));
487  }
488 
489  /* Check the descriptor version */
490  if (OriginalDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
491  {
493  }
494 
495  if (CurrentMode != KernelMode)
496  {
497  /* Get the size of the descriptor */
498  DescriptorSize = (OriginalDescriptor->Control & SE_SELF_RELATIVE) ?
500 
501  /* Probe the entire security descriptor structure. The SIDs
502  * and ACLs will be probed and copied later though */
503  ProbeForRead(OriginalDescriptor, DescriptorSize, sizeof(ULONG));
504  }
505 
506  /* Now capture all fields and convert to an absolute descriptor */
507  DescriptorCopy.Revision = OriginalDescriptor->Revision;
508  DescriptorCopy.Sbz1 = OriginalDescriptor->Sbz1;
509  DescriptorCopy.Control = OriginalDescriptor->Control & ~SE_SELF_RELATIVE;
510  DescriptorCopy.Owner = SepGetOwnerFromDescriptor(OriginalDescriptor);
511  DescriptorCopy.Group = SepGetGroupFromDescriptor(OriginalDescriptor);
512  DescriptorCopy.Sacl = SepGetSaclFromDescriptor(OriginalDescriptor);
513  DescriptorCopy.Dacl = SepGetDaclFromDescriptor(OriginalDescriptor);
514  DescriptorSize = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
515 
516  /* Determine owner and group sizes */
517  OwnerSize = DetermineSIDSize(DescriptorCopy.Owner, &OwnerSAC, CurrentMode);
518  DescriptorSize += ROUND_UP(OwnerSize, sizeof(ULONG));
519  GroupSize = DetermineSIDSize(DescriptorCopy.Group, &GroupSAC, CurrentMode);
520  DescriptorSize += ROUND_UP(GroupSize, sizeof(ULONG));
521 
522  /* Determine the size of the ACLs */
523  if (DescriptorCopy.Control & SE_SACL_PRESENT)
524  {
525  /* Get the size and probe if user mode */
526  SaclSize = DetermineACLSize(DescriptorCopy.Sacl, CurrentMode);
527  DescriptorSize += ROUND_UP(SaclSize, sizeof(ULONG));
528  }
529 
530  if (DescriptorCopy.Control & SE_DACL_PRESENT)
531  {
532  /* Get the size and probe if user mode */
533  DaclSize = DetermineACLSize(DescriptorCopy.Dacl, CurrentMode);
534  DescriptorSize += ROUND_UP(DaclSize, sizeof(ULONG));
535  }
536  }
538  {
540  }
541  _SEH2_END;
542 
543  /*
544  * Allocate enough memory to store a complete copy of a self-relative
545  * security descriptor
546  */
548  DescriptorSize,
549  TAG_SD);
551 
552  RtlZeroMemory(NewDescriptor, DescriptorSize);
553  NewDescriptor->Revision = DescriptorCopy.Revision;
554  NewDescriptor->Sbz1 = DescriptorCopy.Sbz1;
555  NewDescriptor->Control = DescriptorCopy.Control | SE_SELF_RELATIVE;
556 
557  _SEH2_TRY
558  {
559  /*
560  * Setup the offsets and copy the SIDs and ACLs to the new
561  * self-relative security descriptor. Probing the pointers is not
562  * neccessary anymore as we did that when collecting the sizes!
563  * Make sure to validate the SIDs and ACLs *again* as they could have
564  * been modified in the meanwhile!
565  */
567 
568  if (DescriptorCopy.Owner)
569  {
570  if (!RtlValidSid(DescriptorCopy.Owner)) RtlRaiseStatus(STATUS_INVALID_SID);
573  DescriptorCopy.Owner,
574  OwnerSize);
575  Offset += ROUND_UP(OwnerSize, sizeof(ULONG));
576  }
577 
578  if (DescriptorCopy.Group)
579  {
580  if (!RtlValidSid(DescriptorCopy.Group)) RtlRaiseStatus(STATUS_INVALID_SID);
583  DescriptorCopy.Group,
584  GroupSize);
585  Offset += ROUND_UP(GroupSize, sizeof(ULONG));
586  }
587 
588  if (DescriptorCopy.Sacl)
589  {
590  if (!RtlValidAcl(DescriptorCopy.Sacl)) RtlRaiseStatus(STATUS_INVALID_ACL);
593  DescriptorCopy.Sacl,
594  SaclSize);
595  Offset += ROUND_UP(SaclSize, sizeof(ULONG));
596  }
597 
598  if (DescriptorCopy.Dacl)
599  {
600  if (!RtlValidAcl(DescriptorCopy.Dacl)) RtlRaiseStatus(STATUS_INVALID_ACL);
603  DescriptorCopy.Dacl,
604  DaclSize);
605  Offset += ROUND_UP(DaclSize, sizeof(ULONG));
606  }
607 
608  /* Make sure the size was correct */
609  ASSERT(Offset == DescriptorSize);
610  }
612  {
613  /* We failed to copy the data to the new descriptor */
616  }
617  _SEH2_END;
618 
619  /*
620  * We're finally done!
621  * Copy the pointer to the captured descriptor to to the caller.
622  */
623  *CapturedSecurityDescriptor = NewDescriptor;
624  return STATUS_SUCCESS;
625 }
#define SE_SACL_PRESENT
Definition: setypes.h:769
DECLSPEC_NORETURN NTSYSAPI VOID NTAPI RtlRaiseStatus(_In_ NTSTATUS Status)
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define SE_SELF_RELATIVE
Definition: setypes.h:780
#define ROUND_UP(n, align)
Definition: eventvwr.h:31
unsigned char * PUCHAR
Definition: retypes.h:3
#define SE_DACL_PRESENT
Definition: setypes.h:767
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:29
static ULONG DetermineACLSize(PACL Acl, KPROCESSOR_MODE ProcessorMode)
Definition: sd.c:425
_SEH2_TRY
Definition: create.c:4226
FORCEINLINE PACL SepGetSaclFromDescriptor(PVOID _Descriptor)
Definition: se.h:98
NTSYSAPI BOOLEAN NTAPI RtlValidAcl(PACL Acl)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG SaclSize
Definition: rtlfuncs.h:1554
#define STATUS_INVALID_SID
Definition: ntstatus.h:356
#define TAG_SD
Definition: tag.h:176
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
FORCEINLINE PSID SepGetOwnerFromDescriptor(PVOID _Descriptor)
Definition: se.h:58
#define ASSERT(a)
Definition: mode.c:44
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
struct _SECURITY_DESCRIPTOR SECURITY_DESCRIPTOR
FORCEINLINE PSID SepGetGroupFromDescriptor(PVOID _Descriptor)
Definition: se.h:39
_In_ ULONG _In_ ULONG Offset
Definition: ntddpcm.h:101
FORCEINLINE PACL SepGetDaclFromDescriptor(PVOID _Descriptor)
Definition: se.h:77
_SEH2_END
Definition: create.c:4400
#define STATUS_INVALID_ACL
Definition: ntstatus.h:355
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG OwnerSize
Definition: rtlfuncs.h:1556
#define NULL
Definition: types.h:112
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG DaclSize
Definition: rtlfuncs.h:1552
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define STATUS_SUCCESS
Definition: shellext.h:65
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define SECURITY_DESCRIPTOR_REVISION1
Definition: setypes.h:59
#define STATUS_UNKNOWN_REVISION
Definition: ntstatus.h:324
static ULONG DetermineSIDSize(PISID Sid, PULONG OutSAC, KPROCESSOR_MODE ProcessorMode)
Definition: sd.c:394

Referenced by NtAccessCheck(), NtOpenObjectAuditAlarm(), NtSetSecurityObject(), ObpCaptureObjectCreateInformation(), ProbeAndCaptureObjectAttributes(), and SepAccessCheckAndAuditAlarm().

◆ SepCaptureSecurityQualityOfService()

NTSTATUS NTAPI SepCaptureSecurityQualityOfService ( IN POBJECT_ATTRIBUTES ObjectAttributes  OPTIONAL,
IN KPROCESSOR_MODE  AccessMode,
IN POOL_TYPE  PoolType,
IN BOOLEAN  CaptureIfKernel,
OUT PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService,
OUT PBOOLEAN  Present 
)

Definition at line 221 of file sd.c.

227 {
228  PSECURITY_QUALITY_OF_SERVICE CapturedQos;
230 
231  PAGED_CODE();
232 
233  ASSERT(CapturedSecurityQualityOfService);
234  ASSERT(Present);
235 
236  if (ObjectAttributes != NULL)
237  {
238  if (AccessMode != KernelMode)
239  {
241 
242  _SEH2_TRY
243  {
245  sizeof(OBJECT_ATTRIBUTES),
246  sizeof(ULONG));
247  if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
248  {
249  if (ObjectAttributes->SecurityQualityOfService != NULL)
250  {
251  ProbeForRead(ObjectAttributes->SecurityQualityOfService,
253  sizeof(ULONG));
254 
255  if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
257  {
258  /*
259  * Don't allocate memory here because ExAllocate should bugcheck
260  * the system if it's buggy, SEH would catch that! So make a local
261  * copy of the qos structure.
262  */
263  RtlCopyMemory(&SafeQos,
264  ObjectAttributes->SecurityQualityOfService,
266  *Present = TRUE;
267  }
268  else
269  {
271  }
272  }
273  else
274  {
275  *CapturedSecurityQualityOfService = NULL;
276  *Present = FALSE;
277  }
278  }
279  else
280  {
282  }
283  }
285  {
287  }
288  _SEH2_END;
289 
290  if (NT_SUCCESS(Status))
291  {
292  if (*Present)
293  {
294  CapturedQos = ExAllocatePoolWithTag(PoolType,
296  TAG_QOS);
297  if (CapturedQos != NULL)
298  {
299  RtlCopyMemory(CapturedQos,
300  &SafeQos,
302  *CapturedSecurityQualityOfService = CapturedQos;
303  }
304  else
305  {
307  }
308  }
309  else
310  {
311  *CapturedSecurityQualityOfService = NULL;
312  }
313  }
314  }
315  else
316  {
317  if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
318  {
319  if (CaptureIfKernel)
320  {
321  if (ObjectAttributes->SecurityQualityOfService != NULL)
322  {
323  if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
325  {
326  CapturedQos = ExAllocatePoolWithTag(PoolType,
328  TAG_QOS);
329  if (CapturedQos != NULL)
330  {
331  RtlCopyMemory(CapturedQos,
332  ObjectAttributes->SecurityQualityOfService,
334  *CapturedSecurityQualityOfService = CapturedQos;
335  *Present = TRUE;
336  }
337  else
338  {
340  }
341  }
342  else
343  {
345  }
346  }
347  else
348  {
349  *CapturedSecurityQualityOfService = NULL;
350  *Present = FALSE;
351  }
352  }
353  else
354  {
355  *CapturedSecurityQualityOfService = (PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService;
356  *Present = (ObjectAttributes->SecurityQualityOfService != NULL);
357  }
358  }
359  else
360  {
362  }
363  }
364  }
365  else
366  {
367  *CapturedSecurityQualityOfService = NULL;
368  *Present = FALSE;
369  }
370 
371  return Status;
372 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define TRUE
Definition: types.h:120
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
struct _SECURITY_QUALITY_OF_SERVICE * PSECURITY_QUALITY_OF_SERVICE
_SEH2_TRY
Definition: create.c:4226
#define FALSE
Definition: types.h:117
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
Status
Definition: gdiplustypes.h:24
#define ASSERT(a)
Definition: mode.c:44
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
_SEH2_END
Definition: create.c:4400
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
unsigned int ULONG
Definition: retypes.h:1
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define TAG_QOS
Definition: tag.h:177
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define PAGED_CODE()

Referenced by NtDuplicateToken().

◆ SepInitSDs()

BOOLEAN NTAPI SepInitSDs ( VOID  )

Definition at line 31 of file sd.c.

32 {
33  /* Create PublicDefaultSd */
35  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
36  if (SePublicDefaultSd == NULL)
37  return FALSE;
38 
42  TRUE,
44  FALSE);
45 
46  /* Create PublicDefaultUnrestrictedSd */
48  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
50  return FALSE;
51 
55  TRUE,
57  FALSE);
58 
59  /* Create PublicOpenSd */
61  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
62  if (SePublicOpenSd == NULL)
63  return FALSE;
64 
68  TRUE,
70  FALSE);
71 
72  /* Create PublicOpenUnrestrictedSd */
74  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
76  return FALSE;
77 
81  TRUE,
83  FALSE);
84 
85  /* Create SystemDefaultSd */
87  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
88  if (SeSystemDefaultSd == NULL)
89  return FALSE;
90 
94  TRUE,
96  FALSE);
97 
98  /* Create UnrestrictedSd */
100  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
101  if (SeUnrestrictedSd == NULL)
102  return FALSE;
103 
107  TRUE,
109  FALSE);
110 
111  /* Create SystemAnonymousLogonSd */
113  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
115  return FALSE;
116 
120  TRUE,
122  FALSE);
123 
124  return TRUE;
125 }
PACL SePublicDefaultUnrestrictedDacl
Definition: acl.c:20
#define TRUE
Definition: types.h:120
PSECURITY_DESCRIPTOR SePublicDefaultSd
Definition: sd.c:18
PACL SeSystemDefaultDacl
Definition: acl.c:19
PSECURITY_DESCRIPTOR SeUnrestrictedSd
Definition: sd.c:23
NTSTATUS NTAPI RtlCreateSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Revision)
Definition: sd.c:117
PSECURITY_DESCRIPTOR SePublicOpenSd
Definition: sd.c:20
NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN DaclPresent, IN PACL Dacl, IN BOOLEAN DaclDefaulted)
Definition: sd.c:303
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
#define FALSE
Definition: types.h:117
PACL SePublicOpenDacl
Definition: acl.c:21
#define TAG_SD
Definition: tag.h:176
PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
Definition: sd.c:21
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
Definition: sd.c:19
PACL SePublicDefaultDacl
Definition: acl.c:18
#define NULL
Definition: types.h:112
PACL SeUnrestrictedDacl
Definition: acl.c:23
PACL SePublicOpenUnrestrictedDacl
Definition: acl.c:22
PSECURITY_DESCRIPTOR SeSystemAnonymousLogonSd
Definition: sd.c:24
PSECURITY_DESCRIPTOR SeSystemDefaultSd
Definition: sd.c:22
PACL SeSystemAnonymousLogonDacl
Definition: acl.c:24

Referenced by SepInitializationPhase0().

◆ SepReleaseSecurityQualityOfService()

VOID NTAPI SepReleaseSecurityQualityOfService ( IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService  OPTIONAL,
IN KPROCESSOR_MODE  AccessMode,
IN BOOLEAN  CaptureIfKernel 
)

Definition at line 377 of file sd.c.

380 {
381  PAGED_CODE();
382 
383  if (CapturedSecurityQualityOfService != NULL &&
384  (AccessMode != KernelMode || CaptureIfKernel))
385  {
386  ExFreePoolWithTag(CapturedSecurityQualityOfService, TAG_QOS);
387  }
388 }
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
#define NULL
Definition: types.h:112
#define TAG_QOS
Definition: tag.h:177
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define PAGED_CODE()

Referenced by NtDuplicateToken().

◆ SeReleaseSecurityDescriptor()

NTSTATUS NTAPI SeReleaseSecurityDescriptor ( IN PSECURITY_DESCRIPTOR  CapturedSecurityDescriptor,
IN KPROCESSOR_MODE  CurrentMode,
IN BOOLEAN  CaptureIfKernelMode 
)

Definition at line 780 of file sd.c.

783 {
784  PAGED_CODE();
785 
786  /*
787  * WARNING! You need to call this function with the same value for CurrentMode
788  * and CaptureIfKernelMode that you previously passed to
789  * SeCaptureSecurityDescriptor() in order to avoid memory leaks!
790  */
791  if (CapturedSecurityDescriptor != NULL &&
792  (CurrentMode != KernelMode ||
793  (CurrentMode == KernelMode && CaptureIfKernelMode)))
794  {
795  /* Only delete the descriptor when SeCaptureSecurityDescriptor() allocated one! */
796  ExFreePoolWithTag(CapturedSecurityDescriptor, TAG_SD);
797  }
798 
799  return STATUS_SUCCESS;
800 }
#define TAG_SD
Definition: tag.h:176
#define NULL
Definition: types.h:112
#define STATUS_SUCCESS
Definition: shellext.h:65
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define PAGED_CODE()

Referenced by NtAccessCheck(), NtOpenObjectAuditAlarm(), NtSetSecurityObject(), ObInsertObject(), ObpReleaseObjectCreateInformation(), ReleaseCapturedObjectAttributes(), and SepAccessCheckAndAuditAlarm().

◆ SeSetWorldSecurityDescriptor()

NTSTATUS NTAPI SeSetWorldSecurityDescriptor ( SECURITY_INFORMATION  SecurityInformation,
PISECURITY_DESCRIPTOR  SecurityDescriptor,
PULONG  BufferLength 
)

Definition at line 129 of file sd.c.

132 {
133  ULONG Current;
134  ULONG SidSize;
135  ULONG SdSize;
138 
139  DPRINT("SeSetWorldSecurityDescriptor() called\n");
140 
141  if (SecurityInformation == 0)
142  {
143  return STATUS_ACCESS_DENIED;
144  }
145 
146  /* calculate the minimum size of the buffer */
147  SidSize = RtlLengthSid(SeWorldSid);
148  SdSize = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
150  SdSize += SidSize;
152  SdSize += SidSize;
154  {
155  SdSize += sizeof(ACL) + sizeof(ACE) + SidSize;
156  }
157 
158  if (*BufferLength < SdSize)
159  {
160  *BufferLength = SdSize;
162  }
163 
164  *BufferLength = SdSize;
165 
168  if (!NT_SUCCESS(Status))
169  {
170  return Status;
171  }
172 
173  Current = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
174 
176  {
177  RtlCopyMemory((PUCHAR)SdRel + Current, SeWorldSid, SidSize);
178  SdRel->Owner = Current;
179  Current += SidSize;
180  }
181 
183  {
184  RtlCopyMemory((PUCHAR)SdRel + Current, SeWorldSid, SidSize);
185  SdRel->Group = Current;
186  Current += SidSize;
187  }
188 
190  {
191  PACL Dacl = (PACL)((PUCHAR)SdRel + Current);
192  SdRel->Control |= SE_DACL_PRESENT;
193 
195  sizeof(ACL) + sizeof(ACE) + SidSize,
196  ACL_REVISION);
197  if (!NT_SUCCESS(Status))
198  return Status;
199 
201  ACL_REVISION,
202  GENERIC_ALL,
203  SeWorldSid);
204  if (!NT_SUCCESS(Status))
205  return Status;
206 
207  SdRel->Dacl = Current;
208  }
209 
211  {
212  /* FIXME - SdRel->Control |= SE_SACL_PRESENT; */
213  }
214 
215  return STATUS_SUCCESS;
216 }
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
Definition: wdfdevice.h:3767
#define GENERIC_ALL
Definition: nt_native.h:92
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
unsigned char * PUCHAR
Definition: retypes.h:3
LONG NTSTATUS
Definition: precomp.h:26
NTSTATUS NTAPI RtlCreateSecurityDescriptorRelative(IN PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor, IN ULONG Revision)
Definition: sd.c:139
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
#define SE_DACL_PRESENT
Definition: setypes.h:767
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
struct _ACL ACL
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
struct _ACL * PACL
Definition: security.c:104
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1552
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
PSID SeWorldSid
Definition: sid.c:27
SECURITY_DESCRIPTOR_CONTROL Control
Definition: setypes.h:785
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
#define ACL_REVISION
Definition: setypes.h:39
unsigned int ULONG
Definition: retypes.h:1
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define STATUS_SUCCESS
Definition: shellext.h:65
#define DPRINT
Definition: sndvol32.h:71
Definition: rtltypes.h:990
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125

Referenced by IopGetSetSecurityObject().

◆ SeValidSecurityDescriptor()

BOOLEAN NTAPI SeValidSecurityDescriptor ( IN ULONG  Length,
IN PSECURITY_DESCRIPTOR  _SecurityDescriptor 
)

Definition at line 974 of file sd.c.

976 {
977  ULONG SdLength;
978  PISID Sid;
979  PACL Acl;
981 
983  {
984  DPRINT1("Invalid Security Descriptor revision\n");
985  return FALSE;
986  }
987 
989  {
990  DPRINT1("Invalid Security Descriptor revision\n");
991  return FALSE;
992  }
993 
994  if (!(SecurityDescriptor->Control & SE_SELF_RELATIVE))
995  {
996  DPRINT1("No self-relative Security Descriptor\n");
997  return FALSE;
998  }
999 
1000  SdLength = sizeof(SECURITY_DESCRIPTOR);
1001 
1002  /* Check Owner SID */
1003  if (!SecurityDescriptor->Owner)
1004  {
1005  DPRINT1("No Owner SID\n");
1006  return FALSE;
1007  }
1008 
1009  if (SecurityDescriptor->Owner % sizeof(ULONG))
1010  {
1011  DPRINT1("Invalid Owner SID alignment\n");
1012  return FALSE;
1013  }
1014 
1016  if (Sid->Revision != SID_REVISION)
1017  {
1018  DPRINT1("Invalid Owner SID revision\n");
1019  return FALSE;
1020  }
1021 
1022  SdLength += (sizeof(SID) + (Sid->SubAuthorityCount - 1) * sizeof(ULONG));
1023  if (Length < SdLength)
1024  {
1025  DPRINT1("Invalid Owner SID size\n");
1026  return FALSE;
1027  }
1028 
1029  /* Check Group SID */
1030  if (SecurityDescriptor->Group)
1031  {
1032  if (SecurityDescriptor->Group % sizeof(ULONG))
1033  {
1034  DPRINT1("Invalid Group SID alignment\n");
1035  return FALSE;
1036  }
1037 
1039  if (Sid->Revision != SID_REVISION)
1040  {
1041  DPRINT1("Invalid Group SID revision\n");
1042  return FALSE;
1043  }
1044 
1045  SdLength += (sizeof(SID) + (Sid->SubAuthorityCount - 1) * sizeof(ULONG));
1046  if (Length < SdLength)
1047  {
1048  DPRINT1("Invalid Group SID size\n");
1049  return FALSE;
1050  }
1051  }
1052 
1053  /* Check DACL */
1054  if (SecurityDescriptor->Dacl)
1055  {
1056  if (SecurityDescriptor->Dacl % sizeof(ULONG))
1057  {
1058  DPRINT1("Invalid DACL alignment\n");
1059  return FALSE;
1060  }
1061 
1063  if ((Acl->AclRevision < MIN_ACL_REVISION) ||
1064  (Acl->AclRevision > MAX_ACL_REVISION))
1065  {
1066  DPRINT1("Invalid DACL revision\n");
1067  return FALSE;
1068  }
1069 
1070  SdLength += Acl->AclSize;
1071  if (Length < SdLength)
1072  {
1073  DPRINT1("Invalid DACL size\n");
1074  return FALSE;
1075  }
1076  }
1077 
1078  /* Check SACL */
1079  if (SecurityDescriptor->Sacl)
1080  {
1081  if (SecurityDescriptor->Sacl % sizeof(ULONG))
1082  {
1083  DPRINT1("Invalid SACL alignment\n");
1084  return FALSE;
1085  }
1086 
1088  if ((Acl->AclRevision < MIN_ACL_REVISION) ||
1089  (Acl->AclRevision > MAX_ACL_REVISION))
1090  {
1091  DPRINT1("Invalid SACL revision\n");
1092  return FALSE;
1093  }
1094 
1095  SdLength += Acl->AclSize;
1096  if (Length < SdLength)
1097  {
1098  DPRINT1("Invalid SACL size\n");
1099  return FALSE;
1100  }
1101  }
1102 
1103  return TRUE;
1104 }
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
#define SE_SELF_RELATIVE
Definition: setypes.h:780
#define SECURITY_DESCRIPTOR_MIN_LENGTH
Definition: setypes.h:761
struct _SID SID
#define MAX_ACL_REVISION
Definition: setypes.h:47
#define TRUE
Definition: types.h:120
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
USHORT AclSize
Definition: ms-dtyp.idl:296
#define SID_REVISION
Definition: setypes.h:453
uint32_t ULONG_PTR
Definition: typedefs.h:65
#define FALSE
Definition: types.h:117
struct _SID * PISID
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
struct _ACL * PACL
Definition: security.c:104
#define MIN_ACL_REVISION
Definition: setypes.h:46
struct _SID * PSID
Definition: eventlog.c:35
struct _SECURITY_DESCRIPTOR SECURITY_DESCRIPTOR
UCHAR AclRevision
Definition: ms-dtyp.idl:294
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
#define DPRINT1
Definition: precomp.h:8
unsigned int ULONG
Definition: retypes.h:1
BYTE Revision
Definition: ms-dtyp.idl:199
#define SECURITY_DESCRIPTOR_REVISION1
Definition: setypes.h:59

Variable Documentation

◆ SePublicDefaultSd

PSECURITY_DESCRIPTOR SePublicDefaultSd = NULL

◆ SePublicDefaultUnrestrictedSd

PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd = NULL

Definition at line 19 of file sd.c.

Referenced by ExpCreateSystemRootLink(), ObInitSystem(), and SepInitSDs().

◆ SePublicOpenSd

PSECURITY_DESCRIPTOR SePublicOpenSd = NULL

Definition at line 20 of file sd.c.

Referenced by SepInitSDs().

◆ SePublicOpenUnrestrictedSd

PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd = NULL

Definition at line 21 of file sd.c.

Referenced by SepInitSDs().

◆ SeSystemAnonymousLogonSd

PSECURITY_DESCRIPTOR SeSystemAnonymousLogonSd = NULL

Definition at line 24 of file sd.c.

Referenced by SepInitSDs().

◆ SeSystemDefaultSd

PSECURITY_DESCRIPTOR SeSystemDefaultSd = NULL

Definition at line 22 of file sd.c.

Referenced by SepInitSDs().

◆ SeUnrestrictedSd

PSECURITY_DESCRIPTOR SeUnrestrictedSd = NULL

Definition at line 23 of file sd.c.

Referenced by SepInitSDs().