ReactOS 0.4.16-dev-340-g0540c21
|
#include <ntoskrnl.h>
#include <debug.h>
Go to the source code of this file.
Macros | |
#define | NDEBUG |
Functions | |
BOOLEAN NTAPI | SepInitSDs (VOID) |
Initializes the known security descriptors in the system. | |
NTSTATUS NTAPI | SeSetWorldSecurityDescriptor (_In_ SECURITY_INFORMATION SecurityInformation, _In_ PISECURITY_DESCRIPTOR SecurityDescriptor, _In_ PULONG BufferLength) |
Sets a "World" security descriptor. | |
static ULONG | DetermineSIDSize (_In_ PISID Sid, _Inout_ PULONG OutSAC, _In_ KPROCESSOR_MODE ProcessorMode) |
Determines the size of a SID. | |
static ULONG | DetermineACLSize (_In_ PACL Acl, _In_ KPROCESSOR_MODE ProcessorMode) |
Determines the size of an ACL. | |
NTSTATUS NTAPI | SeCaptureSecurityDescriptor (_In_ PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor) |
Captures a security descriptor. | |
_IRQL_requires_max_ (PASSIVE_LEVEL) | |
Queries information details about a security descriptor. | |
NTSTATUS NTAPI | SeReleaseSecurityDescriptor (_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode) |
Releases a captured security descriptor buffer. | |
BOOLEAN NTAPI | SeValidSecurityDescriptor (_In_ ULONG Length, _In_ PSECURITY_DESCRIPTOR _SecurityDescriptor) |
Determines if a security descriptor is valid according to the general security requirements and conditions set by the kernel. | |
_IRQL_requires_max_ | ( | PASSIVE_LEVEL | ) |
Queries information details about a security descriptor.
Computes the quota size of a security descriptor.
Assigns a security descriptor for a new object.
An extended function that assigns a security descriptor for a new object.
Frees a security descriptor.
An extended function that sets new information data to a security descriptor.
Modifies some information data about a security descriptor.
[in] | SecurityInformation | Security information details to be queried from a security descriptor. |
[out] | SecurityDescriptor | The returned security descriptor with security information data. |
[in,out] | Length | The returned length of a security descriptor. |
[in,out] | ObjectsSecurityDescriptor | The returned object security descriptor. |
[in] | Object | If specified, the function will use this arbitrary object that points to an object security descriptor. |
[in] | SecurityInformation | Security information details to be set. |
[in] | SecurityDescriptor | A security descriptor where its info is to be changed. |
[in,out] | ObjectsSecurityDescriptor | The returned pointer to security descriptor objects. |
[in] | PoolType | Pool type for the new security descriptor to allocate. |
[in] | GenericMapping | The generic mapping of access rights masks. |
[in] | Object | If specified, the function will use this arbitrary object that points to an object security descriptor. |
[in] | SecurityInformation | Security information details to be set. |
[in] | SecurityDescriptor | A security descriptor where its info is to be changed. |
[in,out] | ObjectsSecurityDescriptor | The returned pointer to security descriptor objects. |
[in] | AutoInheritFlags | Flags bitmask inheritation, influencing how the security descriptor can be inherited and if it can be in the first place. |
[in] | PoolType | Pool type for the new security descriptor to allocate. |
[in] | GenericMapping | The generic mapping of access rights masks. |
[in] | SecurityDescriptor | A security descriptor to be freed from memory. |
[in] | _ParentDescriptor | A security descriptor of the parent object that is being created. |
[in] | _ExplicitDescriptor | An explicit security descriptor that is applied to a new object. |
[out] | NewDescriptor | The new allocated security descriptor. |
[in] | ObjectType | The type of the new object. |
[in] | IsDirectoryObject | Set this to TRUE if the newly created object is a directory object, otherwise set this to FALSE. |
[in] | AutoInheritFlags | Automatic inheritance flags that influence how access control entries within ACLs from security descriptors are inherited. |
[in] | SubjectContext | Security subject context of the new object. |
[in] | GenericMapping | Generic mapping of access mask rights. |
[in] | PoolType | This parameter is unused. |
[in] | ParentDescriptor | A security descriptor of the parent object that is being created. |
[in] | ExplicitDescriptor | An explicit security descriptor that is applied to a new object. |
[out] | NewDescriptor | The new allocated security descriptor. |
[in] | IsDirectoryObject | Set this to TRUE if the newly created object is a directory object, otherwise set this to FALSE. |
[in] | SubjectContext | Security subject context of the new object. |
[in] | GenericMapping | Generic mapping of access mask rights. |
[in] | PoolType | This parameter is unused. |
[in] | SecurityDescriptor | A security descriptor. |
[out] | QuotaInfoSize | The returned quota size of the given security descriptor to the caller. The function may return 0 to this parameter if the descriptor doesn't have a group or a discretionary access control list (DACL) even. |
Definition at line 596 of file sd.c.
|
static |
Determines the size of an ACL.
[in] | Acl | An access control list where its size is to be determined. |
[in] | ProcessorMode | Processor level access mode. |
Definition at line 336 of file sd.c.
Referenced by SeCaptureSecurityDescriptor().
|
static |
Determines the size of a SID.
[in] | Sid | A security identifier where its size is to be determined. |
[in,out] | OutSAC | The returned sub authority count of the security identifier. |
[in] | ProcessorMode | Processor level access mode. |
Definition at line 290 of file sd.c.
Referenced by SeCaptureSecurityDescriptor().
NTSTATUS NTAPI SeCaptureSecurityDescriptor | ( | _In_ PSECURITY_DESCRIPTOR | _OriginalSecurityDescriptor, |
_In_ KPROCESSOR_MODE | CurrentMode, | ||
_In_ POOL_TYPE | PoolType, | ||
_In_ BOOLEAN | CaptureIfKernel, | ||
_Out_ PSECURITY_DESCRIPTOR * | CapturedSecurityDescriptor | ||
) |
Captures a security descriptor.
[in] | _OriginalSecurityDescriptor | An already existing and valid security descriptor to be captured. |
[in] | CurrentMode | Processor level access mode. |
[in] | PoolType | Pool type to be used when allocating the captured buffer. |
[in] | CaptureIfKernel | Set this to TRUE if capturing is done within the kernel. |
[out] | CapturedSecurityDescriptor | The captured security descriptor. |
Definition at line 386 of file sd.c.
Referenced by NtOpenObjectAuditAlarm(), NtSetSecurityObject(), ObpCaptureObjectCreateInformation(), ProbeAndCaptureObjectAttributes(), SepAccessCheck(), and SepAccessCheckAndAuditAlarm().
Initializes the known security descriptors in the system.
Definition at line 37 of file sd.c.
Referenced by SepInitializationPhase0().
NTSTATUS NTAPI SeReleaseSecurityDescriptor | ( | _In_ PSECURITY_DESCRIPTOR | CapturedSecurityDescriptor, |
_In_ KPROCESSOR_MODE | CurrentMode, | ||
_In_ BOOLEAN | CaptureIfKernelMode | ||
) |
Releases a captured security descriptor buffer.
[in] | CapturedSecurityDescriptor | The captured security descriptor to be freed. |
[in] | CurrentMode | Processor level access mode. |
[in] | CaptureIfKernelMode | Set this to TRUE if the releasing is to be done within the kernel. |
Definition at line 760 of file sd.c.
Referenced by NtOpenObjectAuditAlarm(), NtSetSecurityObject(), ObInsertObject(), ObpReleaseObjectCreateInformation(), ReleaseCapturedObjectAttributes(), SepAccessCheck(), and SepAccessCheckAndAuditAlarm().
NTSTATUS NTAPI SeSetWorldSecurityDescriptor | ( | _In_ SECURITY_INFORMATION | SecurityInformation, |
_In_ PISECURITY_DESCRIPTOR | SecurityDescriptor, | ||
_In_ PULONG | BufferLength | ||
) |
Sets a "World" security descriptor.
[in] | SecurityInformation | Security information details, alongside with the security descriptor to set the World SD. |
[in] | SecurityDescriptor | A security descriptor buffer. |
[in] | BufferLength | Length size of the buffer. |
Definition at line 155 of file sd.c.
Referenced by IopGetSetSecurityObject().
BOOLEAN NTAPI SeValidSecurityDescriptor | ( | _In_ ULONG | Length, |
_In_ PSECURITY_DESCRIPTOR | _SecurityDescriptor | ||
) |
Determines if a security descriptor is valid according to the general security requirements and conditions set by the kernel.
[in] | Length | The length of a security descriptor. |
[in] | _SecurityDescriptor | A security descriptor where its properties are to be checked for validity. |
Definition at line 1027 of file sd.c.
PSECURITY_DESCRIPTOR SePublicDefaultSd = NULL |
Definition at line 16 of file sd.c.
Referenced by ExpInitializeCallbacks(), IoCreateSymbolicLink(), SepInitializationPhase1(), and SepInitSDs().
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd = NULL |
Definition at line 17 of file sd.c.
Referenced by ExpCreateSystemRootLink(), ObInitSystem(), and SepInitSDs().
PSECURITY_DESCRIPTOR SePublicOpenSd = NULL |
Definition at line 18 of file sd.c.
Referenced by SepInitSDs().
PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd = NULL |
Definition at line 19 of file sd.c.
Referenced by SepInitSDs().
PSECURITY_DESCRIPTOR SeSystemAnonymousLogonSd = NULL |
Definition at line 22 of file sd.c.
Referenced by SepInitSDs().
PSECURITY_DESCRIPTOR SeSystemDefaultSd = NULL |
Definition at line 20 of file sd.c.
Referenced by SepInitSDs().
PSECURITY_DESCRIPTOR SeUnrestrictedSd = NULL |
Definition at line 21 of file sd.c.
Referenced by SepInitSDs().