ReactOS  0.4.14-dev-323-g6fe6a88
sd.c File Reference
#include <ntoskrnl.h>
#include <debug.h>
Include dependency graph for sd.c:

Go to the source code of this file.

Macros

#define NDEBUG
 

Functions

BOOLEAN INIT_FUNCTION NTAPI SepInitSDs (VOID)
 
NTSTATUS NTAPI SeSetWorldSecurityDescriptor (SECURITY_INFORMATION SecurityInformation, PISECURITY_DESCRIPTOR SecurityDescriptor, PULONG BufferLength)
 
NTSTATUS NTAPI SepCaptureSecurityQualityOfService (IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, OUT PBOOLEAN Present)
 
VOID NTAPI SepReleaseSecurityQualityOfService (IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
 
static ULONG DetermineSIDSize (PISID Sid, PULONG OutSAC, KPROCESSOR_MODE ProcessorMode)
 
static ULONG DetermineACLSize (PACL Acl, KPROCESSOR_MODE ProcessorMode)
 
NTSTATUS NTAPI SeCaptureSecurityDescriptor (IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
 
 _IRQL_requires_max_ (PASSIVE_LEVEL)
 
NTSTATUS NTAPI SeReleaseSecurityDescriptor (IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN BOOLEAN CaptureIfKernelMode)
 
BOOLEAN NTAPI SeValidSecurityDescriptor (IN ULONG Length, IN PSECURITY_DESCRIPTOR _SecurityDescriptor)
 

Variables

PSECURITY_DESCRIPTOR SePublicDefaultSd = NULL
 
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd = NULL
 
PSECURITY_DESCRIPTOR SePublicOpenSd = NULL
 
PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd = NULL
 
PSECURITY_DESCRIPTOR SeSystemDefaultSd = NULL
 
PSECURITY_DESCRIPTOR SeUnrestrictedSd = NULL
 

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 13 of file sd.c.

Function Documentation

◆ _IRQL_requires_max_()

_IRQL_requires_max_ ( PASSIVE_LEVEL  )

Definition at line 620 of file sd.c.

628 {
629  PISECURITY_DESCRIPTOR ObjectSd;
631  PSID Owner = NULL;
632  PSID Group = NULL;
633  PACL Dacl = NULL;
634  PACL Sacl = NULL;
635  ULONG OwnerLength = 0;
636  ULONG GroupLength = 0;
637  ULONG DaclLength = 0;
638  ULONG SaclLength = 0;
640  ULONG_PTR Current;
641  ULONG SdLength;
642 
643  PAGED_CODE();
644 
646 
647  if (*ObjectsSecurityDescriptor == NULL)
648  {
649  if (*Length < sizeof(SECURITY_DESCRIPTOR_RELATIVE))
650  {
653  }
654 
658  return STATUS_SUCCESS;
659  }
660 
661  ObjectSd = *ObjectsSecurityDescriptor;
662 
663  /* Calculate the required security descriptor length */
666  (ObjectSd->Owner != NULL))
667  {
668  Owner = (PSID)((ULONG_PTR)ObjectSd->Owner + (ULONG_PTR)ObjectSd);
669  OwnerLength = ROUND_UP(RtlLengthSid(Owner), 4);
670  Control |= (ObjectSd->Control & SE_OWNER_DEFAULTED);
671  }
672 
674  (ObjectSd->Group != NULL))
675  {
676  Group = (PSID)((ULONG_PTR)ObjectSd->Group + (ULONG_PTR)ObjectSd);
678  Control |= (ObjectSd->Control & SE_GROUP_DEFAULTED);
679  }
680 
682  (ObjectSd->Control & SE_DACL_PRESENT))
683  {
684  if (ObjectSd->Dacl != NULL)
685  {
686  Dacl = (PACL)((ULONG_PTR)ObjectSd->Dacl + (ULONG_PTR)ObjectSd);
687  DaclLength = ROUND_UP((ULONG)Dacl->AclSize, 4);
688  }
689 
690  Control |= (ObjectSd->Control & (SE_DACL_DEFAULTED | SE_DACL_PRESENT));
691  }
692 
694  (ObjectSd->Control & SE_SACL_PRESENT))
695  {
696  if (ObjectSd->Sacl != NULL)
697  {
698  Sacl = (PACL)((ULONG_PTR)ObjectSd->Sacl + (ULONG_PTR)ObjectSd);
699  SaclLength = ROUND_UP(Sacl->AclSize, 4);
700  }
701 
702  Control |= (ObjectSd->Control & (SE_SACL_DEFAULTED | SE_SACL_PRESENT));
703  }
704 
705  SdLength = OwnerLength + GroupLength + DaclLength +
706  SaclLength + sizeof(SECURITY_DESCRIPTOR_RELATIVE);
707  if (*Length < SdLength)
708  {
709  *Length = SdLength;
711  }
712 
713  /* Build the new security descrtiptor */
716  RelSD->Control = Control;
717 
718  Current = (ULONG_PTR)(RelSD + 1);
719 
720  if (OwnerLength != 0)
721  {
722  RtlCopyMemory((PVOID)Current,
723  Owner,
724  OwnerLength);
725  RelSD->Owner = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
726  Current += OwnerLength;
727  }
728 
729  if (GroupLength != 0)
730  {
731  RtlCopyMemory((PVOID)Current,
732  Group,
733  GroupLength);
734  RelSD->Group = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
735  Current += GroupLength;
736  }
737 
738  if (DaclLength != 0)
739  {
740  RtlCopyMemory((PVOID)Current,
741  Dacl,
742  DaclLength);
743  RelSD->Dacl = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
744  Current += DaclLength;
745  }
746 
747  if (SaclLength != 0)
748  {
749  RtlCopyMemory((PVOID)Current,
750  Sacl,
751  SaclLength);
752  RelSD->Sacl = (ULONG)(Current - (ULONG_PTR)SecurityDescriptor);
753  Current += SaclLength;
754  }
755 
756  *Length = SdLength;
757 
758  return STATUS_SUCCESS;
759 }
#define SE_SACL_PRESENT
Definition: setypes.h:769
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
#define SE_SELF_RELATIVE
Definition: setypes.h:780
#define ROUND_UP(n, align)
Definition: eventvwr.h:31
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_In_opt_ PSID Group
Definition: rtlfuncs.h:1606
NTSTATUS NTAPI RtlCreateSecurityDescriptorRelative(IN PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor, IN ULONG Revision)
Definition: sd.c:139
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
#define SE_DACL_PRESENT
Definition: setypes.h:767
#define PAGED_CODE()
Definition: video.h:57
#define SE_OWNER_DEFAULTED
Definition: setypes.h:765
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
uint32_t ULONG_PTR
Definition: typedefs.h:63
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
WORD SECURITY_DESCRIPTOR_CONTROL
Definition: lsa.idl:37
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
smooth NULL
Definition: ftsmooth.c:416
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
#define SE_DACL_DEFAULTED
Definition: setypes.h:768
struct _ACL * PACL
Definition: security.c:104
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
struct _SID * PSID
Definition: eventlog.c:35
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1553
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
#define SE_GROUP_DEFAULTED
Definition: setypes.h:766
static const WCHAR Control[]
Definition: interface.c:27
SECURITY_DESCRIPTOR_CONTROL Control
Definition: setypes.h:785
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1557
unsigned int ULONG
Definition: retypes.h:1
#define ULONG_PTR
Definition: config.h:101
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
Definition: rtlfuncs.h:1555
_In_ ULONG _In_ CONST SOCKADDR _In_ int GroupLength
Definition: ws2tcpip.h:710
#define SE_SACL_DEFAULTED
Definition: setypes.h:770
return STATUS_SUCCESS
Definition: btrfs.c:2938
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125

◆ DetermineACLSize()

static ULONG DetermineACLSize ( PACL  Acl,
KPROCESSOR_MODE  ProcessorMode 
)
static

Definition at line 415 of file sd.c.

418 {
419  ULONG Size;
420 
421  if (!Acl) return 0;
422 
423  if (ProcessorMode == KernelMode) return Acl->AclSize;
424 
425  /* Probe the buffers! */
427  ProbeForRead(Acl, Size, sizeof(ULONG));
428 
429  return Size;
430 }
USHORT AclSize
Definition: ms-dtyp.idl:296
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
IN PVOID IN PVOID IN USHORT IN USHORT Size
Definition: pci.h:359
unsigned int ULONG
Definition: retypes.h:1
#define ProbeForReadUshort(Ptr)
Definition: probe.h:63

Referenced by SeCaptureSecurityDescriptor().

◆ DetermineSIDSize()

static ULONG DetermineSIDSize ( PISID  Sid,
PULONG  OutSAC,
KPROCESSOR_MODE  ProcessorMode 
)
static

Definition at line 384 of file sd.c.

388 {
389  ULONG Size;
390 
391  if (!Sid)
392  {
393  *OutSAC = 0;
394  return 0;
395  }
396 
397  if (ProcessorMode != KernelMode)
398  {
399  /* Securely access the buffers! */
401  Size = RtlLengthRequiredSid(*OutSAC);
402  ProbeForRead(Sid, Size, sizeof(ULONG));
403  }
404  else
405  {
406  *OutSAC = Sid->SubAuthorityCount;
407  Size = RtlLengthRequiredSid(*OutSAC);
408  }
409 
410  return Size;
411 }
#define ProbeForReadUchar(Ptr)
Definition: probe.h:61
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1104
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
IN PVOID IN PVOID IN USHORT IN USHORT Size
Definition: pci.h:359
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
unsigned int ULONG
Definition: retypes.h:1
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54

Referenced by SeCaptureSecurityDescriptor().

◆ SeCaptureSecurityDescriptor()

NTSTATUS NTAPI SeCaptureSecurityDescriptor ( IN PSECURITY_DESCRIPTOR  _OriginalSecurityDescriptor,
IN KPROCESSOR_MODE  CurrentMode,
IN POOL_TYPE  PoolType,
IN BOOLEAN  CaptureIfKernel,
OUT PSECURITY_DESCRIPTOR CapturedSecurityDescriptor 
)

Definition at line 434 of file sd.c.

440 {
441  PISECURITY_DESCRIPTOR OriginalDescriptor = _OriginalSecurityDescriptor;
442  SECURITY_DESCRIPTOR DescriptorCopy;
444  ULONG OwnerSAC = 0, GroupSAC = 0;
445  ULONG OwnerSize = 0, GroupSize = 0;
446  ULONG SaclSize = 0, DaclSize = 0;
447  ULONG DescriptorSize = 0;
448  ULONG Offset;
449 
450  if (!OriginalDescriptor)
451  {
452  /* Nothing to do... */
453  *CapturedSecurityDescriptor = NULL;
454  return STATUS_SUCCESS;
455  }
456 
457  /* Quick path */
458  if (CurrentMode == KernelMode && !CaptureIfKernel)
459  {
460  /* Check descriptor version */
461  if (OriginalDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
462  {
464  }
465 
466  *CapturedSecurityDescriptor = _OriginalSecurityDescriptor;
467  return STATUS_SUCCESS;
468  }
469 
470  _SEH2_TRY
471  {
472  if (CurrentMode != KernelMode)
473  {
474  ProbeForRead(OriginalDescriptor,
476  sizeof(ULONG));
477  }
478 
479  /* Check the descriptor version */
480  if (OriginalDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
481  {
483  }
484 
485  if (CurrentMode != KernelMode)
486  {
487  /* Get the size of the descriptor */
488  DescriptorSize = (OriginalDescriptor->Control & SE_SELF_RELATIVE) ?
490 
491  /* Probe the entire security descriptor structure. The SIDs
492  * and ACLs will be probed and copied later though */
493  ProbeForRead(OriginalDescriptor, DescriptorSize, sizeof(ULONG));
494  }
495 
496  /* Now capture all fields and convert to an absolute descriptor */
497  DescriptorCopy.Revision = OriginalDescriptor->Revision;
498  DescriptorCopy.Sbz1 = OriginalDescriptor->Sbz1;
499  DescriptorCopy.Control = OriginalDescriptor->Control & ~SE_SELF_RELATIVE;
500  DescriptorCopy.Owner = SepGetOwnerFromDescriptor(OriginalDescriptor);
501  DescriptorCopy.Group = SepGetGroupFromDescriptor(OriginalDescriptor);
502  DescriptorCopy.Sacl = SepGetSaclFromDescriptor(OriginalDescriptor);
503  DescriptorCopy.Dacl = SepGetDaclFromDescriptor(OriginalDescriptor);
504  DescriptorSize = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
505 
506  /* Determine owner and group sizes */
507  OwnerSize = DetermineSIDSize(DescriptorCopy.Owner, &OwnerSAC, CurrentMode);
508  DescriptorSize += ROUND_UP(OwnerSize, sizeof(ULONG));
509  GroupSize = DetermineSIDSize(DescriptorCopy.Group, &GroupSAC, CurrentMode);
510  DescriptorSize += ROUND_UP(GroupSize, sizeof(ULONG));
511 
512  /* Determine the size of the ACLs */
513  if (DescriptorCopy.Control & SE_SACL_PRESENT)
514  {
515  /* Get the size and probe if user mode */
516  SaclSize = DetermineACLSize(DescriptorCopy.Sacl, CurrentMode);
517  DescriptorSize += ROUND_UP(SaclSize, sizeof(ULONG));
518  }
519 
520  if (DescriptorCopy.Control & SE_DACL_PRESENT)
521  {
522  /* Get the size and probe if user mode */
523  DaclSize = DetermineACLSize(DescriptorCopy.Dacl, CurrentMode);
524  DescriptorSize += ROUND_UP(DaclSize, sizeof(ULONG));
525  }
526  }
528  {
530  }
531  _SEH2_END;
532 
533  /*
534  * Allocate enough memory to store a complete copy of a self-relative
535  * security descriptor
536  */
538  DescriptorSize,
539  TAG_SD);
541 
542  RtlZeroMemory(NewDescriptor, DescriptorSize);
543  NewDescriptor->Revision = DescriptorCopy.Revision;
544  NewDescriptor->Sbz1 = DescriptorCopy.Sbz1;
545  NewDescriptor->Control = DescriptorCopy.Control | SE_SELF_RELATIVE;
546 
547  _SEH2_TRY
548  {
549  /*
550  * Setup the offsets and copy the SIDs and ACLs to the new
551  * self-relative security descriptor. Probing the pointers is not
552  * neccessary anymore as we did that when collecting the sizes!
553  * Make sure to validate the SIDs and ACLs *again* as they could have
554  * been modified in the meanwhile!
555  */
557 
558  if (DescriptorCopy.Owner)
559  {
560  if (!RtlValidSid(DescriptorCopy.Owner)) RtlRaiseStatus(STATUS_INVALID_SID);
563  DescriptorCopy.Owner,
564  OwnerSize);
565  Offset += ROUND_UP(OwnerSize, sizeof(ULONG));
566  }
567 
568  if (DescriptorCopy.Group)
569  {
570  if (!RtlValidSid(DescriptorCopy.Group)) RtlRaiseStatus(STATUS_INVALID_SID);
573  DescriptorCopy.Group,
574  GroupSize);
575  Offset += ROUND_UP(GroupSize, sizeof(ULONG));
576  }
577 
578  if (DescriptorCopy.Sacl)
579  {
580  if (!RtlValidAcl(DescriptorCopy.Sacl)) RtlRaiseStatus(STATUS_INVALID_ACL);
583  DescriptorCopy.Sacl,
584  SaclSize);
585  Offset += ROUND_UP(SaclSize, sizeof(ULONG));
586  }
587 
588  if (DescriptorCopy.Dacl)
589  {
590  if (!RtlValidAcl(DescriptorCopy.Dacl)) RtlRaiseStatus(STATUS_INVALID_ACL);
593  DescriptorCopy.Dacl,
594  DaclSize);
595  Offset += ROUND_UP(DaclSize, sizeof(ULONG));
596  }
597 
598  /* Make sure the size was correct */
599  ASSERT(Offset == DescriptorSize);
600  }
602  {
603  /* We failed to copy the data to the new descriptor */
606  }
607  _SEH2_END;
608 
609  /*
610  * We're finally done!
611  * Copy the pointer to the captured descriptor to to the caller.
612  */
613  *CapturedSecurityDescriptor = NewDescriptor;
614  return STATUS_SUCCESS;
615 }
#define SE_SACL_PRESENT
Definition: setypes.h:769
DECLSPEC_NORETURN NTSYSAPI VOID NTAPI RtlRaiseStatus(_In_ NTSTATUS Status)
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define SE_SELF_RELATIVE
Definition: setypes.h:780
#define ROUND_UP(n, align)
Definition: eventvwr.h:31
unsigned char * PUCHAR
Definition: retypes.h:3
#define SE_DACL_PRESENT
Definition: setypes.h:767
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:29
static ULONG DetermineACLSize(PACL Acl, KPROCESSOR_MODE ProcessorMode)
Definition: sd.c:415
_SEH2_TRY
Definition: create.c:4250
_In_ ULONG _In_ ULONG Offset
Definition: ntddpcm.h:101
FORCEINLINE PACL SepGetSaclFromDescriptor(PVOID _Descriptor)
Definition: se.h:88
NTSYSAPI BOOLEAN NTAPI RtlValidAcl(PACL Acl)
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
smooth NULL
Definition: ftsmooth.c:416
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG SaclSize
Definition: rtlfuncs.h:1555
#define STATUS_INVALID_SID
Definition: ntstatus.h:342
#define TAG_SD
Definition: tag.h:176
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
FORCEINLINE PSID SepGetOwnerFromDescriptor(PVOID _Descriptor)
Definition: se.h:48
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
struct _SECURITY_DESCRIPTOR SECURITY_DESCRIPTOR
FORCEINLINE PSID SepGetGroupFromDescriptor(PVOID _Descriptor)
Definition: se.h:29
FORCEINLINE PACL SepGetDaclFromDescriptor(PVOID _Descriptor)
Definition: se.h:67
_SEH2_END
Definition: create.c:4424
#define STATUS_INVALID_ACL
Definition: ntstatus.h:341
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG OwnerSize
Definition: rtlfuncs.h:1557
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG DaclSize
Definition: rtlfuncs.h:1553
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
return STATUS_SUCCESS
Definition: btrfs.c:2938
_Must_inspect_result_ _In_ FLT_CONTEXT_TYPE _In_ SIZE_T _In_ POOL_TYPE PoolType
Definition: fltkernel.h:1444
#define SECURITY_DESCRIPTOR_REVISION1
Definition: setypes.h:59
#define STATUS_UNKNOWN_REVISION
Definition: ntstatus.h:310
static ULONG DetermineSIDSize(PISID Sid, PULONG OutSAC, KPROCESSOR_MODE ProcessorMode)
Definition: sd.c:384

Referenced by NtAccessCheck(), NtOpenObjectAuditAlarm(), NtSetSecurityObject(), ObpCaptureObjectCreateInformation(), ProbeAndCaptureObjectAttributes(), and SepAccessCheckAndAuditAlarm().

◆ SepCaptureSecurityQualityOfService()

NTSTATUS NTAPI SepCaptureSecurityQualityOfService ( IN POBJECT_ATTRIBUTES ObjectAttributes  OPTIONAL,
IN KPROCESSOR_MODE  AccessMode,
IN POOL_TYPE  PoolType,
IN BOOLEAN  CaptureIfKernel,
OUT PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService,
OUT PBOOLEAN  Present 
)

Definition at line 211 of file sd.c.

217 {
218  PSECURITY_QUALITY_OF_SERVICE CapturedQos;
220 
221  PAGED_CODE();
222 
223  ASSERT(CapturedSecurityQualityOfService);
224  ASSERT(Present);
225 
226  if (ObjectAttributes != NULL)
227  {
228  if (AccessMode != KernelMode)
229  {
231 
232  _SEH2_TRY
233  {
235  sizeof(OBJECT_ATTRIBUTES),
236  sizeof(ULONG));
237  if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
238  {
239  if (ObjectAttributes->SecurityQualityOfService != NULL)
240  {
241  ProbeForRead(ObjectAttributes->SecurityQualityOfService,
243  sizeof(ULONG));
244 
245  if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
247  {
248  /*
249  * Don't allocate memory here because ExAllocate should bugcheck
250  * the system if it's buggy, SEH would catch that! So make a local
251  * copy of the qos structure.
252  */
253  RtlCopyMemory(&SafeQos,
254  ObjectAttributes->SecurityQualityOfService,
256  *Present = TRUE;
257  }
258  else
259  {
261  }
262  }
263  else
264  {
265  *CapturedSecurityQualityOfService = NULL;
266  *Present = FALSE;
267  }
268  }
269  else
270  {
272  }
273  }
275  {
277  }
278  _SEH2_END;
279 
280  if (NT_SUCCESS(Status))
281  {
282  if (*Present)
283  {
284  CapturedQos = ExAllocatePoolWithTag(PoolType,
286  TAG_QOS);
287  if (CapturedQos != NULL)
288  {
289  RtlCopyMemory(CapturedQos,
290  &SafeQos,
292  *CapturedSecurityQualityOfService = CapturedQos;
293  }
294  else
295  {
297  }
298  }
299  else
300  {
301  *CapturedSecurityQualityOfService = NULL;
302  }
303  }
304  }
305  else
306  {
307  if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
308  {
309  if (CaptureIfKernel)
310  {
311  if (ObjectAttributes->SecurityQualityOfService != NULL)
312  {
313  if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
315  {
316  CapturedQos = ExAllocatePoolWithTag(PoolType,
318  TAG_QOS);
319  if (CapturedQos != NULL)
320  {
321  RtlCopyMemory(CapturedQos,
322  ObjectAttributes->SecurityQualityOfService,
324  *CapturedSecurityQualityOfService = CapturedQos;
325  *Present = TRUE;
326  }
327  else
328  {
330  }
331  }
332  else
333  {
335  }
336  }
337  else
338  {
339  *CapturedSecurityQualityOfService = NULL;
340  *Present = FALSE;
341  }
342  }
343  else
344  {
345  *CapturedSecurityQualityOfService = (PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService;
346  *Present = (ObjectAttributes->SecurityQualityOfService != NULL);
347  }
348  }
349  else
350  {
352  }
353  }
354  }
355  else
356  {
357  *CapturedSecurityQualityOfService = NULL;
358  *Present = FALSE;
359  }
360 
361  return Status;
362 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define TRUE
Definition: types.h:120
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
struct _SECURITY_QUALITY_OF_SERVICE * PSECURITY_QUALITY_OF_SERVICE
#define PAGED_CODE()
Definition: video.h:57
_SEH2_TRY
Definition: create.c:4250
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
smooth NULL
Definition: ftsmooth.c:416
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
Status
Definition: gdiplustypes.h:24
_SEH2_END
Definition: create.c:4424
unsigned int ULONG
Definition: retypes.h:1
#define TAG_QOS
Definition: tag.h:177
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
return STATUS_SUCCESS
Definition: btrfs.c:2938
_Must_inspect_result_ _In_ FLT_CONTEXT_TYPE _In_ SIZE_T _In_ POOL_TYPE PoolType
Definition: fltkernel.h:1444

Referenced by NtDuplicateToken().

◆ SepInitSDs()

BOOLEAN INIT_FUNCTION NTAPI SepInitSDs ( VOID  )

Definition at line 34 of file sd.c.

35 {
36  /* Create PublicDefaultSd */
38  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
39  if (SePublicDefaultSd == NULL)
40  return FALSE;
41 
45  TRUE,
47  FALSE);
48 
49  /* Create PublicDefaultUnrestrictedSd */
51  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
53  return FALSE;
54 
58  TRUE,
60  FALSE);
61 
62  /* Create PublicOpenSd */
64  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
65  if (SePublicOpenSd == NULL)
66  return FALSE;
67 
71  TRUE,
73  FALSE);
74 
75  /* Create PublicOpenUnrestrictedSd */
77  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
79  return FALSE;
80 
84  TRUE,
86  FALSE);
87 
88  /* Create SystemDefaultSd */
90  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
91  if (SeSystemDefaultSd == NULL)
92  return FALSE;
93 
97  TRUE,
99  FALSE);
100 
101  /* Create UnrestrictedSd */
103  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
104  if (SeUnrestrictedSd == NULL)
105  return FALSE;
106 
110  TRUE,
112  FALSE);
113 
114  return TRUE;
115 }
#define TRUE
Definition: types.h:120
PACL SePublicDefaultUnrestrictedDacl
Definition: acl.c:24
PSECURITY_DESCRIPTOR SePublicDefaultSd
Definition: sd.c:22
PACL SeSystemDefaultDacl
Definition: acl.c:23
PSECURITY_DESCRIPTOR SeUnrestrictedSd
Definition: sd.c:27
NTSTATUS NTAPI RtlCreateSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Revision)
Definition: sd.c:117
PSECURITY_DESCRIPTOR SePublicOpenSd
Definition: sd.c:24
NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN DaclPresent, IN PACL Dacl, IN BOOLEAN DaclDefaulted)
Definition: sd.c:303
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
PACL SePublicOpenDacl
Definition: acl.c:25
smooth NULL
Definition: ftsmooth.c:416
#define TAG_SD
Definition: tag.h:176
PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
Definition: sd.c:25
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
Definition: sd.c:23
PACL SePublicDefaultDacl
Definition: acl.c:22
PACL SeUnrestrictedDacl
Definition: acl.c:27
PACL SePublicOpenUnrestrictedDacl
Definition: acl.c:26
PSECURITY_DESCRIPTOR SeSystemDefaultSd
Definition: sd.c:26

Referenced by SepInitializationPhase0().

◆ SepReleaseSecurityQualityOfService()

VOID NTAPI SepReleaseSecurityQualityOfService ( IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService  OPTIONAL,
IN KPROCESSOR_MODE  AccessMode,
IN BOOLEAN  CaptureIfKernel 
)

Definition at line 367 of file sd.c.

370 {
371  PAGED_CODE();
372 
373  if (CapturedSecurityQualityOfService != NULL &&
374  (AccessMode != KernelMode || CaptureIfKernel))
375  {
376  ExFreePoolWithTag(CapturedSecurityQualityOfService, TAG_QOS);
377  }
378 }
#define PAGED_CODE()
Definition: video.h:57
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
smooth NULL
Definition: ftsmooth.c:416
#define TAG_QOS
Definition: tag.h:177
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099

Referenced by NtDuplicateToken().

◆ SeReleaseSecurityDescriptor()

NTSTATUS NTAPI SeReleaseSecurityDescriptor ( IN PSECURITY_DESCRIPTOR  CapturedSecurityDescriptor,
IN KPROCESSOR_MODE  CurrentMode,
IN BOOLEAN  CaptureIfKernelMode 
)

Definition at line 766 of file sd.c.

769 {
770  PAGED_CODE();
771 
772  /*
773  * WARNING! You need to call this function with the same value for CurrentMode
774  * and CaptureIfKernelMode that you previously passed to
775  * SeCaptureSecurityDescriptor() in order to avoid memory leaks!
776  */
777  if (CapturedSecurityDescriptor != NULL &&
778  (CurrentMode != KernelMode ||
779  (CurrentMode == KernelMode && CaptureIfKernelMode)))
780  {
781  /* Only delete the descriptor when SeCaptureSecurityDescriptor() allocated one! */
782  ExFreePoolWithTag(CapturedSecurityDescriptor, TAG_SD);
783  }
784 
785  return STATUS_SUCCESS;
786 }
#define PAGED_CODE()
Definition: video.h:57
smooth NULL
Definition: ftsmooth.c:416
#define TAG_SD
Definition: tag.h:176
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
return STATUS_SUCCESS
Definition: btrfs.c:2938

Referenced by NtAccessCheck(), NtOpenObjectAuditAlarm(), NtSetSecurityObject(), ObInsertObject(), ObpReleaseObjectCreateInformation(), ReleaseCapturedObjectAttributes(), and SepAccessCheckAndAuditAlarm().

◆ SeSetWorldSecurityDescriptor()

NTSTATUS NTAPI SeSetWorldSecurityDescriptor ( SECURITY_INFORMATION  SecurityInformation,
PISECURITY_DESCRIPTOR  SecurityDescriptor,
PULONG  BufferLength 
)

Definition at line 119 of file sd.c.

122 {
123  ULONG Current;
124  ULONG SidSize;
125  ULONG SdSize;
128 
129  DPRINT("SeSetWorldSecurityDescriptor() called\n");
130 
131  if (SecurityInformation == 0)
132  {
133  return STATUS_ACCESS_DENIED;
134  }
135 
136  /* calculate the minimum size of the buffer */
137  SidSize = RtlLengthSid(SeWorldSid);
138  SdSize = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
140  SdSize += SidSize;
142  SdSize += SidSize;
144  {
145  SdSize += sizeof(ACL) + sizeof(ACE) + SidSize;
146  }
147 
148  if (*BufferLength < SdSize)
149  {
150  *BufferLength = SdSize;
152  }
153 
154  *BufferLength = SdSize;
155 
158  if (!NT_SUCCESS(Status))
159  {
160  return Status;
161  }
162 
163  Current = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
164 
166  {
167  RtlCopyMemory((PUCHAR)SdRel + Current, SeWorldSid, SidSize);
168  SdRel->Owner = Current;
169  Current += SidSize;
170  }
171 
173  {
174  RtlCopyMemory((PUCHAR)SdRel + Current, SeWorldSid, SidSize);
175  SdRel->Group = Current;
176  Current += SidSize;
177  }
178 
180  {
181  PACL Dacl = (PACL)((PUCHAR)SdRel + Current);
182  SdRel->Control |= SE_DACL_PRESENT;
183 
185  sizeof(ACL) + sizeof(ACE) + SidSize,
186  ACL_REVISION);
187  if (!NT_SUCCESS(Status))
188  return Status;
189 
191  ACL_REVISION,
192  GENERIC_ALL,
193  SeWorldSid);
194  if (!NT_SUCCESS(Status))
195  return Status;
196 
197  SdRel->Dacl = Current;
198  }
199 
201  {
202  /* FIXME - SdRel->Control |= SE_SACL_PRESENT; */
203  }
204 
205  return STATUS_SUCCESS;
206 }
#define GENERIC_ALL
Definition: nt_native.h:92
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
unsigned char * PUCHAR
Definition: retypes.h:3
LONG NTSTATUS
Definition: precomp.h:26
NTSTATUS NTAPI RtlCreateSecurityDescriptorRelative(IN PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor, IN ULONG Revision)
Definition: sd.c:139
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
#define SE_DACL_PRESENT
Definition: setypes.h:767
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
_In_ ULONG BufferLength
Definition: usbdlib.h:225
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
struct _ACL ACL
void DPRINT(...)
Definition: polytest.cpp:61
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
struct _ACL * PACL
Definition: security.c:104
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1553
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
PSID SeWorldSid
Definition: sid.c:31
Status
Definition: gdiplustypes.h:24
SECURITY_DESCRIPTOR_CONTROL Control
Definition: setypes.h:785
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
#define ACL_REVISION
Definition: setypes.h:39
unsigned int ULONG
Definition: retypes.h:1
return STATUS_SUCCESS
Definition: btrfs.c:2938
Definition: rtltypes.h:988
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125

Referenced by IopGetSetSecurityObject().

◆ SeValidSecurityDescriptor()

BOOLEAN NTAPI SeValidSecurityDescriptor ( IN ULONG  Length,
IN PSECURITY_DESCRIPTOR  _SecurityDescriptor 
)

Definition at line 960 of file sd.c.

962 {
963  ULONG SdLength;
964  PISID Sid;
965  PACL Acl;
967 
969  {
970  DPRINT1("Invalid Security Descriptor revision\n");
971  return FALSE;
972  }
973 
975  {
976  DPRINT1("Invalid Security Descriptor revision\n");
977  return FALSE;
978  }
979 
980  if (!(SecurityDescriptor->Control & SE_SELF_RELATIVE))
981  {
982  DPRINT1("No self-relative Security Descriptor\n");
983  return FALSE;
984  }
985 
986  SdLength = sizeof(SECURITY_DESCRIPTOR);
987 
988  /* Check Owner SID */
989  if (!SecurityDescriptor->Owner)
990  {
991  DPRINT1("No Owner SID\n");
992  return FALSE;
993  }
994 
995  if (SecurityDescriptor->Owner % sizeof(ULONG))
996  {
997  DPRINT1("Invalid Owner SID alignment\n");
998  return FALSE;
999  }
1000 
1002  if (Sid->Revision != SID_REVISION)
1003  {
1004  DPRINT1("Invalid Owner SID revision\n");
1005  return FALSE;
1006  }
1007 
1008  SdLength += (sizeof(SID) + (Sid->SubAuthorityCount - 1) * sizeof(ULONG));
1009  if (Length < SdLength)
1010  {
1011  DPRINT1("Invalid Owner SID size\n");
1012  return FALSE;
1013  }
1014 
1015  /* Check Group SID */
1016  if (SecurityDescriptor->Group)
1017  {
1018  if (SecurityDescriptor->Group % sizeof(ULONG))
1019  {
1020  DPRINT1("Invalid Group SID alignment\n");
1021  return FALSE;
1022  }
1023 
1025  if (Sid->Revision != SID_REVISION)
1026  {
1027  DPRINT1("Invalid Group SID revision\n");
1028  return FALSE;
1029  }
1030 
1031  SdLength += (sizeof(SID) + (Sid->SubAuthorityCount - 1) * sizeof(ULONG));
1032  if (Length < SdLength)
1033  {
1034  DPRINT1("Invalid Group SID size\n");
1035  return FALSE;
1036  }
1037  }
1038 
1039  /* Check DACL */
1040  if (SecurityDescriptor->Dacl)
1041  {
1042  if (SecurityDescriptor->Dacl % sizeof(ULONG))
1043  {
1044  DPRINT1("Invalid DACL alignment\n");
1045  return FALSE;
1046  }
1047 
1049  if ((Acl->AclRevision < MIN_ACL_REVISION) ||
1050  (Acl->AclRevision > MAX_ACL_REVISION))
1051  {
1052  DPRINT1("Invalid DACL revision\n");
1053  return FALSE;
1054  }
1055 
1056  SdLength += Acl->AclSize;
1057  if (Length < SdLength)
1058  {
1059  DPRINT1("Invalid DACL size\n");
1060  return FALSE;
1061  }
1062  }
1063 
1064  /* Check SACL */
1065  if (SecurityDescriptor->Sacl)
1066  {
1067  if (SecurityDescriptor->Sacl % sizeof(ULONG))
1068  {
1069  DPRINT1("Invalid SACL alignment\n");
1070  return FALSE;
1071  }
1072 
1074  if ((Acl->AclRevision < MIN_ACL_REVISION) ||
1075  (Acl->AclRevision > MAX_ACL_REVISION))
1076  {
1077  DPRINT1("Invalid SACL revision\n");
1078  return FALSE;
1079  }
1080 
1081  SdLength += Acl->AclSize;
1082  if (Length < SdLength)
1083  {
1084  DPRINT1("Invalid SACL size\n");
1085  return FALSE;
1086  }
1087  }
1088 
1089  return TRUE;
1090 }
#define TRUE
Definition: types.h:120
#define SE_SELF_RELATIVE
Definition: setypes.h:780
#define SECURITY_DESCRIPTOR_MIN_LENGTH
Definition: setypes.h:761
struct _SID SID
#define MAX_ACL_REVISION
Definition: setypes.h:47
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
USHORT AclSize
Definition: ms-dtyp.idl:296
#define SID_REVISION
Definition: setypes.h:453
uint32_t ULONG_PTR
Definition: typedefs.h:63
struct _SID * PISID
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1104
struct _ACL * PACL
Definition: security.c:104
#define MIN_ACL_REVISION
Definition: setypes.h:46
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
struct _SID * PSID
Definition: eventlog.c:35
struct _SECURITY_DESCRIPTOR SECURITY_DESCRIPTOR
UCHAR AclRevision
Definition: ms-dtyp.idl:294
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
#define DPRINT1
Definition: precomp.h:8
unsigned int ULONG
Definition: retypes.h:1
BYTE Revision
Definition: ms-dtyp.idl:199
#define SECURITY_DESCRIPTOR_REVISION1
Definition: setypes.h:59

Variable Documentation

◆ SePublicDefaultSd

PSECURITY_DESCRIPTOR SePublicDefaultSd = NULL

◆ SePublicDefaultUnrestrictedSd

PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd = NULL

Definition at line 23 of file sd.c.

Referenced by ExpCreateSystemRootLink(), ObInitSystem(), and SepInitSDs().

◆ SePublicOpenSd

PSECURITY_DESCRIPTOR SePublicOpenSd = NULL

Definition at line 24 of file sd.c.

Referenced by SepInitSDs().

◆ SePublicOpenUnrestrictedSd

PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd = NULL

Definition at line 25 of file sd.c.

Referenced by SepInitSDs().

◆ SeSystemDefaultSd

PSECURITY_DESCRIPTOR SeSystemDefaultSd = NULL

Definition at line 26 of file sd.c.

Referenced by SepInitSDs().

◆ SeUnrestrictedSd

PSECURITY_DESCRIPTOR SeUnrestrictedSd = NULL

Definition at line 27 of file sd.c.

Referenced by SepInitSDs().