166 DPRINT(
"SeSetWorldSecurityDescriptor() called\n");
182 SdSize +=
sizeof(
ACL) +
sizeof(
ACE) + SidSize;
186 SdSize +=
sizeof(
ACL) +
sizeof(
ACE) + SidSize;
209 SdRel->
Owner = Current;
216 SdRel->
Group = Current;
225 sizeof(
ACL) +
sizeof(
ACE) + SidSize,
238 SdRel->
Dacl = Current;
247 sizeof(
ACL) +
sizeof(
ACE) + SidSize,
262 SdRel->
Sacl = Current;
344 if (ProcessorMode ==
KernelMode)
return Acl->AclSize;
396 ULONG OwnerSAC = 0, GroupSAC = 0;
402 if (!OriginalDescriptor)
405 *CapturedSecurityDescriptor =
NULL;
410 if (CurrentMode ==
KernelMode && !CaptureIfKernel)
418 *CapturedSecurityDescriptor = _OriginalSecurityDescriptor;
450 DescriptorCopy.
Sbz1 = OriginalDescriptor->
Sbz1;
451 DescriptorCopy.
Control = OriginalDescriptor->
Control & ~SE_SELF_RELATIVE;
510 if (DescriptorCopy.
Owner)
515 DescriptorCopy.
Owner,
520 if (DescriptorCopy.
Group)
525 DescriptorCopy.
Group,
530 if (DescriptorCopy.
Sacl)
540 if (DescriptorCopy.
Dacl)
611 ULONG OwnerLength = 0;
613 ULONG DaclLength = 0;
614 ULONG SaclLength = 0;
623 if (*ObjectsSecurityDescriptor ==
NULL)
637 ObjectSd = *ObjectsSecurityDescriptor;
685 SdLength = OwnerLength +
GroupLength + DaclLength +
700 if (OwnerLength != 0)
706 Current += OwnerLength;
724 Current += DaclLength;
733 Current += SaclLength;
772 if (CapturedSecurityDescriptor !=
NULL &&
774 (CurrentMode ==
KernelMode && CaptureIfKernelMode)))
826 ObjectsSecurityDescriptor,
898 ObjectSd = *ObjectsSecurityDescriptor;
965 DaclLength + SaclLength,
976 if (OwnerLength != 0)
979 NewSd->
Owner = Current;
980 Current += OwnerLength;
986 NewSd->
Group = Current;
993 NewSd->
Dacl = Current;
994 Current += DaclLength;
1000 NewSd->
Sacl = Current;
1001 Current += SaclLength;
1005 *ObjectsSecurityDescriptor = NewSd;
1038 DPRINT1(
"Invalid Security Descriptor revision\n");
1044 DPRINT1(
"Invalid Security Descriptor revision\n");
1050 DPRINT1(
"No self-relative Security Descriptor\n");
1065 DPRINT1(
"Invalid Owner SID alignment\n");
1073 DPRINT1(
"Owner SID not within bounds\n");
1081 DPRINT1(
"Invalid Owner SID revision\n");
1089 DPRINT1(
"Invalid Owner SID size\n");
1098 DPRINT1(
"Invalid Group SID alignment\n");
1106 DPRINT1(
"Group SID not within bounds\n");
1114 DPRINT1(
"Invalid Group SID revision\n");
1122 DPRINT1(
"Invalid Group SID size\n");
1132 DPRINT1(
"Invalid DACL alignment\n");
1140 DPRINT1(
"DACL not within bounds\n");
1150 DPRINT1(
"Invalid DACL size\n");
1166 DPRINT1(
"Invalid SACL alignment\n");
1174 DPRINT1(
"SACL not within bounds\n");
1184 DPRINT1(
"Invalid SACL size\n");
1345 DPRINT(
"Use explicit owner sid!\n");
1352 DPRINT(
"Use parent owner sid!\n");
1368 DPRINT(
"Use token owner sid!\n");
1384 DPRINT(
"Use parent group sid!\n");
1400 DPRINT(
"Use token group sid!\n");
1415 ExplicitPresent =
FALSE;
1416 ExplicitDefaulted =
FALSE;
1421 ExplicitPresent =
TRUE;
1423 ExplicitDefaulted =
TRUE;
1426 if (ParentDescriptor !=
NULL &&
1450 ExplicitPresent =
FALSE;
1451 ExplicitDefaulted =
FALSE;
1456 ExplicitPresent =
TRUE;
1458 ExplicitDefaulted =
TRUE;
1461 if (ParentDescriptor !=
NULL &&
1484 OwnerLength +
GroupLength + DaclLength + SaclLength;
1486 DPRINT(
"L: sizeof(SECURITY_DESCRIPTOR) %u OwnerLength %lu GroupLength %lu DaclLength %lu SaclLength %lu\n",
1496 DPRINT1(
"ExAlloctePool() failed\n");
1508 if (SaclLength != 0)
1520 Current += SaclLength;
1523 if (DaclLength != 0)
1535 Current += DaclLength;
1538 if (OwnerLength != 0)
1542 Current += OwnerLength;
#define ALIGN_UP_BY(size, align)
static GENERIC_MAPPING GenericMapping
#define NT_SUCCESS(StatCode)
#define _IRQL_requires_max_(irql)
#define ExAllocatePoolWithTag(hernya, size, tag)
#define ROUND_UP(n, align)
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
#define EXCEPTION_EXECUTE_HANDLER
NTSYSAPI ULONG WINAPI RtlLengthSecurityDescriptor(PSECURITY_DESCRIPTOR)
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
WORD SECURITY_DESCRIPTOR_CONTROL
#define ExFreePoolWithTag(_P, _T)
DWORD SECURITY_INFORMATION
struct _SECURITY_DESCRIPTOR SECURITY_DESCRIPTOR
DWORD * PSECURITY_INFORMATION
#define _Out_writes_bytes_(size)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG OwnerSize
NTSYSAPI BOOLEAN NTAPI RtlValidAcl(PACL Acl)
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG SaclSize
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
DECLSPEC_NORETURN NTSYSAPI VOID NTAPI RtlRaiseStatus(_In_ NTSTATUS Status)
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptorRelative(_Out_ PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor, _In_ ULONG Revision)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG DaclSize
#define ACCESS_SYSTEM_SECURITY
#define STANDARD_RIGHTS_ALL
#define DBG_UNREFERENCED_PARAMETER(P)
#define UNREFERENCED_PARAMETER(P)
_In_ ULONG _In_ ULONG Offset
_In_ ULONG _In_ ULONG _In_ ULONG Length
#define ARGUMENT_PRESENT(ArgumentPointer)
NTSTATUS SepPropagateAcl(_Out_writes_bytes_opt_(DaclLength) PACL AclDest, _Inout_ PULONG AclLength, _In_reads_bytes_(AclSource->AclSize) PACL AclSource, _In_ PSID Owner, _In_ PSID Group, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
PACL SePublicDefaultUnrestrictedDacl
FORCEINLINE PSID SepGetOwnerFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
PACL SeSystemAnonymousLogonDacl
PACL SePublicOpenUnrestrictedDacl
PACL SepSelectAcl(_In_opt_ PACL ExplicitAcl, _In_ BOOLEAN ExplicitPresent, _In_ BOOLEAN ExplicitDefaulted, _In_opt_ PACL ParentAcl, _In_opt_ PACL DefaultAcl, _Out_ PULONG AclLength, _In_ PSID Owner, _In_ PSID Group, _Out_ PBOOLEAN AclPresent, _Out_ PBOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
Selects an ACL and returns it to the caller.
FORCEINLINE PSID SepGetGroupFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
FORCEINLINE PACL SepGetDaclFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
NTSTATUS NTAPI SeComputeQuotaInformationSize(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PULONG QuotaInfoSize)
FORCEINLINE PACL SepGetSaclFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
BOOLEAN NTAPI SeValidSecurityDescriptor(_In_ ULONG Length, _In_ PSECURITY_DESCRIPTOR _SecurityDescriptor)
Determines if a security descriptor is valid according to the general security requirements and condi...
static ULONG DetermineSIDSize(_In_ PISID Sid, _Inout_ PULONG OutSAC, _In_ KPROCESSOR_MODE ProcessorMode)
Determines the size of a SID.
PSECURITY_DESCRIPTOR SeSystemDefaultSd
PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
PSECURITY_DESCRIPTOR SePublicOpenSd
PSECURITY_DESCRIPTOR SeUnrestrictedSd
PSECURITY_DESCRIPTOR SePublicDefaultSd
PSECURITY_DESCRIPTOR SeSystemAnonymousLogonSd
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
NTSTATUS NTAPI SeSetWorldSecurityDescriptor(_In_ SECURITY_INFORMATION SecurityInformation, _In_ PISECURITY_DESCRIPTOR SecurityDescriptor, _In_ PULONG BufferLength)
Sets a "World" security descriptor.
BOOLEAN NTAPI SepInitSDs(VOID)
Initializes the known security descriptors in the system.
NTSTATUS NTAPI SeCaptureSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Captures a security descriptor.
NTSTATUS NTAPI SeReleaseSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
Releases a captured security descriptor buffer.
static ULONG DetermineACLSize(_In_ PACL Acl, _In_ KPROCESSOR_MODE ProcessorMode)
Determines the size of an ACL.
#define STATUS_UNKNOWN_REVISION
#define STATUS_INVALID_ACL
#define STATUS_INVALID_SID
#define STATUS_NO_SECURITY_ON_OBJECT
#define STATUS_INVALID_PRIMARY_GROUP
#define STATUS_INVALID_OWNER
#define _SEH2_GetExceptionCode()
#define _SEH2_EXCEPT(...)
#define _SEH2_YIELD(__stmt)
#define ProbeForReadUchar(Ptr)
#define ProbeForReadUshort(Ptr)
#define STATUS_BUFFER_TOO_SMALL
SECURITY_DESCRIPTOR_CONTROL Control
VOID NTAPI SeLockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Locks both the referenced primary and client access tokens of a security subject context.
VOID NTAPI SeUnlockSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Unlocks both the referenced primary and client access tokens of a security subject context.
_In_ SIZE_T DescriptorSize
#define RtlCopyMemory(Destination, Source, Length)
#define RtlZeroMemory(Destination, Length)
#define STATUS_ACCESS_DENIED
#define STATUS_INSUFFICIENT_RESOURCES
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
_Must_inspect_result_ _In_ WDFIORESLIST _In_ PIO_RESOURCE_DESCRIPTOR Descriptor
_In_ WDF_WMI_PROVIDER_CONTROL Control
_In_ ULONG _In_ CONST SOCKADDR _In_ int GroupLength
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
_Out_ PBOOLEAN SaclPresent
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfoEx(_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR ModificationDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ ULONG AutoInheritFlags, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
_In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor
NTKERNELAPI NTSTATUS NTAPI SeAssignSecurityEx(_In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor, _In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor, _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, _In_opt_ GUID *ObjectType, _In_ BOOLEAN IsDirectoryObject, _In_ ULONG AutoInheritFlags, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PGENERIC_MAPPING GenericMapping, _In_ POOL_TYPE PoolType)
NTKERNELAPI NTSTATUS NTAPI SeSetSecurityDescriptorInfo(_In_opt_ PVOID Object, _In_ PSECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
NTKERNELAPI NTSTATUS NTAPI SeQuerySecurityDescriptorInfo(_In_ PSECURITY_INFORMATION SecurityInformation, _Out_writes_bytes_(*Length) PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_ PULONG Length, _Inout_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor)
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
#define SE_OWNER_DEFAULTED
#define DACL_SECURITY_INFORMATION
#define SE_DACL_DEFAULTED
#define OWNER_SECURITY_INFORMATION
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
#define SE_SACL_DEFAULTED
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
#define SEF_DEFAULT_GROUP_FROM_PARENT
#define SECURITY_DESCRIPTOR_REVISION
#define GROUP_SECURITY_INFORMATION
#define SECURITY_DESCRIPTOR_MIN_LENGTH
#define SE_GROUP_DEFAULTED
#define SEF_DEFAULT_OWNER_FROM_PARENT
#define SACL_SECURITY_INFORMATION
#define SECURITY_DESCRIPTOR_REVISION1