ReactOS  0.4.15-dev-5120-gfb68e76
se.h File Reference

Go to the source code of this file.

Classes

struct  _KNOWN_ACE
 
struct  _KNOWN_OBJECT_ACE
 
struct  _KNOWN_COMPOUND_ACE
 
struct  _ACCESS_CHECK_RIGHTS
 
struct  _TOKEN_AUDIT_POLICY_INFORMATION
 

Macros

#define TOKEN_CREATE_METHOD   0xCUL
 
#define TOKEN_DUPLICATE_METHOD   0xDUL
 
#define TOKEN_FILTER_METHOD   0xFUL
 
#define SepAcquireTokenLockExclusive(Token)
 
#define SepAcquireTokenLockShared(Token)
 
#define SepReleaseTokenLock(Token)
 

Typedefs

typedef struct _KNOWN_ACE KNOWN_ACE
 
typedef struct _KNOWN_ACEPKNOWN_ACE
 
typedef struct _KNOWN_OBJECT_ACE KNOWN_OBJECT_ACE
 
typedef struct _KNOWN_OBJECT_ACEPKNOWN_OBJECT_ACE
 
typedef struct _KNOWN_COMPOUND_ACE KNOWN_COMPOUND_ACE
 
typedef struct _KNOWN_COMPOUND_ACEPKNOWN_COMPOUND_ACE
 
typedef struct _ACCESS_CHECK_RIGHTS ACCESS_CHECK_RIGHTS
 
typedef struct _ACCESS_CHECK_RIGHTSPACCESS_CHECK_RIGHTS
 
typedef enum _ACCESS_CHECK_RIGHT_TYPE ACCESS_CHECK_RIGHT_TYPE
 
typedef struct _TOKEN_AUDIT_POLICY_INFORMATION TOKEN_AUDIT_POLICY_INFORMATION
 
typedef struct _TOKEN_AUDIT_POLICY_INFORMATIONPTOKEN_AUDIT_POLICY_INFORMATION
 

Enumerations

enum  _ACCESS_CHECK_RIGHT_TYPE { AccessCheckMaximum, AccessCheckRegular }
 

Functions

FORCEINLINE PSID SepGetGroupFromDescriptor (_Inout_ PVOID _Descriptor)
 
FORCEINLINE PSID SepGetOwnerFromDescriptor (_Inout_ PVOID _Descriptor)
 
FORCEINLINE PACL SepGetDaclFromDescriptor (_Inout_ PVOID _Descriptor)
 
FORCEINLINE PACL SepGetSaclFromDescriptor (_Inout_ PVOID _Descriptor)
 
VOID NTAPI SepInitializeTokenImplementation (VOID)
 Internal function that initializes critical kernel data for access token implementation in SRM. More...
 
PTOKEN NTAPI SepCreateSystemProcessToken (VOID)
 Creates the system process token. More...
 
PTOKEN SepCreateSystemAnonymousLogonToken (VOID)
 Creates the anonymous logon token for the system. The difference between this token and the other one is the inclusion of everyone SID group (being SeWorldSid). The other token lacks such group. More...
 
PTOKEN SepCreateSystemAnonymousLogonTokenNoEveryone (VOID)
 Creates the anonymous logon token for the system. This kind of token doesn't include the everyone SID group (being SeWorldSid). More...
 
NTSTATUS NTAPI SepDuplicateToken (_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
 Duplicates an access token, from an existing valid token. More...
 
NTSTATUS NTAPI SepCreateToken (_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
 Internal function responsible for access token object creation in the kernel. A fully created token objected is inserted into the token handle, thus the handle becoming a valid handle to an access token object and ready for use. More...
 
BOOLEAN NTAPI SepTokenIsOwner (_In_ PACCESS_TOKEN _Token, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN TokenLocked)
 Checks if a token belongs to the main user, being the owner. More...
 
NTSTATUS SepCreateTokenLock (_Inout_ PTOKEN Token)
 Creates a lock for the token. More...
 
VOID SepDeleteTokenLock (_Inout_ PTOKEN Token)
 Deletes a lock of a token. More...
 
VOID SepUpdatePrivilegeFlagsToken (_Inout_ PTOKEN Token)
 Updates the token's flags based upon the privilege that the token has been granted. The function uses the private helper, SepUpdateSinglePrivilegeFlagToken, in order to update the flags of a token. More...
 
NTSTATUS SepFindPrimaryGroupAndDefaultOwner (_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
 Finds the primary group and default owner entity based on the submitted primary group instance and an access token. More...
 
VOID SepUpdateSinglePrivilegeFlagToken (_Inout_ PTOKEN Token, _In_ ULONG Index)
 Updates the token's flags based upon the privilege that the token has been granted. The flag can either be taken out or given to the token if the attributes of the specified privilege is enabled or not. More...
 
VOID SepRemovePrivilegeToken (_Inout_ PTOKEN Token, _In_ ULONG Index)
 Removes a privilege from the token. More...
 
VOID SepRemoveUserGroupToken (_Inout_ PTOKEN Token, _In_ ULONG Index)
 Removes a group from the token. More...
 
ULONG SepComputeAvailableDynamicSpace (_In_ ULONG DynamicCharged, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl)
 Computes the exact available dynamic area of an access token whilst querying token statistics. More...
 
NTSTATUS SepRebuildDynamicPartOfToken (_In_ PTOKEN Token, _In_ ULONG NewDynamicPartSize)
 
BOOLEAN NTAPI SeTokenCanImpersonate (_In_ PTOKEN ProcessToken, _In_ PTOKEN TokenToImpersonate, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
 Ensures that client impersonation can occur by checking if the token we're going to assign as the impersonation token can be actually impersonated in the first place. The routine is used primarily by PsImpersonateClient. More...
 
VOID NTAPI SeGetTokenControlInformation (_In_ PACCESS_TOKEN _Token, _Out_ PTOKEN_CONTROL TokenControl)
 Retrieves token control information. More...
 
VOID NTAPI SeDeassignPrimaryToken (_Inout_ PEPROCESS Process)
 Removes the primary token of a process. More...
 
NTSTATUS NTAPI SeSubProcessToken (_In_ PTOKEN Parent, _Out_ PTOKEN *Token, _In_ BOOLEAN InUse, _In_ ULONG SessionId)
 Subtracts a token in exchange of duplicating a new one. More...
 
NTSTATUS NTAPI SeIsTokenChild (_In_ PTOKEN Token, _Out_ PBOOLEAN IsChild)
 Checks if the token is a child of the other token of the current process that the calling thread is invoking this function. More...
 
NTSTATUS NTAPI SeIsTokenSibling (_In_ PTOKEN Token, _Out_ PBOOLEAN IsSibling)
 Checks if the token is a sibling of the other token of the current process that the calling thread is invoking this function. More...
 
NTSTATUS NTAPI SeExchangePrimaryToken (_In_ PEPROCESS Process, _In_ PACCESS_TOKEN NewAccessToken, _Out_ PACCESS_TOKEN *OldAccessToken)
 Replaces the old access token of a process (pointed by the EPROCESS kernel structure) with a new access token. The new access token must be a primary token for use. More...
 
NTSTATUS NTAPI SeCopyClientToken (_In_ PACCESS_TOKEN Token, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PACCESS_TOKEN *NewToken)
 Copies an existing access token (technically duplicating a new one). More...
 
BOOLEAN NTAPI SeTokenIsInert (_In_ PTOKEN Token)
 Determines if a token is a sandbox inert token or not, based upon the token flags. More...
 
ULONG RtlLengthSidAndAttributes (_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src)
 Computes the length size of a SID. More...
 
BOOLEAN NTAPI SeInitSystem (VOID)
 Main security manager initialization function. More...
 
NTSTATUS NTAPI SeDefaultObjectMethod (_In_ PVOID Object, _In_ SECURITY_OPERATION_CODE OperationType, _In_ PSECURITY_INFORMATION SecurityInformation, _Inout_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_opt_ PULONG ReturnLength, _Inout_opt_ PSECURITY_DESCRIPTOR *OldSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
 
VOID NTAPI SeQuerySecurityAccessMask (_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess)
 Queries the access mask from a security information context. More...
 
VOID NTAPI SeSetSecurityAccessMask (_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess)
 Sets the access mask for a security information context. More...
 
VOID NTAPI SepInitPrivileges (VOID)
 Initializes the privileges during the startup phase of the security manager module. This function serves as a placeholder as it currently does nothing. More...
 
BOOLEAN NTAPI SepPrivilegeCheck (_In_ PTOKEN Token, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_ ULONG PrivilegeCount, _In_ ULONG PrivilegeControl, _In_ KPROCESSOR_MODE PreviousMode)
 Checks the privileges pointed by Privileges array argument if they exist and match with the privileges from an access token. More...
 
NTSTATUS NTAPI SePrivilegePolicyCheck (_Inout_ PACCESS_MASK DesiredAccess, _Inout_ PACCESS_MASK GrantedAccess, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PTOKEN Token, _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet, _In_ KPROCESSOR_MODE PreviousMode)
 Checks the security policy and returns a set of privileges based upon the said security policy context. More...
 
BOOLEAN NTAPI SeCheckAuditPrivilege (_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
 Checks a single privilege and performs an audit against a privileged service based on a security subject context. More...
 
BOOLEAN NTAPI SeCheckPrivilegedObject (_In_ LUID PrivilegeValue, _In_ HANDLE ObjectHandle, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE PreviousMode)
 Checks a privileged object if such object has the specific privilege submitted by the caller. More...
 
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray (_In_ PLUID_AND_ATTRIBUTES Src, _In_ ULONG PrivilegeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_ PLUID_AND_ATTRIBUTES AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PLUID_AND_ATTRIBUTES *Dest, _Inout_ PULONG Length)
 
VOID NTAPI SeReleaseLuidAndAttributesArray (_In_ PLUID_AND_ATTRIBUTES Privilege, _In_ KPROCESSOR_MODE PreviousMode, _In_ BOOLEAN CaptureIfKernel)
 Releases a LUID with attributes structure. More...
 
BOOLEAN NTAPI SepInitSecurityIDs (VOID)
 Initializes all the SIDs known in the system. More...
 
NTSTATUS NTAPI SepCaptureSid (_In_ PSID InputSid, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID *CapturedSid)
 Captures a SID. More...
 
VOID NTAPI SepReleaseSid (_In_ PSID CapturedSid, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
 Releases a captured SID. More...
 
BOOLEAN NTAPI SepSidInToken (_In_ PACCESS_TOKEN _Token, _In_ PSID Sid)
 Checks if a SID is present in a token. More...
 
BOOLEAN NTAPI SepSidInTokenEx (_In_ PACCESS_TOKEN _Token, _In_ PSID PrincipalSelfSid, _In_ PSID _Sid, _In_ BOOLEAN Deny, _In_ BOOLEAN Restricted)
 Checks if a SID is present in a token. More...
 
PSID NTAPI SepGetSidFromAce (_In_ UCHAR AceType, _In_ PACE Ace)
 Captures a security identifier from a given access control entry. This identifier is valid for the whole of its lifetime. More...
 
NTSTATUS NTAPI SeCaptureSidAndAttributesArray (_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
 Captures a SID with attributes. More...
 
VOID NTAPI SeReleaseSidAndAttributesArray (_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
 Releases a captured SID with attributes. More...
 
BOOLEAN NTAPI SepInitDACLs (VOID)
 Initializes known discretionary access control lists in the system upon kernel and Executive initialization procedure. More...
 
NTSTATUS NTAPI SepCreateImpersonationTokenDacl (_In_ PTOKEN Token, _In_ PTOKEN PrimaryToken, _Out_ PACL *Dacl)
 Allocates a discretionary access control list based on certain properties of a regular and primary access tokens. More...
 
NTSTATUS NTAPI SepCaptureAcl (_In_ PACL InputAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PACL *CapturedAcl)
 Captures an access control list from an already valid input ACL. More...
 
VOID NTAPI SepReleaseAcl (_In_ PACL CapturedAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
 Releases (frees) a captured ACL from the memory pool. More...
 
NTSTATUS SepPropagateAcl (_Out_writes_bytes_opt_(DaclLength) PACL AclDest, _Inout_ PULONG AclLength, _In_reads_bytes_(AclSource->AclSize) PACL AclSource, _In_ PSID Owner, _In_ PSID Group, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
 
PACL SepSelectAcl (_In_opt_ PACL ExplicitAcl, _In_ BOOLEAN ExplicitPresent, _In_ BOOLEAN ExplicitDefaulted, _In_opt_ PACL ParentAcl, _In_opt_ PACL DefaultAcl, _Out_ PULONG AclLength, _In_ PSID Owner, _In_ PSID Group, _Out_ PBOOLEAN AclPresent, _Out_ PBOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
 Selects an ACL and returns it to the caller. More...
 
BOOLEAN NTAPI SepInitSDs (VOID)
 Initializes the known security descriptors in the system. More...
 
NTSTATUS NTAPI SeSetWorldSecurityDescriptor (_In_ SECURITY_INFORMATION SecurityInformation, _In_ PISECURITY_DESCRIPTOR SecurityDescriptor, _In_ PULONG BufferLength)
 Sets a "World" security descriptor. More...
 
NTSTATUS NTAPI SeComputeQuotaInformationSize (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PULONG QuotaInfoSize)
 
BOOLEAN NTAPI SeRmInitPhase0 (VOID)
 Manages the phase 0 initialization of the security reference monitoring module of the kernel. More...
 
BOOLEAN NTAPI SeRmInitPhase1 (VOID)
 Manages the phase 1 initialization of the security reference monitoring module of the kernel. More...
 
NTSTATUS NTAPI SepRmInsertLogonSessionIntoToken (_Inout_ PTOKEN Token)
 Inserts a logon session into an access token specified by the caller. More...
 
NTSTATUS NTAPI SepRmRemoveLogonSessionFromToken (_Inout_ PTOKEN Token)
 Removes a logon session from an access token. More...
 
NTSTATUS SepRmReferenceLogonSession (_Inout_ PLUID LogonLuid)
 
NTSTATUS SepRmDereferenceLogonSession (_Inout_ PLUID LogonLuid)
 
NTSTATUS NTAPI SepRegQueryHelper (_In_ PCWSTR KeyName, _In_ PCWSTR ValueName, _In_ ULONG ValueType, _In_ ULONG DataLength, _Out_ PVOID ValueData)
 A private registry helper that returns the desired value data based on the specifics requested by the caller. More...
 
NTSTATUS NTAPI SeGetLogonIdDeviceMap (_In_ PLUID LogonId, _Out_ PDEVICE_MAP *DeviceMap)
 Retrieves the DOS device map from a logon session. More...
 
NTSTATUS NTAPI SeInitializeProcessAuditName (_In_ PFILE_OBJECT FileObject, _In_ BOOLEAN DoAudit, _Out_ POBJECT_NAME_INFORMATION *AuditInfo)
 Initializes a process audit name and returns it to the caller. More...
 
BOOLEAN NTAPI SeDetailedAuditingWithToken (_In_ PTOKEN Token)
 Peforms a detailed security auditing with an access token. More...
 
VOID NTAPI SeAuditProcessExit (_In_ PEPROCESS Process)
 Peforms a security auditing against a process that is about to be terminated. More...
 
VOID NTAPI SeAuditProcessCreate (_In_ PEPROCESS Process)
 Peforms a security auditing against a process that is about to be created. More...
 
VOID NTAPI SePrivilegedServiceAuditAlarm (_In_opt_ PUNICODE_STRING ServiceName, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN AccessGranted)
 Performs an audit alarm to a privileged service request. More...
 
VOID NTAPI SeCaptureSubjectContextEx (_In_ PETHREAD Thread, _In_ PEPROCESS Process, _Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
 An extended function that captures the security subject context based upon the specified thread and process. More...
 
NTSTATUS NTAPI SepCaptureSecurityQualityOfService (_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, _Out_ PBOOLEAN Present)
 Captures the security quality of service data given the object attributes from an object. More...
 
VOID NTAPI SepReleaseSecurityQualityOfService (_In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
 Releases (frees) the captured SQOS data from an object in the memory pool. More...
 
NTSTATUS SeCaptureObjectTypeList (_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ KPROCESSOR_MODE PreviousMode, _Out_ POBJECT_TYPE_LIST *CapturedObjectTypeList)
 Captures a list of object types. More...
 
VOID SeReleaseObjectTypeList (_In_ _Post_invalid_ POBJECT_TYPE_LIST CapturedObjectTypeList, _In_ KPROCESSOR_MODE PreviousMode)
 Releases a buffer list of object types. More...
 
NTSTATUS NTAPI SeCreateAccessStateEx (_In_ PETHREAD Thread, _In_ PEPROCESS Process, _In_ OUT PACCESS_STATE AccessState, _In_ PAUX_ACCESS_DATA AuxData, _In_ ACCESS_MASK Access, _In_ PGENERIC_MAPPING GenericMapping)
 
BOOLEAN NTAPI SeFastTraverseCheck (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE AccessMode)
 Determines whether security access rights can be given to an object depending on the security descriptor. Unlike the regular access check procedure in the NT kernel, the fast traverse check is a faster way to quickly check if access can be made into an object. More...
 

Variables

SID_IDENTIFIER_AUTHORITY SeNullSidAuthority
 
SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority
 
SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority
 
SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority
 
SID_IDENTIFIER_AUTHORITY SeNtSidAuthority
 
PSID SeNullSid
 
PSID SeWorldSid
 
PSID SeLocalSid
 
PSID SeCreatorOwnerSid
 
PSID SeCreatorGroupSid
 
PSID SeCreatorOwnerServerSid
 
PSID SeCreatorGroupServerSid
 
PSID SeNtAuthoritySid
 
PSID SeDialupSid
 
PSID SeNetworkSid
 
PSID SeBatchSid
 
PSID SeInteractiveSid
 
PSID SeServiceSid
 
PSID SeAnonymousLogonSid
 
PSID SePrincipalSelfSid
 
PSID SeLocalSystemSid
 
PSID SeAuthenticatedUserSid
 
PSID SeRestrictedCodeSid
 
PSID SeAliasAdminsSid
 
PSID SeAliasUsersSid
 
PSID SeAliasGuestsSid
 
PSID SeAliasPowerUsersSid
 
PSID SeAliasAccountOpsSid
 
PSID SeAliasSystemOpsSid
 
PSID SeAliasPrintOpsSid
 
PSID SeAliasBackupOpsSid
 
PSID SeAuthenticatedUsersSid
 
PSID SeRestrictedSid
 
PSID SeLocalServiceSid
 
PSID SeNetworkServiceSid
 
const LUID SeCreateTokenPrivilege
 
const LUID SeAssignPrimaryTokenPrivilege
 
const LUID SeLockMemoryPrivilege
 
const LUID SeIncreaseQuotaPrivilege
 
const LUID SeUnsolicitedInputPrivilege
 
const LUID SeTcbPrivilege
 
const LUID SeSecurityPrivilege
 
const LUID SeTakeOwnershipPrivilege
 
const LUID SeLoadDriverPrivilege
 
const LUID SeSystemProfilePrivilege
 
const LUID SeSystemtimePrivilege
 
const LUID SeProfileSingleProcessPrivilege
 
const LUID SeIncreaseBasePriorityPrivilege
 
const LUID SeCreatePagefilePrivilege
 
const LUID SeCreatePermanentPrivilege
 
const LUID SeBackupPrivilege
 
const LUID SeRestorePrivilege
 
const LUID SeShutdownPrivilege
 
const LUID SeDebugPrivilege
 
const LUID SeAuditPrivilege
 
const LUID SeSystemEnvironmentPrivilege
 
const LUID SeChangeNotifyPrivilege
 
const LUID SeRemoteShutdownPrivilege
 
const LUID SeUndockPrivilege
 
const LUID SeSyncAgentPrivilege
 
const LUID SeEnableDelegationPrivilege
 
const LUID SeManageVolumePrivilege
 
const LUID SeImpersonatePrivilege
 
const LUID SeCreateGlobalPrivilege
 
const LUID SeTrustedCredmanPrivilege
 
const LUID SeRelabelPrivilege
 
const LUID SeIncreaseWorkingSetPrivilege
 
const LUID SeTimeZonePrivilege
 
const LUID SeCreateSymbolicLinkPrivilege
 
PACL SePublicDefaultUnrestrictedDacl
 
PACL SePublicOpenDacl
 
PACL SePublicOpenUnrestrictedDacl
 
PACL SeUnrestrictedDacl
 
PACL SeSystemAnonymousLogonDacl
 
PSECURITY_DESCRIPTOR SePublicDefaultSd
 
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
 
PSECURITY_DESCRIPTOR SePublicOpenSd
 
PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
 
PSECURITY_DESCRIPTOR SeSystemDefaultSd
 
PSECURITY_DESCRIPTOR SeUnrestrictedSd
 
PSECURITY_DESCRIPTOR SeSystemAnonymousLogonSd
 
PTOKEN SeAnonymousLogonToken
 
PTOKEN SeAnonymousLogonTokenNoEveryone
 

Macro Definition Documentation

◆ SepAcquireTokenLockExclusive

#define SepAcquireTokenLockExclusive (   Token)
Value:
{ \
KeEnterCriticalRegion(); \
ExAcquireResourceExclusiveLite(((PTOKEN)Token)->TokenLock, TRUE); \
}
#define TRUE
Definition: types.h:120
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token

Definition at line 275 of file se.h.

◆ SepAcquireTokenLockShared

#define SepAcquireTokenLockShared (   Token)
Value:
{ \
KeEnterCriticalRegion(); \
ExAcquireResourceSharedLite(((PTOKEN)Token)->TokenLock, TRUE); \
}
#define TRUE
Definition: types.h:120
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token

Definition at line 280 of file se.h.

◆ SepReleaseTokenLock

#define SepReleaseTokenLock (   Token)
Value:
{ \
ExReleaseResourceLite(((PTOKEN)Token)->TokenLock); \
KeLeaveCriticalRegion(); \
}
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token

Definition at line 286 of file se.h.

◆ TOKEN_CREATE_METHOD

#define TOKEN_CREATE_METHOD   0xCUL

Definition at line 70 of file se.h.

◆ TOKEN_DUPLICATE_METHOD

#define TOKEN_DUPLICATE_METHOD   0xDUL

Definition at line 71 of file se.h.

◆ TOKEN_FILTER_METHOD

#define TOKEN_FILTER_METHOD   0xFUL

Definition at line 72 of file se.h.

Typedef Documentation

◆ ACCESS_CHECK_RIGHT_TYPE

◆ ACCESS_CHECK_RIGHTS

◆ KNOWN_ACE

◆ KNOWN_COMPOUND_ACE

◆ KNOWN_OBJECT_ACE

◆ PACCESS_CHECK_RIGHTS

◆ PKNOWN_ACE

◆ PKNOWN_COMPOUND_ACE

◆ PKNOWN_OBJECT_ACE

◆ PTOKEN_AUDIT_POLICY_INFORMATION

◆ TOKEN_AUDIT_POLICY_INFORMATION

Enumeration Type Documentation

◆ _ACCESS_CHECK_RIGHT_TYPE

Enumerator
AccessCheckMaximum 
AccessCheckRegular 

Definition at line 48 of file se.h.

49 {
enum _ACCESS_CHECK_RIGHT_TYPE ACCESS_CHECK_RIGHT_TYPE

Function Documentation

◆ RtlLengthSidAndAttributes()

ULONG RtlLengthSidAndAttributes ( _In_ ULONG  Count,
_In_ PSID_AND_ATTRIBUTES  Src 
)

Computes the length size of a SID.

Parameters
[in]CountTotal count of entries that have SIDs in them (that being PSID_AND_ATTRIBUTES in this context).
[in]SrcSource that points to the attributes and SID entry structure.
Returns
Returns the total length of a SID size.

Definition at line 965 of file token.c.

968 {
969  ULONG i;
970  ULONG uLength;
971 
972  PAGED_CODE();
973 
974  uLength = Count * sizeof(SID_AND_ATTRIBUTES);
975  for (i = 0; i < Count; i++)
976  uLength += RtlLengthSid(Src[i].Sid);
977 
978  return uLength;
979 }
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1130
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
int Count
Definition: noreturn.cpp:7
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
unsigned int ULONG
Definition: retypes.h:1
#define PAGED_CODE()

Referenced by NtQueryInformationToken(), SepPerformTokenFiltering(), and SeQueryInformationToken().

◆ SeAuditProcessCreate()

VOID NTAPI SeAuditProcessCreate ( _In_ PEPROCESS  Process)

Peforms a security auditing against a process that is about to be created.

@unimplemented

Parameters
[in]ProcessAn object that points to a process which is in process of creation.
Returns
Nothing.

Definition at line 56 of file audit.c.

58 {
59  /* FIXME */
60 }

Referenced by PspCreateProcess().

◆ SeAuditProcessExit()

VOID NTAPI SeAuditProcessExit ( _In_ PEPROCESS  Process)

Peforms a security auditing against a process that is about to be terminated.

@unimplemented

Parameters
[in]ProcessAn object that points to a process which is in process of termination.
Returns
Nothing.

Definition at line 77 of file audit.c.

79 {
80  /* FIXME */
81 }

Referenced by PspExitThread().

◆ SeCaptureLuidAndAttributesArray()

NTSTATUS NTAPI SeCaptureLuidAndAttributesArray ( _In_ PLUID_AND_ATTRIBUTES  Src,
_In_ ULONG  PrivilegeCount,
_In_ KPROCESSOR_MODE  PreviousMode,
_In_ PLUID_AND_ATTRIBUTES  AllocatedMem,
_In_ ULONG  AllocatedLength,
_In_ POOL_TYPE  PoolType,
_In_ BOOLEAN  CaptureIfKernel,
_Out_ PLUID_AND_ATTRIBUTES Dest,
_Inout_ PULONG  Length 
)

◆ SeCaptureObjectTypeList()

NTSTATUS SeCaptureObjectTypeList ( _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeListLength,
_In_ KPROCESSOR_MODE  PreviousMode,
_Out_ POBJECT_TYPE_LIST CapturedObjectTypeList 
)

Captures a list of object types.

Parameters
[in]ObjectTypeListAn existing list of object types.
[in]ObjectTypeListLengthThe length size of the list.
[in]PreviousModeProcessor access level mode.
[out]CapturedObjectTypeListThe captured list of object types.
Returns
Returns STATUS_SUCCESS if the list of object types has been captured successfully. STATUS_INVALID_PARAMETER is returned if the caller hasn't supplied a buffer list of object types. STATUS_INSUFFICIENT_RESOURCES is returned if pool memory allocation for the captured list has failed.

Definition at line 39 of file objtype.c.

44 {
45  SIZE_T Size;
46 
47  if (PreviousMode == KernelMode)
48  {
50  }
51 
52  if (ObjectTypeListLength == 0)
53  {
54  *CapturedObjectTypeList = NULL;
55  return STATUS_SUCCESS;
56  }
57 
58  if (ObjectTypeList == NULL)
59  {
61  }
62 
63  /* Calculate the list size and check for integer overflow */
64  Size = ObjectTypeListLength * sizeof(OBJECT_TYPE_LIST);
65  if (Size == 0)
66  {
68  }
69 
70  /* Allocate a new list */
71  *CapturedObjectTypeList = ExAllocatePoolWithTag(PagedPool, Size, TAG_SEPA);
72  if (*CapturedObjectTypeList == NULL)
73  {
75  }
76 
77  _SEH2_TRY
78  {
79  ProbeForRead(ObjectTypeList, Size, sizeof(ULONG));
80  RtlCopyMemory(*CapturedObjectTypeList, ObjectTypeList, Size);
81  }
83  {
84  ExFreePoolWithTag(*CapturedObjectTypeList, TAG_SEPA);
85  *CapturedObjectTypeList = NULL;
87  }
88  _SEH2_END;
89 
90  return STATUS_SUCCESS;
91 }
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
struct _OBJECT_TYPE_LIST OBJECT_TYPE_LIST
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
IN PVOID IN PVOID IN USHORT IN USHORT Size
Definition: pci.h:361
_SEH2_TRY
Definition: create.c:4226
return STATUS_NOT_IMPLEMENTED
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
ULONG_PTR SIZE_T
Definition: typedefs.h:80
_SEH2_END
Definition: create.c:4400
#define NULL
Definition: types.h:112
unsigned int ULONG
Definition: retypes.h:1
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define TAG_SEPA
Definition: tag.h:153
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099

Referenced by SepAccessCheckAndAuditAlarm().

◆ SeCaptureSidAndAttributesArray()

NTSTATUS NTAPI SeCaptureSidAndAttributesArray ( _In_ PSID_AND_ATTRIBUTES  SrcSidAndAttributes,
_In_ ULONG  AttributeCount,
_In_ KPROCESSOR_MODE  PreviousMode,
_In_opt_ PVOID  AllocatedMem,
_In_ ULONG  AllocatedLength,
_In_ POOL_TYPE  PoolType,
_In_ BOOLEAN  CaptureIfKernel,
_Out_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes,
_Out_ PULONG  ResultLength 
)

Captures a SID with attributes.

Parameters
[in]SrcSidAndAttributesSource of the SID with attributes to be captured.
[in]AttributeCountThe number count of attributes, in total.
[in]PreviousModeProcessor access level mode.
[in]AllocatedMemThe allocated memory buffer for the captured SID. If the caller supplies no allocated block of memory then the function will allocate some buffer block of memory for the captured SID automatically.
[in]AllocatedLengthThe length of the buffer that points to the allocated memory, in bytes.
[in]PoolTypeThe pool type for the captured SID and attributes to assign.
[in]CaptureIfKernelIf set to TRUE, the capturing is done within the kernel. Otherwise the capturing is done in a kernel mode driver.
[out]CapturedSidAndAttributesThe captured SID and attributes.
[out]ResultLengthThe length of the captured SID and attributes, in bytes.
Returns
Returns STATUS_SUCCESS if SID and attributes capturing has been completed successfully. STATUS_INVALID_PARAMETER is returned if the count of attributes exceeds the maximum threshold that the kernel can permit, with the purpose of avoiding integer overflows. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the captured SID has failed. STATUS_BUFFER_TOO_SMALL is returned if the length of the allocated buffer is less than the required size. STATUS_INVALID_SID is returned if a SID doesn't meet certain requirements to be considered a valid SID by the security manager. A failure NTSTATUS code is returned otherwise.
Remarks
A security identifier (SID) is a variable-length data structure that can change in size over time, depending on the factors that influence this effect in question. An attacker can take advantage of this fact and can potentially modify certain properties of a SID making it different in size than it was originally before. This is what we'd call, a TOCTOU vulnerability.

For this reason, the logic of copying the SIDs and their attributes into a new buffer goes like this: first, allocate a buffer array that just holds the lengths and subauthority count of each SID. Such information is copied in the first loop. Then in a second loop, iterate over the array with SID provided and copy them into the final array. The moment we're doing this, validate the lengths of each SID basing upon the captured lengths we've got before. In this way we ensure that the SIDs have remained intact. The validation checks are done in user mode as a general rule that we just cannot trust UM and whatever data is coming from it.

Definition at line 696 of file sid.c.

706 {
707  ULONG ArraySize, RequiredLength, SidLength, i;
708  ULONG TempArrayValidate, TempLengthValidate;
709  PSID_AND_ATTRIBUTES SidAndAttributes;
710  _SEH2_VOLATILE PSID_VALIDATE ValidateArray;
711  PUCHAR CurrentDest;
712  PISID Sid;
714  PAGED_CODE();
715 
716  ValidateArray = NULL;
717  SidAndAttributes = NULL;
718  *CapturedSidAndAttributes = NULL;
719  *ResultLength = 0;
720 
721  if (AttributeCount == 0)
722  {
723  return STATUS_SUCCESS;
724  }
725 
726  if (AttributeCount > SE_MAXIMUM_GROUP_LIMIT)
727  {
728  DPRINT1("SeCaptureSidAndAttributesArray(): Maximum group limit exceeded!\n");
730  }
731 
732  if ((PreviousMode == KernelMode) && !CaptureIfKernel)
733  {
734  *CapturedSidAndAttributes = SrcSidAndAttributes;
735  return STATUS_SUCCESS;
736  }
737 
738  ArraySize = AttributeCount * sizeof(SID_AND_ATTRIBUTES);
739  RequiredLength = ALIGN_UP_BY(ArraySize, sizeof(ULONG));
740 
741  if (PreviousMode != KernelMode)
742  {
743  /* Check for user mode data */
744  _SEH2_TRY
745  {
746  /* First probe the whole array */
747  ProbeForRead(SrcSidAndAttributes, ArraySize, sizeof(ULONG));
748 
749  /* We're in user mode, set up the size for the temporary array */
750  TempArrayValidate = AttributeCount * sizeof(SID_VALIDATE);
751  TempLengthValidate = ALIGN_UP_BY(TempArrayValidate, sizeof(ULONG));
752 
753  /*
754  * Allocate a buffer for the array that we're going to
755  * temporarily hold the subauthority count and the SID
756  * elements. We'll be going to use this array to perform
757  * validation checks later.
758  */
760  TempLengthValidate,
762 
763  /* Loop the array elements */
764  for (i = 0; i < AttributeCount; i++)
765  {
766  /* Get the SID and probe the minimal structure */
767  Sid = SrcSidAndAttributes[i].Sid;
768  ProbeForRead(Sid, sizeof(*Sid), sizeof(ULONG));
769 
770  /*
771  * Capture the subauthority count and hold it
772  * into the temporary array for later validation.
773  * This way we ensure that the said count of each
774  * SID has remained the same.
775  */
776  ValidateArray[i].SubAuthorityCount = Sid->SubAuthorityCount;
777 
778  /* Capture the SID */
779  ValidateArray[i].ProbeSid = Sid;
780 
781  /* Calculate the SID length and probe the full SID */
782  SidLength = RtlLengthRequiredSid(ValidateArray[i].SubAuthorityCount);
783  ProbeForRead(ValidateArray[i].ProbeSid, SidLength, sizeof(ULONG));
784 
785  /* Add the aligned length to the required length */
786  RequiredLength += ALIGN_UP_BY(SidLength, sizeof(ULONG));
787  }
788  }
790  {
792  _SEH2_YIELD(goto Cleanup);
793  }
794  _SEH2_END;
795  }
796  else
797  {
798  /* Loop the array elements */
799  for (i = 0; i < AttributeCount; i++)
800  {
801  /* Get the SID and it's length */
802  Sid = SrcSidAndAttributes[i].Sid;
804 
805  /* Add the aligned length to the required length */
806  RequiredLength += ALIGN_UP_BY(SidLength, sizeof(ULONG));
807  }
808  }
809 
810  /* Assume success */
813 
814  /* Check if we have no buffer */
815  if (AllocatedMem == NULL)
816  {
817  /* Allocate a new buffer */
818  SidAndAttributes = ExAllocatePoolWithTag(PoolType,
821  if (SidAndAttributes == NULL)
822  {
823  DPRINT1("SeCaptureSidAndAttributesArray(): Failed to allocate memory for SID and attributes array (requested size -> %lu)!\n", RequiredLength);
825  goto Cleanup;
826  }
827  }
828  /* Otherwise check if the buffer is large enough */
829  else if (AllocatedLength >= RequiredLength)
830  {
831  /* Buffer is large enough, use it */
832  SidAndAttributes = AllocatedMem;
833  }
834  else
835  {
836  /* Buffer is too small, fail */
837  DPRINT1("SeCaptureSidAndAttributesArray(): The provided buffer is small (expected size -> %lu || current size -> %lu)!\n", RequiredLength, AllocatedLength);
839  goto Cleanup;
840  }
841 
842  *CapturedSidAndAttributes = SidAndAttributes;
843 
844  /* Check again for user mode */
845  if (PreviousMode != KernelMode)
846  {
847  _SEH2_TRY
848  {
849  /* The rest of the data starts after the array */
850  CurrentDest = (PUCHAR)SidAndAttributes;
851  CurrentDest += ALIGN_UP_BY(ArraySize, sizeof(ULONG));
852 
853  /* Loop the array elements */
854  for (i = 0; i < AttributeCount; i++)
855  {
856  /*
857  * Get the SID length from the subauthority
858  * count we've captured before.
859  */
860  SidLength = RtlLengthRequiredSid(ValidateArray[i].SubAuthorityCount);
861 
862  /* Copy attributes */
863  SidAndAttributes[i].Attributes = SrcSidAndAttributes[i].Attributes;
864 
865  /* Copy the SID to the current destination address */
866  SidAndAttributes[i].Sid = (PSID)CurrentDest;
867  RtlCopyMemory(CurrentDest, ValidateArray[i].ProbeSid, SidLength);
868 
869  /* Obtain the SID we've captured before for validation */
870  Sid = SidAndAttributes[i].Sid;
871 
872  /* Validate that the subauthority count hasn't changed */
873  if (ValidateArray[i].SubAuthorityCount !=
875  {
876  /* It's changed, bail out */
877  DPRINT1("SeCaptureSidAndAttributesArray(): The subauthority counts have changed (captured count -> %u || current count -> %u)\n",
878  ValidateArray[i].SubAuthorityCount, Sid->SubAuthorityCount);
880  goto Cleanup;
881  }
882 
883  /* Validate that the SID length is the same */
884  if (SidLength != RtlLengthSid(Sid))
885  {
886  /* They're no longer the same, bail out */
887  DPRINT1("SeCaptureSidAndAttributesArray(): The SID lengths have changed (captured length -> %lu || current length -> %lu)\n",
888  SidLength, RtlLengthSid(Sid));
890  goto Cleanup;
891  }
892 
893  /* Check that the SID is valid */
894  if (!RtlValidSid(Sid))
895  {
896  DPRINT1("SeCaptureSidAndAttributesArray(): The SID is not valid!\n");
898  goto Cleanup;
899  }
900 
901  /* Update the current destination address */
902  CurrentDest += ALIGN_UP_BY(SidLength, sizeof(ULONG));
903  }
904  }
906  {
908  }
909  _SEH2_END;
910  }
911  else
912  {
913  /* The rest of the data starts after the array */
914  CurrentDest = (PUCHAR)SidAndAttributes;
915  CurrentDest += ALIGN_UP_BY(ArraySize, sizeof(ULONG));
916 
917  /* Loop the array elements */
918  for (i = 0; i < AttributeCount; i++)
919  {
920  /* Get the SID and it's length */
921  Sid = SrcSidAndAttributes[i].Sid;
923 
924  /* Copy attributes */
925  SidAndAttributes[i].Attributes = SrcSidAndAttributes[i].Attributes;
926 
927  /* Copy the SID to the current destination address */
928  SidAndAttributes[i].Sid = (PSID)CurrentDest;
929  RtlCopyMemory(CurrentDest, SrcSidAndAttributes[i].Sid, SidLength);
930 
931  /* Update the current destination address */
932  CurrentDest += ALIGN_UP_BY(SidLength, sizeof(ULONG));
933  }
934  }
935 
936 Cleanup:
937  /* Check for failure */
938  if (!NT_SUCCESS(Status))
939  {
940  /* Check if we allocated a new array */
941  if ((SidAndAttributes != AllocatedMem) && (SidAndAttributes != NULL))
942  {
943  /* Free the array */
944  ExFreePoolWithTag(SidAndAttributes, TAG_SID_AND_ATTRIBUTES);
945  }
946 
947  /* Set returned address to NULL */
948  *CapturedSidAndAttributes = NULL;
949  }
950 
951  /* Free the temporary validation array */
952  if ((PreviousMode != KernelMode) && (ValidateArray != NULL))
953  {
954  ExFreePoolWithTag(ValidateArray, TAG_SID_VALIDATE);
955  }
956 
957  return Status;
958 }
#define SE_MAXIMUM_GROUP_LIMIT
Definition: sid.c:16
#define TAG_SID_AND_ATTRIBUTES
Definition: tag.h:162
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
unsigned char * PUCHAR
Definition: retypes.h:3
LONG NTSTATUS
Definition: precomp.h:26
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
_SEH2_TRY
Definition: create.c:4226
struct _SID_VALIDATE SID_VALIDATE
ULONG NTAPI RtlLengthSid(IN PSID Sid_)
Definition: sid.c:150
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1130
#define STATUS_INVALID_SID
Definition: ntstatus.h:356
BOOLEAN NTAPI RtlValidSid(IN PSID Sid_)
Definition: sid.c:21
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
#define TAG_SID_VALIDATE
Definition: tag.h:163
struct _SID * PSID
Definition: eventlog.c:35
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
_In_ PSID_IDENTIFIER_AUTHORITY _In_ UCHAR SubAuthorityCount
Definition: rtlfuncs.h:1513
static const WCHAR Cleanup[]
Definition: register.c:80
#define _SEH2_VOLATILE
Definition: pseh2_64.h:169
_SEH2_END
Definition: create.c:4400
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
_In_ ULONG _Out_opt_ PULONG RequiredLength
Definition: wmifuncs.h:29
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
unsigned int ULONG
Definition: retypes.h:1
#define ALIGN_UP_BY(size, align)
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3776
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define POOL_RAISE_IF_ALLOCATION_FAILURE
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define PAGED_CODE()

Referenced by NtAdjustGroupsToken(), NtCreateToken(), and NtFilterToken().

◆ SeCaptureSubjectContextEx()

VOID NTAPI SeCaptureSubjectContextEx ( _In_ PETHREAD  Thread,
_In_ PEPROCESS  Process,
_Out_ PSECURITY_SUBJECT_CONTEXT  SubjectContext 
)

An extended function that captures the security subject context based upon the specified thread and process.

Parameters
[in]ThreadA thread where the calling thread's token is to be referenced for the security context.
[in]ProcessA process where the main process' token is to be referenced for the security context.
[out]SubjectContextThe returned security subject context.
Returns
Nothing.

Definition at line 41 of file subject.c.

45 {
47 
48  PAGED_CODE();
49 
50  /* Save the unique ID */
51  SubjectContext->ProcessAuditId = Process->UniqueProcessId;
52 
53  /* Check if we have a thread */
54  if (!Thread)
55  {
56  /* We don't, so no token */
57  SubjectContext->ClientToken = NULL;
58  }
59  else
60  {
61  /* Get the impersonation token */
63  &CopyOnOpen,
65  &SubjectContext->ImpersonationLevel);
66  }
67 
68  /* Get the primary token */
70 }
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
_Out_ PBOOLEAN CopyOnOpen
Definition: psfuncs.h:154
unsigned char BOOLEAN
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2652
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
PACCESS_TOKEN NTAPI PsReferenceImpersonationToken(IN PETHREAD Thread, OUT PBOOLEAN CopyOnOpen, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:849
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:401
#define PAGED_CODE()

Referenced by SeCaptureSubjectContext(), and SeCreateAccessStateEx().

◆ SeCheckAuditPrivilege()

BOOLEAN NTAPI SeCheckAuditPrivilege ( _In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext,
_In_ KPROCESSOR_MODE  PreviousMode 
)

Checks a single privilege and performs an audit against a privileged service based on a security subject context.

Parameters
[in]DesiredAccessSecurity subject context used for privileged service auditing.
[in]PreviousModeProcessor level access mode.
Returns
Returns TRUE if service auditing and privilege checking tests have succeeded, FALSE otherwise.

Definition at line 360 of file priv.c.

363 {
364  PRIVILEGE_SET PrivilegeSet;
365  BOOLEAN Result;
366  PAGED_CODE();
367 
368  /* Initialize the privilege set with the single privilege */
369  PrivilegeSet.PrivilegeCount = 1;
370  PrivilegeSet.Control = PRIVILEGE_SET_ALL_NECESSARY;
371  PrivilegeSet.Privilege[0].Luid = SeAuditPrivilege;
372  PrivilegeSet.Privilege[0].Attributes = 0;
373 
374  /* Check against the primary token! */
375  Result = SepPrivilegeCheck(SubjectContext->PrimaryToken,
376  &PrivilegeSet.Privilege[0],
377  1,
379  PreviousMode);
380 
381  if (PreviousMode != KernelMode)
382  {
385  &PrivilegeSet,
386  Result);
387  }
388 
389  return Result;
390 }
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
const LUID SeAuditPrivilege
Definition: priv.c:40
$ULONG Control
Definition: setypes.h:87
#define PRIVILEGE_SET_ALL_NECESSARY
Definition: setypes.h:83
unsigned char BOOLEAN
BOOLEAN NTAPI SepPrivilegeCheck(_In_ PTOKEN Token, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_ ULONG PrivilegeCount, _In_ ULONG PrivilegeControl, _In_ KPROCESSOR_MODE PreviousMode)
Checks the privileges pointed by Privileges array argument if they exist and match with the privilege...
Definition: priv.c:104
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
$ULONG PrivilegeCount
Definition: setypes.h:86
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
VOID NTAPI SePrivilegedServiceAuditAlarm(_In_opt_ PUNICODE_STRING ServiceName, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN AccessGranted)
Performs an audit alarm to a privileged service request.
Definition: audit.c:369
#define NULL
Definition: types.h:112
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]
Definition: setypes.h:88
#define PAGED_CODE()

Referenced by NtCloseObjectAuditAlarm(), NtOpenObjectAuditAlarm(), NtPrivilegedServiceAuditAlarm(), and SepAccessCheckAndAuditAlarm().

◆ SeCheckPrivilegedObject()

BOOLEAN NTAPI SeCheckPrivilegedObject ( _In_ LUID  PrivilegeValue,
_In_ HANDLE  ObjectHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ KPROCESSOR_MODE  PreviousMode 
)

Checks a privileged object if such object has the specific privilege submitted by the caller.

Parameters
[in]PrivilegeValueA privilege to be checked against the one from the object.
[in]ObjectHandleA handle to any kind of object.
[in]DesiredAccessDesired access right mask requested by the caller.
[in]PreviousModeProcessor level access mode.
Returns
Returns TRUE if the privilege is present, FALSE otherwise.

Definition at line 803 of file priv.c.

808 {
810  PRIVILEGE_SET Priv;
811  BOOLEAN Result;
812 
813  PAGED_CODE();
814 
816 
817  Priv.PrivilegeCount = 1;
819  Priv.Privilege[0].Luid = PrivilegeValue;
821 
823  if (PreviousMode != KernelMode)
824  {
825 #if 0
826  SePrivilegeObjectAuditAlarm(ObjectHandle,
829  &PrivilegeValue,
830  Result,
831  PreviousMode);
832 #endif
833  }
834 
836 
837  return Result;
838 }
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
$ULONG Control
Definition: setypes.h:87
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
#define PRIVILEGE_SET_ALL_NECESSARY
Definition: setypes.h:83
unsigned char BOOLEAN
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
$ULONG PrivilegeCount
Definition: setypes.h:86
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
VOID NTAPI SePrivilegeObjectAuditAlarm(_In_ HANDLE Handle, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE CurrentMode)
Raises an audit with alarm notification message when an object tries to acquire this privilege.
Definition: audit.c:1321
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
Definition: subject.c:85
BOOLEAN NTAPI SePrivilegeCheck(_In_ PPRIVILEGE_SET Privileges, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a set of privileges exist and match within a security subject context.
Definition: priv.c:698
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]
Definition: setypes.h:88
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
Definition: subject.c:171
#define PAGED_CODE()

Referenced by NtSetInformationProcess(), and NtSetInformationThread().

◆ SeComputeQuotaInformationSize()

NTSTATUS NTAPI SeComputeQuotaInformationSize ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_Out_ PULONG  QuotaInfoSize 
)

◆ SeCopyClientToken()

NTSTATUS NTAPI SeCopyClientToken ( _In_ PACCESS_TOKEN  Token,
_In_ SECURITY_IMPERSONATION_LEVEL  Level,
_In_ KPROCESSOR_MODE  PreviousMode,
_Out_ PACCESS_TOKEN NewToken 
)

Copies an existing access token (technically duplicating a new one).

Parameters
[in]TokenToken to copy.
[in]LevelImpersonation security level to assign to the newly copied token.
[in]PreviousModeProcessor request level mode.
[out]NewTokenThe newly copied token.
Returns
Returns STATUS_SUCCESS when token copying has finished successfully. A failure NTSTATUS code is returned otherwise.

Definition at line 1296 of file token.c.

1301 {
1302  NTSTATUS Status;
1304 
1305  PAGED_CODE();
1306 
1308  NULL,
1309  0,
1310  NULL,
1311  NULL);
1312 
1315  FALSE,
1317  Level,
1318  PreviousMode,
1319  (PTOKEN*)NewToken);
1320 
1321  return Status;
1322 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR Level
Definition: wmitypes.h:55
#define FALSE
Definition: types.h:117
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define NULL
Definition: types.h:112
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Duplicates an access token, from an existing valid token.
Definition: tokenlif.c:471
#define PAGED_CODE()

Referenced by PsImpersonateClient(), and SepCreateClientSecurity().

◆ SeCreateAccessStateEx()

NTSTATUS NTAPI SeCreateAccessStateEx ( _In_ PETHREAD  Thread,
_In_ PEPROCESS  Process,
_In_ OUT PACCESS_STATE  AccessState,
_In_ PAUX_ACCESS_DATA  AuxData,
_In_ ACCESS_MASK  Access,
_In_ PGENERIC_MAPPING  GenericMapping 
)

◆ SeDeassignPrimaryToken()

VOID NTAPI SeDeassignPrimaryToken ( _Inout_ PEPROCESS  Process)

Removes the primary token of a process.

Parameters
[in,out]ProcessThe process instance with the access token to be removed.
Returns
Nothing.

Definition at line 936 of file token.c.

938 {
939  PTOKEN OldToken;
940 
941  /* Remove the Token */
942  OldToken = ObFastReplaceObject(&Process->Token, NULL);
943 
944  /* Mark the Old Token as free */
945  OldToken->TokenInUse = FALSE;
946 
947  /* Dereference the Token */
948  ObDereferenceObject(OldToken);
949 }
#define FALSE
Definition: types.h:117
PVOID FASTCALL ObFastReplaceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
BOOLEAN TokenInUse
Definition: setypes.h:242
#define ObDereferenceObject
Definition: obfuncs.h:203
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219

Referenced by PspDeleteProcessSecurity(), and SeAssignPrimaryToken().

◆ SeDefaultObjectMethod()

NTSTATUS NTAPI SeDefaultObjectMethod ( _In_ PVOID  Object,
_In_ SECURITY_OPERATION_CODE  OperationType,
_In_ PSECURITY_INFORMATION  SecurityInformation,
_Inout_opt_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_Inout_opt_ PULONG  ReturnLength,
_Inout_opt_ PSECURITY_DESCRIPTOR OldSecurityDescriptor,
_In_ POOL_TYPE  PoolType,
_In_ PGENERIC_MAPPING  GenericMapping 
)

◆ SeDetailedAuditingWithToken()

BOOLEAN NTAPI SeDetailedAuditingWithToken ( _In_ PTOKEN  Token)

Peforms a detailed security auditing with an access token.

@unimplemented

Parameters
[in]TokenA valid token object.
Returns
To be added...

Definition at line 34 of file audit.c.

36 {
37  /* FIXME */
38  return FALSE;
39 }
#define FALSE
Definition: types.h:117

Referenced by ObInitProcess(), PspCreateProcess(), and PspExitThread().

◆ SeExchangePrimaryToken()

NTSTATUS NTAPI SeExchangePrimaryToken ( _In_ PEPROCESS  Process,
_In_ PACCESS_TOKEN  NewAccessToken,
_Out_ PACCESS_TOKEN OldAccessToken 
)

Replaces the old access token of a process (pointed by the EPROCESS kernel structure) with a new access token. The new access token must be a primary token for use.

Parameters
[in]ProcessThe process instance where its access token is about to be replaced.
[in]NewAccessTokenThe new token that it's going to replace the old one.
[out]OldAccessTokenThe returned old token that's been replaced, which the caller can do anything.
Returns
Returns STATUS_SUCCESS if the exchange operation between tokens has completed successfully. STATUS_BAD_TOKEN_TYPE is returned if the new token is not a primary one so that we cannot exchange it with the old one from the process. STATUS_TOKEN_ALREADY_IN_USE is returned if both tokens aren't equal which means one of them has different properties (groups, privileges, etc.) and as such one of them is currently in use. A failure NTSTATUS code is returned otherwise.

Definition at line 846 of file token.c.

850 {
851  PTOKEN OldToken;
852  PTOKEN NewToken = (PTOKEN)NewAccessToken;
853 
854  PAGED_CODE();
855 
856  if (NewToken->TokenType != TokenPrimary)
857  return STATUS_BAD_TOKEN_TYPE;
858 
859  if (NewToken->TokenInUse)
860  {
863 
864  /* Maybe we're trying to set the same token */
865  OldToken = PsReferencePrimaryToken(Process);
866  if (OldToken == NewToken)
867  {
868  /* So it's a nop. */
869  *OldAccessToken = OldToken;
870  return STATUS_SUCCESS;
871  }
872 
873  Status = SepCompareTokens(OldToken, NewToken, &IsEqual);
874  if (!NT_SUCCESS(Status))
875  {
876  PsDereferencePrimaryToken(OldToken);
877  *OldAccessToken = NULL;
878  return Status;
879  }
880 
881  if (!IsEqual)
882  {
883  PsDereferencePrimaryToken(OldToken);
884  *OldAccessToken = NULL;
886  }
887  /* Silently return STATUS_SUCCESS but do not set the new token,
888  * as it's already in use elsewhere. */
889  *OldAccessToken = OldToken;
890  return STATUS_SUCCESS;
891  }
892 
893  /* Lock the new token */
895 
896  /* Mark new token in use */
897  NewToken->TokenInUse = TRUE;
898 
899  /* Set the session ID for the new token */
900  NewToken->SessionId = MmGetSessionId(Process);
901 
902  /* Unlock the new token */
903  SepReleaseTokenLock(NewToken);
904 
905  /* Reference the new token */
906  ObReferenceObject(NewToken);
907 
908  /* Replace the old with the new */
909  OldToken = ObFastReplaceObject(&Process->Token, NewToken);
910 
911  /* Lock the old token */
913 
914  /* Mark the old token as free */
915  OldToken->TokenInUse = FALSE;
916 
917  /* Unlock the old token */
918  SepReleaseTokenLock(OldToken);
919 
920  *OldAccessToken = (PACCESS_TOKEN)OldToken;
921  return STATUS_SUCCESS;
922 }
TOKEN_TYPE TokenType
Definition: setypes.h:239
#define SepAcquireTokenLockExclusive(Token)
Definition: se.h:275
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
PVOID PACCESS_TOKEN
Definition: setypes.h:11
#define FALSE
Definition: types.h:117
unsigned char BOOLEAN
#define STATUS_BAD_TOKEN_TYPE
Definition: ntstatus.h:404
ULONG SessionId
Definition: setypes.h:225
Status
Definition: gdiplustypes.h:24
PVOID FASTCALL ObFastReplaceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
BOOLEAN TokenInUse
Definition: setypes.h:242
static NTSTATUS SepCompareTokens(_In_ PTOKEN FirstToken, _In_ PTOKEN SecondToken, _Out_ PBOOLEAN Equal)
Compares tokens if they're equal based on all the following properties. If all of the said conditions...
Definition: token.c:243
#define STATUS_TOKEN_ALREADY_IN_USE
Definition: ntstatus.h:535
#define SepReleaseTokenLock(Token)
Definition: se.h:286
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
struct _TOKEN * PTOKEN
#define NULL
Definition: types.h:112
VOID NTAPI PsDereferencePrimaryToken(IN PACCESS_TOKEN PrimaryToken)
Definition: security.c:902
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
#define ObReferenceObject
Definition: obfuncs.h:204
ULONG NTAPI MmGetSessionId(IN PEPROCESS Process)
Definition: session.c:179
#define STATUS_SUCCESS
Definition: shellext.h:65
#define PAGED_CODE()

Referenced by PspAssignPrimaryToken().

◆ SeFastTraverseCheck()

BOOLEAN NTAPI SeFastTraverseCheck ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PACCESS_STATE  AccessState,
_In_ ACCESS_MASK  DesiredAccess,
_In_ KPROCESSOR_MODE  AccessMode 
)

Determines whether security access rights can be given to an object depending on the security descriptor. Unlike the regular access check procedure in the NT kernel, the fast traverse check is a faster way to quickly check if access can be made into an object.

Parameters
[in]SecurityDescriptorSecurity descriptor of the object that is being accessed.
[in]AccessStateAn access state to determine if the access token in the current security context of the object is an restricted token.
[in]DesiredAccessThe access right bitmask where the calling thread wants to acquire.
[in]AccessModeProcess level request mode.
Returns
Returns TRUE if access onto the specific object is allowed, FALSE otherwise.

Definition at line 1047 of file accesschk.c.

1052 {
1053  PACL Dacl;
1054  ULONG AceIndex;
1055  PKNOWN_ACE Ace;
1056 
1057  PAGED_CODE();
1058 
1060 
1061  if (SecurityDescriptor == NULL)
1062  return FALSE;
1063 
1064  /* Get DACL */
1066  /* If no DACL, grant access */
1067  if (Dacl == NULL)
1068  return TRUE;
1069 
1070  /* No ACE -> Deny */
1071  if (!Dacl->AceCount)
1072  return FALSE;
1073 
1074  /* Can't perform the check on restricted token */
1075  if (AccessState->Flags & TOKEN_IS_RESTRICTED)
1076  return FALSE;
1077 
1078  /* Browse the ACEs */
1079  for (AceIndex = 0, Ace = (PKNOWN_ACE)((ULONG_PTR)Dacl + sizeof(ACL));
1080  AceIndex < Dacl->AceCount;
1081  AceIndex++, Ace = (PKNOWN_ACE)((ULONG_PTR)Ace + Ace->Header.AceSize))
1082  {
1083  if (Ace->Header.AceFlags & INHERIT_ONLY_ACE)
1084  continue;
1085 
1086  /* If access-allowed ACE */
1087  if (Ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE)
1088  {
1089  /* Check if all accesses are granted */
1090  if (!(Ace->Mask & DesiredAccess))
1091  continue;
1092 
1093  /* Check SID and grant access if matching */
1094  if (RtlEqualSid(SeWorldSid, &(Ace->SidStart)))
1095  return TRUE;
1096  }
1097  /* If access-denied ACE */
1098  else if (Ace->Header.AceType == ACCESS_DENIED_ACE_TYPE)
1099  {
1100  /* Here, only check if it denies any access wanted and deny if so */
1101  if (Ace->Mask & DesiredAccess)
1102  return FALSE;
1103  }
1104  }
1105 
1106  /* Faulty, deny */
1107  return FALSE;
1108 }
struct _KNOWN_ACE * PKNOWN_ACE
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
Definition: se.h:14
#define TRUE
Definition: types.h:120
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
uint32_t ULONG_PTR
Definition: typedefs.h:65
#define FALSE
Definition: types.h:117
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
Definition: card.h:12
#define ASSERT(a)
Definition: mode.c:44
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:717
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:718
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1579
_In_ ULONG AceIndex
Definition: rtlfuncs.h:1862
PSID SeWorldSid
Definition: sid.c:25
#define NULL
Definition: types.h:112
unsigned int ULONG
Definition: retypes.h:1
FORCEINLINE PACL SepGetDaclFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:119
#define INHERIT_ONLY_ACE
Definition: setypes.h:749
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
#define TOKEN_IS_RESTRICTED
Definition: setypes.h:1179
#define PAGED_CODE()

Referenced by IopParseDevice(), and ObpCheckTraverseAccess().

◆ SeGetLogonIdDeviceMap()

NTSTATUS NTAPI SeGetLogonIdDeviceMap ( _In_ PLUID  LogonId,
_Out_ PDEVICE_MAP DeviceMap 
)

Retrieves the DOS device map from a logon session.

Parameters
[in]LogonIdA valid logon session ID.
[out]DeviceMapThe returned device map buffer from the logon session.
Returns
Returns STATUS_SUCCESS if the device map could be gathered from the logon session. STATUS_INVALID_PARAMETER is returned if one of the parameters aren't initialized (that is, the caller has submitted a NULL pointer variable). STATUS_NO_SUCH_LOGON_SESSION is returned if no such session could be found. A failure NTSTATUS code is returned otherwise.

Definition at line 1347 of file srm.c.

1350 {
1351  NTSTATUS Status;
1352  WCHAR Buffer[63];
1353  PDEVICE_MAP LocalMap;
1354  HANDLE DirectoryHandle, LinkHandle;
1356  PSEP_LOGON_SESSION_REFERENCES CurrentSession;
1357  UNICODE_STRING DirectoryName, LinkName, TargetName;
1358 
1359  PAGED_CODE();
1360 
1361  if (LogonId == NULL ||
1362  DeviceMap == NULL)
1363  {
1364  return STATUS_INVALID_PARAMETER;
1365  }
1366 
1367  /* Acquire the database lock */
1369 
1370  /* Loop all existing sessions */
1371  for (CurrentSession = SepLogonSessions;
1372  CurrentSession != NULL;
1373  CurrentSession = CurrentSession->Next)
1374  {
1375  /* Check if the LUID matches the provided one */
1376  if (RtlEqualLuid(&CurrentSession->LogonId, LogonId))
1377  {
1378  break;
1379  }
1380  }
1381 
1382  /* No session found, fail */
1383  if (CurrentSession == NULL)
1384  {
1385  /* Release the database lock */
1387 
1389  }
1390 
1391  /* The found session has a device map, return it! */
1392  if (CurrentSession->pDeviceMap != NULL)
1393  {
1394  *DeviceMap = CurrentSession->pDeviceMap;
1395 
1396  /* Release the database lock */
1398 
1399  return STATUS_SUCCESS;
1400  }
1401 
1402  /* At that point, we'll setup a new device map for the session */
1403  LocalMap = NULL;
1404 
1405  /* Reference the session so that it doesn't go away */
1406  CurrentSession->ReferenceCount += 1;
1407 
1408  /* Release the database lock */
1410 
1411  /* Create our object directory given the LUID */
1413  sizeof(Buffer) / sizeof(WCHAR),
1414  L"\\Sessions\\0\\DosDevices\\%08x-%08x",
1415  LogonId->HighPart,
1416  LogonId->LowPart);
1417  RtlInitUnicodeString(&DirectoryName, Buffer);
1418 
1420  &DirectoryName,
1422  NULL,
1423  NULL);
1426  &ObjectAttributes);
1427  if (NT_SUCCESS(Status))
1428  {
1429  /* Create the associated device map */
1431  if (NT_SUCCESS(Status))
1432  {
1433  /* Make Global point to \Global?? in the directory */
1434  RtlInitUnicodeString(&LinkName, L"Global");
1435  RtlInitUnicodeString(&TargetName, L"\\Global??");
1436 
1438  &LinkName,
1441  NULL);
1442  Status = ZwCreateSymbolicLinkObject(&LinkHandle,
1445  &TargetName);
1446  if (!NT_SUCCESS(Status))
1447  {
1448  ObfDereferenceDeviceMap(LocalMap);
1449  }
1450  else
1451  {
1452  ZwClose(LinkHandle);
1453  }
1454  }
1455 
1457  }
1458 
1459  /* Acquire the database lock */
1461 
1462  /* If we succeed... */
1463  if (NT_SUCCESS(Status))
1464  {
1465  /* The session now has a device map? We raced with someone else */
1466  if (CurrentSession->pDeviceMap != NULL)
1467  {
1468  /* Give up on our new device map */
1469  ObfDereferenceDeviceMap(LocalMap);
1470  }
1471  /* Otherwise use our newly allocated device map */
1472  else
1473  {
1474  CurrentSession->pDeviceMap = LocalMap;
1475  }
1476 
1477  /* Return the device map */
1478  *DeviceMap = CurrentSession->pDeviceMap;
1479  }
1480  /* Zero output */
1481  else
1482  {
1483  *DeviceMap = NULL;
1484  }
1485 
1486  /* Release the database lock */
1488 
1489  /* We're done with the session */
1490  SepRmDereferenceLogonSession(&CurrentSession->LogonId);
1491 
1492  return Status;
1493 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
#define STATUS_NO_SUCH_LOGON_SESSION
Definition: ntstatus.h:331
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
NTSYSAPI NTSTATUS NTAPI ZwClose(_In_ HANDLE Handle)
VOID FASTCALL ObfDereferenceDeviceMap(IN PDEVICE_MAP DeviceMap)
Definition: devicemap.c:477
LONG NTSTATUS
Definition: precomp.h:26
static HANDLE DirectoryHandle
Definition: ObType.c:48
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
#define SYMBOLIC_LINK_ALL_ACCESS
Definition: nt_native.h:1267
#define OBJ_OPENIF
Definition: winternl.h:229
#define L(x)
Definition: ntvdm.h:50
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
NTSTATUS NTAPI ObSetDirectoryDeviceMap(OUT PDEVICE_MAP *DeviceMap, IN HANDLE DirectoryHandle)
Definition: devicemap.c:149
NTSYSAPI NTSTATUS NTAPI ZwCreateDirectoryObject(_Out_ PHANDLE DirectoryHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
int _snwprintf(wchar_t *buffer, size_t count, const wchar_t *format,...)
Definition: bufpool.h:45
Status
Definition: gdiplustypes.h:24
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSYSAPI NTSTATUS NTAPI ZwCreateSymbolicLinkObject(_Out_ PHANDLE SymbolicLinkHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PUNICODE_STRING Name)
struct _SEP_LOGON_SESSION_REFERENCES * Next
Definition: setypes.h:169
#define OBJ_PERMANENT
Definition: winternl.h:226
WCHAR TargetName[256]
Definition: arping.c:27
#define DIRECTORY_ALL_ACCESS
Definition: nt_native.h:1259
PSEP_LOGON_SESSION_REFERENCES SepLogonSessions
Definition: srm.c:62
#define NULL
Definition: types.h:112
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
#define STATUS_SUCCESS
Definition: shellext.h:65
NTSTATUS SepRmDereferenceLogonSession(_In_ PLUID LogonLuid)
De-references a logon session. If the session has a reference count of 0 by the time the function has...
Definition: srm.c:1008
#define PAGED_CODE()
KGUARDED_MUTEX SepRmDbLock
Definition: srm.c:61

Referenced by ObpReferenceDeviceMap(), and ObpSetCurrentProcessDeviceMap().

◆ SeGetTokenControlInformation()

VOID NTAPI SeGetTokenControlInformation ( _In_ PACCESS_TOKEN  _Token,
_Out_ PTOKEN_CONTROL  TokenControl 
)

Retrieves token control information.

Parameters
[in]_TokenA valid token object.
[out]SecurityDescriptorThe returned token control information.
Returns
Nothing.

Definition at line 1474 of file token.c.

1477 {
1478  PTOKEN Token = _Token;
1479  PAGED_CODE();
1480 
1481  /* Capture the main fields */
1482  TokenControl->AuthenticationId = Token->AuthenticationId;
1483  TokenControl->TokenId = Token->TokenId;
1484  TokenControl->TokenSource = Token->TokenSource;
1485 
1486  /* Lock the token */
1488 
1489  /* Capture the modified ID */
1490  TokenControl->ModifiedId = Token->ModifiedId;
1491 
1492  /* Unlock it */
1494 }
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define SepReleaseTokenLock(Token)
Definition: se.h:286
#define SepAcquireTokenLockShared(Token)
Definition: se.h:280
#define PAGED_CODE()

Referenced by SepCreateClientSecurity().

◆ SeInitializeProcessAuditName()

NTSTATUS NTAPI SeInitializeProcessAuditName ( _In_ PFILE_OBJECT  FileObject,
_In_ BOOLEAN  DoAudit,
_Out_ POBJECT_NAME_INFORMATION AuditInfo 
)

Initializes a process audit name and returns it to the caller.

Parameters
[in]FileObjectFile object that points to a name to be queried.
[in]DoAuditIf set to TRUE, the function will perform various security auditing onto the audit name.
[out]AuditInfoThe returned audit info data.
Returns
Returns STATUS_SUCCESS if process audit name initialization has completed successfully. STATUS_NO_MEMORY is returned if pool allocation for object name info has failed. A failure NTSTATUS code is returned otherwise.

Definition at line 105 of file audit.c.

109 {
110  OBJECT_NAME_INFORMATION LocalNameInfo;
111  POBJECT_NAME_INFORMATION ObjectNameInfo = NULL;
112  ULONG ReturnLength = 8;
114 
115  PAGED_CODE();
116  ASSERT(AuditInfo);
117 
118  /* Check if we should do auditing */
119  if (DoAudit)
120  {
121  /* FIXME: TODO */
122  }
123 
124  /* Now query the name */
126  &LocalNameInfo,
127  sizeof(LocalNameInfo),
128  &ReturnLength);
129  if (((Status == STATUS_BUFFER_OVERFLOW) ||
132  (ReturnLength != sizeof(LocalNameInfo)))
133  {
134  /* Allocate required size */
135  ObjectNameInfo = ExAllocatePoolWithTag(NonPagedPool,
136  ReturnLength,
137  TAG_SEPA);
138  if (ObjectNameInfo)
139  {
140  /* Query the name again */
142  ObjectNameInfo,
143  ReturnLength,
144  &ReturnLength);
145  }
146  }
147 
148  /* Check if we got here due to failure */
149  if ((ObjectNameInfo) &&
150  (!(NT_SUCCESS(Status)) || (ReturnLength == sizeof(LocalNameInfo))))
151  {
152  /* First, free any buffer we might've allocated */
153  ASSERT(FALSE);
154  if (ObjectNameInfo) ExFreePool(ObjectNameInfo);
155 
156  /* Now allocate a temporary one */
158  ObjectNameInfo = ExAllocatePoolWithTag(NonPagedPool,
159  sizeof(OBJECT_NAME_INFORMATION),
160  TAG_SEPA);
161  if (ObjectNameInfo)
162  {
163  /* Clear it */
164  RtlZeroMemory(ObjectNameInfo, ReturnLength);
166  }
167  }
168 
169  /* Check if memory allocation failed */
170  if (!ObjectNameInfo) Status = STATUS_NO_MEMORY;
171 
172  /* Return the audit name */
173  *AuditInfo = ObjectNameInfo;
174 
175  /* Return status */
176  return Status;
177 }
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:39
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133
LONG NTSTATUS
Definition: precomp.h:26
NTSTATUS NTAPI ObQueryNameString(IN PVOID Object, OUT POBJECT_NAME_INFORMATION ObjectNameInfo, IN ULONG Length, OUT PULONG ReturnLength)
Definition: obname.c:1207
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
#define FALSE
Definition: types.h:117
struct _OBJECT_NAME_INFORMATION OBJECT_NAME_INFORMATION
_In_ WDFREQUEST _In_ WDFFILEOBJECT FileObject
Definition: wdfdevice.h:547
Status
Definition: gdiplustypes.h:24
#define ASSERT(a)
Definition: mode.c:44
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
#define STATUS_BUFFER_OVERFLOW
Definition: shellext.h:66
#define STATUS_NO_MEMORY
Definition: ntstatus.h:260
#define NULL
Definition: types.h:112
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
#define TAG_SEPA
Definition: tag.h:153
#define STATUS_SUCCESS
Definition: shellext.h:65
#define ExFreePool(addr)
Definition: env_spec_w32.h:352
#define PAGED_CODE()

Referenced by MmInitializeProcessAddressSpace(), and SeLocateProcessImageName().

◆ SeInitSystem()

BOOLEAN NTAPI SeInitSystem ( VOID  )

Main security manager initialization function.

Returns
Returns a boolean value according to the phase initialization routine that handles it. If TRUE, the routine deems the initialization phase as complete, FALSE otherwise.

Definition at line 285 of file semgr.c.

286 {
287  /* Check the initialization phase */
288  switch (ExpInitializationPhase)
289  {
290  case 0:
291 
292  /* Do Phase 0 */
293  return SepInitializationPhase0();
294 
295  case 1:
296 
297  /* Do Phase 1 */
298  return SepInitializationPhase1();
299 
300  default:
301 
302  /* Don't know any other phase! Bugcheck! */
303  KeBugCheckEx(UNEXPECTED_INITIALIZATION_CALL,
304  0,
306  0,
307  0);
308  return FALSE;
309  }
310 }
BOOLEAN NTAPI SepInitializationPhase0(VOID)
Handles the phase 0 procedure of the SRM initialization.
Definition: semgr.c:115
#define FALSE
Definition: types.h:117
ULONG ExpInitializationPhase
Definition: init.c:68
BOOLEAN NTAPI SepInitializationPhase1(VOID)
Handles the phase 1 procedure of the SRM initialization.
Definition: semgr.c:168
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
Definition: rtlcompat.c:108

Referenced by ExpInitializeExecutive(), and Phase1InitializationDiscard().

◆ SeIsTokenChild()

NTSTATUS NTAPI SeIsTokenChild ( _In_ PTOKEN  Token,
_Out_ PBOOLEAN  IsChild 
)

Checks if the token is a child of the other token of the current process that the calling thread is invoking this function.

Parameters
[in]TokenAn access token to determine if it's a child or not.
[out]IsChildThe returned boolean result.
Returns
Returns STATUS_SUCCESS when the function finishes its operation. STATUS_UNSUCCESSFUL is returned if primary token of the current calling process couldn't be referenced otherwise.

Definition at line 1187 of file token.c.

1190 {
1191  PTOKEN ProcessToken;
1192  LUID ProcessTokenId, CallerParentId;
1193 
1194  /* Assume failure */
1195  *IsChild = FALSE;
1196 
1197  /* Reference the process token */
1198  ProcessToken = PsReferencePrimaryToken(PsGetCurrentProcess());
1199  if (!ProcessToken)
1200  return STATUS_UNSUCCESSFUL;
1201 
1202  /* Get its token ID */
1203  ProcessTokenId = ProcessToken->TokenId;
1204 
1205  /* Dereference the token */
1207 
1208  /* Get our parent token ID */
1209  CallerParentId = Token->ParentTokenId;
1210 
1211  /* Compare the token IDs */
1212  if (RtlEqualLuid(&CallerParentId, &ProcessTokenId))
1213  *IsChild = TRUE;
1214 
1215  /* Return success */
1216  return STATUS_SUCCESS;
1217 }
#define TRUE
Definition: types.h:120
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define FALSE
Definition: types.h:117
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
#define PsGetCurrentProcess
Definition: psfuncs.h:17
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
LUID TokenId
Definition: setypes.h:218
BOOL WINAPI IsChild(_In_ HWND, _In_ HWND)
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:167
#define STATUS_SUCCESS
Definition: shellext.h:65

Referenced by PspSetPrimaryToken().

◆ SeIsTokenSibling()

NTSTATUS NTAPI SeIsTokenSibling ( _In_ PTOKEN  Token,
_Out_ PBOOLEAN  IsSibling 
)

Checks if the token is a sibling of the other token of the current process that the calling thread is invoking this function.

Parameters
[in]TokenAn access token to determine if it's a sibling or not.
[out]IsSiblingThe returned boolean result.
Returns
Returns STATUS_SUCCESS when the function finishes its operation. STATUS_UNSUCCESSFUL is returned if primary token of the current calling process couldn't be referenced otherwise.

Definition at line 1236 of file token.c.

1239 {
1240  PTOKEN ProcessToken;
1241  LUID ProcessParentId, ProcessAuthId;
1242  LUID CallerParentId, CallerAuthId;
1243 
1244  /* Assume failure */
1245  *IsSibling = FALSE;
1246 
1247  /* Reference the process token */
1248  ProcessToken = PsReferencePrimaryToken(PsGetCurrentProcess());
1249  if (!ProcessToken)
1250  return STATUS_UNSUCCESSFUL;
1251 
1252  /* Get its parent and authentication IDs */
1253  ProcessParentId = ProcessToken->ParentTokenId;
1254  ProcessAuthId = ProcessToken->AuthenticationId;
1255 
1256  /* Dereference the token */
1258 
1259  /* Get our parent and authentication IDs */
1260  CallerParentId = Token->ParentTokenId;
1261  CallerAuthId = Token->AuthenticationId;
1262 
1263  /* Compare the token IDs */
1264  if (RtlEqualLuid(&CallerParentId, &ProcessParentId) &&
1265  RtlEqualLuid(&CallerAuthId, &ProcessAuthId))
1266  {
1267  *IsSibling = TRUE;
1268  }
1269 
1270  /* Return success */
1271  return STATUS_SUCCESS;
1272 }
#define TRUE
Definition: types.h:120
LUID AuthenticationId
Definition: setypes.h:219
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define FALSE
Definition: types.h:117
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
#define PsGetCurrentProcess
Definition: psfuncs.h:17
LUID ParentTokenId
Definition: setypes.h:220
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:167
#define STATUS_SUCCESS
Definition: shellext.h:65

Referenced by PspSetPrimaryToken().

◆ SepCaptureAcl()

NTSTATUS NTAPI SepCaptureAcl ( _In_ PACL  InputAcl,
_In_ KPROCESSOR_MODE  AccessMode,
_In_ POOL_TYPE  PoolType,
_In_ BOOLEAN  CaptureIfKernel,
_Out_ PACL CapturedAcl 
)

Captures an access control list from an already valid input ACL.

Parameters
[in]InputAclA valid ACL.
[in]AccessModeProcessor level access mode. The processor mode determines how the input arguments are probed.
[in]PoolTypePool type for new captured ACL for creation. The pool type determines in which memory pool the ACL data should reside.
[in]CaptureIfKernelIf set to TRUE and the processor access mode being KernelMode, we are capturing an ACL directly in the kernel. Otherwise we are capturing within a kernel mode driver.
[out]CapturedAclThe returned and allocated captured ACL.
Returns
Returns STATUS_SUCCESS if the ACL has been successfully captured. STATUS_INSUFFICIENT_RESOURCES is returned otherwise.

Definition at line 352 of file acl.c.

358 {
359  PACL NewAcl;
360  ULONG AclSize;
361 
362  PAGED_CODE();
363 
364  /* If in kernel mode and we do not capture, just
365  * return the given ACL and don't validate it. */
366  if ((AccessMode == KernelMode) && !CaptureIfKernel)
367  {
368  *CapturedAcl = InputAcl;
369  return STATUS_SUCCESS;
370  }
371 
372  /* Otherwise, capture and validate the ACL, depending on the access mode */
373  if (AccessMode != KernelMode)
374  {
375  _SEH2_TRY
376  {
377  ProbeForRead(InputAcl,
378  sizeof(ACL),
379  sizeof(ULONG));
380  AclSize = InputAcl->AclSize;
381  ProbeForRead(InputAcl,
382  AclSize,
383  sizeof(ULONG));
384  }
386  {
387  /* Return the exception code */
389  }
390  _SEH2_END;
391 
392  /* Validate the minimal size an ACL can have */
393  if (AclSize < sizeof(ACL))
394  return STATUS_INVALID_ACL;
395 
397  AclSize,
398  TAG_ACL);
399  if (!NewAcl)
401 
402  _SEH2_TRY
403  {
404  RtlCopyMemory(NewAcl, InputAcl, AclSize);
405  }
407  {
408  /* Free the ACL and return the exception code */
409  ExFreePoolWithTag(NewAcl, TAG_ACL);
411  }
412  _SEH2_END;
413  }
414  else
415  {
416  AclSize = InputAcl->AclSize;
417 
418  /* Validate the minimal size an ACL can have */
419  if (AclSize < sizeof(ACL))
420  return STATUS_INVALID_ACL;
421 
423  AclSize,
424  TAG_ACL);
425  if (!NewAcl)
427 
428  RtlCopyMemory(NewAcl, InputAcl, AclSize);
429  }
430 
431  /* Validate the captured ACL */
432  if (!RtlValidAcl(NewAcl))
433  {
434  /* Free the ACL and fail */
435  ExFreePoolWithTag(NewAcl, TAG_ACL);
436  return STATUS_INVALID_ACL;
437  }
438 
439  /* It's valid, return it */
440  *CapturedAcl = NewAcl;
441  return STATUS_SUCCESS;
442 }
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_SEH2_TRY
Definition: create.c:4226
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
BOOLEAN NTAPI RtlValidAcl(IN PACL Acl)
Definition: acl.c:837
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
#define TAG_ACL
Definition: tag.h:148
_SEH2_END
Definition: create.c:4400
#define STATUS_INVALID_ACL
Definition: ntstatus.h:355
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
unsigned int ULONG
Definition: retypes.h:1
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define PAGED_CODE()

Referenced by NtCreateToken(), and NtSetInformationToken().

◆ SepCaptureSecurityQualityOfService()

NTSTATUS NTAPI SepCaptureSecurityQualityOfService ( _In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ KPROCESSOR_MODE  AccessMode,
_In_ POOL_TYPE  PoolType,
_In_ BOOLEAN  CaptureIfKernel,
_Out_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService,
_Out_ PBOOLEAN  Present 
)

Captures the security quality of service data given the object attributes from an object.

Parameters
[in]ObjectAttributesAttributes of an object where SQOS is to be retrieved. If the caller doesn't fill object attributes to the function, it automatically assumes SQOS is not present, or if, there's no SQOS present in the object attributes list of the object itself.
[in]AccessModeProcessor access mode.
[in]PoolTypeThe pool type for the captured SQOS to be used for allocation.
[in]CaptureIfKernelCapture access condition. To be set to TRUE if the capture is done within the kernel, FALSE if the capture is done in a kernel mode driver or user mode otherwise.
[out]CapturedSecurityQualityOfServiceThe captured SQOS data from the object.
[out]PresentReturns TRUE if SQOS is present in an object, FALSE otherwise. FALSE is also immediately returned if no object attributes is given to the call.
Returns
STATUS_SUCCESS if SQOS from the object has been fully and successfully captured. STATUS_INVALID_PARAMETER if the caller submits an invalid object attributes list. STATUS_INSUFFICIENT_RESOURCES if the function has failed to allocate some resources in the pool for the captured SQOS. A failure NTSTATUS code is returned otherwise.

Definition at line 52 of file sqos.c.

59 {
60  PSECURITY_QUALITY_OF_SERVICE CapturedQos;
62 
63  PAGED_CODE();
64 
65  ASSERT(CapturedSecurityQualityOfService);
66  ASSERT(Present);
67 
68  if (ObjectAttributes != NULL)
69  {
70  if (AccessMode != KernelMode)
71  {
73 
74  _SEH2_TRY
75  {
77  sizeof(OBJECT_ATTRIBUTES),
78  sizeof(ULONG));
80  {
81  if (ObjectAttributes->SecurityQualityOfService != NULL)
82  {
83  ProbeForRead(ObjectAttributes->SecurityQualityOfService,
85  sizeof(ULONG));
86 
87  if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
89  {
90  /*
91  * Don't allocate memory here because ExAllocate should bugcheck
92  * the system if it's buggy, SEH would catch that! So make a local
93  * copy of the qos structure.
94  */
95  RtlCopyMemory(&SafeQos,
96  ObjectAttributes->SecurityQualityOfService,
98  *Present = TRUE;
99  }
100  else
101  {
103  }
104  }
105  else
106  {
107  *CapturedSecurityQualityOfService = NULL;
108  *Present = FALSE;
109  }
110  }
111  else
112  {
114  }
115  }
117  {
119  }
120  _SEH2_END;
121 
122  if (NT_SUCCESS(Status))
123  {
124  if (*Present)
125  {
126  CapturedQos = ExAllocatePoolWithTag(PoolType,
128  TAG_QOS);
129  if (CapturedQos != NULL)
130  {
131  RtlCopyMemory(CapturedQos,
132  &SafeQos,
134  *CapturedSecurityQualityOfService = CapturedQos;
135  }
136  else
137  {
139  }
140  }
141  else
142  {
143  *CapturedSecurityQualityOfService = NULL;
144  }
145  }
146  }
147  else
148  {
149  if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
150  {
151  if (CaptureIfKernel)
152  {
153  if (ObjectAttributes->SecurityQualityOfService != NULL)
154  {
155  if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
157  {
158  CapturedQos = ExAllocatePoolWithTag(PoolType,
160  TAG_QOS);
161  if (CapturedQos != NULL)
162  {
163  RtlCopyMemory(CapturedQos,
164  ObjectAttributes->SecurityQualityOfService,
166  *CapturedSecurityQualityOfService = CapturedQos;
167  *Present = TRUE;
168  }
169  else
170  {
172  }
173  }
174  else
175  {
177  }
178  }
179  else
180  {
181  *CapturedSecurityQualityOfService = NULL;
182  *Present = FALSE;
183  }
184  }
185  else
186  {
187  *CapturedSecurityQualityOfService = (PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService;
188  *Present = (ObjectAttributes->SecurityQualityOfService != NULL);
189  }
190  }
191  else
192  {
194  }
195  }
196  }
197  else
198  {
199  *CapturedSecurityQualityOfService = NULL;
200  *Present = FALSE;
201  }
202 
203  return Status;
204 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define TRUE
Definition: types.h:120
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
struct _SECURITY_QUALITY_OF_SERVICE * PSECURITY_QUALITY_OF_SERVICE
_SEH2_TRY
Definition: create.c:4226
#define FALSE
Definition: types.h:117
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
Status
Definition: gdiplustypes.h:24
#define ASSERT(a)
Definition: mode.c:44
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
_SEH2_END
Definition: create.c:4400
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
unsigned int ULONG
Definition: retypes.h:1
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define TAG_QOS
Definition: tag.h:151
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define PAGED_CODE()

Referenced by NtDuplicateToken().

◆ SepCaptureSid()

NTSTATUS NTAPI SepCaptureSid ( _In_ PSID  InputSid,
_In_ KPROCESSOR_MODE  AccessMode,
_In_ POOL_TYPE  PoolType,
_In_ BOOLEAN  CaptureIfKernel,
_Out_ PSID CapturedSid 
)

Captures a SID.

Parameters
[in]InputSidA valid security identifier to be captured.
[in]AccessModeProcessor level access mode.
[in]PoolTypePool memory type for the captured SID to assign upon allocation.
[in]CaptureIfKernelIf set to TRUE, the capturing is done within the kernel. Otherwise the capturing is done in a kernel mode driver.
[out]CapturedSidThe captured security identifier, returned to the caller.
Returns
Returns STATUS_SUCCESS if the SID was captured. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the captured SID has failed.

Definition at line 314 of file sid.c.

320 {
321  ULONG SidSize = 0;
322  PISID NewSid, Sid = (PISID)InputSid;
323 
324  PAGED_CODE();
325 
326  if (AccessMode != KernelMode)
327  {
328  _SEH2_TRY
329  {
330  ProbeForRead(Sid, FIELD_OFFSET(SID, SubAuthority), sizeof(UCHAR));
332  ProbeForRead(Sid, SidSize, sizeof(UCHAR));
333  }
335  {
336  /* Return the exception code */
338  }
339  _SEH2_END;
340 
341  /* Allocate a SID and copy it */
343  if (!NewSid)
345 
346  _SEH2_TRY
347  {
348  RtlCopyMemory(NewSid, Sid, SidSize);
349 
350  *CapturedSid = NewSid;
351  }
353  {
354  /* Free the SID and return the exception code */
357  }
358  _SEH2_END;
359  }
360  else if (!CaptureIfKernel)
361  {
362  *CapturedSid = InputSid;
363  }
364  else
365  {
367 
368  /* Allocate a SID and copy it */
370  if (NewSid == NULL)
372 
373  RtlCopyMemory(NewSid, Sid, SidSize);
374 
375  *CapturedSid = NewSid;
376  }
377 
378  return STATUS_SUCCESS;
379 }
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define TAG_SID
Definition: sid.c:15
_SEH2_TRY
Definition: create.c:4226
struct _SID * PISID
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1130
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
unsigned char UCHAR
Definition: xmlstorage.h:181
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
_SEH2_END
Definition: create.c:4400
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
unsigned int ULONG
Definition: retypes.h:1
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
_In_ PSID _In_ PSID NewSid
Definition: rtlfuncs.h:2813
#define PAGED_CODE()

Referenced by NtCreateToken(), NtSecureConnectPort(), NtSetInformationToken(), and SepAccessCheckAndAuditAlarm().

◆ SepComputeAvailableDynamicSpace()

ULONG SepComputeAvailableDynamicSpace ( _In_ ULONG  DynamicCharged,
_In_ PSID  PrimaryGroup,
_In_opt_ PACL  DefaultDacl 
)

Computes the exact available dynamic area of an access token whilst querying token statistics.

Parameters
[in]DynamicChargedThe current charged dynamic area of an access token. This must not be 0!
[in]PrimaryGroupA pointer to a primary group SID.
[in]DefaultDaclIf provided, this pointer points to a default DACL of an access token.
Returns
Returns the calculated available dynamic area.

Definition at line 659 of file token.c.

663 {
664  ULONG DynamicAvailable;
665 
666  PAGED_CODE();
667 
668  /* A token's dynamic area is always charged */
669  ASSERT(DynamicCharged != 0);
670 
671  /*
672  * Take into account the default DACL if
673  * the token has one. Otherwise the occupied
674  * space is just the present primary group.
675  */
676  DynamicAvailable = DynamicCharged - RtlLengthSid(PrimaryGroup);
677  if (DefaultDacl)
678  {
679  DynamicAvailable -= DefaultDacl->AclSize;
680  }
681 
682  return DynamicAvailable;
683 }
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1585
#define ASSERT(a)
Definition: mode.c:44
unsigned int ULONG
Definition: retypes.h:1
#define PAGED_CODE()

Referenced by NtQueryInformationToken(), and SeQueryInformationToken().

◆ SepCreateImpersonationTokenDacl()

NTSTATUS NTAPI SepCreateImpersonationTokenDacl ( _In_ PTOKEN  Token,
_In_ PTOKEN  PrimaryToken,
_Out_ PACL Dacl 
)

Allocates a discretionary access control list based on certain properties of a regular and primary access tokens.

Parameters
[in]TokenAn access token.
[in]PrimaryTokenA primary access token.
[out]DaclThe returned allocated DACL.
Returns
Returns STATUS_SUCCESS if DACL creation from tokens has completed successfully. STATUS_INSUFFICIENT_RESOURCES is returned if DACL allocation from memory pool fails otherwise.

Definition at line 277 of file acl.c.

281 {
283  PACL TokenDacl;
284 
285  PAGED_CODE();
286 
287  *Dacl = NULL;
288 
289  AclLength = sizeof(ACL) +
290  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
291  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
292  (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid)) +
293  (sizeof(ACE) + RtlLengthSid(Token->UserAndGroups->Sid)) +
294  (sizeof(ACE) + RtlLengthSid(PrimaryToken->UserAndGroups->Sid));
295 
297  if (TokenDacl == NULL)
298  {
300  }
301 
302  RtlCreateAcl(TokenDacl, AclLength, ACL_REVISION);
304  Token->UserAndGroups->Sid);
306  PrimaryToken->UserAndGroups->Sid);
311 
312  if (Token->RestrictedSids != NULL || PrimaryToken->RestrictedSids != NULL)
313  {
316  }
317 
318  *Dacl = TokenDacl;
319 
320  return STATUS_SUCCESS;
321 }
#define GENERIC_ALL
Definition: nt_native.h:92
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
PSID SeRestrictedCodeSid
Definition: sid.c:40
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
struct _ACL ACL
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1579
PSID SeAliasAdminsSid
Definition: sid.c:41
#define TAG_ACL
Definition: tag.h:148
NTSTATUS NTAPI RtlAddAccessAllowedAce(IN OUT PACL Acl, IN ULONG Revision, IN ACCESS_MASK AccessMask, IN PSID Sid)
Definition: acl.c:262
NTSTATUS NTAPI RtlCreateAcl(IN PACL Acl, IN ULONG AclSize, IN ULONG AclRevision)
Definition: acl.c:677
#define NULL
Definition: types.h:112
#define ACL_REVISION
Definition: setypes.h:39
PSID SeLocalSystemSid
Definition: sid.c:38
unsigned int ULONG
Definition: retypes.h:1
#define STATUS_SUCCESS
Definition: shellext.h:65
Definition: rtltypes.h:992
_In_ ULONG AclLength
Definition: rtlfuncs.h:1842
#define PAGED_CODE()

Referenced by NtOpenThreadTokenEx().

◆ SepCreateSystemAnonymousLogonToken()

PTOKEN SepCreateSystemAnonymousLogonToken ( VOID  )

Creates the anonymous logon token for the system. The difference between this token and the other one is the inclusion of everyone SID group (being SeWorldSid). The other token lacks such group.

Returns
Returns the system's anonymous logon token if the operations have completed successfully.

Definition at line 1657 of file token.c.

1658 {
1659  SID_AND_ATTRIBUTES Groups[32], UserSid;
1661  PTOKEN Token;
1662  ULONG GroupsLength;
1663  LARGE_INTEGER Expiration;
1665  NTSTATUS Status;
1666 
1667  /* The token never expires */
1668  Expiration.QuadPart = -1;
1669 
1670  /* The user is the anonymous logon */
1671  UserSid.Sid = SeAnonymousLogonSid;
1672  UserSid.Attributes = 0;
1673 
1674  /* The primary group is also the anonymous logon */
1676 
1677  /* The only group for the token is the World */
1678  Groups[0].Sid = SeWorldSid;
1680  GroupsLength = sizeof(SID_AND_ATTRIBUTES) +
1681  SeLengthSid(Groups[0].Sid);
1682  ASSERT(GroupsLength <= sizeof(Groups));
1683 
1684  /* Initialise the object attributes for the token */
1687 
1688  /* Create token */
1690  KernelMode,
1691  0,
1693  TokenPrimary,
1696  &Expiration,
1697  &UserSid,
1698  1,
1699  Groups,
1700  GroupsLength,
1701  0,
1702  NULL,
1703  NULL,
1704  PrimaryGroup,
1707  TRUE);
1709 
1710  /* Return the anonymous logon token */
1711  return Token;
1712 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Internal function responsible for access token object creation in the kernel. A fully created token o...
Definition: tokenlif.c:97
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
TOpcodeData Groups[17][8]
LUID SeAnonymousAuthenticationId
Definition: token.c:21
#define SE_GROUP_ENABLED_BY_DEFAULT
Definition: setypes.h:91
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1130
Status
Definition: gdiplustypes.h:24
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1585
#define ASSERT(a)
Definition: mode.c:44
#define SE_GROUP_ENABLED
Definition: setypes.h:92
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
#define SE_GROUP_MANDATORY
Definition: setypes.h:90
TOKEN_SOURCE SeSystemTokenSource
Definition: token.c:19
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
PSID SeWorldSid
Definition: sid.c:25
#define NULL
Definition: types.h:112
unsigned int ULONG
Definition: retypes.h:1
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
PSID SeAnonymousLogonSid
Definition: se.h:203
#define STATUS_SUCCESS
Definition: shellext.h:65
#define SeLengthSid(Sid)
Definition: sefuncs.h:570
PACL SeSystemAnonymousLogonDacl
Definition: acl.c:22
LONGLONG QuadPart
Definition: typedefs.h:114

Referenced by SepInitializationPhase0().

◆ SepCreateSystemAnonymousLogonTokenNoEveryone()

PTOKEN SepCreateSystemAnonymousLogonTokenNoEveryone ( VOID  )

Creates the anonymous logon token for the system. This kind of token doesn't include the everyone SID group (being SeWorldSid).

Returns
Returns the system's anonymous logon token if the operations have completed successfully.

Definition at line 1725 of file token.c.

1726 {
1727  SID_AND_ATTRIBUTES UserSid;
1729  PTOKEN Token;
1730  LARGE_INTEGER Expiration;
1732  NTSTATUS Status;
1733 
1734  /* The token never expires */
1735  Expiration.QuadPart = -1;
1736 
1737  /* The user is the anonymous logon */
1738  UserSid.Sid = SeAnonymousLogonSid;
1739  UserSid.Attributes = 0;
1740 
1741  /* The primary group is also the anonymous logon */
1743 
1744  /* Initialise the object attributes for the token */
1747 
1748  /* Create token */
1750  KernelMode,
1751  0,
1753  TokenPrimary,
1756  &Expiration,
1757  &UserSid,
1758  0,
1759  NULL,
1760  0,
1761  0,
1762  NULL,
1763  NULL,
1764  PrimaryGroup,
1767  TRUE);
1769 
1770  /* Return the anonymous (not including everyone) logon token */
1771  return Token;
1772 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Internal function responsible for access token object creation in the kernel. A fully created token o...
Definition: tokenlif.c:97
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
LUID SeAnonymousAuthenticationId
Definition: token.c:21
Status
Definition: gdiplustypes.h:24
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1585
#define ASSERT(a)
Definition: mode.c:44
TOKEN_SOURCE SeSystemTokenSource
Definition: token.c:19
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
#define NULL
Definition: types.h:112
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
PSID SeAnonymousLogonSid
Definition: se.h:203
#define STATUS_SUCCESS
Definition: shellext.h:65
PACL SeSystemAnonymousLogonDacl
Definition: acl.c:22
LONGLONG QuadPart
Definition: typedefs.h:114

Referenced by SepInitializationPhase0().

◆ SepCreateSystemProcessToken()

PTOKEN NTAPI SepCreateSystemProcessToken ( VOID  )

Creates the system process token.

Returns
Returns the system process token if the operations have completed successfully.

Definition at line 1507 of file token.c.

1508 {
1510  ULONG GroupAttributes, OwnerAttributes;
1512  LARGE_INTEGER Expiration;
1513  SID_AND_ATTRIBUTES UserSid;
1514  ULONG GroupsLength;
1517  PSID Owner;
1518  ULONG i;
1519  PTOKEN Token;
1520  NTSTATUS Status;
1521 
1522  /* Don't ever expire */
1523  Expiration.QuadPart = -1;
1524 
1525  /* All groups mandatory and enabled */
1528 
1529  /* User is Local System */
1530  UserSid.Sid = SeLocalSystemSid;
1531  UserSid.Attributes = 0;
1532 
1533  /* Primary group is Local System */
1535 
1536  /* Owner is Administrators */
1538 
1539  /* Groups are Administrators, World, and Authenticated Users */
1540  Groups[0].Sid = SeAliasAdminsSid;
1541  Groups[0].Attributes = OwnerAttributes;
1542  Groups[1].Sid = SeWorldSid;
1543  Groups[1].Attributes = GroupAttributes;
1545  Groups[2].Attributes = GroupAttributes;
1546  GroupsLength = sizeof(SID_AND_ATTRIBUTES) +
1547  SeLengthSid(Groups[0].Sid) +
1548  SeLengthSid(Groups[1].Sid) +
1549  SeLengthSid(Groups[2].Sid);
1550  ASSERT(GroupsLength <= sizeof(Groups));
1551 
1552  /* Setup the privileges */
1553  i = 0;
1555  Privileges[i++].Luid = SeTcbPrivilege;
1556 
1557  Privileges[i].Attributes = 0;
1559 
1560  Privileges[i].Attributes = 0;
1562 
1565 
1568 
1569  Privileges[i].Attributes = 0;
1571 
1572  Privileges[i].Attributes = 0;
1574 
1577 
1580 
1582  Privileges[i++].Luid = SeDebugPrivilege;
1583 
1585  Privileges[i++].Luid = SeAuditPrivilege;
1586 
1587  Privileges[i].Attributes = 0;
1588  Privileges[i++].Luid = SeSecurityPrivilege;
1589 
1590  Privileges[i].Attributes = 0;
1592 
1595 
1596  Privileges[i].Attributes = 0;
1597  Privileges[i++].Luid = SeBackupPrivilege;
1598 
1599  Privileges[i].Attributes = 0;
1600  Privileges[i++].Luid = SeRestorePrivilege;
1601 
1602  Privileges[i].Attributes = 0;
1603  Privileges[i++].Luid = SeShutdownPrivilege;
1604 
1605  Privileges[i].Attributes = 0;
1607 
1610 
1611  Privileges[i].Attributes = 0;
1613  ASSERT(i == 20);
1614 
1615  /* Setup the object attributes */
1618 
1619  /* Create the token */
1621  KernelMode,
1622  0,
1624  TokenPrimary,
1627  &Expiration,
1628  &UserSid,
1629  3,
1630  Groups,
1631  GroupsLength,
1632  20,
1633  Privileges,
1634  Owner,
1635  PrimaryGroup,
1638  TRUE);
1640 
1641  /* Return the token */
1642  return Token;
1643 }
const LUID SeSystemEnvironmentPrivilege
Definition: priv.c:41
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
const LUID SeSystemtimePrivilege
Definition: priv.c:31
const LUID SeIncreaseQuotaPrivilege
Definition: priv.c:24
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Internal function responsible for access token object creation in the kernel. A fully created token o...
Definition: tokenlif.c:97
const LUID SeCreateTokenPrivilege
Definition: priv.c:21
const LUID SeCreatePermanentPrivilege
Definition: priv.c:35
const LUID SeDebugPrivilege
Definition: priv.c:39
const LUID SeBackupPrivilege
Definition: priv.c:36
#define TRUE
Definition: types.h:120
PACL SeSystemDefaultDacl
Definition: acl.c:17
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
LUID SeSystemAuthenticationId
Definition: token.c:20
const LUID SeAssignPrimaryTokenPrivilege
Definition: priv.c:22
PSID SeAuthenticatedUsersSid
Definition: sid.c:49
TOpcodeData Groups[17][8]
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
#define SE_GROUP_OWNER
Definition: setypes.h:93
const LUID SeLoadDriverPrivilege
Definition: priv.c:29
#define SE_GROUP_ENABLED_BY_DEFAULT
Definition: setypes.h:91
const LUID SeTakeOwnershipPrivilege
Definition: priv.c:28
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1130
Status
Definition: gdiplustypes.h:24
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1585
#define SE_PRIVILEGE_ENABLED_BY_DEFAULT
Definition: setypes.h:62
const LUID SeCreatePagefilePrivilege
Definition: priv.c:34
#define ASSERT(a)
Definition: mode.c:44
const LUID SeRestorePrivilege
Definition: priv.c:37
#define SE_GROUP_ENABLED
Definition: setypes.h:92
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
static const LUID SeChangeNotifyPrivilege
Definition: authpackage.c:167
#define SE_GROUP_MANDATORY
Definition: setypes.h:90
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
PSID SeAliasAdminsSid
Definition: sid.c:41
TOKEN_SOURCE SeSystemTokenSource
Definition: token.c:19
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
const LUID SeLockMemoryPrivilege
Definition: priv.c:23
const LUID SeProfileSingleProcessPrivilege
Definition: priv.c:32
PSID SeWorldSid
Definition: sid.c:25
const LUID SeIncreaseBasePriorityPrivilege
Definition: priv.c:33
const LUID SeTcbPrivilege
Definition: priv.c:26
const LUID SeShutdownPrivilege
Definition: priv.c:38
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1583
#define NULL
Definition: types.h:112
const LUID SeSecurityPrivilege
Definition: priv.c:27
PSID SeLocalSystemSid
Definition: sid.c:38
unsigned int ULONG
Definition: retypes.h:1
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
#define STATUS_SUCCESS
Definition: shellext.h:65
#define SeLengthSid(Sid)
Definition: sefuncs.h:570
const LUID SeAuditPrivilege
Definition: priv.c:40
LONGLONG QuadPart
Definition: typedefs.h:114

Referenced by SepInitializationPhase0().

◆ SepCreateToken()

NTSTATUS NTAPI SepCreateToken ( _Out_ PHANDLE  TokenHandle,
_In_ KPROCESSOR_MODE  PreviousMode,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ TOKEN_TYPE  TokenType,
_In_ SECURITY_IMPERSONATION_LEVEL  ImpersonationLevel,
_In_ PLUID  AuthenticationId,
_In_ PLARGE_INTEGER  ExpirationTime,
_In_ PSID_AND_ATTRIBUTES  User,
_In_ ULONG  GroupCount,
_In_ PSID_AND_ATTRIBUTES  Groups,
_In_ ULONG  GroupsLength,
_In_ ULONG  PrivilegeCount,
_In_ PLUID_AND_ATTRIBUTES  Privileges,
_In_opt_ PSID  Owner,
_In_ PSID  PrimaryGroup,
_In_opt_ PACL  DefaultDacl,
_In_ PTOKEN_SOURCE  TokenSource,
_In_ BOOLEAN  SystemToken 
)

Internal function responsible for access token object creation in the kernel. A fully created token objected is inserted into the token handle, thus the handle becoming a valid handle to an access token object and ready for use.

Parameters
[out]TokenHandleValid token handle that's ready for use after token creation and object insertion.
[in]PreviousModeProcessor request level mode.
[in]DesiredAccessDesired access right for the token object to be granted. This kind of access right impacts how the token can be used and who.
[in]ObjectAttributesObject attributes for the token to be created.
[in]TokenTypeType of token to assign upon creation.
[in]ImpersonationLevelSecurity impersonation level of token to assign upon creation.
[in]AuthenticationIdAuthentication ID that represents the authentication information of the token.
[in]ExpirationTimeExpiration time of the token to assign. A value of -1 means that the token never expires and its life depends upon the amount of references this token object has.
[in]UserUser entry to assign to the token.
[in]GroupCountThe total number of groups count for the token.
[in]GroupsThe group entries for the token.
[in]GroupsLengthThe length size of the groups array, pointed by the Groups parameter.
[in]PrivilegeCountThe total number of priivleges that the newly created token has.
[in]PrivilegesThe privileges for the token.
[in]OwnerThe main user (or also owner) that represents the token that we create.
[in]PrimaryGroupThe main group that represents the token that we create.
[in]DefaultDaclA discretionary access control list for the token.
[in]TokenSourceSource (or the origin) of the access token that creates it.
[in]SystemTokenIf set to TRUE, the newly created token is a system token and only in charge by the internal system. The function directly returns a pointer to the created token object for system kernel use. Otherwise if set to FALSE, the function inserts the object to a handle making it a regular access token.
Returns
Returns STATUS_SUCCESS if token creation has completed successfully. STATUS_INSUFFICIENT_RESOURCES is returned if the dynamic area of memory of the token hasn't been allocated because of lack of memory resources. A failure NTSTATUS code is returned otherwise.

Definition at line 97 of file tokenlif.c.

117 {
119  PTOKEN AccessToken;
120  ULONG TokenFlags = 0;
121  ULONG PrimaryGroupIndex, DefaultOwnerIndex;
122  LUID TokenId;
123  LUID ModifiedId;
124  PVOID EndMem;
125  ULONG PrivilegesLength;
126  ULONG UserGroupsLength;
127  ULONG VariableLength;
128  ULONG DynamicPartSize, TotalSize;
129  ULONG TokenPagedCharges;
130  ULONG i;
131 
132  PAGED_CODE();
133 
134  /* Loop all groups */
135  for (i = 0; i < GroupCount; i++)
136  {
137  /* Check for mandatory groups */
139  {
140  /* Force them to be enabled */
142  }
143 
144  /* Check of the group is an admin group */
146  {
147  /* Remember this so we can optimize queries later */
148  TokenFlags |= TOKEN_HAS_ADMIN_GROUP;
149  }
150  }
151 
152  /* Allocate unique IDs for the token */
153  ExAllocateLocallyUniqueId(&TokenId);
154  ExAllocateLocallyUniqueId(&ModifiedId);
155 
156  /* Compute how much size we need to allocate for the token */
157 
158  /* Privileges size */
159  PrivilegesLength = PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
160  PrivilegesLength = ALIGN_UP_BY(PrivilegesLength, sizeof(PVOID));
161 
162  /* User and groups size */
163  UserGroupsLength = (1 + GroupCount) * sizeof(SID_AND_ATTRIBUTES);
164  UserGroupsLength += RtlLengthSid(User->Sid);
165  for (i = 0; i < GroupCount; i++)
166  {
167  UserGroupsLength += RtlLengthSid(Groups[i].Sid);
168  }
169  UserGroupsLength = ALIGN_UP_BY(UserGroupsLength, sizeof(PVOID));
170 
171  /* Add the additional groups array length */
172  UserGroupsLength += ALIGN_UP_BY(GroupsLength, sizeof(PVOID));
173 
174  VariableLength = PrivilegesLength + UserGroupsLength;
175  TotalSize = FIELD_OFFSET(TOKEN, VariablePart) + VariableLength;
176 
177  /*
178  * A token is considered slim if it has the default dynamic
179  * contents, or in other words, the primary group and ACL.
180  * We judge if such contents are default by checking their
181  * total size if it's over the range. On Windows this range
182  * is 0x1F4 (aka 500). If the size of the whole dynamic contents
183  * is over that range then the token is considered fat and
184  * the token will be charged the whole of its token body length
185  * plus the dynamic size.
186  */
187  DynamicPartSize = DefaultDacl ? DefaultDacl->AclSize : 0;
188  DynamicPartSize += RtlLengthSid(PrimaryGroup);
189  if (DynamicPartSize > SE_TOKEN_DYNAMIC_SLIM)
190  {
191  TokenPagedCharges = DynamicPartSize + TotalSize;
192  }
193  else
194  {
195  TokenPagedCharges = SE_TOKEN_DYNAMIC_SLIM + TotalSize;
196  }
197 
201  PreviousMode,
202  NULL,
203  TotalSize,
204  TokenPagedCharges,
205  0,
206  (PVOID*)&AccessToken);
207  if (!NT_SUCCESS(Status))
208  {
209  DPRINT1("ObCreateObject() failed (Status 0x%lx)\n", Status);
210  return Status;
211  }
212 
213  /* Zero out the buffer and initialize the token */
214  RtlZeroMemory(AccessToken, TotalSize);
215 
216  AccessToken->TokenId = TokenId;
217  AccessToken->TokenType = TokenType;
218  AccessToken->ImpersonationLevel = ImpersonationLevel;
219 
220  /* Initialise the lock for the access token */
221  Status = SepCreateTokenLock(AccessToken);
222  if (!NT_SUCCESS(Status))
223  goto Quit;
224 
225  AccessToken->TokenSource.SourceIdentifier = TokenSource->SourceIdentifier;
226  RtlCopyMemory(AccessToken->TokenSource.SourceName,
227  TokenSource->SourceName,
228  sizeof(TokenSource->SourceName));
229 
230  AccessToken->ExpirationTime = *ExpirationTime;
231  AccessToken->ModifiedId = ModifiedId;
232  AccessToken->DynamicCharged = TokenPagedCharges - TotalSize;
233 
234  AccessToken->TokenFlags = TokenFlags & ~TOKEN_SESSION_NOT_REFERENCED;
235 
236  /* Copy and reference the logon session */
237  AccessToken->AuthenticationId = *AuthenticationId;
239  if (!NT_SUCCESS(Status))
240  {
241  /* No logon session could be found, bail out */
242  DPRINT1("SepRmReferenceLogonSession() failed (Status 0x%lx)\n", Status);
243  /* Set the flag for proper cleanup by the delete procedure */
245  goto Quit;
246  }
247 
248  /* Insert the referenced logon session into the token */
250  if (!NT_SUCCESS(Status))
251  {
252  /* Failed to insert the logon session into the token, bail out */
253  DPRINT1("SepRmInsertLogonSessionIntoToken() failed (Status 0x%lx)\n", Status);
254  goto Quit;
255  }
256 
257  /* Fill in token debug information */
258 #if DBG
259  /*
260  * We must determine ourselves that the current
261  * process is not the initial CPU one. The initial
262  * process is not a "real" process, that is, the
263  * Process Manager has not yet been initialized and
264  * as a matter of fact we are creating a token before
265  * any process gets created by Ps. If it turns out
266  * that the current process is the initial CPU process
267  * where token creation execution takes place, don't
268  * do anything.
269  */
271  {
272  RtlCopyMemory(AccessToken->ImageFileName,
273  PsGetCurrentProcess()->ImageFileName,
274  min(sizeof(AccessToken->ImageFileName), sizeof(PsGetCurrentProcess()->ImageFileName)));
275 
276  AccessToken->ProcessCid = PsGetCurrentProcessId();
277  AccessToken->ThreadCid = PsGetCurrentThreadId();
278  }
279 
280  AccessToken->CreateMethod = TOKEN_CREATE_METHOD;
281 #endif
282 
283  /* Assign the data that reside in the token's variable information area */
284  AccessToken->VariableLength = VariableLength;
285  EndMem = (PVOID)&AccessToken->VariablePart;
286 
287  /* Copy the privileges */
288  AccessToken->PrivilegeCount = PrivilegeCount;
289  AccessToken->Privileges = NULL;
290  if (PrivilegeCount > 0)
291  {
292  AccessToken->Privileges = EndMem;
293  EndMem = (PVOID)((ULONG_PTR)EndMem + PrivilegesLength);
294  VariableLength -= PrivilegesLength;
295 
296  if (PreviousMode != KernelMode)
297  {
298  _SEH2_TRY
299  {
300  RtlCopyMemory(AccessToken->Privileges,
301  Privileges,
302  PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
303  }
305  {
307  }
308  _SEH2_END;
309  }
310  else
311  {
312  RtlCopyMemory(AccessToken->Privileges,
313  Privileges,
314  PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
315  }
316 
317  if (!NT_SUCCESS(Status))
318  goto Quit;
319  }
320 
321  /* Update the privilege flags */
322  SepUpdatePrivilegeFlagsToken(AccessToken);
323 
324  /* Copy the user and groups */
325  AccessToken->UserAndGroupCount = 1 + GroupCount;
326  AccessToken->UserAndGroups = EndMem;
327  EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
328  VariableLength -= ((ULONG_PTR)EndMem - (ULONG_PTR)AccessToken->UserAndGroups);
329 
331  User,
332  VariableLength,
333  &AccessToken->UserAndGroups[0],
334  EndMem,
335  &EndMem,
336  &VariableLength);
337  if (!NT_SUCCESS(Status))
338  goto Quit;
339 
341  Groups,
342  VariableLength,
343  &AccessToken->UserAndGroups[1],
344  EndMem,
345  &EndMem,
346  &VariableLength);
347  if (!NT_SUCCESS(Status))
348  goto Quit;
349 
350  /* Find the token primary group and default owner */
352  PrimaryGroup,
353  Owner,
354  &PrimaryGroupIndex,
355  &DefaultOwnerIndex);
356  if (!NT_SUCCESS(Status))
357  {
358  DPRINT1("SepFindPrimaryGroupAndDefaultOwner failed (Status 0x%lx)\n", Status);
359  goto Quit;
360  }
361 
362  /*
363  * Now allocate the token's dynamic information area
364  * and set the data. The dynamic part consists of two
365  * contents, the primary group SID and the default DACL
366  * of the token, in this strict order.
367  */
369  DynamicPartSize,
371  if (AccessToken->DynamicPart == NULL)
372  {
374  goto Quit;
375  }
376 
377  /* Unused memory in the dynamic area */
378  AccessToken->DynamicAvailable = 0;
379 
380  /*
381  * Assign the primary group to the token
382  * and put it in the dynamic part as well.
383  */
384  EndMem = (PVOID)AccessToken->DynamicPart;
385  AccessToken->PrimaryGroup = EndMem;
386  RtlCopySid(RtlLengthSid(AccessToken->UserAndGroups[PrimaryGroupIndex].Sid),
387  EndMem,
388  AccessToken->UserAndGroups[PrimaryGroupIndex].Sid);
389  AccessToken->DefaultOwnerIndex = DefaultOwnerIndex;
390  EndMem = (PVOID)((ULONG_PTR)EndMem + RtlLengthSid(AccessToken->UserAndGroups[PrimaryGroupIndex].Sid));
391 
392  /*
393  * We have assigned a primary group and put it in the
394  * dynamic part, now it's time to copy the provided
395  * default DACL (if it's provided to begin with) into
396  * the DACL field of the token and put it at the end
397  * tail of the dynamic part too.
398  */
399  if (DefaultDacl != NULL)
400  {
401  AccessToken->DefaultDacl = EndMem;
402 
403  RtlCopyMemory(EndMem,
404  DefaultDacl,
405  DefaultDacl->AclSize);
406  }
407 
408  /* Insert the token only if it's not the system token, otherwise return it directly */
409  if (!SystemToken)
410  {
411  Status = ObInsertObject(AccessToken,
412  NULL,
414  0,
415  NULL,
416  TokenHandle);
417  if (!NT_SUCCESS(Status))
418  {
419  DPRINT1("ObInsertObject() failed (Status 0x%lx)\n", Status);
420  }
421  }
422  else
423  {
424  /* Return pointer instead of handle */
425  *TokenHandle = (HANDLE)AccessToken;
426  }
427 
428 Quit:
429  if (!NT_SUCCESS(Status))
430  {
431  /* Dereference the token, the delete procedure will clean it up */
432  ObDereferenceObject(AccessToken);
433  }
434 
435  return Status;
436 }
TOKEN_TYPE TokenType
Definition: setypes.h:239
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
NTSTATUS NTAPI SepRmInsertLogonSessionIntoToken(_Inout_ PTOKEN Token)
Inserts a logon session into an access token specified by the caller.
Definition: srm.c:368
ULONG DynamicCharged
Definition: setypes.h:230
#define SE_TOKEN_DYNAMIC_SLIM
Definition: tokenlif.c:17
LUID AuthenticationId
Definition: setypes.h:219
ULONG VariablePart
Definition: setypes.h:253
NTSYSAPI NTSTATUS NTAPI RtlCopySidAndAttributesArray(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src, _In_ ULONG SidAreaSize, _In_ PSID_AND_ATTRIBUTES Dest, _In_ PSID SidArea, _Out_ PSID *RemainingSidArea, _Out_ PULONG RemainingSidAreaSize)
LONG NTSTATUS
Definition: precomp.h:26
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
ULONG PrivilegeCount
Definition: setypes.h:228
#define TOKEN_CREATE_METHOD
Definition: se.h:70
NTSTATUS SepCreateTokenLock(_Inout_ PTOKEN Token)
Creates a lock for the token.
Definition: token.c:45
if(dx==0 &&dy==0)
Definition: linetemp.h:174
TOpcodeData Groups[17][8]
PLUID_AND_ATTRIBUTES Privileges
Definition: setypes.h:236
LUID ModifiedId
Definition: setypes.h:224
_SEH2_TRY
Definition: create.c:4226
uint32_t ULONG_PTR
Definition: typedefs.h:65
ULONG TokenFlags
Definition: setypes.h:241
LUID SourceIdentifier
Definition: imports.h:279
ULONG DynamicAvailable
Definition: setypes.h:231
VOID SepUpdatePrivilegeFlagsToken(_Inout_ PTOKEN Token)
Updates the token's flags based upon the privilege that the token has been granted....
Definition: token.c:554
PACL DefaultDacl
Definition: setypes.h:238
#define PsGetCurrentProcess
Definition: psfuncs.h:17
NTSTATUS SepRmReferenceLogonSession(_Inout_ PLUID LogonLuid)
POBJECT_TYPE SeTokenObjectType
Definition: token.c:17
#define SE_GROUP_ENABLED_BY_DEFAULT
Definition: setypes.h:91
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1130
ULONG DefaultOwnerIndex
Definition: setypes.h:232
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
PsGetCurrentThreadId
Definition: CrNtStubs.h:7
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
ULONG VariableLength
Definition: setypes.h:229
void * PVOID
Definition: retypes.h:9
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:951
PULONG DynamicPart
Definition: setypes.h:237
Status
Definition: gdiplustypes.h:24
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1585
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
PSID PrimaryGroup
Definition: setypes.h:235
LARGE_INTEGER ExpirationTime
Definition: setypes.h:221
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define SE_GROUP_ENABLED
Definition: setypes.h:92
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:154
#define ObDereferenceObject
Definition: obfuncs.h:203
PVOID HANDLE
Definition: typedefs.h:73
#define SE_GROUP_MANDATORY
Definition: setypes.h:90
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PSID SeAliasAdminsSid
Definition: sid.c:41
#define TAG_TOKEN_DYNAMIC
Definition: tag.h:155
NTSYSAPI BOOLEAN WINAPI RtlCopySid(DWORD, PSID, PSID)
CCHAR SourceName[TOKEN_SOURCE_LENGTH]
Definition: imports.h:278
EPROCESS KiInitialProcess
Definition: krnlinit.c:45
_SEH2_END
Definition: create.c:4400
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2935
#define TOKEN_HAS_ADMIN_GROUP
Definition: setypes.h:1178
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
ULONG UserAndGroupCount
Definition: setypes.h:226
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:335
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
LUID TokenId
Definition: setypes.h:218
#define min(a, b)
Definition: monoChain.cc:55
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1583
HANDLE NTAPI PsGetCurrentProcessId(VOID)
Definition: process.c:1123
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:240
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
#define ULONG_PTR
Definition: config.h:101
#define ALIGN_UP_BY(size, align)
PSID_AND_ATTRIBUTES UserAndGroups
Definition: setypes.h:233
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
TOKEN_SOURCE TokenSource
Definition: setypes.h:217
#define TOKEN_SESSION_NOT_REFERENCED
Definition: setypes.h:1180
NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Finds the primary group and default owner entity based on the submitted primary group instance and an...
Definition: token.c:1011
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:401
#define PAGED_CODE()
_Must_inspect_result_ _In_ WDFDMAENABLER _In_ _In_opt_ PWDF_OBJECT_ATTRIBUTES Attributes

Referenced by NtCreateToken(), SepCreateSystemAnonymousLogonToken(), SepCreateSystemAnonymousLogonTokenNoEveryone(), and SepCreateSystemProcessToken().

◆ SepCreateTokenLock()

NTSTATUS SepCreateTokenLock ( _Inout_ PTOKEN  Token)

Creates a lock for the token.

Parameters
[in,out]TokenA token which lock has to be created.
Returns
STATUS_SUCCESS if the pool allocation and resource initialisation have completed successfully, otherwise STATUS_INSUFFICIENT_RESOURCES on a pool allocation failure.

Definition at line 45 of file token.c.

47 {
48  PAGED_CODE();
49 
51  sizeof(ERESOURCE),
53  if (Token->TokenLock == NULL)
54  {
55  DPRINT1("SepCreateTokenLock(): Failed to allocate memory!\n");
57  }
58 
59  ExInitializeResourceLite(Token->TokenLock);
60  return STATUS_SUCCESS;
61 }
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
NTSTATUS ExInitializeResourceLite(PULONG res)
Definition: env_spec_w32.h:641
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
#define TAG_SE_TOKEN_LOCK
Definition: tag.h:159
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
ULONG ERESOURCE
Definition: env_spec_w32.h:594
#define STATUS_SUCCESS
Definition: shellext.h:65
#define PAGED_CODE()

Referenced by SepCreateToken(), SepDuplicateToken(), and SepPerformTokenFiltering().

◆ SepDeleteTokenLock()

VOID SepDeleteTokenLock ( _Inout_ PTOKEN  Token)

Deletes a lock of a token.

Parameters
[in,out]TokenA token which contains the lock.
Returns
Nothing.

Definition at line 74 of file token.c.

76 {
77  PAGED_CODE();
78 
79  ExDeleteResourceLite(Token->TokenLock);
81 }
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
NTSTATUS NTAPI ExDeleteResourceLite(IN PERESOURCE Resource)
Definition: resource.c:1456
#define TAG_SE_TOKEN_LOCK
Definition: tag.h:159
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define PAGED_CODE()

Referenced by SepDeleteToken().

◆ SepDuplicateToken()

NTSTATUS NTAPI SepDuplicateToken ( _In_ PTOKEN  Token,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ BOOLEAN  EffectiveOnly,
_In_ TOKEN_TYPE  TokenType,
_In_ SECURITY_IMPERSONATION_LEVEL  Level,
_In_ KPROCESSOR_MODE  PreviousMode,
_Out_ PTOKEN NewAccessToken 
)

Duplicates an access token, from an existing valid token.

Parameters
[in]TokenAccess token to duplicate.
[in]ObjectAttributesObject attributes for the new token.
[in]EffectiveOnlyIf set to TRUE, the function removes all the disabled privileges and groups of the token to duplicate.
[in]TokenTypeType of token.
[in]LevelSecurity impersonation level of a token.
[in]PreviousModeThe processor request level mode.
[out]NewAccessTokenThe duplicated token.
Returns
Returns STATUS_SUCCESS if the token has been duplicated. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation of the dynamic part of the token for duplication has failed due to the lack of memory resources. A failure NTSTATUS code is returned otherwise.

Definition at line 471 of file tokenlif.c.

479 {
481  PTOKEN AccessToken;
482  PVOID EndMem;
483  ULONG PrimaryGroupIndex;
484  ULONG VariableLength;
485  ULONG DynamicPartSize, TotalSize;
486  ULONG PrivilegesIndex, GroupsIndex;
487 
488  PAGED_CODE();
489 
490  /* Compute how much size we need to allocate for the token */
491  VariableLength = Token->VariableLength;
492  TotalSize = FIELD_OFFSET(TOKEN, VariablePart) + VariableLength;
493 
494  /*
495  * Compute how much size we need to allocate
496  * the dynamic part of the newly duplicated
497  * token.
498  */
499  DynamicPartSize = Token->DefaultDacl ? Token->DefaultDacl->AclSize : 0;
500  DynamicPartSize += RtlLengthSid(Token->PrimaryGroup);
501 
505  PreviousMode,
506  NULL,
507  TotalSize,
508  Token->DynamicCharged,
509  TotalSize,
510  (PVOID*)&AccessToken);
511  if (!NT_SUCCESS(Status))
512  {
513  DPRINT1("ObCreateObject() failed (Status 0x%lx)\n", Status);
514  return Status;
515  }
516 
517  /* Zero out the buffer and initialize the token */
518  RtlZeroMemory(AccessToken, TotalSize);
519 
520  ExAllocateLocallyUniqueId(&AccessToken->TokenId);
521 
522  AccessToken->TokenType = TokenType;
523  AccessToken->ImpersonationLevel = Level;
524 
525  /* Initialise the lock for the access token */
526  Status = SepCreateTokenLock(AccessToken);
527  if (!NT_SUCCESS(Status))
528  {
529  ObDereferenceObject(AccessToken);
530  return Status;
531  }
532 
533  /* Copy the immutable fields */
534  AccessToken->TokenSource.SourceIdentifier = Token->TokenSource.SourceIdentifier;
535  RtlCopyMemory(AccessToken->TokenSource.SourceName,
536  Token->TokenSource.SourceName,
537  sizeof(Token->TokenSource.SourceName));
538 
539  AccessToken->AuthenticationId = Token->AuthenticationId;
540  AccessToken->ParentTokenId = Token->ParentTokenId;
541  AccessToken->ExpirationTime = Token->ExpirationTime;
542  AccessToken->OriginatingLogonSession = Token->OriginatingLogonSession;
543  AccessToken->DynamicCharged = Token->DynamicCharged;
544 
545  /* Lock the source token and copy the mutable fields */
547 
548  AccessToken->SessionId = Token->SessionId;
549  AccessToken->ModifiedId = Token->ModifiedId;
550 
551  AccessToken->TokenFlags = Token->TokenFlags & ~TOKEN_SESSION_NOT_REFERENCED;
552 
553  /* Reference the logon session */
555  if (!NT_SUCCESS(Status))
556  {
557  /* No logon session could be found, bail out */
558  DPRINT1("SepRmReferenceLogonSession() failed (Status 0x%lx)\n", Status);
559  /* Set the flag for proper cleanup by the delete procedure */
561  goto Quit;
562  }
563 
564  /* Insert the referenced logon session into the token */
566  if (!NT_SUCCESS(Status))
567  {
568  /* Failed to insert the logon session into the token, bail out */
569  DPRINT1("SepRmInsertLogonSessionIntoToken() failed (Status 0x%lx)\n", Status);
570  goto Quit;
571  }
572 
573  /* Fill in token debug information */
574 #if DBG
575  RtlCopyMemory(AccessToken->ImageFileName,
576  PsGetCurrentProcess()->ImageFileName,
577  min(sizeof(AccessToken->ImageFileName), sizeof(PsGetCurrentProcess()->ImageFileName)));
578 
579  AccessToken->ProcessCid = PsGetCurrentProcessId();
580  AccessToken->ThreadCid = PsGetCurrentThreadId();
581  AccessToken->CreateMethod = TOKEN_DUPLICATE_METHOD;
582 #endif
583 
584  /* Assign the data that reside in the token's variable information area */
585  AccessToken->VariableLength = VariableLength;
586  EndMem = (PVOID)&AccessToken->VariablePart;
587 
588  /* Copy the privileges */
589  AccessToken->PrivilegeCount = 0;
590  AccessToken->Privileges = NULL;
591  if (Token->Privileges && (Token->PrivilegeCount > 0))
592  {
593  ULONG PrivilegesLength = Token->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
594  PrivilegesLength = ALIGN_UP_BY(PrivilegesLength, sizeof(PVOID));
595 
596  ASSERT(VariableLength >= PrivilegesLength);
597 
598  AccessToken->PrivilegeCount = Token->PrivilegeCount;
599  AccessToken->Privileges = EndMem;
600  EndMem = (PVOID)((ULONG_PTR)EndMem + PrivilegesLength);
601  VariableLength -= PrivilegesLength;
602 
603  RtlCopyMemory(AccessToken->Privileges,
604  Token->Privileges,
605  AccessToken->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
606  }
607 
608  /* Copy the user and groups */
609  AccessToken->UserAndGroupCount = 0;
610  AccessToken->UserAndGroups = NULL;
611  if (Token->UserAndGroups && (Token->UserAndGroupCount > 0))
612  {
613  AccessToken->UserAndGroupCount = Token->UserAndGroupCount;
614  AccessToken->UserAndGroups = EndMem;
615  EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
616  VariableLength -= ((ULONG_PTR)EndMem - (ULONG_PTR)AccessToken->UserAndGroups);
617 
619  Token->UserAndGroups,
620  VariableLength,
621  AccessToken->UserAndGroups,
622  EndMem,
623  &EndMem,
624  &VariableLength);
625  if (!NT_SUCCESS(Status))
626  {
627  DPRINT1("RtlCopySidAndAttributesArray(UserAndGroups) failed (Status 0x%lx)\n", Status);
628  goto Quit;
629  }
630  }
631 
632  /* Find the token primary group */
634  Token->PrimaryGroup,
635  NULL,
636  &PrimaryGroupIndex,
637  NULL);
638  if (!NT_SUCCESS(Status))
639  {
640  DPRINT1("SepFindPrimaryGroupAndDefaultOwner failed (Status 0x%lx)\n", Status);
641  goto Quit;
642  }
643 
644  /* Copy the restricted SIDs */
645  AccessToken->RestrictedSidCount = 0;
646  AccessToken->RestrictedSids = NULL;
647  if (Token->RestrictedSids && (Token->RestrictedSidCount > 0))
648  {
649  AccessToken->RestrictedSidCount = Token->RestrictedSidCount;
650  AccessToken->RestrictedSids = EndMem;
651  EndMem = &AccessToken->RestrictedSids[AccessToken->RestrictedSidCount];
652  VariableLength -= ((ULONG_PTR)EndMem - (ULONG_PTR)AccessToken->RestrictedSids);
653 
655  Token->RestrictedSids,
656  VariableLength,
657  AccessToken->RestrictedSids,
658  EndMem,
659  &EndMem,
660  &VariableLength);
661  if (!NT_SUCCESS(Status))
662  {
663  DPRINT1("RtlCopySidAndAttributesArray(RestrictedSids) failed (Status 0x%lx)\n", Status);
664  goto Quit;
665  }
666  }
667 
668  /*
669  * Filter the token by removing the disabled privileges
670  * and groups if the caller wants to duplicate an access
671  * token as effective only.
672  */
673  if (EffectiveOnly)
674  {
675  /* Begin querying the groups and search for disabled ones */
676  for (GroupsIndex = 0; GroupsIndex < AccessToken->UserAndGroupCount; GroupsIndex++)
677  {
678  /*
679  * A group or user is considered disabled if its attributes is either
680  * 0 or SE_GROUP_ENABLED is not included in the attributes flags list.
681  * That is because a certain user and/or group can have several attributes
682  * that bear no influence on whether a user/group is enabled or not
683  * (SE_GROUP_ENABLED_BY_DEFAULT for example which is a mere indicator
684  * that the group has just been enabled by default). A mandatory
685  * group (that is, the group has SE_GROUP_MANDATORY attribute)
686  * by standards it's always enabled and no one can disable it.
687  */
688  if (AccessToken->UserAndGroups[GroupsIndex].Attributes == 0 ||
689  (AccessToken->UserAndGroups[GroupsIndex].Attributes & SE_GROUP_ENABLED) == 0)
690  {
691  /*
692  * If this group is an administrators group
693  * and the token belongs to such group,
694  * we've to take away TOKEN_HAS_ADMIN_GROUP
695  * for the fact that's not enabled and as
696  * such the token no longer belongs to
697  * this group.
698  */
700  &AccessToken->UserAndGroups[GroupsIndex].Sid))
701  {
702  AccessToken->TokenFlags &= ~TOKEN_HAS_ADMIN_GROUP;
703  }
704 
705  /*
706  * A group is not enabled, it's time to remove
707  * from the token and update the groups index
708  * accordingly and continue with the next group.
709  */
710  SepRemoveUserGroupToken(AccessToken, GroupsIndex);
711  GroupsIndex--;
712  }
713  }
714 
715  /* Begin querying the privileges and search for disabled ones */
716  for (PrivilegesIndex = 0; PrivilegesIndex < AccessToken->PrivilegeCount; PrivilegesIndex++)
717  {
718  /*
719  * A privilege is considered disabled if its attributes is either
720  * 0 or SE_PRIVILEGE_ENABLED is not included in the attributes flags list.
721  * That is because a certain privilege can have several attributes
722  * that bear no influence on whether a privilege is enabled or not
723  * (SE_PRIVILEGE_ENABLED_BY_DEFAULT for example which is a mere indicator
724  * that the privilege has just been enabled by default).
725  */
726  if (AccessToken->Privileges[PrivilegesIndex].Attributes == 0 ||
727  (AccessToken->Privileges[PrivilegesIndex].Attributes & SE_PRIVILEGE_ENABLED) == 0)
728  {
729  /*
730  * A privilege is not enabled, therefor it's time
731  * to strip it from the token and continue with the next
732  * privilege. Of course we must also want to update the
733  * privileges index accordingly.
734  */
735  SepRemovePrivilegeToken(AccessToken, PrivilegesIndex);
736  PrivilegesIndex--;
737  }
738  }
739  }
740 
741  /* Now allocate the token's dynamic information area and set the data */
743  DynamicPartSize,
745  if (AccessToken->DynamicPart == NULL)
746  {
748  goto Quit;
749  }
750 
751  /* Unused memory in the dynamic area */
752  AccessToken->DynamicAvailable = 0;
753 
754  /*
755  * Assign the primary group to the token
756  * and put it in the dynamic part as well.
757  */
758  EndMem = (PVOID)AccessToken->DynamicPart;
759  AccessToken->PrimaryGroup = EndMem;
760  RtlCopySid(RtlLengthSid(AccessToken->UserAndGroups[PrimaryGroupIndex].Sid),
761  EndMem,
762  AccessToken->UserAndGroups[PrimaryGroupIndex].Sid);
763  AccessToken->DefaultOwnerIndex = Token->DefaultOwnerIndex;
764  EndMem = (PVOID)((ULONG_PTR)EndMem + RtlLengthSid(AccessToken->UserAndGroups[PrimaryGroupIndex].Sid));
765 
766  /*
767  * The existing token has a default DACL only
768  * if it has an allocated dynamic part.
769  */
770  if (Token->DynamicPart && Token->DefaultDacl)
771  {
772  AccessToken->DefaultDacl = EndMem;
773 
774  RtlCopyMemory(EndMem,
775  Token->DefaultDacl,
776  Token->DefaultDacl->AclSize);
777  }
778 
779  /* Return the token to the caller */
780  *NewAccessToken = AccessToken;
782 
783 Quit:
784  if (!NT_SUCCESS(Status))
785  {
786  /* Dereference the token, the delete procedure will clean it up */
787  ObDereferenceObject(AccessToken);
788  }
789 
790  /* Unlock the source token */
792 
793  return Status;
794 }
TOKEN_TYPE TokenType
Definition: setypes.h:239
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
NTSTATUS NTAPI SepRmInsertLogonSessionIntoToken(_Inout_ PTOKEN Token)
Inserts a logon session into an access token specified by the caller.
Definition: srm.c:368
ULONG DynamicCharged
Definition: setypes.h:230
LUID AuthenticationId
Definition: setypes.h:219
ULONG VariablePart
Definition: setypes.h:253
NTSYSAPI NTSTATUS NTAPI RtlCopySidAndAttributesArray(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src, _In_ ULONG SidAreaSize, _In_ PSID_AND_ATTRIBUTES Dest, _In_ PSID SidArea, _Out_ PSID *RemainingSidArea, _Out_ PULONG RemainingSidAreaSize)
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR Level
Definition: wmitypes.h:55
ULONG PrivilegeCount
Definition: setypes.h:228
NTSTATUS SepCreateTokenLock(_Inout_ PTOKEN Token)
Creates a lock for the token.
Definition: token.c:45
if(dx==0 &&dy==0)
Definition: linetemp.h:174
VOID SepRemoveUserGroupToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Removes a group from the token.
Definition: token.c:618
PLUID_AND_ATTRIBUTES Privileges
Definition: setypes.h:236
LUID ModifiedId
Definition: setypes.h:224
uint32_t ULONG_PTR
Definition: typedefs.h:65
ULONG TokenFlags
Definition: setypes.h:241
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
LUID SourceIdentifier
Definition: imports.h:279
ULONG DynamicAvailable
Definition: setypes.h:231
PACL DefaultDacl
Definition: setypes.h:238
#define PsGetCurrentProcess
Definition: psfuncs.h:17
NTSTATUS SepRmReferenceLogonSession(_Inout_ PLUID LogonLuid)
POBJECT_TYPE SeTokenObjectType
Definition: token.c:17
LUID ParentTokenId
Definition: setypes.h:220
ULONG DefaultOwnerIndex
Definition: setypes.h:232
PsGetCurrentThreadId
Definition: CrNtStubs.h:7
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
ULONG VariableLength
Definition: setypes.h:229
void * PVOID
Definition: