ReactOS 0.4.16-dev-282-g4d0a26d
|
Go to the source code of this file.
Classes | |
struct | _KNOWN_ACE |
struct | _KNOWN_OBJECT_ACE |
struct | _KNOWN_COMPOUND_ACE |
struct | _ACCESS_CHECK_RIGHTS |
struct | _OBJECT_TYPE_LIST_INTERNAL |
struct | _TOKEN_AUDIT_POLICY_INFORMATION |
Macros | |
#define | TOKEN_CREATE_METHOD 0xCUL |
#define | TOKEN_DUPLICATE_METHOD 0xDUL |
#define | TOKEN_FILTER_METHOD 0xFUL |
#define | SepAcquireTokenLockExclusive(Token) |
#define | SepAcquireTokenLockShared(Token) |
#define | SepReleaseTokenLock(Token) |
Typedefs | |
typedef struct _KNOWN_ACE | KNOWN_ACE |
typedef struct _KNOWN_ACE * | PKNOWN_ACE |
typedef struct _KNOWN_OBJECT_ACE | KNOWN_OBJECT_ACE |
typedef struct _KNOWN_OBJECT_ACE * | PKNOWN_OBJECT_ACE |
typedef struct _KNOWN_COMPOUND_ACE | KNOWN_COMPOUND_ACE |
typedef struct _KNOWN_COMPOUND_ACE * | PKNOWN_COMPOUND_ACE |
typedef struct _ACCESS_CHECK_RIGHTS | ACCESS_CHECK_RIGHTS |
typedef struct _ACCESS_CHECK_RIGHTS * | PACCESS_CHECK_RIGHTS |
typedef struct _OBJECT_TYPE_LIST_INTERNAL | OBJECT_TYPE_LIST_INTERNAL |
typedef struct _OBJECT_TYPE_LIST_INTERNAL * | POBJECT_TYPE_LIST_INTERNAL |
typedef enum _ACCESS_CHECK_RIGHT_TYPE | ACCESS_CHECK_RIGHT_TYPE |
typedef struct _TOKEN_AUDIT_POLICY_INFORMATION | TOKEN_AUDIT_POLICY_INFORMATION |
typedef struct _TOKEN_AUDIT_POLICY_INFORMATION * | PTOKEN_AUDIT_POLICY_INFORMATION |
Enumerations | |
enum | _ACCESS_CHECK_RIGHT_TYPE { AccessCheckMaximum , AccessCheckRegular } |
Functions | |
FORCEINLINE PSID | SepGetGroupFromDescriptor (_Inout_ PSECURITY_DESCRIPTOR _Descriptor) |
FORCEINLINE PSID | SepGetOwnerFromDescriptor (_Inout_ PSECURITY_DESCRIPTOR _Descriptor) |
FORCEINLINE PACL | SepGetDaclFromDescriptor (_Inout_ PSECURITY_DESCRIPTOR _Descriptor) |
FORCEINLINE PACL | SepGetSaclFromDescriptor (_Inout_ PSECURITY_DESCRIPTOR _Descriptor) |
VOID NTAPI | SepInitializeTokenImplementation (VOID) |
Internal function that initializes critical kernel data for access token implementation in SRM. | |
PTOKEN NTAPI | SepCreateSystemProcessToken (VOID) |
Creates the system process token. | |
PTOKEN | SepCreateSystemAnonymousLogonToken (VOID) |
Creates the anonymous logon token for the system. The difference between this token and the other one is the inclusion of everyone SID group (being SeWorldSid). The other token lacks such group. | |
PTOKEN | SepCreateSystemAnonymousLogonTokenNoEveryone (VOID) |
Creates the anonymous logon token for the system. This kind of token doesn't include the everyone SID group (being SeWorldSid). | |
NTSTATUS NTAPI | SepDuplicateToken (_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken) |
Duplicates an access token, from an existing valid token. | |
NTSTATUS NTAPI | SepCreateToken (_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken) |
Internal function responsible for access token object creation in the kernel. A fully created token objected is inserted into the token handle, thus the handle becoming a valid handle to an access token object and ready for use. | |
BOOLEAN NTAPI | SepTokenIsOwner (_In_ PACCESS_TOKEN _Token, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN TokenLocked) |
Checks if a token belongs to the main user, being the owner. | |
NTSTATUS | SepCreateTokenLock (_Inout_ PTOKEN Token) |
Creates a lock for the token. | |
VOID | SepDeleteTokenLock (_Inout_ PTOKEN Token) |
Deletes a lock of a token. | |
VOID | SepUpdatePrivilegeFlagsToken (_Inout_ PTOKEN Token) |
Updates the token's flags based upon the privilege that the token has been granted. The function uses the private helper, SepUpdateSinglePrivilegeFlagToken, in order to update the flags of a token. | |
NTSTATUS | SepFindPrimaryGroupAndDefaultOwner (_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex) |
Finds the primary group and default owner entity based on the submitted primary group instance and an access token. | |
VOID | SepUpdateSinglePrivilegeFlagToken (_Inout_ PTOKEN Token, _In_ ULONG Index) |
Updates the token's flags based upon the privilege that the token has been granted. The flag can either be taken out or given to the token if the attributes of the specified privilege is enabled or not. | |
VOID | SepRemovePrivilegeToken (_Inout_ PTOKEN Token, _In_ ULONG Index) |
Removes a privilege from the token. | |
VOID | SepRemoveUserGroupToken (_Inout_ PTOKEN Token, _In_ ULONG Index) |
Removes a group from the token. | |
ULONG | SepComputeAvailableDynamicSpace (_In_ ULONG DynamicCharged, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl) |
Computes the exact available dynamic area of an access token whilst querying token statistics. | |
NTSTATUS | SepRebuildDynamicPartOfToken (_In_ PTOKEN Token, _In_ ULONG NewDynamicPartSize) |
BOOLEAN NTAPI | SeTokenCanImpersonate (_In_ PTOKEN ProcessToken, _In_ PTOKEN TokenToImpersonate, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel) |
Determines whether the server is allowed to impersonate on behalf of a client or not. For further details, see Remarks. | |
VOID NTAPI | SeGetTokenControlInformation (_In_ PACCESS_TOKEN _Token, _Out_ PTOKEN_CONTROL TokenControl) |
Retrieves token control information. | |
VOID NTAPI | SeDeassignPrimaryToken (_Inout_ PEPROCESS Process) |
Removes the primary token of a process. | |
NTSTATUS NTAPI | SeSubProcessToken (_In_ PTOKEN Parent, _Out_ PTOKEN *Token, _In_ BOOLEAN InUse, _In_ ULONG SessionId) |
Subtracts a token in exchange of duplicating a new one. | |
NTSTATUS NTAPI | SeIsTokenChild (_In_ PTOKEN Token, _Out_ PBOOLEAN IsChild) |
Checks if the token is a child of the other token of the current process that the calling thread is invoking this function. | |
NTSTATUS NTAPI | SeIsTokenSibling (_In_ PTOKEN Token, _Out_ PBOOLEAN IsSibling) |
Checks if the token is a sibling of the other token of the current process that the calling thread is invoking this function. | |
NTSTATUS NTAPI | SeExchangePrimaryToken (_In_ PEPROCESS Process, _In_ PACCESS_TOKEN NewAccessToken, _Out_ PACCESS_TOKEN *OldAccessToken) |
Replaces the old access token of a process (pointed by the EPROCESS kernel structure) with a new access token. The new access token must be a primary token for use. | |
NTSTATUS NTAPI | SeCopyClientToken (_In_ PACCESS_TOKEN Token, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PACCESS_TOKEN *NewToken) |
Copies an existing access token (technically duplicating a new one). | |
BOOLEAN NTAPI | SeTokenIsInert (_In_ PTOKEN Token) |
Determines if a token is a sandbox inert token or not, based upon the token flags. | |
ULONG | RtlLengthSidAndAttributes (_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src) |
Computes the length size of a SID. | |
BOOLEAN NTAPI | SeInitSystem (VOID) |
Main security manager initialization function. | |
NTSTATUS NTAPI | SeDefaultObjectMethod (_In_ PVOID Object, _In_ SECURITY_OPERATION_CODE OperationType, _In_ PSECURITY_INFORMATION SecurityInformation, _Inout_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_opt_ PULONG ReturnLength, _Inout_opt_ PSECURITY_DESCRIPTOR *OldSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping) |
VOID NTAPI | SeQuerySecurityAccessMask (_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess) |
Queries the access mask from a security information context. | |
VOID NTAPI | SeSetSecurityAccessMask (_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess) |
Sets the access mask for a security information context. | |
VOID NTAPI | SepInitPrivileges (VOID) |
Initializes the privileges during the startup phase of the security manager module. This function serves as a placeholder as it currently does nothing. | |
BOOLEAN NTAPI | SepPrivilegeCheck (_In_ PTOKEN Token, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_ ULONG PrivilegeCount, _In_ ULONG PrivilegeControl, _In_ KPROCESSOR_MODE PreviousMode) |
Checks the privileges pointed by Privileges array argument if they exist and match with the privileges from an access token. | |
NTSTATUS NTAPI | SePrivilegePolicyCheck (_Inout_ PACCESS_MASK DesiredAccess, _Inout_ PACCESS_MASK GrantedAccess, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PTOKEN Token, _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet, _In_ KPROCESSOR_MODE PreviousMode) |
Checks the security policy and returns a set of privileges based upon the said security policy context. | |
BOOLEAN NTAPI | SeCheckAuditPrivilege (_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode) |
Checks a single privilege and performs an audit against a privileged service based on a security subject context. | |
BOOLEAN NTAPI | SeCheckPrivilegedObject (_In_ LUID PrivilegeValue, _In_ HANDLE ObjectHandle, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE PreviousMode) |
Checks a privileged object if such object has the specific privilege submitted by the caller. | |
NTSTATUS NTAPI | SeCaptureLuidAndAttributesArray (_In_ PLUID_AND_ATTRIBUTES Src, _In_ ULONG PrivilegeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_ PLUID_AND_ATTRIBUTES AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PLUID_AND_ATTRIBUTES *Dest, _Inout_ PULONG Length) |
VOID NTAPI | SeReleaseLuidAndAttributesArray (_In_ PLUID_AND_ATTRIBUTES Privilege, _In_ KPROCESSOR_MODE PreviousMode, _In_ BOOLEAN CaptureIfKernel) |
Releases a LUID with attributes structure. | |
BOOLEAN NTAPI | SepInitSecurityIDs (VOID) |
Initializes all the SIDs known in the system. | |
NTSTATUS NTAPI | SepCaptureSid (_In_ PSID InputSid, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID *CapturedSid) |
Captures a SID. | |
VOID NTAPI | SepReleaseSid (_In_ PSID CapturedSid, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel) |
Releases a captured SID. | |
BOOLEAN NTAPI | SepSidInToken (_In_ PACCESS_TOKEN _Token, _In_ PSID Sid) |
Checks if a SID is present in a token. | |
BOOLEAN NTAPI | SepSidInTokenEx (_In_ PACCESS_TOKEN _Token, _In_ PSID PrincipalSelfSid, _In_ PSID _Sid, _In_ BOOLEAN Deny, _In_ BOOLEAN Restricted) |
Checks if a SID is present in a token. | |
PSID NTAPI | SepGetSidFromAce (_In_ PACE Ace) |
Captures a security identifier from a given access control entry. This identifier is valid for the whole of its lifetime. | |
NTSTATUS NTAPI | SeCaptureSidAndAttributesArray (_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength) |
Captures a SID with attributes. | |
VOID NTAPI | SeReleaseSidAndAttributesArray (_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel) |
Releases a captured SID with attributes. | |
BOOLEAN NTAPI | SepInitDACLs (VOID) |
Initializes known discretionary access control lists in the system upon kernel and Executive initialization procedure. | |
NTSTATUS NTAPI | SepCreateImpersonationTokenDacl (_In_ PTOKEN Token, _In_ PTOKEN PrimaryToken, _Out_ PACL *Dacl) |
Allocates a discretionary access control list based on certain properties of a regular and primary access tokens. | |
NTSTATUS NTAPI | SepCaptureAcl (_In_ PACL InputAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PACL *CapturedAcl) |
Captures an access control list from an already valid input ACL. | |
VOID NTAPI | SepReleaseAcl (_In_ PACL CapturedAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel) |
Releases (frees) a captured ACL from the memory pool. | |
NTSTATUS | SepPropagateAcl (_Out_writes_bytes_opt_(DaclLength) PACL AclDest, _Inout_ PULONG AclLength, _In_reads_bytes_(AclSource->AclSize) PACL AclSource, _In_ PSID Owner, _In_ PSID Group, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping) |
PACL | SepSelectAcl (_In_opt_ PACL ExplicitAcl, _In_ BOOLEAN ExplicitPresent, _In_ BOOLEAN ExplicitDefaulted, _In_opt_ PACL ParentAcl, _In_opt_ PACL DefaultAcl, _Out_ PULONG AclLength, _In_ PSID Owner, _In_ PSID Group, _Out_ PBOOLEAN AclPresent, _Out_ PBOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping) |
Selects an ACL and returns it to the caller. | |
BOOLEAN NTAPI | SepInitSDs (VOID) |
Initializes the known security descriptors in the system. | |
NTSTATUS NTAPI | SeSetWorldSecurityDescriptor (_In_ SECURITY_INFORMATION SecurityInformation, _In_ PISECURITY_DESCRIPTOR SecurityDescriptor, _In_ PULONG BufferLength) |
Sets a "World" security descriptor. | |
NTSTATUS NTAPI | SeComputeQuotaInformationSize (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PULONG QuotaInfoSize) |
BOOLEAN NTAPI | SeRmInitPhase0 (VOID) |
Manages the phase 0 initialization of the security reference monitoring module of the kernel. | |
BOOLEAN NTAPI | SeRmInitPhase1 (VOID) |
Manages the phase 1 initialization of the security reference monitoring module of the kernel. | |
NTSTATUS NTAPI | SepRmInsertLogonSessionIntoToken (_Inout_ PTOKEN Token) |
Inserts a logon session into an access token specified by the caller. | |
NTSTATUS NTAPI | SepRmRemoveLogonSessionFromToken (_Inout_ PTOKEN Token) |
Removes a logon session from an access token. | |
NTSTATUS | SepRmReferenceLogonSession (_Inout_ PLUID LogonLuid) |
NTSTATUS | SepRmDereferenceLogonSession (_Inout_ PLUID LogonLuid) |
NTSTATUS NTAPI | SepRegQueryHelper (_In_ PCWSTR KeyName, _In_ PCWSTR ValueName, _In_ ULONG ValueType, _In_ ULONG DataLength, _Out_ PVOID ValueData) |
A private registry helper that returns the desired value data based on the specifics requested by the caller. | |
NTSTATUS NTAPI | SeGetLogonIdDeviceMap (_In_ PLUID LogonId, _Out_ PDEVICE_MAP *DeviceMap) |
Retrieves the DOS device map from a logon session. | |
NTSTATUS NTAPI | SeInitializeProcessAuditName (_In_ PFILE_OBJECT FileObject, _In_ BOOLEAN DoAudit, _Out_ POBJECT_NAME_INFORMATION *AuditInfo) |
Initializes a process audit name and returns it to the caller. | |
BOOLEAN NTAPI | SeDetailedAuditingWithToken (_In_ PTOKEN Token) |
Peforms a detailed security auditing with an access token. | |
VOID NTAPI | SeAuditProcessExit (_In_ PEPROCESS Process) |
Peforms a security auditing against a process that is about to be terminated. | |
VOID NTAPI | SeAuditProcessCreate (_In_ PEPROCESS Process) |
Peforms a security auditing against a process that is about to be created. | |
VOID NTAPI | SePrivilegedServiceAuditAlarm (_In_opt_ PUNICODE_STRING ServiceName, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN AccessGranted) |
Performs an audit alarm to a privileged service request. | |
VOID NTAPI | SeCaptureSubjectContextEx (_In_ PETHREAD Thread, _In_ PEPROCESS Process, _Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext) |
An extended function that captures the security subject context based upon the specified thread and process. | |
NTSTATUS NTAPI | SepCaptureSecurityQualityOfService (_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, _Out_ PBOOLEAN Present) |
Captures the security quality of service data given the object attributes from an object. | |
VOID NTAPI | SepReleaseSecurityQualityOfService (_In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel) |
Releases (frees) the captured SQOS data from an object in the memory pool. | |
PGUID | SepGetObjectTypeGuidFromAce (_In_ PACE Ace, _In_ BOOLEAN IsAceDenied) |
Captures an object type GUID from an object access control entry (ACE). | |
BOOLEAN | SepObjectTypeGuidInList (_In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST_INTERNAL ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGUID ObjectTypeGuid, _Out_ PULONG ObjectIndex) |
Searches for an object type GUID if it exists on an object type list. | |
NTSTATUS | SeCaptureObjectTypeList (_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ KPROCESSOR_MODE PreviousMode, _Out_ POBJECT_TYPE_LIST_INTERNAL *CapturedObjectTypeList) |
Captures a list of object types and converts it to an internal form for use by the kernel. The list is validated before its data is copied. | |
VOID | SeReleaseObjectTypeList (_In_ _Post_invalid_ POBJECT_TYPE_LIST_INTERNAL CapturedObjectTypeList, _In_ KPROCESSOR_MODE PreviousMode) |
Releases a buffer list of object types. | |
NTSTATUS NTAPI | SeCreateAccessStateEx (_In_ PETHREAD Thread, _In_ PEPROCESS Process, _In_ OUT PACCESS_STATE AccessState, _In_ PAUX_ACCESS_DATA AuxData, _In_ ACCESS_MASK Access, _In_ PGENERIC_MAPPING GenericMapping) |
BOOLEAN NTAPI | SeFastTraverseCheck (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE AccessMode) |
Determines whether security access rights can be given to an object depending on the security descriptor. Unlike the regular access check procedure in the NT kernel, the fast traverse check is a faster way to quickly check if access can be made into an object. | |
typedef struct _KNOWN_ACE KNOWN_ACE |
typedef struct _KNOWN_OBJECT_ACE KNOWN_OBJECT_ACE |
typedef struct _ACCESS_CHECK_RIGHTS * PACCESS_CHECK_RIGHTS |
typedef struct _KNOWN_ACE * PKNOWN_ACE |
typedef struct _KNOWN_COMPOUND_ACE * PKNOWN_COMPOUND_ACE |
typedef struct _KNOWN_OBJECT_ACE * PKNOWN_OBJECT_ACE |
ULONG RtlLengthSidAndAttributes | ( | _In_ ULONG | Count, |
_In_ PSID_AND_ATTRIBUTES | Src | ||
) |
Computes the length size of a SID.
[in] | Count | Total count of entries that have SIDs in them (that being PSID_AND_ATTRIBUTES in this context). |
[in] | Src | Source that points to the attributes and SID entry structure. |
Definition at line 965 of file token.c.
Referenced by NtQueryInformationToken(), SepPerformTokenFiltering(), and SeQueryInformationToken().
Peforms a security auditing against a process that is about to be created.
@unimplemented
[in] | Process | An object that points to a process which is in process of creation. |
Definition at line 56 of file audit.c.
Referenced by PspCreateProcess().
Peforms a security auditing against a process that is about to be terminated.
@unimplemented
[in] | Process | An object that points to a process which is in process of termination. |
Definition at line 77 of file audit.c.
Referenced by PspExitThread().
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray | ( | _In_ PLUID_AND_ATTRIBUTES | Src, |
_In_ ULONG | PrivilegeCount, | ||
_In_ KPROCESSOR_MODE | PreviousMode, | ||
_In_ PLUID_AND_ATTRIBUTES | AllocatedMem, | ||
_In_ ULONG | AllocatedLength, | ||
_In_ POOL_TYPE | PoolType, | ||
_In_ BOOLEAN | CaptureIfKernel, | ||
_Out_ PLUID_AND_ATTRIBUTES * | Dest, | ||
_Inout_ PULONG | Length | ||
) |
Referenced by NtAdjustPrivilegesToken(), NtCreateToken(), and NtFilterToken().
NTSTATUS SeCaptureObjectTypeList | ( | _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST | ObjectTypeList, |
_In_ ULONG | ObjectTypeListLength, | ||
_In_ KPROCESSOR_MODE | PreviousMode, | ||
_Out_ POBJECT_TYPE_LIST_INTERNAL * | CapturedObjectTypeList | ||
) |
Captures a list of object types and converts it to an internal form for use by the kernel. The list is validated before its data is copied.
[in] | ObjectTypeList | A pointer to a list of object types passed from UM to be captured. |
[in] | ObjectTypeListLength | The length size of the list. This length represents the number of object elements in that list. |
[in] | PreviousMode | Processor access level mode. This has to be set to UserMode as object type access check is not supported in the kernel. |
[out] | CapturedObjectTypeList | A pointer to a returned captured list of object types. |
Definition at line 282 of file objtype.c.
Referenced by SepAccessCheck(), and SepAccessCheckAndAuditAlarm().
NTSTATUS NTAPI SeCaptureSidAndAttributesArray | ( | _In_ PSID_AND_ATTRIBUTES | SrcSidAndAttributes, |
_In_ ULONG | AttributeCount, | ||
_In_ KPROCESSOR_MODE | PreviousMode, | ||
_In_opt_ PVOID | AllocatedMem, | ||
_In_ ULONG | AllocatedLength, | ||
_In_ POOL_TYPE | PoolType, | ||
_In_ BOOLEAN | CaptureIfKernel, | ||
_Out_ PSID_AND_ATTRIBUTES * | CapturedSidAndAttributes, | ||
_Out_ PULONG | ResultLength | ||
) |
Captures a SID with attributes.
[in] | SrcSidAndAttributes | Source of the SID with attributes to be captured. |
[in] | AttributeCount | The number count of attributes, in total. |
[in] | PreviousMode | Processor access level mode. |
[in] | AllocatedMem | The allocated memory buffer for the captured SID. If the caller supplies no allocated block of memory then the function will allocate some buffer block of memory for the captured SID automatically. |
[in] | AllocatedLength | The length of the buffer that points to the allocated memory, in bytes. |
[in] | PoolType | The pool type for the captured SID and attributes to assign. |
[in] | CaptureIfKernel | If set to TRUE, the capturing is done within the kernel. Otherwise the capturing is done in a kernel mode driver. |
[out] | CapturedSidAndAttributes | The captured SID and attributes. |
[out] | ResultLength | The length of the captured SID and attributes, in bytes. |
For this reason, the logic of copying the SIDs and their attributes into a new buffer goes like this: first, allocate a buffer array that just holds the lengths and subauthority count of each SID. Such information is copied in the first loop. Then in a second loop, iterate over the array with SID provided and copy them into the final array. The moment we're doing this, validate the lengths of each SID basing upon the captured lengths we've got before. In this way we ensure that the SIDs have remained intact. The validation checks are done in user mode as a general rule that we just cannot trust UM and whatever data is coming from it.
Definition at line 693 of file sid.c.
Referenced by NtAdjustGroupsToken(), NtCreateToken(), and NtFilterToken().
VOID NTAPI SeCaptureSubjectContextEx | ( | _In_ PETHREAD | Thread, |
_In_ PEPROCESS | Process, | ||
_Out_ PSECURITY_SUBJECT_CONTEXT | SubjectContext | ||
) |
An extended function that captures the security subject context based upon the specified thread and process.
[in] | Thread | A thread where the calling thread's token is to be referenced for the security context. |
[in] | Process | A process where the main process' token is to be referenced for the security context. |
[out] | SubjectContext | The returned security subject context. |
Definition at line 41 of file subject.c.
Referenced by SeCaptureSubjectContext(), and SeCreateAccessStateEx().
BOOLEAN NTAPI SeCheckAuditPrivilege | ( | _In_ PSECURITY_SUBJECT_CONTEXT | SubjectContext, |
_In_ KPROCESSOR_MODE | PreviousMode | ||
) |
Checks a single privilege and performs an audit against a privileged service based on a security subject context.
[in] | DesiredAccess | Security subject context used for privileged service auditing. |
[in] | PreviousMode | Processor level access mode. |
Definition at line 360 of file priv.c.
Referenced by NtCloseObjectAuditAlarm(), NtOpenObjectAuditAlarm(), NtPrivilegedServiceAuditAlarm(), and SepAccessCheckAndAuditAlarm().
BOOLEAN NTAPI SeCheckPrivilegedObject | ( | _In_ LUID | PrivilegeValue, |
_In_ HANDLE | ObjectHandle, | ||
_In_ ACCESS_MASK | DesiredAccess, | ||
_In_ KPROCESSOR_MODE | PreviousMode | ||
) |
Checks a privileged object if such object has the specific privilege submitted by the caller.
[in] | PrivilegeValue | A privilege to be checked against the one from the object. |
[in] | ObjectHandle | A handle to any kind of object. |
[in] | DesiredAccess | Desired access right mask requested by the caller. |
[in] | PreviousMode | Processor level access mode. |
Definition at line 803 of file priv.c.
Referenced by NtSetInformationProcess(), and NtSetInformationThread().
NTSTATUS NTAPI SeComputeQuotaInformationSize | ( | _In_ PSECURITY_DESCRIPTOR | SecurityDescriptor, |
_Out_ PULONG | QuotaInfoSize | ||
) |
Referenced by ObpCaptureObjectCreateInformation().
NTSTATUS NTAPI SeCopyClientToken | ( | _In_ PACCESS_TOKEN | Token, |
_In_ SECURITY_IMPERSONATION_LEVEL | Level, | ||
_In_ KPROCESSOR_MODE | PreviousMode, | ||
_Out_ PACCESS_TOKEN * | NewToken | ||
) |
Copies an existing access token (technically duplicating a new one).
[in] | Token | Token to copy. |
[in] | Level | Impersonation security level to assign to the newly copied token. |
[in] | PreviousMode | Processor request level mode. |
[out] | NewToken | The newly copied token. |
Definition at line 1542 of file token.c.
Referenced by PsImpersonateClient(), and SepCreateClientSecurity().
NTSTATUS NTAPI SeCreateAccessStateEx | ( | _In_ PETHREAD | Thread, |
_In_ PEPROCESS | Process, | ||
_In_ OUT PACCESS_STATE | AccessState, | ||
_In_ PAUX_ACCESS_DATA | AuxData, | ||
_In_ ACCESS_MASK | Access, | ||
_In_ PGENERIC_MAPPING | GenericMapping | ||
) |
Referenced by PspCreateProcess(), and PspCreateThread().
Removes the primary token of a process.
[in,out] | Process | The process instance with the access token to be removed. |
Definition at line 936 of file token.c.
Referenced by PspDeleteProcessSecurity(), and SeAssignPrimaryToken().
NTSTATUS NTAPI SeDefaultObjectMethod | ( | _In_ PVOID | Object, |
_In_ SECURITY_OPERATION_CODE | OperationType, | ||
_In_ PSECURITY_INFORMATION | SecurityInformation, | ||
_Inout_opt_ PSECURITY_DESCRIPTOR | SecurityDescriptor, | ||
_Inout_opt_ PULONG | ReturnLength, | ||
_Inout_opt_ PSECURITY_DESCRIPTOR * | OldSecurityDescriptor, | ||
_In_ POOL_TYPE | PoolType, | ||
_In_ PGENERIC_MAPPING | GenericMapping | ||
) |
Peforms a detailed security auditing with an access token.
@unimplemented
Definition at line 34 of file audit.c.
Referenced by ObInitProcess(), PspCreateProcess(), and PspExitThread().
NTSTATUS NTAPI SeExchangePrimaryToken | ( | _In_ PEPROCESS | Process, |
_In_ PACCESS_TOKEN | NewAccessToken, | ||
_Out_ PACCESS_TOKEN * | OldAccessToken | ||
) |
Replaces the old access token of a process (pointed by the EPROCESS kernel structure) with a new access token. The new access token must be a primary token for use.
[in] | Process | The process instance where its access token is about to be replaced. |
[in] | NewAccessToken | The new token that it's going to replace the old one. |
[out] | OldAccessToken | The returned old token that's been replaced, which the caller can do anything. |
Definition at line 846 of file token.c.
Referenced by PspAssignPrimaryToken().
BOOLEAN NTAPI SeFastTraverseCheck | ( | _In_ PSECURITY_DESCRIPTOR | SecurityDescriptor, |
_In_ PACCESS_STATE | AccessState, | ||
_In_ ACCESS_MASK | DesiredAccess, | ||
_In_ KPROCESSOR_MODE | AccessMode | ||
) |
Determines whether security access rights can be given to an object depending on the security descriptor. Unlike the regular access check procedure in the NT kernel, the fast traverse check is a faster way to quickly check if access can be made into an object.
[in] | SecurityDescriptor | Security descriptor of the object that is being accessed. |
[in] | AccessState | An access state to determine if the access token in the current security context of the object is an restricted token. |
[in] | DesiredAccess | The access right bitmask where the calling thread wants to acquire. |
[in] | AccessMode | Process level request mode. |
Definition at line 2138 of file accesschk.c.
Referenced by IopParseDevice(), and ObpCheckTraverseAccess().
Retrieves the DOS device map from a logon session.
[in] | LogonId | A valid logon session ID. |
[out] | DeviceMap | The returned device map buffer from the logon session. |
Definition at line 1347 of file srm.c.
Referenced by ObpReferenceDeviceMap(), and ObpSetCurrentProcessDeviceMap().
VOID NTAPI SeGetTokenControlInformation | ( | _In_ PACCESS_TOKEN | _Token, |
_Out_ PTOKEN_CONTROL | TokenControl | ||
) |
Retrieves token control information.
[in] | _Token | A valid token object. |
[out] | SecurityDescriptor | The returned token control information. |
Definition at line 1720 of file token.c.
Referenced by SepCreateClientSecurity().
NTSTATUS NTAPI SeInitializeProcessAuditName | ( | _In_ PFILE_OBJECT | FileObject, |
_In_ BOOLEAN | DoAudit, | ||
_Out_ POBJECT_NAME_INFORMATION * | AuditInfo | ||
) |
Initializes a process audit name and returns it to the caller.
[in] | FileObject | File object that points to a name to be queried. |
[in] | DoAudit | If set to TRUE, the function will perform various security auditing onto the audit name. |
[out] | AuditInfo | The returned audit info data. |
Definition at line 105 of file audit.c.
Referenced by MmInitializeProcessAddressSpace(), and SeLocateProcessImageName().
Main security manager initialization function.
Definition at line 285 of file semgr.c.
Referenced by ExpInitializeExecutive(), and Phase1InitializationDiscard().
Checks if the token is a child of the other token of the current process that the calling thread is invoking this function.
[in] | Token | An access token to determine if it's a child or not. |
[out] | IsChild | The returned boolean result. |
Definition at line 1433 of file token.c.
Referenced by PspSetPrimaryToken().
Checks if the token is a sibling of the other token of the current process that the calling thread is invoking this function.
[in] | Token | An access token to determine if it's a sibling or not. |
[out] | IsSibling | The returned boolean result. |
Definition at line 1482 of file token.c.
Referenced by PspSetPrimaryToken().
NTSTATUS NTAPI SepCaptureAcl | ( | _In_ PACL | InputAcl, |
_In_ KPROCESSOR_MODE | AccessMode, | ||
_In_ POOL_TYPE | PoolType, | ||
_In_ BOOLEAN | CaptureIfKernel, | ||
_Out_ PACL * | CapturedAcl | ||
) |
Captures an access control list from an already valid input ACL.
[in] | InputAcl | A valid ACL. |
[in] | AccessMode | Processor level access mode. The processor mode determines how the input arguments are probed. |
[in] | PoolType | Pool type for new captured ACL for creation. The pool type determines in which memory pool the ACL data should reside. |
[in] | CaptureIfKernel | If set to TRUE and the processor access mode being KernelMode, we are capturing an ACL directly in the kernel. Otherwise we are capturing within a kernel mode driver. |
[out] | CapturedAcl | The returned and allocated captured ACL. |
Definition at line 352 of file acl.c.
Referenced by NtCreateToken(), and NtSetInformationToken().
NTSTATUS NTAPI SepCaptureSecurityQualityOfService | ( | _In_opt_ POBJECT_ATTRIBUTES | ObjectAttributes, |
_In_ KPROCESSOR_MODE | AccessMode, | ||
_In_ POOL_TYPE | PoolType, | ||
_In_ BOOLEAN | CaptureIfKernel, | ||
_Out_ PSECURITY_QUALITY_OF_SERVICE * | CapturedSecurityQualityOfService, | ||
_Out_ PBOOLEAN | Present | ||
) |
Captures the security quality of service data given the object attributes from an object.
[in] | ObjectAttributes | Attributes of an object where SQOS is to be retrieved. If the caller doesn't fill object attributes to the function, it automatically assumes SQOS is not present, or if, there's no SQOS present in the object attributes list of the object itself. |
[in] | AccessMode | Processor access mode. |
[in] | PoolType | The pool type for the captured SQOS to be used for allocation. |
[in] | CaptureIfKernel | Capture access condition. To be set to TRUE if the capture is done within the kernel, FALSE if the capture is done in a kernel mode driver or user mode otherwise. |
[out] | CapturedSecurityQualityOfService | The captured SQOS data from the object. |
[out] | Present | Returns TRUE if SQOS is present in an object, FALSE otherwise. FALSE is also immediately returned if no object attributes is given to the call. |
Definition at line 52 of file sqos.c.
Referenced by NtDuplicateToken().
NTSTATUS NTAPI SepCaptureSid | ( | _In_ PSID | InputSid, |
_In_ KPROCESSOR_MODE | AccessMode, | ||
_In_ POOL_TYPE | PoolType, | ||
_In_ BOOLEAN | CaptureIfKernel, | ||
_Out_ PSID * | CapturedSid | ||
) |
Captures a SID.
[in] | InputSid | A valid security identifier to be captured. |
[in] | AccessMode | Processor level access mode. |
[in] | PoolType | Pool memory type for the captured SID to assign upon allocation. |
[in] | CaptureIfKernel | If set to TRUE, the capturing is done within the kernel. Otherwise the capturing is done in a kernel mode driver. |
[out] | CapturedSid | The captured security identifier, returned to the caller. |
Definition at line 314 of file sid.c.
Referenced by NtCreateToken(), NtSecureConnectPort(), NtSetInformationToken(), SepAccessCheck(), and SepAccessCheckAndAuditAlarm().
ULONG SepComputeAvailableDynamicSpace | ( | _In_ ULONG | DynamicCharged, |
_In_ PSID | PrimaryGroup, | ||
_In_opt_ PACL | DefaultDacl | ||
) |
Computes the exact available dynamic area of an access token whilst querying token statistics.
[in] | DynamicCharged | The current charged dynamic area of an access token. This must not be 0! |
[in] | PrimaryGroup | A pointer to a primary group SID. |
[in] | DefaultDacl | If provided, this pointer points to a default DACL of an access token. |
Definition at line 659 of file token.c.
Referenced by NtQueryInformationToken(), and SeQueryInformationToken().
NTSTATUS NTAPI SepCreateImpersonationTokenDacl | ( | _In_ PTOKEN | Token, |
_In_ PTOKEN | PrimaryToken, | ||
_Out_ PACL * | Dacl | ||
) |
Allocates a discretionary access control list based on certain properties of a regular and primary access tokens.
[in] | Token | An access token. |
[in] | PrimaryToken | A primary access token. |
[out] | Dacl | The returned allocated DACL. |
Definition at line 277 of file acl.c.
Referenced by SepOpenThreadToken().
Creates the anonymous logon token for the system. The difference between this token and the other one is the inclusion of everyone SID group (being SeWorldSid). The other token lacks such group.
Definition at line 1868 of file token.c.
Referenced by SepInitializationPhase0().
Creates the anonymous logon token for the system. This kind of token doesn't include the everyone SID group (being SeWorldSid).
Definition at line 1938 of file token.c.
Referenced by SepInitializationPhase0().
Creates the system process token.
Definition at line 1753 of file token.c.
Referenced by SepInitializationPhase0().
NTSTATUS NTAPI SepCreateToken | ( | _Out_ PHANDLE | TokenHandle, |
_In_ KPROCESSOR_MODE | PreviousMode, | ||
_In_ ACCESS_MASK | DesiredAccess, | ||
_In_opt_ POBJECT_ATTRIBUTES | ObjectAttributes, | ||
_In_ TOKEN_TYPE | TokenType, | ||
_In_ SECURITY_IMPERSONATION_LEVEL | ImpersonationLevel, | ||
_In_ PLUID | AuthenticationId, | ||
_In_ PLARGE_INTEGER | ExpirationTime, | ||
_In_ PSID_AND_ATTRIBUTES | User, | ||
_In_ ULONG | GroupCount, | ||
_In_ PSID_AND_ATTRIBUTES | Groups, | ||
_In_ ULONG | GroupsLength, | ||
_In_ ULONG | PrivilegeCount, | ||
_In_ PLUID_AND_ATTRIBUTES | Privileges, | ||
_In_opt_ PSID | Owner, | ||
_In_ PSID | PrimaryGroup, | ||
_In_opt_ PACL | DefaultDacl, | ||
_In_ PTOKEN_SOURCE | TokenSource, | ||
_In_ BOOLEAN | SystemToken | ||
) |
Internal function responsible for access token object creation in the kernel. A fully created token objected is inserted into the token handle, thus the handle becoming a valid handle to an access token object and ready for use.
[out] | TokenHandle | Valid token handle that's ready for use after token creation and object insertion. |
[in] | PreviousMode | Processor request level mode. |
[in] | DesiredAccess | Desired access right for the token object to be granted. This kind of access right impacts how the token can be used and who. |
[in] | ObjectAttributes | Object attributes for the token to be created. |
[in] | TokenType | Type of token to assign upon creation. |
[in] | ImpersonationLevel | Security impersonation level of token to assign upon creation. |
[in] | AuthenticationId | Authentication ID that represents the authentication information of the token. |
[in] | ExpirationTime | Expiration time of the token to assign. A value of -1 means that the token never expires and its life depends upon the amount of references this token object has. |
[in] | User | User entry to assign to the token. |
[in] | GroupCount | The total number of groups count for the token. |
[in] | Groups | The group entries for the token. |
[in] | GroupsLength | The length size of the groups array, pointed by the Groups parameter. |
[in] | PrivilegeCount | The total number of priivleges that the newly created token has. |
[in] | Privileges | The privileges for the token. |
[in] | Owner | The main user (or also owner) that represents the token that we create. |
[in] | PrimaryGroup | The main group that represents the token that we create. |
[in] | DefaultDacl | A discretionary access control list for the token. |
[in] | TokenSource | Source (or the origin) of the access token that creates it. |
[in] | SystemToken | If set to TRUE, the newly created token is a system token and only in charge by the internal system. The function directly returns a pointer to the created token object for system kernel use. Otherwise if set to FALSE, the function inserts the object to a handle making it a regular access token. |
Definition at line 97 of file tokenlif.c.
Referenced by NtCreateToken(), SepCreateSystemAnonymousLogonToken(), SepCreateSystemAnonymousLogonTokenNoEveryone(), and SepCreateSystemProcessToken().
Creates a lock for the token.
Definition at line 45 of file token.c.
Referenced by SepCreateToken(), SepDuplicateToken(), and SepPerformTokenFiltering().
Deletes a lock of a token.
Definition at line 74 of file token.c.
Referenced by SepDeleteToken().
NTSTATUS NTAPI SepDuplicateToken | ( | _In_ PTOKEN | Token, |
_In_opt_ POBJECT_ATTRIBUTES | ObjectAttributes, | ||
_In_ BOOLEAN | EffectiveOnly, | ||
_In_ TOKEN_TYPE | TokenType, | ||
_In_ SECURITY_IMPERSONATION_LEVEL | Level, | ||
_In_ KPROCESSOR_MODE | PreviousMode, | ||
_Out_ PTOKEN * | NewAccessToken | ||
) |
Duplicates an access token, from an existing valid token.
[in] | Token | Access token to duplicate. |
[in] | ObjectAttributes | Object attributes for the new token. |
[in] | EffectiveOnly | If set to TRUE, the function removes all the disabled privileges and groups of the token to duplicate. |
[in] | TokenType | Type of token. |
[in] | Level | Security impersonation level of a token. |
[in] | PreviousMode | The processor request level mode. |
[out] | NewAccessToken | The duplicated token. |
Definition at line 471 of file tokenlif.c.
Referenced by NtDuplicateToken(), SeCopyClientToken(), SepOpenThreadToken(), and SeSubProcessToken().
NTSTATUS SepFindPrimaryGroupAndDefaultOwner | ( | _In_ PTOKEN | Token, |
_In_ PSID | PrimaryGroup, | ||
_In_opt_ PSID | DefaultOwner, | ||
_Out_opt_ PULONG | PrimaryGroupIndex, | ||
_Out_opt_ PULONG | DefaultOwnerIndex | ||
) |
Finds the primary group and default owner entity based on the submitted primary group instance and an access token.
[in] | Token | Access token to begin the search query of primary group and default owner. |
[in] | PrimaryGroup | A primary group SID to be used for search query, determining if user & groups of a token and the submitted primary group do match. |
[in] | DefaultOwner | The default owner. If specified, it's used to determine if the token belongs to the actual user, that is, being the owner himself. |
[out] | PrimaryGroupIndex | Returns the primary group index. |
[out] | DefaultOwnerIndex | Returns the default owner index. |
Definition at line 1011 of file token.c.
Referenced by NtSetInformationToken(), SepCreateToken(), SepDuplicateToken(), and SepPerformTokenFiltering().
FORCEINLINE PACL SepGetDaclFromDescriptor | ( | _Inout_ PSECURITY_DESCRIPTOR | _Descriptor | ) |
Definition at line 129 of file se.h.
Referenced by _IRQL_requires_max_(), RtlGetDaclSecurityDescriptor(), RtlLengthSecurityDescriptor(), RtlpQuerySecurityDescriptor(), RtlValidSecurityDescriptor(), SeCaptureSecurityDescriptor(), SeFastTraverseCheck(), and SepDumpSdDebugInfo().
FORCEINLINE PSID SepGetGroupFromDescriptor | ( | _Inout_ PSECURITY_DESCRIPTOR | _Descriptor | ) |
Definition at line 89 of file se.h.
Referenced by _IRQL_requires_max_(), RtlGetGroupSecurityDescriptor(), RtlLengthSecurityDescriptor(), RtlpQuerySecurityDescriptor(), RtlValidSecurityDescriptor(), SeCaptureSecurityDescriptor(), SepAccessCheck(), SepAccessCheckAndAuditAlarm(), and SepDumpSdDebugInfo().
Captures an object type GUID from an object access control entry (ACE).
[in] | Ace | A pointer to an access control entry, of which the object type GUID is to be captured from. |
[in] | IsAceDenied | If set to TRUE, the function will capture the GUID from a denied object ACE, otherwise from the allowed object ACE. |
Definition at line 180 of file objtype.c.
Referenced by SepAnalyzeAcesFromDacl().
FORCEINLINE PSID SepGetOwnerFromDescriptor | ( | _Inout_ PSECURITY_DESCRIPTOR | _Descriptor | ) |
Definition at line 109 of file se.h.
Referenced by _IRQL_requires_max_(), RtlGetOwnerSecurityDescriptor(), RtlLengthSecurityDescriptor(), RtlpQuerySecurityDescriptor(), RtlValidSecurityDescriptor(), SeCaptureSecurityDescriptor(), SepAccessCheck(), SepAccessCheckAndAuditAlarm(), SepDumpSdDebugInfo(), and SepTokenIsOwner().
FORCEINLINE PACL SepGetSaclFromDescriptor | ( | _Inout_ PSECURITY_DESCRIPTOR | _Descriptor | ) |
Definition at line 151 of file se.h.
Referenced by _IRQL_requires_max_(), RtlGetSaclSecurityDescriptor(), RtlLengthSecurityDescriptor(), RtlpQuerySecurityDescriptor(), RtlValidSecurityDescriptor(), SeCaptureSecurityDescriptor(), and SepDumpSdDebugInfo().
Captures a security identifier from a given access control entry. This identifier is valid for the whole of its lifetime.
[in] | Ace | A pointer to an access control entry, which can be obtained from a DACL. |
Definition at line 572 of file sid.c.
Referenced by SepAnalyzeAcesFromDacl().
Initializes known discretionary access control lists in the system upon kernel and Executive initialization procedure.
Definition at line 38 of file acl.c.
Referenced by SepInitializationPhase0().
Internal function that initializes critical kernel data for access token implementation in SRM.
Definition at line 1649 of file token.c.
Referenced by SepInitializationPhase0().
Initializes the privileges during the startup phase of the security manager module. This function serves as a placeholder as it currently does nothing.
Definition at line 71 of file priv.c.
Referenced by SepInitializationPhase0().
Initializes the known security descriptors in the system.
Definition at line 37 of file sd.c.
Referenced by SepInitializationPhase0().
Initializes all the SIDs known in the system.
Definition at line 115 of file sid.c.
Referenced by SepInitializationPhase0().
BOOLEAN SepObjectTypeGuidInList | ( | _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST_INTERNAL | ObjectTypeList, |
_In_ ULONG | ObjectTypeListLength, | ||
_In_ PGUID | ObjectTypeGuid, | ||
_Out_ PULONG | ObjectIndex | ||
) |
Searches for an object type GUID if it exists on an object type list.
[in] | ObjectTypeList | A pointer to an object type list. |
[in] | ObjectTypeListLength | The length of the list, representing the number of object elements in that list. |
[in] | ObjectTypeGuid | A pointer to an object type GUID to search in the list of interest. |
[out] | ObjectIndex | If the function found the target GUID, the function returns a pointer to the object index location to this parameter. |
Definition at line 223 of file objtype.c.
Referenced by SepAllowAccessObjectTypeList(), SepAllowAccessObjectTypeResultList(), SepDenyAccessObjectTypeList(), and SepDenyAccessObjectTypeResultList().
BOOLEAN NTAPI SepPrivilegeCheck | ( | _In_ PTOKEN | Token, |
_In_ PLUID_AND_ATTRIBUTES | Privileges, | ||
_In_ ULONG | PrivilegeCount, | ||
_In_ ULONG | PrivilegeControl, | ||
_In_ KPROCESSOR_MODE | PreviousMode | ||
) |
Checks the privileges pointed by Privileges array argument if they exist and match with the privileges from an access token.
[in] | Token | An access token where privileges are to be checked. |
[in] | Privileges | An array of privileges with attributes used as checking indicator for the function. |
[in] | PrivilegeCount | The total number count of privileges in the array. |
[in] | PrivilegeControl | Privilege control bit mask to determine if we should check all the privileges based on the number count of privileges or not. |
[in] | PreviousMode | Processor level access mode. |
Definition at line 104 of file priv.c.
Referenced by NtPrivilegeCheck(), SeCheckAuditPrivilege(), SePrivilegeCheck(), and SepSinglePrivilegeCheck().
NTSTATUS SepPropagateAcl | ( | _Out_writes_bytes_opt_(DaclLength) PACL | AclDest, |
_Inout_ PULONG | AclLength, | ||
_In_reads_bytes_(AclSource->AclSize) PACL | AclSource, | ||
_In_ PSID | Owner, | ||
_In_ PSID | Group, | ||
_In_ BOOLEAN | IsInherited, | ||
_In_ BOOLEAN | IsDirectoryObject, | ||
_In_ PGENERIC_MAPPING | GenericMapping | ||
) |
Referenced by NtSetInformationToken().
NTSTATUS NTAPI SepRegQueryHelper | ( | _In_ PCWSTR | KeyName, |
_In_ PCWSTR | ValueName, | ||
_In_ ULONG | ValueType, | ||
_In_ ULONG | DataLength, | ||
_Out_ PVOID | ValueData | ||
) |
A private registry helper that returns the desired value data based on the specifics requested by the caller.
[in] | KeyName | Name of the key. |
[in] | ValueName | Name of the registry value. |
[in] | ValueType | The type of the registry value. |
[in] | DataLength | The data length, in bytes, representing the size of the registry value. |
[out] | ValueData | The requested value data provided by the function. |
Definition at line 93 of file srm.c.
Referenced by SepAdtInitializeBounds(), and SepImpersonateAnonymousToken().
VOID NTAPI SepReleaseAcl | ( | _In_ PACL | CapturedAcl, |
_In_ KPROCESSOR_MODE | AccessMode, | ||
_In_ BOOLEAN | CaptureIfKernel | ||
) |
Releases (frees) a captured ACL from the memory pool.
[in] | CapturedAcl | A valid captured ACL to free. |
[in] | AccessMode | Processor level access mode. |
[in] | CaptureIfKernel | If set to TRUE and the processor access mode being KernelMode, we're releasing an ACL directly in the kernel. Otherwise we're releasing within a kernel mode driver. |
Definition at line 464 of file acl.c.
Referenced by NtCreateToken(), and NtSetInformationToken().
VOID NTAPI SepReleaseSecurityQualityOfService | ( | _In_opt_ PSECURITY_QUALITY_OF_SERVICE | CapturedSecurityQualityOfService, |
_In_ KPROCESSOR_MODE | AccessMode, | ||
_In_ BOOLEAN | CaptureIfKernel | ||
) |
Releases (frees) the captured SQOS data from an object in the memory pool.
[in] | CapturedSecurityQualityOfService | The captured SQOS data to be released. |
[in] | AccessMode | Processor access mode. |
[in] | CaptureIfKernel | Capture access condition. To be set to TRUE if the capture is done within the kernel, FALSE if the capture is done in a kernel mode driver or user mode otherwise. |
Definition at line 225 of file sqos.c.
Referenced by NtDuplicateToken().
VOID NTAPI SepReleaseSid | ( | _In_ PSID | CapturedSid, |
_In_ KPROCESSOR_MODE | AccessMode, | ||
_In_ BOOLEAN | CaptureIfKernel | ||
) |
Releases a captured SID.
[in] | CapturedSid | The captured SID to be released. |
[in] | AccessMode | Processor level access mode. |
[in] | CaptureIfKernel | If set to TRUE, the releasing is done within the kernel. Otherwise the releasing is done in a kernel mode driver. |
Definition at line 400 of file sid.c.
Referenced by NtCreateToken(), NtSecureConnectPort(), NtSetInformationToken(), SepAccessCheck(), and SepAccessCheckAndAuditAlarm().
Removes a privilege from the token.
[in,out] | Token | The token where the privilege is to be removed. |
[in] | Index | The index count which represents the number position of the privilege we want to remove. |
Definition at line 582 of file token.c.
Referenced by SepAdjustPrivileges(), SepDuplicateToken(), and SepPerformTokenFiltering().
Removes a group from the token.
[in,out] | Token | The token where the group is to be removed. |
[in] | Index | The index count which represents the number position of the group we want to remove. |
Definition at line 618 of file token.c.
Referenced by SepDuplicateToken().
VOID NTAPI SePrivilegedServiceAuditAlarm | ( | _In_opt_ PUNICODE_STRING | ServiceName, |
_In_ PSECURITY_SUBJECT_CONTEXT | SubjectContext, | ||
_In_ PPRIVILEGE_SET | PrivilegeSet, | ||
_In_ BOOLEAN | AccessGranted | ||
) |
Performs an audit alarm to a privileged service request.
[in] | ServiceName | A Unicode string that represents the name of a privileged service request for auditing. |
[in] | SubjectContext | A security subject context used for the auditing process. |
[in] | PrivilegeSet | An array set of privileges used to check if the privileged service does actually have all the required set of privileges for security access. |
[in] | AccessGranted | When auditing is done, the function will return TRUE to the caller if access is granted, FALSE otherwise. |
Definition at line 369 of file audit.c.
Referenced by SeCheckAuditPrivilege(), and SeSinglePrivilegeCheck().
NTSTATUS NTAPI SePrivilegePolicyCheck | ( | _Inout_ PACCESS_MASK | DesiredAccess, |
_Inout_ PACCESS_MASK | GrantedAccess, | ||
_In_ PSECURITY_SUBJECT_CONTEXT | SubjectContext, | ||
_In_ PTOKEN | Token, | ||
_Out_opt_ PPRIVILEGE_SET * | OutPrivilegeSet, | ||
_In_ KPROCESSOR_MODE | PreviousMode | ||
) |
Checks the security policy and returns a set of privileges based upon the said security policy context.
[in,out] | DesiredAccess | The desired access right mask. |
[in,out] | GrantedAccess | The granted access rights masks. The rights are granted depending on the desired access rights requested by the calling thread. |
[in] | SubjectContext | Security subject context. If the caller supplies one, the access token supplied by the caller will be assigned to one of client or primary tokens of the subject context in question. |
[in] | Token | An access token. |
[out] | OutPrivilegeSet | An array set of privileges to be reported to the caller, if the actual calling thread wants such set of privileges in the first place. |
[in] | PreviousMode | Processor level access mode. |
Definition at line 244 of file priv.c.
Referenced by SepAccessCheck(), and SepAccessCheckWorker().
Referenced by NtSetInformationToken(), and SepDeleteToken().
Inserts a logon session into an access token specified by the caller.
[in,out] | Token | An access token where the logon session is about to be inserted in. |
Definition at line 368 of file srm.c.
Referenced by SepCreateToken(), SepDuplicateToken(), and SepPerformTokenFiltering().
Referenced by SepCreateToken(), SepDuplicateToken(), and SepPerformTokenFiltering().
Removes a logon session from an access token.
[in,out] | Token | An access token whose logon session is to be removed from it. |
Definition at line 449 of file srm.c.
Referenced by NtSetInformationToken(), and SepDeleteToken().
PACL SepSelectAcl | ( | _In_opt_ PACL | ExplicitAcl, |
_In_ BOOLEAN | ExplicitPresent, | ||
_In_ BOOLEAN | ExplicitDefaulted, | ||
_In_opt_ PACL | ParentAcl, | ||
_In_opt_ PACL | DefaultAcl, | ||
_Out_ PULONG | AclLength, | ||
_In_ PSID | Owner, | ||
_In_ PSID | Group, | ||
_Out_ PBOOLEAN | AclPresent, | ||
_Out_ PBOOLEAN | IsInherited, | ||
_In_ BOOLEAN | IsDirectoryObject, | ||
_In_ PGENERIC_MAPPING | GenericMapping | ||
) |
Selects an ACL and returns it to the caller.
[in] | ExplicitAcl | If specified, the specified ACL to the call will be the selected ACL for the caller. |
[in] | ExplicitPresent | If set to TRUE and with specific ACL filled to the call, the function will immediately return the specific ACL as the selected ACL for the caller. |
[in] | ExplicitDefaulted | If set to FALSE and with specific ACL filled to the call, the ACL is not a default ACL. Otherwise it's a default ACL that we cannot select it as is. |
[in] | ParentAcl | If specified, the parent ACL will be used to determine the exact ACL length to check if the ACL in question is not empty. If the list is not empty then the function will select such ACL to the caller. |
[in] | DefaultAcl | If specified, the default ACL will be the selected one for the caller. |
[out] | AclLength | The size length of an ACL. |
[in] | Owner | A SID that represents the main user that identifies the ACL. |
[in] | Group | A SID that represents a group that identifies the ACL. |
[out] | AclPresent | The returned boolean value, indicating if the ACL that we want to select does actually exist. |
[out] | IsInherited | The returned boolean value, indicating if the ACL we want to select it is actually inherited or not. |
[in] | IsDirectoryObject | If set to TRUE, the object inherits this ACL. |
[in] | GenericMapping | Generic mapping of access rights to map only certain effective ACEs of an ACL that we want to select it. |
Definition at line 804 of file acl.c.
Checks if a SID is present in a token.
Definition at line 547 of file sid.c.
Referenced by SepTokenIsOwner().
BOOLEAN NTAPI SepSidInTokenEx | ( | _In_ PACCESS_TOKEN | _Token, |
_In_ PSID | PrincipalSelfSid, | ||
_In_ PSID | _Sid, | ||
_In_ BOOLEAN | Deny, | ||
_In_ BOOLEAN | Restricted | ||
) |
Checks if a SID is present in a token.
[in] | _Token | A valid token object. |
[in] | PrincipalSelfSid | A principal self SID. |
[in] | _Sid | A regular SID. |
[in] | Deny | If set to TRUE, the caller expected that a SID in a token must be a deny-only SID, that is, access checks are performed only for deny-only ACEs of the said SID. |
[in] | Restricted | If set to TRUE, the caller expects that a SID in a token is restricted (by the general definition, a token is restricted). |
Definition at line 443 of file sid.c.
Referenced by SepAnalyzeAcesFromDacl(), SepSidInToken(), and SepTokenIsOwner().
BOOLEAN NTAPI SepTokenIsOwner | ( | _In_ PACCESS_TOKEN | _Token, |
_In_ PSECURITY_DESCRIPTOR | SecurityDescriptor, | ||
_In_ BOOLEAN | TokenLocked | ||
) |
Checks if a token belongs to the main user, being the owner.
[in] | _Token | A valid token object. |
[in] | SecurityDescriptor | A security descriptor where the owner is to be found. |
[in] | TokenLocked | If set to TRUE, the token has been already locked and there's no need to lock it again. Otherwise the function will acquire the lock. |
Definition at line 511 of file token.c.
Referenced by SeAccessCheck(), and SepAccessCheck().
Updates the token's flags based upon the privilege that the token has been granted. The function uses the private helper, SepUpdateSinglePrivilegeFlagToken, in order to update the flags of a token.
[in,out] | Token | The token where the flags are to be changed. |
Definition at line 554 of file token.c.
Referenced by SepCreateToken().
Updates the token's flags based upon the privilege that the token has been granted. The flag can either be taken out or given to the token if the attributes of the specified privilege is enabled or not.
[in,out] | Token | The token where the flags are to be changed. |
[in] | Index | The index count which represents the total sum of privileges. The count in question MUST NOT exceed the expected privileges count of the token. |
Definition at line 442 of file token.c.
Referenced by SepAdjustPrivileges(), SepPerformTokenFiltering(), and SepUpdatePrivilegeFlagsToken().
VOID NTAPI SeQuerySecurityAccessMask | ( | _In_ SECURITY_INFORMATION | SecurityInformation, |
_Out_ PACCESS_MASK | DesiredAccess | ||
) |
Queries the access mask from a security information context.
[in] | SecurityInformation | The security information context where the access mask is to be gathered. |
[out] | DesiredAccess | The queried access mask right. |
Definition at line 427 of file semgr.c.
Referenced by NtQuerySecurityObject().
VOID NTAPI SeReleaseLuidAndAttributesArray | ( | _In_ PLUID_AND_ATTRIBUTES | Privilege, |
_In_ KPROCESSOR_MODE | PreviousMode, | ||
_In_ BOOLEAN | CaptureIfKernel | ||
) |
Releases a LUID with attributes structure.
[in] | Privilege | Array of a LUID and attributes that represents a privilege. |
[in] | PreviousMode | Processor level access mode. |
[in] | CaptureIfKernel | If set to TRUE, the releasing is done in the kernel itself. FALSE if the releasing is done in a kernel mode driver instead. |
Definition at line 554 of file priv.c.
Referenced by NtAdjustPrivilegesToken(), NtCreateToken(), NtFilterToken(), and NtPrivilegeCheck().
VOID SeReleaseObjectTypeList | ( | _In_ _Post_invalid_ POBJECT_TYPE_LIST_INTERNAL | CapturedObjectTypeList, |
_In_ KPROCESSOR_MODE | PreviousMode | ||
) |
Releases a buffer list of object types.
[in] | CapturedObjectTypeList | A list of object types to free. |
[in] | PreviousMode | Processor access level mode. |
Definition at line 378 of file objtype.c.
Referenced by SepAccessCheck(), and SepAccessCheckAndAuditAlarm().
VOID NTAPI SeReleaseSidAndAttributesArray | ( | _In_ _Post_invalid_ PSID_AND_ATTRIBUTES | CapturedSidAndAttributes, |
_In_ KPROCESSOR_MODE | AccessMode, | ||
_In_ BOOLEAN | CaptureIfKernel | ||
) |
Releases a captured SID with attributes.
[in] | CapturedSidAndAttributes | The captured SID with attributes to be released. |
[in] | AccessMode | Processor access level mode. |
[in] | CaptureIfKernel | If set to TRUE, the releasing is done within the kernel. Otherwise the releasing is done in a kernel mode driver. |
Definition at line 976 of file sid.c.
Referenced by NtAdjustGroupsToken(), NtCreateToken(), and NtFilterToken().
Manages the phase 0 initialization of the security reference monitoring module of the kernel.
Definition at line 176 of file srm.c.
Referenced by SepInitializationPhase0().
Manages the phase 1 initialization of the security reference monitoring module of the kernel.
Definition at line 211 of file srm.c.
Referenced by Phase1InitializationDiscard().
VOID NTAPI SeSetSecurityAccessMask | ( | _In_ SECURITY_INFORMATION | SecurityInformation, |
_Out_ PACCESS_MASK | DesiredAccess | ||
) |
Sets the access mask for a security information context.
[in] | SecurityInformation | The security information context to apply a new access right. |
[out] | DesiredAccess | The returned access mask right. |
Definition at line 460 of file semgr.c.
Referenced by NtSetSecurityObject().
NTSTATUS NTAPI SeSetWorldSecurityDescriptor | ( | _In_ SECURITY_INFORMATION | SecurityInformation, |
_In_ PISECURITY_DESCRIPTOR | SecurityDescriptor, | ||
_In_ PULONG | BufferLength | ||
) |
Sets a "World" security descriptor.
[in] | SecurityInformation | Security information details, alongside with the security descriptor to set the World SD. |
[in] | SecurityDescriptor | A security descriptor buffer. |
[in] | BufferLength | Length size of the buffer. |
Definition at line 155 of file sd.c.
Referenced by IopGetSetSecurityObject().
NTSTATUS NTAPI SeSubProcessToken | ( | _In_ PTOKEN | ParentToken, |
_Out_ PTOKEN * | Token, | ||
_In_ BOOLEAN | InUse, | ||
_In_ ULONG | SessionId | ||
) |
Subtracts a token in exchange of duplicating a new one.
[in] | ParentToken | The parent access token for duplication. |
[out] | Token | The new duplicated token. |
[in] | InUse | Set this to TRUE if the token is about to be used immediately after the call execution of this function, FALSE otherwise. |
[in] | SessionId | Session ID for the token to be assigned. |
Definition at line 1373 of file token.c.
Referenced by PspInitializeProcessSecurity().
BOOLEAN NTAPI SeTokenCanImpersonate | ( | _In_ PTOKEN | ProcessToken, |
_In_ PTOKEN | TokenToImpersonate, | ||
_In_ SECURITY_IMPERSONATION_LEVEL | ImpersonationLevel | ||
) |
Determines whether the server is allowed to impersonate on behalf of a client or not. For further details, see Remarks.
[in] | ProcessToken | A pointer to the primary access token of the server process that requests impersonation of the client target. |
[in] | TokenToImpersonate | A pointer to an access token that represents a client that is to be impersonated. |
[in] | ImpersonationLevel | The requested impersonation level. |
If the associated access token that represents the security properties of the server is granted the SeImpersonatePrivilege privilege the server is given immediate impersonation, regardless of the conditions above. If the client in question is associated with an anonymous token then the server is given immediate impersonation. Or if the server simply doesn't ask for impersonation but instead it wants to get the security identification of a client, the server is given immediate impersonation.
Definition at line 2207 of file token.c.
Referenced by PsImpersonateClient().
Determines if a token is a sandbox inert token or not, based upon the token flags.
Definition at line 1583 of file token.c.
Referenced by NtQueryInformationToken().
|
extern |
Definition at line 45 of file sid.c.
Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().
|
extern |
Definition at line 41 of file sid.c.
Referenced by FreeInitializedSids(), IopCreateDefaultDeviceSecurityDescriptor(), MiCreateMemoryEvent(), NtCreatePagingFile(), ObpCreateKernelObjectsSD(), ObpGetDosDevicesProtection(), SepCreateImpersonationTokenDacl(), SepCreateSystemProcessToken(), SepCreateToken(), SepDuplicateToken(), SepInitDACLs(), SepInitExports(), SepInitializationPhase1(), SepInitSecurityIDs(), and SepPerformTokenFiltering().
|
extern |
Definition at line 48 of file sid.c.
Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().
|
extern |
Definition at line 43 of file sid.c.
Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().
|
extern |
Definition at line 44 of file sid.c.
Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().
|
extern |
Definition at line 47 of file sid.c.
Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().
|
extern |
Definition at line 46 of file sid.c.
Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().
|
extern |
Definition at line 42 of file sid.c.
Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().
|
extern |
Definition at line 213 of file se.h.
Referenced by FreeInitializedSids(), SepCreateSystemAnonymousLogonToken(), SepCreateSystemAnonymousLogonTokenNoEveryone(), SepInitDACLs(), SepInitExports(), and SepInitSecurityIDs().
|
extern |
Definition at line 19 of file semgr.c.
Referenced by SepImpersonateAnonymousToken(), and SepInitializationPhase0().
|
extern |
Definition at line 20 of file semgr.c.
Referenced by SepImpersonateAnonymousToken(), and SepInitializationPhase0().
Definition at line 22 of file priv.c.
Referenced by PspSetPrimaryToken(), SepCreateSystemProcessToken(), and SepInitExports().
Definition at line 40 of file priv.c.
Referenced by SeCheckAuditPrivilege(), SepCreateSystemProcessToken(), and SepInitExports().
|
extern |
Definition at line 39 of file sid.c.
Referenced by FreeInitializedSids(), and SepInitSecurityIDs().
|
extern |
Definition at line 49 of file sid.c.
Referenced by FreeInitializedSids(), SepCreateSystemProcessToken(), SepInitExports(), and SepInitSecurityIDs().
Definition at line 36 of file priv.c.
Referenced by IopCheckBackupRestorePrivilege(), NtSaveKeyEx(), NtSaveMergedKeys(), SepCreateSystemProcessToken(), and SepInitExports().
|
extern |
Definition at line 34 of file sid.c.
Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().
Definition at line 34 of file priv.c.
Referenced by NtCreatePagingFile(), SepCreateSystemProcessToken(), and SepInitExports().
Definition at line 35 of file priv.c.
Referenced by NtMakePermanentObject(), ObCreateObject(), SepCreateSystemProcessToken(), and SepInitExports().
Definition at line 21 of file priv.c.
Referenced by NtCreateToken(), SepCreateSystemProcessToken(), and SepInitExports().
|
extern |
Definition at line 30 of file sid.c.
Referenced by FreeInitializedSids(), and SepInitSecurityIDs().
|
extern |
Definition at line 28 of file sid.c.
Referenced by FreeInitializedSids(), SepInitExports(), SepInitSecurityIDs(), and SepPropagateAcl().
|
extern |
Definition at line 29 of file sid.c.
Referenced by FreeInitializedSids(), and SepInitSecurityIDs().
|
extern |
Definition at line 27 of file sid.c.
Referenced by FreeInitializedSids(), ObpGetDosDevicesProtection(), SepInitExports(), SepInitSecurityIDs(), and SepPropagateAcl().
|
extern |
Definition at line 21 of file sid.c.
Referenced by SepInitSecurityIDs().
Definition at line 39 of file priv.c.
Referenced by NtOpenProcess(), NtOpenThread(), NtSetDebugFilterState(), NtSetInformationProcess(), NtSetInformationThread(), SepCreateSystemProcessToken(), SepInitExports(), and SSI_DEF().
|
extern |
Definition at line 32 of file sid.c.
Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().
Definition at line 46 of file priv.c.
Referenced by SepInitExports().
Definition at line 33 of file priv.c.
Referenced by NtSetInformationProcess(), NtSetInformationThread(), SepCreateSystemProcessToken(), and SepInitExports().
Definition at line 24 of file priv.c.
Referenced by PspSetQuotaLimits(), SepCreateSystemProcessToken(), and SepInitExports().
|
extern |
Definition at line 35 of file sid.c.
Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().
Definition at line 29 of file priv.c.
Referenced by IopUnloadDriver(), NtLoadDriver(), SepCreateSystemProcessToken(), SepInitExports(), and SSI_DEF().
|
extern |
Definition at line 52 of file sid.c.
Referenced by SepInitExports(), and SepInitSecurityIDs().
|
extern |
Definition at line 26 of file sid.c.
Referenced by FreeInitializedSids(), SepCreateSystemProcessToken(), SepInitExports(), and SepInitSecurityIDs().
|
extern |
Definition at line 20 of file sid.c.
Referenced by SepInitSecurityIDs().
|
extern |
Definition at line 38 of file sid.c.
Referenced by FreeInitializedSids(), MiCreateMemoryEvent(), NtCreatePagingFile(), ObpCreateKernelObjectsSD(), ObpGetDosDevicesProtection(), SepCreateImpersonationTokenDacl(), SepCreateSystemProcessToken(), SepInitDACLs(), SepInitExports(), SepInitializationPhase1(), SepInitSecurityIDs(), and SePrivilegedServiceAuditAlarm().
Definition at line 23 of file priv.c.
Referenced by NtAllocateVirtualMemory(), NtLockVirtualMemory(), NtUnlockVirtualMemory(), SepCreateSystemProcessToken(), and SepInitExports().
Definition at line 47 of file priv.c.
Referenced by SepCreateSystemProcessToken(), and SepInitExports().
|
extern |
Definition at line 53 of file sid.c.
Referenced by SepInitExports(), and SepInitSecurityIDs().
|
extern |
Definition at line 33 of file sid.c.
Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().
|
extern |
Definition at line 31 of file sid.c.
Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().
|
extern |
Definition at line 22 of file sid.c.
Referenced by SepInitSecurityIDs().
|
extern |
Definition at line 24 of file sid.c.
Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().
|
extern |
Definition at line 18 of file sid.c.
Referenced by SepInitSecurityIDs().
|
extern |
Definition at line 37 of file sid.c.
Referenced by FreeInitializedSids(), SepInitSecurityIDs(), and SepSidInTokenEx().
Definition at line 32 of file priv.c.
Referenced by SepCreateSystemProcessToken(), and SepInitExports().
|
extern |
Definition at line 16 of file sd.c.
Referenced by ExpInitializeCallbacks(), IoCreateSymbolicLink(), SepInitializationPhase1(), and SepInitSDs().
|
extern |
Definition at line 18 of file acl.c.
Referenced by IopCreateDefaultDeviceSecurityDescriptor(), IopCreateSecurityDescriptorPerType(), SepInitDACLs(), and SepInitSDs().
|
extern |
Definition at line 17 of file sd.c.
Referenced by ExpCreateSystemRootLink(), ObInitSystem(), and SepInitSDs().
|
extern |
Definition at line 19 of file acl.c.
Referenced by IopCreateSecurityDescriptorPerType(), SepInitDACLs(), and SepInitSDs().
|
extern |
Definition at line 18 of file sd.c.
Referenced by SepInitSDs().
|
extern |
Definition at line 20 of file acl.c.
Referenced by IopCreateSecurityDescriptorPerType(), SepInitDACLs(), and SepInitSDs().
|
extern |
Definition at line 19 of file sd.c.
Referenced by SepInitSDs().
Definition at line 43 of file priv.c.
Referenced by SepInitExports().
Definition at line 37 of file priv.c.
Referenced by IopCheckBackupRestorePrivilege(), NtLoadKeyEx(), NtUnloadKey2(), SepCreateSystemProcessToken(), and SepInitExports().
|
extern |
Definition at line 40 of file sid.c.
Referenced by FreeInitializedSids(), SepCreateImpersonationTokenDacl(), SepInitDACLs(), and SepInitSecurityIDs().
|
extern |
Definition at line 50 of file sid.c.
Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().
Definition at line 27 of file priv.c.
Referenced by SepCreateSystemProcessToken(), SepInitExports(), and SePrivilegePolicyCheck().
|
extern |
Definition at line 36 of file sid.c.
Referenced by FreeInitializedSids(), and SepInitSecurityIDs().
Definition at line 38 of file priv.c.
Referenced by ExpRaiseHardError(), NtSetSystemPowerState(), SepCreateSystemProcessToken(), and SepInitExports().
Definition at line 45 of file priv.c.
Referenced by SepInitExports().
|
extern |
Definition at line 22 of file acl.c.
Referenced by SepCreateSystemAnonymousLogonToken(), SepCreateSystemAnonymousLogonTokenNoEveryone(), SepInitDACLs(), and SepInitSDs().
|
extern |
Definition at line 22 of file sd.c.
Referenced by SepInitSDs().
|
extern |
Definition at line 20 of file sd.c.
Referenced by SepInitSDs().
Definition at line 41 of file priv.c.
Referenced by NtQuerySystemEnvironmentValue(), NtSetSystemEnvironmentValue(), SepCreateSystemProcessToken(), and SepInitExports().
Definition at line 30 of file priv.c.
Referenced by NtCreateProfile(), and SepInitExports().
Definition at line 31 of file priv.c.
Referenced by NtSetSystemTime(), SepCreateSystemProcessToken(), SepInitExports(), and SSI_DEF().
Definition at line 28 of file priv.c.
Referenced by SepCreateSystemProcessToken(), SepInitExports(), and SePrivilegePolicyCheck().
Definition at line 26 of file priv.c.
Referenced by ApphelpCacheAccessCheck(), ExpRaiseHardError(), NtDisplayString(), NtGetPlugPlayEvent(), NtPlugPlayControl(), NtSetDefaultHardErrorPort(), NtSetInformationObject(), NtSetInformationProcess(), NtSetInformationToken(), SepCreateSystemProcessToken(), SepInitExports(), SepSinglePrivilegeCheck(), and SSI_DEF().
Definition at line 44 of file priv.c.
Referenced by SepCreateSystemProcessToken(), and SepInitExports().
|
extern |
Definition at line 21 of file acl.c.
Referenced by SepInitDACLs(), and SepInitSDs().
|
extern |
Definition at line 21 of file sd.c.
Referenced by SepInitSDs().
Definition at line 25 of file priv.c.
Referenced by SepInitExports().
|
extern |
Definition at line 25 of file sid.c.
Referenced by CmpQuerySecurityDescriptor(), FreeInitializedSids(), IopCreateDefaultDeviceSecurityDescriptor(), MiCreateMemoryEvent(), ObpCreateKernelObjectsSD(), ObpGetDosDevicesProtection(), SeFastTraverseCheck(), SepCreateSystemAnonymousLogonToken(), SepCreateSystemProcessToken(), SepInitDACLs(), SepInitExports(), SepInitializationPhase1(), SepInitSecurityIDs(), and SeSetWorldSecurityDescriptor().
|
extern |
Definition at line 19 of file sid.c.
Referenced by SepInitSecurityIDs().