ReactOS  0.4.15-dev-2155-g06f57e1
se.h File Reference

Go to the source code of this file.

Classes

struct  _KNOWN_ACE
 
struct  _KNOWN_OBJECT_ACE
 
struct  _KNOWN_COMPOUND_ACE
 

Macros

#define SepAcquireTokenLockExclusive(Token)
 
#define SepAcquireTokenLockShared(Token)
 
#define SepReleaseTokenLock(Token)
 

Typedefs

typedef struct _KNOWN_ACE KNOWN_ACE
 
typedef struct _KNOWN_ACEPKNOWN_ACE
 
typedef struct _KNOWN_OBJECT_ACE KNOWN_OBJECT_ACE
 
typedef struct _KNOWN_OBJECT_ACEPKNOWN_OBJECT_ACE
 
typedef struct _KNOWN_COMPOUND_ACE KNOWN_COMPOUND_ACE
 
typedef struct _KNOWN_COMPOUND_ACEPKNOWN_COMPOUND_ACE
 

Functions

FORCEINLINE PSID SepGetGroupFromDescriptor (PVOID _Descriptor)
 
FORCEINLINE PSID SepGetOwnerFromDescriptor (PVOID _Descriptor)
 
FORCEINLINE PACL SepGetDaclFromDescriptor (PVOID _Descriptor)
 
FORCEINLINE PACL SepGetSaclFromDescriptor (PVOID _Descriptor)
 
BOOLEAN NTAPI SepTokenIsOwner (IN PACCESS_TOKEN _Token, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN TokenLocked)
 
BOOLEAN NTAPI SepSidInToken (IN PACCESS_TOKEN _Token, IN PSID Sid)
 
BOOLEAN NTAPI SepSidInTokenEx (IN PACCESS_TOKEN _Token, IN PSID PrincipalSelfSid, IN PSID _Sid, IN BOOLEAN Deny, IN BOOLEAN Restricted)
 
BOOLEAN NTAPI SeInitSystem (VOID)
 
VOID NTAPI SepInitPrivileges (VOID)
 
BOOLEAN NTAPI SepInitSecurityIDs (VOID)
 
BOOLEAN NTAPI SepInitDACLs (VOID)
 
BOOLEAN NTAPI SepInitSDs (VOID)
 
BOOLEAN NTAPI SeRmInitPhase0 (VOID)
 
BOOLEAN NTAPI SeRmInitPhase1 (VOID)
 
VOID NTAPI SeDeassignPrimaryToken (struct _EPROCESS *Process)
 
NTSTATUS NTAPI SeSubProcessToken (IN PTOKEN Parent, OUT PTOKEN *Token, IN BOOLEAN InUse, IN ULONG SessionId)
 
NTSTATUS NTAPI SeInitializeProcessAuditName (IN PFILE_OBJECT FileObject, IN BOOLEAN DoAudit, OUT POBJECT_NAME_INFORMATION *AuditInfo)
 
NTSTATUS NTAPI SeCreateAccessStateEx (IN PETHREAD Thread, IN PEPROCESS Process, IN OUT PACCESS_STATE AccessState, IN PAUX_ACCESS_DATA AuxData, IN ACCESS_MASK Access, IN PGENERIC_MAPPING GenericMapping)
 
NTSTATUS NTAPI SeIsTokenChild (IN PTOKEN Token, OUT PBOOLEAN IsChild)
 
NTSTATUS NTAPI SeIsTokenSibling (IN PTOKEN Token, OUT PBOOLEAN IsSibling)
 
NTSTATUS NTAPI SepCreateImpersonationTokenDacl (_In_ PTOKEN Token, _In_ PTOKEN PrimaryToken, _Out_ PACL *Dacl)
 
VOID NTAPI SepInitializeTokenImplementation (VOID)
 
PTOKEN NTAPI SepCreateSystemProcessToken (VOID)
 
BOOLEAN NTAPI SeDetailedAuditingWithToken (IN PTOKEN Token)
 
VOID NTAPI SeAuditProcessExit (IN PEPROCESS Process)
 
VOID NTAPI SeAuditProcessCreate (IN PEPROCESS Process)
 
NTSTATUS NTAPI SeExchangePrimaryToken (_In_ PEPROCESS Process, _In_ PACCESS_TOKEN NewAccessToken, _Out_ PACCESS_TOKEN *OldAccessToken)
 
VOID NTAPI SeCaptureSubjectContextEx (IN PETHREAD Thread, IN PEPROCESS Process, OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
 
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src, ULONG PrivilegeCount, KPROCESSOR_MODE PreviousMode, PLUID_AND_ATTRIBUTES AllocatedMem, ULONG AllocatedLength, POOL_TYPE PoolType, BOOLEAN CaptureIfKernel, PLUID_AND_ATTRIBUTES *Dest, PULONG Length)
 
VOID NTAPI SeReleaseLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Privilege, KPROCESSOR_MODE PreviousMode, BOOLEAN CaptureIfKernel)
 
BOOLEAN NTAPI SepPrivilegeCheck (PTOKEN Token, PLUID_AND_ATTRIBUTES Privileges, ULONG PrivilegeCount, ULONG PrivilegeControl, KPROCESSOR_MODE PreviousMode)
 
NTSTATUS NTAPI SePrivilegePolicyCheck (_Inout_ PACCESS_MASK DesiredAccess, _Inout_ PACCESS_MASK GrantedAccess, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PTOKEN Token, _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet, _In_ KPROCESSOR_MODE PreviousMode)
 
BOOLEAN NTAPI SeCheckPrivilegedObject (IN LUID PrivilegeValue, IN HANDLE ObjectHandle, IN ACCESS_MASK DesiredAccess, IN KPROCESSOR_MODE PreviousMode)
 
NTSTATUS NTAPI SepDuplicateToken (_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
 
NTSTATUS NTAPI SepCaptureSecurityQualityOfService (IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, OUT PBOOLEAN Present)
 
VOID NTAPI SepReleaseSecurityQualityOfService (IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
 
NTSTATUS NTAPI SepCaptureSid (IN PSID InputSid, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSID *CapturedSid)
 
VOID NTAPI SepReleaseSid (IN PSID CapturedSid, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
 
NTSTATUS NTAPI SeCaptureSidAndAttributesArray (_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
 
VOID NTAPI SeReleaseSidAndAttributesArray (_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
 
NTSTATUS NTAPI SeComputeQuotaInformationSize (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PULONG QuotaInfoSize)
 
NTSTATUS NTAPI SepCaptureAcl (IN PACL InputAcl, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PACL *CapturedAcl)
 
VOID NTAPI SepReleaseAcl (IN PACL CapturedAcl, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
 
NTSTATUS SepPropagateAcl (_Out_writes_bytes_opt_(DaclLength) PACL AclDest, _Inout_ PULONG AclLength, _In_reads_bytes_(AclSource->AclSize) PACL AclSource, _In_ PSID Owner, _In_ PSID Group, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
 
PACL SepSelectAcl (_In_opt_ PACL ExplicitAcl, _In_ BOOLEAN ExplicitPresent, _In_ BOOLEAN ExplicitDefaulted, _In_opt_ PACL ParentAcl, _In_opt_ PACL DefaultAcl, _Out_ PULONG AclLength, _In_ PSID Owner, _In_ PSID Group, _Out_ PBOOLEAN AclPresent, _Out_ PBOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
 
NTSTATUS NTAPI SeDefaultObjectMethod (PVOID Object, SECURITY_OPERATION_CODE OperationType, PSECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR NewSecurityDescriptor, PULONG ReturnLength, PSECURITY_DESCRIPTOR *OldSecurityDescriptor, POOL_TYPE PoolType, PGENERIC_MAPPING GenericMapping)
 
NTSTATUS NTAPI SeSetWorldSecurityDescriptor (SECURITY_INFORMATION SecurityInformation, PISECURITY_DESCRIPTOR SecurityDescriptor, PULONG BufferLength)
 
NTSTATUS NTAPI SeCopyClientToken (IN PACCESS_TOKEN Token, IN SECURITY_IMPERSONATION_LEVEL Level, IN KPROCESSOR_MODE PreviousMode, OUT PACCESS_TOKEN *NewToken)
 
VOID NTAPI SeQuerySecurityAccessMask (IN SECURITY_INFORMATION SecurityInformation, OUT PACCESS_MASK DesiredAccess)
 
VOID NTAPI SeSetSecurityAccessMask (IN SECURITY_INFORMATION SecurityInformation, OUT PACCESS_MASK DesiredAccess)
 
BOOLEAN NTAPI SeFastTraverseCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PACCESS_STATE AccessState, IN ACCESS_MASK DesiredAccess, IN KPROCESSOR_MODE AccessMode)
 
BOOLEAN NTAPI SeCheckAuditPrivilege (_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
 
VOID NTAPI SePrivilegedServiceAuditAlarm (_In_opt_ PUNICODE_STRING ServiceName, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN AccessGranted)
 
NTSTATUS SepRmReferenceLogonSession (PLUID LogonLuid)
 
NTSTATUS SepRmDereferenceLogonSession (PLUID LogonLuid)
 
NTSTATUS NTAPI SeGetLogonIdDeviceMap (IN PLUID LogonId, OUT PDEVICE_MAP *DeviceMap)
 

Variables

SID_IDENTIFIER_AUTHORITY SeNullSidAuthority
 
SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority
 
SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority
 
SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority
 
SID_IDENTIFIER_AUTHORITY SeNtSidAuthority
 
PSID SeNullSid
 
PSID SeWorldSid
 
PSID SeLocalSid
 
PSID SeCreatorOwnerSid
 
PSID SeCreatorGroupSid
 
PSID SeCreatorOwnerServerSid
 
PSID SeCreatorGroupServerSid
 
PSID SeNtAuthoritySid
 
PSID SeDialupSid
 
PSID SeNetworkSid
 
PSID SeBatchSid
 
PSID SeInteractiveSid
 
PSID SeServiceSid
 
PSID SeAnonymousLogonSid
 
PSID SePrincipalSelfSid
 
PSID SeLocalSystemSid
 
PSID SeAuthenticatedUserSid
 
PSID SeRestrictedCodeSid
 
PSID SeAliasAdminsSid
 
PSID SeAliasUsersSid
 
PSID SeAliasGuestsSid
 
PSID SeAliasPowerUsersSid
 
PSID SeAliasAccountOpsSid
 
PSID SeAliasSystemOpsSid
 
PSID SeAliasPrintOpsSid
 
PSID SeAliasBackupOpsSid
 
PSID SeAuthenticatedUsersSid
 
PSID SeRestrictedSid
 
PSID SeLocalServiceSid
 
PSID SeNetworkServiceSid
 
const LUID SeCreateTokenPrivilege
 
const LUID SeAssignPrimaryTokenPrivilege
 
const LUID SeLockMemoryPrivilege
 
const LUID SeIncreaseQuotaPrivilege
 
const LUID SeUnsolicitedInputPrivilege
 
const LUID SeTcbPrivilege
 
const LUID SeSecurityPrivilege
 
const LUID SeTakeOwnershipPrivilege
 
const LUID SeLoadDriverPrivilege
 
const LUID SeSystemProfilePrivilege
 
const LUID SeSystemtimePrivilege
 
const LUID SeProfileSingleProcessPrivilege
 
const LUID SeIncreaseBasePriorityPrivilege
 
const LUID SeCreatePagefilePrivilege
 
const LUID SeCreatePermanentPrivilege
 
const LUID SeBackupPrivilege
 
const LUID SeRestorePrivilege
 
const LUID SeShutdownPrivilege
 
const LUID SeDebugPrivilege
 
const LUID SeAuditPrivilege
 
const LUID SeSystemEnvironmentPrivilege
 
const LUID SeChangeNotifyPrivilege
 
const LUID SeRemoteShutdownPrivilege
 
const LUID SeUndockPrivilege
 
const LUID SeSyncAgentPrivilege
 
const LUID SeEnableDelegationPrivilege
 
const LUID SeManageVolumePrivilege
 
const LUID SeImpersonatePrivilege
 
const LUID SeCreateGlobalPrivilege
 
const LUID SeTrustedCredmanPrivilege
 
const LUID SeRelabelPrivilege
 
const LUID SeIncreaseWorkingSetPrivilege
 
const LUID SeTimeZonePrivilege
 
const LUID SeCreateSymbolicLinkPrivilege
 
PACL SePublicDefaultUnrestrictedDacl
 
PACL SePublicOpenDacl
 
PACL SePublicOpenUnrestrictedDacl
 
PACL SeUnrestrictedDacl
 
PSECURITY_DESCRIPTOR SePublicDefaultSd
 
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
 
PSECURITY_DESCRIPTOR SePublicOpenSd
 
PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
 
PSECURITY_DESCRIPTOR SeSystemDefaultSd
 
PSECURITY_DESCRIPTOR SeUnrestrictedSd
 

Macro Definition Documentation

◆ SepAcquireTokenLockExclusive

#define SepAcquireTokenLockExclusive (   Token)
Value:
{ \
KeEnterCriticalRegion(); \
ExAcquireResourceExclusiveLite(((PTOKEN)Token)->TokenLock, TRUE); \
}
#define TRUE
Definition: types.h:120
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token

Definition at line 200 of file se.h.

◆ SepAcquireTokenLockShared

#define SepAcquireTokenLockShared (   Token)
Value:
{ \
KeEnterCriticalRegion(); \
ExAcquireResourceSharedLite(((PTOKEN)Token)->TokenLock, TRUE); \
}
#define TRUE
Definition: types.h:120
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token

Definition at line 205 of file se.h.

◆ SepReleaseTokenLock

#define SepReleaseTokenLock (   Token)
Value:
{ \
ExReleaseResourceLite(((PTOKEN)Token)->TokenLock); \
KeLeaveCriticalRegion(); \
}
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token

Definition at line 211 of file se.h.

Typedef Documentation

◆ KNOWN_ACE

◆ KNOWN_COMPOUND_ACE

◆ KNOWN_OBJECT_ACE

◆ PKNOWN_ACE

◆ PKNOWN_COMPOUND_ACE

◆ PKNOWN_OBJECT_ACE

Function Documentation

◆ SeAuditProcessCreate()

VOID NTAPI SeAuditProcessCreate ( IN PEPROCESS  Process)

Definition at line 33 of file audit.c.

34 {
35  /* FIXME */
36 }

Referenced by PspCreateProcess().

◆ SeAuditProcessExit()

VOID NTAPI SeAuditProcessExit ( IN PEPROCESS  Process)

Definition at line 40 of file audit.c.

41 {
42  /* FIXME */
43 }

Referenced by PspExitThread().

◆ SeCaptureLuidAndAttributesArray()

NTSTATUS NTAPI SeCaptureLuidAndAttributesArray ( PLUID_AND_ATTRIBUTES  Src,
ULONG  PrivilegeCount,
KPROCESSOR_MODE  PreviousMode,
PLUID_AND_ATTRIBUTES  AllocatedMem,
ULONG  AllocatedLength,
POOL_TYPE  PoolType,
BOOLEAN  CaptureIfKernel,
PLUID_AND_ATTRIBUTES Dest,
PULONG  Length 
)

Definition at line 287 of file priv.c.

296 {
299 
300  PAGED_CODE();
301 
302  if (PrivilegeCount == 0)
303  {
304  *Dest = 0;
305  *Length = 0;
306  return STATUS_SUCCESS;
307  }
308 
309  if (PreviousMode == KernelMode && !CaptureIfKernel)
310  {
311  *Dest = Src;
312  return STATUS_SUCCESS;
313  }
314 
315  /* FIXME - check PrivilegeCount for a valid number so we don't
316  cause an integer overflow or exhaust system resources! */
317 
318  BufferSize = PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
319  *Length = ROUND_UP(BufferSize, 4); /* round up to a 4 byte alignment */
320 
321  /* probe the buffer */
322  if (PreviousMode != KernelMode)
323  {
324  _SEH2_TRY
325  {
326  ProbeForRead(Src,
327  BufferSize,
328  sizeof(ULONG));
329  }
331  {
332  /* Return the exception code */
334  }
335  _SEH2_END;
336  }
337 
338  /* allocate enough memory or check if the provided buffer is
339  large enough to hold the array */
340  if (AllocatedMem != NULL)
341  {
342  if (AllocatedLength < BufferSize)
343  {
345  }
346 
347  *Dest = AllocatedMem;
348  }
349  else
350  {
352  BufferSize,
353  TAG_LUID);
354  if (*Dest == NULL)
355  {
357  }
358  }
359 
360  /* copy the array to the buffer */
361  _SEH2_TRY
362  {
363  RtlCopyMemory(*Dest,
364  Src,
365  BufferSize);
366  }
368  {
370  }
371  _SEH2_END;
372 
373  if (!NT_SUCCESS(Status) && AllocatedMem == NULL)
374  {
375  ExFreePoolWithTag(*Dest, TAG_LUID);
376  }
377 
378  return Status;
379 }
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
#define ROUND_UP(n, align)
Definition: eventvwr.h:31
LONG NTSTATUS
Definition: precomp.h:26
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
_SEH2_TRY
Definition: create.c:4226
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define TAG_LUID
Definition: tag.h:178
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
_SEH2_END
Definition: create.c:4400
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
unsigned int ULONG
Definition: retypes.h:1
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
#define STATUS_SUCCESS
Definition: shellext.h:65
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
#define BufferSize
Definition: mmc.h:75
_In_ WDFMEMORY _Out_opt_ size_t * BufferSize
Definition: wdfmemory.h:251
#define PAGED_CODE()

Referenced by NtAdjustPrivilegesToken(), NtCreateToken(), and NtPrivilegeCheck().

◆ SeCaptureSidAndAttributesArray()

NTSTATUS NTAPI SeCaptureSidAndAttributesArray ( _In_ PSID_AND_ATTRIBUTES  SrcSidAndAttributes,
_In_ ULONG  AttributeCount,
_In_ KPROCESSOR_MODE  PreviousMode,
_In_opt_ PVOID  AllocatedMem,
_In_ ULONG  AllocatedLength,
_In_ POOL_TYPE  PoolType,
_In_ BOOLEAN  CaptureIfKernel,
_Out_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes,
_Out_ PULONG  ResultLength 
)

Definition at line 354 of file sid.c.

364 {
365  ULONG ArraySize, RequiredLength, SidLength, i;
366  PSID_AND_ATTRIBUTES SidAndAttributes;
367  PUCHAR CurrentDest;
368  PISID Sid;
370  PAGED_CODE();
371 
372  *CapturedSidAndAttributes = NULL;
373  *ResultLength = 0;
374 
375  if (AttributeCount == 0)
376  {
377  return STATUS_SUCCESS;
378  }
379 
380  if (AttributeCount > 0x1000)
381  {
383  }
384 
385  if ((PreviousMode == KernelMode) && !CaptureIfKernel)
386  {
387  *CapturedSidAndAttributes = SrcSidAndAttributes;
388  return STATUS_SUCCESS;
389  }
390 
391  ArraySize = AttributeCount * sizeof(SID_AND_ATTRIBUTES);
392  RequiredLength = ALIGN_UP_BY(ArraySize, sizeof(ULONG));
393 
394  /* Check for user mode data */
395  if (PreviousMode != KernelMode)
396  {
397  _SEH2_TRY
398  {
399  /* First probe the whole array */
400  ProbeForRead(SrcSidAndAttributes, ArraySize, sizeof(ULONG));
401 
402  /* Loop the array elements */
403  for (i = 0; i < AttributeCount; i++)
404  {
405  /* Get the SID and probe the minimal structure */
406  Sid = SrcSidAndAttributes[i].Sid;
407  ProbeForRead(Sid, sizeof(*Sid), sizeof(ULONG));
408 
409  /* Verify that the SID is valid */
410  if (((Sid->Revision & 0xF) != SID_REVISION) ||
412  {
414  }
415 
416  /* Calculate the SID length and probe the full SID */
418  ProbeForRead(Sid, SidLength, sizeof(ULONG));
419 
420  /* Add the aligned length to the required length */
421  RequiredLength += ALIGN_UP_BY(SidLength, sizeof(ULONG));
422  }
423  }
425  {
427  }
428  _SEH2_END;
429  }
430  else
431  {
432  /* Loop the array elements */
433  for (i = 0; i < AttributeCount; i++)
434  {
435  /* Get the SID and it's length */
436  Sid = SrcSidAndAttributes[i].Sid;
438 
439  /* Add the aligned length to the required length */
440  RequiredLength += ALIGN_UP_BY(SidLength, sizeof(ULONG));
441  }
442  }
443 
444  /* Assume success */
447 
448  /* Check if we have no buffer */
449  if (AllocatedMem == NULL)
450  {
451  /* Allocate a new buffer */
452  SidAndAttributes = ExAllocatePoolWithTag(PoolType,
455  if (SidAndAttributes == NULL)
456  {
458  }
459  }
460  /* Otherwise check if the buffer is large enough */
461  else if (AllocatedLength >= RequiredLength)
462  {
463  /* Buffer is large enough, use it */
464  SidAndAttributes = AllocatedMem;
465  }
466  else
467  {
468  /* Buffer is too small, fail */
470  }
471 
472  *CapturedSidAndAttributes = SidAndAttributes;
473 
474  /* Check again for user mode */
475  if (PreviousMode != KernelMode)
476  {
477  _SEH2_TRY
478  {
479  /* The rest of the data starts after the array */
480  CurrentDest = (PUCHAR)SidAndAttributes;
481  CurrentDest += ALIGN_UP_BY(ArraySize, sizeof(ULONG));
482 
483  /* Loop the array elements */
484  for (i = 0; i < AttributeCount; i++)
485  {
486  /* Get the SID and it's length */
487  Sid = SrcSidAndAttributes[i].Sid;
489 
490  /* Copy attributes */
491  SidAndAttributes[i].Attributes = SrcSidAndAttributes[i].Attributes;
492 
493  /* Copy the SID to the current destination address */
494  SidAndAttributes[i].Sid = (PSID)CurrentDest;
495  RtlCopyMemory(CurrentDest, SrcSidAndAttributes[i].Sid, SidLength);
496 
497  /* Sanity checks */
498  ASSERT(RtlLengthSid(SidAndAttributes[i].Sid) == SidLength);
499  ASSERT(RtlValidSid(SidAndAttributes[i].Sid));
500 
501  /* Update the current destination address */
502  CurrentDest += ALIGN_UP_BY(SidLength, sizeof(ULONG));
503  }
504  }
506  {
508  }
509  _SEH2_END;
510  }
511  else
512  {
513  /* The rest of the data starts after the array */
514  CurrentDest = (PUCHAR)SidAndAttributes;
515  CurrentDest += ALIGN_UP_BY(ArraySize, sizeof(ULONG));
516 
517  /* Loop the array elements */
518  for (i = 0; i < AttributeCount; i++)
519  {
520  /* Get the SID and it's length */
521  Sid = SrcSidAndAttributes[i].Sid;
523 
524  /* Copy attributes */
525  SidAndAttributes[i].Attributes = SrcSidAndAttributes[i].Attributes;
526 
527  /* Copy the SID to the current destination address */
528  SidAndAttributes[i].Sid = (PSID)CurrentDest;
529  RtlCopyMemory(CurrentDest, SrcSidAndAttributes[i].Sid, SidLength);
530 
531  /* Update the current destination address */
532  CurrentDest += ALIGN_UP_BY(SidLength, sizeof(ULONG));
533  }
534  }
535 
536  /* Check for failure */
537  if (!NT_SUCCESS(Status))
538  {
539  /* Check if we allocated a new array */
540  if (SidAndAttributes != AllocatedMem)
541  {
542  /* Free the array */
543  ExFreePoolWithTag(SidAndAttributes, TAG_SID_AND_ATTRIBUTES);
544  }
545 
546  /* Set returned address to NULL */
547  *CapturedSidAndAttributes = NULL ;
548  }
549 
550  return Status;
551 }
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
unsigned char * PUCHAR
Definition: retypes.h:3
#define SID_REVISION
Definition: setypes.h:453
LONG NTSTATUS
Definition: precomp.h:26
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
_SEH2_TRY
Definition: create.c:4226
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define SID_MAX_SUB_AUTHORITIES
Definition: setypes.h:454
ULONG NTAPI RtlLengthSid(IN PSID Sid_)
Definition: sid.c:150
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
#define STATUS_INVALID_SID
Definition: ntstatus.h:356
BOOLEAN NTAPI RtlValidSid(IN PSID Sid_)
Definition: sid.c:21
Status
Definition: gdiplustypes.h:24
#define TAG_SID_AND_ATTRIBUTES
Definition: sid.c:16
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
#define ASSERT(a)
Definition: mode.c:45
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
struct _SID * PSID
Definition: eventlog.c:35
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
_SEH2_END
Definition: create.c:4400
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
_In_ ULONG _Out_opt_ PULONG RequiredLength
Definition: wmifuncs.h:29
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
unsigned int ULONG
Definition: retypes.h:1
#define ALIGN_UP_BY(size, align)
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3776
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
BYTE Revision
Definition: ms-dtyp.idl:199
#define STATUS_SUCCESS
Definition: shellext.h:65
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
#define PAGED_CODE()

Referenced by NtCreateToken().

◆ SeCaptureSubjectContextEx()

VOID NTAPI SeCaptureSubjectContextEx ( IN PETHREAD  Thread,
IN PEPROCESS  Process,
OUT PSECURITY_SUBJECT_CONTEXT  SubjectContext 
)

Definition at line 266 of file access.c.

269 {
271 
272  PAGED_CODE();
273 
274  /* Save the unique ID */
275  SubjectContext->ProcessAuditId = Process->UniqueProcessId;
276 
277  /* Check if we have a thread */
278  if (!Thread)
279  {
280  /* We don't, so no token */
281  SubjectContext->ClientToken = NULL;
282  }
283  else
284  {
285  /* Get the impersonation token */
287  &CopyOnOpen,
288  &EffectiveOnly,
289  &SubjectContext->ImpersonationLevel);
290  }
291 
292  /* Get the primary token */
294 }
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239
_Out_ PBOOLEAN CopyOnOpen
Definition: psfuncs.h:154
unsigned char BOOLEAN
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
PACCESS_TOKEN NTAPI PsReferenceImpersonationToken(IN PETHREAD Thread, OUT PBOOLEAN CopyOnOpen, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:808
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:417
#define PAGED_CODE()

Referenced by SeCaptureSubjectContext(), and SeCreateAccessStateEx().

◆ SeCheckAuditPrivilege()

BOOLEAN NTAPI SeCheckAuditPrivilege ( _In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext,
_In_ KPROCESSOR_MODE  PreviousMode 
)

Definition at line 253 of file priv.c.

256 {
257  PRIVILEGE_SET PrivilegeSet;
258  BOOLEAN Result;
259  PAGED_CODE();
260 
261  /* Initialize the privilege set with the single privilege */
262  PrivilegeSet.PrivilegeCount = 1;
263  PrivilegeSet.Control = PRIVILEGE_SET_ALL_NECESSARY;
264  PrivilegeSet.Privilege[0].Luid = SeAuditPrivilege;
265  PrivilegeSet.Privilege[0].Attributes = 0;
266 
267  /* Check against the primary token! */
268  Result = SepPrivilegeCheck(SubjectContext->PrimaryToken,
269  &PrivilegeSet.Privilege[0],
270  1,
272  PreviousMode);
273 
274  if (PreviousMode != KernelMode)
275  {
278  &PrivilegeSet,
279  Result);
280  }
281 
282  return Result;
283 }
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239
const LUID SeAuditPrivilege
Definition: priv.c:38
$ULONG Control
Definition: setypes.h:87
#define PRIVILEGE_SET_ALL_NECESSARY
Definition: setypes.h:83
unsigned char BOOLEAN
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
$ULONG PrivilegeCount
Definition: setypes.h:86
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
BOOLEAN NTAPI SepPrivilegeCheck(PTOKEN Token, PLUID_AND_ATTRIBUTES Privileges, ULONG PrivilegeCount, ULONG PrivilegeControl, KPROCESSOR_MODE PreviousMode)
Definition: priv.c:68
VOID NTAPI SePrivilegedServiceAuditAlarm(_In_opt_ PUNICODE_STRING ServiceName, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN AccessGranted)
Definition: audit.c:214
#define NULL
Definition: types.h:112
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]
Definition: setypes.h:88
#define PAGED_CODE()

Referenced by NtCloseObjectAuditAlarm(), NtOpenObjectAuditAlarm(), NtPrivilegedServiceAuditAlarm(), and SepAccessCheckAndAuditAlarm().

◆ SeCheckPrivilegedObject()

BOOLEAN NTAPI SeCheckPrivilegedObject ( IN LUID  PrivilegeValue,
IN HANDLE  ObjectHandle,
IN ACCESS_MASK  DesiredAccess,
IN KPROCESSOR_MODE  PreviousMode 
)

Definition at line 556 of file priv.c.

560 {
562  PRIVILEGE_SET Priv;
563  BOOLEAN Result;
564 
565  PAGED_CODE();
566 
568 
569  Priv.PrivilegeCount = 1;
571  Priv.Privilege[0].Luid = PrivilegeValue;
573 
575  if (PreviousMode != KernelMode)
576  {
577 #if 0
578  SePrivilegeObjectAuditAlarm(ObjectHandle,
581  &PrivilegeValue,
582  Result,
583  PreviousMode);
584 #endif
585  }
586 
588 
589  return Result;
590 }
VOID NTAPI SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:301
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
VOID NTAPI SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:360
$ULONG Control
Definition: setypes.h:87
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
#define PRIVILEGE_SET_ALL_NECESSARY
Definition: setypes.h:83
unsigned char BOOLEAN
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
$ULONG PrivilegeCount
Definition: setypes.h:86
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
BOOLEAN NTAPI SePrivilegeCheck(PPRIVILEGE_SET Privileges, PSECURITY_SUBJECT_CONTEXT SubjectContext, KPROCESSOR_MODE PreviousMode)
Definition: priv.c:487
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]
Definition: setypes.h:88
VOID NTAPI SePrivilegeObjectAuditAlarm(IN HANDLE Handle, IN PSECURITY_SUBJECT_CONTEXT SubjectContext, IN ACCESS_MASK DesiredAccess, IN PPRIVILEGE_SET Privileges, IN BOOLEAN AccessGranted, IN KPROCESSOR_MODE CurrentMode)
Definition: audit.c:845
#define PAGED_CODE()

Referenced by NtSetInformationProcess().

◆ SeComputeQuotaInformationSize()

NTSTATUS NTAPI SeComputeQuotaInformationSize ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_Out_ PULONG  QuotaInfoSize 
)

◆ SeCopyClientToken()

NTSTATUS NTAPI SeCopyClientToken ( IN PACCESS_TOKEN  Token,
IN SECURITY_IMPERSONATION_LEVEL  Level,
IN KPROCESSOR_MODE  PreviousMode,
OUT PACCESS_TOKEN NewToken 
)

Definition at line 1033 of file token.c.

1037 {
1038  NTSTATUS Status;
1040 
1041  PAGED_CODE();
1042 
1044  NULL,
1045  0,
1046  NULL,
1047  NULL);
1048 
1051  FALSE,
1053  Level,
1054  PreviousMode,
1055  (PTOKEN*)NewToken);
1056 
1057  return Status;
1058 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR Level
Definition: wmitypes.h:55
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Definition: token.c:681
#define FALSE
Definition: types.h:117
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define NULL
Definition: types.h:112
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
#define PAGED_CODE()

Referenced by SepCreateClientSecurity().

◆ SeCreateAccessStateEx()

NTSTATUS NTAPI SeCreateAccessStateEx ( IN PETHREAD  Thread,
IN PEPROCESS  Process,
IN OUT PACCESS_STATE  AccessState,
IN PAUX_ACCESS_DATA  AuxData,
IN ACCESS_MASK  Access,
IN PGENERIC_MAPPING  GenericMapping 
)

Definition at line 378 of file access.c.

384 {
385  ACCESS_MASK AccessMask = Access;
386  PTOKEN Token;
387  PAGED_CODE();
388 
389  /* Map the Generic Acess to Specific Access if we have a Mapping */
390  if ((Access & GENERIC_ACCESS) && (GenericMapping))
391  {
393  }
394 
395  /* Initialize the Access State */
397  ASSERT(AccessState->SecurityDescriptor == NULL);
398  ASSERT(AccessState->PrivilegesAllocated == FALSE);
399 
400  /* Initialize and save aux data */
401  RtlZeroMemory(AuxData, sizeof(AUX_ACCESS_DATA));
402  AccessState->AuxData = AuxData;
403 
404  /* Capture the Subject Context */
406  Process,
407  &AccessState->SubjectSecurityContext);
408 
409  /* Set Access State Data */
410  AccessState->RemainingDesiredAccess = AccessMask;
411  AccessState->OriginalDesiredAccess = AccessMask;
412  ExAllocateLocallyUniqueId(&AccessState->OperationID);
413 
414  /* Get the Token to use */
415  Token = SeQuerySubjectContextToken(&AccessState->SubjectSecurityContext);
416 
417  /* Check for Travers Privilege */
418  if (Token->TokenFlags & TOKEN_HAS_TRAVERSE_PRIVILEGE)
419  {
420  /* Preserve the Traverse Privilege */
422  }
423 
424  /* Set the Auxiliary Data */
425  AuxData->PrivilegeSet = (PPRIVILEGE_SET)((ULONG_PTR)AccessState +
427  Privileges));
428  if (GenericMapping) AuxData->GenericMapping = *GenericMapping;
429 
430  /* Return Sucess */
431  return STATUS_SUCCESS;
432 }
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define GENERIC_ACCESS
Definition: wlx.c:26
#define TOKEN_HAS_TRAVERSE_PRIVILEGE
Definition: setypes.h:1124
VOID NTAPI SeCaptureSubjectContextEx(IN PETHREAD Thread, IN PEPROCESS Process, OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:266
uint32_t ULONG_PTR
Definition: typedefs.h:65
#define FALSE
Definition: types.h:117
#define ASSERT(a)
Definition: mode.c:45
VOID NTAPI RtlMapGenericMask(IN OUT PACCESS_MASK AccessMask, IN PGENERIC_MAPPING GenericMapping)
Definition: access.c:50
_In_ ACCESS_MASK AccessMask
Definition: exfuncs.h:186
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
#define SeQuerySubjectContextToken(SubjectContext)
Definition: sefuncs.h:583
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
struct _PRIVILEGE_SET * PPRIVILEGE_SET
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:334
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
#define STATUS_SUCCESS
Definition: shellext.h:65
ULONG ACCESS_MASK
Definition: nt_native.h:40
#define PAGED_CODE()

Referenced by PspCreateProcess(), PspCreateThread(), and SeCreateAccessState().

◆ SeDeassignPrimaryToken()

VOID NTAPI SeDeassignPrimaryToken ( struct _EPROCESS Process)

◆ SeDefaultObjectMethod()

NTSTATUS NTAPI SeDefaultObjectMethod ( PVOID  Object,
SECURITY_OPERATION_CODE  OperationType,
PSECURITY_INFORMATION  SecurityInformation,
PSECURITY_DESCRIPTOR  NewSecurityDescriptor,
PULONG  ReturnLength,
PSECURITY_DESCRIPTOR OldSecurityDescriptor,
POOL_TYPE  PoolType,
PGENERIC_MAPPING  GenericMapping 
)

◆ SeDetailedAuditingWithToken()

BOOLEAN NTAPI SeDetailedAuditingWithToken ( IN PTOKEN  Token)

Definition at line 25 of file audit.c.

26 {
27  /* FIXME */
28  return FALSE;
29 }
#define FALSE
Definition: types.h:117

Referenced by ObInitProcess(), PspCreateProcess(), and PspExitThread().

◆ SeExchangePrimaryToken()

NTSTATUS NTAPI SeExchangePrimaryToken ( _In_ PEPROCESS  Process,
_In_ PACCESS_TOKEN  NewAccessToken,
_Out_ PACCESS_TOKEN OldAccessToken 
)

Definition at line 474 of file token.c.

478 {
479  PTOKEN OldToken;
480  PTOKEN NewToken = (PTOKEN)NewAccessToken;
481 
482  PAGED_CODE();
483 
484  if (NewToken->TokenType != TokenPrimary)
485  return STATUS_BAD_TOKEN_TYPE;
486 
487  if (NewToken->TokenInUse)
488  {
491 
492  /* Maybe we're trying to set the same token */
493  OldToken = PsReferencePrimaryToken(Process);
494  if (OldToken == NewToken)
495  {
496  /* So it's a nop. */
497  *OldAccessToken = OldToken;
498  return STATUS_SUCCESS;
499  }
500 
501  Status = SepCompareTokens(OldToken, NewToken, &IsEqual);
502  if (!NT_SUCCESS(Status))
503  {
504  PsDereferencePrimaryToken(OldToken);
505  *OldAccessToken = NULL;
506  return Status;
507  }
508 
509  if (!IsEqual)
510  {
511  PsDereferencePrimaryToken(OldToken);
512  *OldAccessToken = NULL;
514  }
515  /* Silently return STATUS_SUCCESS but do not set the new token,
516  * as it's already in use elsewhere. */
517  *OldAccessToken = OldToken;
518  return STATUS_SUCCESS;
519  }
520 
521  /* Lock the new token */
523 
524  /* Mark new token in use */
525  NewToken->TokenInUse = TRUE;
526 
527  // TODO: Set a correct SessionId for NewToken
528 
529  /* Unlock the new token */
530  SepReleaseTokenLock(NewToken);
531 
532  /* Reference the new token */
533  ObReferenceObject(NewToken);
534 
535  /* Replace the old with the new */
536  OldToken = ObFastReplaceObject(&Process->Token, NewToken);
537 
538  /* Lock the old token */
540 
541  /* Mark the old token as free */
542  OldToken->TokenInUse = FALSE;
543 
544  /* Unlock the old token */
545  SepReleaseTokenLock(OldToken);
546 
547  *OldAccessToken = (PACCESS_TOKEN)OldToken;
548  return STATUS_SUCCESS;
549 }
TOKEN_TYPE TokenType
Definition: setypes.h:208
#define SepAcquireTokenLockExclusive(Token)
Definition: se.h:200
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
PVOID PACCESS_TOKEN
Definition: setypes.h:11
#define FALSE
Definition: types.h:117
unsigned char BOOLEAN
#define STATUS_BAD_TOKEN_TYPE
Definition: ntstatus.h:404
Status
Definition: gdiplustypes.h:24
PVOID FASTCALL ObFastReplaceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
BOOLEAN TokenInUse
Definition: setypes.h:211
static NTSTATUS SepCompareTokens(_In_ PTOKEN FirstToken, _In_ PTOKEN SecondToken, _Out_ PBOOLEAN Equal)
Compares tokens if they're equal based on all the following properties. If all of the said conditions...
Definition: token.c:298
#define STATUS_TOKEN_ALREADY_IN_USE
Definition: ntstatus.h:535
#define SepReleaseTokenLock(Token)
Definition: se.h:211
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
struct _TOKEN * PTOKEN
#define NULL
Definition: types.h:112
VOID NTAPI PsDereferencePrimaryToken(IN PACCESS_TOKEN PrimaryToken)
Definition: security.c:861
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
#define ObReferenceObject
Definition: obfuncs.h:204
#define STATUS_SUCCESS
Definition: shellext.h:65
#define PAGED_CODE()

Referenced by PspAssignPrimaryToken().

◆ SeFastTraverseCheck()

BOOLEAN NTAPI SeFastTraverseCheck ( IN PSECURITY_DESCRIPTOR  SecurityDescriptor,
IN PACCESS_STATE  AccessState,
IN ACCESS_MASK  DesiredAccess,
IN KPROCESSOR_MODE  AccessMode 
)

Definition at line 460 of file accesschk.c.

464 {
465  PACL Dacl;
466  ULONG AceIndex;
467  PKNOWN_ACE Ace;
468 
469  PAGED_CODE();
470 
472 
473  if (SecurityDescriptor == NULL)
474  return FALSE;
475 
476  /* Get DACL */
478  /* If no DACL, grant access */
479  if (Dacl == NULL)
480  return TRUE;
481 
482  /* No ACE -> Deny */
483  if (!Dacl->AceCount)
484  return FALSE;
485 
486  /* Can't perform the check on restricted token */
487  if (AccessState->Flags & TOKEN_IS_RESTRICTED)
488  return FALSE;
489 
490  /* Browse the ACEs */
491  for (AceIndex = 0, Ace = (PKNOWN_ACE)((ULONG_PTR)Dacl + sizeof(ACL));
492  AceIndex < Dacl->AceCount;
493  AceIndex++, Ace = (PKNOWN_ACE)((ULONG_PTR)Ace + Ace->Header.AceSize))
494  {
495  if (Ace->Header.AceFlags & INHERIT_ONLY_ACE)
496  continue;
497 
498  /* If access-allowed ACE */
499  if (Ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE)
500  {
501  /* Check if all accesses are granted */
502  if (!(Ace->Mask & DesiredAccess))
503  continue;
504 
505  /* Check SID and grant access if matching */
506  if (RtlEqualSid(SeWorldSid, &(Ace->SidStart)))
507  return TRUE;
508  }
509  /* If access-denied ACE */
510  else if (Ace->Header.AceType == ACCESS_DENIED_ACE_TYPE)
511  {
512  /* Here, only check if it denies any access wanted and deny if so */
513  if (Ace->Mask & DesiredAccess)
514  return FALSE;
515  }
516  }
517 
518  /* Faulty, deny */
519  return FALSE;
520 }
struct _KNOWN_ACE * PKNOWN_ACE
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
Definition: se.h:3
#define TRUE
Definition: types.h:120
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
uint32_t ULONG_PTR
Definition: typedefs.h:65
#define FALSE
Definition: types.h:117
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
Definition: card.h:12
#define ASSERT(a)
Definition: mode.c:45
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:685
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:686
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1552
_In_ ULONG AceIndex
Definition: rtlfuncs.h:1864
PSID SeWorldSid
Definition: sid.c:27
FORCEINLINE PACL SepGetDaclFromDescriptor(PVOID _Descriptor)
Definition: se.h:67
#define NULL
Definition: types.h:112
unsigned int ULONG
Definition: retypes.h:1
#define INHERIT_ONLY_ACE
Definition: setypes.h:717
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
#define TOKEN_IS_RESTRICTED
Definition: setypes.h:1129
#define PAGED_CODE()

Referenced by IopParseDevice(), and ObpCheckTraverseAccess().

◆ SeGetLogonIdDeviceMap()

NTSTATUS NTAPI SeGetLogonIdDeviceMap ( IN PLUID  LogonId,
OUT PDEVICE_MAP DeviceMap 
)

Definition at line 966 of file srm.c.

970 {
972  WCHAR Buffer[63];
973  PDEVICE_MAP LocalMap;
974  HANDLE DirectoryHandle, LinkHandle;
976  PSEP_LOGON_SESSION_REFERENCES CurrentSession;
977  UNICODE_STRING DirectoryName, LinkName, TargetName;
978 
979  PAGED_CODE();
980 
981  if (LogonId == NULL ||
982  DeviceMap == NULL)
983  {
985  }
986 
987  /* Acquire the database lock */
989 
990  /* Loop all existing sessions */
991  for (CurrentSession = SepLogonSessions;
992  CurrentSession != NULL;
993  CurrentSession = CurrentSession->Next)
994  {
995  /* Check if the LUID matches the provided one */
996  if (RtlEqualLuid(&CurrentSession->LogonId, LogonId))
997  {
998  break;
999  }
1000  }
1001 
1002  /* No session found, fail */
1003  if (CurrentSession == NULL)
1004  {
1005  /* Release the database lock */
1007 
1009  }
1010 
1011  /* The found session has a device map, return it! */
1012  if (CurrentSession->pDeviceMap != NULL)
1013  {
1014  *DeviceMap = CurrentSession->pDeviceMap;
1015 
1016  /* Release the database lock */
1018 
1019  return STATUS_SUCCESS;
1020  }
1021 
1022  /* At that point, we'll setup a new device map for the session */
1023  LocalMap = NULL;
1024 
1025  /* Reference the session so that it doesn't go away */
1026  CurrentSession->ReferenceCount += 1;
1027 
1028  /* Release the database lock */
1030 
1031  /* Create our object directory given the LUID */
1033  sizeof(Buffer) / sizeof(WCHAR),
1034  L"\\Sessions\\0\\DosDevices\\%08x-%08x",
1035  LogonId->HighPart,
1036  LogonId->LowPart);
1037  RtlInitUnicodeString(&DirectoryName, Buffer);
1038 
1040  &DirectoryName,
1042  NULL,
1043  NULL);
1046  &ObjectAttributes);
1047  if (NT_SUCCESS(Status))
1048  {
1049  /* Create the associated device map */
1051  if (NT_SUCCESS(Status))
1052  {
1053  /* Make Global point to \Global?? in the directory */
1054  RtlInitUnicodeString(&LinkName, L"Global");
1055  RtlInitUnicodeString(&TargetName, L"\\Global??");
1056 
1058  &LinkName,
1061  NULL);
1062  Status = ZwCreateSymbolicLinkObject(&LinkHandle,
1065  &TargetName);
1066  if (!NT_SUCCESS(Status))
1067  {
1068  ObfDereferenceDeviceMap(LocalMap);
1069  }
1070  else
1071  {
1072  ZwClose(LinkHandle);
1073  }
1074  }
1075 
1077  }
1078 
1079  /* Acquire the database lock */
1081 
1082  /* If we succeed... */
1083  if (NT_SUCCESS(Status))
1084  {
1085  /* The session now has a device map? We raced with someone else */
1086  if (CurrentSession->pDeviceMap != NULL)
1087  {
1088  /* Give up on our new device map */
1089  ObfDereferenceDeviceMap(LocalMap);
1090  }
1091  /* Otherwise use our newly allocated device map */
1092  else
1093  {
1094  CurrentSession->pDeviceMap = LocalMap;
1095  }
1096 
1097  /* Return the device map */
1098  *DeviceMap = CurrentSession->pDeviceMap;
1099  }
1100  /* Zero output */
1101  else
1102  {
1103  *DeviceMap = NULL;
1104  }
1105 
1106  /* Release the database lock */
1108 
1109  /* We're done with the session */
1110  SepRmDereferenceLogonSession(&CurrentSession->LogonId);
1111 
1112  return Status;
1113 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
#define STATUS_NO_SUCH_LOGON_SESSION
Definition: ntstatus.h:331
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
NTSYSAPI NTSTATUS NTAPI ZwClose(_In_ HANDLE Handle)
VOID FASTCALL ObfDereferenceDeviceMap(IN PDEVICE_MAP DeviceMap)
Definition: devicemap.c:477
LONG NTSTATUS
Definition: precomp.h:26
static HANDLE DirectoryHandle
Definition: ObType.c:48
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
#define SYMBOLIC_LINK_ALL_ACCESS
Definition: nt_native.h:1267
#define OBJ_OPENIF
Definition: winternl.h:229
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
NTSTATUS NTAPI ObSetDirectoryDeviceMap(OUT PDEVICE_MAP *DeviceMap, IN HANDLE DirectoryHandle)
Definition: devicemap.c:149
NTSYSAPI NTSTATUS NTAPI ZwCreateDirectoryObject(_Out_ PHANDLE DirectoryHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
int _snwprintf(wchar_t *buffer, size_t count, const wchar_t *format,...)
Definition: bufpool.h:45
Status
Definition: gdiplustypes.h:24
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSYSAPI NTSTATUS NTAPI ZwCreateSymbolicLinkObject(_Out_ PHANDLE SymbolicLinkHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PUNICODE_STRING Name)
struct _SEP_LOGON_SESSION_REFERENCES * Next
Definition: srm.c:27
static const WCHAR L[]
Definition: oid.c:1250
#define OBJ_PERMANENT
Definition: winternl.h:226
WCHAR TargetName[256]
Definition: arping.c:27
PDEVICE_MAP pDeviceMap
Definition: srm.c:31
#define DIRECTORY_ALL_ACCESS
Definition: nt_native.h:1259
PSEP_LOGON_SESSION_REFERENCES SepLogonSessions
Definition: srm.c:71
#define NULL
Definition: types.h:112
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
#define STATUS_SUCCESS
Definition: shellext.h:65
NTSTATUS SepRmDereferenceLogonSession(PLUID LogonLuid)
Definition: srm.c:664
#define PAGED_CODE()
KGUARDED_MUTEX SepRmDbLock
Definition: srm.c:70

Referenced by ObpReferenceDeviceMap(), and ObpSetCurrentProcessDeviceMap().

◆ SeInitializeProcessAuditName()

NTSTATUS NTAPI SeInitializeProcessAuditName ( IN PFILE_OBJECT  FileObject,
IN BOOLEAN  DoAudit,
OUT POBJECT_NAME_INFORMATION AuditInfo 
)

Definition at line 47 of file audit.c.

50 {
51  OBJECT_NAME_INFORMATION LocalNameInfo;
52  POBJECT_NAME_INFORMATION ObjectNameInfo = NULL;
53  ULONG ReturnLength = 8;
55 
56  PAGED_CODE();
57  ASSERT(AuditInfo);
58 
59  /* Check if we should do auditing */
60  if (DoAudit)
61  {
62  /* FIXME: TODO */
63  }
64 
65  /* Now query the name */
67  &LocalNameInfo,
68  sizeof(LocalNameInfo),
69  &ReturnLength);
70  if (((Status == STATUS_BUFFER_OVERFLOW) ||
73  (ReturnLength != sizeof(LocalNameInfo)))
74  {
75  /* Allocate required size */
76  ObjectNameInfo = ExAllocatePoolWithTag(NonPagedPool,
78  TAG_SEPA);
79  if (ObjectNameInfo)
80  {
81  /* Query the name again */
83  ObjectNameInfo,
85  &ReturnLength);
86  }
87  }
88 
89  /* Check if we got here due to failure */
90  if ((ObjectNameInfo) &&
91  (!(NT_SUCCESS(Status)) || (ReturnLength == sizeof(LocalNameInfo))))
92  {
93  /* First, free any buffer we might've allocated */
94  ASSERT(FALSE);
95  if (ObjectNameInfo) ExFreePool(ObjectNameInfo);
96 
97  /* Now allocate a temporary one */
99  ObjectNameInfo = ExAllocatePoolWithTag(NonPagedPool,
100  sizeof(OBJECT_NAME_INFORMATION),
101  TAG_SEPA);
102  if (ObjectNameInfo)
103  {
104  /* Clear it */
105  RtlZeroMemory(ObjectNameInfo, ReturnLength);
107  }
108  }
109 
110  /* Check if memory allocation failed */
111  if (!ObjectNameInfo) Status = STATUS_NO_MEMORY;
112 
113  /* Return the audit name */
114  *AuditInfo = ObjectNameInfo;
115 
116  /* Return status */
117  return Status;
118 }
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:39
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133
LONG NTSTATUS
Definition: precomp.h:26
NTSTATUS NTAPI ObQueryNameString(IN PVOID Object, OUT POBJECT_NAME_INFORMATION ObjectNameInfo, IN ULONG Length, OUT PULONG ReturnLength)
Definition: obname.c:1209
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
#define FALSE
Definition: types.h:117
struct _OBJECT_NAME_INFORMATION OBJECT_NAME_INFORMATION
_In_ WDFREQUEST _In_ WDFFILEOBJECT FileObject
Definition: wdfdevice.h:547
Status
Definition: gdiplustypes.h:24
#define ASSERT(a)
Definition: mode.c:45
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
#define STATUS_BUFFER_OVERFLOW
Definition: shellext.h:66
#define STATUS_NO_MEMORY
Definition: ntstatus.h:260
#define NULL
Definition: types.h:112
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
#define TAG_SEPA
Definition: tag.h:191
#define STATUS_SUCCESS
Definition: shellext.h:65
#define ExFreePool(addr)
Definition: env_spec_w32.h:352
#define PAGED_CODE()

Referenced by MmInitializeProcessAddressSpace(), and SeLocateProcessImageName().

◆ SeInitSystem()

BOOLEAN NTAPI SeInitSystem ( VOID  )

Definition at line 239 of file semgr.c.

240 {
241  /* Check the initialization phase */
242  switch (ExpInitializationPhase)
243  {
244  case 0:
245 
246  /* Do Phase 0 */
247  return SepInitializationPhase0();
248 
249  case 1:
250 
251  /* Do Phase 1 */
252  return SepInitializationPhase1();
253 
254  default:
255 
256  /* Don't know any other phase! Bugcheck! */
257  KeBugCheckEx(UNEXPECTED_INITIALIZATION_CALL,
258  0,
260  0,
261  0);
262  return FALSE;
263  }
264 }
BOOLEAN NTAPI SepInitializationPhase0(VOID)
Definition: semgr.c:96
#define FALSE
Definition: types.h:117
ULONG ExpInitializationPhase
Definition: init.c:66
BOOLEAN NTAPI SepInitializationPhase1(VOID)
Definition: semgr.c:131
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
Definition: rtlcompat.c:108

Referenced by ExpInitializeExecutive(), and Phase1InitializationDiscard().

◆ SeIsTokenChild()

NTSTATUS NTAPI SeIsTokenChild ( IN PTOKEN  Token,
OUT PBOOLEAN  IsChild 
)

Definition at line 961 of file token.c.

963 {
964  PTOKEN ProcessToken;
965  LUID ProcessTokenId, CallerParentId;
966 
967  /* Assume failure */
968  *IsChild = FALSE;
969 
970  /* Reference the process token */
972  if (!ProcessToken)
973  return STATUS_UNSUCCESSFUL;
974 
975  /* Get its token ID */
976  ProcessTokenId = ProcessToken->TokenId;
977 
978  /* Dereference the token */
980 
981  /* Get our parent token ID */
982  CallerParentId = Token->ParentTokenId;
983 
984  /* Compare the token IDs */
985  if (RtlEqualLuid(&CallerParentId, &ProcessTokenId))
986  *IsChild = TRUE;
987 
988  /* Return success */
989  return STATUS_SUCCESS;
990 }
#define TRUE
Definition: types.h:120
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define FALSE
Definition: types.h:117
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
#define PsGetCurrentProcess
Definition: psfuncs.h:17
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
LUID TokenId
Definition: setypes.h:187
BOOL WINAPI IsChild(_In_ HWND, _In_ HWND)
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:169
#define STATUS_SUCCESS
Definition: shellext.h:65

Referenced by PspSetPrimaryToken().

◆ SeIsTokenSibling()

NTSTATUS NTAPI SeIsTokenSibling ( IN PTOKEN  Token,
OUT PBOOLEAN  IsSibling 
)

Definition at line 994 of file token.c.

996 {
997  PTOKEN ProcessToken;
998  LUID ProcessParentId, ProcessAuthId;
999  LUID CallerParentId, CallerAuthId;
1000 
1001  /* Assume failure */
1002  *IsSibling = FALSE;
1003 
1004  /* Reference the process token */
1005  ProcessToken = PsReferencePrimaryToken(PsGetCurrentProcess());
1006  if (!ProcessToken)
1007  return STATUS_UNSUCCESSFUL;
1008 
1009  /* Get its parent and authentication IDs */
1010  ProcessParentId = ProcessToken->ParentTokenId;
1011  ProcessAuthId = ProcessToken->AuthenticationId;
1012 
1013  /* Dereference the token */
1015 
1016  /* Get our parent and authentication IDs */
1017  CallerParentId = Token->ParentTokenId;
1018  CallerAuthId = Token->AuthenticationId;
1019 
1020  /* Compare the token IDs */
1021  if (RtlEqualLuid(&CallerParentId, &ProcessParentId) &&
1022  RtlEqualLuid(&CallerAuthId, &ProcessAuthId))
1023  {
1024  *IsSibling = TRUE;
1025  }
1026 
1027  /* Return success */
1028  return STATUS_SUCCESS;
1029 }
#define TRUE
Definition: types.h:120
LUID AuthenticationId
Definition: setypes.h:188
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define FALSE
Definition: types.h:117
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
#define PsGetCurrentProcess
Definition: psfuncs.h:17
LUID ParentTokenId
Definition: setypes.h:189
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:169
#define STATUS_SUCCESS
Definition: shellext.h:65

Referenced by PspSetPrimaryToken().

◆ SepCaptureAcl()

NTSTATUS NTAPI SepCaptureAcl ( IN PACL  InputAcl,
IN KPROCESSOR_MODE  AccessMode,
IN POOL_TYPE  PoolType,
IN BOOLEAN  CaptureIfKernel,
OUT PACL CapturedAcl 
)

Definition at line 273 of file acl.c.

278 {
279  PACL NewAcl;
280  ULONG AclSize = 0;
282 
283  PAGED_CODE();
284 
285  if (AccessMode != KernelMode)
286  {
287  _SEH2_TRY
288  {
289  ProbeForRead(InputAcl,
290  sizeof(ACL),
291  sizeof(ULONG));
292  AclSize = InputAcl->AclSize;
293  ProbeForRead(InputAcl,
294  AclSize,
295  sizeof(ULONG));
296  }
298  {
299  /* Return the exception code */
301  }
302  _SEH2_END;
303 
305  AclSize,
306  TAG_ACL);
307  if (NewAcl != NULL)
308  {
309  _SEH2_TRY
310  {
311  RtlCopyMemory(NewAcl,
312  InputAcl,
313  AclSize);
314 
315  *CapturedAcl = NewAcl;
316  }
318  {
319  /* Free the ACL and return the exception code */
320  ExFreePoolWithTag(NewAcl, TAG_ACL);
322  }
323  _SEH2_END;
324  }
325  else
326  {
328  }
329  }
330  else if (!CaptureIfKernel)
331  {
332  *CapturedAcl = InputAcl;
333  }
334  else
335  {
336  AclSize = InputAcl->AclSize;
337 
339  AclSize,
340  TAG_ACL);
341 
342  if (NewAcl != NULL)
343  {
344  RtlCopyMemory(NewAcl,
345  InputAcl,
346  AclSize);
347 
348  *CapturedAcl = NewAcl;
349  }
350  else
351  {
353  }
354  }
355 
356  return Status;
357 }
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
LONG NTSTATUS
Definition: precomp.h:26
_SEH2_TRY
Definition: create.c:4226
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
Status
Definition: gdiplustypes.h:24
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
#define TAG_ACL
Definition: tag.h:174
_SEH2_END
Definition: create.c:4400
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
unsigned int ULONG
Definition: retypes.h:1
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
#define STATUS_SUCCESS
Definition: shellext.h:65
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
#define PAGED_CODE()

Referenced by NtCreateToken(), and NtSetInformationToken().

◆ SepCaptureSecurityQualityOfService()

NTSTATUS NTAPI SepCaptureSecurityQualityOfService ( IN POBJECT_ATTRIBUTES ObjectAttributes  OPTIONAL,
IN KPROCESSOR_MODE  AccessMode,
IN POOL_TYPE  PoolType,
IN BOOLEAN  CaptureIfKernel,
OUT PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService,
OUT PBOOLEAN  Present 
)

Definition at line 207 of file sd.c.

213 {
214  PSECURITY_QUALITY_OF_SERVICE CapturedQos;
216 
217  PAGED_CODE();
218 
219  ASSERT(CapturedSecurityQualityOfService);
220  ASSERT(Present);
221 
222  if (ObjectAttributes != NULL)
223  {
224  if (AccessMode != KernelMode)
225  {
227 
228  _SEH2_TRY
229  {
231  sizeof(OBJECT_ATTRIBUTES),
232  sizeof(ULONG));
233  if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
234  {
235  if (ObjectAttributes->SecurityQualityOfService != NULL)
236  {
237  ProbeForRead(ObjectAttributes->SecurityQualityOfService,
239  sizeof(ULONG));
240 
241  if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
243  {
244  /*
245  * Don't allocate memory here because ExAllocate should bugcheck
246  * the system if it's buggy, SEH would catch that! So make a local
247  * copy of the qos structure.
248  */
249  RtlCopyMemory(&SafeQos,
250  ObjectAttributes->SecurityQualityOfService,
252  *Present = TRUE;
253  }
254  else
255  {
257  }
258  }
259  else
260  {
261  *CapturedSecurityQualityOfService = NULL;
262  *Present = FALSE;
263  }
264  }
265  else
266  {
268  }
269  }
271  {
273  }
274  _SEH2_END;
275 
276  if (NT_SUCCESS(Status))
277  {
278  if (*Present)
279  {
280  CapturedQos = ExAllocatePoolWithTag(PoolType,
282  TAG_QOS);
283  if (CapturedQos != NULL)
284  {
285  RtlCopyMemory(CapturedQos,
286  &SafeQos,
288  *CapturedSecurityQualityOfService = CapturedQos;
289  }
290  else
291  {
293  }
294  }
295  else
296  {
297  *CapturedSecurityQualityOfService = NULL;
298  }
299  }
300  }
301  else
302  {
303  if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
304  {
305  if (CaptureIfKernel)
306  {
307  if (ObjectAttributes->SecurityQualityOfService != NULL)
308  {
309  if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
311  {
312  CapturedQos = ExAllocatePoolWithTag(PoolType,
314  TAG_QOS);
315  if (CapturedQos != NULL)
316  {
317  RtlCopyMemory(CapturedQos,
318  ObjectAttributes->SecurityQualityOfService,
320  *CapturedSecurityQualityOfService = CapturedQos;
321  *Present = TRUE;
322  }
323  else
324  {
326  }
327  }
328  else
329  {
331  }
332  }
333  else
334  {
335  *CapturedSecurityQualityOfService = NULL;
336  *Present = FALSE;
337  }
338  }
339  else
340  {
341  *CapturedSecurityQualityOfService = (PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService;
342  *Present = (ObjectAttributes->SecurityQualityOfService != NULL);
343  }
344  }
345  else
346  {
348  }
349  }
350  }
351  else
352  {
353  *CapturedSecurityQualityOfService = NULL;
354  *Present = FALSE;
355  }
356 
357  return Status;
358 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define TRUE
Definition: types.h:120
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
struct _SECURITY_QUALITY_OF_SERVICE * PSECURITY_QUALITY_OF_SERVICE
_SEH2_TRY
Definition: create.c:4226
#define FALSE
Definition: types.h:117
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
Status
Definition: gdiplustypes.h:24
#define ASSERT(a)
Definition: mode.c:45
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
_SEH2_END
Definition: create.c:4400
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
unsigned int ULONG
Definition: retypes.h:1
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define TAG_QOS
Definition: tag.h:177
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
#define PAGED_CODE()

Referenced by NtDuplicateToken().

◆ SepCaptureSid()

NTSTATUS NTAPI SepCaptureSid ( IN PSID  InputSid,
IN KPROCESSOR_MODE  AccessMode,
IN POOL_TYPE  PoolType,
IN BOOLEAN  CaptureIfKernel,
OUT PSID CapturedSid 
)

Definition at line 270 of file sid.c.

275 {
276  ULONG SidSize = 0;
277  PISID NewSid, Sid = (PISID)InputSid;
278 
279  PAGED_CODE();
280 
281  if (AccessMode != KernelMode)
282  {
283  _SEH2_TRY
284  {
285  ProbeForRead(Sid, FIELD_OFFSET(SID, SubAuthority), sizeof(UCHAR));
287  ProbeForRead(Sid, SidSize, sizeof(UCHAR));
288  }
290  {
291  /* Return the exception code */
293  }
294  _SEH2_END;
295 
296  /* Allocate a SID and copy it */
298  if (!NewSid)
300 
301  _SEH2_TRY
302  {
303  RtlCopyMemory(NewSid, Sid, SidSize);
304 
305  *CapturedSid = NewSid;
306  }
308  {
309  /* Free the SID and return the exception code */
312  }
313  _SEH2_END;
314  }
315  else if (!CaptureIfKernel)
316  {
317  *CapturedSid = InputSid;
318  }
319  else
320  {
322 
323  /* Allocate a SID and copy it */
325  if (NewSid == NULL)
327 
328  RtlCopyMemory(NewSid, Sid, SidSize);
329 
330  *CapturedSid = NewSid;
331  }
332 
333  return STATUS_SUCCESS;
334 }
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define TAG_SID
Definition: sid.c:15
_SEH2_TRY
Definition: create.c:4226
struct _SID * PISID
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
unsigned char UCHAR
Definition: xmlstorage.h:181
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
_SEH2_END
Definition: create.c:4400
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
unsigned int ULONG
Definition: retypes.h:1
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
#define STATUS_SUCCESS
Definition: shellext.h:65
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
_In_ PSID _In_ PSID NewSid
Definition: rtlfuncs.h:2815
#define PAGED_CODE()

Referenced by NtCreateToken(), NtSecureConnectPort(), NtSetInformationToken(), and SepAccessCheckAndAuditAlarm().

◆ SepCreateImpersonationTokenDacl()

NTSTATUS NTAPI SepCreateImpersonationTokenDacl ( _In_ PTOKEN  Token,
_In_ PTOKEN  PrimaryToken,
_Out_ PACL Dacl 
)

Definition at line 225 of file acl.c.

229 {
231  PACL TokenDacl;
232 
233  PAGED_CODE();
234 
235  *Dacl = NULL;
236 
237  AclLength = sizeof(ACL) +
238  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
239  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
240  (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid)) +
241  (sizeof(ACE) + RtlLengthSid(Token->UserAndGroups->Sid)) +
242  (sizeof(ACE) + RtlLengthSid(PrimaryToken->UserAndGroups->Sid));
243 
245  if (TokenDacl == NULL)
246  {
248  }
249 
250  RtlCreateAcl(TokenDacl, AclLength, ACL_REVISION);
252  Token->UserAndGroups->Sid);
254  PrimaryToken->UserAndGroups->Sid);
259 
260  if (Token->RestrictedSids != NULL || PrimaryToken->RestrictedSids != NULL)
261  {
264  }
265 
266  *Dacl = TokenDacl;
267 
268  return STATUS_SUCCESS;
269 }
#define GENERIC_ALL
Definition: nt_native.h:92
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
PSID SeRestrictedCodeSid
Definition: sid.c:42
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
struct _ACL ACL
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1552
PSID SeAliasAdminsSid
Definition: sid.c:43
#define TAG_ACL
Definition: tag.h:174
NTSTATUS NTAPI RtlAddAccessAllowedAce(IN OUT PACL Acl, IN ULONG Revision, IN ACCESS_MASK AccessMask, IN PSID Sid)
Definition: acl.c:262
NTSTATUS NTAPI RtlCreateAcl(IN PACL Acl, IN ULONG AclSize, IN ULONG AclRevision)
Definition: acl.c:677
#define NULL
Definition: types.h:112
#define ACL_REVISION
Definition: setypes.h:39
PSID SeLocalSystemSid
Definition: sid.c:40
unsigned int ULONG
Definition: retypes.h:1
#define STATUS_SUCCESS
Definition: shellext.h:65
Definition: rtltypes.h:990
_In_ ULONG AclLength
Definition: rtlfuncs.h:1844
#define PAGED_CODE()

Referenced by NtOpenThreadTokenEx().

◆ SepCreateSystemProcessToken()

PTOKEN NTAPI SepCreateSystemProcessToken ( VOID  )

Definition at line 1395 of file token.c.

1396 {
1398  ULONG GroupAttributes, OwnerAttributes;
1400  LARGE_INTEGER Expiration;
1401  SID_AND_ATTRIBUTES UserSid;
1402  ULONG GroupsLength;
1405  PSID Owner;
1406  ULONG i;
1407  PTOKEN Token;
1408  NTSTATUS Status;
1409 
1410  /* Don't ever expire */
1411  Expiration.QuadPart = -1;
1412 
1413  /* All groups mandatory and enabled */
1416 
1417  /* User is Local System */
1418  UserSid.Sid = SeLocalSystemSid;
1419  UserSid.Attributes = 0;
1420 
1421  /* Primary group is Local System */
1423 
1424  /* Owner is Administrators */
1426 
1427  /* Groups are Administrators, World, and Authenticated Users */
1428  Groups[0].Sid = SeAliasAdminsSid;
1429  Groups[0].Attributes = OwnerAttributes;
1430  Groups[1].Sid = SeWorldSid;
1431  Groups[1].Attributes = GroupAttributes;
1433  Groups[2].Attributes = GroupAttributes;
1434  GroupsLength = sizeof(SID_AND_ATTRIBUTES) +
1435  SeLengthSid(Groups[0].Sid) +
1436  SeLengthSid(Groups[1].Sid) +
1437  SeLengthSid(Groups[2].Sid);
1438  ASSERT(GroupsLength <= sizeof(Groups));
1439 
1440  /* Setup the privileges */
1441  i = 0;
1443  Privileges[i++].Luid = SeTcbPrivilege;
1444 
1445  Privileges[i].Attributes = 0;
1447 
1448  Privileges[i].Attributes = 0;
1450 
1453 
1456 
1457  Privileges[i].Attributes = 0;
1459 
1460  Privileges[i].Attributes = 0;
1462 
1465 
1468 
1470  Privileges[i++].Luid = SeDebugPrivilege;
1471 
1473  Privileges[i++].Luid = SeAuditPrivilege;
1474 
1475  Privileges[i].Attributes = 0;
1476  Privileges[i++].Luid = SeSecurityPrivilege;
1477 
1478  Privileges[i].Attributes = 0;
1480 
1483 
1484  Privileges[i].Attributes = 0;
1485  Privileges[i++].Luid = SeBackupPrivilege;
1486 
1487  Privileges[i].Attributes = 0;
1488  Privileges[i++].Luid = SeRestorePrivilege;
1489 
1490  Privileges[i].Attributes = 0;
1491  Privileges[i++].Luid = SeShutdownPrivilege;
1492 
1493  Privileges[i].Attributes = 0;
1495 
1498 
1499  Privileges[i].Attributes = 0;
1501  ASSERT(i == 20);
1502 
1503  /* Setup the object attributes */
1506 
1507  /* Create the token */
1509  KernelMode,
1510  0,
1512  TokenPrimary,
1515  &Expiration,
1516  &UserSid,
1517  3,
1518  Groups,
1519  GroupsLength,
1520  20,
1521  Privileges,
1522  Owner,
1523  PrimaryGroup,
1526  TRUE);
1528 
1529  /* Return the token */
1530  return Token;
1531 }
const LUID SeSystemEnvironmentPrivilege
Definition: priv.c:39
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
const LUID SeSystemtimePrivilege
Definition: priv.c:29
const LUID SeIncreaseQuotaPrivilege
Definition: priv.c:22
const LUID SeCreateTokenPrivilege
Definition: priv.c:19
const LUID SeCreatePermanentPrivilege
Definition: priv.c:33
const LUID SeDebugPrivilege
Definition: priv.c:37
const LUID SeBackupPrivilege
Definition: priv.c:34
#define TRUE
Definition: types.h:120
PACL SeSystemDefaultDacl
Definition: acl.c:19
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
LUID SeSystemAuthenticationId
Definition: token.c:32
const LUID SeAssignPrimaryTokenPrivilege
Definition: priv.c:20
PSID SeAuthenticatedUsersSid
Definition: sid.c:51
TOpcodeData Groups[17][8]
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
#define SE_GROUP_OWNER
Definition: setypes.h:93
const LUID SeLoadDriverPrivilege
Definition: priv.c:27
#define SE_GROUP_ENABLED_BY_DEFAULT
Definition: setypes.h:91
const LUID SeTakeOwnershipPrivilege
Definition: priv.c:26
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Definition: token.c:1129
Status
Definition: gdiplustypes.h:24
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1558
#define SE_PRIVILEGE_ENABLED_BY_DEFAULT
Definition: setypes.h:62
const LUID SeCreatePagefilePrivilege
Definition: priv.c:32
#define ASSERT(a)
Definition: mode.c:45
const LUID SeRestorePrivilege
Definition: priv.c:35
#define SE_GROUP_ENABLED
Definition: setypes.h:92
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
static const LUID SeChangeNotifyPrivilege
Definition: authpackage.c:167
#define SE_GROUP_MANDATORY
Definition: setypes.h:90
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
PSID SeAliasAdminsSid
Definition: sid.c:43
TOKEN_SOURCE SeSystemTokenSource
Definition: token.c:31
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
const LUID SeLockMemoryPrivilege
Definition: priv.c:21
const LUID SeProfileSingleProcessPrivilege
Definition: priv.c:30
PSID SeWorldSid
Definition: sid.c:27
const LUID SeIncreaseBasePriorityPrivilege
Definition: priv.c:31
const LUID SeTcbPrivilege
Definition: priv.c:24
const LUID SeShutdownPrivilege
Definition: priv.c:36
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1556
#define NULL
Definition: types.h:112
const LUID SeSecurityPrivilege
Definition: priv.c:25
PSID SeLocalSystemSid
Definition: sid.c:40
unsigned int ULONG
Definition: retypes.h:1
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
#define STATUS_SUCCESS
Definition: shellext.h:65
#define SeLengthSid(Sid)
Definition: sefuncs.h:570
const LUID SeAuditPrivilege
Definition: priv.c:38
LONGLONG QuadPart
Definition: typedefs.h:114

Referenced by SepInitializationPhase0().

◆ SepDuplicateToken()

NTSTATUS NTAPI SepDuplicateToken ( _In_ PTOKEN  Token,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ BOOLEAN  EffectiveOnly,
_In_ TOKEN_TYPE  TokenType,
_In_ SECURITY_IMPERSONATION_LEVEL  Level,
_In_ KPROCESSOR_MODE  PreviousMode,
_Out_ PTOKEN NewAccessToken 
)

Definition at line 681 of file token.c.

689 {
691  PTOKEN AccessToken;
692  PVOID EndMem;
693  ULONG VariableLength;
694  ULONG TotalSize;
695 
696  PAGED_CODE();
697 
698  /* Compute how much size we need to allocate for the token */
699  VariableLength = Token->VariableLength;
700  TotalSize = FIELD_OFFSET(TOKEN, VariablePart) + VariableLength;
701 
705  PreviousMode,
706  NULL,
707  TotalSize,
708  0,
709  0,
710  (PVOID*)&AccessToken);
711  if (!NT_SUCCESS(Status))
712  {
713  DPRINT1("ObCreateObject() failed (Status 0x%lx)\n", Status);
714  return Status;
715  }
716 
717  /* Zero out the buffer and initialize the token */
718  RtlZeroMemory(AccessToken, TotalSize);
719 
720  ExAllocateLocallyUniqueId(&AccessToken->TokenId);
721 
722  AccessToken->TokenType = TokenType;
723  AccessToken->ImpersonationLevel = Level;
724 
725  /* Initialise the lock for the access token */
726  Status = SepCreateTokenLock(AccessToken);
727  if (!NT_SUCCESS(Status))
728  {
729  ObDereferenceObject(AccessToken);
730  return Status;
731  }
732 
733  /* Copy the immutable fields */
735  &Token->TokenSource.SourceIdentifier);
736  RtlCopyMemory(AccessToken->TokenSource.SourceName,
737  Token->TokenSource.SourceName,
738  sizeof(Token->TokenSource.SourceName));
739 
740  AccessToken->AuthenticationId = Token->AuthenticationId;
741  AccessToken->ParentTokenId = Token->ParentTokenId;
742  AccessToken->ExpirationTime = Token->ExpirationTime;
743  AccessToken->OriginatingLogonSession = Token->OriginatingLogonSession;
744 
745  /* Lock the source token and copy the mutable fields */
747 
748  AccessToken->SessionId = Token->SessionId;
749  RtlCopyLuid(&AccessToken->ModifiedId, &Token->ModifiedId);
750 
751  AccessToken->TokenFlags = Token->TokenFlags & ~TOKEN_SESSION_NOT_REFERENCED;
752 
753  /* Copy and reference the logon session */
754  // RtlCopyLuid(&AccessToken->AuthenticationId, &Token->AuthenticationId);
756  if (!NT_SUCCESS(Status))
757  {
758  /* No logon session could be found, bail out */
759  DPRINT1("SepRmReferenceLogonSession() failed (Status 0x%lx)\n", Status);
760  /* Set the flag for proper cleanup by the delete procedure */
762  goto Quit;
763  }
764 
765  /* Assign the data that reside in the TOKEN's variable information area */
766  AccessToken->VariableLength = VariableLength;
767  EndMem = (PVOID)&AccessToken->VariablePart;
768 
769  /* Copy the privileges */
770  AccessToken->PrivilegeCount = 0;
771  AccessToken->Privileges = NULL;
772  if (Token->Privileges && (Token->PrivilegeCount > 0))
773  {
774  ULONG PrivilegesLength = Token->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
775  PrivilegesLength = ALIGN_UP_BY(PrivilegesLength, sizeof(PVOID));
776 
777  ASSERT(VariableLength >= PrivilegesLength);
778 
779  AccessToken->PrivilegeCount = Token->PrivilegeCount;
780  AccessToken->Privileges = EndMem;
781  EndMem = (PVOID)((ULONG_PTR)EndMem + PrivilegesLength);
782  VariableLength -= PrivilegesLength;
783 
784  RtlCopyMemory(AccessToken->Privileges,
785  Token->Privileges,
786  AccessToken->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
787  }
788 
789  /* Copy the user and groups */
790  AccessToken->UserAndGroupCount = 0;
791  AccessToken->UserAndGroups = NULL;
792  if (Token->UserAndGroups && (Token->UserAndGroupCount > 0))
793  {
794  AccessToken->UserAndGroupCount = Token->UserAndGroupCount;
795  AccessToken->UserAndGroups = EndMem;
796  EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
797  VariableLength -= ((ULONG_PTR)EndMem - (ULONG_PTR)AccessToken->UserAndGroups);
798 
800  Token->UserAndGroups,
801  VariableLength,
802  AccessToken->UserAndGroups,
803  EndMem,
804  &EndMem,
805  &VariableLength);
806  if (!NT_SUCCESS(Status))
807  {
808  DPRINT1("RtlCopySidAndAttributesArray(UserAndGroups) failed (Status 0x%lx)\n", Status);
809  goto Quit;
810  }
811  }
812 
813 #if 1
814  {
815  ULONG PrimaryGroupIndex;
816 
817  /* Find the token primary group */
819  Token->PrimaryGroup,
820  NULL,
821  &PrimaryGroupIndex,
822  NULL);
823  if (!NT_SUCCESS(Status))
824  {
825  DPRINT1("SepFindPrimaryGroupAndDefaultOwner failed (Status 0x%lx)\n", Status);
826  goto Quit;
827  }
828  AccessToken->PrimaryGroup = AccessToken->UserAndGroups[PrimaryGroupIndex].Sid;
829  }
830 #else
831  AccessToken->PrimaryGroup = (PVOID)((ULONG_PTR)AccessToken + (ULONG_PTR)Token->PrimaryGroup - (ULONG_PTR)Token->UserAndGroups);
832 #endif
833  AccessToken->DefaultOwnerIndex = Token->DefaultOwnerIndex;
834 
835  /* Copy the restricted SIDs */
836  AccessToken->RestrictedSidCount = 0;
837  AccessToken->RestrictedSids = NULL;
838  if (Token->RestrictedSids && (Token->RestrictedSidCount > 0))
839  {
840  AccessToken->RestrictedSidCount = Token->RestrictedSidCount;
841  AccessToken->RestrictedSids = EndMem;
842  EndMem = &AccessToken->RestrictedSids[AccessToken->RestrictedSidCount];
843  VariableLength -= ((ULONG_PTR)EndMem - (ULONG_PTR)AccessToken->RestrictedSids);
844 
846  Token->RestrictedSids,
847  VariableLength,
848  AccessToken->RestrictedSids,
849  EndMem,
850  &EndMem,
851  &VariableLength);
852  if (!NT_SUCCESS(Status))
853  {
854  DPRINT1("RtlCopySidAndAttributesArray(RestrictedSids) failed (Status 0x%lx)\n", Status);
855  goto Quit;
856  }
857  }
858 
859 
860  //
861  // FIXME: Implement the "EffectiveOnly" option, that removes all
862  // the disabled parts (privileges and groups) of the token.
863  //
864 
865 
866  //
867  // NOTE: So far our dynamic area only contains
868  // the default dacl, so this makes the following
869  // code pretty simple. The day where it stores
870  // other data, the code will require adaptations.
871  //
872 
873  /* Now allocate the TOKEN's dynamic information area and set the data */
874  AccessToken->DynamicAvailable = 0; // Unused memory in the dynamic area.
875  AccessToken->DynamicPart = NULL;
876  if (Token->DynamicPart && Token->DefaultDacl)
877  {
879  Token->DefaultDacl->AclSize,
881  if (AccessToken->DynamicPart == NULL)
882  {
884  goto Quit;
885  }
886  EndMem = (PVOID)AccessToken->DynamicPart;
887 
888  AccessToken->DefaultDacl = EndMem;
889 
890  RtlCopyMemory(AccessToken->DefaultDacl,
891  Token->DefaultDacl,
892  Token->DefaultDacl->AclSize);
893  }
894 
895  /* Unlock the source token */
897 
898  /* Return the token */
899  *NewAccessToken = AccessToken;
901 
902 Quit:
903  if (!NT_SUCCESS(Status))
904  {
905  /* Unlock the source token */
907 
908  /* Dereference the token, the delete procedure will clean it up */
909  ObDereferenceObject(AccessToken);
910  }
911 
912  return Status;
913 }
TOKEN_TYPE TokenType
Definition: setypes.h:208
#define SepAcquireTokenLockExclusive(Token)
Definition: se.h:200
static NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Definition: token.c:585
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
LUID AuthenticationId
Definition: setypes.h:188
ULONG VariablePart
Definition: setypes.h:215
NTSYSAPI NTSTATUS NTAPI RtlCopySidAndAttributesArray(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src, _In_ ULONG SidAreaSize, _In_ PSID_AND_ATTRIBUTES Dest, _In_ PSID SidArea, _Out_ PSID *RemainingSidArea, _Out_ PULONG RemainingSidAreaSize)
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR Level
Definition: wmitypes.h:55
ULONG PrivilegeCount
Definition: setypes.h:197
PLUID_AND_ATTRIBUTES Privileges
Definition: setypes.h:205
LUID ModifiedId
Definition: setypes.h:193
uint32_t ULONG_PTR
Definition: typedefs.h:65
ULONG TokenFlags
Definition: setypes.h:210
LUID SourceIdentifier
Definition: imports.h:279
ULONG DynamicAvailable
Definition: setypes.h:200
PACL DefaultDacl
Definition: setypes.h:207
POBJECT_TYPE SeTokenObjectType
Definition: token.c:29
LUID ParentTokenId
Definition: setypes.h:189
ULONG DefaultOwnerIndex
Definition: setypes.h:201
ULONG VariableLength
Definition: setypes.h:198
void * PVOID
Definition: retypes.h:9
ULONG SessionId
Definition: setypes.h:194
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:952
NTSTATUS SepRmReferenceLogonSession(PLUID LogonLuid)
Definition: srm.c:381
ULONG RestrictedSidCount
Definition: setypes.h:196
PULONG DynamicPart
Definition: setypes.h:206
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
PSID PrimaryGroup
Definition: setypes.h:204
LARGE_INTEGER ExpirationTime
Definition: setypes.h:190
#define ASSERT(a)
Definition: mode.c:45
if(!(yy_init))
Definition: macro.lex.yy.c:714
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ObDereferenceObject
Definition: obfuncs.h:203
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PSID_AND_ATTRIBUTES RestrictedSids
Definition: setypes.h:203
#define SepReleaseTokenLock(Token)
Definition: se.h:211
#define TAG_TOKEN_DYNAMIC
Definition: tag.h:180
CCHAR SourceName[TOKEN_SOURCE_LENGTH]
Definition: imports.h:278
ULONG UserAndGroupCount
Definition: setypes.h:195
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:334
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
LUID TokenId
Definition: setypes.h:187
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
NTSYSAPI void WINAPI RtlCopyLuid(PLUID, const LUID *)
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:209
static NTSTATUS SepCreateTokenLock(_Inout_ PTOKEN Token)
Creates a lock for the token.
Definition: token.c:99
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
#define ULONG_PTR
Definition: config.h:101
#define ALIGN_UP_BY(size, align)
PSID_AND_ATTRIBUTES UserAndGroups
Definition: setypes.h:202
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define STATUS_SUCCESS
Definition: shellext.h:65
TOKEN_SOURCE TokenSource
Definition: setypes.h:186
#define TOKEN_SESSION_NOT_REFERENCED
Definition: setypes.h:1130
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:417
#define PAGED_CODE()
LUID OriginatingLogonSession
Definition: setypes.h:214

Referenced by NtDuplicateToken(), NtOpenThreadTokenEx(), SeCopyClientToken(), and SeSubProcessToken().

◆ SepGetDaclFromDescriptor()

FORCEINLINE PACL SepGetDaclFromDescriptor ( PVOID  _Descriptor)

Definition at line 67 of file se.h.

68 {
71 
72  if (!(Descriptor->Control & SE_DACL_PRESENT)) return NULL;
73 
74  if (Descriptor->Control & SE_SELF_RELATIVE)
75  {
77  if (!SdRel->Dacl) return NULL;
78  return (PACL)((ULONG_PTR)Descriptor + SdRel->Dacl);
79  }
80  else
81  {
82  return Descriptor->Dacl;
83  }
84 }
_Must_inspect_result_ _In_ WDFIORESLIST _In_ PIO_RESOURCE_DESCRIPTOR Descriptor
Definition: wdfresource.h:339
#define SE_SELF_RELATIVE
Definition: setypes.h:780
#define SE_DACL_PRESENT
Definition: setypes.h:767
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
#define NULL
Definition: types.h:112
#define ULONG_PTR
Definition: config.h:101
struct _SECURITY_DESCRIPTOR * PISECURITY_DESCRIPTOR

Referenced by _IRQL_requires_max_(), RtlGetDaclSecurityDescriptor(), RtlLengthSecurityDescriptor(), RtlpQuerySecurityDescriptor(), RtlValidSecurityDescriptor(), SeCaptureSecurityDescriptor(), and SeFastTraverseCheck().

◆ SepGetGroupFromDescriptor()

FORCEINLINE PSID SepGetGroupFromDescriptor ( PVOID  _Descriptor)

Definition at line 29 of file se.h.

30 {
33 
34  if (Descriptor->Control & SE_SELF_RELATIVE)
35  {
37  if (!SdRel->Group) return NULL;
38  return (PSID)((ULONG_PTR)Descriptor + SdRel->Group);
39  }
40  else
41  {
42  return Descriptor->Group;
43  }
44 }
_Must_inspect_result_ _In_ WDFIORESLIST _In_ PIO_RESOURCE_DESCRIPTOR Descriptor
Definition: wdfresource.h:339
#define SE_SELF_RELATIVE
Definition: setypes.h:780
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
#define NULL
Definition: types.h:112
#define ULONG_PTR
Definition: config.h:101
struct _SECURITY_DESCRIPTOR * PISECURITY_DESCRIPTOR

Referenced by _IRQL_requires_max_(), RtlGetGroupSecurityDescriptor(), RtlLengthSecurityDescriptor(), RtlpQuerySecurityDescriptor(), RtlValidSecurityDescriptor(), SeCaptureSecurityDescriptor(), and SepAccessCheckAndAuditAlarm().

◆ SepGetOwnerFromDescriptor()

FORCEINLINE PSID SepGetOwnerFromDescriptor ( PVOID  _Descriptor)

Definition at line 48 of file se.h.

49 {
52 
53  if (Descriptor->Control & SE_SELF_RELATIVE)
54  {
56  if (!SdRel->Owner) return NULL;
57  return (PSID)((ULONG_PTR)Descriptor + SdRel->Owner);
58  }
59  else
60  {
61  return Descriptor->Owner;
62  }
63 }
_Must_inspect_result_ _In_ WDFIORESLIST _In_ PIO_RESOURCE_DESCRIPTOR Descriptor
Definition: wdfresource.h:339
#define SE_SELF_RELATIVE
Definition: setypes.h:780
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
#define NULL
Definition: types.h:112
#define ULONG_PTR
Definition: config.h:101
struct _SECURITY_DESCRIPTOR * PISECURITY_DESCRIPTOR

Referenced by _IRQL_requires_max_(), RtlGetOwnerSecurityDescriptor(), RtlLengthSecurityDescriptor(), RtlpQuerySecurityDescriptor(), RtlValidSecurityDescriptor(), SeCaptureSecurityDescriptor(), SepAccessCheckAndAuditAlarm(), and SepTokenIsOwner().

◆ SepGetSaclFromDescriptor()

FORCEINLINE PACL SepGetSaclFromDescriptor ( PVOID  _Descriptor)

Definition at line 88 of file se.h.

89 {
92 
93  if (!(Descriptor->Control & SE_SACL_PRESENT)) return NULL;
94 
95  if (Descriptor->Control & SE_SELF_RELATIVE)
96  {
98  if (!SdRel->Sacl) return NULL;
99  return (PACL)((ULONG_PTR)Descriptor + SdRel->Sacl);
100  }
101  else
102  {
103  return Descriptor->Sacl;
104  }
105 }
#define SE_SACL_PRESENT
Definition: setypes.h:769
_Must_inspect_result_ _In_ WDFIORESLIST _In_ PIO_RESOURCE_DESCRIPTOR Descriptor
Definition: wdfresource.h:339
#define SE_SELF_RELATIVE
Definition: setypes.h:780
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
#define NULL
Definition: types.h:112
#define ULONG_PTR
Definition: config.h:101
struct _SECURITY_DESCRIPTOR * PISECURITY_DESCRIPTOR

Referenced by _IRQL_requires_max_(), RtlGetSaclSecurityDescriptor(), RtlLengthSecurityDescriptor(), RtlpQuerySecurityDescriptor(), RtlValidSecurityDescriptor(), and SeCaptureSecurityDescriptor().

◆ SepInitDACLs()

BOOLEAN NTAPI SepInitDACLs ( VOID  )

Definition at line 30 of file acl.c.

31 {
33 
34  /* create PublicDefaultDacl */
35  AclLength = sizeof(ACL) +
36  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
37  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
38  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
39 
41  AclLength,
42  TAG_ACL);
44  return FALSE;
45 
47  AclLength,
48  ACL_REVISION);
49 
53  SeWorldSid);
54 
59 
64 
65  /* create PublicDefaultUnrestrictedDacl */
66  AclLength = sizeof(ACL) +
67  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
68  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
69  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
71 
73  AclLength,
74  TAG_ACL);
76  return FALSE;
77 
79  AclLength,
80  ACL_REVISION);
81 
85  SeWorldSid);
86 
91 
96 
101 
102  /* create PublicOpenDacl */
103  AclLength = sizeof(ACL) +
104  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
105  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
106  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
107 
109  AclLength,
110  TAG_ACL);
111  if (SePublicOpenDacl == NULL)
112  return FALSE;
113 
115  AclLength,
116  ACL_REVISION);
117 
119  ACL_REVISION,
121  SeWorldSid);
122 
124  ACL_REVISION,
125  GENERIC_ALL,
127 
129  ACL_REVISION,
130  GENERIC_ALL,
132 
133  /* create PublicOpenUnrestrictedDacl */
134  AclLength = sizeof(ACL) +
135  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
136  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
137  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
138  (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
139 
141  AclLength,
142  TAG_ACL);
144  return FALSE;
145 
147  AclLength,
148  ACL_REVISION);
149 
151  ACL_REVISION,
152  GENERIC_ALL,
153  SeWorldSid);
154 
156  ACL_REVISION,
157  GENERIC_ALL,
159 
161  ACL_REVISION,
162  GENERIC_ALL,
164 
166  ACL_REVISION,
169 
170  /* create SystemDefaultDacl */
171  AclLength = sizeof(ACL) +
172  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
173  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
174 
176  AclLength,
177  TAG_ACL);
178  if (SeSystemDefaultDacl == NULL)
179  return FALSE;
180 
182  AclLength,
183  ACL_REVISION);
184 
186  ACL_REVISION,
187  GENERIC_ALL,
189 
191  ACL_REVISION,
194 
195  /* create UnrestrictedDacl */
196  AclLength = sizeof(ACL) +
197  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
198  (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
199 
201  AclLength,
202  TAG_ACL);
203  if (SeUnrestrictedDacl == NULL)
204  return FALSE;
205 
207  AclLength,
208  ACL_REVISION);
209 
211  ACL_REVISION,
212  GENERIC_ALL,
213  SeWorldSid);
214 
216  ACL_REVISION,
219 
220  return TRUE;
221 }
#define GENERIC_ALL
Definition: nt_native.h:92
PSID SeRestrictedCodeSid
Definition: sid.c:42
#define TRUE
Definition: types.h:120
PACL SeSystemDefaultDacl
Definition: acl.c:19
PACL SePublicOpenDacl
Definition: acl.c:21
PACL SePublicOpenUnrestrictedDacl
Definition: acl.c:22
#define FALSE
Definition: types.h:117
PACL SeUnrestrictedDacl
Definition: acl.c:23
#define GENERIC_WRITE
Definition: nt_native.h:90
struct _ACL ACL
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
#define READ_CONTROL
Definition: nt_native.h:58
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PSID SeAliasAdminsSid
Definition: sid.c:43
PACL SePublicDefaultUnrestrictedDacl
Definition: acl.c:20
#define GENERIC_READ
Definition: compat.h:135
PSID SeWorldSid
Definition: sid.c:27
#define TAG_ACL
Definition: tag.h:174
PACL SePublicDefaultDacl
Definition: acl.c:18
NTSTATUS NTAPI RtlAddAccessAllowedAce(IN OUT PACL Acl, IN ULONG Revision, IN ACCESS_MASK AccessMask, IN PSID Sid)
Definition: acl.c:262
NTSTATUS NTAPI RtlCreateAcl(IN PACL Acl, IN ULONG AclSize, IN ULONG AclRevision)
Definition: acl.c:677
#define NULL
Definition: types.h:112
#define ACL_REVISION
Definition: setypes.h:39
PSID SeLocalSystemSid
Definition: sid.c:40
unsigned int ULONG
Definition: retypes.h:1
#define GENERIC_EXECUTE
Definition: nt_native.h:91
Definition: rtltypes.h:990
_In_ ULONG AclLength
Definition: rtlfuncs.h:1844

Referenced by SepInitializationPhase0().

◆ SepInitializeTokenImplementation()

VOID NTAPI SepInitializeTokenImplementation ( VOID  )

Definition at line 1085 of file token.c.

1086 {
1088  OBJECT_TYPE_INITIALIZER ObjectTypeInitializer;
1089 
1090  DPRINT("Creating Token Object Type\n");
1091 
1092  /* Initialize the Token type */
1093  RtlZeroMemory(&ObjectTypeInitializer, sizeof(ObjectTypeInitializer));
1094  RtlInitUnicodeString(&Name, L"Token");
1095  ObjectTypeInitializer.Length = sizeof(ObjectTypeInitializer);
1096  ObjectTypeInitializer.InvalidAttributes = OBJ_OPENLINK;
1097  ObjectTypeInitializer.SecurityRequired = TRUE;
1098  ObjectTypeInitializer.DefaultPagedPoolCharge = sizeof(TOKEN);
1099  ObjectTypeInitializer.GenericMapping = SepTokenMapping;
1100  ObjectTypeInitializer.PoolType = PagedPool;
1101  ObjectTypeInitializer.ValidAccessMask = TOKEN_ALL_ACCESS;
1102  ObjectTypeInitializer.UseDefaultObject = TRUE;
1103  ObjectTypeInitializer.DeleteProcedure = SepDeleteToken;
1104  ObCreateObjectType(&Name, &ObjectTypeInitializer, NULL, &SeTokenObjectType);
1105 }
#define OBJ_OPENLINK
Definition: winternl.h:230
NTSTATUS NTAPI ObCreateObjectType(IN PUNICODE_STRING TypeName, IN POBJECT_TYPE_INITIALIZER ObjectTypeInitializer, IN PVOID Reserved, OUT POBJECT_TYPE *ObjectType)
Definition: oblife.c:1048
#define TRUE
Definition: types.h:120
struct NameRec_ * Name
Definition: cdprocs.h:459
POBJECT_TYPE SeTokenObjectType
Definition: token.c:29
#define TOKEN_ALL_ACCESS
Definition: setypes.h:892
static const WCHAR L[]
Definition: oid.c:1250
static GENERIC_MAPPING SepTokenMapping
Definition: token.c:35
GENERIC_MAPPING GenericMapping
Definition: obtypes.h:358
VOID NTAPI SepDeleteToken(PVOID ObjectBody)
Definition: token.c:1062
#define NULL
Definition: types.h:112
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
#define DPRINT
Definition: sndvol32.h:71
OB_DELETE_METHOD DeleteProcedure
Definition: obtypes.h:369
struct _TOKEN TOKEN

Referenced by SepInitializationPhase0().

◆ SepInitPrivileges()

VOID NTAPI SepInitPrivileges ( VOID  )

Definition at line 60 of file priv.c.

61 {
62 
63 }

Referenced by SepInitializationPhase0().

◆ SepInitSDs()

BOOLEAN NTAPI SepInitSDs ( VOID  )

Definition at line 30 of file sd.c.

31 {
32  /* Create PublicDefaultSd */
34  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
35  if (SePublicDefaultSd == NULL)
36  return FALSE;
37 
41  TRUE,
43  FALSE);
44 
45  /* Create PublicDefaultUnrestrictedSd */
47  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
49  return FALSE;
50 
54  TRUE,
56  FALSE);
57 
58  /* Create PublicOpenSd */
60  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
61  if (SePublicOpenSd == NULL)
62  return FALSE;
63 
67  TRUE,
69  FALSE);
70 
71  /* Create PublicOpenUnrestrictedSd */
73  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
75  return FALSE;
76 
80  TRUE,
82  FALSE);
83 
84  /* Create SystemDefaultSd */
86  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
87  if (SeSystemDefaultSd == NULL)
88  return FALSE;
89 
93  TRUE,
95  FALSE);
96 
97  /* Create UnrestrictedSd */
99  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
100  if (SeUnrestrictedSd == NULL)
101  return FALSE;
102 
106  TRUE,
108  FALSE);
109 
110  return TRUE;
111 }
PACL SePublicDefaultUnrestrictedDacl
Definition: acl.c:20
#define TRUE
Definition: types.h:120
PSECURITY_DESCRIPTOR SePublicDefaultSd
Definition: sd.c:18
PACL SeSystemDefaultDacl
Definition: acl.c:19
PSECURITY_DESCRIPTOR SeUnrestrictedSd
Definition: sd.c:23
NTSTATUS NTAPI RtlCreateSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Revision)
Definition: sd.c:117
PSECURITY_DESCRIPTOR SePublicOpenSd
Definition: sd.c:20
NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN DaclPresent, IN PACL Dacl, IN BOOLEAN DaclDefaulted)
Definition: sd.c:303
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
#define FALSE
Definition: types.h:117
PACL SePublicOpenDacl
Definition: acl.c:21
#define TAG_SD
Definition: tag.h:176
PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
Definition: sd.c:21
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
Definition: sd.c:19
PACL SePublicDefaultDacl
Definition: acl.c:18
#define NULL
Definition: types.h:112
PACL SeUnrestrictedDacl
Definition: acl.c:23
PACL SePublicOpenUnrestrictedDacl
Definition: acl.c:22
PSECURITY_DESCRIPTOR SeSystemDefaultSd
Definition: sd.c:22

Referenced by SepInitializationPhase0().

◆ SepInitSecurityIDs()

BOOLEAN NTAPI SepInitSecurityIDs ( VOID  )

Definition at line 96 of file sid.c.

97 {
98  ULONG SidLength0;
99  ULONG SidLength1;
100  ULONG SidLength2;
101  PULONG SubAuthority;
102 
103  SidLength0 = RtlLengthRequiredSid(0);
104  SidLength1 = RtlLengthRequiredSid(1);
105  SidLength2 = RtlLengthRequiredSid(2);
106 
107  /* create NullSid */
138 
139  if (SeNullSid == NULL || SeWorldSid == NULL ||
143  SeDialupSid == NULL || SeNetworkSid == NULL || SeBatchSid == NULL ||
154  {
156  return FALSE;
157  }
158 
189 
190  SubAuthority = RtlSubAuthoritySid(SeNullSid, 0);
191  *SubAuthority = SECURITY_NULL_RID;
192  SubAuthority = RtlSubAuthoritySid(SeWorldSid, 0);
193  *SubAuthority = SECURITY_WORLD_RID;
194  SubAuthority = RtlSubAuthoritySid(SeLocalSid, 0);
195  *SubAuthority = SECURITY_LOCAL_RID;
196  SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerSid, 0);
197  *SubAuthority = SECURITY_CREATOR_OWNER_RID;
198  SubAuthority = RtlSubAuthoritySid(SeCreatorGroupSid, 0);
199  *SubAuthority = SECURITY_CREATOR_GROUP_RID;
200  SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerServerSid, 0);
201  *SubAuthority = SECURITY_CREATOR_OWNER_SERVER_RID;
202  SubAuthority = RtlSubAuthoritySid(SeCreatorGroupServerSid, 0);
203  *SubAuthority = SECURITY_CREATOR_GROUP_SERVER_RID;
204  SubAuthority = RtlSubAuthoritySid(SeDialupSid, 0);
205  *SubAuthority = SECURITY_DIALUP_RID;
206  SubAuthority = RtlSubAuthoritySid(SeNetworkSid, 0);
207  *SubAuthority = SECURITY_NETWORK_RID;
208  SubAuthority = RtlSubAuthoritySid(SeBatchSid, 0);
209  *SubAuthority = SECURITY_BATCH_RID;
210  SubAuthority = RtlSubAuthoritySid(SeInteractiveSid, 0);
211  *SubAuthority = SECURITY_INTERACTIVE_RID;
212  SubAuthority = RtlSubAuthoritySid(SeServiceSid, 0);
213  *SubAuthority = SECURITY_SERVICE_RID;
214  SubAuthority = RtlSubAuthoritySid(SePrincipalSelfSid, 0);
215  *SubAuthority = SECURITY_PRINCIPAL_SELF_RID;
216  SubAuthority = RtlSubAuthoritySid(SeLocalSystemSid, 0);
217  *SubAuthority = SECURITY_LOCAL_SYSTEM_RID;
218  SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUserSid, 0);
219  *SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
220  SubAuthority = RtlSubAuthoritySid(SeRestrictedCodeSid, 0);
221  *SubAuthority = SECURITY_RESTRICTED_CODE_RID;
222  SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 0);
223  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
224  SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 1);
225  *SubAuthority = DOMAIN_ALIAS_RID_ADMINS;
226  SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 0);
227  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
228  SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 1);
229  *SubAuthority = DOMAIN_ALIAS_RID_USERS;
230  SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 0);
231  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
232  SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 1);
233  *SubAuthority = DOMAIN_ALIAS_RID_GUESTS;
234  SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 0);
235  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
236  SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 1);
237  *SubAuthority = DOMAIN_ALIAS_RID_POWER_USERS;
238  SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 0);
239  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
240  SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 1);
241  *SubAuthority = DOMAIN_ALIAS_RID_ACCOUNT_OPS;
242  SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 0);
243  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
244  SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 1);
245  *SubAuthority = DOMAIN_ALIAS_RID_SYSTEM_OPS;
246  SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 0);
247  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
248  SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 1);
249  *SubAuthority = DOMAIN_ALIAS_RID_PRINT_OPS;
250  SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 0);
251  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
252  SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 1);
253  *SubAuthority = DOMAIN_ALIAS_RID_BACKUP_OPS;
254  SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUsersSid, 0);
255  *SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
256  SubAuthority = RtlSubAuthoritySid(SeRestrictedSid, 0);
257  *SubAuthority = SECURITY_RESTRICTED_CODE_RID;
258  SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid, 0);
259  *SubAuthority = SECURITY_ANONYMOUS_LOGON_RID;
260  SubAuthority = RtlSubAuthoritySid(SeLocalServiceSid, 0);
261  *SubAuthority = SECURITY_LOCAL_SERVICE_RID;
262  SubAuthority = RtlSubAuthoritySid(SeNetworkServiceSid, 0);
263  *SubAuthority = SECURITY_NETWORK_SERVICE_RID;
264 
265  return TRUE;
266 }
PSID SeLocalServiceSid
Definition: sid.c:54
#define SECURITY_BATCH_RID
Definition: setypes.h:530
#define SECURITY_AUTHENTICATED_USER_RID
Definition: setypes.h:540
#define SECURITY_LOCAL_SYSTEM_RID
Definition: setypes.h:546
#define DOMAIN_ALIAS_RID_GUESTS
Definition: setypes.h:626
PSID SeAliasPrintOpsSid
Definition: sid.c:49
VOID NTAPI FreeInitializedSids(VOID)
Definition: sid.c:61
PSID SeAnonymousLogonSid
Definition: sid.c:53
PSID SeBatchSid
Definition: sid.c:36
#define TRUE
Definition: types.h:120
PSID SeLocalSystemSid
Definition: sid.c:40
PSID SeAliasAdminsSid
Definition: sid.c:43
#define DOMAIN_ALIAS_RID_ACCOUNT_OPS
Definition: setypes.h:629
PSID SeDialupSid
Definition: sid.c:34
#define SECURITY_DIALUP_RID
Definition: setypes.h:528
#define SECURITY_NETWORK_RID
Definition: setypes.h:529
#define TAG_SID
Definition: sid.c:15
#define DOMAIN_ALIAS_RID_POWER_USERS
Definition: setypes.h:627
#define SECURITY_INTERACTIVE_RID
Definition: setypes.h:531
PSID SeAliasBackupOpsSid
Definition: sid.c:50
PSID SePrincipalSelfSid
Definition: sid.c:39
PULONG NTAPI RtlSubAuthoritySid(IN PSID Sid_, IN ULONG SubAuthority)
Definition: sid.c:89
#define SECURITY_PRINCIPAL_SELF_RID
Definition: setypes.h:539
PSID SeCreatorOwnerServerSid
Definition: sid.c:31
#define FALSE
Definition: types.h:117
SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority
Definition: sid.c:23
#define SECURITY_LOCAL_SERVICE_RID
Definition: setypes.h:547
#define SECURITY_CREATOR_GROUP_SERVER_RID
Definition: setypes.h:520
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:553
#define DOMAIN_ALIAS_RID_BACKUP_OPS
Definition: setypes.h:632
PSID SeServiceSid
Definition: sid.c:38
#define DOMAIN_ALIAS_RID_SYSTEM_OPS
Definition: setypes.h:630
#define SECURITY_LOCAL_RID
Definition: setypes.h:514
SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority
Definition: sid.c:21
#define SECURITY_WORLD_RID
Definition: setypes.h:513
#define SECURITY_ANONYMOUS_LOGON_RID
Definition: setypes.h:535
PSID SeAliasUsersSid
Definition: sid.c:44
PSID SeAliasGuestsSid
Definition: sid.c:45
#define SECURITY_CREATOR_OWNER_RID
Definition: setypes.h:517
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
#define SECURITY_NULL_RID
Definition: setypes.h:512
PSID SeAuthenticatedUserSid
Definition: sid.c:41
PSID SeWorldSid
Definition: sid.c:27
ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
PSID SeLocalSid
Definition: sid.c:28
PSID SeAuthenticatedUsersSid
Definition: sid.c:51
PSID SeAliasPowerUsersSid
Definition: sid.c:46
#define SECURITY_NETWORK_SERVICE_RID
Definition: setypes.h:548
PSID SeNetworkSid
Definition: sid.c:35
SID_IDENTIFIER_AUTHORITY SeNullSidAuthority
Definition: sid.c:20
#define SECURITY_CREATOR_GROUP_RID
Definition: setypes.h:518
NTSTATUS NTAPI RtlInitializeSid(IN PSID Sid_, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)
Definition: sid.c:68
#define DOMAIN_ALIAS_RID_USERS
Definition: setypes.h:625
unsigned int * PULONG
Definition: retypes.h:1
#define SECURITY_RESTRICTED_CODE_RID
Definition: setypes.h:541
#define NULL
Definition: types.h:112
PSID SeCreatorGroupSid
Definition: sid.c:30
PSID SeRestrictedSid
Definition: sid.c:52
PSID SeCreatorGroupServerSid
Definition: sid.c:32
PSID SeNetworkServiceSid
Definition: sid.c:55
#define SECURITY_CREATOR_OWNER_SERVER_RID
Definition: setypes.h:519
PSID SeRestrictedCodeSid
Definition: sid.c:42
#define DOMAIN_ALIAS_RID_PRINT_OPS
Definition: setypes.h:631
#define SECURITY_SERVICE_RID
Definition: setypes.h:534
unsigned int ULONG
Definition: retypes.h:1
SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority
Definition: sid.c:22
PSID SeCreatorOwnerSid
Definition: sid.c:29
PSID SeAliasSystemOpsSid
Definition: sid.c:48
PSID SeInteractiveSid
Definition: sid.c:37
PSID SeNullSid
Definition: sid.c:26
SID_IDENTIFIER_AUTHORITY SeNtSidAuthority
Definition: sid.c:24
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:624
PSID SeNtAuthoritySid
Definition: sid.c:33
PSID SeAliasAccountOpsSid
Definition: sid.c:47

Referenced by SepInitializationPhase0().

◆ SepPrivilegeCheck()

BOOLEAN NTAPI SepPrivilegeCheck ( PTOKEN  Token,
PLUID_AND_ATTRIBUTES  Privileges,
ULONG  PrivilegeCount,
ULONG  PrivilegeControl,
KPROCESSOR_MODE  PreviousMode 
)

Definition at line 68 of file priv.c.

73 {
74  ULONG i;
75  ULONG j;
77 
78  DPRINT("SepPrivilegeCheck() called\n");
79 
80  PAGED_CODE();
81 
82  if (PreviousMode == KernelMode)
83  return TRUE;
84 
85  /* Get the number of privileges that are required to match */
86  Required = (PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY) ? PrivilegeCount : 1;
87 
88  /* Acquire a shared token lock */
90 
91  /* Loop all requested privileges until we found the required ones */
92  for (i = 0; i < PrivilegeCount; i++)
93  {
94  /* Loop the privileges of the token */
95  for (j = 0; j < Token->PrivilegeCount; j++)
96  {
97  /* Check if the LUIDs match */
98  if (RtlEqualLuid(&Token->Privileges[j].Luid, &Privileges[i].Luid))
99  {
100  DPRINT("Found privilege. Attributes: %lx\n",
101  Token->Privileges[j].Attributes);
102 
103  /* Check if the privilege is enabled */
104  if (Token->Privileges[j].Attributes & SE_PRIVILEGE_ENABLED)
105  {
107  Required--;
108 
109  /* Check if we have found all privileges */
110  if (Required == 0)
111  {
112  /* We're done! */
114  return TRUE;
115  }
116  }
117 
118  /* Leave the inner loop */
119  break;
120  }
121  }
122  }
123 
124  /* Release the token lock */
126 
127  /* When we reached this point, we did not find all privileges */
128  ASSERT(Required > 0);
129  return FALSE;
130 }
#define TRUE
Definition: types.h:120
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
#define FALSE
Definition: types.h:117
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
#define PRIVILEGE_SET_ALL_NECESSARY
Definition: setypes.h:83
#define SE_PRIVILEGE_USED_FOR_ACCESS
Definition: setypes.h:65
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
Definition: glfuncs.h:250
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define ASSERT(a)
Definition: mode.c:45
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
#define SepReleaseTokenLock(Token)
Definition: se.h:211
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
#define SepAcquireTokenLockShared(Token)
Definition: se.h:205
unsigned int ULONG
Definition: retypes.h:1
struct _MEMORY_AREA struct _MM_REQUIRED_RESOURCES * Required
Definition: newmm.h:48
#define DPRINT
Definition: sndvol32.h:71
#define PAGED_CODE()

Referenced by NtPrivilegeCheck(), SeCheckAuditPrivilege(), SePrivilegeCheck(), and SepSinglePrivilegeCheck().

◆ SepPropagateAcl()

NTSTATUS SepPropagateAcl ( _Out_writes_bytes_opt_(DaclLength) PACL  AclDest,
_Inout_ PULONG  AclLength,
_In_reads_bytes_(AclSource->AclSize) PACL  AclSource,
_In_ PSID  Owner,
_In_ PSID  Group,
_In_ BOOLEAN  IsInherited,
_In_ BOOLEAN  IsDirectoryObject,
_In_ PGENERIC_MAPPING  GenericMapping 
)

◆ SepReleaseAcl()

VOID NTAPI SepReleaseAcl ( IN PACL  CapturedAcl,
IN KPROCESSOR_MODE  AccessMode,
IN BOOLEAN  CaptureIfKernel 
)

Definition at line 361 of file acl.c.

364 {
365  PAGED_CODE();
366 
367  if (CapturedAcl != NULL &&
368  (AccessMode != KernelMode ||
369  (AccessMode == KernelMode && CaptureIfKernel)))
370  {
371  ExFreePoolWithTag(CapturedAcl, TAG_ACL);
372  }
373 }
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
#define TAG_ACL
Definition: tag.h:174
#define NULL
Definition: types.h:112
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define PAGED_CODE()

Referenced by NtCreateToken().

◆ SepReleaseSecurityQualityOfService()

VOID NTAPI SepReleaseSecurityQualityOfService ( IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService  OPTIONAL,
IN KPROCESSOR_MODE  AccessMode,
IN BOOLEAN  CaptureIfKernel 
)

Definition at line 363 of file sd.c.

366 {
367  PAGED_CODE();
368 
369  if (CapturedSecurityQualityOfService != NULL &&
370  (AccessMode != KernelMode || CaptureIfKernel))
371  {
372  ExFreePoolWithTag(CapturedSecurityQualityOfService, TAG_QOS);
373  }
374 }
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
#define NULL
Definition: types.h:112
#define TAG_QOS
Definition: tag.h:177
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define PAGED_CODE()

Referenced by NtDuplicateToken().

◆ SepReleaseSid()

VOID NTAPI SepReleaseSid ( IN PSID  CapturedSid,
IN KPROCESSOR_MODE  AccessMode,
IN BOOLEAN  CaptureIfKernel 
)

Definition at line 338 of file sid.c.

341 {
342  PAGED_CODE();
343 
344  if (CapturedSid != NULL &&
345  (AccessMode != KernelMode ||
346  (AccessMode == KernelMode && CaptureIfKernel)))
347  {
348  ExFreePoolWithTag(CapturedSid, TAG_SID);
349  }
350 }
#define TAG_SID
Definition: sid.c:15
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
#define NULL
Definition: types.h:112
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define PAGED_CODE()

Referenced by NtCreateToken(), NtSecureConnectPort(), NtSetInformationToken(), and SepAccessCheckAndAuditAlarm().

◆ SePrivilegedServiceAuditAlarm()

VOID NTAPI SePrivilegedServiceAuditAlarm ( _In_opt_ PUNICODE_STRING  ServiceName,
_In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext,
_In_ PPRIVILEGE_SET  PrivilegeSet,
_In_ BOOLEAN  AccessGranted 
)

Definition at line 214 of file audit.c.

219 {
220  PTOKEN EffectiveToken;
221  PSID UserSid;
222  PAGED_CODE();
223 
224  /* Get the effective token */
225  if (SubjectContext->ClientToken != NULL)
226  EffectiveToken = SubjectContext->ClientToken;
227  else
228  EffectiveToken = SubjectContext->PrimaryToken;
229 
230  /* Get the user SID */
231  UserSid = EffectiveToken->UserAndGroups->Sid;
232 
233  /* Check if this is the local system SID */
234  if (RtlEqualSid(UserSid, SeLocalSystemSid))
235  {
236  /* Nothing to do */
237  return;
238  }
239 
240  /* Check if this is the network service or local service SID */
241  if (RtlEqualSid(UserSid, SeExports->SeNetworkServiceSid) ||
243  {
244  // FIXME: should continue for a certain set of privileges
245  return;
246  }
247 
248  /* Call the worker function */
251