ReactOS  0.4.15-dev-2155-g06f57e1
Classes | Macros | Typedefs | Functions | Variables
se.h File Reference

Go to the source code of this file.

Classes

struct  _KNOWN_ACE
 
struct  _KNOWN_OBJECT_ACE
 
struct  _KNOWN_COMPOUND_ACE
 

Macros

#define SepAcquireTokenLockExclusive(Token)
 
#define SepAcquireTokenLockShared(Token)
 
#define SepReleaseTokenLock(Token)
 

Typedefs

typedef struct _KNOWN_ACE KNOWN_ACE
 
typedef struct _KNOWN_ACEPKNOWN_ACE
 
typedef struct _KNOWN_OBJECT_ACE KNOWN_OBJECT_ACE
 
typedef struct _KNOWN_OBJECT_ACEPKNOWN_OBJECT_ACE
 
typedef struct _KNOWN_COMPOUND_ACE KNOWN_COMPOUND_ACE
 
typedef struct _KNOWN_COMPOUND_ACEPKNOWN_COMPOUND_ACE
 

Functions

FORCEINLINE PSID SepGetGroupFromDescriptor (PVOID _Descriptor)
 
FORCEINLINE PSID SepGetOwnerFromDescriptor (PVOID _Descriptor)
 
FORCEINLINE PACL SepGetDaclFromDescriptor (PVOID _Descriptor)
 
FORCEINLINE PACL SepGetSaclFromDescriptor (PVOID _Descriptor)
 
BOOLEAN NTAPI SepTokenIsOwner (IN PACCESS_TOKEN _Token, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN TokenLocked)
 
BOOLEAN NTAPI SepSidInToken (IN PACCESS_TOKEN _Token, IN PSID Sid)
 
BOOLEAN NTAPI SepSidInTokenEx (IN PACCESS_TOKEN _Token, IN PSID PrincipalSelfSid, IN PSID _Sid, IN BOOLEAN Deny, IN BOOLEAN Restricted)
 
BOOLEAN NTAPI SeInitSystem (VOID)
 
VOID NTAPI SepInitPrivileges (VOID)
 
BOOLEAN NTAPI SepInitSecurityIDs (VOID)
 
BOOLEAN NTAPI SepInitDACLs (VOID)
 
BOOLEAN NTAPI SepInitSDs (VOID)
 
BOOLEAN NTAPI SeRmInitPhase0 (VOID)
 
BOOLEAN NTAPI SeRmInitPhase1 (VOID)
 
VOID NTAPI SeDeassignPrimaryToken (struct _EPROCESS *Process)
 
NTSTATUS NTAPI SeSubProcessToken (IN PTOKEN Parent, OUT PTOKEN *Token, IN BOOLEAN InUse, IN ULONG SessionId)
 
NTSTATUS NTAPI SeInitializeProcessAuditName (IN PFILE_OBJECT FileObject, IN BOOLEAN DoAudit, OUT POBJECT_NAME_INFORMATION *AuditInfo)
 
NTSTATUS NTAPI SeCreateAccessStateEx (IN PETHREAD Thread, IN PEPROCESS Process, IN OUT PACCESS_STATE AccessState, IN PAUX_ACCESS_DATA AuxData, IN ACCESS_MASK Access, IN PGENERIC_MAPPING GenericMapping)
 
NTSTATUS NTAPI SeIsTokenChild (IN PTOKEN Token, OUT PBOOLEAN IsChild)
 
NTSTATUS NTAPI SeIsTokenSibling (IN PTOKEN Token, OUT PBOOLEAN IsSibling)
 
NTSTATUS NTAPI SepCreateImpersonationTokenDacl (_In_ PTOKEN Token, _In_ PTOKEN PrimaryToken, _Out_ PACL *Dacl)
 
VOID NTAPI SepInitializeTokenImplementation (VOID)
 
PTOKEN NTAPI SepCreateSystemProcessToken (VOID)
 
BOOLEAN NTAPI SeDetailedAuditingWithToken (IN PTOKEN Token)
 
VOID NTAPI SeAuditProcessExit (IN PEPROCESS Process)
 
VOID NTAPI SeAuditProcessCreate (IN PEPROCESS Process)
 
NTSTATUS NTAPI SeExchangePrimaryToken (_In_ PEPROCESS Process, _In_ PACCESS_TOKEN NewAccessToken, _Out_ PACCESS_TOKEN *OldAccessToken)
 
VOID NTAPI SeCaptureSubjectContextEx (IN PETHREAD Thread, IN PEPROCESS Process, OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
 
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src, ULONG PrivilegeCount, KPROCESSOR_MODE PreviousMode, PLUID_AND_ATTRIBUTES AllocatedMem, ULONG AllocatedLength, POOL_TYPE PoolType, BOOLEAN CaptureIfKernel, PLUID_AND_ATTRIBUTES *Dest, PULONG Length)
 
VOID NTAPI SeReleaseLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Privilege, KPROCESSOR_MODE PreviousMode, BOOLEAN CaptureIfKernel)
 
BOOLEAN NTAPI SepPrivilegeCheck (PTOKEN Token, PLUID_AND_ATTRIBUTES Privileges, ULONG PrivilegeCount, ULONG PrivilegeControl, KPROCESSOR_MODE PreviousMode)
 
NTSTATUS NTAPI SePrivilegePolicyCheck (_Inout_ PACCESS_MASK DesiredAccess, _Inout_ PACCESS_MASK GrantedAccess, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PTOKEN Token, _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet, _In_ KPROCESSOR_MODE PreviousMode)
 
BOOLEAN NTAPI SeCheckPrivilegedObject (IN LUID PrivilegeValue, IN HANDLE ObjectHandle, IN ACCESS_MASK DesiredAccess, IN KPROCESSOR_MODE PreviousMode)
 
NTSTATUS NTAPI SepDuplicateToken (_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
 
NTSTATUS NTAPI SepCaptureSecurityQualityOfService (IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, OUT PBOOLEAN Present)
 
VOID NTAPI SepReleaseSecurityQualityOfService (IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
 
NTSTATUS NTAPI SepCaptureSid (IN PSID InputSid, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSID *CapturedSid)
 
VOID NTAPI SepReleaseSid (IN PSID CapturedSid, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
 
NTSTATUS NTAPI SeCaptureSidAndAttributesArray (_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
 
VOID NTAPI SeReleaseSidAndAttributesArray (_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
 
NTSTATUS NTAPI SeComputeQuotaInformationSize (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PULONG QuotaInfoSize)
 
NTSTATUS NTAPI SepCaptureAcl (IN PACL InputAcl, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PACL *CapturedAcl)
 
VOID NTAPI SepReleaseAcl (IN PACL CapturedAcl, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
 
NTSTATUS SepPropagateAcl (_Out_writes_bytes_opt_(DaclLength) PACL AclDest, _Inout_ PULONG AclLength, _In_reads_bytes_(AclSource->AclSize) PACL AclSource, _In_ PSID Owner, _In_ PSID Group, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
 
PACL SepSelectAcl (_In_opt_ PACL ExplicitAcl, _In_ BOOLEAN ExplicitPresent, _In_ BOOLEAN ExplicitDefaulted, _In_opt_ PACL ParentAcl, _In_opt_ PACL DefaultAcl, _Out_ PULONG AclLength, _In_ PSID Owner, _In_ PSID Group, _Out_ PBOOLEAN AclPresent, _Out_ PBOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
 
NTSTATUS NTAPI SeDefaultObjectMethod (PVOID Object, SECURITY_OPERATION_CODE OperationType, PSECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR NewSecurityDescriptor, PULONG ReturnLength, PSECURITY_DESCRIPTOR *OldSecurityDescriptor, POOL_TYPE PoolType, PGENERIC_MAPPING GenericMapping)
 
NTSTATUS NTAPI SeSetWorldSecurityDescriptor (SECURITY_INFORMATION SecurityInformation, PISECURITY_DESCRIPTOR SecurityDescriptor, PULONG BufferLength)
 
NTSTATUS NTAPI SeCopyClientToken (IN PACCESS_TOKEN Token, IN SECURITY_IMPERSONATION_LEVEL Level, IN KPROCESSOR_MODE PreviousMode, OUT PACCESS_TOKEN *NewToken)
 
VOID NTAPI SeQuerySecurityAccessMask (IN SECURITY_INFORMATION SecurityInformation, OUT PACCESS_MASK DesiredAccess)
 
VOID NTAPI SeSetSecurityAccessMask (IN SECURITY_INFORMATION SecurityInformation, OUT PACCESS_MASK DesiredAccess)
 
BOOLEAN NTAPI SeFastTraverseCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PACCESS_STATE AccessState, IN ACCESS_MASK DesiredAccess, IN KPROCESSOR_MODE AccessMode)
 
BOOLEAN NTAPI SeCheckAuditPrivilege (_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
 
VOID NTAPI SePrivilegedServiceAuditAlarm (_In_opt_ PUNICODE_STRING ServiceName, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN AccessGranted)
 
NTSTATUS SepRmReferenceLogonSession (PLUID LogonLuid)
 
NTSTATUS SepRmDereferenceLogonSession (PLUID LogonLuid)
 
NTSTATUS NTAPI SeGetLogonIdDeviceMap (IN PLUID LogonId, OUT PDEVICE_MAP *DeviceMap)
 

Variables

SID_IDENTIFIER_AUTHORITY SeNullSidAuthority
 
SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority
 
SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority
 
SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority
 
SID_IDENTIFIER_AUTHORITY SeNtSidAuthority
 
PSID SeNullSid
 
PSID SeWorldSid
 
PSID SeLocalSid
 
PSID SeCreatorOwnerSid
 
PSID SeCreatorGroupSid
 
PSID SeCreatorOwnerServerSid
 
PSID SeCreatorGroupServerSid
 
PSID SeNtAuthoritySid
 
PSID SeDialupSid
 
PSID SeNetworkSid
 
PSID SeBatchSid
 
PSID SeInteractiveSid
 
PSID SeServiceSid
 
PSID SeAnonymousLogonSid
 
PSID SePrincipalSelfSid
 
PSID SeLocalSystemSid
 
PSID SeAuthenticatedUserSid
 
PSID SeRestrictedCodeSid
 
PSID SeAliasAdminsSid
 
PSID SeAliasUsersSid
 
PSID SeAliasGuestsSid
 
PSID SeAliasPowerUsersSid
 
PSID SeAliasAccountOpsSid
 
PSID SeAliasSystemOpsSid
 
PSID SeAliasPrintOpsSid
 
PSID SeAliasBackupOpsSid
 
PSID SeAuthenticatedUsersSid
 
PSID SeRestrictedSid
 
PSID SeLocalServiceSid
 
PSID SeNetworkServiceSid
 
const LUID SeCreateTokenPrivilege
 
const LUID SeAssignPrimaryTokenPrivilege
 
const LUID SeLockMemoryPrivilege
 
const LUID SeIncreaseQuotaPrivilege
 
const LUID SeUnsolicitedInputPrivilege
 
const LUID SeTcbPrivilege
 
const LUID SeSecurityPrivilege
 
const LUID SeTakeOwnershipPrivilege
 
const LUID SeLoadDriverPrivilege
 
const LUID SeSystemProfilePrivilege
 
const LUID SeSystemtimePrivilege
 
const LUID SeProfileSingleProcessPrivilege
 
const LUID SeIncreaseBasePriorityPrivilege
 
const LUID SeCreatePagefilePrivilege
 
const LUID SeCreatePermanentPrivilege
 
const LUID SeBackupPrivilege
 
const LUID SeRestorePrivilege
 
const LUID SeShutdownPrivilege
 
const LUID SeDebugPrivilege
 
const LUID SeAuditPrivilege
 
const LUID SeSystemEnvironmentPrivilege
 
const LUID SeChangeNotifyPrivilege
 
const LUID SeRemoteShutdownPrivilege
 
const LUID SeUndockPrivilege
 
const LUID SeSyncAgentPrivilege
 
const LUID SeEnableDelegationPrivilege
 
const LUID SeManageVolumePrivilege
 
const LUID SeImpersonatePrivilege
 
const LUID SeCreateGlobalPrivilege
 
const LUID SeTrustedCredmanPrivilege
 
const LUID SeRelabelPrivilege
 
const LUID SeIncreaseWorkingSetPrivilege
 
const LUID SeTimeZonePrivilege
 
const LUID SeCreateSymbolicLinkPrivilege
 
PACL SePublicDefaultUnrestrictedDacl
 
PACL SePublicOpenDacl
 
PACL SePublicOpenUnrestrictedDacl
 
PACL SeUnrestrictedDacl
 
PSECURITY_DESCRIPTOR SePublicDefaultSd
 
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
 
PSECURITY_DESCRIPTOR SePublicOpenSd
 
PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
 
PSECURITY_DESCRIPTOR SeSystemDefaultSd
 
PSECURITY_DESCRIPTOR SeUnrestrictedSd
 

Macro Definition Documentation

◆ SepAcquireTokenLockExclusive

#define SepAcquireTokenLockExclusive (   Token)
Value:
{ \
KeEnterCriticalRegion(); \
ExAcquireResourceExclusiveLite(((PTOKEN)Token)->TokenLock, TRUE); \
}
TRUE
#define TRUE
Definition: types.h:120
Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
_TOKEN
Definition: setypes.h:184

Definition at line 200 of file se.h.

◆ SepAcquireTokenLockShared

#define SepAcquireTokenLockShared (   Token)
Value:
{ \
KeEnterCriticalRegion(); \
ExAcquireResourceSharedLite(((PTOKEN)Token)->TokenLock, TRUE); \
}
TRUE
#define TRUE
Definition: types.h:120
Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
_TOKEN
Definition: setypes.h:184

Definition at line 205 of file se.h.

◆ SepReleaseTokenLock

#define SepReleaseTokenLock (   Token)
Value:
{ \
ExReleaseResourceLite(((PTOKEN)Token)->TokenLock); \
KeLeaveCriticalRegion(); \
}
Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
_TOKEN
Definition: setypes.h:184

Definition at line 211 of file se.h.

Typedef Documentation

◆ KNOWN_ACE

typedef struct _KNOWN_ACE KNOWN_ACE

◆ KNOWN_COMPOUND_ACE

typedef struct _KNOWN_COMPOUND_ACE KNOWN_COMPOUND_ACE

◆ KNOWN_OBJECT_ACE

typedef struct _KNOWN_OBJECT_ACE KNOWN_OBJECT_ACE

◆ PKNOWN_ACE

typedef struct _KNOWN_ACE * PKNOWN_ACE

◆ PKNOWN_COMPOUND_ACE

typedef struct _KNOWN_COMPOUND_ACE * PKNOWN_COMPOUND_ACE

◆ PKNOWN_OBJECT_ACE

typedef struct _KNOWN_OBJECT_ACE * PKNOWN_OBJECT_ACE

Function Documentation

◆ SeAuditProcessCreate()

VOID NTAPI SeAuditProcessCreate ( IN PEPROCESS  Process)

Definition at line 33 of file audit.c.

34 {
35  /* FIXME */
36 }

Referenced by PspCreateProcess().

◆ SeAuditProcessExit()

VOID NTAPI SeAuditProcessExit ( IN PEPROCESS  Process)

Definition at line 40 of file audit.c.

41 {
42  /* FIXME */
43 }

Referenced by PspExitThread().

◆ SeCaptureLuidAndAttributesArray()

NTSTATUS NTAPI SeCaptureLuidAndAttributesArray ( PLUID_AND_ATTRIBUTES  Src,
ULONG  PrivilegeCount,
KPROCESSOR_MODE  PreviousMode,
PLUID_AND_ATTRIBUTES  AllocatedMem,
ULONG  AllocatedLength,
POOL_TYPE  PoolType,
BOOLEAN  CaptureIfKernel,
PLUID_AND_ATTRIBUTES Dest,
PULONG  Length 
)

Definition at line 287 of file priv.c.

296 {
297  ULONG BufferSize;
298  NTSTATUS Status = STATUS_SUCCESS;
299 
300  PAGED_CODE();
301 
302  if (PrivilegeCount == 0)
303  {
304  *Dest = 0;
305  *Length = 0;
306  return STATUS_SUCCESS;
307  }
308 
309  if (PreviousMode == KernelMode && !CaptureIfKernel)
310  {
311  *Dest = Src;
312  return STATUS_SUCCESS;
313  }
314 
315  /* FIXME - check PrivilegeCount for a valid number so we don't
316  cause an integer overflow or exhaust system resources! */
317 
318  BufferSize = PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
319  *Length = ROUND_UP(BufferSize, 4); /* round up to a 4 byte alignment */
320 
321  /* probe the buffer */
322  if (PreviousMode != KernelMode)
323  {
324  _SEH2_TRY
325  {
326  ProbeForRead(Src,
327  BufferSize,
328  sizeof(ULONG));
329  }
330  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
331  {
332  /* Return the exception code */
333  _SEH2_YIELD(return _SEH2_GetExceptionCode());
334  }
335  _SEH2_END;
336  }
337 
338  /* allocate enough memory or check if the provided buffer is
339  large enough to hold the array */
340  if (AllocatedMem != NULL)
341  {
342  if (AllocatedLength < BufferSize)
343  {
344  return STATUS_BUFFER_TOO_SMALL;
345  }
346 
347  *Dest = AllocatedMem;
348  }
349  else
350  {
351  *Dest = ExAllocatePoolWithTag(PoolType,
352  BufferSize,
353  TAG_LUID);
354  if (*Dest == NULL)
355  {
356  return STATUS_INSUFFICIENT_RESOURCES;
357  }
358  }
359 
360  /* copy the array to the buffer */
361  _SEH2_TRY
362  {
363  RtlCopyMemory(*Dest,
364  Src,
365  BufferSize);
366  }
367  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
368  {
369  Status = _SEH2_GetExceptionCode();
370  }
371  _SEH2_END;
372 
373  if (!NT_SUCCESS(Status) && AllocatedMem == NULL)
374  {
375  ExFreePoolWithTag(*Dest, TAG_LUID);
376  }
377 
378  return Status;
379 }
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
ROUND_UP
#define ROUND_UP(n, align)
Definition: eventvwr.h:31
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
LUID_AND_ATTRIBUTES
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
Status
Status
Definition: gdiplustypes.h:24
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
_SEH2_YIELD
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
TAG_LUID
#define TAG_LUID
Definition: tag.h:178
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
ProbeForRead
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
_SEH2_END
_SEH2_END
Definition: create.c:4400
NULL
#define NULL
Definition: types.h:112
PoolType
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
ULONG
unsigned int ULONG
Definition: retypes.h:1
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
BufferSize
#define BufferSize
Definition: mmc.h:75
BufferSize
_In_ WDFMEMORY _Out_opt_ size_t * BufferSize
Definition: wdfmemory.h:251
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

Referenced by NtAdjustPrivilegesToken(), NtCreateToken(), and NtPrivilegeCheck().

◆ SeCaptureSidAndAttributesArray()

NTSTATUS NTAPI SeCaptureSidAndAttributesArray ( _In_ PSID_AND_ATTRIBUTES  SrcSidAndAttributes,
_In_ ULONG  AttributeCount,
_In_ KPROCESSOR_MODE  PreviousMode,
_In_opt_ PVOID  AllocatedMem,
_In_ ULONG  AllocatedLength,
_In_ POOL_TYPE  PoolType,
_In_ BOOLEAN  CaptureIfKernel,
_Out_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes,
_Out_ PULONG  ResultLength 
)

Definition at line 354 of file sid.c.

364 {
365  ULONG ArraySize, RequiredLength, SidLength, i;
366  PSID_AND_ATTRIBUTES SidAndAttributes;
367  PUCHAR CurrentDest;
368  PISID Sid;
369  NTSTATUS Status;
370  PAGED_CODE();
371 
372  *CapturedSidAndAttributes = NULL;
373  *ResultLength = 0;
374 
375  if (AttributeCount == 0)
376  {
377  return STATUS_SUCCESS;
378  }
379 
380  if (AttributeCount > 0x1000)
381  {
382  return STATUS_INVALID_PARAMETER;
383  }
384 
385  if ((PreviousMode == KernelMode) && !CaptureIfKernel)
386  {
387  *CapturedSidAndAttributes = SrcSidAndAttributes;
388  return STATUS_SUCCESS;
389  }
390 
391  ArraySize = AttributeCount * sizeof(SID_AND_ATTRIBUTES);
392  RequiredLength = ALIGN_UP_BY(ArraySize, sizeof(ULONG));
393 
394  /* Check for user mode data */
395  if (PreviousMode != KernelMode)
396  {
397  _SEH2_TRY
398  {
399  /* First probe the whole array */
400  ProbeForRead(SrcSidAndAttributes, ArraySize, sizeof(ULONG));
401 
402  /* Loop the array elements */
403  for (i = 0; i < AttributeCount; i++)
404  {
405  /* Get the SID and probe the minimal structure */
406  Sid = SrcSidAndAttributes[i].Sid;
407  ProbeForRead(Sid, sizeof(*Sid), sizeof(ULONG));
408 
409  /* Verify that the SID is valid */
410  if (((Sid->Revision & 0xF) != SID_REVISION) ||
411  (Sid->SubAuthorityCount > SID_MAX_SUB_AUTHORITIES))
412  {
413  _SEH2_YIELD(return STATUS_INVALID_SID);
414  }
415 
416  /* Calculate the SID length and probe the full SID */
417  SidLength = RtlLengthRequiredSid(Sid->SubAuthorityCount);
418  ProbeForRead(Sid, SidLength, sizeof(ULONG));
419 
420  /* Add the aligned length to the required length */
421  RequiredLength += ALIGN_UP_BY(SidLength, sizeof(ULONG));
422  }
423  }
424  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
425  {
426  _SEH2_YIELD(return _SEH2_GetExceptionCode());
427  }
428  _SEH2_END;
429  }
430  else
431  {
432  /* Loop the array elements */
433  for (i = 0; i < AttributeCount; i++)
434  {
435  /* Get the SID and it's length */
436  Sid = SrcSidAndAttributes[i].Sid;
437  SidLength = RtlLengthRequiredSid(Sid->SubAuthorityCount);
438 
439  /* Add the aligned length to the required length */
440  RequiredLength += ALIGN_UP_BY(SidLength, sizeof(ULONG));
441  }
442  }
443 
444  /* Assume success */
445  Status = STATUS_SUCCESS;
446  *ResultLength = RequiredLength;
447 
448  /* Check if we have no buffer */
449  if (AllocatedMem == NULL)
450  {
451  /* Allocate a new buffer */
452  SidAndAttributes = ExAllocatePoolWithTag(PoolType,
453  RequiredLength,
454  TAG_SID_AND_ATTRIBUTES);
455  if (SidAndAttributes == NULL)
456  {
457  return STATUS_INSUFFICIENT_RESOURCES;
458  }
459  }
460  /* Otherwise check if the buffer is large enough */
461  else if (AllocatedLength >= RequiredLength)
462  {
463  /* Buffer is large enough, use it */
464  SidAndAttributes = AllocatedMem;
465  }
466  else
467  {
468  /* Buffer is too small, fail */
469  return STATUS_BUFFER_TOO_SMALL;
470  }
471 
472  *CapturedSidAndAttributes = SidAndAttributes;
473 
474  /* Check again for user mode */
475  if (PreviousMode != KernelMode)
476  {
477  _SEH2_TRY
478  {
479  /* The rest of the data starts after the array */
480  CurrentDest = (PUCHAR)SidAndAttributes;
481  CurrentDest += ALIGN_UP_BY(ArraySize, sizeof(ULONG));
482 
483  /* Loop the array elements */
484  for (i = 0; i < AttributeCount; i++)
485  {
486  /* Get the SID and it's length */
487  Sid = SrcSidAndAttributes[i].Sid;
488  SidLength = RtlLengthRequiredSid(Sid->SubAuthorityCount);
489 
490  /* Copy attributes */
491  SidAndAttributes[i].Attributes = SrcSidAndAttributes[i].Attributes;
492 
493  /* Copy the SID to the current destination address */
494  SidAndAttributes[i].Sid = (PSID)CurrentDest;
495  RtlCopyMemory(CurrentDest, SrcSidAndAttributes[i].Sid, SidLength);
496 
497  /* Sanity checks */
498  ASSERT(RtlLengthSid(SidAndAttributes[i].Sid) == SidLength);
499  ASSERT(RtlValidSid(SidAndAttributes[i].Sid));
500 
501  /* Update the current destination address */
502  CurrentDest += ALIGN_UP_BY(SidLength, sizeof(ULONG));
503  }
504  }
505  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
506  {
507  Status = _SEH2_GetExceptionCode();
508  }
509  _SEH2_END;
510  }
511  else
512  {
513  /* The rest of the data starts after the array */
514  CurrentDest = (PUCHAR)SidAndAttributes;
515  CurrentDest += ALIGN_UP_BY(ArraySize, sizeof(ULONG));
516 
517  /* Loop the array elements */
518  for (i = 0; i < AttributeCount; i++)
519  {
520  /* Get the SID and it's length */
521  Sid = SrcSidAndAttributes[i].Sid;
522  SidLength = RtlLengthRequiredSid(Sid->SubAuthorityCount);
523 
524  /* Copy attributes */
525  SidAndAttributes[i].Attributes = SrcSidAndAttributes[i].Attributes;
526 
527  /* Copy the SID to the current destination address */
528  SidAndAttributes[i].Sid = (PSID)CurrentDest;
529  RtlCopyMemory(CurrentDest, SrcSidAndAttributes[i].Sid, SidLength);
530 
531  /* Update the current destination address */
532  CurrentDest += ALIGN_UP_BY(SidLength, sizeof(ULONG));
533  }
534  }
535 
536  /* Check for failure */
537  if (!NT_SUCCESS(Status))
538  {
539  /* Check if we allocated a new array */
540  if (SidAndAttributes != AllocatedMem)
541  {
542  /* Free the array */
543  ExFreePoolWithTag(SidAndAttributes, TAG_SID_AND_ATTRIBUTES);
544  }
545 
546  /* Set returned address to NULL */
547  *CapturedSidAndAttributes = NULL ;
548  }
549 
550  return Status;
551 }
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_SID_AND_ATTRIBUTES::Sid
PSID Sid
Definition: setypes.h:478
_SID
Definition: ms-dtyp.idl:198
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
PUCHAR
unsigned char * PUCHAR
Definition: retypes.h:3
SID_REVISION
#define SID_REVISION
Definition: setypes.h:453
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
SID_MAX_SUB_AUTHORITIES
#define SID_MAX_SUB_AUTHORITIES
Definition: setypes.h:454
RtlLengthSid
ULONG NTAPI RtlLengthSid(IN PSID Sid_)
Definition: sid.c:150
Sid
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
STATUS_INVALID_SID
#define STATUS_INVALID_SID
Definition: ntstatus.h:356
RtlValidSid
BOOLEAN NTAPI RtlValidSid(IN PSID Sid_)
Definition: sid.c:21
Status
Status
Definition: gdiplustypes.h:24
TAG_SID_AND_ATTRIBUTES
#define TAG_SID_AND_ATTRIBUTES
Definition: sid.c:16
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
_SEH2_YIELD
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
ASSERT
#define ASSERT(a)
Definition: mode.c:45
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_SID_AND_ATTRIBUTES
Definition: setypes.h:474
SID_AND_ATTRIBUTES
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
PSID
struct _SID * PSID
Definition: eventlog.c:35
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
ProbeForRead
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
RtlLengthRequiredSid
ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
_SEH2_END
_SEH2_END
Definition: create.c:4400
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
_SID_AND_ATTRIBUTES::Attributes
$ULONG Attributes
Definition: setypes.h:480
RequiredLength
_In_ ULONG _Out_opt_ PULONG RequiredLength
Definition: wmifuncs.h:29
_SID::SubAuthorityCount
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
NULL
#define NULL
Definition: types.h:112
PoolType
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
ULONG
unsigned int ULONG
Definition: retypes.h:1
ALIGN_UP_BY
#define ALIGN_UP_BY(size, align)
Definition: GetWindowPlacement.c:13
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
ResultLength
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3776
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
_SID::Revision
BYTE Revision
Definition: ms-dtyp.idl:199
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

Referenced by NtCreateToken().

◆ SeCaptureSubjectContextEx()

VOID NTAPI SeCaptureSubjectContextEx ( IN PETHREAD  Thread,
IN PEPROCESS  Process,
OUT PSECURITY_SUBJECT_CONTEXT  SubjectContext 
)

Definition at line 266 of file access.c.

269 {
270  BOOLEAN CopyOnOpen, EffectiveOnly;
271 
272  PAGED_CODE();
273 
274  /* Save the unique ID */
275  SubjectContext->ProcessAuditId = Process->UniqueProcessId;
276 
277  /* Check if we have a thread */
278  if (!Thread)
279  {
280  /* We don't, so no token */
281  SubjectContext->ClientToken = NULL;
282  }
283  else
284  {
285  /* Get the impersonation token */
286  SubjectContext->ClientToken = PsReferenceImpersonationToken(Thread,
287  &CopyOnOpen,
288  &EffectiveOnly,
289  &SubjectContext->ImpersonationLevel);
290  }
291 
292  /* Get the primary token */
293  SubjectContext->PrimaryToken = PsReferencePrimaryToken(Process);
294 }
SubjectContext
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239
CopyOnOpen
_Out_ PBOOLEAN CopyOnOpen
Definition: psfuncs.h:154
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
Thread
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
PsReferencePrimaryToken
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
PsReferenceImpersonationToken
PACCESS_TOKEN NTAPI PsReferenceImpersonationToken(IN PETHREAD Thread, OUT PBOOLEAN CopyOnOpen, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:808
NULL
#define NULL
Definition: types.h:112
Process
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
EffectiveOnly
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:417
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

Referenced by SeCaptureSubjectContext(), and SeCreateAccessStateEx().

◆ SeCheckAuditPrivilege()

BOOLEAN NTAPI SeCheckAuditPrivilege ( _In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext,
_In_ KPROCESSOR_MODE  PreviousMode 
)

Definition at line 253 of file priv.c.

256 {
257  PRIVILEGE_SET PrivilegeSet;
258  BOOLEAN Result;
259  PAGED_CODE();
260 
261  /* Initialize the privilege set with the single privilege */
262  PrivilegeSet.PrivilegeCount = 1;
263  PrivilegeSet.Control = PRIVILEGE_SET_ALL_NECESSARY;
264  PrivilegeSet.Privilege[0].Luid = SeAuditPrivilege;
265  PrivilegeSet.Privilege[0].Attributes = 0;
266 
267  /* Check against the primary token! */
268  Result = SepPrivilegeCheck(SubjectContext->PrimaryToken,
269  &PrivilegeSet.Privilege[0],
270  1,
271  PRIVILEGE_SET_ALL_NECESSARY,
272  PreviousMode);
273 
274  if (PreviousMode != KernelMode)
275  {
276  SePrivilegedServiceAuditAlarm(NULL,
277  SubjectContext,
278  &PrivilegeSet,
279  Result);
280  }
281 
282  return Result;
283 }
SubjectContext
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239
_PRIVILEGE_SET
Definition: setypes.h:85
SeAuditPrivilege
const LUID SeAuditPrivilege
Definition: priv.c:38
_PRIVILEGE_SET::Control
$ULONG Control
Definition: setypes.h:87
_LUID_AND_ATTRIBUTES::Attributes
$ULONG Attributes
Definition: setypes.h:75
PRIVILEGE_SET_ALL_NECESSARY
#define PRIVILEGE_SET_ALL_NECESSARY
Definition: setypes.h:83
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
_PRIVILEGE_SET::PrivilegeCount
$ULONG PrivilegeCount
Definition: setypes.h:86
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
SepPrivilegeCheck
BOOLEAN NTAPI SepPrivilegeCheck(PTOKEN Token, PLUID_AND_ATTRIBUTES Privileges, ULONG PrivilegeCount, ULONG PrivilegeControl, KPROCESSOR_MODE PreviousMode)
Definition: priv.c:68
SePrivilegedServiceAuditAlarm
VOID NTAPI SePrivilegedServiceAuditAlarm(_In_opt_ PUNICODE_STRING ServiceName, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN AccessGranted)
Definition: audit.c:214
NULL
#define NULL
Definition: types.h:112
_PRIVILEGE_SET::Privilege
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]
Definition: setypes.h:88
_LUID_AND_ATTRIBUTES::Luid
LUID Luid
Definition: setypes.h:74
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

Referenced by NtCloseObjectAuditAlarm(), NtOpenObjectAuditAlarm(), NtPrivilegedServiceAuditAlarm(), and SepAccessCheckAndAuditAlarm().

◆ SeCheckPrivilegedObject()

BOOLEAN NTAPI SeCheckPrivilegedObject ( IN LUID  PrivilegeValue,
IN HANDLE  ObjectHandle,
IN ACCESS_MASK  DesiredAccess,
IN KPROCESSOR_MODE  PreviousMode 
)

Definition at line 556 of file priv.c.

560 {
561  SECURITY_SUBJECT_CONTEXT SubjectContext;
562  PRIVILEGE_SET Priv;
563  BOOLEAN Result;
564 
565  PAGED_CODE();
566 
567  SeCaptureSubjectContext(&SubjectContext);
568 
569  Priv.PrivilegeCount = 1;
570  Priv.Control = PRIVILEGE_SET_ALL_NECESSARY;
571  Priv.Privilege[0].Luid = PrivilegeValue;
572  Priv.Privilege[0].Attributes = SE_PRIVILEGE_ENABLED;
573 
574  Result = SePrivilegeCheck(&Priv, &SubjectContext, PreviousMode);
575  if (PreviousMode != KernelMode)
576  {
577 #if 0
578  SePrivilegeObjectAuditAlarm(ObjectHandle,
579  &SubjectContext,
580  DesiredAccess,
581  &PrivilegeValue,
582  Result,
583  PreviousMode);
584 #endif
585  }
586 
587  SeReleaseSubjectContext(&SubjectContext);
588 
589  return Result;
590 }
SeCaptureSubjectContext
VOID NTAPI SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:301
SubjectContext
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
SeReleaseSubjectContext
VOID NTAPI SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:360
_PRIVILEGE_SET
Definition: setypes.h:85
_PRIVILEGE_SET::Control
$ULONG Control
Definition: setypes.h:87
_LUID_AND_ATTRIBUTES::Attributes
$ULONG Attributes
Definition: setypes.h:75
SE_PRIVILEGE_ENABLED
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
PRIVILEGE_SET_ALL_NECESSARY
#define PRIVILEGE_SET_ALL_NECESSARY
Definition: setypes.h:83
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
_PRIVILEGE_SET::PrivilegeCount
$ULONG PrivilegeCount
Definition: setypes.h:86
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
SePrivilegeCheck
BOOLEAN NTAPI SePrivilegeCheck(PPRIVILEGE_SET Privileges, PSECURITY_SUBJECT_CONTEXT SubjectContext, KPROCESSOR_MODE PreviousMode)
Definition: priv.c:487
_SECURITY_SUBJECT_CONTEXT
Definition: setypes.h:189
_PRIVILEGE_SET::Privilege
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]
Definition: setypes.h:88
SePrivilegeObjectAuditAlarm
VOID NTAPI SePrivilegeObjectAuditAlarm(IN HANDLE Handle, IN PSECURITY_SUBJECT_CONTEXT SubjectContext, IN ACCESS_MASK DesiredAccess, IN PPRIVILEGE_SET Privileges, IN BOOLEAN AccessGranted, IN KPROCESSOR_MODE CurrentMode)
Definition: audit.c:845
_LUID_AND_ATTRIBUTES::Luid
LUID Luid
Definition: setypes.h:74
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

Referenced by NtSetInformationProcess().

◆ SeComputeQuotaInformationSize()

NTSTATUS NTAPI SeComputeQuotaInformationSize ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_Out_ PULONG  QuotaInfoSize 
)

Referenced by ObpCaptureObjectCreateInformation().

◆ SeCopyClientToken()

NTSTATUS NTAPI SeCopyClientToken ( IN PACCESS_TOKEN  Token,
IN SECURITY_IMPERSONATION_LEVEL  Level,
IN KPROCESSOR_MODE  PreviousMode,
OUT PACCESS_TOKEN NewToken 
)

Definition at line 1033 of file token.c.

1037 {
1038  NTSTATUS Status;
1039  OBJECT_ATTRIBUTES ObjectAttributes;
1040 
1041  PAGED_CODE();
1042 
1043  InitializeObjectAttributes(&ObjectAttributes,
1044  NULL,
1045  0,
1046  NULL,
1047  NULL);
1048 
1049  Status = SepDuplicateToken(Token,
1050  &ObjectAttributes,
1051  FALSE,
1052  TokenImpersonation,
1053  Level,
1054  PreviousMode,
1055  (PTOKEN*)NewToken);
1056 
1057  return Status;
1058 }
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
_OBJECT_ATTRIBUTES
Definition: umtypes.h:181
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
Level
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR Level
Definition: wmitypes.h:55
SepDuplicateToken
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Definition: token.c:681
FALSE
#define FALSE
Definition: types.h:117
Status
Status
Definition: gdiplustypes.h:24
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
NULL
#define NULL
Definition: types.h:112
InitializeObjectAttributes
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
_TOKEN
Definition: setypes.h:184
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

Referenced by SepCreateClientSecurity().

◆ SeCreateAccessStateEx()

NTSTATUS NTAPI SeCreateAccessStateEx ( IN PETHREAD  Thread,
IN PEPROCESS  Process,
IN OUT PACCESS_STATE  AccessState,
IN PAUX_ACCESS_DATA  AuxData,
IN ACCESS_MASK  Access,
IN PGENERIC_MAPPING  GenericMapping 
)

Definition at line 378 of file access.c.

384 {
385  ACCESS_MASK AccessMask = Access;
386  PTOKEN Token;
387  PAGED_CODE();
388 
389  /* Map the Generic Acess to Specific Access if we have a Mapping */
390  if ((Access & GENERIC_ACCESS) && (GenericMapping))
391  {
392  RtlMapGenericMask(&AccessMask, GenericMapping);
393  }
394 
395  /* Initialize the Access State */
396  RtlZeroMemory(AccessState, sizeof(ACCESS_STATE));
397  ASSERT(AccessState->SecurityDescriptor == NULL);
398  ASSERT(AccessState->PrivilegesAllocated == FALSE);
399 
400  /* Initialize and save aux data */
401  RtlZeroMemory(AuxData, sizeof(AUX_ACCESS_DATA));
402  AccessState->AuxData = AuxData;
403 
404  /* Capture the Subject Context */
405  SeCaptureSubjectContextEx(Thread,
406  Process,
407  &AccessState->SubjectSecurityContext);
408 
409  /* Set Access State Data */
410  AccessState->RemainingDesiredAccess = AccessMask;
411  AccessState->OriginalDesiredAccess = AccessMask;
412  ExAllocateLocallyUniqueId(&AccessState->OperationID);
413 
414  /* Get the Token to use */
415  Token = SeQuerySubjectContextToken(&AccessState->SubjectSecurityContext);
416 
417  /* Check for Travers Privilege */
418  if (Token->TokenFlags & TOKEN_HAS_TRAVERSE_PRIVILEGE)
419  {
420  /* Preserve the Traverse Privilege */
421  AccessState->Flags = TOKEN_HAS_TRAVERSE_PRIVILEGE;
422  }
423 
424  /* Set the Auxiliary Data */
425  AuxData->PrivilegeSet = (PPRIVILEGE_SET)((ULONG_PTR)AccessState +
426  FIELD_OFFSET(ACCESS_STATE,
427  Privileges));
428  if (GenericMapping) AuxData->GenericMapping = *GenericMapping;
429 
430  /* Return Sucess */
431  return STATUS_SUCCESS;
432 }
Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
GENERIC_ACCESS
#define GENERIC_ACCESS
Definition: wlx.c:26
TOKEN_HAS_TRAVERSE_PRIVILEGE
#define TOKEN_HAS_TRAVERSE_PRIVILEGE
Definition: setypes.h:1124
SeCaptureSubjectContextEx
VOID NTAPI SeCaptureSubjectContextEx(IN PETHREAD Thread, IN PEPROCESS Process, OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:266
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
FALSE
#define FALSE
Definition: types.h:117
_ACCESS_STATE
Definition: setypes.h:196
ASSERT
#define ASSERT(a)
Definition: mode.c:45
RtlMapGenericMask
VOID NTAPI RtlMapGenericMask(IN OUT PACCESS_MASK AccessMask, IN PGENERIC_MAPPING GenericMapping)
Definition: access.c:50
AccessMask
_In_ ACCESS_MASK AccessMask
Definition: exfuncs.h:186
Thread
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
Privileges
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
AccessState
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
SeQuerySubjectContextToken
#define SeQuerySubjectContextToken(SubjectContext)
Definition: sefuncs.h:583
GenericMapping
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
_AUX_ACCESS_DATA
Definition: setypes.h:218
PPRIVILEGE_SET
struct _PRIVILEGE_SET * PPRIVILEGE_SET
ExAllocateLocallyUniqueId
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:334
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
NULL
#define NULL
Definition: types.h:112
Process
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
_TOKEN
Definition: setypes.h:184
ACCESS_MASK
ULONG ACCESS_MASK
Definition: nt_native.h:40
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

Referenced by PspCreateProcess(), PspCreateThread(), and SeCreateAccessState().

◆ SeDeassignPrimaryToken()

VOID NTAPI SeDeassignPrimaryToken ( struct _EPROCESS Process)

Referenced by PspDeleteProcessSecurity().

◆ SeDefaultObjectMethod()

NTSTATUS NTAPI SeDefaultObjectMethod ( PVOID  Object,
SECURITY_OPERATION_CODE  OperationType,
PSECURITY_INFORMATION  SecurityInformation,
PSECURITY_DESCRIPTOR  NewSecurityDescriptor,
PULONG  ReturnLength,
PSECURITY_DESCRIPTOR OldSecurityDescriptor,
POOL_TYPE  PoolType,
PGENERIC_MAPPING  GenericMapping 
)

◆ SeDetailedAuditingWithToken()

BOOLEAN NTAPI SeDetailedAuditingWithToken ( IN PTOKEN  Token)

Definition at line 25 of file audit.c.

26 {
27  /* FIXME */
28  return FALSE;
29 }
FALSE
#define FALSE
Definition: types.h:117

Referenced by ObInitProcess(), PspCreateProcess(), and PspExitThread().

◆ SeExchangePrimaryToken()

NTSTATUS NTAPI SeExchangePrimaryToken ( _In_ PEPROCESS  Process,
_In_ PACCESS_TOKEN  NewAccessToken,
_Out_ PACCESS_TOKEN OldAccessToken 
)

Definition at line 474 of file token.c.

478 {
479  PTOKEN OldToken;
480  PTOKEN NewToken = (PTOKEN)NewAccessToken;
481 
482  PAGED_CODE();
483 
484  if (NewToken->TokenType != TokenPrimary)
485  return STATUS_BAD_TOKEN_TYPE;
486 
487  if (NewToken->TokenInUse)
488  {
489  BOOLEAN IsEqual;
490  NTSTATUS Status;
491 
492  /* Maybe we're trying to set the same token */
493  OldToken = PsReferencePrimaryToken(Process);
494  if (OldToken == NewToken)
495  {
496  /* So it's a nop. */
497  *OldAccessToken = OldToken;
498  return STATUS_SUCCESS;
499  }
500 
501  Status = SepCompareTokens(OldToken, NewToken, &IsEqual);
502  if (!NT_SUCCESS(Status))
503  {
504  PsDereferencePrimaryToken(OldToken);
505  *OldAccessToken = NULL;
506  return Status;
507  }
508 
509  if (!IsEqual)
510  {
511  PsDereferencePrimaryToken(OldToken);
512  *OldAccessToken = NULL;
513  return STATUS_TOKEN_ALREADY_IN_USE;
514  }
515  /* Silently return STATUS_SUCCESS but do not set the new token,
516  * as it's already in use elsewhere. */
517  *OldAccessToken = OldToken;
518  return STATUS_SUCCESS;
519  }
520 
521  /* Lock the new token */
522  SepAcquireTokenLockExclusive(NewToken);
523 
524  /* Mark new token in use */
525  NewToken->TokenInUse = TRUE;
526 
527  // TODO: Set a correct SessionId for NewToken
528 
529  /* Unlock the new token */
530  SepReleaseTokenLock(NewToken);
531 
532  /* Reference the new token */
533  ObReferenceObject(NewToken);
534 
535  /* Replace the old with the new */
536  OldToken = ObFastReplaceObject(&Process->Token, NewToken);
537 
538  /* Lock the old token */
539  SepAcquireTokenLockExclusive(OldToken);
540 
541  /* Mark the old token as free */
542  OldToken->TokenInUse = FALSE;
543 
544  /* Unlock the old token */
545  SepReleaseTokenLock(OldToken);
546 
547  *OldAccessToken = (PACCESS_TOKEN)OldToken;
548  return STATUS_SUCCESS;
549 }
_TOKEN::TokenType
TOKEN_TYPE TokenType
Definition: setypes.h:208
SepAcquireTokenLockExclusive
#define SepAcquireTokenLockExclusive(Token)
Definition: se.h:200
TRUE
#define TRUE
Definition: types.h:120
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
PACCESS_TOKEN
PVOID PACCESS_TOKEN
Definition: setypes.h:11
FALSE
#define FALSE
Definition: types.h:117
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
STATUS_BAD_TOKEN_TYPE
#define STATUS_BAD_TOKEN_TYPE
Definition: ntstatus.h:404
Status
Status
Definition: gdiplustypes.h:24
ObFastReplaceObject
PVOID FASTCALL ObFastReplaceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_TOKEN::TokenInUse
BOOLEAN TokenInUse
Definition: setypes.h:211
SepCompareTokens
static NTSTATUS SepCompareTokens(_In_ PTOKEN FirstToken, _In_ PTOKEN SecondToken, _Out_ PBOOLEAN Equal)
Compares tokens if they're equal based on all the following properties. If all of the said conditions...
Definition: token.c:298
STATUS_TOKEN_ALREADY_IN_USE
#define STATUS_TOKEN_ALREADY_IN_USE
Definition: ntstatus.h:535
SepReleaseTokenLock
#define SepReleaseTokenLock(Token)
Definition: se.h:211
PsReferencePrimaryToken
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
PTOKEN
struct _TOKEN * PTOKEN
NULL
#define NULL
Definition: types.h:112
PsDereferencePrimaryToken
VOID NTAPI PsDereferencePrimaryToken(IN PACCESS_TOKEN PrimaryToken)
Definition: security.c:861
Process
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
ObReferenceObject
#define ObReferenceObject
Definition: obfuncs.h:204
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
_TOKEN
Definition: setypes.h:184
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

Referenced by PspAssignPrimaryToken().

◆ SeFastTraverseCheck()

BOOLEAN NTAPI SeFastTraverseCheck ( IN PSECURITY_DESCRIPTOR  SecurityDescriptor,
IN PACCESS_STATE  AccessState,
IN ACCESS_MASK  DesiredAccess,
IN KPROCESSOR_MODE  AccessMode 
)

Definition at line 460 of file accesschk.c.

464 {
465  PACL Dacl;
466  ULONG AceIndex;
467  PKNOWN_ACE Ace;
468 
469  PAGED_CODE();
470 
471  ASSERT(AccessMode != KernelMode);
472 
473  if (SecurityDescriptor == NULL)
474  return FALSE;
475 
476  /* Get DACL */
477  Dacl = SepGetDaclFromDescriptor(SecurityDescriptor);
478  /* If no DACL, grant access */
479  if (Dacl == NULL)
480  return TRUE;
481 
482  /* No ACE -> Deny */
483  if (!Dacl->AceCount)
484  return FALSE;
485 
486  /* Can't perform the check on restricted token */
487  if (AccessState->Flags & TOKEN_IS_RESTRICTED)
488  return FALSE;
489 
490  /* Browse the ACEs */
491  for (AceIndex = 0, Ace = (PKNOWN_ACE)((ULONG_PTR)Dacl + sizeof(ACL));
492  AceIndex < Dacl->AceCount;
493  AceIndex++, Ace = (PKNOWN_ACE)((ULONG_PTR)Ace + Ace->Header.AceSize))
494  {
495  if (Ace->Header.AceFlags & INHERIT_ONLY_ACE)
496  continue;
497 
498  /* If access-allowed ACE */
499  if (Ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE)
500  {
501  /* Check if all accesses are granted */
502  if (!(Ace->Mask & DesiredAccess))
503  continue;
504 
505  /* Check SID and grant access if matching */
506  if (RtlEqualSid(SeWorldSid, &(Ace->SidStart)))
507  return TRUE;
508  }
509  /* If access-denied ACE */
510  else if (Ace->Header.AceType == ACCESS_DENIED_ACE_TYPE)
511  {
512  /* Here, only check if it denies any access wanted and deny if so */
513  if (Ace->Mask & DesiredAccess)
514  return FALSE;
515  }
516  }
517 
518  /* Faulty, deny */
519  return FALSE;
520 }
PKNOWN_ACE
struct _KNOWN_ACE * PKNOWN_ACE
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
_KNOWN_ACE
Definition: se.h:3
TRUE
#define TRUE
Definition: types.h:120
SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_ACL
Definition: ms-dtyp.idl:293
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
FALSE
#define FALSE
Definition: types.h:117
AccessMode
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
Ace
Definition: card.h:12
ASSERT
#define ASSERT(a)
Definition: mode.c:45
ACCESS_ALLOWED_ACE_TYPE
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:685
ACCESS_DENIED_ACE_TYPE
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:686
AccessState
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
Dacl
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1552
AceIndex
_In_ ULONG AceIndex
Definition: rtlfuncs.h:1864
SeWorldSid
PSID SeWorldSid
Definition: sid.c:27
SepGetDaclFromDescriptor
FORCEINLINE PACL SepGetDaclFromDescriptor(PVOID _Descriptor)
Definition: se.h:67
NULL
#define NULL
Definition: types.h:112
ULONG
unsigned int ULONG
Definition: retypes.h:1
INHERIT_ONLY_ACE
#define INHERIT_ONLY_ACE
Definition: setypes.h:717
RtlEqualSid
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
TOKEN_IS_RESTRICTED
#define TOKEN_IS_RESTRICTED
Definition: setypes.h:1129
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

Referenced by IopParseDevice(), and ObpCheckTraverseAccess().

◆ SeGetLogonIdDeviceMap()

NTSTATUS NTAPI SeGetLogonIdDeviceMap ( IN PLUID  LogonId,
OUT PDEVICE_MAP DeviceMap 
)

Definition at line 966 of file srm.c.

970 {
971  NTSTATUS Status;
972  WCHAR Buffer[63];
973  PDEVICE_MAP LocalMap;
974  HANDLE DirectoryHandle, LinkHandle;
975  OBJECT_ATTRIBUTES ObjectAttributes;
976  PSEP_LOGON_SESSION_REFERENCES CurrentSession;
977  UNICODE_STRING DirectoryName, LinkName, TargetName;
978 
979  PAGED_CODE();
980 
981  if (LogonId == NULL ||
982  DeviceMap == NULL)
983  {
984  return STATUS_INVALID_PARAMETER;
985  }
986 
987  /* Acquire the database lock */
988  KeAcquireGuardedMutex(&SepRmDbLock);
989 
990  /* Loop all existing sessions */
991  for (CurrentSession = SepLogonSessions;
992  CurrentSession != NULL;
993  CurrentSession = CurrentSession->Next)
994  {
995  /* Check if the LUID matches the provided one */
996  if (RtlEqualLuid(&CurrentSession->LogonId, LogonId))
997  {
998  break;
999  }
1000  }
1001 
1002  /* No session found, fail */
1003  if (CurrentSession == NULL)
1004  {
1005  /* Release the database lock */
1006  KeReleaseGuardedMutex(&SepRmDbLock);
1007 
1008  return STATUS_NO_SUCH_LOGON_SESSION;
1009  }
1010 
1011  /* The found session has a device map, return it! */
1012  if (CurrentSession->pDeviceMap != NULL)
1013  {
1014  *DeviceMap = CurrentSession->pDeviceMap;
1015 
1016  /* Release the database lock */
1017  KeReleaseGuardedMutex(&SepRmDbLock);
1018 
1019  return STATUS_SUCCESS;
1020  }
1021 
1022  /* At that point, we'll setup a new device map for the session */
1023  LocalMap = NULL;
1024 
1025  /* Reference the session so that it doesn't go away */
1026  CurrentSession->ReferenceCount += 1;
1027 
1028  /* Release the database lock */
1029  KeReleaseGuardedMutex(&SepRmDbLock);
1030 
1031  /* Create our object directory given the LUID */
1032  _snwprintf(Buffer,
1033  sizeof(Buffer) / sizeof(WCHAR),
1034  L"\\Sessions\\0\\DosDevices\\%08x-%08x",
1035  LogonId->HighPart,
1036  LogonId->LowPart);
1037  RtlInitUnicodeString(&DirectoryName, Buffer);
1038 
1039  InitializeObjectAttributes(&ObjectAttributes,
1040  &DirectoryName,
1041  OBJ_KERNEL_HANDLE | OBJ_OPENIF | OBJ_CASE_INSENSITIVE,
1042  NULL,
1043  NULL);
1044  Status = ZwCreateDirectoryObject(&DirectoryHandle,
1045  DIRECTORY_ALL_ACCESS,
1046  &ObjectAttributes);
1047  if (NT_SUCCESS(Status))
1048  {
1049  /* Create the associated device map */
1050  Status = ObSetDirectoryDeviceMap(&LocalMap, DirectoryHandle);
1051  if (NT_SUCCESS(Status))
1052  {
1053  /* Make Global point to \Global?? in the directory */
1054  RtlInitUnicodeString(&LinkName, L"Global");
1055  RtlInitUnicodeString(&TargetName, L"\\Global??");
1056 
1057  InitializeObjectAttributes(&ObjectAttributes,
1058  &LinkName,
1059  OBJ_KERNEL_HANDLE | OBJ_OPENIF | OBJ_CASE_INSENSITIVE | OBJ_PERMANENT,
1060  DirectoryHandle,
1061  NULL);
1062  Status = ZwCreateSymbolicLinkObject(&LinkHandle,
1063  SYMBOLIC_LINK_ALL_ACCESS,
1064  &ObjectAttributes,
1065  &TargetName);
1066  if (!NT_SUCCESS(Status))
1067  {
1068  ObfDereferenceDeviceMap(LocalMap);
1069  }
1070  else
1071  {
1072  ZwClose(LinkHandle);
1073  }
1074  }
1075 
1076  ZwClose(DirectoryHandle);
1077  }
1078 
1079  /* Acquire the database lock */
1080  KeAcquireGuardedMutex(&SepRmDbLock);
1081 
1082  /* If we succeed... */
1083  if (NT_SUCCESS(Status))
1084  {
1085  /* The session now has a device map? We raced with someone else */
1086  if (CurrentSession->pDeviceMap != NULL)
1087  {
1088  /* Give up on our new device map */
1089  ObfDereferenceDeviceMap(LocalMap);
1090  }
1091  /* Otherwise use our newly allocated device map */
1092  else
1093  {
1094  CurrentSession->pDeviceMap = LocalMap;
1095  }
1096 
1097  /* Return the device map */
1098  *DeviceMap = CurrentSession->pDeviceMap;
1099  }
1100  /* Zero output */
1101  else
1102  {
1103  *DeviceMap = NULL;
1104  }
1105 
1106  /* Release the database lock */
1107  KeReleaseGuardedMutex(&SepRmDbLock);
1108 
1109  /* We're done with the session */
1110  SepRmDereferenceLogonSession(&CurrentSession->LogonId);
1111 
1112  return Status;
1113 }
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
OBJ_CASE_INSENSITIVE
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
KeAcquireGuardedMutex
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
STATUS_NO_SUCH_LOGON_SESSION
#define STATUS_NO_SUCH_LOGON_SESSION
Definition: ntstatus.h:331
_OBJECT_ATTRIBUTES
Definition: umtypes.h:181
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
ZwClose
NTSYSAPI NTSTATUS NTAPI ZwClose(_In_ HANDLE Handle)
ObfDereferenceDeviceMap
VOID FASTCALL ObfDereferenceDeviceMap(IN PDEVICE_MAP DeviceMap)
Definition: devicemap.c:477
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
DirectoryHandle
static HANDLE DirectoryHandle
Definition: ObType.c:48
OBJ_KERNEL_HANDLE
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
SYMBOLIC_LINK_ALL_ACCESS
#define SYMBOLIC_LINK_ALL_ACCESS
Definition: nt_native.h:1267
OBJ_OPENIF
#define OBJ_OPENIF
Definition: winternl.h:229
RtlEqualLuid
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
ObSetDirectoryDeviceMap
NTSTATUS NTAPI ObSetDirectoryDeviceMap(OUT PDEVICE_MAP *DeviceMap, IN HANDLE DirectoryHandle)
Definition: devicemap.c:149
_SEP_LOGON_SESSION_REFERENCES::LogonId
LUID LogonId
Definition: srm.c:28
ZwCreateDirectoryObject
NTSYSAPI NTSTATUS NTAPI ZwCreateDirectoryObject(_Out_ PHANDLE DirectoryHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
_snwprintf
int _snwprintf(wchar_t *buffer, size_t count, const wchar_t *format,...)
_DEVICE_MAP
Definition: obtypes.h:523
Buffer
Definition: bufpool.h:45
Status
Status
Definition: gdiplustypes.h:24
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
ZwCreateSymbolicLinkObject
NTSYSAPI NTSTATUS NTAPI ZwCreateSymbolicLinkObject(_Out_ PHANDLE SymbolicLinkHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PUNICODE_STRING Name)
_SEP_LOGON_SESSION_REFERENCES::Next
struct _SEP_LOGON_SESSION_REFERENCES * Next
Definition: srm.c:27
L
static const WCHAR L[]
Definition: oid.c:1250
OBJ_PERMANENT
#define OBJ_PERMANENT
Definition: winternl.h:226
TargetName
WCHAR TargetName[256]
Definition: arping.c:27
_SEP_LOGON_SESSION_REFERENCES::pDeviceMap
PDEVICE_MAP pDeviceMap
Definition: srm.c:31
_UNICODE_STRING
Definition: env_spec_w32.h:368
_SEP_LOGON_SESSION_REFERENCES
Definition: srm.c:25
DIRECTORY_ALL_ACCESS
#define DIRECTORY_ALL_ACCESS
Definition: nt_native.h:1259
SepLogonSessions
PSEP_LOGON_SESSION_REFERENCES SepLogonSessions
Definition: srm.c:71
_SEP_LOGON_SESSION_REFERENCES::ReferenceCount
ULONG ReferenceCount
Definition: srm.c:29
NULL
#define NULL
Definition: types.h:112
LogonId
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
Definition: ntifs.template.h:711
KeReleaseGuardedMutex
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
RtlInitUnicodeString
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
InitializeObjectAttributes
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
SepRmDereferenceLogonSession
NTSTATUS SepRmDereferenceLogonSession(PLUID LogonLuid)
Definition: srm.c:664
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89
SepRmDbLock
KGUARDED_MUTEX SepRmDbLock
Definition: srm.c:70

Referenced by ObpReferenceDeviceMap(), and ObpSetCurrentProcessDeviceMap().

◆ SeInitializeProcessAuditName()

NTSTATUS NTAPI SeInitializeProcessAuditName ( IN PFILE_OBJECT  FileObject,
IN BOOLEAN  DoAudit,
OUT POBJECT_NAME_INFORMATION AuditInfo 
)

Definition at line 47 of file audit.c.

50 {
51  OBJECT_NAME_INFORMATION LocalNameInfo;
52  POBJECT_NAME_INFORMATION ObjectNameInfo = NULL;
53  ULONG ReturnLength = 8;
54  NTSTATUS Status;
55 
56  PAGED_CODE();
57  ASSERT(AuditInfo);
58 
59  /* Check if we should do auditing */
60  if (DoAudit)
61  {
62  /* FIXME: TODO */
63  }
64 
65  /* Now query the name */
66  Status = ObQueryNameString(FileObject,
67  &LocalNameInfo,
68  sizeof(LocalNameInfo),
69  &ReturnLength);
70  if (((Status == STATUS_BUFFER_OVERFLOW) ||
71  (Status == STATUS_BUFFER_TOO_SMALL) ||
72  (Status == STATUS_INFO_LENGTH_MISMATCH)) &&
73  (ReturnLength != sizeof(LocalNameInfo)))
74  {
75  /* Allocate required size */
76  ObjectNameInfo = ExAllocatePoolWithTag(NonPagedPool,
77  ReturnLength,
78  TAG_SEPA);
79  if (ObjectNameInfo)
80  {
81  /* Query the name again */
82  Status = ObQueryNameString(FileObject,
83  ObjectNameInfo,
84  ReturnLength,
85  &ReturnLength);
86  }
87  }
88 
89  /* Check if we got here due to failure */
90  if ((ObjectNameInfo) &&
91  (!(NT_SUCCESS(Status)) || (ReturnLength == sizeof(LocalNameInfo))))
92  {
93  /* First, free any buffer we might've allocated */
94  ASSERT(FALSE);
95  if (ObjectNameInfo) ExFreePool(ObjectNameInfo);
96 
97  /* Now allocate a temporary one */
98  ReturnLength = sizeof(OBJECT_NAME_INFORMATION);
99  ObjectNameInfo = ExAllocatePoolWithTag(NonPagedPool,
100  sizeof(OBJECT_NAME_INFORMATION),
101  TAG_SEPA);
102  if (ObjectNameInfo)
103  {
104  /* Clear it */
105  RtlZeroMemory(ObjectNameInfo, ReturnLength);
106  Status = STATUS_SUCCESS;
107  }
108  }
109 
110  /* Check if memory allocation failed */
111  if (!ObjectNameInfo) Status = STATUS_NO_MEMORY;
112 
113  /* Return the audit name */
114  *AuditInfo = ObjectNameInfo;
115 
116  /* Return status */
117  return Status;
118 }
ReturnLength
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:39
STATUS_INFO_LENGTH_MISMATCH
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
ObQueryNameString
NTSTATUS NTAPI ObQueryNameString(IN PVOID Object, OUT POBJECT_NAME_INFORMATION ObjectNameInfo, IN ULONG Length, OUT PULONG ReturnLength)
Definition: obname.c:1209
_OBJECT_NAME_INFORMATION
Definition: nt_native.h:1269
STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
FALSE
#define FALSE
Definition: types.h:117
OBJECT_NAME_INFORMATION
struct _OBJECT_NAME_INFORMATION OBJECT_NAME_INFORMATION
FileObject
_In_ WDFREQUEST _In_ WDFFILEOBJECT FileObject
Definition: wdfdevice.h:547
Status
Status
Definition: gdiplustypes.h:24
ASSERT
#define ASSERT(a)
Definition: mode.c:45
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
STATUS_BUFFER_OVERFLOW
#define STATUS_BUFFER_OVERFLOW
Definition: shellext.h:66
STATUS_NO_MEMORY
#define STATUS_NO_MEMORY
Definition: ntstatus.h:260
NULL
#define NULL
Definition: types.h:112
ULONG
unsigned int ULONG
Definition: retypes.h:1
RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
TAG_SEPA
#define TAG_SEPA
Definition: tag.h:191
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
ExFreePool
#define ExFreePool(addr)
Definition: env_spec_w32.h:352
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

Referenced by MmInitializeProcessAddressSpace(), and SeLocateProcessImageName().

◆ SeInitSystem()

BOOLEAN NTAPI SeInitSystem ( VOID  )

Definition at line 239 of file semgr.c.

240 {
241  /* Check the initialization phase */
242  switch (ExpInitializationPhase)
243  {
244  case 0:
245 
246  /* Do Phase 0 */
247  return SepInitializationPhase0();
248 
249  case 1:
250 
251  /* Do Phase 1 */
252  return SepInitializationPhase1();
253 
254  default:
255 
256  /* Don't know any other phase! Bugcheck! */
257  KeBugCheckEx(UNEXPECTED_INITIALIZATION_CALL,
258  0,
259  ExpInitializationPhase,
260  0,
261  0);
262  return FALSE;
263  }
264 }
SepInitializationPhase0
BOOLEAN NTAPI SepInitializationPhase0(VOID)
Definition: semgr.c:96
FALSE
#define FALSE
Definition: types.h:117
ExpInitializationPhase
ULONG ExpInitializationPhase
Definition: init.c:66
SepInitializationPhase1
BOOLEAN NTAPI SepInitializationPhase1(VOID)
Definition: semgr.c:131
KeBugCheckEx
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
Definition: rtlcompat.c:108

Referenced by ExpInitializeExecutive(), and Phase1InitializationDiscard().

◆ SeIsTokenChild()

NTSTATUS NTAPI SeIsTokenChild ( IN PTOKEN  Token,
OUT PBOOLEAN  IsChild 
)

Definition at line 961 of file token.c.

963 {
964  PTOKEN ProcessToken;
965  LUID ProcessTokenId, CallerParentId;
966 
967  /* Assume failure */
968  *IsChild = FALSE;
969 
970  /* Reference the process token */
971  ProcessToken = PsReferencePrimaryToken(PsGetCurrentProcess());
972  if (!ProcessToken)
973  return STATUS_UNSUCCESSFUL;
974 
975  /* Get its token ID */
976  ProcessTokenId = ProcessToken->TokenId;
977 
978  /* Dereference the token */
979  ObFastDereferenceObject(&PsGetCurrentProcess()->Token, ProcessToken);
980 
981  /* Get our parent token ID */
982  CallerParentId = Token->ParentTokenId;
983 
984  /* Compare the token IDs */
985  if (RtlEqualLuid(&CallerParentId, &ProcessTokenId))
986  *IsChild = TRUE;
987 
988  /* Return success */
989  return STATUS_SUCCESS;
990 }
TRUE
#define TRUE
Definition: types.h:120
Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
FALSE
#define FALSE
Definition: types.h:117
_LUID
Definition: devicetopology.idl:136
RtlEqualLuid
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
PsGetCurrentProcess
#define PsGetCurrentProcess
Definition: psfuncs.h:17
STATUS_UNSUCCESSFUL
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
PsReferencePrimaryToken
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
_TOKEN::TokenId
LUID TokenId
Definition: setypes.h:187
IsChild
BOOL WINAPI IsChild(_In_ HWND, _In_ HWND)
ObFastDereferenceObject
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:169
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
_TOKEN
Definition: setypes.h:184

Referenced by PspSetPrimaryToken().

◆ SeIsTokenSibling()

NTSTATUS NTAPI SeIsTokenSibling ( IN PTOKEN  Token,
OUT PBOOLEAN  IsSibling 
)

Definition at line 994 of file token.c.

996 {
997  PTOKEN ProcessToken;
998  LUID ProcessParentId, ProcessAuthId;
999  LUID CallerParentId, CallerAuthId;
1000 
1001  /* Assume failure */
1002  *IsSibling = FALSE;
1003 
1004  /* Reference the process token */
1005  ProcessToken = PsReferencePrimaryToken(PsGetCurrentProcess());
1006  if (!ProcessToken)
1007  return STATUS_UNSUCCESSFUL;
1008 
1009  /* Get its parent and authentication IDs */
1010  ProcessParentId = ProcessToken->ParentTokenId;
1011  ProcessAuthId = ProcessToken->AuthenticationId;
1012 
1013  /* Dereference the token */
1014  ObFastDereferenceObject(&PsGetCurrentProcess()->Token, ProcessToken);
1015 
1016  /* Get our parent and authentication IDs */
1017  CallerParentId = Token->ParentTokenId;
1018  CallerAuthId = Token->AuthenticationId;
1019 
1020  /* Compare the token IDs */
1021  if (RtlEqualLuid(&CallerParentId, &ProcessParentId) &&
1022  RtlEqualLuid(&CallerAuthId, &ProcessAuthId))
1023  {
1024  *IsSibling = TRUE;
1025  }
1026 
1027  /* Return success */
1028  return STATUS_SUCCESS;
1029 }
TRUE
#define TRUE
Definition: types.h:120
_TOKEN::AuthenticationId
LUID AuthenticationId
Definition: setypes.h:188
Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
FALSE
#define FALSE
Definition: types.h:117
_LUID
Definition: devicetopology.idl:136
RtlEqualLuid
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
PsGetCurrentProcess
#define PsGetCurrentProcess
Definition: psfuncs.h:17
_TOKEN::ParentTokenId
LUID ParentTokenId
Definition: setypes.h:189
STATUS_UNSUCCESSFUL
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
PsReferencePrimaryToken
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
ObFastDereferenceObject
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:169
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
_TOKEN
Definition: setypes.h:184

Referenced by PspSetPrimaryToken().

◆ SepCaptureAcl()

NTSTATUS NTAPI SepCaptureAcl ( IN PACL  InputAcl,
IN KPROCESSOR_MODE  AccessMode,
IN POOL_TYPE  PoolType,
IN BOOLEAN  CaptureIfKernel,
OUT PACL CapturedAcl 
)

Definition at line 273 of file acl.c.

278 {
279  PACL NewAcl;
280  ULONG AclSize = 0;
281  NTSTATUS Status = STATUS_SUCCESS;
282 
283  PAGED_CODE();
284 
285  if (AccessMode != KernelMode)
286  {
287  _SEH2_TRY
288  {
289  ProbeForRead(InputAcl,
290  sizeof(ACL),
291  sizeof(ULONG));
292  AclSize = InputAcl->AclSize;
293  ProbeForRead(InputAcl,
294  AclSize,
295  sizeof(ULONG));
296  }
297  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
298  {
299  /* Return the exception code */
300  _SEH2_YIELD(return _SEH2_GetExceptionCode());
301  }
302  _SEH2_END;
303 
304  NewAcl = ExAllocatePoolWithTag(PoolType,
305  AclSize,
306  TAG_ACL);
307  if (NewAcl != NULL)
308  {
309  _SEH2_TRY
310  {
311  RtlCopyMemory(NewAcl,
312  InputAcl,
313  AclSize);
314 
315  *CapturedAcl = NewAcl;
316  }
317  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
318  {
319  /* Free the ACL and return the exception code */
320  ExFreePoolWithTag(NewAcl, TAG_ACL);
321  _SEH2_YIELD(return _SEH2_GetExceptionCode());
322  }
323  _SEH2_END;
324  }
325  else
326  {
327  Status = STATUS_INSUFFICIENT_RESOURCES;
328  }
329  }
330  else if (!CaptureIfKernel)
331  {
332  *CapturedAcl = InputAcl;
333  }
334  else
335  {
336  AclSize = InputAcl->AclSize;
337 
338  NewAcl = ExAllocatePoolWithTag(PoolType,
339  AclSize,
340  TAG_ACL);
341 
342  if (NewAcl != NULL)
343  {
344  RtlCopyMemory(NewAcl,
345  InputAcl,
346  AclSize);
347 
348  *CapturedAcl = NewAcl;
349  }
350  else
351  {
352  Status = STATUS_INSUFFICIENT_RESOURCES;
353  }
354  }
355 
356  return Status;
357 }
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_ACL
Definition: ms-dtyp.idl:293
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
AccessMode
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
Status
Status
Definition: gdiplustypes.h:24
_SEH2_YIELD
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
ProbeForRead
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
TAG_ACL
#define TAG_ACL
Definition: tag.h:174
_SEH2_END
_SEH2_END
Definition: create.c:4400
NULL
#define NULL
Definition: types.h:112
PoolType
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
ULONG
unsigned int ULONG
Definition: retypes.h:1
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

Referenced by NtCreateToken(), and NtSetInformationToken().

◆ SepCaptureSecurityQualityOfService()

NTSTATUS NTAPI SepCaptureSecurityQualityOfService ( IN POBJECT_ATTRIBUTES ObjectAttributes  OPTIONAL,
IN KPROCESSOR_MODE  AccessMode,
IN POOL_TYPE  PoolType,
IN BOOLEAN  CaptureIfKernel,
OUT PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService,
OUT PBOOLEAN  Present 
)

Definition at line 207 of file sd.c.

213 {
214  PSECURITY_QUALITY_OF_SERVICE CapturedQos;
215  NTSTATUS Status = STATUS_SUCCESS;
216 
217  PAGED_CODE();
218 
219  ASSERT(CapturedSecurityQualityOfService);
220  ASSERT(Present);
221 
222  if (ObjectAttributes != NULL)
223  {
224  if (AccessMode != KernelMode)
225  {
226  SECURITY_QUALITY_OF_SERVICE SafeQos;
227 
228  _SEH2_TRY
229  {
230  ProbeForRead(ObjectAttributes,
231  sizeof(OBJECT_ATTRIBUTES),
232  sizeof(ULONG));
233  if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
234  {
235  if (ObjectAttributes->SecurityQualityOfService != NULL)
236  {
237  ProbeForRead(ObjectAttributes->SecurityQualityOfService,
238  sizeof(SECURITY_QUALITY_OF_SERVICE),
239  sizeof(ULONG));
240 
241  if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
242  sizeof(SECURITY_QUALITY_OF_SERVICE))
243  {
244  /*
245  * Don't allocate memory here because ExAllocate should bugcheck
246  * the system if it's buggy, SEH would catch that! So make a local
247  * copy of the qos structure.
248  */
249  RtlCopyMemory(&SafeQos,
250  ObjectAttributes->SecurityQualityOfService,
251  sizeof(SECURITY_QUALITY_OF_SERVICE));
252  *Present = TRUE;
253  }
254  else
255  {
256  Status = STATUS_INVALID_PARAMETER;
257  }
258  }
259  else
260  {
261  *CapturedSecurityQualityOfService = NULL;
262  *Present = FALSE;
263  }
264  }
265  else
266  {
267  Status = STATUS_INVALID_PARAMETER;
268  }
269  }
270  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
271  {
272  Status = _SEH2_GetExceptionCode();
273  }
274  _SEH2_END;
275 
276  if (NT_SUCCESS(Status))
277  {
278  if (*Present)
279  {
280  CapturedQos = ExAllocatePoolWithTag(PoolType,
281  sizeof(SECURITY_QUALITY_OF_SERVICE),
282  TAG_QOS);
283  if (CapturedQos != NULL)
284  {
285  RtlCopyMemory(CapturedQos,
286  &SafeQos,
287  sizeof(SECURITY_QUALITY_OF_SERVICE));
288  *CapturedSecurityQualityOfService = CapturedQos;
289  }
290  else
291  {
292  Status = STATUS_INSUFFICIENT_RESOURCES;
293  }
294  }
295  else
296  {
297  *CapturedSecurityQualityOfService = NULL;
298  }
299  }
300  }
301  else
302  {
303  if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
304  {
305  if (CaptureIfKernel)
306  {
307  if (ObjectAttributes->SecurityQualityOfService != NULL)
308  {
309  if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
310  sizeof(SECURITY_QUALITY_OF_SERVICE))
311  {
312  CapturedQos = ExAllocatePoolWithTag(PoolType,
313  sizeof(SECURITY_QUALITY_OF_SERVICE),
314  TAG_QOS);
315  if (CapturedQos != NULL)
316  {
317  RtlCopyMemory(CapturedQos,
318  ObjectAttributes->SecurityQualityOfService,
319  sizeof(SECURITY_QUALITY_OF_SERVICE));
320  *CapturedSecurityQualityOfService = CapturedQos;
321  *Present = TRUE;
322  }
323  else
324  {
325  Status = STATUS_INSUFFICIENT_RESOURCES;
326  }
327  }
328  else
329  {
330  Status = STATUS_INVALID_PARAMETER;
331  }
332  }
333  else
334  {
335  *CapturedSecurityQualityOfService = NULL;
336  *Present = FALSE;
337  }
338  }
339  else
340  {
341  *CapturedSecurityQualityOfService = (PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService;
342  *Present = (ObjectAttributes->SecurityQualityOfService != NULL);
343  }
344  }
345  else
346  {
347  Status = STATUS_INVALID_PARAMETER;
348  }
349  }
350  }
351  else
352  {
353  *CapturedSecurityQualityOfService = NULL;
354  *Present = FALSE;
355  }
356 
357  return Status;
358 }
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
TRUE
#define TRUE
Definition: types.h:120
_OBJECT_ATTRIBUTES
Definition: umtypes.h:181
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
_UNICODE_STRING::Length
USHORT Length
Definition: env_spec_w32.h:369
PSECURITY_QUALITY_OF_SERVICE
struct _SECURITY_QUALITY_OF_SERVICE * PSECURITY_QUALITY_OF_SERVICE
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
FALSE
#define FALSE
Definition: types.h:117
AccessMode
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
Status
Status
Definition: gdiplustypes.h:24
ASSERT
#define ASSERT(a)
Definition: mode.c:45
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_SECURITY_QUALITY_OF_SERVICE
Definition: lsa.idl:63
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
ProbeForRead
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
_SEH2_END
_SEH2_END
Definition: create.c:4400
NULL
#define NULL
Definition: types.h:112
PoolType
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
ULONG
unsigned int ULONG
Definition: retypes.h:1
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
TAG_QOS
#define TAG_QOS
Definition: tag.h:177
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

Referenced by NtDuplicateToken().

◆ SepCaptureSid()

NTSTATUS NTAPI SepCaptureSid ( IN PSID  InputSid,
IN KPROCESSOR_MODE  AccessMode,
IN POOL_TYPE  PoolType,
IN BOOLEAN  CaptureIfKernel,
OUT PSID CapturedSid 
)

Definition at line 270 of file sid.c.

275 {
276  ULONG SidSize = 0;
277  PISID NewSid, Sid = (PISID)InputSid;
278 
279  PAGED_CODE();
280 
281  if (AccessMode != KernelMode)
282  {
283  _SEH2_TRY
284  {
285  ProbeForRead(Sid, FIELD_OFFSET(SID, SubAuthority), sizeof(UCHAR));
286  SidSize = RtlLengthRequiredSid(Sid->SubAuthorityCount);
287  ProbeForRead(Sid, SidSize, sizeof(UCHAR));
288  }
289  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
290  {
291  /* Return the exception code */
292  _SEH2_YIELD(return _SEH2_GetExceptionCode());
293  }
294  _SEH2_END;
295 
296  /* Allocate a SID and copy it */
297  NewSid = ExAllocatePoolWithTag(PoolType, SidSize, TAG_SID);
298  if (!NewSid)
299  return STATUS_INSUFFICIENT_RESOURCES;
300 
301  _SEH2_TRY
302  {
303  RtlCopyMemory(NewSid, Sid, SidSize);
304 
305  *CapturedSid = NewSid;
306  }
307  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
308  {
309  /* Free the SID and return the exception code */
310  ExFreePoolWithTag(NewSid, TAG_SID);
311  _SEH2_YIELD(return _SEH2_GetExceptionCode());
312  }
313  _SEH2_END;
314  }
315  else if (!CaptureIfKernel)
316  {
317  *CapturedSid = InputSid;
318  }
319  else
320  {
321  SidSize = RtlLengthRequiredSid(Sid->SubAuthorityCount);
322 
323  /* Allocate a SID and copy it */
324  NewSid = ExAllocatePoolWithTag(PoolType, SidSize, TAG_SID);
325  if (NewSid == NULL)
326  return STATUS_INSUFFICIENT_RESOURCES;
327 
328  RtlCopyMemory(NewSid, Sid, SidSize);
329 
330  *CapturedSid = NewSid;
331  }
332 
333  return STATUS_SUCCESS;
334 }
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_SID
Definition: ms-dtyp.idl:198
TAG_SID
#define TAG_SID
Definition: sid.c:15
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
PISID
struct _SID * PISID
AccessMode
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
Sid
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
_SEH2_YIELD
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
UCHAR
unsigned char UCHAR
Definition: xmlstorage.h:181
ProbeForRead
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
RtlLengthRequiredSid
ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
_SEH2_END
_SEH2_END
Definition: create.c:4400
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
_SID::SubAuthorityCount
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
NULL
#define NULL
Definition: types.h:112
PoolType
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
ULONG
unsigned int ULONG
Definition: retypes.h:1
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
NewSid
_In_ PSID _In_ PSID NewSid
Definition: rtlfuncs.h:2815
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

Referenced by NtCreateToken(), NtSecureConnectPort(), NtSetInformationToken(), and SepAccessCheckAndAuditAlarm().

◆ SepCreateImpersonationTokenDacl()

NTSTATUS NTAPI SepCreateImpersonationTokenDacl ( _In_ PTOKEN  Token,
_In_ PTOKEN  PrimaryToken,
_Out_ PACL Dacl 
)

Definition at line 225 of file acl.c.

229 {
230  ULONG AclLength;
231  PACL TokenDacl;
232 
233  PAGED_CODE();
234 
235  *Dacl = NULL;
236 
237  AclLength = sizeof(ACL) +
238  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
239  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
240  (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid)) +
241  (sizeof(ACE) + RtlLengthSid(Token->UserAndGroups->Sid)) +
242  (sizeof(ACE) + RtlLengthSid(PrimaryToken->UserAndGroups->Sid));
243 
244  TokenDacl = ExAllocatePoolWithTag(PagedPool, AclLength, TAG_ACL);
245  if (TokenDacl == NULL)
246  {
247  return STATUS_INSUFFICIENT_RESOURCES;
248  }
249 
250  RtlCreateAcl(TokenDacl, AclLength, ACL_REVISION);
251  RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
252  Token->UserAndGroups->Sid);
253  RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
254  PrimaryToken->UserAndGroups->Sid);
255  RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
256  SeAliasAdminsSid);
257  RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
258  SeLocalSystemSid);
259 
260  if (Token->RestrictedSids != NULL || PrimaryToken->RestrictedSids != NULL)
261  {
262  RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
263  SeRestrictedCodeSid);
264  }
265 
266  *Dacl = TokenDacl;
267 
268  return STATUS_SUCCESS;
269 }
GENERIC_ALL
#define GENERIC_ALL
Definition: nt_native.h:92
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
SeRestrictedCodeSid
PSID SeRestrictedCodeSid
Definition: sid.c:42
_ACL
Definition: ms-dtyp.idl:293
Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
ACL
struct _ACL ACL
RtlLengthSid
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
Dacl
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1552
SeAliasAdminsSid
PSID SeAliasAdminsSid
Definition: sid.c:43
TAG_ACL
#define TAG_ACL
Definition: tag.h:174
RtlAddAccessAllowedAce
NTSTATUS NTAPI RtlAddAccessAllowedAce(IN OUT PACL Acl, IN ULONG Revision, IN ACCESS_MASK AccessMask, IN PSID Sid)
Definition: acl.c:262
RtlCreateAcl
NTSTATUS NTAPI RtlCreateAcl(IN PACL Acl, IN ULONG AclSize, IN ULONG AclRevision)
Definition: acl.c:677
NULL
#define NULL
Definition: types.h:112
ACL_REVISION
#define ACL_REVISION
Definition: setypes.h:39
SeLocalSystemSid
PSID SeLocalSystemSid
Definition: sid.c:40
ULONG
unsigned int ULONG
Definition: retypes.h:1
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
_ACE
Definition: rtltypes.h:990
AclLength
_In_ ULONG AclLength
Definition: rtlfuncs.h:1844
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

Referenced by NtOpenThreadTokenEx().

◆ SepCreateSystemProcessToken()

PTOKEN NTAPI SepCreateSystemProcessToken ( VOID  )

Definition at line 1395 of file token.c.

1396 {
1397  LUID_AND_ATTRIBUTES Privileges[25];
1398  ULONG GroupAttributes, OwnerAttributes;
1399  SID_AND_ATTRIBUTES Groups[32];
1400  LARGE_INTEGER Expiration;
1401  SID_AND_ATTRIBUTES UserSid;
1402  ULONG GroupsLength;
1403  PSID PrimaryGroup;
1404  OBJECT_ATTRIBUTES ObjectAttributes;
1405  PSID Owner;
1406  ULONG i;
1407  PTOKEN Token;
1408  NTSTATUS Status;
1409 
1410  /* Don't ever expire */
1411  Expiration.QuadPart = -1;
1412 
1413  /* All groups mandatory and enabled */
1414  GroupAttributes = SE_GROUP_ENABLED | SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT;
1415  OwnerAttributes = SE_GROUP_ENABLED | SE_GROUP_OWNER | SE_GROUP_ENABLED_BY_DEFAULT;
1416 
1417  /* User is Local System */
1418  UserSid.Sid = SeLocalSystemSid;
1419  UserSid.Attributes = 0;
1420 
1421  /* Primary group is Local System */
1422  PrimaryGroup = SeLocalSystemSid;
1423 
1424  /* Owner is Administrators */
1425  Owner = SeAliasAdminsSid;
1426 
1427  /* Groups are Administrators, World, and Authenticated Users */
1428  Groups[0].Sid = SeAliasAdminsSid;
1429  Groups[0].Attributes = OwnerAttributes;
1430  Groups[1].Sid = SeWorldSid;
1431  Groups[1].Attributes = GroupAttributes;
1432  Groups[2].Sid = SeAuthenticatedUsersSid;
1433  Groups[2].Attributes = GroupAttributes;
1434  GroupsLength = sizeof(SID_AND_ATTRIBUTES) +
1435  SeLengthSid(Groups[0].Sid) +
1436  SeLengthSid(Groups[1].Sid) +
1437  SeLengthSid(Groups[2].Sid);
1438  ASSERT(GroupsLength <= sizeof(Groups));
1439 
1440  /* Setup the privileges */
1441  i = 0;
1442  Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED;
1443  Privileges[i++].Luid = SeTcbPrivilege;
1444 
1445  Privileges[i].Attributes = 0;
1446  Privileges[i++].Luid = SeCreateTokenPrivilege;
1447 
1448  Privileges[i].Attributes = 0;
1449  Privileges[i++].Luid = SeTakeOwnershipPrivilege;
1450 
1451  Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED;
1452  Privileges[i++].Luid = SeCreatePagefilePrivilege;
1453 
1454  Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED;
1455  Privileges[i++].Luid = SeLockMemoryPrivilege;
1456 
1457  Privileges[i].Attributes = 0;
1458  Privileges[i++].Luid = SeAssignPrimaryTokenPrivilege;
1459 
1460  Privileges[i].Attributes = 0;
1461  Privileges[i++].Luid = SeIncreaseQuotaPrivilege;
1462 
1463  Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED;
1464  Privileges[i++].Luid = SeIncreaseBasePriorityPrivilege;
1465 
1466  Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED;
1467  Privileges[i++].Luid = SeCreatePermanentPrivilege;
1468 
1469  Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED;
1470  Privileges[i++].Luid = SeDebugPrivilege;
1471 
1472  Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED;
1473  Privileges[i++].Luid = SeAuditPrivilege;
1474 
1475  Privileges[i].Attributes = 0;
1476  Privileges[i++].Luid = SeSecurityPrivilege;
1477 
1478  Privileges[i].Attributes = 0;
1479  Privileges[i++].Luid = SeSystemEnvironmentPrivilege;
1480 
1481  Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED;
1482  Privileges[i++].Luid = SeChangeNotifyPrivilege;
1483 
1484  Privileges[i].Attributes = 0;
1485  Privileges[i++].Luid = SeBackupPrivilege;
1486 
1487  Privileges[i].Attributes = 0;
1488  Privileges[i++].Luid = SeRestorePrivilege;
1489 
1490  Privileges[i].Attributes = 0;
1491  Privileges[i++].Luid = SeShutdownPrivilege;
1492 
1493  Privileges[i].Attributes = 0;
1494  Privileges[i++].Luid = SeLoadDriverPrivilege;
1495 
1496  Privileges[i].Attributes = SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED;
1497  Privileges[i++].Luid = SeProfileSingleProcessPrivilege;
1498 
1499  Privileges[i].Attributes = 0;
1500  Privileges[i++].Luid = SeSystemtimePrivilege;
1501  ASSERT(i == 20);
1502 
1503  /* Setup the object attributes */
1504  InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL);
1505  ASSERT(SeSystemDefaultDacl != NULL);
1506 
1507  /* Create the token */
1508  Status = SepCreateToken((PHANDLE)&Token,
1509  KernelMode,
1510  0,
1511  &ObjectAttributes,
1512  TokenPrimary,
1513  SecurityAnonymous,
1514  &SeSystemAuthenticationId,
1515  &Expiration,
1516  &UserSid,
1517  3,
1518  Groups,
1519  GroupsLength,
1520  20,
1521  Privileges,
1522  Owner,
1523  PrimaryGroup,
1524  SeSystemDefaultDacl,
1525  &SeSystemTokenSource,
1526  TRUE);
1527  ASSERT(Status == STATUS_SUCCESS);
1528 
1529  /* Return the token */
1530  return Token;
1531 }
SeSystemEnvironmentPrivilege
const LUID SeSystemEnvironmentPrivilege
Definition: priv.c:39
_LUID_AND_ATTRIBUTES
Definition: setypes.h:73
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
SeSystemtimePrivilege
const LUID SeSystemtimePrivilege
Definition: priv.c:29
_SID_AND_ATTRIBUTES::Sid
PSID Sid
Definition: setypes.h:478
_SID
Definition: ms-dtyp.idl:198
SeIncreaseQuotaPrivilege
const LUID SeIncreaseQuotaPrivilege
Definition: priv.c:22
SeCreateTokenPrivilege
const LUID SeCreateTokenPrivilege
Definition: priv.c:19
SeCreatePermanentPrivilege
const LUID SeCreatePermanentPrivilege
Definition: priv.c:33
SeDebugPrivilege
const LUID SeDebugPrivilege
Definition: priv.c:37
SeBackupPrivilege
const LUID SeBackupPrivilege
Definition: priv.c:34
TRUE
#define TRUE
Definition: types.h:120
_OBJECT_ATTRIBUTES
Definition: umtypes.h:181
SeSystemDefaultDacl
PACL SeSystemDefaultDacl
Definition: acl.c:19
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
SeSystemAuthenticationId
LUID SeSystemAuthenticationId
Definition: token.c:32
SeAssignPrimaryTokenPrivilege
const LUID SeAssignPrimaryTokenPrivilege
Definition: priv.c:20
SeAuthenticatedUsersSid
PSID SeAuthenticatedUsersSid
Definition: sid.c:51
Groups
TOpcodeData Groups[17][8]
Definition: disassemblerdata.h:895
SE_PRIVILEGE_ENABLED
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
SE_GROUP_OWNER
#define SE_GROUP_OWNER
Definition: setypes.h:93
SeLoadDriverPrivilege
const LUID SeLoadDriverPrivilege
Definition: priv.c:27
SE_GROUP_ENABLED_BY_DEFAULT
#define SE_GROUP_ENABLED_BY_DEFAULT
Definition: setypes.h:91
SeTakeOwnershipPrivilege
const LUID SeTakeOwnershipPrivilege
Definition: priv.c:26
Sid
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
SepCreateToken
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Definition: token.c:1129
Status
Status
Definition: gdiplustypes.h:24
PrimaryGroup
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1558
SE_PRIVILEGE_ENABLED_BY_DEFAULT
#define SE_PRIVILEGE_ENABLED_BY_DEFAULT
Definition: setypes.h:62
SeCreatePagefilePrivilege
const LUID SeCreatePagefilePrivilege
Definition: priv.c:32
ASSERT
#define ASSERT(a)
Definition: mode.c:45
SeRestorePrivilege
const LUID SeRestorePrivilege
Definition: priv.c:35
SE_GROUP_ENABLED
#define SE_GROUP_ENABLED
Definition: setypes.h:92
_SID_AND_ATTRIBUTES
Definition: setypes.h:474
SID_AND_ATTRIBUTES
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
SeChangeNotifyPrivilege
static const LUID SeChangeNotifyPrivilege
Definition: authpackage.c:167
SE_GROUP_MANDATORY
#define SE_GROUP_MANDATORY
Definition: setypes.h:90
Privileges
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
SeAliasAdminsSid
PSID SeAliasAdminsSid
Definition: sid.c:43
SeSystemTokenSource
TOKEN_SOURCE SeSystemTokenSource
Definition: token.c:31
PHANDLE
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
SeLockMemoryPrivilege
const LUID SeLockMemoryPrivilege
Definition: priv.c:21
SeProfileSingleProcessPrivilege
const LUID SeProfileSingleProcessPrivilege
Definition: priv.c:30
SeWorldSid
PSID SeWorldSid
Definition: sid.c:27
SeIncreaseBasePriorityPrivilege
const LUID SeIncreaseBasePriorityPrivilege
Definition: priv.c:31
SeTcbPrivilege
const LUID SeTcbPrivilege
Definition: priv.c:24
SeShutdownPrivilege
const LUID SeShutdownPrivilege
Definition: priv.c:36
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
_SID_AND_ATTRIBUTES::Attributes
$ULONG Attributes
Definition: setypes.h:480
Owner
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1556
NULL
#define NULL
Definition: types.h:112
_LARGE_INTEGER
Definition: typedefs.h:102
SeSecurityPrivilege
const LUID SeSecurityPrivilege
Definition: priv.c:25
SeLocalSystemSid
PSID SeLocalSystemSid
Definition: sid.c:40
ULONG
unsigned int ULONG
Definition: retypes.h:1
InitializeObjectAttributes
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
SeLengthSid
#define SeLengthSid(Sid)
Definition: sefuncs.h:570
_TOKEN
Definition: setypes.h:184
SeAuditPrivilege
const LUID SeAuditPrivilege
Definition: priv.c:38
_LARGE_INTEGER::QuadPart
LONGLONG QuadPart
Definition: typedefs.h:114

Referenced by SepInitializationPhase0().

◆ SepDuplicateToken()

NTSTATUS NTAPI SepDuplicateToken ( _In_ PTOKEN  Token,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ BOOLEAN  EffectiveOnly,
_In_ TOKEN_TYPE  TokenType,
_In_ SECURITY_IMPERSONATION_LEVEL  Level,
_In_ KPROCESSOR_MODE  PreviousMode,
_Out_ PTOKEN NewAccessToken 
)

Definition at line 681 of file token.c.

689 {
690  NTSTATUS Status;
691  PTOKEN AccessToken;
692  PVOID EndMem;
693  ULONG VariableLength;
694  ULONG TotalSize;
695 
696  PAGED_CODE();
697 
698  /* Compute how much size we need to allocate for the token */
699  VariableLength = Token->VariableLength;
700  TotalSize = FIELD_OFFSET(TOKEN, VariablePart) + VariableLength;
701 
702  Status = ObCreateObject(PreviousMode,
703  SeTokenObjectType,
704  ObjectAttributes,
705  PreviousMode,
706  NULL,
707  TotalSize,
708  0,
709  0,
710  (PVOID*)&AccessToken);
711  if (!NT_SUCCESS(Status))
712  {
713  DPRINT1("ObCreateObject() failed (Status 0x%lx)\n", Status);
714  return Status;
715  }
716 
717  /* Zero out the buffer and initialize the token */
718  RtlZeroMemory(AccessToken, TotalSize);
719 
720  ExAllocateLocallyUniqueId(&AccessToken->TokenId);
721 
722  AccessToken->TokenType = TokenType;
723  AccessToken->ImpersonationLevel = Level;
724 
725  /* Initialise the lock for the access token */
726  Status = SepCreateTokenLock(AccessToken);
727  if (!NT_SUCCESS(Status))
728  {
729  ObDereferenceObject(AccessToken);
730  return Status;
731  }
732 
733  /* Copy the immutable fields */
734  RtlCopyLuid(&AccessToken->TokenSource.SourceIdentifier,
735  &Token->TokenSource.SourceIdentifier);
736  RtlCopyMemory(AccessToken->TokenSource.SourceName,
737  Token->TokenSource.SourceName,
738  sizeof(Token->TokenSource.SourceName));
739 
740  AccessToken->AuthenticationId = Token->AuthenticationId;
741  AccessToken->ParentTokenId = Token->ParentTokenId;
742  AccessToken->ExpirationTime = Token->ExpirationTime;
743  AccessToken->OriginatingLogonSession = Token->OriginatingLogonSession;
744 
745  /* Lock the source token and copy the mutable fields */
746  SepAcquireTokenLockExclusive(Token);
747 
748  AccessToken->SessionId = Token->SessionId;
749  RtlCopyLuid(&AccessToken->ModifiedId, &Token->ModifiedId);
750 
751  AccessToken->TokenFlags = Token->TokenFlags & ~TOKEN_SESSION_NOT_REFERENCED;
752 
753  /* Copy and reference the logon session */
754  // RtlCopyLuid(&AccessToken->AuthenticationId, &Token->AuthenticationId);
755  Status = SepRmReferenceLogonSession(&AccessToken->AuthenticationId);
756  if (!NT_SUCCESS(Status))
757  {
758  /* No logon session could be found, bail out */
759  DPRINT1("SepRmReferenceLogonSession() failed (Status 0x%lx)\n", Status);
760  /* Set the flag for proper cleanup by the delete procedure */
761  AccessToken->TokenFlags |= TOKEN_SESSION_NOT_REFERENCED;
762  goto Quit;
763  }
764 
765  /* Assign the data that reside in the TOKEN's variable information area */
766  AccessToken->VariableLength = VariableLength;
767  EndMem = (PVOID)&AccessToken->VariablePart;
768 
769  /* Copy the privileges */
770  AccessToken->PrivilegeCount = 0;
771  AccessToken->Privileges = NULL;
772  if (Token->Privileges && (Token->PrivilegeCount > 0))
773  {
774  ULONG PrivilegesLength = Token->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
775  PrivilegesLength = ALIGN_UP_BY(PrivilegesLength, sizeof(PVOID));
776 
777  ASSERT(VariableLength >= PrivilegesLength);
778 
779  AccessToken->PrivilegeCount = Token->PrivilegeCount;
780  AccessToken->Privileges = EndMem;
781  EndMem = (PVOID)((ULONG_PTR)EndMem + PrivilegesLength);
782  VariableLength -= PrivilegesLength;
783 
784  RtlCopyMemory(AccessToken->Privileges,
785  Token->Privileges,
786  AccessToken->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
787  }
788 
789  /* Copy the user and groups */
790  AccessToken->UserAndGroupCount = 0;
791  AccessToken->UserAndGroups = NULL;
792  if (Token->UserAndGroups && (Token->UserAndGroupCount > 0))
793  {
794  AccessToken->UserAndGroupCount = Token->UserAndGroupCount;
795  AccessToken->UserAndGroups = EndMem;
796  EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
797  VariableLength -= ((ULONG_PTR)EndMem - (ULONG_PTR)AccessToken->UserAndGroups);
798 
799  Status = RtlCopySidAndAttributesArray(AccessToken->UserAndGroupCount,
800  Token->UserAndGroups,
801  VariableLength,
802  AccessToken->UserAndGroups,
803  EndMem,
804  &EndMem,
805  &VariableLength);
806  if (!NT_SUCCESS(Status))
807  {
808  DPRINT1("RtlCopySidAndAttributesArray(UserAndGroups) failed (Status 0x%lx)\n", Status);
809  goto Quit;
810  }
811  }
812 
813 #if 1
814  {
815  ULONG PrimaryGroupIndex;
816 
817  /* Find the token primary group */
818  Status = SepFindPrimaryGroupAndDefaultOwner(AccessToken,
819  Token->PrimaryGroup,
820  NULL,
821  &PrimaryGroupIndex,
822  NULL);
823  if (!NT_SUCCESS(Status))
824  {
825  DPRINT1("SepFindPrimaryGroupAndDefaultOwner failed (Status 0x%lx)\n", Status);
826  goto Quit;
827  }
828  AccessToken->PrimaryGroup = AccessToken->UserAndGroups[PrimaryGroupIndex].Sid;
829  }
830 #else
831  AccessToken->PrimaryGroup = (PVOID)((ULONG_PTR)AccessToken + (ULONG_PTR)Token->PrimaryGroup - (ULONG_PTR)Token->UserAndGroups);
832 #endif
833  AccessToken->DefaultOwnerIndex = Token->DefaultOwnerIndex;
834 
835  /* Copy the restricted SIDs */
836  AccessToken->RestrictedSidCount = 0;
837  AccessToken->RestrictedSids = NULL;
838  if (Token->RestrictedSids && (Token->RestrictedSidCount > 0))
839  {
840  AccessToken->RestrictedSidCount = Token->RestrictedSidCount;
841  AccessToken->RestrictedSids = EndMem;
842  EndMem = &AccessToken->RestrictedSids[AccessToken->RestrictedSidCount];
843  VariableLength -= ((ULONG_PTR)EndMem - (ULONG_PTR)AccessToken->RestrictedSids);
844 
845  Status = RtlCopySidAndAttributesArray(AccessToken->RestrictedSidCount,
846  Token->RestrictedSids,
847  VariableLength,
848  AccessToken->RestrictedSids,
849  EndMem,
850  &EndMem,
851  &VariableLength);
852  if (!NT_SUCCESS(Status))
853  {
854  DPRINT1("RtlCopySidAndAttributesArray(RestrictedSids) failed (Status 0x%lx)\n", Status);
855  goto Quit;
856  }
857  }
858 
859 
860  //
861  // FIXME: Implement the "EffectiveOnly" option, that removes all
862  // the disabled parts (privileges and groups) of the token.
863  //
864 
865 
866  //
867  // NOTE: So far our dynamic area only contains
868  // the default dacl, so this makes the following
869  // code pretty simple. The day where it stores
870  // other data, the code will require adaptations.
871  //
872 
873  /* Now allocate the TOKEN's dynamic information area and set the data */
874  AccessToken->DynamicAvailable = 0; // Unused memory in the dynamic area.
875  AccessToken->DynamicPart = NULL;
876  if (Token->DynamicPart && Token->DefaultDacl)
877  {
878  AccessToken->DynamicPart = ExAllocatePoolWithTag(PagedPool,
879  Token->DefaultDacl->AclSize,
880  TAG_TOKEN_DYNAMIC);
881  if (AccessToken->DynamicPart == NULL)
882  {
883  Status = STATUS_INSUFFICIENT_RESOURCES;
884  goto Quit;
885  }
886  EndMem = (PVOID)AccessToken->DynamicPart;
887 
888  AccessToken->DefaultDacl = EndMem;
889 
890  RtlCopyMemory(AccessToken->DefaultDacl,
891  Token->DefaultDacl,
892  Token->DefaultDacl->AclSize);
893  }
894 
895  /* Unlock the source token */
896  SepReleaseTokenLock(Token);
897 
898  /* Return the token */
899  *NewAccessToken = AccessToken;
900  Status = STATUS_SUCCESS;
901 
902 Quit:
903  if (!NT_SUCCESS(Status))
904  {
905  /* Unlock the source token */
906  SepReleaseTokenLock(Token);
907 
908  /* Dereference the token, the delete procedure will clean it up */
909  ObDereferenceObject(AccessToken);
910  }
911 
912  return Status;
913 }
_TOKEN::TokenType
TOKEN_TYPE TokenType
Definition: setypes.h:208
SepAcquireTokenLockExclusive
#define SepAcquireTokenLockExclusive(Token)
Definition: se.h:200
SepFindPrimaryGroupAndDefaultOwner
static NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Definition: token.c:585
_LUID_AND_ATTRIBUTES
Definition: setypes.h:73
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_SID_AND_ATTRIBUTES::Sid
PSID Sid
Definition: setypes.h:478
_TOKEN::AuthenticationId
LUID AuthenticationId
Definition: setypes.h:188
_TOKEN::VariablePart
ULONG VariablePart
Definition: setypes.h:215
RtlCopySidAndAttributesArray
NTSYSAPI NTSTATUS NTAPI RtlCopySidAndAttributesArray(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src, _In_ ULONG SidAreaSize, _In_ PSID_AND_ATTRIBUTES Dest, _In_ PSID SidArea, _Out_ PSID *RemainingSidArea, _Out_ PULONG RemainingSidAreaSize)
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
LUID_AND_ATTRIBUTES
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
Level
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR Level
Definition: wmitypes.h:55
_TOKEN::PrivilegeCount
ULONG PrivilegeCount
Definition: setypes.h:197
_TOKEN::Privileges
PLUID_AND_ATTRIBUTES Privileges
Definition: setypes.h:205
_TOKEN::ModifiedId
LUID ModifiedId
Definition: setypes.h:193
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
_TOKEN::TokenFlags
ULONG TokenFlags
Definition: setypes.h:210
_TOKEN_SOURCE::SourceIdentifier
LUID SourceIdentifier
Definition: imports.h:279
_TOKEN::DynamicAvailable
ULONG DynamicAvailable
Definition: setypes.h:200
_TOKEN::DefaultDacl
PACL DefaultDacl
Definition: setypes.h:207
SeTokenObjectType
POBJECT_TYPE SeTokenObjectType
Definition: token.c:29
_TOKEN::ParentTokenId
LUID ParentTokenId
Definition: setypes.h:189
_TOKEN::DefaultOwnerIndex
ULONG DefaultOwnerIndex
Definition: setypes.h:201
_TOKEN::VariableLength
ULONG VariableLength
Definition: setypes.h:198
PVOID
void * PVOID
Definition: retypes.h:9
_TOKEN::SessionId
ULONG SessionId
Definition: setypes.h:194
ObCreateObject
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:952
SepRmReferenceLogonSession
NTSTATUS SepRmReferenceLogonSession(PLUID LogonLuid)
Definition: srm.c:381
_TOKEN::RestrictedSidCount
ULONG RestrictedSidCount
Definition: setypes.h:196
_TOKEN::DynamicPart
PULONG DynamicPart
Definition: setypes.h:206
Status
Status
Definition: gdiplustypes.h:24
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
_TOKEN::PrimaryGroup
PSID PrimaryGroup
Definition: setypes.h:204
_TOKEN::ExpirationTime
LARGE_INTEGER ExpirationTime
Definition: setypes.h:190
ASSERT
#define ASSERT(a)
Definition: mode.c:45
if
if(!(yy_init))
Definition: macro.lex.yy.c:714
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
_TOKEN::RestrictedSids
PSID_AND_ATTRIBUTES RestrictedSids
Definition: setypes.h:203
SepReleaseTokenLock
#define SepReleaseTokenLock(Token)
Definition: se.h:211
TAG_TOKEN_DYNAMIC
#define TAG_TOKEN_DYNAMIC
Definition: tag.h:180
_TOKEN_SOURCE::SourceName
CCHAR SourceName[TOKEN_SOURCE_LENGTH]
Definition: imports.h:278
_TOKEN::UserAndGroupCount
ULONG UserAndGroupCount
Definition: setypes.h:195
ExAllocateLocallyUniqueId
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:334
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
_TOKEN::TokenId
LUID TokenId
Definition: setypes.h:187
NULL
#define NULL
Definition: types.h:112
DPRINT1
#define DPRINT1
Definition: precomp.h:8
RtlCopyLuid
NTSYSAPI void WINAPI RtlCopyLuid(PLUID, const LUID *)
_TOKEN::ImpersonationLevel
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:209
SepCreateTokenLock
static NTSTATUS SepCreateTokenLock(_Inout_ PTOKEN Token)
Creates a lock for the token.
Definition: token.c:99
ULONG
unsigned int ULONG
Definition: retypes.h:1
RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101
ALIGN_UP_BY
#define ALIGN_UP_BY(size, align)
Definition: GetWindowPlacement.c:13
_TOKEN::UserAndGroups
PSID_AND_ATTRIBUTES UserAndGroups
Definition: setypes.h:202
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
_TOKEN::TokenSource
TOKEN_SOURCE TokenSource
Definition: setypes.h:186
_TOKEN
Definition: setypes.h:184
TOKEN_SESSION_NOT_REFERENCED
#define TOKEN_SESSION_NOT_REFERENCED
Definition: setypes.h:1130
TokenType
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:417
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89
_TOKEN::OriginatingLogonSession
LUID OriginatingLogonSession
Definition: setypes.h:214

Referenced by NtDuplicateToken(), NtOpenThreadTokenEx(), SeCopyClientToken(), and SeSubProcessToken().

◆ SepGetDaclFromDescriptor()

FORCEINLINE PACL SepGetDaclFromDescriptor ( PVOID  _Descriptor)

Definition at line 67 of file se.h.

68 {
69  PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
70  PISECURITY_DESCRIPTOR_RELATIVE SdRel;
71 
72  if (!(Descriptor->Control & SE_DACL_PRESENT)) return NULL;
73 
74  if (Descriptor->Control & SE_SELF_RELATIVE)
75  {
76  SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor;
77  if (!SdRel->Dacl) return NULL;
78  return (PACL)((ULONG_PTR)Descriptor + SdRel->Dacl);
79  }
80  else
81  {
82  return Descriptor->Dacl;
83  }
84 }
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
Descriptor
_Must_inspect_result_ _In_ WDFIORESLIST _In_ PIO_RESOURCE_DESCRIPTOR Descriptor
Definition: wdfresource.h:339
SE_SELF_RELATIVE
#define SE_SELF_RELATIVE
Definition: setypes.h:780
_SECURITY_DESCRIPTOR_RELATIVE
Definition: setypes.h:782
_ACL
Definition: ms-dtyp.idl:293
_SECURITY_DESCRIPTOR_RELATIVE::Dacl
$ULONG Dacl
Definition: setypes.h:789
SE_DACL_PRESENT
#define SE_DACL_PRESENT
Definition: setypes.h:767
PISECURITY_DESCRIPTOR_RELATIVE
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
NULL
#define NULL
Definition: types.h:112
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101
PISECURITY_DESCRIPTOR
struct _SECURITY_DESCRIPTOR * PISECURITY_DESCRIPTOR

Referenced by _IRQL_requires_max_(), RtlGetDaclSecurityDescriptor(), RtlLengthSecurityDescriptor(), RtlpQuerySecurityDescriptor(), RtlValidSecurityDescriptor(), SeCaptureSecurityDescriptor(), and SeFastTraverseCheck().

◆ SepGetGroupFromDescriptor()

FORCEINLINE PSID SepGetGroupFromDescriptor ( PVOID  _Descriptor)

Definition at line 29 of file se.h.

30 {
31  PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
32  PISECURITY_DESCRIPTOR_RELATIVE SdRel;
33 
34  if (Descriptor->Control & SE_SELF_RELATIVE)
35  {
36  SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor;
37  if (!SdRel->Group) return NULL;
38  return (PSID)((ULONG_PTR)Descriptor + SdRel->Group);
39  }
40  else
41  {
42  return Descriptor->Group;
43  }
44 }
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
Descriptor
_Must_inspect_result_ _In_ WDFIORESLIST _In_ PIO_RESOURCE_DESCRIPTOR Descriptor
Definition: wdfresource.h:339
SE_SELF_RELATIVE
#define SE_SELF_RELATIVE
Definition: setypes.h:780
_SECURITY_DESCRIPTOR_RELATIVE
Definition: setypes.h:782
_SECURITY_DESCRIPTOR_RELATIVE::Group
$ULONG Group
Definition: setypes.h:787
_SID
Definition: ms-dtyp.idl:198
PISECURITY_DESCRIPTOR_RELATIVE
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
NULL
#define NULL
Definition: types.h:112
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101
PISECURITY_DESCRIPTOR
struct _SECURITY_DESCRIPTOR * PISECURITY_DESCRIPTOR

Referenced by _IRQL_requires_max_(), RtlGetGroupSecurityDescriptor(), RtlLengthSecurityDescriptor(), RtlpQuerySecurityDescriptor(), RtlValidSecurityDescriptor(), SeCaptureSecurityDescriptor(), and SepAccessCheckAndAuditAlarm().

◆ SepGetOwnerFromDescriptor()

FORCEINLINE PSID SepGetOwnerFromDescriptor ( PVOID  _Descriptor)

Definition at line 48 of file se.h.

49 {
50  PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
51  PISECURITY_DESCRIPTOR_RELATIVE SdRel;
52 
53  if (Descriptor->Control & SE_SELF_RELATIVE)
54  {
55  SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor;
56  if (!SdRel->Owner) return NULL;
57  return (PSID)((ULONG_PTR)Descriptor + SdRel->Owner);
58  }
59  else
60  {
61  return Descriptor->Owner;
62  }
63 }
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
Descriptor
_Must_inspect_result_ _In_ WDFIORESLIST _In_ PIO_RESOURCE_DESCRIPTOR Descriptor
Definition: wdfresource.h:339
SE_SELF_RELATIVE
#define SE_SELF_RELATIVE
Definition: setypes.h:780
_SECURITY_DESCRIPTOR_RELATIVE
Definition: setypes.h:782
_SID
Definition: ms-dtyp.idl:198
PISECURITY_DESCRIPTOR_RELATIVE
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
_SECURITY_DESCRIPTOR_RELATIVE::Owner
$ULONG Owner
Definition: setypes.h:786
NULL
#define NULL
Definition: types.h:112
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101
PISECURITY_DESCRIPTOR
struct _SECURITY_DESCRIPTOR * PISECURITY_DESCRIPTOR

Referenced by _IRQL_requires_max_(), RtlGetOwnerSecurityDescriptor(), RtlLengthSecurityDescriptor(), RtlpQuerySecurityDescriptor(), RtlValidSecurityDescriptor(), SeCaptureSecurityDescriptor(), SepAccessCheckAndAuditAlarm(), and SepTokenIsOwner().

◆ SepGetSaclFromDescriptor()

FORCEINLINE PACL SepGetSaclFromDescriptor ( PVOID  _Descriptor)

Definition at line 88 of file se.h.

89 {
90  PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
91  PISECURITY_DESCRIPTOR_RELATIVE SdRel;
92 
93  if (!(Descriptor->Control & SE_SACL_PRESENT)) return NULL;
94 
95  if (Descriptor->Control & SE_SELF_RELATIVE)
96  {
97  SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor;
98  if (!SdRel->Sacl) return NULL;
99  return (PACL)((ULONG_PTR)Descriptor + SdRel->Sacl);
100  }
101  else
102  {
103  return Descriptor->Sacl;
104  }
105 }
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
SE_SACL_PRESENT
#define SE_SACL_PRESENT
Definition: setypes.h:769
_SECURITY_DESCRIPTOR_RELATIVE::Sacl
$ULONG Sacl
Definition: setypes.h:788
Descriptor
_Must_inspect_result_ _In_ WDFIORESLIST _In_ PIO_RESOURCE_DESCRIPTOR Descriptor
Definition: wdfresource.h:339
SE_SELF_RELATIVE
#define SE_SELF_RELATIVE
Definition: setypes.h:780
_SECURITY_DESCRIPTOR_RELATIVE
Definition: setypes.h:782
_ACL
Definition: ms-dtyp.idl:293
PISECURITY_DESCRIPTOR_RELATIVE
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
NULL
#define NULL
Definition: types.h:112
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101
PISECURITY_DESCRIPTOR
struct _SECURITY_DESCRIPTOR * PISECURITY_DESCRIPTOR

Referenced by _IRQL_requires_max_(), RtlGetSaclSecurityDescriptor(), RtlLengthSecurityDescriptor(), RtlpQuerySecurityDescriptor(), RtlValidSecurityDescriptor(), and SeCaptureSecurityDescriptor().

◆ SepInitDACLs()

BOOLEAN NTAPI SepInitDACLs ( VOID  )

Definition at line 30 of file acl.c.

31 {
32  ULONG AclLength;
33 
34  /* create PublicDefaultDacl */
35  AclLength = sizeof(ACL) +
36  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
37  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
38  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
39 
40  SePublicDefaultDacl = ExAllocatePoolWithTag(PagedPool,
41  AclLength,
42  TAG_ACL);
43  if (SePublicDefaultDacl == NULL)
44  return FALSE;
45 
46  RtlCreateAcl(SePublicDefaultDacl,
47  AclLength,
48  ACL_REVISION);
49 
50  RtlAddAccessAllowedAce(SePublicDefaultDacl,
51  ACL_REVISION,
52  GENERIC_EXECUTE,
53  SeWorldSid);
54 
55  RtlAddAccessAllowedAce(SePublicDefaultDacl,
56  ACL_REVISION,
57  GENERIC_ALL,
58  SeLocalSystemSid);
59 
60  RtlAddAccessAllowedAce(SePublicDefaultDacl,
61  ACL_REVISION,
62  GENERIC_ALL,
63  SeAliasAdminsSid);
64 
65  /* create PublicDefaultUnrestrictedDacl */
66  AclLength = sizeof(ACL) +
67  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
68  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
69  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
70  (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
71 
72  SePublicDefaultUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
73  AclLength,
74  TAG_ACL);
75  if (SePublicDefaultUnrestrictedDacl == NULL)
76  return FALSE;
77 
78  RtlCreateAcl(SePublicDefaultUnrestrictedDacl,
79  AclLength,
80  ACL_REVISION);
81 
82  RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
83  ACL_REVISION,
84  GENERIC_EXECUTE,
85  SeWorldSid);
86 
87  RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
88  ACL_REVISION,
89  GENERIC_ALL,
90  SeLocalSystemSid);
91 
92  RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
93  ACL_REVISION,
94  GENERIC_ALL,
95  SeAliasAdminsSid);
96 
97  RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
98  ACL_REVISION,
99  GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL,
100  SeRestrictedCodeSid);
101 
102  /* create PublicOpenDacl */
103  AclLength = sizeof(ACL) +
104  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
105  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
106  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
107 
108  SePublicOpenDacl = ExAllocatePoolWithTag(PagedPool,
109  AclLength,
110  TAG_ACL);
111  if (SePublicOpenDacl == NULL)
112  return FALSE;
113 
114  RtlCreateAcl(SePublicOpenDacl,
115  AclLength,
116  ACL_REVISION);
117 
118  RtlAddAccessAllowedAce(SePublicOpenDacl,
119  ACL_REVISION,
120  GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE,
121  SeWorldSid);
122 
123  RtlAddAccessAllowedAce(SePublicOpenDacl,
124  ACL_REVISION,
125  GENERIC_ALL,
126  SeLocalSystemSid);
127 
128  RtlAddAccessAllowedAce(SePublicOpenDacl,
129  ACL_REVISION,
130  GENERIC_ALL,
131  SeAliasAdminsSid);
132 
133  /* create PublicOpenUnrestrictedDacl */
134  AclLength = sizeof(ACL) +
135  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
136  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
137  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
138  (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
139 
140  SePublicOpenUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
141  AclLength,
142  TAG_ACL);
143  if (SePublicOpenUnrestrictedDacl == NULL)
144  return FALSE;
145 
146  RtlCreateAcl(SePublicOpenUnrestrictedDacl,
147  AclLength,
148  ACL_REVISION);
149 
150  RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
151  ACL_REVISION,
152  GENERIC_ALL,
153  SeWorldSid);
154 
155  RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
156  ACL_REVISION,
157  GENERIC_ALL,
158  SeLocalSystemSid);
159 
160  RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
161  ACL_REVISION,
162  GENERIC_ALL,
163  SeAliasAdminsSid);
164 
165  RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
166  ACL_REVISION,
167  GENERIC_READ | GENERIC_EXECUTE,
168  SeRestrictedCodeSid);
169 
170  /* create SystemDefaultDacl */
171  AclLength = sizeof(ACL) +
172  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
173  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
174 
175  SeSystemDefaultDacl = ExAllocatePoolWithTag(PagedPool,
176  AclLength,
177  TAG_ACL);
178  if (SeSystemDefaultDacl == NULL)
179  return FALSE;
180 
181  RtlCreateAcl(SeSystemDefaultDacl,
182  AclLength,
183  ACL_REVISION);
184 
185  RtlAddAccessAllowedAce(SeSystemDefaultDacl,
186  ACL_REVISION,
187  GENERIC_ALL,
188  SeLocalSystemSid);
189 
190  RtlAddAccessAllowedAce(SeSystemDefaultDacl,
191  ACL_REVISION,
192  GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL,
193  SeAliasAdminsSid);
194 
195  /* create UnrestrictedDacl */
196  AclLength = sizeof(ACL) +
197  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
198  (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
199 
200  SeUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
201  AclLength,
202  TAG_ACL);
203  if (SeUnrestrictedDacl == NULL)
204  return FALSE;
205 
206  RtlCreateAcl(SeUnrestrictedDacl,
207  AclLength,
208  ACL_REVISION);
209 
210  RtlAddAccessAllowedAce(SeUnrestrictedDacl,
211  ACL_REVISION,
212  GENERIC_ALL,
213  SeWorldSid);
214 
215  RtlAddAccessAllowedAce(SeUnrestrictedDacl,
216  ACL_REVISION,
217  GENERIC_READ | GENERIC_EXECUTE,
218  SeRestrictedCodeSid);
219 
220  return TRUE;
221 }
GENERIC_ALL
#define GENERIC_ALL
Definition: nt_native.h:92
SeRestrictedCodeSid
PSID SeRestrictedCodeSid
Definition: sid.c:42
TRUE
#define TRUE
Definition: types.h:120
SeSystemDefaultDacl
PACL SeSystemDefaultDacl
Definition: acl.c:19
SePublicOpenDacl
PACL SePublicOpenDacl
Definition: acl.c:21
SePublicOpenUnrestrictedDacl
PACL SePublicOpenUnrestrictedDacl
Definition: acl.c:22
FALSE
#define FALSE
Definition: types.h:117
SeUnrestrictedDacl
PACL SeUnrestrictedDacl
Definition: acl.c:23
GENERIC_WRITE
#define GENERIC_WRITE
Definition: nt_native.h:90
ACL
struct _ACL ACL
RtlLengthSid
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
READ_CONTROL
#define READ_CONTROL
Definition: nt_native.h:58
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
SeAliasAdminsSid
PSID SeAliasAdminsSid
Definition: sid.c:43
SePublicDefaultUnrestrictedDacl
PACL SePublicDefaultUnrestrictedDacl
Definition: acl.c:20
GENERIC_READ
#define GENERIC_READ
Definition: compat.h:135
SeWorldSid
PSID SeWorldSid
Definition: sid.c:27
TAG_ACL
#define TAG_ACL
Definition: tag.h:174
SePublicDefaultDacl
PACL SePublicDefaultDacl
Definition: acl.c:18
RtlAddAccessAllowedAce
NTSTATUS NTAPI RtlAddAccessAllowedAce(IN OUT PACL Acl, IN ULONG Revision, IN ACCESS_MASK AccessMask, IN PSID Sid)
Definition: acl.c:262
RtlCreateAcl
NTSTATUS NTAPI RtlCreateAcl(IN PACL Acl, IN ULONG AclSize, IN ULONG AclRevision)
Definition: acl.c:677
NULL
#define NULL
Definition: types.h:112
ACL_REVISION
#define ACL_REVISION
Definition: setypes.h:39
SeLocalSystemSid
PSID SeLocalSystemSid
Definition: sid.c:40
ULONG
unsigned int ULONG
Definition: retypes.h:1
GENERIC_EXECUTE
#define GENERIC_EXECUTE
Definition: nt_native.h:91
_ACE
Definition: rtltypes.h:990
AclLength
_In_ ULONG AclLength
Definition: rtlfuncs.h:1844

Referenced by SepInitializationPhase0().

◆ SepInitializeTokenImplementation()

VOID NTAPI SepInitializeTokenImplementation ( VOID  )

Definition at line 1085 of file token.c.

1086 {
1087  UNICODE_STRING Name;
1088  OBJECT_TYPE_INITIALIZER ObjectTypeInitializer;
1089 
1090  DPRINT("Creating Token Object Type\n");
1091 
1092  /* Initialize the Token type */
1093  RtlZeroMemory(&ObjectTypeInitializer, sizeof(ObjectTypeInitializer));
1094  RtlInitUnicodeString(&Name, L"Token");
1095  ObjectTypeInitializer.Length = sizeof(ObjectTypeInitializer);
1096  ObjectTypeInitializer.InvalidAttributes = OBJ_OPENLINK;
1097  ObjectTypeInitializer.SecurityRequired = TRUE;
1098  ObjectTypeInitializer.DefaultPagedPoolCharge = sizeof(TOKEN);
1099  ObjectTypeInitializer.GenericMapping = SepTokenMapping;
1100  ObjectTypeInitializer.PoolType = PagedPool;
1101  ObjectTypeInitializer.ValidAccessMask = TOKEN_ALL_ACCESS;
1102  ObjectTypeInitializer.UseDefaultObject = TRUE;
1103  ObjectTypeInitializer.DeleteProcedure = SepDeleteToken;
1104  ObCreateObjectType(&Name, &ObjectTypeInitializer, NULL, &SeTokenObjectType);
1105 }
OBJ_OPENLINK
#define OBJ_OPENLINK
Definition: winternl.h:230
ObCreateObjectType
NTSTATUS NTAPI ObCreateObjectType(IN PUNICODE_STRING TypeName, IN POBJECT_TYPE_INITIALIZER ObjectTypeInitializer, IN PVOID Reserved, OUT POBJECT_TYPE *ObjectType)
Definition: oblife.c:1048
_OBJECT_TYPE_INITIALIZER::ValidAccessMask
ULONG ValidAccessMask
Definition: obtypes.h:359
_OBJECT_TYPE_INITIALIZER::SecurityRequired
BOOLEAN SecurityRequired
Definition: obtypes.h:360
TRUE
#define TRUE
Definition: types.h:120
_OBJECT_TYPE_INITIALIZER
Definition: obtypes.h:352
Name
struct NameRec_ * Name
Definition: cdprocs.h:459
NameRec_
Definition: apinames.c:48
SeTokenObjectType
POBJECT_TYPE SeTokenObjectType
Definition: token.c:29
_OBJECT_TYPE_INITIALIZER::Length
USHORT Length
Definition: obtypes.h:354
_OBJECT_TYPE_INITIALIZER::PoolType
POOL_TYPE PoolType
Definition: obtypes.h:363
TOKEN_ALL_ACCESS
#define TOKEN_ALL_ACCESS
Definition: setypes.h:892
_OBJECT_TYPE_INITIALIZER::UseDefaultObject
BOOLEAN UseDefaultObject
Definition: obtypes.h:355
L
static const WCHAR L[]
Definition: oid.c:1250
SepTokenMapping
static GENERIC_MAPPING SepTokenMapping
Definition: token.c:35
_OBJECT_TYPE_INITIALIZER::DefaultPagedPoolCharge
ULONG DefaultPagedPoolCharge
Definition: obtypes.h:364
_UNICODE_STRING
Definition: env_spec_w32.h:368
_OBJECT_TYPE_INITIALIZER::GenericMapping
GENERIC_MAPPING GenericMapping
Definition: obtypes.h:358
SepDeleteToken
VOID NTAPI SepDeleteToken(PVOID ObjectBody)
Definition: token.c:1062
NULL
#define NULL
Definition: types.h:112
RtlInitUnicodeString
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
DPRINT
#define DPRINT
Definition: sndvol32.h:71
_OBJECT_TYPE_INITIALIZER::InvalidAttributes
ULONG InvalidAttributes
Definition: obtypes.h:357
_OBJECT_TYPE_INITIALIZER::DeleteProcedure
OB_DELETE_METHOD DeleteProcedure
Definition: obtypes.h:369
TOKEN
struct _TOKEN TOKEN

Referenced by SepInitializationPhase0().

◆ SepInitPrivileges()

VOID NTAPI SepInitPrivileges ( VOID  )

Definition at line 60 of file priv.c.

61 {
62 
63 }

Referenced by SepInitializationPhase0().

◆ SepInitSDs()

BOOLEAN NTAPI SepInitSDs ( VOID  )

Definition at line 30 of file sd.c.

31 {
32  /* Create PublicDefaultSd */
33  SePublicDefaultSd = ExAllocatePoolWithTag(PagedPool,
34  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
35  if (SePublicDefaultSd == NULL)
36  return FALSE;
37 
38  RtlCreateSecurityDescriptor(SePublicDefaultSd,
39  SECURITY_DESCRIPTOR_REVISION);
40  RtlSetDaclSecurityDescriptor(SePublicDefaultSd,
41  TRUE,
42  SePublicDefaultDacl,
43  FALSE);
44 
45  /* Create PublicDefaultUnrestrictedSd */
46  SePublicDefaultUnrestrictedSd = ExAllocatePoolWithTag(PagedPool,
47  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
48  if (SePublicDefaultUnrestrictedSd == NULL)
49  return FALSE;
50 
51  RtlCreateSecurityDescriptor(SePublicDefaultUnrestrictedSd,
52  SECURITY_DESCRIPTOR_REVISION);
53  RtlSetDaclSecurityDescriptor(SePublicDefaultUnrestrictedSd,
54  TRUE,
55  SePublicDefaultUnrestrictedDacl,
56  FALSE);
57 
58  /* Create PublicOpenSd */
59  SePublicOpenSd = ExAllocatePoolWithTag(PagedPool,
60  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
61  if (SePublicOpenSd == NULL)
62  return FALSE;
63 
64  RtlCreateSecurityDescriptor(SePublicOpenSd,
65  SECURITY_DESCRIPTOR_REVISION);
66  RtlSetDaclSecurityDescriptor(SePublicOpenSd,
67  TRUE,
68  SePublicOpenDacl,
69  FALSE);
70 
71  /* Create PublicOpenUnrestrictedSd */
72  SePublicOpenUnrestrictedSd = ExAllocatePoolWithTag(PagedPool,
73  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
74  if (SePublicOpenUnrestrictedSd == NULL)
75  return FALSE;
76 
77  RtlCreateSecurityDescriptor(SePublicOpenUnrestrictedSd,
78  SECURITY_DESCRIPTOR_REVISION);
79  RtlSetDaclSecurityDescriptor(SePublicOpenUnrestrictedSd,
80  TRUE,
81  SePublicOpenUnrestrictedDacl,
82  FALSE);
83 
84  /* Create SystemDefaultSd */
85  SeSystemDefaultSd = ExAllocatePoolWithTag(PagedPool,
86  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
87  if (SeSystemDefaultSd == NULL)
88  return FALSE;
89 
90  RtlCreateSecurityDescriptor(SeSystemDefaultSd,
91  SECURITY_DESCRIPTOR_REVISION);
92  RtlSetDaclSecurityDescriptor(SeSystemDefaultSd,
93  TRUE,
94  SeSystemDefaultDacl,
95  FALSE);
96 
97  /* Create UnrestrictedSd */
98  SeUnrestrictedSd = ExAllocatePoolWithTag(PagedPool,
99  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
100  if (SeUnrestrictedSd == NULL)
101  return FALSE;
102 
103  RtlCreateSecurityDescriptor(SeUnrestrictedSd,
104  SECURITY_DESCRIPTOR_REVISION);
105  RtlSetDaclSecurityDescriptor(SeUnrestrictedSd,
106  TRUE,
107  SeUnrestrictedDacl,
108  FALSE);
109 
110  return TRUE;
111 }
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
SePublicDefaultUnrestrictedDacl
PACL SePublicDefaultUnrestrictedDacl
Definition: acl.c:20
TRUE
#define TRUE
Definition: types.h:120
SePublicDefaultSd
PSECURITY_DESCRIPTOR SePublicDefaultSd
Definition: sd.c:18
SeSystemDefaultDacl
PACL SeSystemDefaultDacl
Definition: acl.c:19
SeUnrestrictedSd
PSECURITY_DESCRIPTOR SeUnrestrictedSd
Definition: sd.c:23
RtlCreateSecurityDescriptor
NTSTATUS NTAPI RtlCreateSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Revision)
Definition: sd.c:117
SePublicOpenSd
PSECURITY_DESCRIPTOR SePublicOpenSd
Definition: sd.c:20
RtlSetDaclSecurityDescriptor
NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN DaclPresent, IN PACL Dacl, IN BOOLEAN DaclDefaulted)
Definition: sd.c:303
SECURITY_DESCRIPTOR_REVISION
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
FALSE
#define FALSE
Definition: types.h:117
SePublicOpenDacl
PACL SePublicOpenDacl
Definition: acl.c:21
TAG_SD
#define TAG_SD
Definition: tag.h:176
SePublicOpenUnrestrictedSd
PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
Definition: sd.c:21
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
SePublicDefaultUnrestrictedSd
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
Definition: sd.c:19
SePublicDefaultDacl
PACL SePublicDefaultDacl
Definition: acl.c:18
NULL
#define NULL
Definition: types.h:112
SeUnrestrictedDacl
PACL SeUnrestrictedDacl
Definition: acl.c:23
SePublicOpenUnrestrictedDacl
PACL SePublicOpenUnrestrictedDacl
Definition: acl.c:22
SeSystemDefaultSd
PSECURITY_DESCRIPTOR SeSystemDefaultSd
Definition: sd.c:22

Referenced by SepInitializationPhase0().

◆ SepInitSecurityIDs()

BOOLEAN NTAPI SepInitSecurityIDs ( VOID  )

Definition at line 96 of file sid.c.

97 {
98  ULONG SidLength0;
99  ULONG SidLength1;
100  ULONG SidLength2;
101  PULONG SubAuthority;
102 
103  SidLength0 = RtlLengthRequiredSid(0);
104  SidLength1 = RtlLengthRequiredSid(1);
105  SidLength2 = RtlLengthRequiredSid(2);
106 
107  /* create NullSid */
108  SeNullSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
109  SeWorldSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
110  SeLocalSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
111  SeCreatorOwnerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
112  SeCreatorGroupSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
113  SeCreatorOwnerServerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
114  SeCreatorGroupServerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
115  SeNtAuthoritySid = ExAllocatePoolWithTag(PagedPool, SidLength0, TAG_SID);
116  SeDialupSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
117  SeNetworkSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
118  SeBatchSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
119  SeInteractiveSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
120  SeServiceSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
121  SePrincipalSelfSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
122  SeLocalSystemSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
123  SeAuthenticatedUserSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
124  SeRestrictedCodeSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
125  SeAliasAdminsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
126  SeAliasUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
127  SeAliasGuestsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
128  SeAliasPowerUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
129  SeAliasAccountOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
130  SeAliasSystemOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
131  SeAliasPrintOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
132  SeAliasBackupOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
133  SeAuthenticatedUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
134  SeRestrictedSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
135  SeAnonymousLogonSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
136  SeLocalServiceSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
137  SeNetworkServiceSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
138 
139  if (SeNullSid == NULL || SeWorldSid == NULL ||
140  SeLocalSid == NULL || SeCreatorOwnerSid == NULL ||
141  SeCreatorGroupSid == NULL || SeCreatorOwnerServerSid == NULL ||
142  SeCreatorGroupServerSid == NULL || SeNtAuthoritySid == NULL ||
143  SeDialupSid == NULL || SeNetworkSid == NULL || SeBatchSid == NULL ||
144  SeInteractiveSid == NULL || SeServiceSid == NULL ||
145  SePrincipalSelfSid == NULL || SeLocalSystemSid == NULL ||
146  SeAuthenticatedUserSid == NULL || SeRestrictedCodeSid == NULL ||
147  SeAliasAdminsSid == NULL || SeAliasUsersSid == NULL ||
148  SeAliasGuestsSid == NULL || SeAliasPowerUsersSid == NULL ||
149  SeAliasAccountOpsSid == NULL || SeAliasSystemOpsSid == NULL ||
150  SeAliasPrintOpsSid == NULL || SeAliasBackupOpsSid == NULL ||
151  SeAuthenticatedUsersSid == NULL || SeRestrictedSid == NULL ||
152  SeAnonymousLogonSid == NULL || SeLocalServiceSid == NULL ||
153  SeNetworkServiceSid == NULL)
154  {
155  FreeInitializedSids();
156  return FALSE;
157  }
158 
159  RtlInitializeSid(SeNullSid, &SeNullSidAuthority, 1);
160  RtlInitializeSid(SeWorldSid, &SeWorldSidAuthority, 1);
161  RtlInitializeSid(SeLocalSid, &SeLocalSidAuthority, 1);
162  RtlInitializeSid(SeCreatorOwnerSid, &SeCreatorSidAuthority, 1);
163  RtlInitializeSid(SeCreatorGroupSid, &SeCreatorSidAuthority, 1);
164  RtlInitializeSid(SeCreatorOwnerServerSid, &SeCreatorSidAuthority, 1);
165  RtlInitializeSid(SeCreatorGroupServerSid, &SeCreatorSidAuthority, 1);
166  RtlInitializeSid(SeNtAuthoritySid, &SeNtSidAuthority, 0);
167  RtlInitializeSid(SeDialupSid, &SeNtSidAuthority, 1);
168  RtlInitializeSid(SeNetworkSid, &SeNtSidAuthority, 1);
169  RtlInitializeSid(SeBatchSid, &SeNtSidAuthority, 1);
170  RtlInitializeSid(SeInteractiveSid, &SeNtSidAuthority, 1);
171  RtlInitializeSid(SeServiceSid, &SeNtSidAuthority, 1);
172  RtlInitializeSid(SePrincipalSelfSid, &SeNtSidAuthority, 1);
173  RtlInitializeSid(SeLocalSystemSid, &SeNtSidAuthority, 1);
174  RtlInitializeSid(SeAuthenticatedUserSid, &SeNtSidAuthority, 1);
175  RtlInitializeSid(SeRestrictedCodeSid, &SeNtSidAuthority, 1);
176  RtlInitializeSid(SeAliasAdminsSid, &SeNtSidAuthority, 2);
177  RtlInitializeSid(SeAliasUsersSid, &SeNtSidAuthority, 2);
178  RtlInitializeSid(SeAliasGuestsSid, &SeNtSidAuthority, 2);
179  RtlInitializeSid(SeAliasPowerUsersSid, &SeNtSidAuthority, 2);
180  RtlInitializeSid(SeAliasAccountOpsSid, &SeNtSidAuthority, 2);
181  RtlInitializeSid(SeAliasSystemOpsSid, &SeNtSidAuthority, 2);
182  RtlInitializeSid(SeAliasPrintOpsSid, &SeNtSidAuthority, 2);
183  RtlInitializeSid(SeAliasBackupOpsSid, &SeNtSidAuthority, 2);
184  RtlInitializeSid(SeAuthenticatedUsersSid, &SeNtSidAuthority, 1);
185  RtlInitializeSid(SeRestrictedSid, &SeNtSidAuthority, 1);
186  RtlInitializeSid(SeAnonymousLogonSid, &SeNtSidAuthority, 1);
187  RtlInitializeSid(SeLocalServiceSid, &SeNtSidAuthority, 1);
188  RtlInitializeSid(SeNetworkServiceSid, &SeNtSidAuthority, 1);
189 
190  SubAuthority = RtlSubAuthoritySid(SeNullSid, 0);
191  *SubAuthority = SECURITY_NULL_RID;
192  SubAuthority = RtlSubAuthoritySid(SeWorldSid, 0);
193  *SubAuthority = SECURITY_WORLD_RID;
194  SubAuthority = RtlSubAuthoritySid(SeLocalSid, 0);
195  *SubAuthority = SECURITY_LOCAL_RID;
196  SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerSid, 0);
197  *SubAuthority = SECURITY_CREATOR_OWNER_RID;
198  SubAuthority = RtlSubAuthoritySid(SeCreatorGroupSid, 0);
199  *SubAuthority = SECURITY_CREATOR_GROUP_RID;
200  SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerServerSid, 0);
201  *SubAuthority = SECURITY_CREATOR_OWNER_SERVER_RID;
202  SubAuthority = RtlSubAuthoritySid(SeCreatorGroupServerSid, 0);
203  *SubAuthority = SECURITY_CREATOR_GROUP_SERVER_RID;
204  SubAuthority = RtlSubAuthoritySid(SeDialupSid, 0);
205  *SubAuthority = SECURITY_DIALUP_RID;
206  SubAuthority = RtlSubAuthoritySid(SeNetworkSid, 0);
207  *SubAuthority = SECURITY_NETWORK_RID;
208  SubAuthority = RtlSubAuthoritySid(SeBatchSid, 0);
209  *SubAuthority = SECURITY_BATCH_RID;
210  SubAuthority = RtlSubAuthoritySid(SeInteractiveSid, 0);
211  *SubAuthority = SECURITY_INTERACTIVE_RID;
212  SubAuthority = RtlSubAuthoritySid(SeServiceSid, 0);
213  *SubAuthority = SECURITY_SERVICE_RID;
214  SubAuthority = RtlSubAuthoritySid(SePrincipalSelfSid, 0);
215  *SubAuthority = SECURITY_PRINCIPAL_SELF_RID;
216  SubAuthority = RtlSubAuthoritySid(SeLocalSystemSid, 0);
217  *SubAuthority = SECURITY_LOCAL_SYSTEM_RID;
218  SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUserSid, 0);
219  *SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
220  SubAuthority = RtlSubAuthoritySid(SeRestrictedCodeSid, 0);
221  *SubAuthority = SECURITY_RESTRICTED_CODE_RID;
222  SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 0);
223  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
224  SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 1);
225  *SubAuthority = DOMAIN_ALIAS_RID_ADMINS;
226  SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 0);
227  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
228  SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 1);
229  *SubAuthority = DOMAIN_ALIAS_RID_USERS;
230  SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 0);
231  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
232  SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 1);
233  *SubAuthority = DOMAIN_ALIAS_RID_GUESTS;
234  SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 0);
235  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
236  SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 1);
237  *SubAuthority = DOMAIN_ALIAS_RID_POWER_USERS;
238  SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 0);
239  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
240  SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 1);
241  *SubAuthority = DOMAIN_ALIAS_RID_ACCOUNT_OPS;
242  SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 0);
243  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
244  SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 1);
245  *SubAuthority = DOMAIN_ALIAS_RID_SYSTEM_OPS;
246  SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 0);
247  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
248  SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 1);
249  *SubAuthority = DOMAIN_ALIAS_RID_PRINT_OPS;
250  SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 0);
251  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
252  SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 1);
253  *SubAuthority = DOMAIN_ALIAS_RID_BACKUP_OPS;
254  SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUsersSid, 0);
255  *SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
256  SubAuthority = RtlSubAuthoritySid(SeRestrictedSid, 0);
257  *SubAuthority = SECURITY_RESTRICTED_CODE_RID;
258  SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid, 0);
259  *SubAuthority = SECURITY_ANONYMOUS_LOGON_RID;
260  SubAuthority = RtlSubAuthoritySid(SeLocalServiceSid, 0);
261  *SubAuthority = SECURITY_LOCAL_SERVICE_RID;
262  SubAuthority = RtlSubAuthoritySid(SeNetworkServiceSid, 0);
263  *SubAuthority = SECURITY_NETWORK_SERVICE_RID;
264 
265  return TRUE;
266 }
SeLocalServiceSid
PSID SeLocalServiceSid
Definition: sid.c:54
SECURITY_BATCH_RID
#define SECURITY_BATCH_RID
Definition: setypes.h:530
SECURITY_AUTHENTICATED_USER_RID
#define SECURITY_AUTHENTICATED_USER_RID
Definition: setypes.h:540
SECURITY_LOCAL_SYSTEM_RID
#define SECURITY_LOCAL_SYSTEM_RID
Definition: setypes.h:546
DOMAIN_ALIAS_RID_GUESTS
#define DOMAIN_ALIAS_RID_GUESTS
Definition: setypes.h:626
SeAliasPrintOpsSid
PSID SeAliasPrintOpsSid
Definition: sid.c:49
FreeInitializedSids
VOID NTAPI FreeInitializedSids(VOID)
Definition: sid.c:61
SeAnonymousLogonSid
PSID SeAnonymousLogonSid
Definition: sid.c:53
SeBatchSid
PSID SeBatchSid
Definition: sid.c:36
TRUE
#define TRUE
Definition: types.h:120
SeLocalSystemSid
PSID SeLocalSystemSid
Definition: sid.c:40
SeAliasAdminsSid
PSID SeAliasAdminsSid
Definition: sid.c:43
DOMAIN_ALIAS_RID_ACCOUNT_OPS
#define DOMAIN_ALIAS_RID_ACCOUNT_OPS
Definition: setypes.h:629
SeDialupSid
PSID SeDialupSid
Definition: sid.c:34
SECURITY_DIALUP_RID
#define SECURITY_DIALUP_RID
Definition: setypes.h:528
SECURITY_NETWORK_RID
#define SECURITY_NETWORK_RID
Definition: setypes.h:529
TAG_SID
#define TAG_SID
Definition: sid.c:15
DOMAIN_ALIAS_RID_POWER_USERS
#define DOMAIN_ALIAS_RID_POWER_USERS
Definition: setypes.h:627
SECURITY_INTERACTIVE_RID
#define SECURITY_INTERACTIVE_RID
Definition: setypes.h:531
SeAliasBackupOpsSid
PSID SeAliasBackupOpsSid
Definition: sid.c:50
SePrincipalSelfSid
PSID SePrincipalSelfSid
Definition: sid.c:39
RtlSubAuthoritySid
PULONG NTAPI RtlSubAuthoritySid(IN PSID Sid_, IN ULONG SubAuthority)
Definition: sid.c:89
SECURITY_PRINCIPAL_SELF_RID
#define SECURITY_PRINCIPAL_SELF_RID
Definition: setypes.h:539
SeCreatorOwnerServerSid
PSID SeCreatorOwnerServerSid
Definition: sid.c:31
FALSE
#define FALSE
Definition: types.h:117
SeCreatorSidAuthority
SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority
Definition: sid.c:23
SECURITY_LOCAL_SERVICE_RID
#define SECURITY_LOCAL_SERVICE_RID
Definition: setypes.h:547
SECURITY_CREATOR_GROUP_SERVER_RID
#define SECURITY_CREATOR_GROUP_SERVER_RID
Definition: setypes.h:520
SECURITY_BUILTIN_DOMAIN_RID
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:553
DOMAIN_ALIAS_RID_BACKUP_OPS
#define DOMAIN_ALIAS_RID_BACKUP_OPS
Definition: setypes.h:632
SeServiceSid
PSID SeServiceSid
Definition: sid.c:38
DOMAIN_ALIAS_RID_SYSTEM_OPS
#define DOMAIN_ALIAS_RID_SYSTEM_OPS
Definition: setypes.h:630
SECURITY_LOCAL_RID
#define SECURITY_LOCAL_RID
Definition: setypes.h:514
SeWorldSidAuthority
SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority
Definition: sid.c:21
SECURITY_WORLD_RID
#define SECURITY_WORLD_RID
Definition: setypes.h:513
SECURITY_ANONYMOUS_LOGON_RID
#define SECURITY_ANONYMOUS_LOGON_RID
Definition: setypes.h:535
SeAliasUsersSid
PSID SeAliasUsersSid
Definition: sid.c:44
SeAliasGuestsSid
PSID SeAliasGuestsSid
Definition: sid.c:45
SECURITY_CREATOR_OWNER_RID
#define SECURITY_CREATOR_OWNER_RID
Definition: setypes.h:517
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
SECURITY_NULL_RID
#define SECURITY_NULL_RID
Definition: setypes.h:512
SeAuthenticatedUserSid
PSID SeAuthenticatedUserSid
Definition: sid.c:41
SeWorldSid
PSID SeWorldSid
Definition: sid.c:27
RtlLengthRequiredSid
ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
SeLocalSid
PSID SeLocalSid
Definition: sid.c:28
SeAuthenticatedUsersSid
PSID SeAuthenticatedUsersSid
Definition: sid.c:51
SeAliasPowerUsersSid
PSID SeAliasPowerUsersSid
Definition: sid.c:46
SECURITY_NETWORK_SERVICE_RID
#define SECURITY_NETWORK_SERVICE_RID
Definition: setypes.h:548
SeNetworkSid
PSID SeNetworkSid
Definition: sid.c:35
SeNullSidAuthority
SID_IDENTIFIER_AUTHORITY SeNullSidAuthority
Definition: sid.c:20
SECURITY_CREATOR_GROUP_RID
#define SECURITY_CREATOR_GROUP_RID
Definition: setypes.h:518
RtlInitializeSid
NTSTATUS NTAPI RtlInitializeSid(IN PSID Sid_, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)
Definition: sid.c:68
DOMAIN_ALIAS_RID_USERS
#define DOMAIN_ALIAS_RID_USERS
Definition: setypes.h:625
PULONG
unsigned int * PULONG
Definition: retypes.h:1
SECURITY_RESTRICTED_CODE_RID
#define SECURITY_RESTRICTED_CODE_RID
Definition: setypes.h:541
NULL
#define NULL
Definition: types.h:112
SeCreatorGroupSid
PSID SeCreatorGroupSid
Definition: sid.c:30
SeRestrictedSid
PSID SeRestrictedSid
Definition: sid.c:52
SeCreatorGroupServerSid
PSID SeCreatorGroupServerSid
Definition: sid.c:32
SeNetworkServiceSid
PSID SeNetworkServiceSid
Definition: sid.c:55
SECURITY_CREATOR_OWNER_SERVER_RID
#define SECURITY_CREATOR_OWNER_SERVER_RID
Definition: setypes.h:519
SeRestrictedCodeSid
PSID SeRestrictedCodeSid
Definition: sid.c:42
DOMAIN_ALIAS_RID_PRINT_OPS
#define DOMAIN_ALIAS_RID_PRINT_OPS
Definition: setypes.h:631
SECURITY_SERVICE_RID
#define SECURITY_SERVICE_RID
Definition: setypes.h:534
ULONG
unsigned int ULONG
Definition: retypes.h:1
SeLocalSidAuthority
SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority
Definition: sid.c:22
SeCreatorOwnerSid
PSID SeCreatorOwnerSid
Definition: sid.c:29
SeAliasSystemOpsSid
PSID SeAliasSystemOpsSid
Definition: sid.c:48
SeInteractiveSid
PSID SeInteractiveSid
Definition: sid.c:37
SeNullSid
PSID SeNullSid
Definition: sid.c:26
SeNtSidAuthority
SID_IDENTIFIER_AUTHORITY SeNtSidAuthority
Definition: sid.c:24
DOMAIN_ALIAS_RID_ADMINS
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:624
SeNtAuthoritySid
PSID SeNtAuthoritySid
Definition: sid.c:33
SeAliasAccountOpsSid
PSID SeAliasAccountOpsSid
Definition: sid.c:47

Referenced by SepInitializationPhase0().

◆ SepPrivilegeCheck()

BOOLEAN NTAPI SepPrivilegeCheck ( PTOKEN  Token,
PLUID_AND_ATTRIBUTES  Privileges,
ULONG  PrivilegeCount,
ULONG  PrivilegeControl,
KPROCESSOR_MODE  PreviousMode 
)

Definition at line 68 of file priv.c.

73 {
74  ULONG i;
75  ULONG j;
76  ULONG Required;
77 
78  DPRINT("SepPrivilegeCheck() called\n");
79 
80  PAGED_CODE();
81 
82  if (PreviousMode == KernelMode)
83  return TRUE;
84 
85  /* Get the number of privileges that are required to match */
86  Required = (PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY) ? PrivilegeCount : 1;
87 
88  /* Acquire a shared token lock */
89  SepAcquireTokenLockShared(Token);
90 
91  /* Loop all requested privileges until we found the required ones */
92  for (i = 0; i < PrivilegeCount; i++)
93  {
94  /* Loop the privileges of the token */
95  for (j = 0; j < Token->PrivilegeCount; j++)
96  {
97  /* Check if the LUIDs match */
98  if (RtlEqualLuid(&Token->Privileges[j].Luid, &Privileges[i].Luid))
99  {
100  DPRINT("Found privilege. Attributes: %lx\n",
101  Token->Privileges[j].Attributes);
102 
103  /* Check if the privilege is enabled */
104  if (Token->Privileges[j].Attributes & SE_PRIVILEGE_ENABLED)
105  {
106  Privileges[i].Attributes |= SE_PRIVILEGE_USED_FOR_ACCESS;
107  Required--;
108 
109  /* Check if we have found all privileges */
110  if (Required == 0)
111  {
112  /* We're done! */
113  SepReleaseTokenLock(Token);
114  return TRUE;
115  }
116  }
117 
118  /* Leave the inner loop */
119  break;
120  }
121  }
122  }
123 
124  /* Release the token lock */
125  SepReleaseTokenLock(Token);
126 
127  /* When we reached this point, we did not find all privileges */
128  ASSERT(Required > 0);
129  return FALSE;
130 }
TRUE
#define TRUE
Definition: types.h:120
Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
SE_PRIVILEGE_ENABLED
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
FALSE
#define FALSE
Definition: types.h:117
RtlEqualLuid
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
PRIVILEGE_SET_ALL_NECESSARY
#define PRIVILEGE_SET_ALL_NECESSARY
Definition: setypes.h:83
SE_PRIVILEGE_USED_FOR_ACCESS
#define SE_PRIVILEGE_USED_FOR_ACCESS
Definition: setypes.h:65
j
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
Definition: glfuncs.h:250
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
ASSERT
#define ASSERT(a)
Definition: mode.c:45
Privileges
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
SepReleaseTokenLock
#define SepReleaseTokenLock(Token)
Definition: se.h:211
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
SepAcquireTokenLockShared
#define SepAcquireTokenLockShared(Token)
Definition: se.h:205
ULONG
unsigned int ULONG
Definition: retypes.h:1
Required
struct _MEMORY_AREA struct _MM_REQUIRED_RESOURCES * Required
Definition: newmm.h:48
DPRINT
#define DPRINT
Definition: sndvol32.h:71
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

Referenced by NtPrivilegeCheck(), SeCheckAuditPrivilege(), SePrivilegeCheck(), and SepSinglePrivilegeCheck().

◆ SepPropagateAcl()

NTSTATUS SepPropagateAcl ( _Out_writes_bytes_opt_(DaclLength) PACL  AclDest,
_Inout_ PULONG  AclLength,
_In_reads_bytes_(AclSource->AclSize) PACL  AclSource,
_In_ PSID  Owner,
_In_ PSID  Group,
_In_ BOOLEAN  IsInherited,
_In_ BOOLEAN  IsDirectoryObject,
_In_ PGENERIC_MAPPING  GenericMapping 
)

◆ SepReleaseAcl()

VOID NTAPI SepReleaseAcl ( IN PACL  CapturedAcl,
IN KPROCESSOR_MODE  AccessMode,
IN BOOLEAN  CaptureIfKernel 
)

Definition at line 361 of file acl.c.

364 {
365  PAGED_CODE();
366 
367  if (CapturedAcl != NULL &&
368  (AccessMode != KernelMode ||
369  (AccessMode == KernelMode && CaptureIfKernel)))
370  {
371  ExFreePoolWithTag(CapturedAcl, TAG_ACL);
372  }
373 }
AccessMode
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
TAG_ACL
#define TAG_ACL
Definition: tag.h:174
NULL
#define NULL
Definition: types.h:112
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

Referenced by NtCreateToken().

◆ SepReleaseSecurityQualityOfService()

VOID NTAPI SepReleaseSecurityQualityOfService ( IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService  OPTIONAL,
IN KPROCESSOR_MODE  AccessMode,
IN BOOLEAN  CaptureIfKernel 
)

Definition at line 363 of file sd.c.

366 {
367  PAGED_CODE();
368 
369  if (CapturedSecurityQualityOfService != NULL &&
370  (AccessMode != KernelMode || CaptureIfKernel))
371  {
372  ExFreePoolWithTag(CapturedSecurityQualityOfService, TAG_QOS);
373  }
374 }
AccessMode
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
NULL
#define NULL
Definition: types.h:112
TAG_QOS
#define TAG_QOS
Definition: tag.h:177
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

Referenced by NtDuplicateToken().

◆ SepReleaseSid()

VOID NTAPI SepReleaseSid ( IN PSID  CapturedSid,
IN KPROCESSOR_MODE  AccessMode,
IN BOOLEAN  CaptureIfKernel 
)

Definition at line 338 of file sid.c.

341 {
342  PAGED_CODE();
343 
344  if (CapturedSid != NULL &&
345  (AccessMode != KernelMode ||
346  (AccessMode == KernelMode && CaptureIfKernel)))
347  {
348  ExFreePoolWithTag(CapturedSid, TAG_SID);
349  }
350 }
TAG_SID
#define TAG_SID
Definition: sid.c:15
AccessMode
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
NULL
#define NULL
Definition: types.h:112
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

Referenced by NtCreateToken(), NtSecureConnectPort(), NtSetInformationToken(), and SepAccessCheckAndAuditAlarm().

◆ SePrivilegedServiceAuditAlarm()

VOID NTAPI SePrivilegedServiceAuditAlarm ( _In_opt_ PUNICODE_STRING  ServiceName,
_In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext,
_In_ PPRIVILEGE_SET  PrivilegeSet,
_In_ BOOLEAN  AccessGranted 
)

Definition at line 214 of file audit.c.

219 {
220  PTOKEN EffectiveToken;
221  PSID UserSid;
222  PAGED_CODE();
223 
224  /* Get the effective token */
225  if (SubjectContext->ClientToken != NULL)
226  EffectiveToken = SubjectContext->ClientToken;
227  else
228  EffectiveToken = SubjectContext->PrimaryToken;
229 
230  /* Get the user SID */
231  UserSid = EffectiveToken->UserAndGroups->Sid;
232 
233  /* Check if this is the local system SID */
234  if (RtlEqualSid(UserSid, SeLocalSystemSid))
235  {
236  /* Nothing to do */
237  return;
238  }
239 
240  /* Check if this is the network service or local service SID */
241  if (RtlEqualSid(UserSid, SeExports->SeNetworkServiceSid) ||
242  RtlEqualSid(UserSid, SeExports->SeLocalServiceSid))
243  {
244  // FIXME: should continue for a certain set of privileges
245  return;
246  }
247 
248  /* Call the worker function */
249  SepAdtPrivilegedServiceAuditAlarm(SubjectContext,
250  &SeSubsystemName,
251