ReactOS  0.4.14-dev-50-g13bb5e2
se.h File Reference

Go to the source code of this file.

Classes

struct  _KNOWN_ACE
 
struct  _KNOWN_OBJECT_ACE
 
struct  _KNOWN_COMPOUND_ACE
 

Macros

#define SepAcquireTokenLockExclusive(Token)
 
#define SepAcquireTokenLockShared(Token)
 
#define SepReleaseTokenLock(Token)
 

Typedefs

typedef struct _KNOWN_ACE KNOWN_ACE
 
typedef struct _KNOWN_ACEPKNOWN_ACE
 
typedef struct _KNOWN_OBJECT_ACE KNOWN_OBJECT_ACE
 
typedef struct _KNOWN_OBJECT_ACEPKNOWN_OBJECT_ACE
 
typedef struct _KNOWN_COMPOUND_ACE KNOWN_COMPOUND_ACE
 
typedef struct _KNOWN_COMPOUND_ACEPKNOWN_COMPOUND_ACE
 

Functions

FORCEINLINE PSID SepGetGroupFromDescriptor (PVOID _Descriptor)
 
FORCEINLINE PSID SepGetOwnerFromDescriptor (PVOID _Descriptor)
 
FORCEINLINE PACL SepGetDaclFromDescriptor (PVOID _Descriptor)
 
FORCEINLINE PACL SepGetSaclFromDescriptor (PVOID _Descriptor)
 
BOOLEAN NTAPI SepTokenIsOwner (IN PACCESS_TOKEN _Token, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN TokenLocked)
 
BOOLEAN NTAPI SepSidInToken (IN PACCESS_TOKEN _Token, IN PSID Sid)
 
BOOLEAN NTAPI SepSidInTokenEx (IN PACCESS_TOKEN _Token, IN PSID PrincipalSelfSid, IN PSID _Sid, IN BOOLEAN Deny, IN BOOLEAN Restricted)
 
INIT_FUNCTION BOOLEAN NTAPI SeInitSystem (VOID)
 
INIT_FUNCTION VOID NTAPI SepInitPrivileges (VOID)
 
INIT_FUNCTION BOOLEAN NTAPI SepInitSecurityIDs (VOID)
 
INIT_FUNCTION BOOLEAN NTAPI SepInitDACLs (VOID)
 
INIT_FUNCTION BOOLEAN NTAPI SepInitSDs (VOID)
 
BOOLEAN NTAPI SeRmInitPhase0 (VOID)
 
BOOLEAN NTAPI SeRmInitPhase1 (VOID)
 
VOID NTAPI SeDeassignPrimaryToken (struct _EPROCESS *Process)
 
NTSTATUS NTAPI SeSubProcessToken (IN PTOKEN Parent, OUT PTOKEN *Token, IN BOOLEAN InUse, IN ULONG SessionId)
 
NTSTATUS NTAPI SeInitializeProcessAuditName (IN PFILE_OBJECT FileObject, IN BOOLEAN DoAudit, OUT POBJECT_NAME_INFORMATION *AuditInfo)
 
NTSTATUS NTAPI SeCreateAccessStateEx (IN PETHREAD Thread, IN PEPROCESS Process, IN OUT PACCESS_STATE AccessState, IN PAUX_ACCESS_DATA AuxData, IN ACCESS_MASK Access, IN PGENERIC_MAPPING GenericMapping)
 
NTSTATUS NTAPI SeIsTokenChild (IN PTOKEN Token, OUT PBOOLEAN IsChild)
 
NTSTATUS NTAPI SeIsTokenSibling (IN PTOKEN Token, OUT PBOOLEAN IsSibling)
 
NTSTATUS NTAPI SepCreateImpersonationTokenDacl (_In_ PTOKEN Token, _In_ PTOKEN PrimaryToken, _Out_ PACL *Dacl)
 
INIT_FUNCTION VOID NTAPI SepInitializeTokenImplementation (VOID)
 
PTOKEN NTAPI SepCreateSystemProcessToken (VOID)
 
BOOLEAN NTAPI SeDetailedAuditingWithToken (IN PTOKEN Token)
 
VOID NTAPI SeAuditProcessExit (IN PEPROCESS Process)
 
VOID NTAPI SeAuditProcessCreate (IN PEPROCESS Process)
 
NTSTATUS NTAPI SeExchangePrimaryToken (_In_ PEPROCESS Process, _In_ PACCESS_TOKEN NewAccessToken, _Out_ PACCESS_TOKEN *OldAccessToken)
 
VOID NTAPI SeCaptureSubjectContextEx (IN PETHREAD Thread, IN PEPROCESS Process, OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
 
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Src, ULONG PrivilegeCount, KPROCESSOR_MODE PreviousMode, PLUID_AND_ATTRIBUTES AllocatedMem, ULONG AllocatedLength, POOL_TYPE PoolType, BOOLEAN CaptureIfKernel, PLUID_AND_ATTRIBUTES *Dest, PULONG Length)
 
VOID NTAPI SeReleaseLuidAndAttributesArray (PLUID_AND_ATTRIBUTES Privilege, KPROCESSOR_MODE PreviousMode, BOOLEAN CaptureIfKernel)
 
BOOLEAN NTAPI SepPrivilegeCheck (PTOKEN Token, PLUID_AND_ATTRIBUTES Privileges, ULONG PrivilegeCount, ULONG PrivilegeControl, KPROCESSOR_MODE PreviousMode)
 
NTSTATUS NTAPI SePrivilegePolicyCheck (_Inout_ PACCESS_MASK DesiredAccess, _Inout_ PACCESS_MASK GrantedAccess, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PTOKEN Token, _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet, _In_ KPROCESSOR_MODE PreviousMode)
 
BOOLEAN NTAPI SeCheckPrivilegedObject (IN LUID PrivilegeValue, IN HANDLE ObjectHandle, IN ACCESS_MASK DesiredAccess, IN KPROCESSOR_MODE PreviousMode)
 
NTSTATUS NTAPI SepDuplicateToken (_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
 
NTSTATUS NTAPI SepCaptureSecurityQualityOfService (IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, OUT PBOOLEAN Present)
 
VOID NTAPI SepReleaseSecurityQualityOfService (IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
 
NTSTATUS NTAPI SepCaptureSid (IN PSID InputSid, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSID *CapturedSid)
 
VOID NTAPI SepReleaseSid (IN PSID CapturedSid, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
 
NTSTATUS NTAPI SeCaptureSidAndAttributesArray (_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
 
VOID NTAPI SeReleaseSidAndAttributesArray (_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
 
NTSTATUS NTAPI SeComputeQuotaInformationSize (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PULONG QuotaInfoSize)
 
NTSTATUS NTAPI SepCaptureAcl (IN PACL InputAcl, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PACL *CapturedAcl)
 
VOID NTAPI SepReleaseAcl (IN PACL CapturedAcl, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
 
NTSTATUS SepPropagateAcl (_Out_writes_bytes_opt_(DaclLength) PACL AclDest, _Inout_ PULONG AclLength, _In_reads_bytes_(AclSource->AclSize) PACL AclSource, _In_ PSID Owner, _In_ PSID Group, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
 
PACL SepSelectAcl (_In_opt_ PACL ExplicitAcl, _In_ BOOLEAN ExplicitPresent, _In_ BOOLEAN ExplicitDefaulted, _In_opt_ PACL ParentAcl, _In_opt_ PACL DefaultAcl, _Out_ PULONG AclLength, _In_ PSID Owner, _In_ PSID Group, _Out_ PBOOLEAN AclPresent, _Out_ PBOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
 
NTSTATUS NTAPI SeDefaultObjectMethod (PVOID Object, SECURITY_OPERATION_CODE OperationType, PSECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR NewSecurityDescriptor, PULONG ReturnLength, PSECURITY_DESCRIPTOR *OldSecurityDescriptor, POOL_TYPE PoolType, PGENERIC_MAPPING GenericMapping)
 
NTSTATUS NTAPI SeSetWorldSecurityDescriptor (SECURITY_INFORMATION SecurityInformation, PISECURITY_DESCRIPTOR SecurityDescriptor, PULONG BufferLength)
 
NTSTATUS NTAPI SeCopyClientToken (IN PACCESS_TOKEN Token, IN SECURITY_IMPERSONATION_LEVEL Level, IN KPROCESSOR_MODE PreviousMode, OUT PACCESS_TOKEN *NewToken)
 
VOID NTAPI SeQuerySecurityAccessMask (IN SECURITY_INFORMATION SecurityInformation, OUT PACCESS_MASK DesiredAccess)
 
VOID NTAPI SeSetSecurityAccessMask (IN SECURITY_INFORMATION SecurityInformation, OUT PACCESS_MASK DesiredAccess)
 
BOOLEAN NTAPI SeFastTraverseCheck (IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PACCESS_STATE AccessState, IN ACCESS_MASK DesiredAccess, IN KPROCESSOR_MODE AccessMode)
 
BOOLEAN NTAPI SeCheckAuditPrivilege (_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
 
VOID NTAPI SePrivilegedServiceAuditAlarm (_In_opt_ PUNICODE_STRING ServiceName, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN AccessGranted)
 
NTSTATUS SepRmReferenceLogonSession (PLUID LogonLuid)
 
NTSTATUS SepRmDereferenceLogonSession (PLUID LogonLuid)
 
NTSTATUS NTAPI SeGetLogonIdDeviceMap (IN PLUID LogonId, OUT PDEVICE_MAP *DeviceMap)
 

Variables

SID_IDENTIFIER_AUTHORITY SeNullSidAuthority
 
SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority
 
SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority
 
SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority
 
SID_IDENTIFIER_AUTHORITY SeNtSidAuthority
 
PSID SeNullSid
 
PSID SeWorldSid
 
PSID SeLocalSid
 
PSID SeCreatorOwnerSid
 
PSID SeCreatorGroupSid
 
PSID SeCreatorOwnerServerSid
 
PSID SeCreatorGroupServerSid
 
PSID SeNtAuthoritySid
 
PSID SeDialupSid
 
PSID SeNetworkSid
 
PSID SeBatchSid
 
PSID SeInteractiveSid
 
PSID SeServiceSid
 
PSID SeAnonymousLogonSid
 
PSID SePrincipalSelfSid
 
PSID SeLocalSystemSid
 
PSID SeAuthenticatedUserSid
 
PSID SeRestrictedCodeSid
 
PSID SeAliasAdminsSid
 
PSID SeAliasUsersSid
 
PSID SeAliasGuestsSid
 
PSID SeAliasPowerUsersSid
 
PSID SeAliasAccountOpsSid
 
PSID SeAliasSystemOpsSid
 
PSID SeAliasPrintOpsSid
 
PSID SeAliasBackupOpsSid
 
PSID SeAuthenticatedUsersSid
 
PSID SeRestrictedSid
 
PSID SeLocalServiceSid
 
PSID SeNetworkServiceSid
 
const LUID SeCreateTokenPrivilege
 
const LUID SeAssignPrimaryTokenPrivilege
 
const LUID SeLockMemoryPrivilege
 
const LUID SeIncreaseQuotaPrivilege
 
const LUID SeUnsolicitedInputPrivilege
 
const LUID SeTcbPrivilege
 
const LUID SeSecurityPrivilege
 
const LUID SeTakeOwnershipPrivilege
 
const LUID SeLoadDriverPrivilege
 
const LUID SeSystemProfilePrivilege
 
const LUID SeSystemtimePrivilege
 
const LUID SeProfileSingleProcessPrivilege
 
const LUID SeIncreaseBasePriorityPrivilege
 
const LUID SeCreatePagefilePrivilege
 
const LUID SeCreatePermanentPrivilege
 
const LUID SeBackupPrivilege
 
const LUID SeRestorePrivilege
 
const LUID SeShutdownPrivilege
 
const LUID SeDebugPrivilege
 
const LUID SeAuditPrivilege
 
const LUID SeSystemEnvironmentPrivilege
 
const LUID SeChangeNotifyPrivilege
 
const LUID SeRemoteShutdownPrivilege
 
const LUID SeUndockPrivilege
 
const LUID SeSyncAgentPrivilege
 
const LUID SeEnableDelegationPrivilege
 
const LUID SeManageVolumePrivilege
 
const LUID SeImpersonatePrivilege
 
const LUID SeCreateGlobalPrivilege
 
const LUID SeTrustedCredmanPrivilege
 
const LUID SeRelabelPrivilege
 
const LUID SeIncreaseWorkingSetPrivilege
 
const LUID SeTimeZonePrivilege
 
const LUID SeCreateSymbolicLinkPrivilege
 
PACL SePublicDefaultUnrestrictedDacl
 
PACL SePublicOpenDacl
 
PACL SePublicOpenUnrestrictedDacl
 
PACL SeUnrestrictedDacl
 
PSECURITY_DESCRIPTOR SePublicDefaultSd
 
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
 
PSECURITY_DESCRIPTOR SePublicOpenSd
 
PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
 
PSECURITY_DESCRIPTOR SeSystemDefaultSd
 
PSECURITY_DESCRIPTOR SeUnrestrictedSd
 

Macro Definition Documentation

◆ SepAcquireTokenLockExclusive

#define SepAcquireTokenLockExclusive (   Token)
Value:
{ \
KeEnterCriticalRegion(); \
ExAcquireResourceExclusiveLite(((PTOKEN)Token)->TokenLock, TRUE); \
}
#define TRUE
Definition: types.h:120
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token

Definition at line 200 of file se.h.

◆ SepAcquireTokenLockShared

#define SepAcquireTokenLockShared (   Token)
Value:
{ \
KeEnterCriticalRegion(); \
ExAcquireResourceSharedLite(((PTOKEN)Token)->TokenLock, TRUE); \
}
#define TRUE
Definition: types.h:120
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token

Definition at line 205 of file se.h.

◆ SepReleaseTokenLock

#define SepReleaseTokenLock (   Token)
Value:
{ \
ExReleaseResourceLite(((PTOKEN)Token)->TokenLock); \
KeLeaveCriticalRegion(); \
}
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token

Definition at line 211 of file se.h.

Typedef Documentation

◆ KNOWN_ACE

◆ KNOWN_COMPOUND_ACE

◆ KNOWN_OBJECT_ACE

◆ PKNOWN_ACE

◆ PKNOWN_COMPOUND_ACE

◆ PKNOWN_OBJECT_ACE

Function Documentation

◆ SeAuditProcessCreate()

VOID NTAPI SeAuditProcessCreate ( IN PEPROCESS  Process)

Definition at line 33 of file audit.c.

34 {
35  /* FIXME */
36 }

Referenced by PspCreateProcess().

◆ SeAuditProcessExit()

VOID NTAPI SeAuditProcessExit ( IN PEPROCESS  Process)

Definition at line 40 of file audit.c.

41 {
42  /* FIXME */
43 }

Referenced by PspExitThread().

◆ SeCaptureLuidAndAttributesArray()

NTSTATUS NTAPI SeCaptureLuidAndAttributesArray ( PLUID_AND_ATTRIBUTES  Src,
ULONG  PrivilegeCount,
KPROCESSOR_MODE  PreviousMode,
PLUID_AND_ATTRIBUTES  AllocatedMem,
ULONG  AllocatedLength,
POOL_TYPE  PoolType,
BOOLEAN  CaptureIfKernel,
PLUID_AND_ATTRIBUTES Dest,
PULONG  Length 
)

Definition at line 291 of file priv.c.

300 {
303 
304  PAGED_CODE();
305 
306  if (PrivilegeCount == 0)
307  {
308  *Dest = 0;
309  *Length = 0;
310  return STATUS_SUCCESS;
311  }
312 
313  if (PreviousMode == KernelMode && !CaptureIfKernel)
314  {
315  *Dest = Src;
316  return STATUS_SUCCESS;
317  }
318 
319  /* FIXME - check PrivilegeCount for a valid number so we don't
320  cause an integer overflow or exhaust system resources! */
321 
322  BufferSize = PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
323  *Length = ROUND_UP(BufferSize, 4); /* round up to a 4 byte alignment */
324 
325  /* probe the buffer */
326  if (PreviousMode != KernelMode)
327  {
328  _SEH2_TRY
329  {
330  ProbeForRead(Src,
331  BufferSize,
332  sizeof(ULONG));
333  }
335  {
336  /* Return the exception code */
338  }
339  _SEH2_END;
340  }
341 
342  /* allocate enough memory or check if the provided buffer is
343  large enough to hold the array */
344  if (AllocatedMem != NULL)
345  {
346  if (AllocatedLength < BufferSize)
347  {
349  }
350 
351  *Dest = AllocatedMem;
352  }
353  else
354  {
356  BufferSize,
357  TAG_LUID);
358  if (*Dest == NULL)
359  {
361  }
362  }
363 
364  /* copy the array to the buffer */
365  _SEH2_TRY
366  {
367  RtlCopyMemory(*Dest,
368  Src,
369  BufferSize);
370  }
372  {
374  }
375  _SEH2_END;
376 
377  if (!NT_SUCCESS(Status) && AllocatedMem == NULL)
378  {
379  ExFreePoolWithTag(*Dest, TAG_LUID);
380  }
381 
382  return Status;
383 }
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define ROUND_UP(n, align)
Definition: eventvwr.h:31
LONG NTSTATUS
Definition: precomp.h:26
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
#define PAGED_CODE()
Definition: video.h:57
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:64
_SEH2_TRY
Definition: create.c:4250
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
smooth NULL
Definition: ftsmooth.c:416
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define TAG_LUID
Definition: tag.h:178
#define BufferSize
Definition: classpnp.h:419
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
Status
Definition: gdiplustypes.h:24
_SEH2_END
Definition: create.c:4424
unsigned int ULONG
Definition: retypes.h:1
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
return STATUS_SUCCESS
Definition: btrfs.c:2966
_Must_inspect_result_ _In_ FLT_CONTEXT_TYPE _In_ SIZE_T _In_ POOL_TYPE PoolType
Definition: fltkernel.h:1444

Referenced by NtAdjustPrivilegesToken(), NtCreateToken(), and NtPrivilegeCheck().

◆ SeCaptureSidAndAttributesArray()

NTSTATUS NTAPI SeCaptureSidAndAttributesArray ( _In_ PSID_AND_ATTRIBUTES  SrcSidAndAttributes,
_In_ ULONG  AttributeCount,
_In_ KPROCESSOR_MODE  PreviousMode,
_In_opt_ PVOID  AllocatedMem,
_In_ ULONG  AllocatedLength,
_In_ POOL_TYPE  PoolType,
_In_ BOOLEAN  CaptureIfKernel,
_Out_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes,
_Out_ PULONG  ResultLength 
)

Definition at line 358 of file sid.c.

368 {
369  ULONG ArraySize, RequiredLength, SidLength, i;
370  PSID_AND_ATTRIBUTES SidAndAttributes;
371  PUCHAR CurrentDest;
372  PISID Sid;
374  PAGED_CODE();
375 
376  *CapturedSidAndAttributes = NULL;
377  *ResultLength = 0;
378 
379  if (AttributeCount == 0)
380  {
381  return STATUS_SUCCESS;
382  }
383 
384  if (AttributeCount > 0x1000)
385  {
387  }
388 
389  if ((PreviousMode == KernelMode) && !CaptureIfKernel)
390  {
391  *CapturedSidAndAttributes = SrcSidAndAttributes;
392  return STATUS_SUCCESS;
393  }
394 
395  ArraySize = AttributeCount * sizeof(SID_AND_ATTRIBUTES);
396  RequiredLength = ALIGN_UP_BY(ArraySize, sizeof(ULONG));
397 
398  /* Check for user mode data */
399  if (PreviousMode != KernelMode)
400  {
401  _SEH2_TRY
402  {
403  /* First probe the whole array */
404  ProbeForRead(SrcSidAndAttributes, ArraySize, sizeof(ULONG));
405 
406  /* Loop the array elements */
407  for (i = 0; i < AttributeCount; i++)
408  {
409  /* Get the SID and probe the minimal structure */
410  Sid = SrcSidAndAttributes[i].Sid;
411  ProbeForRead(Sid, sizeof(*Sid), sizeof(ULONG));
412 
413  /* Verify that the SID is valid */
414  if (((Sid->Revision & 0xF) != SID_REVISION) ||
416  {
418  }
419 
420  /* Calculate the SID length and probe the full SID */
422  ProbeForRead(Sid, SidLength, sizeof(ULONG));
423 
424  /* Add the aligned length to the required length */
425  RequiredLength += ALIGN_UP_BY(SidLength, sizeof(ULONG));
426  }
427  }
429  {
431  }
432  _SEH2_END;
433  }
434  else
435  {
436  /* Loop the array elements */
437  for (i = 0; i < AttributeCount; i++)
438  {
439  /* Get the SID and it's length */
440  Sid = SrcSidAndAttributes[i].Sid;
442 
443  /* Add the aligned length to the required length */
444  RequiredLength += ALIGN_UP_BY(SidLength, sizeof(ULONG));
445  }
446  }
447 
448  /* Assume success */
451 
452  /* Check if we have no buffer */
453  if (AllocatedMem == NULL)
454  {
455  /* Allocate a new buffer */
456  SidAndAttributes = ExAllocatePoolWithTag(PoolType,
459  if (SidAndAttributes == NULL)
460  {
462  }
463  }
464  /* Otherwise check if the buffer is large enough */
465  else if (AllocatedLength >= RequiredLength)
466  {
467  /* Buffer is large enough, use it */
468  SidAndAttributes = AllocatedMem;
469  }
470  else
471  {
472  /* Buffer is too small, fail */
474  }
475 
476  *CapturedSidAndAttributes = SidAndAttributes;
477 
478  /* Check again for user mode */
479  if (PreviousMode != KernelMode)
480  {
481  _SEH2_TRY
482  {
483  /* The rest of the data starts after the array */
484  CurrentDest = (PUCHAR)SidAndAttributes;
485  CurrentDest += ALIGN_UP_BY(ArraySize, sizeof(ULONG));
486 
487  /* Loop the array elements */
488  for (i = 0; i < AttributeCount; i++)
489  {
490  /* Get the SID and it's length */
491  Sid = SrcSidAndAttributes[i].Sid;
493 
494  /* Copy attributes */
495  SidAndAttributes[i].Attributes = SrcSidAndAttributes[i].Attributes;
496 
497  /* Copy the SID to the current destination address */
498  SidAndAttributes[i].Sid = (PSID)CurrentDest;
499  RtlCopyMemory(CurrentDest, SrcSidAndAttributes[i].Sid, SidLength);
500 
501  /* Sanity checks */
502  ASSERT(RtlLengthSid(SidAndAttributes[i].Sid) == SidLength);
503  ASSERT(RtlValidSid(SidAndAttributes[i].Sid));
504 
505  /* Update the current destination address */
506  CurrentDest += ALIGN_UP_BY(SidLength, sizeof(ULONG));
507  }
508  }
510  {
512  }
513  _SEH2_END;
514  }
515  else
516  {
517  /* The rest of the data starts after the array */
518  CurrentDest = (PUCHAR)SidAndAttributes;
519  CurrentDest += ALIGN_UP_BY(ArraySize, sizeof(ULONG));
520 
521  /* Loop the array elements */
522  for (i = 0; i < AttributeCount; i++)
523  {
524  /* Get the SID and it's length */
525  Sid = SrcSidAndAttributes[i].Sid;
527 
528  /* Copy attributes */
529  SidAndAttributes[i].Attributes = SrcSidAndAttributes[i].Attributes;
530 
531  /* Copy the SID to the current destination address */
532  SidAndAttributes[i].Sid = (PSID)CurrentDest;
533  RtlCopyMemory(CurrentDest, SrcSidAndAttributes[i].Sid, SidLength);
534 
535  /* Update the current destination address */
536  CurrentDest += ALIGN_UP_BY(SidLength, sizeof(ULONG));
537  }
538  }
539 
540  /* Check for failure */
541  if (!NT_SUCCESS(Status))
542  {
543  /* Check if we allocated a new array */
544  if (SidAndAttributes != AllocatedMem)
545  {
546  /* Free the array */
547  ExFreePoolWithTag(SidAndAttributes, TAG_SID_AND_ATTRIBUTES);
548  }
549 
550  /* Set returned address to NULL */
551  *CapturedSidAndAttributes = NULL ;
552  }
553 
554  return Status;
555 }
IN CINT OUT PVOID IN ULONG OUT PULONG ResultLength
Definition: conport.c:47
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
unsigned char * PUCHAR
Definition: retypes.h:3
#define SID_REVISION
Definition: setypes.h:453
LONG NTSTATUS
Definition: precomp.h:26
#define PAGED_CODE()
Definition: video.h:57
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:64
_SEH2_TRY
Definition: create.c:4250
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define SID_MAX_SUB_AUTHORITIES
Definition: setypes.h:454
smooth NULL
Definition: ftsmooth.c:416
ULONG NTAPI RtlLengthSid(IN PSID Sid_)
Definition: sid.c:150
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1104
#define STATUS_INVALID_SID
Definition: ntstatus.h:342
BOOLEAN NTAPI RtlValidSid(IN PSID Sid_)
Definition: sid.c:21
#define TAG_SID_AND_ATTRIBUTES
Definition: sid.c:16
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
struct _SID * PSID
Definition: eventlog.c:35
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
Status
Definition: gdiplustypes.h:24
_SEH2_END
Definition: create.c:4424
_In_ ULONG _Out_opt_ PULONG RequiredLength
Definition: wmifuncs.h:29
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
unsigned int ULONG
Definition: retypes.h:1
#define ALIGN_UP_BY(size, align)
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
BYTE Revision
Definition: ms-dtyp.idl:199
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
return STATUS_SUCCESS
Definition: btrfs.c:2966
_Must_inspect_result_ _In_ FLT_CONTEXT_TYPE _In_ SIZE_T _In_ POOL_TYPE PoolType
Definition: fltkernel.h:1444

Referenced by NtCreateToken().

◆ SeCaptureSubjectContextEx()

VOID NTAPI SeCaptureSubjectContextEx ( IN PETHREAD  Thread,
IN PEPROCESS  Process,
OUT PSECURITY_SUBJECT_CONTEXT  SubjectContext 
)

Definition at line 266 of file access.c.

269 {
271 
272  PAGED_CODE();
273 
274  /* Save the unique ID */
275  SubjectContext->ProcessAuditId = Process->UniqueProcessId;
276 
277  /* Check if we have a thread */
278  if (!Thread)
279  {
280  /* We don't, so no token */
281  SubjectContext->ClientToken = NULL;
282  }
283  else
284  {
285  /* Get the impersonation token */
287  &CopyOnOpen,
288  &EffectiveOnly,
289  &SubjectContext->ImpersonationLevel);
290  }
291 
292  /* Get the primary token */
294 }
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239
_Out_ PBOOLEAN CopyOnOpen
Definition: psfuncs.h:154
#define PAGED_CODE()
Definition: video.h:57
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
PACCESS_TOKEN NTAPI PsReferenceImpersonationToken(IN PETHREAD Thread, OUT PBOOLEAN CopyOnOpen, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:782
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:417

Referenced by SeCaptureSubjectContext(), and SeCreateAccessStateEx().

◆ SeCheckAuditPrivilege()

BOOLEAN NTAPI SeCheckAuditPrivilege ( _In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext,
_In_ KPROCESSOR_MODE  PreviousMode 
)

Definition at line 257 of file priv.c.

260 {
261  PRIVILEGE_SET PrivilegeSet;
262  BOOLEAN Result;
263  PAGED_CODE();
264 
265  /* Initialize the privilege set with the single privilege */
266  PrivilegeSet.PrivilegeCount = 1;
267  PrivilegeSet.Control = PRIVILEGE_SET_ALL_NECESSARY;
268  PrivilegeSet.Privilege[0].Luid = SeAuditPrivilege;
269  PrivilegeSet.Privilege[0].Attributes = 0;
270 
271  /* Check against the primary token! */
272  Result = SepPrivilegeCheck(SubjectContext->PrimaryToken,
273  &PrivilegeSet.Privilege[0],
274  1,
276  PreviousMode);
277 
278  if (PreviousMode != KernelMode)
279  {
282  &PrivilegeSet,
283  Result);
284  }
285 
286  return Result;
287 }
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239
const LUID SeAuditPrivilege
Definition: priv.c:42
$ULONG Control
Definition: setypes.h:87
#define PAGED_CODE()
Definition: video.h:57
#define PRIVILEGE_SET_ALL_NECESSARY
Definition: setypes.h:83
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
$ULONG PrivilegeCount
Definition: setypes.h:86
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
BOOLEAN NTAPI SepPrivilegeCheck(PTOKEN Token, PLUID_AND_ATTRIBUTES Privileges, ULONG PrivilegeCount, ULONG PrivilegeControl, KPROCESSOR_MODE PreviousMode)
Definition: priv.c:72
VOID NTAPI SePrivilegedServiceAuditAlarm(_In_opt_ PUNICODE_STRING ServiceName, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN AccessGranted)
Definition: audit.c:214
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]
Definition: setypes.h:88

Referenced by NtCloseObjectAuditAlarm(), NtOpenObjectAuditAlarm(), NtPrivilegedServiceAuditAlarm(), and SepAccessCheckAndAuditAlarm().

◆ SeCheckPrivilegedObject()

BOOLEAN NTAPI SeCheckPrivilegedObject ( IN LUID  PrivilegeValue,
IN HANDLE  ObjectHandle,
IN ACCESS_MASK  DesiredAccess,
IN KPROCESSOR_MODE  PreviousMode 
)

Definition at line 560 of file priv.c.

564 {
566  PRIVILEGE_SET Priv;
567  BOOLEAN Result;
568 
569  PAGED_CODE();
570 
572 
573  Priv.PrivilegeCount = 1;
575  Priv.Privilege[0].Luid = PrivilegeValue;
577 
579  if (PreviousMode != KernelMode)
580  {
581 #if 0
582  SePrivilegeObjectAuditAlarm(ObjectHandle,
585  &PrivilegeValue,
586  Result,
587  PreviousMode);
588 #endif
589  }
590 
592 
593  return Result;
594 }
VOID NTAPI SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:301
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239
VOID NTAPI SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:360
$ULONG Control
Definition: setypes.h:87
#define PAGED_CODE()
Definition: video.h:57
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
#define PRIVILEGE_SET_ALL_NECESSARY
Definition: setypes.h:83
unsigned char BOOLEAN
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
$ULONG PrivilegeCount
Definition: setypes.h:86
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
BOOLEAN NTAPI SePrivilegeCheck(PPRIVILEGE_SET Privileges, PSECURITY_SUBJECT_CONTEXT SubjectContext, KPROCESSOR_MODE PreviousMode)
Definition: priv.c:491
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]
Definition: setypes.h:88
VOID NTAPI SePrivilegeObjectAuditAlarm(IN HANDLE Handle, IN PSECURITY_SUBJECT_CONTEXT SubjectContext, IN ACCESS_MASK DesiredAccess, IN PPRIVILEGE_SET Privileges, IN BOOLEAN AccessGranted, IN KPROCESSOR_MODE CurrentMode)
Definition: audit.c:845

Referenced by NtSetInformationProcess().

◆ SeComputeQuotaInformationSize()

NTSTATUS NTAPI SeComputeQuotaInformationSize ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_Out_ PULONG  QuotaInfoSize 
)

◆ SeCopyClientToken()

NTSTATUS NTAPI SeCopyClientToken ( IN PACCESS_TOKEN  Token,
IN SECURITY_IMPERSONATION_LEVEL  Level,
IN KPROCESSOR_MODE  PreviousMode,
OUT PACCESS_TOKEN NewToken 
)

Definition at line 788 of file token.c.

792 {
795 
796  PAGED_CODE();
797 
799  NULL,
800  0,
801  NULL,
802  NULL);
803 
806  FALSE,
808  Level,
809  PreviousMode,
810  (PTOKEN*)NewToken);
811 
812  return Status;
813 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR Level
Definition: wmitypes.h:55
#define PAGED_CODE()
Definition: video.h:57
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Definition: token.c:441
smooth NULL
Definition: ftsmooth.c:416
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
Status
Definition: gdiplustypes.h:24
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106

Referenced by SepCreateClientSecurity().

◆ SeCreateAccessStateEx()

NTSTATUS NTAPI SeCreateAccessStateEx ( IN PETHREAD  Thread,
IN PEPROCESS  Process,
IN OUT PACCESS_STATE  AccessState,
IN PAUX_ACCESS_DATA  AuxData,
IN ACCESS_MASK  Access,
IN PGENERIC_MAPPING  GenericMapping 
)

Definition at line 378 of file access.c.

384 {
385  ACCESS_MASK AccessMask = Access;
386  PTOKEN Token;
387  PAGED_CODE();
388 
389  /* Map the Generic Acess to Specific Access if we have a Mapping */
390  if ((Access & GENERIC_ACCESS) && (GenericMapping))
391  {
393  }
394 
395  /* Initialize the Access State */
397  ASSERT(AccessState->SecurityDescriptor == NULL);
398  ASSERT(AccessState->PrivilegesAllocated == FALSE);
399 
400  /* Initialize and save aux data */
401  RtlZeroMemory(AuxData, sizeof(AUX_ACCESS_DATA));
402  AccessState->AuxData = AuxData;
403 
404  /* Capture the Subject Context */
406  Process,
407  &AccessState->SubjectSecurityContext);
408 
409  /* Set Access State Data */
410  AccessState->RemainingDesiredAccess = AccessMask;
411  AccessState->OriginalDesiredAccess = AccessMask;
412  ExAllocateLocallyUniqueId(&AccessState->OperationID);
413 
414  /* Get the Token to use */
415  Token = SeQuerySubjectContextToken(&AccessState->SubjectSecurityContext);
416 
417  /* Check for Travers Privilege */
418  if (Token->TokenFlags & TOKEN_HAS_TRAVERSE_PRIVILEGE)
419  {
420  /* Preserve the Traverse Privilege */
422  }
423 
424  /* Set the Auxiliary Data */
425  AuxData->PrivilegeSet = (PPRIVILEGE_SET)((ULONG_PTR)AccessState +
427  Privileges));
428  if (GenericMapping) AuxData->GenericMapping = *GenericMapping;
429 
430  /* Return Sucess */
431  return STATUS_SUCCESS;
432 }
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define GENERIC_ACCESS
Definition: wlx.c:26
#define TOKEN_HAS_TRAVERSE_PRIVILEGE
Definition: setypes.h:1124
#define PAGED_CODE()
Definition: video.h:57
VOID NTAPI SeCaptureSubjectContextEx(IN PETHREAD Thread, IN PEPROCESS Process, OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:266
uint32_t ULONG_PTR
Definition: typedefs.h:63
smooth NULL
Definition: ftsmooth.c:416
VOID NTAPI RtlMapGenericMask(IN OUT PACCESS_MASK AccessMask, IN PGENERIC_MAPPING GenericMapping)
Definition: access.c:50
_In_ ACCESS_MASK AccessMask
Definition: exfuncs.h:186
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
#define SeQuerySubjectContextToken(SubjectContext)
Definition: sefuncs.h:583
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
struct _PRIVILEGE_SET * PPRIVILEGE_SET
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:340
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:254
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
return STATUS_SUCCESS
Definition: btrfs.c:2966
ULONG ACCESS_MASK
Definition: nt_native.h:40

Referenced by PspCreateProcess(), PspCreateThread(), and SeCreateAccessState().

◆ SeDeassignPrimaryToken()

VOID NTAPI SeDeassignPrimaryToken ( struct _EPROCESS Process)

◆ SeDefaultObjectMethod()

NTSTATUS NTAPI SeDefaultObjectMethod ( PVOID  Object,
SECURITY_OPERATION_CODE  OperationType,
PSECURITY_INFORMATION  SecurityInformation,
PSECURITY_DESCRIPTOR  NewSecurityDescriptor,
PULONG  ReturnLength,
PSECURITY_DESCRIPTOR OldSecurityDescriptor,
POOL_TYPE  PoolType,
PGENERIC_MAPPING  GenericMapping 
)

◆ SeDetailedAuditingWithToken()

BOOLEAN NTAPI SeDetailedAuditingWithToken ( IN PTOKEN  Token)

Definition at line 25 of file audit.c.

26 {
27  /* FIXME */
28  return FALSE;
29 }

Referenced by ObInitProcess(), PspCreateProcess(), and PspExitThread().

◆ SeExchangePrimaryToken()

NTSTATUS NTAPI SeExchangePrimaryToken ( _In_ PEPROCESS  Process,
_In_ PACCESS_TOKEN  NewAccessToken,
_Out_ PACCESS_TOKEN OldAccessToken 
)

Definition at line 234 of file token.c.

238 {
239  PTOKEN OldToken;
240  PTOKEN NewToken = (PTOKEN)NewAccessToken;
241 
242  PAGED_CODE();
243 
244  if (NewToken->TokenType != TokenPrimary)
245  return STATUS_BAD_TOKEN_TYPE;
246 
247  if (NewToken->TokenInUse)
248  {
251 
252  /* Maybe we're trying to set the same token */
253  OldToken = PsReferencePrimaryToken(Process);
254  if (OldToken == NewToken)
255  {
256  /* So it's a nop. */
257  *OldAccessToken = OldToken;
258  return STATUS_SUCCESS;
259  }
260 
261  Status = SepCompareTokens(OldToken, NewToken, &IsEqual);
262  if (!NT_SUCCESS(Status))
263  {
264  PsDereferencePrimaryToken(OldToken);
265  *OldAccessToken = NULL;
266  return Status;
267  }
268 
269  if (!IsEqual)
270  {
271  PsDereferencePrimaryToken(OldToken);
272  *OldAccessToken = NULL;
274  }
275  /* Silently return STATUS_SUCCESS but do not set the new token,
276  * as it's already in use elsewhere. */
277  *OldAccessToken = OldToken;
278  return STATUS_SUCCESS;
279  }
280 
281  /* Lock the new token */
283 
284  /* Mark new token in use */
285  NewToken->TokenInUse = TRUE;
286 
287  // TODO: Set a correct SessionId for NewToken
288 
289  /* Unlock the new token */
290  SepReleaseTokenLock(NewToken);
291 
292  /* Reference the new token */
293  ObReferenceObject(NewToken);
294 
295  /* Replace the old with the new */
296  OldToken = ObFastReplaceObject(&Process->Token, NewToken);
297 
298  /* Lock the old token */
300 
301  /* Mark the old token as free */
302  OldToken->TokenInUse = FALSE;
303 
304  /* Unlock the old token */
305  SepReleaseTokenLock(OldToken);
306 
307  *OldAccessToken = (PACCESS_TOKEN)OldToken;
308  return STATUS_SUCCESS;
309 }
TOKEN_TYPE TokenType
Definition: setypes.h:175
#define SepAcquireTokenLockExclusive(Token)
Definition: se.h:200
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
PVOID PACCESS_TOKEN
Definition: setypes.h:11
#define PAGED_CODE()
Definition: video.h:57
unsigned char BOOLEAN
#define STATUS_BAD_TOKEN_TYPE
Definition: ntstatus.h:390
smooth NULL
Definition: ftsmooth.c:416
PVOID FASTCALL ObFastReplaceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
BOOLEAN TokenInUse
Definition: setypes.h:178
#define STATUS_TOKEN_ALREADY_IN_USE
Definition: ntstatus.h:521
#define SepReleaseTokenLock(Token)
Definition: se.h:211
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
Status
Definition: gdiplustypes.h:24
struct _TOKEN * PTOKEN
VOID NTAPI PsDereferencePrimaryToken(IN PACCESS_TOKEN PrimaryToken)
Definition: security.c:835
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
#define ObReferenceObject
Definition: obfuncs.h:204
static NTSTATUS SepCompareTokens(IN PTOKEN FirstToken, IN PTOKEN SecondToken, OUT PBOOLEAN Equal)
Definition: token.c:92
return STATUS_SUCCESS
Definition: btrfs.c:2966

Referenced by PspAssignPrimaryToken().

◆ SeFastTraverseCheck()

BOOLEAN NTAPI SeFastTraverseCheck ( IN PSECURITY_DESCRIPTOR  SecurityDescriptor,
IN PACCESS_STATE  AccessState,
IN ACCESS_MASK  DesiredAccess,
IN KPROCESSOR_MODE  AccessMode 
)

Definition at line 460 of file accesschk.c.

464 {
465  PACL Dacl;
466  ULONG AceIndex;
467  PKNOWN_ACE Ace;
468 
469  PAGED_CODE();
470 
472 
473  if (SecurityDescriptor == NULL)
474  return FALSE;
475 
476  /* Get DACL */
478  /* If no DACL, grant access */
479  if (Dacl == NULL)
480  return TRUE;
481 
482  /* No ACE -> Deny */
483  if (!Dacl->AceCount)
484  return FALSE;
485 
486  /* Can't perform the check on restricted token */
487  if (AccessState->Flags & TOKEN_IS_RESTRICTED)
488  return FALSE;
489 
490  /* Browse the ACEs */
491  for (AceIndex = 0, Ace = (PKNOWN_ACE)((ULONG_PTR)Dacl + sizeof(ACL));
492  AceIndex < Dacl->AceCount;
493  AceIndex++, Ace = (PKNOWN_ACE)((ULONG_PTR)Ace + Ace->Header.AceSize))
494  {
495  if (Ace->Header.AceFlags & INHERIT_ONLY_ACE)
496  continue;
497 
498  /* If access-allowed ACE */
499  if (Ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE)
500  {
501  /* Check if all accesses are granted */
502  if (!(Ace->Mask & DesiredAccess))
503  continue;
504 
505  /* Check SID and grant access if matching */
506  if (RtlEqualSid(SeWorldSid, &(Ace->SidStart)))
507  return TRUE;
508  }
509  /* If access-denied ACE */
510  else if (Ace->Header.AceType == ACCESS_DENIED_ACE_TYPE)
511  {
512  /* Here, only check if it denies any access wanted and deny if so */
513  if (Ace->Mask & DesiredAccess)
514  return FALSE;
515  }
516  }
517 
518  /* Faulty, deny */
519  return FALSE;
520 }
struct _KNOWN_ACE * PKNOWN_ACE
#define TRUE
Definition: types.h:120
Definition: se.h:3
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
#define PAGED_CODE()
Definition: video.h:57
uint32_t ULONG_PTR
Definition: typedefs.h:63
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
Definition: card.h:12
smooth NULL
Definition: ftsmooth.c:416
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:685
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:686
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1553
_In_ ULONG AceIndex
Definition: rtlfuncs.h:1864
PSID SeWorldSid
Definition: sid.c:31
FORCEINLINE PACL SepGetDaclFromDescriptor(PVOID _Descriptor)
Definition: se.h:67
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
unsigned int ULONG
Definition: retypes.h:1
#define INHERIT_ONLY_ACE
Definition: setypes.h:717
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
#define TOKEN_IS_RESTRICTED
Definition: setypes.h:1129

Referenced by IopParseDevice(), and ObpCheckTraverseAccess().

◆ SeGetLogonIdDeviceMap()

NTSTATUS NTAPI SeGetLogonIdDeviceMap ( IN PLUID  LogonId,
OUT PDEVICE_MAP DeviceMap 
)

Definition at line 966 of file srm.c.

970 {
972  WCHAR Buffer[63];
973  PDEVICE_MAP LocalMap;
974  HANDLE DirectoryHandle, LinkHandle;
976  PSEP_LOGON_SESSION_REFERENCES CurrentSession;
977  UNICODE_STRING DirectoryName, LinkName, TargetName;
978 
979  PAGED_CODE();
980 
981  if (LogonId == NULL ||
982  DeviceMap == NULL)
983  {
985  }
986 
987  /* Acquire the database lock */
989 
990  /* Loop all existing sessions */
991  for (CurrentSession = SepLogonSessions;
992  CurrentSession != NULL;
993  CurrentSession = CurrentSession->Next)
994  {
995  /* Check if the LUID matches the provided one */
996  if (RtlEqualLuid(&CurrentSession->LogonId, LogonId))
997  {
998  break;
999  }
1000  }
1001 
1002  /* No session found, fail */
1003  if (CurrentSession == NULL)
1004  {
1005  /* Release the database lock */
1007 
1009  }
1010 
1011  /* The found session has a device map, return it! */
1012  if (CurrentSession->pDeviceMap != NULL)
1013  {
1014  *DeviceMap = CurrentSession->pDeviceMap;
1015 
1016  /* Release the database lock */
1018 
1019  return STATUS_SUCCESS;
1020  }
1021 
1022  /* At that point, we'll setup a new device map for the session */
1023  LocalMap = NULL;
1024 
1025  /* Reference the session so that it doesn't go away */
1026  CurrentSession->ReferenceCount += 1;
1027 
1028  /* Release the database lock */
1030 
1031  /* Create our object directory given the LUID */
1033  sizeof(Buffer) / sizeof(WCHAR),
1034  L"\\Sessions\\0\\DosDevices\\%08x-%08x",
1035  LogonId->HighPart,
1036  LogonId->LowPart);
1037  RtlInitUnicodeString(&DirectoryName, Buffer);
1038 
1040  &DirectoryName,
1042  NULL,
1043  NULL);
1046  &ObjectAttributes);
1047  if (NT_SUCCESS(Status))
1048  {
1049  /* Create the associated device map */
1051  if (NT_SUCCESS(Status))
1052  {
1053  /* Make Global point to \Global?? in the directory */
1054  RtlInitUnicodeString(&LinkName, L"Global");
1055  RtlInitUnicodeString(&TargetName, L"\\Global??");
1056 
1058  &LinkName,
1061  NULL);
1062  Status = ZwCreateSymbolicLinkObject(&LinkHandle,
1065  &TargetName);
1066  if (!NT_SUCCESS(Status))
1067  {
1068  ObfDereferenceDeviceMap(LocalMap);
1069  }
1070  else
1071  {
1072  ZwClose(LinkHandle);
1073  }
1074  }
1075 
1077  }
1078 
1079  /* Acquire the database lock */
1081 
1082  /* If we succeed... */
1083  if (NT_SUCCESS(Status))
1084  {
1085  /* The session now has a device map? We raced with someone else */
1086  if (CurrentSession->pDeviceMap != NULL)
1087  {
1088  /* Give up on our new device map */
1089  ObfDereferenceDeviceMap(LocalMap);
1090  }
1091  /* Otherwise use our newly allocated device map */
1092  else
1093  {
1094  CurrentSession->pDeviceMap = LocalMap;
1095  }
1096 
1097  /* Return the device map */
1098  *DeviceMap = CurrentSession->pDeviceMap;
1099  }
1100  /* Zero output */
1101  else
1102  {
1103  *DeviceMap = NULL;
1104  }
1105 
1106  /* Release the database lock */
1108 
1109  /* We're done with the session */
1110  SepRmDereferenceLogonSession(&CurrentSession->LogonId);
1111 
1112  return Status;
1113 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
#define STATUS_NO_SUCH_LOGON_SESSION
Definition: ntstatus.h:317
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
NTSYSAPI NTSTATUS NTAPI ZwClose(_In_ HANDLE Handle)
VOID FASTCALL ObfDereferenceDeviceMap(IN PDEVICE_MAP DeviceMap)
Definition: devicemap.c:477
LONG NTSTATUS
Definition: precomp.h:26
static HANDLE DirectoryHandle
Definition: ObType.c:48
#define OBJ_PERMANENT
Definition: winternl.h:226
#define SYMBOLIC_LINK_ALL_ACCESS
Definition: nt_native.h:1267
#define PAGED_CODE()
Definition: video.h:57
#define OBJ_OPENIF
Definition: winternl.h:229
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
NTSTATUS NTAPI ObSetDirectoryDeviceMap(OUT PDEVICE_MAP *DeviceMap, IN HANDLE DirectoryHandle)
Definition: devicemap.c:149
NTSYSAPI NTSTATUS NTAPI ZwCreateDirectoryObject(_Out_ PHANDLE DirectoryHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
int _snwprintf(wchar_t *buffer, size_t count, const wchar_t *format,...)
smooth NULL
Definition: ftsmooth.c:416
Definition: bufpool.h:45
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSYSAPI NTSTATUS NTAPI ZwCreateSymbolicLinkObject(_Out_ PHANDLE SymbolicLinkHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PUNICODE_STRING Name)
struct _SEP_LOGON_SESSION_REFERENCES * Next
Definition: srm.c:27
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
static const WCHAR L[]
Definition: oid.c:1250
WCHAR TargetName[256]
Definition: arping.c:27
PDEVICE_MAP pDeviceMap
Definition: srm.c:31
Status
Definition: gdiplustypes.h:24
#define DIRECTORY_ALL_ACCESS
Definition: nt_native.h:1259
PSEP_LOGON_SESSION_REFERENCES SepLogonSessions
Definition: srm.c:71
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
NTSTATUS SepRmDereferenceLogonSession(PLUID LogonLuid)
Definition: srm.c:664
return STATUS_SUCCESS
Definition: btrfs.c:2966
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
KGUARDED_MUTEX SepRmDbLock
Definition: srm.c:70

Referenced by ObpReferenceDeviceMap(), and ObpSetCurrentProcessDeviceMap().

◆ SeInitializeProcessAuditName()

NTSTATUS NTAPI SeInitializeProcessAuditName ( IN PFILE_OBJECT  FileObject,
IN BOOLEAN  DoAudit,
OUT POBJECT_NAME_INFORMATION AuditInfo 
)

Definition at line 47 of file audit.c.

50 {
51  OBJECT_NAME_INFORMATION LocalNameInfo;
52  POBJECT_NAME_INFORMATION ObjectNameInfo = NULL;
53  ULONG ReturnLength = 8;
55 
56  PAGED_CODE();
57  ASSERT(AuditInfo);
58 
59  /* Check if we should do auditing */
60  if (DoAudit)
61  {
62  /* FIXME: TODO */
63  }
64 
65  /* Now query the name */
67  &LocalNameInfo,
68  sizeof(LocalNameInfo),
69  &ReturnLength);
70  if (((Status == STATUS_BUFFER_OVERFLOW) ||
73  (ReturnLength != sizeof(LocalNameInfo)))
74  {
75  /* Allocate required size */
76  ObjectNameInfo = ExAllocatePoolWithTag(NonPagedPool,
78  TAG_SEPA);
79  if (ObjectNameInfo)
80  {
81  /* Query the name again */
83  ObjectNameInfo,
85  &ReturnLength);
86  }
87  }
88 
89  /* Check if we got here due to failure */
90  if ((ObjectNameInfo) &&
91  (!(NT_SUCCESS(Status)) || (ReturnLength == sizeof(LocalNameInfo))))
92  {
93  /* First, free any buffer we might've allocated */
94  ASSERT(FALSE);
95  if (ObjectNameInfo) ExFreePool(ObjectNameInfo);
96 
97  /* Now allocate a temporary one */
99  ObjectNameInfo = ExAllocatePoolWithTag(NonPagedPool,
100  sizeof(OBJECT_NAME_INFORMATION),
101  TAG_SEPA);
102  if (ObjectNameInfo)
103  {
104  /* Clear it */
105  RtlZeroMemory(ObjectNameInfo, ReturnLength);
107  }
108  }
109 
110  /* Check if memory allocation failed */
111  if (!ObjectNameInfo) Status = STATUS_NO_MEMORY;
112 
113  /* Return the audit name */
114  *AuditInfo = ObjectNameInfo;
115 
116  /* Return status */
117  return Status;
118 }
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:39
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133
LONG NTSTATUS
Definition: precomp.h:26
NTSTATUS NTAPI ObQueryNameString(IN PVOID Object, OUT POBJECT_NAME_INFORMATION ObjectNameInfo, IN ULONG Length, OUT PULONG ReturnLength)
Definition: obname.c:1209
#define PAGED_CODE()
Definition: video.h:57
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:64
struct _OBJECT_NAME_INFORMATION OBJECT_NAME_INFORMATION
smooth NULL
Definition: ftsmooth.c:416
_Inout_ PFILE_OBJECT FileObject
Definition: cdprocs.h:593
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
Status
Definition: gdiplustypes.h:24
#define STATUS_BUFFER_OVERFLOW
Definition: shellext.h:61
#define STATUS_NO_MEMORY
Definition: ntstatus.h:246
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
#define TAG_SEPA
Definition: tag.h:189
return STATUS_SUCCESS
Definition: btrfs.c:2966
#define ExFreePool(addr)
Definition: env_spec_w32.h:352

Referenced by MmInitializeProcessAddressSpace(), and SeLocateProcessImageName().

◆ SeInitSystem()

INIT_FUNCTION BOOLEAN NTAPI SeInitSystem ( VOID  )

Definition at line 239 of file semgr.c.

240 {
241  /* Check the initialization phase */
242  switch (ExpInitializationPhase)
243  {
244  case 0:
245 
246  /* Do Phase 0 */
247  return SepInitializationPhase0();
248 
249  case 1:
250 
251  /* Do Phase 1 */
252  return SepInitializationPhase1();
253 
254  default:
255 
256  /* Don't know any other phase! Bugcheck! */
257  KeBugCheckEx(UNEXPECTED_INITIALIZATION_CALL,
258  0,
260  0,
261  0);
262  return FALSE;
263  }
264 }
INIT_FUNCTION BOOLEAN NTAPI SepInitializationPhase1(VOID)
Definition: semgr.c:131
ULONG ExpInitializationPhase
Definition: init.c:65
INIT_FUNCTION BOOLEAN NTAPI SepInitializationPhase0(VOID)
Definition: semgr.c:96
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
Definition: rtlcompat.c:107

Referenced by ExpInitializeExecutive(), and Phase1InitializationDiscard().

◆ SeIsTokenChild()

NTSTATUS NTAPI SeIsTokenChild ( IN PTOKEN  Token,
OUT PBOOLEAN  IsChild 
)

Definition at line 716 of file token.c.

718 {
719  PTOKEN ProcessToken;
720  LUID ProcessTokenId, CallerParentId;
721 
722  /* Assume failure */
723  *IsChild = FALSE;
724 
725  /* Reference the process token */
727  if (!ProcessToken)
728  return STATUS_UNSUCCESSFUL;
729 
730  /* Get its token ID */
731  ProcessTokenId = ProcessToken->TokenId;
732 
733  /* Dereference the token */
735 
736  /* Get our parent token ID */
737  CallerParentId = Token->ParentTokenId;
738 
739  /* Compare the token IDs */
740  if (RtlEqualLuid(&CallerParentId, &ProcessTokenId))
741  *IsChild = TRUE;
742 
743  /* Return success */
744  return STATUS_SUCCESS;
745 }
#define TRUE
Definition: types.h:120
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
#define PsGetCurrentProcess
Definition: psfuncs.h:17
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
LUID TokenId
Definition: setypes.h:154
BOOL WINAPI IsChild(_In_ HWND, _In_ HWND)
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:169
return STATUS_SUCCESS
Definition: btrfs.c:2966

Referenced by PspSetPrimaryToken().

◆ SeIsTokenSibling()

NTSTATUS NTAPI SeIsTokenSibling ( IN PTOKEN  Token,
OUT PBOOLEAN  IsSibling 
)

Definition at line 749 of file token.c.

751 {
752  PTOKEN ProcessToken;
753  LUID ProcessParentId, ProcessAuthId;
754  LUID CallerParentId, CallerAuthId;
755 
756  /* Assume failure */
757  *IsSibling = FALSE;
758 
759  /* Reference the process token */
761  if (!ProcessToken)
762  return STATUS_UNSUCCESSFUL;
763 
764  /* Get its parent and authentication IDs */
765  ProcessParentId = ProcessToken->ParentTokenId;
766  ProcessAuthId = ProcessToken->AuthenticationId;
767 
768  /* Dereference the token */
770 
771  /* Get our parent and authentication IDs */
772  CallerParentId = Token->ParentTokenId;
773  CallerAuthId = Token->AuthenticationId;
774 
775  /* Compare the token IDs */
776  if (RtlEqualLuid(&CallerParentId, &ProcessParentId) &&
777  RtlEqualLuid(&CallerAuthId, &ProcessAuthId))
778  {
779  *IsSibling = TRUE;
780  }
781 
782  /* Return success */
783  return STATUS_SUCCESS;
784 }
#define TRUE
Definition: types.h:120
LUID AuthenticationId
Definition: setypes.h:155
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
#define PsGetCurrentProcess
Definition: psfuncs.h:17
LUID ParentTokenId
Definition: setypes.h:156
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:169
return STATUS_SUCCESS
Definition: btrfs.c:2966

Referenced by PspSetPrimaryToken().

◆ SepCaptureAcl()

NTSTATUS NTAPI SepCaptureAcl ( IN PACL  InputAcl,
IN KPROCESSOR_MODE  AccessMode,
IN POOL_TYPE  PoolType,
IN BOOLEAN  CaptureIfKernel,
OUT PACL CapturedAcl 
)

Definition at line 277 of file acl.c.

282 {
283  PACL NewAcl;
284  ULONG AclSize = 0;
286 
287  PAGED_CODE();
288 
289  if (AccessMode != KernelMode)
290  {
291  _SEH2_TRY
292  {
293  ProbeForRead(InputAcl,
294  sizeof(ACL),
295  sizeof(ULONG));
296  AclSize = InputAcl->AclSize;
297  ProbeForRead(InputAcl,
298  AclSize,
299  sizeof(ULONG));
300  }
302  {
303  /* Return the exception code */
305  }
306  _SEH2_END;
307 
309  AclSize,
310  TAG_ACL);
311  if (NewAcl != NULL)
312  {
313  _SEH2_TRY
314  {
315  RtlCopyMemory(NewAcl,
316  InputAcl,
317  AclSize);
318 
319  *CapturedAcl = NewAcl;
320  }
322  {
323  /* Free the ACL and return the exception code */
324  ExFreePoolWithTag(NewAcl, TAG_ACL);
326  }
327  _SEH2_END;
328  }
329  else
330  {
332  }
333  }
334  else if (!CaptureIfKernel)
335  {
336  *CapturedAcl = InputAcl;
337  }
338  else
339  {
340  AclSize = InputAcl->AclSize;
341 
343  AclSize,
344  TAG_ACL);
345 
346  if (NewAcl != NULL)
347  {
348  RtlCopyMemory(NewAcl,
349  InputAcl,
350  AclSize);
351 
352  *CapturedAcl = NewAcl;
353  }
354  else
355  {
357  }
358  }
359 
360  return Status;
361 }
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
LONG NTSTATUS
Definition: precomp.h:26
#define PAGED_CODE()
Definition: video.h:57
_SEH2_TRY
Definition: create.c:4250
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
smooth NULL
Definition: ftsmooth.c:416
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
Status
Definition: gdiplustypes.h:24
#define TAG_ACL
Definition: tag.h:174
_SEH2_END
Definition: create.c:4424
unsigned int ULONG
Definition: retypes.h:1
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
return STATUS_SUCCESS
Definition: btrfs.c:2966
_Must_inspect_result_ _In_ FLT_CONTEXT_TYPE _In_ SIZE_T _In_ POOL_TYPE PoolType
Definition: fltkernel.h:1444

Referenced by NtCreateToken(), and NtSetInformationToken().

◆ SepCaptureSecurityQualityOfService()

NTSTATUS NTAPI SepCaptureSecurityQualityOfService ( IN POBJECT_ATTRIBUTES ObjectAttributes  OPTIONAL,
IN KPROCESSOR_MODE  AccessMode,
IN POOL_TYPE  PoolType,
IN BOOLEAN  CaptureIfKernel,
OUT PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService,
OUT PBOOLEAN  Present 
)

Definition at line 211 of file sd.c.

217 {
218  PSECURITY_QUALITY_OF_SERVICE CapturedQos;
220 
221  PAGED_CODE();
222 
223  ASSERT(CapturedSecurityQualityOfService);
224  ASSERT(Present);
225 
226  if (ObjectAttributes != NULL)
227  {
228  if (AccessMode != KernelMode)
229  {
231 
232  _SEH2_TRY
233  {
235  sizeof(OBJECT_ATTRIBUTES),
236  sizeof(ULONG));
237  if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
238  {
239  if (ObjectAttributes->SecurityQualityOfService != NULL)
240  {
241  ProbeForRead(ObjectAttributes->SecurityQualityOfService,
243  sizeof(ULONG));
244 
245  if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
247  {
248  /*
249  * Don't allocate memory here because ExAllocate should bugcheck
250  * the system if it's buggy, SEH would catch that! So make a local
251  * copy of the qos structure.
252  */
253  RtlCopyMemory(&SafeQos,
254  ObjectAttributes->SecurityQualityOfService,
256  *Present = TRUE;
257  }
258  else
259  {
261  }
262  }
263  else
264  {
265  *CapturedSecurityQualityOfService = NULL;
266  *Present = FALSE;
267  }
268  }
269  else
270  {
272  }
273  }
275  {
277  }
278  _SEH2_END;
279 
280  if (NT_SUCCESS(Status))
281  {
282  if (*Present)
283  {
284  CapturedQos = ExAllocatePoolWithTag(PoolType,
286  TAG_QOS);
287  if (CapturedQos != NULL)
288  {
289  RtlCopyMemory(CapturedQos,
290  &SafeQos,
292  *CapturedSecurityQualityOfService = CapturedQos;
293  }
294  else
295  {
297  }
298  }
299  else
300  {
301  *CapturedSecurityQualityOfService = NULL;
302  }
303  }
304  }
305  else
306  {
307  if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
308  {
309  if (CaptureIfKernel)
310  {
311  if (ObjectAttributes->SecurityQualityOfService != NULL)
312  {
313  if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
315  {
316  CapturedQos = ExAllocatePoolWithTag(PoolType,
318  TAG_QOS);
319  if (CapturedQos != NULL)
320  {
321  RtlCopyMemory(CapturedQos,
322  ObjectAttributes->SecurityQualityOfService,
324  *CapturedSecurityQualityOfService = CapturedQos;
325  *Present = TRUE;
326  }
327  else
328  {
330  }
331  }
332  else
333  {
335  }
336  }
337  else
338  {
339  *CapturedSecurityQualityOfService = NULL;
340  *Present = FALSE;
341  }
342  }
343  else
344  {
345  *CapturedSecurityQualityOfService = (PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService;
346  *Present = (ObjectAttributes->SecurityQualityOfService != NULL);
347  }
348  }
349  else
350  {
352  }
353  }
354  }
355  else
356  {
357  *CapturedSecurityQualityOfService = NULL;
358  *Present = FALSE;
359  }
360 
361  return Status;
362 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define TRUE
Definition: types.h:120
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
struct _SECURITY_QUALITY_OF_SERVICE * PSECURITY_QUALITY_OF_SERVICE
#define PAGED_CODE()
Definition: video.h:57
_SEH2_TRY
Definition: create.c:4250
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
smooth NULL
Definition: ftsmooth.c:416
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
Status
Definition: gdiplustypes.h:24
_SEH2_END
Definition: create.c:4424
unsigned int ULONG
Definition: retypes.h:1
#define TAG_QOS
Definition: tag.h:177
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
return STATUS_SUCCESS
Definition: btrfs.c:2966
_Must_inspect_result_ _In_ FLT_CONTEXT_TYPE _In_ SIZE_T _In_ POOL_TYPE PoolType
Definition: fltkernel.h:1444

Referenced by NtDuplicateToken().

◆ SepCaptureSid()

NTSTATUS NTAPI SepCaptureSid ( IN PSID  InputSid,
IN KPROCESSOR_MODE  AccessMode,
IN POOL_TYPE  PoolType,
IN BOOLEAN  CaptureIfKernel,
OUT PSID CapturedSid 
)

Definition at line 274 of file sid.c.

279 {
280  ULONG SidSize = 0;
281  PISID NewSid, Sid = (PISID)InputSid;
282 
283  PAGED_CODE();
284 
285  if (AccessMode != KernelMode)
286  {
287  _SEH2_TRY
288  {
289  ProbeForRead(Sid, FIELD_OFFSET(SID, SubAuthority), sizeof(UCHAR));
291  ProbeForRead(Sid, SidSize, sizeof(UCHAR));
292  }
294  {
295  /* Return the exception code */
297  }
298  _SEH2_END;
299 
300  /* Allocate a SID and copy it */
302  if (!NewSid)
304 
305  _SEH2_TRY
306  {
307  RtlCopyMemory(NewSid, Sid, SidSize);
308 
309  *CapturedSid = NewSid;
310  }
312  {
313  /* Free the SID and return the exception code */
316  }
317  _SEH2_END;
318  }
319  else if (!CaptureIfKernel)
320  {
321  *CapturedSid = InputSid;
322  }
323  else
324  {
326 
327  /* Allocate a SID and copy it */
329  if (NewSid == NULL)
331 
332  RtlCopyMemory(NewSid, Sid, SidSize);
333 
334  *CapturedSid = NewSid;
335  }
336 
337  return STATUS_SUCCESS;
338 }
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define TAG_SID
Definition: sid.c:15
#define PAGED_CODE()
Definition: video.h:57
_SEH2_TRY
Definition: create.c:4250
struct _SID * PISID
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
smooth NULL
Definition: ftsmooth.c:416
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1104
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
unsigned char UCHAR
Definition: xmlstorage.h:181
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
_SEH2_END
Definition: create.c:4424
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:254
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
unsigned int ULONG
Definition: retypes.h:1
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
return STATUS_SUCCESS
Definition: btrfs.c:2966
_Must_inspect_result_ _In_ FLT_CONTEXT_TYPE _In_ SIZE_T _In_ POOL_TYPE PoolType
Definition: fltkernel.h:1444
_In_ PSID _In_ PSID NewSid
Definition: rtlfuncs.h:2815

Referenced by NtCreateToken(), NtSecureConnectPort(), NtSetInformationToken(), and SepAccessCheckAndAuditAlarm().

◆ SepCreateImpersonationTokenDacl()

NTSTATUS NTAPI SepCreateImpersonationTokenDacl ( _In_ PTOKEN  Token,
_In_ PTOKEN  PrimaryToken,
_Out_ PACL Dacl 
)

Definition at line 229 of file acl.c.

233 {
235  PACL TokenDacl;
236 
237  PAGED_CODE();
238 
239  *Dacl = NULL;
240 
241  AclLength = sizeof(ACL) +
242  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
243  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
244  (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid)) +
245  (sizeof(ACE) + RtlLengthSid(Token->UserAndGroups->Sid)) +
246  (sizeof(ACE) + RtlLengthSid(PrimaryToken->UserAndGroups->Sid));
247 
249  if (TokenDacl == NULL)
250  {
252  }
253 
254  RtlCreateAcl(TokenDacl, AclLength, ACL_REVISION);
256  Token->UserAndGroups->Sid);
258  PrimaryToken->UserAndGroups->Sid);
263 
264  if (Token->RestrictedSids != NULL || PrimaryToken->RestrictedSids != NULL)
265  {
268  }
269 
270  *Dacl = TokenDacl;
271 
272  return STATUS_SUCCESS;
273 }
#define GENERIC_ALL
Definition: nt_native.h:92
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
PSID SeRestrictedCodeSid
Definition: sid.c:46
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define PAGED_CODE()
Definition: video.h:57
struct _ACL ACL
smooth NULL
Definition: ftsmooth.c:416
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1553
PSID SeAliasAdminsSid
Definition: sid.c:47
#define TAG_ACL
Definition: tag.h:174
NTSTATUS NTAPI RtlAddAccessAllowedAce(IN OUT PACL Acl, IN ULONG Revision, IN ACCESS_MASK AccessMask, IN PSID Sid)
Definition: acl.c:262
NTSTATUS NTAPI RtlCreateAcl(IN PACL Acl, IN ULONG AclSize, IN ULONG AclRevision)
Definition: acl.c:677
#define ACL_REVISION
Definition: setypes.h:39
PSID SeLocalSystemSid
Definition: sid.c:44
unsigned int ULONG
Definition: retypes.h:1
return STATUS_SUCCESS
Definition: btrfs.c:2966
Definition: rtltypes.h:988
_In_ ULONG AclLength
Definition: rtlfuncs.h:1844

Referenced by NtOpenThreadTokenEx().

◆ SepCreateSystemProcessToken()

PTOKEN NTAPI SepCreateSystemProcessToken ( VOID  )

Definition at line 1145 of file token.c.

1146 {
1148  ULONG GroupAttributes, OwnerAttributes;
1150  LARGE_INTEGER Expiration;
1151  SID_AND_ATTRIBUTES UserSid;
1152  ULONG GroupsLength;
1155  PSID Owner;
1156  ULONG i;
1157  PTOKEN Token;
1158  NTSTATUS Status;
1159 
1160  /* Don't ever expire */
1161  Expiration.QuadPart = -1;
1162 
1163  /* All groups mandatory and enabled */
1166 
1167  /* User is Local System */
1168  UserSid.Sid = SeLocalSystemSid;
1169  UserSid.Attributes = 0;
1170 
1171  /* Primary group is Local System */
1173 
1174  /* Owner is Administrators */
1176 
1177  /* Groups are Administrators, World, and Authenticated Users */
1178  Groups[0].Sid = SeAliasAdminsSid;
1179  Groups[0].Attributes = OwnerAttributes;
1180  Groups[1].Sid = SeWorldSid;
1181  Groups[1].Attributes = GroupAttributes;
1183  Groups[2].Attributes = GroupAttributes;
1184  GroupsLength = sizeof(SID_AND_ATTRIBUTES) +
1185  SeLengthSid(Groups[0].Sid) +
1186  SeLengthSid(Groups[1].Sid) +
1187  SeLengthSid(Groups[2].Sid);
1188  ASSERT(GroupsLength <= sizeof(Groups));
1189 
1190  /* Setup the privileges */
1191  i = 0;
1193  Privileges[i++].Luid = SeTcbPrivilege;
1194 
1195  Privileges[i].Attributes = 0;
1197 
1198  Privileges[i].Attributes = 0;
1200 
1203 
1206 
1207  Privileges[i].Attributes = 0;
1209 
1210  Privileges[i].Attributes = 0;
1212 
1215 
1218 
1220  Privileges[i++].Luid = SeDebugPrivilege;
1221 
1223  Privileges[i++].Luid = SeAuditPrivilege;
1224 
1225  Privileges[i].Attributes = 0;
1226  Privileges[i++].Luid = SeSecurityPrivilege;
1227 
1228  Privileges[i].Attributes = 0;
1230 
1233 
1234  Privileges[i].Attributes = 0;
1235  Privileges[i++].Luid = SeBackupPrivilege;
1236 
1237  Privileges[i].Attributes = 0;
1238  Privileges[i++].Luid = SeRestorePrivilege;
1239 
1240  Privileges[i].Attributes = 0;
1241  Privileges[i++].Luid = SeShutdownPrivilege;
1242 
1243  Privileges[i].Attributes = 0;
1245 
1248 
1249  Privileges[i].Attributes = 0;
1251  ASSERT(i == 20);
1252 
1253  /* Setup the object attributes */
1256 
1257  /* Create the token */
1259  KernelMode,
1260  0,
1262  TokenPrimary,
1265  &Expiration,
1266  &UserSid,
1267  3,
1268  Groups,
1269  GroupsLength,
1270  20,
1271  Privileges,
1272  Owner,
1273  PrimaryGroup,
1276  TRUE);
1278 
1279  /* Return the token */
1280  return Token;
1281 }
const LUID SeSystemEnvironmentPrivilege
Definition: priv.c:43
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define TRUE
Definition: types.h:120
const LUID SeSystemtimePrivilege
Definition: priv.c:33
const LUID SeIncreaseQuotaPrivilege
Definition: priv.c:26
const LUID SeCreateTokenPrivilege
Definition: priv.c:23
const LUID SeCreatePermanentPrivilege
Definition: priv.c:37
const LUID SeDebugPrivilege
Definition: priv.c:41
const LUID SeBackupPrivilege
Definition: priv.c:38
PACL SeSystemDefaultDacl
Definition: acl.c:23
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
LUID SeSystemAuthenticationId
Definition: token.c:38
const LUID SeAssignPrimaryTokenPrivilege
Definition: priv.c:24
PSID SeAuthenticatedUsersSid
Definition: sid.c:55
TOpcodeData Groups[17][8]
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
#define SE_GROUP_OWNER
Definition: setypes.h:93
smooth NULL
Definition: ftsmooth.c:416
const LUID SeLoadDriverPrivilege
Definition: priv.c:31
#define SE_GROUP_ENABLED_BY_DEFAULT
Definition: setypes.h:91
const LUID SeTakeOwnershipPrivilege
Definition: priv.c:30
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1104
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Definition: token.c:882
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1559
#define SE_PRIVILEGE_ENABLED_BY_DEFAULT
Definition: setypes.h:62
const LUID SeCreatePagefilePrivilege
Definition: priv.c:36
const LUID SeRestorePrivilege
Definition: priv.c:39
#define SE_GROUP_ENABLED
Definition: setypes.h:92
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
static const LUID SeChangeNotifyPrivilege
Definition: authpackage.c:167
#define SE_GROUP_MANDATORY
Definition: setypes.h:90
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
PSID SeAliasAdminsSid
Definition: sid.c:47
TOKEN_SOURCE SeSystemTokenSource
Definition: token.c:37
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:414
const LUID SeLockMemoryPrivilege
Definition: priv.c:25
const LUID SeProfileSingleProcessPrivilege
Definition: priv.c:34
PSID SeWorldSid
Definition: sid.c:31
const LUID SeIncreaseBasePriorityPrivilege
Definition: priv.c:35
Status
Definition: gdiplustypes.h:24
const LUID SeTcbPrivilege
Definition: priv.c:28
const LUID SeShutdownPrivilege
Definition: priv.c:40
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1557
const LUID SeSecurityPrivilege
Definition: priv.c:29
PSID SeLocalSystemSid
Definition: sid.c:44
unsigned int ULONG
Definition: retypes.h:1
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
return STATUS_SUCCESS
Definition: btrfs.c:2966
#define SeLengthSid(Sid)
Definition: sefuncs.h:570
const LUID SeAuditPrivilege
Definition: priv.c:42
LONGLONG QuadPart
Definition: typedefs.h:112

Referenced by SepInitializationPhase0().

◆ SepDuplicateToken()

NTSTATUS NTAPI SepDuplicateToken ( _In_ PTOKEN  Token,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ BOOLEAN  EffectiveOnly,
_In_ TOKEN_TYPE  TokenType,
_In_ SECURITY_IMPERSONATION_LEVEL  Level,
_In_ KPROCESSOR_MODE  PreviousMode,
_Out_ PTOKEN NewAccessToken 
)

Definition at line 441 of file token.c.

449 {
451  PTOKEN AccessToken;
452  PVOID EndMem;
453  ULONG VariableLength;
454  ULONG TotalSize;
455 
456  PAGED_CODE();
457 
458  /* Compute how much size we need to allocate for the token */
459  VariableLength = Token->VariableLength;
460  TotalSize = FIELD_OFFSET(TOKEN, VariablePart) + VariableLength;
461 
465  PreviousMode,
466  NULL,
467  TotalSize,
468  0,
469  0,
470  (PVOID*)&AccessToken);
471  if (!NT_SUCCESS(Status))
472  {
473  DPRINT1("ObCreateObject() failed (Status 0x%lx)\n", Status);
474  return Status;
475  }
476 
477  /* Zero out the buffer and initialize the token */
478  RtlZeroMemory(AccessToken, TotalSize);
479 
480  ExAllocateLocallyUniqueId(&AccessToken->TokenId);
481 
482  AccessToken->TokenType = TokenType;
483  AccessToken->ImpersonationLevel = Level;
484 
485  AccessToken->TokenLock = &SepTokenLock; // FIXME: Global lock!
486 
487  /* Copy the immutable fields */
489  &Token->TokenSource.SourceIdentifier);
490  RtlCopyMemory(AccessToken->TokenSource.SourceName,
491  Token->TokenSource.SourceName,
492  sizeof(Token->TokenSource.SourceName));
493 
494  AccessToken->AuthenticationId = Token->AuthenticationId;
495  AccessToken->ParentTokenId = Token->ParentTokenId;
496  AccessToken->ExpirationTime = Token->ExpirationTime;
497  AccessToken->OriginatingLogonSession = Token->OriginatingLogonSession;
498 
499 
500  /* Lock the source token and copy the mutable fields */
502 
503  AccessToken->SessionId = Token->SessionId;
504  RtlCopyLuid(&AccessToken->ModifiedId, &Token->ModifiedId);
505 
506  AccessToken->TokenFlags = Token->TokenFlags & ~TOKEN_SESSION_NOT_REFERENCED;
507 
508  /* Copy and reference the logon session */
509  // RtlCopyLuid(&AccessToken->AuthenticationId, &Token->AuthenticationId);
511  if (!NT_SUCCESS(Status))
512  {
513  /* No logon session could be found, bail out */
514  DPRINT1("SepRmReferenceLogonSession() failed (Status 0x%lx)\n", Status);
515  /* Set the flag for proper cleanup by the delete procedure */
517  goto Quit;
518  }
519 
520  /* Assign the data that reside in the TOKEN's variable information area */
521  AccessToken->VariableLength = VariableLength;
522  EndMem = (PVOID)&AccessToken->VariablePart;
523 
524  /* Copy the privileges */
525  AccessToken->PrivilegeCount = 0;
526  AccessToken->Privileges = NULL;
527  if (Token->Privileges && (Token->PrivilegeCount > 0))
528  {
529  ULONG PrivilegesLength = Token->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
530  PrivilegesLength = ALIGN_UP_BY(PrivilegesLength, sizeof(PVOID));
531 
532  ASSERT(VariableLength >= PrivilegesLength);
533 
534  AccessToken->PrivilegeCount = Token->PrivilegeCount;
535  AccessToken->Privileges = EndMem;
536  EndMem = (PVOID)((ULONG_PTR)EndMem + PrivilegesLength);
537  VariableLength -= PrivilegesLength;
538 
539  RtlCopyMemory(AccessToken->Privileges,
540  Token->Privileges,
541  AccessToken->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
542  }
543 
544  /* Copy the user and groups */
545  AccessToken->UserAndGroupCount = 0;
546  AccessToken->UserAndGroups = NULL;
547  if (Token->UserAndGroups && (Token->UserAndGroupCount > 0))
548  {
549  AccessToken->UserAndGroupCount = Token->UserAndGroupCount;
550  AccessToken->UserAndGroups = EndMem;
551  EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
552  VariableLength -= ((ULONG_PTR)EndMem - (ULONG_PTR)AccessToken->UserAndGroups);
553 
555  Token->UserAndGroups,
556  VariableLength,
557  AccessToken->UserAndGroups,
558  EndMem,
559  &EndMem,
560  &VariableLength);
561  if (!NT_SUCCESS(Status))
562  {
563  DPRINT1("RtlCopySidAndAttributesArray(UserAndGroups) failed (Status 0x%lx)\n", Status);
564  goto Quit;
565  }
566  }
567 
568 #if 1
569  {
570  ULONG PrimaryGroupIndex;
571 
572  /* Find the token primary group */
574  Token->PrimaryGroup,
575  NULL,
576  &PrimaryGroupIndex,
577  NULL);
578  if (!NT_SUCCESS(Status))
579  {
580  DPRINT1("SepFindPrimaryGroupAndDefaultOwner failed (Status 0x%lx)\n", Status);
581  goto Quit;
582  }
583  AccessToken->PrimaryGroup = AccessToken->UserAndGroups[PrimaryGroupIndex].Sid;
584  }
585 #else
586  AccessToken->PrimaryGroup = (PVOID)((ULONG_PTR)AccessToken + (ULONG_PTR)Token->PrimaryGroup - (ULONG_PTR)Token->UserAndGroups);
587 #endif
588  AccessToken->DefaultOwnerIndex = Token->DefaultOwnerIndex;
589 
590  /* Copy the restricted SIDs */
591  AccessToken->RestrictedSidCount = 0;
592  AccessToken->RestrictedSids = NULL;
593  if (Token->RestrictedSids && (Token->RestrictedSidCount > 0))
594  {
595  AccessToken->RestrictedSidCount = Token->RestrictedSidCount;
596  AccessToken->RestrictedSids = EndMem;
597  EndMem = &AccessToken->RestrictedSids[AccessToken->RestrictedSidCount];
598  VariableLength -= ((ULONG_PTR)EndMem - (ULONG_PTR)AccessToken->RestrictedSids);
599 
601  Token->RestrictedSids,
602  VariableLength,
603  AccessToken->RestrictedSids,
604  EndMem,
605  &EndMem,
606  &VariableLength);
607  if (!NT_SUCCESS(Status))
608  {
609  DPRINT1("RtlCopySidAndAttributesArray(RestrictedSids) failed (Status 0x%lx)\n", Status);
610  goto Quit;
611  }
612  }
613 
614 
615  //
616  // FIXME: Implement the "EffectiveOnly" option, that removes all
617  // the disabled parts (privileges and groups) of the token.
618  //
619 
620 
621  //
622  // NOTE: So far our dynamic area only contains
623  // the default dacl, so this makes the following
624  // code pretty simple. The day where it stores
625  // other data, the code will require adaptations.
626  //
627 
628  /* Now allocate the TOKEN's dynamic information area and set the data */
629  AccessToken->DynamicAvailable = 0; // Unused memory in the dynamic area.
630  AccessToken->DynamicPart = NULL;
631  if (Token->DynamicPart && Token->DefaultDacl)
632  {
634  Token->DefaultDacl->AclSize,
636  if (AccessToken->DynamicPart == NULL)
637  {
639  goto Quit;
640  }
641  EndMem = (PVOID)AccessToken->DynamicPart;
642 
643  AccessToken->DefaultDacl = EndMem;
644 
645  RtlCopyMemory(AccessToken->DefaultDacl,
646  Token->DefaultDacl,
647  Token->DefaultDacl->AclSize);
648  }
649 
650  /* Unlock the source token */
652 
653  /* Return the token */
654  *NewAccessToken = AccessToken;
656 
657 Quit:
658  if (!NT_SUCCESS(Status))
659  {
660  /* Unlock the source token */
662 
663  /* Dereference the token, the delete procedure will clean it up */
664  ObDereferenceObject(AccessToken);
665  }
666 
667  return Status;
668 }
TOKEN_TYPE TokenType
Definition: setypes.h:175
#define SepAcquireTokenLockExclusive(Token)
Definition: se.h:200
static NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Definition: token.c:345
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
ERESOURCE SepTokenLock
Definition: token.c:35
LUID AuthenticationId
Definition: setypes.h:155
ULONG VariablePart
Definition: setypes.h:182
NTSYSAPI NTSTATUS NTAPI RtlCopySidAndAttributesArray(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src, _In_ ULONG SidAreaSize, _In_ PSID_AND_ATTRIBUTES Dest, _In_ PSID SidArea, _Out_ PSID *RemainingSidArea, _Out_ PULONG RemainingSidAreaSize)
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR Level
Definition: wmitypes.h:55
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
ULONG PrivilegeCount
Definition: setypes.h:164
NTSYSAPI void WINAPI RtlCopyLuid(PLUID, const LUID *)
PLUID_AND_ATTRIBUTES Privileges
Definition: setypes.h:172
LUID ModifiedId
Definition: setypes.h:160
#define PAGED_CODE()
Definition: video.h:57
uint32_t ULONG_PTR
Definition: typedefs.h:63
ULONG TokenFlags
Definition: setypes.h:177
LUID SourceIdentifier
Definition: imports.h:279
struct _ERESOURCE * TokenLock
Definition: setypes.h:158
ULONG DynamicAvailable
Definition: setypes.h:167
PACL DefaultDacl
Definition: setypes.h:174
smooth NULL
Definition: ftsmooth.c:416
POBJECT_TYPE SeTokenObjectType
Definition: token.c:34
LUID ParentTokenId
Definition: setypes.h:156
ULONG DefaultOwnerIndex
Definition: setypes.h:168
ULONG VariableLength
Definition: setypes.h:165
void * PVOID
Definition: retypes.h:9
ULONG SessionId
Definition: setypes.h:161
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:952
NTSTATUS SepRmReferenceLogonSession(PLUID LogonLuid)
Definition: srm.c:381
ULONG RestrictedSidCount
Definition: setypes.h:163
PULONG DynamicPart
Definition: setypes.h:173
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
PSID PrimaryGroup
Definition: setypes.h:171
LARGE_INTEGER ExpirationTime
Definition: setypes.h:157
if(!(yy_init))
Definition: macro.lex.yy.c:714
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PSID_AND_ATTRIBUTES RestrictedSids
Definition: setypes.h:170
#define SepReleaseTokenLock(Token)
Definition: se.h:211
#define TAG_TOKEN_DYNAMIC
Definition: tag.h:180
CCHAR SourceName[TOKEN_SOURCE_LENGTH]
Definition: imports.h:278
Status
Definition: gdiplustypes.h:24
ULONG UserAndGroupCount
Definition: setypes.h:162
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:340
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:254
LUID TokenId
Definition: setypes.h:154
#define DPRINT1
Definition: precomp.h:8
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:176
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
#define ULONG_PTR
Definition: config.h:101
#define ALIGN_UP_BY(size, align)
PSID_AND_ATTRIBUTES UserAndGroups
Definition: setypes.h:169
TOKEN_SOURCE TokenSource
Definition: setypes.h:153
return STATUS_SUCCESS
Definition: btrfs.c:2966
#define TOKEN_SESSION_NOT_REFERENCED
Definition: setypes.h:1130
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:417
LUID OriginatingLogonSession
Definition: setypes.h:181

Referenced by NtDuplicateToken(), NtOpenThreadTokenEx(), SeCopyClientToken(), and SeSubProcessToken().

◆ SepGetDaclFromDescriptor()

FORCEINLINE PACL SepGetDaclFromDescriptor ( PVOID  _Descriptor)

Definition at line 67 of file se.h.

68 {
71 
72  if (!(Descriptor->Control & SE_DACL_PRESENT)) return NULL;
73 
74  if (Descriptor->Control & SE_SELF_RELATIVE)
75  {
77  if (!SdRel->Dacl) return NULL;
78  return (PACL)((ULONG_PTR)Descriptor + SdRel->Dacl);
79  }
80  else
81  {
82  return Descriptor->Dacl;
83  }
84 }
#define SE_SELF_RELATIVE
Definition: setypes.h:780
#define SE_DACL_PRESENT
Definition: setypes.h:767
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
smooth NULL
Definition: ftsmooth.c:416
#define ULONG_PTR
Definition: config.h:101
struct _SECURITY_DESCRIPTOR * PISECURITY_DESCRIPTOR
_In_ PSTORAGE_PROPERTY_ID _Outptr_ PSTORAGE_DESCRIPTOR_HEADER * Descriptor
Definition: classpnp.h:966

Referenced by RtlGetDaclSecurityDescriptor(), RtlLengthSecurityDescriptor(), RtlpQuerySecurityDescriptor(), RtlValidSecurityDescriptor(), SeCaptureSecurityDescriptor(), and SeFastTraverseCheck().

◆ SepGetGroupFromDescriptor()

FORCEINLINE PSID SepGetGroupFromDescriptor ( PVOID  _Descriptor)

Definition at line 29 of file se.h.

30 {
33 
34  if (Descriptor->Control & SE_SELF_RELATIVE)
35  {
37  if (!SdRel->Group) return NULL;
38  return (PSID)((ULONG_PTR)Descriptor + SdRel->Group);
39  }
40  else
41  {
42  return Descriptor->Group;
43  }
44 }
#define SE_SELF_RELATIVE
Definition: setypes.h:780
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
smooth NULL
Definition: ftsmooth.c:416
#define ULONG_PTR
Definition: config.h:101
struct _SECURITY_DESCRIPTOR * PISECURITY_DESCRIPTOR
_In_ PSTORAGE_PROPERTY_ID _Outptr_ PSTORAGE_DESCRIPTOR_HEADER * Descriptor
Definition: classpnp.h:966

Referenced by RtlGetGroupSecurityDescriptor(), RtlLengthSecurityDescriptor(), RtlpQuerySecurityDescriptor(), RtlValidSecurityDescriptor(), SeCaptureSecurityDescriptor(), and SepAccessCheckAndAuditAlarm().

◆ SepGetOwnerFromDescriptor()

FORCEINLINE PSID SepGetOwnerFromDescriptor ( PVOID  _Descriptor)

Definition at line 48 of file se.h.

49 {
52 
53  if (Descriptor->Control & SE_SELF_RELATIVE)
54  {
56  if (!SdRel->Owner) return NULL;
57  return (PSID)((ULONG_PTR)Descriptor + SdRel->Owner);
58  }
59  else
60  {
61  return Descriptor->Owner;
62  }
63 }
#define SE_SELF_RELATIVE
Definition: setypes.h:780
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
smooth NULL
Definition: ftsmooth.c:416
#define ULONG_PTR
Definition: config.h:101
struct _SECURITY_DESCRIPTOR * PISECURITY_DESCRIPTOR
_In_ PSTORAGE_PROPERTY_ID _Outptr_ PSTORAGE_DESCRIPTOR_HEADER * Descriptor
Definition: classpnp.h:966

Referenced by RtlGetOwnerSecurityDescriptor(), RtlLengthSecurityDescriptor(), RtlpQuerySecurityDescriptor(), RtlValidSecurityDescriptor(), SeCaptureSecurityDescriptor(), SepAccessCheckAndAuditAlarm(), and SepTokenIsOwner().

◆ SepGetSaclFromDescriptor()

FORCEINLINE PACL SepGetSaclFromDescriptor ( PVOID  _Descriptor)

Definition at line 88 of file se.h.

89 {
92 
93  if (!(Descriptor->Control & SE_SACL_PRESENT)) return NULL;
94 
95  if (Descriptor->Control & SE_SELF_RELATIVE)
96  {
98  if (!SdRel->Sacl) return NULL;
99  return (PACL)((ULONG_PTR)Descriptor + SdRel->Sacl);
100  }
101  else
102  {
103  return Descriptor->Sacl;
104  }
105 }
#define SE_SACL_PRESENT
Definition: setypes.h:769
#define SE_SELF_RELATIVE
Definition: setypes.h:780
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
smooth NULL
Definition: ftsmooth.c:416
#define ULONG_PTR
Definition: config.h:101
struct _SECURITY_DESCRIPTOR * PISECURITY_DESCRIPTOR
_In_ PSTORAGE_PROPERTY_ID _Outptr_ PSTORAGE_DESCRIPTOR_HEADER * Descriptor
Definition: classpnp.h:966

Referenced by RtlGetSaclSecurityDescriptor(), RtlLengthSecurityDescriptor(), RtlpQuerySecurityDescriptor(), RtlValidSecurityDescriptor(), and SeCaptureSecurityDescriptor().

◆ SepInitDACLs()

INIT_FUNCTION BOOLEAN NTAPI SepInitDACLs ( VOID  )

Definition at line 34 of file acl.c.

35 {
37 
38  /* create PublicDefaultDacl */
39  AclLength = sizeof(ACL) +
40  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
41  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
42  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
43 
45  AclLength,
46  TAG_ACL);
48  return FALSE;
49 
51  AclLength,
52  ACL_REVISION);
53 
57  SeWorldSid);
58 
63 
68 
69  /* create PublicDefaultUnrestrictedDacl */
70  AclLength = sizeof(ACL) +
71  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
72  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
73  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
75 
77  AclLength,
78  TAG_ACL);
80  return FALSE;
81 
83  AclLength,
84  ACL_REVISION);
85 
89  SeWorldSid);
90 
95 
100 
102  ACL_REVISION,
105 
106  /* create PublicOpenDacl */
107  AclLength = sizeof(ACL) +
108  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
109  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
110  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
111 
113  AclLength,
114  TAG_ACL);
115  if (SePublicOpenDacl == NULL)
116  return FALSE;
117 
119  AclLength,
120  ACL_REVISION);
121 
123  ACL_REVISION,
125  SeWorldSid);
126 
128  ACL_REVISION,
129  GENERIC_ALL,
131 
133  ACL_REVISION,
134  GENERIC_ALL,
136 
137  /* create PublicOpenUnrestrictedDacl */
138  AclLength = sizeof(ACL) +
139  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
140  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
141  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
142  (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
143 
145  AclLength,
146  TAG_ACL);
148  return FALSE;
149 
151  AclLength,
152  ACL_REVISION);
153 
155  ACL_REVISION,
156  GENERIC_ALL,
157  SeWorldSid);
158 
160  ACL_REVISION,
161  GENERIC_ALL,
163 
165  ACL_REVISION,
166  GENERIC_ALL,
168 
170  ACL_REVISION,
173 
174  /* create SystemDefaultDacl */
175  AclLength = sizeof(ACL) +
176  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
177  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
178 
180  AclLength,
181  TAG_ACL);
182  if (SeSystemDefaultDacl == NULL)
183  return FALSE;
184 
186  AclLength,
187  ACL_REVISION);
188 
190  ACL_REVISION,
191  GENERIC_ALL,
193 
195  ACL_REVISION,
198 
199  /* create UnrestrictedDacl */
200  AclLength = sizeof(ACL) +
201  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
202  (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
203 
205  AclLength,
206  TAG_ACL);
207  if (SeUnrestrictedDacl == NULL)
208  return FALSE;
209 
211  AclLength,
212  ACL_REVISION);
213 
215  ACL_REVISION,
216  GENERIC_ALL,
217  SeWorldSid);
218 
220  ACL_REVISION,
223 
224  return TRUE;
225 }
#define GENERIC_ALL
Definition: nt_native.h:92
#define TRUE
Definition: types.h:120
PSID SeRestrictedCodeSid
Definition: sid.c:46
PACL SeSystemDefaultDacl
Definition: acl.c:23
PACL SePublicOpenDacl
Definition: acl.c:25
PACL SePublicOpenUnrestrictedDacl
Definition: acl.c:26
PACL SeUnrestrictedDacl
Definition: acl.c:27
#define GENERIC_WRITE
Definition: nt_native.h:90
struct _ACL ACL
smooth NULL
Definition: ftsmooth.c:416
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
#define READ_CONTROL
Definition: nt_native.h:58
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PSID SeAliasAdminsSid
Definition: sid.c:47
PACL SePublicDefaultUnrestrictedDacl
Definition: acl.c:24
#define GENERIC_READ
Definition: compat.h:124
PSID SeWorldSid
Definition: sid.c:31
#define TAG_ACL
Definition: tag.h:174
PACL SePublicDefaultDacl
Definition: acl.c:22
NTSTATUS NTAPI RtlAddAccessAllowedAce(IN OUT PACL Acl, IN ULONG Revision, IN ACCESS_MASK AccessMask, IN PSID Sid)
Definition: acl.c:262
NTSTATUS NTAPI RtlCreateAcl(IN PACL Acl, IN ULONG AclSize, IN ULONG AclRevision)
Definition: acl.c:677
#define ACL_REVISION
Definition: setypes.h:39
PSID SeLocalSystemSid
Definition: sid.c:44
unsigned int ULONG
Definition: retypes.h:1
#define GENERIC_EXECUTE
Definition: nt_native.h:91
Definition: rtltypes.h:988
_In_ ULONG AclLength
Definition: rtlfuncs.h:1844

Referenced by SepInitializationPhase0().

◆ SepInitializeTokenImplementation()

INIT_FUNCTION VOID NTAPI SepInitializeTokenImplementation ( VOID  )

Definition at line 836 of file token.c.

837 {
839  OBJECT_TYPE_INITIALIZER ObjectTypeInitializer;
840 
841  ExInitializeResource(&SepTokenLock); // FIXME: Global lock!
842 
843  DPRINT("Creating Token Object Type\n");
844 
845  /* Initialize the Token type */
846  RtlZeroMemory(&ObjectTypeInitializer, sizeof(ObjectTypeInitializer));
847  RtlInitUnicodeString(&Name, L"Token");
848  ObjectTypeInitializer.Length = sizeof(ObjectTypeInitializer);
849  ObjectTypeInitializer.InvalidAttributes = OBJ_OPENLINK;
850  ObjectTypeInitializer.SecurityRequired = TRUE;
851  ObjectTypeInitializer.DefaultPagedPoolCharge = sizeof(TOKEN);
852  ObjectTypeInitializer.GenericMapping = SepTokenMapping;
853  ObjectTypeInitializer.PoolType = PagedPool;
854  ObjectTypeInitializer.ValidAccessMask = TOKEN_ALL_ACCESS;
855  ObjectTypeInitializer.UseDefaultObject = TRUE;
856  ObjectTypeInitializer.DeleteProcedure = SepDeleteToken;
857  ObCreateObjectType(&Name, &ObjectTypeInitializer, NULL, &SeTokenObjectType);
858 }
NTSTATUS NTAPI ObCreateObjectType(IN PUNICODE_STRING TypeName, IN POBJECT_TYPE_INITIALIZER ObjectTypeInitializer, IN PVOID Reserved, OUT POBJECT_TYPE *ObjectType)
Definition: oblife.c:1048
#define TRUE
Definition: types.h:120
#define ExInitializeResource
Definition: exfuncs.h:346
ERESOURCE SepTokenLock
Definition: token.c:35
#define OBJ_OPENLINK
Definition: winternl.h:230
struct NameRec_ * Name
Definition: cdprocs.h:464
smooth NULL
Definition: ftsmooth.c:416
POBJECT_TYPE SeTokenObjectType
Definition: token.c:34
void DPRINT(...)
Definition: polytest.cpp:61
#define TOKEN_ALL_ACCESS
Definition: setypes.h:892
static const WCHAR L[]
Definition: oid.c:1250
static GENERIC_MAPPING SepTokenMapping
Definition: token.c:41
GENERIC_MAPPING GenericMapping
Definition: obtypes.h:358
VOID NTAPI SepDeleteToken(PVOID ObjectBody)
Definition: token.c:817
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
OB_DELETE_METHOD DeleteProcedure
Definition: obtypes.h:369
struct _TOKEN TOKEN

Referenced by SepInitializationPhase0().

◆ SepInitPrivileges()

INIT_FUNCTION VOID NTAPI SepInitPrivileges ( VOID  )

Definition at line 64 of file priv.c.

65 {
66 
67 }

Referenced by SepInitializationPhase0().

◆ SepInitSDs()

INIT_FUNCTION BOOLEAN NTAPI SepInitSDs ( VOID  )

Definition at line 34 of file sd.c.

35 {
36  /* Create PublicDefaultSd */
38  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
39  if (SePublicDefaultSd == NULL)
40  return FALSE;
41 
45  TRUE,
47  FALSE);
48 
49  /* Create PublicDefaultUnrestrictedSd */
51  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
53  return FALSE;
54 
58  TRUE,
60  FALSE);
61 
62  /* Create PublicOpenSd */
64  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
65  if (SePublicOpenSd == NULL)
66  return FALSE;
67 
71  TRUE,
73  FALSE);
74 
75  /* Create PublicOpenUnrestrictedSd */
77  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
79  return FALSE;
80 
84  TRUE,
86  FALSE);
87 
88  /* Create SystemDefaultSd */
90  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
91  if (SeSystemDefaultSd == NULL)
92  return FALSE;
93 
97  TRUE,
99  FALSE);
100 
101  /* Create UnrestrictedSd */
103  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
104  if (SeUnrestrictedSd == NULL)
105  return FALSE;
106 
110  TRUE,
112  FALSE);
113 
114  return TRUE;
115 }
#define TRUE
Definition: types.h:120
PACL SePublicDefaultUnrestrictedDacl
Definition: acl.c:24
PSECURITY_DESCRIPTOR SePublicDefaultSd
Definition: sd.c:22
PACL SeSystemDefaultDacl
Definition: acl.c:23
PSECURITY_DESCRIPTOR SeUnrestrictedSd
Definition: sd.c:27
NTSTATUS NTAPI RtlCreateSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Revision)
Definition: sd.c:117
PSECURITY_DESCRIPTOR SePublicOpenSd
Definition: sd.c:24
NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN DaclPresent, IN PACL Dacl, IN BOOLEAN DaclDefaulted)
Definition: sd.c:303
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
PACL SePublicOpenDacl
Definition: acl.c:25
smooth NULL
Definition: ftsmooth.c:416
#define TAG_SD
Definition: tag.h:176
PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
Definition: sd.c:25
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
Definition: sd.c:23
PACL SePublicDefaultDacl
Definition: acl.c:22
PACL SeUnrestrictedDacl
Definition: acl.c:27
PACL SePublicOpenUnrestrictedDacl
Definition: acl.c:26
PSECURITY_DESCRIPTOR SeSystemDefaultSd
Definition: sd.c:26

Referenced by SepInitializationPhase0().

◆ SepInitSecurityIDs()

INIT_FUNCTION BOOLEAN NTAPI SepInitSecurityIDs ( VOID  )

Definition at line 100 of file sid.c.

101 {
102  ULONG SidLength0;
103  ULONG SidLength1;
104  ULONG SidLength2;
105  PULONG SubAuthority;
106 
107  SidLength0 = RtlLengthRequiredSid(0);
108  SidLength1 = RtlLengthRequiredSid(1);
109  SidLength2 = RtlLengthRequiredSid(2);
110 
111  /* create NullSid */
142 
143  if (SeNullSid == NULL || SeWorldSid == NULL ||
147  SeDialupSid == NULL || SeNetworkSid == NULL || SeBatchSid == NULL ||
158  {
160  return FALSE;
161  }
162 
193 
194  SubAuthority = RtlSubAuthoritySid(SeNullSid, 0);
195  *SubAuthority = SECURITY_NULL_RID;
196  SubAuthority = RtlSubAuthoritySid(SeWorldSid, 0);
197  *SubAuthority = SECURITY_WORLD_RID;
198  SubAuthority = RtlSubAuthoritySid(SeLocalSid, 0);
199  *SubAuthority = SECURITY_LOCAL_RID;
200  SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerSid, 0);
201  *SubAuthority = SECURITY_CREATOR_OWNER_RID;
202  SubAuthority = RtlSubAuthoritySid(SeCreatorGroupSid, 0);
203  *SubAuthority = SECURITY_CREATOR_GROUP_RID;
204  SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerServerSid, 0);
205  *SubAuthority = SECURITY_CREATOR_OWNER_SERVER_RID;
206  SubAuthority = RtlSubAuthoritySid(SeCreatorGroupServerSid, 0);
207  *SubAuthority = SECURITY_CREATOR_GROUP_SERVER_RID;
208  SubAuthority = RtlSubAuthoritySid(SeDialupSid, 0);
209  *SubAuthority = SECURITY_DIALUP_RID;
210  SubAuthority = RtlSubAuthoritySid(SeNetworkSid, 0);
211  *SubAuthority = SECURITY_NETWORK_RID;
212  SubAuthority = RtlSubAuthoritySid(SeBatchSid, 0);
213  *SubAuthority = SECURITY_BATCH_RID;
214  SubAuthority = RtlSubAuthoritySid(SeInteractiveSid, 0);
215  *SubAuthority = SECURITY_INTERACTIVE_RID;
216  SubAuthority = RtlSubAuthoritySid(SeServiceSid, 0);
217  *SubAuthority = SECURITY_SERVICE_RID;
218  SubAuthority = RtlSubAuthoritySid(SePrincipalSelfSid, 0);
219  *SubAuthority = SECURITY_PRINCIPAL_SELF_RID;
220  SubAuthority = RtlSubAuthoritySid(SeLocalSystemSid, 0);
221  *SubAuthority = SECURITY_LOCAL_SYSTEM_RID;
222  SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUserSid, 0);
223  *SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
224  SubAuthority = RtlSubAuthoritySid(SeRestrictedCodeSid, 0);
225  *SubAuthority = SECURITY_RESTRICTED_CODE_RID;
226  SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 0);
227  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
228  SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 1);
229  *SubAuthority = DOMAIN_ALIAS_RID_ADMINS;
230  SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 0);
231  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
232  SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 1);
233  *SubAuthority = DOMAIN_ALIAS_RID_USERS;
234  SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 0);
235  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
236  SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 1);
237  *SubAuthority = DOMAIN_ALIAS_RID_GUESTS;
238  SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 0);
239  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
240  SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 1);
241  *SubAuthority = DOMAIN_ALIAS_RID_POWER_USERS;
242  SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 0);
243  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
244  SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 1);
245  *SubAuthority = DOMAIN_ALIAS_RID_ACCOUNT_OPS;
246  SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 0);
247  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
248  SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 1);
249  *SubAuthority = DOMAIN_ALIAS_RID_SYSTEM_OPS;
250  SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 0);
251  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
252  SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 1);
253  *SubAuthority = DOMAIN_ALIAS_RID_PRINT_OPS;
254  SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 0);
255  *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
256  SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 1);
257  *SubAuthority = DOMAIN_ALIAS_RID_BACKUP_OPS;
258  SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUsersSid, 0);
259  *SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
260  SubAuthority = RtlSubAuthoritySid(SeRestrictedSid, 0);
261  *SubAuthority = SECURITY_RESTRICTED_CODE_RID;
262  SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid, 0);
263  *SubAuthority = SECURITY_ANONYMOUS_LOGON_RID;
264  SubAuthority = RtlSubAuthoritySid(SeLocalServiceSid, 0);
265  *SubAuthority = SECURITY_LOCAL_SERVICE_RID;
266  SubAuthority = RtlSubAuthoritySid(SeNetworkServiceSid, 0);
267  *SubAuthority = SECURITY_NETWORK_SERVICE_RID;
268 
269  return TRUE;
270 }
PSID SeLocalServiceSid
Definition: sid.c:58
#define SECURITY_BATCH_RID
Definition: setypes.h:530
#define SECURITY_AUTHENTICATED_USER_RID
Definition: setypes.h:540
#define SECURITY_LOCAL_SYSTEM_RID
Definition: setypes.h:546
#define TRUE
Definition: types.h:120
#define DOMAIN_ALIAS_RID_GUESTS
Definition: setypes.h:626
PSID SeAliasPrintOpsSid
Definition: sid.c:53
VOID NTAPI FreeInitializedSids(VOID)
Definition: sid.c:65
PSID SeAnonymousLogonSid
Definition: sid.c:57
PSID SeBatchSid
Definition: sid.c:40
PSID SeLocalSystemSid
Definition: sid.c:44
PSID SeAliasAdminsSid
Definition: sid.c:47
#define DOMAIN_ALIAS_RID_ACCOUNT_OPS
Definition: setypes.h:629
PSID SeDialupSid
Definition: sid.c:38
#define SECURITY_DIALUP_RID
Definition: setypes.h:528
#define SECURITY_NETWORK_RID
Definition: setypes.h:529
#define TAG_SID
Definition: sid.c:15
#define DOMAIN_ALIAS_RID_POWER_USERS
Definition: setypes.h:627
#define SECURITY_INTERACTIVE_RID
Definition: setypes.h:531
PSID SeAliasBackupOpsSid
Definition: sid.c:54
PSID SePrincipalSelfSid
Definition: sid.c:43
PULONG NTAPI RtlSubAuthoritySid(IN PSID Sid_, IN ULONG SubAuthority)
Definition: sid.c:89
#define SECURITY_PRINCIPAL_SELF_RID
Definition: setypes.h:539
PSID SeCreatorOwnerServerSid
Definition: sid.c:35
SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority
Definition: sid.c:27
smooth NULL
Definition: ftsmooth.c:416
#define SECURITY_LOCAL_SERVICE_RID
Definition: setypes.h:547
#define SECURITY_CREATOR_GROUP_SERVER_RID
Definition: setypes.h:520
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:553
#define DOMAIN_ALIAS_RID_BACKUP_OPS
Definition: setypes.h:632
PSID SeServiceSid
Definition: sid.c:42
#define DOMAIN_ALIAS_RID_SYSTEM_OPS
Definition: setypes.h:630
#define SECURITY_LOCAL_RID
Definition: setypes.h:514
SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority
Definition: sid.c:25
#define SECURITY_WORLD_RID
Definition: setypes.h:513
#define SECURITY_ANONYMOUS_LOGON_RID
Definition: setypes.h:535
PSID SeAliasUsersSid
Definition: sid.c:48
PSID SeAliasGuestsSid
Definition: sid.c:49
#define SECURITY_CREATOR_OWNER_RID
Definition: setypes.h:517
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
#define SECURITY_NULL_RID
Definition: setypes.h:512
PSID SeAuthenticatedUserSid
Definition: sid.c:45
PSID SeWorldSid
Definition: sid.c:31
ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
PSID SeLocalSid
Definition: sid.c:32
PSID SeAuthenticatedUsersSid
Definition: sid.c:55
PSID SeAliasPowerUsersSid
Definition: sid.c:50
#define SECURITY_NETWORK_SERVICE_RID
Definition: setypes.h:548
PSID SeNetworkSid
Definition: sid.c:39
SID_IDENTIFIER_AUTHORITY SeNullSidAuthority
Definition: sid.c:24
#define SECURITY_CREATOR_GROUP_RID
Definition: setypes.h:518
NTSTATUS NTAPI RtlInitializeSid(IN PSID Sid_, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)
Definition: sid.c:68
#define DOMAIN_ALIAS_RID_USERS
Definition: setypes.h:625
unsigned int * PULONG
Definition: retypes.h:1
#define SECURITY_RESTRICTED_CODE_RID
Definition: setypes.h:541
PSID SeCreatorGroupSid
Definition: sid.c:34
PSID SeRestrictedSid
Definition: sid.c:56
PSID SeCreatorGroupServerSid
Definition: sid.c:36
PSID SeNetworkServiceSid
Definition: sid.c:59
#define SECURITY_CREATOR_OWNER_SERVER_RID
Definition: setypes.h:519
PSID SeRestrictedCodeSid
Definition: sid.c:46
#define DOMAIN_ALIAS_RID_PRINT_OPS
Definition: setypes.h:631
#define SECURITY_SERVICE_RID
Definition: setypes.h:534
unsigned int ULONG
Definition: retypes.h:1
SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority
Definition: sid.c:26
PSID SeCreatorOwnerSid
Definition: sid.c:33
PSID SeAliasSystemOpsSid
Definition: sid.c:52
PSID SeInteractiveSid
Definition: sid.c:41
PSID SeNullSid
Definition: sid.c:30
SID_IDENTIFIER_AUTHORITY SeNtSidAuthority
Definition: sid.c:28
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:624
PSID SeNtAuthoritySid
Definition: sid.c:37
PSID SeAliasAccountOpsSid
Definition: sid.c:51

Referenced by SepInitializationPhase0().

◆ SepPrivilegeCheck()

BOOLEAN NTAPI SepPrivilegeCheck ( PTOKEN  Token,
PLUID_AND_ATTRIBUTES  Privileges,
ULONG  PrivilegeCount,
ULONG  PrivilegeControl,
KPROCESSOR_MODE  PreviousMode 
)

Definition at line 72 of file priv.c.

77 {
78  ULONG i;
79  ULONG j;
81 
82  DPRINT("SepPrivilegeCheck() called\n");
83 
84  PAGED_CODE();
85 
86  if (PreviousMode == KernelMode)
87  return TRUE;
88 
89  /* Get the number of privileges that are required to match */
90  Required = (PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY) ? PrivilegeCount : 1;
91 
92  /* Acquire a shared token lock */
94 
95  /* Loop all requested privileges until we found the required ones */
96  for (i = 0; i < PrivilegeCount; i++)
97  {
98  /* Loop the privileges of the token */
99  for (j = 0; j < Token->PrivilegeCount; j++)
100  {
101  /* Check if the LUIDs match */
102  if (RtlEqualLuid(&Token->Privileges[j].Luid, &Privileges[i].Luid))
103  {
104  DPRINT("Found privilege. Attributes: %lx\n",
105  Token->Privileges[j].Attributes);
106 
107  /* Check if the privilege is enabled */
108  if (Token->Privileges[j].Attributes & SE_PRIVILEGE_ENABLED)
109  {
111  Required--;
112 
113  /* Check if we have found all privileges */
114  if (Required == 0)
115  {
116  /* We're done! */
118  return TRUE;
119  }
120  }
121 
122  /* Leave the inner loop */
123  break;
124  }
125  }
126  }
127 
128  /* Release the token lock */
130 
131  /* When we reached this point, we did not find all privileges */
132  ASSERT(Required > 0);
133  return FALSE;
134 }
#define TRUE
Definition: types.h:120
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define PAGED_CODE()
Definition: video.h:57
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
#define PRIVILEGE_SET_ALL_NECESSARY
Definition: setypes.h:83
void DPRINT(...)
Definition: polytest.cpp:61
#define SE_PRIVILEGE_USED_FOR_ACCESS
Definition: setypes.h:65
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
Definition: glfuncs.h:250
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
#define SepReleaseTokenLock(Token)
Definition: se.h:211
#define SepAcquireTokenLockShared(Token)
Definition: se.h:205
unsigned int ULONG
Definition: retypes.h:1
struct _MEMORY_AREA struct _MM_REQUIRED_RESOURCES * Required
Definition: newmm.h:66

Referenced by NtPrivilegeCheck(), SeCheckAuditPrivilege(), SePrivilegeCheck(), and SepSinglePrivilegeCheck().

◆ SepPropagateAcl()

NTSTATUS SepPropagateAcl ( _Out_writes_bytes_opt_(DaclLength) PACL  AclDest,
_Inout_ PULONG  AclLength,
_In_reads_bytes_(AclSource->AclSize) PACL  AclSource,
_In_ PSID  Owner,
_In_ PSID  Group,
_In_ BOOLEAN  IsInherited,
_In_ BOOLEAN  IsDirectoryObject,
_In_ PGENERIC_MAPPING  GenericMapping 
)

◆ SepReleaseAcl()

VOID NTAPI SepReleaseAcl ( IN PACL  CapturedAcl,
IN KPROCESSOR_MODE  AccessMode,
IN BOOLEAN  CaptureIfKernel 
)

Definition at line 365 of file acl.c.

368 {
369  PAGED_CODE();
370 
371  if (CapturedAcl != NULL &&
372  (AccessMode != KernelMode ||
373  (AccessMode == KernelMode && CaptureIfKernel)))
374  {
375  ExFreePoolWithTag(CapturedAcl, TAG_ACL);
376  }
377 }
#define PAGED_CODE()
Definition: video.h:57
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
smooth NULL
Definition: ftsmooth.c:416
#define TAG_ACL
Definition: tag.h:174
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099

Referenced by NtCreateToken().

◆ SepReleaseSecurityQualityOfService()

VOID NTAPI SepReleaseSecurityQualityOfService ( IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService  OPTIONAL,
IN KPROCESSOR_MODE  AccessMode,
IN BOOLEAN  CaptureIfKernel 
)

Definition at line 367 of file sd.c.

370 {
371  PAGED_CODE();
372 
373  if (CapturedSecurityQualityOfService != NULL &&
374  (AccessMode != KernelMode || CaptureIfKernel))
375  {
376  ExFreePoolWithTag(CapturedSecurityQualityOfService, TAG_QOS);
377  }
378 }
#define PAGED_CODE()
Definition: video.h:57
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
smooth NULL
Definition: ftsmooth.c:416
#define TAG_QOS
Definition: tag.h:177
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099

Referenced by NtDuplicateToken().

◆ SepReleaseSid()

VOID NTAPI SepReleaseSid ( IN PSID  CapturedSid,
IN KPROCESSOR_MODE  AccessMode,
IN BOOLEAN  CaptureIfKernel 
)

Definition at line 342 of file sid.c.

345 {
346  PAGED_CODE();
347 
348  if (CapturedSid != NULL &&
349  (AccessMode != KernelMode ||
350  (AccessMode == KernelMode && CaptureIfKernel)))
351  {
352  ExFreePoolWithTag(CapturedSid, TAG_SID);
353  }
354 }
#define TAG_SID
Definition: sid.c:15
#define PAGED_CODE()
Definition: video.h:57
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:396
smooth NULL
Definition: ftsmooth.c:416
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099

Referenced by NtCreateToken(), NtSecureConnectPort(), NtSetInformationToken(), and SepAccessCheckAndAuditAlarm().

◆ SePrivilegedServiceAuditAlarm()

VOID NTAPI SePrivilegedServiceAuditAlarm ( _In_opt_ PUNICODE_STRING  ServiceName,
_In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext,
_In_ PPRIVILEGE_SET  PrivilegeSet,
_In_ BOOLEAN  AccessGranted 
)

Definition at line 214 of file audit.c.

219 {
220  PTOKEN EffectiveToken;
221  PSID UserSid;
222  PAGED_CODE();
223 
224  /* Get the effective token */
225  if (SubjectContext->ClientToken != NULL)
226  EffectiveToken = SubjectContext->ClientToken;
227  else
228  EffectiveToken = SubjectContext->PrimaryToken;
229 
230  /* Get the user SID */
231  UserSid = EffectiveToken->UserAndGroups->Sid;
232 
233  /* Check if this is the local system SID */
234  if (RtlEqualSid(UserSid, SeLocalSystemSid))
235  {
236  /* Nothing to do */
237  return;
238  }
239 
240  /* Check if this is the network service or local service SID */
241  if (RtlEqualSid(UserSid, SeExports->SeNetworkServiceSid) ||
243  {
244  // FIXME: should continue for a certain set of privileges
245  return;
246  }
247 
248  /* Call the worker function */
251  ServiceName,
252  SubjectContext->ClientToken,
253  SubjectContext->PrimaryToken,
254  PrivilegeSet,
255  AccessGranted);
256 
257 }
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239
VOID NTAPI SepAdtPrivilegedServiceAuditAlarm(PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_opt_ PUNICODE_STRING SubsystemName, _In_opt_ PUNICODE_STRING ServiceName, _In_ PTOKEN Token, _In_ PTOKEN PrimaryToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
Definition: audit.c:200
#define PAGED_CODE()
Definition: video.h:57
PSE_EXPORTS SeExports
Definition: semgr.c:18
PSID SeNetworkServiceSid
Definition: setypes.h:1190
smooth NULL
Definition: ftsmooth.c:416
LPTSTR ServiceName
Definition: ServiceMain.c:15
PSID SeLocalServiceSid
Definition: setypes.h:1189
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:414
UNICODE_STRING SeSubsystemName
Definition: audit.c:19
PSID SeLocalSystemSid
Definition: sid.c:44
PSID_AND_ATTRIBUTES UserAndGroups
Definition: setypes.h:169
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)

Referenced by SeCheckAuditPrivilege(), and SeSinglePrivilegeCheck().

◆ SePrivilegePolicyCheck()