Classes
struct	_KNOWN_ACE

struct	_KNOWN_OBJECT_ACE

struct	_KNOWN_COMPOUND_ACE

struct	_ACCESS_CHECK_RIGHTS

struct	_OBJECT_TYPE_LIST_INTERNAL

struct	_TOKEN_AUDIT_POLICY_INFORMATION

Macros
#define	TOKEN_CREATE_METHOD 0xCUL

#define	TOKEN_DUPLICATE_METHOD 0xDUL

#define	TOKEN_FILTER_METHOD 0xFUL

#define	SepAcquireTokenLockExclusive(Token)

#define	SepAcquireTokenLockShared(Token)

#define	SepReleaseTokenLock(Token)

Typedefs
typedef struct _KNOWN_ACE	KNOWN_ACE

typedef struct _KNOWN_ACE *	PKNOWN_ACE

typedef struct _KNOWN_OBJECT_ACE	KNOWN_OBJECT_ACE

typedef struct _KNOWN_OBJECT_ACE *	PKNOWN_OBJECT_ACE

typedef struct _KNOWN_COMPOUND_ACE	KNOWN_COMPOUND_ACE

typedef struct _KNOWN_COMPOUND_ACE *	PKNOWN_COMPOUND_ACE

typedef struct _ACCESS_CHECK_RIGHTS	ACCESS_CHECK_RIGHTS

typedef struct _ACCESS_CHECK_RIGHTS *	PACCESS_CHECK_RIGHTS

typedef struct _OBJECT_TYPE_LIST_INTERNAL	OBJECT_TYPE_LIST_INTERNAL

typedef struct _OBJECT_TYPE_LIST_INTERNAL *	POBJECT_TYPE_LIST_INTERNAL

typedef enum _ACCESS_CHECK_RIGHT_TYPE	ACCESS_CHECK_RIGHT_TYPE

typedef struct _TOKEN_AUDIT_POLICY_INFORMATION	TOKEN_AUDIT_POLICY_INFORMATION

typedef struct _TOKEN_AUDIT_POLICY_INFORMATION *	PTOKEN_AUDIT_POLICY_INFORMATION

Enumerations
enum	_ACCESS_CHECK_RIGHT_TYPE { AccessCheckMaximum , AccessCheckRegular }

Functions
FORCEINLINE PSID	SepGetGroupFromDescriptor (_Inout_ PSECURITY_DESCRIPTOR _Descriptor)

FORCEINLINE PSID	SepGetOwnerFromDescriptor (_Inout_ PSECURITY_DESCRIPTOR _Descriptor)

FORCEINLINE PACL	SepGetDaclFromDescriptor (_Inout_ PSECURITY_DESCRIPTOR _Descriptor)

FORCEINLINE PACL	SepGetSaclFromDescriptor (_Inout_ PSECURITY_DESCRIPTOR _Descriptor)

VOID NTAPI	SepInitializeTokenImplementation (VOID)
	Internal function that initializes critical kernel data for access token implementation in SRM.

PTOKEN NTAPI	SepCreateSystemProcessToken (VOID)
	Creates the system process token.

PTOKEN	SepCreateSystemAnonymousLogonToken (VOID)
	Creates the anonymous logon token for the system. The difference between this token and the other one is the inclusion of everyone SID group (being SeWorldSid). The other token lacks such group.

PTOKEN	SepCreateSystemAnonymousLogonTokenNoEveryone (VOID)
	Creates the anonymous logon token for the system. This kind of token doesn't include the everyone SID group (being SeWorldSid).

NTSTATUS NTAPI	SepDuplicateToken (_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
	Duplicates an access token, from an existing valid token.

NTSTATUS NTAPI	SepCreateToken (_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
	Internal function responsible for access token object creation in the kernel. A fully created token objected is inserted into the token handle, thus the handle becoming a valid handle to an access token object and ready for use.

BOOLEAN NTAPI	SepTokenIsOwner (_In_ PACCESS_TOKEN _Token, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN TokenLocked)
	Checks if a token belongs to the main user, being the owner.

NTSTATUS	SepCreateTokenLock (_Inout_ PTOKEN Token)
	Creates a lock for the token.

VOID	SepDeleteTokenLock (_Inout_ PTOKEN Token)
	Deletes a lock of a token.

VOID	SepUpdatePrivilegeFlagsToken (_Inout_ PTOKEN Token)
	Updates the token's flags based upon the privilege that the token has been granted. The function uses the private helper, SepUpdateSinglePrivilegeFlagToken, in order to update the flags of a token.

NTSTATUS	SepFindPrimaryGroupAndDefaultOwner (_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
	Finds the primary group and default owner entity based on the submitted primary group instance and an access token.

VOID	SepUpdateSinglePrivilegeFlagToken (_Inout_ PTOKEN Token, _In_ ULONG Index)
	Updates the token's flags based upon the privilege that the token has been granted. The flag can either be taken out or given to the token if the attributes of the specified privilege is enabled or not.

VOID	SepRemovePrivilegeToken (_Inout_ PTOKEN Token, _In_ ULONG Index)
	Removes a privilege from the token.

VOID	SepRemoveUserGroupToken (_Inout_ PTOKEN Token, _In_ ULONG Index)
	Removes a group from the token.

ULONG	SepComputeAvailableDynamicSpace (_In_ ULONG DynamicCharged, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl)
	Computes the exact available dynamic area of an access token whilst querying token statistics.

NTSTATUS	SepRebuildDynamicPartOfToken (_In_ PTOKEN Token, _In_ ULONG NewDynamicPartSize)

BOOLEAN NTAPI	SeTokenCanImpersonate (_In_ PTOKEN ProcessToken, _In_ PTOKEN TokenToImpersonate, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
	Determines whether the server is allowed to impersonate on behalf of a client or not. For further details, see Remarks.

VOID NTAPI	SeGetTokenControlInformation (_In_ PACCESS_TOKEN _Token, _Out_ PTOKEN_CONTROL TokenControl)
	Retrieves token control information.

VOID NTAPI	SeDeassignPrimaryToken (_Inout_ PEPROCESS Process)
	Removes the primary token of a process.

NTSTATUS NTAPI	SeSubProcessToken (_In_ PTOKEN Parent, _Out_ PTOKEN *Token, _In_ BOOLEAN InUse, _In_ ULONG SessionId)
	Subtracts a token in exchange of duplicating a new one.

NTSTATUS NTAPI	SeIsTokenChild (_In_ PTOKEN Token, _Out_ PBOOLEAN IsChild)
	Checks if the token is a child of the other token of the current process that the calling thread is invoking this function.

NTSTATUS NTAPI	SeIsTokenSibling (_In_ PTOKEN Token, _Out_ PBOOLEAN IsSibling)
	Checks if the token is a sibling of the other token of the current process that the calling thread is invoking this function.

NTSTATUS NTAPI	SeExchangePrimaryToken (_In_ PEPROCESS Process, _In_ PACCESS_TOKEN NewAccessToken, _Out_ PACCESS_TOKEN *OldAccessToken)
	Replaces the old access token of a process (pointed by the EPROCESS kernel structure) with a new access token. The new access token must be a primary token for use.

NTSTATUS NTAPI	SeCopyClientToken (_In_ PACCESS_TOKEN Token, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PACCESS_TOKEN *NewToken)
	Copies an existing access token (technically duplicating a new one).

BOOLEAN NTAPI	SeTokenIsInert (_In_ PTOKEN Token)
	Determines if a token is a sandbox inert token or not, based upon the token flags.

ULONG	RtlLengthSidAndAttributes (_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src)
	Computes the length size of a SID.

BOOLEAN NTAPI	SeInitSystem (VOID)
	Main security manager initialization function.

NTSTATUS NTAPI	SeDefaultObjectMethod (_In_ PVOID Object, _In_ SECURITY_OPERATION_CODE OperationType, _In_ PSECURITY_INFORMATION SecurityInformation, _Inout_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_opt_ PULONG ReturnLength, _Inout_opt_ PSECURITY_DESCRIPTOR *OldSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)

VOID NTAPI	SeQuerySecurityAccessMask (_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess)
	Queries the access mask from a security information context.

VOID NTAPI	SeSetSecurityAccessMask (_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess)
	Sets the access mask for a security information context.

VOID NTAPI	SepInitPrivileges (VOID)
	Initializes the privileges during the startup phase of the security manager module. This function serves as a placeholder as it currently does nothing.

BOOLEAN NTAPI	SepPrivilegeCheck (_In_ PTOKEN Token, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_ ULONG PrivilegeCount, _In_ ULONG PrivilegeControl, _In_ KPROCESSOR_MODE PreviousMode)
	Checks the privileges pointed by Privileges array argument if they exist and match with the privileges from an access token.

NTSTATUS NTAPI	SePrivilegePolicyCheck (_Inout_ PACCESS_MASK DesiredAccess, _Inout_ PACCESS_MASK GrantedAccess, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PTOKEN Token, _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet, _In_ KPROCESSOR_MODE PreviousMode)
	Checks the security policy and returns a set of privileges based upon the said security policy context.

BOOLEAN NTAPI	SeCheckAuditPrivilege (_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
	Checks a single privilege and performs an audit against a privileged service based on a security subject context.

BOOLEAN NTAPI	SeCheckPrivilegedObject (_In_ LUID PrivilegeValue, _In_ HANDLE ObjectHandle, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE PreviousMode)
	Checks a privileged object if such object has the specific privilege submitted by the caller.

NTSTATUS NTAPI	SeCaptureLuidAndAttributesArray (_In_ PLUID_AND_ATTRIBUTES Src, _In_ ULONG PrivilegeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_ PLUID_AND_ATTRIBUTES AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PLUID_AND_ATTRIBUTES *Dest, _Inout_ PULONG Length)

VOID NTAPI	SeReleaseLuidAndAttributesArray (_In_ PLUID_AND_ATTRIBUTES Privilege, _In_ KPROCESSOR_MODE PreviousMode, _In_ BOOLEAN CaptureIfKernel)
	Releases a LUID with attributes structure.

BOOLEAN NTAPI	SepInitSecurityIDs (VOID)
	Initializes all the SIDs known in the system.

NTSTATUS NTAPI	SepCaptureSid (_In_ PSID InputSid, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID *CapturedSid)
	Captures a SID.

VOID NTAPI	SepReleaseSid (_In_ PSID CapturedSid, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
	Releases a captured SID.

BOOLEAN NTAPI	SepSidInToken (_In_ PACCESS_TOKEN _Token, _In_ PSID Sid)
	Checks if a SID is present in a token.

BOOLEAN NTAPI	SepSidInTokenEx (_In_ PACCESS_TOKEN _Token, _In_ PSID PrincipalSelfSid, _In_ PSID _Sid, _In_ BOOLEAN Deny, _In_ BOOLEAN Restricted)
	Checks if a SID is present in a token.

PSID NTAPI	SepGetSidFromAce (_In_ PACE Ace)
	Captures a security identifier from a given access control entry. This identifier is valid for the whole of its lifetime.

NTSTATUS NTAPI	SeCaptureSidAndAttributesArray (_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
	Captures a SID with attributes.

VOID NTAPI	SeReleaseSidAndAttributesArray (_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
	Releases a captured SID with attributes.

BOOLEAN NTAPI	SepInitDACLs (VOID)
	Initializes known discretionary access control lists in the system upon kernel and Executive initialization procedure.

NTSTATUS NTAPI	SepCreateImpersonationTokenDacl (_In_ PTOKEN Token, _In_ PTOKEN PrimaryToken, _Out_ PACL *Dacl)
	Allocates a discretionary access control list based on certain properties of a regular and primary access tokens.

NTSTATUS NTAPI	SepCaptureAcl (_In_ PACL InputAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PACL *CapturedAcl)
	Captures an access control list from an already valid input ACL.

VOID NTAPI	SepReleaseAcl (_In_ PACL CapturedAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
	Releases (frees) a captured ACL from the memory pool.

NTSTATUS	SepPropagateAcl (_Out_writes_bytes_opt_(DaclLength) PACL AclDest, _Inout_ PULONG AclLength, _In_reads_bytes_(AclSource->AclSize) PACL AclSource, _In_ PSID Owner, _In_ PSID Group, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)

PACL	SepSelectAcl (_In_opt_ PACL ExplicitAcl, _In_ BOOLEAN ExplicitPresent, _In_ BOOLEAN ExplicitDefaulted, _In_opt_ PACL ParentAcl, _In_opt_ PACL DefaultAcl, _Out_ PULONG AclLength, _In_ PSID Owner, _In_ PSID Group, _Out_ PBOOLEAN AclPresent, _Out_ PBOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
	Selects an ACL and returns it to the caller.

BOOLEAN NTAPI	SepInitSDs (VOID)
	Initializes the known security descriptors in the system.

NTSTATUS NTAPI	SeSetWorldSecurityDescriptor (_In_ SECURITY_INFORMATION SecurityInformation, _In_ PISECURITY_DESCRIPTOR SecurityDescriptor, _In_ PULONG BufferLength)
	Sets a "World" security descriptor.

NTSTATUS NTAPI	SeComputeQuotaInformationSize (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PULONG QuotaInfoSize)

BOOLEAN NTAPI	SeRmInitPhase0 (VOID)
	Manages the phase 0 initialization of the security reference monitoring module of the kernel.

BOOLEAN NTAPI	SeRmInitPhase1 (VOID)
	Manages the phase 1 initialization of the security reference monitoring module of the kernel.

NTSTATUS NTAPI	SepRmInsertLogonSessionIntoToken (_Inout_ PTOKEN Token)
	Inserts a logon session into an access token specified by the caller.

NTSTATUS NTAPI	SepRmRemoveLogonSessionFromToken (_Inout_ PTOKEN Token)
	Removes a logon session from an access token.

NTSTATUS	SepRmReferenceLogonSession (_Inout_ PLUID LogonLuid)

NTSTATUS	SepRmDereferenceLogonSession (_Inout_ PLUID LogonLuid)

NTSTATUS NTAPI	SepRegQueryHelper (_In_ PCWSTR KeyName, _In_ PCWSTR ValueName, _In_ ULONG ValueType, _In_ ULONG DataLength, _Out_ PVOID ValueData)
	A private registry helper that returns the desired value data based on the specifics requested by the caller.

NTSTATUS NTAPI	SeGetLogonIdDeviceMap (_In_ PLUID LogonId, _Out_ PDEVICE_MAP *DeviceMap)
	Retrieves the DOS device map from a logon session.

NTSTATUS NTAPI	SeInitializeProcessAuditName (_In_ PFILE_OBJECT FileObject, _In_ BOOLEAN DoAudit, _Out_ POBJECT_NAME_INFORMATION *AuditInfo)
	Initializes a process audit name and returns it to the caller.

BOOLEAN NTAPI	SeDetailedAuditingWithToken (_In_ PTOKEN Token)
	Peforms a detailed security auditing with an access token.

VOID NTAPI	SeAuditProcessExit (_In_ PEPROCESS Process)
	Peforms a security auditing against a process that is about to be terminated.

VOID NTAPI	SeAuditProcessCreate (_In_ PEPROCESS Process)
	Peforms a security auditing against a process that is about to be created.

VOID NTAPI	SePrivilegedServiceAuditAlarm (_In_opt_ PUNICODE_STRING ServiceName, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN AccessGranted)
	Performs an audit alarm to a privileged service request.

VOID NTAPI	SeCaptureSubjectContextEx (_In_ PETHREAD Thread, _In_ PEPROCESS Process, _Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
	An extended function that captures the security subject context based upon the specified thread and process.

NTSTATUS NTAPI	SepCaptureSecurityQualityOfService (_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, _Out_ PBOOLEAN Present)
	Captures the security quality of service data given the object attributes from an object.

VOID NTAPI	SepReleaseSecurityQualityOfService (_In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
	Releases (frees) the captured SQOS data from an object in the memory pool.

PGUID	SepGetObjectTypeGuidFromAce (_In_ PACE Ace, _In_ BOOLEAN IsAceDenied)
	Captures an object type GUID from an object access control entry (ACE).

BOOLEAN	SepObjectTypeGuidInList (_In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST_INTERNAL ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGUID ObjectTypeGuid, _Out_ PULONG ObjectIndex)
	Searches for an object type GUID if it exists on an object type list.

NTSTATUS	SeCaptureObjectTypeList (_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ KPROCESSOR_MODE PreviousMode, _Out_ POBJECT_TYPE_LIST_INTERNAL *CapturedObjectTypeList)
	Captures a list of object types and converts it to an internal form for use by the kernel. The list is validated before its data is copied.

VOID	SeReleaseObjectTypeList (_In_ _Post_invalid_ POBJECT_TYPE_LIST_INTERNAL CapturedObjectTypeList, _In_ KPROCESSOR_MODE PreviousMode)
	Releases a buffer list of object types.

NTSTATUS NTAPI	SeCreateAccessStateEx (_In_ PETHREAD Thread, _In_ PEPROCESS Process, _In_ OUT PACCESS_STATE AccessState, _In_ PAUX_ACCESS_DATA AuxData, _In_ ACCESS_MASK Access, _In_ PGENERIC_MAPPING GenericMapping)

BOOLEAN NTAPI	SeFastTraverseCheck (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE AccessMode)
	Determines whether security access rights can be given to an object depending on the security descriptor. Unlike the regular access check procedure in the NT kernel, the fast traverse check is a faster way to quickly check if access can be made into an object.

Variables
SID_IDENTIFIER_AUTHORITY	SeNullSidAuthority

SID_IDENTIFIER_AUTHORITY	SeWorldSidAuthority

SID_IDENTIFIER_AUTHORITY	SeLocalSidAuthority

SID_IDENTIFIER_AUTHORITY	SeCreatorSidAuthority

SID_IDENTIFIER_AUTHORITY	SeNtSidAuthority

PSID	SeNullSid

PSID	SeWorldSid

PSID	SeLocalSid

PSID	SeCreatorOwnerSid

PSID	SeCreatorGroupSid

PSID	SeCreatorOwnerServerSid

PSID	SeCreatorGroupServerSid

PSID	SeNtAuthoritySid

PSID	SeDialupSid

PSID	SeNetworkSid

PSID	SeBatchSid

PSID	SeInteractiveSid

PSID	SeServiceSid

PSID	SeAnonymousLogonSid

PSID	SePrincipalSelfSid

PSID	SeLocalSystemSid

PSID	SeAuthenticatedUserSid

PSID	SeRestrictedCodeSid

PSID	SeAliasAdminsSid

PSID	SeAliasUsersSid

PSID	SeAliasGuestsSid

PSID	SeAliasPowerUsersSid

PSID	SeAliasAccountOpsSid

PSID	SeAliasSystemOpsSid

PSID	SeAliasPrintOpsSid

PSID	SeAliasBackupOpsSid

PSID	SeAuthenticatedUsersSid

PSID	SeRestrictedSid

PSID	SeLocalServiceSid

PSID	SeNetworkServiceSid

const LUID	SeCreateTokenPrivilege

const LUID	SeAssignPrimaryTokenPrivilege

const LUID	SeLockMemoryPrivilege

const LUID	SeIncreaseQuotaPrivilege

const LUID	SeUnsolicitedInputPrivilege

const LUID	SeTcbPrivilege

const LUID	SeSecurityPrivilege

const LUID	SeTakeOwnershipPrivilege

const LUID	SeLoadDriverPrivilege

const LUID	SeSystemProfilePrivilege

const LUID	SeSystemtimePrivilege

const LUID	SeProfileSingleProcessPrivilege

const LUID	SeIncreaseBasePriorityPrivilege

const LUID	SeCreatePagefilePrivilege

const LUID	SeCreatePermanentPrivilege

const LUID	SeBackupPrivilege

const LUID	SeRestorePrivilege

const LUID	SeShutdownPrivilege

const LUID	SeDebugPrivilege

const LUID	SeAuditPrivilege

const LUID	SeSystemEnvironmentPrivilege

const LUID	SeChangeNotifyPrivilege

const LUID	SeRemoteShutdownPrivilege

const LUID	SeUndockPrivilege

const LUID	SeSyncAgentPrivilege

const LUID	SeEnableDelegationPrivilege

const LUID	SeManageVolumePrivilege

const LUID	SeImpersonatePrivilege

const LUID	SeCreateGlobalPrivilege

const LUID	SeTrustedCredmanPrivilege

const LUID	SeRelabelPrivilege

const LUID	SeIncreaseWorkingSetPrivilege

const LUID	SeTimeZonePrivilege

const LUID	SeCreateSymbolicLinkPrivilege

PACL	SePublicDefaultUnrestrictedDacl

PACL	SePublicOpenDacl

PACL	SePublicOpenUnrestrictedDacl

PACL	SeUnrestrictedDacl

PACL	SeSystemAnonymousLogonDacl

PSECURITY_DESCRIPTOR	SePublicDefaultSd

PSECURITY_DESCRIPTOR	SePublicDefaultUnrestrictedSd

PSECURITY_DESCRIPTOR	SePublicOpenSd

PSECURITY_DESCRIPTOR	SePublicOpenUnrestrictedSd

PSECURITY_DESCRIPTOR	SeSystemDefaultSd

PSECURITY_DESCRIPTOR	SeUnrestrictedSd

PSECURITY_DESCRIPTOR	SeSystemAnonymousLogonSd

PTOKEN	SeAnonymousLogonToken

PTOKEN	SeAnonymousLogonTokenNoEveryone

Macro Definition Documentation

◆ SepAcquireTokenLockExclusive

#define SepAcquireTokenLockExclusive ( Token )

Value:

{                                                                              \
    KeEnterCriticalRegion();                                                   \
    ExAcquireResourceExclusiveLite(((PTOKEN)Token)->TokenLock, TRUE);          \
}

Definition at line 285 of file se.h.

◆ SepAcquireTokenLockShared

#define SepAcquireTokenLockShared ( Token )

Value:

{                                                                              \
    KeEnterCriticalRegion();                                                   \
    ExAcquireResourceSharedLite(((PTOKEN)Token)->TokenLock, TRUE);             \
}

Definition at line 290 of file se.h.

◆ SepReleaseTokenLock

#define SepReleaseTokenLock ( Token )

Value:

{                                                                              \
    ExReleaseResourceLite(((PTOKEN)Token)->TokenLock);                         \
    KeLeaveCriticalRegion();                                                   \
}

Definition at line 296 of file se.h.

◆ TOKEN_CREATE_METHOD

#define TOKEN_CREATE_METHOD 0xCUL

Definition at line 80 of file se.h.

◆ TOKEN_DUPLICATE_METHOD

#define TOKEN_DUPLICATE_METHOD 0xDUL

Definition at line 81 of file se.h.

◆ TOKEN_FILTER_METHOD

#define TOKEN_FILTER_METHOD 0xFUL

Definition at line 82 of file se.h.

Typedef Documentation

◆ ACCESS_CHECK_RIGHT_TYPE

typedef enum _ACCESS_CHECK_RIGHT_TYPE ACCESS_CHECK_RIGHT_TYPE

◆ ACCESS_CHECK_RIGHTS

typedef struct _ACCESS_CHECK_RIGHTS ACCESS_CHECK_RIGHTS

◆ KNOWN_ACE

typedef struct _KNOWN_ACE KNOWN_ACE

◆ KNOWN_COMPOUND_ACE

typedef struct _KNOWN_COMPOUND_ACE KNOWN_COMPOUND_ACE

◆ KNOWN_OBJECT_ACE

typedef struct _KNOWN_OBJECT_ACE KNOWN_OBJECT_ACE

◆ OBJECT_TYPE_LIST_INTERNAL

typedef struct _OBJECT_TYPE_LIST_INTERNAL OBJECT_TYPE_LIST_INTERNAL

◆ PACCESS_CHECK_RIGHTS

typedef struct _ACCESS_CHECK_RIGHTS * PACCESS_CHECK_RIGHTS

◆ PKNOWN_ACE

typedef struct _KNOWN_ACE * PKNOWN_ACE

◆ PKNOWN_COMPOUND_ACE

typedef struct _KNOWN_COMPOUND_ACE * PKNOWN_COMPOUND_ACE

◆ PKNOWN_OBJECT_ACE

typedef struct _KNOWN_OBJECT_ACE * PKNOWN_OBJECT_ACE

◆ POBJECT_TYPE_LIST_INTERNAL

typedef struct _OBJECT_TYPE_LIST_INTERNAL * POBJECT_TYPE_LIST_INTERNAL

◆ PTOKEN_AUDIT_POLICY_INFORMATION

typedef struct _TOKEN_AUDIT_POLICY_INFORMATION * PTOKEN_AUDIT_POLICY_INFORMATION

◆ TOKEN_AUDIT_POLICY_INFORMATION

typedef struct _TOKEN_AUDIT_POLICY_INFORMATION TOKEN_AUDIT_POLICY_INFORMATION

Enumeration Type Documentation

◆ _ACCESS_CHECK_RIGHT_TYPE

enum _ACCESS_CHECK_RIGHT_TYPE

Enumerator
AccessCheckMaximum
AccessCheckRegular

Definition at line 58 of file se.h.

{
    AccessCheckMaximum,
    AccessCheckRegular
} ACCESS_CHECK_RIGHT_TYPE;

Function Documentation

◆ RtlLengthSidAndAttributes()

ULONG RtlLengthSidAndAttributes	(	_In_ ULONG	Count,
		_In_ PSID_AND_ATTRIBUTES	Src
	)

Computes the length size of a SID.

Parameters

[in]	Count	Total count of entries that have SIDs in them (that being PSID_AND_ATTRIBUTES in this context).
[in]	Src	Source that points to the attributes and SID entry structure.

Returns: Returns the total length of a SID size.

Definition at line 965 of file token.c.

{
    ULONG i;
    ULONG uLength;
 
    PAGED_CODE();
 
    uLength = Count * sizeof(SID_AND_ATTRIBUTES);
    for (i = 0; i < Count; i++)
        uLength += RtlLengthSid(Src[i].Sid);
 
    return uLength;
}

Referenced by NtQueryInformationToken(), SepPerformTokenFiltering(), and SeQueryInformationToken().

◆ SeAuditProcessCreate()

VOID NTAPI SeAuditProcessCreate ( _In_ PEPROCESS Process )

Peforms a security auditing against a process that is about to be created.

@unimplemented

Parameters

[in] Process An object that points to a process which is in process of creation.

Returns: Nothing.

Definition at line 56 of file audit.c.

{
    /* FIXME */
}

Referenced by PspCreateProcess().

◆ SeAuditProcessExit()

VOID NTAPI SeAuditProcessExit ( _In_ PEPROCESS Process )

Peforms a security auditing against a process that is about to be terminated.

@unimplemented

Parameters

[in] Process An object that points to a process which is in process of termination.

Returns: Nothing.

Definition at line 77 of file audit.c.

{
    /* FIXME */
}

Referenced by PspExitThread().

◆ SeCaptureLuidAndAttributesArray()

NTSTATUS NTAPI SeCaptureLuidAndAttributesArray	(	_In_ PLUID_AND_ATTRIBUTES	Src,
		_In_ ULONG	PrivilegeCount,
		_In_ KPROCESSOR_MODE	PreviousMode,
		_In_ PLUID_AND_ATTRIBUTES	AllocatedMem,
		_In_ ULONG	AllocatedLength,
		_In_ POOL_TYPE	PoolType,
		_In_ BOOLEAN	CaptureIfKernel,
		_Out_ PLUID_AND_ATTRIBUTES *	Dest,
		_Inout_ PULONG	Length
	)

Referenced by NtAdjustPrivilegesToken(), NtCreateToken(), and NtFilterToken().

◆ SeCaptureObjectTypeList()

NTSTATUS SeCaptureObjectTypeList	(	_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST	ObjectTypeList,
		_In_ ULONG	ObjectTypeListLength,
		_In_ KPROCESSOR_MODE	PreviousMode,
		_Out_ POBJECT_TYPE_LIST_INTERNAL *	CapturedObjectTypeList
	)

Captures a list of object types and converts it to an internal form for use by the kernel. The list is validated before its data is copied.

Parameters

[in]	ObjectTypeList	A pointer to a list of object types passed from UM to be captured.
[in]	ObjectTypeListLength	The length size of the list. This length represents the number of object elements in that list.
[in]	PreviousMode	Processor access level mode. This has to be set to UserMode as object type access check is not supported in the kernel.
[out]	CapturedObjectTypeList	A pointer to a returned captured list of object types.

Returns: Returns STATUS_SUCCESS if the list of object types has been captured successfully. STATUS_INVALID_PARAMETER is returned if the caller hasn't supplied a buffer list of object types or the list is invalid. STATUS_INSUFFICIENT_RESOURCES is returned if pool memory allocation for the captured list has failed.

Definition at line 282 of file objtype.c.

{
    NTSTATUS Status;
    ULONG ObjectTypeIndex;
    SIZE_T Size;
    PGUID ObjectTypeGuid;
    POBJECT_TYPE_LIST_INTERNAL InternalTypeList;
 
    PAGED_CODE();
 
    /* We do not support that in the kernel */
    if (PreviousMode == KernelMode)
    {
        return STATUS_NOT_IMPLEMENTED;
    }
 
    /* No count elements of objects means no captured list for you */
    if (ObjectTypeListLength == 0)
    {
        *CapturedObjectTypeList = NULL;
        return STATUS_SUCCESS;
    }
 
    /* Check if the caller supplied a list since we have the count of elements */
    if (ObjectTypeList == NULL)
    {
        DPRINT1("The caller did not provide a list of object types!\n");
        return STATUS_INVALID_PARAMETER;
    }
 
    /* Validate that list before we copy contents from it */
    Status = SepValidateObjectTypeList(ObjectTypeList, ObjectTypeListLength);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("SepValidateObjectTypeList failed (Status 0x%08lx)\n", Status);
        return Status;
    }
 
    /* Allocate a new list */
    Size = ObjectTypeListLength * sizeof(OBJECT_TYPE_LIST_INTERNAL);
    InternalTypeList = ExAllocatePoolWithTag(PagedPool, Size, TAG_SEPA);
    if (InternalTypeList == NULL)
    {
        DPRINT1("Failed to allocate pool memory for the object type list!\n");
        return STATUS_INSUFFICIENT_RESOURCES;
    }
 
    _SEH2_TRY
    {
        /* Loop for every object element, data was already probed */
        for (ObjectTypeIndex = 0;
             ObjectTypeIndex < ObjectTypeListLength;
             ObjectTypeIndex++)
        {
            /* Copy the object type GUID */
            ObjectTypeGuid = ObjectTypeList[ObjectTypeIndex].ObjectType;
            InternalTypeList[ObjectTypeIndex].ObjectTypeGuid = *ObjectTypeGuid;
 
            /* Copy the object hierarchy level */
            InternalTypeList[ObjectTypeIndex].Level = ObjectTypeList[ObjectTypeIndex].Level;
 
            /* Initialize the access check rights */
            InternalTypeList[ObjectTypeIndex].ObjectAccessRights.RemainingAccessRights = 0;
            InternalTypeList[ObjectTypeIndex].ObjectAccessRights.GrantedAccessRights = 0;
            InternalTypeList[ObjectTypeIndex].ObjectAccessRights.DeniedAccessRights = 0;
        }
 
        /* Give the captured list to caller */
        *CapturedObjectTypeList = InternalTypeList;
    }
    _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
    {
        ExFreePoolWithTag(InternalTypeList, TAG_SEPA);
        InternalTypeList = NULL;
        _SEH2_YIELD(return _SEH2_GetExceptionCode());
    }
    _SEH2_END;
 
    return STATUS_SUCCESS;
}

Referenced by SepAccessCheck(), and SepAccessCheckAndAuditAlarm().

◆ SeCaptureSidAndAttributesArray()

NTSTATUS NTAPI SeCaptureSidAndAttributesArray	(	_In_ PSID_AND_ATTRIBUTES	SrcSidAndAttributes,
		_In_ ULONG	AttributeCount,
		_In_ KPROCESSOR_MODE	PreviousMode,
		_In_opt_ PVOID	AllocatedMem,
		_In_ ULONG	AllocatedLength,
		_In_ POOL_TYPE	PoolType,
		_In_ BOOLEAN	CaptureIfKernel,
		_Out_ PSID_AND_ATTRIBUTES *	CapturedSidAndAttributes,
		_Out_ PULONG	ResultLength
	)

Captures a SID with attributes.

Parameters

[in]	SrcSidAndAttributes	Source of the SID with attributes to be captured.
[in]	AttributeCount	The number count of attributes, in total.
[in]	PreviousMode	Processor access level mode.
[in]	AllocatedMem	The allocated memory buffer for the captured SID. If the caller supplies no allocated block of memory then the function will allocate some buffer block of memory for the captured SID automatically.
[in]	AllocatedLength	The length of the buffer that points to the allocated memory, in bytes.
[in]	PoolType	The pool type for the captured SID and attributes to assign.
[in]	CaptureIfKernel	If set to TRUE, the capturing is done within the kernel. Otherwise the capturing is done in a kernel mode driver.
[out]	CapturedSidAndAttributes	The captured SID and attributes.
[out]	ResultLength	The length of the captured SID and attributes, in bytes.

Returns: Returns STATUS_SUCCESS if SID and attributes capturing has been completed successfully. STATUS_INVALID_PARAMETER is returned if the count of attributes exceeds the maximum threshold that the kernel can permit, with the purpose of avoiding integer overflows. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the captured SID has failed. STATUS_BUFFER_TOO_SMALL is returned if the length of the allocated buffer is less than the required size. STATUS_INVALID_SID is returned if a SID doesn't meet certain requirements to be considered a valid SID by the security manager. A failure NTSTATUS code is returned otherwise.

Remarks: A security identifier (SID) is a variable-length data structure that can change in size over time, depending on the factors that influence this effect in question. An attacker can take advantage of this fact and can potentially modify certain properties of a SID making it different in size than it was originally before. This is what we'd call, a TOCTOU vulnerability.

For this reason, the logic of copying the SIDs and their attributes into a new buffer goes like this: first, allocate a buffer array that just holds the lengths and subauthority count of each SID. Such information is copied in the first loop. Then in a second loop, iterate over the array with SID provided and copy them into the final array. The moment we're doing this, validate the lengths of each SID basing upon the captured lengths we've got before. In this way we ensure that the SIDs have remained intact. The validation checks are done in user mode as a general rule that we just cannot trust UM and whatever data is coming from it.

Definition at line 693 of file sid.c.

{
    ULONG ArraySize, RequiredLength, SidLength, i;
    ULONG TempArrayValidate, TempLengthValidate;
    PSID_AND_ATTRIBUTES SidAndAttributes;
    _SEH2_VOLATILE PSID_VALIDATE ValidateArray;
    PUCHAR CurrentDest;
    PISID Sid;
    NTSTATUS Status;
    PAGED_CODE();
 
    ValidateArray = NULL;
    SidAndAttributes = NULL;
    *CapturedSidAndAttributes = NULL;
    *ResultLength = 0;
 
    if (AttributeCount == 0)
    {
        return STATUS_SUCCESS;
    }
 
    if (AttributeCount > SE_MAXIMUM_GROUP_LIMIT)
    {
        DPRINT1("SeCaptureSidAndAttributesArray(): Maximum group limit exceeded!\n");
        return STATUS_INVALID_PARAMETER;
    }
 
    if ((PreviousMode == KernelMode) && !CaptureIfKernel)
    {
        *CapturedSidAndAttributes = SrcSidAndAttributes;
        return STATUS_SUCCESS;
    }
 
    ArraySize = AttributeCount * sizeof(SID_AND_ATTRIBUTES);
    RequiredLength = ALIGN_UP_BY(ArraySize, sizeof(ULONG));
 
    if (PreviousMode != KernelMode)
    {
        /* Check for user mode data */
        _SEH2_TRY
        {
            /* First probe the whole array */
            ProbeForRead(SrcSidAndAttributes, ArraySize, sizeof(ULONG));
 
            /* We're in user mode, set up the size for the temporary array */
            TempArrayValidate = AttributeCount * sizeof(SID_VALIDATE);
            TempLengthValidate = ALIGN_UP_BY(TempArrayValidate, sizeof(ULONG));
 
            /*
             * Allocate a buffer for the array that we're going to
             * temporarily hold the subauthority count and the SID
             * elements. We'll be going to use this array to perform
             * validation checks later.
             */
            ValidateArray = ExAllocatePoolWithTag(PoolType | POOL_RAISE_IF_ALLOCATION_FAILURE,
                                                  TempLengthValidate,
                                                  TAG_SID_VALIDATE);
 
            /* Loop the array elements */
            for (i = 0; i < AttributeCount; i++)
            {
                /* Get the SID and probe the minimal structure */
                Sid = SrcSidAndAttributes[i].Sid;
                ProbeForRead(Sid, sizeof(*Sid), sizeof(ULONG));
 
                /*
                 * Capture the subauthority count and hold it
                 * into the temporary array for later validation.
                 * This way we ensure that the said count of each
                 * SID has remained the same.
                 */
                ValidateArray[i].SubAuthorityCount = Sid->SubAuthorityCount;
 
                /* Capture the SID */
                ValidateArray[i].ProbeSid = Sid;
 
                /* Calculate the SID length and probe the full SID */
                SidLength = RtlLengthRequiredSid(ValidateArray[i].SubAuthorityCount);
                ProbeForRead(ValidateArray[i].ProbeSid, SidLength, sizeof(ULONG));
 
                /* Add the aligned length to the required length */
                RequiredLength += ALIGN_UP_BY(SidLength, sizeof(ULONG));
            }
        }
        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
        {
            Status = _SEH2_GetExceptionCode();
            _SEH2_YIELD(goto Cleanup);
        }
        _SEH2_END;
    }
    else
    {
        /* Loop the array elements */
        for (i = 0; i < AttributeCount; i++)
        {
            /* Get the SID and it's length */
            Sid = SrcSidAndAttributes[i].Sid;
            SidLength = RtlLengthRequiredSid(Sid->SubAuthorityCount);
 
            /* Add the aligned length to the required length */
            RequiredLength += ALIGN_UP_BY(SidLength, sizeof(ULONG));
        }
    }
 
    /* Assume success */
    Status = STATUS_SUCCESS;
    *ResultLength = RequiredLength;
 
    /* Check if we have no buffer */
    if (AllocatedMem == NULL)
    {
        /* Allocate a new buffer */
        SidAndAttributes = ExAllocatePoolWithTag(PoolType,
                                                 RequiredLength,
                                                 TAG_SID_AND_ATTRIBUTES);
        if (SidAndAttributes == NULL)
        {
            DPRINT1("SeCaptureSidAndAttributesArray(): Failed to allocate memory for SID and attributes array (requested size -> %lu)!\n", RequiredLength);
            Status = STATUS_INSUFFICIENT_RESOURCES;
            goto Cleanup;
        }
    }
    /* Otherwise check if the buffer is large enough */
    else if (AllocatedLength >= RequiredLength)
    {
        /* Buffer is large enough, use it */
        SidAndAttributes = AllocatedMem;
    }
    else
    {
        /* Buffer is too small, fail */
        DPRINT1("SeCaptureSidAndAttributesArray(): The provided buffer is small (expected size -> %lu || current size -> %lu)!\n", RequiredLength, AllocatedLength);
        Status = STATUS_BUFFER_TOO_SMALL;
        goto Cleanup;
    }
 
    *CapturedSidAndAttributes = SidAndAttributes;
 
    /* Check again for user mode */
    if (PreviousMode != KernelMode)
    {
        _SEH2_TRY
        {
            /* The rest of the data starts after the array */
            CurrentDest = (PUCHAR)SidAndAttributes;
            CurrentDest += ALIGN_UP_BY(ArraySize, sizeof(ULONG));
 
            /* Loop the array elements */
            for (i = 0; i < AttributeCount; i++)
            {
                /*
                 * Get the SID length from the subauthority
                 * count we've captured before.
                 */
                SidLength = RtlLengthRequiredSid(ValidateArray[i].SubAuthorityCount);
 
                /* Copy attributes */
                SidAndAttributes[i].Attributes = SrcSidAndAttributes[i].Attributes;
 
                /* Copy the SID to the current destination address */
                SidAndAttributes[i].Sid = (PSID)CurrentDest;
                RtlCopyMemory(CurrentDest, ValidateArray[i].ProbeSid, SidLength);
 
                /* Obtain the SID we've captured before for validation */
                Sid = SidAndAttributes[i].Sid;
 
                /* Validate that the subauthority count hasn't changed */
                if (ValidateArray[i].SubAuthorityCount !=
                    Sid->SubAuthorityCount)
                {
                    /* It's changed, bail out */
                    DPRINT1("SeCaptureSidAndAttributesArray(): The subauthority counts have changed (captured count -> %u || current count -> %u)\n",
                            ValidateArray[i].SubAuthorityCount, Sid->SubAuthorityCount);
                    Status = STATUS_INVALID_SID;
                    goto Cleanup;
                }
 
                /* Validate that the SID length is the same */
                if (SidLength != RtlLengthSid(Sid))
                {
                    /* They're no longer the same, bail out */
                    DPRINT1("SeCaptureSidAndAttributesArray(): The SID lengths have changed (captured length -> %lu || current length -> %lu)\n",
                            SidLength, RtlLengthSid(Sid));
                    Status = STATUS_INVALID_SID;
                    goto Cleanup;
                }
 
                /* Check that the SID is valid */
                if (!RtlValidSid(Sid))
                {
                    DPRINT1("SeCaptureSidAndAttributesArray(): The SID is not valid!\n");
                    Status = STATUS_INVALID_SID;
                    goto Cleanup;
                }
 
                /* Update the current destination address */
                CurrentDest += ALIGN_UP_BY(SidLength, sizeof(ULONG));
            }
        }
        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
        {
            Status = _SEH2_GetExceptionCode();
        }
        _SEH2_END;
    }
    else
    {
        /* The rest of the data starts after the array */
        CurrentDest = (PUCHAR)SidAndAttributes;
        CurrentDest += ALIGN_UP_BY(ArraySize, sizeof(ULONG));
 
        /* Loop the array elements */
        for (i = 0; i < AttributeCount; i++)
        {
            /* Get the SID and it's length */
            Sid = SrcSidAndAttributes[i].Sid;
            SidLength = RtlLengthRequiredSid(Sid->SubAuthorityCount);
 
            /* Copy attributes */
            SidAndAttributes[i].Attributes = SrcSidAndAttributes[i].Attributes;
 
            /* Copy the SID to the current destination address */
            SidAndAttributes[i].Sid = (PSID)CurrentDest;
            RtlCopyMemory(CurrentDest, SrcSidAndAttributes[i].Sid, SidLength);
 
            /* Update the current destination address */
            CurrentDest += ALIGN_UP_BY(SidLength, sizeof(ULONG));
        }
    }
 
Cleanup:
    /* Check for failure */
    if (!NT_SUCCESS(Status))
    {
        /* Check if we allocated a new array */
        if ((SidAndAttributes != AllocatedMem) && (SidAndAttributes != NULL))
        {
            /* Free the array */
            ExFreePoolWithTag(SidAndAttributes, TAG_SID_AND_ATTRIBUTES);
        }
 
        /* Set returned address to NULL */
        *CapturedSidAndAttributes = NULL;
    }
 
    /* Free the temporary validation array */
    if ((PreviousMode != KernelMode) && (ValidateArray != NULL))
    {
        ExFreePoolWithTag(ValidateArray, TAG_SID_VALIDATE);
    }
 
    return Status;
}

Referenced by NtAdjustGroupsToken(), NtCreateToken(), and NtFilterToken().

◆ SeCaptureSubjectContextEx()

VOID NTAPI SeCaptureSubjectContextEx	(	_In_ PETHREAD	Thread,
		_In_ PEPROCESS	Process,
		_Out_ PSECURITY_SUBJECT_CONTEXT	SubjectContext
	)

An extended function that captures the security subject context based upon the specified thread and process.

Parameters

[in]	Thread	A thread where the calling thread's token is to be referenced for the security context.
[in]	Process	A process where the main process' token is to be referenced for the security context.
[out]	SubjectContext	The returned security subject context.

Returns: Nothing.

Definition at line 41 of file subject.c.

{
    BOOLEAN CopyOnOpen, EffectiveOnly;
 
    PAGED_CODE();
 
    /* Save the unique ID */
    SubjectContext->ProcessAuditId = Process->UniqueProcessId;
 
    /* Check if we have a thread */
    if (!Thread)
    {
        /* We don't, so no token */
        SubjectContext->ClientToken = NULL;
    }
    else
    {
        /* Get the impersonation token */
        SubjectContext->ClientToken = PsReferenceImpersonationToken(Thread,
                                                                    &CopyOnOpen,
                                                                    &EffectiveOnly,
                                                                    &SubjectContext->ImpersonationLevel);
    }
 
    /* Get the primary token */
    SubjectContext->PrimaryToken = PsReferencePrimaryToken(Process);
}

Referenced by SeCaptureSubjectContext(), and SeCreateAccessStateEx().

◆ SeCheckAuditPrivilege()

BOOLEAN NTAPI SeCheckAuditPrivilege	(	_In_ PSECURITY_SUBJECT_CONTEXT	SubjectContext,
		_In_ KPROCESSOR_MODE	PreviousMode
	)

Checks a single privilege and performs an audit against a privileged service based on a security subject context.

Parameters

[in]	DesiredAccess	Security subject context used for privileged service auditing.
[in]	PreviousMode	Processor level access mode.

Returns: Returns TRUE if service auditing and privilege checking tests have succeeded, FALSE otherwise.

Definition at line 360 of file priv.c.

{
    PRIVILEGE_SET PrivilegeSet;
    BOOLEAN Result;
    PAGED_CODE();
 
    /* Initialize the privilege set with the single privilege */
    PrivilegeSet.PrivilegeCount = 1;
    PrivilegeSet.Control = PRIVILEGE_SET_ALL_NECESSARY;
    PrivilegeSet.Privilege[0].Luid = SeAuditPrivilege;
    PrivilegeSet.Privilege[0].Attributes = 0;
 
    /* Check against the primary token! */
    Result = SepPrivilegeCheck(SubjectContext->PrimaryToken,
                               &PrivilegeSet.Privilege[0],
                               1,
                               PRIVILEGE_SET_ALL_NECESSARY,
                               PreviousMode);
 
    if (PreviousMode != KernelMode)
    {
        SePrivilegedServiceAuditAlarm(NULL,
                                      SubjectContext,
                                      &PrivilegeSet,
                                      Result);
    }
 
    return Result;
}

Referenced by NtCloseObjectAuditAlarm(), NtOpenObjectAuditAlarm(), NtPrivilegedServiceAuditAlarm(), and SepAccessCheckAndAuditAlarm().

◆ SeCheckPrivilegedObject()

BOOLEAN NTAPI SeCheckPrivilegedObject	(	_In_ LUID	PrivilegeValue,
		_In_ HANDLE	ObjectHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ KPROCESSOR_MODE	PreviousMode
	)

Checks a privileged object if such object has the specific privilege submitted by the caller.

Parameters

[in]	PrivilegeValue	A privilege to be checked against the one from the object.
[in]	ObjectHandle	A handle to any kind of object.
[in]	DesiredAccess	Desired access right mask requested by the caller.
[in]	PreviousMode	Processor level access mode.

Returns: Returns TRUE if the privilege is present, FALSE otherwise.

Definition at line 803 of file priv.c.

{
    SECURITY_SUBJECT_CONTEXT SubjectContext;
    PRIVILEGE_SET Priv;
    BOOLEAN Result;
 
    PAGED_CODE();
 
    SeCaptureSubjectContext(&SubjectContext);
 
    Priv.PrivilegeCount = 1;
    Priv.Control = PRIVILEGE_SET_ALL_NECESSARY;
    Priv.Privilege[0].Luid = PrivilegeValue;
    Priv.Privilege[0].Attributes = SE_PRIVILEGE_ENABLED;
 
    Result = SePrivilegeCheck(&Priv, &SubjectContext, PreviousMode);
    if (PreviousMode != KernelMode)
    {
#if 0
        SePrivilegeObjectAuditAlarm(ObjectHandle,
                                    &SubjectContext,
                                    DesiredAccess,
                                    &PrivilegeValue,
                                    Result,
                                    PreviousMode);
#endif
    }
 
    SeReleaseSubjectContext(&SubjectContext);
 
    return Result;
}

Referenced by NtSetInformationProcess(), and NtSetInformationThread().

◆ SeComputeQuotaInformationSize()

NTSTATUS NTAPI SeComputeQuotaInformationSize	(	_In_ PSECURITY_DESCRIPTOR	SecurityDescriptor,
		_Out_ PULONG	QuotaInfoSize
	)

Referenced by ObpCaptureObjectCreateInformation().

◆ SeCopyClientToken()

NTSTATUS NTAPI SeCopyClientToken	(	_In_ PACCESS_TOKEN	Token,
		_In_ SECURITY_IMPERSONATION_LEVEL	Level,
		_In_ KPROCESSOR_MODE	PreviousMode,
		_Out_ PACCESS_TOKEN *	NewToken
	)

Copies an existing access token (technically duplicating a new one).

Parameters

[in]	Token	Token to copy.
[in]	Level	Impersonation security level to assign to the newly copied token.
[in]	PreviousMode	Processor request level mode.
[out]	NewToken	The newly copied token.

Returns: Returns STATUS_SUCCESS when token copying has finished successfully. A failure NTSTATUS code is returned otherwise.

Definition at line 1542 of file token.c.

{
    NTSTATUS Status;
    OBJECT_ATTRIBUTES ObjectAttributes;
 
    PAGED_CODE();
 
    InitializeObjectAttributes(&ObjectAttributes,
                               NULL,
                               0,
                               NULL,
                               NULL);
 
    Status = SepDuplicateToken(Token,
                               &ObjectAttributes,
                               FALSE,
                               TokenImpersonation,
                               Level,
                               PreviousMode,
                               (PTOKEN*)NewToken);
 
    return Status;
}

Referenced by PsImpersonateClient(), and SepCreateClientSecurity().

◆ SeCreateAccessStateEx()

NTSTATUS NTAPI SeCreateAccessStateEx	(	_In_ PETHREAD	Thread,
		_In_ PEPROCESS	Process,
		_In_ OUT PACCESS_STATE	AccessState,
		_In_ PAUX_ACCESS_DATA	AuxData,
		_In_ ACCESS_MASK	Access,
		_In_ PGENERIC_MAPPING	GenericMapping
	)

Referenced by PspCreateProcess(), and PspCreateThread().

◆ SeDeassignPrimaryToken()

VOID NTAPI SeDeassignPrimaryToken ( _Inout_ PEPROCESS Process )

Removes the primary token of a process.

Parameters

[in,out] Process The process instance with the access token to be removed.

Returns: Nothing.

Definition at line 936 of file token.c.

{
    PTOKEN OldToken;
 
    /* Remove the Token */
    OldToken = ObFastReplaceObject(&Process->Token, NULL);
 
    /* Mark the Old Token as free */
    OldToken->TokenInUse = FALSE;
 
    /* Dereference the Token */
    ObDereferenceObject(OldToken);
}

Referenced by PspDeleteProcessSecurity(), and SeAssignPrimaryToken().

◆ SeDefaultObjectMethod()

NTSTATUS NTAPI SeDefaultObjectMethod	(	_In_ PVOID	Object,
		_In_ SECURITY_OPERATION_CODE	OperationType,
		_In_ PSECURITY_INFORMATION	SecurityInformation,
		_Inout_opt_ PSECURITY_DESCRIPTOR	SecurityDescriptor,
		_Inout_opt_ PULONG	ReturnLength,
		_Inout_opt_ PSECURITY_DESCRIPTOR *	OldSecurityDescriptor,
		_In_ POOL_TYPE	PoolType,
		_In_ PGENERIC_MAPPING	GenericMapping
	)

◆ SeDetailedAuditingWithToken()

BOOLEAN NTAPI SeDetailedAuditingWithToken ( _In_ PTOKEN Token )

Peforms a detailed security auditing with an access token.

@unimplemented

Parameters

[in] Token A valid token object.

Returns: To be added...

Definition at line 34 of file audit.c.

{
    /* FIXME */
    return FALSE;
}

Referenced by ObInitProcess(), PspCreateProcess(), and PspExitThread().

◆ SeExchangePrimaryToken()

NTSTATUS NTAPI SeExchangePrimaryToken	(	_In_ PEPROCESS	Process,
		_In_ PACCESS_TOKEN	NewAccessToken,
		_Out_ PACCESS_TOKEN *	OldAccessToken
	)

Replaces the old access token of a process (pointed by the EPROCESS kernel structure) with a new access token. The new access token must be a primary token for use.

Parameters

[in]	Process	The process instance where its access token is about to be replaced.
[in]	NewAccessToken	The new token that it's going to replace the old one.
[out]	OldAccessToken	The returned old token that's been replaced, which the caller can do anything.

Returns: Returns STATUS_SUCCESS if the exchange operation between tokens has completed successfully. STATUS_BAD_TOKEN_TYPE is returned if the new token is not a primary one so that we cannot exchange it with the old one from the process. STATUS_TOKEN_ALREADY_IN_USE is returned if both tokens aren't equal which means one of them has different properties (groups, privileges, etc.) and as such one of them is currently in use. A failure NTSTATUS code is returned otherwise.

Definition at line 846 of file token.c.

{
    PTOKEN OldToken;
    PTOKEN NewToken = (PTOKEN)NewAccessToken;
 
    PAGED_CODE();
 
    if (NewToken->TokenType != TokenPrimary)
        return STATUS_BAD_TOKEN_TYPE;
 
    if (NewToken->TokenInUse)
    {
        BOOLEAN IsEqual;
        NTSTATUS Status;
 
        /* Maybe we're trying to set the same token */
        OldToken = PsReferencePrimaryToken(Process);
        if (OldToken == NewToken)
        {
            /* So it's a nop. */
            *OldAccessToken = OldToken;
            return STATUS_SUCCESS;
        }
 
        Status = SepCompareTokens(OldToken, NewToken, &IsEqual);
        if (!NT_SUCCESS(Status))
        {
            PsDereferencePrimaryToken(OldToken);
            *OldAccessToken = NULL;
            return Status;
        }
 
        if (!IsEqual)
        {
            PsDereferencePrimaryToken(OldToken);
            *OldAccessToken = NULL;
            return STATUS_TOKEN_ALREADY_IN_USE;
        }
        /* Silently return STATUS_SUCCESS but do not set the new token,
         * as it's already in use elsewhere. */
        *OldAccessToken = OldToken;
        return STATUS_SUCCESS;
    }
 
    /* Lock the new token */
    SepAcquireTokenLockExclusive(NewToken);
 
    /* Mark new token in use */
    NewToken->TokenInUse = TRUE;
 
    /* Set the session ID for the new token */
    NewToken->SessionId = MmGetSessionId(Process);
 
    /* Unlock the new token */
    SepReleaseTokenLock(NewToken);
 
    /* Reference the new token */
    ObReferenceObject(NewToken);
 
    /* Replace the old with the new */
    OldToken = ObFastReplaceObject(&Process->Token, NewToken);
 
    /* Lock the old token */
    SepAcquireTokenLockExclusive(OldToken);
 
    /* Mark the old token as free */
    OldToken->TokenInUse = FALSE;
 
    /* Unlock the old token */
    SepReleaseTokenLock(OldToken);
 
    *OldAccessToken = (PACCESS_TOKEN)OldToken;
    return STATUS_SUCCESS;
}

Referenced by PspAssignPrimaryToken().

◆ SeFastTraverseCheck()

BOOLEAN NTAPI SeFastTraverseCheck	(	_In_ PSECURITY_DESCRIPTOR	SecurityDescriptor,
		_In_ PACCESS_STATE	AccessState,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ KPROCESSOR_MODE	AccessMode
	)

Determines whether security access rights can be given to an object depending on the security descriptor. Unlike the regular access check procedure in the NT kernel, the fast traverse check is a faster way to quickly check if access can be made into an object.

Parameters

[in]	SecurityDescriptor	Security descriptor of the object that is being accessed.
[in]	AccessState	An access state to determine if the access token in the current security context of the object is an restricted token.
[in]	DesiredAccess	The access right bitmask where the calling thread wants to acquire.
[in]	AccessMode	Process level request mode.

Returns: Returns TRUE if access onto the specific object is allowed, FALSE otherwise.

Definition at line 2138 of file accesschk.c.

{
    PACL Dacl;
    ULONG AceIndex;
    PKNOWN_ACE Ace;
 
    PAGED_CODE();
 
    ASSERT(AccessMode != KernelMode);
 
    if (SecurityDescriptor == NULL)
        return FALSE;
 
    /* Get DACL */
    Dacl = SepGetDaclFromDescriptor(SecurityDescriptor);
    /* If no DACL, grant access */
    if (Dacl == NULL)
        return TRUE;
 
    /* No ACE -> Deny */
    if (!Dacl->AceCount)
        return FALSE;
 
    /* Can't perform the check on restricted token */
    if (AccessState->Flags & TOKEN_IS_RESTRICTED)
        return FALSE;
 
    /* Browse the ACEs */
    for (AceIndex = 0, Ace = (PKNOWN_ACE)((ULONG_PTR)Dacl + sizeof(ACL));
         AceIndex < Dacl->AceCount;
         AceIndex++, Ace = (PKNOWN_ACE)((ULONG_PTR)Ace + Ace->Header.AceSize))
    {
        if (Ace->Header.AceFlags & INHERIT_ONLY_ACE)
            continue;
 
        /* If access-allowed ACE */
        if (Ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE)
        {
            /* Check if all accesses are granted */
            if (!(Ace->Mask & DesiredAccess))
                continue;
 
            /* Check SID and grant access if matching */
            if (RtlEqualSid(SeWorldSid, &(Ace->SidStart)))
                return TRUE;
        }
        /* If access-denied ACE */
        else if (Ace->Header.AceType == ACCESS_DENIED_ACE_TYPE)
        {
            /* Here, only check if it denies any access wanted and deny if so */
            if (Ace->Mask & DesiredAccess)
                return FALSE;
        }
    }
 
    /* Faulty, deny */
    return FALSE;
}

Referenced by IopParseDevice(), and ObpCheckTraverseAccess().

◆ SeGetLogonIdDeviceMap()

NTSTATUS NTAPI SeGetLogonIdDeviceMap	(	_In_ PLUID	LogonId,
		_Out_ PDEVICE_MAP *	DeviceMap
	)

Retrieves the DOS device map from a logon session.

Parameters

[in]	LogonId	A valid logon session ID.
[out]	DeviceMap	The returned device map buffer from the logon session.

Returns: Returns STATUS_SUCCESS if the device map could be gathered from the logon session. STATUS_INVALID_PARAMETER is returned if one of the parameters aren't initialized (that is, the caller has submitted a NULL pointer variable). STATUS_NO_SUCH_LOGON_SESSION is returned if no such session could be found. A failure NTSTATUS code is returned otherwise.

Definition at line 1347 of file srm.c.

{
    NTSTATUS Status;
    WCHAR Buffer[63];
    PDEVICE_MAP LocalMap;
    HANDLE DirectoryHandle, LinkHandle;
    OBJECT_ATTRIBUTES ObjectAttributes;
    PSEP_LOGON_SESSION_REFERENCES CurrentSession;
    UNICODE_STRING DirectoryName, LinkName, TargetName;
 
    PAGED_CODE();
 
    if  (LogonId == NULL ||
         DeviceMap == NULL)
    {
        return STATUS_INVALID_PARAMETER;
    }
 
    /* Acquire the database lock */
    KeAcquireGuardedMutex(&SepRmDbLock);
 
    /* Loop all existing sessions */
    for (CurrentSession = SepLogonSessions;
         CurrentSession != NULL;
         CurrentSession = CurrentSession->Next)
    {
        /* Check if the LUID matches the provided one */
        if (RtlEqualLuid(&CurrentSession->LogonId, LogonId))
        {
            break;
        }
    }
 
    /* No session found, fail */
    if (CurrentSession == NULL)
    {
        /* Release the database lock */
        KeReleaseGuardedMutex(&SepRmDbLock);
 
        return STATUS_NO_SUCH_LOGON_SESSION;
    }
 
    /* The found session has a device map, return it! */
    if (CurrentSession->pDeviceMap != NULL)
    {
        *DeviceMap = CurrentSession->pDeviceMap;
 
        /* Release the database lock */
        KeReleaseGuardedMutex(&SepRmDbLock);
 
        return STATUS_SUCCESS;
    }
 
    /* At that point, we'll setup a new device map for the session */
    LocalMap = NULL;
 
    /* Reference the session so that it doesn't go away */
    CurrentSession->ReferenceCount += 1;
 
    /* Release the database lock */
    KeReleaseGuardedMutex(&SepRmDbLock);
 
    /* Create our object directory given the LUID */
    _snwprintf(Buffer,
               sizeof(Buffer) / sizeof(WCHAR),
               L"\\Sessions\\0\\DosDevices\\%08x-%08x",
               LogonId->HighPart,
               LogonId->LowPart);
    RtlInitUnicodeString(&DirectoryName, Buffer);
 
    InitializeObjectAttributes(&ObjectAttributes,
                               &DirectoryName,
                               OBJ_KERNEL_HANDLE | OBJ_OPENIF | OBJ_CASE_INSENSITIVE,
                               NULL,
                               NULL);
    Status = ZwCreateDirectoryObject(&DirectoryHandle,
                                     DIRECTORY_ALL_ACCESS,
                                     &ObjectAttributes);
    if (NT_SUCCESS(Status))
    {
        /* Create the associated device map */
        Status = ObSetDirectoryDeviceMap(&LocalMap, DirectoryHandle);
        if (NT_SUCCESS(Status))
        {
            /* Make Global point to \Global?? in the directory */
            RtlInitUnicodeString(&LinkName, L"Global");
            RtlInitUnicodeString(&TargetName, L"\\Global??");
 
            InitializeObjectAttributes(&ObjectAttributes,
                                       &LinkName,
                                       OBJ_KERNEL_HANDLE | OBJ_OPENIF | OBJ_CASE_INSENSITIVE | OBJ_PERMANENT,
                                       DirectoryHandle,
                                       NULL);
            Status = ZwCreateSymbolicLinkObject(&LinkHandle,
                                                SYMBOLIC_LINK_ALL_ACCESS,
                                                &ObjectAttributes,
                                                &TargetName);
            if (!NT_SUCCESS(Status))
            {
                ObfDereferenceDeviceMap(LocalMap);
            }
            else
            {
                ZwClose(LinkHandle);
            }
        }
 
        ZwClose(DirectoryHandle);
    }
 
    /* Acquire the database lock */
    KeAcquireGuardedMutex(&SepRmDbLock);
 
    /* If we succeed... */
    if (NT_SUCCESS(Status))
    {
        /* The session now has a device map? We raced with someone else */
        if (CurrentSession->pDeviceMap != NULL)
        {
            /* Give up on our new device map */
            ObfDereferenceDeviceMap(LocalMap);
        }
        /* Otherwise use our newly allocated device map */
        else
        {
            CurrentSession->pDeviceMap = LocalMap;
        }
 
        /* Return the device map */
        *DeviceMap = CurrentSession->pDeviceMap;
    }
    /* Zero output */
    else
    {
        *DeviceMap = NULL;
    }
 
    /* Release the database lock */
    KeReleaseGuardedMutex(&SepRmDbLock);
 
    /* We're done with the session */
    SepRmDereferenceLogonSession(&CurrentSession->LogonId);
 
    return Status;
}

Referenced by ObpReferenceDeviceMap(), and ObpSetCurrentProcessDeviceMap().

◆ SeGetTokenControlInformation()

VOID NTAPI SeGetTokenControlInformation	(	_In_ PACCESS_TOKEN	_Token,
		_Out_ PTOKEN_CONTROL	TokenControl
	)

Retrieves token control information.

Parameters

[in]	_Token	A valid token object.
[out]	SecurityDescriptor	The returned token control information.

Returns: Nothing.

Definition at line 1720 of file token.c.

{
    PTOKEN Token = _Token;
    PAGED_CODE();
 
    /* Capture the main fields */
    TokenControl->AuthenticationId = Token->AuthenticationId;
    TokenControl->TokenId = Token->TokenId;
    TokenControl->TokenSource = Token->TokenSource;
 
    /* Lock the token */
    SepAcquireTokenLockShared(Token);
 
    /* Capture the modified ID */
    TokenControl->ModifiedId = Token->ModifiedId;
 
    /* Unlock it */
    SepReleaseTokenLock(Token);
}

Referenced by SepCreateClientSecurity().

◆ SeInitializeProcessAuditName()

NTSTATUS NTAPI SeInitializeProcessAuditName	(	_In_ PFILE_OBJECT	FileObject,
		_In_ BOOLEAN	DoAudit,
		_Out_ POBJECT_NAME_INFORMATION *	AuditInfo
	)

Initializes a process audit name and returns it to the caller.

Parameters

[in]	FileObject	File object that points to a name to be queried.
[in]	DoAudit	If set to TRUE, the function will perform various security auditing onto the audit name.
[out]	AuditInfo	The returned audit info data.

Returns: Returns STATUS_SUCCESS if process audit name initialization has completed successfully. STATUS_NO_MEMORY is returned if pool allocation for object name info has failed. A failure NTSTATUS code is returned otherwise.

Definition at line 105 of file audit.c.

{
    OBJECT_NAME_INFORMATION LocalNameInfo;
    POBJECT_NAME_INFORMATION ObjectNameInfo = NULL;
    ULONG ReturnLength = 8;
    NTSTATUS Status;
 
    PAGED_CODE();
    ASSERT(AuditInfo);
 
    /* Check if we should do auditing */
    if (DoAudit)
    {
        /* FIXME: TODO */
    }
 
    /* Now query the name */
    Status = ObQueryNameString(FileObject,
                               &LocalNameInfo,
                               sizeof(LocalNameInfo),
                               &ReturnLength);
    if (((Status == STATUS_BUFFER_OVERFLOW) ||
         (Status == STATUS_BUFFER_TOO_SMALL) ||
         (Status == STATUS_INFO_LENGTH_MISMATCH)) &&
        (ReturnLength != sizeof(LocalNameInfo)))
    {
        /* Allocate required size */
        ObjectNameInfo = ExAllocatePoolWithTag(NonPagedPool,
                                               ReturnLength,
                                               TAG_SEPA);
        if (ObjectNameInfo)
        {
            /* Query the name again */
            Status = ObQueryNameString(FileObject,
                                       ObjectNameInfo,
                                       ReturnLength,
                                       &ReturnLength);
        }
    }
 
    /* Check if we got here due to failure */
    if ((ObjectNameInfo) &&
        (!(NT_SUCCESS(Status)) || (ReturnLength == sizeof(LocalNameInfo))))
    {
        /* First, free any buffer we might've allocated */
        ASSERT(FALSE);
        if (ObjectNameInfo) ExFreePool(ObjectNameInfo);
 
        /* Now allocate a temporary one */
        ReturnLength = sizeof(OBJECT_NAME_INFORMATION);
        ObjectNameInfo = ExAllocatePoolWithTag(NonPagedPool,
                                               sizeof(OBJECT_NAME_INFORMATION),
                                               TAG_SEPA);
        if (ObjectNameInfo)
        {
            /* Clear it */
            RtlZeroMemory(ObjectNameInfo, ReturnLength);
            Status = STATUS_SUCCESS;
        }
    }
 
    /* Check if memory allocation failed */
    if (!ObjectNameInfo) Status = STATUS_NO_MEMORY;
 
    /* Return the audit name */
    *AuditInfo = ObjectNameInfo;
 
    /* Return status */
    return Status;
}

Referenced by MmInitializeProcessAddressSpace(), and SeLocateProcessImageName().

◆ SeInitSystem()

BOOLEAN NTAPI SeInitSystem ( VOID )

Main security manager initialization function.

Returns: Returns a boolean value according to the phase initialization routine that handles it. If TRUE, the routine deems the initialization phase as complete, FALSE otherwise.

Definition at line 285 of file semgr.c.

{
    /* Check the initialization phase */
    switch (ExpInitializationPhase)
    {
        case 0:
 
            /* Do Phase 0 */
            return SepInitializationPhase0();
 
        case 1:
 
            /* Do Phase 1 */
            return SepInitializationPhase1();
 
        default:
 
            /* Don't know any other phase! Bugcheck! */
            KeBugCheckEx(UNEXPECTED_INITIALIZATION_CALL,
                         0,
                         ExpInitializationPhase,
                         0,
                         0);
            return FALSE;
    }
}

Referenced by ExpInitializeExecutive(), and Phase1InitializationDiscard().

◆ SeIsTokenChild()

NTSTATUS NTAPI SeIsTokenChild	(	_In_ PTOKEN	Token,
		_Out_ PBOOLEAN	IsChild
	)

Checks if the token is a child of the other token of the current process that the calling thread is invoking this function.

Parameters

[in]	Token	An access token to determine if it's a child or not.
[out]	IsChild	The returned boolean result.

Returns: Returns STATUS_SUCCESS when the function finishes its operation. STATUS_UNSUCCESSFUL is returned if primary token of the current calling process couldn't be referenced otherwise.

Definition at line 1433 of file token.c.

{
    PTOKEN ProcessToken;
    LUID ProcessTokenId, CallerParentId;
 
    /* Assume failure */
    *IsChild = FALSE;
 
    /* Reference the process token */
    ProcessToken = PsReferencePrimaryToken(PsGetCurrentProcess());
    if (!ProcessToken)
        return STATUS_UNSUCCESSFUL;
 
    /* Get its token ID */
    ProcessTokenId = ProcessToken->TokenId;
 
    /* Dereference the token */
    ObFastDereferenceObject(&PsGetCurrentProcess()->Token, ProcessToken);
 
    /* Get our parent token ID */
    CallerParentId = Token->ParentTokenId;
 
    /* Compare the token IDs */
    if (RtlEqualLuid(&CallerParentId, &ProcessTokenId))
        *IsChild = TRUE;
 
    /* Return success */
    return STATUS_SUCCESS;
}

Referenced by PspSetPrimaryToken().

◆ SeIsTokenSibling()

NTSTATUS NTAPI SeIsTokenSibling	(	_In_ PTOKEN	Token,
		_Out_ PBOOLEAN	IsSibling
	)

Checks if the token is a sibling of the other token of the current process that the calling thread is invoking this function.

Parameters

[in]	Token	An access token to determine if it's a sibling or not.
[out]	IsSibling	The returned boolean result.

Returns: Returns STATUS_SUCCESS when the function finishes its operation. STATUS_UNSUCCESSFUL is returned if primary token of the current calling process couldn't be referenced otherwise.

Definition at line 1482 of file token.c.

{
    PTOKEN ProcessToken;
    LUID ProcessParentId, ProcessAuthId;
    LUID CallerParentId, CallerAuthId;
 
    /* Assume failure */
    *IsSibling = FALSE;
 
    /* Reference the process token */
    ProcessToken = PsReferencePrimaryToken(PsGetCurrentProcess());
    if (!ProcessToken)
        return STATUS_UNSUCCESSFUL;
 
    /* Get its parent and authentication IDs */
    ProcessParentId = ProcessToken->ParentTokenId;
    ProcessAuthId = ProcessToken->AuthenticationId;
 
    /* Dereference the token */
    ObFastDereferenceObject(&PsGetCurrentProcess()->Token, ProcessToken);
 
    /* Get our parent and authentication IDs */
    CallerParentId = Token->ParentTokenId;
    CallerAuthId = Token->AuthenticationId;
 
    /* Compare the token IDs */
    if (RtlEqualLuid(&CallerParentId, &ProcessParentId) &&
        RtlEqualLuid(&CallerAuthId, &ProcessAuthId))
    {
        *IsSibling = TRUE;
    }
 
    /* Return success */
    return STATUS_SUCCESS;
}

Referenced by PspSetPrimaryToken().

◆ SepCaptureAcl()

NTSTATUS NTAPI SepCaptureAcl	(	_In_ PACL	InputAcl,
		_In_ KPROCESSOR_MODE	AccessMode,
		_In_ POOL_TYPE	PoolType,
		_In_ BOOLEAN	CaptureIfKernel,
		_Out_ PACL *	CapturedAcl
	)

Captures an access control list from an already valid input ACL.

Parameters

[in]	InputAcl	A valid ACL.
[in]	AccessMode	Processor level access mode. The processor mode determines how the input arguments are probed.
[in]	PoolType	Pool type for new captured ACL for creation. The pool type determines in which memory pool the ACL data should reside.
[in]	CaptureIfKernel	If set to TRUE and the processor access mode being KernelMode, we are capturing an ACL directly in the kernel. Otherwise we are capturing within a kernel mode driver.
[out]	CapturedAcl	The returned and allocated captured ACL.

Returns: Returns STATUS_SUCCESS if the ACL has been successfully captured. STATUS_INSUFFICIENT_RESOURCES is returned otherwise.

Definition at line 352 of file acl.c.

{
    PACL NewAcl;
    ULONG AclSize;
 
    PAGED_CODE();
 
    /* If in kernel mode and we do not capture, just
     * return the given ACL and don't validate it. */
    if ((AccessMode == KernelMode) && !CaptureIfKernel)
    {
        *CapturedAcl = InputAcl;
        return STATUS_SUCCESS;
    }
 
    /* Otherwise, capture and validate the ACL, depending on the access mode */
    if (AccessMode != KernelMode)
    {
        _SEH2_TRY
        {
            ProbeForRead(InputAcl,
                         sizeof(ACL),
                         sizeof(ULONG));
            AclSize = InputAcl->AclSize;
            ProbeForRead(InputAcl,
                         AclSize,
                         sizeof(ULONG));
        }
        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
        {
            /* Return the exception code */
            _SEH2_YIELD(return _SEH2_GetExceptionCode());
        }
        _SEH2_END;
 
        /* Validate the minimal size an ACL can have */
        if (AclSize < sizeof(ACL))
            return STATUS_INVALID_ACL;
 
        NewAcl = ExAllocatePoolWithTag(PoolType,
                                       AclSize,
                                       TAG_ACL);
        if (!NewAcl)
            return STATUS_INSUFFICIENT_RESOURCES;
 
        _SEH2_TRY
        {
            RtlCopyMemory(NewAcl, InputAcl, AclSize);
        }
        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
        {
            /* Free the ACL and return the exception code */
            ExFreePoolWithTag(NewAcl, TAG_ACL);
            _SEH2_YIELD(return _SEH2_GetExceptionCode());
        }
        _SEH2_END;
    }
    else
    {
        AclSize = InputAcl->AclSize;
 
        /* Validate the minimal size an ACL can have */
        if (AclSize < sizeof(ACL))
            return STATUS_INVALID_ACL;
 
        NewAcl = ExAllocatePoolWithTag(PoolType,
                                       AclSize,
                                       TAG_ACL);
        if (!NewAcl)
            return STATUS_INSUFFICIENT_RESOURCES;
 
        RtlCopyMemory(NewAcl, InputAcl, AclSize);
    }
 
    /* Validate the captured ACL */
    if (!RtlValidAcl(NewAcl))
    {
        /* Free the ACL and fail */
        ExFreePoolWithTag(NewAcl, TAG_ACL);
        return STATUS_INVALID_ACL;
    }
 
    /* It's valid, return it */
    *CapturedAcl = NewAcl;
    return STATUS_SUCCESS;
}

Referenced by NtCreateToken(), and NtSetInformationToken().

◆ SepCaptureSecurityQualityOfService()

NTSTATUS NTAPI SepCaptureSecurityQualityOfService	(	_In_opt_ POBJECT_ATTRIBUTES	ObjectAttributes,
		_In_ KPROCESSOR_MODE	AccessMode,
		_In_ POOL_TYPE	PoolType,
		_In_ BOOLEAN	CaptureIfKernel,
		_Out_ PSECURITY_QUALITY_OF_SERVICE *	CapturedSecurityQualityOfService,
		_Out_ PBOOLEAN	Present
	)

Captures the security quality of service data given the object attributes from an object.

Parameters

[in]	ObjectAttributes	Attributes of an object where SQOS is to be retrieved. If the caller doesn't fill object attributes to the function, it automatically assumes SQOS is not present, or if, there's no SQOS present in the object attributes list of the object itself.
[in]	AccessMode	Processor access mode.
[in]	PoolType	The pool type for the captured SQOS to be used for allocation.
[in]	CaptureIfKernel	Capture access condition. To be set to TRUE if the capture is done within the kernel, FALSE if the capture is done in a kernel mode driver or user mode otherwise.
[out]	CapturedSecurityQualityOfService	The captured SQOS data from the object.
[out]	Present	Returns TRUE if SQOS is present in an object, FALSE otherwise. FALSE is also immediately returned if no object attributes is given to the call.

Returns: STATUS_SUCCESS if SQOS from the object has been fully and successfully captured. STATUS_INVALID_PARAMETER if the caller submits an invalid object attributes list. STATUS_INSUFFICIENT_RESOURCES if the function has failed to allocate some resources in the pool for the captured SQOS. A failure NTSTATUS code is returned otherwise.

Definition at line 52 of file sqos.c.

{
    PSECURITY_QUALITY_OF_SERVICE CapturedQos;
    NTSTATUS Status = STATUS_SUCCESS;
 
    PAGED_CODE();
 
    ASSERT(CapturedSecurityQualityOfService);
    ASSERT(Present);
 
    if (ObjectAttributes != NULL)
    {
        if (AccessMode != KernelMode)
        {
            SECURITY_QUALITY_OF_SERVICE SafeQos;
 
            _SEH2_TRY
            {
                ProbeForRead(ObjectAttributes,
                             sizeof(OBJECT_ATTRIBUTES),
                             sizeof(ULONG));
                if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
                {
                    if (ObjectAttributes->SecurityQualityOfService != NULL)
                    {
                        ProbeForRead(ObjectAttributes->SecurityQualityOfService,
                                     sizeof(SECURITY_QUALITY_OF_SERVICE),
                                     sizeof(ULONG));
 
                        if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
                            sizeof(SECURITY_QUALITY_OF_SERVICE))
                        {
                            /*
                             * Don't allocate memory here because ExAllocate should bugcheck
                             * the system if it's buggy, SEH would catch that! So make a local
                             * copy of the qos structure.
                             */
                            RtlCopyMemory(&SafeQos,
                                          ObjectAttributes->SecurityQualityOfService,
                                          sizeof(SECURITY_QUALITY_OF_SERVICE));
                            *Present = TRUE;
                        }
                        else
                        {
                            Status = STATUS_INVALID_PARAMETER;
                        }
                    }
                    else
                    {
                        *CapturedSecurityQualityOfService = NULL;
                        *Present = FALSE;
                    }
                }
                else
                {
                    Status = STATUS_INVALID_PARAMETER;
                }
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                Status = _SEH2_GetExceptionCode();
            }
            _SEH2_END;
 
            if (NT_SUCCESS(Status))
            {
                if (*Present)
                {
                    CapturedQos = ExAllocatePoolWithTag(PoolType,
                                                        sizeof(SECURITY_QUALITY_OF_SERVICE),
                                                        TAG_QOS);
                    if (CapturedQos != NULL)
                    {
                        RtlCopyMemory(CapturedQos,
                                      &SafeQos,
                                      sizeof(SECURITY_QUALITY_OF_SERVICE));
                        *CapturedSecurityQualityOfService = CapturedQos;
                    }
                    else
                    {
                        Status = STATUS_INSUFFICIENT_RESOURCES;
                    }
                }
                else
                {
                    *CapturedSecurityQualityOfService = NULL;
                }
            }
        }
        else
        {
            if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
            {
                if (CaptureIfKernel)
                {
                    if (ObjectAttributes->SecurityQualityOfService != NULL)
                    {
                        if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
                            sizeof(SECURITY_QUALITY_OF_SERVICE))
                        {
                            CapturedQos = ExAllocatePoolWithTag(PoolType,
                                                                sizeof(SECURITY_QUALITY_OF_SERVICE),
                                                                TAG_QOS);
                            if (CapturedQos != NULL)
                            {
                                RtlCopyMemory(CapturedQos,
                                              ObjectAttributes->SecurityQualityOfService,
                                              sizeof(SECURITY_QUALITY_OF_SERVICE));
                                *CapturedSecurityQualityOfService = CapturedQos;
                                *Present = TRUE;
                            }
                            else
                            {
                                Status = STATUS_INSUFFICIENT_RESOURCES;
                            }
                        }
                        else
                        {
                            Status = STATUS_INVALID_PARAMETER;
                        }
                    }
                    else
                    {
                        *CapturedSecurityQualityOfService = NULL;
                        *Present = FALSE;
                    }
                }
                else
                {
                    *CapturedSecurityQualityOfService = (PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService;
                    *Present = (ObjectAttributes->SecurityQualityOfService != NULL);
                }
            }
            else
            {
                Status = STATUS_INVALID_PARAMETER;
            }
        }
    }
    else
    {
        *CapturedSecurityQualityOfService = NULL;
        *Present = FALSE;
    }
 
    return Status;
}

Referenced by NtDuplicateToken().

◆ SepCaptureSid()

NTSTATUS NTAPI SepCaptureSid	(	_In_ PSID	InputSid,
		_In_ KPROCESSOR_MODE	AccessMode,
		_In_ POOL_TYPE	PoolType,
		_In_ BOOLEAN	CaptureIfKernel,
		_Out_ PSID *	CapturedSid
	)

Captures a SID.

Parameters

[in]	InputSid	A valid security identifier to be captured.
[in]	AccessMode	Processor level access mode.
[in]	PoolType	Pool memory type for the captured SID to assign upon allocation.
[in]	CaptureIfKernel	If set to TRUE, the capturing is done within the kernel. Otherwise the capturing is done in a kernel mode driver.
[out]	CapturedSid	The captured security identifier, returned to the caller.

Returns: Returns STATUS_SUCCESS if the SID was captured. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the captured SID has failed.

Definition at line 314 of file sid.c.

{
    ULONG SidSize = 0;
    PISID NewSid, Sid = (PISID)InputSid;
 
    PAGED_CODE();
 
    if (AccessMode != KernelMode)
    {
        _SEH2_TRY
        {
            ProbeForRead(Sid, FIELD_OFFSET(SID, SubAuthority), sizeof(UCHAR));
            SidSize = RtlLengthRequiredSid(Sid->SubAuthorityCount);
            ProbeForRead(Sid, SidSize, sizeof(UCHAR));
        }
        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
        {
            /* Return the exception code */
            _SEH2_YIELD(return _SEH2_GetExceptionCode());
        }
        _SEH2_END;
 
        /* Allocate a SID and copy it */
        NewSid = ExAllocatePoolWithTag(PoolType, SidSize, TAG_SID);
        if (!NewSid)
            return STATUS_INSUFFICIENT_RESOURCES;
 
        _SEH2_TRY
        {
            RtlCopyMemory(NewSid, Sid, SidSize);
 
            *CapturedSid = NewSid;
        }
        _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
        {
            /* Free the SID and return the exception code */
            ExFreePoolWithTag(NewSid, TAG_SID);
            _SEH2_YIELD(return _SEH2_GetExceptionCode());
        }
        _SEH2_END;
    }
    else if (!CaptureIfKernel)
    {
        *CapturedSid = InputSid;
    }
    else
    {
        SidSize = RtlLengthRequiredSid(Sid->SubAuthorityCount);
 
        /* Allocate a SID and copy it */
        NewSid = ExAllocatePoolWithTag(PoolType, SidSize, TAG_SID);
        if (NewSid == NULL)
            return STATUS_INSUFFICIENT_RESOURCES;
 
        RtlCopyMemory(NewSid, Sid, SidSize);
 
        *CapturedSid = NewSid;
    }
 
    return STATUS_SUCCESS;
}

Referenced by NtCreateToken(), NtSecureConnectPort(), NtSetInformationToken(), SepAccessCheck(), and SepAccessCheckAndAuditAlarm().

◆ SepComputeAvailableDynamicSpace()

ULONG SepComputeAvailableDynamicSpace	(	_In_ ULONG	DynamicCharged,
		_In_ PSID	PrimaryGroup,
		_In_opt_ PACL	DefaultDacl
	)

Computes the exact available dynamic area of an access token whilst querying token statistics.

Parameters

[in]	DynamicCharged	The current charged dynamic area of an access token. This must not be 0!
[in]	PrimaryGroup	A pointer to a primary group SID.
[in]	DefaultDacl	If provided, this pointer points to a default DACL of an access token.

Returns: Returns the calculated available dynamic area.

Definition at line 659 of file token.c.

{
    ULONG DynamicAvailable;
 
    PAGED_CODE();
 
    /* A token's dynamic area is always charged */
    ASSERT(DynamicCharged != 0);
 
    /*
     * Take into account the default DACL if
     * the token has one. Otherwise the occupied
     * space is just the present primary group.
     */
    DynamicAvailable = DynamicCharged - RtlLengthSid(PrimaryGroup);
    if (DefaultDacl)
    {
        DynamicAvailable -= DefaultDacl->AclSize;
    }
 
    return DynamicAvailable;
}

Referenced by NtQueryInformationToken(), and SeQueryInformationToken().

◆ SepCreateImpersonationTokenDacl()

NTSTATUS NTAPI SepCreateImpersonationTokenDacl	(	_In_ PTOKEN	Token,
		_In_ PTOKEN	PrimaryToken,
		_Out_ PACL *	Dacl
	)

Allocates a discretionary access control list based on certain properties of a regular and primary access tokens.

Parameters

[in]	Token	An access token.
[in]	PrimaryToken	A primary access token.
[out]	Dacl	The returned allocated DACL.

Returns: Returns STATUS_SUCCESS if DACL creation from tokens has completed successfully. STATUS_INSUFFICIENT_RESOURCES is returned if DACL allocation from memory pool fails otherwise.

Definition at line 277 of file acl.c.

{
    ULONG AclLength;
    PACL TokenDacl;
 
    PAGED_CODE();
 
    *Dacl = NULL;
 
    AclLength = sizeof(ACL) +
        (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
        (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
        (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid)) +
        (sizeof(ACE) + RtlLengthSid(Token->UserAndGroups->Sid)) +
        (sizeof(ACE) + RtlLengthSid(PrimaryToken->UserAndGroups->Sid));
 
    TokenDacl = ExAllocatePoolWithTag(PagedPool, AclLength, TAG_ACL);
    if (TokenDacl == NULL)
    {
        return STATUS_INSUFFICIENT_RESOURCES;
    }
 
    RtlCreateAcl(TokenDacl, AclLength, ACL_REVISION);
    RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
                           Token->UserAndGroups->Sid);
    RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
                           PrimaryToken->UserAndGroups->Sid);
    RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
                           SeAliasAdminsSid);
    RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
                           SeLocalSystemSid);
 
    if (Token->RestrictedSids != NULL || PrimaryToken->RestrictedSids != NULL)
    {
        RtlAddAccessAllowedAce(TokenDacl, ACL_REVISION, GENERIC_ALL,
                               SeRestrictedCodeSid);
    }
 
    *Dacl = TokenDacl;
 
    return STATUS_SUCCESS;
}

Referenced by SepOpenThreadToken().

◆ SepCreateSystemAnonymousLogonToken()

PTOKEN SepCreateSystemAnonymousLogonToken ( VOID )

Creates the anonymous logon token for the system. The difference between this token and the other one is the inclusion of everyone SID group (being SeWorldSid). The other token lacks such group.

Returns: Returns the system's anonymous logon token if the operations have completed successfully.

Definition at line 1868 of file token.c.

{
    SID_AND_ATTRIBUTES UserSid;
    PSID PrimaryGroup;
    PTOKEN Token;
    ULONG GroupsLength;
    LARGE_INTEGER Expiration;
    OBJECT_ATTRIBUTES ObjectAttributes;
    NTSTATUS Status;
 
    /* The token never expires */
    Expiration.QuadPart = -1;
 
    /* The user is the anonymous logon */
    UserSid.Sid = SeAnonymousLogonSid;
    UserSid.Attributes = 0;
 
    /* The primary group is also the anonymous logon */
    PrimaryGroup = SeAnonymousLogonSid;
 
    /* The only group for the token is the World */
    SID_AND_ATTRIBUTES Groups[] =
    {
        {SeWorldSid, SE_GROUP_ENABLED | SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT}
    };
    GroupsLength = sizeof(SID_AND_ATTRIBUTES) +
                   SeLengthSid(Groups[0].Sid);
    ASSERT(GroupsLength <= (sizeof(Groups) * sizeof(ULONG)));
 
    /* Initialise the object attributes for the token */
    InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL);
    ASSERT(SeSystemAnonymousLogonDacl != NULL);
 
    /* Create token */
    Status = SepCreateToken((PHANDLE)&Token,
                            KernelMode,
                            0,
                            &ObjectAttributes,
                            TokenPrimary,
                            SecurityAnonymous,
                            &SeAnonymousAuthenticationId,
                            &Expiration,
                            &UserSid,
                            RTL_NUMBER_OF(Groups),
                            Groups,
                            GroupsLength,
                            0,
                            NULL,
                            NULL,
                            PrimaryGroup,
                            SeSystemAnonymousLogonDacl,
                            &SeSystemTokenSource,
                            TRUE);
    ASSERT(Status == STATUS_SUCCESS);
 
    /* Return the anonymous logon token */
    return Token;
}

Referenced by SepInitializationPhase0().

◆ SepCreateSystemAnonymousLogonTokenNoEveryone()

PTOKEN SepCreateSystemAnonymousLogonTokenNoEveryone ( VOID )

Creates the anonymous logon token for the system. This kind of token doesn't include the everyone SID group (being SeWorldSid).

Returns: Returns the system's anonymous logon token if the operations have completed successfully.

Definition at line 1938 of file token.c.

{
    SID_AND_ATTRIBUTES UserSid;
    PSID PrimaryGroup;
    PTOKEN Token;
    LARGE_INTEGER Expiration;
    OBJECT_ATTRIBUTES ObjectAttributes;
    NTSTATUS Status;
 
    /* The token never expires */
    Expiration.QuadPart = -1;
 
    /* The user is the anonymous logon */
    UserSid.Sid = SeAnonymousLogonSid;
    UserSid.Attributes = 0;
 
    /* The primary group is also the anonymous logon */
    PrimaryGroup = SeAnonymousLogonSid;
 
    /* Initialise the object attributes for the token */
    InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL);
    ASSERT(SeSystemAnonymousLogonDacl != NULL);
 
    /* Create token */
    Status = SepCreateToken((PHANDLE)&Token,
                            KernelMode,
                            0,
                            &ObjectAttributes,
                            TokenPrimary,
                            SecurityAnonymous,
                            &SeAnonymousAuthenticationId,
                            &Expiration,
                            &UserSid,
                            0,
                            NULL,
                            0,
                            0,
                            NULL,
                            NULL,
                            PrimaryGroup,
                            SeSystemAnonymousLogonDacl,
                            &SeSystemTokenSource,
                            TRUE);
    ASSERT(Status == STATUS_SUCCESS);
 
    /* Return the anonymous (not including everyone) logon token */
    return Token;
}

Referenced by SepInitializationPhase0().

◆ SepCreateSystemProcessToken()

PTOKEN NTAPI SepCreateSystemProcessToken ( VOID )

Creates the system process token.

Returns: Returns the system process token if the operations have completed successfully.

Definition at line 1753 of file token.c.

{
    ULONG GroupAttributes, OwnerAttributes;
    LARGE_INTEGER Expiration;
    SID_AND_ATTRIBUTES UserSid;
    ULONG GroupsLength;
    PSID PrimaryGroup;
    OBJECT_ATTRIBUTES ObjectAttributes;
    PSID Owner;
    PTOKEN Token;
    NTSTATUS Status;
 
    /* Don't ever expire */
    Expiration.QuadPart = -1;
 
    /* All groups mandatory and enabled */
    GroupAttributes = SE_GROUP_ENABLED | SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT;
    OwnerAttributes = SE_GROUP_ENABLED | SE_GROUP_OWNER | SE_GROUP_ENABLED_BY_DEFAULT;
 
    /* User is Local System */
    UserSid.Sid = SeLocalSystemSid;
    UserSid.Attributes = 0;
 
    /* Primary group is Local System */
    PrimaryGroup = SeLocalSystemSid;
 
    /* Owner is Administrators */
    Owner = SeAliasAdminsSid;
 
    /* Groups are Administrators, World, and Authenticated Users */
    SID_AND_ATTRIBUTES Groups[] =
    {
        {SeAliasAdminsSid, OwnerAttributes},
        {SeWorldSid, GroupAttributes},
        {SeAuthenticatedUsersSid, GroupAttributes},
        {SeLocalSid, SE_GROUP_ENABLED} // HACK: Temporarily add the local group. See CORE-18250.
    };
    GroupsLength = sizeof(SID_AND_ATTRIBUTES) +
                   SeLengthSid(Groups[0].Sid) +
                   SeLengthSid(Groups[1].Sid) +
                   SeLengthSid(Groups[2].Sid) +
                   SeLengthSid(Groups[3].Sid); // HACK
    ASSERT(GroupsLength <= (sizeof(Groups) * sizeof(ULONG)));
 
    /* Setup the privileges */
    LUID_AND_ATTRIBUTES Privileges[] =
    {
        {SeTcbPrivilege, SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED},
        {SeCreateTokenPrivilege, 0},
        {SeTakeOwnershipPrivilege, 0},
        {SeCreatePagefilePrivilege, SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED},
        {SeLockMemoryPrivilege, SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED},
        {SeAssignPrimaryTokenPrivilege, 0},
        {SeIncreaseQuotaPrivilege, 0},
        {SeIncreaseBasePriorityPrivilege, SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED},
        {SeCreatePermanentPrivilege, SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED},
        {SeDebugPrivilege, SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED},
        {SeAuditPrivilege, SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED},
        {SeSecurityPrivilege, 0},
        {SeSystemEnvironmentPrivilege, 0},
        {SeChangeNotifyPrivilege, SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED},
        {SeBackupPrivilege, 0},
        {SeRestorePrivilege, 0},
        {SeShutdownPrivilege, 0},
        {SeLoadDriverPrivilege, 0},
        {SeProfileSingleProcessPrivilege, SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED},
        {SeSystemtimePrivilege, 0},
        {SeUndockPrivilege, 0},
        {SeManageVolumePrivilege, 0},
        {SeImpersonatePrivilege, SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED},
        {SeCreateGlobalPrivilege, SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED},
    };
 
    /* Setup the object attributes */
    InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL);
    ASSERT(SeSystemDefaultDacl != NULL);
 
    /* Create the token */
    Status = SepCreateToken((PHANDLE)&Token,
                            KernelMode,
                            0,
                            &ObjectAttributes,
                            TokenPrimary,
                            SecurityAnonymous,
                            &SeSystemAuthenticationId,
                            &Expiration,
                            &UserSid,
                            RTL_NUMBER_OF(Groups),
                            Groups,
                            GroupsLength,
                            RTL_NUMBER_OF(Privileges),
                            Privileges,
                            Owner,
                            PrimaryGroup,
                            SeSystemDefaultDacl,
                            &SeSystemTokenSource,
                            TRUE);
    ASSERT(Status == STATUS_SUCCESS);
 
    /* Return the token */
    return Token;
}

Referenced by SepInitializationPhase0().

◆ SepCreateToken()

NTSTATUS NTAPI SepCreateToken	(	_Out_ PHANDLE	TokenHandle,
		_In_ KPROCESSOR_MODE	PreviousMode,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_opt_ POBJECT_ATTRIBUTES	ObjectAttributes,
		_In_ TOKEN_TYPE	TokenType,
		_In_ SECURITY_IMPERSONATION_LEVEL	ImpersonationLevel,
		_In_ PLUID	AuthenticationId,
		_In_ PLARGE_INTEGER	ExpirationTime,
		_In_ PSID_AND_ATTRIBUTES	User,
		_In_ ULONG	GroupCount,
		_In_ PSID_AND_ATTRIBUTES	Groups,
		_In_ ULONG	GroupsLength,
		_In_ ULONG	PrivilegeCount,
		_In_ PLUID_AND_ATTRIBUTES	Privileges,
		_In_opt_ PSID	Owner,
		_In_ PSID	PrimaryGroup,
		_In_opt_ PACL	DefaultDacl,
		_In_ PTOKEN_SOURCE	TokenSource,
		_In_ BOOLEAN	SystemToken
	)

Internal function responsible for access token object creation in the kernel. A fully created token objected is inserted into the token handle, thus the handle becoming a valid handle to an access token object and ready for use.

Parameters

[out]	TokenHandle	Valid token handle that's ready for use after token creation and object insertion.
[in]	PreviousMode	Processor request level mode.
[in]	DesiredAccess	Desired access right for the token object to be granted. This kind of access right impacts how the token can be used and who.
[in]	ObjectAttributes	Object attributes for the token to be created.
[in]	TokenType	Type of token to assign upon creation.
[in]	ImpersonationLevel	Security impersonation level of token to assign upon creation.
[in]	AuthenticationId	Authentication ID that represents the authentication information of the token.
[in]	ExpirationTime	Expiration time of the token to assign. A value of -1 means that the token never expires and its life depends upon the amount of references this token object has.
[in]	User	User entry to assign to the token.
[in]	GroupCount	The total number of groups count for the token.
[in]	Groups	The group entries for the token.
[in]	GroupsLength	The length size of the groups array, pointed by the Groups parameter.
[in]	PrivilegeCount	The total number of priivleges that the newly created token has.
[in]	Privileges	The privileges for the token.
[in]	Owner	The main user (or also owner) that represents the token that we create.
[in]	PrimaryGroup	The main group that represents the token that we create.
[in]	DefaultDacl	A discretionary access control list for the token.
[in]	TokenSource	Source (or the origin) of the access token that creates it.
[in]	SystemToken	If set to TRUE, the newly created token is a system token and only in charge by the internal system. The function directly returns a pointer to the created token object for system kernel use. Otherwise if set to FALSE, the function inserts the object to a handle making it a regular access token.

Returns: Returns STATUS_SUCCESS if token creation has completed successfully. STATUS_INSUFFICIENT_RESOURCES is returned if the dynamic area of memory of the token hasn't been allocated because of lack of memory resources. A failure NTSTATUS code is returned otherwise.

Definition at line 97 of file tokenlif.c.

{
    NTSTATUS Status;
    PTOKEN AccessToken;
    ULONG TokenFlags = 0;
    ULONG PrimaryGroupIndex, DefaultOwnerIndex;
    LUID TokenId;
    LUID ModifiedId;
    PVOID EndMem;
    ULONG PrivilegesLength;
    ULONG UserGroupsLength;
    ULONG VariableLength;
    ULONG DynamicPartSize, TotalSize;
    ULONG TokenPagedCharges;
    ULONG i;
 
    PAGED_CODE();
 
    /* Loop all groups */
    for (i = 0; i < GroupCount; i++)
    {
        /* Check for mandatory groups */
        if (Groups[i].Attributes & SE_GROUP_MANDATORY)
        {
            /* Force them to be enabled */
            Groups[i].Attributes |= (SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT);
        }
 
        /* Check of the group is an admin group */
        if (RtlEqualSid(SeAliasAdminsSid, Groups[i].Sid))
        {
            /* Remember this so we can optimize queries later */
            TokenFlags |= TOKEN_HAS_ADMIN_GROUP;
        }
    }
 
    /* Allocate unique IDs for the token */
    ExAllocateLocallyUniqueId(&TokenId);
    ExAllocateLocallyUniqueId(&ModifiedId);
 
    /* Compute how much size we need to allocate for the token */
 
    /* Privileges size */
    PrivilegesLength = PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
    PrivilegesLength = ALIGN_UP_BY(PrivilegesLength, sizeof(PVOID));
 
    /* User and groups size */
    UserGroupsLength = (1 + GroupCount) * sizeof(SID_AND_ATTRIBUTES);
    UserGroupsLength += RtlLengthSid(User->Sid);
    for (i = 0; i < GroupCount; i++)
    {
        UserGroupsLength += RtlLengthSid(Groups[i].Sid);
    }
    UserGroupsLength = ALIGN_UP_BY(UserGroupsLength, sizeof(PVOID));
 
    /* Add the additional groups array length */
    UserGroupsLength += ALIGN_UP_BY(GroupsLength, sizeof(PVOID));
 
    VariableLength = PrivilegesLength + UserGroupsLength;
    TotalSize = FIELD_OFFSET(TOKEN, VariablePart) + VariableLength;
 
    /*
     * A token is considered slim if it has the default dynamic
     * contents, or in other words, the primary group and ACL.
     * We judge if such contents are default by checking their
     * total size if it's over the range. On Windows this range
     * is 0x1F4 (aka 500). If the size of the whole dynamic contents
     * is over that range then the token is considered fat and
     * the token will be charged the whole of its token body length
     * plus the dynamic size.
     */
    DynamicPartSize = DefaultDacl ? DefaultDacl->AclSize : 0;
    DynamicPartSize += RtlLengthSid(PrimaryGroup);
    if (DynamicPartSize > SE_TOKEN_DYNAMIC_SLIM)
    {
        TokenPagedCharges = DynamicPartSize + TotalSize;
    }
    else
    {
        TokenPagedCharges = SE_TOKEN_DYNAMIC_SLIM + TotalSize;
    }
 
    Status = ObCreateObject(PreviousMode,
                            SeTokenObjectType,
                            ObjectAttributes,
                            PreviousMode,
                            NULL,
                            TotalSize,
                            TokenPagedCharges,
                            0,
                            (PVOID*)&AccessToken);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("ObCreateObject() failed (Status 0x%lx)\n", Status);
        return Status;
    }
 
    /* Zero out the buffer and initialize the token */
    RtlZeroMemory(AccessToken, TotalSize);
 
    AccessToken->TokenId = TokenId;
    AccessToken->TokenType = TokenType;
    AccessToken->ImpersonationLevel = ImpersonationLevel;
 
    /* Initialise the lock for the access token */
    Status = SepCreateTokenLock(AccessToken);
    if (!NT_SUCCESS(Status))
        goto Quit;
 
    AccessToken->TokenSource.SourceIdentifier = TokenSource->SourceIdentifier;
    RtlCopyMemory(AccessToken->TokenSource.SourceName,
                  TokenSource->SourceName,
                  sizeof(TokenSource->SourceName));
 
    AccessToken->ExpirationTime = *ExpirationTime;
    AccessToken->ModifiedId = ModifiedId;
    AccessToken->DynamicCharged = TokenPagedCharges - TotalSize;
 
    AccessToken->TokenFlags = TokenFlags & ~TOKEN_SESSION_NOT_REFERENCED;
 
    /* Copy and reference the logon session */
    AccessToken->AuthenticationId = *AuthenticationId;
    Status = SepRmReferenceLogonSession(&AccessToken->AuthenticationId);
    if (!NT_SUCCESS(Status))
    {
        /* No logon session could be found, bail out */
        DPRINT1("SepRmReferenceLogonSession() failed (Status 0x%lx)\n", Status);
        /* Set the flag for proper cleanup by the delete procedure */
        AccessToken->TokenFlags |= TOKEN_SESSION_NOT_REFERENCED;
        goto Quit;
    }
 
    /* Insert the referenced logon session into the token */
    Status = SepRmInsertLogonSessionIntoToken(AccessToken);
    if (!NT_SUCCESS(Status))
    {
        /* Failed to insert the logon session into the token, bail out */
        DPRINT1("SepRmInsertLogonSessionIntoToken() failed (Status 0x%lx)\n", Status);
        goto Quit;
    }
 
    /* Fill in token debug information */
#if DBG
    /*
     * We must determine ourselves that the current
     * process is not the initial CPU one. The initial
     * process is not a "real" process, that is, the
     * Process Manager has not yet been initialized and
     * as a matter of fact we are creating a token before
     * any process gets created by Ps. If it turns out
     * that the current process is the initial CPU process
     * where token creation execution takes place, don't
     * do anything.
     */
    if (PsGetCurrentProcess() != &KiInitialProcess)
    {
        RtlCopyMemory(AccessToken->ImageFileName,
                      PsGetCurrentProcess()->ImageFileName,
                      min(sizeof(AccessToken->ImageFileName), sizeof(PsGetCurrentProcess()->ImageFileName)));
 
        AccessToken->ProcessCid = PsGetCurrentProcessId();
        AccessToken->ThreadCid = PsGetCurrentThreadId();
    }
 
    AccessToken->CreateMethod = TOKEN_CREATE_METHOD;
#endif
 
    /* Assign the data that reside in the token's variable information area */
    AccessToken->VariableLength = VariableLength;
    EndMem = (PVOID)&AccessToken->VariablePart;
 
    /* Copy the privileges */
    AccessToken->PrivilegeCount = PrivilegeCount;
    AccessToken->Privileges = NULL;
    if (PrivilegeCount > 0)
    {
        AccessToken->Privileges = EndMem;
        EndMem = (PVOID)((ULONG_PTR)EndMem + PrivilegesLength);
        VariableLength -= PrivilegesLength;
 
        if (PreviousMode != KernelMode)
        {
            _SEH2_TRY
            {
                RtlCopyMemory(AccessToken->Privileges,
                              Privileges,
                              PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
            }
            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
            {
                Status = _SEH2_GetExceptionCode();
            }
            _SEH2_END;
        }
        else
        {
            RtlCopyMemory(AccessToken->Privileges,
                          Privileges,
                          PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
        }
 
        if (!NT_SUCCESS(Status))
            goto Quit;
    }
 
    /* Update the privilege flags */
    SepUpdatePrivilegeFlagsToken(AccessToken);
 
    /* Copy the user and groups */
    AccessToken->UserAndGroupCount = 1 + GroupCount;
    AccessToken->UserAndGroups = EndMem;
    EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
    VariableLength -= ((ULONG_PTR)EndMem - (ULONG_PTR)AccessToken->UserAndGroups);
 
    Status = RtlCopySidAndAttributesArray(1,
                                          User,
                                          VariableLength,
                                          &AccessToken->UserAndGroups[0],
                                          EndMem,
                                          &EndMem,
                                          &VariableLength);
    if (!NT_SUCCESS(Status))
        goto Quit;
 
    Status = RtlCopySidAndAttributesArray(GroupCount,
                                          Groups,
                                          VariableLength,
                                          &AccessToken->UserAndGroups[1],
                                          EndMem,
                                          &EndMem,
                                          &VariableLength);
    if (!NT_SUCCESS(Status))
        goto Quit;
 
    /* Find the token primary group and default owner */
    Status = SepFindPrimaryGroupAndDefaultOwner(AccessToken,
                                                PrimaryGroup,
                                                Owner,
                                                &PrimaryGroupIndex,
                                                &DefaultOwnerIndex);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("SepFindPrimaryGroupAndDefaultOwner failed (Status 0x%lx)\n", Status);
        goto Quit;
    }
 
    /*
     * Now allocate the token's dynamic information area
     * and set the data. The dynamic part consists of two
     * contents, the primary group SID and the default DACL
     * of the token, in this strict order.
     */
    AccessToken->DynamicPart = ExAllocatePoolWithTag(PagedPool,
                                                     DynamicPartSize,
                                                     TAG_TOKEN_DYNAMIC);
    if (AccessToken->DynamicPart == NULL)
    {
        Status = STATUS_INSUFFICIENT_RESOURCES;
        goto Quit;
    }
 
    /* Unused memory in the dynamic area */
    AccessToken->DynamicAvailable = 0;
 
    /*
     * Assign the primary group to the token
     * and put it in the dynamic part as well.
     */
    EndMem = (PVOID)AccessToken->DynamicPart;
    AccessToken->PrimaryGroup = EndMem;
    RtlCopySid(RtlLengthSid(AccessToken->UserAndGroups[PrimaryGroupIndex].Sid),
                            EndMem,
                            AccessToken->UserAndGroups[PrimaryGroupIndex].Sid);
    AccessToken->DefaultOwnerIndex = DefaultOwnerIndex;
    EndMem = (PVOID)((ULONG_PTR)EndMem + RtlLengthSid(AccessToken->UserAndGroups[PrimaryGroupIndex].Sid));
 
    /*
     * We have assigned a primary group and put it in the
     * dynamic part, now it's time to copy the provided
     * default DACL (if it's provided to begin with) into
     * the DACL field of the token and put it at the end
     * tail of the dynamic part too.
     */
    if (DefaultDacl != NULL)
    {
        AccessToken->DefaultDacl = EndMem;
 
        RtlCopyMemory(EndMem,
                      DefaultDacl,
                      DefaultDacl->AclSize);
    }
 
    /* Insert the token only if it's not the system token, otherwise return it directly */
    if (!SystemToken)
    {
        Status = ObInsertObject(AccessToken,
                                NULL,
                                DesiredAccess,
                                0,
                                NULL,
                                TokenHandle);
        if (!NT_SUCCESS(Status))
        {
            DPRINT1("ObInsertObject() failed (Status 0x%lx)\n", Status);
        }
    }
    else
    {
        /* Return pointer instead of handle */
        *TokenHandle = (HANDLE)AccessToken;
    }
 
Quit:
    if (!NT_SUCCESS(Status))
    {
        /* Dereference the token, the delete procedure will clean it up */
        ObDereferenceObject(AccessToken);
    }
 
    return Status;
}

Referenced by NtCreateToken(), SepCreateSystemAnonymousLogonToken(), SepCreateSystemAnonymousLogonTokenNoEveryone(), and SepCreateSystemProcessToken().

◆ SepCreateTokenLock()

NTSTATUS SepCreateTokenLock ( _Inout_ PTOKEN Token )

Creates a lock for the token.

Parameters

[in,out] Token A token which lock has to be created.

Returns: STATUS_SUCCESS if the pool allocation and resource initialisation have completed successfully, otherwise STATUS_INSUFFICIENT_RESOURCES on a pool allocation failure.

Definition at line 45 of file token.c.

{
    PAGED_CODE();
 
    Token->TokenLock = ExAllocatePoolWithTag(NonPagedPool,
                                             sizeof(ERESOURCE),
                                             TAG_SE_TOKEN_LOCK);
    if (Token->TokenLock == NULL)
    {
        DPRINT1("SepCreateTokenLock(): Failed to allocate memory!\n");
        return STATUS_INSUFFICIENT_RESOURCES;
    }
 
    ExInitializeResourceLite(Token->TokenLock);
    return STATUS_SUCCESS;
}

Referenced by SepCreateToken(), SepDuplicateToken(), and SepPerformTokenFiltering().

◆ SepDeleteTokenLock()

VOID SepDeleteTokenLock ( _Inout_ PTOKEN Token )

Deletes a lock of a token.

Parameters

[in,out] Token A token which contains the lock.

Returns: Nothing.

Definition at line 74 of file token.c.

{
    PAGED_CODE();
 
    ExDeleteResourceLite(Token->TokenLock);
    ExFreePoolWithTag(Token->TokenLock, TAG_SE_TOKEN_LOCK);
}

Referenced by SepDeleteToken().

◆ SepDuplicateToken()

NTSTATUS NTAPI SepDuplicateToken	(	_In_ PTOKEN	Token,
		_In_opt_ POBJECT_ATTRIBUTES	ObjectAttributes,
		_In_ BOOLEAN	EffectiveOnly,
		_In_ TOKEN_TYPE	TokenType,
		_In_ SECURITY_IMPERSONATION_LEVEL	Level,
		_In_ KPROCESSOR_MODE	PreviousMode,
		_Out_ PTOKEN *	NewAccessToken
	)

Duplicates an access token, from an existing valid token.

Parameters

[in]	Token	Access token to duplicate.
[in]	ObjectAttributes	Object attributes for the new token.
[in]	EffectiveOnly	If set to TRUE, the function removes all the disabled privileges and groups of the token to duplicate.
[in]	TokenType	Type of token.
[in]	Level	Security impersonation level of a token.
[in]	PreviousMode	The processor request level mode.
[out]	NewAccessToken	The duplicated token.

Returns: Returns STATUS_SUCCESS if the token has been duplicated. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation of the dynamic part of the token for duplication has failed due to the lack of memory resources. A failure NTSTATUS code is returned otherwise.

Definition at line 471 of file tokenlif.c.

{
    NTSTATUS Status;
    PTOKEN AccessToken;
    PVOID EndMem;
    ULONG PrimaryGroupIndex;
    ULONG VariableLength;
    ULONG DynamicPartSize, TotalSize;
    ULONG PrivilegesIndex, GroupsIndex;
 
    PAGED_CODE();
 
    /* Compute how much size we need to allocate for the token */
    VariableLength = Token->VariableLength;
    TotalSize = FIELD_OFFSET(TOKEN, VariablePart) + VariableLength;
 
    /*
     * Compute how much size we need to allocate
     * the dynamic part of the newly duplicated
     * token.
     */
    DynamicPartSize = Token->DefaultDacl ? Token->DefaultDacl->AclSize : 0;
    DynamicPartSize += RtlLengthSid(Token->PrimaryGroup);
 
    Status = ObCreateObject(PreviousMode,
                            SeTokenObjectType,
                            ObjectAttributes,
                            PreviousMode,
                            NULL,
                            TotalSize,
                            Token->DynamicCharged,
                            TotalSize,
                            (PVOID*)&AccessToken);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("ObCreateObject() failed (Status 0x%lx)\n", Status);
        return Status;
    }
 
    /* Zero out the buffer and initialize the token */
    RtlZeroMemory(AccessToken, TotalSize);
 
    ExAllocateLocallyUniqueId(&AccessToken->TokenId);
 
    AccessToken->TokenType = TokenType;
    AccessToken->ImpersonationLevel = Level;
 
    /* Initialise the lock for the access token */
    Status = SepCreateTokenLock(AccessToken);
    if (!NT_SUCCESS(Status))
    {
        ObDereferenceObject(AccessToken);
        return Status;
    }
 
    /* Copy the immutable fields */
    AccessToken->TokenSource.SourceIdentifier = Token->TokenSource.SourceIdentifier;
    RtlCopyMemory(AccessToken->TokenSource.SourceName,
                  Token->TokenSource.SourceName,
                  sizeof(Token->TokenSource.SourceName));
 
    AccessToken->AuthenticationId = Token->AuthenticationId;
    AccessToken->ParentTokenId = Token->ParentTokenId;
    AccessToken->ExpirationTime = Token->ExpirationTime;
    AccessToken->OriginatingLogonSession = Token->OriginatingLogonSession;
    AccessToken->DynamicCharged = Token->DynamicCharged;
 
    /* Lock the source token and copy the mutable fields */
    SepAcquireTokenLockShared(Token);
 
    AccessToken->SessionId = Token->SessionId;
    AccessToken->ModifiedId = Token->ModifiedId;
 
    AccessToken->TokenFlags = Token->TokenFlags & ~TOKEN_SESSION_NOT_REFERENCED;
 
    /* Reference the logon session */
    Status = SepRmReferenceLogonSession(&AccessToken->AuthenticationId);
    if (!NT_SUCCESS(Status))
    {
        /* No logon session could be found, bail out */
        DPRINT1("SepRmReferenceLogonSession() failed (Status 0x%lx)\n", Status);
        /* Set the flag for proper cleanup by the delete procedure */
        AccessToken->TokenFlags |= TOKEN_SESSION_NOT_REFERENCED;
        goto Quit;
    }
 
    /* Insert the referenced logon session into the token */
    Status = SepRmInsertLogonSessionIntoToken(AccessToken);
    if (!NT_SUCCESS(Status))
    {
        /* Failed to insert the logon session into the token, bail out */
        DPRINT1("SepRmInsertLogonSessionIntoToken() failed (Status 0x%lx)\n", Status);
        goto Quit;
    }
 
    /* Fill in token debug information */
#if DBG
    RtlCopyMemory(AccessToken->ImageFileName,
                  PsGetCurrentProcess()->ImageFileName,
                  min(sizeof(AccessToken->ImageFileName), sizeof(PsGetCurrentProcess()->ImageFileName)));
 
    AccessToken->ProcessCid = PsGetCurrentProcessId();
    AccessToken->ThreadCid = PsGetCurrentThreadId();
    AccessToken->CreateMethod = TOKEN_DUPLICATE_METHOD;
#endif
 
    /* Assign the data that reside in the token's variable information area */
    AccessToken->VariableLength = VariableLength;
    EndMem = (PVOID)&AccessToken->VariablePart;
 
    /* Copy the privileges */
    AccessToken->PrivilegeCount = 0;
    AccessToken->Privileges = NULL;
    if (Token->Privileges && (Token->PrivilegeCount > 0))
    {
        ULONG PrivilegesLength = Token->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
        PrivilegesLength = ALIGN_UP_BY(PrivilegesLength, sizeof(PVOID));
 
        ASSERT(VariableLength >= PrivilegesLength);
 
        AccessToken->PrivilegeCount = Token->PrivilegeCount;
        AccessToken->Privileges = EndMem;
        EndMem = (PVOID)((ULONG_PTR)EndMem + PrivilegesLength);
        VariableLength -= PrivilegesLength;
 
        RtlCopyMemory(AccessToken->Privileges,
                      Token->Privileges,
                      AccessToken->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
    }
 
    /* Copy the user and groups */
    AccessToken->UserAndGroupCount = 0;
    AccessToken->UserAndGroups = NULL;
    if (Token->UserAndGroups && (Token->UserAndGroupCount > 0))
    {
        AccessToken->UserAndGroupCount = Token->UserAndGroupCount;
        AccessToken->UserAndGroups = EndMem;
        EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
        VariableLength -= ((ULONG_PTR)EndMem - (ULONG_PTR)AccessToken->UserAndGroups);
 
        Status = RtlCopySidAndAttributesArray(AccessToken->UserAndGroupCount,
                                              Token->UserAndGroups,
                                              VariableLength,
                                              AccessToken->UserAndGroups,
                                              EndMem,
                                              &EndMem,
                                              &VariableLength);
        if (!NT_SUCCESS(Status))
        {
            DPRINT1("RtlCopySidAndAttributesArray(UserAndGroups) failed (Status 0x%lx)\n", Status);
            goto Quit;
        }
    }
 
    /* Find the token primary group */
    Status = SepFindPrimaryGroupAndDefaultOwner(AccessToken,
                                                Token->PrimaryGroup,
                                                NULL,
                                                &PrimaryGroupIndex,
                                                NULL);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("SepFindPrimaryGroupAndDefaultOwner failed (Status 0x%lx)\n", Status);
        goto Quit;
    }
 
    /* Copy the restricted SIDs */
    AccessToken->RestrictedSidCount = 0;
    AccessToken->RestrictedSids = NULL;
    if (Token->RestrictedSids && (Token->RestrictedSidCount > 0))
    {
        AccessToken->RestrictedSidCount = Token->RestrictedSidCount;
        AccessToken->RestrictedSids = EndMem;
        EndMem = &AccessToken->RestrictedSids[AccessToken->RestrictedSidCount];
        VariableLength -= ((ULONG_PTR)EndMem - (ULONG_PTR)AccessToken->RestrictedSids);
 
        Status = RtlCopySidAndAttributesArray(AccessToken->RestrictedSidCount,
                                              Token->RestrictedSids,
                                              VariableLength,
                                              AccessToken->RestrictedSids,
                                              EndMem,
                                              &EndMem,
                                              &VariableLength);
        if (!NT_SUCCESS(Status))
        {
            DPRINT1("RtlCopySidAndAttributesArray(RestrictedSids) failed (Status 0x%lx)\n", Status);
            goto Quit;
        }
    }
 
    /* Now allocate the token's dynamic information area and set the data */
    AccessToken->DynamicPart = ExAllocatePoolWithTag(PagedPool,
                                                     DynamicPartSize,
                                                     TAG_TOKEN_DYNAMIC);
    if (AccessToken->DynamicPart == NULL)
    {
        Status = STATUS_INSUFFICIENT_RESOURCES;
        goto Quit;
    }
 
    /* Unused memory in the dynamic area */
    AccessToken->DynamicAvailable = 0;
 
    /*
     * Assign the primary group to the token
     * and put it in the dynamic part as well.
     */
    EndMem = (PVOID)AccessToken->DynamicPart;
    AccessToken->PrimaryGroup = EndMem;
    RtlCopySid(RtlLengthSid(AccessToken->UserAndGroups[PrimaryGroupIndex].Sid),
                            EndMem,
                            AccessToken->UserAndGroups[PrimaryGroupIndex].Sid);
    AccessToken->DefaultOwnerIndex = Token->DefaultOwnerIndex;
    EndMem = (PVOID)((ULONG_PTR)EndMem + RtlLengthSid(AccessToken->UserAndGroups[PrimaryGroupIndex].Sid));
 
    /*
     * The existing token has a default DACL only
     * if it has an allocated dynamic part.
     */
    if (Token->DynamicPart && Token->DefaultDacl)
    {
        AccessToken->DefaultDacl = EndMem;
 
        RtlCopyMemory(EndMem,
                      Token->DefaultDacl,
                      Token->DefaultDacl->AclSize);
    }
 
    /*
     * Filter the token by removing the disabled privileges
     * and groups if the caller wants to duplicate an access
     * token as effective only.
     */
    if (EffectiveOnly)
    {
        /*
         * Begin querying the groups and search for disabled ones. Do not touch the
         * user which is at the first position because it cannot be disabled, no
         * matter what attributes it has.
         */
        for (GroupsIndex = 1; GroupsIndex < AccessToken->UserAndGroupCount; GroupsIndex++)
        {
            /*
             * A group is considered disabled if its attributes is either
             * 0 or SE_GROUP_ENABLED is not included in the attributes flags list.
             * That is because a certain user and/or group can have several attributes
             * that bear no influence on whether a user/group is enabled or not
             * (SE_GROUP_ENABLED_BY_DEFAULT for example which is a mere indicator
             * that the group has just been enabled by default). A mandatory
             * group (that is, the group has SE_GROUP_MANDATORY attribute)
             * by standards it's always enabled and no one can disable it.
             */
            if (AccessToken->UserAndGroups[GroupsIndex].Attributes == 0 ||
                (AccessToken->UserAndGroups[GroupsIndex].Attributes & SE_GROUP_ENABLED) == 0)
            {
                /*
                 * If this group is an administrators group
                 * and the token belongs to such group,
                 * we've to take away TOKEN_HAS_ADMIN_GROUP
                 * for the fact that's not enabled and as
                 * such the token no longer belongs to
                 * this group.
                 */
                if (RtlEqualSid(SeAliasAdminsSid,
                                &AccessToken->UserAndGroups[GroupsIndex].Sid))
                {
                    AccessToken->TokenFlags &= ~TOKEN_HAS_ADMIN_GROUP;
                }
 
                /*
                 * A group is not enabled, it's time to remove
                 * from the token and update the groups index
                 * accordingly and continue with the next group.
                 */
                SepRemoveUserGroupToken(AccessToken, GroupsIndex);
                GroupsIndex--;
            }
        }
 
        /* Begin querying the privileges and search for disabled ones */
        for (PrivilegesIndex = 0; PrivilegesIndex < AccessToken->PrivilegeCount; PrivilegesIndex++)
        {
            /*
             * A privilege is considered disabled if its attributes is either
             * 0 or SE_PRIVILEGE_ENABLED is not included in the attributes flags list.
             * That is because a certain privilege can have several attributes
             * that bear no influence on whether a privilege is enabled or not
             * (SE_PRIVILEGE_ENABLED_BY_DEFAULT for example which is a mere indicator
             * that the privilege has just been enabled by default).
             */
            if (AccessToken->Privileges[PrivilegesIndex].Attributes == 0 ||
                (AccessToken->Privileges[PrivilegesIndex].Attributes & SE_PRIVILEGE_ENABLED) == 0)
            {
                /*
                 * A privilege is not enabled, therefor it's time
                 * to strip it from the token and continue with the next
                 * privilege. Of course we must also want to update the
                 * privileges index accordingly.
                 */
                SepRemovePrivilegeToken(AccessToken, PrivilegesIndex);
                PrivilegesIndex--;
            }
        }
    }
 
    /* Return the token to the caller */
    *NewAccessToken = AccessToken;
    Status = STATUS_SUCCESS;
 
Quit:
    if (!NT_SUCCESS(Status))
    {
        /* Dereference the token, the delete procedure will clean it up */
        ObDereferenceObject(AccessToken);
    }
 
    /* Unlock the source token */
    SepReleaseTokenLock(Token);
 
    return Status;
}

Referenced by NtDuplicateToken(), SeCopyClientToken(), SepOpenThreadToken(), and SeSubProcessToken().

◆ SepFindPrimaryGroupAndDefaultOwner()

NTSTATUS SepFindPrimaryGroupAndDefaultOwner	(	_In_ PTOKEN	Token,
		_In_ PSID	PrimaryGroup,
		_In_opt_ PSID	DefaultOwner,
		_Out_opt_ PULONG	PrimaryGroupIndex,
		_Out_opt_ PULONG	DefaultOwnerIndex
	)

Finds the primary group and default owner entity based on the submitted primary group instance and an access token.

Parameters

[in]	Token	Access token to begin the search query of primary group and default owner.
[in]	PrimaryGroup	A primary group SID to be used for search query, determining if user & groups of a token and the submitted primary group do match.
[in]	DefaultOwner	The default owner. If specified, it's used to determine if the token belongs to the actual user, that is, being the owner himself.
[out]	PrimaryGroupIndex	Returns the primary group index.
[out]	DefaultOwnerIndex	Returns the default owner index.

Returns: Returns STATUS_SUCCESS if the find query operation has completed successfully and that at least one search result is requested by the caller. STATUS_INVALID_PARAMETER is returned if the caller hasn't requested any search result. STATUS_INVALID_OWNER is returned if the specified default user owner does not match with the other user from the token. STATUS_INVALID_PRIMARY_GROUP is returned if the specified default primary group does not match with the other group from the token.

Definition at line 1011 of file token.c.

{
    ULONG i;
 
    /* We should return at least a search result */
    if (!PrimaryGroupIndex && !DefaultOwnerIndex)
        return STATUS_INVALID_PARAMETER;
 
    if (PrimaryGroupIndex)
    {
        /* Initialize with an invalid index */
        // Token->PrimaryGroup = NULL;
        *PrimaryGroupIndex = Token->UserAndGroupCount;
    }
 
    if (DefaultOwnerIndex)
    {
        if (DefaultOwner)
        {
            /* An owner is specified: check whether this is actually the user */
            if (RtlEqualSid(Token->UserAndGroups[0].Sid, DefaultOwner))
            {
                /*
                 * It's the user (first element in array): set it
                 * as the owner and stop the search for it.
                 */
                *DefaultOwnerIndex = 0;
                DefaultOwnerIndex = NULL;
            }
            else
            {
                /* An owner is specified: initialize with an invalid index */
                *DefaultOwnerIndex = Token->UserAndGroupCount;
            }
        }
        else
        {
            /*
             * No owner specified: set the user (first element in array)
             * as the owner and stop the search for it.
             */
            *DefaultOwnerIndex = 0;
            DefaultOwnerIndex = NULL;
        }
    }
 
    /* Validate and set the primary group and default owner indices */
    for (i = 0; i < Token->UserAndGroupCount; i++)
    {
        /* Stop the search if we have found what we searched for */
        if (!PrimaryGroupIndex && !DefaultOwnerIndex)
            break;
 
        if (DefaultOwnerIndex && DefaultOwner &&
            RtlEqualSid(Token->UserAndGroups[i].Sid, DefaultOwner) &&
            (Token->UserAndGroups[i].Attributes & SE_GROUP_OWNER))
        {
            /* Owner is found, stop the search for it */
            *DefaultOwnerIndex = i;
            DefaultOwnerIndex = NULL;
        }
 
        if (PrimaryGroupIndex &&
            RtlEqualSid(Token->UserAndGroups[i].Sid, PrimaryGroup))
        {
            /* Primary group is found, stop the search for it */
            // Token->PrimaryGroup = Token->UserAndGroups[i].Sid;
            *PrimaryGroupIndex = i;
            PrimaryGroupIndex = NULL;
        }
    }
 
    if (DefaultOwnerIndex)
    {
        if (*DefaultOwnerIndex == Token->UserAndGroupCount)
            return STATUS_INVALID_OWNER;
    }
 
    if (PrimaryGroupIndex)
    {
        if (*PrimaryGroupIndex == Token->UserAndGroupCount)
        // if (Token->PrimaryGroup == NULL)
            return STATUS_INVALID_PRIMARY_GROUP;
    }
 
    return STATUS_SUCCESS;
}

Referenced by NtSetInformationToken(), SepCreateToken(), SepDuplicateToken(), and SepPerformTokenFiltering().

◆ SepGetDaclFromDescriptor()

FORCEINLINE PACL SepGetDaclFromDescriptor ( _Inout_ PSECURITY_DESCRIPTOR _Descriptor )

Definition at line 129 of file se.h.

{
    PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
    PISECURITY_DESCRIPTOR_RELATIVE SdRel;
 
    if (!(Descriptor->Control & SE_DACL_PRESENT)) return NULL;
 
    if (Descriptor->Control & SE_SELF_RELATIVE)
    {
        SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor;
        if (!SdRel->Dacl) return NULL;
        return (PACL)((ULONG_PTR)Descriptor + SdRel->Dacl);
    }
    else
    {
        return Descriptor->Dacl;
    }
}

Referenced by _IRQL_requires_max_(), RtlGetDaclSecurityDescriptor(), RtlLengthSecurityDescriptor(), RtlpQuerySecurityDescriptor(), RtlValidSecurityDescriptor(), SeCaptureSecurityDescriptor(), SeFastTraverseCheck(), and SepDumpSdDebugInfo().

◆ SepGetGroupFromDescriptor()

FORCEINLINE PSID SepGetGroupFromDescriptor ( _Inout_ PSECURITY_DESCRIPTOR _Descriptor )

Definition at line 89 of file se.h.

{
    PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
    PISECURITY_DESCRIPTOR_RELATIVE SdRel;
 
    if (Descriptor->Control & SE_SELF_RELATIVE)
    {
        SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor;
        if (!SdRel->Group) return NULL;
        return (PSID)((ULONG_PTR)Descriptor + SdRel->Group);
    }
    else
    {
        return Descriptor->Group;
    }
}

Referenced by _IRQL_requires_max_(), RtlGetGroupSecurityDescriptor(), RtlLengthSecurityDescriptor(), RtlpQuerySecurityDescriptor(), RtlValidSecurityDescriptor(), SeCaptureSecurityDescriptor(), SepAccessCheck(), SepAccessCheckAndAuditAlarm(), and SepDumpSdDebugInfo().

◆ SepGetObjectTypeGuidFromAce()

PGUID SepGetObjectTypeGuidFromAce	(	_In_ PACE	Ace,
		_In_ BOOLEAN	IsAceDenied
	)

Captures an object type GUID from an object access control entry (ACE).

Parameters

[in]	Ace	A pointer to an access control entry, of which the object type GUID is to be captured from.
[in]	IsAceDenied	If set to TRUE, the function will capture the GUID from a denied object ACE, otherwise from the allowed object ACE.

Returns: Returns a pointer to an object type GUID, otherwise NULL is returned if the target ACE does not have an object type GUID.

Definition at line 180 of file objtype.c.

{
    PGUID ObjectTypeGuid = NULL;
 
    PAGED_CODE();
 
    /* This Ace must not be NULL */
    ASSERT(Ace);
 
    /* Grab the GUID based on the object type ACE header */
    ObjectTypeGuid = IsAceDenied ? (PGUID)&((PACCESS_DENIED_OBJECT_ACE)Ace)->ObjectType :
        (PGUID)&((PACCESS_ALLOWED_OBJECT_ACE)Ace)->ObjectType;
    return ObjectTypeGuid;
}

Referenced by SepAnalyzeAcesFromDacl().

◆ SepGetOwnerFromDescriptor()

FORCEINLINE PSID SepGetOwnerFromDescriptor ( _Inout_ PSECURITY_DESCRIPTOR _Descriptor )

Definition at line 109 of file se.h.

{
    PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
    PISECURITY_DESCRIPTOR_RELATIVE SdRel;
 
    if (Descriptor->Control & SE_SELF_RELATIVE)
    {
        SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor;
        if (!SdRel->Owner) return NULL;
        return (PSID)((ULONG_PTR)Descriptor + SdRel->Owner);
    }
    else
    {
        return Descriptor->Owner;
    }
}

Referenced by _IRQL_requires_max_(), RtlGetOwnerSecurityDescriptor(), RtlLengthSecurityDescriptor(), RtlpQuerySecurityDescriptor(), RtlValidSecurityDescriptor(), SeCaptureSecurityDescriptor(), SepAccessCheck(), SepAccessCheckAndAuditAlarm(), SepDumpSdDebugInfo(), and SepTokenIsOwner().

◆ SepGetSaclFromDescriptor()

FORCEINLINE PACL SepGetSaclFromDescriptor ( _Inout_ PSECURITY_DESCRIPTOR _Descriptor )

Definition at line 151 of file se.h.

{
    PISECURITY_DESCRIPTOR Descriptor = (PISECURITY_DESCRIPTOR)_Descriptor;
    PISECURITY_DESCRIPTOR_RELATIVE SdRel;
 
    if (!(Descriptor->Control & SE_SACL_PRESENT)) return NULL;
 
    if (Descriptor->Control & SE_SELF_RELATIVE)
    {
        SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)Descriptor;
        if (!SdRel->Sacl) return NULL;
        return (PACL)((ULONG_PTR)Descriptor + SdRel->Sacl);
    }
    else
    {
        return Descriptor->Sacl;
    }
}

Referenced by _IRQL_requires_max_(), RtlGetSaclSecurityDescriptor(), RtlLengthSecurityDescriptor(), RtlpQuerySecurityDescriptor(), RtlValidSecurityDescriptor(), SeCaptureSecurityDescriptor(), and SepDumpSdDebugInfo().

◆ SepGetSidFromAce()

PSID NTAPI SepGetSidFromAce ( _In_ PACE Ace )

Captures a security identifier from a given access control entry. This identifier is valid for the whole of its lifetime.

Parameters

[in] Ace A pointer to an access control entry, which can be obtained from a DACL.

Returns: Returns a pointer to a security identifier (SID), otherwise NULL is returned if an unsupported ACE type was given to the function.

Definition at line 572 of file sid.c.

{
    PULONG Flags;
    ULONG GuidSize = 0;
    PSID Sid = NULL;
    PAGED_CODE();
 
    /* Sanity check */
    ASSERT(Ace);
 
    /* Obtain the SID based upon ACE type */
    switch (Ace->Header.AceType)
    {
        case ACCESS_DENIED_ACE_TYPE:
        case ACCESS_ALLOWED_ACE_TYPE:
        case SYSTEM_AUDIT_ACE_TYPE:
        case SYSTEM_ALARM_ACE_TYPE:
        {
            Sid = (PSID)&((PKNOWN_ACE)Ace)->SidStart;
            break;
        }
 
        case ACCESS_DENIED_OBJECT_ACE_TYPE:
        case ACCESS_ALLOWED_OBJECT_ACE_TYPE:
        {
            Flags = (PULONG)&((PKNOWN_OBJECT_ACE)Ace)->Flags;
            if (*Flags & ACE_OBJECT_TYPE_PRESENT)
            {
                GuidSize += sizeof(GUID);
            }
 
            if (*Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT)
            {
                GuidSize += sizeof(GUID);
            }
 
            Sid = (PSID)((ULONG_PTR)&((PKNOWN_OBJECT_ACE)Ace)->SidStart + GuidSize);
            break;
        }
 
        default:
        {
            DPRINT1("SepGetSidFromAce(): Unknown ACE type (Ace 0x%p, Type %u)\n", Ace, Ace->Header.AceType);
            break;
        }
    }
 
    return Sid;
}

Referenced by SepAnalyzeAcesFromDacl().

◆ SepInitDACLs()

BOOLEAN NTAPI SepInitDACLs ( VOID )

Initializes known discretionary access control lists in the system upon kernel and Executive initialization procedure.

Returns: Returns TRUE if all the DACLs have been successfully initialized, FALSE otherwise.

Definition at line 38 of file acl.c.

{
    ULONG AclLength;
 
    /* create PublicDefaultDacl */
    AclLength = sizeof(ACL) +
                (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
                (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
                (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
 
    SePublicDefaultDacl = ExAllocatePoolWithTag(PagedPool,
                                                AclLength,
                                                TAG_ACL);
    if (SePublicDefaultDacl == NULL)
        return FALSE;
 
    RtlCreateAcl(SePublicDefaultDacl,
                 AclLength,
                 ACL_REVISION);
 
    RtlAddAccessAllowedAce(SePublicDefaultDacl,
                           ACL_REVISION,
                           GENERIC_EXECUTE,
                           SeWorldSid);
 
    RtlAddAccessAllowedAce(SePublicDefaultDacl,
                           ACL_REVISION,
                           GENERIC_ALL,
                           SeLocalSystemSid);
 
    RtlAddAccessAllowedAce(SePublicDefaultDacl,
                           ACL_REVISION,
                           GENERIC_ALL,
                           SeAliasAdminsSid);
 
    /* create PublicDefaultUnrestrictedDacl */
    AclLength = sizeof(ACL) +
                (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
                (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
                (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
                (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
 
    SePublicDefaultUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
                                                            AclLength,
                                                            TAG_ACL);
    if (SePublicDefaultUnrestrictedDacl == NULL)
        return FALSE;
 
    RtlCreateAcl(SePublicDefaultUnrestrictedDacl,
                 AclLength,
                 ACL_REVISION);
 
    RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
                           ACL_REVISION,
                           GENERIC_EXECUTE,
                           SeWorldSid);
 
    RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
                           ACL_REVISION,
                           GENERIC_ALL,
                           SeLocalSystemSid);
 
    RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
                           ACL_REVISION,
                           GENERIC_ALL,
                           SeAliasAdminsSid);
 
    RtlAddAccessAllowedAce(SePublicDefaultUnrestrictedDacl,
                           ACL_REVISION,
                           GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL,
                           SeRestrictedCodeSid);
 
    /* create PublicOpenDacl */
    AclLength = sizeof(ACL) +
                (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
                (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
                (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
 
    SePublicOpenDacl = ExAllocatePoolWithTag(PagedPool,
                                             AclLength,
                                             TAG_ACL);
    if (SePublicOpenDacl == NULL)
        return FALSE;
 
    RtlCreateAcl(SePublicOpenDacl,
                 AclLength,
                 ACL_REVISION);
 
    RtlAddAccessAllowedAce(SePublicOpenDacl,
                           ACL_REVISION,
                           GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE,
                           SeWorldSid);
 
    RtlAddAccessAllowedAce(SePublicOpenDacl,
                           ACL_REVISION,
                           GENERIC_ALL,
                           SeLocalSystemSid);
 
    RtlAddAccessAllowedAce(SePublicOpenDacl,
                           ACL_REVISION,
                           GENERIC_ALL,
                           SeAliasAdminsSid);
 
    /* create PublicOpenUnrestrictedDacl */
    AclLength = sizeof(ACL) +
                (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
                (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
                (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
                (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
 
    SePublicOpenUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
                                                         AclLength,
                                                         TAG_ACL);
    if (SePublicOpenUnrestrictedDacl == NULL)
        return FALSE;
 
    RtlCreateAcl(SePublicOpenUnrestrictedDacl,
                 AclLength,
                 ACL_REVISION);
 
    RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
                           ACL_REVISION,
                           GENERIC_ALL,
                           SeWorldSid);
 
    RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
                           ACL_REVISION,
                           GENERIC_ALL,
                           SeLocalSystemSid);
 
    RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
                           ACL_REVISION,
                           GENERIC_ALL,
                           SeAliasAdminsSid);
 
    RtlAddAccessAllowedAce(SePublicOpenUnrestrictedDacl,
                           ACL_REVISION,
                           GENERIC_READ | GENERIC_EXECUTE,
                           SeRestrictedCodeSid);
 
    /* create SystemDefaultDacl */
    AclLength = sizeof(ACL) +
                (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
                (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
 
    SeSystemDefaultDacl = ExAllocatePoolWithTag(PagedPool,
                                                AclLength,
                                                TAG_ACL);
    if (SeSystemDefaultDacl == NULL)
        return FALSE;
 
    RtlCreateAcl(SeSystemDefaultDacl,
                 AclLength,
                 ACL_REVISION);
 
    RtlAddAccessAllowedAce(SeSystemDefaultDacl,
                           ACL_REVISION,
                           GENERIC_ALL,
                           SeLocalSystemSid);
 
    RtlAddAccessAllowedAce(SeSystemDefaultDacl,
                           ACL_REVISION,
                           GENERIC_READ | GENERIC_EXECUTE | READ_CONTROL,
                           SeAliasAdminsSid);
 
    /* create UnrestrictedDacl */
    AclLength = sizeof(ACL) +
                (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
                (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
 
    SeUnrestrictedDacl = ExAllocatePoolWithTag(PagedPool,
                                               AclLength,
                                               TAG_ACL);
    if (SeUnrestrictedDacl == NULL)
        return FALSE;
 
    RtlCreateAcl(SeUnrestrictedDacl,
                 AclLength,
                 ACL_REVISION);
 
    RtlAddAccessAllowedAce(SeUnrestrictedDacl,
                           ACL_REVISION,
                           GENERIC_ALL,
                           SeWorldSid);
 
    RtlAddAccessAllowedAce(SeUnrestrictedDacl,
                           ACL_REVISION,
                           GENERIC_READ | GENERIC_EXECUTE,
                           SeRestrictedCodeSid);
 
    /* create SystemAnonymousLogonDacl */
    AclLength = sizeof(ACL) +
                (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
                (sizeof(ACE) + RtlLengthSid(SeAnonymousLogonSid));
 
    SeSystemAnonymousLogonDacl = ExAllocatePoolWithTag(PagedPool,
                                                       AclLength,
                                                       TAG_ACL);
    if (SeSystemAnonymousLogonDacl == NULL)
        return FALSE;
 
    RtlCreateAcl(SeSystemAnonymousLogonDacl,
                 AclLength,
                 ACL_REVISION);
 
    RtlAddAccessAllowedAce(SeSystemAnonymousLogonDacl,
                           ACL_REVISION,
                           GENERIC_ALL,
                           SeWorldSid);
 
    RtlAddAccessAllowedAce(SeSystemAnonymousLogonDacl,
                           ACL_REVISION,
                           GENERIC_ALL,
                           SeAnonymousLogonSid);
 
    return TRUE;
}

Referenced by SepInitializationPhase0().

◆ SepInitializeTokenImplementation()

VOID NTAPI SepInitializeTokenImplementation ( VOID )

Internal function that initializes critical kernel data for access token implementation in SRM.

Returns: Nothing.

Definition at line 1649 of file token.c.

{
    UNICODE_STRING Name;
    OBJECT_TYPE_INITIALIZER ObjectTypeInitializer;
 
    DPRINT("Creating Token Object Type\n");
 
    /* Initialize the Token type */
    RtlZeroMemory(&ObjectTypeInitializer, sizeof(ObjectTypeInitializer));
    RtlInitUnicodeString(&Name, L"Token");
    ObjectTypeInitializer.Length = sizeof(ObjectTypeInitializer);
    ObjectTypeInitializer.InvalidAttributes = OBJ_OPENLINK;
    ObjectTypeInitializer.SecurityRequired = TRUE;
    ObjectTypeInitializer.DefaultPagedPoolCharge = sizeof(TOKEN);
    ObjectTypeInitializer.GenericMapping = SepTokenMapping;
    ObjectTypeInitializer.PoolType = PagedPool;
    ObjectTypeInitializer.ValidAccessMask = TOKEN_ALL_ACCESS;
    ObjectTypeInitializer.UseDefaultObject = TRUE;
    ObjectTypeInitializer.DeleteProcedure = SepDeleteToken;
    ObCreateObjectType(&Name, &ObjectTypeInitializer, NULL, &SeTokenObjectType);
}

Referenced by SepInitializationPhase0().

◆ SepInitPrivileges()

VOID NTAPI SepInitPrivileges ( VOID )

Initializes the privileges during the startup phase of the security manager module. This function serves as a placeholder as it currently does nothing.

Returns: Nothing.

Definition at line 71 of file priv.c.

{
 
}

Referenced by SepInitializationPhase0().

◆ SepInitSDs()

BOOLEAN NTAPI SepInitSDs ( VOID )

Initializes the known security descriptors in the system.

Returns: Returns TRUE if all the security descriptors have been initialized, FALSE otherwise.

Definition at line 37 of file sd.c.

{
    /* Create PublicDefaultSd */
    SePublicDefaultSd = ExAllocatePoolWithTag(PagedPool,
                                              sizeof(SECURITY_DESCRIPTOR), TAG_SD);
    if (SePublicDefaultSd == NULL)
        return FALSE;
 
    RtlCreateSecurityDescriptor(SePublicDefaultSd,
                                SECURITY_DESCRIPTOR_REVISION);
    RtlSetDaclSecurityDescriptor(SePublicDefaultSd,
                                 TRUE,
                                 SePublicDefaultDacl,
                                 FALSE);
 
    /* Create PublicDefaultUnrestrictedSd */
    SePublicDefaultUnrestrictedSd = ExAllocatePoolWithTag(PagedPool,
                                                          sizeof(SECURITY_DESCRIPTOR), TAG_SD);
    if (SePublicDefaultUnrestrictedSd == NULL)
        return FALSE;
 
    RtlCreateSecurityDescriptor(SePublicDefaultUnrestrictedSd,
                                SECURITY_DESCRIPTOR_REVISION);
    RtlSetDaclSecurityDescriptor(SePublicDefaultUnrestrictedSd,
                                 TRUE,
                                 SePublicDefaultUnrestrictedDacl,
                                 FALSE);
 
    /* Create PublicOpenSd */
    SePublicOpenSd = ExAllocatePoolWithTag(PagedPool,
                                           sizeof(SECURITY_DESCRIPTOR), TAG_SD);
    if (SePublicOpenSd == NULL)
        return FALSE;
 
    RtlCreateSecurityDescriptor(SePublicOpenSd,
                                SECURITY_DESCRIPTOR_REVISION);
    RtlSetDaclSecurityDescriptor(SePublicOpenSd,
                                 TRUE,
                                 SePublicOpenDacl,
                                 FALSE);
 
    /* Create PublicOpenUnrestrictedSd */
    SePublicOpenUnrestrictedSd = ExAllocatePoolWithTag(PagedPool,
                                                       sizeof(SECURITY_DESCRIPTOR), TAG_SD);
    if (SePublicOpenUnrestrictedSd == NULL)
        return FALSE;
 
    RtlCreateSecurityDescriptor(SePublicOpenUnrestrictedSd,
                                SECURITY_DESCRIPTOR_REVISION);
    RtlSetDaclSecurityDescriptor(SePublicOpenUnrestrictedSd,
                                 TRUE,
                                 SePublicOpenUnrestrictedDacl,
                                 FALSE);
 
    /* Create SystemDefaultSd */
    SeSystemDefaultSd = ExAllocatePoolWithTag(PagedPool,
                                              sizeof(SECURITY_DESCRIPTOR), TAG_SD);
    if (SeSystemDefaultSd == NULL)
        return FALSE;
 
    RtlCreateSecurityDescriptor(SeSystemDefaultSd,
                                SECURITY_DESCRIPTOR_REVISION);
    RtlSetDaclSecurityDescriptor(SeSystemDefaultSd,
                                 TRUE,
                                 SeSystemDefaultDacl,
                                 FALSE);
 
    /* Create UnrestrictedSd */
    SeUnrestrictedSd = ExAllocatePoolWithTag(PagedPool,
                                             sizeof(SECURITY_DESCRIPTOR), TAG_SD);
    if (SeUnrestrictedSd == NULL)
        return FALSE;
 
    RtlCreateSecurityDescriptor(SeUnrestrictedSd,
                                SECURITY_DESCRIPTOR_REVISION);
    RtlSetDaclSecurityDescriptor(SeUnrestrictedSd,
                                 TRUE,
                                 SeUnrestrictedDacl,
                                 FALSE);
 
    /* Create SystemAnonymousLogonSd */
    SeSystemAnonymousLogonSd = ExAllocatePoolWithTag(PagedPool,
                                                     sizeof(SECURITY_DESCRIPTOR), TAG_SD);
    if (SeSystemAnonymousLogonSd == NULL)
        return FALSE;
 
    RtlCreateSecurityDescriptor(SeSystemAnonymousLogonSd,
                                SECURITY_DESCRIPTOR_REVISION);
    RtlSetDaclSecurityDescriptor(SeSystemAnonymousLogonSd,
                                 TRUE,
                                 SeSystemAnonymousLogonDacl,
                                 FALSE);
 
    return TRUE;
}

Referenced by SepInitializationPhase0().

◆ SepInitSecurityIDs()

BOOLEAN NTAPI SepInitSecurityIDs ( VOID )

Initializes all the SIDs known in the system.

Returns: Returns TRUE if all the SIDs have been initialized, FALSE otherwise.

Definition at line 115 of file sid.c.

{
    ULONG SidLength0;
    ULONG SidLength1;
    ULONG SidLength2;
    PULONG SubAuthority;
 
    SidLength0 = RtlLengthRequiredSid(0);
    SidLength1 = RtlLengthRequiredSid(1);
    SidLength2 = RtlLengthRequiredSid(2);
 
    /* create NullSid */
    SeNullSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
    SeWorldSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
    SeLocalSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
    SeCreatorOwnerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
    SeCreatorGroupSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
    SeCreatorOwnerServerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
    SeCreatorGroupServerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
    SeNtAuthoritySid = ExAllocatePoolWithTag(PagedPool, SidLength0, TAG_SID);
    SeDialupSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
    SeNetworkSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
    SeBatchSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
    SeInteractiveSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
    SeServiceSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
    SePrincipalSelfSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
    SeLocalSystemSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
    SeAuthenticatedUserSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
    SeRestrictedCodeSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
    SeAliasAdminsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
    SeAliasUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
    SeAliasGuestsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
    SeAliasPowerUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
    SeAliasAccountOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
    SeAliasSystemOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
    SeAliasPrintOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
    SeAliasBackupOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
    SeAuthenticatedUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
    SeRestrictedSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
    SeAnonymousLogonSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
    SeLocalServiceSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
    SeNetworkServiceSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
 
    if (SeNullSid == NULL || SeWorldSid == NULL ||
        SeLocalSid == NULL || SeCreatorOwnerSid == NULL ||
        SeCreatorGroupSid == NULL || SeCreatorOwnerServerSid == NULL ||
        SeCreatorGroupServerSid == NULL || SeNtAuthoritySid == NULL ||
        SeDialupSid == NULL || SeNetworkSid == NULL || SeBatchSid == NULL ||
        SeInteractiveSid == NULL || SeServiceSid == NULL ||
        SePrincipalSelfSid == NULL || SeLocalSystemSid == NULL ||
        SeAuthenticatedUserSid == NULL || SeRestrictedCodeSid == NULL ||
        SeAliasAdminsSid == NULL || SeAliasUsersSid == NULL ||
        SeAliasGuestsSid == NULL || SeAliasPowerUsersSid == NULL ||
        SeAliasAccountOpsSid == NULL || SeAliasSystemOpsSid == NULL ||
        SeAliasPrintOpsSid == NULL || SeAliasBackupOpsSid == NULL ||
        SeAuthenticatedUsersSid == NULL || SeRestrictedSid == NULL ||
        SeAnonymousLogonSid == NULL || SeLocalServiceSid == NULL ||
        SeNetworkServiceSid == NULL)
    {
        FreeInitializedSids();
        return FALSE;
    }
 
    RtlInitializeSid(SeNullSid, &SeNullSidAuthority, 1);
    RtlInitializeSid(SeWorldSid, &SeWorldSidAuthority, 1);
    RtlInitializeSid(SeLocalSid, &SeLocalSidAuthority, 1);
    RtlInitializeSid(SeCreatorOwnerSid, &SeCreatorSidAuthority, 1);
    RtlInitializeSid(SeCreatorGroupSid, &SeCreatorSidAuthority, 1);
    RtlInitializeSid(SeCreatorOwnerServerSid, &SeCreatorSidAuthority, 1);
    RtlInitializeSid(SeCreatorGroupServerSid, &SeCreatorSidAuthority, 1);
    RtlInitializeSid(SeNtAuthoritySid, &SeNtSidAuthority, 0);
    RtlInitializeSid(SeDialupSid, &SeNtSidAuthority, 1);
    RtlInitializeSid(SeNetworkSid, &SeNtSidAuthority, 1);
    RtlInitializeSid(SeBatchSid, &SeNtSidAuthority, 1);
    RtlInitializeSid(SeInteractiveSid, &SeNtSidAuthority, 1);
    RtlInitializeSid(SeServiceSid, &SeNtSidAuthority, 1);
    RtlInitializeSid(SePrincipalSelfSid, &SeNtSidAuthority, 1);
    RtlInitializeSid(SeLocalSystemSid, &SeNtSidAuthority, 1);
    RtlInitializeSid(SeAuthenticatedUserSid, &SeNtSidAuthority, 1);
    RtlInitializeSid(SeRestrictedCodeSid, &SeNtSidAuthority, 1);
    RtlInitializeSid(SeAliasAdminsSid, &SeNtSidAuthority, 2);
    RtlInitializeSid(SeAliasUsersSid, &SeNtSidAuthority, 2);
    RtlInitializeSid(SeAliasGuestsSid, &SeNtSidAuthority, 2);
    RtlInitializeSid(SeAliasPowerUsersSid, &SeNtSidAuthority, 2);
    RtlInitializeSid(SeAliasAccountOpsSid, &SeNtSidAuthority, 2);
    RtlInitializeSid(SeAliasSystemOpsSid, &SeNtSidAuthority, 2);
    RtlInitializeSid(SeAliasPrintOpsSid, &SeNtSidAuthority, 2);
    RtlInitializeSid(SeAliasBackupOpsSid, &SeNtSidAuthority, 2);
    RtlInitializeSid(SeAuthenticatedUsersSid, &SeNtSidAuthority, 1);
    RtlInitializeSid(SeRestrictedSid, &SeNtSidAuthority, 1);
    RtlInitializeSid(SeAnonymousLogonSid, &SeNtSidAuthority, 1);
    RtlInitializeSid(SeLocalServiceSid, &SeNtSidAuthority, 1);
    RtlInitializeSid(SeNetworkServiceSid, &SeNtSidAuthority, 1);
 
    SubAuthority = RtlSubAuthoritySid(SeNullSid, 0);
    *SubAuthority = SECURITY_NULL_RID;
    SubAuthority = RtlSubAuthoritySid(SeWorldSid, 0);
    *SubAuthority = SECURITY_WORLD_RID;
    SubAuthority = RtlSubAuthoritySid(SeLocalSid, 0);
    *SubAuthority = SECURITY_LOCAL_RID;
    SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerSid, 0);
    *SubAuthority = SECURITY_CREATOR_OWNER_RID;
    SubAuthority = RtlSubAuthoritySid(SeCreatorGroupSid, 0);
    *SubAuthority = SECURITY_CREATOR_GROUP_RID;
    SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerServerSid, 0);
    *SubAuthority = SECURITY_CREATOR_OWNER_SERVER_RID;
    SubAuthority = RtlSubAuthoritySid(SeCreatorGroupServerSid, 0);
    *SubAuthority = SECURITY_CREATOR_GROUP_SERVER_RID;
    SubAuthority = RtlSubAuthoritySid(SeDialupSid, 0);
    *SubAuthority = SECURITY_DIALUP_RID;
    SubAuthority = RtlSubAuthoritySid(SeNetworkSid, 0);
    *SubAuthority = SECURITY_NETWORK_RID;
    SubAuthority = RtlSubAuthoritySid(SeBatchSid, 0);
    *SubAuthority = SECURITY_BATCH_RID;
    SubAuthority = RtlSubAuthoritySid(SeInteractiveSid, 0);
    *SubAuthority = SECURITY_INTERACTIVE_RID;
    SubAuthority = RtlSubAuthoritySid(SeServiceSid, 0);
    *SubAuthority = SECURITY_SERVICE_RID;
    SubAuthority = RtlSubAuthoritySid(SePrincipalSelfSid, 0);
    *SubAuthority = SECURITY_PRINCIPAL_SELF_RID;
    SubAuthority = RtlSubAuthoritySid(SeLocalSystemSid, 0);
    *SubAuthority = SECURITY_LOCAL_SYSTEM_RID;
    SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUserSid, 0);
    *SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
    SubAuthority = RtlSubAuthoritySid(SeRestrictedCodeSid, 0);
    *SubAuthority = SECURITY_RESTRICTED_CODE_RID;
    SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 0);
    *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
    SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 1);
    *SubAuthority = DOMAIN_ALIAS_RID_ADMINS;
    SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 0);
    *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
    SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 1);
    *SubAuthority = DOMAIN_ALIAS_RID_USERS;
    SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 0);
    *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
    SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 1);
    *SubAuthority = DOMAIN_ALIAS_RID_GUESTS;
    SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 0);
    *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
    SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 1);
    *SubAuthority = DOMAIN_ALIAS_RID_POWER_USERS;
    SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 0);
    *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
    SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 1);
    *SubAuthority = DOMAIN_ALIAS_RID_ACCOUNT_OPS;
    SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 0);
    *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
    SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 1);
    *SubAuthority = DOMAIN_ALIAS_RID_SYSTEM_OPS;
    SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 0);
    *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
    SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 1);
    *SubAuthority = DOMAIN_ALIAS_RID_PRINT_OPS;
    SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 0);
    *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
    SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 1);
    *SubAuthority = DOMAIN_ALIAS_RID_BACKUP_OPS;
    SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUsersSid, 0);
    *SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
    SubAuthority = RtlSubAuthoritySid(SeRestrictedSid, 0);
    *SubAuthority = SECURITY_RESTRICTED_CODE_RID;
    SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid, 0);
    *SubAuthority = SECURITY_ANONYMOUS_LOGON_RID;
    SubAuthority = RtlSubAuthoritySid(SeLocalServiceSid, 0);
    *SubAuthority = SECURITY_LOCAL_SERVICE_RID;
    SubAuthority = RtlSubAuthoritySid(SeNetworkServiceSid, 0);
    *SubAuthority = SECURITY_NETWORK_SERVICE_RID;
 
    return TRUE;
}

Referenced by SepInitializationPhase0().

◆ SepObjectTypeGuidInList()

BOOLEAN SepObjectTypeGuidInList	(	_In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST_INTERNAL	ObjectTypeList,
		_In_ ULONG	ObjectTypeListLength,
		_In_ PGUID	ObjectTypeGuid,
		_Out_ PULONG	ObjectIndex
	)

Searches for an object type GUID if it exists on an object type list.

Parameters

[in]	ObjectTypeList	A pointer to an object type list.
[in]	ObjectTypeListLength	The length of the list, representing the number of object elements in that list.
[in]	ObjectTypeGuid	A pointer to an object type GUID to search in the list of interest.
[out]	ObjectIndex	If the function found the target GUID, the function returns a pointer to the object index location to this parameter.

Returns: Returns TRUE if the object type GUID of interest exists in the target list, FALSE otherwise.

Definition at line 223 of file objtype.c.

{
    ULONG ObjectTypeIndex;
    GUID ObjectTypeGuidToSearch;
 
    PAGED_CODE();
 
    /* Loop over the object elements */
    for (ObjectTypeIndex = 0;
         ObjectTypeIndex < ObjectTypeListLength;
         ObjectTypeIndex++)
    {
        /* Is this the object we are searching for? */
        ObjectTypeGuidToSearch = ObjectTypeList[ObjectTypeIndex].ObjectTypeGuid;
        if (SepIsEqualObjectTypeGuid(ObjectTypeGuid, &ObjectTypeGuidToSearch))
        {
            /* Return the indext of that object to caller */
            *ObjectIndex = ObjectTypeIndex;
            return TRUE;
        }
    }
 
    return FALSE;
}

Referenced by SepAllowAccessObjectTypeList(), SepAllowAccessObjectTypeResultList(), SepDenyAccessObjectTypeList(), and SepDenyAccessObjectTypeResultList().

◆ SepPrivilegeCheck()

BOOLEAN NTAPI SepPrivilegeCheck	(	_In_ PTOKEN	Token,
		_In_ PLUID_AND_ATTRIBUTES	Privileges,
		_In_ ULONG	PrivilegeCount,
		_In_ ULONG	PrivilegeControl,
		_In_ KPROCESSOR_MODE	PreviousMode
	)

Checks the privileges pointed by Privileges array argument if they exist and match with the privileges from an access token.

Parameters

[in]	Token	An access token where privileges are to be checked.
[in]	Privileges	An array of privileges with attributes used as checking indicator for the function.
[in]	PrivilegeCount	The total number count of privileges in the array.
[in]	PrivilegeControl	Privilege control bit mask to determine if we should check all the privileges based on the number count of privileges or not.
[in]	PreviousMode	Processor level access mode.

Returns: Returns TRUE if the required privileges exist and that they do match. Otherwise the functions returns FALSE.

Definition at line 104 of file priv.c.

{
    ULONG i;
    ULONG j;
    ULONG Required;
 
    DPRINT("SepPrivilegeCheck() called\n");
 
    PAGED_CODE();
 
    if (PreviousMode == KernelMode)
        return TRUE;
 
    /* Get the number of privileges that are required to match */
    Required = (PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY) ? PrivilegeCount : 1;
 
    /* Acquire a shared token lock */
    SepAcquireTokenLockShared(Token);
 
    /* Loop all requested privileges until we found the required ones */
    for (i = 0; i < PrivilegeCount; i++)
    {
        /* Loop the privileges of the token */
        for (j = 0; j < Token->PrivilegeCount; j++)
        {
            /* Check if the LUIDs match */
            if (RtlEqualLuid(&Token->Privileges[j].Luid, &Privileges[i].Luid))
            {
                DPRINT("Found privilege. Attributes: %lx\n",
                       Token->Privileges[j].Attributes);
 
                /* Check if the privilege is enabled */
                if (Token->Privileges[j].Attributes & SE_PRIVILEGE_ENABLED)
                {
                    Privileges[i].Attributes |= SE_PRIVILEGE_USED_FOR_ACCESS;
                    Required--;
 
                    /* Check if we have found all privileges */
                    if (Required == 0)
                    {
                        /* We're done! */
                        SepReleaseTokenLock(Token);
                        return TRUE;
                    }
                }
 
                /* Leave the inner loop */
                break;
            }
        }
    }
 
    /* Release the token lock */
    SepReleaseTokenLock(Token);
 
    /* When we reached this point, we did not find all privileges */
    ASSERT(Required > 0);
    return FALSE;
}

Referenced by NtPrivilegeCheck(), SeCheckAuditPrivilege(), SePrivilegeCheck(), and SepSinglePrivilegeCheck().

◆ SepPropagateAcl()

NTSTATUS SepPropagateAcl	(	_Out_writes_bytes_opt_(DaclLength) PACL	AclDest,
		_Inout_ PULONG	AclLength,
		_In_reads_bytes_(AclSource->AclSize) PACL	AclSource,
		_In_ PSID	Owner,
		_In_ PSID	Group,
		_In_ BOOLEAN	IsInherited,
		_In_ BOOLEAN	IsDirectoryObject,
		_In_ PGENERIC_MAPPING	GenericMapping
	)

◆ SepRebuildDynamicPartOfToken()

NTSTATUS SepRebuildDynamicPartOfToken	(	_In_ PTOKEN	Token,
		_In_ ULONG	NewDynamicPartSize
	)

Referenced by NtSetInformationToken().

◆ SepRegQueryHelper()

NTSTATUS NTAPI SepRegQueryHelper	(	_In_ PCWSTR	KeyName,
		_In_ PCWSTR	ValueName,
		_In_ ULONG	ValueType,
		_In_ ULONG	DataLength,
		_Out_ PVOID	ValueData
	)

A private registry helper that returns the desired value data based on the specifics requested by the caller.

Parameters

[in]	KeyName	Name of the key.
[in]	ValueName	Name of the registry value.
[in]	ValueType	The type of the registry value.
[in]	DataLength	The data length, in bytes, representing the size of the registry value.
[out]	ValueData	The requested value data provided by the function.

Returns: Returns STATUS_SUCCESS if the operations have completed successfully, otherwise a failure NTSTATUS code is returned.

Definition at line 94 of file srm.c.

{
    UNICODE_STRING ValueNameString;
    UNICODE_STRING KeyNameString;
    ULONG ResultLength;
    OBJECT_ATTRIBUTES ObjectAttributes;
    HANDLE KeyHandle = NULL;
    struct
    {
        KEY_VALUE_PARTIAL_INFORMATION Partial;
        UCHAR Buffer[64];
    } KeyValueInformation;
    NTSTATUS Status, CloseStatus;
    PAGED_CODE();
 
    RtlInitUnicodeString(&KeyNameString, KeyName);
    InitializeObjectAttributes(&ObjectAttributes,
                               &KeyNameString,
                               OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE,
                               NULL,
                               NULL);
 
    Status = ZwOpenKey(&KeyHandle, KEY_QUERY_VALUE, &ObjectAttributes);
    if (!NT_SUCCESS(Status))
    {
        return Status;
    }
 
    RtlInitUnicodeString(&ValueNameString, ValueName);
    Status = ZwQueryValueKey(KeyHandle,
                             &ValueNameString,
                             KeyValuePartialInformation,
                             &KeyValueInformation.Partial,
                             sizeof(KeyValueInformation),
                             &ResultLength);
    if (!NT_SUCCESS(Status))
    {
        goto Cleanup;
    }
 
    if ((KeyValueInformation.Partial.Type != ValueType) ||
        (KeyValueInformation.Partial.DataLength != DataLength))
    {
        Status = STATUS_OBJECT_TYPE_MISMATCH;
        goto Cleanup;
    }
 
    if (ValueType == REG_BINARY)
    {
        RtlCopyMemory(ValueData, KeyValueInformation.Partial.Data, DataLength);
    }
    else if (ValueType == REG_DWORD)
    {
        *(PULONG)ValueData = *(PULONG)KeyValueInformation.Partial.Data;
    }
    else
    {
        Status = STATUS_INVALID_PARAMETER;
    }
 
Cleanup:
    CloseStatus = ZwClose(KeyHandle);
    ASSERT(NT_SUCCESS( CloseStatus ));
 
    return Status;
}

Referenced by SepAdtInitializeBounds(), and SepImpersonateAnonymousToken().

◆ SepReleaseAcl()

VOID NTAPI SepReleaseAcl	(	_In_ PACL	CapturedAcl,
		_In_ KPROCESSOR_MODE	AccessMode,
		_In_ BOOLEAN	CaptureIfKernel
	)

Releases (frees) a captured ACL from the memory pool.

Parameters

[in]	CapturedAcl	A valid captured ACL to free.
[in]	AccessMode	Processor level access mode.
[in]	CaptureIfKernel	If set to TRUE and the processor access mode being KernelMode, we're releasing an ACL directly in the kernel. Otherwise we're releasing within a kernel mode driver.

Returns: Nothing.

Definition at line 464 of file acl.c.

{
    PAGED_CODE();
 
    if (CapturedAcl != NULL &&
        (AccessMode != KernelMode ||
         (AccessMode == KernelMode && CaptureIfKernel)))
    {
        ExFreePoolWithTag(CapturedAcl, TAG_ACL);
    }
}

Referenced by NtCreateToken(), and NtSetInformationToken().

◆ SepReleaseSecurityQualityOfService()

VOID NTAPI SepReleaseSecurityQualityOfService	(	_In_opt_ PSECURITY_QUALITY_OF_SERVICE	CapturedSecurityQualityOfService,
		_In_ KPROCESSOR_MODE	AccessMode,
		_In_ BOOLEAN	CaptureIfKernel
	)

Releases (frees) the captured SQOS data from an object in the memory pool.

Parameters

[in]	CapturedSecurityQualityOfService	The captured SQOS data to be released.
[in]	AccessMode	Processor access mode.
[in]	CaptureIfKernel	Capture access condition. To be set to TRUE if the capture is done within the kernel, FALSE if the capture is done in a kernel mode driver or user mode otherwise.

Returns: Nothing.

Definition at line 225 of file sqos.c.

{
    PAGED_CODE();
 
    if (CapturedSecurityQualityOfService != NULL &&
        (AccessMode != KernelMode || CaptureIfKernel))
    {
        ExFreePoolWithTag(CapturedSecurityQualityOfService, TAG_QOS);
    }
}

Referenced by NtDuplicateToken().

◆ SepReleaseSid()

VOID NTAPI SepReleaseSid	(	_In_ PSID	CapturedSid,
		_In_ KPROCESSOR_MODE	AccessMode,
		_In_ BOOLEAN	CaptureIfKernel
	)

Releases a captured SID.

Parameters

[in]	CapturedSid	The captured SID to be released.
[in]	AccessMode	Processor level access mode.
[in]	CaptureIfKernel	If set to TRUE, the releasing is done within the kernel. Otherwise the releasing is done in a kernel mode driver.

Returns: Nothing.

Definition at line 400 of file sid.c.

{
    PAGED_CODE();
 
    if (CapturedSid != NULL &&
        (AccessMode != KernelMode ||
         (AccessMode == KernelMode && CaptureIfKernel)))
    {
        ExFreePoolWithTag(CapturedSid, TAG_SID);
    }
}

Referenced by NtCreateToken(), NtSecureConnectPort(), NtSetInformationToken(), SepAccessCheck(), and SepAccessCheckAndAuditAlarm().

◆ SepRemovePrivilegeToken()

VOID SepRemovePrivilegeToken	(	_Inout_ PTOKEN	Token,
		_In_ ULONG	Index
	)

Removes a privilege from the token.

Parameters

[in,out]	Token	The token where the privilege is to be removed.
[in]	Index	The index count which represents the number position of the privilege we want to remove.

Returns: Nothing.

Definition at line 582 of file token.c.

{
    ULONG MoveCount;
    ASSERT(Index < Token->PrivilegeCount);
 
    /* Calculate the number of trailing privileges */
    MoveCount = Token->PrivilegeCount - Index - 1;
    if (MoveCount != 0)
    {
        /* Move them one location ahead */
        RtlMoveMemory(&Token->Privileges[Index],
                      &Token->Privileges[Index + 1],
                      MoveCount * sizeof(LUID_AND_ATTRIBUTES));
    }
 
    /* Update privilege count */
    Token->PrivilegeCount--;
}

Referenced by SepAdjustPrivileges(), SepDuplicateToken(), and SepPerformTokenFiltering().

◆ SepRemoveUserGroupToken()

VOID SepRemoveUserGroupToken	(	_Inout_ PTOKEN	Token,
		_In_ ULONG	Index
	)

Removes a group from the token.

Parameters

[in,out]	Token	The token where the group is to be removed.
[in]	Index	The index count which represents the number position of the group we want to remove.

Returns: Nothing.

Definition at line 618 of file token.c.

{
    ULONG MoveCount;
    ASSERT(Index < Token->UserAndGroupCount);
 
    /* Calculate the number of trailing groups */
    MoveCount = Token->UserAndGroupCount - Index - 1;
    if (MoveCount != 0)
    {
        /* Time to remove the group by moving one location ahead */
        RtlMoveMemory(&Token->UserAndGroups[Index],
                      &Token->UserAndGroups[Index + 1],
                      MoveCount * sizeof(SID_AND_ATTRIBUTES));
    }
 
    /* Remove one group count */
    Token->UserAndGroupCount--;
}

Referenced by SepDuplicateToken().

◆ SePrivilegedServiceAuditAlarm()

VOID NTAPI SePrivilegedServiceAuditAlarm	(	_In_opt_ PUNICODE_STRING	ServiceName,
		_In_ PSECURITY_SUBJECT_CONTEXT	SubjectContext,
		_In_ PPRIVILEGE_SET	PrivilegeSet,
		_In_ BOOLEAN	AccessGranted
	)

Performs an audit alarm to a privileged service request.

Parameters

[in]	ServiceName	A Unicode string that represents the name of a privileged service request for auditing.
[in]	SubjectContext	A security subject context used for the auditing process.
[in]	PrivilegeSet	An array set of privileges used to check if the privileged service does actually have all the required set of privileges for security access.
[in]	AccessGranted	When auditing is done, the function will return TRUE to the caller if access is granted, FALSE otherwise.

Returns: Nothing.

Definition at line 369 of file audit.c.

{
    PTOKEN EffectiveToken;
    PSID UserSid;
    PAGED_CODE();
 
    /* Get the effective token */
    if (SubjectContext->ClientToken != NULL)
        EffectiveToken = SubjectContext->ClientToken;
    else
        EffectiveToken = SubjectContext->PrimaryToken;
 
    /* Get the user SID */
    UserSid = EffectiveToken->UserAndGroups->Sid;
 
    /* Check if this is the local system SID */
    if (RtlEqualSid(UserSid, SeLocalSystemSid))
    {
        /* Nothing to do */
        return;
    }
 
    /* Check if this is the network service or local service SID */
    if (RtlEqualSid(UserSid, SeExports->SeNetworkServiceSid) ||
        RtlEqualSid(UserSid, SeExports->SeLocalServiceSid))
    {
        // FIXME: should continue for a certain set of privileges
        return;
    }
 
    /* Call the worker function */
    SepAdtPrivilegedServiceAuditAlarm(SubjectContext,
                                      &SeSubsystemName,
                                      ServiceName,
                                      SubjectContext->ClientToken,
                                      SubjectContext->PrimaryToken,
                                      PrivilegeSet,
                                      AccessGranted);
 
}

Referenced by SeCheckAuditPrivilege(), and SeSinglePrivilegeCheck().

◆ SePrivilegePolicyCheck()

NTSTATUS NTAPI SePrivilegePolicyCheck	(	_Inout_ PACCESS_MASK	DesiredAccess,
		_Inout_ PACCESS_MASK	GrantedAccess,
		_In_ PSECURITY_SUBJECT_CONTEXT	SubjectContext,
		_In_ PTOKEN	Token,
		_Out_opt_ PPRIVILEGE_SET *	OutPrivilegeSet,
		_In_ KPROCESSOR_MODE	PreviousMode
	)

Checks the security policy and returns a set of privileges based upon the said security policy context.

Parameters

[in,out]	DesiredAccess	The desired access right mask.
[in,out]	GrantedAccess	The granted access rights masks. The rights are granted depending on the desired access rights requested by the calling thread.
[in]	SubjectContext	Security subject context. If the caller supplies one, the access token supplied by the caller will be assigned to one of client or primary tokens of the subject context in question.
[in]	Token	An access token.
[out]	OutPrivilegeSet	An array set of privileges to be reported to the caller, if the actual calling thread wants such set of privileges in the first place.
[in]	PreviousMode	Processor level access mode.

Returns: Returns STATUS_PRIVILEGE_NOT_HELD if the respective operations have succeeded without problems. STATUS_PRIVILEGE_NOT_HELD is returned if the access token doesn't have SeSecurityPrivilege privilege to warrant ACCESS_SYSTEM_SECURITY access right. STATUS_INSUFFICIENT_RESOURCES is returned if we failed to allocate block of memory pool for the array set of privileges.

Definition at line 244 of file priv.c.

{
    SIZE_T PrivilegeSize;
    PPRIVILEGE_SET PrivilegeSet;
    ULONG PrivilegeCount = 0, Index = 0;
    ACCESS_MASK AccessMask = 0;
    PAGED_CODE();
 
    /* Check if we have a security subject context */
    if (SubjectContext != NULL)
    {
        /* Check if there is a client impersonation token */
        if (SubjectContext->ClientToken != NULL)
            Token = SubjectContext->ClientToken;
        else
            Token = SubjectContext->PrimaryToken;
    }
 
    /* Check if the caller wants ACCESS_SYSTEM_SECURITY access */
    if (*DesiredAccess & ACCESS_SYSTEM_SECURITY)
    {
        /* Do the privilege check */
        if (SepSinglePrivilegeCheck(SeSecurityPrivilege, Token, PreviousMode))
        {
            /* Remember this access flag */
            AccessMask |= ACCESS_SYSTEM_SECURITY;
            PrivilegeCount++;
        }
        else
        {
            return STATUS_PRIVILEGE_NOT_HELD;
        }
    }
 
    /* Check if the caller wants WRITE_OWNER access */
    if (*DesiredAccess & WRITE_OWNER)
    {
        /* Do the privilege check */
        if (SepSinglePrivilegeCheck(SeTakeOwnershipPrivilege, Token, PreviousMode))
        {
            /* Remember this access flag */
            AccessMask |= WRITE_OWNER;
            PrivilegeCount++;
        }
    }
 
    /* Update the access masks */
    *GrantedAccess |= AccessMask;
    *DesiredAccess &= ~AccessMask;
 
    /* Does the caller want a privilege set? */
    if (OutPrivilegeSet != NULL)
    {
        /* Do we have any privileges to report? */
        if (PrivilegeCount > 0)
        {
            /* Calculate size and allocate the structure */
            PrivilegeSize = FIELD_OFFSET(PRIVILEGE_SET, Privilege[PrivilegeCount]);
            PrivilegeSet = ExAllocatePoolWithTag(PagedPool, PrivilegeSize, TAG_PRIVILEGE_SET);
            *OutPrivilegeSet = PrivilegeSet;
            if (PrivilegeSet == NULL)
            {
                return STATUS_INSUFFICIENT_RESOURCES;
            }
 
            PrivilegeSet->PrivilegeCount = PrivilegeCount;
            PrivilegeSet->Control = 0;
 
            if (AccessMask & WRITE_OWNER)
            {
                PrivilegeSet->Privilege[Index].Luid = SeTakeOwnershipPrivilege;
                PrivilegeSet->Privilege[Index].Attributes = SE_PRIVILEGE_USED_FOR_ACCESS;
                Index++;
            }
 
            if (AccessMask & ACCESS_SYSTEM_SECURITY)
            {
                PrivilegeSet->Privilege[Index].Luid = SeSecurityPrivilege;
                PrivilegeSet->Privilege[Index].Attributes = SE_PRIVILEGE_USED_FOR_ACCESS;
            }
        }
        else
        {
            /* No privileges, no structure */
            *OutPrivilegeSet = NULL;
        }
    }
 
    return STATUS_SUCCESS;
}

Referenced by SepAccessCheck(), and SepAccessCheckWorker().

◆ SepRmDereferenceLogonSession()

NTSTATUS SepRmDereferenceLogonSession ( _Inout_ PLUID LogonLuid )

Referenced by NtSetInformationToken(), and SepDeleteToken().

◆ SepRmInsertLogonSessionIntoToken()

NTSTATUS NTAPI SepRmInsertLogonSessionIntoToken ( _Inout_ PTOKEN Token )

Inserts a logon session into an access token specified by the caller.

Parameters

[in,out] Token An access token where the logon session is about to be inserted in.

Returns: STATUS_SUCCESS is returned if the logon session has been inserted into the token successfully. STATUS_NO_SUCH_LOGON_SESSION is returned when no logon session has been found with the matching ID of the token and as such we've failed to add the logon session to the token. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the new session has failed.

Definition at line 368 of file srm.c.

{
    PSEP_LOGON_SESSION_REFERENCES LogonSession;
    PAGED_CODE();
 
    /* Ensure that our token is not some plain garbage */
    ASSERT(Token);
 
    /* Acquire the database lock */
    KeAcquireGuardedMutex(&SepRmDbLock);
 
    for (LogonSession = SepLogonSessions;
         LogonSession != NULL;
         LogonSession = LogonSession->Next)
    {
        /*
         * The insertion of a logon session into the token has to be done
         * only IF the authentication ID of the token matches with the ID
         * of the logon itself.
         */
        if (RtlEqualLuid(&LogonSession->LogonId, &Token->AuthenticationId))
        {
            break;
        }
    }
 
    /* If we reach this then we cannot proceed further */
    if (LogonSession == NULL)
    {
        DPRINT1("SepRmInsertLogonSessionIntoToken(): Couldn't insert the logon session into the specific access token!\n");
        KeReleaseGuardedMutex(&SepRmDbLock);
        return STATUS_NO_SUCH_LOGON_SESSION;
    }
 
    /*
     * Allocate the session that we are going
     * to insert it to the token.
     */
    Token->LogonSession = ExAllocatePoolWithTag(PagedPool,
                                                sizeof(SEP_LOGON_SESSION_REFERENCES),
                                                TAG_LOGON_SESSION);
    if (Token->LogonSession == NULL)
    {
        DPRINT1("SepRmInsertLogonSessionIntoToken(): Couldn't allocate new logon session into the memory pool!\n");
        KeReleaseGuardedMutex(&SepRmDbLock);
        return STATUS_INSUFFICIENT_RESOURCES;
    }
 
    /*
     * Begin copying the logon session references data from the
     * session whose ID matches with the token authentication ID to
     * the new session we've allocated blocks of pool memory for it.
     */
    Token->LogonSession->Next = LogonSession->Next;
    Token->LogonSession->LogonId = LogonSession->LogonId;
    Token->LogonSession->ReferenceCount = LogonSession->ReferenceCount;
    Token->LogonSession->Flags = LogonSession->Flags;
    Token->LogonSession->pDeviceMap = LogonSession->pDeviceMap;
    InsertHeadList(&LogonSession->TokenList, &Token->LogonSession->TokenList);
 
    /* Release the database lock and we're done */
    KeReleaseGuardedMutex(&SepRmDbLock);
    return STATUS_SUCCESS;
}

Referenced by SepCreateToken(), SepDuplicateToken(), and SepPerformTokenFiltering().

◆ SepRmReferenceLogonSession()

NTSTATUS SepRmReferenceLogonSession ( _Inout_ PLUID LogonLuid )

Referenced by SepCreateToken(), SepDuplicateToken(), and SepPerformTokenFiltering().

◆ SepRmRemoveLogonSessionFromToken()

NTSTATUS NTAPI SepRmRemoveLogonSessionFromToken ( _Inout_ PTOKEN Token )

Removes a logon session from an access token.

Parameters

[in,out] Token An access token whose logon session is to be removed from it.

Returns: STATUS_SUCCESS is returned if the logon session has been removed from the token successfully. STATUS_NO_SUCH_LOGON_SESSION is returned when no logon session has been found with the matching ID of the token and as such we've failed to remove the logon session from the token.

Definition at line 449 of file srm.c.

{
    PSEP_LOGON_SESSION_REFERENCES LogonSession;
    PAGED_CODE();
 
    /* Ensure that our token is not some plain garbage */
    ASSERT(Token);
 
    /* Acquire the database lock */
    KeAcquireGuardedMutex(&SepRmDbLock);
 
    for (LogonSession = SepLogonSessions;
         LogonSession != NULL;
         LogonSession = LogonSession->Next)
    {
        /*
         * Remove the logon session only when the IDs of the token and the
         * logon match.
         */
        if (RtlEqualLuid(&LogonSession->LogonId, &Token->AuthenticationId))
        {
            break;
        }
    }
 
    /* They don't match */
    if (LogonSession == NULL)
    {
        DPRINT1("SepRmRemoveLogonSessionFromToken(): Couldn't remove the logon session from the access token!\n");
        KeReleaseGuardedMutex(&SepRmDbLock);
        return STATUS_NO_SUCH_LOGON_SESSION;
    }
 
    /* Now it's time to delete the logon session from the token */
    RemoveEntryList(&Token->LogonSession->TokenList);
    ExFreePoolWithTag(Token->LogonSession, TAG_LOGON_SESSION);
 
    /* Release the database lock and we're done */
    KeReleaseGuardedMutex(&SepRmDbLock);
    return STATUS_SUCCESS;
}

Referenced by NtSetInformationToken(), and SepDeleteToken().

◆ SepSelectAcl()

PACL SepSelectAcl	(	_In_opt_ PACL	ExplicitAcl,
		_In_ BOOLEAN	ExplicitPresent,
		_In_ BOOLEAN	ExplicitDefaulted,
		_In_opt_ PACL	ParentAcl,
		_In_opt_ PACL	DefaultAcl,
		_Out_ PULONG	AclLength,
		_In_ PSID	Owner,
		_In_ PSID	Group,
		_Out_ PBOOLEAN	AclPresent,
		_Out_ PBOOLEAN	IsInherited,
		_In_ BOOLEAN	IsDirectoryObject,
		_In_ PGENERIC_MAPPING	GenericMapping
	)

Selects an ACL and returns it to the caller.

Parameters

[in]	ExplicitAcl	If specified, the specified ACL to the call will be the selected ACL for the caller.
[in]	ExplicitPresent	If set to TRUE and with specific ACL filled to the call, the function will immediately return the specific ACL as the selected ACL for the caller.
[in]	ExplicitDefaulted	If set to FALSE and with specific ACL filled to the call, the ACL is not a default ACL. Otherwise it's a default ACL that we cannot select it as is.
[in]	ParentAcl	If specified, the parent ACL will be used to determine the exact ACL length to check if the ACL in question is not empty. If the list is not empty then the function will select such ACL to the caller.
[in]	DefaultAcl	If specified, the default ACL will be the selected one for the caller.
[out]	AclLength	The size length of an ACL.
[in]	Owner	A SID that represents the main user that identifies the ACL.
[in]	Group	A SID that represents a group that identifies the ACL.
[out]	AclPresent	The returned boolean value, indicating if the ACL that we want to select does actually exist.
[out]	IsInherited	The returned boolean value, indicating if the ACL we want to select it is actually inherited or not.
[in]	IsDirectoryObject	If set to TRUE, the object inherits this ACL.
[in]	GenericMapping	Generic mapping of access rights to map only certain effective ACEs of an ACL that we want to select it.

Returns: Returns the selected access control list (ACL) to the caller, NULL otherwise.

Definition at line 804 of file acl.c.

{
    PACL Acl;
    NTSTATUS Status;
 
    *AclPresent = TRUE;
    if (ExplicitPresent && !ExplicitDefaulted)
    {
        Acl = ExplicitAcl;
    }
    else
    {
        if (ParentAcl)
        {
            *IsInherited = TRUE;
            *AclLength = 0;
            Status = SepPropagateAcl(NULL,
                                     AclLength,
                                     ParentAcl,
                                     Owner,
                                     Group,
                                     *IsInherited,
                                     IsDirectoryObject,
                                     GenericMapping);
            ASSERT(Status == STATUS_BUFFER_TOO_SMALL);
 
            /* Use the parent ACL only if it's not empty */
            if (*AclLength != sizeof(ACL))
                return ParentAcl;
        }
 
        if (ExplicitPresent)
        {
            Acl = ExplicitAcl;
        }
        else if (DefaultAcl)
        {
            Acl = DefaultAcl;
        }
        else
        {
            *AclPresent = FALSE;
            Acl = NULL;
        }
    }
 
    *IsInherited = FALSE;
    *AclLength = 0;
    if (Acl)
    {
        /* Get the length */
        Status = SepPropagateAcl(NULL,
                                 AclLength,
                                 Acl,
                                 Owner,
                                 Group,
                                 *IsInherited,
                                 IsDirectoryObject,
                                 GenericMapping);
        ASSERT(Status == STATUS_BUFFER_TOO_SMALL);
    }
    return Acl;
}

◆ SepSidInToken()

BOOLEAN NTAPI SepSidInToken	(	_In_ PACCESS_TOKEN	_Token,
		_In_ PSID	Sid
	)

Checks if a SID is present in a token.

Parameters

[in]	_Token	A valid token object.
[in]	_Sid	A regular SID.

Returns: Returns TRUE if the specified SID in the call is present in the token, FALSE otherwise.

Definition at line 547 of file sid.c.

{
    /* Call extended API */
    return SepSidInTokenEx(_Token, NULL, Sid, FALSE, FALSE);
}

Referenced by SepTokenIsOwner().

◆ SepSidInTokenEx()

BOOLEAN NTAPI SepSidInTokenEx	(	_In_ PACCESS_TOKEN	_Token,
		_In_ PSID	PrincipalSelfSid,
		_In_ PSID	_Sid,
		_In_ BOOLEAN	Deny,
		_In_ BOOLEAN	Restricted
	)

Checks if a SID is present in a token.

Parameters

[in]	_Token	A valid token object.
[in]	PrincipalSelfSid	A principal self SID.
[in]	_Sid	A regular SID.
[in]	Deny	If set to TRUE, the caller expected that a SID in a token must be a deny-only SID, that is, access checks are performed only for deny-only ACEs of the said SID.
[in]	Restricted	If set to TRUE, the caller expects that a SID in a token is restricted (by the general definition, a token is restricted).

Returns: Returns TRUE if the specified SID in the call is present in the token, FALSE otherwise.

Definition at line 443 of file sid.c.

{
    ULONG SidIndex;
    PTOKEN Token = (PTOKEN)_Token;
    PISID TokenSid, Sid = (PISID)_Sid;
    PSID_AND_ATTRIBUTES SidAndAttributes;
    ULONG SidCount, SidLength;
    USHORT SidMetadata;
    PAGED_CODE();
 
    /* Check if a principal SID was given, and this is our current SID already */
    if ((PrincipalSelfSid) && (RtlEqualSid(SePrincipalSelfSid, Sid)))
    {
        /* Just use the principal SID in this case */
        Sid = PrincipalSelfSid;
    }
 
    /* Check if this is a restricted token or not */
    if (Restricted)
    {
        /* Use the restricted SIDs and count */
        SidAndAttributes = Token->RestrictedSids;
        SidCount = Token->RestrictedSidCount;
    }
    else
    {
        /* Use the normal SIDs and count */
        SidAndAttributes = Token->UserAndGroups;
        SidCount = Token->UserAndGroupCount;
    }
 
    /* Do checks here by hand instead of the usual 4 function calls */
    SidLength = FIELD_OFFSET(SID,
                             SubAuthority[Sid->SubAuthorityCount]);
    SidMetadata = *(PUSHORT)&Sid->Revision;
 
    /* Loop every SID */
    for (SidIndex = 0; SidIndex < SidCount; SidIndex++)
    {
        TokenSid = (PISID)SidAndAttributes->Sid;
#if SE_SID_DEBUG
        UNICODE_STRING sidString;
        RtlConvertSidToUnicodeString(&sidString, TokenSid, TRUE);
        DPRINT1("SID in Token: %wZ\n", &sidString);
        RtlFreeUnicodeString(&sidString);
#endif
        /* Check if the SID metadata matches */
        if (*(PUSHORT)&TokenSid->Revision == SidMetadata)
        {
            /* Check if the SID data matches */
            if (RtlEqualMemory(Sid, TokenSid, SidLength))
            {
                /*
                 * Check if the group is enabled, or used for deny only.
                 * Otherwise we have to check if this is the first user.
                 * We understand that by looking if this SID is not
                 * restricted, this is the first element we are iterating
                 * and that it doesn't have SE_GROUP_USE_FOR_DENY_ONLY
                 * attribute.
                 */
                if ((!Restricted && (SidIndex == 0) && !(SidAndAttributes->Attributes & SE_GROUP_USE_FOR_DENY_ONLY)) ||
                    (SidAndAttributes->Attributes & SE_GROUP_ENABLED) ||
                    ((Deny) && (SidAndAttributes->Attributes & SE_GROUP_USE_FOR_DENY_ONLY)))
                {
                    /* SID is present */
                    return TRUE;
                }
                else
                {
                    /* SID is not present */
                    return FALSE;
                }
            }
        }
 
        /* Move to the next SID */
        SidAndAttributes++;
    }
 
    /* SID is not present */
    return FALSE;
}

Referenced by SepAnalyzeAcesFromDacl(), SepSidInToken(), and SepTokenIsOwner().

◆ SepTokenIsOwner()

BOOLEAN NTAPI SepTokenIsOwner	(	_In_ PACCESS_TOKEN	_Token,
		_In_ PSECURITY_DESCRIPTOR	SecurityDescriptor,
		_In_ BOOLEAN	TokenLocked
	)

Checks if a token belongs to the main user, being the owner.

Parameters

[in]	_Token	A valid token object.
[in]	SecurityDescriptor	A security descriptor where the owner is to be found.
[in]	TokenLocked	If set to TRUE, the token has been already locked and there's no need to lock it again. Otherwise the function will acquire the lock.

Returns: Returns TRUE if the token belongs to a owner, FALSE otherwise.

Definition at line 511 of file token.c.

{
    PSID Sid;
    BOOLEAN Result;
    PTOKEN Token = _Token;
 
    /* Get the owner SID */
    Sid = SepGetOwnerFromDescriptor(SecurityDescriptor);
    ASSERT(Sid != NULL);
 
    /* Lock the token if needed */
    if (!TokenLocked) SepAcquireTokenLockShared(Token);
 
    /* Check if the owner SID is found, handling restricted case as well */
    Result = SepSidInToken(Token, Sid);
    if ((Result) && (Token->TokenFlags & TOKEN_IS_RESTRICTED))
    {
        Result = SepSidInTokenEx(Token, NULL, Sid, FALSE, TRUE);
    }
 
    /* Release the lock if we had acquired it */
    if (!TokenLocked) SepReleaseTokenLock(Token);
 
    /* Return the result */
    return Result;
}

Referenced by SeAccessCheck(), and SepAccessCheck().

◆ SepUpdatePrivilegeFlagsToken()

VOID SepUpdatePrivilegeFlagsToken ( _Inout_ PTOKEN Token )

Updates the token's flags based upon the privilege that the token has been granted. The function uses the private helper, SepUpdateSinglePrivilegeFlagToken, in order to update the flags of a token.

Parameters

[in,out] Token The token where the flags are to be changed.

Returns: Nothing.

Definition at line 554 of file token.c.

{
    ULONG i;
 
    /* Loop all privileges */
    for (i = 0; i < Token->PrivilegeCount; i++)
    {
        /* Updates the flags for this privilege */
        SepUpdateSinglePrivilegeFlagToken(Token, i);
    }
}

Referenced by SepCreateToken().

◆ SepUpdateSinglePrivilegeFlagToken()

VOID SepUpdateSinglePrivilegeFlagToken	(	_Inout_ PTOKEN	Token,
		_In_ ULONG	Index
	)

Updates the token's flags based upon the privilege that the token has been granted. The flag can either be taken out or given to the token if the attributes of the specified privilege is enabled or not.

Parameters

[in,out]	Token	The token where the flags are to be changed.
[in]	Index	The index count which represents the total sum of privileges. The count in question MUST NOT exceed the expected privileges count of the token.

Returns: Nothing.

Definition at line 442 of file token.c.

{
    ULONG TokenFlag;
    ASSERT(Index < Token->PrivilegeCount);
 
    /* The high part of all values we are interested in is 0 */
    if (Token->Privileges[Index].Luid.HighPart != 0)
    {
        return;
    }
 
    /* Check for certain privileges to update flags */
    if (Token->Privileges[Index].Luid.LowPart == SE_CHANGE_NOTIFY_PRIVILEGE)
    {
        TokenFlag = TOKEN_HAS_TRAVERSE_PRIVILEGE;
    }
    else if (Token->Privileges[Index].Luid.LowPart == SE_BACKUP_PRIVILEGE)
    {
        TokenFlag = TOKEN_HAS_BACKUP_PRIVILEGE;
    }
    else if (Token->Privileges[Index].Luid.LowPart == SE_RESTORE_PRIVILEGE)
    {
        TokenFlag = TOKEN_HAS_RESTORE_PRIVILEGE;
    }
    else if (Token->Privileges[Index].Luid.LowPart == SE_IMPERSONATE_PRIVILEGE)
    {
        TokenFlag = TOKEN_HAS_IMPERSONATE_PRIVILEGE;
    }
    else
    {
        /* Nothing to do */
        return;
    }
 
    /* Check if the specified privilege is enabled */
    if (Token->Privileges[Index].Attributes & SE_PRIVILEGE_ENABLED)
    {
        /* It is enabled, so set the flag */
        Token->TokenFlags |= TokenFlag;
    }
    else
    {
        /* Is is disabled, so remove the flag */
        Token->TokenFlags &= ~TokenFlag;
    }
}

Referenced by SepAdjustPrivileges(), SepPerformTokenFiltering(), and SepUpdatePrivilegeFlagsToken().

◆ SeQuerySecurityAccessMask()

VOID NTAPI SeQuerySecurityAccessMask	(	_In_ SECURITY_INFORMATION	SecurityInformation,
		_Out_ PACCESS_MASK	DesiredAccess
	)

Queries the access mask from a security information context.

Parameters

[in]	SecurityInformation	The security information context where the access mask is to be gathered.
[out]	DesiredAccess	The queried access mask right.

Returns: Nothing.

Definition at line 427 of file semgr.c.

{
    *DesiredAccess = 0;
 
    if (SecurityInformation & (OWNER_SECURITY_INFORMATION |
                               GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION))
    {
        *DesiredAccess |= READ_CONTROL;
    }
 
    if (SecurityInformation & SACL_SECURITY_INFORMATION)
    {
        *DesiredAccess |= ACCESS_SYSTEM_SECURITY;
    }
}

Referenced by NtQuerySecurityObject().

◆ SeReleaseLuidAndAttributesArray()

VOID NTAPI SeReleaseLuidAndAttributesArray	(	_In_ PLUID_AND_ATTRIBUTES	Privilege,
		_In_ KPROCESSOR_MODE	PreviousMode,
		_In_ BOOLEAN	CaptureIfKernel
	)

Releases a LUID with attributes structure.

Parameters

[in]	Privilege	Array of a LUID and attributes that represents a privilege.
[in]	PreviousMode	Processor level access mode.
[in]	CaptureIfKernel	If set to TRUE, the releasing is done in the kernel itself. FALSE if the releasing is done in a kernel mode driver instead.

Returns: Nothing.

Definition at line 554 of file priv.c.

{
    PAGED_CODE();
 
    if (Privilege != NULL &&
        (PreviousMode != KernelMode || CaptureIfKernel))
    {
        ExFreePoolWithTag(Privilege, TAG_LUID);
    }
}

Referenced by NtAdjustPrivilegesToken(), NtCreateToken(), NtFilterToken(), and NtPrivilegeCheck().

◆ SeReleaseObjectTypeList()

VOID SeReleaseObjectTypeList	(	_In_ _Post_invalid_ POBJECT_TYPE_LIST_INTERNAL	CapturedObjectTypeList,
		_In_ KPROCESSOR_MODE	PreviousMode
	)

Releases a buffer list of object types.

Parameters

[in]	CapturedObjectTypeList	A list of object types to free.
[in]	PreviousMode	Processor access level mode.

Definition at line 378 of file objtype.c.

{
    PAGED_CODE();
 
    if ((PreviousMode != KernelMode) && (CapturedObjectTypeList != NULL))
    {
        ExFreePoolWithTag(CapturedObjectTypeList, TAG_SEPA);
    }
}

Referenced by SepAccessCheck(), and SepAccessCheckAndAuditAlarm().

◆ SeReleaseSidAndAttributesArray()

VOID NTAPI SeReleaseSidAndAttributesArray	(	_In_ _Post_invalid_ PSID_AND_ATTRIBUTES	CapturedSidAndAttributes,
		_In_ KPROCESSOR_MODE	AccessMode,
		_In_ BOOLEAN	CaptureIfKernel
	)

Releases a captured SID with attributes.

Parameters

[in]	CapturedSidAndAttributes	The captured SID with attributes to be released.
[in]	AccessMode	Processor access level mode.
[in]	CaptureIfKernel	If set to TRUE, the releasing is done within the kernel. Otherwise the releasing is done in a kernel mode driver.

Returns: Nothing.

Definition at line 976 of file sid.c.

{
    PAGED_CODE();
 
    if ((CapturedSidAndAttributes != NULL) &&
        ((AccessMode != KernelMode) || CaptureIfKernel))
    {
        ExFreePoolWithTag(CapturedSidAndAttributes, TAG_SID_AND_ATTRIBUTES);
    }
}

Referenced by NtAdjustGroupsToken(), NtCreateToken(), and NtFilterToken().

◆ SeRmInitPhase0()

BOOLEAN NTAPI SeRmInitPhase0 ( VOID )

Manages the phase 0 initialization of the security reference monitoring module of the kernel.

Returns: Returns TRUE when phase 0 initialization has completed without problems, FALSE otherwise.

Definition at line 177 of file srm.c.

{
    NTSTATUS Status;
 
    /* Initialize the database lock */
    KeInitializeGuardedMutex(&SepRmDbLock);
 
    /* Create the system logon session */
    Status = SepRmCreateLogonSession(&SeSystemAuthenticationId);
    if (!NT_VERIFY(NT_SUCCESS(Status)))
    {
        return FALSE;
    }
 
    /* Create the anonymous logon session */
    Status = SepRmCreateLogonSession(&SeAnonymousAuthenticationId);
    if (!NT_VERIFY(NT_SUCCESS(Status)))
    {
        return FALSE;
    }
 
    return TRUE;
}

Referenced by SepInitializationPhase0().

◆ SeRmInitPhase1()

BOOLEAN NTAPI SeRmInitPhase1 ( VOID )

Manages the phase 1 initialization of the security reference monitoring module of the kernel.

Returns: Returns TRUE when phase 1 initialization has completed without problems, FALSE otherwise.

Definition at line 212 of file srm.c.

{
    UNICODE_STRING Name;
    OBJECT_ATTRIBUTES ObjectAttributes;
    HANDLE ThreadHandle;
    NTSTATUS Status;
 
    /* Create the SeRm command port */
    RtlInitUnicodeString(&Name, L"\\SeRmCommandPort");
    InitializeObjectAttributes(&ObjectAttributes, &Name, 0, NULL, NULL);
    Status = ZwCreatePort(&SeRmCommandPort,
                          &ObjectAttributes,
                          sizeof(ULONG),
                          PORT_MAXIMUM_MESSAGE_LENGTH,
                          2 * PAGE_SIZE);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("Security: Rm Command Port creation failed: 0x%lx\n", Status);
        return FALSE;
    }
 
    /* Create SeLsaInitEvent */
    RtlInitUnicodeString(&Name, L"\\SeLsaInitEvent");
    InitializeObjectAttributes(&ObjectAttributes, &Name, 0, NULL, NULL);
    Status = ZwCreateEvent(&SeLsaInitEvent,
                           GENERIC_WRITE,
                           &ObjectAttributes,
                           NotificationEvent,
                           FALSE);
    if (!NT_VERIFY((NT_SUCCESS(Status))))
    {
        DPRINT1("Security: LSA Init Event creation failed: 0x%lx\n", Status);
        return FALSE;
    }
 
    /* Create the SeRm server thread */
    Status = PsCreateSystemThread(&ThreadHandle,
                                  THREAD_ALL_ACCESS,
                                  NULL,
                                  NULL,
                                  NULL,
                                  SepRmCommandServerThread,
                                  NULL);
    if (!NT_SUCCESS(Status))
    {
        DPRINT1("Security: Rm Command Server Thread creation failed: 0x%lx\n", Status);
        return FALSE;
    }
 
    ObCloseHandle(ThreadHandle, KernelMode);
 
    return TRUE;
}

Referenced by Phase1InitializationDiscard().

◆ SeSetSecurityAccessMask()

VOID NTAPI SeSetSecurityAccessMask	(	_In_ SECURITY_INFORMATION	SecurityInformation,
		_Out_ PACCESS_MASK	DesiredAccess
	)

Sets the access mask for a security information context.

Parameters

[in]	SecurityInformation	The security information context to apply a new access right.
[out]	DesiredAccess	The returned access mask right.

Returns: Nothing.

Definition at line 460 of file semgr.c.

{
    *DesiredAccess = 0;
 
    if (SecurityInformation & (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION))
    {
        *DesiredAccess |= WRITE_OWNER;
    }
 
    if (SecurityInformation & DACL_SECURITY_INFORMATION)
    {
        *DesiredAccess |= WRITE_DAC;
    }
 
    if (SecurityInformation & SACL_SECURITY_INFORMATION)
    {
        *DesiredAccess |= ACCESS_SYSTEM_SECURITY;
    }
}

Referenced by NtSetSecurityObject().

◆ SeSetWorldSecurityDescriptor()

NTSTATUS NTAPI SeSetWorldSecurityDescriptor	(	_In_ SECURITY_INFORMATION	SecurityInformation,
		_In_ PISECURITY_DESCRIPTOR	SecurityDescriptor,
		_In_ PULONG	BufferLength
	)

Sets a "World" security descriptor.

Parameters

[in]	SecurityInformation	Security information details, alongside with the security descriptor to set the World SD.
[in]	SecurityDescriptor	A security descriptor buffer.
[in]	BufferLength	Length size of the buffer.

Returns: Returns STATUS_SUCCESS if the World security descriptor has been set. STATUS_ACCESS_DENIED is returned if the caller hasn't provided security information details thus the SD cannot be set.

Definition at line 155 of file sd.c.

{
    ULONG Current;
    ULONG SidSize;
    ULONG SdSize;
    NTSTATUS Status;
    PISECURITY_DESCRIPTOR_RELATIVE SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)SecurityDescriptor;
 
    DPRINT("SeSetWorldSecurityDescriptor() called\n");
 
    if (SecurityInformation == 0)
    {
        return STATUS_ACCESS_DENIED;
    }
 
    /* calculate the minimum size of the buffer */
    SidSize = RtlLengthSid(SeWorldSid);
    SdSize = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
    if (SecurityInformation & OWNER_SECURITY_INFORMATION)
        SdSize += SidSize;
    if (SecurityInformation & GROUP_SECURITY_INFORMATION)
        SdSize += SidSize;
    if (SecurityInformation & DACL_SECURITY_INFORMATION)
    {
        SdSize += sizeof(ACL) + sizeof(ACE) + SidSize;
    }
    if (SecurityInformation & SACL_SECURITY_INFORMATION)
    {
        SdSize += sizeof(ACL) + sizeof(ACE) + SidSize;
    }
 
    if (*BufferLength < SdSize)
    {
        *BufferLength = SdSize;
        return STATUS_BUFFER_TOO_SMALL;
    }
 
    *BufferLength = SdSize;
 
    Status = RtlCreateSecurityDescriptorRelative(SdRel,
                                                 SECURITY_DESCRIPTOR_REVISION);
    if (!NT_SUCCESS(Status))
    {
        return Status;
    }
 
    Current = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
 
    if (SecurityInformation & OWNER_SECURITY_INFORMATION)
    {
        RtlCopyMemory((PUCHAR)SdRel + Current, SeWorldSid, SidSize);
        SdRel->Owner = Current;
        Current += SidSize;
    }
 
    if (SecurityInformation & GROUP_SECURITY_INFORMATION)
    {
        RtlCopyMemory((PUCHAR)SdRel + Current, SeWorldSid, SidSize);
        SdRel->Group = Current;
        Current += SidSize;
    }
 
    if (SecurityInformation & DACL_SECURITY_INFORMATION)
    {
        PACL Dacl = (PACL)((PUCHAR)SdRel + Current);
 
        Status = RtlCreateAcl(Dacl,
                              sizeof(ACL) + sizeof(ACE) + SidSize,
                              ACL_REVISION);
        if (!NT_SUCCESS(Status))
            return Status;
 
        Status = RtlAddAccessAllowedAce(Dacl,
                                        ACL_REVISION,
                                        GENERIC_ALL,
                                        SeWorldSid);
        if (!NT_SUCCESS(Status))
            return Status;
 
        SdRel->Control |= SE_DACL_PRESENT;
        SdRel->Dacl = Current;
        Current += SidSize;
    }
 
    if (SecurityInformation & SACL_SECURITY_INFORMATION)
    {
        PACL Sacl = (PACL)((PUCHAR)SdRel + Current);
 
        Status = RtlCreateAcl(Sacl,
                              sizeof(ACL) + sizeof(ACE) + SidSize,
                              ACL_REVISION);
        if (!NT_SUCCESS(Status))
            return Status;
 
        Status = RtlAddAuditAccessAce(Sacl,
                                      ACL_REVISION,
                                      ACCESS_SYSTEM_SECURITY | STANDARD_RIGHTS_ALL,
                                      SeWorldSid,
                                      TRUE,
                                      TRUE);
        if (!NT_SUCCESS(Status))
            return Status;
 
        SdRel->Control |= SE_SACL_PRESENT;
        SdRel->Sacl = Current;
        Current += SidSize;
    }
 
    return STATUS_SUCCESS;
}

Referenced by IopGetSetSecurityObject().

◆ SeSubProcessToken()

NTSTATUS NTAPI SeSubProcessToken	(	_In_ PTOKEN	ParentToken,
		_Out_ PTOKEN *	Token,
		_In_ BOOLEAN	InUse,
		_In_ ULONG	SessionId
	)

Subtracts a token in exchange of duplicating a new one.

Parameters

[in]	ParentToken	The parent access token for duplication.
[out]	Token	The new duplicated token.
[in]	InUse	Set this to TRUE if the token is about to be used immediately after the call execution of this function, FALSE otherwise.
[in]	SessionId	Session ID for the token to be assigned.

Returns: Returns STATUS_SUCCESS if token subtracting and duplication have completed successfully. A failure NTSTATUS code is returned otherwise.

Definition at line 1373 of file token.c.

{
    PTOKEN NewToken;
    OBJECT_ATTRIBUTES ObjectAttributes;
    NTSTATUS Status;
 
    /* Initialize the attributes and duplicate it */
    InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL);
    Status = SepDuplicateToken(ParentToken,
                               &ObjectAttributes,
                               FALSE,
                               TokenPrimary,
                               ParentToken->ImpersonationLevel,
                               KernelMode,
                               &NewToken);
    if (NT_SUCCESS(Status))
    {
        /* Insert it */
        Status = ObInsertObject(NewToken,
                                NULL,
                                0,
                                0,
                                NULL,
                                NULL);
        if (NT_SUCCESS(Status))
        {
            /* Set the session ID */
            NewToken->SessionId = SessionId;
            NewToken->TokenInUse = InUse;
 
            /* Return the token */
            *Token = NewToken;
        }
    }
 
    /* Return status */
    return Status;
}

Referenced by PspInitializeProcessSecurity().

◆ SeTokenCanImpersonate()

BOOLEAN NTAPI SeTokenCanImpersonate	(	_In_ PTOKEN	ProcessToken,
		_In_ PTOKEN	TokenToImpersonate,
		_In_ SECURITY_IMPERSONATION_LEVEL	ImpersonationLevel
	)

Determines whether the server is allowed to impersonate on behalf of a client or not. For further details, see Remarks.

Parameters

[in]	ProcessToken	A pointer to the primary access token of the server process that requests impersonation of the client target.
[in]	TokenToImpersonate	A pointer to an access token that represents a client that is to be impersonated.
[in]	ImpersonationLevel	The requested impersonation level.

Returns: Returns TRUE if the conditions checked are met for token impersonation, FALSE otherwise.

Remarks: The server has to meet the following criteria in order to impersonate a client, that is:

The server must not impersonate a client beyond the level that the client imposed on itself.
The server must be authenticated on the same logon session of the target client.
IF NOT then the server's user ID has to match to that of the target client.
The server must not be restricted in order to impersonate a client that is not restricted.

If the associated access token that represents the security properties of the server is granted the SeImpersonatePrivilege privilege the server is given immediate impersonation, regardless of the conditions above. If the client in question is associated with an anonymous token then the server is given immediate impersonation. Or if the server simply doesn't ask for impersonation but instead it wants to get the security identification of a client, the server is given immediate impersonation.

Definition at line 2207 of file token.c.

{
    BOOLEAN CanImpersonate;
    PAGED_CODE();
 
    /*
     * The server may want to obtain identification details of a client
     * instead of impersonating so just give the server a pass.
     */
    if (ImpersonationLevel < SecurityIdentification)
    {
        DPRINT("The server doesn't ask for impersonation\n");
        return TRUE;
    }
 
    /* Time to lock our tokens */
    SepAcquireTokenLockShared(ProcessToken);
    SepAcquireTokenLockShared(TokenToImpersonate);
 
    /*
     * As the name implies, an anonymous token has invisible security
     * identification details. By the general rule these tokens do not
     * pose a danger in terms of power escalation so give the server a pass.
     */
    if (RtlEqualLuid(&TokenToImpersonate->AuthenticationId,
                     &SeAnonymousAuthenticationId))
    {
        DPRINT("The token to impersonate has an anonymous authentication ID, allow impersonation either way\n");
        CanImpersonate = TRUE;
        goto Quit;
    }
 
    /* Allow impersonation for the process server if it's granted the impersonation privilege */
    if ((ProcessToken->TokenFlags & TOKEN_HAS_IMPERSONATE_PRIVILEGE) != 0)
    {
        DPRINT("The process is granted the impersonation privilege, allow impersonation\n");
        CanImpersonate = TRUE;
        goto Quit;
    }
 
    /*
     * Deny impersonation for the server if it wants to impersonate a client
     * beyond what the impersonation level originally permits.
     */
    if (ImpersonationLevel > TokenToImpersonate->ImpersonationLevel)
    {
        DPRINT1("Cannot impersonate a client above the permitted impersonation level!\n");
        CanImpersonate = FALSE;
        goto Quit;
    }
 
    /* Is the server authenticated on the same client originating session? */
    if (!RtlEqualLuid(&ProcessToken->AuthenticationId,
                      &TokenToImpersonate->OriginatingLogonSession))
    {
        /* It's not, check that at least both the server and client are the same user */
        if (!RtlEqualSid(ProcessToken->UserAndGroups[0].Sid,
                         TokenToImpersonate->UserAndGroups[0].Sid))
        {
            DPRINT1("Server and client aren't the same user!\n");
            CanImpersonate = FALSE;
            goto Quit;
        }
 
        /*
         * Make sure the tokens haven't diverged in terms of restrictions
         * that is one token is restricted but the other one isn't. If that
         * would have been the case then the server would have impersonated
         * a less restricted client thus potentially triggering an elevation,
         * which is not what we want.
         */
        if (SeTokenIsRestricted(ProcessToken) !=
            SeTokenIsRestricted(TokenToImpersonate))
        {
            DPRINT1("Attempting to impersonate a less restricted client token, bail out!\n");
            CanImpersonate = FALSE;
            goto Quit;
        }
    }
 
    /* If we've reached that far then we can impersonate! */
    DPRINT("We can impersonate\n");
    CanImpersonate = TRUE;
 
Quit:
    SepReleaseTokenLock(TokenToImpersonate);
    SepReleaseTokenLock(ProcessToken);
    return CanImpersonate;
}

Referenced by PsImpersonateClient().

◆ SeTokenIsInert()

BOOLEAN NTAPI SeTokenIsInert ( _In_ PTOKEN Token )

Determines if a token is a sandbox inert token or not, based upon the token flags.

Parameters

[in] Token A valid access token to determine if such token is inert.

Returns: Returns TRUE if the token is inert, FALSE otherwise.

Definition at line 1583 of file token.c.

{
    PAGED_CODE();
 
    return (((PTOKEN)Token)->TokenFlags & TOKEN_SANDBOX_INERT) != 0;
}

Referenced by NtQueryInformationToken().

Variable Documentation

◆ SeAliasAccountOpsSid

PSID SeAliasAccountOpsSid

extern

Definition at line 45 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeAliasAdminsSid

PSID SeAliasAdminsSid

extern

Definition at line 41 of file sid.c.

Referenced by FreeInitializedSids(), IopCreateDefaultDeviceSecurityDescriptor(), MiCreateMemoryEvent(), NtCreatePagingFile(), ObpCreateKernelObjectsSD(), ObpGetDosDevicesProtection(), SepCreateImpersonationTokenDacl(), SepCreateSystemProcessToken(), SepCreateToken(), SepDuplicateToken(), SepInitDACLs(), SepInitExports(), SepInitializationPhase1(), SepInitSecurityIDs(), and SepPerformTokenFiltering().

◆ SeAliasBackupOpsSid

PSID SeAliasBackupOpsSid

extern

Definition at line 48 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeAliasGuestsSid

PSID SeAliasGuestsSid

extern

Definition at line 43 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeAliasPowerUsersSid

PSID SeAliasPowerUsersSid

extern

Definition at line 44 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeAliasPrintOpsSid

PSID SeAliasPrintOpsSid

extern

Definition at line 47 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeAliasSystemOpsSid

PSID SeAliasSystemOpsSid

extern

Definition at line 46 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeAliasUsersSid

PSID SeAliasUsersSid

extern

Definition at line 42 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeAnonymousLogonSid

PSID SeAnonymousLogonSid

extern

Definition at line 213 of file se.h.

Referenced by FreeInitializedSids(), SepCreateSystemAnonymousLogonToken(), SepCreateSystemAnonymousLogonTokenNoEveryone(), SepInitDACLs(), SepInitExports(), and SepInitSecurityIDs().

◆ SeAnonymousLogonToken

PTOKEN SeAnonymousLogonToken

extern

Definition at line 19 of file semgr.c.

Referenced by SepImpersonateAnonymousToken(), and SepInitializationPhase0().

◆ SeAnonymousLogonTokenNoEveryone

PTOKEN SeAnonymousLogonTokenNoEveryone

extern

Definition at line 20 of file semgr.c.

Referenced by SepImpersonateAnonymousToken(), and SepInitializationPhase0().

◆ SeAssignPrimaryTokenPrivilege

const LUID SeAssignPrimaryTokenPrivilege

extern

Definition at line 22 of file priv.c.

Referenced by PspSetPrimaryToken(), SepCreateSystemProcessToken(), and SepInitExports().

◆ SeAuditPrivilege

const LUID SeAuditPrivilege

extern

Definition at line 40 of file priv.c.

Referenced by SeCheckAuditPrivilege(), SepCreateSystemProcessToken(), and SepInitExports().

◆ SeAuthenticatedUserSid

PSID SeAuthenticatedUserSid

extern

Definition at line 39 of file sid.c.

Referenced by FreeInitializedSids(), and SepInitSecurityIDs().

◆ SeAuthenticatedUsersSid

PSID SeAuthenticatedUsersSid

extern

Definition at line 49 of file sid.c.

Referenced by FreeInitializedSids(), SepCreateSystemProcessToken(), SepInitExports(), and SepInitSecurityIDs().

◆ SeBackupPrivilege

const LUID SeBackupPrivilege

extern

Definition at line 36 of file priv.c.

Referenced by IopCheckBackupRestorePrivilege(), NtSaveKeyEx(), NtSaveMergedKeys(), SepCreateSystemProcessToken(), and SepInitExports().

◆ SeBatchSid

PSID SeBatchSid

extern

Definition at line 34 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeChangeNotifyPrivilege

const LUID SeChangeNotifyPrivilege

extern

Definition at line 42 of file priv.c.

◆ SeCreateGlobalPrivilege

const LUID SeCreateGlobalPrivilege

extern

Definition at line 49 of file priv.c.

◆ SeCreatePagefilePrivilege

const LUID SeCreatePagefilePrivilege

extern

Definition at line 34 of file priv.c.

Referenced by NtCreatePagingFile(), SepCreateSystemProcessToken(), and SepInitExports().

◆ SeCreatePermanentPrivilege

const LUID SeCreatePermanentPrivilege

extern

Definition at line 35 of file priv.c.

Referenced by NtMakePermanentObject(), ObCreateObject(), SepCreateSystemProcessToken(), and SepInitExports().

◆ SeCreateSymbolicLinkPrivilege

const LUID SeCreateSymbolicLinkPrivilege

extern

Definition at line 54 of file priv.c.

◆ SeCreateTokenPrivilege

const LUID SeCreateTokenPrivilege

extern

Definition at line 21 of file priv.c.

Referenced by NtCreateToken(), SepCreateSystemProcessToken(), and SepInitExports().

◆ SeCreatorGroupServerSid

PSID SeCreatorGroupServerSid

extern

Definition at line 30 of file sid.c.

Referenced by FreeInitializedSids(), and SepInitSecurityIDs().

◆ SeCreatorGroupSid

PSID SeCreatorGroupSid

extern

Definition at line 28 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), SepInitSecurityIDs(), and SepPropagateAcl().

◆ SeCreatorOwnerServerSid

PSID SeCreatorOwnerServerSid

extern

Definition at line 29 of file sid.c.

Referenced by FreeInitializedSids(), and SepInitSecurityIDs().

◆ SeCreatorOwnerSid

PSID SeCreatorOwnerSid

extern

Definition at line 27 of file sid.c.

Referenced by FreeInitializedSids(), ObpGetDosDevicesProtection(), SepInitExports(), SepInitSecurityIDs(), and SepPropagateAcl().

◆ SeCreatorSidAuthority

SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority

extern

Definition at line 21 of file sid.c.

Referenced by SepInitSecurityIDs().

◆ SeDebugPrivilege

const LUID SeDebugPrivilege

extern

Definition at line 39 of file priv.c.

Referenced by NtOpenProcess(), NtOpenThread(), NtSetDebugFilterState(), NtSetInformationProcess(), NtSetInformationThread(), NtSystemDebugControl(), SepCreateSystemProcessToken(), SepInitExports(), and SSI_DEF().

◆ SeDialupSid

PSID SeDialupSid

extern

Definition at line 32 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeEnableDelegationPrivilege

const LUID SeEnableDelegationPrivilege

extern

Definition at line 46 of file priv.c.

Referenced by SepInitExports().

◆ SeImpersonatePrivilege

const LUID SeImpersonatePrivilege

extern

Definition at line 48 of file priv.c.

◆ SeIncreaseBasePriorityPrivilege

const LUID SeIncreaseBasePriorityPrivilege

extern

Definition at line 33 of file priv.c.

Referenced by NtSetInformationProcess(), NtSetInformationThread(), SepCreateSystemProcessToken(), and SepInitExports().

◆ SeIncreaseQuotaPrivilege

const LUID SeIncreaseQuotaPrivilege

extern

Definition at line 24 of file priv.c.

Referenced by PspSetQuotaLimits(), SepCreateSystemProcessToken(), and SepInitExports().

◆ SeIncreaseWorkingSetPrivilege

const LUID SeIncreaseWorkingSetPrivilege

extern

Definition at line 52 of file priv.c.

◆ SeInteractiveSid

PSID SeInteractiveSid

extern

Definition at line 35 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeLoadDriverPrivilege

const LUID SeLoadDriverPrivilege

extern

Definition at line 29 of file priv.c.

Referenced by IopUnloadDriver(), NtLoadDriver(), SepCreateSystemProcessToken(), SepInitExports(), and SSI_DEF().

◆ SeLocalServiceSid

PSID SeLocalServiceSid

extern

Definition at line 52 of file sid.c.

Referenced by SepInitExports(), and SepInitSecurityIDs().

◆ SeLocalSid

PSID SeLocalSid

extern

Definition at line 26 of file sid.c.

Referenced by FreeInitializedSids(), SepCreateSystemProcessToken(), SepInitExports(), and SepInitSecurityIDs().

◆ SeLocalSidAuthority

SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority

extern

Definition at line 20 of file sid.c.

Referenced by SepInitSecurityIDs().

◆ SeLocalSystemSid

PSID SeLocalSystemSid

extern

Definition at line 38 of file sid.c.

Referenced by FreeInitializedSids(), MiCreateMemoryEvent(), NtCreatePagingFile(), ObpCreateKernelObjectsSD(), ObpGetDosDevicesProtection(), SepCreateImpersonationTokenDacl(), SepCreateSystemProcessToken(), SepInitDACLs(), SepInitExports(), SepInitializationPhase1(), SepInitSecurityIDs(), and SePrivilegedServiceAuditAlarm().

◆ SeLockMemoryPrivilege

const LUID SeLockMemoryPrivilege

extern

Definition at line 23 of file priv.c.

Referenced by NtAllocateVirtualMemory(), NtLockVirtualMemory(), NtUnlockVirtualMemory(), SepCreateSystemProcessToken(), and SepInitExports().

◆ SeManageVolumePrivilege

const LUID SeManageVolumePrivilege

extern

Definition at line 47 of file priv.c.

Referenced by SepCreateSystemProcessToken(), and SepInitExports().

◆ SeNetworkServiceSid

PSID SeNetworkServiceSid

extern

Definition at line 53 of file sid.c.

Referenced by SepInitExports(), and SepInitSecurityIDs().

◆ SeNetworkSid

PSID SeNetworkSid

extern

Definition at line 33 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeNtAuthoritySid

PSID SeNtAuthoritySid

extern

Definition at line 31 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeNtSidAuthority

SID_IDENTIFIER_AUTHORITY SeNtSidAuthority

extern

Definition at line 22 of file sid.c.

Referenced by SepInitSecurityIDs().

◆ SeNullSid

PSID SeNullSid

extern

Definition at line 24 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeNullSidAuthority

SID_IDENTIFIER_AUTHORITY SeNullSidAuthority

extern

Definition at line 18 of file sid.c.

Referenced by SepInitSecurityIDs().

◆ SePrincipalSelfSid

PSID SePrincipalSelfSid

extern

Definition at line 37 of file sid.c.

Referenced by FreeInitializedSids(), SepInitSecurityIDs(), and SepSidInTokenEx().

◆ SeProfileSingleProcessPrivilege

const LUID SeProfileSingleProcessPrivilege

extern

Definition at line 32 of file priv.c.

Referenced by SepCreateSystemProcessToken(), and SepInitExports().

◆ SePublicDefaultSd

PSECURITY_DESCRIPTOR SePublicDefaultSd

extern

Definition at line 16 of file sd.c.

Referenced by ExpInitializeCallbacks(), IoCreateSymbolicLink(), SepInitializationPhase1(), and SepInitSDs().

◆ SePublicDefaultUnrestrictedDacl

PACL SePublicDefaultUnrestrictedDacl

extern

Definition at line 18 of file acl.c.

Referenced by IopCreateDefaultDeviceSecurityDescriptor(), IopCreateSecurityDescriptorPerType(), SepInitDACLs(), and SepInitSDs().

◆ SePublicDefaultUnrestrictedSd

PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd

extern

Definition at line 17 of file sd.c.

Referenced by ExpCreateSystemRootLink(), ObInitSystem(), and SepInitSDs().

◆ SePublicOpenDacl

PACL SePublicOpenDacl

extern

Definition at line 19 of file acl.c.

Referenced by IopCreateSecurityDescriptorPerType(), SepInitDACLs(), and SepInitSDs().

◆ SePublicOpenSd

PSECURITY_DESCRIPTOR SePublicOpenSd

extern

Definition at line 18 of file sd.c.

Referenced by SepInitSDs().

◆ SePublicOpenUnrestrictedDacl

PACL SePublicOpenUnrestrictedDacl

extern

Definition at line 20 of file acl.c.

Referenced by IopCreateSecurityDescriptorPerType(), SepInitDACLs(), and SepInitSDs().

◆ SePublicOpenUnrestrictedSd

PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd

extern

Definition at line 19 of file sd.c.

Referenced by SepInitSDs().

◆ SeRelabelPrivilege

const LUID SeRelabelPrivilege

extern

Definition at line 51 of file priv.c.

◆ SeRemoteShutdownPrivilege

const LUID SeRemoteShutdownPrivilege

extern

Definition at line 43 of file priv.c.

Referenced by SepInitExports().

◆ SeRestorePrivilege

const LUID SeRestorePrivilege

extern

Definition at line 37 of file priv.c.

Referenced by IopCheckBackupRestorePrivilege(), NtLoadKeyEx(), NtUnloadKey2(), SepCreateSystemProcessToken(), and SepInitExports().

◆ SeRestrictedCodeSid

PSID SeRestrictedCodeSid

extern

Definition at line 40 of file sid.c.

Referenced by FreeInitializedSids(), SepCreateImpersonationTokenDacl(), SepInitDACLs(), and SepInitSecurityIDs().

◆ SeRestrictedSid

PSID SeRestrictedSid

extern

Definition at line 50 of file sid.c.

Referenced by FreeInitializedSids(), SepInitExports(), and SepInitSecurityIDs().

◆ SeSecurityPrivilege

const LUID SeSecurityPrivilege

extern

Definition at line 27 of file priv.c.

Referenced by SepCreateSystemProcessToken(), SepInitExports(), and SePrivilegePolicyCheck().

◆ SeServiceSid

PSID SeServiceSid

extern

Definition at line 36 of file sid.c.

Referenced by FreeInitializedSids(), and SepInitSecurityIDs().

◆ SeShutdownPrivilege

const LUID SeShutdownPrivilege

extern

Definition at line 38 of file priv.c.

Referenced by ExpRaiseHardError(), NtSetSystemPowerState(), SepCreateSystemProcessToken(), and SepInitExports().

◆ SeSyncAgentPrivilege

const LUID SeSyncAgentPrivilege

extern

Definition at line 45 of file priv.c.

Referenced by SepInitExports().

◆ SeSystemAnonymousLogonDacl

PACL SeSystemAnonymousLogonDacl

extern

Definition at line 22 of file acl.c.

Referenced by SepCreateSystemAnonymousLogonToken(), SepCreateSystemAnonymousLogonTokenNoEveryone(), SepInitDACLs(), and SepInitSDs().

◆ SeSystemAnonymousLogonSd

PSECURITY_DESCRIPTOR SeSystemAnonymousLogonSd

extern

Definition at line 22 of file sd.c.

Referenced by SepInitSDs().

◆ SeSystemDefaultSd

PSECURITY_DESCRIPTOR SeSystemDefaultSd

extern

Definition at line 20 of file sd.c.

Referenced by SepInitSDs().

◆ SeSystemEnvironmentPrivilege

const LUID SeSystemEnvironmentPrivilege

extern

Definition at line 41 of file priv.c.

Referenced by NtQuerySystemEnvironmentValue(), NtSetSystemEnvironmentValue(), SepCreateSystemProcessToken(), and SepInitExports().

◆ SeSystemProfilePrivilege

const LUID SeSystemProfilePrivilege

extern

Definition at line 30 of file priv.c.

Referenced by NtCreateProfile(), and SepInitExports().

◆ SeSystemtimePrivilege

const LUID SeSystemtimePrivilege

extern

Definition at line 31 of file priv.c.

Referenced by NtSetSystemTime(), SepCreateSystemProcessToken(), SepInitExports(), and SSI_DEF().

◆ SeTakeOwnershipPrivilege

const LUID SeTakeOwnershipPrivilege

extern

Definition at line 28 of file priv.c.

Referenced by SepCreateSystemProcessToken(), SepInitExports(), and SePrivilegePolicyCheck().

◆ SeTcbPrivilege

const LUID SeTcbPrivilege

extern

Definition at line 26 of file priv.c.

Referenced by ApphelpCacheAccessCheck(), ExpRaiseHardError(), NtDisplayString(), NtGetPlugPlayEvent(), NtPlugPlayControl(), NtSetDefaultHardErrorPort(), NtSetInformationObject(), NtSetInformationProcess(), NtSetInformationToken(), SepCreateSystemProcessToken(), SepInitExports(), SepSinglePrivilegeCheck(), and SSI_DEF().

◆ SeTimeZonePrivilege

const LUID SeTimeZonePrivilege

extern

Definition at line 53 of file priv.c.

◆ SeTrustedCredmanPrivilege

const LUID SeTrustedCredmanPrivilege

extern

Definition at line 50 of file priv.c.

◆ SeUndockPrivilege

const LUID SeUndockPrivilege

extern

Definition at line 44 of file priv.c.

Referenced by SepCreateSystemProcessToken(), and SepInitExports().

◆ SeUnrestrictedDacl

PACL SeUnrestrictedDacl

extern

Definition at line 21 of file acl.c.

Referenced by SepInitDACLs(), and SepInitSDs().

◆ SeUnrestrictedSd

PSECURITY_DESCRIPTOR SeUnrestrictedSd

extern

Definition at line 21 of file sd.c.

Referenced by SepInitSDs().

◆ SeUnsolicitedInputPrivilege

const LUID SeUnsolicitedInputPrivilege

extern

Definition at line 25 of file priv.c.

Referenced by SepInitExports().

◆ SeWorldSid

PSID SeWorldSid

extern

Definition at line 25 of file sid.c.

Referenced by CmpQuerySecurityDescriptor(), FreeInitializedSids(), IopCreateDefaultDeviceSecurityDescriptor(), MiCreateMemoryEvent(), ObpCreateKernelObjectsSD(), ObpGetDosDevicesProtection(), SeFastTraverseCheck(), SepCreateSystemAnonymousLogonToken(), SepCreateSystemProcessToken(), SepInitDACLs(), SepInitExports(), SepInitializationPhase1(), SepInitSecurityIDs(), and SeSetWorldSecurityDescriptor().

◆ SeWorldSidAuthority

SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority

extern

Definition at line 19 of file sid.c.

Referenced by SepInitSecurityIDs().

Classes

Macros

Typedefs

Enumerations

Functions

Variables

Macro Definition Documentation

◆ SepAcquireTokenLockExclusive

◆ SepAcquireTokenLockShared

◆ SepReleaseTokenLock

◆ TOKEN_CREATE_METHOD

◆ TOKEN_DUPLICATE_METHOD

◆ TOKEN_FILTER_METHOD

Typedef Documentation

◆ ACCESS_CHECK_RIGHT_TYPE

◆ ACCESS_CHECK_RIGHTS

◆ KNOWN_ACE

◆ KNOWN_COMPOUND_ACE

◆ KNOWN_OBJECT_ACE

◆ OBJECT_TYPE_LIST_INTERNAL

◆ PACCESS_CHECK_RIGHTS

◆ PKNOWN_ACE

◆ PKNOWN_COMPOUND_ACE

◆ PKNOWN_OBJECT_ACE

◆ POBJECT_TYPE_LIST_INTERNAL

◆ PTOKEN_AUDIT_POLICY_INFORMATION

◆ TOKEN_AUDIT_POLICY_INFORMATION

Enumeration Type Documentation

◆ _ACCESS_CHECK_RIGHT_TYPE

Function Documentation

◆ RtlLengthSidAndAttributes()

◆ SeAuditProcessCreate()

◆ SeAuditProcessExit()

◆ SeCaptureLuidAndAttributesArray()

◆ SeCaptureObjectTypeList()

◆ SeCaptureSidAndAttributesArray()

◆ SeCaptureSubjectContextEx()

◆ SeCheckAuditPrivilege()

◆ SeCheckPrivilegedObject()

◆ SeComputeQuotaInformationSize()

◆ SeCopyClientToken()

◆ SeCreateAccessStateEx()

◆ SeDeassignPrimaryToken()

◆ SeDefaultObjectMethod()

◆ SeDetailedAuditingWithToken()

◆ SeExchangePrimaryToken()

◆ SeFastTraverseCheck()

◆ SeGetLogonIdDeviceMap()

◆ SeGetTokenControlInformation()

◆ SeInitializeProcessAuditName()

◆ SeInitSystem()

◆ SeIsTokenChild()

◆ SeIsTokenSibling()

◆ SepCaptureAcl()

◆ SepCaptureSecurityQualityOfService()

◆ SepCaptureSid()

◆ SepComputeAvailableDynamicSpace()

◆ SepCreateImpersonationTokenDacl()

◆ SepCreateSystemAnonymousLogonToken()

◆ SepCreateSystemAnonymousLogonTokenNoEveryone()

◆ SepCreateSystemProcessToken()

◆ SepCreateToken()

◆ SepCreateTokenLock()

◆ SepDeleteTokenLock()

◆ SepDuplicateToken()

◆ SepFindPrimaryGroupAndDefaultOwner()

◆ SepGetDaclFromDescriptor()

◆ SepGetGroupFromDescriptor()

◆ SepGetObjectTypeGuidFromAce()

◆ SepGetOwnerFromDescriptor()

◆ SepGetSaclFromDescriptor()

◆ SepGetSidFromAce()

◆ SepInitDACLs()

◆ SepInitializeTokenImplementation()

◆ SepInitPrivileges()

◆ SepInitSDs()

◆ SepInitSecurityIDs()

◆ SepObjectTypeGuidInList()

◆ SepPrivilegeCheck()

◆ SepPropagateAcl()