ReactOS  0.4.15-dev-4853-g3a72a52
se.h File Reference

Go to the source code of this file.

Classes

struct  _KNOWN_ACE
 
struct  _KNOWN_OBJECT_ACE
 
struct  _KNOWN_COMPOUND_ACE
 
struct  _ACCESS_CHECK_RIGHTS
 
struct  _TOKEN_AUDIT_POLICY_INFORMATION
 

Macros

#define TOKEN_CREATE_METHOD   0xCUL
 
#define TOKEN_DUPLICATE_METHOD   0xDUL
 
#define TOKEN_FILTER_METHOD   0xFUL
 
#define SepAcquireTokenLockExclusive(Token)
 
#define SepAcquireTokenLockShared(Token)
 
#define SepReleaseTokenLock(Token)
 

Typedefs

typedef struct _KNOWN_ACE KNOWN_ACE
 
typedef struct _KNOWN_ACEPKNOWN_ACE
 
typedef struct _KNOWN_OBJECT_ACE KNOWN_OBJECT_ACE
 
typedef struct _KNOWN_OBJECT_ACEPKNOWN_OBJECT_ACE
 
typedef struct _KNOWN_COMPOUND_ACE KNOWN_COMPOUND_ACE
 
typedef struct _KNOWN_COMPOUND_ACEPKNOWN_COMPOUND_ACE
 
typedef struct _ACCESS_CHECK_RIGHTS ACCESS_CHECK_RIGHTS
 
typedef struct _ACCESS_CHECK_RIGHTSPACCESS_CHECK_RIGHTS
 
typedef enum _ACCESS_CHECK_RIGHT_TYPE ACCESS_CHECK_RIGHT_TYPE
 
typedef struct _TOKEN_AUDIT_POLICY_INFORMATION TOKEN_AUDIT_POLICY_INFORMATION
 
typedef struct _TOKEN_AUDIT_POLICY_INFORMATIONPTOKEN_AUDIT_POLICY_INFORMATION
 

Enumerations

enum  _ACCESS_CHECK_RIGHT_TYPE { AccessCheckMaximum, AccessCheckRegular }
 

Functions

FORCEINLINE PSID SepGetGroupFromDescriptor (_Inout_ PVOID _Descriptor)
 
FORCEINLINE PSID SepGetOwnerFromDescriptor (_Inout_ PVOID _Descriptor)
 
FORCEINLINE PACL SepGetDaclFromDescriptor (_Inout_ PVOID _Descriptor)
 
FORCEINLINE PACL SepGetSaclFromDescriptor (_Inout_ PVOID _Descriptor)
 
VOID NTAPI SepInitializeTokenImplementation (VOID)
 Internal function that initializes critical kernel data for access token implementation in SRM. More...
 
PTOKEN NTAPI SepCreateSystemProcessToken (VOID)
 Creates the system process token. More...
 
PTOKEN SepCreateSystemAnonymousLogonToken (VOID)
 Creates the anonymous logon token for the system. The difference between this token and the other one is the inclusion of everyone SID group (being SeWorldSid). The other token lacks such group. More...
 
PTOKEN SepCreateSystemAnonymousLogonTokenNoEveryone (VOID)
 Creates the anonymous logon token for the system. This kind of token doesn't include the everyone SID group (being SeWorldSid). More...
 
NTSTATUS NTAPI SepDuplicateToken (_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
 Duplicates an access token, from an existing valid token. More...
 
NTSTATUS NTAPI SepCreateToken (_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
 Internal function responsible for access token object creation in the kernel. A fully created token objected is inserted into the token handle, thus the handle becoming a valid handle to an access token object and ready for use. More...
 
BOOLEAN NTAPI SepTokenIsOwner (_In_ PACCESS_TOKEN _Token, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN TokenLocked)
 Checks if a token belongs to the main user, being the owner. More...
 
NTSTATUS SepCreateTokenLock (_Inout_ PTOKEN Token)
 Creates a lock for the token. More...
 
VOID SepDeleteTokenLock (_Inout_ PTOKEN Token)
 Deletes a lock of a token. More...
 
VOID SepUpdatePrivilegeFlagsToken (_Inout_ PTOKEN Token)
 Updates the token's flags based upon the privilege that the token has been granted. The function uses the private helper, SepUpdateSinglePrivilegeFlagToken, in order to update the flags of a token. More...
 
NTSTATUS SepFindPrimaryGroupAndDefaultOwner (_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
 Finds the primary group and default owner entity based on the submitted primary group instance and an access token. More...
 
VOID SepUpdateSinglePrivilegeFlagToken (_Inout_ PTOKEN Token, _In_ ULONG Index)
 Updates the token's flags based upon the privilege that the token has been granted. The flag can either be taken out or given to the token if the attributes of the specified privilege is enabled or not. More...
 
VOID SepRemovePrivilegeToken (_Inout_ PTOKEN Token, _In_ ULONG Index)
 Removes a privilege from the token. More...
 
VOID SepRemoveUserGroupToken (_Inout_ PTOKEN Token, _In_ ULONG Index)
 Removes a group from the token. More...
 
BOOLEAN NTAPI SeTokenCanImpersonate (_In_ PTOKEN ProcessToken, _In_ PTOKEN TokenToImpersonate, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
 Ensures that client impersonation can occur by checking if the token we're going to assign as the impersonation token can be actually impersonated in the first place. The routine is used primarily by PsImpersonateClient. More...
 
VOID NTAPI SeGetTokenControlInformation (_In_ PACCESS_TOKEN _Token, _Out_ PTOKEN_CONTROL TokenControl)
 Retrieves token control information. More...
 
VOID NTAPI SeDeassignPrimaryToken (_Inout_ PEPROCESS Process)
 Removes the primary token of a process. More...
 
NTSTATUS NTAPI SeSubProcessToken (_In_ PTOKEN Parent, _Out_ PTOKEN *Token, _In_ BOOLEAN InUse, _In_ ULONG SessionId)
 Subtracts a token in exchange of duplicating a new one. More...
 
NTSTATUS NTAPI SeIsTokenChild (_In_ PTOKEN Token, _Out_ PBOOLEAN IsChild)
 Checks if the token is a child of the other token of the current process that the calling thread is invoking this function. More...
 
NTSTATUS NTAPI SeIsTokenSibling (_In_ PTOKEN Token, _Out_ PBOOLEAN IsSibling)
 Checks if the token is a sibling of the other token of the current process that the calling thread is invoking this function. More...
 
NTSTATUS NTAPI SeExchangePrimaryToken (_In_ PEPROCESS Process, _In_ PACCESS_TOKEN NewAccessToken, _Out_ PACCESS_TOKEN *OldAccessToken)
 Replaces the old access token of a process (pointed by the EPROCESS kernel structure) with a new access token. The new access token must be a primary token for use. More...
 
NTSTATUS NTAPI SeCopyClientToken (_In_ PACCESS_TOKEN Token, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PACCESS_TOKEN *NewToken)
 Copies an existing access token (technically duplicating a new one). More...
 
BOOLEAN NTAPI SeTokenIsInert (_In_ PTOKEN Token)
 Determines if a token is a sandbox inert token or not, based upon the token flags. More...
 
ULONG RtlLengthSidAndAttributes (_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src)
 Computes the length size of a SID. More...
 
BOOLEAN NTAPI SeInitSystem (VOID)
 Main security manager initialization function. More...
 
NTSTATUS NTAPI SeDefaultObjectMethod (_In_ PVOID Object, _In_ SECURITY_OPERATION_CODE OperationType, _In_ PSECURITY_INFORMATION SecurityInformation, _Inout_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_opt_ PULONG ReturnLength, _Inout_opt_ PSECURITY_DESCRIPTOR *OldSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
 
VOID NTAPI SeQuerySecurityAccessMask (_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess)
 Queries the access mask from a security information context. More...
 
VOID NTAPI SeSetSecurityAccessMask (_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess)
 Sets the access mask for a security information context. More...
 
VOID NTAPI SepInitPrivileges (VOID)
 Initializes the privileges during the startup phase of the security manager module. This function serves as a placeholder as it currently does nothing. More...
 
BOOLEAN NTAPI SepPrivilegeCheck (_In_ PTOKEN Token, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_ ULONG PrivilegeCount, _In_ ULONG PrivilegeControl, _In_ KPROCESSOR_MODE PreviousMode)
 Checks the privileges pointed by Privileges array argument if they exist and match with the privileges from an access token. More...
 
NTSTATUS NTAPI SePrivilegePolicyCheck (_Inout_ PACCESS_MASK DesiredAccess, _Inout_ PACCESS_MASK GrantedAccess, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PTOKEN Token, _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet, _In_ KPROCESSOR_MODE PreviousMode)
 Checks the security policy and returns a set of privileges based upon the said security policy context. More...
 
BOOLEAN NTAPI SeCheckAuditPrivilege (_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
 Checks a single privilege and performs an audit against a privileged service based on a security subject context. More...
 
BOOLEAN NTAPI SeCheckPrivilegedObject (_In_ LUID PrivilegeValue, _In_ HANDLE ObjectHandle, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE PreviousMode)
 Checks a privileged object if such object has the specific privilege submitted by the caller. More...
 
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray (_In_ PLUID_AND_ATTRIBUTES Src, _In_ ULONG PrivilegeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_ PLUID_AND_ATTRIBUTES AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PLUID_AND_ATTRIBUTES *Dest, _Inout_ PULONG Length)
 
VOID NTAPI SeReleaseLuidAndAttributesArray (_In_ PLUID_AND_ATTRIBUTES Privilege, _In_ KPROCESSOR_MODE PreviousMode, _In_ BOOLEAN CaptureIfKernel)
 Releases a LUID with attributes structure. More...
 
BOOLEAN NTAPI SepInitSecurityIDs (VOID)
 Initializes all the SIDs known in the system. More...
 
NTSTATUS NTAPI SepCaptureSid (_In_ PSID InputSid, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID *CapturedSid)
 Captures a SID. More...
 
VOID NTAPI SepReleaseSid (_In_ PSID CapturedSid, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
 Releases a captured SID. More...
 
BOOLEAN NTAPI SepSidInToken (_In_ PACCESS_TOKEN _Token, _In_ PSID Sid)
 Checks if a SID is present in a token. More...
 
BOOLEAN NTAPI SepSidInTokenEx (_In_ PACCESS_TOKEN _Token, _In_ PSID PrincipalSelfSid, _In_ PSID _Sid, _In_ BOOLEAN Deny, _In_ BOOLEAN Restricted)
 Checks if a SID is present in a token. More...
 
PSID NTAPI SepGetSidFromAce (_In_ UCHAR AceType, _In_ PACE Ace)
 Captures a security identifier from a given access control entry. This identifier is valid for the whole of its lifetime. More...
 
NTSTATUS NTAPI SeCaptureSidAndAttributesArray (_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
 Captures a SID with attributes. More...
 
VOID NTAPI SeReleaseSidAndAttributesArray (_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
 Releases a captured SID with attributes. More...
 
BOOLEAN NTAPI SepInitDACLs (VOID)
 Initializes known discretionary access control lists in the system upon kernel and Executive initialization procedure. More...
 
NTSTATUS NTAPI SepCreateImpersonationTokenDacl (_In_ PTOKEN Token, _In_ PTOKEN PrimaryToken, _Out_ PACL *Dacl)
 Allocates a discretionary access control list based on certain properties of a regular and primary access tokens. More...
 
NTSTATUS NTAPI SepCaptureAcl (_In_ PACL InputAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PACL *CapturedAcl)
 Captures an access control list from an already valid input ACL. More...
 
VOID NTAPI SepReleaseAcl (_In_ PACL CapturedAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
 Releases (frees) a captured ACL from the memory pool. More...
 
NTSTATUS SepPropagateAcl (_Out_writes_bytes_opt_(DaclLength) PACL AclDest, _Inout_ PULONG AclLength, _In_reads_bytes_(AclSource->AclSize) PACL AclSource, _In_ PSID Owner, _In_ PSID Group, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
 
PACL SepSelectAcl (_In_opt_ PACL ExplicitAcl, _In_ BOOLEAN ExplicitPresent, _In_ BOOLEAN ExplicitDefaulted, _In_opt_ PACL ParentAcl, _In_opt_ PACL DefaultAcl, _Out_ PULONG AclLength, _In_ PSID Owner, _In_ PSID Group, _Out_ PBOOLEAN AclPresent, _Out_ PBOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
 Selects an ACL and returns it to the caller. More...
 
BOOLEAN NTAPI SepInitSDs (VOID)
 Initializes the known security descriptors in the system. More...
 
NTSTATUS NTAPI SeSetWorldSecurityDescriptor (_In_ SECURITY_INFORMATION SecurityInformation, _In_ PISECURITY_DESCRIPTOR SecurityDescriptor, _In_ PULONG BufferLength)
 Sets a "World" security descriptor. More...
 
NTSTATUS NTAPI SeComputeQuotaInformationSize (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PULONG QuotaInfoSize)
 
BOOLEAN NTAPI SeRmInitPhase0 (VOID)
 Manages the phase 0 initialization of the security reference monitoring module of the kernel. More...
 
BOOLEAN NTAPI SeRmInitPhase1 (VOID)
 Manages the phase 1 initialization of the security reference monitoring module of the kernel. More...
 
NTSTATUS NTAPI SepRmInsertLogonSessionIntoToken (_Inout_ PTOKEN Token)
 Inserts a logon session into an access token specified by the caller. More...
 
NTSTATUS NTAPI SepRmRemoveLogonSessionFromToken (_Inout_ PTOKEN Token)
 Removes a logon session from an access token. More...
 
NTSTATUS SepRmReferenceLogonSession (_Inout_ PLUID LogonLuid)
 
NTSTATUS SepRmDereferenceLogonSession (_Inout_ PLUID LogonLuid)
 
NTSTATUS NTAPI SepRegQueryHelper (_In_ PCWSTR KeyName, _In_ PCWSTR ValueName, _In_ ULONG ValueType, _In_ ULONG DataLength, _Out_ PVOID ValueData)
 A private registry helper that returns the desired value data based on the specifics requested by the caller. More...
 
NTSTATUS NTAPI SeGetLogonIdDeviceMap (_In_ PLUID LogonId, _Out_ PDEVICE_MAP *DeviceMap)
 Retrieves the DOS device map from a logon session. More...
 
NTSTATUS NTAPI SeInitializeProcessAuditName (_In_ PFILE_OBJECT FileObject, _In_ BOOLEAN DoAudit, _Out_ POBJECT_NAME_INFORMATION *AuditInfo)
 Initializes a process audit name and returns it to the caller. More...
 
BOOLEAN NTAPI SeDetailedAuditingWithToken (_In_ PTOKEN Token)
 Peforms a detailed security auditing with an access token. More...
 
VOID NTAPI SeAuditProcessExit (_In_ PEPROCESS Process)
 Peforms a security auditing against a process that is about to be terminated. More...
 
VOID NTAPI SeAuditProcessCreate (_In_ PEPROCESS Process)
 Peforms a security auditing against a process that is about to be created. More...
 
VOID NTAPI SePrivilegedServiceAuditAlarm (_In_opt_ PUNICODE_STRING ServiceName, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN AccessGranted)
 Performs an audit alarm to a privileged service request. More...
 
VOID NTAPI SeCaptureSubjectContextEx (_In_ PETHREAD Thread, _In_ PEPROCESS Process, _Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
 An extended function that captures the security subject context based upon the specified thread and process. More...
 
NTSTATUS NTAPI SepCaptureSecurityQualityOfService (_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, _Out_ PBOOLEAN Present)
 Captures the security quality of service data given the object attributes from an object. More...
 
VOID NTAPI SepReleaseSecurityQualityOfService (_In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
 Releases (frees) the captured SQOS data from an object in the memory pool. More...
 
NTSTATUS SeCaptureObjectTypeList (_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ KPROCESSOR_MODE PreviousMode, _Out_ POBJECT_TYPE_LIST *CapturedObjectTypeList)
 Captures a list of object types. More...
 
VOID SeReleaseObjectTypeList (_In_ _Post_invalid_ POBJECT_TYPE_LIST CapturedObjectTypeList, _In_ KPROCESSOR_MODE PreviousMode)
 Releases a buffer list of object types. More...
 
NTSTATUS NTAPI SeCreateAccessStateEx (_In_ PETHREAD Thread, _In_ PEPROCESS Process, _In_ OUT PACCESS_STATE AccessState, _In_ PAUX_ACCESS_DATA AuxData, _In_ ACCESS_MASK Access, _In_ PGENERIC_MAPPING GenericMapping)
 
BOOLEAN NTAPI SeFastTraverseCheck (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE AccessMode)
 Determines whether security access rights can be given to an object depending on the security descriptor. Unlike the regular access check procedure in the NT kernel, the fast traverse check is a faster way to quickly check if access can be made into an object. More...
 

Variables

SID_IDENTIFIER_AUTHORITY SeNullSidAuthority
 
SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority
 
SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority
 
SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority
 
SID_IDENTIFIER_AUTHORITY SeNtSidAuthority
 
PSID SeNullSid
 
PSID SeWorldSid
 
PSID SeLocalSid
 
PSID SeCreatorOwnerSid
 
PSID SeCreatorGroupSid
 
PSID SeCreatorOwnerServerSid
 
PSID SeCreatorGroupServerSid
 
PSID SeNtAuthoritySid
 
PSID SeDialupSid
 
PSID SeNetworkSid
 
PSID SeBatchSid
 
PSID SeInteractiveSid
 
PSID SeServiceSid
 
PSID SeAnonymousLogonSid
 
PSID SePrincipalSelfSid
 
PSID SeLocalSystemSid
 
PSID SeAuthenticatedUserSid
 
PSID SeRestrictedCodeSid
 
PSID SeAliasAdminsSid
 
PSID SeAliasUsersSid
 
PSID SeAliasGuestsSid
 
PSID SeAliasPowerUsersSid
 
PSID SeAliasAccountOpsSid
 
PSID SeAliasSystemOpsSid
 
PSID SeAliasPrintOpsSid
 
PSID SeAliasBackupOpsSid
 
PSID SeAuthenticatedUsersSid
 
PSID SeRestrictedSid
 
PSID SeLocalServiceSid
 
PSID SeNetworkServiceSid
 
const LUID SeCreateTokenPrivilege
 
const LUID SeAssignPrimaryTokenPrivilege
 
const LUID SeLockMemoryPrivilege
 
const LUID SeIncreaseQuotaPrivilege
 
const LUID SeUnsolicitedInputPrivilege
 
const LUID SeTcbPrivilege
 
const LUID SeSecurityPrivilege
 
const LUID SeTakeOwnershipPrivilege
 
const LUID SeLoadDriverPrivilege
 
const LUID SeSystemProfilePrivilege
 
const LUID SeSystemtimePrivilege
 
const LUID SeProfileSingleProcessPrivilege
 
const LUID SeIncreaseBasePriorityPrivilege
 
const LUID SeCreatePagefilePrivilege
 
const LUID SeCreatePermanentPrivilege
 
const LUID SeBackupPrivilege
 
const LUID SeRestorePrivilege
 
const LUID SeShutdownPrivilege
 
const LUID SeDebugPrivilege
 
const LUID SeAuditPrivilege
 
const LUID SeSystemEnvironmentPrivilege
 
const LUID SeChangeNotifyPrivilege
 
const LUID SeRemoteShutdownPrivilege
 
const LUID SeUndockPrivilege
 
const LUID SeSyncAgentPrivilege
 
const LUID SeEnableDelegationPrivilege
 
const LUID SeManageVolumePrivilege
 
const LUID SeImpersonatePrivilege
 
const LUID SeCreateGlobalPrivilege
 
const LUID SeTrustedCredmanPrivilege
 
const LUID SeRelabelPrivilege
 
const LUID SeIncreaseWorkingSetPrivilege
 
const LUID SeTimeZonePrivilege
 
const LUID SeCreateSymbolicLinkPrivilege
 
PACL SePublicDefaultUnrestrictedDacl
 
PACL SePublicOpenDacl
 
PACL SePublicOpenUnrestrictedDacl
 
PACL SeUnrestrictedDacl
 
PACL SeSystemAnonymousLogonDacl
 
PSECURITY_DESCRIPTOR SePublicDefaultSd
 
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
 
PSECURITY_DESCRIPTOR SePublicOpenSd
 
PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
 
PSECURITY_DESCRIPTOR SeSystemDefaultSd
 
PSECURITY_DESCRIPTOR SeUnrestrictedSd
 
PSECURITY_DESCRIPTOR SeSystemAnonymousLogonSd
 
PTOKEN SeAnonymousLogonToken
 
PTOKEN SeAnonymousLogonTokenNoEveryone
 

Macro Definition Documentation

◆ SepAcquireTokenLockExclusive

#define SepAcquireTokenLockExclusive (   Token)
Value:
{ \
KeEnterCriticalRegion(); \
ExAcquireResourceExclusiveLite(((PTOKEN)Token)->TokenLock, TRUE); \
}
#define TRUE
Definition: types.h:120
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token

Definition at line 275 of file se.h.

◆ SepAcquireTokenLockShared

#define SepAcquireTokenLockShared (   Token)
Value:
{ \
KeEnterCriticalRegion(); \
ExAcquireResourceSharedLite(((PTOKEN)Token)->TokenLock, TRUE); \
}
#define TRUE
Definition: types.h:120
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token

Definition at line 280 of file se.h.

◆ SepReleaseTokenLock

#define SepReleaseTokenLock (   Token)
Value:
{ \
ExReleaseResourceLite(((PTOKEN)Token)->TokenLock); \
KeLeaveCriticalRegion(); \
}
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token

Definition at line 286 of file se.h.

◆ TOKEN_CREATE_METHOD

#define TOKEN_CREATE_METHOD   0xCUL

Definition at line 70 of file se.h.

◆ TOKEN_DUPLICATE_METHOD

#define TOKEN_DUPLICATE_METHOD   0xDUL

Definition at line 71 of file se.h.

◆ TOKEN_FILTER_METHOD

#define TOKEN_FILTER_METHOD   0xFUL

Definition at line 72 of file se.h.

Typedef Documentation

◆ ACCESS_CHECK_RIGHT_TYPE

◆ ACCESS_CHECK_RIGHTS

◆ KNOWN_ACE

◆ KNOWN_COMPOUND_ACE

◆ KNOWN_OBJECT_ACE

◆ PACCESS_CHECK_RIGHTS

◆ PKNOWN_ACE

◆ PKNOWN_COMPOUND_ACE

◆ PKNOWN_OBJECT_ACE

◆ PTOKEN_AUDIT_POLICY_INFORMATION

◆ TOKEN_AUDIT_POLICY_INFORMATION

Enumeration Type Documentation

◆ _ACCESS_CHECK_RIGHT_TYPE

Enumerator
AccessCheckMaximum 
AccessCheckRegular 

Definition at line 48 of file se.h.

49 {
enum _ACCESS_CHECK_RIGHT_TYPE ACCESS_CHECK_RIGHT_TYPE

Function Documentation

◆ RtlLengthSidAndAttributes()

ULONG RtlLengthSidAndAttributes ( _In_ ULONG  Count,
_In_ PSID_AND_ATTRIBUTES  Src 
)

Computes the length size of a SID.

Parameters
[in]CountTotal count of entries that have SIDs in them (that being PSID_AND_ATTRIBUTES in this context).
[in]SrcSource that points to the attributes and SID entry structure.
Returns
Returns the total length of a SID size.

Definition at line 824 of file token.c.

827 {
828  ULONG i;
829  ULONG uLength;
830 
831  PAGED_CODE();
832 
833  uLength = Count * sizeof(SID_AND_ATTRIBUTES);
834  for (i = 0; i < Count; i++)
835  uLength += RtlLengthSid(Src[i].Sid);
836 
837  return uLength;
838 }
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
int Count
Definition: noreturn.cpp:7
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
unsigned int ULONG
Definition: retypes.h:1
#define PAGED_CODE()

Referenced by NtQueryInformationToken(), SepPerformTokenFiltering(), and SeQueryInformationToken().

◆ SeAuditProcessCreate()

VOID NTAPI SeAuditProcessCreate ( _In_ PEPROCESS  Process)

Peforms a security auditing against a process that is about to be created.

@unimplemented

Parameters
[in]ProcessAn object that points to a process which is in process of creation.
Returns
Nothing.

Definition at line 56 of file audit.c.

58 {
59  /* FIXME */
60 }

Referenced by PspCreateProcess().

◆ SeAuditProcessExit()

VOID NTAPI SeAuditProcessExit ( _In_ PEPROCESS  Process)

Peforms a security auditing against a process that is about to be terminated.

@unimplemented

Parameters
[in]ProcessAn object that points to a process which is in process of termination.
Returns
Nothing.

Definition at line 77 of file audit.c.

79 {
80  /* FIXME */
81 }

Referenced by PspExitThread().

◆ SeCaptureLuidAndAttributesArray()

NTSTATUS NTAPI SeCaptureLuidAndAttributesArray ( _In_ PLUID_AND_ATTRIBUTES  Src,
_In_ ULONG  PrivilegeCount,
_In_ KPROCESSOR_MODE  PreviousMode,
_In_ PLUID_AND_ATTRIBUTES  AllocatedMem,
_In_ ULONG  AllocatedLength,
_In_ POOL_TYPE  PoolType,
_In_ BOOLEAN  CaptureIfKernel,
_Out_ PLUID_AND_ATTRIBUTES Dest,
_Inout_ PULONG  Length 
)

◆ SeCaptureObjectTypeList()

NTSTATUS SeCaptureObjectTypeList ( _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeListLength,
_In_ KPROCESSOR_MODE  PreviousMode,
_Out_ POBJECT_TYPE_LIST CapturedObjectTypeList 
)

Captures a list of object types.

Parameters
[in]ObjectTypeListAn existing list of object types.
[in]ObjectTypeListLengthThe length size of the list.
[in]PreviousModeProcessor access level mode.
[out]CapturedObjectTypeListThe captured list of object types.
Returns
Returns STATUS_SUCCESS if the list of object types has been captured successfully. STATUS_INVALID_PARAMETER is returned if the caller hasn't supplied a buffer list of object types. STATUS_INSUFFICIENT_RESOURCES is returned if pool memory allocation for the captured list has failed.

Definition at line 39 of file objtype.c.

44 {
45  SIZE_T Size;
46 
47  if (PreviousMode == KernelMode)
48  {
50  }
51 
52  if (ObjectTypeListLength == 0)
53  {
54  *CapturedObjectTypeList = NULL;
55  return STATUS_SUCCESS;
56  }
57 
58  if (ObjectTypeList == NULL)
59  {
61  }
62 
63  /* Calculate the list size and check for integer overflow */
64  Size = ObjectTypeListLength * sizeof(OBJECT_TYPE_LIST);
65  if (Size == 0)
66  {
68  }
69 
70  /* Allocate a new list */
71  *CapturedObjectTypeList = ExAllocatePoolWithTag(PagedPool, Size, TAG_SEPA);
72  if (*CapturedObjectTypeList == NULL)
73  {
75  }
76 
77  _SEH2_TRY
78  {
79  ProbeForRead(ObjectTypeList, Size, sizeof(ULONG));
80  RtlCopyMemory(*CapturedObjectTypeList, ObjectTypeList, Size);
81  }
83  {
84  ExFreePoolWithTag(*CapturedObjectTypeList, TAG_SEPA);
85  *CapturedObjectTypeList = NULL;
87  }
88  _SEH2_END;
89 
90  return STATUS_SUCCESS;
91 }
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
struct _OBJECT_TYPE_LIST OBJECT_TYPE_LIST
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
IN PVOID IN PVOID IN USHORT IN USHORT Size
Definition: pci.h:361
_SEH2_TRY
Definition: create.c:4226
return STATUS_NOT_IMPLEMENTED
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
ULONG_PTR SIZE_T
Definition: typedefs.h:80
_SEH2_END
Definition: create.c:4400
#define NULL
Definition: types.h:112
unsigned int ULONG
Definition: retypes.h:1
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define TAG_SEPA
Definition: tag.h:153
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099

Referenced by SepAccessCheckAndAuditAlarm().

◆ SeCaptureSidAndAttributesArray()

NTSTATUS NTAPI SeCaptureSidAndAttributesArray ( _In_ PSID_AND_ATTRIBUTES  SrcSidAndAttributes,
_In_ ULONG  AttributeCount,
_In_ KPROCESSOR_MODE  PreviousMode,
_In_opt_ PVOID  AllocatedMem,
_In_ ULONG  AllocatedLength,
_In_ POOL_TYPE  PoolType,
_In_ BOOLEAN  CaptureIfKernel,
_Out_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes,
_Out_ PULONG  ResultLength 
)

Captures a SID with attributes.

Parameters
[in]SrcSidAndAttributesSource of the SID with attributes to be captured.
[in]AttributeCountThe number count of attributes, in total.
[in]PreviousModeProcessor access level mode.
[in]AllocatedMemThe allocated memory buffer for the captured SID. If the caller supplies no allocated block of memory then the function will allocate some buffer block of memory for the captured SID automatically.
[in]AllocatedLengthThe length of the buffer that points to the allocated memory, in bytes.
[in]PoolTypeThe pool type for the captured SID and attributes to assign.
[in]CaptureIfKernelIf set to TRUE, the capturing is done within the kernel. Otherwise the capturing is done in a kernel mode driver.
[out]CapturedSidAndAttributesThe captured SID and attributes.
[out]ResultLengthThe length of the captured SID and attributes, in bytes.
Returns
Returns STATUS_SUCCESS if SID and attributes capturing has been completed successfully. STATUS_INVALID_PARAMETER is returned if the count of attributes exceeds the maximum threshold that the kernel can permit, with the purpose of avoiding integer overflows. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the captured SID has failed. STATUS_BUFFER_TOO_SMALL is returned if the length of the allocated buffer is less than the required size. STATUS_INVALID_SID is returned if a SID doesn't meet certain requirements to be considered a valid SID by the security manager. A failure NTSTATUS code is returned otherwise.
Remarks
A security identifier (SID) is a variable-length data structure that can change in size over time, depending on the factors that influence this effect in question. An attacker can take advantage of this fact and can potentially modify certain properties of a SID making it different in size than it was originally before. This is what we'd call, a TOCTOU vulnerability.

For this reason, the logic of copying the SIDs and their attributes into a new buffer goes like this: first, allocate a buffer array that just holds the lengths and subauthority count of each SID. Such information is copied in the first loop. Then in a second loop, iterate over the array with SID provided and copy them into the final array. The moment we're doing this, validate the lengths of each SID basing upon the captured lengths we've got before. In this way we ensure that the SIDs have remained intact. The validation checks are done in user mode as a general rule that we just cannot trust UM and whatever data is coming from it.

Definition at line 696 of file sid.c.

706 {
707  ULONG ArraySize, RequiredLength, SidLength, i;
708  ULONG TempArrayValidate, TempLengthValidate;
709  PSID_AND_ATTRIBUTES SidAndAttributes;
710  _SEH2_VOLATILE PSID_VALIDATE ValidateArray;
711  PUCHAR CurrentDest;
712  PISID Sid;
714  PAGED_CODE();
715 
716  ValidateArray = NULL;
717  SidAndAttributes = NULL;
718  *CapturedSidAndAttributes = NULL;
719  *ResultLength = 0;
720 
721  if (AttributeCount == 0)
722  {
723  return STATUS_SUCCESS;
724  }
725 
726  if (AttributeCount > SE_MAXIMUM_GROUP_LIMIT)
727  {
728  DPRINT1("SeCaptureSidAndAttributesArray(): Maximum group limit exceeded!\n");
730  }
731 
732  if ((PreviousMode == KernelMode) && !CaptureIfKernel)
733  {
734  *CapturedSidAndAttributes = SrcSidAndAttributes;
735  return STATUS_SUCCESS;
736  }
737 
738  ArraySize = AttributeCount * sizeof(SID_AND_ATTRIBUTES);
739  RequiredLength = ALIGN_UP_BY(ArraySize, sizeof(ULONG));
740 
741  if (PreviousMode != KernelMode)
742  {
743  /* Check for user mode data */
744  _SEH2_TRY
745  {
746  /* First probe the whole array */
747  ProbeForRead(SrcSidAndAttributes, ArraySize, sizeof(ULONG));
748 
749  /* We're in user mode, set up the size for the temporary array */
750  TempArrayValidate = AttributeCount * sizeof(SID_VALIDATE);
751  TempLengthValidate = ALIGN_UP_BY(TempArrayValidate, sizeof(ULONG));
752 
753  /*
754  * Allocate a buffer for the array that we're going to
755  * temporarily hold the subauthority count and the SID
756  * elements. We'll be going to use this array to perform
757  * validation checks later.
758  */
760  TempLengthValidate,
762 
763  /* Loop the array elements */
764  for (i = 0; i < AttributeCount; i++)
765  {
766  /* Get the SID and probe the minimal structure */
767  Sid = SrcSidAndAttributes[i].Sid;
768  ProbeForRead(Sid, sizeof(*Sid), sizeof(ULONG));
769 
770  /*
771  * Capture the subauthority count and hold it
772  * into the temporary array for later validation.
773  * This way we ensure that the said count of each
774  * SID has remained the same.
775  */
776  ValidateArray[i].SubAuthorityCount = Sid->SubAuthorityCount;
777 
778  /* Capture the SID */
779  ValidateArray[i].ProbeSid = Sid;
780 
781  /* Calculate the SID length and probe the full SID */
782  SidLength = RtlLengthRequiredSid(ValidateArray[i].SubAuthorityCount);
783  ProbeForRead(ValidateArray[i].ProbeSid, SidLength, sizeof(ULONG));
784 
785  /* Add the aligned length to the required length */
786  RequiredLength += ALIGN_UP_BY(SidLength, sizeof(ULONG));
787  }
788  }
790  {
792  _SEH2_YIELD(goto Cleanup);
793  }
794  _SEH2_END;
795  }
796  else
797  {
798  /* Loop the array elements */
799  for (i = 0; i < AttributeCount; i++)
800  {
801  /* Get the SID and it's length */
802  Sid = SrcSidAndAttributes[i].Sid;
804 
805  /* Add the aligned length to the required length */
806  RequiredLength += ALIGN_UP_BY(SidLength, sizeof(ULONG));
807  }
808  }
809 
810  /* Assume success */
813 
814  /* Check if we have no buffer */
815  if (AllocatedMem == NULL)
816  {
817  /* Allocate a new buffer */
818  SidAndAttributes = ExAllocatePoolWithTag(PoolType,
821  if (SidAndAttributes == NULL)
822  {
823  DPRINT1("SeCaptureSidAndAttributesArray(): Failed to allocate memory for SID and attributes array (requested size -> %lu)!\n", RequiredLength);
825  goto Cleanup;
826  }
827  }
828  /* Otherwise check if the buffer is large enough */
829  else if (AllocatedLength >= RequiredLength)
830  {
831  /* Buffer is large enough, use it */
832  SidAndAttributes = AllocatedMem;
833  }
834  else
835  {
836  /* Buffer is too small, fail */
837  DPRINT1("SeCaptureSidAndAttributesArray(): The provided buffer is small (expected size -> %lu || current size -> %lu)!\n", RequiredLength, AllocatedLength);
839  goto Cleanup;
840  }
841 
842  *CapturedSidAndAttributes = SidAndAttributes;
843 
844  /* Check again for user mode */
845  if (PreviousMode != KernelMode)
846  {
847  _SEH2_TRY
848  {
849  /* The rest of the data starts after the array */
850  CurrentDest = (PUCHAR)SidAndAttributes;
851  CurrentDest += ALIGN_UP_BY(ArraySize, sizeof(ULONG));
852 
853  /* Loop the array elements */
854  for (i = 0; i < AttributeCount; i++)
855  {
856  /*
857  * Get the SID length from the subauthority
858  * count we've captured before.
859  */
860  SidLength = RtlLengthRequiredSid(ValidateArray[i].SubAuthorityCount);
861 
862  /* Copy attributes */
863  SidAndAttributes[i].Attributes = SrcSidAndAttributes[i].Attributes;
864 
865  /* Copy the SID to the current destination address */
866  SidAndAttributes[i].Sid = (PSID)CurrentDest;
867  RtlCopyMemory(CurrentDest, ValidateArray[i].ProbeSid, SidLength);
868 
869  /* Obtain the SID we've captured before for validation */
870  Sid = SidAndAttributes[i].Sid;
871 
872  /* Validate that the subauthority count hasn't changed */
873  if (ValidateArray[i].SubAuthorityCount !=
875  {
876  /* It's changed, bail out */
877  DPRINT1("SeCaptureSidAndAttributesArray(): The subauthority counts have changed (captured count -> %u || current count -> %u)\n",
878  ValidateArray[i].SubAuthorityCount, Sid->SubAuthorityCount);
880  goto Cleanup;
881  }
882 
883  /* Validate that the SID length is the same */
884  if (SidLength != RtlLengthSid(Sid))
885  {
886  /* They're no longer the same, bail out */
887  DPRINT1("SeCaptureSidAndAttributesArray(): The SID lengths have changed (captured length -> %lu || current length -> %lu)\n",
888  SidLength, RtlLengthSid(Sid));
890  goto Cleanup;
891  }
892 
893  /* Check that the SID is valid */
894  if (!RtlValidSid(Sid))
895  {
896  DPRINT1("SeCaptureSidAndAttributesArray(): The SID is not valid!\n");
898  goto Cleanup;
899  }
900 
901  /* Update the current destination address */
902  CurrentDest += ALIGN_UP_BY(SidLength, sizeof(ULONG));
903  }
904  }
906  {
908  }
909  _SEH2_END;
910  }
911  else
912  {
913  /* The rest of the data starts after the array */
914  CurrentDest = (PUCHAR)SidAndAttributes;
915  CurrentDest += ALIGN_UP_BY(ArraySize, sizeof(ULONG));
916 
917  /* Loop the array elements */
918  for (i = 0; i < AttributeCount; i++)
919  {
920  /* Get the SID and it's length */
921  Sid = SrcSidAndAttributes[i].Sid;
923 
924  /* Copy attributes */
925  SidAndAttributes[i].Attributes = SrcSidAndAttributes[i].Attributes;
926 
927  /* Copy the SID to the current destination address */
928  SidAndAttributes[i].Sid = (PSID)CurrentDest;
929  RtlCopyMemory(CurrentDest, SrcSidAndAttributes[i].Sid, SidLength);
930 
931  /* Update the current destination address */
932  CurrentDest += ALIGN_UP_BY(SidLength, sizeof(ULONG));
933  }
934  }
935 
936 Cleanup:
937  /* Check for failure */
938  if (!NT_SUCCESS(Status))
939  {
940  /* Check if we allocated a new array */
941  if ((SidAndAttributes != AllocatedMem) && (SidAndAttributes != NULL))
942  {
943  /* Free the array */
944  ExFreePoolWithTag(SidAndAttributes, TAG_SID_AND_ATTRIBUTES);
945  }
946 
947  /* Set returned address to NULL */
948  *CapturedSidAndAttributes = NULL;
949  }
950 
951  /* Free the temporary validation array */
952  if ((PreviousMode != KernelMode) && (ValidateArray != NULL))
953  {
954  ExFreePoolWithTag(ValidateArray, TAG_SID_VALIDATE);
955  }
956 
957  return Status;
958 }
#define SE_MAXIMUM_GROUP_LIMIT
Definition: sid.c:16
#define TAG_SID_AND_ATTRIBUTES
Definition: tag.h:162
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
unsigned char * PUCHAR
Definition: retypes.h:3
LONG NTSTATUS
Definition: precomp.h:26
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
_SEH2_TRY
Definition: create.c:4226
struct _SID_VALIDATE SID_VALIDATE
ULONG NTAPI RtlLengthSid(IN PSID Sid_)
Definition: sid.c:150
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
#define STATUS_INVALID_SID
Definition: ntstatus.h:356
BOOLEAN NTAPI RtlValidSid(IN PSID Sid_)
Definition: sid.c:21
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
#define TAG_SID_VALIDATE
Definition: tag.h:163
struct _SID * PSID
Definition: eventlog.c:35
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
_In_ PSID_IDENTIFIER_AUTHORITY _In_ UCHAR SubAuthorityCount
Definition: rtlfuncs.h:1486
static const WCHAR Cleanup[]
Definition: register.c:80
#define _SEH2_VOLATILE
Definition: pseh2_64.h:169
_SEH2_END
Definition: create.c:4400
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
_In_ ULONG _Out_opt_ PULONG RequiredLength
Definition: wmifuncs.h:29
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
unsigned int ULONG
Definition: retypes.h:1
#define ALIGN_UP_BY(size, align)
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3776
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define POOL_RAISE_IF_ALLOCATION_FAILURE
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define PAGED_CODE()

Referenced by NtAdjustGroupsToken(), NtCreateToken(), and NtFilterToken().

◆ SeCaptureSubjectContextEx()

VOID NTAPI SeCaptureSubjectContextEx ( _In_ PETHREAD  Thread,
_In_ PEPROCESS  Process,
_Out_ PSECURITY_SUBJECT_CONTEXT  SubjectContext 
)

An extended function that captures the security subject context based upon the specified thread and process.

Parameters
[in]ThreadA thread where the calling thread's token is to be referenced for the security context.
[in]ProcessA process where the main process' token is to be referenced for the security context.
[out]SubjectContextThe returned security subject context.
Returns
Nothing.

Definition at line 41 of file subject.c.

45 {
47 
48  PAGED_CODE();
49 
50  /* Save the unique ID */
51  SubjectContext->ProcessAuditId = Process->UniqueProcessId;
52 
53  /* Check if we have a thread */
54  if (!Thread)
55  {
56  /* We don't, so no token */
57  SubjectContext->ClientToken = NULL;
58  }
59  else
60  {
61  /* Get the impersonation token */
63  &CopyOnOpen,
65  &SubjectContext->ImpersonationLevel);
66  }
67 
68  /* Get the primary token */
70 }
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
_Out_ PBOOLEAN CopyOnOpen
Definition: psfuncs.h:154
unsigned char BOOLEAN
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2652
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
PACCESS_TOKEN NTAPI PsReferenceImpersonationToken(IN PETHREAD Thread, OUT PBOOLEAN CopyOnOpen, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:849
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:401
#define PAGED_CODE()

Referenced by SeCaptureSubjectContext(), and SeCreateAccessStateEx().

◆ SeCheckAuditPrivilege()

BOOLEAN NTAPI SeCheckAuditPrivilege ( _In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext,
_In_ KPROCESSOR_MODE  PreviousMode 
)

Checks a single privilege and performs an audit against a privileged service based on a security subject context.

Parameters
[in]DesiredAccessSecurity subject context used for privileged service auditing.
[in]PreviousModeProcessor level access mode.
Returns
Returns TRUE if service auditing and privilege checking tests have succeeded, FALSE otherwise.

Definition at line 360 of file priv.c.

363 {
364  PRIVILEGE_SET PrivilegeSet;
365  BOOLEAN Result;
366  PAGED_CODE();
367 
368  /* Initialize the privilege set with the single privilege */
369  PrivilegeSet.PrivilegeCount = 1;
370  PrivilegeSet.Control = PRIVILEGE_SET_ALL_NECESSARY;
371  PrivilegeSet.Privilege[0].Luid = SeAuditPrivilege;
372  PrivilegeSet.Privilege[0].Attributes = 0;
373 
374  /* Check against the primary token! */
375  Result = SepPrivilegeCheck(SubjectContext->PrimaryToken,
376  &PrivilegeSet.Privilege[0],
377  1,
379  PreviousMode);
380 
381  if (PreviousMode != KernelMode)
382  {
385  &PrivilegeSet,
386  Result);
387  }
388 
389  return Result;
390 }
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
const LUID SeAuditPrivilege
Definition: priv.c:40
$ULONG Control
Definition: setypes.h:87
#define PRIVILEGE_SET_ALL_NECESSARY
Definition: setypes.h:83
unsigned char BOOLEAN
BOOLEAN NTAPI SepPrivilegeCheck(_In_ PTOKEN Token, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_ ULONG PrivilegeCount, _In_ ULONG PrivilegeControl, _In_ KPROCESSOR_MODE PreviousMode)
Checks the privileges pointed by Privileges array argument if they exist and match with the privilege...
Definition: priv.c:104
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
$ULONG PrivilegeCount
Definition: setypes.h:86
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
VOID NTAPI SePrivilegedServiceAuditAlarm(_In_opt_ PUNICODE_STRING ServiceName, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN AccessGranted)
Performs an audit alarm to a privileged service request.
Definition: audit.c:369
#define NULL
Definition: types.h:112
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]
Definition: setypes.h:88
#define PAGED_CODE()

Referenced by NtCloseObjectAuditAlarm(), NtOpenObjectAuditAlarm(), NtPrivilegedServiceAuditAlarm(), and SepAccessCheckAndAuditAlarm().

◆ SeCheckPrivilegedObject()

BOOLEAN NTAPI SeCheckPrivilegedObject ( _In_ LUID  PrivilegeValue,
_In_ HANDLE  ObjectHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ KPROCESSOR_MODE  PreviousMode 
)

Checks a privileged object if such object has the specific privilege submitted by the caller.

Parameters
[in]PrivilegeValueA privilege to be checked against the one from the object.
[in]ObjectHandleA handle to any kind of object.
[in]DesiredAccessDesired access right mask requested by the caller.
[in]PreviousModeProcessor level access mode.
Returns
Returns TRUE if the privilege is present, FALSE otherwise.

Definition at line 803 of file priv.c.

808 {
810  PRIVILEGE_SET Priv;
811  BOOLEAN Result;
812 
813  PAGED_CODE();
814 
816 
817  Priv.PrivilegeCount = 1;
819  Priv.Privilege[0].Luid = PrivilegeValue;
821 
823  if (PreviousMode != KernelMode)
824  {
825 #if 0
826  SePrivilegeObjectAuditAlarm(ObjectHandle,
829  &PrivilegeValue,
830  Result,
831  PreviousMode);
832 #endif
833  }
834 
836 
837  return Result;
838 }
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
$ULONG Control
Definition: setypes.h:87
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
#define PRIVILEGE_SET_ALL_NECESSARY
Definition: setypes.h:83
unsigned char BOOLEAN
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
$ULONG PrivilegeCount
Definition: setypes.h:86
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
VOID NTAPI SePrivilegeObjectAuditAlarm(_In_ HANDLE Handle, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE CurrentMode)
Raises an audit with alarm notification message when an object tries to acquire this privilege.
Definition: audit.c:1321
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
Definition: subject.c:85
BOOLEAN NTAPI SePrivilegeCheck(_In_ PPRIVILEGE_SET Privileges, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a set of privileges exist and match within a security subject context.
Definition: priv.c:698
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]
Definition: setypes.h:88
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
Definition: subject.c:171
#define PAGED_CODE()

Referenced by NtSetInformationProcess(), and NtSetInformationThread().

◆ SeComputeQuotaInformationSize()

NTSTATUS NTAPI SeComputeQuotaInformationSize ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_Out_ PULONG  QuotaInfoSize 
)

◆ SeCopyClientToken()

NTSTATUS NTAPI SeCopyClientToken ( _In_ PACCESS_TOKEN  Token,
_In_ SECURITY_IMPERSONATION_LEVEL  Level,
_In_ KPROCESSOR_MODE  PreviousMode,
_Out_ PACCESS_TOKEN NewToken 
)

Copies an existing access token (technically duplicating a new one).

Parameters
[in]TokenToken to copy.
[in]LevelImpersonation security level to assign to the newly copied token.
[in]PreviousModeProcessor request level mode.
[out]NewTokenThe newly copied token.
Returns
Returns STATUS_SUCCESS when token copying has finished successfully. A failure NTSTATUS code is returned otherwise.

Definition at line 1155 of file token.c.

1160 {
1161  NTSTATUS Status;
1163 
1164  PAGED_CODE();
1165 
1167  NULL,
1168  0,
1169  NULL,
1170  NULL);
1171 
1174  FALSE,
1176  Level,
1177  PreviousMode,
1178  (PTOKEN*)NewToken);
1179 
1180  return Status;
1181 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR Level
Definition: wmitypes.h:55
#define FALSE
Definition: types.h:117
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define NULL
Definition: types.h:112
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Duplicates an access token, from an existing valid token.
Definition: tokenlif.c:423
#define PAGED_CODE()

Referenced by PsImpersonateClient(), and SepCreateClientSecurity().

◆ SeCreateAccessStateEx()

NTSTATUS NTAPI SeCreateAccessStateEx ( _In_ PETHREAD  Thread,
_In_ PEPROCESS  Process,
_In_ OUT PACCESS_STATE  AccessState,
_In_ PAUX_ACCESS_DATA  AuxData,
_In_ ACCESS_MASK  Access,
_In_ PGENERIC_MAPPING  GenericMapping 
)

◆ SeDeassignPrimaryToken()

VOID NTAPI SeDeassignPrimaryToken ( _Inout_ PEPROCESS  Process)

Removes the primary token of a process.

Parameters
[in,out]ProcessThe process instance with the access token to be removed.
Returns
Nothing.

Definition at line 795 of file token.c.

797 {
798  PTOKEN OldToken;
799 
800  /* Remove the Token */
801  OldToken = ObFastReplaceObject(&Process->Token, NULL);
802 
803  /* Mark the Old Token as free */
804  OldToken->TokenInUse = FALSE;
805 
806  /* Dereference the Token */
807  ObDereferenceObject(OldToken);
808 }
#define FALSE
Definition: types.h:117
PVOID FASTCALL ObFastReplaceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
BOOLEAN TokenInUse
Definition: setypes.h:242
#define ObDereferenceObject
Definition: obfuncs.h:203
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219

Referenced by PspDeleteProcessSecurity(), and SeAssignPrimaryToken().

◆ SeDefaultObjectMethod()

NTSTATUS NTAPI SeDefaultObjectMethod ( _In_ PVOID  Object,
_In_ SECURITY_OPERATION_CODE  OperationType,
_In_ PSECURITY_INFORMATION  SecurityInformation,
_Inout_opt_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_Inout_opt_ PULONG  ReturnLength,
_Inout_opt_ PSECURITY_DESCRIPTOR OldSecurityDescriptor,
_In_ POOL_TYPE  PoolType,
_In_ PGENERIC_MAPPING  GenericMapping 
)

◆ SeDetailedAuditingWithToken()

BOOLEAN NTAPI SeDetailedAuditingWithToken ( _In_ PTOKEN  Token)

Peforms a detailed security auditing with an access token.

@unimplemented

Parameters
[in]TokenA valid token object.
Returns
To be added...

Definition at line 34 of file audit.c.

36 {
37  /* FIXME */
38  return FALSE;
39 }
#define FALSE
Definition: types.h:117

Referenced by ObInitProcess(), PspCreateProcess(), and PspExitThread().

◆ SeExchangePrimaryToken()

NTSTATUS NTAPI SeExchangePrimaryToken ( _In_ PEPROCESS  Process,
_In_ PACCESS_TOKEN  NewAccessToken,
_Out_ PACCESS_TOKEN OldAccessToken 
)

Replaces the old access token of a process (pointed by the EPROCESS kernel structure) with a new access token. The new access token must be a primary token for use.

Parameters
[in]ProcessThe process instance where its access token is about to be replaced.
[in]NewAccessTokenThe new token that it's going to replace the old one.
[out]OldAccessTokenThe returned old token that's been replaced, which the caller can do anything.
Returns
Returns STATUS_SUCCESS if the exchange operation between tokens has completed successfully. STATUS_BAD_TOKEN_TYPE is returned if the new token is not a primary one so that we cannot exchange it with the old one from the process. STATUS_TOKEN_ALREADY_IN_USE is returned if both tokens aren't equal which means one of them has different properties (groups, privileges, etc.) and as such one of them is currently in use. A failure NTSTATUS code is returned otherwise.

Definition at line 705 of file token.c.

709 {
710  PTOKEN OldToken;
711  PTOKEN NewToken = (PTOKEN)NewAccessToken;
712 
713  PAGED_CODE();
714 
715  if (NewToken->TokenType != TokenPrimary)
716  return STATUS_BAD_TOKEN_TYPE;
717 
718  if (NewToken->TokenInUse)
719  {
722 
723  /* Maybe we're trying to set the same token */
724  OldToken = PsReferencePrimaryToken(Process);
725  if (OldToken == NewToken)
726  {
727  /* So it's a nop. */
728  *OldAccessToken = OldToken;
729  return STATUS_SUCCESS;
730  }
731 
732  Status = SepCompareTokens(OldToken, NewToken, &IsEqual);
733  if (!NT_SUCCESS(Status))
734  {
735  PsDereferencePrimaryToken(OldToken);
736  *OldAccessToken = NULL;
737  return Status;
738  }
739 
740  if (!IsEqual)
741  {
742  PsDereferencePrimaryToken(OldToken);
743  *OldAccessToken = NULL;
745  }
746  /* Silently return STATUS_SUCCESS but do not set the new token,
747  * as it's already in use elsewhere. */
748  *OldAccessToken = OldToken;
749  return STATUS_SUCCESS;
750  }
751 
752  /* Lock the new token */
754 
755  /* Mark new token in use */
756  NewToken->TokenInUse = TRUE;
757 
758  /* Set the session ID for the new token */
759  NewToken->SessionId = MmGetSessionId(Process);
760 
761  /* Unlock the new token */
762  SepReleaseTokenLock(NewToken);
763 
764  /* Reference the new token */
765  ObReferenceObject(NewToken);
766 
767  /* Replace the old with the new */
768  OldToken = ObFastReplaceObject(&Process->Token, NewToken);
769 
770  /* Lock the old token */
772 
773  /* Mark the old token as free */
774  OldToken->TokenInUse = FALSE;
775 
776  /* Unlock the old token */
777  SepReleaseTokenLock(OldToken);
778 
779  *OldAccessToken = (PACCESS_TOKEN)OldToken;
780  return STATUS_SUCCESS;
781 }
TOKEN_TYPE TokenType
Definition: setypes.h:239
#define SepAcquireTokenLockExclusive(Token)
Definition: se.h:275
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
PVOID PACCESS_TOKEN
Definition: setypes.h:11
#define FALSE
Definition: types.h:117
unsigned char BOOLEAN
#define STATUS_BAD_TOKEN_TYPE
Definition: ntstatus.h:404
ULONG SessionId
Definition: setypes.h:225
Status
Definition: gdiplustypes.h:24
PVOID FASTCALL ObFastReplaceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
BOOLEAN TokenInUse
Definition: setypes.h:242
static NTSTATUS SepCompareTokens(_In_ PTOKEN FirstToken, _In_ PTOKEN SecondToken, _Out_ PBOOLEAN Equal)
Compares tokens if they're equal based on all the following properties. If all of the said conditions...
Definition: token.c:243
#define STATUS_TOKEN_ALREADY_IN_USE
Definition: ntstatus.h:535
#define SepReleaseTokenLock(Token)
Definition: se.h:286
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
struct _TOKEN * PTOKEN
#define NULL
Definition: types.h:112
VOID NTAPI PsDereferencePrimaryToken(IN PACCESS_TOKEN PrimaryToken)
Definition: security.c:902
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
#define ObReferenceObject
Definition: obfuncs.h:204
ULONG NTAPI MmGetSessionId(IN PEPROCESS Process)
Definition: session.c:179
#define STATUS_SUCCESS
Definition: shellext.h:65
#define PAGED_CODE()

Referenced by PspAssignPrimaryToken().

◆ SeFastTraverseCheck()

BOOLEAN NTAPI SeFastTraverseCheck ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PACCESS_STATE  AccessState,
_In_ ACCESS_MASK  DesiredAccess,
_In_ KPROCESSOR_MODE  AccessMode 
)

Determines whether security access rights can be given to an object depending on the security descriptor. Unlike the regular access check procedure in the NT kernel, the fast traverse check is a faster way to quickly check if access can be made into an object.

Parameters
[in]SecurityDescriptorSecurity descriptor of the object that is being accessed.
[in]AccessStateAn access state to determine if the access token in the current security context of the object is an restricted token.
[in]DesiredAccessThe access right bitmask where the calling thread wants to acquire.
[in]AccessModeProcess level request mode.
Returns
Returns TRUE if access onto the specific object is allowed, FALSE otherwise.

Definition at line 1047 of file accesschk.c.

1052 {
1053  PACL Dacl;
1054  ULONG AceIndex;
1055  PKNOWN_ACE Ace;
1056 
1057  PAGED_CODE();
1058 
1060 
1061  if (SecurityDescriptor == NULL)
1062  return FALSE;
1063 
1064  /* Get DACL */
1066  /* If no DACL, grant access */
1067  if (Dacl == NULL)
1068  return TRUE;
1069 
1070  /* No ACE -> Deny */
1071  if (!Dacl->AceCount)
1072  return FALSE;
1073 
1074  /* Can't perform the check on restricted token */
1075  if (AccessState->Flags & TOKEN_IS_RESTRICTED)
1076  return FALSE;
1077 
1078  /* Browse the ACEs */
1079  for (AceIndex = 0, Ace = (PKNOWN_ACE)((ULONG_PTR)Dacl + sizeof(ACL));
1080  AceIndex < Dacl->AceCount;
1081  AceIndex++, Ace = (PKNOWN_ACE)((ULONG_PTR)Ace + Ace->Header.AceSize))
1082  {
1083  if (Ace->Header.AceFlags & INHERIT_ONLY_ACE)
1084  continue;
1085 
1086  /* If access-allowed ACE */
1087  if (Ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE)
1088  {
1089  /* Check if all accesses are granted */
1090  if (!(Ace->Mask & DesiredAccess))
1091  continue;
1092 
1093  /* Check SID and grant access if matching */
1094  if (RtlEqualSid(SeWorldSid, &(Ace->SidStart)))
1095  return TRUE;
1096  }
1097  /* If access-denied ACE */
1098  else if (Ace->Header.AceType == ACCESS_DENIED_ACE_TYPE)
1099  {
1100  /* Here, only check if it denies any access wanted and deny if so */
1101  if (Ace->Mask & DesiredAccess)
1102  return FALSE;
1103  }
1104  }
1105 
1106  /* Faulty, deny */
1107  return FALSE;
1108 }
struct _KNOWN_ACE * PKNOWN_ACE
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
Definition: se.h:14
#define TRUE
Definition: types.h:120
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
uint32_t ULONG_PTR
Definition: typedefs.h:65
#define FALSE
Definition: types.h:117
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
Definition: card.h:12
#define ASSERT(a)
Definition: mode.c:44
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:717
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:718
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1552
_In_ ULONG AceIndex
Definition: rtlfuncs.h:1862
PSID SeWorldSid
Definition: sid.c:25
#define NULL
Definition: types.h:112
unsigned int ULONG
Definition: retypes.h:1
FORCEINLINE PACL SepGetDaclFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:119
#define INHERIT_ONLY_ACE
Definition: setypes.h:749
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
#define TOKEN_IS_RESTRICTED
Definition: setypes.h:1179
#define PAGED_CODE()

Referenced by IopParseDevice(), and ObpCheckTraverseAccess().

◆ SeGetLogonIdDeviceMap()

NTSTATUS NTAPI SeGetLogonIdDeviceMap ( _In_ PLUID  LogonId,
_Out_ PDEVICE_MAP DeviceMap 
)

Retrieves the DOS device map from a logon session.

Parameters
[in]LogonIdA valid logon session ID.
[out]DeviceMapThe returned device map buffer from the logon session.
Returns
Returns STATUS_SUCCESS if the device map could be gathered from the logon session. STATUS_INVALID_PARAMETER is returned if one of the parameters aren't initialized (that is, the caller has submitted a NULL pointer variable). STATUS_NO_SUCH_LOGON_SESSION is returned if no such session could be found. A failure NTSTATUS code is returned otherwise.

Definition at line 1347 of file srm.c.

1350 {
1351  NTSTATUS Status;
1352  WCHAR Buffer[63];
1353  PDEVICE_MAP LocalMap;
1354  HANDLE DirectoryHandle, LinkHandle;
1356  PSEP_LOGON_SESSION_REFERENCES CurrentSession;
1357  UNICODE_STRING DirectoryName, LinkName, TargetName;
1358 
1359  PAGED_CODE();
1360 
1361  if (LogonId == NULL ||
1362  DeviceMap == NULL)
1363  {
1364  return STATUS_INVALID_PARAMETER;
1365  }
1366 
1367  /* Acquire the database lock */
1369 
1370  /* Loop all existing sessions */
1371  for (CurrentSession = SepLogonSessions;
1372  CurrentSession != NULL;
1373  CurrentSession = CurrentSession->Next)
1374  {
1375  /* Check if the LUID matches the provided one */
1376  if (RtlEqualLuid(&CurrentSession->LogonId, LogonId))
1377  {
1378  break;
1379  }
1380  }
1381 
1382  /* No session found, fail */
1383  if (CurrentSession == NULL)
1384  {
1385  /* Release the database lock */
1387 
1389  }
1390 
1391  /* The found session has a device map, return it! */
1392  if (CurrentSession->pDeviceMap != NULL)
1393  {
1394  *DeviceMap = CurrentSession->pDeviceMap;
1395 
1396  /* Release the database lock */
1398 
1399  return STATUS_SUCCESS;
1400  }
1401 
1402  /* At that point, we'll setup a new device map for the session */
1403  LocalMap = NULL;
1404 
1405  /* Reference the session so that it doesn't go away */
1406  CurrentSession->ReferenceCount += 1;
1407 
1408  /* Release the database lock */
1410 
1411  /* Create our object directory given the LUID */
1413  sizeof(Buffer) / sizeof(WCHAR),
1414  L"\\Sessions\\0\\DosDevices\\%08x-%08x",
1415  LogonId->HighPart,
1416  LogonId->LowPart);
1417  RtlInitUnicodeString(&DirectoryName, Buffer);
1418 
1420  &DirectoryName,
1422  NULL,
1423  NULL);
1426  &ObjectAttributes);
1427  if (NT_SUCCESS(Status))
1428  {
1429  /* Create the associated device map */
1431  if (NT_SUCCESS(Status))
1432  {
1433  /* Make Global point to \Global?? in the directory */
1434  RtlInitUnicodeString(&LinkName, L"Global");
1435  RtlInitUnicodeString(&TargetName, L"\\Global??");
1436 
1438  &LinkName,
1441  NULL);
1442  Status = ZwCreateSymbolicLinkObject(&LinkHandle,
1445  &TargetName);
1446  if (!NT_SUCCESS(Status))
1447  {
1448  ObfDereferenceDeviceMap(LocalMap);
1449  }
1450  else
1451  {
1452  ZwClose(LinkHandle);
1453  }
1454  }
1455 
1457  }
1458 
1459  /* Acquire the database lock */
1461 
1462  /* If we succeed... */
1463  if (NT_SUCCESS(Status))
1464  {
1465  /* The session now has a device map? We raced with someone else */
1466  if (CurrentSession->pDeviceMap != NULL)
1467  {
1468  /* Give up on our new device map */
1469  ObfDereferenceDeviceMap(LocalMap);
1470  }
1471  /* Otherwise use our newly allocated device map */
1472  else
1473  {
1474  CurrentSession->pDeviceMap = LocalMap;
1475  }
1476 
1477  /* Return the device map */
1478  *DeviceMap = CurrentSession->pDeviceMap;
1479  }
1480  /* Zero output */
1481  else
1482  {
1483  *DeviceMap = NULL;
1484  }
1485 
1486  /* Release the database lock */
1488 
1489  /* We're done with the session */
1490  SepRmDereferenceLogonSession(&CurrentSession->LogonId);
1491 
1492  return Status;
1493 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
#define STATUS_NO_SUCH_LOGON_SESSION
Definition: ntstatus.h:331
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
NTSYSAPI NTSTATUS NTAPI ZwClose(_In_ HANDLE Handle)
VOID FASTCALL ObfDereferenceDeviceMap(IN PDEVICE_MAP DeviceMap)
Definition: devicemap.c:477
LONG NTSTATUS
Definition: precomp.h:26
static HANDLE DirectoryHandle
Definition: ObType.c:48
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
#define SYMBOLIC_LINK_ALL_ACCESS
Definition: nt_native.h:1267
#define OBJ_OPENIF
Definition: winternl.h:229
#define L(x)
Definition: ntvdm.h:50
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
NTSTATUS NTAPI ObSetDirectoryDeviceMap(OUT PDEVICE_MAP *DeviceMap, IN HANDLE DirectoryHandle)
Definition: devicemap.c:149
NTSYSAPI NTSTATUS NTAPI ZwCreateDirectoryObject(_Out_ PHANDLE DirectoryHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
int _snwprintf(wchar_t *buffer, size_t count, const wchar_t *format,...)
Definition: bufpool.h:45
Status
Definition: gdiplustypes.h:24
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSYSAPI NTSTATUS NTAPI ZwCreateSymbolicLinkObject(_Out_ PHANDLE SymbolicLinkHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PUNICODE_STRING Name)
struct _SEP_LOGON_SESSION_REFERENCES * Next
Definition: setypes.h:169
#define OBJ_PERMANENT
Definition: winternl.h:226
WCHAR TargetName[256]
Definition: arping.c:27
#define DIRECTORY_ALL_ACCESS
Definition: nt_native.h:1259
PSEP_LOGON_SESSION_REFERENCES SepLogonSessions
Definition: srm.c:62
#define NULL
Definition: types.h:112
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
#define STATUS_SUCCESS
Definition: shellext.h:65
NTSTATUS SepRmDereferenceLogonSession(_In_ PLUID LogonLuid)
De-references a logon session. If the session has a reference count of 0 by the time the function has...
Definition: srm.c:1008
#define PAGED_CODE()
KGUARDED_MUTEX SepRmDbLock
Definition: srm.c:61

Referenced by ObpReferenceDeviceMap(), and ObpSetCurrentProcessDeviceMap().

◆ SeGetTokenControlInformation()

VOID NTAPI SeGetTokenControlInformation ( _In_ PACCESS_TOKEN  _Token,
_Out_ PTOKEN_CONTROL  TokenControl 
)

Retrieves token control information.

Parameters
[in]_TokenA valid token object.
[out]SecurityDescriptorThe returned token control information.
Returns
Nothing.

Definition at line 1333 of file token.c.

1336 {
1337  PTOKEN Token = _Token;
1338  PAGED_CODE();
1339 
1340  /* Capture the main fields */
1341  TokenControl->AuthenticationId = Token->AuthenticationId;
1342  TokenControl->TokenId = Token->TokenId;
1343  TokenControl->TokenSource = Token->TokenSource;
1344 
1345  /* Lock the token */
1347 
1348  /* Capture the modified ID */
1349  TokenControl->ModifiedId = Token->ModifiedId;
1350 
1351  /* Unlock it */
1353 }
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define SepReleaseTokenLock(Token)
Definition: se.h:286
#define SepAcquireTokenLockShared(Token)
Definition: se.h:280
#define PAGED_CODE()

Referenced by SepCreateClientSecurity().

◆ SeInitializeProcessAuditName()

NTSTATUS NTAPI SeInitializeProcessAuditName ( _In_ PFILE_OBJECT  FileObject,
_In_ BOOLEAN  DoAudit,
_Out_ POBJECT_NAME_INFORMATION AuditInfo 
)

Initializes a process audit name and returns it to the caller.

Parameters
[in]FileObjectFile object that points to a name to be queried.
[in]DoAuditIf set to TRUE, the function will perform various security auditing onto the audit name.
[out]AuditInfoThe returned audit info data.
Returns
Returns STATUS_SUCCESS if process audit name initialization has completed successfully. STATUS_NO_MEMORY is returned if pool allocation for object name info has failed. A failure NTSTATUS code is returned otherwise.

Definition at line 105 of file audit.c.

109 {
110  OBJECT_NAME_INFORMATION LocalNameInfo;
111  POBJECT_NAME_INFORMATION ObjectNameInfo = NULL;
112  ULONG ReturnLength = 8;
114 
115  PAGED_CODE();
116  ASSERT(AuditInfo);
117 
118  /* Check if we should do auditing */
119  if (DoAudit)
120  {
121  /* FIXME: TODO */
122  }
123 
124  /* Now query the name */
126  &LocalNameInfo,
127  sizeof(LocalNameInfo),
128  &ReturnLength);
129  if (((Status == STATUS_BUFFER_OVERFLOW) ||
132  (ReturnLength != sizeof(LocalNameInfo)))
133  {
134  /* Allocate required size */
135  ObjectNameInfo = ExAllocatePoolWithTag(NonPagedPool,
136  ReturnLength,
137  TAG_SEPA);
138  if (ObjectNameInfo)
139  {
140  /* Query the name again */
142  ObjectNameInfo,
143  ReturnLength,
144  &ReturnLength);
145  }
146  }
147 
148  /* Check if we got here due to failure */
149  if ((ObjectNameInfo) &&
150  (!(NT_SUCCESS(Status)) || (ReturnLength == sizeof(LocalNameInfo))))
151  {
152  /* First, free any buffer we might've allocated */
153  ASSERT(FALSE);
154  if (ObjectNameInfo) ExFreePool(ObjectNameInfo);
155 
156  /* Now allocate a temporary one */
158  ObjectNameInfo = ExAllocatePoolWithTag(NonPagedPool,
159  sizeof(OBJECT_NAME_INFORMATION),
160  TAG_SEPA);
161  if (ObjectNameInfo)
162  {
163  /* Clear it */
164  RtlZeroMemory(ObjectNameInfo, ReturnLength);
166  }
167  }
168 
169  /* Check if memory allocation failed */
170  if (!ObjectNameInfo) Status = STATUS_NO_MEMORY;
171 
172  /* Return the audit name */
173  *AuditInfo = ObjectNameInfo;
174 
175  /* Return status */
176  return Status;
177 }
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:39
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133
LONG NTSTATUS
Definition: precomp.h:26
NTSTATUS NTAPI ObQueryNameString(IN PVOID Object, OUT POBJECT_NAME_INFORMATION ObjectNameInfo, IN ULONG Length, OUT PULONG ReturnLength)
Definition: obname.c:1207
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
#define FALSE
Definition: types.h:117
struct _OBJECT_NAME_INFORMATION OBJECT_NAME_INFORMATION
_In_ WDFREQUEST _In_ WDFFILEOBJECT FileObject
Definition: wdfdevice.h:547
Status
Definition: gdiplustypes.h:24
#define ASSERT(a)
Definition: mode.c:44
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
#define STATUS_BUFFER_OVERFLOW
Definition: shellext.h:66
#define STATUS_NO_MEMORY
Definition: ntstatus.h:260
#define NULL
Definition: types.h:112
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
#define TAG_SEPA
Definition: tag.h:153
#define STATUS_SUCCESS
Definition: shellext.h:65
#define ExFreePool(addr)
Definition: env_spec_w32.h:352
#define PAGED_CODE()

Referenced by MmInitializeProcessAddressSpace(), and SeLocateProcessImageName().

◆ SeInitSystem()

BOOLEAN NTAPI SeInitSystem ( VOID  )

Main security manager initialization function.

Returns
Returns a boolean value according to the phase initialization routine that handles it. If TRUE, the routine deems the initialization phase as complete, FALSE otherwise.

Definition at line 285 of file semgr.c.

286 {
287  /* Check the initialization phase */
288  switch (ExpInitializationPhase)
289  {
290  case 0:
291 
292  /* Do Phase 0 */
293  return SepInitializationPhase0();
294 
295  case 1:
296 
297  /* Do Phase 1 */
298  return SepInitializationPhase1();
299 
300  default:
301 
302  /* Don't know any other phase! Bugcheck! */
303  KeBugCheckEx(UNEXPECTED_INITIALIZATION_CALL,
304  0,
306  0,
307  0);
308  return FALSE;
309  }
310 }
BOOLEAN NTAPI SepInitializationPhase0(VOID)
Handles the phase 0 procedure of the SRM initialization.
Definition: semgr.c:115
#define FALSE
Definition: types.h:117
ULONG ExpInitializationPhase
Definition: init.c:68
BOOLEAN NTAPI SepInitializationPhase1(VOID)
Handles the phase 1 procedure of the SRM initialization.
Definition: semgr.c:168
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
Definition: rtlcompat.c:108

Referenced by ExpInitializeExecutive(), and Phase1InitializationDiscard().

◆ SeIsTokenChild()

NTSTATUS NTAPI SeIsTokenChild ( _In_ PTOKEN  Token,
_Out_ PBOOLEAN  IsChild 
)

Checks if the token is a child of the other token of the current process that the calling thread is invoking this function.

Parameters
[in]TokenAn access token to determine if it's a child or not.
[out]IsChildThe returned boolean result.
Returns
Returns STATUS_SUCCESS when the function finishes its operation. STATUS_UNSUCCESSFUL is returned if primary token of the current calling process couldn't be referenced otherwise.

Definition at line 1046 of file token.c.

1049 {
1050  PTOKEN ProcessToken;
1051  LUID ProcessTokenId, CallerParentId;
1052 
1053  /* Assume failure */
1054  *IsChild = FALSE;
1055 
1056  /* Reference the process token */
1057  ProcessToken = PsReferencePrimaryToken(PsGetCurrentProcess());
1058  if (!ProcessToken)
1059  return STATUS_UNSUCCESSFUL;
1060 
1061  /* Get its token ID */
1062  ProcessTokenId = ProcessToken->TokenId;
1063 
1064  /* Dereference the token */
1066 
1067  /* Get our parent token ID */
1068  CallerParentId = Token->ParentTokenId;
1069 
1070  /* Compare the token IDs */
1071  if (RtlEqualLuid(&CallerParentId, &ProcessTokenId))
1072  *IsChild = TRUE;
1073 
1074  /* Return success */
1075  return STATUS_SUCCESS;
1076 }
#define TRUE
Definition: types.h:120
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define FALSE
Definition: types.h:117
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
#define PsGetCurrentProcess
Definition: psfuncs.h:17
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
LUID TokenId
Definition: setypes.h:218
BOOL WINAPI IsChild(_In_ HWND, _In_ HWND)
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:167
#define STATUS_SUCCESS
Definition: shellext.h:65

Referenced by PspSetPrimaryToken().

◆ SeIsTokenSibling()

NTSTATUS NTAPI SeIsTokenSibling ( _In_ PTOKEN  Token,
_Out_ PBOOLEAN  IsSibling 
)

Checks if the token is a sibling of the other token of the current process that the calling thread is invoking this function.

Parameters
[in]TokenAn access token to determine if it's a sibling or not.
[out]IsSiblingThe returned boolean result.
Returns
Returns STATUS_SUCCESS when the function finishes its operation. STATUS_UNSUCCESSFUL is returned if primary token of the current calling process couldn't be referenced otherwise.

Definition at line 1095 of file token.c.

1098 {
1099  PTOKEN ProcessToken;
1100  LUID ProcessParentId, ProcessAuthId;
1101  LUID CallerParentId, CallerAuthId;
1102 
1103  /* Assume failure */
1104  *IsSibling = FALSE;
1105 
1106  /* Reference the process token */
1107  ProcessToken = PsReferencePrimaryToken(PsGetCurrentProcess());
1108  if (!ProcessToken)
1109  return STATUS_UNSUCCESSFUL;
1110 
1111  /* Get its parent and authentication IDs */
1112  ProcessParentId = ProcessToken->ParentTokenId;
1113  ProcessAuthId = ProcessToken->AuthenticationId;
1114 
1115  /* Dereference the token */
1117 
1118  /* Get our parent and authentication IDs */
1119  CallerParentId = Token->ParentTokenId;
1120  CallerAuthId = Token->AuthenticationId;
1121 
1122  /* Compare the token IDs */
1123  if (RtlEqualLuid(&CallerParentId, &ProcessParentId) &&
1124  RtlEqualLuid(&CallerAuthId, &ProcessAuthId))
1125  {
1126  *IsSibling = TRUE;
1127  }
1128 
1129  /* Return success */
1130  return STATUS_SUCCESS;
1131 }
#define TRUE
Definition: types.h:120
LUID AuthenticationId
Definition: setypes.h:219
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define FALSE
Definition: types.h:117
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
#define PsGetCurrentProcess
Definition: psfuncs.h:17
LUID ParentTokenId
Definition: setypes.h:220
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:167
#define STATUS_SUCCESS
Definition: shellext.h:65

Referenced by PspSetPrimaryToken().

◆ SepCaptureAcl()

NTSTATUS NTAPI SepCaptureAcl ( _In_ PACL  InputAcl,
_In_ KPROCESSOR_MODE  AccessMode,
_In_ POOL_TYPE  PoolType,
_In_ BOOLEAN  CaptureIfKernel,
_Out_ PACL CapturedAcl 
)

Captures an access control list from an already valid input ACL.

Parameters
[in]InputAclA valid ACL.
[in]AccessModeProcessor level access mode. The processor mode determines how the input arguments are probed.
[in]PoolTypePool type for new captured ACL for creation. The pool type determines in which memory pool the ACL data should reside.
[in]CaptureIfKernelIf set to TRUE and the processor access mode being KernelMode, we are capturing an ACL directly in the kernel. Otherwise we are capturing within a kernel mode driver.
[out]CapturedAclThe returned and allocated captured ACL.
Returns
Returns STATUS_SUCCESS if the ACL has been successfully captured. STATUS_INSUFFICIENT_RESOURCES is returned otherwise.

Definition at line 352 of file acl.c.

358 {
359  PACL NewAcl;
360  ULONG AclSize;
361 
362  PAGED_CODE();
363 
364  /* If in kernel mode and we do not capture, just
365  * return the given ACL and don't validate it. */
366  if ((AccessMode == KernelMode) && !CaptureIfKernel)
367  {
368  *CapturedAcl = InputAcl;
369  return STATUS_SUCCESS;
370  }
371 
372  /* Otherwise, capture and validate the ACL, depending on the access mode */
373  if (AccessMode != KernelMode)
374  {
375  _SEH2_TRY
376  {
377  ProbeForRead(InputAcl,
378  sizeof(ACL),
379  sizeof(ULONG));
380  AclSize = InputAcl->AclSize;
381  ProbeForRead(InputAcl,
382  AclSize,
383  sizeof(ULONG));
384  }
386  {
387  /* Return the exception code */
389  }
390  _SEH2_END;
391 
392  /* Validate the minimal size an ACL can have */
393  if (AclSize < sizeof(ACL))
394  return STATUS_INVALID_ACL;
395 
397  AclSize,
398  TAG_ACL);
399  if (!NewAcl)
401 
402  _SEH2_TRY
403  {
404  RtlCopyMemory(NewAcl, InputAcl, AclSize);
405  }
407  {
408  /* Free the ACL and return the exception code */
409  ExFreePoolWithTag(NewAcl, TAG_ACL);
411  }
412  _SEH2_END;
413  }
414  else
415  {
416  AclSize = InputAcl->AclSize;
417 
418  /* Validate the minimal size an ACL can have */
419  if (AclSize < sizeof(ACL))
420  return STATUS_INVALID_ACL;
421 
423  AclSize,
424  TAG_ACL);
425  if (!NewAcl)
427 
428  RtlCopyMemory(NewAcl, InputAcl, AclSize);
429  }
430 
431  /* Validate the captured ACL */
432  if (!RtlValidAcl(NewAcl))
433  {
434  /* Free the ACL and fail */
435  ExFreePoolWithTag(NewAcl, TAG_ACL);
436  return STATUS_INVALID_ACL;
437  }
438 
439  /* It's valid, return it */
440  *CapturedAcl = NewAcl;
441  return STATUS_SUCCESS;
442 }
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_SEH2_TRY
Definition: create.c:4226
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
BOOLEAN NTAPI RtlValidAcl(IN PACL Acl)
Definition: acl.c:837
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
#define TAG_ACL
Definition: tag.h:148
_SEH2_END
Definition: create.c:4400
#define STATUS_INVALID_ACL
Definition: ntstatus.h:355
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
unsigned int ULONG
Definition: retypes.h:1
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define PAGED_CODE()

Referenced by NtCreateToken(), and NtSetInformationToken().

◆ SepCaptureSecurityQualityOfService()

NTSTATUS NTAPI SepCaptureSecurityQualityOfService ( _In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ KPROCESSOR_MODE  AccessMode,
_In_ POOL_TYPE  PoolType,
_In_ BOOLEAN  CaptureIfKernel,
_Out_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService,
_Out_ PBOOLEAN  Present 
)

Captures the security quality of service data given the object attributes from an object.

Parameters
[in]ObjectAttributesAttributes of an object where SQOS is to be retrieved. If the caller doesn't fill object attributes to the function, it automatically assumes SQOS is not present, or if, there's no SQOS present in the object attributes list of the object itself.
[in]AccessModeProcessor access mode.
[in]PoolTypeThe pool type for the captured SQOS to be used for allocation.
[in]CaptureIfKernelCapture access condition. To be set to TRUE if the capture is done within the kernel, FALSE if the capture is done in a kernel mode driver or user mode otherwise.
[out]CapturedSecurityQualityOfServiceThe captured SQOS data from the object.
[out]PresentReturns TRUE if SQOS is present in an object, FALSE otherwise. FALSE is also immediately returned if no object attributes is given to the call.
Returns
STATUS_SUCCESS if SQOS from the object has been fully and successfully captured. STATUS_INVALID_PARAMETER if the caller submits an invalid object attributes list. STATUS_INSUFFICIENT_RESOURCES if the function has failed to allocate some resources in the pool for the captured SQOS. A failure NTSTATUS code is returned otherwise.

Definition at line 52 of file sqos.c.

59 {
60  PSECURITY_QUALITY_OF_SERVICE CapturedQos;
62 
63  PAGED_CODE();
64 
65  ASSERT(CapturedSecurityQualityOfService);
66  ASSERT(Present);
67 
68  if (ObjectAttributes != NULL)
69  {
70  if (AccessMode != KernelMode)
71  {
73 
74  _SEH2_TRY
75  {
77  sizeof(OBJECT_ATTRIBUTES),
78  sizeof(ULONG));
80  {
81  if (ObjectAttributes->SecurityQualityOfService != NULL)
82  {
83  ProbeForRead(ObjectAttributes->SecurityQualityOfService,
85  sizeof(ULONG));
86 
87  if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
89  {
90  /*
91  * Don't allocate memory here because ExAllocate should bugcheck
92  * the system if it's buggy, SEH would catch that! So make a local
93  * copy of the qos structure.
94  */
95  RtlCopyMemory(&SafeQos,
96  ObjectAttributes->SecurityQualityOfService,
98  *Present = TRUE;
99  }
100  else
101  {
103  }
104  }
105  else
106  {
107  *CapturedSecurityQualityOfService = NULL;
108  *Present = FALSE;
109  }
110  }
111  else
112  {
114  }
115  }
117  {
119  }
120  _SEH2_END;
121 
122  if (NT_SUCCESS(Status))
123  {
124  if (*Present)
125  {
126  CapturedQos = ExAllocatePoolWithTag(PoolType,
128  TAG_QOS);
129  if (CapturedQos != NULL)
130  {
131  RtlCopyMemory(CapturedQos,
132  &SafeQos,
134  *CapturedSecurityQualityOfService = CapturedQos;
135  }
136  else
137  {
139  }
140  }
141  else
142  {
143  *CapturedSecurityQualityOfService = NULL;
144  }
145  }
146  }
147  else
148  {
149  if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
150  {
151  if (CaptureIfKernel)
152  {
153  if (ObjectAttributes->SecurityQualityOfService != NULL)
154  {
155  if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
157  {
158  CapturedQos = ExAllocatePoolWithTag(PoolType,
160  TAG_QOS);
161  if (CapturedQos != NULL)
162  {
163  RtlCopyMemory(CapturedQos,
164  ObjectAttributes->SecurityQualityOfService,
166  *CapturedSecurityQualityOfService = CapturedQos;
167  *Present = TRUE;
168  }
169  else
170  {
172  }
173  }
174  else
175  {
177  }
178  }
179  else
180  {
181  *CapturedSecurityQualityOfService = NULL;
182  *Present = FALSE;
183  }
184  }
185  else
186  {
187  *CapturedSecurityQualityOfService = (PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService;
188  *Present = (ObjectAttributes->SecurityQualityOfService != NULL);
189  }
190  }
191  else
192  {
194  }
195  }
196  }
197  else
198  {
199  *CapturedSecurityQualityOfService = NULL;
200  *Present = FALSE;
201  }
202 
203  return Status;
204 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define TRUE
Definition: types.h:120
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
struct _SECURITY_QUALITY_OF_SERVICE * PSECURITY_QUALITY_OF_SERVICE
_SEH2_TRY
Definition: create.c:4226
#define FALSE
Definition: types.h:117
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
Status
Definition: gdiplustypes.h:24
#define ASSERT(a)
Definition: mode.c:44
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
_SEH2_END
Definition: create.c:4400
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
unsigned int ULONG
Definition: retypes.h:1
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define TAG_QOS
Definition: tag.h:151
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define PAGED_CODE()

Referenced by NtDuplicateToken().

◆ SepCaptureSid()

NTSTATUS NTAPI SepCaptureSid ( _In_ PSID  InputSid,
_In_ KPROCESSOR_MODE  AccessMode,
_In_ POOL_TYPE  PoolType,
_In_ BOOLEAN  CaptureIfKernel,
_Out_ PSID CapturedSid 
)

Captures a SID.

Parameters
[in]InputSidA valid security identifier to be captured.
[in]AccessModeProcessor level access mode.
[in]PoolTypePool memory type for the captured SID to assign upon allocation.
[in]CaptureIfKernelIf set to TRUE, the capturing is done within the kernel. Otherwise the capturing is done in a kernel mode driver.
[out]CapturedSidThe captured security identifier, returned to the caller.
Returns
Returns STATUS_SUCCESS if the SID was captured. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the captured SID has failed.

Definition at line 314 of file sid.c.

320 {
321  ULONG SidSize = 0;
322  PISID NewSid, Sid = (PISID)InputSid;
323 
324  PAGED_CODE();
325 
326  if (AccessMode != KernelMode)
327  {
328  _SEH2_TRY
329  {
330  ProbeForRead(Sid, FIELD_OFFSET(SID, SubAuthority), sizeof(UCHAR));
332  ProbeForRead(Sid, SidSize, sizeof(UCHAR));
333  }
335  {
336  /* Return the exception code */
338  }
339  _SEH2_END;
340 
341  /* Allocate a SID and copy it */
343  if (!NewSid)
345 
346  _SEH2_TRY
347  {
348  RtlCopyMemory(NewSid, Sid, SidSize);
349 
350  *CapturedSid = NewSid;
351  }
353  {
354  /* Free the SID and return the exception code */
357  }
358  _SEH2_END;
359  }
360  else if (!CaptureIfKernel)
361  {
362  *CapturedSid = InputSid;
363  }
364  else
365  {
367 
368  /* Allocate a SID and copy it */
370  if (NewSid == NULL)
372 
373  RtlCopyMemory(NewSid, Sid, SidSize);
374 
375  *CapturedSid = NewSid;
376  }
377 
378  return STATUS_SUCCESS;
379 }
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define TAG_SID
Definition: sid.c:15
_SEH2_TRY
Definition: create.c:4226
struct _SID * PISID
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
unsigned char UCHAR
Definition: xmlstorage.h:181
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
_SEH2_END
Definition: create.c:4400
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
unsigned int ULONG
Definition: retypes.h:1
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
_In_ PSID _In_ PSID NewSid
Definition: rtlfuncs.h:2813
#define PAGED_CODE()

Referenced by NtCreateToken(), NtSecureConnectPort(), NtSetInformationToken(), and SepAccessCheckAndAuditAlarm().

◆ SepCreateImpersonationTokenDacl()

NTSTATUS NTAPI SepCreateImpersonationTokenDacl ( _In_ PTOKEN  Token,
_In_ PTOKEN  PrimaryToken,
_Out_ PACL Dacl 
)

Allocates a discretionary access control list based on certain properties of a regular and primary access tokens.

Parameters
[in]TokenAn access token.
[in]PrimaryTokenA primary access token.
[out]DaclThe returned allocated DACL.
Returns
Returns STATUS_SUCCESS if DACL creation from tokens has completed successfully. STATUS_INSUFFICIENT_RESOURCES is returned if DACL allocation from memory pool fails otherwise.

Definition at line 277 of file acl.c.

281 {
283  PACL TokenDacl;
284 
285  PAGED_CODE();
286 
287  *Dacl = NULL;
288 
289  AclLength = sizeof(ACL) +
290  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
291  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
292  (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid)) +
293  (sizeof(ACE) + RtlLengthSid(Token->UserAndGroups->Sid)) +
294  (sizeof(ACE) + RtlLengthSid(PrimaryToken->UserAndGroups->Sid));
295 
297  if (TokenDacl == NULL)
298  {
300  }
301 
302  RtlCreateAcl(TokenDacl, AclLength, ACL_REVISION);
304  Token->UserAndGroups->Sid);
306  PrimaryToken->UserAndGroups->Sid);
311 
312  if (Token->RestrictedSids != NULL || PrimaryToken->RestrictedSids != NULL)
313  {
316  }
317 
318  *Dacl = TokenDacl;
319 
320  return STATUS_SUCCESS;
321 }
#define GENERIC_ALL
Definition: nt_native.h:92
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
PSID SeRestrictedCodeSid
Definition: sid.c:40
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
struct _ACL ACL
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1552
PSID SeAliasAdminsSid
Definition: sid.c:41
#define TAG_ACL
Definition: tag.h:148
NTSTATUS NTAPI RtlAddAccessAllowedAce(IN OUT PACL Acl, IN ULONG Revision, IN ACCESS_MASK AccessMask, IN PSID Sid)
Definition: acl.c:262
NTSTATUS NTAPI RtlCreateAcl(IN PACL Acl, IN ULONG AclSize, IN ULONG AclRevision)
Definition: acl.c:677
#define NULL
Definition: types.h:112
#define ACL_REVISION
Definition: setypes.h:39
PSID SeLocalSystemSid
Definition: sid.c:38
unsigned int ULONG
Definition: retypes.h:1
#define STATUS_SUCCESS
Definition: shellext.h:65
Definition: rtltypes.h:992
_In_ ULONG AclLength
Definition: rtlfuncs.h:1842
#define PAGED_CODE()

Referenced by NtOpenThreadTokenEx().

◆ SepCreateSystemAnonymousLogonToken()

PTOKEN SepCreateSystemAnonymousLogonToken ( VOID  )

Creates the anonymous logon token for the system. The difference between this token and the other one is the inclusion of everyone SID group (being SeWorldSid). The other token lacks such group.

Returns
Returns the system's anonymous logon token if the operations have completed successfully.

Definition at line 1516 of file token.c.

1517 {
1518  SID_AND_ATTRIBUTES Groups[32], UserSid;
1520  PTOKEN Token;
1521  ULONG GroupsLength;
1522  LARGE_INTEGER Expiration;
1524  NTSTATUS Status;
1525 
1526  /* The token never expires */
1527  Expiration.QuadPart = -1;
1528 
1529  /* The user is the anonymous logon */
1530  UserSid.Sid = SeAnonymousLogonSid;
1531  UserSid.Attributes = 0;
1532 
1533  /* The primary group is also the anonymous logon */
1535 
1536  /* The only group for the token is the World */
1537  Groups[0].Sid = SeWorldSid;
1539  GroupsLength = sizeof(SID_AND_ATTRIBUTES) +
1540  SeLengthSid(Groups[0].Sid);
1541  ASSERT(GroupsLength <= sizeof(Groups));
1542 
1543  /* Initialise the object attributes for the token */
1546 
1547  /* Create token */
1549  KernelMode,
1550  0,
1552  TokenPrimary,
1555  &Expiration,
1556  &UserSid,
1557  1,
1558  Groups,
1559  GroupsLength,
1560  0,
1561  NULL,
1562  NULL,
1563  PrimaryGroup,
1566  TRUE);
1568 
1569  /* Return the anonymous logon token */
1570  return Token;
1571 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Internal function responsible for access token object creation in the kernel. A fully created token o...
Definition: tokenlif.c:93
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
TOpcodeData Groups[17][8]
LUID SeAnonymousAuthenticationId
Definition: token.c:21
#define SE_GROUP_ENABLED_BY_DEFAULT
Definition: setypes.h:91
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
Status
Definition: gdiplustypes.h:24
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1558
#define ASSERT(a)
Definition: mode.c:44
#define SE_GROUP_ENABLED
Definition: setypes.h:92
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
#define SE_GROUP_MANDATORY
Definition: setypes.h:90
TOKEN_SOURCE SeSystemTokenSource
Definition: token.c:19
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
PSID SeWorldSid
Definition: sid.c:25
#define NULL
Definition: types.h:112
unsigned int ULONG
Definition: retypes.h:1
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
PSID SeAnonymousLogonSid
Definition: se.h:203
#define STATUS_SUCCESS
Definition: shellext.h:65
#define SeLengthSid(Sid)
Definition: sefuncs.h:570
PACL SeSystemAnonymousLogonDacl
Definition: acl.c:22
LONGLONG QuadPart
Definition: typedefs.h:114

Referenced by SepInitializationPhase0().

◆ SepCreateSystemAnonymousLogonTokenNoEveryone()

PTOKEN SepCreateSystemAnonymousLogonTokenNoEveryone ( VOID  )

Creates the anonymous logon token for the system. This kind of token doesn't include the everyone SID group (being SeWorldSid).

Returns
Returns the system's anonymous logon token if the operations have completed successfully.

Definition at line 1584 of file token.c.

1585 {
1586  SID_AND_ATTRIBUTES UserSid;
1588  PTOKEN Token;
1589  LARGE_INTEGER Expiration;
1591  NTSTATUS Status;
1592 
1593  /* The token never expires */
1594  Expiration.QuadPart = -1;
1595 
1596  /* The user is the anonymous logon */
1597  UserSid.Sid = SeAnonymousLogonSid;
1598  UserSid.Attributes = 0;
1599 
1600  /* The primary group is also the anonymous logon */
1602 
1603  /* Initialise the object attributes for the token */
1606 
1607  /* Create token */
1609  KernelMode,
1610  0,
1612  TokenPrimary,
1615  &Expiration,
1616  &UserSid,
1617  0,
1618  NULL,
1619  0,
1620  0,
1621  NULL,
1622  NULL,
1623  PrimaryGroup,
1626  TRUE);
1628 
1629  /* Return the anonymous (not including everyone) logon token */
1630  return Token;
1631 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Internal function responsible for access token object creation in the kernel. A fully created token o...
Definition: tokenlif.c:93
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
LUID SeAnonymousAuthenticationId
Definition: token.c:21
Status
Definition: gdiplustypes.h:24
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1558
#define ASSERT(a)
Definition: mode.c:44
TOKEN_SOURCE SeSystemTokenSource
Definition: token.c:19
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
#define NULL
Definition: types.h:112
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
PSID SeAnonymousLogonSid
Definition: se.h:203
#define STATUS_SUCCESS
Definition: shellext.h:65
PACL SeSystemAnonymousLogonDacl
Definition: acl.c:22
LONGLONG QuadPart
Definition: typedefs.h:114

Referenced by SepInitializationPhase0().

◆ SepCreateSystemProcessToken()

PTOKEN NTAPI SepCreateSystemProcessToken ( VOID  )

Creates the system process token.

Returns
Returns the system process token if the operations have completed successfully.

Definition at line 1366 of file token.c.

1367 {
1369  ULONG GroupAttributes, OwnerAttributes;
1371  LARGE_INTEGER Expiration;
1372  SID_AND_ATTRIBUTES UserSid;
1373  ULONG GroupsLength;
1376  PSID Owner;
1377  ULONG i;
1378  PTOKEN Token;
1379  NTSTATUS Status;
1380 
1381  /* Don't ever expire */
1382  Expiration.QuadPart = -1;
1383 
1384  /* All groups mandatory and enabled */
1387 
1388  /* User is Local System */
1389  UserSid.Sid = SeLocalSystemSid;
1390  UserSid.Attributes = 0;
1391 
1392  /* Primary group is Local System */
1394 
1395  /* Owner is Administrators */
1397 
1398  /* Groups are Administrators, World, and Authenticated Users */
1399  Groups[0].Sid = SeAliasAdminsSid;
1400  Groups[0].Attributes = OwnerAttributes;
1401  Groups[1].Sid = SeWorldSid;
1402  Groups[1].Attributes = GroupAttributes;
1404  Groups[2].Attributes = GroupAttributes;
1405  GroupsLength = sizeof(SID_AND_ATTRIBUTES) +
1406  SeLengthSid(Groups[0].Sid) +
1407  SeLengthSid(Groups[1].Sid) +
1408  SeLengthSid(Groups[2].Sid);
1409  ASSERT(GroupsLength <= sizeof(Groups));
1410 
1411  /* Setup the privileges */
1412  i = 0;
1414  Privileges[i++].Luid = SeTcbPrivilege;
1415 
1416  Privileges[i].Attributes = 0;
1418 
1419  Privileges[i].Attributes = 0;
1421 
1424 
1427 
1428  Privileges[i].Attributes = 0;
1430 
1431  Privileges[i].Attributes = 0;
1433 
1436 
1439 
1441  Privileges[i++].Luid = SeDebugPrivilege;
1442 
1444  Privileges[i++].Luid = SeAuditPrivilege;
1445 
1446  Privileges[i].Attributes = 0;
1447  Privileges[i++].Luid = SeSecurityPrivilege;
1448 
1449  Privileges[i].Attributes = 0;
1451 
1454 
1455  Privileges[i].Attributes = 0;
1456  Privileges[i++].Luid = SeBackupPrivilege;
1457 
1458  Privileges[i].Attributes = 0;
1459  Privileges[i++].Luid = SeRestorePrivilege;
1460 
1461  Privileges[i].Attributes = 0;
1462  Privileges[i++].Luid = SeShutdownPrivilege;
1463 
1464  Privileges[i].Attributes = 0;
1466 
1469 
1470  Privileges[i].Attributes = 0;
1472  ASSERT(i == 20);
1473 
1474  /* Setup the object attributes */
1477 
1478  /* Create the token */
1480  KernelMode,
1481  0,
1483  TokenPrimary,
1486  &Expiration,
1487  &UserSid,
1488  3,
1489  Groups,
1490  GroupsLength,
1491  20,
1492  Privileges,
1493  Owner,
1494  PrimaryGroup,
1497  TRUE);
1499 
1500  /* Return the token */
1501  return Token;
1502 }
const LUID SeSystemEnvironmentPrivilege
Definition: priv.c:41
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
const LUID SeSystemtimePrivilege
Definition: priv.c:31
const LUID SeIncreaseQuotaPrivilege
Definition: priv.c:24
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Internal function responsible for access token object creation in the kernel. A fully created token o...
Definition: tokenlif.c:93
const LUID SeCreateTokenPrivilege
Definition: priv.c:21
const LUID SeCreatePermanentPrivilege
Definition: priv.c:35
const LUID SeDebugPrivilege
Definition: priv.c:39
const LUID SeBackupPrivilege
Definition: priv.c:36
#define TRUE
Definition: types.h:120
PACL SeSystemDefaultDacl
Definition: acl.c:17
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
LUID SeSystemAuthenticationId
Definition: token.c:20
const LUID SeAssignPrimaryTokenPrivilege
Definition: priv.c:22
PSID SeAuthenticatedUsersSid
Definition: sid.c:49
TOpcodeData Groups[17][8]
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
#define SE_GROUP_OWNER
Definition: setypes.h:93
const LUID SeLoadDriverPrivilege
Definition: priv.c:29
#define SE_GROUP_ENABLED_BY_DEFAULT
Definition: setypes.h:91
const LUID SeTakeOwnershipPrivilege
Definition: priv.c:28
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
Status
Definition: gdiplustypes.h:24
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1558
#define SE_PRIVILEGE_ENABLED_BY_DEFAULT
Definition: setypes.h:62
const LUID SeCreatePagefilePrivilege
Definition: priv.c:34
#define ASSERT(a)
Definition: mode.c:44
const LUID SeRestorePrivilege
Definition: priv.c:37
#define SE_GROUP_ENABLED
Definition: setypes.h:92
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
static const LUID SeChangeNotifyPrivilege
Definition: authpackage.c:167
#define SE_GROUP_MANDATORY
Definition: setypes.h:90
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
PSID SeAliasAdminsSid
Definition: sid.c:41
TOKEN_SOURCE SeSystemTokenSource
Definition: token.c:19
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
const LUID SeLockMemoryPrivilege
Definition: priv.c:23
const LUID SeProfileSingleProcessPrivilege
Definition: priv.c:32
PSID SeWorldSid
Definition: sid.c:25
const LUID SeIncreaseBasePriorityPrivilege
Definition: priv.c:33
const LUID SeTcbPrivilege
Definition: priv.c:26
const LUID SeShutdownPrivilege
Definition: priv.c:38
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1556
#define NULL
Definition: types.h:112
const LUID SeSecurityPrivilege
Definition: priv.c:27
PSID SeLocalSystemSid
Definition: sid.c:38
unsigned int ULONG
Definition: retypes.h:1
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
#define STATUS_SUCCESS
Definition: shellext.h:65
#define SeLengthSid(Sid)
Definition: sefuncs.h:570
const LUID SeAuditPrivilege
Definition: priv.c:40
LONGLONG QuadPart
Definition: typedefs.h:114

Referenced by SepInitializationPhase0().

◆ SepCreateToken()

NTSTATUS NTAPI SepCreateToken ( _Out_ PHANDLE  TokenHandle,
_In_ KPROCESSOR_MODE  PreviousMode,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ TOKEN_TYPE  TokenType,
_In_ SECURITY_IMPERSONATION_LEVEL  ImpersonationLevel,
_In_ PLUID  AuthenticationId,
_In_ PLARGE_INTEGER  ExpirationTime,
_In_ PSID_AND_ATTRIBUTES  User,
_In_ ULONG  GroupCount,
_In_ PSID_AND_ATTRIBUTES  Groups,
_In_ ULONG  GroupsLength,
_In_ ULONG  PrivilegeCount,
_In_ PLUID_AND_ATTRIBUTES  Privileges,
_In_opt_ PSID  Owner,
_In_ PSID  PrimaryGroup,
_In_opt_ PACL  DefaultDacl,
_In_ PTOKEN_SOURCE  TokenSource,
_In_ BOOLEAN  SystemToken 
)

Internal function responsible for access token object creation in the kernel. A fully created token objected is inserted into the token handle, thus the handle becoming a valid handle to an access token object and ready for use.

Parameters
[out]TokenHandleValid token handle that's ready for use after token creation and object insertion.
[in]PreviousModeProcessor request level mode.
[in]DesiredAccessDesired access right for the token object to be granted. This kind of access right impacts how the token can be used and who.
[in]ObjectAttributesObject attributes for the token to be created.
[in]TokenTypeType of token to assign upon creation.
[in]ImpersonationLevelSecurity impersonation level of token to assign upon creation.
[in]AuthenticationIdAuthentication ID that represents the authentication information of the token.
[in]ExpirationTimeExpiration time of the token to assign. A value of -1 means that the token never expires and its life depends upon the amount of references this token object has.
[in]UserUser entry to assign to the token.
[in]GroupCountThe total number of groups count for the token.
[in]GroupsThe group entries for the token.
[in]GroupsLengthThe length size of the groups array, pointed by the Groups parameter.
[in]PrivilegeCountThe total number of priivleges that the newly created token has.
[in]PrivilegesThe privileges for the token.
[in]OwnerThe main user (or also owner) that represents the token that we create.
[in]PrimaryGroupThe main group that represents the token that we create.
[in]DefaultDaclA discretionary access control list for the token.
[in]TokenSourceSource (or the origin) of the access token that creates it.
[in]SystemTokenIf set to TRUE, the newly created token is a system token and only in charge by the internal system. The function directly returns a pointer to the created token object for system kernel use. Otherwise if set to FALSE, the function inserts the object to a handle making it a regular access token.
Returns
Returns STATUS_SUCCESS if token creation has completed successfully. STATUS_INSUFFICIENT_RESOURCES is returned if the dynamic area of memory of the token hasn't been allocated because of lack of memory resources. A failure NTSTATUS code is returned otherwise.

Definition at line 93 of file tokenlif.c.

113 {
115  PTOKEN AccessToken;
116  ULONG TokenFlags = 0;
117  ULONG PrimaryGroupIndex, DefaultOwnerIndex;
118  LUID TokenId;
119  LUID ModifiedId;
120  PVOID EndMem;
121  ULONG PrivilegesLength;
122  ULONG UserGroupsLength;
123  ULONG VariableLength;
124  ULONG TotalSize;
125  ULONG i;
126 
127  PAGED_CODE();
128 
129  /* Loop all groups */
130  for (i = 0; i < GroupCount; i++)
131  {
132  /* Check for mandatory groups */
134  {
135  /* Force them to be enabled */
137  }
138 
139  /* Check of the group is an admin group */
141  {
142  /* Remember this so we can optimize queries later */
143  TokenFlags |= TOKEN_HAS_ADMIN_GROUP;
144  }
145  }
146 
147  /* Allocate unique IDs for the token */
148  ExAllocateLocallyUniqueId(&TokenId);
149  ExAllocateLocallyUniqueId(&ModifiedId);
150 
151  /* Compute how much size we need to allocate for the token */
152 
153  /* Privileges size */
154  PrivilegesLength = PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
155  PrivilegesLength = ALIGN_UP_BY(PrivilegesLength, sizeof(PVOID));
156 
157  /* User and groups size */
158  UserGroupsLength = (1 + GroupCount) * sizeof(SID_AND_ATTRIBUTES);
159  UserGroupsLength += RtlLengthSid(User->Sid);
160  for (i = 0; i < GroupCount; i++)
161  {
162  UserGroupsLength += RtlLengthSid(Groups[i].Sid);
163  }
164  UserGroupsLength = ALIGN_UP_BY(UserGroupsLength, sizeof(PVOID));
165 
166  /* Add the additional groups array length */
167  UserGroupsLength += ALIGN_UP_BY(GroupsLength, sizeof(PVOID));
168 
169  VariableLength = PrivilegesLength + UserGroupsLength;
170  TotalSize = FIELD_OFFSET(TOKEN, VariablePart) + VariableLength;
171 
175  PreviousMode,
176  NULL,
177  TotalSize,
178  0,
179  0,
180  (PVOID*)&AccessToken);
181  if (!NT_SUCCESS(Status))
182  {
183  DPRINT1("ObCreateObject() failed (Status 0x%lx)\n", Status);
184  return Status;
185  }
186 
187  /* Zero out the buffer and initialize the token */
188  RtlZeroMemory(AccessToken, TotalSize);
189 
190  AccessToken->TokenId = TokenId;
191  AccessToken->TokenType = TokenType;
192  AccessToken->ImpersonationLevel = ImpersonationLevel;
193 
194  /* Initialise the lock for the access token */
195  Status = SepCreateTokenLock(AccessToken);
196  if (!NT_SUCCESS(Status))
197  goto Quit;
198 
199  AccessToken->TokenSource.SourceIdentifier = TokenSource->SourceIdentifier;
200  RtlCopyMemory(AccessToken->TokenSource.SourceName,
201  TokenSource->SourceName,
202  sizeof(TokenSource->SourceName));
203 
204  AccessToken->ExpirationTime = *ExpirationTime;
205  AccessToken->ModifiedId = ModifiedId;
206 
207  AccessToken->TokenFlags = TokenFlags & ~TOKEN_SESSION_NOT_REFERENCED;
208 
209  /* Copy and reference the logon session */
210  AccessToken->AuthenticationId = *AuthenticationId;
212  if (!NT_SUCCESS(Status))
213  {
214  /* No logon session could be found, bail out */
215  DPRINT1("SepRmReferenceLogonSession() failed (Status 0x%lx)\n", Status);
216  /* Set the flag for proper cleanup by the delete procedure */
218  goto Quit;
219  }
220 
221  /* Insert the referenced logon session into the token */
223  if (!NT_SUCCESS(Status))
224  {
225  /* Failed to insert the logon session into the token, bail out */
226  DPRINT1("SepRmInsertLogonSessionIntoToken() failed (Status 0x%lx)\n", Status);
227  goto Quit;
228  }
229 
230  /* Fill in token debug information */
231 #if DBG
232  /*
233  * We must determine ourselves that the current
234  * process is not the initial CPU one. The initial
235  * process is not a "real" process, that is, the
236  * Process Manager has not yet been initialized and
237  * as a matter of fact we are creating a token before
238  * any process gets created by Ps. If it turns out
239  * that the current process is the initial CPU process
240  * where token creation execution takes place, don't
241  * do anything.
242  */
244  {
245  RtlCopyMemory(AccessToken->ImageFileName,
246  PsGetCurrentProcess()->ImageFileName,
247  min(sizeof(AccessToken->ImageFileName), sizeof(PsGetCurrentProcess()->ImageFileName)));
248 
249  AccessToken->ProcessCid = PsGetCurrentProcessId();
250  AccessToken->ThreadCid = PsGetCurrentThreadId();
251  }
252 
253  AccessToken->CreateMethod = TOKEN_CREATE_METHOD;
254 #endif
255 
256  /* Assign the data that reside in the token's variable information area */
257  AccessToken->VariableLength = VariableLength;
258  EndMem = (PVOID)&AccessToken->VariablePart;
259 
260  /* Copy the privileges */
261  AccessToken->PrivilegeCount = PrivilegeCount;
262  AccessToken->Privileges = NULL;
263  if (PrivilegeCount > 0)
264  {
265  AccessToken->Privileges = EndMem;
266  EndMem = (PVOID)((ULONG_PTR)EndMem + PrivilegesLength);
267  VariableLength -= PrivilegesLength;
268 
269  if (PreviousMode != KernelMode)
270  {
271  _SEH2_TRY
272  {
273  RtlCopyMemory(AccessToken->Privileges,
274  Privileges,
275  PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
276  }
278  {
280  }
281  _SEH2_END;
282  }
283  else
284  {
285  RtlCopyMemory(AccessToken->Privileges,
286  Privileges,
287  PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
288  }
289 
290  if (!NT_SUCCESS(Status))
291  goto Quit;
292  }
293 
294  /* Update the privilege flags */
295  SepUpdatePrivilegeFlagsToken(AccessToken);
296 
297  /* Copy the user and groups */
298  AccessToken->UserAndGroupCount = 1 + GroupCount;
299  AccessToken->UserAndGroups = EndMem;
300  EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
301  VariableLength -= ((ULONG_PTR)EndMem - (ULONG_PTR)AccessToken->UserAndGroups);
302 
304  User,
305  VariableLength,
306  &AccessToken->UserAndGroups[0],
307  EndMem,
308  &EndMem,
309  &VariableLength);
310  if (!NT_SUCCESS(Status))
311  goto Quit;
312 
314  Groups,
315  VariableLength,
316  &AccessToken->UserAndGroups[1],
317  EndMem,
318  &EndMem,
319  &VariableLength);
320  if (!NT_SUCCESS(Status))
321  goto Quit;
322 
323  /* Find the token primary group and default owner */
325  PrimaryGroup,
326  Owner,
327  &PrimaryGroupIndex,
328  &DefaultOwnerIndex);
329  if (!NT_SUCCESS(Status))
330  {
331  DPRINT1("SepFindPrimaryGroupAndDefaultOwner failed (Status 0x%lx)\n", Status);
332  goto Quit;
333  }
334 
335  AccessToken->PrimaryGroup = AccessToken->UserAndGroups[PrimaryGroupIndex].Sid;
336  AccessToken->DefaultOwnerIndex = DefaultOwnerIndex;
337 
338  /* Now allocate the token's dynamic information area and set the data */
339  AccessToken->DynamicAvailable = 0; // Unused memory in the dynamic area.
340  AccessToken->DynamicPart = NULL;
341  if (DefaultDacl != NULL)
342  {
344  DefaultDacl->AclSize,
346  if (AccessToken->DynamicPart == NULL)
347  {
349  goto Quit;
350  }
351 
352  EndMem = (PVOID)AccessToken->DynamicPart;
353  AccessToken->DefaultDacl = EndMem;
354 
355  RtlCopyMemory(AccessToken->DefaultDacl,
356  DefaultDacl,
357  DefaultDacl->AclSize);
358  }
359 
360  /* Insert the token only if it's not the system token, otherwise return it directly */
361  if (!SystemToken)
362  {
363  Status = ObInsertObject(AccessToken,
364  NULL,
366  0,
367  NULL,
368  TokenHandle);
369  if (!NT_SUCCESS(Status))
370  {
371  DPRINT1("ObInsertObject() failed (Status 0x%lx)\n", Status);
372  }
373  }
374  else
375  {
376  /* Return pointer instead of handle */
377  *TokenHandle = (HANDLE)AccessToken;
378  }
379 
380 Quit:
381  if (!NT_SUCCESS(Status))
382  {
383  /* Dereference the token, the delete procedure will clean it up */
384  ObDereferenceObject(AccessToken);
385  }
386 
387  return Status;
388 }
TOKEN_TYPE TokenType
Definition: setypes.h:239
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
NTSTATUS NTAPI SepRmInsertLogonSessionIntoToken(_Inout_ PTOKEN Token)
Inserts a logon session into an access token specified by the caller.
Definition: srm.c:368
USHORT AclSize
Definition: ms-dtyp.idl:296
LUID AuthenticationId
Definition: setypes.h:219
ULONG VariablePart
Definition: setypes.h:253
NTSYSAPI NTSTATUS NTAPI RtlCopySidAndAttributesArray(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src, _In_ ULONG SidAreaSize, _In_ PSID_AND_ATTRIBUTES Dest, _In_ PSID SidArea, _Out_ PSID *RemainingSidArea, _Out_ PULONG RemainingSidAreaSize)
LONG NTSTATUS
Definition: precomp.h:26
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
ULONG PrivilegeCount
Definition: setypes.h:228
#define TOKEN_CREATE_METHOD
Definition: se.h:70
NTSTATUS SepCreateTokenLock(_Inout_ PTOKEN Token)
Creates a lock for the token.
Definition: token.c:45
if(dx==0 &&dy==0)
Definition: linetemp.h:174
TOpcodeData Groups[17][8]
PLUID_AND_ATTRIBUTES Privileges
Definition: setypes.h:236
LUID ModifiedId
Definition: setypes.h:224
_SEH2_TRY
Definition: create.c:4226
uint32_t ULONG_PTR
Definition: typedefs.h:65
ULONG TokenFlags
Definition: setypes.h:241
LUID SourceIdentifier
Definition: imports.h:279
ULONG DynamicAvailable
Definition: setypes.h:231
VOID SepUpdatePrivilegeFlagsToken(_Inout_ PTOKEN Token)
Updates the token's flags based upon the privilege that the token has been granted....
Definition: token.c:554
PACL DefaultDacl
Definition: setypes.h:238
#define PsGetCurrentProcess
Definition: psfuncs.h:17
NTSTATUS SepRmReferenceLogonSession(_Inout_ PLUID LogonLuid)
POBJECT_TYPE SeTokenObjectType
Definition: token.c:17
#define SE_GROUP_ENABLED_BY_DEFAULT
Definition: setypes.h:91
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
ULONG DefaultOwnerIndex
Definition: setypes.h:232
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
PsGetCurrentThreadId
Definition: CrNtStubs.h:7
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
ULONG VariableLength
Definition: setypes.h:229
void * PVOID
Definition: retypes.h:9
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:951
PULONG DynamicPart
Definition: setypes.h:237
Status
Definition: gdiplustypes.h:24
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1558
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
PSID PrimaryGroup
Definition: setypes.h:235
LARGE_INTEGER ExpirationTime
Definition: setypes.h:221
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define SE_GROUP_ENABLED
Definition: setypes.h:92
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:154
#define ObDereferenceObject
Definition: obfuncs.h:203
PVOID HANDLE
Definition: typedefs.h:73
#define SE_GROUP_MANDATORY
Definition: setypes.h:90
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PSID SeAliasAdminsSid
Definition: sid.c:41
#define TAG_TOKEN_DYNAMIC
Definition: tag.h:155
CCHAR SourceName[TOKEN_SOURCE_LENGTH]
Definition: imports.h:278
EPROCESS KiInitialProcess
Definition: krnlinit.c:45
_SEH2_END
Definition: create.c:4400
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2934
#define TOKEN_HAS_ADMIN_GROUP
Definition: setypes.h:1178
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
ULONG UserAndGroupCount
Definition: setypes.h:226
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:335
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
LUID TokenId
Definition: setypes.h:218
#define min(a, b)
Definition: monoChain.cc:55
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1556
HANDLE NTAPI PsGetCurrentProcessId(VOID)
Definition: process.c:1123
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:240
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
#define ULONG_PTR
Definition: config.h:101
#define ALIGN_UP_BY(size, align)
PSID_AND_ATTRIBUTES UserAndGroups
Definition: setypes.h:233
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
TOKEN_SOURCE TokenSource
Definition: setypes.h:217
#define TOKEN_SESSION_NOT_REFERENCED
Definition: setypes.h:1180
NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Finds the primary group and default owner entity based on the submitted primary group instance and an...
Definition: token.c:870
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:401
#define PAGED_CODE()
_Must_inspect_result_ _In_ WDFDMAENABLER _In_ _In_opt_ PWDF_OBJECT_ATTRIBUTES Attributes

Referenced by NtCreateToken(), SepCreateSystemAnonymousLogonToken(), SepCreateSystemAnonymousLogonTokenNoEveryone(), and SepCreateSystemProcessToken().

◆ SepCreateTokenLock()

NTSTATUS SepCreateTokenLock ( _Inout_ PTOKEN  Token)

Creates a lock for the token.

Parameters
[in,out]TokenA token which lock has to be created.
Returns
STATUS_SUCCESS if the pool allocation and resource initialisation have completed successfully, otherwise STATUS_INSUFFICIENT_RESOURCES on a pool allocation failure.

Definition at line 45 of file token.c.

47 {
48  PAGED_CODE();
49 
51  sizeof(ERESOURCE),
53  if (Token->TokenLock == NULL)
54  {
55  DPRINT1("SepCreateTokenLock(): Failed to allocate memory!\n");
57  }
58 
59  ExInitializeResourceLite(Token->TokenLock);
60  return STATUS_SUCCESS;
61 }
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
NTSTATUS ExInitializeResourceLite(PULONG res)
Definition: env_spec_w32.h:641
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
#define TAG_SE_TOKEN_LOCK
Definition: tag.h:159
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
ULONG ERESOURCE
Definition: env_spec_w32.h:594
#define STATUS_SUCCESS
Definition: shellext.h:65
#define PAGED_CODE()

Referenced by SepCreateToken(), SepDuplicateToken(), and SepPerformTokenFiltering().

◆ SepDeleteTokenLock()

VOID SepDeleteTokenLock ( _Inout_ PTOKEN  Token)

Deletes a lock of a token.

Parameters
[in,out]TokenA token which contains the lock.
Returns
Nothing.

Definition at line 74 of file token.c.

76 {
77  PAGED_CODE();
78 
79  ExDeleteResourceLite(Token->TokenLock);
81 }
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
NTSTATUS NTAPI ExDeleteResourceLite(IN PERESOURCE Resource)
Definition: resource.c:1456
#define TAG_SE_TOKEN_LOCK
Definition: tag.h:159
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define PAGED_CODE()

Referenced by SepDeleteToken().

◆ SepDuplicateToken()

NTSTATUS NTAPI SepDuplicateToken ( _In_ PTOKEN  Token,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ BOOLEAN  EffectiveOnly,
_In_ TOKEN_TYPE  TokenType,
_In_ SECURITY_IMPERSONATION_LEVEL  Level,
_In_ KPROCESSOR_MODE  PreviousMode,
_Out_ PTOKEN NewAccessToken 
)

Duplicates an access token, from an existing valid token.

Parameters
[in]TokenAccess token to duplicate.
[in]ObjectAttributesObject attributes for the new token.
[in]EffectiveOnlyIf set to TRUE, the function removes all the disabled privileges and groups of the token to duplicate.
[in]TokenTypeType of token.
[in]LevelSecurity impersonation level of a token.
[in]PreviousModeThe processor request level mode.
[out]NewAccessTokenThe duplicated token.
Returns
Returns STATUS_SUCCESS if the token has been duplicated. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation of the dynamic part of the token for duplication has failed due to the lack of memory resources. A failure NTSTATUS code is returned otherwise.

Definition at line 423 of file tokenlif.c.

431 {
433  PTOKEN AccessToken;
434  PVOID EndMem;
435  ULONG PrimaryGroupIndex;
436  ULONG VariableLength;
437  ULONG TotalSize;
438  ULONG PrivilegesIndex, GroupsIndex;
439 
440  PAGED_CODE();
441 
442  /* Compute how much size we need to allocate for the token */
443  VariableLength = Token->VariableLength;
444  TotalSize = FIELD_OFFSET(TOKEN, VariablePart) + VariableLength;
445 
449  PreviousMode,
450  NULL,
451  TotalSize,
452  0,
453  0,
454  (PVOID*)&AccessToken);
455  if (!NT_SUCCESS(Status))
456  {
457  DPRINT1("ObCreateObject() failed (Status 0x%lx)\n", Status);
458  return Status;
459  }
460 
461  /* Zero out the buffer and initialize the token */
462  RtlZeroMemory(AccessToken, TotalSize);
463 
464  ExAllocateLocallyUniqueId(&AccessToken->TokenId);
465 
466  AccessToken->TokenType = TokenType;
467  AccessToken->ImpersonationLevel = Level;
468 
469  /* Initialise the lock for the access token */
470  Status = SepCreateTokenLock(AccessToken);
471  if (!NT_SUCCESS(Status))
472  {
473  ObDereferenceObject(AccessToken);
474  return Status;
475  }
476 
477  /* Copy the immutable fields */
478  AccessToken->TokenSource.SourceIdentifier = Token->TokenSource.SourceIdentifier;
479  RtlCopyMemory(AccessToken->TokenSource.SourceName,
480  Token->TokenSource.SourceName,
481  sizeof(Token->TokenSource.SourceName));
482 
483  AccessToken->AuthenticationId = Token->AuthenticationId;
484  AccessToken->ParentTokenId = Token->ParentTokenId;
485  AccessToken->ExpirationTime = Token->ExpirationTime;
486  AccessToken->OriginatingLogonSession = Token->OriginatingLogonSession;
487 
488  /* Lock the source token and copy the mutable fields */
490 
491  AccessToken->SessionId = Token->SessionId;
492  AccessToken->ModifiedId = Token->ModifiedId;
493 
494  AccessToken->TokenFlags = Token->TokenFlags & ~TOKEN_SESSION_NOT_REFERENCED;
495 
496  /* Reference the logon session */
498  if (!NT_SUCCESS(Status))
499  {
500  /* No logon session could be found, bail out */
501  DPRINT1("SepRmReferenceLogonSession() failed (Status 0x%lx)\n", Status);
502  /* Set the flag for proper cleanup by the delete procedure */
504  goto Quit;
505  }
506 
507  /* Insert the referenced logon session into the token */
509  if (!NT_SUCCESS(Status))
510  {
511  /* Failed to insert the logon session into the token, bail out */
512  DPRINT1("SepRmInsertLogonSessionIntoToken() failed (Status 0x%lx)\n", Status);
513  goto Quit;
514  }
515 
516  /* Fill in token debug information */
517 #if DBG
518  RtlCopyMemory(AccessToken->ImageFileName,
519  PsGetCurrentProcess()->ImageFileName,
520  min(sizeof(AccessToken->ImageFileName), sizeof(PsGetCurrentProcess()->ImageFileName)));
521 
522  AccessToken->ProcessCid = PsGetCurrentProcessId();
523  AccessToken->ThreadCid = PsGetCurrentThreadId();
524  AccessToken->CreateMethod = TOKEN_DUPLICATE_METHOD;
525 #endif
526 
527  /* Assign the data that reside in the token's variable information area */
528  AccessToken->VariableLength = VariableLength;
529  EndMem = (PVOID)&AccessToken->VariablePart;
530 
531  /* Copy the privileges */
532  AccessToken->PrivilegeCount = 0;
533  AccessToken->Privileges = NULL;
534  if (Token->Privileges && (Token->PrivilegeCount > 0))
535  {
536  ULONG PrivilegesLength = Token->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
537  PrivilegesLength = ALIGN_UP_BY(PrivilegesLength, sizeof(PVOID));
538 
539  ASSERT(VariableLength >= PrivilegesLength);
540 
541  AccessToken->PrivilegeCount = Token->PrivilegeCount;
542  AccessToken->Privileges = EndMem;
543  EndMem = (PVOID)((ULONG_PTR)EndMem + PrivilegesLength);
544  VariableLength -= PrivilegesLength;
545 
546  RtlCopyMemory(AccessToken->Privileges,
547  Token->Privileges,
548  AccessToken->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
549  }
550 
551  /* Copy the user and groups */
552  AccessToken->UserAndGroupCount = 0;
553  AccessToken->UserAndGroups = NULL;
554  if (Token->UserAndGroups && (Token->UserAndGroupCount > 0))
555  {
556  AccessToken->UserAndGroupCount = Token->UserAndGroupCount;
557  AccessToken->UserAndGroups = EndMem;
558  EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
559  VariableLength -= ((ULONG_PTR)EndMem - (ULONG_PTR)AccessToken->UserAndGroups);
560 
562  Token->UserAndGroups,
563  VariableLength,
564  AccessToken->UserAndGroups,
565  EndMem,
566  &EndMem,
567  &VariableLength);
568  if (!NT_SUCCESS(Status))
569  {
570  DPRINT1("RtlCopySidAndAttributesArray(UserAndGroups) failed (Status 0x%lx)\n", Status);
571  goto Quit;
572  }
573  }
574 
575  /* Find the token primary group */
577  Token->PrimaryGroup,
578  NULL,
579  &PrimaryGroupIndex,
580  NULL);
581  if (!NT_SUCCESS(Status))
582  {
583  DPRINT1("SepFindPrimaryGroupAndDefaultOwner failed (Status 0x%lx)\n", Status);
584  goto Quit;
585  }
586 
587  AccessToken->PrimaryGroup = AccessToken->UserAndGroups[PrimaryGroupIndex].Sid;
588  AccessToken->DefaultOwnerIndex = Token->DefaultOwnerIndex;
589 
590  /* Copy the restricted SIDs */
591  AccessToken->RestrictedSidCount = 0;
592  AccessToken->RestrictedSids = NULL;
593  if (Token->RestrictedSids && (Token->RestrictedSidCount > 0))
594  {
595  AccessToken->RestrictedSidCount = Token->RestrictedSidCount;
596  AccessToken->RestrictedSids = EndMem;
597  EndMem = &AccessToken->RestrictedSids[AccessToken->RestrictedSidCount];
598  VariableLength -= ((ULONG_PTR)EndMem - (ULONG_PTR)AccessToken->RestrictedSids);
599 
601  Token->RestrictedSids,
602  VariableLength,
603  AccessToken->RestrictedSids,
604  EndMem,
605  &EndMem,
606  &VariableLength);
607  if (!NT_SUCCESS(Status))
608  {
609  DPRINT1("RtlCopySidAndAttributesArray(RestrictedSids) failed (Status 0x%lx)\n", Status);
610  goto Quit;
611  }
612  }
613 
614  /*
615  * Filter the token by removing the disabled privileges
616  * and groups if the caller wants to duplicate an access
617  * token as effective only.
618  */
619  if (EffectiveOnly)
620  {
621  /* Begin querying the groups and search for disabled ones */
622  for (GroupsIndex = 0; GroupsIndex < AccessToken->UserAndGroupCount; GroupsIndex++)
623  {
624  /*
625  * A group or user is considered disabled if its attributes is either
626  * 0 or SE_GROUP_ENABLED is not included in the attributes flags list.
627  * That is because a certain user and/or group can have several attributes
628  * that bear no influence on whether a user/group is enabled or not
629  * (SE_GROUP_ENABLED_BY_DEFAULT for example which is a mere indicator
630  * that the group has just been enabled by default). A mandatory
631  * group (that is, the group has SE_GROUP_MANDATORY attribute)
632  * by standards it's always enabled and no one can disable it.
633  */
634  if (AccessToken->UserAndGroups[GroupsIndex].Attributes == 0 ||
635  (AccessToken->UserAndGroups[GroupsIndex].Attributes & SE_GROUP_ENABLED) == 0)
636  {
637  /*
638  * If this group is an administrators group
639  * and the token belongs to such group,
640  * we've to take away TOKEN_HAS_ADMIN_GROUP
641  * for the fact that's not enabled and as
642  * such the token no longer belongs to
643  * this group.
644  */
646  &AccessToken->UserAndGroups[GroupsIndex].Sid))
647  {
648  AccessToken->TokenFlags &= ~TOKEN_HAS_ADMIN_GROUP;
649  }
650 
651  /*
652  * A group is not enabled, it's time to remove
653  * from the token and update the groups index
654  * accordingly and continue with the next group.
655  */
656  SepRemoveUserGroupToken(AccessToken, GroupsIndex);
657  GroupsIndex--;
658  }
659  }
660 
661  /* Begin querying the privileges and search for disabled ones */
662  for (PrivilegesIndex = 0; PrivilegesIndex < AccessToken->PrivilegeCount; PrivilegesIndex++)
663  {
664  /*
665  * A privilege is considered disabled if its attributes is either
666  * 0 or SE_PRIVILEGE_ENABLED is not included in the attributes flags list.
667  * That is because a certain privilege can have several attributes
668  * that bear no influence on whether a privilege is enabled or not
669  * (SE_PRIVILEGE_ENABLED_BY_DEFAULT for example which is a mere indicator
670  * that the privilege has just been enabled by default).
671  */
672  if (AccessToken->Privileges[PrivilegesIndex].Attributes == 0 ||
673  (AccessToken->Privileges[PrivilegesIndex].Attributes & SE_PRIVILEGE_ENABLED) == 0)
674  {
675  /*
676  * A privilege is not enabled, therefor it's time
677  * to strip it from the token and continue with the next
678  * privilege. Of course we must also want to update the
679  * privileges index accordingly.
680  */
681  SepRemovePrivilegeToken(AccessToken, PrivilegesIndex);
682  PrivilegesIndex--;
683  }
684  }
685  }
686 
687  //
688  // NOTE: So far our dynamic area only contains
689  // the default dacl, so this makes the following
690  // code pretty simple. The day where it stores
691  // other data, the code will require adaptations.
692  //
693 
694  /* Now allocate the token's dynamic information area and set the data */
695  AccessToken->DynamicAvailable = 0; // Unused memory in the dynamic area.
696  AccessToken->DynamicPart = NULL;
697  if (Token->DynamicPart && Token->DefaultDacl)
698  {
700  Token->DefaultDacl->AclSize,
702  if (AccessToken->DynamicPart == NULL)
703  {
705  goto Quit;
706  }
707 
708  EndMem = (PVOID)AccessToken->DynamicPart;
709  AccessToken->DefaultDacl = EndMem;
710 
711  RtlCopyMemory(AccessToken->DefaultDacl,
712  Token->DefaultDacl,
713  Token->DefaultDacl->AclSize);
714  }
715 
716  /* Return the token to the caller */
717  *NewAccessToken = AccessToken;
719 
720 Quit:
721  if (!NT_SUCCESS(Status))
722  {
723  /* Dereference the token, the delete procedure will clean it up */
724  ObDereferenceObject(AccessToken);
725  }
726 
727  /* Unlock the source token */
729 
730  return Status;
731 }
TOKEN_TYPE TokenType
Definition: setypes.h:239
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
NTSTATUS NTAPI SepRmInsertLogonSessionIntoToken(_Inout_ PTOKEN Token)
Inserts a logon session into an access token specified by the caller.
Definition: srm.c:368
LUID AuthenticationId
Definition: setypes.h:219
ULONG VariablePart
Definition: setypes.h:253
NTSYSAPI NTSTATUS NTAPI RtlCopySidAndAttributesArray(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src, _In_ ULONG SidAreaSize, _In_ PSID_AND_ATTRIBUTES Dest, _In_ PSID SidArea, _Out_ PSID *RemainingSidArea, _Out_ PULONG RemainingSidAreaSize)
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR Level
Definition: wmitypes.h:55
ULONG PrivilegeCount
Definition: setypes.h:228
NTSTATUS SepCreateTokenLock(_Inout_ PTOKEN Token)
Creates a lock for the token.
Definition: token.c:45
if(dx==0 &&dy==0)
Definition: linetemp.h:174
VOID SepRemoveUserGroupToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Removes a group from the token.
Definition: token.c:618
PLUID_AND_ATTRIBUTES Privileges
Definition: setypes.h:236
LUID ModifiedId
Definition: setypes.h:224
uint32_t ULONG_PTR
Definition: typedefs.h:65
ULONG TokenFlags
Definition: setypes.h:241
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
LUID SourceIdentifier
Definition: imports.h:279
ULONG DynamicAvailable
Definition: setypes.h:231
PACL DefaultDacl
Definition: setypes.h:238
#define PsGetCurrentProcess
Definition: psfuncs.h:17
NTSTATUS SepRmReferenceLogonSession(_Inout_ PLUID LogonLuid)
POBJECT_TYPE SeTokenObjectType
Definition: token.c:17
LUID ParentTokenId
Definition: setypes.h:220
ULONG DefaultOwnerIndex
Definition: setypes.h:232
PsGetCurrentThreadId
Definition: CrNtStubs.h:7
ULONG VariableLength
Definition: setypes.h:229
void * PVOID
Definition: retypes.h:9
ULONG SessionId
Definition: setypes.h:225
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:951
ULONG RestrictedSidCount
Definition: setypes.h:227
PULONG DynamicPart
Definition: setypes.h:237
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
PSID PrimaryGroup
Definition: setypes.h:235
LARGE_INTEGER ExpirationTime
Definition: setypes.h:221
#define ASSERT(a)
Definition: mode.c:44
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define SE_GROUP_ENABLED
Definition: setypes.h:92
#define ObDereferenceObject
Definition: obfuncs.h:203
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PSID_AND_ATTRIBUTES RestrictedSids
Definition: setypes.h:234
PSID SeAliasAdminsSid
Definition: sid.c:41
#define SepReleaseTokenLock(Token)
Definition: se.h:286
#define TAG_TOKEN_DYNAMIC
Definition: tag.h:155
VOID SepRemovePrivilegeToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Removes a privilege from the token.
Definition: token.c:582
CCHAR SourceName[TOKEN_SOURCE_LENGTH]
Definition: imports.h:278
#define TOKEN_HAS_ADMIN_GROUP
Definition: setypes.h:1178
ULONG UserAndGroupCount
Definition: setypes.h:226
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:335
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
LUID TokenId
Definition: setypes.h:218
#define min(a, b)
Definition: monoChain.cc:55
HANDLE NTAPI PsGetCurrentProcessId(VOID)
Definition: process.c:1123
#define NULL
Definition: types.h:112
#define TOKEN_DUPLICATE_METHOD
Definition: se.h:71
#define DPRINT1
Definition: precomp.h:8
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:240
#define SepAcquireTokenLockShared(Token)
Definition: se.h:280
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
#define ULONG_PTR
Definition: config.h:101
#define ALIGN_UP_BY(size, align)
PSID_AND_ATTRIBUTES UserAndGroups
Definition: setypes.h:233
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define STATUS_SUCCESS
Definition: shellext.h:65
TOKEN_SOURCE TokenSource
Definition: setypes.h:217
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:401
#define TOKEN_SESSION_NOT_REFERENCED
Definition: setypes.h:1180
NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Finds the primary group and default owner entity based on the submitted primary group instance and an...
Definition: token.c:870
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:401
#define PAGED_CODE()
LUID OriginatingLogonSession
Definition: setypes.h:246

Referenced by NtDuplicateToken(), NtOpenThreadTokenEx(), SeCopyClientToken(), and SeSubProcessToken().

◆ SepFindPrimaryGroupAndDefaultOwner()

NTSTATUS SepFindPrimaryGroupAndDefaultOwner ( _In_ PTOKEN  Token,
_In_ PSID  PrimaryGroup,
_In_opt_ PSID  DefaultOwner,
_Out_opt_ PULONG  PrimaryGroupIndex,