ReactOS  0.4.15-dev-3723-g8d70159
se.h File Reference

Go to the source code of this file.

Classes

struct  _KNOWN_ACE
 
struct  _KNOWN_OBJECT_ACE
 
struct  _KNOWN_COMPOUND_ACE
 
struct  _TOKEN_AUDIT_POLICY_INFORMATION
 

Macros

#define SepAcquireTokenLockExclusive(Token)
 
#define SepAcquireTokenLockShared(Token)
 
#define SepReleaseTokenLock(Token)
 

Typedefs

typedef struct _KNOWN_ACE KNOWN_ACE
 
typedef struct _KNOWN_ACEPKNOWN_ACE
 
typedef struct _KNOWN_OBJECT_ACE KNOWN_OBJECT_ACE
 
typedef struct _KNOWN_OBJECT_ACEPKNOWN_OBJECT_ACE
 
typedef struct _KNOWN_COMPOUND_ACE KNOWN_COMPOUND_ACE
 
typedef struct _KNOWN_COMPOUND_ACEPKNOWN_COMPOUND_ACE
 
typedef struct _TOKEN_AUDIT_POLICY_INFORMATION TOKEN_AUDIT_POLICY_INFORMATION
 
typedef struct _TOKEN_AUDIT_POLICY_INFORMATIONPTOKEN_AUDIT_POLICY_INFORMATION
 

Functions

FORCEINLINE PSID SepGetGroupFromDescriptor (_Inout_ PVOID _Descriptor)
 
FORCEINLINE PSID SepGetOwnerFromDescriptor (_Inout_ PVOID _Descriptor)
 
FORCEINLINE PACL SepGetDaclFromDescriptor (_Inout_ PVOID _Descriptor)
 
FORCEINLINE PACL SepGetSaclFromDescriptor (_Inout_ PVOID _Descriptor)
 
BOOLEAN NTAPI SepTokenIsOwner (_In_ PACCESS_TOKEN _Token, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ BOOLEAN TokenLocked)
 Checks if a token belongs to the main user, being the owner. More...
 
BOOLEAN NTAPI SepSidInToken (_In_ PACCESS_TOKEN _Token, _In_ PSID Sid)
 Checks if a SID is present in a token. More...
 
BOOLEAN NTAPI SepSidInTokenEx (_In_ PACCESS_TOKEN _Token, _In_ PSID PrincipalSelfSid, _In_ PSID _Sid, _In_ BOOLEAN Deny, _In_ BOOLEAN Restricted)
 Checks if a SID is present in a token. More...
 
BOOLEAN NTAPI SeTokenCanImpersonate (_In_ PTOKEN ProcessToken, _In_ PTOKEN TokenToImpersonate, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
 Ensures that client impersonation can occur by checking if the token we're going to assign as the impersonation token can be actually impersonated in the first place. The routine is used primarily by PsImpersonateClient. More...
 
BOOLEAN NTAPI SeInitSystem (VOID)
 Main security manager initialization function. More...
 
VOID NTAPI SepInitPrivileges (VOID)
 Initializes the privileges during the startup phase of the security manager module. This function serves as a placeholder as it currently does nothing. More...
 
BOOLEAN NTAPI SepInitSecurityIDs (VOID)
 Initializes all the SIDs known in the system. More...
 
BOOLEAN NTAPI SepInitDACLs (VOID)
 Initializes known discretionary access control lists in the system upon kernel and Executive initialization procedure. More...
 
BOOLEAN NTAPI SepInitSDs (VOID)
 Initializes the known security descriptors in the system. More...
 
BOOLEAN NTAPI SeRmInitPhase0 (VOID)
 Manages the phase 0 initialization of the security reference monitoring module of the kernel. More...
 
BOOLEAN NTAPI SeRmInitPhase1 (VOID)
 Manages the phase 1 initialization of the security reference monitoring module of the kernel. More...
 
VOID NTAPI SeDeassignPrimaryToken (_Inout_ PEPROCESS Process)
 Removes the primary token of a process. More...
 
NTSTATUS NTAPI SeSubProcessToken (_In_ PTOKEN Parent, _Out_ PTOKEN *Token, _In_ BOOLEAN InUse, _In_ ULONG SessionId)
 Subtracts a token in exchange of duplicating a new one. More...
 
NTSTATUS NTAPI SeInitializeProcessAuditName (_In_ PFILE_OBJECT FileObject, _In_ BOOLEAN DoAudit, _Out_ POBJECT_NAME_INFORMATION *AuditInfo)
 Initializes a process audit name and returns it to the caller. More...
 
NTSTATUS NTAPI SeCreateAccessStateEx (_In_ PETHREAD Thread, _In_ PEPROCESS Process, _In_ OUT PACCESS_STATE AccessState, _In_ PAUX_ACCESS_DATA AuxData, _In_ ACCESS_MASK Access, _In_ PGENERIC_MAPPING GenericMapping)
 
NTSTATUS NTAPI SeIsTokenChild (_In_ PTOKEN Token, _Out_ PBOOLEAN IsChild)
 Checks if the token is a child of the other token of the current process that the calling thread is invoking this function. More...
 
NTSTATUS NTAPI SeIsTokenSibling (_In_ PTOKEN Token, _Out_ PBOOLEAN IsSibling)
 Checks if the token is a sibling of the other token of the current process that the calling thread is invoking this function. More...
 
NTSTATUS NTAPI SepCreateImpersonationTokenDacl (_In_ PTOKEN Token, _In_ PTOKEN PrimaryToken, _Out_ PACL *Dacl)
 Allocates a discretionary access control list based on certain properties of a regular and primary access tokens. More...
 
NTSTATUS NTAPI SepRmInsertLogonSessionIntoToken (_Inout_ PTOKEN Token)
 Inserts a logon session into an access token specified by the caller. More...
 
NTSTATUS NTAPI SepRmRemoveLogonSessionFromToken (_Inout_ PTOKEN Token)
 Removes a logon session from an access token. More...
 
VOID NTAPI SepInitializeTokenImplementation (VOID)
 Internal function that initializes critical kernel data for access token implementation in SRM. More...
 
PTOKEN NTAPI SepCreateSystemProcessToken (VOID)
 Creates the system process token. More...
 
PTOKEN SepCreateSystemAnonymousLogonToken (VOID)
 Creates the anonymous logon token for the system. The difference between this token and the other one is the inclusion of everyone SID group (being SeWorldSid). The other token lacks such group. More...
 
PTOKEN SepCreateSystemAnonymousLogonTokenNoEveryone (VOID)
 Creates the anonymous logon token for the system. This kind of token doesn't include the everyone SID group (being SeWorldSid). More...
 
BOOLEAN NTAPI SeDetailedAuditingWithToken (_In_ PTOKEN Token)
 Peforms a detailed security auditing with an access token. More...
 
VOID NTAPI SeAuditProcessExit (_In_ PEPROCESS Process)
 Peforms a security auditing against a process that is about to be terminated. More...
 
VOID NTAPI SeAuditProcessCreate (_In_ PEPROCESS Process)
 Peforms a security auditing against a process that is about to be created. More...
 
NTSTATUS NTAPI SeExchangePrimaryToken (_In_ PEPROCESS Process, _In_ PACCESS_TOKEN NewAccessToken, _Out_ PACCESS_TOKEN *OldAccessToken)
 Replaces the old access token of a process (pointed by the EPROCESS kernel structure) with a new access token. The new access token must be a primary token for use. More...
 
VOID NTAPI SeCaptureSubjectContextEx (_In_ PETHREAD Thread, _In_ PEPROCESS Process, _Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
 An extended function that captures the security subject context based upon the specified thread and process. More...
 
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray (_In_ PLUID_AND_ATTRIBUTES Src, _In_ ULONG PrivilegeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_ PLUID_AND_ATTRIBUTES AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PLUID_AND_ATTRIBUTES *Dest, _Inout_ PULONG Length)
 
VOID NTAPI SeReleaseLuidAndAttributesArray (_In_ PLUID_AND_ATTRIBUTES Privilege, _In_ KPROCESSOR_MODE PreviousMode, _In_ BOOLEAN CaptureIfKernel)
 Releases a LUID with attributes structure. More...
 
BOOLEAN NTAPI SepPrivilegeCheck (_In_ PTOKEN Token, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_ ULONG PrivilegeCount, _In_ ULONG PrivilegeControl, _In_ KPROCESSOR_MODE PreviousMode)
 Checks the privileges pointed by Privileges array argument if they exist and match with the privileges from an access token. More...
 
NTSTATUS NTAPI SePrivilegePolicyCheck (_Inout_ PACCESS_MASK DesiredAccess, _Inout_ PACCESS_MASK GrantedAccess, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PTOKEN Token, _Out_opt_ PPRIVILEGE_SET *OutPrivilegeSet, _In_ KPROCESSOR_MODE PreviousMode)
 Checks the security policy and returns a set of privileges based upon the said security policy context. More...
 
BOOLEAN NTAPI SeCheckPrivilegedObject (_In_ LUID PrivilegeValue, _In_ HANDLE ObjectHandle, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE PreviousMode)
 Checks a privileged object if such object has the specific privilege submitted by the caller. More...
 
NTSTATUS NTAPI SepDuplicateToken (_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
 Duplicates an access token, from an existing valid token. More...
 
NTSTATUS NTAPI SepCaptureSecurityQualityOfService (_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, _Out_ PBOOLEAN Present)
 Captures the security quality of service data given the object attributes from an object. More...
 
VOID NTAPI SepReleaseSecurityQualityOfService (_In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
 Releases (frees) the captured SQOS data from an object in the memory pool. More...
 
NTSTATUS NTAPI SepCaptureSid (_In_ PSID InputSid, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID *CapturedSid)
 Captures a SID. More...
 
VOID NTAPI SepReleaseSid (_In_ PSID CapturedSid, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
 Releases a captured SID. More...
 
NTSTATUS NTAPI SeCaptureSidAndAttributesArray (_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
 Captures a SID with attributes. More...
 
VOID NTAPI SeReleaseSidAndAttributesArray (_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
 Releases a captured SID with attributes. More...
 
NTSTATUS NTAPI SeComputeQuotaInformationSize (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PULONG QuotaInfoSize)
 
NTSTATUS NTAPI SepCaptureAcl (_In_ PACL InputAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PACL *CapturedAcl)
 Captures an access control list from an already valid input ACL. More...
 
VOID NTAPI SepReleaseAcl (_In_ PACL CapturedAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
 Releases (frees) a captured ACL from the memory pool. More...
 
NTSTATUS SepPropagateAcl (_Out_writes_bytes_opt_(DaclLength) PACL AclDest, _Inout_ PULONG AclLength, _In_reads_bytes_(AclSource->AclSize) PACL AclSource, _In_ PSID Owner, _In_ PSID Group, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
 
PACL SepSelectAcl (_In_opt_ PACL ExplicitAcl, _In_ BOOLEAN ExplicitPresent, _In_ BOOLEAN ExplicitDefaulted, _In_opt_ PACL ParentAcl, _In_opt_ PACL DefaultAcl, _Out_ PULONG AclLength, _In_ PSID Owner, _In_ PSID Group, _Out_ PBOOLEAN AclPresent, _Out_ PBOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
 Selects an ACL and returns it to the caller. More...
 
NTSTATUS NTAPI SeDefaultObjectMethod (_In_ PVOID Object, _In_ SECURITY_OPERATION_CODE OperationType, _In_ PSECURITY_INFORMATION SecurityInformation, _Inout_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_opt_ PULONG ReturnLength, _Inout_opt_ PSECURITY_DESCRIPTOR *OldSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
 
NTSTATUS NTAPI SeSetWorldSecurityDescriptor (_In_ SECURITY_INFORMATION SecurityInformation, _In_ PISECURITY_DESCRIPTOR SecurityDescriptor, _In_ PULONG BufferLength)
 Sets a "World" security descriptor. More...
 
NTSTATUS NTAPI SeCopyClientToken (_In_ PACCESS_TOKEN Token, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PACCESS_TOKEN *NewToken)
 Copies an existing access token (technically duplicating a new one). More...
 
NTSTATUS NTAPI SepRegQueryHelper (_In_ PCWSTR KeyName, _In_ PCWSTR ValueName, _In_ ULONG ValueType, _In_ ULONG DataLength, _Out_ PVOID ValueData)
 A private registry helper that returns the desired value data based on the specifics requested by the caller. More...
 
VOID NTAPI SeQuerySecurityAccessMask (_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess)
 Queries the access mask from a security information context. More...
 
VOID NTAPI SeSetSecurityAccessMask (_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess)
 Sets the access mask for a security information context. More...
 
BOOLEAN NTAPI SeFastTraverseCheck (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PACCESS_STATE AccessState, _In_ ACCESS_MASK DesiredAccess, _In_ KPROCESSOR_MODE AccessMode)
 Determines whether security access rights can be given to an object depending on the security descriptor. Unlike the regular access check procedure in the NT kernel, the fast traverse check is a faster way to quickly check if access can be made into an object. More...
 
BOOLEAN NTAPI SeCheckAuditPrivilege (_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
 Checks a single privilege and performs an audit against a privileged service based on a security subject context. More...
 
VOID NTAPI SePrivilegedServiceAuditAlarm (_In_opt_ PUNICODE_STRING ServiceName, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN AccessGranted)
 Performs an audit alarm to a privileged service request. More...
 
NTSTATUS SepRmReferenceLogonSession (_Inout_ PLUID LogonLuid)
 
NTSTATUS SepRmDereferenceLogonSession (_Inout_ PLUID LogonLuid)
 
NTSTATUS NTAPI SeGetLogonIdDeviceMap (_In_ PLUID LogonId, _Out_ PDEVICE_MAP *DeviceMap)
 Retrieves the DOS device map from a logon session. More...
 

Variables

SID_IDENTIFIER_AUTHORITY SeNullSidAuthority
 
SID_IDENTIFIER_AUTHORITY SeWorldSidAuthority
 
SID_IDENTIFIER_AUTHORITY SeLocalSidAuthority
 
SID_IDENTIFIER_AUTHORITY SeCreatorSidAuthority
 
SID_IDENTIFIER_AUTHORITY SeNtSidAuthority
 
PSID SeNullSid
 
PSID SeWorldSid
 
PSID SeLocalSid
 
PSID SeCreatorOwnerSid
 
PSID SeCreatorGroupSid
 
PSID SeCreatorOwnerServerSid
 
PSID SeCreatorGroupServerSid
 
PSID SeNtAuthoritySid
 
PSID SeDialupSid
 
PSID SeNetworkSid
 
PSID SeBatchSid
 
PSID SeInteractiveSid
 
PSID SeServiceSid
 
PSID SeAnonymousLogonSid
 
PSID SePrincipalSelfSid
 
PSID SeLocalSystemSid
 
PSID SeAuthenticatedUserSid
 
PSID SeRestrictedCodeSid
 
PSID SeAliasAdminsSid
 
PSID SeAliasUsersSid
 
PSID SeAliasGuestsSid
 
PSID SeAliasPowerUsersSid
 
PSID SeAliasAccountOpsSid
 
PSID SeAliasSystemOpsSid
 
PSID SeAliasPrintOpsSid
 
PSID SeAliasBackupOpsSid
 
PSID SeAuthenticatedUsersSid
 
PSID SeRestrictedSid
 
PSID SeLocalServiceSid
 
PSID SeNetworkServiceSid
 
const LUID SeCreateTokenPrivilege
 
const LUID SeAssignPrimaryTokenPrivilege
 
const LUID SeLockMemoryPrivilege
 
const LUID SeIncreaseQuotaPrivilege
 
const LUID SeUnsolicitedInputPrivilege
 
const LUID SeTcbPrivilege
 
const LUID SeSecurityPrivilege
 
const LUID SeTakeOwnershipPrivilege
 
const LUID SeLoadDriverPrivilege
 
const LUID SeSystemProfilePrivilege
 
const LUID SeSystemtimePrivilege
 
const LUID SeProfileSingleProcessPrivilege
 
const LUID SeIncreaseBasePriorityPrivilege
 
const LUID SeCreatePagefilePrivilege
 
const LUID SeCreatePermanentPrivilege
 
const LUID SeBackupPrivilege
 
const LUID SeRestorePrivilege
 
const LUID SeShutdownPrivilege
 
const LUID SeDebugPrivilege
 
const LUID SeAuditPrivilege
 
const LUID SeSystemEnvironmentPrivilege
 
const LUID SeChangeNotifyPrivilege
 
const LUID SeRemoteShutdownPrivilege
 
const LUID SeUndockPrivilege
 
const LUID SeSyncAgentPrivilege
 
const LUID SeEnableDelegationPrivilege
 
const LUID SeManageVolumePrivilege
 
const LUID SeImpersonatePrivilege
 
const LUID SeCreateGlobalPrivilege
 
const LUID SeTrustedCredmanPrivilege
 
const LUID SeRelabelPrivilege
 
const LUID SeIncreaseWorkingSetPrivilege
 
const LUID SeTimeZonePrivilege
 
const LUID SeCreateSymbolicLinkPrivilege
 
PACL SePublicDefaultUnrestrictedDacl
 
PACL SePublicOpenDacl
 
PACL SePublicOpenUnrestrictedDacl
 
PACL SeUnrestrictedDacl
 
PACL SeSystemAnonymousLogonDacl
 
PSECURITY_DESCRIPTOR SePublicDefaultSd
 
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
 
PSECURITY_DESCRIPTOR SePublicOpenSd
 
PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
 
PSECURITY_DESCRIPTOR SeSystemDefaultSd
 
PSECURITY_DESCRIPTOR SeUnrestrictedSd
 
PSECURITY_DESCRIPTOR SeSystemAnonymousLogonSd
 
PTOKEN SeAnonymousLogonToken
 
PTOKEN SeAnonymousLogonTokenNoEveryone
 

Macro Definition Documentation

◆ SepAcquireTokenLockExclusive

#define SepAcquireTokenLockExclusive (   Token)
Value:
{ \
KeEnterCriticalRegion(); \
ExAcquireResourceExclusiveLite(((PTOKEN)Token)->TokenLock, TRUE); \
}
#define TRUE
Definition: types.h:120
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token

Definition at line 220 of file se.h.

◆ SepAcquireTokenLockShared

#define SepAcquireTokenLockShared (   Token)
Value:
{ \
KeEnterCriticalRegion(); \
ExAcquireResourceSharedLite(((PTOKEN)Token)->TokenLock, TRUE); \
}
#define TRUE
Definition: types.h:120
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token

Definition at line 225 of file se.h.

◆ SepReleaseTokenLock

#define SepReleaseTokenLock (   Token)
Value:
{ \
ExReleaseResourceLite(((PTOKEN)Token)->TokenLock); \
KeLeaveCriticalRegion(); \
}
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token

Definition at line 231 of file se.h.

Typedef Documentation

◆ KNOWN_ACE

◆ KNOWN_COMPOUND_ACE

◆ KNOWN_OBJECT_ACE

◆ PKNOWN_ACE

◆ PKNOWN_COMPOUND_ACE

◆ PKNOWN_OBJECT_ACE

◆ PTOKEN_AUDIT_POLICY_INFORMATION

◆ TOKEN_AUDIT_POLICY_INFORMATION

Function Documentation

◆ SeAuditProcessCreate()

VOID NTAPI SeAuditProcessCreate ( _In_ PEPROCESS  Process)

Peforms a security auditing against a process that is about to be created.

@unimplemented

Parameters
[in]ProcessAn object that points to a process which is in process of creation.
Returns
Nothing.

Definition at line 56 of file audit.c.

58 {
59  /* FIXME */
60 }

Referenced by PspCreateProcess().

◆ SeAuditProcessExit()

VOID NTAPI SeAuditProcessExit ( _In_ PEPROCESS  Process)

Peforms a security auditing against a process that is about to be terminated.

@unimplemented

Parameters
[in]ProcessAn object that points to a process which is in process of termination.
Returns
Nothing.

Definition at line 77 of file audit.c.

79 {
80  /* FIXME */
81 }

Referenced by PspExitThread().

◆ SeCaptureLuidAndAttributesArray()

NTSTATUS NTAPI SeCaptureLuidAndAttributesArray ( _In_ PLUID_AND_ATTRIBUTES  Src,
_In_ ULONG  PrivilegeCount,
_In_ KPROCESSOR_MODE  PreviousMode,
_In_ PLUID_AND_ATTRIBUTES  AllocatedMem,
_In_ ULONG  AllocatedLength,
_In_ POOL_TYPE  PoolType,
_In_ BOOLEAN  CaptureIfKernel,
_Out_ PLUID_AND_ATTRIBUTES Dest,
_Inout_ PULONG  Length 
)

◆ SeCaptureSidAndAttributesArray()

NTSTATUS NTAPI SeCaptureSidAndAttributesArray ( _In_ PSID_AND_ATTRIBUTES  SrcSidAndAttributes,
_In_ ULONG  AttributeCount,
_In_ KPROCESSOR_MODE  PreviousMode,
_In_opt_ PVOID  AllocatedMem,
_In_ ULONG  AllocatedLength,
_In_ POOL_TYPE  PoolType,
_In_ BOOLEAN  CaptureIfKernel,
_Out_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes,
_Out_ PULONG  ResultLength 
)

Captures a SID with attributes.

Parameters
[in]SrcSidAndAttributesSource of the SID with attributes to be captured.
[in]AttributeCountThe number count of attributes, in total.
[in]PreviousModeProcessor access level mode.
[in]AllocatedMemThe allocated memory buffer for the captured SID. If the caller supplies no allocated block of memory then the function will allocate some buffer block of memory for the captured SID automatically.
[in]AllocatedLengthThe length of the buffer that points to the allocated memory, in bytes.
[in]PoolTypeThe pool type for the captured SID and attributes to assign.
[in]CaptureIfKernelIf set to TRUE, the capturing is done within the kernel. Otherwise the capturing is done in a kernel mode driver.
[out]CapturedSidAndAttributesThe captured SID and attributes.
[out]ResultLengthThe length of the captured SID and attributes, in bytes.
Returns
Returns STATUS_SUCCESS if SID and attributes capturing has been completed successfully. STATUS_INVALID_PARAMETER is returned if the count of attributes exceeds the maximum threshold that the kernel can permit, with the purpose of avoiding integer overflows. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the captured SID has failed. STATUS_BUFFER_TOO_SMALL is returned if the length of the allocated buffer is less than the required size. STATUS_INVALID_SID is returned if a SID doesn't meet certain requirements to be considered a valid SID by the security manager. A failure NTSTATUS code is returned otherwise.
Remarks
A security identifier (SID) is a variable-length data structure that can change in size over time, depending on the factors that influence this effect in question. An attacker can take advantage of this fact and can potentially modify certain properties of a SID making it different in size than it was originally before. This is what we'd call, a TOCTOU vulnerability.

For this reason, the logic of copying the SIDs and their attributes into a new buffer goes like this: first, allocate a buffer array that just holds the lengths and subauthority count of each SID. Such information is copied in the first loop. Then in a second loop, iterate over the array with SID provided and copy them into the final array. The moment we're doing this, validate the lengths of each SID basing upon the captured lengths we've got before. In this way we ensure that the SIDs have remained intact. The validation checks are done in user mode as a general rule that we just cannot trust UM and whatever data is coming from it.

Definition at line 485 of file sid.c.

495 {
496  ULONG ArraySize, RequiredLength, SidLength, i;
497  ULONG TempArrayValidate, TempLengthValidate;
498  PSID_AND_ATTRIBUTES SidAndAttributes;
499  _SEH2_VOLATILE PSID_VALIDATE ValidateArray;
500  PUCHAR CurrentDest;
501  PISID Sid;
503  PAGED_CODE();
504 
505  ValidateArray = NULL;
506  SidAndAttributes = NULL;
507  *CapturedSidAndAttributes = NULL;
508  *ResultLength = 0;
509 
510  if (AttributeCount == 0)
511  {
512  return STATUS_SUCCESS;
513  }
514 
515  if (AttributeCount > SE_MAXIMUM_GROUP_LIMIT)
516  {
517  DPRINT1("SeCaptureSidAndAttributesArray(): Maximum group limit exceeded!\n");
519  }
520 
521  if ((PreviousMode == KernelMode) && !CaptureIfKernel)
522  {
523  *CapturedSidAndAttributes = SrcSidAndAttributes;
524  return STATUS_SUCCESS;
525  }
526 
527  ArraySize = AttributeCount * sizeof(SID_AND_ATTRIBUTES);
528  RequiredLength = ALIGN_UP_BY(ArraySize, sizeof(ULONG));
529 
530  if (PreviousMode != KernelMode)
531  {
532  /* Check for user mode data */
533  _SEH2_TRY
534  {
535  /* First probe the whole array */
536  ProbeForRead(SrcSidAndAttributes, ArraySize, sizeof(ULONG));
537 
538  /* We're in user mode, set up the size for the temporary array */
539  TempArrayValidate = AttributeCount * sizeof(SID_VALIDATE);
540  TempLengthValidate = ALIGN_UP_BY(TempArrayValidate, sizeof(ULONG));
541 
542  /*
543  * Allocate a buffer for the array that we're going to
544  * temporarily hold the subauthority count and the SID
545  * elements. We'll be going to use this array to perform
546  * validation checks later.
547  */
549  TempLengthValidate,
551 
552  /* Loop the array elements */
553  for (i = 0; i < AttributeCount; i++)
554  {
555  /* Get the SID and probe the minimal structure */
556  Sid = SrcSidAndAttributes[i].Sid;
557  ProbeForRead(Sid, sizeof(*Sid), sizeof(ULONG));
558 
559  /*
560  * Capture the subauthority count and hold it
561  * into the temporary array for later validation.
562  * This way we ensure that the said count of each
563  * SID has remained the same.
564  */
565  ValidateArray[i].SubAuthorityCount = Sid->SubAuthorityCount;
566 
567  /* Capture the SID */
568  ValidateArray[i].ProbeSid = Sid;
569 
570  /* Calculate the SID length and probe the full SID */
571  SidLength = RtlLengthRequiredSid(ValidateArray[i].SubAuthorityCount);
572  ProbeForRead(ValidateArray[i].ProbeSid, SidLength, sizeof(ULONG));
573 
574  /* Add the aligned length to the required length */
575  RequiredLength += ALIGN_UP_BY(SidLength, sizeof(ULONG));
576  }
577  }
579  {
581  _SEH2_YIELD(goto Cleanup);
582  }
583  _SEH2_END;
584  }
585  else
586  {
587  /* Loop the array elements */
588  for (i = 0; i < AttributeCount; i++)
589  {
590  /* Get the SID and it's length */
591  Sid = SrcSidAndAttributes[i].Sid;
593 
594  /* Add the aligned length to the required length */
595  RequiredLength += ALIGN_UP_BY(SidLength, sizeof(ULONG));
596  }
597  }
598 
599  /* Assume success */
602 
603  /* Check if we have no buffer */
604  if (AllocatedMem == NULL)
605  {
606  /* Allocate a new buffer */
607  SidAndAttributes = ExAllocatePoolWithTag(PoolType,
610  if (SidAndAttributes == NULL)
611  {
612  DPRINT1("SeCaptureSidAndAttributesArray(): Failed to allocate memory for SID and attributes array (requested size -> %lu)!\n", RequiredLength);
614  goto Cleanup;
615  }
616  }
617  /* Otherwise check if the buffer is large enough */
618  else if (AllocatedLength >= RequiredLength)
619  {
620  /* Buffer is large enough, use it */
621  SidAndAttributes = AllocatedMem;
622  }
623  else
624  {
625  /* Buffer is too small, fail */
626  DPRINT1("SeCaptureSidAndAttributesArray(): The provided buffer is small (expected size -> %lu || current size -> %lu)!\n", RequiredLength, AllocatedLength);
628  goto Cleanup;
629  }
630 
631  *CapturedSidAndAttributes = SidAndAttributes;
632 
633  /* Check again for user mode */
634  if (PreviousMode != KernelMode)
635  {
636  _SEH2_TRY
637  {
638  /* The rest of the data starts after the array */
639  CurrentDest = (PUCHAR)SidAndAttributes;
640  CurrentDest += ALIGN_UP_BY(ArraySize, sizeof(ULONG));
641 
642  /* Loop the array elements */
643  for (i = 0; i < AttributeCount; i++)
644  {
645  /*
646  * Get the SID length from the subauthority
647  * count we've captured before.
648  */
649  SidLength = RtlLengthRequiredSid(ValidateArray[i].SubAuthorityCount);
650 
651  /* Copy attributes */
652  SidAndAttributes[i].Attributes = SrcSidAndAttributes[i].Attributes;
653 
654  /* Copy the SID to the current destination address */
655  SidAndAttributes[i].Sid = (PSID)CurrentDest;
656  RtlCopyMemory(CurrentDest, ValidateArray[i].ProbeSid, SidLength);
657 
658  /* Obtain the SID we've captured before for validation */
659  Sid = SidAndAttributes[i].Sid;
660 
661  /* Validate that the subauthority count hasn't changed */
662  if (ValidateArray[i].SubAuthorityCount !=
664  {
665  /* It's changed, bail out */
666  DPRINT1("SeCaptureSidAndAttributesArray(): The subauthority counts have changed (captured count -> %u || current count -> %u)\n",
667  ValidateArray[i].SubAuthorityCount, Sid->SubAuthorityCount);
669  goto Cleanup;
670  }
671 
672  /* Validate that the SID length is the same */
673  if (SidLength != RtlLengthSid(Sid))
674  {
675  /* They're no longer the same, bail out */
676  DPRINT1("SeCaptureSidAndAttributesArray(): The SID lengths have changed (captured length -> %lu || current length -> %lu)\n",
677  SidLength, RtlLengthSid(Sid));
679  goto Cleanup;
680  }
681 
682  /* Check that the SID is valid */
683  if (!RtlValidSid(Sid))
684  {
685  DPRINT1("SeCaptureSidAndAttributesArray(): The SID is not valid!\n");
687  goto Cleanup;
688  }
689 
690  /* Update the current destination address */
691  CurrentDest += ALIGN_UP_BY(SidLength, sizeof(ULONG));
692  }
693  }
695  {
697  }
698  _SEH2_END;
699  }
700  else
701  {
702  /* The rest of the data starts after the array */
703  CurrentDest = (PUCHAR)SidAndAttributes;
704  CurrentDest += ALIGN_UP_BY(ArraySize, sizeof(ULONG));
705 
706  /* Loop the array elements */
707  for (i = 0; i < AttributeCount; i++)
708  {
709  /* Get the SID and it's length */
710  Sid = SrcSidAndAttributes[i].Sid;
712 
713  /* Copy attributes */
714  SidAndAttributes[i].Attributes = SrcSidAndAttributes[i].Attributes;
715 
716  /* Copy the SID to the current destination address */
717  SidAndAttributes[i].Sid = (PSID)CurrentDest;
718  RtlCopyMemory(CurrentDest, SrcSidAndAttributes[i].Sid, SidLength);
719 
720  /* Update the current destination address */
721  CurrentDest += ALIGN_UP_BY(SidLength, sizeof(ULONG));
722  }
723  }
724 
725 Cleanup:
726  /* Check for failure */
727  if (!NT_SUCCESS(Status))
728  {
729  /* Check if we allocated a new array */
730  if ((SidAndAttributes != AllocatedMem) && (SidAndAttributes != NULL))
731  {
732  /* Free the array */
733  ExFreePoolWithTag(SidAndAttributes, TAG_SID_AND_ATTRIBUTES);
734  }
735 
736  /* Set returned address to NULL */
737  *CapturedSidAndAttributes = NULL;
738  }
739 
740  /* Free the temporary validation array */
741  if ((PreviousMode != KernelMode) && (ValidateArray != NULL))
742  {
743  ExFreePoolWithTag(ValidateArray, TAG_SID_VALIDATE);
744  }
745 
746  return Status;
747 }
#define SE_MAXIMUM_GROUP_LIMIT
Definition: sid.c:16
#define TAG_SID_AND_ATTRIBUTES
Definition: tag.h:160
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
unsigned char * PUCHAR
Definition: retypes.h:3
LONG NTSTATUS
Definition: precomp.h:26
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
_SEH2_TRY
Definition: create.c:4226
struct _SID_VALIDATE SID_VALIDATE
ULONG NTAPI RtlLengthSid(IN PSID Sid_)
Definition: sid.c:150
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
#define STATUS_INVALID_SID
Definition: ntstatus.h:356
BOOLEAN NTAPI RtlValidSid(IN PSID Sid_)
Definition: sid.c:21
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
#define TAG_SID_VALIDATE
Definition: tag.h:161
struct _SID * PSID
Definition: eventlog.c:35
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
_In_ PSID_IDENTIFIER_AUTHORITY _In_ UCHAR SubAuthorityCount
Definition: rtlfuncs.h:1486
static const WCHAR Cleanup[]
Definition: register.c:80
#define _SEH2_VOLATILE
Definition: pseh2_64.h:169
_SEH2_END
Definition: create.c:4400
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
_In_ ULONG _Out_opt_ PULONG RequiredLength
Definition: wmifuncs.h:29
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
unsigned int ULONG
Definition: retypes.h:1
#define ALIGN_UP_BY(size, align)
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3776
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define POOL_RAISE_IF_ALLOCATION_FAILURE
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define PAGED_CODE()

Referenced by NtAdjustGroupsToken(), NtCreateToken(), and NtFilterToken().

◆ SeCaptureSubjectContextEx()

VOID NTAPI SeCaptureSubjectContextEx ( _In_ PETHREAD  Thread,
_In_ PEPROCESS  Process,
_Out_ PSECURITY_SUBJECT_CONTEXT  SubjectContext 
)

An extended function that captures the security subject context based upon the specified thread and process.

Parameters
[in]ThreadA thread where the calling thread's token is to be referenced for the security context.
[in]ProcessA process where the main process' token is to be referenced for the security context.
[out]SubjectContextThe returned security subject context.
Returns
Nothing.

Definition at line 390 of file access.c.

394 {
396 
397  PAGED_CODE();
398 
399  /* Save the unique ID */
400  SubjectContext->ProcessAuditId = Process->UniqueProcessId;
401 
402  /* Check if we have a thread */
403  if (!Thread)
404  {
405  /* We don't, so no token */
406  SubjectContext->ClientToken = NULL;
407  }
408  else
409  {
410  /* Get the impersonation token */
412  &CopyOnOpen,
413  &EffectiveOnly,
414  &SubjectContext->ImpersonationLevel);
415  }
416 
417  /* Get the primary token */
419 }
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
_Out_ PBOOLEAN CopyOnOpen
Definition: psfuncs.h:154
unsigned char BOOLEAN
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2652
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
PACCESS_TOKEN NTAPI PsReferenceImpersonationToken(IN PETHREAD Thread, OUT PBOOLEAN CopyOnOpen, OUT PBOOLEAN EffectiveOnly, OUT PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:849
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:401
#define PAGED_CODE()

Referenced by SeCaptureSubjectContext(), and SeCreateAccessStateEx().

◆ SeCheckAuditPrivilege()

BOOLEAN NTAPI SeCheckAuditPrivilege ( _In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext,
_In_ KPROCESSOR_MODE  PreviousMode 
)

Checks a single privilege and performs an audit against a privileged service based on a security subject context.

Parameters
[in]DesiredAccessSecurity subject context used for privileged service auditing.
[in]PreviousModeProcessor level access mode.
Returns
Returns TRUE if service auditing and privilege checking tests have succeeded, FALSE otherwise.

Definition at line 360 of file priv.c.

363 {
364  PRIVILEGE_SET PrivilegeSet;
365  BOOLEAN Result;
366  PAGED_CODE();
367 
368  /* Initialize the privilege set with the single privilege */
369  PrivilegeSet.PrivilegeCount = 1;
370  PrivilegeSet.Control = PRIVILEGE_SET_ALL_NECESSARY;
371  PrivilegeSet.Privilege[0].Luid = SeAuditPrivilege;
372  PrivilegeSet.Privilege[0].Attributes = 0;
373 
374  /* Check against the primary token! */
375  Result = SepPrivilegeCheck(SubjectContext->PrimaryToken,
376  &PrivilegeSet.Privilege[0],
377  1,
379  PreviousMode);
380 
381  if (PreviousMode != KernelMode)
382  {
385  &PrivilegeSet,
386  Result);
387  }
388 
389  return Result;
390 }
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
const LUID SeAuditPrivilege
Definition: priv.c:40
$ULONG Control
Definition: setypes.h:87
#define PRIVILEGE_SET_ALL_NECESSARY
Definition: setypes.h:83
unsigned char BOOLEAN
BOOLEAN NTAPI SepPrivilegeCheck(_In_ PTOKEN Token, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_ ULONG PrivilegeCount, _In_ ULONG PrivilegeControl, _In_ KPROCESSOR_MODE PreviousMode)
Checks the privileges pointed by Privileges array argument if they exist and match with the privilege...
Definition: priv.c:104
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
$ULONG PrivilegeCount
Definition: setypes.h:86
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
VOID NTAPI SePrivilegedServiceAuditAlarm(_In_opt_ PUNICODE_STRING ServiceName, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PPRIVILEGE_SET PrivilegeSet, _In_ BOOLEAN AccessGranted)
Performs an audit alarm to a privileged service request.
Definition: audit.c:369
#define NULL
Definition: types.h:112
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]
Definition: setypes.h:88
#define PAGED_CODE()

Referenced by NtCloseObjectAuditAlarm(), NtOpenObjectAuditAlarm(), NtPrivilegedServiceAuditAlarm(), and SepAccessCheckAndAuditAlarm().

◆ SeCheckPrivilegedObject()

BOOLEAN NTAPI SeCheckPrivilegedObject ( _In_ LUID  PrivilegeValue,
_In_ HANDLE  ObjectHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ KPROCESSOR_MODE  PreviousMode 
)

Checks a privileged object if such object has the specific privilege submitted by the caller.

Parameters
[in]PrivilegeValueA privilege to be checked against the one from the object.
[in]ObjectHandleA handle to any kind of object.
[in]DesiredAccessDesired access right mask requested by the caller.
[in]PreviousModeProcessor level access mode.
Returns
Returns TRUE if the privilege is present, FALSE otherwise.

Definition at line 803 of file priv.c.

808 {
810  PRIVILEGE_SET Priv;
811  BOOLEAN Result;
812 
813  PAGED_CODE();
814 
816 
817  Priv.PrivilegeCount = 1;
819  Priv.Privilege[0].Luid = PrivilegeValue;
821 
823  if (PreviousMode != KernelMode)
824  {
825 #if 0
826  SePrivilegeObjectAuditAlarm(ObjectHandle,
829  &PrivilegeValue,
830  Result,
831  PreviousMode);
832 #endif
833  }
834 
836 
837  return Result;
838 }
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
$ULONG Control
Definition: setypes.h:87
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
#define PRIVILEGE_SET_ALL_NECESSARY
Definition: setypes.h:83
unsigned char BOOLEAN
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
$ULONG PrivilegeCount
Definition: setypes.h:86
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
Definition: access.c:434
VOID NTAPI SePrivilegeObjectAuditAlarm(_In_ HANDLE Handle, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted, _In_ KPROCESSOR_MODE CurrentMode)
Raises an audit with alarm notification message when an object tries to acquire this privilege.
Definition: audit.c:1422
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
Definition: access.c:520
BOOLEAN NTAPI SePrivilegeCheck(_In_ PPRIVILEGE_SET Privileges, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a set of privileges exist and match within a security subject context.
Definition: priv.c:698
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]
Definition: setypes.h:88
#define PAGED_CODE()

Referenced by NtSetInformationProcess(), and NtSetInformationThread().

◆ SeComputeQuotaInformationSize()

NTSTATUS NTAPI SeComputeQuotaInformationSize ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_Out_ PULONG  QuotaInfoSize 
)

◆ SeCopyClientToken()

NTSTATUS NTAPI SeCopyClientToken ( _In_ PACCESS_TOKEN  Token,
_In_ SECURITY_IMPERSONATION_LEVEL  Level,
_In_ KPROCESSOR_MODE  PreviousMode,
_Out_ PACCESS_TOKEN NewToken 
)

Copies an existing access token (technically duplicating a new one).

Parameters
[in]TokenToken to copy.
[in]LevelImpersonation security level to assign to the newly copied token.
[in]PreviousModeProcessor request level mode.
[out]NewTokenThe newly copied token.
Returns
Returns STATUS_SUCCESS when token copying has finished successfully. A failure NTSTATUS code is returned otherwise.

Definition at line 1490 of file token.c.

1495 {
1496  NTSTATUS Status;
1498 
1499  PAGED_CODE();
1500 
1502  NULL,
1503  0,
1504  NULL,
1505  NULL);
1506 
1509  FALSE,
1511  Level,
1512  PreviousMode,
1513  (PTOKEN*)NewToken);
1514 
1515  return Status;
1516 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR Level
Definition: wmitypes.h:55
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Duplicates an access token, from an existing valid token.
Definition: token.c:995
#define FALSE
Definition: types.h:117
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define NULL
Definition: types.h:112
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
#define PAGED_CODE()

Referenced by PsImpersonateClient(), and SepCreateClientSecurity().

◆ SeCreateAccessStateEx()

NTSTATUS NTAPI SeCreateAccessStateEx ( _In_ PETHREAD  Thread,
_In_ PEPROCESS  Process,
_In_ OUT PACCESS_STATE  AccessState,
_In_ PAUX_ACCESS_DATA  AuxData,
_In_ ACCESS_MASK  Access,
_In_ PGENERIC_MAPPING  GenericMapping 
)

◆ SeDeassignPrimaryToken()

VOID NTAPI SeDeassignPrimaryToken ( _Inout_ PEPROCESS  Process)

Removes the primary token of a process.

Parameters
[in,out]ProcessThe process instance with the access token to be removed.
Returns
Nothing.

Definition at line 794 of file token.c.

796 {
797  PTOKEN OldToken;
798 
799  /* Remove the Token */
800  OldToken = ObFastReplaceObject(&Process->Token, NULL);
801 
802  /* Mark the Old Token as free */
803  OldToken->TokenInUse = FALSE;
804 
805  /* Dereference the Token */
806  ObDereferenceObject(OldToken);
807 }
#define FALSE
Definition: types.h:117
PVOID FASTCALL ObFastReplaceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
BOOLEAN TokenInUse
Definition: setypes.h:234
#define ObDereferenceObject
Definition: obfuncs.h:203
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219

Referenced by PspDeleteProcessSecurity(), and SeAssignPrimaryToken().

◆ SeDefaultObjectMethod()

NTSTATUS NTAPI SeDefaultObjectMethod ( _In_ PVOID  Object,
_In_ SECURITY_OPERATION_CODE  OperationType,
_In_ PSECURITY_INFORMATION  SecurityInformation,
_Inout_opt_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_Inout_opt_ PULONG  ReturnLength,
_Inout_opt_ PSECURITY_DESCRIPTOR OldSecurityDescriptor,
_In_ POOL_TYPE  PoolType,
_In_ PGENERIC_MAPPING  GenericMapping 
)

◆ SeDetailedAuditingWithToken()

BOOLEAN NTAPI SeDetailedAuditingWithToken ( _In_ PTOKEN  Token)

Peforms a detailed security auditing with an access token.

@unimplemented

Parameters
[in]TokenA valid token object.
Returns
To be added...

Definition at line 34 of file audit.c.

36 {
37  /* FIXME */
38  return FALSE;
39 }
#define FALSE
Definition: types.h:117

Referenced by ObInitProcess(), PspCreateProcess(), and PspExitThread().

◆ SeExchangePrimaryToken()

NTSTATUS NTAPI SeExchangePrimaryToken ( _In_ PEPROCESS  Process,
_In_ PACCESS_TOKEN  NewAccessToken,
_Out_ PACCESS_TOKEN OldAccessToken 
)

Replaces the old access token of a process (pointed by the EPROCESS kernel structure) with a new access token. The new access token must be a primary token for use.

Parameters
[in]ProcessThe process instance where its access token is about to be replaced.
[in]NewAccessTokenThe new token that it's going to replace the old one.
[out]OldAccessTokenThe returned old token that's been replaced, which the caller can do anything.
Returns
Returns STATUS_SUCCESS if the exchange operation between tokens has completed successfully. STATUS_BAD_TOKEN_TYPE is returned if the new token is not a primary one so that we cannot exchange it with the old one from the process. STATUS_TOKEN_ALREADY_IN_USE is returned if both tokens aren't equal which means one of them has different properties (groups, privileges, etc.) and as such one of them is currently in use. A failure NTSTATUS code is returned otherwise.

Definition at line 704 of file token.c.

708 {
709  PTOKEN OldToken;
710  PTOKEN NewToken = (PTOKEN)NewAccessToken;
711 
712  PAGED_CODE();
713 
714  if (NewToken->TokenType != TokenPrimary)
715  return STATUS_BAD_TOKEN_TYPE;
716 
717  if (NewToken->TokenInUse)
718  {
721 
722  /* Maybe we're trying to set the same token */
723  OldToken = PsReferencePrimaryToken(Process);
724  if (OldToken == NewToken)
725  {
726  /* So it's a nop. */
727  *OldAccessToken = OldToken;
728  return STATUS_SUCCESS;
729  }
730 
731  Status = SepCompareTokens(OldToken, NewToken, &IsEqual);
732  if (!NT_SUCCESS(Status))
733  {
734  PsDereferencePrimaryToken(OldToken);
735  *OldAccessToken = NULL;
736  return Status;
737  }
738 
739  if (!IsEqual)
740  {
741  PsDereferencePrimaryToken(OldToken);
742  *OldAccessToken = NULL;
744  }
745  /* Silently return STATUS_SUCCESS but do not set the new token,
746  * as it's already in use elsewhere. */
747  *OldAccessToken = OldToken;
748  return STATUS_SUCCESS;
749  }
750 
751  /* Lock the new token */
753 
754  /* Mark new token in use */
755  NewToken->TokenInUse = TRUE;
756 
757  /* Set the session ID for the new token */
758  NewToken->SessionId = MmGetSessionId(Process);
759 
760  /* Unlock the new token */
761  SepReleaseTokenLock(NewToken);
762 
763  /* Reference the new token */
764  ObReferenceObject(NewToken);
765 
766  /* Replace the old with the new */
767  OldToken = ObFastReplaceObject(&Process->Token, NewToken);
768 
769  /* Lock the old token */
771 
772  /* Mark the old token as free */
773  OldToken->TokenInUse = FALSE;
774 
775  /* Unlock the old token */
776  SepReleaseTokenLock(OldToken);
777 
778  *OldAccessToken = (PACCESS_TOKEN)OldToken;
779  return STATUS_SUCCESS;
780 }
TOKEN_TYPE TokenType
Definition: setypes.h:231
#define SepAcquireTokenLockExclusive(Token)
Definition: se.h:220
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
PVOID PACCESS_TOKEN
Definition: setypes.h:11
#define FALSE
Definition: types.h:117
unsigned char BOOLEAN
#define STATUS_BAD_TOKEN_TYPE
Definition: ntstatus.h:404
ULONG SessionId
Definition: setypes.h:217
Status
Definition: gdiplustypes.h:24
PVOID FASTCALL ObFastReplaceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
BOOLEAN TokenInUse
Definition: setypes.h:234
static NTSTATUS SepCompareTokens(_In_ PTOKEN FirstToken, _In_ PTOKEN SecondToken, _Out_ PBOOLEAN Equal)
Compares tokens if they're equal based on all the following properties. If all of the said conditions...
Definition: token.c:288
#define STATUS_TOKEN_ALREADY_IN_USE
Definition: ntstatus.h:535
#define SepReleaseTokenLock(Token)
Definition: se.h:231
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
struct _TOKEN * PTOKEN
#define NULL
Definition: types.h:112
VOID NTAPI PsDereferencePrimaryToken(IN PACCESS_TOKEN PrimaryToken)
Definition: security.c:902
_Must_inspect_result_ _In_ PLARGE_INTEGER _In_ PLARGE_INTEGER _In_ ULONG _In_ PFILE_OBJECT _In_ PVOID Process
Definition: fsrtlfuncs.h:219
#define ObReferenceObject
Definition: obfuncs.h:204
ULONG NTAPI MmGetSessionId(IN PEPROCESS Process)
Definition: session.c:179
#define STATUS_SUCCESS
Definition: shellext.h:65
#define PAGED_CODE()

Referenced by PspAssignPrimaryToken().

◆ SeFastTraverseCheck()

BOOLEAN NTAPI SeFastTraverseCheck ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PACCESS_STATE  AccessState,
_In_ ACCESS_MASK  DesiredAccess,
_In_ KPROCESSOR_MODE  AccessMode 
)

Determines whether security access rights can be given to an object depending on the security descriptor. Unlike the regular access check procedure in the NT kernel, the fast traverse check is a faster way to quickly check if access can be made into an object.

Parameters
[in]SecurityDescriptorSecurity descriptor of the object that is being accessed.
[in]AccessStateAn access state to determine if the access token in the current security context of the object is an restricted token.
[in]DesiredAccessThe access right bitmask where the calling thread wants to acquire.
[in]AccessModeProcess level request mode.
Returns
Returns TRUE if access onto the specific object is allowed, FALSE otherwise.

Definition at line 601 of file accesschk.c.

606 {
607  PACL Dacl;
608  ULONG AceIndex;
609  PKNOWN_ACE Ace;
610 
611  PAGED_CODE();
612 
614 
615  if (SecurityDescriptor == NULL)
616  return FALSE;
617 
618  /* Get DACL */
620  /* If no DACL, grant access */
621  if (Dacl == NULL)
622  return TRUE;
623 
624  /* No ACE -> Deny */
625  if (!Dacl->AceCount)
626  return FALSE;
627 
628  /* Can't perform the check on restricted token */
629  if (AccessState->Flags & TOKEN_IS_RESTRICTED)
630  return FALSE;
631 
632  /* Browse the ACEs */
633  for (AceIndex = 0, Ace = (PKNOWN_ACE)((ULONG_PTR)Dacl + sizeof(ACL));
634  AceIndex < Dacl->AceCount;
635  AceIndex++, Ace = (PKNOWN_ACE)((ULONG_PTR)Ace + Ace->Header.AceSize))
636  {
637  if (Ace->Header.AceFlags & INHERIT_ONLY_ACE)
638  continue;
639 
640  /* If access-allowed ACE */
641  if (Ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE)
642  {
643  /* Check if all accesses are granted */
644  if (!(Ace->Mask & DesiredAccess))
645  continue;
646 
647  /* Check SID and grant access if matching */
648  if (RtlEqualSid(SeWorldSid, &(Ace->SidStart)))
649  return TRUE;
650  }
651  /* If access-denied ACE */
652  else if (Ace->Header.AceType == ACCESS_DENIED_ACE_TYPE)
653  {
654  /* Here, only check if it denies any access wanted and deny if so */
655  if (Ace->Mask & DesiredAccess)
656  return FALSE;
657  }
658  }
659 
660  /* Faulty, deny */
661  return FALSE;
662 }
struct _KNOWN_ACE * PKNOWN_ACE
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
Definition: se.h:3
#define TRUE
Definition: types.h:120
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
uint32_t ULONG_PTR
Definition: typedefs.h:65
#define FALSE
Definition: types.h:117
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
Definition: card.h:12
#define ASSERT(a)
Definition: mode.c:44
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:717
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:718
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1552
_In_ ULONG AceIndex
Definition: rtlfuncs.h:1862
PSID SeWorldSid
Definition: sid.c:25
#define NULL
Definition: types.h:112
unsigned int ULONG
Definition: retypes.h:1
FORCEINLINE PACL SepGetDaclFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:79
#define INHERIT_ONLY_ACE
Definition: setypes.h:749
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
#define TOKEN_IS_RESTRICTED
Definition: setypes.h:1161
#define PAGED_CODE()

Referenced by IopParseDevice(), and ObpCheckTraverseAccess().

◆ SeGetLogonIdDeviceMap()

NTSTATUS NTAPI SeGetLogonIdDeviceMap ( _In_ PLUID  LogonId,
_Out_ PDEVICE_MAP DeviceMap 
)

Retrieves the DOS device map from a logon session.

Parameters
[in]LogonIdA valid logon session ID.
[out]DeviceMapThe returned device map buffer from the logon session.
Returns
Returns STATUS_SUCCESS if the device map could be gathered from the logon session. STATUS_INVALID_PARAMETER is returned if one of the parameters aren't initialized (that is, the caller has submitted a NULL pointer variable). STATUS_NO_SUCH_LOGON_SESSION is returned if no such session could be found. A failure NTSTATUS code is returned otherwise.

Definition at line 1347 of file srm.c.

1350 {
1351  NTSTATUS Status;
1352  WCHAR Buffer[63];
1353  PDEVICE_MAP LocalMap;
1354  HANDLE DirectoryHandle, LinkHandle;
1356  PSEP_LOGON_SESSION_REFERENCES CurrentSession;
1357  UNICODE_STRING DirectoryName, LinkName, TargetName;
1358 
1359  PAGED_CODE();
1360 
1361  if (LogonId == NULL ||
1362  DeviceMap == NULL)
1363  {
1364  return STATUS_INVALID_PARAMETER;
1365  }
1366 
1367  /* Acquire the database lock */
1369 
1370  /* Loop all existing sessions */
1371  for (CurrentSession = SepLogonSessions;
1372  CurrentSession != NULL;
1373  CurrentSession = CurrentSession->Next)
1374  {
1375  /* Check if the LUID matches the provided one */
1376  if (RtlEqualLuid(&CurrentSession->LogonId, LogonId))
1377  {
1378  break;
1379  }
1380  }
1381 
1382  /* No session found, fail */
1383  if (CurrentSession == NULL)
1384  {
1385  /* Release the database lock */
1387 
1389  }
1390 
1391  /* The found session has a device map, return it! */
1392  if (CurrentSession->pDeviceMap != NULL)
1393  {
1394  *DeviceMap = CurrentSession->pDeviceMap;
1395 
1396  /* Release the database lock */
1398 
1399  return STATUS_SUCCESS;
1400  }
1401 
1402  /* At that point, we'll setup a new device map for the session */
1403  LocalMap = NULL;
1404 
1405  /* Reference the session so that it doesn't go away */
1406  CurrentSession->ReferenceCount += 1;
1407 
1408  /* Release the database lock */
1410 
1411  /* Create our object directory given the LUID */
1413  sizeof(Buffer) / sizeof(WCHAR),
1414  L"\\Sessions\\0\\DosDevices\\%08x-%08x",
1415  LogonId->HighPart,
1416  LogonId->LowPart);
1417  RtlInitUnicodeString(&DirectoryName, Buffer);
1418 
1420  &DirectoryName,
1422  NULL,
1423  NULL);
1426  &ObjectAttributes);
1427  if (NT_SUCCESS(Status))
1428  {
1429  /* Create the associated device map */
1431  if (NT_SUCCESS(Status))
1432  {
1433  /* Make Global point to \Global?? in the directory */
1434  RtlInitUnicodeString(&LinkName, L"Global");
1435  RtlInitUnicodeString(&TargetName, L"\\Global??");
1436 
1438  &LinkName,
1441  NULL);
1442  Status = ZwCreateSymbolicLinkObject(&LinkHandle,
1445  &TargetName);
1446  if (!NT_SUCCESS(Status))
1447  {
1448  ObfDereferenceDeviceMap(LocalMap);
1449  }
1450  else
1451  {
1452  ZwClose(LinkHandle);
1453  }
1454  }
1455 
1457  }
1458 
1459  /* Acquire the database lock */
1461 
1462  /* If we succeed... */
1463  if (NT_SUCCESS(Status))
1464  {
1465  /* The session now has a device map? We raced with someone else */
1466  if (CurrentSession->pDeviceMap != NULL)
1467  {
1468  /* Give up on our new device map */
1469  ObfDereferenceDeviceMap(LocalMap);
1470  }
1471  /* Otherwise use our newly allocated device map */
1472  else
1473  {
1474  CurrentSession->pDeviceMap = LocalMap;
1475  }
1476 
1477  /* Return the device map */
1478  *DeviceMap = CurrentSession->pDeviceMap;
1479  }
1480  /* Zero output */
1481  else
1482  {
1483  *DeviceMap = NULL;
1484  }
1485 
1486  /* Release the database lock */
1488 
1489  /* We're done with the session */
1490  SepRmDereferenceLogonSession(&CurrentSession->LogonId);
1491 
1492  return Status;
1493 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
VOID FASTCALL KeAcquireGuardedMutex(IN PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:42
#define STATUS_NO_SUCH_LOGON_SESSION
Definition: ntstatus.h:331
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
NTSYSAPI NTSTATUS NTAPI ZwClose(_In_ HANDLE Handle)
VOID FASTCALL ObfDereferenceDeviceMap(IN PDEVICE_MAP DeviceMap)
Definition: devicemap.c:477
LONG NTSTATUS
Definition: precomp.h:26
static HANDLE DirectoryHandle
Definition: ObType.c:48
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
#define SYMBOLIC_LINK_ALL_ACCESS
Definition: nt_native.h:1267
#define OBJ_OPENIF
Definition: winternl.h:229
#define L(x)
Definition: ntvdm.h:50
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
NTSTATUS NTAPI ObSetDirectoryDeviceMap(OUT PDEVICE_MAP *DeviceMap, IN HANDLE DirectoryHandle)
Definition: devicemap.c:149
NTSYSAPI NTSTATUS NTAPI ZwCreateDirectoryObject(_Out_ PHANDLE DirectoryHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
int _snwprintf(wchar_t *buffer, size_t count, const wchar_t *format,...)
Definition: bufpool.h:45
Status
Definition: gdiplustypes.h:24
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSYSAPI NTSTATUS NTAPI ZwCreateSymbolicLinkObject(_Out_ PHANDLE SymbolicLinkHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PUNICODE_STRING Name)
struct _SEP_LOGON_SESSION_REFERENCES * Next
Definition: setypes.h:169
#define OBJ_PERMANENT
Definition: winternl.h:226
WCHAR TargetName[256]
Definition: arping.c:27
#define DIRECTORY_ALL_ACCESS
Definition: nt_native.h:1259
PSEP_LOGON_SESSION_REFERENCES SepLogonSessions
Definition: srm.c:62
#define NULL
Definition: types.h:112
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
VOID FASTCALL KeReleaseGuardedMutex(IN OUT PKGUARDED_MUTEX GuardedMutex)
Definition: gmutex.c:53
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
#define STATUS_SUCCESS
Definition: shellext.h:65
NTSTATUS SepRmDereferenceLogonSession(_In_ PLUID LogonLuid)
De-references a logon session. If the session has a reference count of 0 by the time the function has...
Definition: srm.c:1008
#define PAGED_CODE()
KGUARDED_MUTEX SepRmDbLock
Definition: srm.c:61

Referenced by ObpReferenceDeviceMap(), and ObpSetCurrentProcessDeviceMap().

◆ SeInitializeProcessAuditName()

NTSTATUS NTAPI SeInitializeProcessAuditName ( _In_ PFILE_OBJECT  FileObject,
_In_ BOOLEAN  DoAudit,
_Out_ POBJECT_NAME_INFORMATION AuditInfo 
)

Initializes a process audit name and returns it to the caller.

Parameters
[in]FileObjectFile object that points to a name to be queried.
[in]DoAuditIf set to TRUE, the function will perform various security auditing onto the audit name.
[out]AuditInfoThe returned audit info data.
Returns
Returns STATUS_SUCCESS if process audit name initialization has completed successfully. STATUS_NO_MEMORY is returned if pool allocation for object name info has failed. A failure NTSTATUS code is returned otherwise.

Definition at line 105 of file audit.c.

109 {
110  OBJECT_NAME_INFORMATION LocalNameInfo;
111  POBJECT_NAME_INFORMATION ObjectNameInfo = NULL;
112  ULONG ReturnLength = 8;
114 
115  PAGED_CODE();
116  ASSERT(AuditInfo);
117 
118  /* Check if we should do auditing */
119  if (DoAudit)
120  {
121  /* FIXME: TODO */
122  }
123 
124  /* Now query the name */
126  &LocalNameInfo,
127  sizeof(LocalNameInfo),
128  &ReturnLength);
129  if (((Status == STATUS_BUFFER_OVERFLOW) ||
132  (ReturnLength != sizeof(LocalNameInfo)))
133  {
134  /* Allocate required size */
135  ObjectNameInfo = ExAllocatePoolWithTag(NonPagedPool,
136  ReturnLength,
137  TAG_SEPA);
138  if (ObjectNameInfo)
139  {
140  /* Query the name again */
142  ObjectNameInfo,
143  ReturnLength,
144  &ReturnLength);
145  }
146  }
147 
148  /* Check if we got here due to failure */
149  if ((ObjectNameInfo) &&
150  (!(NT_SUCCESS(Status)) || (ReturnLength == sizeof(LocalNameInfo))))
151  {
152  /* First, free any buffer we might've allocated */
153  ASSERT(FALSE);
154  if (ObjectNameInfo) ExFreePool(ObjectNameInfo);
155 
156  /* Now allocate a temporary one */
158  ObjectNameInfo = ExAllocatePoolWithTag(NonPagedPool,
159  sizeof(OBJECT_NAME_INFORMATION),
160  TAG_SEPA);
161  if (ObjectNameInfo)
162  {
163  /* Clear it */
164  RtlZeroMemory(ObjectNameInfo, ReturnLength);
166  }
167  }
168 
169  /* Check if memory allocation failed */
170  if (!ObjectNameInfo) Status = STATUS_NO_MEMORY;
171 
172  /* Return the audit name */
173  *AuditInfo = ObjectNameInfo;
174 
175  /* Return status */
176  return Status;
177 }
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:39
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133
LONG NTSTATUS
Definition: precomp.h:26
NTSTATUS NTAPI ObQueryNameString(IN PVOID Object, OUT POBJECT_NAME_INFORMATION ObjectNameInfo, IN ULONG Length, OUT PULONG ReturnLength)
Definition: obname.c:1207
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
#define FALSE
Definition: types.h:117
struct _OBJECT_NAME_INFORMATION OBJECT_NAME_INFORMATION
_In_ WDFREQUEST _In_ WDFFILEOBJECT FileObject
Definition: wdfdevice.h:547
Status
Definition: gdiplustypes.h:24
#define ASSERT(a)
Definition: mode.c:44
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
#define STATUS_BUFFER_OVERFLOW
Definition: shellext.h:66
#define STATUS_NO_MEMORY
Definition: ntstatus.h:260
#define NULL
Definition: types.h:112
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
#define TAG_SEPA
Definition: tag.h:151
#define STATUS_SUCCESS
Definition: shellext.h:65
#define ExFreePool(addr)
Definition: env_spec_w32.h:352
#define PAGED_CODE()

Referenced by MmInitializeProcessAddressSpace(), and SeLocateProcessImageName().

◆ SeInitSystem()

BOOLEAN NTAPI SeInitSystem ( VOID  )

Main security manager initialization function.

Returns
Returns a boolean value according to the phase initialization routine that handles it. If TRUE, the routine deems the initialization phase as complete, FALSE otherwise.

Definition at line 285 of file semgr.c.

286 {
287  /* Check the initialization phase */
288  switch (ExpInitializationPhase)
289  {
290  case 0:
291 
292  /* Do Phase 0 */
293  return SepInitializationPhase0();
294 
295  case 1:
296 
297  /* Do Phase 1 */
298  return SepInitializationPhase1();
299 
300  default:
301 
302  /* Don't know any other phase! Bugcheck! */
303  KeBugCheckEx(UNEXPECTED_INITIALIZATION_CALL,
304  0,
306  0,
307  0);
308  return FALSE;
309  }
310 }
BOOLEAN NTAPI SepInitializationPhase0(VOID)
Handles the phase 0 procedure of the SRM initialization.
Definition: semgr.c:115
#define FALSE
Definition: types.h:117
ULONG ExpInitializationPhase
Definition: init.c:66
BOOLEAN NTAPI SepInitializationPhase1(VOID)
Handles the phase 1 procedure of the SRM initialization.
Definition: semgr.c:168
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
Definition: rtlcompat.c:108

Referenced by ExpInitializeExecutive(), and Phase1InitializationDiscard().

◆ SeIsTokenChild()

NTSTATUS NTAPI SeIsTokenChild ( _In_ PTOKEN  Token,
_Out_ PBOOLEAN  IsChild 
)

Checks if the token is a child of the other token of the current process that the calling thread is invoking this function.

Parameters
[in]TokenAn access token to determine if it's a child or not.
[out]IsChildThe returned boolean result.
Returns
Returns STATUS_SUCCESS when the function finishes its operation. STATUS_UNSUCCESSFUL is returned if primary token of the current calling process couldn't be referenced otherwise.

Definition at line 1381 of file token.c.

1384 {
1385  PTOKEN ProcessToken;
1386  LUID ProcessTokenId, CallerParentId;
1387 
1388  /* Assume failure */
1389  *IsChild = FALSE;
1390 
1391  /* Reference the process token */
1392  ProcessToken = PsReferencePrimaryToken(PsGetCurrentProcess());
1393  if (!ProcessToken)
1394  return STATUS_UNSUCCESSFUL;
1395 
1396  /* Get its token ID */
1397  ProcessTokenId = ProcessToken->TokenId;
1398 
1399  /* Dereference the token */
1401 
1402  /* Get our parent token ID */
1403  CallerParentId = Token->ParentTokenId;
1404 
1405  /* Compare the token IDs */
1406  if (RtlEqualLuid(&CallerParentId, &ProcessTokenId))
1407  *IsChild = TRUE;
1408 
1409  /* Return success */
1410  return STATUS_SUCCESS;
1411 }
#define TRUE
Definition: types.h:120
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define FALSE
Definition: types.h:117
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
#define PsGetCurrentProcess
Definition: psfuncs.h:17
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
LUID TokenId
Definition: setypes.h:210
BOOL WINAPI IsChild(_In_ HWND, _In_ HWND)
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:167
#define STATUS_SUCCESS
Definition: shellext.h:65

Referenced by PspSetPrimaryToken().

◆ SeIsTokenSibling()

NTSTATUS NTAPI SeIsTokenSibling ( _In_ PTOKEN  Token,
_Out_ PBOOLEAN  IsSibling 
)

Checks if the token is a sibling of the other token of the current process that the calling thread is invoking this function.

Parameters
[in]TokenAn access token to determine if it's a sibling or not.
[out]IsSiblingThe returned boolean result.
Returns
Returns STATUS_SUCCESS when the function finishes its operation. STATUS_UNSUCCESSFUL is returned if primary token of the current calling process couldn't be referenced otherwise.

Definition at line 1430 of file token.c.

1433 {
1434  PTOKEN ProcessToken;
1435  LUID ProcessParentId, ProcessAuthId;
1436  LUID CallerParentId, CallerAuthId;
1437 
1438  /* Assume failure */
1439  *IsSibling = FALSE;
1440 
1441  /* Reference the process token */
1442  ProcessToken = PsReferencePrimaryToken(PsGetCurrentProcess());
1443  if (!ProcessToken)
1444  return STATUS_UNSUCCESSFUL;
1445 
1446  /* Get its parent and authentication IDs */
1447  ProcessParentId = ProcessToken->ParentTokenId;
1448  ProcessAuthId = ProcessToken->AuthenticationId;
1449 
1450  /* Dereference the token */
1452 
1453  /* Get our parent and authentication IDs */
1454  CallerParentId = Token->ParentTokenId;
1455  CallerAuthId = Token->AuthenticationId;
1456 
1457  /* Compare the token IDs */
1458  if (RtlEqualLuid(&CallerParentId, &ProcessParentId) &&
1459  RtlEqualLuid(&CallerAuthId, &ProcessAuthId))
1460  {
1461  *IsSibling = TRUE;
1462  }
1463 
1464  /* Return success */
1465  return STATUS_SUCCESS;
1466 }
#define TRUE
Definition: types.h:120
LUID AuthenticationId
Definition: setypes.h:211
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define FALSE
Definition: types.h:117
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
#define PsGetCurrentProcess
Definition: psfuncs.h:17
LUID ParentTokenId
Definition: setypes.h:212
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
PACCESS_TOKEN NTAPI PsReferencePrimaryToken(PEPROCESS Process)
Definition: security.c:440
VOID FASTCALL ObFastDereferenceObject(IN PEX_FAST_REF FastRef, IN PVOID Object)
Definition: obref.c:167
#define STATUS_SUCCESS
Definition: shellext.h:65

Referenced by PspSetPrimaryToken().

◆ SepCaptureAcl()

NTSTATUS NTAPI SepCaptureAcl ( _In_ PACL  InputAcl,
_In_ KPROCESSOR_MODE  AccessMode,
_In_ POOL_TYPE  PoolType,
_In_ BOOLEAN  CaptureIfKernel,
_Out_ PACL CapturedAcl 
)

Captures an access control list from an already valid input ACL.

Parameters
[in]InputAclA valid ACL.
[in]AccessModeProcessor level access mode. The processor mode determines how are the input arguments probed.
[in]PoolTypePool type for new captured ACL for creation. The pool type determines how the ACL data should reside in the pool memory.
[in]CaptureIfKernelIf set to TRUE and the processor access mode being KernelMode, we're capturing an ACL directly in the kernel. Otherwise we're capturing within a kernel mode driver.
[out]CapturedAclThe returned and allocated captured ACL.
Returns
Returns STATUS_SUCCESS if the ACL has been successfully captured. STATUS_INSUFFICIENT_RESOURCES is returned otherwise.

Definition at line 352 of file acl.c.

358 {
359  PACL NewAcl;
360  ULONG AclSize = 0;
362 
363  PAGED_CODE();
364 
365  if (AccessMode != KernelMode)
366  {
367  _SEH2_TRY
368  {
369  ProbeForRead(InputAcl,
370  sizeof(ACL),
371  sizeof(ULONG));
372  AclSize = InputAcl->AclSize;
373  ProbeForRead(InputAcl,
374  AclSize,
375  sizeof(ULONG));
376  }
378  {
379  /* Return the exception code */
381  }
382  _SEH2_END;
383 
385  AclSize,
386  TAG_ACL);
387  if (NewAcl != NULL)
388  {
389  _SEH2_TRY
390  {
391  RtlCopyMemory(NewAcl,
392  InputAcl,
393  AclSize);
394 
395  *CapturedAcl = NewAcl;
396  }
398  {
399  /* Free the ACL and return the exception code */
400  ExFreePoolWithTag(NewAcl, TAG_ACL);
402  }
403  _SEH2_END;
404  }
405  else
406  {
408  }
409  }
410  else if (!CaptureIfKernel)
411  {
412  *CapturedAcl = InputAcl;
413  }
414  else
415  {
416  AclSize = InputAcl->AclSize;
417 
419  AclSize,
420  TAG_ACL);
421 
422  if (NewAcl != NULL)
423  {
424  RtlCopyMemory(NewAcl,
425  InputAcl,
426  AclSize);
427 
428  *CapturedAcl = NewAcl;
429  }
430  else
431  {
433  }
434  }
435 
436  return Status;
437 }
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
LONG NTSTATUS
Definition: precomp.h:26
_SEH2_TRY
Definition: create.c:4226
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
Status
Definition: gdiplustypes.h:24
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
#define TAG_ACL
Definition: tag.h:146
_SEH2_END
Definition: create.c:4400
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
unsigned int ULONG
Definition: retypes.h:1
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define PAGED_CODE()

Referenced by NtCreateToken(), and NtSetInformationToken().

◆ SepCaptureSecurityQualityOfService()

NTSTATUS NTAPI SepCaptureSecurityQualityOfService ( _In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ KPROCESSOR_MODE  AccessMode,
_In_ POOL_TYPE  PoolType,
_In_ BOOLEAN  CaptureIfKernel,
_Out_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService,
_Out_ PBOOLEAN  Present 
)

Captures the security quality of service data given the object attributes from an object.

Parameters
[in]ObjectAttributesAttributes of an object where SQOS is to be retrieved. If the caller doesn't fill object attributes to the function, it automatically assumes SQOS is not present, or if, there's no SQOS present in the object attributes list of the object itself.
[in]AccessModeProcessor access mode.
[in]PoolTypeThe pool type for the captured SQOS to be used for allocation.
[in]CaptureIfKernelCapture access condition. To be set to TRUE if the capture is done within the kernel, FALSE if the capture is done in a kernel mode driver or user mode otherwise.
[out]CapturedSecurityQualityOfServiceThe captured SQOS data from the object.
[out]PresentReturns TRUE if SQOS is present in an object, FALSE otherwise. FALSE is also immediately returned if no object attributes is given to the call.
Returns
STATUS_SUCCESS if SQOS from the object has been fully and successfully captured. STATUS_INVALID_PARAMETER if the caller submits an invalid object attributes list. STATUS_INSUFFICIENT_RESOURCES if the function has failed to allocate some resources in the pool for the captured SQOS. A failure NTSTATUS code is returned otherwise.

Definition at line 52 of file sqos.c.

59 {
60  PSECURITY_QUALITY_OF_SERVICE CapturedQos;
62 
63  PAGED_CODE();
64 
65  ASSERT(CapturedSecurityQualityOfService);
66  ASSERT(Present);
67 
68  if (ObjectAttributes != NULL)
69  {
70  if (AccessMode != KernelMode)
71  {
73 
74  _SEH2_TRY
75  {
77  sizeof(OBJECT_ATTRIBUTES),
78  sizeof(ULONG));
80  {
81  if (ObjectAttributes->SecurityQualityOfService != NULL)
82  {
83  ProbeForRead(ObjectAttributes->SecurityQualityOfService,
85  sizeof(ULONG));
86 
87  if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
89  {
90  /*
91  * Don't allocate memory here because ExAllocate should bugcheck
92  * the system if it's buggy, SEH would catch that! So make a local
93  * copy of the qos structure.
94  */
95  RtlCopyMemory(&SafeQos,
96  ObjectAttributes->SecurityQualityOfService,
98  *Present = TRUE;
99  }
100  else
101  {
103  }
104  }
105  else
106  {
107  *CapturedSecurityQualityOfService = NULL;
108  *Present = FALSE;
109  }
110  }
111  else
112  {
114  }
115  }
117  {
119  }
120  _SEH2_END;
121 
122  if (NT_SUCCESS(Status))
123  {
124  if (*Present)
125  {
126  CapturedQos = ExAllocatePoolWithTag(PoolType,
128  TAG_QOS);
129  if (CapturedQos != NULL)
130  {
131  RtlCopyMemory(CapturedQos,
132  &SafeQos,
134  *CapturedSecurityQualityOfService = CapturedQos;
135  }
136  else
137  {
139  }
140  }
141  else
142  {
143  *CapturedSecurityQualityOfService = NULL;
144  }
145  }
146  }
147  else
148  {
149  if (ObjectAttributes->Length == sizeof(OBJECT_ATTRIBUTES))
150  {
151  if (CaptureIfKernel)
152  {
153  if (ObjectAttributes->SecurityQualityOfService != NULL)
154  {
155  if (((PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService)->Length ==
157  {
158  CapturedQos = ExAllocatePoolWithTag(PoolType,
160  TAG_QOS);
161  if (CapturedQos != NULL)
162  {
163  RtlCopyMemory(CapturedQos,
164  ObjectAttributes->SecurityQualityOfService,
166  *CapturedSecurityQualityOfService = CapturedQos;
167  *Present = TRUE;
168  }
169  else
170  {
172  }
173  }
174  else
175  {
177  }
178  }
179  else
180  {
181  *CapturedSecurityQualityOfService = NULL;
182  *Present = FALSE;
183  }
184  }
185  else
186  {
187  *CapturedSecurityQualityOfService = (PSECURITY_QUALITY_OF_SERVICE)ObjectAttributes->SecurityQualityOfService;
188  *Present = (ObjectAttributes->SecurityQualityOfService != NULL);
189  }
190  }
191  else
192  {
194  }
195  }
196  }
197  else
198  {
199  *CapturedSecurityQualityOfService = NULL;
200  *Present = FALSE;
201  }
202 
203  return Status;
204 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define TRUE
Definition: types.h:120
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
struct _SECURITY_QUALITY_OF_SERVICE * PSECURITY_QUALITY_OF_SERVICE
_SEH2_TRY
Definition: create.c:4226
#define FALSE
Definition: types.h:117
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
Status
Definition: gdiplustypes.h:24
#define ASSERT(a)
Definition: mode.c:44
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
_SEH2_END
Definition: create.c:4400
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
unsigned int ULONG
Definition: retypes.h:1
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define TAG_QOS
Definition: tag.h:149
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define PAGED_CODE()

Referenced by NtDuplicateToken().

◆ SepCaptureSid()

NTSTATUS NTAPI SepCaptureSid ( _In_ PSID  InputSid,
_In_ KPROCESSOR_MODE  AccessMode,
_In_ POOL_TYPE  PoolType,
_In_ BOOLEAN  CaptureIfKernel,
_Out_ PSID CapturedSid 
)

Captures a SID.

Parameters
[in]InputSidA valid security identifier to be captured.
[in]AccessModeProcessor level access mode.
[in]PoolTypePool memory type for the captured SID to assign upon allocation.
[in]CaptureIfKernelIf set to TRUE, the capturing is done within the kernel. Otherwise the capturing is done in a kernel mode driver.
[out]CapturedSidThe captured security identifier, returned to the caller.
Returns
Returns STATUS_SUCCESS if the SID was captured. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the captured SID has failed.

Definition at line 314 of file sid.c.

320 {
321  ULONG SidSize = 0;
322  PISID NewSid, Sid = (PISID)InputSid;
323 
324  PAGED_CODE();
325 
326  if (AccessMode != KernelMode)
327  {
328  _SEH2_TRY
329  {
330  ProbeForRead(Sid, FIELD_OFFSET(SID, SubAuthority), sizeof(UCHAR));
332  ProbeForRead(Sid, SidSize, sizeof(UCHAR));
333  }
335  {
336  /* Return the exception code */
338  }
339  _SEH2_END;
340 
341  /* Allocate a SID and copy it */
343  if (!NewSid)
345 
346  _SEH2_TRY
347  {
348  RtlCopyMemory(NewSid, Sid, SidSize);
349 
350  *CapturedSid = NewSid;
351  }
353  {
354  /* Free the SID and return the exception code */
357  }
358  _SEH2_END;
359  }
360  else if (!CaptureIfKernel)
361  {
362  *CapturedSid = InputSid;
363  }
364  else
365  {
367 
368  /* Allocate a SID and copy it */
370  if (NewSid == NULL)
372 
373  RtlCopyMemory(NewSid, Sid, SidSize);
374 
375  *CapturedSid = NewSid;
376  }
377 
378  return STATUS_SUCCESS;
379 }
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define TAG_SID
Definition: sid.c:15
_SEH2_TRY
Definition: create.c:4226
struct _SID * PISID
_In_ PEPROCESS _In_ KPROCESSOR_MODE AccessMode
Definition: mmfuncs.h:395
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
unsigned char UCHAR
Definition: xmlstorage.h:181
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
_SEH2_END
Definition: create.c:4400
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
BYTE SubAuthorityCount
Definition: ms-dtyp.idl:200
#define NULL
Definition: types.h:112
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
unsigned int ULONG
Definition: retypes.h:1
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
_In_ PSID _In_ PSID NewSid
Definition: rtlfuncs.h:2813
#define PAGED_CODE()

Referenced by NtCreateToken(), NtSecureConnectPort(), NtSetInformationToken(), and SepAccessCheckAndAuditAlarm().

◆ SepCreateImpersonationTokenDacl()

NTSTATUS NTAPI SepCreateImpersonationTokenDacl ( _In_ PTOKEN  Token,
_In_ PTOKEN  PrimaryToken,
_Out_ PACL Dacl 
)

Allocates a discretionary access control list based on certain properties of a regular and primary access tokens.

Parameters
[in]TokenAn access token.
[in]PrimaryTokenA primary access token.
[out]DaclThe returned allocated DACL.
Returns
Returns STATUS_SUCCESS if DACL creation from tokens has completed successfully. STATUS_INSUFFICIENT_RESOURCES is returned if DACL allocation from memory pool fails otherwise.

Definition at line 277 of file acl.c.

281 {
283  PACL TokenDacl;
284 
285  PAGED_CODE();
286 
287  *Dacl = NULL;
288 
289  AclLength = sizeof(ACL) +
290  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
291  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
292  (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid)) +
293  (sizeof(ACE) + RtlLengthSid(Token->UserAndGroups->Sid)) +
294  (sizeof(ACE) + RtlLengthSid(PrimaryToken->UserAndGroups->Sid));
295 
297  if (TokenDacl == NULL)
298  {
300  }
301 
302  RtlCreateAcl(TokenDacl, AclLength, ACL_REVISION);
304  Token->UserAndGroups->Sid);
306  PrimaryToken->UserAndGroups->Sid);
311 
312  if (Token->RestrictedSids != NULL || PrimaryToken->RestrictedSids != NULL)
313  {
316  }
317 
318  *Dacl = TokenDacl;
319 
320  return STATUS_SUCCESS;
321 }
#define GENERIC_ALL
Definition: nt_native.h:92
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
PSID SeRestrictedCodeSid
Definition: sid.c:40
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
struct _ACL ACL
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1552
PSID SeAliasAdminsSid
Definition: sid.c:41
#define TAG_ACL
Definition: tag.h:146
NTSTATUS NTAPI RtlAddAccessAllowedAce(IN OUT PACL Acl, IN ULONG Revision, IN ACCESS_MASK AccessMask, IN PSID Sid)
Definition: acl.c:262
NTSTATUS NTAPI RtlCreateAcl(IN PACL Acl, IN ULONG AclSize, IN ULONG AclRevision)
Definition: acl.c:677
#define NULL
Definition: types.h:112
#define ACL_REVISION
Definition: setypes.h:39
PSID SeLocalSystemSid
Definition: sid.c:38
unsigned int ULONG
Definition: retypes.h:1
#define STATUS_SUCCESS
Definition: shellext.h:65
Definition: rtltypes.h:990
_In_ ULONG AclLength
Definition: rtlfuncs.h:1842
#define PAGED_CODE()

Referenced by NtOpenThreadTokenEx().

◆ SepCreateSystemAnonymousLogonToken()

PTOKEN SepCreateSystemAnonymousLogonToken ( VOID  )

Creates the anonymous logon token for the system. The difference between this token and the other one is the inclusion of everyone SID group (being SeWorldSid). The other token lacks such group.

Returns
Returns the system's anonymous logon token if the operations have completed successfully.

Definition at line 2787 of file token.c.

2788 {
2789  SID_AND_ATTRIBUTES Groups[32], UserSid;
2791  PTOKEN Token;
2792  ULONG GroupsLength;
2793  LARGE_INTEGER Expiration;
2795  NTSTATUS Status;
2796 
2797  /* The token never expires */
2798  Expiration.QuadPart = -1;
2799 
2800  /* The user is the anonymous logon */
2801  UserSid.Sid = SeAnonymousLogonSid;
2802  UserSid.Attributes = 0;
2803 
2804  /* The primary group is also the anonymous logon */
2806 
2807  /* The only group for the token is the World */
2808  Groups[0].Sid = SeWorldSid;
2810  GroupsLength = sizeof(SID_AND_ATTRIBUTES) +
2811  SeLengthSid(Groups[0].Sid);
2812  ASSERT(GroupsLength <= sizeof(Groups));
2813 
2814  /* Initialise the object attributes for the token */
2817 
2818  /* Create token */
2820  KernelMode,
2821  0,
2823  TokenPrimary,
2826  &Expiration,
2827  &UserSid,
2828  1,
2829  Groups,
2830  GroupsLength,
2831  0,
2832  NULL,
2833  NULL,
2834  PrimaryGroup,
2837  TRUE);
2839 
2840  /* Return the anonymous logon token */
2841  return Token;
2842 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
TOpcodeData Groups[17][8]
LUID SeAnonymousAuthenticationId
Definition: token.c:23
#define SE_GROUP_ENABLED_BY_DEFAULT
Definition: setypes.h:91
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Internal function responsible for access token object creation in the kernel. A fully created token o...
Definition: token.c:1708
Status
Definition: gdiplustypes.h:24
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1558
#define ASSERT(a)
Definition: mode.c:44
#define SE_GROUP_ENABLED
Definition: setypes.h:92
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
#define SE_GROUP_MANDATORY
Definition: setypes.h:90
TOKEN_SOURCE SeSystemTokenSource
Definition: token.c:21
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
PSID SeWorldSid
Definition: sid.c:25
#define NULL
Definition: types.h:112
unsigned int ULONG
Definition: retypes.h:1
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
PSID SeAnonymousLogonSid
Definition: se.h:159
#define STATUS_SUCCESS
Definition: shellext.h:65
#define SeLengthSid(Sid)
Definition: sefuncs.h:570
PACL SeSystemAnonymousLogonDacl
Definition: acl.c:22
LONGLONG QuadPart
Definition: typedefs.h:114

Referenced by SepInitializationPhase0().

◆ SepCreateSystemAnonymousLogonTokenNoEveryone()

PTOKEN SepCreateSystemAnonymousLogonTokenNoEveryone ( VOID  )

Creates the anonymous logon token for the system. This kind of token doesn't include the everyone SID group (being SeWorldSid).

Returns
Returns the system's anonymous logon token if the operations have completed successfully.

Definition at line 2855 of file token.c.

2856 {
2857  SID_AND_ATTRIBUTES UserSid;
2859  PTOKEN Token;
2860  LARGE_INTEGER Expiration;
2862  NTSTATUS Status;
2863 
2864  /* The token never expires */
2865  Expiration.QuadPart = -1;
2866 
2867  /* The user is the anonymous logon */
2868  UserSid.Sid = SeAnonymousLogonSid;
2869  UserSid.Attributes = 0;
2870 
2871  /* The primary group is also the anonymous logon */
2873 
2874  /* Initialise the object attributes for the token */
2877 
2878  /* Create token */
2880  KernelMode,
2881  0,
2883  TokenPrimary,
2886  &Expiration,
2887  &UserSid,
2888  0,
2889  NULL,
2890  0,
2891  0,
2892  NULL,
2893  NULL,
2894  PrimaryGroup,
2897  TRUE);
2899 
2900  /* Return the anonymous (not including everyone) logon token */
2901  return Token;
2902 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
LUID SeAnonymousAuthenticationId
Definition: token.c:23
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Internal function responsible for access token object creation in the kernel. A fully created token o...
Definition: token.c:1708
Status
Definition: gdiplustypes.h:24
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1558
#define ASSERT(a)
Definition: mode.c:44
TOKEN_SOURCE SeSystemTokenSource
Definition: token.c:21
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
#define NULL
Definition: types.h:112
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
PSID SeAnonymousLogonSid
Definition: se.h:159
#define STATUS_SUCCESS
Definition: shellext.h:65
PACL SeSystemAnonymousLogonDacl
Definition: acl.c:22
LONGLONG QuadPart
Definition: typedefs.h:114

Referenced by SepInitializationPhase0().

◆ SepCreateSystemProcessToken()

PTOKEN NTAPI SepCreateSystemProcessToken ( VOID  )

Creates the system process token.

Returns
Returns the system process token if the operations have completed successfully.

Definition at line 2637 of file token.c.

2638 {
2640  ULONG GroupAttributes, OwnerAttributes;
2642  LARGE_INTEGER Expiration;
2643  SID_AND_ATTRIBUTES UserSid;
2644  ULONG GroupsLength;
2647  PSID Owner;
2648  ULONG i;
2649  PTOKEN Token;
2650  NTSTATUS Status;
2651 
2652  /* Don't ever expire */
2653  Expiration.QuadPart = -1;
2654 
2655  /* All groups mandatory and enabled */
2658 
2659  /* User is Local System */
2660  UserSid.Sid = SeLocalSystemSid;
2661  UserSid.Attributes = 0;
2662 
2663  /* Primary group is Local System */
2665 
2666  /* Owner is Administrators */
2668 
2669  /* Groups are Administrators, World, and Authenticated Users */
2670  Groups[0].Sid = SeAliasAdminsSid;
2671  Groups[0].Attributes = OwnerAttributes;
2672  Groups[1].Sid = SeWorldSid;
2673  Groups[1].Attributes = GroupAttributes;
2675  Groups[2].Attributes = GroupAttributes;
2676  GroupsLength = sizeof(SID_AND_ATTRIBUTES) +
2677  SeLengthSid(Groups[0].Sid) +
2678  SeLengthSid(Groups[1].Sid) +
2679  SeLengthSid(Groups[2].Sid);
2680  ASSERT(GroupsLength <= sizeof(Groups));
2681 
2682  /* Setup the privileges */
2683  i = 0;
2685  Privileges[i++].Luid = SeTcbPrivilege;
2686 
2687  Privileges[i].Attributes = 0;
2689 
2690  Privileges[i].Attributes = 0;
2692 
2695 
2698 
2699  Privileges[i].Attributes = 0;
2701 
2702  Privileges[i].Attributes = 0;
2704 
2707 
2710 
2712  Privileges[i++].Luid = SeDebugPrivilege;
2713 
2715  Privileges[i++].Luid = SeAuditPrivilege;
2716 
2717  Privileges[i].Attributes = 0;
2718  Privileges[i++].Luid = SeSecurityPrivilege;
2719 
2720  Privileges[i].Attributes = 0;
2722 
2725 
2726  Privileges[i].Attributes = 0;
2727  Privileges[i++].Luid = SeBackupPrivilege;
2728 
2729  Privileges[i].Attributes = 0;
2730  Privileges[i++].Luid = SeRestorePrivilege;
2731 
2732  Privileges[i].Attributes = 0;
2733  Privileges[i++].Luid = SeShutdownPrivilege;
2734 
2735  Privileges[i].Attributes = 0;
2737 
2740 
2741  Privileges[i].Attributes = 0;
2743  ASSERT(i == 20);
2744 
2745  /* Setup the object attributes */
2748 
2749  /* Create the token */
2751  KernelMode,
2752  0,
2754  TokenPrimary,
2757  &Expiration,
2758  &UserSid,
2759  3,
2760  Groups,
2761  GroupsLength,
2762  20,
2763  Privileges,
2764  Owner,
2765  PrimaryGroup,
2768  TRUE);
2770 
2771  /* Return the token */
2772  return Token;
2773 }
const LUID SeSystemEnvironmentPrivilege
Definition: priv.c:41
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
const LUID SeSystemtimePrivilege
Definition: priv.c:31
const LUID SeIncreaseQuotaPrivilege
Definition: priv.c:24
const LUID SeCreateTokenPrivilege
Definition: priv.c:21
const LUID SeCreatePermanentPrivilege
Definition: priv.c:35
const LUID SeDebugPrivilege
Definition: priv.c:39
const LUID SeBackupPrivilege
Definition: priv.c:36
#define TRUE
Definition: types.h:120
PACL SeSystemDefaultDacl
Definition: acl.c:17
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
LUID SeSystemAuthenticationId
Definition: token.c:22
const LUID SeAssignPrimaryTokenPrivilege
Definition: priv.c:22
PSID SeAuthenticatedUsersSid
Definition: sid.c:49
TOpcodeData Groups[17][8]
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
#define SE_GROUP_OWNER
Definition: setypes.h:93
const LUID SeLoadDriverPrivilege
Definition: priv.c:29
#define SE_GROUP_ENABLED_BY_DEFAULT
Definition: setypes.h:91
const LUID SeTakeOwnershipPrivilege
Definition: priv.c:28
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Internal function responsible for access token object creation in the kernel. A fully created token o...
Definition: token.c:1708
Status
Definition: gdiplustypes.h:24
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1558
#define SE_PRIVILEGE_ENABLED_BY_DEFAULT
Definition: setypes.h:62
const LUID SeCreatePagefilePrivilege
Definition: priv.c:34
#define ASSERT(a)
Definition: mode.c:44
const LUID SeRestorePrivilege
Definition: priv.c:37
#define SE_GROUP_ENABLED
Definition: setypes.h:92
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
static const LUID SeChangeNotifyPrivilege
Definition: authpackage.c:167
#define SE_GROUP_MANDATORY
Definition: setypes.h:90
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
PSID SeAliasAdminsSid
Definition: sid.c:41
TOKEN_SOURCE SeSystemTokenSource
Definition: token.c:21
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
const LUID SeLockMemoryPrivilege
Definition: priv.c:23
const LUID SeProfileSingleProcessPrivilege
Definition: priv.c:32
PSID SeWorldSid
Definition: sid.c:25
const LUID SeIncreaseBasePriorityPrivilege
Definition: priv.c:33
const LUID SeTcbPrivilege
Definition: priv.c:26
const LUID SeShutdownPrivilege
Definition: priv.c:38
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1556
#define NULL
Definition: types.h:112
const LUID SeSecurityPrivilege
Definition: priv.c:27
PSID SeLocalSystemSid
Definition: sid.c:38
unsigned int ULONG
Definition: retypes.h:1
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
#define STATUS_SUCCESS
Definition: shellext.h:65
#define SeLengthSid(Sid)
Definition: sefuncs.h:570
const LUID SeAuditPrivilege
Definition: priv.c:40
LONGLONG QuadPart
Definition: typedefs.h:114

Referenced by SepInitializationPhase0().

◆ SepDuplicateToken()

NTSTATUS NTAPI SepDuplicateToken ( _In_ PTOKEN  Token,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ BOOLEAN  EffectiveOnly,
_In_ TOKEN_TYPE  TokenType,
_In_ SECURITY_IMPERSONATION_LEVEL  Level,
_In_ KPROCESSOR_MODE  PreviousMode,
_Out_ PTOKEN NewAccessToken 
)

Duplicates an access token, from an existing valid token.

Parameters
[in]TokenAccess token to duplicate.
[in]ObjectAttributesObject attributes for the new token.
[in]EffectiveOnlyIf set to TRUE, the function removes all the disabled privileges and groups of the token to duplicate.
[in]TokenTypeType of token.
[in]LevelSecurity impersonation level of a token.
[in]PreviousModeThe processor request level mode.
[out]NewAccessTokenThe duplicated token.
Returns
Returns STATUS_SUCCESS if the token has been duplicated. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation of the dynamic part of the token for duplication has failed due to the lack of memory resources. A failure NTSTATUS code is returned otherwise.

Definition at line 995 of file token.c.

1003 {
1004  NTSTATUS Status;
1005  PTOKEN AccessToken;
1006  PVOID EndMem;
1007  ULONG PrimaryGroupIndex;
1008  ULONG VariableLength;
1009  ULONG TotalSize;
1010  ULONG PrivilegesIndex, GroupsIndex;
1011 
1012  PAGED_CODE();
1013 
1014  /* Compute how much size we need to allocate for the token */
1015  VariableLength = Token->VariableLength;
1016  TotalSize = FIELD_OFFSET(TOKEN, VariablePart) + VariableLength;
1017 
1021  PreviousMode,
1022  NULL,
1023  TotalSize,
1024  0,
1025  0,
1026  (PVOID*)&AccessToken);
1027  if (!NT_SUCCESS(Status))
1028  {
1029  DPRINT1("ObCreateObject() failed (Status 0x%lx)\n", Status);
1030  return Status;
1031  }
1032 
1033  /* Zero out the buffer and initialize the token */
1034  RtlZeroMemory(AccessToken, TotalSize);
1035 
1036  ExAllocateLocallyUniqueId(&AccessToken->TokenId);
1037 
1038  AccessToken->TokenType = TokenType;
1039  AccessToken->ImpersonationLevel = Level;
1040 
1041  /* Initialise the lock for the access token */
1042  Status = SepCreateTokenLock(AccessToken);
1043  if (!NT_SUCCESS(Status))
1044  {
1045  ObDereferenceObject(AccessToken);
1046  return Status;
1047  }
1048 
1049  /* Copy the immutable fields */
1051  &Token->TokenSource.SourceIdentifier);
1052  RtlCopyMemory(AccessToken->TokenSource.SourceName,
1053  Token->TokenSource.SourceName,
1054  sizeof(Token->TokenSource.SourceName));
1055 
1056  AccessToken->AuthenticationId = Token->AuthenticationId;
1057  AccessToken->ParentTokenId = Token->ParentTokenId;
1058  AccessToken->ExpirationTime = Token->ExpirationTime;
1059  AccessToken->OriginatingLogonSession = Token->OriginatingLogonSession;
1060 
1061  /* Lock the source token and copy the mutable fields */
1063 
1064  AccessToken->SessionId = Token->SessionId;
1065  RtlCopyLuid(&AccessToken->ModifiedId, &Token->ModifiedId);
1066 
1067  AccessToken->TokenFlags = Token->TokenFlags & ~TOKEN_SESSION_NOT_REFERENCED;
1068 
1069  /* Reference the logon session */
1071  if (!NT_SUCCESS(Status))
1072  {
1073  /* No logon session could be found, bail out */
1074  DPRINT1("SepRmReferenceLogonSession() failed (Status 0x%lx)\n", Status);
1075  /* Set the flag for proper cleanup by the delete procedure */
1076  AccessToken->TokenFlags |= TOKEN_SESSION_NOT_REFERENCED;
1077  goto Quit;
1078  }
1079 
1080  /* Insert the referenced logon session into the token */
1082  if (!NT_SUCCESS(Status))
1083  {
1084  /* Failed to insert the logon session into the token, bail out */
1085  DPRINT1("SepRmInsertLogonSessionIntoToken() failed (Status 0x%lx)\n", Status);
1086  goto Quit;
1087  }
1088 
1089  /* Assign the data that reside in the TOKEN's variable information area */
1090  AccessToken->VariableLength = VariableLength;
1091  EndMem = (PVOID)&AccessToken->VariablePart;
1092 
1093  /* Copy the privileges */
1094  AccessToken->PrivilegeCount = 0;
1095  AccessToken->Privileges = NULL;
1096  if (Token->Privileges && (Token->PrivilegeCount > 0))
1097  {
1098  ULONG PrivilegesLength = Token->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES);
1099  PrivilegesLength = ALIGN_UP_BY(PrivilegesLength, sizeof(PVOID));
1100 
1101  ASSERT(VariableLength >= PrivilegesLength);
1102 
1103  AccessToken->PrivilegeCount = Token->PrivilegeCount;
1104  AccessToken->Privileges = EndMem;
1105  EndMem = (PVOID)((ULONG_PTR)EndMem + PrivilegesLength);
1106  VariableLength -= PrivilegesLength;
1107 
1108  RtlCopyMemory(AccessToken->Privileges,
1109  Token->Privileges,
1110  AccessToken->PrivilegeCount * sizeof(LUID_AND_ATTRIBUTES));
1111  }
1112 
1113  /* Copy the user and groups */
1114  AccessToken->UserAndGroupCount = 0;
1115  AccessToken->UserAndGroups = NULL;
1116  if (Token->UserAndGroups && (Token->UserAndGroupCount > 0))
1117  {
1118  AccessToken->UserAndGroupCount = Token->UserAndGroupCount;
1119  AccessToken->UserAndGroups = EndMem;
1120  EndMem = &AccessToken->UserAndGroups[AccessToken->UserAndGroupCount];
1121  VariableLength -= ((ULONG_PTR)EndMem - (ULONG_PTR)AccessToken->UserAndGroups);
1122 
1124  Token->UserAndGroups,
1125  VariableLength,
1126  AccessToken->UserAndGroups,
1127  EndMem,
1128  &EndMem,
1129  &VariableLength);
1130  if (!NT_SUCCESS(Status))
1131  {
1132  DPRINT1("RtlCopySidAndAttributesArray(UserAndGroups) failed (Status 0x%lx)\n", Status);
1133  goto Quit;
1134  }
1135  }
1136 
1137  /* Find the token primary group */
1139  Token->PrimaryGroup,
1140  NULL,
1141  &PrimaryGroupIndex,
1142  NULL);
1143  if (!NT_SUCCESS(Status))
1144  {
1145  DPRINT1("SepFindPrimaryGroupAndDefaultOwner failed (Status 0x%lx)\n", Status);
1146  goto Quit;
1147  }
1148 
1149  AccessToken->PrimaryGroup = AccessToken->UserAndGroups[PrimaryGroupIndex].Sid;
1150  AccessToken->DefaultOwnerIndex = Token->DefaultOwnerIndex;
1151 
1152  /* Copy the restricted SIDs */
1153  AccessToken->RestrictedSidCount = 0;
1154  AccessToken->RestrictedSids = NULL;
1155  if (Token->RestrictedSids && (Token->RestrictedSidCount > 0))
1156  {
1157  AccessToken->RestrictedSidCount = Token->RestrictedSidCount;
1158  AccessToken->RestrictedSids = EndMem;
1159  EndMem = &AccessToken->RestrictedSids[AccessToken->RestrictedSidCount];
1160  VariableLength -= ((ULONG_PTR)EndMem - (ULONG_PTR)AccessToken->RestrictedSids);
1161 
1163  Token->RestrictedSids,
1164  VariableLength,
1165  AccessToken->RestrictedSids,
1166  EndMem,
1167  &EndMem,
1168  &VariableLength);
1169  if (!NT_SUCCESS(Status))
1170  {
1171  DPRINT1("RtlCopySidAndAttributesArray(RestrictedSids) failed (Status 0x%lx)\n", Status);
1172  goto Quit;
1173  }
1174  }
1175 
1176  /*
1177  * Filter the token by removing the disabled privileges
1178  * and groups if the caller wants to duplicate an access
1179  * token as effective only.
1180  */
1181  if (EffectiveOnly)
1182  {
1183  /* Begin querying the groups and search for disabled ones */
1184  for (GroupsIndex = 0; GroupsIndex < AccessToken->UserAndGroupCount; GroupsIndex++)
1185  {
1186  /*
1187  * A group or user is considered disabled if its attributes is either
1188  * 0 or SE_GROUP_ENABLED is not included in the attributes flags list.
1189  * That is because a certain user and/or group can have several attributes
1190  * that bear no influence on whether a user/group is enabled or not
1191  * (SE_GROUP_ENABLED_BY_DEFAULT for example which is a mere indicator
1192  * that the group has just been enabled by default). A mandatory
1193  * group (that is, the group has SE_GROUP_MANDATORY attribute)
1194  * by standards it's always enabled and no one can disable it.
1195  */
1196  if (AccessToken->UserAndGroups[GroupsIndex].Attributes == 0 ||
1197  (AccessToken->UserAndGroups[GroupsIndex].Attributes & SE_GROUP_ENABLED) == 0)
1198  {
1199  /*
1200  * If this group is an administrators group
1201  * and the token belongs to such group,
1202  * we've to take away TOKEN_HAS_ADMIN_GROUP
1203  * for the fact that's not enabled and as
1204  * such the token no longer belongs to
1205  * this group.
1206  */
1208  &AccessToken->UserAndGroups[GroupsIndex].Sid))
1209  {
1210  AccessToken->TokenFlags &= ~TOKEN_HAS_ADMIN_GROUP;
1211  }
1212 
1213  /*
1214  * A group is not enabled, it's time to remove
1215  * from the token and update the groups index
1216  * accordingly and continue with the next group.
1217  */
1218  SepRemoveUserGroupToken(AccessToken, GroupsIndex);
1219  GroupsIndex--;
1220  }
1221  }
1222 
1223  /* Begin querying the privileges and search for disabled ones */
1224  for (PrivilegesIndex = 0; PrivilegesIndex < AccessToken->PrivilegeCount; PrivilegesIndex++)
1225  {
1226  /*
1227  * A privilege is considered disabled if its attributes is either
1228  * 0 or SE_PRIVILEGE_ENABLED is not included in the attributes flags list.
1229  * That is because a certain privilege can have several attributes
1230  * that bear no influence on whether a privilege is enabled or not
1231  * (SE_PRIVILEGE_ENABLED_BY_DEFAULT for example which is a mere indicator
1232  * that the privilege has just been enabled by default).
1233  */
1234  if (AccessToken->Privileges[PrivilegesIndex].Attributes == 0 ||
1235  (AccessToken->Privileges[PrivilegesIndex].Attributes & SE_PRIVILEGE_ENABLED) == 0)
1236  {
1237  /*
1238  * A privilege is not enabled, therefor it's time
1239  * to strip it from the token and continue with the next
1240  * privilege. Of course we must also want to update the
1241  * privileges index accordingly.
1242  */
1243  SepRemovePrivilegeToken(AccessToken, PrivilegesIndex);
1244  PrivilegesIndex--;
1245  }
1246  }
1247  }
1248 
1249  //
1250  // NOTE: So far our dynamic area only contains
1251  // the default dacl, so this makes the following
1252  // code pretty simple. The day where it stores
1253  // other data, the code will require adaptations.
1254  //
1255 
1256  /* Now allocate the TOKEN's dynamic information area and set the data */
1257  AccessToken->DynamicAvailable = 0; // Unused memory in the dynamic area.
1258  AccessToken->DynamicPart = NULL;
1259  if (Token->DynamicPart && Token->DefaultDacl)
1260  {
1262  Token->DefaultDacl->AclSize,
1264  if (AccessToken->DynamicPart == NULL)
1265  {
1267  goto Quit;
1268  }
1269  EndMem = (PVOID)AccessToken->DynamicPart;
1270 
1271  AccessToken->DefaultDacl = EndMem;
1272 
1273  RtlCopyMemory(AccessToken->DefaultDacl,
1274  Token->DefaultDacl,
1275  Token->DefaultDacl->AclSize);
1276  }
1277 
1278  /* Unlock the source token */
1280 
1281  /* Return the token */
1282  *NewAccessToken = AccessToken;
1284 
1285 Quit:
1286  if (!NT_SUCCESS(Status))
1287  {
1288  /* Unlock the source token */
1290 
1291  /* Dereference the token, the delete procedure will clean it up */
1292  ObDereferenceObject(AccessToken);
1293  }
1294 
1295  return Status;
1296 }
TOKEN_TYPE TokenType
Definition: setypes.h:231
#define SepAcquireTokenLockExclusive(Token)
Definition: se.h:220
static NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Finds the primary group and default owner entity based on the submitted primary group instance and an...
Definition: token.c:869
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
NTSTATUS NTAPI SepRmInsertLogonSessionIntoToken(_Inout_ PTOKEN Token)
Inserts a logon session into an access token specified by the caller.
Definition: srm.c:368
LUID AuthenticationId
Definition: setypes.h:211
ULONG VariablePart
Definition: setypes.h:239
NTSYSAPI NTSTATUS NTAPI RtlCopySidAndAttributesArray(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src, _In_ ULONG SidAreaSize, _In_ PSID_AND_ATTRIBUTES Dest, _In_ PSID SidArea, _Out_ PSID *RemainingSidArea, _Out_ PULONG RemainingSidAreaSize)
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR Level
Definition: wmitypes.h:55
ULONG PrivilegeCount
Definition: setypes.h:220
if(dx==0 &&dy==0)
Definition: linetemp.h:174
PLUID_AND_ATTRIBUTES Privileges
Definition: setypes.h:228
LUID ModifiedId
Definition: setypes.h:216
uint32_t ULONG_PTR
Definition: typedefs.h:65
ULONG TokenFlags
Definition: setypes.h:233
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
LUID SourceIdentifier
Definition: imports.h:279
ULONG DynamicAvailable
Definition: setypes.h:223
PACL DefaultDacl
Definition: setypes.h:230
NTSTATUS SepRmReferenceLogonSession(_Inout_ PLUID LogonLuid)
POBJECT_TYPE SeTokenObjectType
Definition: token.c:19
LUID ParentTokenId
Definition: setypes.h:212
ULONG DefaultOwnerIndex
Definition: setypes.h:224
ULONG VariableLength
Definition: setypes.h:221
void * PVOID
Definition: retypes.h:9
ULONG SessionId
Definition: setypes.h:217
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:951
ULONG RestrictedSidCount
Definition: setypes.h:219
PULONG DynamicPart
Definition: setypes.h:229
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
PSID PrimaryGroup
Definition: setypes.h:227
LARGE_INTEGER ExpirationTime
Definition: setypes.h:213
#define ASSERT(a)
Definition: mode.c:44
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define SE_GROUP_ENABLED
Definition: setypes.h:92
#define ObDereferenceObject
Definition: obfuncs.h:203
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PSID_AND_ATTRIBUTES RestrictedSids
Definition: setypes.h:226
PSID SeAliasAdminsSid
Definition: sid.c:41
#define SepReleaseTokenLock(Token)
Definition: se.h:231
#define TAG_TOKEN_DYNAMIC
Definition: tag.h:153
CCHAR SourceName[TOKEN_SOURCE_LENGTH]
Definition: imports.h:278
static VOID SepRemovePrivilegeToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Removes a privilege from the token.
Definition: token.c:580
#define TOKEN_HAS_ADMIN_GROUP
Definition: setypes.h:1160
ULONG UserAndGroupCount
Definition: setypes.h:218
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:335
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
LUID TokenId
Definition: setypes.h:210
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
NTSYSAPI void WINAPI RtlCopyLuid(PLUID, const LUID *)
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:232
static NTSTATUS SepCreateTokenLock(_Inout_ PTOKEN Token)
Creates a lock for the token.
Definition: token.c:89
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
#define ULONG_PTR
Definition: config.h:101
#define ALIGN_UP_BY(size, align)
PSID_AND_ATTRIBUTES UserAndGroups
Definition: setypes.h:225
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define STATUS_SUCCESS
Definition: shellext.h:65
TOKEN_SOURCE TokenSource
Definition: setypes.h:209
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:401
#define TOKEN_SESSION_NOT_REFERENCED
Definition: setypes.h:1162
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:401
#define PAGED_CODE()
static VOID SepRemoveUserGroupToken(_Inout_ PTOKEN Token, _In_ ULONG Index)
Removes a group from the token.
Definition: token.c:617
LUID OriginatingLogonSession
Definition: setypes.h:238

Referenced by NtDuplicateToken(), NtOpenThreadTokenEx(), SeCopyClientToken(), and SeSubProcessToken().

◆ SepGetDaclFromDescriptor()

FORCEINLINE PACL SepGetDaclFromDescriptor ( _Inout_ PVOID  _Descriptor)

Definition at line 79 of file se.h.

81 {
84 
85  if (!(Descriptor->Control & SE_DACL_PRESENT)) return NULL;
86 
87  if (Descriptor->Control & SE_SELF_RELATIVE)
88  {
90  if (!SdRel->Dacl) return NULL;
91  return (PACL)((ULONG_PTR)Descriptor + SdRel->Dacl);
92  }
93  else
94  {
95  return Descriptor->Dacl;
96  }
97 }
_Must_inspect_result_ _In_ WDFIORESLIST _In_ PIO_RESOURCE_DESCRIPTOR Descriptor
Definition: wdfresource.h:339
#define SE_SELF_RELATIVE
Definition: setypes.h:812
#define SE_DACL_PRESENT
Definition: setypes.h:799
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
#define NULL
Definition: types.h:112
#define ULONG_PTR
Definition: config.h:101
struct _SECURITY_DESCRIPTOR * PISECURITY_DESCRIPTOR

Referenced by _IRQL_requires_max_(), RtlGetDaclSecurityDescriptor(), RtlLengthSecurityDescriptor(), RtlpQuerySecurityDescriptor(), RtlValidSecurityDescriptor(), SeCaptureSecurityDescriptor(), and SeFastTraverseCheck().

◆ SepGetGroupFromDescriptor()

FORCEINLINE PSID SepGetGroupFromDescriptor ( _Inout_ PVOID  _Descriptor)

Definition at line 39 of file se.h.

41 {
44 
45  if (Descriptor->Control & SE_SELF_RELATIVE)
46  {
48  if (!SdRel->Group) return NULL;
49  return (PSID)((ULONG_PTR)Descriptor + SdRel->Group);
50  }
51  else
52  {
53  return Descriptor->Group;
54  }
55 }
_Must_inspect_result_ _In_ WDFIORESLIST _In_ PIO_RESOURCE_DESCRIPTOR Descriptor
Definition: wdfresource.h:339
#define SE_SELF_RELATIVE
Definition: setypes.h:812
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
#define NULL
Definition: types.h:112
#define ULONG_PTR
Definition: config.h:101
struct _SECURITY_DESCRIPTOR * PISECURITY_DESCRIPTOR

Referenced by _IRQL_requires_max_(), RtlGetGroupSecurityDescriptor(), RtlLengthSecurityDescriptor(), RtlpQuerySecurityDescriptor(), RtlValidSecurityDescriptor(), SeCaptureSecurityDescriptor(), and SepAccessCheckAndAuditAlarm().

◆ SepGetOwnerFromDescriptor()

FORCEINLINE PSID SepGetOwnerFromDescriptor ( _Inout_ PVOID  _Descriptor)

Definition at line 59 of file se.h.

61 {
64 
65  if (Descriptor->Control & SE_SELF_RELATIVE)
66  {
68  if (!SdRel->Owner) return NULL;
69  return (PSID)((ULONG_PTR)Descriptor + SdRel->Owner);
70  }
71  else
72  {
73  return Descriptor->Owner;
74  }
75 }
_Must_inspect_result_ _In_ WDFIORESLIST _In_ PIO_RESOURCE_DESCRIPTOR Descriptor
Definition: wdfresource.h:339
#define SE_SELF_RELATIVE
Definition: setypes.h:812
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
#define NULL
Definition: types.h:112
#define ULONG_PTR
Definition: config.h:101
struct _SECURITY_DESCRIPTOR * PISECURITY_DESCRIPTOR

Referenced by _IRQL_requires_max_(), RtlGetOwnerSecurityDescriptor(), RtlLengthSecurityDescriptor(), RtlpQuerySecurityDescriptor(), RtlValidSecurityDescriptor(), SeCaptureSecurityDescriptor(), SepAccessCheckAndAuditAlarm(), and SepTokenIsOwner().

◆ SepGetSaclFromDescriptor()

FORCEINLINE PACL SepGetSaclFromDescriptor ( _Inout_ PVOID  _Descriptor)

Definition at line 101 of file se.h.

103 {
106 
107  if (!(Descriptor->Control & SE_SACL_PRESENT)) return NULL;
108 
109  if (Descriptor->Control & SE_SELF_RELATIVE)
110  {
112  if (!SdRel->Sacl) return NULL;
113  return (PACL)((ULONG_PTR)Descriptor + SdRel->Sacl);
114  }
115  else
116  {
117  return Descriptor->Sacl;
118  }
119 }
#define SE_SACL_PRESENT
Definition: setypes.h:801
_Must_inspect_result_ _In_ WDFIORESLIST _In_ PIO_RESOURCE_DESCRIPTOR Descriptor
Definition: wdfresource.h:339
#define SE_SELF_RELATIVE
Definition: setypes.h:812
struct _SECURITY_DESCRIPTOR_RELATIVE * PISECURITY_DESCRIPTOR_RELATIVE
#define NULL
Definition: types.h:112
#define ULONG_PTR
Definition: config.h:101
struct _SECURITY_DESCRIPTOR * PISECURITY_DESCRIPTOR

Referenced by _IRQL_requires_max_(), RtlGetSaclSecurityDescriptor(), RtlLengthSecurityDescriptor(), RtlpQuerySecurityDescriptor(), RtlValidSecurityDescriptor(), and SeCaptureSecurityDescriptor().

◆ SepInitDACLs()

BOOLEAN NTAPI SepInitDACLs ( VOID  )

Initializes known discretionary access control lists in the system upon kernel and Executive initialization procedure.

Returns
Returns TRUE if all the DACLs have been successfully initialized, FALSE otherwise.

Definition at line 38 of file acl.c.

39 {
41 
42  /* create PublicDefaultDacl */
43  AclLength = sizeof(ACL) +
44  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
45  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
46  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
47 
49  AclLength,
50  TAG_ACL);
52  return FALSE;
53 
55  AclLength,
56  ACL_REVISION);
57 
61  SeWorldSid);
62 
67 
72 
73  /* create PublicDefaultUnrestrictedDacl */
74  AclLength = sizeof(ACL) +
75  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
76  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
77  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
79 
81  AclLength,
82  TAG_ACL);
84  return FALSE;
85 
87  AclLength,
88  ACL_REVISION);
89 
93  SeWorldSid);
94 
99 
101  ACL_REVISION,
102  GENERIC_ALL,
104 
106  ACL_REVISION,
109 
110  /* create PublicOpenDacl */
111  AclLength = sizeof(ACL) +
112  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
113  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
114  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
115 
117  AclLength,
118  TAG_ACL);
119  if (SePublicOpenDacl == NULL)
120  return FALSE;
121 
123  AclLength,
124  ACL_REVISION);
125 
127  ACL_REVISION,
129  SeWorldSid);
130 
132  ACL_REVISION,
133  GENERIC_ALL,
135 
137  ACL_REVISION,
138  GENERIC_ALL,
140 
141  /* create PublicOpenUnrestrictedDacl */
142  AclLength = sizeof(ACL) +
143  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
144  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
145  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid)) +
146  (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
147 
149  AclLength,
150  TAG_ACL);
152  return FALSE;
153 
155  AclLength,
156  ACL_REVISION);
157 
159  ACL_REVISION,
160  GENERIC_ALL,
161  SeWorldSid);
162 
164  ACL_REVISION,
165  GENERIC_ALL,
167 
169  ACL_REVISION,
170  GENERIC_ALL,
172 
174  ACL_REVISION,
177 
178  /* create SystemDefaultDacl */
179  AclLength = sizeof(ACL) +
180  (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
181  (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
182 
184  AclLength,
185  TAG_ACL);
186  if (SeSystemDefaultDacl == NULL)
187  return FALSE;
188 
190  AclLength,
191  ACL_REVISION);
192 
194  ACL_REVISION,
195  GENERIC_ALL,
197 
199  ACL_REVISION,
202 
203  /* create UnrestrictedDacl */
204  AclLength = sizeof(ACL) +
205  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
206  (sizeof(ACE) + RtlLengthSid(SeRestrictedCodeSid));
207 
209  AclLength,
210  TAG_ACL);
211  if (SeUnrestrictedDacl == NULL)
212  return FALSE;
213 
215  AclLength,
216  ACL_REVISION);
217 
219  ACL_REVISION,
220  GENERIC_ALL,
221  SeWorldSid);
222 
224  ACL_REVISION,
227 
228  /* create SystemAnonymousLogonDacl */
229  AclLength = sizeof(ACL) +
230  (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
231  (sizeof(ACE) + RtlLengthSid(SeAnonymousLogonSid));
232 
234  AclLength,
235  TAG_ACL);
237  return FALSE;
238 
240  AclLength,
241  ACL_REVISION);
242 
244  ACL_REVISION,
245  GENERIC_ALL,
246  SeWorldSid);
247 
249  ACL_REVISION,
250  GENERIC_ALL,
252 
253  return TRUE;
254 }
#define GENERIC_ALL
Definition: nt_native.h:92
PSID SeRestrictedCodeSid
Definition: sid.c:40
#define TRUE
Definition: types.h:120
PACL SeSystemDefaultDacl
Definition: acl.c:17
PACL SePublicOpenDacl
Definition: acl.c:19
PACL SeSystemAnonymousLogonDacl
Definition: acl.c:22
PACL SePublicOpenUnrestrictedDacl
Definition: acl.c:20
#define FALSE
Definition: types.h:117
PACL SeUnrestrictedDacl
Definition: acl.c:21
#define GENERIC_WRITE
Definition: nt_native.h:90
struct _ACL ACL
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
#define READ_CONTROL
Definition: nt_native.h:58
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PSID SeAliasAdminsSid
Definition: sid.c:41
PACL SePublicDefaultUnrestrictedDacl
Definition: acl.c:18
#define GENERIC_READ
Definition: compat.h:135
PSID SeWorldSid
Definition: sid.c:25
#define TAG_ACL
Definition: tag.h:146
PACL SePublicDefaultDacl
Definition: acl.c:16
NTSTATUS NTAPI RtlAddAccessAllowedAce(IN OUT PACL Acl, IN ULONG Revision, IN ACCESS_MASK AccessMask, IN PSID Sid)
Definition: acl.c:262
NTSTATUS NTAPI RtlCreateAcl(IN PACL Acl, IN ULONG AclSize, IN ULONG AclRevision)
Definition: acl.c:677
#define NULL
Definition: types.h:112
#define ACL_REVISION
Definition: setypes.h:39
PSID SeLocalSystemSid
Definition: sid.c:38
unsigned int ULONG
Definition: retypes.h:1
PSID SeAnonymousLogonSid
Definition: se.h:159
#define GENERIC_EXECUTE
Definition: nt_native.h:91
Definition: rtltypes.h:990
_In_ ULONG AclLength
Definition: rtlfuncs.h:1842

Referenced by SepInitializationPhase0().

◆ SepInitializeTokenImplementation()

VOID NTAPI SepInitializeTokenImplementation ( VOID  )

Internal function that initializes critical kernel data for access token implementation in SRM.

Returns
Nothing.

Definition at line 1576 of file token.c.

1577 {
1579  OBJECT_TYPE_INITIALIZER ObjectTypeInitializer;
1580 
1581  DPRINT("Creating Token Object Type\n");
1582 
1583  /* Initialize the Token type */
1584  RtlZeroMemory(&ObjectTypeInitializer, sizeof(ObjectTypeInitializer));
1585  RtlInitUnicodeString(&Name, L"Token");
1586  ObjectTypeInitializer.Length = sizeof(ObjectTypeInitializer);
1587  ObjectTypeInitializer.InvalidAttributes = OBJ_OPENLINK;
1588  ObjectTypeInitializer.SecurityRequired = TRUE;
1589  ObjectTypeInitializer.DefaultPagedPoolCharge = sizeof(TOKEN);
1590  ObjectTypeInitializer.GenericMapping = SepTokenMapping;
1591  ObjectTypeInitializer.PoolType = PagedPool;
1592  ObjectTypeInitializer.ValidAccessMask = TOKEN_ALL_ACCESS;
1593  ObjectTypeInitializer.UseDefaultObject = TRUE;
1594  ObjectTypeInitializer.DeleteProcedure = SepDeleteToken;
1595  ObCreateObjectType(&Name, &ObjectTypeInitializer, NULL, &SeTokenObjectType);
1596 }
#define OBJ_OPENLINK
Definition: winternl.h:230
NTSTATUS NTAPI ObCreateObjectType(IN PUNICODE_STRING TypeName, IN POBJECT_TYPE_INITIALIZER ObjectTypeInitializer, IN PVOID Reserved, OUT POBJECT_TYPE *ObjectType)
Definition: oblife.c:1047
#define TRUE
Definition: types.h:120
#define L(x)
Definition: ntvdm.h:50
struct NameRec_ * Name
Definition: cdprocs.h:459
POBJECT_TYPE SeTokenObjectType
Definition: token.c:19
#define TOKEN_ALL_ACCESS
Definition: setypes.h:924
static GENERIC_MAPPING SepTokenMapping
Definition: token.c:25
GENERIC_MAPPING GenericMapping
Definition: obtypes.h:358
#define NULL
Definition: types.h:112
VOID NTAPI SepDeleteToken(_In_ PVOID ObjectBody)
Internal function that deals with access token object destruction and deletion. The function is used ...
Definition: token.c:1532
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
#define DPRINT
Definition: sndvol32.h:71
OB_DELETE_METHOD DeleteProcedure
Definition: obtypes.h:369
struct _TOKEN TOKEN

Referenced by SepInitializationPhase0().

◆ SepInitPrivileges()

VOID NTAPI SepInitPrivileges ( VOID  )

Initializes the privileges during the startup phase of the security manager module. This function serves as a placeholder as it currently does nothing.

Returns
Nothing.

Definition at line 71 of file priv.c.

72 {
73 
74 }

Referenced by SepInitializationPhase0().

◆ SepInitSDs()

BOOLEAN NTAPI SepInitSDs ( VOID  )

Initializes the known security descriptors in the system.

Returns
Returns TRUE if all the security descriptors have been initialized, FALSE otherwise.

Definition at line 37 of file sd.c.

38 {
39  /* Create PublicDefaultSd */
41  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
42  if (SePublicDefaultSd == NULL)
43  return FALSE;
44 
48  TRUE,
50  FALSE);
51 
52  /* Create PublicDefaultUnrestrictedSd */
54  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
56  return FALSE;
57 
61  TRUE,
63  FALSE);
64 
65  /* Create PublicOpenSd */
67  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
68  if (SePublicOpenSd == NULL)
69  return FALSE;
70 
74  TRUE,
76  FALSE);
77 
78  /* Create PublicOpenUnrestrictedSd */
80  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
82  return FALSE;
83 
87  TRUE,
89  FALSE);
90 
91  /* Create SystemDefaultSd */
93  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
94  if (SeSystemDefaultSd == NULL)
95  return FALSE;
96 
100  TRUE,
102  FALSE);
103 
104  /* Create UnrestrictedSd */
106  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
107  if (SeUnrestrictedSd == NULL)
108  return FALSE;
109 
113  TRUE,
115  FALSE);
116 
117  /* Create SystemAnonymousLogonSd */
119  sizeof(SECURITY_DESCRIPTOR), TAG_SD);
121  return FALSE;
122 
126  TRUE,
128  FALSE);
129 
130  return TRUE;
131 }
PACL SePublicDefaultUnrestrictedDacl
Definition: acl.c:18
#define TRUE
Definition: types.h:120
PSECURITY_DESCRIPTOR SePublicDefaultSd
Definition: sd.c:16
PACL SeSystemDefaultDacl
Definition: acl.c:17
PSECURITY_DESCRIPTOR SeUnrestrictedSd
Definition: sd.c:21
NTSTATUS NTAPI RtlCreateSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Revision)
Definition: sd.c:117
PSECURITY_DESCRIPTOR SePublicOpenSd
Definition: sd.c:18
NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN DaclPresent, IN PACL Dacl, IN BOOLEAN DaclDefaulted)
Definition: sd.c:303
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
#define FALSE
Definition: types.h:117
PACL SePublicOpenDacl
Definition: acl.c:19
#define TAG_SD
Definition: tag.h:148
PSECURITY_DESCRIPTOR SePublicOpenUnrestrictedSd
Definition: sd.c:19
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PSECURITY_DESCRIPTOR SePublicDefaultUnrestrictedSd
Definition: sd.c:17
PACL SePublicDefaultDacl
Definition: acl.c:16
#define NULL
Definition: types.h:112
PACL SeUnrestrictedDacl
Definition: acl.c:21
PACL SePublicOpenUnrestrictedDacl
Definition: acl.c:20
PSECURITY_DESCRIPTOR SeSystemAnonymousLogonSd
Definition: sd.c:22
PSECURITY_DESCRIPTOR SeSystemDefaultSd
Definition: sd.c:20
PACL SeSystemAnonymousLogonDacl
Definition: acl.c:22

Referenced by SepInitializationPhase0().

◆ SepInitSecurityIDs()

BOOLEAN NTAPI SepInitSecurityIDs ( VOID  )

Initializes all the SIDs known in the system.

Returns
Returns TRUE if all the SIDs have been initialized, FALSE otherwise.

Definition at line 115 of file sid.c.

116 {
117  ULONG SidLength0;
118  ULONG SidLength1;
119  ULONG SidLength2;
120  PULONG SubAuthority;
121 
122  SidLength0 = RtlLengthRequiredSid(0);
123  SidLength1 = RtlLengthRequiredSid(1);
124  SidLength2 = RtlLengthRequiredSid(2);
125 
126  /* create NullSid */
157 
158  if (SeNullSid == NULL || SeWorldSid == NULL ||
162  SeDialupSid == NULL || SeNetworkSid == NULL || SeBatchSid == NULL ||
173  {
175  return FALSE;
176  }
177 
208 
209