ReactOS  0.4.15-dev-2531-g03e8246
Functions | Variables
sefuncs.h File Reference
#include <umtypes.h>
Include dependency graph for sefuncs.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

NTKERNELAPI NTSTATUS NTAPI SeCaptureSecurityDescriptor (_In_ PSECURITY_DESCRIPTOR OriginalSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
 
NTKERNELAPI NTSTATUS NTAPI SeReleaseSecurityDescriptor (_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
 
NTKERNELAPI NTSTATUS NTAPI SeCreateAccessState (PACCESS_STATE AccessState, PAUX_ACCESS_DATA AuxData, ACCESS_MASK Access, PGENERIC_MAPPING GenericMapping)
 
NTKERNELAPI VOID NTAPI SeDeleteAccessState (_In_ PACCESS_STATE AccessState)
 
NTKERNELAPI SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel (_In_ PACCESS_TOKEN Token)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheck (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_ PPRIVILEGE_SET PrivilegeSet, _Out_ PULONG ReturnLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
NTSTATUS NTAPI NtAccessCheckByType (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
NTSTATUS NTAPI NtAccessCheckByTypeResultList (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_opt_ PTOKEN_GROUPS NewState, _In_opt_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, _Out_ PULONG ReturnLength)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAllocateLocallyUniqueId (_Out_ LUID *LocallyUniqueId)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAllocateUuids (PULARGE_INTEGER Time, PULONG Range, PULONG Sequence, PUCHAR Seed)
 
NTSYSCALLAPI NTSTATUS NTAPI NtCompareTokens (_In_ HANDLE FirstTokenHandle, _In_ HANDLE SecondTokenHandle, _Out_ PBOOLEAN Equal)
 Compares tokens if they're equal or not. More...
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateToken (_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_opt_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_opt_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken (_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken (_In_ HANDLE ThreadHandle)
 Allows the calling thread to impersonate the system's anonymous logon token. More...
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
 
NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck (_In_ HANDLE ClientToken, _Inout_ PPRIVILEGE_SET RequiredPrivileges, _Out_ PBOOLEAN Result)
 
NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
 _When_ (TokenInformationClass==TokenAccessInformation, _At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))) _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle
 
_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ (TokenInformationLength, *ReturnLength) PVOID TokenInformation
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken (_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
 
NTSYSAPI NTSTATUS NTAPI ZwAccessCheck (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_ PPRIVILEGE_SET PrivilegeSet, _Out_ PULONG ReturnLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
NTSYSAPI NTSTATUS NTAPI ZwAdjustGroupsToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_ PTOKEN_GROUPS NewState, _In_ ULONG BufferLength, _Out_opt_ PTOKEN_GROUPS PreviousState, _Out_ PULONG ReturnLength)
 
_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI ZwAdjustPrivilegesToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
 
NTSYSAPI NTSTATUS NTAPI ZwAllocateLocallyUniqueId (_Out_ LUID *LocallyUniqueId)
 
NTSYSAPI NTSTATUS NTAPI ZwAllocateUuids (PULARGE_INTEGER Time, PULONG Range, PULONG Sequence, PUCHAR Seed)
 
NTSYSAPI NTSTATUS NTAPI ZwCreateToken (_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
 
 _IRQL_requires_max_ (PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwDuplicateToken(_In_ HANDLE ExistingTokenHandle
 
NTSYSAPI NTSTATUS NTAPI ZwImpersonateAnonymousToken (_In_ HANDLE Thread)
 
NTSYSAPI NTSTATUS NTAPI ZwOpenObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ULONG DesiredAccess, _In_ ULONG GrantedAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
 
NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 
NTSYSAPI NTSTATUS NTAPI ZwPrivilegeCheck (_In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET RequiredPrivileges, _In_ PBOOLEAN Result)
 
NTSYSAPI NTSTATUS NTAPI ZwPrivilegedServiceAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
NTSYSAPI NTSTATUS NTAPI ZwPrivilegeObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ULONG DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ (Length, *ResultLength) PVOID TokenInformation
 
NTSYSAPI NTSTATUS NTAPI ZwSetInformationToken (_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_ PVOID TokenInformation, _In_ ULONG TokenInformationLength)
 

Variables

_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ReturnLength
 
_In_ ACCESS_MASK DesiredAccess
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
 
_In_ ACCESS_MASK _Out_ PHANDLE TokenHandle
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG Length
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ResultLength
 

Function Documentation

◆ _IRQL_requires_max_()

_IRQL_requires_max_ ( PASSIVE_LEVEL  )

Definition at line 64 of file Messaging.c.

75 {
76  PFLT_SERVER_PORT_OBJECT PortObject;
77  NTSTATUS Status;
78 
79  /* The caller must allow at least one connection */
80  if (MaxConnections == 0)
81  {
82  return STATUS_INVALID_PARAMETER;
83  }
84 
85  /* The request must be for a kernel handle */
86  if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
87  {
88  return STATUS_INVALID_PARAMETER;
89  }
90 
91  /*
92  * Get rundown protection on the target to stop the owner
93  * from unloading whilst this port object is open. It gets
94  * removed in the FltpServerPortClose callback
95  */
96  Status = FltObjectReference(Filter);
97  if (!NT_SUCCESS(Status))
98  {
99  return Status;
100  }
101 
102  /* Create the server port object for this filter */
103  Status = ObCreateObject(KernelMode,
104  ServerPortObjectType,
105  ObjectAttributes,
106  KernelMode,
107  NULL,
108  sizeof(FLT_SERVER_PORT_OBJECT),
109  0,
110  0,
111  (PVOID *)&PortObject);
112  if (NT_SUCCESS(Status))
113  {
114  /* Zero out the struct */
115  RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
116 
117  /* Increment the ref count on the target filter */
118  FltpObjectPointerReference((PFLT_OBJECT)Filter);
119 
120  /* Setup the filter port object */
121  PortObject->Filter = Filter;
122  PortObject->ConnectNotify = ConnectNotifyCallback;
123  PortObject->DisconnectNotify = DisconnectNotifyCallback;
124  PortObject->MessageNotify = MessageNotifyCallback;
125  PortObject->Cookie = ServerPortCookie;
126  PortObject->MaxConnections = MaxConnections;
127 
128  /* Insert the object */
129  Status = ObInsertObject(PortObject,
130  NULL,
131  STANDARD_RIGHTS_ALL | FILE_READ_DATA,
132  0,
133  NULL,
134  (PHANDLE)ServerPort);
135  if (NT_SUCCESS(Status))
136  {
137  /* Lock the connection list */
138  ExAcquireFastMutex(&Filter->ConnectionList.mLock);
139 
140  /* Add the new port object to the connection list and increment the count */
141  InsertTailList(&Filter->ConnectionList.mList, &PortObject->FilterLink);
142  Filter->ConnectionList.mCount++;
143 
144  /* Unlock the connection list*/
145  ExReleaseFastMutex(&Filter->ConnectionList.mLock);
146  }
147  }
148 
149  if (!NT_SUCCESS(Status))
150  {
151  /* Allow the filter to be cleaned up */
152  FltObjectDereference(Filter);
153  }
154 
155  return Status;
156 }
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
ServerPort
_Must_inspect_result_ _Outptr_ PFLT_PORT * ServerPort
Definition: fltkernel.h:1873
_FLT_SERVER_PORT_OBJECT::ConnectNotify
PFLT_CONNECT_NOTIFY ConnectNotify
Definition: fltmgrint.h:191
FltObjectDereference
VOID FLTAPI FltObjectDereference(_Inout_ PVOID Object)
Definition: Object.c:53
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
_FLT_MUTEX_LIST_HEAD::mCount
ULONG mCount
Definition: fltmgrint.h:57
InsertTailList
#define InsertTailList(ListHead, Entry)
Definition: env_spec_w32.h:1003
OBJ_KERNEL_HANDLE
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
ExReleaseFastMutex
VOID FASTCALL ExReleaseFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:31
FltpObjectPointerReference
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
_FLT_MUTEX_LIST_HEAD::mList
LIST_ENTRY mList
Definition: fltmgrint.h:56
Filter
_Must_inspect_result_ _In_opt_ PFLT_FILTER Filter
Definition: fltkernel.h:1802
FILE_READ_DATA
#define FILE_READ_DATA
Definition: nt_native.h:628
ObCreateObject
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:952
Status
Status
Definition: gdiplustypes.h:24
_FLT_SERVER_PORT_OBJECT::Cookie
PVOID Cookie
Definition: fltmgrint.h:195
ServerPortObjectType
POBJECT_TYPE ServerPortObjectType
Definition: Messaging.c:24
_FLT_OBJECT
Definition: fltmgrint.h:25
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
DisconnectNotifyCallback
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1873
_FLT_SERVER_PORT_OBJECT::MaxConnections
LONG MaxConnections
Definition: fltmgrint.h:198
PHANDLE
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
ConnectNotifyCallback
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1873
_FLT_SERVER_PORT_OBJECT
Definition: fltmgrint.h:188
ObInsertObject
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2931
STANDARD_RIGHTS_ALL
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
ExAcquireFastMutex
VOID FASTCALL ExAcquireFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:23
FltObjectReference
NTSTATUS FLTAPI FltObjectReference(_Inout_ PVOID Object)
Definition: Object.c:41
ServerPortCookie
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1873
_FLT_SERVER_PORT_OBJECT::Filter
PFLT_FILTER Filter
Definition: fltmgrint.h:194
NULL
#define NULL
Definition: types.h:112
_FLT_MUTEX_LIST_HEAD::mLock
FAST_MUTEX mLock
Definition: fltmgrint.h:55
_FLT_SERVER_PORT_OBJECT::MessageNotify
PFLT_MESSAGE_NOTIFY MessageNotify
Definition: fltmgrint.h:193
_FLT_SERVER_PORT_OBJECT::FilterLink
LIST_ENTRY FilterLink
Definition: fltmgrint.h:190
RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
MaxConnections
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY _In_ LONG MaxConnections
Definition: fltkernel.h:1873
_FLT_SERVER_PORT_OBJECT::DisconnectNotify
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
MessageNotifyCallback
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1873
_FLT_FILTER::ConnectionList
FLT_MUTEX_LIST_HEAD ConnectionList
Definition: fltmgrint.h:121

◆ _Out_writes_bytes_to_opt_() [1/2]

_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ ( TokenInformationLength  ,
ReturnLength 
)

◆ _Out_writes_bytes_to_opt_() [2/2]

_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ ( Length  ,
ResultLength 
)

◆ _When_()

_When_ ( TokenInformationClass  = TokenAccessInformation,
_At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))   
)

◆ NtAccessCheck()

NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheck ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_ PPRIVILEGE_SET  PrivilegeSet,
_Out_ PULONG  ReturnLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ NtAccessCheckAndAuditAlarm()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus,
_Out_ PBOOLEAN  GenerateOnClose 
)

Definition at line 1406 of file audit.c.

1418 {
1419  /* Call the internal function */
1420  return SepAccessCheckAndAuditAlarm(SubsystemName,
1421  HandleId,
1422  NULL,
1423  ObjectTypeName,
1424  ObjectName,
1425  SecurityDescriptor,
1426  NULL,
1427  DesiredAccess,
1428  AuditEventObjectAccess,
1429  0,
1430  NULL,
1431  0,
1432  GenericMapping,
1433  GrantedAccess,
1434  AccessStatus,
1435  GenerateOnClose,
1436  FALSE);
1437 }
ObjectTypeName
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
AccessStatus
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
ObjectName
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
FALSE
#define FALSE
Definition: types.h:117
GenerateOnClose
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
GenericMapping
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
NULL
#define NULL
Definition: types.h:112
GrantedAccess
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
SepAccessCheckAndAuditAlarm
_Must_inspect_result_ NTSTATUS NTAPI SepAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PHANDLE ClientTokenHandle, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccessList, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatusList, _Out_ PBOOLEAN GenerateOnClose, _In_ BOOLEAN UseResultList)
Definition: audit.c:371

◆ NtAccessCheckByType()

NTSTATUS NTAPI NtAccessCheckByType ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PSID  PrincipalSelfSid,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ PPRIVILEGE_SET  PrivilegeSet,
_Inout_ PULONG  PrivilegeSetLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ NtAccessCheckByTypeResultList()

NTSTATUS NTAPI NtAccessCheckByTypeResultList ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PSID  PrincipalSelfSid,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ PPRIVILEGE_SET  PrivilegeSet,
_Inout_ PULONG  PrivilegeSetLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ NtAdjustGroupsToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  ResetToDefault,
_In_opt_ PTOKEN_GROUPS  NewState,
_In_opt_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS  PreviousState,
_Out_ PULONG  ReturnLength 
)

◆ NtAdjustPrivilegesToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  DisableAllPrivileges,
_In_opt_ PTOKEN_PRIVILEGES  NewState,
_In_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES  PreviousState,
_When_(PreviousState !=NULL, _Out_) PULONG  ReturnLength 
)

◆ NtAllocateLocallyUniqueId()

NTSYSCALLAPI NTSTATUS NTAPI NtAllocateLocallyUniqueId ( _Out_ LUID LocallyUniqueId)

◆ NtAllocateUuids()

NTSYSCALLAPI NTSTATUS NTAPI NtAllocateUuids ( PULARGE_INTEGER  Time,
PULONG  Range,
PULONG  Sequence,
PUCHAR  Seed 
)

◆ NtCompareTokens()

NTSYSCALLAPI NTSTATUS NTAPI NtCompareTokens ( _In_ HANDLE  FirstTokenHandle,
_In_ HANDLE  SecondTokenHandle,
_Out_ PBOOLEAN  Equal 
)

Compares tokens if they're equal or not.

Parameters
[in]FirstTokenThe first token.
[in]SecondTokenThe second token.
[out]EqualThe retrieved value which determines if the tokens are equal or not.
Returns
Returns STATUS_SUCCESS, otherwise it returns a failure NTSTATUS code.

Definition at line 4429 of file token.c.

4433 {
4434  KPROCESSOR_MODE PreviousMode;
4435  PTOKEN FirstToken, SecondToken;
4436  BOOLEAN IsEqual;
4437  NTSTATUS Status;
4438 
4439  PAGED_CODE();
4440 
4441  PreviousMode = ExGetPreviousMode();
4442 
4443  if (PreviousMode != KernelMode)
4444  {
4445  _SEH2_TRY
4446  {
4447  ProbeForWriteBoolean(Equal);
4448  }
4449  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
4450  {
4451  /* Return the exception code */
4452  _SEH2_YIELD(return _SEH2_GetExceptionCode());
4453  }
4454  _SEH2_END;
4455  }
4456 
4457  Status = ObReferenceObjectByHandle(FirstTokenHandle,
4458  TOKEN_QUERY,
4459  SeTokenObjectType,
4460  PreviousMode,
4461  (PVOID*)&FirstToken,
4462  NULL);
4463  if (!NT_SUCCESS(Status))
4464  {
4465  DPRINT1("ObReferenceObjectByHandle() failed (Status 0x%lx)\n", Status);
4466  return Status;
4467  }
4468 
4469  Status = ObReferenceObjectByHandle(SecondTokenHandle,
4470  TOKEN_QUERY,
4471  SeTokenObjectType,
4472  PreviousMode,
4473  (PVOID*)&SecondToken,
4474  NULL);
4475  if (!NT_SUCCESS(Status))
4476  {
4477  DPRINT1("ObReferenceObjectByHandle() failed (Status 0x%lx)\n", Status);
4478  ObDereferenceObject(FirstToken);
4479  return Status;
4480  }
4481 
4482  if (FirstToken != SecondToken)
4483  {
4484  Status = SepCompareTokens(FirstToken,
4485  SecondToken,
4486  &IsEqual);
4487  }
4488  else
4489  {
4490  IsEqual = TRUE;
4491  }
4492 
4493  ObDereferenceObject(SecondToken);
4494  ObDereferenceObject(FirstToken);
4495 
4496  if (NT_SUCCESS(Status))
4497  {
4498  _SEH2_TRY
4499  {
4500  *Equal = IsEqual;
4501  }
4502  _SEH2_EXCEPT(ExSystemExceptionFilter())
4503  {
4504  Status = _SEH2_GetExceptionCode();
4505  }
4506  _SEH2_END;
4507  }
4508 
4509  return Status;
4510 }
TRUE
#define TRUE
Definition: types.h:120
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
ExGetPreviousMode
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
ObReferenceObjectByHandle
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
SeTokenObjectType
POBJECT_TYPE SeTokenObjectType
Definition: token.c:28
Status
Status
Definition: gdiplustypes.h:24
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
TOKEN_QUERY
#define TOKEN_QUERY
Definition: setypes.h:874
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
SepCompareTokens
static NTSTATUS SepCompareTokens(_In_ PTOKEN FirstToken, _In_ PTOKEN SecondToken, _Out_ PBOOLEAN Equal)
Compares tokens if they're equal based on all the following properties. If all of the said conditions...
Definition: token.c:297
ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203
ProbeForWriteBoolean
#define ProbeForWriteBoolean(Ptr)
Definition: probe.h:31
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
_SEH2_END
_SEH2_END
Definition: create.c:4400
ExSystemExceptionFilter
LONG NTAPI ExSystemExceptionFilter(VOID)
Definition: harderr.c:351
NULL
#define NULL
Definition: types.h:112
DPRINT1
#define DPRINT1
Definition: precomp.h:8
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
_SEH2_YIELD
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
_TOKEN
Definition: setypes.h:197
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

Referenced by START_TEST().

◆ NtCreateToken()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateToken ( _Out_ PHANDLE  TokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ TOKEN_TYPE  TokenType,
_In_ PLUID  AuthenticationId,
_In_ PLARGE_INTEGER  ExpirationTime,
_In_ PTOKEN_USER  TokenUser,
_In_ PTOKEN_GROUPS  TokenGroups,
_In_ PTOKEN_PRIVILEGES  TokenPrivileges,
_In_opt_ PTOKEN_OWNER  TokenOwner,
_In_ PTOKEN_PRIMARY_GROUP  TokenPrimaryGroup,
_In_opt_ PTOKEN_DEFAULT_DACL  TokenDefaultDacl,
_In_ PTOKEN_SOURCE  TokenSource 
)

Definition at line 3963 of file token.c.

3977 {
3978  HANDLE hToken;
3979  KPROCESSOR_MODE PreviousMode;
3980  ULONG PrivilegeCount, GroupCount;
3981  PSID OwnerSid, PrimaryGroupSid;
3982  PACL DefaultDacl;
3983  LARGE_INTEGER LocalExpirationTime = {{0, 0}};
3984  LUID LocalAuthenticationId;
3985  TOKEN_SOURCE LocalTokenSource;
3986  SECURITY_QUALITY_OF_SERVICE LocalSecurityQos;
3987  PLUID_AND_ATTRIBUTES CapturedPrivileges = NULL;
3988  PSID_AND_ATTRIBUTES CapturedUser = NULL;
3989  PSID_AND_ATTRIBUTES CapturedGroups = NULL;
3990  PSID CapturedOwnerSid = NULL;
3991  PSID CapturedPrimaryGroupSid = NULL;
3992  PACL CapturedDefaultDacl = NULL;
3993  ULONG PrivilegesLength, UserLength, GroupsLength;
3994  NTSTATUS Status;
3995 
3996  PAGED_CODE();
3997 
3998  PreviousMode = ExGetPreviousMode();
3999 
4000  if (PreviousMode != KernelMode)
4001  {
4002  _SEH2_TRY
4003  {
4004  ProbeForWriteHandle(TokenHandle);
4005 
4006  if (ObjectAttributes != NULL)
4007  {
4008  ProbeForRead(ObjectAttributes,
4009  sizeof(OBJECT_ATTRIBUTES),
4010  sizeof(ULONG));
4011  LocalSecurityQos = *(SECURITY_QUALITY_OF_SERVICE*)ObjectAttributes->SecurityQualityOfService;
4012  }
4013 
4014  ProbeForRead(AuthenticationId,
4015  sizeof(LUID),
4016  sizeof(ULONG));
4017  LocalAuthenticationId = *AuthenticationId;
4018 
4019  LocalExpirationTime = ProbeForReadLargeInteger(ExpirationTime);
4020 
4021  ProbeForRead(TokenUser,
4022  sizeof(TOKEN_USER),
4023  sizeof(ULONG));
4024 
4025  ProbeForRead(TokenGroups,
4026  sizeof(TOKEN_GROUPS),
4027  sizeof(ULONG));
4028  GroupCount = TokenGroups->GroupCount;
4029 
4030  ProbeForRead(TokenPrivileges,
4031  sizeof(TOKEN_PRIVILEGES),
4032  sizeof(ULONG));
4033  PrivilegeCount = TokenPrivileges->PrivilegeCount;
4034 
4035  if (TokenOwner != NULL)
4036  {
4037  ProbeForRead(TokenOwner,
4038  sizeof(TOKEN_OWNER),
4039  sizeof(ULONG));
4040  OwnerSid = TokenOwner->Owner;
4041  }
4042  else
4043  {
4044  OwnerSid = NULL;
4045  }
4046 
4047  ProbeForRead(TokenPrimaryGroup,
4048  sizeof(TOKEN_PRIMARY_GROUP),
4049  sizeof(ULONG));
4050  PrimaryGroupSid = TokenPrimaryGroup->PrimaryGroup;
4051 
4052  if (TokenDefaultDacl != NULL)
4053  {
4054  ProbeForRead(TokenDefaultDacl,
4055  sizeof(TOKEN_DEFAULT_DACL),
4056  sizeof(ULONG));
4057  DefaultDacl = TokenDefaultDacl->DefaultDacl;
4058  }
4059  else
4060  {
4061  DefaultDacl = NULL;
4062  }
4063 
4064  ProbeForRead(TokenSource,
4065  sizeof(TOKEN_SOURCE),
4066  sizeof(ULONG));
4067  LocalTokenSource = *TokenSource;
4068  }
4069  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
4070  {
4071  /* Return the exception code */
4072  _SEH2_YIELD(return _SEH2_GetExceptionCode());
4073  }
4074  _SEH2_END;
4075  }
4076  else
4077  {
4078  if (ObjectAttributes != NULL)
4079  LocalSecurityQos = *(SECURITY_QUALITY_OF_SERVICE*)ObjectAttributes->SecurityQualityOfService;
4080  LocalAuthenticationId = *AuthenticationId;
4081  LocalExpirationTime = *ExpirationTime;
4082  GroupCount = TokenGroups->GroupCount;
4083  PrivilegeCount = TokenPrivileges->PrivilegeCount;
4084  OwnerSid = TokenOwner ? TokenOwner->Owner : NULL;
4085  PrimaryGroupSid = TokenPrimaryGroup->PrimaryGroup;
4086  DefaultDacl = TokenDefaultDacl ? TokenDefaultDacl->DefaultDacl : NULL;
4087  LocalTokenSource = *TokenSource;
4088  }
4089 
4090  /* Check token type */
4091  if ((TokenType < TokenPrimary) ||
4092  (TokenType > TokenImpersonation))
4093  {
4094  return STATUS_BAD_TOKEN_TYPE;
4095  }
4096 
4097  /* Check for token creation privilege */
4098  if (!SeSinglePrivilegeCheck(SeCreateTokenPrivilege, PreviousMode))
4099  {
4100  return STATUS_PRIVILEGE_NOT_HELD;
4101  }
4102 
4103  /* Capture the user SID and attributes */
4104  Status = SeCaptureSidAndAttributesArray(&TokenUser->User,
4105  1,
4106  PreviousMode,
4107  NULL,
4108  0,
4109  PagedPool,
4110  FALSE,
4111  &CapturedUser,
4112  &UserLength);
4113  if (!NT_SUCCESS(Status))
4114  {
4115  goto Cleanup;
4116  }
4117 
4118  /* Capture the groups SID and attributes array */
4119  Status = SeCaptureSidAndAttributesArray(&TokenGroups->Groups[0],
4120  GroupCount,
4121  PreviousMode,
4122  NULL,
4123  0,
4124  PagedPool,
4125  FALSE,
4126  &CapturedGroups,
4127  &GroupsLength);
4128  if (!NT_SUCCESS(Status))
4129  {
4130  goto Cleanup;
4131  }
4132 
4133  /* Capture privileges */
4134  Status = SeCaptureLuidAndAttributesArray(&TokenPrivileges->Privileges[0],
4135  PrivilegeCount,
4136  PreviousMode,
4137  NULL,
4138  0,
4139  PagedPool,
4140  FALSE,
4141  &CapturedPrivileges,
4142  &PrivilegesLength);
4143  if (!NT_SUCCESS(Status))
4144  {
4145  goto Cleanup;
4146  }
4147 
4148  /* Capture the token owner SID */
4149  if (TokenOwner != NULL)
4150  {
4151  Status = SepCaptureSid(OwnerSid,
4152  PreviousMode,
4153  PagedPool,
4154  FALSE,
4155  &CapturedOwnerSid);
4156  if (!NT_SUCCESS(Status))
4157  {
4158  goto Cleanup;
4159  }
4160  }
4161 
4162  /* Capture the token primary group SID */
4163  Status = SepCaptureSid(PrimaryGroupSid,
4164  PreviousMode,
4165  PagedPool,
4166  FALSE,
4167  &CapturedPrimaryGroupSid);
4168  if (!NT_SUCCESS(Status))
4169  {
4170  goto Cleanup;
4171  }
4172 
4173  /* Capture DefaultDacl */
4174  if (DefaultDacl != NULL)
4175  {
4176  Status = SepCaptureAcl(DefaultDacl,
4177  PreviousMode,
4178  NonPagedPool,
4179  FALSE,
4180  &CapturedDefaultDacl);
4181  if (!NT_SUCCESS(Status))
4182  {
4183  goto Cleanup;
4184  }
4185  }
4186 
4187  /* Call the internal function */
4188  Status = SepCreateToken(&hToken,
4189  PreviousMode,
4190  DesiredAccess,
4191  ObjectAttributes,
4192  TokenType,
4193  LocalSecurityQos.ImpersonationLevel,
4194  &LocalAuthenticationId,
4195  &LocalExpirationTime,
4196  CapturedUser,
4197  GroupCount,
4198  CapturedGroups,
4199  0, // FIXME: Should capture
4200  PrivilegeCount,
4201  CapturedPrivileges,
4202  CapturedOwnerSid,
4203  CapturedPrimaryGroupSid,
4204  CapturedDefaultDacl,
4205  &LocalTokenSource,
4206  FALSE);
4207  if (NT_SUCCESS(Status))
4208  {
4209  _SEH2_TRY
4210  {
4211  *TokenHandle = hToken;
4212  }
4213  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
4214  {
4215  Status = _SEH2_GetExceptionCode();
4216  }
4217  _SEH2_END;
4218  }
4219 
4220 Cleanup:
4221 
4222  /* Release what we captured */
4223  SeReleaseSidAndAttributesArray(CapturedUser, PreviousMode, FALSE);
4224  SeReleaseSidAndAttributesArray(CapturedGroups, PreviousMode, FALSE);
4225  SeReleaseLuidAndAttributesArray(CapturedPrivileges, PreviousMode, FALSE);
4226  SepReleaseSid(CapturedOwnerSid, PreviousMode, FALSE);
4227  SepReleaseSid(CapturedPrimaryGroupSid, PreviousMode, FALSE);
4228  SepReleaseAcl(CapturedDefaultDacl, PreviousMode, FALSE);
4229 
4230  return Status;
4231 }
_LUID_AND_ATTRIBUTES
Definition: setypes.h:73
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
STATUS_PRIVILEGE_NOT_HELD
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
_TOKEN_DEFAULT_DACL
Definition: setypes.h:981
_TOKEN_GROUPS
Definition: setypes.h:959
_SID
Definition: ms-dtyp.idl:198
SeCreateTokenPrivilege
const LUID SeCreateTokenPrivilege
Definition: priv.c:19
SeReleaseSidAndAttributesArray
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Definition: sid.c:555
_TOKEN_PRIVILEGES
Definition: setypes.h:968
_OBJECT_ATTRIBUTES
Definition: umtypes.h:181
_ACL
Definition: ms-dtyp.idl:293
_TOKEN_PRIMARY_GROUP
Definition: setypes.h:977
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
SeReleaseLuidAndAttributesArray
VOID NTAPI SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege, KPROCESSOR_MODE PreviousMode, BOOLEAN CaptureIfKernel)
Definition: priv.c:383
SeSinglePrivilegeCheck
BOOLEAN NTAPI SeSinglePrivilegeCheck(IN LUID PrivilegeValue, IN KPROCESSOR_MODE PreviousMode)
Definition: priv.c:520
ExGetPreviousMode
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
SeCaptureLuidAndAttributesArray
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src, ULONG PrivilegeCount, KPROCESSOR_MODE PreviousMode, PLUID_AND_ATTRIBUTES AllocatedMem, ULONG AllocatedLength, POOL_TYPE PoolType, BOOLEAN CaptureIfKernel, PLUID_AND_ATTRIBUTES *Dest, PULONG Length)
Definition: priv.c:287
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
FALSE
#define FALSE
Definition: types.h:117
_LUID
Definition: devicetopology.idl:136
STATUS_BAD_TOKEN_TYPE
#define STATUS_BAD_TOKEN_TYPE
Definition: ntstatus.h:404
SepCaptureAcl
NTSTATUS NTAPI SepCaptureAcl(IN PACL InputAcl, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PACL *CapturedAcl)
Definition: acl.c:299
SepCreateToken
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Definition: token.c:1242
TokenHandle
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
_TOKEN_OWNER
Definition: setypes.h:973
Status
Status
Definition: gdiplustypes.h:24
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
SepReleaseAcl
VOID NTAPI SepReleaseAcl(IN PACL CapturedAcl, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: acl.c:387
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
_SID_AND_ATTRIBUTES
Definition: setypes.h:474
ProbeForWriteHandle
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
_SECURITY_QUALITY_OF_SERVICE
Definition: lsa.idl:63
ProbeForReadLargeInteger
#define ProbeForReadLargeInteger(Ptr)
Definition: probe.h:75
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
_TOKEN_USER
Definition: setypes.h:955
ProbeForRead
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
SeCaptureSidAndAttributesArray
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
Definition: sid.c:354
Cleanup
static const WCHAR Cleanup[]
Definition: register.c:80
_TOKEN_SOURCE
Definition: imports.h:277
_SEH2_END
_SEH2_END
Definition: create.c:4400
_SECURITY_QUALITY_OF_SERVICE::ImpersonationLevel
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
NULL
#define NULL
Definition: types.h:112
_LARGE_INTEGER
Definition: typedefs.h:102
SepReleaseSid
VOID NTAPI SepReleaseSid(IN PSID CapturedSid, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: sid.c:338
ULONG
unsigned int ULONG
Definition: retypes.h:1
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
_SEH2_YIELD
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
SepCaptureSid
NTSTATUS NTAPI SepCaptureSid(IN PSID InputSid, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSID *CapturedSid)
Definition: sid.c:270
TokenType
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:417
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

Referenced by LsapLogonUser().

◆ NtDuplicateToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken ( _In_ HANDLE  ExistingTokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ BOOLEAN  EffectiveOnly,
_In_ TOKEN_TYPE  TokenType,
_Out_ PHANDLE  NewTokenHandle 
)

Definition at line 3484 of file token.c.

3491 {
3492  KPROCESSOR_MODE PreviousMode;
3493  HANDLE hToken;
3494  PTOKEN Token;
3495  PTOKEN NewToken;
3496  PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService;
3497  BOOLEAN QoSPresent;
3498  OBJECT_HANDLE_INFORMATION HandleInformation;
3499  NTSTATUS Status;
3500 
3501  PAGED_CODE();
3502 
3503  if (TokenType != TokenImpersonation &&
3504  TokenType != TokenPrimary)
3505  {
3506  return STATUS_INVALID_PARAMETER;
3507  }
3508 
3509  PreviousMode = KeGetPreviousMode();
3510 
3511  if (PreviousMode != KernelMode)
3512  {
3513  _SEH2_TRY
3514  {
3515  ProbeForWriteHandle(NewTokenHandle);
3516  }
3517  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
3518  {
3519  /* Return the exception code */
3520  _SEH2_YIELD(return _SEH2_GetExceptionCode());
3521  }
3522  _SEH2_END;
3523  }
3524 
3525  Status = SepCaptureSecurityQualityOfService(ObjectAttributes,
3526  PreviousMode,
3527  PagedPool,
3528  FALSE,
3529  &CapturedSecurityQualityOfService,
3530  &QoSPresent);
3531  if (!NT_SUCCESS(Status))
3532  {
3533  DPRINT1("NtDuplicateToken() failed to capture QoS! Status: 0x%x\n", Status);
3534  return Status;
3535  }
3536 
3537  Status = ObReferenceObjectByHandle(ExistingTokenHandle,
3538  TOKEN_DUPLICATE,
3539  SeTokenObjectType,
3540  PreviousMode,
3541  (PVOID*)&Token,
3542  &HandleInformation);
3543  if (!NT_SUCCESS(Status))
3544  {
3545  DPRINT1("Failed to reference token (Status 0x%lx)\n", Status);
3546  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3547  PreviousMode,
3548  FALSE);
3549  return Status;
3550  }
3551 
3552  /*
3553  * Fail, if the original token is an impersonation token and the caller
3554  * tries to raise the impersonation level of the new token above the
3555  * impersonation level of the original token.
3556  */
3557  if (Token->TokenType == TokenImpersonation)
3558  {
3559  if (QoSPresent &&
3560  CapturedSecurityQualityOfService->ImpersonationLevel >Token->ImpersonationLevel)
3561  {
3562  ObDereferenceObject(Token);
3563  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3564  PreviousMode,
3565  FALSE);
3566  return STATUS_BAD_IMPERSONATION_LEVEL;
3567  }
3568  }
3569 
3570  /*
3571  * Fail, if a primary token is to be created from an impersonation token
3572  * and and the impersonation level of the impersonation token is below SecurityImpersonation.
3573  */
3574  if (Token->TokenType == TokenImpersonation &&
3575  TokenType == TokenPrimary &&
3576  Token->ImpersonationLevel < SecurityImpersonation)
3577  {
3578  ObDereferenceObject(Token);
3579  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3580  PreviousMode,
3581  FALSE);
3582  return STATUS_BAD_IMPERSONATION_LEVEL;
3583  }
3584 
3585  Status = SepDuplicateToken(Token,
3586  ObjectAttributes,
3587  EffectiveOnly,
3588  TokenType,
3589  (QoSPresent ? CapturedSecurityQualityOfService->ImpersonationLevel : SecurityAnonymous),
3590  PreviousMode,
3591  &NewToken);
3592 
3593  ObDereferenceObject(Token);
3594 
3595  if (NT_SUCCESS(Status))
3596  {
3597  Status = ObInsertObject(NewToken,
3598  NULL,
3599  (DesiredAccess ? DesiredAccess : HandleInformation.GrantedAccess),
3600  0,
3601  NULL,
3602  &hToken);
3603  if (NT_SUCCESS(Status))
3604  {
3605  _SEH2_TRY
3606  {
3607  *NewTokenHandle = hToken;
3608  }
3609  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
3610  {
3611  Status = _SEH2_GetExceptionCode();
3612  }
3613  _SEH2_END;
3614  }
3615  }
3616 
3617  /* Free the captured structure */
3618  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3619  PreviousMode,
3620  FALSE);
3621 
3622  return Status;
3623 }
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
STATUS_BAD_IMPERSONATION_LEVEL
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:401
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
_OBJECT_HANDLE_INFORMATION
Definition: iotypes.h:179
KeGetPreviousMode
#define KeGetPreviousMode()
Definition: ketypes.h:1107
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
SepCaptureSecurityQualityOfService
NTSTATUS NTAPI SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, OUT PBOOLEAN Present)
Definition: sd.c:221
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
SepDuplicateToken
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Definition: token.c:794
ObReferenceObjectByHandle
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
NewTokenHandle
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
Definition: sefuncs.h:417
FALSE
#define FALSE
Definition: types.h:117
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
SeTokenObjectType
POBJECT_TYPE SeTokenObjectType
Definition: token.c:28
Status
Status
Definition: gdiplustypes.h:24
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203
ProbeForWriteHandle
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
HandleInformation
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
Definition: obfuncs.h:40
SepReleaseSecurityQualityOfService
VOID NTAPI SepReleaseSecurityQualityOfService(IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: sd.c:377
_SECURITY_QUALITY_OF_SERVICE
Definition: lsa.idl:63
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
TOKEN_DUPLICATE
#define TOKEN_DUPLICATE
Definition: setypes.h:872
_SEH2_END
_SEH2_END
Definition: create.c:4400
ObInsertObject
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2931
_SECURITY_QUALITY_OF_SERVICE::ImpersonationLevel
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
NULL
#define NULL
Definition: types.h:112
DPRINT1
#define DPRINT1
Definition: precomp.h:8
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
_SEH2_YIELD
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
EffectiveOnly
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:417
_TOKEN
Definition: setypes.h:197
TokenType
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:417
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

◆ NtImpersonateAnonymousToken()

NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken ( _In_ HANDLE  ThreadHandle)

Allows the calling thread to impersonate the system's anonymous logon token.

Parameters
[in]ThreadHandleA handle to the thread to start the procedure of logon token impersonation. The thread must have the THREAD_IMPERSONATE access right.
Returns
Returns STATUS_SUCCESS if the thread has successfully impersonated the anonymous logon token, otherwise a failure NTSTATUS code is returned.
Remarks
By default the system gives the opportunity to the caller to impersonate the anonymous logon token without including the Everyone Group SID. In cases where the caller wants to impersonate the token including such group, the EveryoneIncludesAnonymous registry value setting has to be set to 1, from HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry path. The calling thread must invoke PsRevertToSelf when impersonation is no longer needed or RevertToSelf if the calling execution is done in user mode.

Definition at line 4551 of file token.c.

4553 {
4554  PETHREAD Thread;
4555  KPROCESSOR_MODE PreviousMode;
4556  NTSTATUS Status;
4557  PAGED_CODE();
4558 
4559  PreviousMode = ExGetPreviousMode();
4560 
4561  /* Obtain the thread object from the handle */
4562  Status = ObReferenceObjectByHandle(ThreadHandle,
4563  THREAD_IMPERSONATE,
4564  PsThreadType,
4565  PreviousMode,
4566  (PVOID*)&Thread,
4567  NULL);
4568  if (!NT_SUCCESS(Status))
4569  {
4570  DPRINT1("NtImpersonateAnonymousToken(): Failed to reference the object (Status 0x%lx)\n", Status);
4571  return Status;
4572  }
4573 
4574  /* Call the private routine to impersonate the token */
4575  Status = SepImpersonateAnonymousToken(Thread, PreviousMode);
4576  if (!NT_SUCCESS(Status))
4577  {
4578  DPRINT1("NtImpersonateAnonymousToken(): Failed to impersonate the token (Status 0x%lx)\n", Status);
4579  }
4580 
4581  ObDereferenceObject(Thread);
4582  return Status;
4583 }
THREAD_IMPERSONATE
#define THREAD_IMPERSONATE
Definition: pstypes.h:151
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
SepImpersonateAnonymousToken
static NTSTATUS SepImpersonateAnonymousToken(_In_ PETHREAD Thread, _In_ KPROCESSOR_MODE PreviousMode)
Private function that impersonates the system's anonymous logon token. The major bulk of the imperson...
Definition: token.c:388
ExGetPreviousMode
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
ObReferenceObjectByHandle
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
_ETHREAD
Definition: pstypes.h:1101
Status
Status
Definition: gdiplustypes.h:24
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203
Thread
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
PsThreadType
POBJECT_TYPE PsThreadType
Definition: thread.c:20
NULL
#define NULL
Definition: types.h:112
DPRINT1
#define DPRINT1
Definition: precomp.h:8
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

◆ NtOpenObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_opt_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ACCESS_MASK  GrantedAccess,
_In_opt_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  ObjectCreation,
_In_ BOOLEAN  AccessGranted,
_Out_ PBOOLEAN  GenerateOnClose 
)

Definition at line 1001 of file audit.c.

1014 {
1015  PTOKEN ClientToken;
1016  PSECURITY_DESCRIPTOR CapturedSecurityDescriptor;
1017  UNICODE_STRING CapturedSubsystemName, CapturedObjectTypeName, CapturedObjectName;
1018  ULONG PrivilegeCount, PrivilegeSetSize;
1019  volatile PPRIVILEGE_SET CapturedPrivilegeSet;
1020  BOOLEAN LocalGenerateOnClose;
1021  PVOID CapturedHandleId;
1022  SECURITY_SUBJECT_CONTEXT SubjectContext;
1023  NTSTATUS Status;
1024  PAGED_CODE();
1025 
1026  /* Only user mode is supported! */
1027  ASSERT(ExGetPreviousMode() != KernelMode);
1028 
1029  /* Start clean */
1030  ClientToken = NULL;
1031  CapturedSecurityDescriptor = NULL;
1032  CapturedPrivilegeSet = NULL;
1033  CapturedSubsystemName.Buffer = NULL;
1034  CapturedObjectTypeName.Buffer = NULL;
1035  CapturedObjectName.Buffer = NULL;
1036 
1037  /* Reference the client token */
1038  Status = ObReferenceObjectByHandle(ClientTokenHandle,
1039  TOKEN_QUERY,
1040  SeTokenObjectType,
1041  UserMode,
1042  (PVOID*)&ClientToken,
1043  NULL);
1044  if (!NT_SUCCESS(Status))
1045  {
1046  DPRINT1("Failed to reference token handle %p: %lx\n",
1047  ClientTokenHandle, Status);
1048  return Status;
1049  }
1050 
1051  /* Capture the security subject context */
1052  SeCaptureSubjectContext(&SubjectContext);
1053 
1054  /* Validate the token's impersonation level */
1055  if ((ClientToken->TokenType == TokenImpersonation) &&
1056  (ClientToken->ImpersonationLevel < SecurityIdentification))
1057  {
1058  DPRINT1("Invalid impersonation level (%u)\n", ClientToken->ImpersonationLevel);
1059  Status = STATUS_BAD_IMPERSONATION_LEVEL;
1060  goto Cleanup;
1061  }
1062 
1063  /* Check for audit privilege */
1064  if (!SeCheckAuditPrivilege(&SubjectContext, UserMode))
1065  {
1066  DPRINT1("Caller does not have SeAuditPrivilege\n");
1067  Status = STATUS_PRIVILEGE_NOT_HELD;
1068  goto Cleanup;
1069  }
1070 
1071  /* Check for NULL SecurityDescriptor */
1072  if (SecurityDescriptor == NULL)
1073  {
1074  /* Nothing to do */
1075  Status = STATUS_SUCCESS;
1076  goto Cleanup;
1077  }
1078 
1079  /* Capture the security descriptor */
1080  Status = SeCaptureSecurityDescriptor(SecurityDescriptor,
1081  UserMode,
1082  PagedPool,
1083  FALSE,
1084  &CapturedSecurityDescriptor);
1085  if (!NT_SUCCESS(Status))
1086  {
1087  DPRINT1("Failed to capture security descriptor!\n");
1088  goto Cleanup;
1089  }
1090 
1091  _SEH2_TRY
1092  {
1093  /* Check if we have a privilege set */
1094  if (PrivilegeSet != NULL)
1095  {
1096  /* Probe the basic privilege set structure */
1097  ProbeForRead(PrivilegeSet, sizeof(PRIVILEGE_SET), sizeof(ULONG));
1098 
1099  /* Validate privilege count */
1100  PrivilegeCount = PrivilegeSet->PrivilegeCount;
1101  if (PrivilegeCount > SEP_PRIVILEGE_SET_MAX_COUNT)
1102  {
1103  Status = STATUS_INVALID_PARAMETER;
1104  _SEH2_YIELD(goto Cleanup);
1105  }
1106 
1107  /* Calculate the size of the PrivilegeSet structure */
1108  PrivilegeSetSize = FIELD_OFFSET(PRIVILEGE_SET, Privilege[PrivilegeCount]);
1109 
1110  /* Probe the whole structure */
1111  ProbeForRead(PrivilegeSet, PrivilegeSetSize, sizeof(ULONG));
1112 
1113  /* Allocate a temp buffer */
1114  CapturedPrivilegeSet = ExAllocatePoolWithTag(PagedPool,
1115  PrivilegeSetSize,
1116  TAG_PRIVILEGE_SET);
1117  if (CapturedPrivilegeSet == NULL)
1118  {
1119  DPRINT1("Failed to allocate %u bytes\n", PrivilegeSetSize);
1120  Status = STATUS_INSUFFICIENT_RESOURCES;
1121  _SEH2_YIELD(goto Cleanup);
1122  }
1123 
1124  /* Copy the privileges */
1125  RtlCopyMemory(CapturedPrivilegeSet, PrivilegeSet, PrivilegeSetSize);
1126  }
1127 
1128  if (HandleId != NULL)
1129  {
1130  ProbeForRead(HandleId, sizeof(PVOID), sizeof(PVOID));
1131  CapturedHandleId = *(PVOID*)HandleId;
1132  }
1133 
1134  ProbeForWrite(GenerateOnClose, sizeof(BOOLEAN), sizeof(BOOLEAN));
1135  }
1136  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1137  {
1138  Status = _SEH2_GetExceptionCode();
1139  DPRINT1("Exception while probing parameters: 0x%lx\n", Status);
1140  _SEH2_YIELD(goto Cleanup);
1141  }
1142  _SEH2_END;
1143 
1144  /* Probe and capture the subsystem name */
1145  Status = ProbeAndCaptureUnicodeString(&CapturedSubsystemName,
1146  UserMode,
1147  SubsystemName);
1148  if (!NT_SUCCESS(Status))
1149  {
1150  DPRINT1("Failed to capture subsystem name!\n");
1151  goto Cleanup;
1152  }
1153 
1154  /* Probe and capture the object type name */
1155  Status = ProbeAndCaptureUnicodeString(&CapturedObjectTypeName,
1156  UserMode,
1157  ObjectTypeName);
1158  if (!NT_SUCCESS(Status))
1159  {
1160  DPRINT1("Failed to capture object type name!\n");
1161  goto Cleanup;
1162  }
1163 
1164  /* Probe and capture the object name */
1165  Status = ProbeAndCaptureUnicodeString(&CapturedObjectName,
1166  UserMode,
1167  ObjectName);
1168  if (!NT_SUCCESS(Status))
1169  {
1170  DPRINT1("Failed to capture object name!\n");
1171  goto Cleanup;
1172  }
1173 
1174  /* Call the internal function */
1175  SepOpenObjectAuditAlarm(&SubjectContext,
1176  &CapturedSubsystemName,
1177  CapturedHandleId,
1178  &CapturedObjectTypeName,
1179  &CapturedObjectName,
1180  CapturedSecurityDescriptor,
1181  ClientToken,
1182  DesiredAccess,
1183  GrantedAccess,
1184  CapturedPrivilegeSet,
1185  ObjectCreation,
1186  AccessGranted,
1187  &LocalGenerateOnClose);
1188 
1189  Status = STATUS_SUCCESS;
1190 
1191  /* Enter SEH to copy the data back to user mode */
1192  _SEH2_TRY
1193  {
1194  *GenerateOnClose = LocalGenerateOnClose;
1195  }
1196  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1197  {
1198  Status = _SEH2_GetExceptionCode();
1199  DPRINT1("Exception while copying back data: 0x%lx\n", Status);
1200  }
1201  _SEH2_END;
1202 
1203 Cleanup:
1204 
1205  if (CapturedObjectName.Buffer != NULL)
1206  ReleaseCapturedUnicodeString(&CapturedObjectName, UserMode);
1207 
1208  if (CapturedObjectTypeName.Buffer != NULL)
1209  ReleaseCapturedUnicodeString(&CapturedObjectTypeName, UserMode);
1210 
1211  if (CapturedSubsystemName.Buffer != NULL)
1212  ReleaseCapturedUnicodeString(&CapturedSubsystemName, UserMode);
1213 
1214  if (CapturedSecurityDescriptor != NULL)
1215  SeReleaseSecurityDescriptor(CapturedSecurityDescriptor, UserMode, FALSE);
1216 
1217  if (CapturedPrivilegeSet != NULL)
1218  ExFreePoolWithTag(CapturedPrivilegeSet, TAG_PRIVILEGE_SET);
1219 
1220  /* Release the security subject context */
1221  SeReleaseSubjectContext(&SubjectContext);
1222 
1223  ObDereferenceObject(ClientToken);
1224 
1225  return Status;
1226 }
ProbeAndCaptureUnicodeString
static __inline NTSTATUS ProbeAndCaptureUnicodeString(OUT PUNICODE_STRING Dest, IN KPROCESSOR_MODE CurrentMode, IN const UNICODE_STRING *UnsafeSrc)
Definition: probe.h:142
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
ObjectTypeName
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
_TOKEN::TokenType
TOKEN_TYPE TokenType
Definition: setypes.h:221
SeCaptureSubjectContext
VOID NTAPI SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:301
STATUS_PRIVILEGE_NOT_HELD
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
SubjectContext
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
SeReleaseSubjectContext
VOID NTAPI SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:360
STATUS_BAD_IMPERSONATION_LEVEL
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:401
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
_PRIVILEGE_SET
Definition: setypes.h:85
ExGetPreviousMode
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
ObjectName
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
SEP_PRIVILEGE_SET_MAX_COUNT
#define SEP_PRIVILEGE_SET_MAX_COUNT
Definition: audit.c:17
ProbeForWrite
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
SeReleaseSecurityDescriptor
NTSTATUS NTAPI SeReleaseSecurityDescriptor(IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN BOOLEAN CaptureIfKernelMode)
Definition: sd.c:780
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
ObReferenceObjectByHandle
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
FALSE
#define FALSE
Definition: types.h:117
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
SeTokenObjectType
POBJECT_TYPE SeTokenObjectType
Definition: token.c:28
Status
Status
Definition: gdiplustypes.h:24
ReleaseCapturedUnicodeString
static __inline VOID ReleaseCapturedUnicodeString(IN PUNICODE_STRING CapturedString, IN KPROCESSOR_MODE CurrentMode)
Definition: probe.h:239
TOKEN_QUERY
#define TOKEN_QUERY
Definition: setypes.h:874
ASSERT
#define ASSERT(a)
Definition: mode.c:45
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203
GenerateOnClose
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
Privilege
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
Definition: user_lib.cpp:531
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
ProbeForRead
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
Cleanup
static const WCHAR Cleanup[]
Definition: register.c:80
_UNICODE_STRING
Definition: env_spec_w32.h:368
_SEH2_END
_SEH2_END
Definition: create.c:4400
AccessGranted
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:414
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
NULL
#define NULL
Definition: types.h:112
SeCheckAuditPrivilege
BOOLEAN NTAPI SeCheckAuditPrivilege(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Definition: priv.c:253
_SECURITY_SUBJECT_CONTEXT
Definition: setypes.h:189
DPRINT1
#define DPRINT1
Definition: precomp.h:8
_TOKEN::ImpersonationLevel
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:222
ULONG
unsigned int ULONG
Definition: retypes.h:1
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
SeCaptureSecurityDescriptor
NTSTATUS NTAPI SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Definition: sd.c:444
TAG_PRIVILEGE_SET
#define TAG_PRIVILEGE_SET
Definition: tag.h:179
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
_SEH2_YIELD
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
GrantedAccess
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
_TOKEN
Definition: setypes.h:197
SepOpenObjectAuditAlarm
VOID NTAPI SepOpenObjectAuditAlarm(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PTOKEN ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
Definition: audit.c:967
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

◆ NtOpenProcessTokenEx()

NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

◆ NtPrivilegeCheck()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck ( _In_ HANDLE  ClientToken,
_Inout_ PPRIVILEGE_SET  RequiredPrivileges,
_Out_ PBOOLEAN  Result 
)

◆ NtPrivilegedServiceAuditAlarm()

NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PUNICODE_STRING  ServiceName,
_In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ NtPrivilegeObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ NtSetInformationToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken ( _In_ HANDLE  TokenHandle,
_In_ TOKEN_INFORMATION_CLASS  TokenInformationClass,
_In_reads_bytes_(TokenInformationLength) PVOID  TokenInformation,
_In_ ULONG  TokenInformationLength 
)

Definition at line 2957 of file token.c.

2962 {
2963  NTSTATUS Status;
2964  PTOKEN Token;
2965  KPROCESSOR_MODE PreviousMode;
2966  ULONG NeededAccess = TOKEN_ADJUST_DEFAULT;
2967 
2968  PAGED_CODE();
2969 
2970  PreviousMode = ExGetPreviousMode();
2971 
2972  Status = DefaultSetInfoBufferCheck(TokenInformationClass,
2973  SeTokenInformationClass,
2974  RTL_NUMBER_OF(SeTokenInformationClass),
2975  TokenInformation,
2976  TokenInformationLength,
2977  PreviousMode);
2978  if (!NT_SUCCESS(Status))
2979  {
2980  /* Invalid buffers */
2981  DPRINT("NtSetInformationToken() failed, Status: 0x%x\n", Status);
2982  return Status;
2983  }
2984 
2985  if (TokenInformationClass == TokenSessionId)
2986  {
2987  NeededAccess |= TOKEN_ADJUST_SESSIONID;
2988  }
2989 
2990  Status = ObReferenceObjectByHandle(TokenHandle,
2991  NeededAccess,
2992  SeTokenObjectType,
2993  PreviousMode,
2994  (PVOID*)&Token,
2995  NULL);
2996  if (NT_SUCCESS(Status))
2997  {
2998  switch (TokenInformationClass)
2999  {
3000  case TokenOwner:
3001  {
3002  if (TokenInformationLength >= sizeof(TOKEN_OWNER))
3003  {
3004  PTOKEN_OWNER to = (PTOKEN_OWNER)TokenInformation;
3005  PSID InputSid = NULL, CapturedSid;
3006  ULONG DefaultOwnerIndex;
3007 
3008  _SEH2_TRY
3009  {
3010  InputSid = to->Owner;
3011  }
3012  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
3013  {
3014  Status = _SEH2_GetExceptionCode();
3015  _SEH2_YIELD(goto Cleanup);
3016  }
3017  _SEH2_END;
3018 
3019  Status = SepCaptureSid(InputSid,
3020  PreviousMode,
3021  PagedPool,
3022  FALSE,
3023  &CapturedSid);
3024  if (NT_SUCCESS(Status))
3025  {
3026  /* Lock the token */
3027  SepAcquireTokenLockExclusive(Token);
3028 
3029  /* Find the owner amongst the existing token user and groups */
3030  Status = SepFindPrimaryGroupAndDefaultOwner(Token,
3031  NULL,
3032  CapturedSid,
3033  NULL,
3034  &DefaultOwnerIndex);
3035  if (NT_SUCCESS(Status))
3036  {
3037  /* Found it */
3038  Token->DefaultOwnerIndex = DefaultOwnerIndex;
3039  ExAllocateLocallyUniqueId(&Token->ModifiedId);
3040  }
3041 
3042  /* Unlock the token */
3043  SepReleaseTokenLock(Token);
3044 
3045  SepReleaseSid(CapturedSid,
3046  PreviousMode,
3047  FALSE);
3048  }
3049  }
3050  else
3051  {
3052  Status = STATUS_INFO_LENGTH_MISMATCH;
3053  }
3054  break;
3055  }
3056 
3057  case TokenPrimaryGroup:
3058  {
3059  if (TokenInformationLength >= sizeof(TOKEN_PRIMARY_GROUP))
3060  {
3061  PTOKEN_PRIMARY_GROUP tpg = (PTOKEN_PRIMARY_GROUP)TokenInformation;
3062  PSID InputSid = NULL, CapturedSid;
3063  ULONG PrimaryGroupIndex;
3064 
3065  _SEH2_TRY
3066  {
3067  InputSid = tpg->PrimaryGroup;
3068  }
3069  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
3070  {
3071  Status = _SEH2_GetExceptionCode();
3072  _SEH2_YIELD(goto Cleanup);
3073  }
3074  _SEH2_END;
3075 
3076  Status = SepCaptureSid(InputSid,
3077  PreviousMode,
3078  PagedPool,
3079  FALSE,
3080  &CapturedSid);
3081  if (NT_SUCCESS(Status))
3082  {
3083  /* Lock the token */
3084  SepAcquireTokenLockExclusive(Token);
3085 
3086  /* Find the primary group amongst the existing token user and groups */
3087  Status = SepFindPrimaryGroupAndDefaultOwner(Token,
3088  CapturedSid,
3089  NULL,
3090  &PrimaryGroupIndex,
3091  NULL);
3092  if (NT_SUCCESS(Status))
3093  {
3094  /* Found it */
3095  Token->PrimaryGroup = Token->UserAndGroups[PrimaryGroupIndex].Sid;
3096  ExAllocateLocallyUniqueId(&Token->ModifiedId);
3097  }
3098 
3099  /* Unlock the token */
3100  SepReleaseTokenLock(Token);
3101 
3102  SepReleaseSid(CapturedSid,
3103  PreviousMode,
3104  FALSE);
3105  }
3106  }
3107  else
3108  {
3109  Status = STATUS_INFO_LENGTH_MISMATCH;
3110  }
3111  break;
3112  }
3113 
3114  case TokenDefaultDacl:
3115  {
3116  if (TokenInformationLength >= sizeof(TOKEN_DEFAULT_DACL))
3117  {
3118  PTOKEN_DEFAULT_DACL tdd = (PTOKEN_DEFAULT_DACL)TokenInformation;
3119  PACL InputAcl = NULL;
3120 
3121  _SEH2_TRY
3122  {
3123  InputAcl = tdd->DefaultDacl;
3124  }
3125  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
3126  {
3127  Status = _SEH2_GetExceptionCode();
3128  _SEH2_YIELD(goto Cleanup);
3129  }
3130  _SEH2_END;
3131 
3132  if (InputAcl != NULL)
3133  {
3134  PACL CapturedAcl;
3135 
3136  /* Capture and copy the dacl */
3137  Status = SepCaptureAcl(InputAcl,
3138  PreviousMode,
3139  PagedPool,
3140  TRUE,
3141  &CapturedAcl);
3142  if (NT_SUCCESS(Status))
3143  {
3144  ULONG DynamicLength;
3145 
3146  /* Lock the token */
3147  SepAcquireTokenLockExclusive(Token);
3148 
3149  //
3150  // NOTE: So far our dynamic area only contains
3151  // the default dacl, so this makes the following
3152  // code pretty simple. The day where it stores
3153  // other data, the code will require adaptations.
3154  //
3155 
3156  DynamicLength = Token->DynamicAvailable;
3157  // Add here any other data length present in the dynamic area...
3158  if (Token->DefaultDacl)
3159  DynamicLength += Token->DefaultDacl->AclSize;
3160 
3161  /* Reallocate the dynamic area if it is too small */
3162  Status = STATUS_SUCCESS;
3163  if ((DynamicLength < CapturedAcl->AclSize) ||
3164  (Token->DynamicPart == NULL))
3165  {
3166  PVOID NewDynamicPart;
3167 
3168  NewDynamicPart = ExAllocatePoolWithTag(PagedPool,
3169  CapturedAcl->AclSize,
3170  TAG_TOKEN_DYNAMIC);
3171  if (NewDynamicPart == NULL)
3172  {
3173  Status = STATUS_INSUFFICIENT_RESOURCES;
3174  }
3175  else
3176  {
3177  if (Token->DynamicPart != NULL)
3178  {
3179  // RtlCopyMemory(NewDynamicPart, Token->DynamicPart, DynamicLength);
3180  ExFreePoolWithTag(Token->DynamicPart, TAG_TOKEN_DYNAMIC);
3181  }
3182  Token->DynamicPart = NewDynamicPart;
3183  Token->DynamicAvailable = 0;
3184  }
3185  }
3186  else
3187  {
3188  Token->DynamicAvailable = DynamicLength - CapturedAcl->AclSize;
3189  }
3190 
3191  if (NT_SUCCESS(Status))
3192  {
3193  /* Set the new dacl */
3194  Token->DefaultDacl = (PVOID)Token->DynamicPart;
3195  RtlCopyMemory(Token->DefaultDacl,
3196  CapturedAcl,
3197  CapturedAcl->AclSize);
3198 
3199  ExAllocateLocallyUniqueId(&Token->ModifiedId);
3200  }
3201 
3202  /* Unlock the token */
3203  SepReleaseTokenLock(Token);
3204 
3205  ExFreePoolWithTag(CapturedAcl, TAG_ACL);
3206  }
3207  }
3208  else
3209  {
3210  /* Lock the token */
3211  SepAcquireTokenLockExclusive(Token);
3212 
3213  /* Clear the default dacl if present */
3214  if (Token->DefaultDacl != NULL)
3215  {
3216  Token->DynamicAvailable += Token->DefaultDacl->AclSize;
3217  RtlZeroMemory(Token->DefaultDacl, Token->DefaultDacl->AclSize);
3218  Token->DefaultDacl = NULL;
3219 
3220  ExAllocateLocallyUniqueId(&Token->ModifiedId);
3221  }
3222 
3223  /* Unlock the token */
3224  SepReleaseTokenLock(Token);
3225  }
3226  }
3227  else
3228  {
3229  Status = STATUS_INFO_LENGTH_MISMATCH;
3230  }
3231  break;
3232  }
3233 
3234  case TokenSessionId:
3235  {
3236  ULONG SessionId = 0;
3237 
3238  _SEH2_TRY
3239  {
3240  /* Buffer size was already verified, no need to check here again */
3241  SessionId = *(PULONG)TokenInformation;
3242  }
3243  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
3244  {
3245  Status = _SEH2_GetExceptionCode();
3246  _SEH2_YIELD(goto Cleanup);
3247  }
3248  _SEH2_END;
3249 
3250  /* Check for TCB privilege */
3251  if (!SeSinglePrivilegeCheck(SeTcbPrivilege, PreviousMode))
3252  {
3253  Status = STATUS_PRIVILEGE_NOT_HELD;
3254  break;
3255  }
3256 
3257  /* Lock the token */
3258  SepAcquireTokenLockExclusive(Token);
3259 
3260  Token->SessionId = SessionId;
3261  ExAllocateLocallyUniqueId(&Token->ModifiedId);
3262 
3263  /* Unlock the token */
3264  SepReleaseTokenLock(Token);
3265 
3266  break;
3267  }
3268 
3269  case TokenSessionReference:
3270  {
3271  ULONG SessionReference;
3272 
3273  _SEH2_TRY
3274  {
3275  /* Buffer size was already verified, no need to check here again */
3276  SessionReference = *(PULONG)TokenInformation;
3277  }
3278  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
3279  {
3280  Status = _SEH2_GetExceptionCode();
3281  _SEH2_YIELD(goto Cleanup);
3282  }
3283  _SEH2_END;
3284 
3285  /* Check for TCB privilege */
3286  if (!SeSinglePrivilegeCheck(SeTcbPrivilege, PreviousMode))
3287  {
3288  Status = STATUS_PRIVILEGE_NOT_HELD;
3289  goto Cleanup;
3290  }
3291 
3292  /* Check if it is 0 */
3293  if (SessionReference == 0)
3294  {
3295  ULONG OldTokenFlags;
3296 
3297  /* Lock the token */
3298  SepAcquireTokenLockExclusive(Token);
3299 
3300  /* Atomically set the flag in the token */
3301  OldTokenFlags = RtlInterlockedSetBits(&Token->TokenFlags,
3302  TOKEN_SESSION_NOT_REFERENCED);
3303  /*
3304  * If the flag was already set, do not dereference again
3305  * the logon session. Use SessionReference as an indicator
3306  * to know whether to really dereference the session.
3307  */
3308  if (OldTokenFlags == Token->TokenFlags)
3309  SessionReference = ULONG_MAX;
3310 
3311  /* Unlock the token */
3312  SepReleaseTokenLock(Token);
3313  }
3314 
3315  /* Dereference the logon session if needed */
3316  if (SessionReference == 0)
3317  SepRmDereferenceLogonSession(&Token->AuthenticationId);
3318 
3319  break;
3320  }
3321 
3322  case TokenAuditPolicy:
3323  {
3324  PTOKEN_AUDIT_POLICY_INFORMATION PolicyInformation =
3325  (PTOKEN_AUDIT_POLICY_INFORMATION)TokenInformation;
3326  SEP_AUDIT_POLICY AuditPolicy;
3327  ULONG i;
3328 
3329  _SEH2_TRY
3330  {
3331  ProbeForRead(PolicyInformation,
3332  FIELD_OFFSET(TOKEN_AUDIT_POLICY_INFORMATION,
3333  Policies[PolicyInformation->PolicyCount]),
3334  sizeof(ULONG));
3335 
3336  /* Loop all policies in the structure */
3337  for (i = 0; i < PolicyInformation->PolicyCount; i++)
3338  {
3339  /* Set the corresponding bits in the packed structure */
3340  switch (PolicyInformation->Policies[i].Category)
3341  {
3342  case AuditCategorySystem:
3343  AuditPolicy.PolicyElements.System = PolicyInformation->Policies[i].Value;
3344  break;
3345 
3346  case AuditCategoryLogon:
3347  AuditPolicy.PolicyElements.Logon = PolicyInformation->Policies[i].Value;
3348  break;
3349 
3350  case AuditCategoryObjectAccess:
3351  AuditPolicy.PolicyElements.ObjectAccess = PolicyInformation->Policies[i].Value;
3352  break;
3353 
3354  case AuditCategoryPrivilegeUse:
3355  AuditPolicy.PolicyElements.PrivilegeUse = PolicyInformation->Policies[i].Value;
3356  break;
3357 
3358  case AuditCategoryDetailedTracking:
3359  AuditPolicy.PolicyElements.DetailedTracking = PolicyInformation->Policies[i].Value;
3360  break;
3361 
3362  case AuditCategoryPolicyChange:
3363  AuditPolicy.PolicyElements.PolicyChange = PolicyInformation->Policies[i].Value;
3364  break;
3365 
3366  case AuditCategoryAccountManagement:
3367  AuditPolicy.PolicyElements.AccountManagement = PolicyInformation->Policies[i].Value;
3368  break;
3369 
3370  case AuditCategoryDirectoryServiceAccess:
3371  AuditPolicy.PolicyElements.DirectoryServiceAccess = PolicyInformation->Policies[i].Value;
3372  break;
3373 
3374  case AuditCategoryAccountLogon:
3375  AuditPolicy.PolicyElements.AccountLogon = PolicyInformation->Policies[i].Value;
3376  break;
3377  }
3378  }
3379  }
3380  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
3381  {
3382  Status = _SEH2_GetExceptionCode();
3383  _SEH2_YIELD(goto Cleanup);
3384  }
3385  _SEH2_END;
3386 
3387  /* Check for TCB privilege */
3388  if (!SeSinglePrivilegeCheck(SeTcbPrivilege, PreviousMode))
3389  {
3390  Status = STATUS_PRIVILEGE_NOT_HELD;
3391  break;
3392  }
3393 
3394  /* Lock the token */
3395  SepAcquireTokenLockExclusive(Token);
3396 
3397  /* Set the new audit policy */
3398  Token->AuditPolicy = AuditPolicy;
3399  ExAllocateLocallyUniqueId(&Token->ModifiedId);
3400 
3401  /* Unlock the token */
3402  SepReleaseTokenLock(Token);
3403 
3404  break;
3405  }
3406 
3407  case TokenOrigin:
3408  {
3409  TOKEN_ORIGIN TokenOrigin;
3410 
3411  _SEH2_TRY
3412  {
3413  /* Copy the token origin */
3414  TokenOrigin = *(PTOKEN_ORIGIN)TokenInformation;
3415  }
3416  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
3417  {
3418  Status = _SEH2_GetExceptionCode();
3419  _SEH2_YIELD(goto Cleanup);
3420  }
3421  _SEH2_END;
3422 
3423  /* Check for TCB privilege */
3424  if (!SeSinglePrivilegeCheck(SeTcbPrivilege, PreviousMode))
3425  {
3426  Status = STATUS_PRIVILEGE_NOT_HELD;
3427  break;
3428  }
3429 
3430  /* Lock the token */
3431  SepAcquireTokenLockExclusive(Token);
3432 
3433  /* Check if there is no token origin set yet */
3434  if (RtlIsZeroLuid(&Token->OriginatingLogonSession))
3435  {
3436  /* Set the token origin */
3437  Token->OriginatingLogonSession =
3438  TokenOrigin.OriginatingLogonSession;
3439 
3440  ExAllocateLocallyUniqueId(&Token->ModifiedId);
3441  }
3442 
3443  /* Unlock the token */
3444  SepReleaseTokenLock(Token);
3445 
3446  break;
3447  }
3448 
3449  default:
3450  {
3451  DPRINT1("Invalid TokenInformationClass: 0x%lx\n",
3452  TokenInformationClass);
3453  Status = STATUS_INVALID_INFO_CLASS;
3454  break;
3455  }
3456  }
3457 Cleanup:
3458  ObDereferenceObject(Token);
3459  }
3460 
3461  if (!NT_SUCCESS(Status))
3462  {
3463  DPRINT1("NtSetInformationToken failed with Status 0x%lx\n", Status);
3464  }
3465 
3466  return Status;
3467 }
_TOKEN_PRIMARY_GROUP::PrimaryGroup
PSID PrimaryGroup
Definition: setypes.h:978
SepAcquireTokenLockExclusive
#define SepAcquireTokenLockExclusive(Token)
Definition: se.h:206
SepFindPrimaryGroupAndDefaultOwner
static NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Definition: token.c:698
STATUS_PRIVILEGE_NOT_HELD
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
_TOKEN_DEFAULT_DACL
Definition: setypes.h:981
_SEP_AUDIT_POLICY_CATEGORIES::DirectoryServiceAccess
UCHAR DirectoryServiceAccess
Definition: setypes.h:134
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
STATUS_INFO_LENGTH_MISMATCH
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133
_SID
Definition: ms-dtyp.idl:198
_TOKEN_AUDIT_POLICY_INFORMATION::PolicyCount
ULONG PolicyCount
Definition: token.c:18
PTOKEN_PRIMARY_GROUP
struct _TOKEN_PRIMARY_GROUP * PTOKEN_PRIMARY_GROUP
TokenInformationLength
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
Definition: sefuncs.h:320
TRUE
#define TRUE
Definition: types.h:120
_ACL::AclSize
USHORT AclSize
Definition: ms-dtyp.idl:296
_ACL
Definition: ms-dtyp.idl:293
_TOKEN_PRIMARY_GROUP
Definition: setypes.h:977
SessionId
ULONG SessionId
Definition: dllmain.c:28
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
SeSinglePrivilegeCheck
BOOLEAN NTAPI SeSinglePrivilegeCheck(IN LUID PrivilegeValue, IN KPROCESSOR_MODE PreviousMode)
Definition: priv.c:520
ExGetPreviousMode
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
DefaultSetInfoBufferCheck
static __inline NTSTATUS DefaultSetInfoBufferCheck(ULONG Class, const INFORMATION_CLASS_INFO *ClassList, ULONG ClassListEntries, PVOID Buffer, ULONG BufferLength, KPROCESSOR_MODE PreviousMode)
Definition: probe.h:8
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
_SEP_AUDIT_POLICY_CATEGORIES::PrivilegeUse
UCHAR PrivilegeUse
Definition: setypes.h:130
ObReferenceObjectByHandle
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
PTOKEN_DEFAULT_DACL
struct _TOKEN_DEFAULT_DACL * PTOKEN_DEFAULT_DACL
FALSE
#define FALSE
Definition: types.h:117
PTOKEN_ORIGIN
struct _TOKEN_ORIGIN * PTOKEN_ORIGIN
_SEP_AUDIT_POLICY_CATEGORIES::Logon
UCHAR Logon
Definition: setypes.h:128
SeTokenObjectType
POBJECT_TYPE SeTokenObjectType
Definition: token.c:28
SepCaptureAcl
NTSTATUS NTAPI SepCaptureAcl(IN PACL InputAcl, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PACL *CapturedAcl)
Definition: acl.c:299
_SEP_AUDIT_POLICY
Definition: setypes.h:144
_TOKEN_OWNER::Owner
PSID Owner
Definition: setypes.h:974
TOKEN_ADJUST_DEFAULT
#define TOKEN_ADJUST_DEFAULT
Definition: setypes.h:878
TokenHandle
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
PVOID
void * PVOID
Definition: retypes.h:9
SepRmDereferenceLogonSession
NTSTATUS SepRmDereferenceLogonSession(PLUID LogonLuid)
Definition: srm.c:677
_TOKEN_OWNER
Definition: setypes.h:973
Status
Status
Definition: gdiplustypes.h:24
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
PTOKEN_AUDIT_POLICY_INFORMATION
struct _TOKEN_AUDIT_POLICY_INFORMATION * PTOKEN_AUDIT_POLICY_INFORMATION
_TOKEN_AUDIT_POLICY_INFORMATION
Definition: token.c:16
_TOKEN_ORIGIN
Definition: setypes.h:1052
ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203
RtlIsZeroLuid
#define RtlIsZeroLuid(_L1)
Definition: rtlfuncs.h:753
_SEP_AUDIT_POLICY::PolicyElements
SEP_AUDIT_POLICY_CATEGORIES PolicyElements
Definition: setypes.h:148
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PTOKEN_OWNER
struct _TOKEN_OWNER * PTOKEN_OWNER
_TOKEN_AUDIT_POLICY_INFORMATION::Policies
struct _TOKEN_AUDIT_POLICY_INFORMATION::@1808 Policies[1]
ProbeForRead
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
STATUS_INVALID_INFO_CLASS
#define STATUS_INVALID_INFO_CLASS
Definition: ntstatus.h:240
SepReleaseTokenLock
#define SepReleaseTokenLock(Token)
Definition: se.h:217
_SEP_AUDIT_POLICY_CATEGORIES::AccountManagement
UCHAR AccountManagement
Definition: setypes.h:133
TAG_TOKEN_DYNAMIC
#define TAG_TOKEN_DYNAMIC
Definition: tag.h:180
Cleanup
static const WCHAR Cleanup[]
Definition: register.c:80
_SEP_AUDIT_POLICY_CATEGORIES::ObjectAccess
UCHAR ObjectAccess
Definition: setypes.h:129
_TOKEN_DEFAULT_DACL::DefaultDacl
PACL DefaultDacl
Definition: setypes.h:982
_SEP_AUDIT_POLICY_CATEGORIES::DetailedTracking
UCHAR DetailedTracking
Definition: setypes.h:131
_SEP_AUDIT_POLICY_CATEGORIES::PolicyChange
UCHAR PolicyChange
Definition: setypes.h:132
SeTcbPrivilege
const LUID SeTcbPrivilege
Definition: priv.c:24
TAG_ACL
#define TAG_ACL
Definition: tag.h:174
_SEH2_END
_SEH2_END
Definition: create.c:4400
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
RTL_NUMBER_OF
#define RTL_NUMBER_OF(x)
Definition: RtlRegistry.c:12
_SEP_AUDIT_POLICY_CATEGORIES::AccountLogon
UCHAR AccountLogon
Definition: setypes.h:135
ExAllocateLocallyUniqueId
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:334
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
PULONG
unsigned int * PULONG
Definition: retypes.h:1
NULL
#define NULL
Definition: types.h:112
SepReleaseSid
VOID NTAPI SepReleaseSid(IN PSID CapturedSid, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: sid.c:338
DPRINT1
#define DPRINT1
Definition: precomp.h:8
RtlInterlockedSetBits
#define RtlInterlockedSetBits(Flags, Flag)
Definition: rtlfuncs.h:3436
_SEP_AUDIT_POLICY_CATEGORIES::System
UCHAR System
Definition: setypes.h:127
ULONG
unsigned int ULONG
Definition: retypes.h:1
RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
SeTokenInformationClass
static const INFORMATION_CLASS_INFO SeTokenInformationClass[]
Definition: token.c:41
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
_SEH2_YIELD
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
DPRINT
#define DPRINT
Definition: sndvol32.h:71
_TOKEN
Definition: setypes.h:197
TOKEN_ADJUST_SESSIONID
#define TOKEN_ADJUST_SESSIONID
Definition: setypes.h:879
SepCaptureSid
NTSTATUS NTAPI SepCaptureSid(IN PSID InputSid, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSID *CapturedSid)
Definition: sid.c:270
TOKEN_SESSION_NOT_REFERENCED
#define TOKEN_SESSION_NOT_REFERENCED
Definition: setypes.h:1130
TokenInformationClass
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
Definition: sefuncs.h:318
ULONG_MAX
#define ULONG_MAX
Definition: limits.h:44
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

◆ SeCaptureSecurityDescriptor()

NTKERNELAPI NTSTATUS NTAPI SeCaptureSecurityDescriptor ( _In_ PSECURITY_DESCRIPTOR  OriginalSecurityDescriptor,
_In_ KPROCESSOR_MODE  CurrentMode,
_In_ POOL_TYPE  PoolType,
_In_ BOOLEAN  CaptureIfKernel,
_Out_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor 
)

◆ SeCreateAccessState()

NTKERNELAPI NTSTATUS NTAPI SeCreateAccessState ( PACCESS_STATE  AccessState,
PAUX_ACCESS_DATA  AuxData,
ACCESS_MASK  Access,
PGENERIC_MAPPING  GenericMapping 
)

◆ SeDeleteAccessState()

NTKERNELAPI VOID NTAPI SeDeleteAccessState ( _In_ PACCESS_STATE  AccessState)

◆ SeReleaseSecurityDescriptor()

NTKERNELAPI NTSTATUS NTAPI SeReleaseSecurityDescriptor ( _In_ PSECURITY_DESCRIPTOR  CapturedSecurityDescriptor,
_In_ KPROCESSOR_MODE  CurrentMode,
_In_ BOOLEAN  CaptureIfKernelMode 
)

◆ SeTokenImpersonationLevel()

NTKERNELAPI SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel ( _In_ PACCESS_TOKEN  Token)

◆ ZwAccessCheck()

NTSYSAPI NTSTATUS NTAPI ZwAccessCheck ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_ PPRIVILEGE_SET  PrivilegeSet,
_Out_ PULONG  ReturnLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ ZwAdjustGroupsToken()

NTSYSAPI NTSTATUS NTAPI ZwAdjustGroupsToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  ResetToDefault,
_In_ PTOKEN_GROUPS  NewState,
_In_ ULONG  BufferLength,
_Out_opt_ PTOKEN_GROUPS  PreviousState,
_Out_ PULONG  ReturnLength 
)

◆ ZwAdjustPrivilegesToken()

_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI ZwAdjustPrivilegesToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  DisableAllPrivileges,
_In_opt_ PTOKEN_PRIVILEGES  NewState,
_In_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES  PreviousState,
_When_(PreviousState !=NULL, _Out_) PULONG  ReturnLength 
)

Referenced by RtlAcquirePrivilege(), RtlAdjustPrivilege(), RtlpSysVolTakeOwnership(), and RtlReleasePrivilege().

◆ ZwAllocateLocallyUniqueId()

NTSYSAPI NTSTATUS NTAPI ZwAllocateLocallyUniqueId ( _Out_ LUID LocallyUniqueId)

Referenced by CreateInitialSystemToken().

◆ ZwAllocateUuids()

NTSYSAPI NTSTATUS NTAPI ZwAllocateUuids ( PULARGE_INTEGER  Time,
PULONG  Range,
PULONG  Sequence,
PUCHAR  Seed 
)

◆ ZwCreateToken()

NTSYSAPI NTSTATUS NTAPI ZwCreateToken ( _Out_ PHANDLE  TokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ TOKEN_TYPE  TokenType,
_In_ PLUID  AuthenticationId,
_In_ PLARGE_INTEGER  ExpirationTime,
_In_ PTOKEN_USER  TokenUser,
_In_ PTOKEN_GROUPS  TokenGroups,
_In_ PTOKEN_PRIVILEGES  TokenPrivileges,
_In_ PTOKEN_OWNER  TokenOwner,
_In_ PTOKEN_PRIMARY_GROUP  TokenPrimaryGroup,
_In_ PTOKEN_DEFAULT_DACL  TokenDefaultDacl,
_In_ PTOKEN_SOURCE  TokenSource 
)

Referenced by CreateInitialSystemToken().

◆ ZwImpersonateAnonymousToken()

NTSYSAPI NTSTATUS NTAPI ZwImpersonateAnonymousToken ( _In_ HANDLE  Thread)

◆ ZwOpenObjectAuditAlarm()

NTSYSAPI NTSTATUS NTAPI ZwOpenObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ULONG  DesiredAccess,
_In_ ULONG  GrantedAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  ObjectCreation,
_In_ BOOLEAN  AccessGranted,
_Out_ PBOOLEAN  GenerateOnClose 
)

◆ ZwOpenProcessTokenEx()

NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

Referenced by RtlFormatCurrentUserKeyPath().

◆ ZwPrivilegeCheck()

NTSYSAPI NTSTATUS NTAPI ZwPrivilegeCheck ( _In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  RequiredPrivileges,
_In_ PBOOLEAN  Result 
)

◆ ZwPrivilegedServiceAuditAlarm()

NTSYSAPI NTSTATUS NTAPI ZwPrivilegedServiceAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PUNICODE_STRING  ServiceName,
_In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ ZwPrivilegeObjectAuditAlarm()

NTSYSAPI NTSTATUS NTAPI ZwPrivilegeObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PVOID  HandleId,
_In_ HANDLE  ClientToken,
_In_ ULONG  DesiredAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ ZwSetInformationToken()

NTSYSAPI NTSTATUS NTAPI ZwSetInformationToken ( _In_ HANDLE  TokenHandle,
_In_ TOKEN_INFORMATION_CLASS  TokenInformationClass,
_Out_ PVOID  TokenInformation,
_In_ ULONG  TokenInformationLength 
)

Variable Documentation

◆ DesiredAccess

_In_ ACCESS_MASK DesiredAccess

Definition at line 417 of file sefuncs.h.

◆ EffectiveOnly

_Must_inspect_result_ _In_opt_ PACCESS_TOKEN _In_ BOOLEAN _In_ BOOLEAN EffectiveOnly

Definition at line 417 of file sefuncs.h.

Referenced by GetProcessLuid(), NtCloseObjectAuditAlarm(), NtDuplicateToken(), NtOpenThreadTokenEx(), ObpReferenceDeviceMap(), PsImpersonateClient(), PsReferenceEffectiveToken(), PsReferenceImpersonationToken(), SeCaptureSubjectContextEx(), and SeImpersonateClientEx().

◆ Length

_In_ TOKEN_INFORMATION_CLASS _In_ ULONG Length

Definition at line 509 of file sefuncs.h.

◆ NewTokenHandle

_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle

Definition at line 417 of file sefuncs.h.

Referenced by NtDuplicateToken().

◆ ObjectAttributes

_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes

Definition at line 417 of file sefuncs.h.

◆ ResultLength

_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ResultLength

Definition at line 509 of file sefuncs.h.

◆ ReturnLength

_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ReturnLength

Definition at line 320 of file sefuncs.h.

◆ TokenHandle

_In_ ACCESS_MASK _Out_ PHANDLE TokenHandle

Definition at line 455 of file sefuncs.h.

◆ TokenInformationClass

_In_ TOKEN_INFORMATION_CLASS TokenInformationClass

Definition at line 318 of file sefuncs.h.

Referenced by GetTokenInformation(), NtQueryInformationToken(), NtSetInformationToken(), SeQueryInformationToken(), and SetTokenInformation().

◆ TokenInformationLength

_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength

Definition at line 320 of file sefuncs.h.

Referenced by GetTokenInformation(), NtQueryInformationToken(), NtSetInformationToken(), and SetTokenInformation().

◆ TokenType

_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType

Definition at line 417 of file sefuncs.h.

Referenced by CreateProcessAsUserCommon(), CreateRestrictedToken(), DuplicateTokenEx(), ImpersonateLoggedOnUser(), ImpersonatePrinterClient(), NpFreeClientSecurityContext(), NtCreateToken(), NtDuplicateToken(), NtQueryInformationToken(), PsReferenceEffectiveToken(), SeCreateClientSecurity(), SepCreateClientSecurity(), SepCreateToken(), SepDuplicateToken(), SeQueryInformationToken(), test_CreateRestrictedToken(), TestsSeQueryInformationToken(), validate_impersonation_token(), and WhoamiGetTokenInfo().