ReactOS  0.4.14-dev-77-gd9e7c48
sefuncs.h File Reference
#include <umtypes.h>
Include dependency graph for sefuncs.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

NTKERNELAPI NTSTATUS NTAPI SeCaptureSecurityDescriptor (_In_ PSECURITY_DESCRIPTOR OriginalSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
 
NTKERNELAPI NTSTATUS NTAPI SeReleaseSecurityDescriptor (_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
 
NTKERNELAPI NTSTATUS NTAPI SeCreateAccessState (PACCESS_STATE AccessState, PAUX_ACCESS_DATA AuxData, ACCESS_MASK Access, PGENERIC_MAPPING GenericMapping)
 
NTKERNELAPI VOID NTAPI SeDeleteAccessState (_In_ PACCESS_STATE AccessState)
 
NTKERNELAPI SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel (_In_ PACCESS_TOKEN Token)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheck (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_ PPRIVILEGE_SET PrivilegeSet, _Out_ PULONG ReturnLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
NTSTATUS NTAPI NtAccessCheckByType (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
NTSTATUS NTAPI NtAccessCheckByTypeResultList (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_opt_ PTOKEN_GROUPS NewState, _In_opt_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, _Out_ PULONG ReturnLength)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAllocateLocallyUniqueId (_Out_ LUID *LocallyUniqueId)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAllocateUuids (PULARGE_INTEGER Time, PULONG Range, PULONG Sequence, PUCHAR Seed)
 
NTSYSCALLAPI NTSTATUS NTAPI NtCompareTokens (_In_ HANDLE FirstTokenHandle, _In_ HANDLE SecondTokenHandle, _Out_ PBOOLEAN Equal)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateToken (_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_opt_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_opt_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken (_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken (_In_ HANDLE Thread)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
 
NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck (_In_ HANDLE ClientToken, _Inout_ PPRIVILEGE_SET RequiredPrivileges, _Out_ PBOOLEAN Result)
 
NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
 _When_ (TokenInformationClass==TokenAccessInformation, _At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))) _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle
 
_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ (TokenInformationLength, *ReturnLength) PVOID TokenInformation
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken (_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
 
NTSYSAPI NTSTATUS NTAPI ZwAccessCheck (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_ PPRIVILEGE_SET PrivilegeSet, _Out_ PULONG ReturnLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
NTSYSAPI NTSTATUS NTAPI ZwAdjustGroupsToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_ PTOKEN_GROUPS NewState, _In_ ULONG BufferLength, _Out_opt_ PTOKEN_GROUPS PreviousState, _Out_ PULONG ReturnLength)
 
_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI ZwAdjustPrivilegesToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
 
NTSYSAPI NTSTATUS NTAPI ZwAllocateLocallyUniqueId (_Out_ LUID *LocallyUniqueId)
 
NTSYSAPI NTSTATUS NTAPI ZwAllocateUuids (PULARGE_INTEGER Time, PULONG Range, PULONG Sequence, PUCHAR Seed)
 
NTSYSAPI NTSTATUS NTAPI ZwCreateToken (_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
 
 _IRQL_requires_max_ (PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwDuplicateToken(_In_ HANDLE ExistingTokenHandle
 
NTSYSAPI NTSTATUS NTAPI ZwImpersonateAnonymousToken (_In_ HANDLE Thread)
 
NTSYSAPI NTSTATUS NTAPI ZwOpenObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ULONG DesiredAccess, _In_ ULONG GrantedAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
 
NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 
NTSYSAPI NTSTATUS NTAPI ZwPrivilegeCheck (_In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET RequiredPrivileges, _In_ PBOOLEAN Result)
 
NTSYSAPI NTSTATUS NTAPI ZwPrivilegedServiceAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
NTSYSAPI NTSTATUS NTAPI ZwPrivilegeObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ULONG DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ (Length, *ResultLength) PVOID TokenInformation
 
NTSYSAPI NTSTATUS NTAPI ZwSetInformationToken (_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_ PVOID TokenInformation, _In_ ULONG TokenInformationLength)
 

Variables

_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ReturnLength
 
_In_ ACCESS_MASK DesiredAccess
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
 
_In_ ACCESS_MASK _Out_ PHANDLE TokenHandle
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG Length
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ResultLength
 

Function Documentation

◆ _IRQL_requires_max_()

_IRQL_requires_max_ ( PASSIVE_LEVEL  )

Definition at line 64 of file Messaging.c.

75 {
76  PFLT_SERVER_PORT_OBJECT PortObject;
78 
79  /* The caller must allow at least one connection */
80  if (MaxConnections == 0)
81  {
83  }
84 
85  /* The request must be for a kernel handle */
86  if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
87  {
89  }
90 
91  /*
92  * Get rundown protection on the target to stop the owner
93  * from unloading whilst this port object is open. It gets
94  * removed in the FltpServerPortClose callback
95  */
97  if (!NT_SUCCESS(Status))
98  {
99  return Status;
100  }
101 
102  /* Create the server port object for this filter */
106  KernelMode,
107  NULL,
108  sizeof(FLT_SERVER_PORT_OBJECT),
109  0,
110  0,
111  (PVOID *)&PortObject);
112  if (NT_SUCCESS(Status))
113  {
114  /* Zero out the struct */
115  RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
116 
117  /* Increment the ref count on the target filter */
119 
120  /* Setup the filter port object */
121  PortObject->Filter = Filter;
122  PortObject->ConnectNotify = ConnectNotifyCallback;
124  PortObject->MessageNotify = MessageNotifyCallback;
125  PortObject->Cookie = ServerPortCookie;
126  PortObject->MaxConnections = MaxConnections;
127 
128  /* Insert the object */
129  Status = ObInsertObject(PortObject,
130  NULL,
132  0,
133  NULL,
135  if (NT_SUCCESS(Status))
136  {
137  /* Lock the connection list */
139 
140  /* Add the new port object to the connection list and increment the count */
143 
144  /* Unlock the connection list*/
146  }
147  }
148 
149  if (!NT_SUCCESS(Status))
150  {
151  /* Allow the filter to be cleaned up */
153  }
154 
155  return Status;
156 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
_Must_inspect_result_ _Outptr_ PFLT_PORT * ServerPort
Definition: fltkernel.h:1873
PFLT_CONNECT_NOTIFY ConnectNotify
Definition: fltmgrint.h:191
VOID FLTAPI FltObjectDereference(_Inout_ PVOID Object)
Definition: Object.c:53
LONG NTSTATUS
Definition: precomp.h:26
#define InsertTailList(ListHead, Entry)
VOID FASTCALL ExReleaseFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:31
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
LIST_ENTRY mList
Definition: fltmgrint.h:56
_Must_inspect_result_ _In_opt_ PFLT_FILTER Filter
Definition: fltkernel.h:1802
#define FILE_READ_DATA
Definition: nt_native.h:628
smooth NULL
Definition: ftsmooth.c:416
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:952
POBJECT_TYPE ServerPortObjectType
Definition: Messaging.c:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1873
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:414
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1873
Status
Definition: gdiplustypes.h:24
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2932
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
VOID FASTCALL ExAcquireFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:23
NTSTATUS FLTAPI FltObjectReference(_Inout_ PVOID Object)
Definition: Object.c:41
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1873
FAST_MUTEX mLock
Definition: fltmgrint.h:55
PFLT_MESSAGE_NOTIFY MessageNotify
Definition: fltmgrint.h:193
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY _In_ LONG MaxConnections
Definition: fltkernel.h:1873
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1873
FLT_MUTEX_LIST_HEAD ConnectionList
Definition: fltmgrint.h:121

◆ _Out_writes_bytes_to_opt_() [1/2]

_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ ( TokenInformationLength  ,
ReturnLength 
)

◆ _Out_writes_bytes_to_opt_() [2/2]

_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ ( Length  ,
ResultLength 
)

◆ _When_()

◆ NtAccessCheck()

NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheck ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_ PPRIVILEGE_SET  PrivilegeSet,
_Out_ PULONG  ReturnLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ NtAccessCheckAndAuditAlarm()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus,
_Out_ PBOOLEAN  GenerateOnClose 
)

Definition at line 1406 of file audit.c.

1418 {
1419  /* Call the internal function */
1420  return SepAccessCheckAndAuditAlarm(SubsystemName,
1421  HandleId,
1422  NULL,
1424  ObjectName,
1426  NULL,
1427  DesiredAccess,
1429  0,
1430  NULL,
1431  0,
1433  GrantedAccess,
1434  AccessStatus,
1436  FALSE);
1437 }
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
smooth NULL
Definition: ftsmooth.c:416
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
_Must_inspect_result_ NTSTATUS NTAPI SepAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PHANDLE ClientTokenHandle, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccessList, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatusList, _Out_ PBOOLEAN GenerateOnClose, _In_ BOOLEAN UseResultList)
Definition: audit.c:371

◆ NtAccessCheckByType()

NTSTATUS NTAPI NtAccessCheckByType ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PSID  PrincipalSelfSid,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ PPRIVILEGE_SET  PrivilegeSet,
_Inout_ PULONG  PrivilegeSetLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ NtAccessCheckByTypeResultList()

NTSTATUS NTAPI NtAccessCheckByTypeResultList ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PSID  PrincipalSelfSid,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ PPRIVILEGE_SET  PrivilegeSet,
_Inout_ PULONG  PrivilegeSetLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ NtAdjustGroupsToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  ResetToDefault,
_In_opt_ PTOKEN_GROUPS  NewState,
_In_opt_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS  PreviousState,
_Out_ PULONG  ReturnLength 
)

◆ NtAdjustPrivilegesToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  DisableAllPrivileges,
_In_opt_ PTOKEN_PRIVILEGES  NewState,
_In_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES  PreviousState,
_When_(PreviousState !=NULL, _Out_) PULONG  ReturnLength 
)

◆ NtAllocateLocallyUniqueId()

NTSYSCALLAPI NTSTATUS NTAPI NtAllocateLocallyUniqueId ( _Out_ LUID LocallyUniqueId)

◆ NtAllocateUuids()

NTSYSCALLAPI NTSTATUS NTAPI NtAllocateUuids ( PULARGE_INTEGER  Time,
PULONG  Range,
PULONG  Sequence,
PUCHAR  Seed 
)

◆ NtCompareTokens()

NTSYSCALLAPI NTSTATUS NTAPI NtCompareTokens ( _In_ HANDLE  FirstTokenHandle,
_In_ HANDLE  SecondTokenHandle,
_Out_ PBOOLEAN  Equal 
)

◆ NtCreateToken()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateToken ( _Out_ PHANDLE  TokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ TOKEN_TYPE  TokenType,
_In_ PLUID  AuthenticationId,
_In_ PLARGE_INTEGER  ExpirationTime,
_In_ PTOKEN_USER  TokenUser,
_In_ PTOKEN_GROUPS  TokenGroups,
_In_ PTOKEN_PRIVILEGES  TokenPrivileges,
_In_opt_ PTOKEN_OWNER  TokenOwner,
_In_ PTOKEN_PRIMARY_GROUP  TokenPrimaryGroup,
_In_opt_ PTOKEN_DEFAULT_DACL  TokenDefaultDacl,
_In_ PTOKEN_SOURCE  TokenSource 
)

Definition at line 3420 of file token.c.

3434 {
3435  HANDLE hToken;
3437  ULONG PrivilegeCount, GroupCount;
3438  PSID OwnerSid, PrimaryGroupSid;
3439  PACL DefaultDacl;
3440  LARGE_INTEGER LocalExpirationTime = {{0, 0}};
3441  LUID LocalAuthenticationId;
3442  TOKEN_SOURCE LocalTokenSource;
3443  SECURITY_QUALITY_OF_SERVICE LocalSecurityQos;
3444  PLUID_AND_ATTRIBUTES CapturedPrivileges = NULL;
3445  PSID_AND_ATTRIBUTES CapturedUser = NULL;
3446  PSID_AND_ATTRIBUTES CapturedGroups = NULL;
3447  PSID CapturedOwnerSid = NULL;
3448  PSID CapturedPrimaryGroupSid = NULL;
3449  PACL CapturedDefaultDacl = NULL;
3450  ULONG PrivilegesLength, UserLength, GroupsLength;
3451  NTSTATUS Status;
3452 
3453  PAGED_CODE();
3454 
3456 
3457  if (PreviousMode != KernelMode)
3458  {
3459  _SEH2_TRY
3460  {
3462 
3463  if (ObjectAttributes != NULL)
3464  {
3466  sizeof(OBJECT_ATTRIBUTES),
3467  sizeof(ULONG));
3468  LocalSecurityQos = *(SECURITY_QUALITY_OF_SERVICE*)ObjectAttributes->SecurityQualityOfService;
3469  }
3470 
3471  ProbeForRead(AuthenticationId,
3472  sizeof(LUID),
3473  sizeof(ULONG));
3474  LocalAuthenticationId = *AuthenticationId;
3475 
3476  LocalExpirationTime = ProbeForReadLargeInteger(ExpirationTime);
3477 
3479  sizeof(TOKEN_USER),
3480  sizeof(ULONG));
3481 
3483  sizeof(TOKEN_GROUPS),
3484  sizeof(ULONG));
3485  GroupCount = TokenGroups->GroupCount;
3486 
3488  sizeof(TOKEN_PRIVILEGES),
3489  sizeof(ULONG));
3490  PrivilegeCount = TokenPrivileges->PrivilegeCount;
3491 
3492  if (TokenOwner != NULL)
3493  {
3495  sizeof(TOKEN_OWNER),
3496  sizeof(ULONG));
3497  OwnerSid = TokenOwner->Owner;
3498  }
3499  else
3500  {
3501  OwnerSid = NULL;
3502  }
3503 
3505  sizeof(TOKEN_PRIMARY_GROUP),
3506  sizeof(ULONG));
3507  PrimaryGroupSid = TokenPrimaryGroup->PrimaryGroup;
3508 
3509  if (TokenDefaultDacl != NULL)
3510  {
3512  sizeof(TOKEN_DEFAULT_DACL),
3513  sizeof(ULONG));
3514  DefaultDacl = TokenDefaultDacl->DefaultDacl;
3515  }
3516  else
3517  {
3518  DefaultDacl = NULL;
3519  }
3520 
3522  sizeof(TOKEN_SOURCE),
3523  sizeof(ULONG));
3524  LocalTokenSource = *TokenSource;
3525  }
3527  {
3528  /* Return the exception code */
3530  }
3531  _SEH2_END;
3532  }
3533  else
3534  {
3535  if (ObjectAttributes != NULL)
3536  LocalSecurityQos = *(SECURITY_QUALITY_OF_SERVICE*)ObjectAttributes->SecurityQualityOfService;
3537  LocalAuthenticationId = *AuthenticationId;
3538  LocalExpirationTime = *ExpirationTime;
3539  GroupCount = TokenGroups->GroupCount;
3540  PrivilegeCount = TokenPrivileges->PrivilegeCount;
3541  OwnerSid = TokenOwner ? TokenOwner->Owner : NULL;
3542  PrimaryGroupSid = TokenPrimaryGroup->PrimaryGroup;
3543  DefaultDacl = TokenDefaultDacl ? TokenDefaultDacl->DefaultDacl : NULL;
3544  LocalTokenSource = *TokenSource;
3545  }
3546 
3547  /* Check token type */
3548  if ((TokenType < TokenPrimary) ||
3550  {
3551  return STATUS_BAD_TOKEN_TYPE;
3552  }
3553 
3554  /* Check for token creation privilege */
3556  {
3558  }
3559 
3560  /* Capture the user SID and attributes */
3562  1,
3563  PreviousMode,
3564  NULL,
3565  0,
3566  PagedPool,
3567  FALSE,
3568  &CapturedUser,
3569  &UserLength);
3570  if (!NT_SUCCESS(Status))
3571  {
3572  goto Cleanup;
3573  }
3574 
3575  /* Capture the groups SID and attributes array */
3577  GroupCount,
3578  PreviousMode,
3579  NULL,
3580  0,
3581  PagedPool,
3582  FALSE,
3583  &CapturedGroups,
3584  &GroupsLength);
3585  if (!NT_SUCCESS(Status))
3586  {
3587  goto Cleanup;
3588  }
3589 
3590  /* Capture privileges */
3592  PrivilegeCount,
3593  PreviousMode,
3594  NULL,
3595  0,
3596  PagedPool,
3597  FALSE,
3598  &CapturedPrivileges,
3599  &PrivilegesLength);
3600  if (!NT_SUCCESS(Status))
3601  {
3602  goto Cleanup;
3603  }
3604 
3605  /* Capture the token owner SID */
3606  if (TokenOwner != NULL)
3607  {
3608  Status = SepCaptureSid(OwnerSid,
3609  PreviousMode,
3610  PagedPool,
3611  FALSE,
3612  &CapturedOwnerSid);
3613  if (!NT_SUCCESS(Status))
3614  {
3615  goto Cleanup;
3616  }
3617  }
3618 
3619  /* Capture the token primary group SID */
3620  Status = SepCaptureSid(PrimaryGroupSid,
3621  PreviousMode,
3622  PagedPool,
3623  FALSE,
3624  &CapturedPrimaryGroupSid);
3625  if (!NT_SUCCESS(Status))
3626  {
3627  goto Cleanup;
3628  }
3629 
3630  /* Capture DefaultDacl */
3631  if (DefaultDacl != NULL)
3632  {
3633  Status = SepCaptureAcl(DefaultDacl,
3634  PreviousMode,
3635  NonPagedPool,
3636  FALSE,
3637  &CapturedDefaultDacl);
3638  if (!NT_SUCCESS(Status))
3639  {
3640  goto Cleanup;
3641  }
3642  }
3643 
3644  /* Call the internal function */
3645  Status = SepCreateToken(&hToken,
3646  PreviousMode,
3647  DesiredAccess,
3649  TokenType,
3650  LocalSecurityQos.ImpersonationLevel,
3651  &LocalAuthenticationId,
3652  &LocalExpirationTime,
3653  CapturedUser,
3654  GroupCount,
3655  CapturedGroups,
3656  0, // FIXME: Should capture
3657  PrivilegeCount,
3658  CapturedPrivileges,
3659  CapturedOwnerSid,
3660  CapturedPrimaryGroupSid,
3661  CapturedDefaultDacl,
3662  &LocalTokenSource,
3663  FALSE);
3664  if (NT_SUCCESS(Status))
3665  {
3666  _SEH2_TRY
3667  {
3668  *TokenHandle = hToken;
3669  }
3671  {
3673  }
3674  _SEH2_END;
3675  }
3676 
3677 Cleanup:
3678 
3679  /* Release what we captured */
3682  SeReleaseLuidAndAttributesArray(CapturedPrivileges, PreviousMode, FALSE);
3683  SepReleaseSid(CapturedOwnerSid, PreviousMode, FALSE);
3684  SepReleaseSid(CapturedPrimaryGroupSid, PreviousMode, FALSE);
3685  SepReleaseAcl(CapturedDefaultDacl, PreviousMode, FALSE);
3686 
3687  return Status;
3688 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
const LUID SeCreateTokenPrivilege
Definition: priv.c:23
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Definition: sid.c:559
LONG NTSTATUS
Definition: precomp.h:26
VOID NTAPI SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege, KPROCESSOR_MODE PreviousMode, BOOLEAN CaptureIfKernel)
Definition: priv.c:387
BOOLEAN NTAPI SeSinglePrivilegeCheck(IN LUID PrivilegeValue, IN KPROCESSOR_MODE PreviousMode)
Definition: priv.c:524
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src, ULONG PrivilegeCount, KPROCESSOR_MODE PreviousMode, PLUID_AND_ATTRIBUTES AllocatedMem, ULONG AllocatedLength, POOL_TYPE PoolType, BOOLEAN CaptureIfKernel, PLUID_AND_ATTRIBUTES *Dest, PULONG Length)
Definition: priv.c:291
#define PAGED_CODE()
Definition: video.h:57
_SEH2_TRY
Definition: create.c:4250
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define STATUS_BAD_TOKEN_TYPE
Definition: ntstatus.h:390
smooth NULL
Definition: ftsmooth.c:416
NTSTATUS NTAPI SepCaptureAcl(IN PACL InputAcl, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PACL *CapturedAcl)
Definition: acl.c:277
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Definition: token.c:882
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
VOID NTAPI SepReleaseAcl(IN PACL CapturedAcl, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: acl.c:365
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
#define ProbeForReadLargeInteger(Ptr)
Definition: probe.h:75
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
Definition: sid.c:358
static const WCHAR Cleanup[]
Definition: register.c:80
Status
Definition: gdiplustypes.h:24
_SEH2_END
Definition: create.c:4424
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
VOID NTAPI SepReleaseSid(IN PSID CapturedSid, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: sid.c:342
unsigned int ULONG
Definition: retypes.h:1
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
NTSTATUS NTAPI SepCaptureSid(IN PSID InputSid, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSID *CapturedSid)
Definition: sid.c:274
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:417

Referenced by LsapLogonUser().

◆ NtDuplicateToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken ( _In_ HANDLE  ExistingTokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ BOOLEAN  EffectiveOnly,
_In_ TOKEN_TYPE  TokenType,
_Out_ PHANDLE  NewTokenHandle 
)

Definition at line 2941 of file token.c.

2948 {
2950  HANDLE hToken;
2951  PTOKEN Token;
2952  PTOKEN NewToken;
2953  PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService;
2954  BOOLEAN QoSPresent;
2956  NTSTATUS Status;
2957 
2958  PAGED_CODE();
2959 
2960  if (TokenType != TokenImpersonation &&
2962  {
2963  return STATUS_INVALID_PARAMETER;
2964  }
2965 
2967 
2968  if (PreviousMode != KernelMode)
2969  {
2970  _SEH2_TRY
2971  {
2973  }
2975  {
2976  /* Return the exception code */
2978  }
2979  _SEH2_END;
2980  }
2981 
2983  PreviousMode,
2984  PagedPool,
2985  FALSE,
2986  &CapturedSecurityQualityOfService,
2987  &QoSPresent);
2988  if (!NT_SUCCESS(Status))
2989  {
2990  DPRINT1("NtDuplicateToken() failed to capture QoS! Status: 0x%x\n", Status);
2991  return Status;
2992  }
2993 
2994  Status = ObReferenceObjectByHandle(ExistingTokenHandle,
2997  PreviousMode,
2998  (PVOID*)&Token,
3000  if (!NT_SUCCESS(Status))
3001  {
3002  DPRINT1("Failed to reference token (Status 0x%lx)\n", Status);
3003  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3004  PreviousMode,
3005  FALSE);
3006  return Status;
3007  }
3008 
3009  /*
3010  * Fail, if the original token is an impersonation token and the caller
3011  * tries to raise the impersonation level of the new token above the
3012  * impersonation level of the original token.
3013  */
3014  if (Token->TokenType == TokenImpersonation)
3015  {
3016  if (QoSPresent &&
3017  CapturedSecurityQualityOfService->ImpersonationLevel >Token->ImpersonationLevel)
3018  {
3020  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3021  PreviousMode,
3022  FALSE);
3024  }
3025  }
3026 
3027  /*
3028  * Fail, if a primary token is to be created from an impersonation token
3029  * and and the impersonation level of the impersonation token is below SecurityImpersonation.
3030  */
3031  if (Token->TokenType == TokenImpersonation &&
3032  TokenType == TokenPrimary &&
3033  Token->ImpersonationLevel < SecurityImpersonation)
3034  {
3036  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3037  PreviousMode,
3038  FALSE);
3040  }
3041 
3044  EffectiveOnly,
3045  TokenType,
3046  (QoSPresent ? CapturedSecurityQualityOfService->ImpersonationLevel : SecurityAnonymous),
3047  PreviousMode,
3048  &NewToken);
3049 
3051 
3052  if (NT_SUCCESS(Status))
3053  {
3054  Status = ObInsertObject(NewToken,
3055  NULL,
3056  (DesiredAccess ? DesiredAccess : HandleInformation.GrantedAccess),
3057  0,
3058  NULL,
3059  &hToken);
3060  if (NT_SUCCESS(Status))
3061  {
3062  _SEH2_TRY
3063  {
3064  *NewTokenHandle = hToken;
3065  }
3067  {
3069  }
3070  _SEH2_END;
3071  }
3072  }
3073 
3074  /* Free the captured structure */
3075  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3076  PreviousMode,
3077  FALSE);
3078 
3079  return Status;
3080 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:387
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
#define KeGetPreviousMode()
Definition: ketypes.h:1107
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
NTSTATUS NTAPI SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, OUT PBOOLEAN Present)
Definition: sd.c:211
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
#define PAGED_CODE()
Definition: video.h:57
_SEH2_TRY
Definition: create.c:4250
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Definition: token.c:441
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:496
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
Definition: sefuncs.h:417
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
POBJECT_TYPE SeTokenObjectType
Definition: token.c:34
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
Definition: obfuncs.h:40
VOID NTAPI SepReleaseSecurityQualityOfService(IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: sd.c:367
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
#define TOKEN_DUPLICATE
Definition: setypes.h:872
Status
Definition: gdiplustypes.h:24
_SEH2_END
Definition: create.c:4424
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2932
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
#define DPRINT1
Definition: precomp.h:8
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:417
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:417

◆ NtImpersonateAnonymousToken()

NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken ( _In_ HANDLE  Thread)

◆ NtOpenObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_opt_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ACCESS_MASK  GrantedAccess,
_In_opt_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  ObjectCreation,
_In_ BOOLEAN  AccessGranted,
_Out_ PBOOLEAN  GenerateOnClose 
)

Definition at line 1001 of file audit.c.

1014 {
1015  PTOKEN ClientToken;
1016  PSECURITY_DESCRIPTOR CapturedSecurityDescriptor;
1017  UNICODE_STRING CapturedSubsystemName, CapturedObjectTypeName, CapturedObjectName;
1018  ULONG PrivilegeCount, PrivilegeSetSize;
1019  volatile PPRIVILEGE_SET CapturedPrivilegeSet;
1020  BOOLEAN LocalGenerateOnClose;
1021  PVOID CapturedHandleId;
1023  NTSTATUS Status;
1024  PAGED_CODE();
1025 
1026  /* Only user mode is supported! */
1028 
1029  /* Start clean */
1030  ClientToken = NULL;
1031  CapturedSecurityDescriptor = NULL;
1032  CapturedPrivilegeSet = NULL;
1033  CapturedSubsystemName.Buffer = NULL;
1034  CapturedObjectTypeName.Buffer = NULL;
1035  CapturedObjectName.Buffer = NULL;
1036 
1037  /* Reference the client token */
1038  Status = ObReferenceObjectByHandle(ClientTokenHandle,
1039  TOKEN_QUERY,
1041  UserMode,
1042  (PVOID*)&ClientToken,
1043  NULL);
1044  if (!NT_SUCCESS(Status))
1045  {
1046  DPRINT1("Failed to reference token handle %p: %lx\n",
1047  ClientTokenHandle, Status);
1048  return Status;
1049  }
1050 
1051  /* Capture the security subject context */
1053 
1054  /* Validate the token's impersonation level */
1055  if ((ClientToken->TokenType == TokenImpersonation) &&
1056  (ClientToken->ImpersonationLevel < SecurityIdentification))
1057  {
1058  DPRINT1("Invalid impersonation level (%u)\n", ClientToken->ImpersonationLevel);
1060  goto Cleanup;
1061  }
1062 
1063  /* Check for audit privilege */
1065  {
1066  DPRINT1("Caller does not have SeAuditPrivilege\n");
1068  goto Cleanup;
1069  }
1070 
1071  /* Check for NULL SecurityDescriptor */
1072  if (SecurityDescriptor == NULL)
1073  {
1074  /* Nothing to do */
1076  goto Cleanup;
1077  }
1078 
1079  /* Capture the security descriptor */
1081  UserMode,
1082  PagedPool,
1083  FALSE,
1084  &CapturedSecurityDescriptor);
1085  if (!NT_SUCCESS(Status))
1086  {
1087  DPRINT1("Failed to capture security descriptor!\n");
1088  goto Cleanup;
1089  }
1090 
1091  _SEH2_TRY
1092  {
1093  /* Check if we have a privilege set */
1094  if (PrivilegeSet != NULL)
1095  {
1096  /* Probe the basic privilege set structure */
1097  ProbeForRead(PrivilegeSet, sizeof(PRIVILEGE_SET), sizeof(ULONG));
1098 
1099  /* Validate privilege count */
1100  PrivilegeCount = PrivilegeSet->PrivilegeCount;
1101  if (PrivilegeCount > SEP_PRIVILEGE_SET_MAX_COUNT)
1102  {
1104  _SEH2_YIELD(goto Cleanup);
1105  }
1106 
1107  /* Calculate the size of the PrivilegeSet structure */
1108  PrivilegeSetSize = FIELD_OFFSET(PRIVILEGE_SET, Privilege[PrivilegeCount]);
1109 
1110  /* Probe the whole structure */
1111  ProbeForRead(PrivilegeSet, PrivilegeSetSize, sizeof(ULONG));
1112 
1113  /* Allocate a temp buffer */
1114  CapturedPrivilegeSet = ExAllocatePoolWithTag(PagedPool,
1115  PrivilegeSetSize,
1117  if (CapturedPrivilegeSet == NULL)
1118  {
1119  DPRINT1("Failed to allocate %u bytes\n", PrivilegeSetSize);
1121  _SEH2_YIELD(goto Cleanup);
1122  }
1123 
1124  /* Copy the privileges */
1125  RtlCopyMemory(CapturedPrivilegeSet, PrivilegeSet, PrivilegeSetSize);
1126  }
1127 
1128  if (HandleId != NULL)
1129  {
1130  ProbeForRead(HandleId, sizeof(PVOID), sizeof(PVOID));
1131  CapturedHandleId = *(PVOID*)HandleId;
1132  }
1133 
1134  ProbeForWrite(GenerateOnClose, sizeof(BOOLEAN), sizeof(BOOLEAN));
1135  }
1137  {
1139  DPRINT1("Exception while probing parameters: 0x%lx\n", Status);
1140  _SEH2_YIELD(goto Cleanup);
1141  }
1142  _SEH2_END;
1143 
1144  /* Probe and capture the subsystem name */
1145  Status = ProbeAndCaptureUnicodeString(&CapturedSubsystemName,
1146  UserMode,
1147  SubsystemName);
1148  if (!NT_SUCCESS(Status))
1149  {
1150  DPRINT1("Failed to capture subsystem name!\n");
1151  goto Cleanup;
1152  }
1153 
1154  /* Probe and capture the object type name */
1155  Status = ProbeAndCaptureUnicodeString(&CapturedObjectTypeName,
1156  UserMode,
1157  ObjectTypeName);
1158  if (!NT_SUCCESS(Status))
1159  {
1160  DPRINT1("Failed to capture object type name!\n");
1161  goto Cleanup;
1162  }
1163 
1164  /* Probe and capture the object name */
1165  Status = ProbeAndCaptureUnicodeString(&CapturedObjectName,
1166  UserMode,
1167  ObjectName);
1168  if (!NT_SUCCESS(Status))
1169  {
1170  DPRINT1("Failed to capture object name!\n");
1171  goto Cleanup;
1172  }
1173 
1174  /* Call the internal function */
1176  &CapturedSubsystemName,
1177  CapturedHandleId,
1178  &CapturedObjectTypeName,
1179  &CapturedObjectName,
1180  CapturedSecurityDescriptor,
1181  ClientToken,
1182  DesiredAccess,
1183  GrantedAccess,
1184  CapturedPrivilegeSet,
1185  ObjectCreation,
1186  AccessGranted,
1187  &LocalGenerateOnClose);
1188 
1190 
1191  /* Enter SEH to copy the data back to user mode */
1192  _SEH2_TRY
1193  {
1194  *GenerateOnClose = LocalGenerateOnClose;
1195  }
1197  {
1199  DPRINT1("Exception while copying back data: 0x%lx\n", Status);
1200  }
1201  _SEH2_END;
1202 
1203 Cleanup:
1204 
1205  if (CapturedObjectName.Buffer != NULL)
1206  ReleaseCapturedUnicodeString(&CapturedObjectName, UserMode);
1207 
1208  if (CapturedObjectTypeName.Buffer != NULL)
1209  ReleaseCapturedUnicodeString(&CapturedObjectTypeName, UserMode);
1210 
1211  if (CapturedSubsystemName.Buffer != NULL)
1212  ReleaseCapturedUnicodeString(&CapturedSubsystemName, UserMode);
1213 
1214  if (CapturedSecurityDescriptor != NULL)
1215  SeReleaseSecurityDescriptor(CapturedSecurityDescriptor, UserMode, FALSE);
1216 
1217  if (CapturedPrivilegeSet != NULL)
1218  ExFreePoolWithTag(CapturedPrivilegeSet, TAG_PRIVILEGE_SET);
1219 
1220  /* Release the security subject context */
1222 
1223  ObDereferenceObject(ClientToken);
1224 
1225  return Status;
1226 }
static __inline NTSTATUS ProbeAndCaptureUnicodeString(OUT PUNICODE_STRING Dest, IN KPROCESSOR_MODE CurrentMode, IN const UNICODE_STRING *UnsafeSrc)
Definition: probe.h:142
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
TOKEN_TYPE TokenType
Definition: setypes.h:175
VOID NTAPI SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:301
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239
VOID NTAPI SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:360
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:387
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
#define SEP_PRIVILEGE_SET_MAX_COUNT
Definition: audit.c:17
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
#define PAGED_CODE()
Definition: video.h:57
NTSTATUS NTAPI SeReleaseSecurityDescriptor(IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN BOOLEAN CaptureIfKernelMode)
Definition: sd.c:766
_SEH2_TRY
Definition: create.c:4250
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:496
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
POBJECT_TYPE SeTokenObjectType
Definition: token.c:34
static __inline VOID ReleaseCapturedUnicodeString(IN PUNICODE_STRING CapturedString, IN KPROCESSOR_MODE CurrentMode)
Definition: probe.h:228
#define TOKEN_QUERY
Definition: setypes.h:874
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
Definition: user_lib.cpp:531
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
static const WCHAR Cleanup[]
Definition: register.c:80
Status
Definition: gdiplustypes.h:24
_SEH2_END
Definition: create.c:4424
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:414
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:254
BOOLEAN NTAPI SeCheckAuditPrivilege(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Definition: priv.c:257
#define DPRINT1
Definition: precomp.h:8
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:176
unsigned int ULONG
Definition: retypes.h:1
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
NTSTATUS NTAPI SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Definition: sd.c:434
#define TAG_PRIVILEGE_SET
Definition: tag.h:179
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
return STATUS_SUCCESS
Definition: btrfs.c:2966
VOID NTAPI SepOpenObjectAuditAlarm(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PTOKEN ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
Definition: audit.c:967

◆ NtOpenProcessTokenEx()

NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

◆ NtPrivilegeCheck()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck ( _In_ HANDLE  ClientToken,
_Inout_ PPRIVILEGE_SET  RequiredPrivileges,
_Out_ PBOOLEAN  Result 
)

◆ NtPrivilegedServiceAuditAlarm()

NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PUNICODE_STRING  ServiceName,
_In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ NtPrivilegeObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ NtSetInformationToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken ( _In_ HANDLE  TokenHandle,
_In_ TOKEN_INFORMATION_CLASS  TokenInformationClass,
_In_reads_bytes_(TokenInformationLength) PVOID  TokenInformation,
_In_ ULONG  TokenInformationLength 
)

Definition at line 2414 of file token.c.

2419 {
2420  NTSTATUS Status;
2421  PTOKEN Token;
2423  ULONG NeededAccess = TOKEN_ADJUST_DEFAULT;
2424 
2425  PAGED_CODE();
2426 
2428 
2432  TokenInformation,
2434  PreviousMode);
2435  if (!NT_SUCCESS(Status))
2436  {
2437  /* Invalid buffers */
2438  DPRINT("NtSetInformationToken() failed, Status: 0x%x\n", Status);
2439  return Status;
2440  }
2441 
2443  {
2444  NeededAccess |= TOKEN_ADJUST_SESSIONID;
2445  }
2446 
2448  NeededAccess,
2450  PreviousMode,
2451  (PVOID*)&Token,
2452  NULL);
2453  if (NT_SUCCESS(Status))
2454  {
2455  switch (TokenInformationClass)
2456  {
2457  case TokenOwner:
2458  {
2459  if (TokenInformationLength >= sizeof(TOKEN_OWNER))
2460  {
2461  PTOKEN_OWNER to = (PTOKEN_OWNER)TokenInformation;
2462  PSID InputSid = NULL, CapturedSid;
2463  ULONG DefaultOwnerIndex;
2464 
2465  _SEH2_TRY
2466  {
2467  InputSid = to->Owner;
2468  }
2470  {
2472  _SEH2_YIELD(goto Cleanup);
2473  }
2474  _SEH2_END;
2475 
2476  Status = SepCaptureSid(InputSid,
2477  PreviousMode,
2478  PagedPool,
2479  FALSE,
2480  &CapturedSid);
2481  if (NT_SUCCESS(Status))
2482  {
2483  /* Lock the token */
2485 
2486  /* Find the owner amongst the existing token user and groups */
2488  NULL,
2489  CapturedSid,
2490  NULL,
2491  &DefaultOwnerIndex);
2492  if (NT_SUCCESS(Status))
2493  {
2494  /* Found it */
2495  Token->DefaultOwnerIndex = DefaultOwnerIndex;
2496  ExAllocateLocallyUniqueId(&Token->ModifiedId);
2497  }
2498 
2499  /* Unlock the token */
2501 
2502  SepReleaseSid(CapturedSid,
2503  PreviousMode,
2504  FALSE);
2505  }
2506  }
2507  else
2508  {
2510  }
2511  break;
2512  }
2513 
2514  case TokenPrimaryGroup:
2515  {
2517  {
2518  PTOKEN_PRIMARY_GROUP tpg = (PTOKEN_PRIMARY_GROUP)TokenInformation;
2519  PSID InputSid = NULL, CapturedSid;
2520  ULONG PrimaryGroupIndex;
2521 
2522  _SEH2_TRY
2523  {
2524  InputSid = tpg->PrimaryGroup;
2525  }
2527  {
2529  _SEH2_YIELD(goto Cleanup);
2530  }
2531  _SEH2_END;
2532 
2533  Status = SepCaptureSid(InputSid,
2534  PreviousMode,
2535  PagedPool,
2536  FALSE,
2537  &CapturedSid);
2538  if (NT_SUCCESS(Status))
2539  {
2540  /* Lock the token */
2542 
2543  /* Find the primary group amongst the existing token user and groups */
2545  CapturedSid,
2546  NULL,
2547  &PrimaryGroupIndex,
2548  NULL);
2549  if (NT_SUCCESS(Status))
2550  {
2551  /* Found it */
2552  Token->PrimaryGroup = Token->UserAndGroups[PrimaryGroupIndex].Sid;
2553  ExAllocateLocallyUniqueId(&Token->ModifiedId);
2554  }
2555 
2556  /* Unlock the token */
2558 
2559  SepReleaseSid(CapturedSid,
2560  PreviousMode,
2561  FALSE);
2562  }
2563  }
2564  else
2565  {
2567  }
2568  break;
2569  }
2570 
2571  case TokenDefaultDacl:
2572  {
2574  {
2575  PTOKEN_DEFAULT_DACL tdd = (PTOKEN_DEFAULT_DACL)TokenInformation;
2576  PACL InputAcl = NULL;
2577 
2578  _SEH2_TRY
2579  {
2580  InputAcl = tdd->DefaultDacl;
2581  }
2583  {
2585  _SEH2_YIELD(goto Cleanup);
2586  }
2587  _SEH2_END;
2588 
2589  if (InputAcl != NULL)
2590  {
2591  PACL CapturedAcl;
2592 
2593  /* Capture and copy the dacl */
2594  Status = SepCaptureAcl(InputAcl,
2595  PreviousMode,
2596  PagedPool,
2597  TRUE,
2598  &CapturedAcl);
2599  if (NT_SUCCESS(Status))
2600  {
2601  ULONG DynamicLength;
2602 
2603  /* Lock the token */
2605 
2606  //
2607  // NOTE: So far our dynamic area only contains
2608  // the default dacl, so this makes the following
2609  // code pretty simple. The day where it stores
2610  // other data, the code will require adaptations.
2611  //
2612 
2613  DynamicLength = Token->DynamicAvailable;
2614  // Add here any other data length present in the dynamic area...
2615  if (Token->DefaultDacl)
2616  DynamicLength += Token->DefaultDacl->AclSize;
2617 
2618  /* Reallocate the dynamic area if it is too small */
2620  if ((DynamicLength < CapturedAcl->AclSize) ||
2621  (Token->DynamicPart == NULL))
2622  {
2623  PVOID NewDynamicPart;
2624 
2625  NewDynamicPart = ExAllocatePoolWithTag(PagedPool,
2626  CapturedAcl->AclSize,
2628  if (NewDynamicPart == NULL)
2629  {
2631  }
2632  else
2633  {
2634  if (Token->DynamicPart != NULL)
2635  {
2636  // RtlCopyMemory(NewDynamicPart, Token->DynamicPart, DynamicLength);
2637  ExFreePoolWithTag(Token->DynamicPart, TAG_TOKEN_DYNAMIC);
2638  }
2639  Token->DynamicPart = NewDynamicPart;
2640  Token->DynamicAvailable = 0;
2641  }
2642  }
2643  else
2644  {
2645  Token->DynamicAvailable = DynamicLength - CapturedAcl->AclSize;
2646  }
2647 
2648  if (NT_SUCCESS(Status))
2649  {
2650  /* Set the new dacl */
2651  Token->DefaultDacl = (PVOID)Token->DynamicPart;
2652  RtlCopyMemory(Token->DefaultDacl,
2653  CapturedAcl,
2654  CapturedAcl->AclSize);
2655 
2656  ExAllocateLocallyUniqueId(&Token->ModifiedId);
2657  }
2658 
2659  /* Unlock the token */
2661 
2662  ExFreePoolWithTag(CapturedAcl, TAG_ACL);
2663  }
2664  }
2665  else
2666  {
2667  /* Lock the token */
2669 
2670  /* Clear the default dacl if present */
2671  if (Token->DefaultDacl != NULL)
2672  {
2673  Token->DynamicAvailable += Token->DefaultDacl->AclSize;
2674  RtlZeroMemory(Token->DefaultDacl, Token->DefaultDacl->AclSize);
2675  Token->DefaultDacl = NULL;
2676 
2677  ExAllocateLocallyUniqueId(&Token->ModifiedId);
2678  }
2679 
2680  /* Unlock the token */
2682  }
2683  }
2684  else
2685  {
2687  }
2688  break;
2689  }
2690 
2691  case TokenSessionId:
2692  {
2693  ULONG SessionId = 0;
2694 
2695  _SEH2_TRY
2696  {
2697  /* Buffer size was already verified, no need to check here again */
2698  SessionId = *(PULONG)TokenInformation;
2699  }
2701  {
2703  _SEH2_YIELD(goto Cleanup);
2704  }
2705  _SEH2_END;
2706 
2707  /* Check for TCB privilege */
2709  {
2711  break;
2712  }
2713 
2714  /* Lock the token */
2716 
2717  Token->SessionId = SessionId;
2718  ExAllocateLocallyUniqueId(&Token->ModifiedId);
2719 
2720  /* Unlock the token */
2722 
2723  break;
2724  }
2725 
2726  case TokenSessionReference:
2727  {
2728  ULONG SessionReference;
2729 
2730  _SEH2_TRY
2731  {
2732  /* Buffer size was already verified, no need to check here again */
2733  SessionReference = *(PULONG)TokenInformation;
2734  }
2736  {
2738  _SEH2_YIELD(goto Cleanup);
2739  }
2740  _SEH2_END;
2741 
2742  /* Check for TCB privilege */
2744  {
2746  goto Cleanup;
2747  }
2748 
2749  /* Check if it is 0 */
2750  if (SessionReference == 0)
2751  {
2752  ULONG OldTokenFlags;
2753 
2754  /* Lock the token */
2756 
2757  /* Atomically set the flag in the token */
2758  OldTokenFlags = RtlInterlockedSetBits(&Token->TokenFlags,
2760  /*
2761  * If the flag was already set, do not dereference again
2762  * the logon session. Use SessionReference as an indicator
2763  * to know whether to really dereference the session.
2764  */
2765  if (OldTokenFlags == Token->TokenFlags)
2766  SessionReference = ULONG_MAX;
2767 
2768  /* Unlock the token */
2770  }
2771 
2772  /* Dereference the logon session if needed */
2773  if (SessionReference == 0)
2774  SepRmDereferenceLogonSession(&Token->AuthenticationId);
2775 
2776  break;
2777  }
2778 
2779  case TokenAuditPolicy:
2780  {
2781  PTOKEN_AUDIT_POLICY_INFORMATION PolicyInformation =
2782  (PTOKEN_AUDIT_POLICY_INFORMATION)TokenInformation;
2783  SEP_AUDIT_POLICY AuditPolicy;
2784  ULONG i;
2785 
2786  _SEH2_TRY
2787  {
2788  ProbeForRead(PolicyInformation,
2790  Policies[PolicyInformation->PolicyCount]),
2791  sizeof(ULONG));
2792 
2793  /* Loop all policies in the structure */
2794  for (i = 0; i < PolicyInformation->PolicyCount; i++)
2795  {
2796  /* Set the corresponding bits in the packed structure */
2797  switch (PolicyInformation->Policies[i].Category)
2798  {
2799  case AuditCategorySystem:
2800  AuditPolicy.PolicyElements.System = PolicyInformation->Policies[i].Value;
2801  break;
2802 
2803  case AuditCategoryLogon:
2804  AuditPolicy.PolicyElements.Logon = PolicyInformation->Policies[i].Value;
2805  break;
2806 
2808  AuditPolicy.PolicyElements.ObjectAccess = PolicyInformation->Policies[i].Value;
2809  break;
2810 
2812  AuditPolicy.PolicyElements.PrivilegeUse = PolicyInformation->Policies[i].Value;
2813  break;
2814 
2816  AuditPolicy.PolicyElements.DetailedTracking = PolicyInformation->Policies[i].Value;
2817  break;
2818 
2820  AuditPolicy.PolicyElements.PolicyChange = PolicyInformation->Policies[i].Value;
2821  break;
2822 
2824  AuditPolicy.PolicyElements.AccountManagement = PolicyInformation->Policies[i].Value;
2825  break;
2826 
2828  AuditPolicy.PolicyElements.DirectoryServiceAccess = PolicyInformation->Policies[i].Value;
2829  break;
2830 
2832  AuditPolicy.PolicyElements.AccountLogon = PolicyInformation->Policies[i].Value;
2833  break;
2834  }
2835  }
2836  }
2838  {
2840  _SEH2_YIELD(goto Cleanup);
2841  }
2842  _SEH2_END;
2843 
2844  /* Check for TCB privilege */
2846  {
2848  break;
2849  }
2850 
2851  /* Lock the token */
2853 
2854  /* Set the new audit policy */
2855  Token->AuditPolicy = AuditPolicy;
2856  ExAllocateLocallyUniqueId(&Token->ModifiedId);
2857 
2858  /* Unlock the token */
2860 
2861  break;
2862  }
2863 
2864  case TokenOrigin:
2865  {
2867 
2868  _SEH2_TRY
2869  {
2870  /* Copy the token origin */
2871  TokenOrigin = *(PTOKEN_ORIGIN)TokenInformation;
2872  }
2874  {
2876  _SEH2_YIELD(goto Cleanup);
2877  }
2878  _SEH2_END;
2879 
2880  /* Check for TCB privilege */
2882  {
2884  break;
2885  }
2886 
2887  /* Lock the token */
2889 
2890  /* Check if there is no token origin set yet */
2891  if (RtlIsZeroLuid(&Token->OriginatingLogonSession))
2892  {
2893  /* Set the token origin */
2894  Token->OriginatingLogonSession =
2895  TokenOrigin.OriginatingLogonSession;
2896 
2897  ExAllocateLocallyUniqueId(&Token->ModifiedId);
2898  }
2899 
2900  /* Unlock the token */
2902 
2903  break;
2904  }
2905 
2906  default:
2907  {
2908  DPRINT1("Invalid TokenInformationClass: 0x%lx\n",
2911  break;
2912  }
2913  }
2914 Cleanup:
2916  }
2917 
2918  if (!NT_SUCCESS(Status))
2919  {
2920  DPRINT1("NtSetInformationToken failed with Status 0x%lx\n", Status);
2921  }
2922 
2923  return Status;
2924 }
#define SepAcquireTokenLockExclusive(Token)
Definition: se.h:200
static NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Definition: token.c:345
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
#define TRUE
Definition: types.h:120
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133
struct _TOKEN_PRIMARY_GROUP * PTOKEN_PRIMARY_GROUP
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
Definition: sefuncs.h:320
USHORT AclSize
Definition: ms-dtyp.idl:296
ULONG SessionId
Definition: dllmain.c:28
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
BOOLEAN NTAPI SeSinglePrivilegeCheck(IN LUID PrivilegeValue, IN KPROCESSOR_MODE PreviousMode)
Definition: priv.c:524
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
struct _TOKEN_AUDIT_POLICY_INFORMATION::@1759 Policies[1]
static __inline NTSTATUS DefaultSetInfoBufferCheck(ULONG Class, const INFORMATION_CLASS_INFO *ClassList, ULONG ClassListEntries, PVOID Buffer, ULONG BufferLength, KPROCESSOR_MODE PreviousMode)
Definition: probe.h:8
#define PAGED_CODE()
Definition: video.h:57
_SEH2_TRY
Definition: create.c:4250
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:496
struct _TOKEN_DEFAULT_DACL * PTOKEN_DEFAULT_DACL
struct _TOKEN_ORIGIN * PTOKEN_ORIGIN
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
smooth NULL
Definition: ftsmooth.c:416
POBJECT_TYPE SeTokenObjectType
Definition: token.c:34
NTSTATUS NTAPI SepCaptureAcl(IN PACL InputAcl, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PACL *CapturedAcl)
Definition: acl.c:277
PSID Owner
Definition: setypes.h:974
void DPRINT(...)
Definition: polytest.cpp:61
#define TOKEN_ADJUST_DEFAULT
Definition: setypes.h:878
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
void * PVOID
Definition: retypes.h:9
NTSTATUS SepRmDereferenceLogonSession(PLUID LogonLuid)
Definition: srm.c:664
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
struct _TOKEN_AUDIT_POLICY_INFORMATION * PTOKEN_AUDIT_POLICY_INFORMATION
#define RtlIsZeroLuid(_L1)
Definition: rtlfuncs.h:753
SEP_AUDIT_POLICY_CATEGORIES PolicyElements
Definition: setypes.h:137
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
struct _TOKEN_OWNER * PTOKEN_OWNER
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
#define STATUS_INVALID_INFO_CLASS
Definition: ntstatus.h:226
#define SepReleaseTokenLock(Token)
Definition: se.h:211
#define TAG_TOKEN_DYNAMIC
Definition: tag.h:180
static const WCHAR Cleanup[]
Definition: register.c:80
Status
Definition: gdiplustypes.h:24
const LUID SeTcbPrivilege
Definition: priv.c:28
#define TAG_ACL
Definition: tag.h:174
_SEH2_END
Definition: create.c:4424
#define RTL_NUMBER_OF(x)
Definition: RtlRegistry.c:12
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:340
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:254
unsigned int * PULONG
Definition: retypes.h:1
VOID NTAPI SepReleaseSid(IN PSID CapturedSid, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: sid.c:342
#define DPRINT1
Definition: precomp.h:8
#define RtlInterlockedSetBits(Flags, Flag)
Definition: rtlfuncs.h:3436
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
static const INFORMATION_CLASS_INFO SeTokenInformationClass[]
Definition: token.c:48
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
return STATUS_SUCCESS
Definition: btrfs.c:2966
#define TOKEN_ADJUST_SESSIONID
Definition: setypes.h:879
NTSTATUS NTAPI SepCaptureSid(IN PSID InputSid, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSID *CapturedSid)
Definition: sid.c:274
#define TOKEN_SESSION_NOT_REFERENCED
Definition: setypes.h:1130
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
Definition: sefuncs.h:318
#define ULONG_MAX
Definition: limits.h:44

◆ SeCaptureSecurityDescriptor()

NTKERNELAPI NTSTATUS NTAPI SeCaptureSecurityDescriptor ( _In_ PSECURITY_DESCRIPTOR  OriginalSecurityDescriptor,
_In_ KPROCESSOR_MODE  CurrentMode,
_In_ POOL_TYPE  PoolType,
_In_ BOOLEAN  CaptureIfKernel,
_Out_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor 
)

◆ SeCreateAccessState()

NTKERNELAPI NTSTATUS NTAPI SeCreateAccessState ( PACCESS_STATE  AccessState,
PAUX_ACCESS_DATA  AuxData,
ACCESS_MASK  Access,
PGENERIC_MAPPING  GenericMapping 
)

◆ SeDeleteAccessState()

NTKERNELAPI VOID NTAPI SeDeleteAccessState ( _In_ PACCESS_STATE  AccessState)

◆ SeReleaseSecurityDescriptor()

NTKERNELAPI NTSTATUS NTAPI SeReleaseSecurityDescriptor ( _In_ PSECURITY_DESCRIPTOR  CapturedSecurityDescriptor,
_In_ KPROCESSOR_MODE  CurrentMode,
_In_ BOOLEAN  CaptureIfKernelMode 
)

◆ SeTokenImpersonationLevel()

NTKERNELAPI SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel ( _In_ PACCESS_TOKEN  Token)

◆ ZwAccessCheck()

NTSYSAPI NTSTATUS NTAPI ZwAccessCheck ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_ PPRIVILEGE_SET  PrivilegeSet,
_Out_ PULONG  ReturnLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ ZwAdjustGroupsToken()

NTSYSAPI NTSTATUS NTAPI ZwAdjustGroupsToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  ResetToDefault,
_In_ PTOKEN_GROUPS  NewState,
_In_ ULONG  BufferLength,
_Out_opt_ PTOKEN_GROUPS  PreviousState,
_Out_ PULONG  ReturnLength 
)

◆ ZwAdjustPrivilegesToken()

◆ ZwAllocateLocallyUniqueId()

NTSYSAPI NTSTATUS NTAPI ZwAllocateLocallyUniqueId ( _Out_ LUID LocallyUniqueId)

◆ ZwAllocateUuids()

NTSYSAPI NTSTATUS NTAPI ZwAllocateUuids ( PULARGE_INTEGER  Time,
PULONG  Range,
PULONG  Sequence,
PUCHAR  Seed 
)

◆ ZwCreateToken()

NTSYSAPI NTSTATUS NTAPI ZwCreateToken ( _Out_ PHANDLE  TokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ TOKEN_TYPE  TokenType,
_In_ PLUID  AuthenticationId,
_In_ PLARGE_INTEGER  ExpirationTime,
_In_ PTOKEN_USER  TokenUser,
_In_ PTOKEN_GROUPS  TokenGroups,
_In_ PTOKEN_PRIVILEGES  TokenPrivileges,
_In_ PTOKEN_OWNER  TokenOwner,
_In_ PTOKEN_PRIMARY_GROUP  TokenPrimaryGroup,
_In_ PTOKEN_DEFAULT_DACL  TokenDefaultDacl,
_In_ PTOKEN_SOURCE  TokenSource 
)

◆ ZwImpersonateAnonymousToken()

NTSYSAPI NTSTATUS NTAPI ZwImpersonateAnonymousToken ( _In_ HANDLE  Thread)

◆ ZwOpenObjectAuditAlarm()

NTSYSAPI NTSTATUS NTAPI ZwOpenObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ULONG  DesiredAccess,
_In_ ULONG  GrantedAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  ObjectCreation,
_In_ BOOLEAN  AccessGranted,
_Out_ PBOOLEAN  GenerateOnClose 
)

◆ ZwOpenProcessTokenEx()

NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

◆ ZwPrivilegeCheck()

NTSYSAPI NTSTATUS NTAPI ZwPrivilegeCheck ( _In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  RequiredPrivileges,
_In_ PBOOLEAN  Result 
)

◆ ZwPrivilegedServiceAuditAlarm()

NTSYSAPI NTSTATUS NTAPI ZwPrivilegedServiceAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PUNICODE_STRING  ServiceName,
_In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ ZwPrivilegeObjectAuditAlarm()

NTSYSAPI NTSTATUS NTAPI ZwPrivilegeObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PVOID  HandleId,
_In_ HANDLE  ClientToken,
_In_ ULONG  DesiredAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ ZwSetInformationToken()

NTSYSAPI NTSTATUS NTAPI ZwSetInformationToken ( _In_ HANDLE  TokenHandle,
_In_ TOKEN_INFORMATION_CLASS  TokenInformationClass,
_Out_ PVOID  TokenInformation,
_In_ ULONG  TokenInformationLength 
)

Variable Documentation

◆ DesiredAccess

_In_ ACCESS_MASK DesiredAccess

Definition at line 417 of file sefuncs.h.

◆ EffectiveOnly

◆ Length

Definition at line 509 of file sefuncs.h.

◆ NewTokenHandle

Definition at line 417 of file sefuncs.h.

Referenced by NtDuplicateToken().

◆ ObjectAttributes

Definition at line 417 of file sefuncs.h.

◆ ResultLength

Definition at line 509 of file sefuncs.h.

◆ ReturnLength

Definition at line 320 of file sefuncs.h.

◆ TokenHandle

Definition at line 455 of file sefuncs.h.

◆ TokenInformationClass

◆ TokenInformationLength

◆ TokenType