ReactOS 0.4.16-dev-1188-gc03d779
Functions | Variables
sefuncs.h File Reference
#include <umtypes.h>
Include dependency graph for sefuncs.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

NTKERNELAPI NTSTATUS NTAPI SeCaptureSecurityDescriptor (_In_ PSECURITY_DESCRIPTOR OriginalSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
 Captures a security descriptor.
 
NTKERNELAPI NTSTATUS NTAPI SeReleaseSecurityDescriptor (_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
 Releases a captured security descriptor buffer.
 
NTKERNELAPI NTSTATUS NTAPI SeCreateAccessState (_In_ PACCESS_STATE AccessState, _In_ PAUX_ACCESS_DATA AuxData, _In_ ACCESS_MASK Access, _In_ PGENERIC_MAPPING GenericMapping)
 
NTKERNELAPI VOID NTAPI SeDeleteAccessState (_In_ PACCESS_STATE AccessState)
 Deletes an allocated access state from the memory.
 
NTKERNELAPI SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel (_In_ PACCESS_TOKEN Token)
 Gathers the security impersonation level of an access token.
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheck (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 Determines whether security access can be granted to a client that requests such access on an object.
 
_Must_inspect_result_ NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByType (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 Determines whether security access can be granted to a client that requests such access on the object type list. The access is either granted or denied for the whole object hierarchy in the list.
 
_Must_inspect_result_ NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultList (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus)
 Determines whether security access can be granted to a client that requests such access on the object type list. Unlike the NtAccessCheckByType variant, this function will grant or deny access to each individual object and sub-object in the list.
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made.
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_opt_ PTOKEN_GROUPS NewState, _In_opt_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAllocateLocallyUniqueId (_Out_ LUID *LocallyUniqueId)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAllocateUuids (_Out_ PULARGE_INTEGER Time, _Out_ PULONG Range, _Out_ PULONG Sequence, _Out_ PUCHAR Seed)
 
NTSYSCALLAPI NTSTATUS NTAPI NtCompareTokens (_In_ HANDLE FirstTokenHandle, _In_ HANDLE SecondTokenHandle, _Out_ PBOOLEAN Equal)
 Compares tokens if they're equal or not.
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateToken (_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_opt_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_opt_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
 Creates an access token.
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken (_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
 Duplicates a token.
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFilterToken (_In_ HANDLE ExistingTokenHandle, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PHANDLE NewTokenHandle)
 Creates an access token in a restricted form from the original existing token, that is, such action is called filtering.
 
NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken (_In_ HANDLE ThreadHandle)
 Allows the calling thread to impersonate the system's anonymous logon token.
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
 Raises an alarm audit message when an object is about to be opened.
 
NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck (_In_ HANDLE ClientToken, _Inout_ PPRIVILEGE_SET RequiredPrivileges, _Out_ PBOOLEAN Result)
 
NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
 _When_ (TokenInformationClass==TokenAccessInformation, _At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))) _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle
 
_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ (TokenInformationLength, *ReturnLength) PVOID TokenInformation
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken (_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
 Sets (modifies) some specific information in regard of an access token. The calling thread must have specific access rights in order to modify token's information data.
 
NTSYSAPI NTSTATUS NTAPI ZwAccessCheck (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Out_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
NTSYSAPI NTSTATUS NTAPI ZwAdjustGroupsToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_ PTOKEN_GROUPS NewState, _In_ ULONG BufferLength, _Out_opt_ PTOKEN_GROUPS PreviousState, _Out_ PULONG ReturnLength)
 
_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI ZwAdjustPrivilegesToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
 
NTSYSAPI NTSTATUS NTAPI ZwAllocateLocallyUniqueId (_Out_ LUID *LocallyUniqueId)
 
NTSYSAPI NTSTATUS NTAPI ZwAllocateUuids (_Out_ PULARGE_INTEGER Time, _Out_ PULONG Range, _Out_ PULONG Sequence, _Out_ PUCHAR Seed)
 
NTSYSAPI NTSTATUS NTAPI ZwCreateToken (_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
 
 _IRQL_requires_max_ (PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwDuplicateToken(_In_ HANDLE ExistingTokenHandle
 Queries information details about a security descriptor.
 
NTSYSAPI NTSTATUS NTAPI ZwImpersonateAnonymousToken (_In_ HANDLE Thread)
 
NTSYSAPI NTSTATUS NTAPI ZwOpenObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ULONG DesiredAccess, _In_ ULONG GrantedAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
 
NTSYSAPI NTSTATUS NTAPI ZwPrivilegeCheck (_In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET RequiredPrivileges, _In_ PBOOLEAN Result)
 
NTSYSAPI NTSTATUS NTAPI ZwPrivilegedServiceAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
NTSYSAPI NTSTATUS NTAPI ZwPrivilegeObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ULONG DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ (Length, *ResultLength) PVOID TokenInformation
 
NTSYSAPI NTSTATUS NTAPI ZwSetInformationToken (_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_ PVOID TokenInformation, _In_ ULONG TokenInformationLength)
 

Variables

_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ReturnLength
 
_In_ ACCESS_MASK DesiredAccess
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
 
_In_ ACCESS_MASK _Out_ PHANDLE TokenHandle
 
_In_ ACCESS_MASK _In_ ULONG HandleAttributes
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG Length
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ResultLength
 

Function Documentation

◆ _IRQL_requires_max_()

_IRQL_requires_max_ ( PASSIVE_LEVEL  )

Queries information details about a security descriptor.

Computes the quota size of a security descriptor.

Assigns a security descriptor for a new object.

An extended function that assigns a security descriptor for a new object.

Frees a security descriptor.

An extended function that sets new information data to a security descriptor.

Modifies some information data about a security descriptor.

Parameters
[in]SecurityInformationSecurity information details to be queried from a security descriptor.
[out]SecurityDescriptorThe returned security descriptor with security information data.
[in,out]LengthThe returned length of a security descriptor.
[in,out]ObjectsSecurityDescriptorThe returned object security descriptor.
Returns
Returns STATUS_SUCCESS if the operations have been completed successfully and that the specific information about the security descriptor has been queried. STATUS_BUFFER_TOO_SMALL is returned if the buffer size is too small to contain the queried info about the security descriptor.
Parameters
[in]ObjectIf specified, the function will use this arbitrary object that points to an object security descriptor.
[in]SecurityInformationSecurity information details to be set.
[in]SecurityDescriptorA security descriptor where its info is to be changed.
[in,out]ObjectsSecurityDescriptorThe returned pointer to security descriptor objects.
[in]PoolTypePool type for the new security descriptor to allocate.
[in]GenericMappingThe generic mapping of access rights masks.
Returns
See SeSetSecurityDescriptorInfoEx.
Parameters
[in]ObjectIf specified, the function will use this arbitrary object that points to an object security descriptor.
[in]SecurityInformationSecurity information details to be set.
[in]SecurityDescriptorA security descriptor where its info is to be changed.
[in,out]ObjectsSecurityDescriptorThe returned pointer to security descriptor objects.
[in]AutoInheritFlagsFlags bitmask inheritation, influencing how the security descriptor can be inherited and if it can be in the first place.
[in]PoolTypePool type for the new security descriptor to allocate.
[in]GenericMappingThe generic mapping of access rights masks.
Returns
Returns STATUS_SUCCESS if the operations have been completed without problems and that new info has been set to the security descriptor. STATUS_NO_SECURITY_ON_OBJECT is returned if the object does not have a security descriptor. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the new security descriptor with new info set has failed.
Parameters
[in]SecurityDescriptorA security descriptor to be freed from memory.
Returns
Returns STATUS_SUCCESS.
Parameters
[in]_ParentDescriptorA security descriptor of the parent object that is being created.
[in]_ExplicitDescriptorAn explicit security descriptor that is applied to a new object.
[out]NewDescriptorThe new allocated security descriptor.
[in]ObjectTypeThe type of the new object.
[in]IsDirectoryObjectSet this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]AutoInheritFlagsAutomatic inheritance flags that influence how access control entries within ACLs from security descriptors are inherited.
[in]SubjectContextSecurity subject context of the new object.
[in]GenericMappingGeneric mapping of access mask rights.
[in]PoolTypeThis parameter is unused.
Returns
Returns STATUS_SUCCESS if the operations have been completed successfully and that the security descriptor has been assigned to the new object. STATUS_NO_TOKEN is returned if the caller hasn't supplied a valid argument to a security subject context. STATUS_INVALID_OWNER is returned if the caller hasn't supplied a parent descriptor that belongs to the main user (owner). STATUS_INVALID_PRIMARY_GROUP is returned by the same reason as with the previous NTSTATUS code. The two NTSTATUS codes are returned if the calling thread stated that the owner and/or group is defaulted to the parent descriptor (SEF_DEFAULT_OWNER_FROM_PARENT and/or SEF_DEFAULT_GROUP_FROM_PARENT respectively). STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the descriptor buffer has failed. A failure NTSTATUS is returned otherwise.
Parameters
[in]ParentDescriptorA security descriptor of the parent object that is being created.
[in]ExplicitDescriptorAn explicit security descriptor that is applied to a new object.
[out]NewDescriptorThe new allocated security descriptor.
[in]IsDirectoryObjectSet this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]SubjectContextSecurity subject context of the new object.
[in]GenericMappingGeneric mapping of access mask rights.
[in]PoolTypeThis parameter is unused.
Returns
See SeAssignSecurityEx.
Parameters
[in]SecurityDescriptorA security descriptor.
[out]QuotaInfoSizeThe returned quota size of the given security descriptor to the caller. The function may return 0 to this parameter if the descriptor doesn't have a group or a discretionary access control list (DACL) even.
Returns
Returns STATUS_SUCCESS if the quota size of a security descriptor has been computed successfully. STATUS_UNKNOWN_REVISION is returned if the security descriptor has an invalid revision.

Definition at line 923 of file Messaging.c.

75{
76 PFLT_SERVER_PORT_OBJECT PortObject;
77 NTSTATUS Status;
78
79 /* The caller must allow at least one connection */
80 if (MaxConnections == 0)
81 {
82 return STATUS_INVALID_PARAMETER;
83 }
84
85 /* The request must be for a kernel handle */
86 if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
87 {
88 return STATUS_INVALID_PARAMETER;
89 }
90
91 /*
92 * Get rundown protection on the target to stop the owner
93 * from unloading whilst this port object is open. It gets
94 * removed in the FltpServerPortClose callback
95 */
96 Status = FltObjectReference(Filter);
97 if (!NT_SUCCESS(Status))
98 {
99 return Status;
100 }
101
102 /* Create the server port object for this filter */
103 Status = ObCreateObject(KernelMode,
104 ServerPortObjectType,
105 ObjectAttributes,
106 KernelMode,
107 NULL,
108 sizeof(FLT_SERVER_PORT_OBJECT),
109 0,
110 0,
111 (PVOID *)&PortObject);
112 if (NT_SUCCESS(Status))
113 {
114 /* Zero out the struct */
115 RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
116
117 /* Increment the ref count on the target filter */
118 FltpObjectPointerReference((PFLT_OBJECT)Filter);
119
120 /* Setup the filter port object */
121 PortObject->Filter = Filter;
122 PortObject->ConnectNotify = ConnectNotifyCallback;
123 PortObject->DisconnectNotify = DisconnectNotifyCallback;
124 PortObject->MessageNotify = MessageNotifyCallback;
125 PortObject->Cookie = ServerPortCookie;
126 PortObject->MaxConnections = MaxConnections;
127
128 /* Insert the object */
129 Status = ObInsertObject(PortObject,
130 NULL,
131 STANDARD_RIGHTS_ALL | FILE_READ_DATA,
132 0,
133 NULL,
134 (PHANDLE)ServerPort);
135 if (NT_SUCCESS(Status))
136 {
137 /* Lock the connection list */
138 ExAcquireFastMutex(&Filter->ConnectionList.mLock);
139
140 /* Add the new port object to the connection list and increment the count */
141 InsertTailList(&Filter->ConnectionList.mList, &PortObject->FilterLink);
142 Filter->ConnectionList.mCount++;
143
144 /* Unlock the connection list*/
145 ExReleaseFastMutex(&Filter->ConnectionList.mLock);
146 }
147 }
148
149 if (!NT_SUCCESS(Status))
150 {
151 /* Allow the filter to be cleaned up */
152 FltObjectDereference(Filter);
153 }
154
155 return Status;
156}
ServerPort
static const INTERNET_PORT ServerPort
Definition: CWebService.cpp:11
ServerPortObjectType
POBJECT_TYPE ServerPortObjectType
Definition: Messaging.c:24
FltObjectDereference
VOID FLTAPI FltObjectDereference(_Inout_ PVOID Object)
Definition: Object.c:53
FltObjectReference
NTSTATUS FLTAPI FltObjectReference(_Inout_ PVOID Object)
Definition: Object.c:41
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
NULL
#define NULL
Definition: types.h:112
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33
InsertTailList
#define InsertTailList(ListHead, Entry)
Definition: env_spec_w32.h:1003
Filter
_Must_inspect_result_ _In_opt_ PFLT_FILTER Filter
Definition: fltkernel.h:1801
MessageNotifyCallback
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1877
ConnectNotifyCallback
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1875
ServerPortCookie
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1874
DisconnectNotifyCallback
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1876
FltpObjectPointerReference
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
Status
Status
Definition: gdiplustypes.h:25
ExAcquireFastMutex
VOID FASTCALL ExAcquireFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:23
ExReleaseFastMutex
VOID FASTCALL ExReleaseFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:31
OBJ_KERNEL_HANDLE
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
MaxConnections
static LONG MaxConnections
Definition: kmtest_fsminifilter.c:48
KernelMode
#define KernelMode
Definition: asm.h:38
FILE_READ_DATA
#define FILE_READ_DATA
Definition: nt_native.h:628
STANDARD_RIGHTS_ALL
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
PHANDLE
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:455
ObInsertObject
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2935
ObCreateObject
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:1039
_FLT_FILTER::ConnectionList
FLT_MUTEX_LIST_HEAD ConnectionList
Definition: fltmgrint.h:121
_FLT_MUTEX_LIST_HEAD::mCount
ULONG mCount
Definition: fltmgrint.h:57
_FLT_MUTEX_LIST_HEAD::mList
LIST_ENTRY mList
Definition: fltmgrint.h:56
_FLT_MUTEX_LIST_HEAD::mLock
FAST_MUTEX mLock
Definition: fltmgrint.h:55
_FLT_OBJECT
Definition: fltmgrint.h:26
_FLT_SERVER_PORT_OBJECT
Definition: fltmgrint.h:189
_FLT_SERVER_PORT_OBJECT::MaxConnections
LONG MaxConnections
Definition: fltmgrint.h:198
_FLT_SERVER_PORT_OBJECT::Cookie
PVOID Cookie
Definition: fltmgrint.h:195
_FLT_SERVER_PORT_OBJECT::DisconnectNotify
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
_FLT_SERVER_PORT_OBJECT::FilterLink
LIST_ENTRY FilterLink
Definition: fltmgrint.h:190
_FLT_SERVER_PORT_OBJECT::MessageNotify
PFLT_MESSAGE_NOTIFY MessageNotify
Definition: fltmgrint.h:193
_FLT_SERVER_PORT_OBJECT::Filter
PFLT_FILTER Filter
Definition: fltmgrint.h:194
_FLT_SERVER_PORT_OBJECT::ConnectNotify
PFLT_CONNECT_NOTIFY ConnectNotify
Definition: fltmgrint.h:191
RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135

◆ _Out_writes_bytes_to_opt_() [1/2]

_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ ( Length  ,
ResultLength 
)

◆ _Out_writes_bytes_to_opt_() [2/2]

_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ ( TokenInformationLength  ,
ReturnLength 
)

◆ _When_()

_When_ ( TokenInformationClass  = TokenAccessInformation,
_At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))   
)

◆ NtAccessCheck()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheck ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_writes_bytes_ *PrivilegeSetLength PPRIVILEGE_SET  PrivilegeSet,
_Inout_ PULONG  PrivilegeSetLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

Determines whether security access can be granted to a client that requests such access on an object.

Remarks
For more documentation details about the parameters and overall function behavior, see SepAccessCheck.

Definition at line 2214 of file accesschk.c.

2223{
2224 PAGED_CODE();
2225
2226 /* Invoke the internal function to do the job */
2227 return SepAccessCheck(SecurityDescriptor,
2228 ClientToken,
2229 NULL,
2230 DesiredAccess,
2231 GenericMapping,
2232 PrivilegeSet,
2233 PrivilegeSetLength,
2234 NULL,
2235 0,
2236 FALSE,
2237 GrantedAccess,
2238 AccessStatus);
2239}
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_EvalMethod.c:87
GenericMapping
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
SepAccessCheck
static NTSTATUS SepAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ BOOLEAN UseResultList, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Internal function that performs a security check against the client who requests access on a resource...
Definition: accesschk.c:1592
FALSE
#define FALSE
Definition: types.h:117
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
AccessStatus
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:21
GrantedAccess
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:20

Referenced by AccessCheck(), AccessCheckEmptyMappingTest(), and CheckTokenMembership().

◆ NtAccessCheckAndAuditAlarm()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus,
_Out_ PBOOLEAN  GenerateOnClose 
)

Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made.

Parameters
[in]SubsystemNameA Unicode string that points to a name of the subsystem.
[in]HandleIdA handle to an ID that is used as identification instance for auditing.
[in]ObjectTypeNameThe name of the object type.
[in]ObjectNameThe object name.
[in]SecurityDescriptorA security descriptor.
[in]DesiredAccessThe desired access rights masks requested by the caller.
[in]GenericMappingThe generic mapping of access mask rights.
[in]ObjectCreationSet this to TRUE if the object has just been created.
[out]GrantedAccessReturns the granted access rights.
[out]AccessStatusReturns a NTSTATUS status code indicating whether access check can be granted or not.
[out]GenerateOnCloseReturns TRUE if the function has generated a list of granted access rights and status codes on termination, FALSE otherwise.
Returns
See SepAccessCheckAndAuditAlarm.

Definition at line 2125 of file audit.c.

2137{
2138 /* Call the internal function */
2139 return SepAccessCheckAndAuditAlarm(SubsystemName,
2140 HandleId,
2141 NULL,
2142 ObjectTypeName,
2143 ObjectName,
2144 SecurityDescriptor,
2145 NULL,
2146 DesiredAccess,
2147 AuditEventObjectAccess,
2148 0,
2149 NULL,
2150 0,
2151 GenericMapping,
2152 GrantedAccess,
2153 AccessStatus,
2154 GenerateOnClose,
2155 FALSE);
2156}
ObjectTypeName
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:79
SepAccessCheckAndAuditAlarm
_Must_inspect_result_ NTSTATUS NTAPI SepAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PHANDLE ClientTokenHandle, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccessList, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatusList, _Out_ PBOOLEAN GenerateOnClose, _In_ BOOLEAN UseResultList)
Performs security auditing, if the specific object can be granted security access or not.
Definition: audit.c:614
ObjectName
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:64
GenerateOnClose
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:422
AuditEventObjectAccess
@ AuditEventObjectAccess
Definition: setypes.h:868

◆ NtAccessCheckByType()

_Must_inspect_result_ NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByType ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeListLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_writes_bytes_ *PrivilegeSetLength PPRIVILEGE_SET  PrivilegeSet,
_Inout_ PULONG  PrivilegeSetLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

Determines whether security access can be granted to a client that requests such access on the object type list. The access is either granted or denied for the whole object hierarchy in the list.

Remarks
For more documentation details about the parameters and overall function behavior, see SepAccessCheck.

Definition at line 2254 of file accesschk.c.

2266{
2267 PAGED_CODE();
2268
2269 /* Invoke the internal function to do the job */
2270 return SepAccessCheck(SecurityDescriptor,
2271 ClientToken,
2272 PrincipalSelfSid,
2273 DesiredAccess,
2274 GenericMapping,
2275 PrivilegeSet,
2276 PrivilegeSetLength,
2277 ObjectTypeList,
2278 ObjectTypeListLength,
2279 FALSE,
2280 GrantedAccess,
2281 AccessStatus);
2282}

Referenced by AccessCheckByType(), AccessGrantedMultipleObjectsTests(), AccessGrantedNoDaclTests(), AccessGrantedTests(), DenyAccessTests(), and ParamsValidationTests().

◆ NtAccessCheckByTypeResultList()

_Must_inspect_result_ NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultList ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_opt_ PSID  PrincipalSelfSid,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeListLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_writes_bytes_ *PrivilegeSetLength PPRIVILEGE_SET  PrivilegeSet,
_Inout_ PULONG  PrivilegeSetLength,
_Out_writes_(ObjectTypeListLength) PACCESS_MASK  GrantedAccess,
_Out_writes_(ObjectTypeListLength) PNTSTATUS  AccessStatus 
)

Determines whether security access can be granted to a client that requests such access on the object type list. Unlike the NtAccessCheckByType variant, this function will grant or deny access to each individual object and sub-object in the list.

Remarks
For more documentation details about the parameters and overall function behavior, see SepAccessCheck.

Definition at line 2297 of file accesschk.c.

2309{
2310 PAGED_CODE();
2311
2312 /* Invoke the internal function to do the job */
2313 return SepAccessCheck(SecurityDescriptor,
2314 ClientToken,
2315 PrincipalSelfSid,
2316 DesiredAccess,
2317 GenericMapping,
2318 PrivilegeSet,
2319 PrivilegeSetLength,
2320 ObjectTypeList,
2321 ObjectTypeListLength,
2322 TRUE,
2323 GrantedAccess,
2324 AccessStatus);
2325}
TRUE
#define TRUE
Definition: types.h:120

Referenced by AccessCheckByTypeResultList(), DenyAccessTests(), GrantedAccessTests(), and ParamValidationNoObjsList().

◆ NtAdjustGroupsToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  ResetToDefault,
_In_opt_ PTOKEN_GROUPS  NewState,
_In_opt_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS  PreviousState,
_When_(PreviousState !=NULL, _Out_) PULONG  ReturnLength 
)

◆ NtAdjustPrivilegesToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  DisableAllPrivileges,
_In_opt_ PTOKEN_PRIVILEGES  NewState,
_In_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES  PreviousState,
_When_(PreviousState !=NULL, _Out_) PULONG  ReturnLength 
)

◆ NtAllocateLocallyUniqueId()

NTSYSCALLAPI NTSTATUS NTAPI NtAllocateLocallyUniqueId ( _Out_ LUID LocallyUniqueId)

◆ NtAllocateUuids()

NTSYSCALLAPI NTSTATUS NTAPI NtAllocateUuids ( _Out_ PULARGE_INTEGER  Time,
_Out_ PULONG  Range,
_Out_ PULONG  Sequence,
_Out_ PUCHAR  Seed 
)

◆ NtCompareTokens()

NTSYSCALLAPI NTSTATUS NTAPI NtCompareTokens ( _In_ HANDLE  FirstTokenHandle,
_In_ HANDLE  SecondTokenHandle,
_Out_ PBOOLEAN  Equal 
)

Compares tokens if they're equal or not.

Parameters
[in]FirstTokenThe first token.
[in]SecondTokenThe second token.
[out]EqualThe retrieved value which determines if the tokens are equal or not.
Returns
Returns STATUS_SUCCESS, otherwise it returns a failure NTSTATUS code.

Definition at line 2503 of file token.c.

2507{
2508 KPROCESSOR_MODE PreviousMode;
2509 PTOKEN FirstToken, SecondToken;
2510 BOOLEAN IsEqual;
2511 NTSTATUS Status;
2512
2513 PAGED_CODE();
2514
2515 PreviousMode = ExGetPreviousMode();
2516
2517 if (PreviousMode != KernelMode)
2518 {
2519 _SEH2_TRY
2520 {
2521 ProbeForWriteBoolean(Equal);
2522 }
2523 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2524 {
2525 /* Return the exception code */
2526 _SEH2_YIELD(return _SEH2_GetExceptionCode());
2527 }
2528 _SEH2_END;
2529 }
2530
2531 Status = ObReferenceObjectByHandle(FirstTokenHandle,
2532 TOKEN_QUERY,
2533 SeTokenObjectType,
2534 PreviousMode,
2535 (PVOID*)&FirstToken,
2536 NULL);
2537 if (!NT_SUCCESS(Status))
2538 {
2539 DPRINT1("ObReferenceObjectByHandle() failed (Status 0x%lx)\n", Status);
2540 return Status;
2541 }
2542
2543 Status = ObReferenceObjectByHandle(SecondTokenHandle,
2544 TOKEN_QUERY,
2545 SeTokenObjectType,
2546 PreviousMode,
2547 (PVOID*)&SecondToken,
2548 NULL);
2549 if (!NT_SUCCESS(Status))
2550 {
2551 DPRINT1("ObReferenceObjectByHandle() failed (Status 0x%lx)\n", Status);
2552 ObDereferenceObject(FirstToken);
2553 return Status;
2554 }
2555
2556 if (FirstToken != SecondToken)
2557 {
2558 Status = SepCompareTokens(FirstToken,
2559 SecondToken,
2560 &IsEqual);
2561 }
2562 else
2563 {
2564 IsEqual = TRUE;
2565 }
2566
2567 ObDereferenceObject(SecondToken);
2568 ObDereferenceObject(FirstToken);
2569
2570 if (NT_SUCCESS(Status))
2571 {
2572 _SEH2_TRY
2573 {
2574 *Equal = IsEqual;
2575 }
2576 _SEH2_EXCEPT(ExSystemExceptionFilter())
2577 {
2578 Status = _SEH2_GetExceptionCode();
2579 }
2580 _SEH2_END;
2581 }
2582
2583 return Status;
2584}
PreviousMode
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG _In_ KPROCESSOR_MODE PreviousMode
Definition: KdSystemDebugControl.c:35
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
DPRINT1
#define DPRINT1
Definition: precomp.h:8
ExGetPreviousMode
#define ExGetPreviousMode
Definition: ex.h:143
IsEqual
@ IsEqual
Definition: fatprocs.h:1887
ExSystemExceptionFilter
LONG NTAPI ExSystemExceptionFilter(VOID)
Definition: harderr.c:349
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:90
SepCompareTokens
static NTSTATUS SepCompareTokens(_In_ PTOKEN FirstToken, _In_ PTOKEN SecondToken, _Out_ PBOOLEAN Equal)
Compares tokens if they're equal based on all the following properties. If all of the said conditions...
Definition: token.c:243
SeTokenObjectType
POBJECT_TYPE SeTokenObjectType
Definition: token.c:17
ObReferenceObjectByHandle
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:181
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:82
_SEH2_END
#define _SEH2_END
Definition: pseh2_64.h:171
_SEH2_TRY
#define _SEH2_TRY
Definition: pseh2_64.h:71
_SEH2_YIELD
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:184
ProbeForWriteBoolean
#define ProbeForWriteBoolean(Ptr)
Definition: probe.h:31
_TOKEN
Definition: setypes.h:216
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203
TOKEN_QUERY
#define TOKEN_QUERY
Definition: setypes.h:928

Referenced by START_TEST().

◆ NtCreateToken()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateToken ( _Out_ PHANDLE  TokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ TOKEN_TYPE  TokenType,
_In_ PLUID  AuthenticationId,
_In_ PLARGE_INTEGER  ExpirationTime,
_In_ PTOKEN_USER  TokenUser,
_In_ PTOKEN_GROUPS  TokenGroups,
_In_ PTOKEN_PRIVILEGES  TokenPrivileges,
_In_opt_ PTOKEN_OWNER  TokenOwner,
_In_ PTOKEN_PRIMARY_GROUP  TokenPrimaryGroup,
_In_opt_ PTOKEN_DEFAULT_DACL  TokenDefaultDacl,
_In_ PTOKEN_SOURCE  TokenSource 
)

Creates an access token.

Parameters
[out]TokenHandleThe returned created token handle to the caller.
[in]DesiredAccessThe desired access rights for the token that we're creating.
[in]ObjectAttributesThe object attributes for the token object that we're creating.
[in]TokenTypeThe type of token to assign for the newly created token.
[in]AuthenticationIdAuthentication ID that represents the token's identity.
[in]ExpirationTimeExpiration time for the token. If set to -1, the token never expires.
[in]TokenUserThe main user entity for the token to assign.
[in]TokenGroupsGroup list of SIDs for the token to assign.
[in]TokenPrivilegesPrivileges for the token.
[in]TokenOwnerThe main user that owns the newly created token.
[in]TokenPrimaryGroupThe primary group that represents as the main group of the token.
[in]TokenDefaultDaclDiscretionary access control list for the token. This limits on how the token can be used, accessed and used by whom.
[in]TokenSourceThe source origin of the token who creates it.
Returns
Returns STATUS_SUCCESS if the function has successfully created the token. A failure NTSTATUS code is returned otherwise.

Definition at line 1558 of file tokenlif.c.

1572{
1573 HANDLE hToken;
1574 KPROCESSOR_MODE PreviousMode;
1575 ULONG PrivilegeCount, GroupCount;
1576 PSID OwnerSid, PrimaryGroupSid;
1577 PACL DefaultDacl;
1578 LARGE_INTEGER LocalExpirationTime = {{0, 0}};
1579 LUID LocalAuthenticationId;
1580 TOKEN_SOURCE LocalTokenSource;
1581 SECURITY_QUALITY_OF_SERVICE LocalSecurityQos;
1582 PLUID_AND_ATTRIBUTES CapturedPrivileges = NULL;
1583 PSID_AND_ATTRIBUTES CapturedUser = NULL;
1584 PSID_AND_ATTRIBUTES CapturedGroups = NULL;
1585 PSID CapturedOwnerSid = NULL;
1586 PSID CapturedPrimaryGroupSid = NULL;
1587 PACL CapturedDefaultDacl = NULL;
1588 ULONG PrivilegesLength, UserLength, GroupsLength;
1589 NTSTATUS Status;
1590
1591 PAGED_CODE();
1592
1593 PreviousMode = ExGetPreviousMode();
1594
1595 if (PreviousMode != KernelMode)
1596 {
1597 _SEH2_TRY
1598 {
1599 ProbeForWriteHandle(TokenHandle);
1600
1601 if (ObjectAttributes != NULL)
1602 {
1603 ProbeForRead(ObjectAttributes,
1604 sizeof(OBJECT_ATTRIBUTES),
1605 sizeof(ULONG));
1606 LocalSecurityQos = *(SECURITY_QUALITY_OF_SERVICE*)ObjectAttributes->SecurityQualityOfService;
1607 }
1608
1609 ProbeForRead(AuthenticationId,
1610 sizeof(LUID),
1611 sizeof(ULONG));
1612 LocalAuthenticationId = *AuthenticationId;
1613
1614 LocalExpirationTime = ProbeForReadLargeInteger(ExpirationTime);
1615
1616 ProbeForRead(TokenUser,
1617 sizeof(TOKEN_USER),
1618 sizeof(ULONG));
1619
1620 ProbeForRead(TokenGroups,
1621 sizeof(TOKEN_GROUPS),
1622 sizeof(ULONG));
1623 GroupCount = TokenGroups->GroupCount;
1624
1625 ProbeForRead(TokenPrivileges,
1626 sizeof(TOKEN_PRIVILEGES),
1627 sizeof(ULONG));
1628 PrivilegeCount = TokenPrivileges->PrivilegeCount;
1629
1630 if (TokenOwner != NULL)
1631 {
1632 ProbeForRead(TokenOwner,
1633 sizeof(TOKEN_OWNER),
1634 sizeof(ULONG));
1635 OwnerSid = TokenOwner->Owner;
1636 }
1637 else
1638 {
1639 OwnerSid = NULL;
1640 }
1641
1642 ProbeForRead(TokenPrimaryGroup,
1643 sizeof(TOKEN_PRIMARY_GROUP),
1644 sizeof(ULONG));
1645 PrimaryGroupSid = TokenPrimaryGroup->PrimaryGroup;
1646
1647 if (TokenDefaultDacl != NULL)
1648 {
1649 ProbeForRead(TokenDefaultDacl,
1650 sizeof(TOKEN_DEFAULT_DACL),
1651 sizeof(ULONG));
1652 DefaultDacl = TokenDefaultDacl->DefaultDacl;
1653 }
1654 else
1655 {
1656 DefaultDacl = NULL;
1657 }
1658
1659 ProbeForRead(TokenSource,
1660 sizeof(TOKEN_SOURCE),
1661 sizeof(ULONG));
1662 LocalTokenSource = *TokenSource;
1663 }
1664 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1665 {
1666 /* Return the exception code */
1667 _SEH2_YIELD(return _SEH2_GetExceptionCode());
1668 }
1669 _SEH2_END;
1670 }
1671 else
1672 {
1673 if (ObjectAttributes != NULL)
1674 LocalSecurityQos = *(SECURITY_QUALITY_OF_SERVICE*)ObjectAttributes->SecurityQualityOfService;
1675 LocalAuthenticationId = *AuthenticationId;
1676 LocalExpirationTime = *ExpirationTime;
1677 GroupCount = TokenGroups->GroupCount;
1678 PrivilegeCount = TokenPrivileges->PrivilegeCount;
1679 OwnerSid = TokenOwner ? TokenOwner->Owner : NULL;
1680 PrimaryGroupSid = TokenPrimaryGroup->PrimaryGroup;
1681 DefaultDacl = TokenDefaultDacl ? TokenDefaultDacl->DefaultDacl : NULL;
1682 LocalTokenSource = *TokenSource;
1683 }
1684
1685 /* Check token type */
1686 if ((TokenType < TokenPrimary) ||
1687 (TokenType > TokenImpersonation))
1688 {
1689 return STATUS_BAD_TOKEN_TYPE;
1690 }
1691
1692 /* Check for token creation privilege */
1693 if (!SeSinglePrivilegeCheck(SeCreateTokenPrivilege, PreviousMode))
1694 {
1695 return STATUS_PRIVILEGE_NOT_HELD;
1696 }
1697
1698 /* Capture the user SID and attributes */
1699 Status = SeCaptureSidAndAttributesArray(&TokenUser->User,
1700 1,
1701 PreviousMode,
1702 NULL,
1703 0,
1704 PagedPool,
1705 FALSE,
1706 &CapturedUser,
1707 &UserLength);
1708 if (!NT_SUCCESS(Status))
1709 {
1710 goto Cleanup;
1711 }
1712
1713 /* Capture the groups SID and attributes array */
1714 Status = SeCaptureSidAndAttributesArray(&TokenGroups->Groups[0],
1715 GroupCount,
1716 PreviousMode,
1717 NULL,
1718 0,
1719 PagedPool,
1720 FALSE,
1721 &CapturedGroups,
1722 &GroupsLength);
1723 if (!NT_SUCCESS(Status))
1724 {
1725 goto Cleanup;
1726 }
1727
1728 /* Capture privileges */
1729 Status = SeCaptureLuidAndAttributesArray(&TokenPrivileges->Privileges[0],
1730 PrivilegeCount,
1731 PreviousMode,
1732 NULL,
1733 0,
1734 PagedPool,
1735 FALSE,
1736 &CapturedPrivileges,
1737 &PrivilegesLength);
1738 if (!NT_SUCCESS(Status))
1739 {
1740 goto Cleanup;
1741 }
1742
1743 /* Capture the token owner SID */
1744 if (TokenOwner != NULL)
1745 {
1746 Status = SepCaptureSid(OwnerSid,
1747 PreviousMode,
1748 PagedPool,
1749 FALSE,
1750 &CapturedOwnerSid);
1751 if (!NT_SUCCESS(Status))
1752 {
1753 goto Cleanup;
1754 }
1755 }
1756
1757 /* Capture the token primary group SID */
1758 Status = SepCaptureSid(PrimaryGroupSid,
1759 PreviousMode,
1760 PagedPool,
1761 FALSE,
1762 &CapturedPrimaryGroupSid);
1763 if (!NT_SUCCESS(Status))
1764 {
1765 goto Cleanup;
1766 }
1767
1768 /* Capture DefaultDacl */
1769 if (DefaultDacl != NULL)
1770 {
1771 Status = SepCaptureAcl(DefaultDacl,
1772 PreviousMode,
1773 NonPagedPool,
1774 FALSE,
1775 &CapturedDefaultDacl);
1776 if (!NT_SUCCESS(Status))
1777 {
1778 goto Cleanup;
1779 }
1780 }
1781
1782 /* Call the internal function */
1783 Status = SepCreateToken(&hToken,
1784 PreviousMode,
1785 DesiredAccess,
1786 ObjectAttributes,
1787 TokenType,
1788 LocalSecurityQos.ImpersonationLevel,
1789 &LocalAuthenticationId,
1790 &LocalExpirationTime,
1791 CapturedUser,
1792 GroupCount,
1793 CapturedGroups,
1794 GroupsLength,
1795 PrivilegeCount,
1796 CapturedPrivileges,
1797 CapturedOwnerSid,
1798 CapturedPrimaryGroupSid,
1799 CapturedDefaultDacl,
1800 &LocalTokenSource,
1801 FALSE);
1802 if (NT_SUCCESS(Status))
1803 {
1804 _SEH2_TRY
1805 {
1806 *TokenHandle = hToken;
1807 }
1808 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1809 {
1810 Status = _SEH2_GetExceptionCode();
1811 }
1812 _SEH2_END;
1813 }
1814
1815Cleanup:
1816
1817 /* Release what we captured */
1818 SeReleaseSidAndAttributesArray(CapturedUser, PreviousMode, FALSE);
1819 SeReleaseSidAndAttributesArray(CapturedGroups, PreviousMode, FALSE);
1820 SeReleaseLuidAndAttributesArray(CapturedPrivileges, PreviousMode, FALSE);
1821 SepReleaseSid(CapturedOwnerSid, PreviousMode, FALSE);
1822 SepReleaseSid(CapturedPrimaryGroupSid, PreviousMode, FALSE);
1823 SepReleaseAcl(CapturedDefaultDacl, PreviousMode, FALSE);
1824
1825 return Status;
1826}
STATUS_PRIVILEGE_NOT_HELD
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
Cleanup
static const WCHAR Cleanup[]
Definition: register.c:80
NonPagedPool
#define NonPagedPool
Definition: env_spec_w32.h:307
PagedPool
#define PagedPool
Definition: env_spec_w32.h:308
ProbeForRead
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
TokenImpersonation
@ TokenImpersonation
Definition: imports.h:274
TokenPrimary
@ TokenPrimary
Definition: imports.h:273
TokenHandle
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:726
TokenType
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:411
SepReleaseSid
VOID NTAPI SepReleaseSid(_In_ PSID CapturedSid, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID.
Definition: sid.c:400
SepCaptureSid
NTSTATUS NTAPI SepCaptureSid(_In_ PSID InputSid, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID *CapturedSid)
Captures a SID.
Definition: sid.c:314
SeCreateTokenPrivilege
const LUID SeCreateTokenPrivilege
Definition: priv.c:21
SeReleaseSidAndAttributesArray
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID with attributes.
Definition: sid.c:976
SepReleaseAcl
VOID NTAPI SepReleaseAcl(_In_ PACL CapturedAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) a captured ACL from the memory pool.
Definition: acl.c:464
SeReleaseLuidAndAttributesArray
VOID NTAPI SeReleaseLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Privilege, _In_ KPROCESSOR_MODE PreviousMode, _In_ BOOLEAN CaptureIfKernel)
Releases a LUID with attributes structure.
Definition: priv.c:554
SepCaptureAcl
NTSTATUS NTAPI SepCaptureAcl(_In_ PACL InputAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PACL *CapturedAcl)
Captures an access control list from an already valid input ACL.
Definition: acl.c:352
SeCaptureSidAndAttributesArray
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
Captures a SID with attributes.
Definition: sid.c:693
SeCaptureLuidAndAttributesArray
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Src, _In_ ULONG PrivilegeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_ PLUID_AND_ATTRIBUTES AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PLUID_AND_ATTRIBUTES *Dest, _Inout_ PULONG Length)
SeSinglePrivilegeCheck
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
Definition: priv.c:744
STATUS_BAD_TOKEN_TYPE
#define STATUS_BAD_TOKEN_TYPE
Definition: ntstatus.h:404
ProbeForWriteHandle
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
ProbeForReadLargeInteger
#define ProbeForReadLargeInteger(Ptr)
Definition: probe.h:75
_ACL
Definition: ms-dtyp.idl:293
_LUID_AND_ATTRIBUTES
Definition: setypes.h:73
_LUID
Definition: devicetopology.idl:137
_OBJECT_ATTRIBUTES
Definition: umtypes.h:182
_SECURITY_QUALITY_OF_SERVICE
Definition: lsa.idl:63
_SECURITY_QUALITY_OF_SERVICE::ImpersonationLevel
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
_SID_AND_ATTRIBUTES
Definition: setypes.h:502
_SID
Definition: ms-dtyp.idl:198
_TOKEN_DEFAULT_DACL
Definition: setypes.h:1035
_TOKEN_GROUPS
Definition: setypes.h:1013
_TOKEN_OWNER
Definition: setypes.h:1027
_TOKEN_PRIMARY_GROUP
Definition: setypes.h:1031
_TOKEN_PRIVILEGES
Definition: setypes.h:1022
_TOKEN_SOURCE
Definition: imports.h:277
_TOKEN_USER
Definition: setypes.h:1009
SepCreateToken
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Internal function responsible for access token object creation in the kernel. A fully created token o...
Definition: tokenlif.c:97
ULONG
uint32_t ULONG
Definition: typedefs.h:59
_LARGE_INTEGER
Definition: typedefs.h:103
TokenDefaultDacl
@ TokenDefaultDacl
Definition: setypes.h:971
TokenSource
@ TokenSource
Definition: setypes.h:972
TokenGroups
@ TokenGroups
Definition: setypes.h:967
TokenPrivileges
@ TokenPrivileges
Definition: setypes.h:968
TokenUser
@ TokenUser
Definition: setypes.h:966
TokenPrimaryGroup
@ TokenPrimaryGroup
Definition: setypes.h:970
TokenOwner
@ TokenOwner
Definition: setypes.h:969

Referenced by LsapLogonUser().

◆ NtDuplicateToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken ( _In_ HANDLE  ExistingTokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ BOOLEAN  EffectiveOnly,
_In_ TOKEN_TYPE  TokenType,
_Out_ PHANDLE  NewTokenHandle 
)

Duplicates a token.

Parameters
[in]ExistingTokenHandleAn existing token to duplicate.
[in]DesiredAccessThe desired access rights for the new duplicated token.
[in]ObjectAttributesObject attributes for the new duplicated token.
[in]EffectiveOnlyIf set to TRUE, the function removes all the disabled privileges and groups of the token to duplicate.
[in]TokenTypeType of token to assign to the duplicated token.
[out]NewTokenHandleThe returned duplicated token handle.
Returns
STATUS_SUCCESS is returned if token duplication has completed successfully. STATUS_BAD_IMPERSONATION_LEVEL is returned if the caller erroneously wants to raise the impersonation level even though the conditions do not permit it. A failure NTSTATUS code is returned otherwise.
Remarks
Some sources claim 4th param is ImpersonationLevel, but on W2K this is certainly NOT true, although I can't say for sure that EffectiveOnly is correct either. -Gunnar This is true. EffectiveOnly overrides SQOS.EffectiveOnly. - IAI NOTE for readers: https://hex.pp.ua/nt/NtDuplicateToken.php is therefore wrong in that regard, while MSDN documentation is correct.

Definition at line 1869 of file tokenlif.c.

1876{
1877 KPROCESSOR_MODE PreviousMode;
1878 HANDLE hToken;
1879 PTOKEN Token;
1880 PTOKEN NewToken;
1881 PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService;
1882 BOOLEAN QoSPresent;
1883 OBJECT_HANDLE_INFORMATION HandleInformation;
1884 NTSTATUS Status;
1885
1886 PAGED_CODE();
1887
1888 if (TokenType != TokenImpersonation &&
1889 TokenType != TokenPrimary)
1890 {
1891 return STATUS_INVALID_PARAMETER;
1892 }
1893
1894 PreviousMode = KeGetPreviousMode();
1895
1896 if (PreviousMode != KernelMode)
1897 {
1898 _SEH2_TRY
1899 {
1900 ProbeForWriteHandle(NewTokenHandle);
1901 }
1902 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1903 {
1904 /* Return the exception code */
1905 _SEH2_YIELD(return _SEH2_GetExceptionCode());
1906 }
1907 _SEH2_END;
1908 }
1909
1910 Status = SepCaptureSecurityQualityOfService(ObjectAttributes,
1911 PreviousMode,
1912 PagedPool,
1913 FALSE,
1914 &CapturedSecurityQualityOfService,
1915 &QoSPresent);
1916 if (!NT_SUCCESS(Status))
1917 {
1918 DPRINT1("NtDuplicateToken() failed to capture QoS! Status: 0x%x\n", Status);
1919 return Status;
1920 }
1921
1922 Status = ObReferenceObjectByHandle(ExistingTokenHandle,
1923 TOKEN_DUPLICATE,
1924 SeTokenObjectType,
1925 PreviousMode,
1926 (PVOID*)&Token,
1927 &HandleInformation);
1928 if (!NT_SUCCESS(Status))
1929 {
1930 DPRINT1("Failed to reference token (Status 0x%lx)\n", Status);
1931 SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
1932 PreviousMode,
1933 FALSE);
1934 return Status;
1935 }
1936
1937 /*
1938 * Fail, if the original token is an impersonation token and the caller
1939 * tries to raise the impersonation level of the new token above the
1940 * impersonation level of the original token.
1941 */
1942 if (Token->TokenType == TokenImpersonation)
1943 {
1944 if (QoSPresent &&
1945 CapturedSecurityQualityOfService->ImpersonationLevel >Token->ImpersonationLevel)
1946 {
1947 ObDereferenceObject(Token);
1948 SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
1949 PreviousMode,
1950 FALSE);
1951 return STATUS_BAD_IMPERSONATION_LEVEL;
1952 }
1953 }
1954
1955 /*
1956 * Fail, if a primary token is to be created from an impersonation token
1957 * and and the impersonation level of the impersonation token is below SecurityImpersonation.
1958 */
1959 if (Token->TokenType == TokenImpersonation &&
1960 TokenType == TokenPrimary &&
1961 Token->ImpersonationLevel < SecurityImpersonation)
1962 {
1963 ObDereferenceObject(Token);
1964 SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
1965 PreviousMode,
1966 FALSE);
1967 return STATUS_BAD_IMPERSONATION_LEVEL;
1968 }
1969
1970 Status = SepDuplicateToken(Token,
1971 ObjectAttributes,
1972 EffectiveOnly,
1973 TokenType,
1974 (QoSPresent ? CapturedSecurityQualityOfService->ImpersonationLevel : SecurityAnonymous),
1975 PreviousMode,
1976 &NewToken);
1977
1978 ObDereferenceObject(Token);
1979
1980 if (NT_SUCCESS(Status))
1981 {
1982 Status = ObInsertObject(NewToken,
1983 NULL,
1984 (DesiredAccess ? DesiredAccess : HandleInformation.GrantedAccess),
1985 0,
1986 NULL,
1987 &hToken);
1988 if (NT_SUCCESS(Status))
1989 {
1990 _SEH2_TRY
1991 {
1992 *NewTokenHandle = hToken;
1993 }
1994 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1995 {
1996 Status = _SEH2_GetExceptionCode();
1997 }
1998 _SEH2_END;
1999 }
2000 }
2001
2002 /* Free the captured structure */
2003 SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
2004 PreviousMode,
2005 FALSE);
2006
2007 return Status;
2008}
SecurityImpersonation
@ SecurityImpersonation
Definition: lsa.idl:57
SecurityAnonymous
@ SecurityAnonymous
Definition: lsa.idl:55
KeGetPreviousMode
#define KeGetPreviousMode()
Definition: ketypes.h:1115
EffectiveOnly
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:410
NewTokenHandle
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
Definition: sefuncs.h:412
SepCaptureSecurityQualityOfService
NTSTATUS NTAPI SepCaptureSecurityQualityOfService(_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, _Out_ PBOOLEAN Present)
Captures the security quality of service data given the object attributes from an object.
Definition: sqos.c:52
SepReleaseSecurityQualityOfService
VOID NTAPI SepReleaseSecurityQualityOfService(_In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) the captured SQOS data from an object in the memory pool.
Definition: sqos.c:225
STATUS_BAD_IMPERSONATION_LEVEL
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:401
_OBJECT_HANDLE_INFORMATION
Definition: iotypes.h:179
SepDuplicateToken
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Duplicates an access token, from an existing valid token.
Definition: tokenlif.c:471
HandleInformation
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
Definition: obfuncs.h:44
TOKEN_DUPLICATE
#define TOKEN_DUPLICATE
Definition: setypes.h:926

◆ NtFilterToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFilterToken ( _In_ HANDLE  ExistingTokenHandle,
_In_ ULONG  Flags,
_In_opt_ PTOKEN_GROUPS  SidsToDisable,
_In_opt_ PTOKEN_PRIVILEGES  PrivilegesToDelete,
_In_opt_ PTOKEN_GROUPS  RestrictedSids,
_Out_ PHANDLE  NewTokenHandle 
)

Creates an access token in a restricted form from the original existing token, that is, such action is called filtering.

Parameters
[in]ExistingTokenHandleA handle to an access token which is to be filtered.
[in]FlagsPrivilege flag options. This parameter argument influences how the token's privileges are filtered. For further details see remarks.
[in]SidsToDisableArray of SIDs to disable. The action of doing so assigns the SE_GROUP_USE_FOR_DENY_ONLY attribute to the respective group SID and takes away SE_GROUP_ENABLED and SE_GROUP_ENABLED_BY_DEFAULT. This parameter can be NULL. This can be a UM pointer.
[in]PrivilegesToDeleteArray of privileges to delete. The function will walk within this array to determine if the specified privileges do exist in the access token. Any missing privileges gets ignored. This parameter can be NULL. This can be a UM pointer.
[in]RestrictedSidsAn array list of restricted groups SID to be added in the access token. A token that is already restricted the newly added restricted SIDs are redundant information in addition to the existing restricted SIDs in the token. This parameter can be NULL. This can be a UM pointer.
[out]NewTokenHandleA new handle to the restricted (filtered) access token. This can be a UM pointer.
Returns
Returns STATUS_SUCCESS if the routine has successfully filtered the access token. STATUS_INVALID_PARAMETER is returned if one or more parameters are not valid (see SepPerformTokenFiltering routine call for more information). A failure NTSTATUS code is returned otherwise.
Remarks
The Flags parameter determines the final outcome of how the privileges in an access token are filtered. This parameter can take these supported values (these can be combined):

0 – Filter the token's privileges in the usual way. The function expects that the caller MUST PROVIDE a valid array list of privileges to be deleted (that is, PrivilegesToDelete MUSTN'T BE NULL).

DISABLE_MAX_PRIVILEGE – Disables (deletes) all the privileges except SeChangeNotifyPrivilege in the new access token. Bear in mind if this flag is specified the routine ignores PrivilegesToDelete.

SANDBOX_INERT – Stores the TOKEN_SANDBOX_INERT token flag within the access token.

LUA_TOKEN – The newly filtered access token is a LUA token. This flag is not supported in Windows Server 2003.

WRITE_RESTRICTED – The newly filtered token has the restricted SIDs that are considered only when evaluating write access onto the token. This value is not supported in Windows Server 2003.

Definition at line 2075 of file tokenlif.c.

2082{
2083 PTOKEN Token, FilteredToken;
2084 HANDLE FilteredTokenHandle;
2085 NTSTATUS Status;
2086 KPROCESSOR_MODE PreviousMode;
2087 OBJECT_HANDLE_INFORMATION HandleInfo;
2088 ULONG ResultLength;
2089 ULONG CapturedSidsCount = 0;
2090 ULONG CapturedPrivilegesCount = 0;
2091 ULONG CapturedRestrictedSidsCount = 0;
2092 ULONG ProbeSize = 0;
2093 PSID_AND_ATTRIBUTES CapturedSids = NULL;
2094 PSID_AND_ATTRIBUTES CapturedRestrictedSids = NULL;
2095 PLUID_AND_ATTRIBUTES CapturedPrivileges = NULL;
2096
2097 PAGED_CODE();
2098
2099 PreviousMode = ExGetPreviousMode();
2100
2101 _SEH2_TRY
2102 {
2103 /* Probe SidsToDisable */
2104 if (SidsToDisable != NULL)
2105 {
2106 /* Probe the header */
2107 ProbeForRead(SidsToDisable, sizeof(*SidsToDisable), sizeof(ULONG));
2108
2109 CapturedSidsCount = SidsToDisable->GroupCount;
2110 ProbeSize = FIELD_OFFSET(TOKEN_GROUPS, Groups[CapturedSidsCount]);
2111
2112 ProbeForRead(SidsToDisable, ProbeSize, sizeof(ULONG));
2113 }
2114
2115 /* Probe PrivilegesToDelete */
2116 if (PrivilegesToDelete != NULL)
2117 {
2118 /* Probe the header */
2119 ProbeForRead(PrivilegesToDelete, sizeof(*PrivilegesToDelete), sizeof(ULONG));
2120
2121 CapturedPrivilegesCount = PrivilegesToDelete->PrivilegeCount;
2122 ProbeSize = FIELD_OFFSET(TOKEN_PRIVILEGES, Privileges[CapturedPrivilegesCount]);
2123
2124 ProbeForRead(PrivilegesToDelete, ProbeSize, sizeof(ULONG));
2125 }
2126
2127 /* Probe RestrictedSids */
2128 if (RestrictedSids != NULL)
2129 {
2130 /* Probe the header */
2131 ProbeForRead(RestrictedSids, sizeof(*RestrictedSids), sizeof(ULONG));
2132
2133 CapturedRestrictedSidsCount = RestrictedSids->GroupCount;
2134 ProbeSize = FIELD_OFFSET(TOKEN_GROUPS, Groups[CapturedRestrictedSidsCount]);
2135
2136 ProbeForRead(RestrictedSids, ProbeSize, sizeof(ULONG));
2137 }
2138
2139 /* Probe the handle */
2140 ProbeForWriteHandle(NewTokenHandle);
2141 }
2142 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2143 {
2144 /* Return the exception code */
2145 _SEH2_YIELD(return _SEH2_GetExceptionCode());
2146 }
2147 _SEH2_END;
2148
2149 /* Reference the token */
2150 Status = ObReferenceObjectByHandle(ExistingTokenHandle,
2151 TOKEN_DUPLICATE,
2152 SeTokenObjectType,
2153 PreviousMode,
2154 (PVOID*)&Token,
2155 &HandleInfo);
2156 if (!NT_SUCCESS(Status))
2157 {
2158 DPRINT1("NtFilterToken(): Failed to reference the token (Status 0x%lx)\n", Status);
2159 return Status;
2160 }
2161
2162 /* Capture the group SIDs */
2163 if (SidsToDisable != NULL)
2164 {
2165 Status = SeCaptureSidAndAttributesArray(SidsToDisable->Groups,
2166 CapturedSidsCount,
2167 PreviousMode,
2168 NULL,
2169 0,
2170 PagedPool,
2171 TRUE,
2172 &CapturedSids,
2173 &ResultLength);
2174 if (!NT_SUCCESS(Status))
2175 {
2176 DPRINT1("NtFilterToken(): Failed to capture the SIDs (Status 0x%lx)\n", Status);
2177 goto Quit;
2178 }
2179 }
2180
2181 /* Capture the privileges */
2182 if (PrivilegesToDelete != NULL)
2183 {
2184 Status = SeCaptureLuidAndAttributesArray(PrivilegesToDelete->Privileges,
2185 CapturedPrivilegesCount,
2186 PreviousMode,
2187 NULL,
2188 0,
2189 PagedPool,
2190 TRUE,
2191 &CapturedPrivileges,
2192 &ResultLength);
2193 if (!NT_SUCCESS(Status))
2194 {
2195 DPRINT1("NtFilterToken(): Failed to capture the privileges (Status 0x%lx)\n", Status);
2196 goto Quit;
2197 }
2198 }
2199
2200 /* Capture the restricted SIDs */
2201 if (RestrictedSids != NULL)
2202 {
2203 Status = SeCaptureSidAndAttributesArray(RestrictedSids->Groups,
2204 CapturedRestrictedSidsCount,
2205 PreviousMode,
2206 NULL,
2207 0,
2208 PagedPool,
2209 TRUE,
2210 &CapturedRestrictedSids,
2211 &ResultLength);
2212 if (!NT_SUCCESS(Status))
2213 {
2214 DPRINT1("NtFilterToken(): Failed to capture the restricted SIDs (Status 0x%lx)\n", Status);
2215 goto Quit;
2216 }
2217 }
2218
2219 /* Call the internal API */
2220 Status = SepPerformTokenFiltering(Token,
2221 CapturedPrivileges,
2222 CapturedSids,
2223 CapturedRestrictedSids,
2224 CapturedPrivilegesCount,
2225 CapturedSidsCount,
2226 CapturedRestrictedSidsCount,
2227 Flags,
2228 PreviousMode,
2229 &FilteredToken);
2230 if (!NT_SUCCESS(Status))
2231 {
2232 DPRINT1("NtFilterToken(): Failed to filter the token (Status 0x%lx)\n", Status);
2233 goto Quit;
2234 }
2235
2236 /* Insert the filtered token and retrieve a handle to it */
2237 Status = ObInsertObject(FilteredToken,
2238 NULL,
2239 HandleInfo.GrantedAccess,
2240 0,
2241 NULL,
2242 &FilteredTokenHandle);
2243 if (!NT_SUCCESS(Status))
2244 {
2245 DPRINT1("NtFilterToken(): Failed to insert the filtered token (Status 0x%lx)\n", Status);
2246 goto Quit;
2247 }
2248
2249 /* And return it to the caller once we're done */
2250 _SEH2_TRY
2251 {
2252 *NewTokenHandle = FilteredTokenHandle;
2253 }
2254 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2255 {
2256 Status = _SEH2_GetExceptionCode();
2257 _SEH2_YIELD(goto Quit);
2258 }
2259 _SEH2_END;
2260
2261Quit:
2262 /* Dereference the token */
2263 ObDereferenceObject(Token);
2264
2265 /* Release all the captured data */
2266 if (CapturedSids != NULL)
2267 {
2268 SeReleaseSidAndAttributesArray(CapturedSids,
2269 PreviousMode,
2270 TRUE);
2271 }
2272
2273 if (CapturedPrivileges != NULL)
2274 {
2275 SeReleaseLuidAndAttributesArray(CapturedPrivileges,
2276 PreviousMode,
2277 TRUE);
2278 }
2279
2280 if (CapturedRestrictedSids != NULL)
2281 {
2282 SeReleaseSidAndAttributesArray(CapturedRestrictedSids,
2283 PreviousMode,
2284 TRUE);
2285 }
2286
2287 return Status;
2288}
_OBJECT_HANDLE_INFORMATION::GrantedAccess
ACCESS_MASK GrantedAccess
Definition: iotypes.h:181
SepPerformTokenFiltering
static NTSTATUS SepPerformTokenFiltering(_In_ PTOKEN Token, _In_opt_ PLUID_AND_ATTRIBUTES PrivilegesToBeDeleted, _In_opt_ PSID_AND_ATTRIBUTES SidsToBeDisabled, _In_opt_ PSID_AND_ATTRIBUTES RestrictedSidsIntoToken, _When_(PrivilegesToBeDeleted !=NULL, _In_) ULONG PrivilegesCount, _When_(SidsToBeDisabled !=NULL, _In_) ULONG RegularGroupsSidCount, _When_(RestrictedSidsIntoToken !=NULL, _In_) ULONG RestrictedSidsCount, _In_ ULONG PrivilegeFlags, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *FilteredToken)
Private helper function responsible for creating a restricted access token, that is,...
Definition: tokenlif.c:859
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
ResultLength
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3776
Flags
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
Privileges
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:17

◆ NtImpersonateAnonymousToken()

NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken ( _In_ HANDLE  ThreadHandle)

Allows the calling thread to impersonate the system's anonymous logon token.

Parameters
[in]ThreadHandleA handle to the thread to start the procedure of logon token impersonation. The thread must have the THREAD_IMPERSONATE access right.
Returns
Returns STATUS_SUCCESS if the thread has successfully impersonated the anonymous logon token, otherwise a failure NTSTATUS code is returned.
Remarks
By default the system gives the opportunity to the caller to impersonate the anonymous logon token without including the Everyone Group SID. In cases where the caller wants to impersonate the token including such group, the EveryoneIncludesAnonymous registry value setting has to be set to 1, from HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry path. The calling thread must invoke PsRevertToSelf when impersonation is no longer needed or RevertToSelf if the calling execution is done in user mode.

Definition at line 2612 of file token.c.

2614{
2615 PETHREAD Thread;
2616 KPROCESSOR_MODE PreviousMode;
2617 NTSTATUS Status;
2618 PAGED_CODE();
2619
2620 PreviousMode = ExGetPreviousMode();
2621
2622 /* Obtain the thread object from the handle */
2623 Status = ObReferenceObjectByHandle(ThreadHandle,
2624 THREAD_IMPERSONATE,
2625 PsThreadType,
2626 PreviousMode,
2627 (PVOID*)&Thread,
2628 NULL);
2629 if (!NT_SUCCESS(Status))
2630 {
2631 DPRINT1("NtImpersonateAnonymousToken(): Failed to reference the object (Status 0x%lx)\n", Status);
2632 return Status;
2633 }
2634
2635 /* Call the private routine to impersonate the token */
2636 Status = SepImpersonateAnonymousToken(Thread, PreviousMode);
2637 if (!NT_SUCCESS(Status))
2638 {
2639 DPRINT1("NtImpersonateAnonymousToken(): Failed to impersonate the token (Status 0x%lx)\n", Status);
2640 }
2641
2642 ObDereferenceObject(Thread);
2643 return Status;
2644}
Thread
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
THREAD_IMPERSONATE
#define THREAD_IMPERSONATE
Definition: pstypes.h:152
PsThreadType
POBJECT_TYPE PsThreadType
Definition: thread.c:20
SepImpersonateAnonymousToken
static NTSTATUS SepImpersonateAnonymousToken(_In_ PETHREAD Thread, _In_ KPROCESSOR_MODE PreviousMode)
Private function that impersonates the system's anonymous logon token. The major bulk of the imperson...
Definition: token.c:334
_ETHREAD
Definition: pstypes.h:1103

◆ NtOpenObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_opt_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientTokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ACCESS_MASK  GrantedAccess,
_In_opt_ PPRIVILEGE_SET  PrivilegeSet,
_In_ BOOLEAN  ObjectCreation,
_In_ BOOLEAN  AccessGranted,
_Out_ PBOOLEAN  GenerateOnClose 
)

Raises an alarm audit message when an object is about to be opened.

Parameters
[in]SubsystemNameA Unicode string that points to a name of the subsystem.
[in]HandleIdA handle to an ID used for identification instance for auditing.
[in]ObjectTypeNameA Unicode string that points to an object type name.
[in]ObjectNameThe name of the object.
[in]SecurityDescriptorA security descriptor.
[in]ClientTokenHandleA handle to a client access token.
[in]DesiredAccessThe desired access rights masks requested by the caller.
[in]GrantedAccessThe granted access mask rights.
[in]PrivilegeSetIf specified, the function will use this set of privileges to audit.
[in]ObjectCreationSet this to TRUE if the object has just been created.
[in]AccessGrantedSet this to TRUE if the access attempt was deemed as granted.
[out]GenerateOnCloseA boolean flag returned to the caller once audit generation procedure finishes.
Returns
Returns STATUS_SUCCESS if all the operations have been completed successfully. STATUS_PRIVILEGE_NOT_HELD is returned if the given subject context does not hold the required audit privilege to actually begin auditing in the first place. STATUS_BAD_IMPERSONATION_LEVEL is returned if the security impersonation level of the client token is not on par with the impersonation level that alllows impersonation. STATUS_INVALID_PARAMETER is returned if the caller has submitted a bogus set of privileges as such array set exceeds the maximum count of privileges that the kernel can accept. A failure NTSTATUS code is returned otherwise.

Definition at line 1622 of file audit.c.

1635{
1636 PTOKEN ClientToken;
1637 PSECURITY_DESCRIPTOR CapturedSecurityDescriptor;
1638 UNICODE_STRING CapturedSubsystemName, CapturedObjectTypeName, CapturedObjectName;
1639 ULONG PrivilegeCount, PrivilegeSetSize;
1640 volatile PPRIVILEGE_SET CapturedPrivilegeSet;
1641 BOOLEAN LocalGenerateOnClose;
1642 PVOID CapturedHandleId;
1643 SECURITY_SUBJECT_CONTEXT SubjectContext;
1644 NTSTATUS Status;
1645 PAGED_CODE();
1646
1647 /* Only user mode is supported! */
1648 ASSERT(ExGetPreviousMode() != KernelMode);
1649
1650 /* Start clean */
1651 ClientToken = NULL;
1652 CapturedSecurityDescriptor = NULL;
1653 CapturedPrivilegeSet = NULL;
1654 CapturedSubsystemName.Buffer = NULL;
1655 CapturedObjectTypeName.Buffer = NULL;
1656 CapturedObjectName.Buffer = NULL;
1657
1658 /* Reference the client token */
1659 Status = ObReferenceObjectByHandle(ClientTokenHandle,
1660 TOKEN_QUERY,
1661 SeTokenObjectType,
1662 UserMode,
1663 (PVOID*)&ClientToken,
1664 NULL);
1665 if (!NT_SUCCESS(Status))
1666 {
1667 DPRINT1("Failed to reference token handle %p: %lx\n",
1668 ClientTokenHandle, Status);
1669 return Status;
1670 }
1671
1672 /* Capture the security subject context */
1673 SeCaptureSubjectContext(&SubjectContext);
1674
1675 /* Validate the token's impersonation level */
1676 if ((ClientToken->TokenType == TokenImpersonation) &&
1677 (ClientToken->ImpersonationLevel < SecurityIdentification))
1678 {
1679 DPRINT1("Invalid impersonation level (%u)\n", ClientToken->ImpersonationLevel);
1680 Status = STATUS_BAD_IMPERSONATION_LEVEL;
1681 goto Cleanup;
1682 }
1683
1684 /* Check for audit privilege */
1685 if (!SeCheckAuditPrivilege(&SubjectContext, UserMode))
1686 {
1687 DPRINT1("Caller does not have SeAuditPrivilege\n");
1688 Status = STATUS_PRIVILEGE_NOT_HELD;
1689 goto Cleanup;
1690 }
1691
1692 /* Check for NULL SecurityDescriptor */
1693 if (SecurityDescriptor == NULL)
1694 {
1695 /* Nothing to do */
1696 Status = STATUS_SUCCESS;
1697 goto Cleanup;
1698 }
1699
1700 /* Capture the security descriptor */
1701 Status = SeCaptureSecurityDescriptor(SecurityDescriptor,
1702 UserMode,
1703 PagedPool,
1704 FALSE,
1705 &CapturedSecurityDescriptor);
1706 if (!NT_SUCCESS(Status))
1707 {
1708 DPRINT1("Failed to capture security descriptor!\n");
1709 goto Cleanup;
1710 }
1711
1712 _SEH2_TRY
1713 {
1714 /* Check if we have a privilege set */
1715 if (PrivilegeSet != NULL)
1716 {
1717 /* Probe the basic privilege set structure */
1718 ProbeForRead(PrivilegeSet, sizeof(PRIVILEGE_SET), sizeof(ULONG));
1719
1720 /* Validate privilege count */
1721 PrivilegeCount = PrivilegeSet->PrivilegeCount;
1722 if (PrivilegeCount > SEP_PRIVILEGE_SET_MAX_COUNT)
1723 {
1724 Status = STATUS_INVALID_PARAMETER;
1725 _SEH2_YIELD(goto Cleanup);
1726 }
1727
1728 /* Calculate the size of the PrivilegeSet structure */
1729 PrivilegeSetSize = FIELD_OFFSET(PRIVILEGE_SET, Privilege[PrivilegeCount]);
1730
1731 /* Probe the whole structure */
1732 ProbeForRead(PrivilegeSet, PrivilegeSetSize, sizeof(ULONG));
1733
1734 /* Allocate a temp buffer */
1735 CapturedPrivilegeSet = ExAllocatePoolWithTag(PagedPool,
1736 PrivilegeSetSize,
1737 TAG_PRIVILEGE_SET);
1738 if (CapturedPrivilegeSet == NULL)
1739 {
1740 DPRINT1("Failed to allocate %u bytes\n", PrivilegeSetSize);
1741 Status = STATUS_INSUFFICIENT_RESOURCES;
1742 _SEH2_YIELD(goto Cleanup);
1743 }
1744
1745 /* Copy the privileges */
1746 RtlCopyMemory(CapturedPrivilegeSet, PrivilegeSet, PrivilegeSetSize);
1747 }
1748
1749 if (HandleId != NULL)
1750 {
1751 ProbeForRead(HandleId, sizeof(PVOID), sizeof(PVOID));
1752 CapturedHandleId = *(PVOID*)HandleId;
1753 }
1754
1755 ProbeForWrite(GenerateOnClose, sizeof(BOOLEAN), sizeof(BOOLEAN));
1756 }
1757 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1758 {
1759 Status = _SEH2_GetExceptionCode();
1760 DPRINT1("Exception while probing parameters: 0x%lx\n", Status);
1761 _SEH2_YIELD(goto Cleanup);
1762 }
1763 _SEH2_END;
1764
1765 /* Probe and capture the subsystem name */
1766 Status = ProbeAndCaptureUnicodeString(&CapturedSubsystemName,
1767 UserMode,
1768 SubsystemName);
1769 if (!NT_SUCCESS(Status))
1770 {
1771 DPRINT1("Failed to capture subsystem name!\n");
1772 goto Cleanup;
1773 }
1774
1775 /* Probe and capture the object type name */
1776 Status = ProbeAndCaptureUnicodeString(&CapturedObjectTypeName,
1777 UserMode,
1778 ObjectTypeName);
1779 if (!NT_SUCCESS(Status))
1780 {
1781 DPRINT1("Failed to capture object type name!\n");
1782 goto Cleanup;
1783 }
1784
1785 /* Probe and capture the object name */
1786 Status = ProbeAndCaptureUnicodeString(&CapturedObjectName,
1787 UserMode,
1788 ObjectName);
1789 if (!NT_SUCCESS(Status))
1790 {
1791 DPRINT1("Failed to capture object name!\n");
1792 goto Cleanup;
1793 }
1794
1795 /* Call the internal function */
1796 SepOpenObjectAuditAlarm(&SubjectContext,
1797 &CapturedSubsystemName,
1798 CapturedHandleId,
1799 &CapturedObjectTypeName,
1800 &CapturedObjectName,
1801 CapturedSecurityDescriptor,
1802 ClientToken,
1803 DesiredAccess,
1804 GrantedAccess,
1805 CapturedPrivilegeSet,
1806 ObjectCreation,
1807 AccessGranted,
1808 &LocalGenerateOnClose);
1809
1810 Status = STATUS_SUCCESS;
1811
1812 /* Enter SEH to copy the data back to user mode */
1813 _SEH2_TRY
1814 {
1815 *GenerateOnClose = LocalGenerateOnClose;
1816 }
1817 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1818 {
1819 Status = _SEH2_GetExceptionCode();
1820 DPRINT1("Exception while copying back data: 0x%lx\n", Status);
1821 }
1822 _SEH2_END;
1823
1824Cleanup:
1825
1826 if (CapturedObjectName.Buffer != NULL)
1827 ReleaseCapturedUnicodeString(&CapturedObjectName, UserMode);
1828
1829 if (CapturedObjectTypeName.Buffer != NULL)
1830 ReleaseCapturedUnicodeString(&CapturedObjectTypeName, UserMode);
1831
1832 if (CapturedSubsystemName.Buffer != NULL)
1833 ReleaseCapturedUnicodeString(&CapturedSubsystemName, UserMode);
1834
1835 if (CapturedSecurityDescriptor != NULL)
1836 SeReleaseSecurityDescriptor(CapturedSecurityDescriptor, UserMode, FALSE);
1837
1838 if (CapturedPrivilegeSet != NULL)
1839 ExFreePoolWithTag(CapturedPrivilegeSet, TAG_PRIVILEGE_SET);
1840
1841 /* Release the security subject context */
1842 SeReleaseSubjectContext(&SubjectContext);
1843
1844 ObDereferenceObject(ClientToken);
1845
1846 return Status;
1847}
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
ProbeForWrite
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
SubjectContext
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2246
SecurityIdentification
@ SecurityIdentification
Definition: lsa.idl:56
ASSERT
#define ASSERT(a)
Definition: mode.c:44
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1109
UserMode
#define UserMode
Definition: asm.h:39
SeCheckAuditPrivilege
BOOLEAN NTAPI SeCheckAuditPrivilege(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Checks a single privilege and performs an audit against a privileged service based on a security subj...
Definition: priv.c:360
SEP_PRIVILEGE_SET_MAX_COUNT
#define SEP_PRIVILEGE_SET_MAX_COUNT
Definition: audit.c:15
SepOpenObjectAuditAlarm
VOID NTAPI SepOpenObjectAuditAlarm(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PTOKEN ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when an object is about to be opened.
Definition: audit.c:1535
SeCaptureSecurityDescriptor
NTSTATUS NTAPI SeCaptureSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Captures a security descriptor.
Definition: sd.c:386
SeReleaseSecurityDescriptor
NTSTATUS NTAPI SeReleaseSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
Releases a captured security descriptor buffer.
Definition: sd.c:760
ProbeAndCaptureUnicodeString
static __inline NTSTATUS ProbeAndCaptureUnicodeString(OUT PUNICODE_STRING Dest, IN KPROCESSOR_MODE CurrentMode, IN const UNICODE_STRING *UnsafeSrc)
Definition: probe.h:142
ReleaseCapturedUnicodeString
static __inline VOID ReleaseCapturedUnicodeString(IN PUNICODE_STRING CapturedString, IN KPROCESSOR_MODE CurrentMode)
Definition: probe.h:239
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
_PRIVILEGE_SET
Definition: setypes.h:85
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
_SECURITY_SUBJECT_CONTEXT
Definition: setypes.h:217
_TOKEN::ImpersonationLevel
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:240
_TOKEN::TokenType
TOKEN_TYPE TokenType
Definition: setypes.h:239
_UNICODE_STRING
Definition: env_spec_w32.h:368
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
SeReleaseSubjectContext
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
Definition: subject.c:171
SeCaptureSubjectContext
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
Definition: subject.c:85
TAG_PRIVILEGE_SET
#define TAG_PRIVILEGE_SET
Definition: tag.h:156
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
Privilege
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
Definition: user_lib.cpp:531
AccessGranted
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:419

◆ NtOpenProcessTokenEx()

NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

◆ NtPrivilegeCheck()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck ( _In_ HANDLE  ClientToken,
_Inout_ PPRIVILEGE_SET  RequiredPrivileges,
_Out_ PBOOLEAN  Result 
)

◆ NtPrivilegedServiceAuditAlarm()

NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PUNICODE_STRING  ServiceName,
_In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ NtPrivilegeObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ NtSetInformationToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken ( _In_ HANDLE  TokenHandle,
_In_ TOKEN_INFORMATION_CLASS  TokenInformationClass,
_In_reads_bytes_(TokenInformationLength) PVOID  TokenInformation,
_In_ ULONG  TokenInformationLength 
)

Sets (modifies) some specific information in regard of an access token. The calling thread must have specific access rights in order to modify token's information data.

@unimplemented

Parameters
[in]TokenHandleA handle of a token where information is to be modified.
[in]TokenInformationClassToken information class.
[in]TokenInformationAn arbitrary pointer to a buffer with token information to set. Such arbitrary buffer depends on the information class chosen that the caller wants to modify such information data of a token.
[in]TokenInformationLengthLength of the token information buffer, in bytes.
Returns
Returns STATUS_SUCCESS if information setting has completed successfully. STATUS_INFO_LENGTH_MISMATCH is returned if the information length of the buffer is less than the required length. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation has failed. STATUS_PRIVILEGE_NOT_HELD is returned if the calling thread hasn't the required privileges to perform the operation in question. A failure NTSTATUS code is returned otherwise.
Remarks
The function is partly implemented, mainly TokenOrigin.

Definition at line 1125 of file tokencls.c.

1130{
1131 NTSTATUS Status;
1132 PTOKEN Token;
1133 KPROCESSOR_MODE PreviousMode;
1134 ULONG NeededAccess = TOKEN_ADJUST_DEFAULT;
1135
1136 PAGED_CODE();
1137
1138 PreviousMode = ExGetPreviousMode();
1139
1140 Status = DefaultSetInfoBufferCheck(TokenInformationClass,
1141 SeTokenInformationClass,
1142 RTL_NUMBER_OF(SeTokenInformationClass),
1143 TokenInformation,
1144 TokenInformationLength,
1145 PreviousMode);
1146 if (!NT_SUCCESS(Status))
1147 {
1148 /* Invalid buffers */
1149 DPRINT("NtSetInformationToken() failed, Status: 0x%x\n", Status);
1150 return Status;
1151 }
1152
1153 if (TokenInformationClass == TokenSessionId)
1154 {
1155 NeededAccess |= TOKEN_ADJUST_SESSIONID;
1156 }
1157
1158 Status = ObReferenceObjectByHandle(TokenHandle,
1159 NeededAccess,
1160 SeTokenObjectType,
1161 PreviousMode,
1162 (PVOID*)&Token,
1163 NULL);
1164 if (NT_SUCCESS(Status))
1165 {
1166 switch (TokenInformationClass)
1167 {
1168 case TokenOwner:
1169 {
1170 if (TokenInformationLength >= sizeof(TOKEN_OWNER))
1171 {
1172 PTOKEN_OWNER to = (PTOKEN_OWNER)TokenInformation;
1173 PSID InputSid = NULL, CapturedSid;
1174 ULONG DefaultOwnerIndex;
1175
1176 _SEH2_TRY
1177 {
1178 InputSid = to->Owner;
1179 }
1180 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1181 {
1182 Status = _SEH2_GetExceptionCode();
1183 _SEH2_YIELD(goto Cleanup);
1184 }
1185 _SEH2_END;
1186
1187 Status = SepCaptureSid(InputSid,
1188 PreviousMode,
1189 PagedPool,
1190 FALSE,
1191 &CapturedSid);
1192 if (NT_SUCCESS(Status))
1193 {
1194 /* Lock the token */
1195 SepAcquireTokenLockExclusive(Token);
1196
1197 /* Find the owner amongst the existing token user and groups */
1198 Status = SepFindPrimaryGroupAndDefaultOwner(Token,
1199 NULL,
1200 CapturedSid,
1201 NULL,
1202 &DefaultOwnerIndex);
1203 if (NT_SUCCESS(Status))
1204 {
1205 /* Found it */
1206 Token->DefaultOwnerIndex = DefaultOwnerIndex;
1207 ExAllocateLocallyUniqueId(&Token->ModifiedId);
1208 }
1209
1210 /* Unlock the token */
1211 SepReleaseTokenLock(Token);
1212
1213 SepReleaseSid(CapturedSid,
1214 PreviousMode,
1215 FALSE);
1216 }
1217 }
1218 else
1219 {
1220 Status = STATUS_INFO_LENGTH_MISMATCH;
1221 }
1222 break;
1223 }
1224
1225 case TokenPrimaryGroup:
1226 {
1227 if (TokenInformationLength >= sizeof(TOKEN_PRIMARY_GROUP))
1228 {
1229 PTOKEN_PRIMARY_GROUP tpg = (PTOKEN_PRIMARY_GROUP)TokenInformation;
1230 ULONG AclSize;
1231 ULONG_PTR PrimaryGroup;
1232 PSID InputSid = NULL, CapturedSid;
1233 ULONG PrimaryGroupIndex, NewDynamicLength;
1234
1235 _SEH2_TRY
1236 {
1237 InputSid = tpg->PrimaryGroup;
1238 }
1239 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1240 {
1241 Status = _SEH2_GetExceptionCode();
1242 _SEH2_YIELD(goto Cleanup);
1243 }
1244 _SEH2_END;
1245
1246 Status = SepCaptureSid(InputSid,
1247 PreviousMode,
1248 PagedPool,
1249 FALSE,
1250 &CapturedSid);
1251 if (NT_SUCCESS(Status))
1252 {
1253 /* Lock the token */
1254 SepAcquireTokenLockExclusive(Token);
1255
1256 /*
1257 * We can whack the token's primary group only if
1258 * the charged dynamic space boundary allows us
1259 * to do so. Exceeding this boundary and we're
1260 * busted out.
1261 */
1262 AclSize = Token->DefaultDacl ? Token->DefaultDacl->AclSize : 0;
1263 NewDynamicLength = RtlLengthSid(CapturedSid) + AclSize;
1264 if (NewDynamicLength > Token->DynamicCharged)
1265 {
1266 SepReleaseTokenLock(Token);
1267 SepReleaseSid(CapturedSid, PreviousMode, FALSE);
1268 Status = STATUS_ALLOTTED_SPACE_EXCEEDED;
1269 DPRINT1("NtSetInformationToken(): Couldn't assign new primary group, space exceeded (current length %u, new length %lu)\n",
1270 Token->DynamicCharged, NewDynamicLength);
1271 goto Cleanup;
1272 }
1273
1274 /*
1275 * The dynamic part of the token may require a rebuild
1276 * if the current dynamic area is too small. If not then
1277 * we're pretty much good as is.
1278 */
1279 Status = SepRebuildDynamicPartOfToken(Token, NewDynamicLength);
1280 if (NT_SUCCESS(Status))
1281 {
1282 /* Find the primary group amongst the existing token user and groups */
1283 Status = SepFindPrimaryGroupAndDefaultOwner(Token,
1284 CapturedSid,
1285 NULL,
1286 &PrimaryGroupIndex,
1287 NULL);
1288 if (NT_SUCCESS(Status))
1289 {
1290 /*
1291 * We have found it. Add the length of
1292 * the previous primary group SID to the
1293 * available dynamic area.
1294 */
1295 Token->DynamicAvailable += RtlLengthSid(Token->PrimaryGroup);
1296
1297 /*
1298 * Move the default DACL if it's not at the
1299 * head of the dynamic part.
1300 */
1301 if ((Token->DefaultDacl) &&
1302 ((PULONG)(Token->DefaultDacl) != Token->DynamicPart))
1303 {
1304 RtlMoveMemory(Token->DynamicPart,
1305 Token->DefaultDacl,
1306 RtlLengthSid(Token->PrimaryGroup));
1307 Token->DefaultDacl = (PACL)(Token->DynamicPart);
1308 }
1309
1310 /* Take away available space from the dynamic area */
1311 Token->DynamicAvailable -= RtlLengthSid(Token->UserAndGroups[PrimaryGroupIndex].Sid);
1312
1313 /*
1314 * And assign the new primary group. For that
1315 * we have to make sure where the primary group
1316 * is going to stay in memory, so if this token
1317 * has a default DACL then add up its size with
1318 * the address of the dynamic part.
1319 */
1320 PrimaryGroup = (ULONG_PTR)(Token->DynamicPart) + AclSize;
1321 RtlCopySid(RtlLengthSid(Token->UserAndGroups[PrimaryGroupIndex].Sid),
1322 (PVOID)PrimaryGroup,
1323 Token->UserAndGroups[PrimaryGroupIndex].Sid);
1324 Token->PrimaryGroup = (PSID)PrimaryGroup;
1325
1326 ExAllocateLocallyUniqueId(&Token->ModifiedId);
1327 }
1328 }
1329
1330 /* Unlock the token */
1331 SepReleaseTokenLock(Token);
1332
1333 SepReleaseSid(CapturedSid,
1334 PreviousMode,
1335 FALSE);
1336 }
1337 }
1338 else
1339 {
1340 Status = STATUS_INFO_LENGTH_MISMATCH;
1341 }
1342 break;
1343 }
1344
1345 case TokenDefaultDacl:
1346 {
1347 if (TokenInformationLength >= sizeof(TOKEN_DEFAULT_DACL))
1348 {
1349 PTOKEN_DEFAULT_DACL tdd = (PTOKEN_DEFAULT_DACL)TokenInformation;
1350 PACL InputAcl = NULL;
1351
1352 _SEH2_TRY
1353 {
1354 InputAcl = tdd->DefaultDacl;
1355 }
1356 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1357 {
1358 Status = _SEH2_GetExceptionCode();
1359 _SEH2_YIELD(goto Cleanup);
1360 }
1361 _SEH2_END;
1362
1363 if (InputAcl != NULL)
1364 {
1365 PACL CapturedAcl;
1366
1367 /* Capture, validate, and copy the DACL */
1368 Status = SepCaptureAcl(InputAcl,
1369 PreviousMode,
1370 PagedPool,
1371 TRUE,
1372 &CapturedAcl);
1373 if (NT_SUCCESS(Status))
1374 {
1375 ULONG NewDynamicLength;
1376 ULONG_PTR Acl;
1377
1378 /* Lock the token */
1379 SepAcquireTokenLockExclusive(Token);
1380
1381 /*
1382 * We can whack the token's default DACL only if
1383 * the charged dynamic space boundary allows us
1384 * to do so. Exceeding this boundary and we're
1385 * busted out.
1386 */
1387 NewDynamicLength = CapturedAcl->AclSize + RtlLengthSid(Token->PrimaryGroup);
1388 if (NewDynamicLength > Token->DynamicCharged)
1389 {
1390 SepReleaseTokenLock(Token);
1391 SepReleaseAcl(CapturedAcl, PreviousMode, TRUE);
1392 Status = STATUS_ALLOTTED_SPACE_EXCEEDED;
1393 DPRINT1("NtSetInformationToken(): Couldn't assign new default DACL, space exceeded (current length %u, new length %lu)\n",
1394 Token->DynamicCharged, NewDynamicLength);
1395 goto Cleanup;
1396 }
1397
1398 /*
1399 * The dynamic part of the token may require a rebuild
1400 * if the current dynamic area is too small. If not then
1401 * we're pretty much good as is.
1402 */
1403 Status = SepRebuildDynamicPartOfToken(Token, NewDynamicLength);
1404 if (NT_SUCCESS(Status))
1405 {
1406 /*
1407 * Before setting up a new DACL for the
1408 * token object we add up the size of
1409 * the old DACL to the available dynamic
1410 * area
1411 */
1412 if (Token->DefaultDacl)
1413 {
1414 Token->DynamicAvailable += Token->DefaultDacl->AclSize;
1415 }
1416
1417 /*
1418 * Move the primary group if it's not at the
1419 * head of the dynamic part.
1420 */
1421 if ((PULONG)(Token->PrimaryGroup) != Token->DynamicPart)
1422 {
1423 RtlMoveMemory(Token->DynamicPart,
1424 Token->PrimaryGroup,
1425 RtlLengthSid(Token->PrimaryGroup));
1426 Token->PrimaryGroup = (PSID)(Token->DynamicPart);
1427 }
1428
1429 /* Take away available space from the dynamic area */
1430 Token->DynamicAvailable -= CapturedAcl->AclSize;
1431
1432 /* Set the new dacl */
1433 Acl = (ULONG_PTR)(Token->DynamicPart) + RtlLengthSid(Token->PrimaryGroup);
1434 RtlCopyMemory((PVOID)Acl,
1435 CapturedAcl,
1436 CapturedAcl->AclSize);
1437 Token->DefaultDacl = (PACL)Acl;
1438
1439 ExAllocateLocallyUniqueId(&Token->ModifiedId);
1440 }
1441
1442 /* Unlock the token and release the ACL */
1443 SepReleaseTokenLock(Token);
1444 SepReleaseAcl(CapturedAcl, PreviousMode, TRUE);
1445 }
1446 }
1447 else
1448 {
1449 /* Lock the token */
1450 SepAcquireTokenLockExclusive(Token);
1451
1452 /* Clear the default dacl if present */
1453 if (Token->DefaultDacl != NULL)
1454 {
1455 Token->DynamicAvailable += Token->DefaultDacl->AclSize;
1456 RtlZeroMemory(Token->DefaultDacl, Token->DefaultDacl->AclSize);
1457 Token->DefaultDacl = NULL;
1458
1459 ExAllocateLocallyUniqueId(&Token->ModifiedId);
1460 }
1461
1462 /* Unlock the token */
1463 SepReleaseTokenLock(Token);
1464 }
1465 }
1466 else
1467 {
1468 Status = STATUS_INFO_LENGTH_MISMATCH;
1469 }
1470 break;
1471 }
1472
1473 case TokenSessionId:
1474 {
1475 ULONG SessionId = 0;
1476
1477 _SEH2_TRY
1478 {
1479 /* Buffer size was already verified, no need to check here again */
1480 SessionId = *(PULONG)TokenInformation;
1481 }
1482 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1483 {
1484 Status = _SEH2_GetExceptionCode();
1485 _SEH2_YIELD(goto Cleanup);
1486 }
1487 _SEH2_END;
1488
1489 /* Check for TCB privilege */
1490 if (!SeSinglePrivilegeCheck(SeTcbPrivilege, PreviousMode))
1491 {
1492 Status = STATUS_PRIVILEGE_NOT_HELD;
1493 break;
1494 }
1495
1496 /* Lock the token */
1497 SepAcquireTokenLockExclusive(Token);
1498
1499 Token->SessionId = SessionId;
1500 ExAllocateLocallyUniqueId(&Token->ModifiedId);
1501
1502 /* Unlock the token */
1503 SepReleaseTokenLock(Token);
1504
1505 break;
1506 }
1507
1508 case TokenSessionReference:
1509 {
1510 ULONG SessionReference;
1511
1512 _SEH2_TRY
1513 {
1514 /* Buffer size was already verified, no need to check here again */
1515 SessionReference = *(PULONG)TokenInformation;
1516 }
1517 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1518 {
1519 Status = _SEH2_GetExceptionCode();
1520 _SEH2_YIELD(goto Cleanup);
1521 }
1522 _SEH2_END;
1523
1524 /* Check for TCB privilege */
1525 if (!SeSinglePrivilegeCheck(SeTcbPrivilege, PreviousMode))
1526 {
1527 Status = STATUS_PRIVILEGE_NOT_HELD;
1528 goto Cleanup;
1529 }
1530
1531 /* Check if it is 0 */
1532 if (SessionReference == 0)
1533 {
1534 ULONG OldTokenFlags;
1535
1536 /* Lock the token */
1537 SepAcquireTokenLockExclusive(Token);
1538
1539 /* Atomically set the flag in the token */
1540 OldTokenFlags = RtlInterlockedSetBits(&Token->TokenFlags,
1541 TOKEN_SESSION_NOT_REFERENCED);
1542 /*
1543 * If the flag was already set, do not dereference again
1544 * the logon session. Use SessionReference as an indicator
1545 * to know whether to really dereference the session.
1546 */
1547 if (OldTokenFlags == Token->TokenFlags)
1548 SessionReference = ULONG_MAX;
1549
1550 /*
1551 * Otherwise if the flag was never set but just for this first time then
1552 * remove the referenced logon session data from the token and dereference
1553 * the logon session when needed.
1554 */
1555 if (SessionReference == 0)
1556 {
1557 SepRmRemoveLogonSessionFromToken(Token);
1558 SepRmDereferenceLogonSession(&Token->AuthenticationId);
1559 }
1560
1561 /* Unlock the token */
1562 SepReleaseTokenLock(Token);
1563 }
1564 break;
1565 }
1566
1567 case TokenAuditPolicy:
1568 {
1569 PTOKEN_AUDIT_POLICY_INFORMATION PolicyInformation =
1570 (PTOKEN_AUDIT_POLICY_INFORMATION)TokenInformation;
1571 SEP_AUDIT_POLICY AuditPolicy;
1572 ULONG i;
1573
1574 _SEH2_TRY
1575 {
1576 ProbeForRead(PolicyInformation,
1577 FIELD_OFFSET(TOKEN_AUDIT_POLICY_INFORMATION,
1578 Policies[PolicyInformation->PolicyCount]),
1579 sizeof(ULONG));
1580
1581 /* Loop all policies in the structure */
1582 for (i = 0; i < PolicyInformation->PolicyCount; i++)
1583 {
1584 /* Set the corresponding bits in the packed structure */
1585 switch (PolicyInformation->Policies[i].Category)
1586 {
1587 case AuditCategorySystem:
1588 AuditPolicy.PolicyElements.System = PolicyInformation->Policies[i].Value;
1589 break;
1590
1591 case AuditCategoryLogon:
1592 AuditPolicy.PolicyElements.Logon = PolicyInformation->Policies[i].Value;
1593 break;
1594
1595 case AuditCategoryObjectAccess:
1596 AuditPolicy.PolicyElements.ObjectAccess = PolicyInformation->Policies[i].Value;
1597 break;
1598
1599 case AuditCategoryPrivilegeUse:
1600 AuditPolicy.PolicyElements.PrivilegeUse = PolicyInformation->Policies[i].Value;
1601 break;
1602
1603 case AuditCategoryDetailedTracking:
1604 AuditPolicy.PolicyElements.DetailedTracking = PolicyInformation->Policies[i].Value;
1605 break;
1606
1607 case AuditCategoryPolicyChange:
1608 AuditPolicy.PolicyElements.PolicyChange = PolicyInformation->Policies[i].Value;
1609 break;
1610
1611 case AuditCategoryAccountManagement:
1612 AuditPolicy.PolicyElements.AccountManagement = PolicyInformation->Policies[i].Value;
1613 break;
1614
1615 case AuditCategoryDirectoryServiceAccess:
1616 AuditPolicy.PolicyElements.DirectoryServiceAccess = PolicyInformation->Policies[i].Value;
1617 break;
1618
1619 case AuditCategoryAccountLogon:
1620 AuditPolicy.PolicyElements.AccountLogon = PolicyInformation->Policies[i].Value;
1621 break;
1622 }
1623 }
1624 }
1625 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1626 {
1627 Status = _SEH2_GetExceptionCode();
1628 _SEH2_YIELD(goto Cleanup);
1629 }
1630 _SEH2_END;
1631
1632 /* Check for TCB privilege */
1633 if (!SeSinglePrivilegeCheck(SeTcbPrivilege, PreviousMode))
1634 {
1635 Status = STATUS_PRIVILEGE_NOT_HELD;
1636 break;
1637 }
1638
1639 /* Lock the token */
1640 SepAcquireTokenLockExclusive(Token);
1641
1642 /* Set the new audit policy */
1643 Token->AuditPolicy = AuditPolicy;
1644 ExAllocateLocallyUniqueId(&Token->ModifiedId);
1645
1646 /* Unlock the token */
1647 SepReleaseTokenLock(Token);
1648
1649 break;
1650 }
1651
1652 case TokenOrigin:
1653 {
1654 TOKEN_ORIGIN TokenOrigin;
1655
1656 _SEH2_TRY
1657 {
1658 /* Copy the token origin */
1659 TokenOrigin = *(PTOKEN_ORIGIN)TokenInformation;
1660 }
1661 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1662 {
1663 Status = _SEH2_GetExceptionCode();
1664 _SEH2_YIELD(goto Cleanup);
1665 }
1666 _SEH2_END;
1667
1668 /* Check for TCB privilege */
1669 if (!SeSinglePrivilegeCheck(SeTcbPrivilege, PreviousMode))
1670 {
1671 Status = STATUS_PRIVILEGE_NOT_HELD;
1672 break;
1673 }
1674
1675 /* Lock the token */
1676 SepAcquireTokenLockExclusive(Token);
1677
1678 /* Check if there is no token origin set yet */
1679 if (RtlIsZeroLuid(&Token->OriginatingLogonSession))
1680 {
1681 /* Set the token origin */
1682 Token->OriginatingLogonSession =
1683 TokenOrigin.OriginatingLogonSession;
1684
1685 ExAllocateLocallyUniqueId(&Token->ModifiedId);
1686 }
1687
1688 /* Unlock the token */
1689 SepReleaseTokenLock(Token);
1690
1691 break;
1692 }
1693
1694 default:
1695 {
1696 DPRINT1("Invalid TokenInformationClass: 0x%lx\n",
1697 TokenInformationClass);
1698 Status = STATUS_INVALID_INFO_CLASS;
1699 break;
1700 }
1701 }
1702Cleanup:
1703 ObDereferenceObject(Token);
1704 }
1705
1706 if (!NT_SUCCESS(Status))
1707 {
1708 DPRINT1("NtSetInformationToken failed with Status 0x%lx\n", Status);
1709 }
1710
1711 return Status;
1712}
RTL_NUMBER_OF
#define RTL_NUMBER_OF(x)
Definition: RtlRegistry.c:12
SessionId
ULONG SessionId
Definition: dllmain.c:28
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
RtlCopySid
NTSYSAPI BOOLEAN WINAPI RtlCopySid(DWORD, PSID, PSID)
ULONG_MAX
#define ULONG_MAX
Definition: intsafe.h:155
PSID
struct _SID * PSID
Definition: eventlog.c:35
PACL
struct _ACL * PACL
Definition: security.c:105
PrimaryGroup
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1623
RtlLengthSid
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
TokenInformationClass
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
Definition: sefuncs.h:317
TokenInformationLength
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
Definition: sefuncs.h:319
ExAllocateLocallyUniqueId
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:335
DefaultSetInfoBufferCheck
static __inline NTSTATUS DefaultSetInfoBufferCheck(_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ PVOID Buffer, _In_ ULONG BufferLength, _In_ KPROCESSOR_MODE PreviousMode)
Probe helper that validates the provided parameters whenever a NtSet*** system call is invoked from u...
Definition: probe.h:70
SepRmRemoveLogonSessionFromToken
NTSTATUS NTAPI SepRmRemoveLogonSessionFromToken(_Inout_ PTOKEN Token)
Removes a logon session from an access token.
Definition: srm.c:449
SepRmDereferenceLogonSession
NTSTATUS SepRmDereferenceLogonSession(_Inout_ PLUID LogonLuid)
SepFindPrimaryGroupAndDefaultOwner
NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Finds the primary group and default owner entity based on the submitted primary group instance and an...
Definition: token.c:1011
SeTcbPrivilege
const LUID SeTcbPrivilege
Definition: priv.c:26
SepAcquireTokenLockExclusive
#define SepAcquireTokenLockExclusive(Token)
Definition: se.h:285
PTOKEN_AUDIT_POLICY_INFORMATION
struct _TOKEN_AUDIT_POLICY_INFORMATION * PTOKEN_AUDIT_POLICY_INFORMATION
SepReleaseTokenLock
#define SepReleaseTokenLock(Token)
Definition: se.h:296
SepRebuildDynamicPartOfToken
NTSTATUS SepRebuildDynamicPartOfToken(_In_ PTOKEN Token, _In_ ULONG NewDynamicPartSize)
AuditCategoryLogon
@ AuditCategoryLogon
Definition: ntsecapi.h:261
AuditCategoryAccountManagement
@ AuditCategoryAccountManagement
Definition: ntsecapi.h:266
AuditCategoryAccountLogon
@ AuditCategoryAccountLogon
Definition: ntsecapi.h:268
AuditCategoryPolicyChange
@ AuditCategoryPolicyChange
Definition: ntsecapi.h:265
AuditCategorySystem
@ AuditCategorySystem
Definition: ntsecapi.h:260
AuditCategoryObjectAccess
@ AuditCategoryObjectAccess
Definition: ntsecapi.h:262
AuditCategoryDirectoryServiceAccess
@ AuditCategoryDirectoryServiceAccess
Definition: ntsecapi.h:267
AuditCategoryDetailedTracking
@ AuditCategoryDetailedTracking
Definition: ntsecapi.h:264
AuditCategoryPrivilegeUse
@ AuditCategoryPrivilegeUse
Definition: ntsecapi.h:263
STATUS_ALLOTTED_SPACE_EXCEEDED
#define STATUS_ALLOTTED_SPACE_EXCEEDED
Definition: ntstatus.h:389
STATUS_INVALID_INFO_CLASS
#define STATUS_INVALID_INFO_CLASS
Definition: ntstatus.h:240
DPRINT
#define DPRINT
Definition: sndvol32.h:73
_ACL::AclSize
USHORT AclSize
Definition: ms-dtyp.idl:296
_SEP_AUDIT_POLICY_CATEGORIES::ObjectAccess
UCHAR ObjectAccess
Definition: setypes.h:139
_SEP_AUDIT_POLICY_CATEGORIES::System
UCHAR System
Definition: setypes.h:137
_SEP_AUDIT_POLICY_CATEGORIES::PolicyChange
UCHAR PolicyChange
Definition: setypes.h:142
_SEP_AUDIT_POLICY_CATEGORIES::AccountLogon
UCHAR AccountLogon
Definition: setypes.h:145
_SEP_AUDIT_POLICY_CATEGORIES::DirectoryServiceAccess
UCHAR DirectoryServiceAccess
Definition: setypes.h:144
_SEP_AUDIT_POLICY_CATEGORIES::DetailedTracking
UCHAR DetailedTracking
Definition: setypes.h:141
_SEP_AUDIT_POLICY_CATEGORIES::AccountManagement
UCHAR AccountManagement
Definition: setypes.h:143
_SEP_AUDIT_POLICY_CATEGORIES::PrivilegeUse
UCHAR PrivilegeUse
Definition: setypes.h:140
_SEP_AUDIT_POLICY_CATEGORIES::Logon
UCHAR Logon
Definition: setypes.h:138
_SEP_AUDIT_POLICY
Definition: setypes.h:155
_SEP_AUDIT_POLICY::PolicyElements
SEP_AUDIT_POLICY_CATEGORIES PolicyElements
Definition: setypes.h:158
_TOKEN_AUDIT_POLICY_INFORMATION
Definition: se.h:68
_TOKEN_AUDIT_POLICY_INFORMATION::PolicyCount
ULONG PolicyCount
Definition: se.h:69
_TOKEN_AUDIT_POLICY_INFORMATION::Policies
struct _TOKEN_AUDIT_POLICY_INFORMATION::@1855 Policies[1]
_TOKEN_DEFAULT_DACL::DefaultDacl
PACL DefaultDacl
Definition: setypes.h:1036
_TOKEN_ORIGIN
Definition: setypes.h:1106
_TOKEN_OWNER::Owner
PSID Owner
Definition: setypes.h:1028
_TOKEN_PRIMARY_GROUP::PrimaryGroup
PSID PrimaryGroup
Definition: setypes.h:1032
SeTokenInformationClass
static const INFORMATION_CLASS_INFO SeTokenInformationClass[]
Definition: tokencls.c:19
PULONG
uint32_t * PULONG
Definition: typedefs.h:59
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
RtlMoveMemory
#define RtlMoveMemory(Destination, Source, Length)
Definition: typedefs.h:264
STATUS_INFO_LENGTH_MISMATCH
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133
RtlIsZeroLuid
#define RtlIsZeroLuid(_L1)
Definition: rtlfuncs.h:764
RtlInterlockedSetBits
#define RtlInterlockedSetBits(Flags, Flag)
Definition: rtlfuncs.h:3451
PTOKEN_PRIMARY_GROUP
struct _TOKEN_PRIMARY_GROUP * PTOKEN_PRIMARY_GROUP
TOKEN_SESSION_NOT_REFERENCED
#define TOKEN_SESSION_NOT_REFERENCED
Definition: setypes.h:1184
PTOKEN_DEFAULT_DACL
struct _TOKEN_DEFAULT_DACL * PTOKEN_DEFAULT_DACL
PTOKEN_ORIGIN
struct _TOKEN_ORIGIN * PTOKEN_ORIGIN
TOKEN_ADJUST_SESSIONID
#define TOKEN_ADJUST_SESSIONID
Definition: setypes.h:933
TokenAuditPolicy
@ TokenAuditPolicy
Definition: setypes.h:981
TokenOrigin
@ TokenOrigin
Definition: setypes.h:982
TokenSessionId
@ TokenSessionId
Definition: setypes.h:977
TokenSessionReference
@ TokenSessionReference
Definition: setypes.h:979
TOKEN_ADJUST_DEFAULT
#define TOKEN_ADJUST_DEFAULT
Definition: setypes.h:932
PTOKEN_OWNER
struct _TOKEN_OWNER * PTOKEN_OWNER

◆ SeCaptureSecurityDescriptor()

NTKERNELAPI NTSTATUS NTAPI SeCaptureSecurityDescriptor ( _In_ PSECURITY_DESCRIPTOR  _OriginalSecurityDescriptor,
_In_ KPROCESSOR_MODE  CurrentMode,
_In_ POOL_TYPE  PoolType,
_In_ BOOLEAN  CaptureIfKernel,
_Out_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor 
)

Captures a security descriptor.

Parameters
[in]_OriginalSecurityDescriptorAn already existing and valid security descriptor to be captured.
[in]CurrentModeProcessor level access mode.
[in]PoolTypePool type to be used when allocating the captured buffer.
[in]CaptureIfKernelSet this to TRUE if capturing is done within the kernel.
[out]CapturedSecurityDescriptorThe captured security descriptor.
Returns
Returns STATUS_SUCCESS if the operations have been completed successfully and that the security descriptor has been captured. STATUS_UNKNOWN_REVISION is returned if the security descriptor has an unknown revision. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the captured buffer has failed. A failure NTSTATUS code is returned otherwise.

Definition at line 386 of file sd.c.

392{
393 PISECURITY_DESCRIPTOR OriginalDescriptor = _OriginalSecurityDescriptor;
394 SECURITY_DESCRIPTOR DescriptorCopy;
395 PISECURITY_DESCRIPTOR_RELATIVE NewDescriptor;
396 ULONG OwnerSAC = 0, GroupSAC = 0;
397 ULONG OwnerSize = 0, GroupSize = 0;
398 ULONG SaclSize = 0, DaclSize = 0;
399 ULONG DescriptorSize = 0;
400 ULONG Offset;
401
402 if (!OriginalDescriptor)
403 {
404 /* Nothing to do... */
405 *CapturedSecurityDescriptor = NULL;
406 return STATUS_SUCCESS;
407 }
408
409 /* Quick path */
410 if (CurrentMode == KernelMode && !CaptureIfKernel)
411 {
412 /* Check descriptor version */
413 if (OriginalDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
414 {
415 return STATUS_UNKNOWN_REVISION;
416 }
417
418 *CapturedSecurityDescriptor = _OriginalSecurityDescriptor;
419 return STATUS_SUCCESS;
420 }
421
422 _SEH2_TRY
423 {
424 if (CurrentMode != KernelMode)
425 {
426 ProbeForRead(OriginalDescriptor,
427 sizeof(SECURITY_DESCRIPTOR_RELATIVE),
428 sizeof(ULONG));
429 }
430
431 /* Check the descriptor version */
432 if (OriginalDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
433 {
434 _SEH2_YIELD(return STATUS_UNKNOWN_REVISION);
435 }
436
437 if (CurrentMode != KernelMode)
438 {
439 /* Get the size of the descriptor */
440 DescriptorSize = (OriginalDescriptor->Control & SE_SELF_RELATIVE) ?
441 sizeof(SECURITY_DESCRIPTOR_RELATIVE) : sizeof(SECURITY_DESCRIPTOR);
442
443 /* Probe the entire security descriptor structure. The SIDs
444 * and ACLs will be probed and copied later though */
445 ProbeForRead(OriginalDescriptor, DescriptorSize, sizeof(ULONG));
446 }
447
448 /* Now capture all fields and convert to an absolute descriptor */
449 DescriptorCopy.Revision = OriginalDescriptor->Revision;
450 DescriptorCopy.Sbz1 = OriginalDescriptor->Sbz1;
451 DescriptorCopy.Control = OriginalDescriptor->Control & ~SE_SELF_RELATIVE;
452 DescriptorCopy.Owner = SepGetOwnerFromDescriptor(OriginalDescriptor);
453 DescriptorCopy.Group = SepGetGroupFromDescriptor(OriginalDescriptor);
454 DescriptorCopy.Sacl = SepGetSaclFromDescriptor(OriginalDescriptor);
455 DescriptorCopy.Dacl = SepGetDaclFromDescriptor(OriginalDescriptor);
456 DescriptorSize = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
457
458 /* Determine owner and group sizes */
459 OwnerSize = DetermineSIDSize(DescriptorCopy.Owner, &OwnerSAC, CurrentMode);
460 DescriptorSize += ROUND_UP(OwnerSize, sizeof(ULONG));
461 GroupSize = DetermineSIDSize(DescriptorCopy.Group, &GroupSAC, CurrentMode);
462 DescriptorSize += ROUND_UP(GroupSize, sizeof(ULONG));
463
464 /* Determine the size of the ACLs */
465 if (DescriptorCopy.Control & SE_SACL_PRESENT)
466 {
467 /* Get the size and probe if user mode */
468 SaclSize = DetermineACLSize(DescriptorCopy.Sacl, CurrentMode);
469 DescriptorSize += ROUND_UP(SaclSize, sizeof(ULONG));
470 }
471
472 if (DescriptorCopy.Control & SE_DACL_PRESENT)
473 {
474 /* Get the size and probe if user mode */
475 DaclSize = DetermineACLSize(DescriptorCopy.Dacl, CurrentMode);
476 DescriptorSize += ROUND_UP(DaclSize, sizeof(ULONG));
477 }
478 }
479 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
480 {
481 _SEH2_YIELD(return _SEH2_GetExceptionCode());
482 }
483 _SEH2_END;
484
485 /*
486 * Allocate enough memory to store a complete copy of a self-relative
487 * security descriptor
488 */
489 NewDescriptor = ExAllocatePoolWithTag(PoolType,
490 DescriptorSize,
491 TAG_SD);
492 if (!NewDescriptor) return STATUS_INSUFFICIENT_RESOURCES;
493
494 RtlZeroMemory(NewDescriptor, DescriptorSize);
495 NewDescriptor->Revision = DescriptorCopy.Revision;
496 NewDescriptor->Sbz1 = DescriptorCopy.Sbz1;
497 NewDescriptor->Control = DescriptorCopy.Control | SE_SELF_RELATIVE;
498
499 _SEH2_TRY
500 {
501 /*
502 * Setup the offsets and copy the SIDs and ACLs to the new
503 * self-relative security descriptor. Probing the pointers is not
504 * neccessary anymore as we did that when collecting the sizes!
505 * Make sure to validate the SIDs and ACLs *again* as they could have
506 * been modified in the meanwhile!
507 */
508 Offset = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
509
510 if (DescriptorCopy.Owner)
511 {
512 if (!RtlValidSid(DescriptorCopy.Owner)) RtlRaiseStatus(STATUS_INVALID_SID);
513 NewDescriptor->Owner = Offset;
514 RtlCopyMemory((PUCHAR)NewDescriptor + Offset,
515 DescriptorCopy.Owner,
516 OwnerSize);
517 Offset += ROUND_UP(OwnerSize, sizeof(ULONG));
518 }
519
520 if (DescriptorCopy.Group)
521 {
522 if (!RtlValidSid(DescriptorCopy.Group)) RtlRaiseStatus(STATUS_INVALID_SID);
523 NewDescriptor->Group = Offset;
524 RtlCopyMemory((PUCHAR)NewDescriptor + Offset,
525 DescriptorCopy.Group,
526 GroupSize);
527 Offset += ROUND_UP(GroupSize, sizeof(ULONG));
528 }
529
530 if (DescriptorCopy.Sacl)
531 {
532 if (!RtlValidAcl(DescriptorCopy.Sacl)) RtlRaiseStatus(STATUS_INVALID_ACL);
533 NewDescriptor->Sacl = Offset;
534 RtlCopyMemory((PUCHAR)NewDescriptor + Offset,
535 DescriptorCopy.Sacl,
536 SaclSize);
537 Offset += ROUND_UP(SaclSize, sizeof(ULONG));
538 }
539
540 if (DescriptorCopy.Dacl)
541 {
542 if (!RtlValidAcl(DescriptorCopy.Dacl)) RtlRaiseStatus(STATUS_INVALID_ACL);
543 NewDescriptor->Dacl = Offset;
544 RtlCopyMemory((PUCHAR)NewDescriptor + Offset,
545 DescriptorCopy.Dacl,
546 DaclSize);
547 Offset += ROUND_UP(DaclSize, sizeof(ULONG));
548 }
549
550 /* Make sure the size was correct */
551 ASSERT(Offset == DescriptorSize);
552 }
553 _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
554 {
555 /* We failed to copy the data to the new descriptor */
556 ExFreePoolWithTag(NewDescriptor, TAG_SD);
557 _SEH2_YIELD(return _SEH2_GetExceptionCode());
558 }
559 _SEH2_END;
560
561 /*
562 * We're finally done!
563 * Copy the pointer to the captured descriptor to to the caller.
564 */
565 *CapturedSecurityDescriptor = NewDescriptor;
566 return STATUS_SUCCESS;
567}
ROUND_UP
#define ROUND_UP(n, align)
Definition: eventvwr.h:34
SECURITY_DESCRIPTOR
struct _SECURITY_DESCRIPTOR SECURITY_DESCRIPTOR
OwnerSize
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG OwnerSize
Definition: rtlfuncs.h:1622
RtlValidAcl
NTSYSAPI BOOLEAN NTAPI RtlValidAcl(PACL Acl)
SaclSize
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG SaclSize
Definition: rtlfuncs.h:1620
RtlValidSid
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
RtlRaiseStatus
DECLSPEC_NORETURN NTSYSAPI VOID NTAPI RtlRaiseStatus(_In_ NTSTATUS Status)
DaclSize
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG DaclSize
Definition: rtlfuncs.h:1618
Offset
_In_ ULONG _In_ ULONG Offset
Definition: ntddpcm.h:101
SepGetOwnerFromDescriptor
FORCEINLINE PSID SepGetOwnerFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
Definition: se.h:109
SepGetGroupFromDescriptor
FORCEINLINE PSID SepGetGroupFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
Definition: se.h:89
SepGetDaclFromDescriptor
FORCEINLINE PACL SepGetDaclFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
Definition: se.h:129
SepGetSaclFromDescriptor
FORCEINLINE PACL SepGetSaclFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
Definition: se.h:151
DetermineSIDSize
static ULONG DetermineSIDSize(_In_ PISID Sid, _Inout_ PULONG OutSAC, _In_ KPROCESSOR_MODE ProcessorMode)
Determines the size of a SID.
Definition: sd.c:290
DetermineACLSize
static ULONG DetermineACLSize(_In_ PACL Acl, _In_ KPROCESSOR_MODE ProcessorMode)
Determines the size of an ACL.
Definition: sd.c:336
STATUS_UNKNOWN_REVISION
#define STATUS_UNKNOWN_REVISION
Definition: ntstatus.h:324
STATUS_INVALID_ACL
#define STATUS_INVALID_ACL
Definition: ntstatus.h:355
STATUS_INVALID_SID
#define STATUS_INVALID_SID
Definition: ntstatus.h:356
_SECURITY_DESCRIPTOR_RELATIVE
Definition: setypes.h:836
_SECURITY_DESCRIPTOR::Revision
UCHAR Revision
Definition: ms-dtyp.idl:302
_SECURITY_DESCRIPTOR::Group
ULONG Group
Definition: ms-dtyp.idl:306
_SECURITY_DESCRIPTOR::Control
USHORT Control
Definition: ms-dtyp.idl:304
_SECURITY_DESCRIPTOR::Sbz1
UCHAR Sbz1
Definition: ms-dtyp.idl:303
_SECURITY_DESCRIPTOR::Sacl
ULONG Sacl
Definition: ms-dtyp.idl:307
_SECURITY_DESCRIPTOR::Owner
ULONG Owner
Definition: ms-dtyp.idl:305
_SECURITY_DESCRIPTOR::Dacl
ULONG Dacl
Definition: ms-dtyp.idl:308
DescriptorSize
_In_ SIZE_T DescriptorSize
Definition: nls.c:40
TAG_SD
#define TAG_SD
Definition: tag.h:152
PUCHAR
unsigned char * PUCHAR
Definition: typedefs.h:53
PoolType
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3815
NewDescriptor
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:30
SE_SELF_RELATIVE
#define SE_SELF_RELATIVE
Definition: setypes.h:834
SECURITY_DESCRIPTOR_RELATIVE
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
SE_SACL_PRESENT
#define SE_SACL_PRESENT
Definition: setypes.h:823
SECURITY_DESCRIPTOR_REVISION1
#define SECURITY_DESCRIPTOR_REVISION1
Definition: setypes.h:59
SE_DACL_PRESENT
#define SE_DACL_PRESENT
Definition: setypes.h:821

Referenced by NtOpenObjectAuditAlarm(), NtSetSecurityObject(), ObpCaptureObjectCreateInformation(), ProbeAndCaptureObjectAttributes(), SepAccessCheck(), and SepAccessCheckAndAuditAlarm().

◆ SeCreateAccessState()

NTKERNELAPI NTSTATUS NTAPI SeCreateAccessState ( _In_ PACCESS_STATE  AccessState,
_In_ PAUX_ACCESS_DATA  AuxData,
_In_ ACCESS_MASK  Access,
_In_ PGENERIC_MAPPING  GenericMapping 
)

◆ SeDeleteAccessState()

NTKERNELAPI VOID NTAPI SeDeleteAccessState ( _In_ PACCESS_STATE  AccessState)

Deletes an allocated access state from the memory.

Parameters
[in]AccessStateA valid access state.
Returns
Nothing.

Definition at line 150 of file access.c.

152{
153 PAUX_ACCESS_DATA AuxData;
154 PAGED_CODE();
155
156 /* Get the Auxiliary Data */
157 AuxData = AccessState->AuxData;
158
159 /* Deallocate Privileges */
160 if (AccessState->PrivilegesAllocated)
161 ExFreePoolWithTag(AuxData->PrivilegesUsed, TAG_PRIVILEGE_SET);
162
163 /* Deallocate Name and Type Name */
164 if (AccessState->ObjectName.Buffer)
165 {
166 ExFreePool(AccessState->ObjectName.Buffer);
167 }
168
169 if (AccessState->ObjectTypeName.Buffer)
170 {
171 ExFreePool(AccessState->ObjectTypeName.Buffer);
172 }
173
174 /* Release the Subject Context */
175 SeReleaseSubjectContext(&AccessState->SubjectSecurityContext);
176}
ExFreePool
#define ExFreePool(addr)
Definition: env_spec_w32.h:352
_AUX_ACCESS_DATA
Definition: setypes.h:257
_AUX_ACCESS_DATA::PrivilegesUsed
PPRIVILEGE_SET PrivilegesUsed
Definition: setypes.h:258
AccessState
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:417

Referenced by NtOpenProcess(), NtOpenThread(), ObDuplicateObject(), ObInsertObject(), ObOpenObjectByName(), ObOpenObjectByPointer(), ObReferenceObjectByName(), PspCreateProcess(), PspCreateThread(), and START_TEST().

◆ SeReleaseSecurityDescriptor()

NTKERNELAPI NTSTATUS NTAPI SeReleaseSecurityDescriptor ( _In_ PSECURITY_DESCRIPTOR  CapturedSecurityDescriptor,
_In_ KPROCESSOR_MODE  CurrentMode,
_In_ BOOLEAN  CaptureIfKernelMode 
)

Releases a captured security descriptor buffer.

Parameters
[in]CapturedSecurityDescriptorThe captured security descriptor to be freed.
[in]CurrentModeProcessor level access mode.
[in]CaptureIfKernelModeSet this to TRUE if the releasing is to be done within the kernel.
Returns
Returns STATUS_SUCCESS.

Definition at line 760 of file sd.c.

764{
765 PAGED_CODE();
766
767 /*
768 * WARNING! You need to call this function with the same value for CurrentMode
769 * and CaptureIfKernelMode that you previously passed to
770 * SeCaptureSecurityDescriptor() in order to avoid memory leaks!
771 */
772 if (CapturedSecurityDescriptor != NULL &&
773 (CurrentMode != KernelMode ||
774 (CurrentMode == KernelMode && CaptureIfKernelMode)))
775 {
776 /* Only delete the descriptor when SeCaptureSecurityDescriptor() allocated one! */
777 ExFreePoolWithTag(CapturedSecurityDescriptor, TAG_SD);
778 }
779
780 return STATUS_SUCCESS;
781}

Referenced by NtOpenObjectAuditAlarm(), NtSetSecurityObject(), ObInsertObject(), ObpReleaseObjectCreateInformation(), ReleaseCapturedObjectAttributes(), SepAccessCheck(), and SepAccessCheckAndAuditAlarm().

◆ SeTokenImpersonationLevel()

NTKERNELAPI SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel ( _In_ PACCESS_TOKEN  Token)

Gathers the security impersonation level of an access token.

Parameters
[in]TokenA valid access token where the impersonation level has to be gathered.
Returns
Returns the security impersonation level from a valid token.

Definition at line 2059 of file token.c.

2061{
2062 PAGED_CODE();
2063
2064 return ((PTOKEN)Token)->ImpersonationLevel;
2065}

Referenced by PsAssignImpersonationToken().

◆ ZwAccessCheck()

NTSYSAPI NTSTATUS NTAPI ZwAccessCheck ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_writes_bytes_ *PrivilegeSetLength PPRIVILEGE_SET  PrivilegeSet,
_Out_ PULONG  PrivilegeSetLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ ZwAdjustGroupsToken()

NTSYSAPI NTSTATUS NTAPI ZwAdjustGroupsToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  ResetToDefault,
_In_ PTOKEN_GROUPS  NewState,
_In_ ULONG  BufferLength,
_Out_opt_ PTOKEN_GROUPS  PreviousState,
_Out_ PULONG  ReturnLength 
)

◆ ZwAdjustPrivilegesToken()

_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI ZwAdjustPrivilegesToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  DisableAllPrivileges,
_In_opt_ PTOKEN_PRIVILEGES  NewState,
_In_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES  PreviousState,
_When_(PreviousState !=NULL, _Out_) PULONG  ReturnLength 
)

Referenced by RtlAcquirePrivilege(), RtlAdjustPrivilege(), RtlpSysVolTakeOwnership(), RtlReleasePrivilege(), and RtlRemovePrivileges().

◆ ZwAllocateLocallyUniqueId()

NTSYSAPI NTSTATUS NTAPI ZwAllocateLocallyUniqueId ( _Out_ LUID LocallyUniqueId)

Referenced by CreateInitialSystemToken().

◆ ZwAllocateUuids()

NTSYSAPI NTSTATUS NTAPI ZwAllocateUuids ( _Out_ PULARGE_INTEGER  Time,
_Out_ PULONG  Range,
_Out_ PULONG  Sequence,
_Out_ PUCHAR  Seed 
)

◆ ZwCreateToken()

NTSYSAPI NTSTATUS NTAPI ZwCreateToken ( _Out_ PHANDLE  TokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ TOKEN_TYPE  TokenType,
_In_ PLUID  AuthenticationId,
_In_ PLARGE_INTEGER  ExpirationTime,
_In_ PTOKEN_USER  TokenUser,
_In_ PTOKEN_GROUPS  TokenGroups,
_In_ PTOKEN_PRIVILEGES  TokenPrivileges,
_In_ PTOKEN_OWNER  TokenOwner,
_In_ PTOKEN_PRIMARY_GROUP  TokenPrimaryGroup,
_In_ PTOKEN_DEFAULT_DACL  TokenDefaultDacl,
_In_ PTOKEN_SOURCE  TokenSource 
)

Referenced by CreateInitialSystemToken().

◆ ZwImpersonateAnonymousToken()

NTSYSAPI NTSTATUS NTAPI ZwImpersonateAnonymousToken ( _In_ HANDLE  Thread)

◆ ZwOpenObjectAuditAlarm()

NTSYSAPI NTSTATUS NTAPI ZwOpenObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ULONG  DesiredAccess,
_In_ ULONG  GrantedAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  ObjectCreation,
_In_ BOOLEAN  AccessGranted,
_Out_ PBOOLEAN  GenerateOnClose 
)

◆ ZwPrivilegeCheck()

NTSYSAPI NTSTATUS NTAPI ZwPrivilegeCheck ( _In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  RequiredPrivileges,
_In_ PBOOLEAN  Result 
)

◆ ZwPrivilegedServiceAuditAlarm()

NTSYSAPI NTSTATUS NTAPI ZwPrivilegedServiceAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PUNICODE_STRING  ServiceName,
_In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ ZwPrivilegeObjectAuditAlarm()

NTSYSAPI NTSTATUS NTAPI ZwPrivilegeObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PVOID  HandleId,
_In_ HANDLE  ClientToken,
_In_ ULONG  DesiredAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ ZwSetInformationToken()

NTSYSAPI NTSTATUS NTAPI ZwSetInformationToken ( _In_ HANDLE  TokenHandle,
_In_ TOKEN_INFORMATION_CLASS  TokenInformationClass,
_Out_ PVOID  TokenInformation,
_In_ ULONG  TokenInformationLength 
)

Variable Documentation

◆ DesiredAccess

_In_ ACCESS_MASK DesiredAccess

Definition at line 408 of file sefuncs.h.

◆ EffectiveOnly

_Must_inspect_result_ _In_opt_ PACCESS_TOKEN _In_ BOOLEAN _In_ BOOLEAN EffectiveOnly

Definition at line 410 of file sefuncs.h.

Referenced by GetProcessLuid(), NtCloseObjectAuditAlarm(), NtDuplicateToken(), NtOpenThreadTokenEx(), ObpReferenceDeviceMap(), PsImpersonateClient(), PsReferenceEffectiveToken(), PsReferenceImpersonationToken(), SeCaptureSubjectContextEx(), SeImpersonateClientEx(), SepDuplicateToken(), and SepOpenThreadToken().

◆ HandleAttributes

_In_ ACCESS_MASK _In_ ULONG HandleAttributes

Definition at line 453 of file sefuncs.h.

◆ Length

_In_ TOKEN_INFORMATION_CLASS _In_ ULONG Length

Definition at line 493 of file sefuncs.h.

◆ NewTokenHandle

_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle

Definition at line 412 of file sefuncs.h.

Referenced by CreateRestrictedToken(), NtDuplicateToken(), and NtFilterToken().

◆ ObjectAttributes

_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes

Definition at line 409 of file sefuncs.h.

◆ ResultLength

_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ResultLength

Definition at line 494 of file sefuncs.h.

◆ ReturnLength

_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ReturnLength

Definition at line 320 of file sefuncs.h.

◆ TokenHandle

_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle

Definition at line 444 of file sefuncs.h.

◆ TokenInformationClass

_In_ TOKEN_INFORMATION_CLASS TokenInformationClass

Definition at line 317 of file sefuncs.h.

Referenced by GetTokenInformation(), NtQueryInformationToken(), NtSetInformationToken(), SeQueryInformationToken(), and SetTokenInformation().

◆ TokenInformationLength

_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength

Definition at line 319 of file sefuncs.h.

Referenced by GetTokenInformation(), NtQueryInformationToken(), NtSetInformationToken(), and SetTokenInformation().

◆ TokenType

_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType

Definition at line 411 of file sefuncs.h.

Referenced by CreateProcessAsUserCommon(), DuplicateTokenEx(), ImpersonateLoggedOnUser(), ImpersonatePrinterClient(), NpFreeClientSecurityContext(), NtCreateToken(), NtDuplicateToken(), NtQueryInformationToken(), PsReferenceEffectiveToken(), QueryTokenTypeTests(), SeCreateClientSecurity(), SepCreateClientSecurity(), SepCreateToken(), SepDuplicateToken(), SeQueryInformationToken(), test_CreateRestrictedToken(), TestsSeQueryInformationToken(), validate_impersonation_token(), and WhoamiGetTokenInfo().