ReactOS  0.4.15-dev-4614-ga5a6101
sefuncs.h File Reference
#include <umtypes.h>
Include dependency graph for sefuncs.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

NTKERNELAPI NTSTATUS NTAPI SeCaptureSecurityDescriptor (_In_ PSECURITY_DESCRIPTOR OriginalSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
 Captures a security descriptor. More...
 
NTKERNELAPI NTSTATUS NTAPI SeReleaseSecurityDescriptor (_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
 Releases a captured security descriptor buffer. More...
 
NTKERNELAPI NTSTATUS NTAPI SeCreateAccessState (_In_ PACCESS_STATE AccessState, _In_ PAUX_ACCESS_DATA AuxData, _In_ ACCESS_MASK Access, _In_ PGENERIC_MAPPING GenericMapping)
 
NTKERNELAPI VOID NTAPI SeDeleteAccessState (_In_ PACCESS_STATE AccessState)
 Deletes an allocated access state from the memory. More...
 
NTKERNELAPI SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel (_In_ PACCESS_TOKEN Token)
 Gathers the security impersonation level of an access token. More...
 
NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheck (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_ PPRIVILEGE_SET PrivilegeSet, _Out_ PULONG ReturnLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
NTSTATUS NTAPI NtAccessCheckByType (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 Determines whether security access could be granted or not on an object by the requestor who wants such access through type. More...
 
NTSTATUS NTAPI NtAccessCheckByTypeResultList (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 Determines whether security access could be granted or not on an object by the requestor who wants such access through type list. More...
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made. More...
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_opt_ PTOKEN_GROUPS NewState, _In_opt_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAllocateLocallyUniqueId (_Out_ LUID *LocallyUniqueId)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAllocateUuids (_Out_ PULARGE_INTEGER Time, _Out_ PULONG Range, _Out_ PULONG Sequence, _Out_ PUCHAR Seed)
 
NTSYSCALLAPI NTSTATUS NTAPI NtCompareTokens (_In_ HANDLE FirstTokenHandle, _In_ HANDLE SecondTokenHandle, _Out_ PBOOLEAN Equal)
 Compares tokens if they're equal or not. More...
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateToken (_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_opt_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_opt_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
 Creates an access token. More...
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken (_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
 Duplicates a token. More...
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFilterToken (_In_ HANDLE ExistingTokenHandle, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PHANDLE NewTokenHandle)
 Creates an access token in a restricted form from the original existing token, that is, such action is called filtering. More...
 
NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken (_In_ HANDLE ThreadHandle)
 Allows the calling thread to impersonate the system's anonymous logon token. More...
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
 Raises an alarm audit message when an object is about to be opened. More...
 
NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck (_In_ HANDLE ClientToken, _Inout_ PPRIVILEGE_SET RequiredPrivileges, _Out_ PBOOLEAN Result)
 
NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
 _When_ (TokenInformationClass==TokenAccessInformation, _At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))) _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle
 
_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ (TokenInformationLength, *ReturnLength) PVOID TokenInformation
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken (_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
 Sets (modifies) some specific information in regard of an access token. The calling thread must have specific access rights in order to modify token's information data. More...
 
NTSYSAPI NTSTATUS NTAPI ZwAccessCheck (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_ PPRIVILEGE_SET PrivilegeSet, _Out_ PULONG ReturnLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
NTSYSAPI NTSTATUS NTAPI ZwAdjustGroupsToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_ PTOKEN_GROUPS NewState, _In_ ULONG BufferLength, _Out_opt_ PTOKEN_GROUPS PreviousState, _Out_ PULONG ReturnLength)
 
_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI ZwAdjustPrivilegesToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
 
NTSYSAPI NTSTATUS NTAPI ZwAllocateLocallyUniqueId (_Out_ LUID *LocallyUniqueId)
 
NTSYSAPI NTSTATUS NTAPI ZwAllocateUuids (_Out_ PULARGE_INTEGER Time, _Out_ PULONG Range, _Out_ PULONG Sequence, _Out_ PUCHAR Seed)
 
NTSYSAPI NTSTATUS NTAPI ZwCreateToken (_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
 
 _IRQL_requires_max_ (PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwDuplicateToken(_In_ HANDLE ExistingTokenHandle
 Queries information details about a security descriptor. More...
 
NTSYSAPI NTSTATUS NTAPI ZwImpersonateAnonymousToken (_In_ HANDLE Thread)
 
NTSYSAPI NTSTATUS NTAPI ZwOpenObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ULONG DesiredAccess, _In_ ULONG GrantedAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
 
NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 
NTSYSAPI NTSTATUS NTAPI ZwPrivilegeCheck (_In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET RequiredPrivileges, _In_ PBOOLEAN Result)
 
NTSYSAPI NTSTATUS NTAPI ZwPrivilegedServiceAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
NTSYSAPI NTSTATUS NTAPI ZwPrivilegeObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ULONG DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ (Length, *ResultLength) PVOID TokenInformation
 
NTSYSAPI NTSTATUS NTAPI ZwSetInformationToken (_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_ PVOID TokenInformation, _In_ ULONG TokenInformationLength)
 

Variables

_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ReturnLength
 
_In_ ACCESS_MASK DesiredAccess
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
 
_In_ ACCESS_MASK _Out_ PHANDLE TokenHandle
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG Length
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ResultLength
 

Function Documentation

◆ _IRQL_requires_max_()

_IRQL_requires_max_ ( PASSIVE_LEVEL  )

Queries information details about a security descriptor.

Computes the quota size of a security descriptor.

Assigns a security descriptor for a new object.

An extended function that assigns a security descriptor for a new object.

Frees a security descriptor.

An extended function that sets new information data to a security descriptor.

Modifies some information data about a security descriptor.

Parameters
[in]SecurityInformationSecurity information details to be queried from a security descriptor.
[out]SecurityDescriptorThe returned security descriptor with security information data.
[in,out]LengthThe returned length of a security descriptor.
[in,out]ObjectsSecurityDescriptorThe returned object security descriptor.
Returns
Returns STATUS_SUCCESS if the operations have been completed successfully and that the specific information about the security descriptor has been queried. STATUS_BUFFER_TOO_SMALL is returned if the buffer size is too small to contain the queried info about the security descriptor.
Parameters
[in]ObjectIf specified, the function will use this arbitrary object that points to an object security descriptor.
[in]SecurityInformationSecurity information details to be set.
[in]SecurityDescriptorA security descriptor where its info is to be changed.
[in,out]ObjectsSecurityDescriptorThe returned pointer to security descriptor objects.
[in]PoolTypePool type for the new security descriptor to allocate.
[in]GenericMappingThe generic mapping of access rights masks.
Returns
See SeSetSecurityDescriptorInfoEx.
Parameters
[in]ObjectIf specified, the function will use this arbitrary object that points to an object security descriptor.
[in]SecurityInformationSecurity information details to be set.
[in]SecurityDescriptorA security descriptor where its info is to be changed.
[in,out]ObjectsSecurityDescriptorThe returned pointer to security descriptor objects.
[in]AutoInheritFlagsFlags bitmask inheritation, influencing how the security descriptor can be inherited and if it can be in the first place.
[in]PoolTypePool type for the new security descriptor to allocate.
[in]GenericMappingThe generic mapping of access rights masks.
Returns
Returns STATUS_SUCCESS if the operations have been completed without problems and that new info has been set to the security descriptor. STATUS_NO_SECURITY_ON_OBJECT is returned if the object does not have a security descriptor. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the new security descriptor with new info set has failed.
Parameters
[in]SecurityDescriptorA security descriptor to be freed from memory.
Returns
Returns STATUS_SUCCESS.
Parameters
[in]_ParentDescriptorA security descriptor of the parent object that is being created.
[in]_ExplicitDescriptorAn explicit security descriptor that is applied to a new object.
[out]NewDescriptorThe new allocated security descriptor.
[in]ObjectTypeThe type of the new object.
[in]IsDirectoryObjectSet this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]AutoInheritFlagsAutomatic inheritance flags that influence how access control entries within ACLs from security descriptors are inherited.
[in]SubjectContextSecurity subject context of the new object.
[in]GenericMappingGeneric mapping of access mask rights.
[in]PoolTypeThis parameter is unused.
Returns
Returns STATUS_SUCCESS if the operations have been completed successfully and that the security descriptor has been assigned to the new object. STATUS_NO_TOKEN is returned if the caller hasn't supplied a valid argument to a security subject context. STATUS_INVALID_OWNER is returned if the caller hasn't supplied a parent descriptor that belongs to the main user (owner). STATUS_INVALID_PRIMARY_GROUP is returned by the same reason as with the previous NTSTATUS code. The two NTSTATUS codes are returned if the calling thread stated that the owner and/or group is defaulted to the parent descriptor (SEF_DEFAULT_OWNER_FROM_PARENT and/or SEF_DEFAULT_GROUP_FROM_PARENT respectively). STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the descriptor buffer has failed. A failure NTSTATUS is returned otherwise.
Parameters
[in]ParentDescriptorA security descriptor of the parent object that is being created.
[in]ExplicitDescriptorAn explicit security descriptor that is applied to a new object.
[out]NewDescriptorThe new allocated security descriptor.
[in]IsDirectoryObjectSet this to TRUE if the newly created object is a directory object, otherwise set this to FALSE.
[in]SubjectContextSecurity subject context of the new object.
[in]GenericMappingGeneric mapping of access mask rights.
[in]PoolTypeThis parameter is unused.
Returns
See SeAssignSecurityEx.
Parameters
[in]SecurityDescriptorA security descriptor.
[out]QuotaInfoSizeThe returned quota size of the given security descriptor to the caller. The function may return 0 to this parameter if the descriptor doesn't have a group or a discretionary access control list (DACL) even.
Returns
Returns STATUS_SUCCESS if the quota size of a security descriptor has been computed successfully. STATUS_UNKNOWN_REVISION is returned if the security descriptor has an invalid revision.

Definition at line 64 of file Messaging.c.

75 {
76  PFLT_SERVER_PORT_OBJECT PortObject;
78 
79  /* The caller must allow at least one connection */
80  if (MaxConnections == 0)
81  {
83  }
84 
85  /* The request must be for a kernel handle */
86  if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
87  {
89  }
90 
91  /*
92  * Get rundown protection on the target to stop the owner
93  * from unloading whilst this port object is open. It gets
94  * removed in the FltpServerPortClose callback
95  */
97  if (!NT_SUCCESS(Status))
98  {
99  return Status;
100  }
101 
102  /* Create the server port object for this filter */
106  KernelMode,
107  NULL,
108  sizeof(FLT_SERVER_PORT_OBJECT),
109  0,
110  0,
111  (PVOID *)&PortObject);
112  if (NT_SUCCESS(Status))
113  {
114  /* Zero out the struct */
115  RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
116 
117  /* Increment the ref count on the target filter */
119 
120  /* Setup the filter port object */
121  PortObject->Filter = Filter;
122  PortObject->ConnectNotify = ConnectNotifyCallback;
124  PortObject->MessageNotify = MessageNotifyCallback;
125  PortObject->Cookie = ServerPortCookie;
126  PortObject->MaxConnections = MaxConnections;
127 
128  /* Insert the object */
129  Status = ObInsertObject(PortObject,
130  NULL,
132  0,
133  NULL,
135  if (NT_SUCCESS(Status))
136  {
137  /* Lock the connection list */
139 
140  /* Add the new port object to the connection list and increment the count */
143 
144  /* Unlock the connection list*/
146  }
147  }
148 
149  if (!NT_SUCCESS(Status))
150  {
151  /* Allow the filter to be cleaned up */
153  }
154 
155  return Status;
156 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
_Must_inspect_result_ _Outptr_ PFLT_PORT * ServerPort
Definition: fltkernel.h:1872
PFLT_CONNECT_NOTIFY ConnectNotify
Definition: fltmgrint.h:191
VOID FLTAPI FltObjectDereference(_Inout_ PVOID Object)
Definition: Object.c:53
LONG NTSTATUS
Definition: precomp.h:26
#define InsertTailList(ListHead, Entry)
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
VOID FASTCALL ExReleaseFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:31
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
LIST_ENTRY mList
Definition: fltmgrint.h:56
_Must_inspect_result_ _In_opt_ PFLT_FILTER Filter
Definition: fltkernel.h:1801
#define FILE_READ_DATA
Definition: nt_native.h:628
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:951
Status
Definition: gdiplustypes.h:24
POBJECT_TYPE ServerPortObjectType
Definition: Messaging.c:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1872
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1872
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2934
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
VOID FASTCALL ExAcquireFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:23
NTSTATUS FLTAPI FltObjectReference(_Inout_ PVOID Object)
Definition: Object.c:41
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1872
#define NULL
Definition: types.h:112
FAST_MUTEX mLock
Definition: fltmgrint.h:55
PFLT_MESSAGE_NOTIFY MessageNotify
Definition: fltmgrint.h:193
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY _In_ LONG MaxConnections
Definition: fltkernel.h:1872
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1872
FLT_MUTEX_LIST_HEAD ConnectionList
Definition: fltmgrint.h:121

◆ _Out_writes_bytes_to_opt_() [1/2]

_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ ( TokenInformationLength  ,
ReturnLength 
)

◆ _Out_writes_bytes_to_opt_() [2/2]

_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ ( Length  ,
ResultLength 
)

◆ _When_()

◆ NtAccessCheck()

NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheck ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_ PPRIVILEGE_SET  PrivilegeSet,
_Out_ PULONG  ReturnLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ NtAccessCheckAndAuditAlarm()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus,
_Out_ PBOOLEAN  GenerateOnClose 
)

Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made.

Parameters
[in]SubsystemNameA Unicode string that points to a name of the subsystem.
[in]HandleIdA handle to an ID that is used as identification instance for auditing.
[in]ObjectTypeNameThe name of the object type.
[in]ObjectNameThe object name.
[in]SecurityDescriptorA security descriptor.
[in]DesiredAccessThe desired access rights masks requested by the caller.
[in]GenericMappingThe generic mapping of access mask rights.
[in]ObjectCreationSet this to TRUE if the object has just been created.
[out]GrantedAccessReturns the granted access rights.
[out]AccessStatusReturns a NTSTATUS status code indicating whether access check can be granted or not.
[out]GenerateOnCloseReturns TRUE if the function has generated a list of granted access rights and status codes on termination, FALSE otherwise.
Returns
See SepAccessCheckAndAuditAlarm.

Definition at line 2226 of file audit.c.

2238 {
2239  /* Call the internal function */
2240  return SepAccessCheckAndAuditAlarm(SubsystemName,
2241  HandleId,
2242  NULL,
2244  ObjectName,
2246  NULL,
2247  DesiredAccess,
2249  0,
2250  NULL,
2251  0,
2253  GrantedAccess,
2254  AccessStatus,
2256  FALSE);
2257 }
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
#define FALSE
Definition: types.h:117
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
#define NULL
Definition: types.h:112
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
_Must_inspect_result_ NTSTATUS NTAPI SepAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PHANDLE ClientTokenHandle, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccessList, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatusList, _Out_ PBOOLEAN GenerateOnClose, _In_ BOOLEAN UseResultList)
Performs security auditing, if the specific object can be granted security access or not.
Definition: audit.c:715

◆ NtAccessCheckByType()

NTSTATUS NTAPI NtAccessCheckByType ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PSID  PrincipalSelfSid,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ PPRIVILEGE_SET  PrivilegeSet,
_Inout_ PULONG  PrivilegeSetLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

Determines whether security access could be granted or not on an object by the requestor who wants such access through type.

Parameters
[in]SecurityDescriptorA security descriptor with information data for auditing.
[in]PrincipalSelfSidA principal self user SID.
[in]ClientTokenA client access token.
[in]DesiredAccessThe desired access masks rights requested by the caller.
[in]ObjectTypeListA list of object types.
[in]ObjectTypeLengthThe length size of the list.
[in]GenericMappingThe generic mapping list of access masks rights.
[in]PrivilegeSetAn array set of privileges.
[in,out]PrivilegeSetLengthThe length size of the array set of privileges.
[out]GrantedAccessThe returned granted access rights.
[out]AccessStatusThe returned NTSTATUS code indicating the final results of auditing.
Returns
To be added...

Definition at line 1447 of file accesschk.c.

1459 {
1460  UNIMPLEMENTED;
1461  return STATUS_NOT_IMPLEMENTED;
1462 }
return STATUS_NOT_IMPLEMENTED
#define UNIMPLEMENTED
Definition: debug.h:115

◆ NtAccessCheckByTypeResultList()

NTSTATUS NTAPI NtAccessCheckByTypeResultList ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PSID  PrincipalSelfSid,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ PPRIVILEGE_SET  PrivilegeSet,
_Inout_ PULONG  PrivilegeSetLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

Determines whether security access could be granted or not on an object by the requestor who wants such access through type list.

Parameters
[in]SecurityDescriptorA security descriptor with information data for auditing.
[in]PrincipalSelfSidA principal self user SID.
[in]ClientTokenA client access token.
[in]DesiredAccessThe desired access masks rights requested by the caller.
[in]ObjectTypeListA list of object types.
[in]ObjectTypeLengthThe length size of the list.
[in]GenericMappingThe generic mapping list of access masks rights.
[in]PrivilegeSetAn array set of privileges.
[in,out]PrivilegeSetLengthThe length size of the array set of privileges.
[out]GrantedAccessThe returned granted access rights.
[out]AccessStatusThe returned NTSTATUS code indicating the final results of auditing.
Returns
To be added...

Definition at line 1509 of file accesschk.c.

1521 {
1522  UNIMPLEMENTED;
1523  return STATUS_NOT_IMPLEMENTED;
1524 }
return STATUS_NOT_IMPLEMENTED
#define UNIMPLEMENTED
Definition: debug.h:115

◆ NtAdjustGroupsToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  ResetToDefault,
_In_opt_ PTOKEN_GROUPS  NewState,
_In_opt_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS  PreviousState,
_When_(PreviousState !=NULL, _Out_) PULONG  ReturnLength 
)

◆ NtAdjustPrivilegesToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  DisableAllPrivileges,
_In_opt_ PTOKEN_PRIVILEGES  NewState,
_In_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES  PreviousState,
_When_(PreviousState !=NULL, _Out_) PULONG  ReturnLength 
)

◆ NtAllocateLocallyUniqueId()

NTSYSCALLAPI NTSTATUS NTAPI NtAllocateLocallyUniqueId ( _Out_ LUID LocallyUniqueId)

◆ NtAllocateUuids()

NTSYSCALLAPI NTSTATUS NTAPI NtAllocateUuids ( _Out_ PULARGE_INTEGER  Time,
_Out_ PULONG  Range,
_Out_ PULONG  Sequence,
_Out_ PUCHAR  Seed 
)

◆ NtCompareTokens()

NTSYSCALLAPI NTSTATUS NTAPI NtCompareTokens ( _In_ HANDLE  FirstTokenHandle,
_In_ HANDLE  SecondTokenHandle,
_Out_ PBOOLEAN  Equal 
)

Compares tokens if they're equal or not.

Parameters
[in]FirstTokenThe first token.
[in]SecondTokenThe second token.
[out]EqualThe retrieved value which determines if the tokens are equal or not.
Returns
Returns STATUS_SUCCESS, otherwise it returns a failure NTSTATUS code.

Definition at line 6425 of file token.c.

6429 {
6431  PTOKEN FirstToken, SecondToken;
6432  BOOLEAN IsEqual;
6433  NTSTATUS Status;
6434 
6435  PAGED_CODE();
6436 
6438 
6439  if (PreviousMode != KernelMode)
6440  {
6441  _SEH2_TRY
6442  {
6443  ProbeForWriteBoolean(Equal);
6444  }
6446  {
6447  /* Return the exception code */
6449  }
6450  _SEH2_END;
6451  }
6452 
6453  Status = ObReferenceObjectByHandle(FirstTokenHandle,
6454  TOKEN_QUERY,
6456  PreviousMode,
6457  (PVOID*)&FirstToken,
6458  NULL);
6459  if (!NT_SUCCESS(Status))
6460  {
6461  DPRINT1("ObReferenceObjectByHandle() failed (Status 0x%lx)\n", Status);
6462  return Status;
6463  }
6464 
6465  Status = ObReferenceObjectByHandle(SecondTokenHandle,
6466  TOKEN_QUERY,
6468  PreviousMode,
6469  (PVOID*)&SecondToken,
6470  NULL);
6471  if (!NT_SUCCESS(Status))
6472  {
6473  DPRINT1("ObReferenceObjectByHandle() failed (Status 0x%lx)\n", Status);
6474  ObDereferenceObject(FirstToken);
6475  return Status;
6476  }
6477 
6478  if (FirstToken != SecondToken)
6479  {
6480  Status = SepCompareTokens(FirstToken,
6481  SecondToken,
6482  &IsEqual);
6483  }
6484  else
6485  {
6486  IsEqual = TRUE;
6487  }
6488 
6489  ObDereferenceObject(SecondToken);
6490  ObDereferenceObject(FirstToken);
6491 
6492  if (NT_SUCCESS(Status))
6493  {
6494  _SEH2_TRY
6495  {
6496  *Equal = IsEqual;
6497  }
6499  {
6501  }
6502  _SEH2_END;
6503  }
6504 
6505  return Status;
6506 }
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3063
_SEH2_TRY
Definition: create.c:4226
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
unsigned char BOOLEAN
POBJECT_TYPE SeTokenObjectType
Definition: token.c:19
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define TOKEN_QUERY
Definition: setypes.h:924
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
static NTSTATUS SepCompareTokens(_In_ PTOKEN FirstToken, _In_ PTOKEN SecondToken, _Out_ PBOOLEAN Equal)
Compares tokens if they're equal based on all the following properties. If all of the said conditions...
Definition: token.c:288
#define ObDereferenceObject
Definition: obfuncs.h:203
#define ProbeForWriteBoolean(Ptr)
Definition: probe.h:31
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
_SEH2_END
Definition: create.c:4400
LONG NTAPI ExSystemExceptionFilter(VOID)
Definition: harderr.c:349
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define PAGED_CODE()

Referenced by START_TEST().

◆ NtCreateToken()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateToken ( _Out_ PHANDLE  TokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ TOKEN_TYPE  TokenType,
_In_ PLUID  AuthenticationId,
_In_ PLARGE_INTEGER  ExpirationTime,
_In_ PTOKEN_USER  TokenUser,
_In_ PTOKEN_GROUPS  TokenGroups,
_In_ PTOKEN_PRIVILEGES  TokenPrivileges,
_In_opt_ PTOKEN_OWNER  TokenOwner,
_In_ PTOKEN_PRIMARY_GROUP  TokenPrimaryGroup,
_In_opt_ PTOKEN_DEFAULT_DACL  TokenDefaultDacl,
_In_ PTOKEN_SOURCE  TokenSource 
)

Creates an access token.

Parameters
[out]TokenHandleThe returned created token handle to the caller.
[in]DesiredAccessThe desired access rights for the token that we're creating.
[in]ObjectAttributesThe object attributes for the token object that we're creating.
[in]TokenTypeThe type of token to assign for the newly created token.
[in]AuthenticationIdAuthentication ID that represents the token's identity.
[in]ExpirationTimeExpiration time for the token. If set to -1, the token never expires.
[in]TokenUserThe main user entity for the token to assign.
[in]TokenGroupsGroup list of SIDs for the token to assign.
[in]TokenPrivilegesPrivileges for the token.
[in]TokenOwnerThe main user that owns the newly created token.
[in]TokenPrimaryGroupThe primary group that represents as the main group of the token.
[in]TokenDefaultDaclDiscretionary access control list for the token. This limits on how the token can be used, accessed and used by whom.
[in]TokenSourceThe source origin of the token who creates it.
Returns
Returns STATUS_SUCCESS if the function has successfully created the token. A failure NTSTATUS code is returned otherwise.

Definition at line 5895 of file token.c.

5909 {
5910  HANDLE hToken;
5912  ULONG PrivilegeCount, GroupCount;
5913  PSID OwnerSid, PrimaryGroupSid;
5914  PACL DefaultDacl;
5915  LARGE_INTEGER LocalExpirationTime = {{0, 0}};
5916  LUID LocalAuthenticationId;
5917  TOKEN_SOURCE LocalTokenSource;
5918  SECURITY_QUALITY_OF_SERVICE LocalSecurityQos;
5919  PLUID_AND_ATTRIBUTES CapturedPrivileges = NULL;
5920  PSID_AND_ATTRIBUTES CapturedUser = NULL;
5921  PSID_AND_ATTRIBUTES CapturedGroups = NULL;
5922  PSID CapturedOwnerSid = NULL;
5923  PSID CapturedPrimaryGroupSid = NULL;
5924  PACL CapturedDefaultDacl = NULL;
5925  ULONG PrivilegesLength, UserLength, GroupsLength;
5926  NTSTATUS Status;
5927 
5928  PAGED_CODE();
5929 
5931 
5932  if (PreviousMode != KernelMode)
5933  {
5934  _SEH2_TRY
5935  {
5937 
5938  if (ObjectAttributes != NULL)
5939  {
5941  sizeof(OBJECT_ATTRIBUTES),
5942  sizeof(ULONG));
5943  LocalSecurityQos = *(SECURITY_QUALITY_OF_SERVICE*)ObjectAttributes->SecurityQualityOfService;
5944  }
5945 
5946  ProbeForRead(AuthenticationId,
5947  sizeof(LUID),
5948  sizeof(ULONG));
5949  LocalAuthenticationId = *AuthenticationId;
5950 
5951  LocalExpirationTime = ProbeForReadLargeInteger(ExpirationTime);
5952 
5954  sizeof(TOKEN_USER),
5955  sizeof(ULONG));
5956 
5958  sizeof(TOKEN_GROUPS),
5959  sizeof(ULONG));
5960  GroupCount = TokenGroups->GroupCount;
5961 
5963  sizeof(TOKEN_PRIVILEGES),
5964  sizeof(ULONG));
5965  PrivilegeCount = TokenPrivileges->PrivilegeCount;
5966 
5967  if (TokenOwner != NULL)
5968  {
5970  sizeof(TOKEN_OWNER),
5971  sizeof(ULONG));
5972  OwnerSid = TokenOwner->Owner;
5973  }
5974  else
5975  {
5976  OwnerSid = NULL;
5977  }
5978 
5980  sizeof(TOKEN_PRIMARY_GROUP),
5981  sizeof(ULONG));
5982  PrimaryGroupSid = TokenPrimaryGroup->PrimaryGroup;
5983 
5984  if (TokenDefaultDacl != NULL)
5985  {
5987  sizeof(TOKEN_DEFAULT_DACL),
5988  sizeof(ULONG));
5989  DefaultDacl = TokenDefaultDacl->DefaultDacl;
5990  }
5991  else
5992  {
5993  DefaultDacl = NULL;
5994  }
5995 
5997  sizeof(TOKEN_SOURCE),
5998  sizeof(ULONG));
5999  LocalTokenSource = *TokenSource;
6000  }
6002  {
6003  /* Return the exception code */
6005  }
6006  _SEH2_END;
6007  }
6008  else
6009  {
6010  if (ObjectAttributes != NULL)
6011  LocalSecurityQos = *(SECURITY_QUALITY_OF_SERVICE*)ObjectAttributes->SecurityQualityOfService;
6012  LocalAuthenticationId = *AuthenticationId;
6013  LocalExpirationTime = *ExpirationTime;
6014  GroupCount = TokenGroups->GroupCount;
6015  PrivilegeCount = TokenPrivileges->PrivilegeCount;
6016  OwnerSid = TokenOwner ? TokenOwner->Owner : NULL;
6017  PrimaryGroupSid = TokenPrimaryGroup->PrimaryGroup;
6018  DefaultDacl = TokenDefaultDacl ? TokenDefaultDacl->DefaultDacl : NULL;
6019  LocalTokenSource = *TokenSource;
6020  }
6021 
6022  /* Check token type */
6023  if ((TokenType < TokenPrimary) ||
6025  {
6026  return STATUS_BAD_TOKEN_TYPE;
6027  }
6028 
6029  /* Check for token creation privilege */
6031  {
6033  }
6034 
6035  /* Capture the user SID and attributes */
6037  1,
6038  PreviousMode,
6039  NULL,
6040  0,
6041  PagedPool,
6042  FALSE,
6043  &CapturedUser,
6044  &UserLength);
6045  if (!NT_SUCCESS(Status))
6046  {
6047  goto Cleanup;
6048  }
6049 
6050  /* Capture the groups SID and attributes array */
6052  GroupCount,
6053  PreviousMode,
6054  NULL,
6055  0,
6056  PagedPool,
6057  FALSE,
6058  &CapturedGroups,
6059  &GroupsLength);
6060  if (!NT_SUCCESS(Status))
6061  {
6062  goto Cleanup;
6063  }
6064 
6065  /* Capture privileges */
6067  PrivilegeCount,
6068  PreviousMode,
6069  NULL,
6070  0,
6071  PagedPool,
6072  FALSE,
6073  &CapturedPrivileges,
6074  &PrivilegesLength);
6075  if (!NT_SUCCESS(Status))
6076  {
6077  goto Cleanup;
6078  }
6079 
6080  /* Capture the token owner SID */
6081  if (TokenOwner != NULL)
6082  {
6083  Status = SepCaptureSid(OwnerSid,
6084  PreviousMode,
6085  PagedPool,
6086  FALSE,
6087  &CapturedOwnerSid);
6088  if (!NT_SUCCESS(Status))
6089  {
6090  goto Cleanup;
6091  }
6092  }
6093 
6094  /* Capture the token primary group SID */
6095  Status = SepCaptureSid(PrimaryGroupSid,
6096  PreviousMode,
6097  PagedPool,
6098  FALSE,
6099  &CapturedPrimaryGroupSid);
6100  if (!NT_SUCCESS(Status))
6101  {
6102  goto Cleanup;
6103  }
6104 
6105  /* Capture DefaultDacl */
6106  if (DefaultDacl != NULL)
6107  {
6108  Status = SepCaptureAcl(DefaultDacl,
6109  PreviousMode,
6110  NonPagedPool,
6111  FALSE,
6112  &CapturedDefaultDacl);
6113  if (!NT_SUCCESS(Status))
6114  {
6115  goto Cleanup;
6116  }
6117  }
6118 
6119  /* Call the internal function */
6120  Status = SepCreateToken(&hToken,
6121  PreviousMode,
6122  DesiredAccess,
6124  TokenType,
6125  LocalSecurityQos.ImpersonationLevel,
6126  &LocalAuthenticationId,
6127  &LocalExpirationTime,
6128  CapturedUser,
6129  GroupCount,
6130  CapturedGroups,
6131  GroupsLength,
6132  PrivilegeCount,
6133  CapturedPrivileges,
6134  CapturedOwnerSid,
6135  CapturedPrimaryGroupSid,
6136  CapturedDefaultDacl,
6137  &LocalTokenSource,
6138  FALSE);
6139  if (NT_SUCCESS(Status))
6140  {
6141  _SEH2_TRY
6142  {
6143  *TokenHandle = hToken;
6144  }
6146  {
6148  }
6149  _SEH2_END;
6150  }
6151 
6152 Cleanup:
6153 
6154  /* Release what we captured */
6157  SeReleaseLuidAndAttributesArray(CapturedPrivileges, PreviousMode, FALSE);
6158  SepReleaseSid(CapturedOwnerSid, PreviousMode, FALSE);
6159  SepReleaseSid(CapturedPrimaryGroupSid, PreviousMode, FALSE);
6160  SepReleaseAcl(CapturedDefaultDacl, PreviousMode, FALSE);
6161 
6162  return Status;
6163 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
VOID NTAPI SepReleaseAcl(_In_ PACL CapturedAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) a captured ACL from the memory pool.
Definition: acl.c:464
const LUID SeCreateTokenPrivilege
Definition: priv.c:21
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID with attributes.
Definition: sid.c:839
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Src, _In_ ULONG PrivilegeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_ PLUID_AND_ATTRIBUTES AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PLUID_AND_ATTRIBUTES *Dest, _Inout_ PULONG Length)
NTSTATUS NTAPI SepCaptureSid(_In_ PSID InputSid, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID *CapturedSid)
Captures a SID.
Definition: sid.c:314
LONG NTSTATUS
Definition: precomp.h:26
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3063
VOID NTAPI SepReleaseSid(_In_ PSID CapturedSid, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID.
Definition: sid.c:400
_SEH2_TRY
Definition: create.c:4226
#define FALSE
Definition: types.h:117
NTSTATUS NTAPI SepCaptureAcl(_In_ PACL InputAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PACL *CapturedAcl)
Captures an access control list from an already valid input ACL.
Definition: acl.c:352
#define STATUS_BAD_TOKEN_TYPE
Definition: ntstatus.h:404
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Internal function responsible for access token object creation in the kernel. A fully created token o...
Definition: token.c:1715
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
VOID NTAPI SeReleaseLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Privilege, _In_ KPROCESSOR_MODE PreviousMode, _In_ BOOLEAN CaptureIfKernel)
Releases a LUID with attributes structure.
Definition: priv.c:554
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
#define ProbeForReadLargeInteger(Ptr)
Definition: probe.h:75
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
Captures a SID with attributes.
Definition: sid.c:556
static const WCHAR Cleanup[]
Definition: register.c:80
_SEH2_END
Definition: create.c:4400
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
#define NULL
Definition: types.h:112
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
Definition: priv.c:744
unsigned int ULONG
Definition: retypes.h:1
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:401
#define PAGED_CODE()

Referenced by LsapLogonUser().

◆ NtDuplicateToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken ( _In_ HANDLE  ExistingTokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ BOOLEAN  EffectiveOnly,
_In_ TOKEN_TYPE  TokenType,
_Out_ PHANDLE  NewTokenHandle 
)

Duplicates a token.

Parameters
[in]ExistingTokenHandleAn existing token to duplicate.
[in]DesiredAccessThe desired access rights for the new duplicated token.
[in]ObjectAttributesObject attributes for the new duplicated token.
[in]EffectiveOnlyIf set to TRUE, the function removes all the disabled privileges and groups of the token to duplicate.
[in]TokenTypeType of token to assign to the duplicated token.
[out]NewTokenHandleThe returned duplicated token handle.
Returns
STATUS_SUCCESS is returned if token duplication has completed successfully. STATUS_BAD_IMPERSONATION_LEVEL is returned if the caller erroneously wants to raise the impersonation level even though the conditions do not permit it. A failure NTSTATUS code is returned otherwise.
Remarks
Some sources claim 4th param is ImpersonationLevel, but on W2K this is certainly NOT true, although I can't say for sure that EffectiveOnly is correct either. -Gunnar This is true. EffectiveOnly overrides SQOS.EffectiveOnly. - IAI NOTE for readers: http://hex.pp.ua/nt/NtDuplicateToken.php is therefore wrong in that regard, while MSDN documentation is correct.

Definition at line 4812 of file token.c.

4819 {
4821  HANDLE hToken;
4822  PTOKEN Token;
4823  PTOKEN NewToken;
4824  PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService;
4825  BOOLEAN QoSPresent;
4827  NTSTATUS Status;
4828 
4829  PAGED_CODE();
4830 
4831  if (TokenType != TokenImpersonation &&
4833  {
4834  return STATUS_INVALID_PARAMETER;
4835  }
4836 
4838 
4839  if (PreviousMode != KernelMode)
4840  {
4841  _SEH2_TRY
4842  {
4844  }
4846  {
4847  /* Return the exception code */
4849  }
4850  _SEH2_END;
4851  }
4852 
4854  PreviousMode,
4855  PagedPool,
4856  FALSE,
4857  &CapturedSecurityQualityOfService,
4858  &QoSPresent);
4859  if (!NT_SUCCESS(Status))
4860  {
4861  DPRINT1("NtDuplicateToken() failed to capture QoS! Status: 0x%x\n", Status);
4862  return Status;
4863  }
4864 
4865  Status = ObReferenceObjectByHandle(ExistingTokenHandle,
4868  PreviousMode,
4869  (PVOID*)&Token,
4871  if (!NT_SUCCESS(Status))
4872  {
4873  DPRINT1("Failed to reference token (Status 0x%lx)\n", Status);
4874  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
4875  PreviousMode,
4876  FALSE);
4877  return Status;
4878  }
4879 
4880  /*
4881  * Fail, if the original token is an impersonation token and the caller
4882  * tries to raise the impersonation level of the new token above the
4883  * impersonation level of the original token.
4884  */
4885  if (Token->TokenType == TokenImpersonation)
4886  {
4887  if (QoSPresent &&
4888  CapturedSecurityQualityOfService->ImpersonationLevel >Token->ImpersonationLevel)
4889  {
4891  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
4892  PreviousMode,
4893  FALSE);
4895  }
4896  }
4897 
4898  /*
4899  * Fail, if a primary token is to be created from an impersonation token
4900  * and and the impersonation level of the impersonation token is below SecurityImpersonation.
4901  */
4902  if (Token->TokenType == TokenImpersonation &&
4903  TokenType == TokenPrimary &&
4904  Token->ImpersonationLevel < SecurityImpersonation)
4905  {
4907  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
4908  PreviousMode,
4909  FALSE);
4911  }
4912 
4915  EffectiveOnly,
4916  TokenType,
4917  (QoSPresent ? CapturedSecurityQualityOfService->ImpersonationLevel : SecurityAnonymous),
4918  PreviousMode,
4919  &NewToken);
4920 
4922 
4923  if (NT_SUCCESS(Status))
4924  {
4925  Status = ObInsertObject(NewToken,
4926  NULL,
4927  (DesiredAccess ? DesiredAccess : HandleInformation.GrantedAccess),
4928  0,
4929  NULL,
4930  &hToken);
4931  if (NT_SUCCESS(Status))
4932  {
4933  _SEH2_TRY
4934  {
4935  *NewTokenHandle = hToken;
4936  }
4938  {
4940  }
4941  _SEH2_END;
4942  }
4943  }
4944 
4945  /* Free the captured structure */
4946  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
4947  PreviousMode,
4948  FALSE);
4949 
4950  return Status;
4951 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:401
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
#define KeGetPreviousMode()
Definition: ketypes.h:1108
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
_SEH2_TRY
Definition: create.c:4226
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Duplicates an access token, from an existing valid token.
Definition: token.c:995
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
Definition: sefuncs.h:401
#define FALSE
Definition: types.h:117
unsigned char BOOLEAN
POBJECT_TYPE SeTokenObjectType
Definition: token.c:19
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ObDereferenceObject
Definition: obfuncs.h:203
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
Definition: obfuncs.h:40
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
#define TOKEN_DUPLICATE
Definition: setypes.h:922
VOID NTAPI SepReleaseSecurityQualityOfService(_In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) the captured SQOS data from an object in the memory pool.
Definition: sqos.c:225
_SEH2_END
Definition: create.c:4400
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2934
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
NTSTATUS NTAPI SepCaptureSecurityQualityOfService(_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, _Out_ PBOOLEAN Present)
Captures the security quality of service data given the object attributes from an object.
Definition: sqos.c:52
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:401
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:401
#define PAGED_CODE()

◆ NtFilterToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFilterToken ( _In_ HANDLE  ExistingTokenHandle,
_In_ ULONG  Flags,
_In_opt_ PTOKEN_GROUPS  SidsToDisable,
_In_opt_ PTOKEN_PRIVILEGES  PrivilegesToDelete,
_In_opt_ PTOKEN_GROUPS  RestrictedSids,
_Out_ PHANDLE  NewTokenHandle 
)

Creates an access token in a restricted form from the original existing token, that is, such action is called filtering.

Parameters
[in]ExistingTokenHandleA handle to an access token which is to be filtered.
[in]FlagsPrivilege flag options. This parameter argument influences how the token's privileges are filtered. For further details see remarks.
[in]SidsToDisableArray of SIDs to disable. The action of doing so assigns the SE_GROUP_USE_FOR_DENY_ONLY attribute to the respective group SID and takes away SE_GROUP_ENABLED and SE_GROUP_ENABLED_BY_DEFAULT. This parameter can be NULL. This can be a UM pointer.
[in]PrivilegesToDeleteArray of privileges to delete. The function will walk within this array to determine if the specified privileges do exist in the access token. Any missing privileges gets ignored. This parameter can be NULL. This can be a UM pointer.
[in]RestrictedSidsAn array list of restricted groups SID to be added in the access token. A token that is already restricted the newly added restricted SIDs are redundant information in addition to the existing restricted SIDs in the token. This parameter can be NULL. This can be a UM pointer.
[out]NewTokenHandleA new handle to the restricted (filtered) access token. This can be a UM pointer.
Returns
Returns STATUS_SUCCESS if the routine has successfully filtered the access token. STATUS_INVALID_PARAMETER is returned if one or more parameters are not valid (see SepPerformTokenFiltering routine call for more information). A failure NTSTATUS code is returned otherwise.
Remarks
The Flags parameter determines the final outcome of how the privileges in an access token are filtered. This parameter can take these supported values (these can be combined):

0 – Filter the token's privileges in the usual way. The function expects that the caller MUST PROVIDE a valid array list of privileges to be deleted (that is, PrivilegesToDelete MUSTN'T BE NULL).

DISABLE_MAX_PRIVILEGE – Disables (deletes) all the privileges except SeChangeNotifyPrivilege in the new access token. Bear in mind if this flag is specified the routine ignores PrivilegesToDelete.

SANDBOX_INERT – Stores the TOKEN_SANDBOX_INERT token flag within the access token.

LUA_TOKEN – The newly filtered access token is a LUA token. This flag is not supported in Windows Server 2003.

WRITE_RESTRICTED – The newly filtered token has the restricted SIDs that are considered only when evaluating write access onto the token. This value is not supported in Windows Server 2003.

Definition at line 6573 of file token.c.

6580 {
6581  PTOKEN Token, FilteredToken;
6582  HANDLE FilteredTokenHandle;
6583  NTSTATUS Status;
6585  OBJECT_HANDLE_INFORMATION HandleInfo;
6587  ULONG CapturedSidsCount = 0;
6588  ULONG CapturedPrivilegesCount = 0;
6589  ULONG CapturedRestrictedSidsCount = 0;
6590  ULONG ProbeSize = 0;
6591  PSID_AND_ATTRIBUTES CapturedSids = NULL;
6592  PSID_AND_ATTRIBUTES CapturedRestrictedSids = NULL;
6593  PLUID_AND_ATTRIBUTES CapturedPrivileges = NULL;
6594 
6595  PAGED_CODE();
6596 
6598 
6599  _SEH2_TRY
6600  {
6601  /* Probe SidsToDisable */
6602  if (SidsToDisable != NULL)
6603  {
6604  /* Probe the header */
6605  ProbeForRead(SidsToDisable, sizeof(*SidsToDisable), sizeof(ULONG));
6606 
6607  CapturedSidsCount = SidsToDisable->GroupCount;
6608  ProbeSize = FIELD_OFFSET(TOKEN_GROUPS, Groups[CapturedSidsCount]);
6609 
6610  ProbeForRead(SidsToDisable, ProbeSize, sizeof(ULONG));
6611  }
6612 
6613  /* Probe PrivilegesToDelete */
6614  if (PrivilegesToDelete != NULL)
6615  {
6616  /* Probe the header */
6617  ProbeForRead(PrivilegesToDelete, sizeof(*PrivilegesToDelete), sizeof(ULONG));
6618 
6619  CapturedPrivilegesCount = PrivilegesToDelete->PrivilegeCount;
6620  ProbeSize = FIELD_OFFSET(TOKEN_PRIVILEGES, Privileges[CapturedPrivilegesCount]);
6621 
6622  ProbeForRead(PrivilegesToDelete, ProbeSize, sizeof(ULONG));
6623  }
6624 
6625  /* Probe RestrictedSids */
6626  if (RestrictedSids != NULL)
6627  {
6628  /* Probe the header */
6629  ProbeForRead(RestrictedSids, sizeof(*RestrictedSids), sizeof(ULONG));
6630 
6631  CapturedRestrictedSidsCount = RestrictedSids->GroupCount;
6632  ProbeSize = FIELD_OFFSET(TOKEN_GROUPS, Groups[CapturedRestrictedSidsCount]);
6633 
6634  ProbeForRead(RestrictedSids, ProbeSize, sizeof(ULONG));
6635  }
6636 
6637  /* Probe the handle */
6639  }
6641  {
6642  /* Return the exception code */
6644  }
6645  _SEH2_END;
6646 
6647  /* Reference the token */
6648  Status = ObReferenceObjectByHandle(ExistingTokenHandle,
6651  PreviousMode,
6652  (PVOID*)&Token,
6653  &HandleInfo);
6654  if (!NT_SUCCESS(Status))
6655  {
6656  DPRINT1("NtFilterToken(): Failed to reference the token (Status 0x%lx)\n", Status);
6657  return Status;
6658  }
6659 
6660  /* Capture the group SIDs */
6661  if (SidsToDisable != NULL)
6662  {
6663  Status = SeCaptureSidAndAttributesArray(SidsToDisable->Groups,
6664  CapturedSidsCount,
6665  PreviousMode,
6666  NULL,
6667  0,
6668  PagedPool,
6669  TRUE,
6670  &CapturedSids,
6671  &ResultLength);
6672  if (!NT_SUCCESS(Status))
6673  {
6674  DPRINT1("NtFilterToken(): Failed to capture the SIDs (Status 0x%lx)\n", Status);
6675  goto Quit;
6676  }
6677  }
6678 
6679  /* Capture the privileges */
6680  if (PrivilegesToDelete != NULL)
6681  {
6682  Status = SeCaptureLuidAndAttributesArray(PrivilegesToDelete->Privileges,
6683  CapturedPrivilegesCount,
6684  PreviousMode,
6685  NULL,
6686  0,
6687  PagedPool,
6688  TRUE,
6689  &CapturedPrivileges,
6690  &ResultLength);
6691  if (!NT_SUCCESS(Status))
6692  {
6693  DPRINT1("NtFilterToken(): Failed to capture the privileges (Status 0x%lx)\n", Status);
6694  goto Quit;
6695  }
6696  }
6697 
6698  /* Capture the restricted SIDs */
6699  if (RestrictedSids != NULL)
6700  {
6701  Status = SeCaptureSidAndAttributesArray(RestrictedSids->Groups,
6702  CapturedRestrictedSidsCount,
6703  PreviousMode,
6704  NULL,
6705  0,
6706  PagedPool,
6707  TRUE,
6708  &CapturedRestrictedSids,
6709  &ResultLength);
6710  if (!NT_SUCCESS(Status))
6711  {
6712  DPRINT1("NtFilterToken(): Failed to capture the restricted SIDs (Status 0x%lx)\n", Status);
6713  goto Quit;
6714  }
6715  }
6716 
6717  /* Call the internal API */
6719  CapturedPrivileges,
6720  CapturedSids,
6721  CapturedRestrictedSids,
6722  CapturedPrivilegesCount,
6723  CapturedSidsCount,
6724  CapturedRestrictedSidsCount,
6725  Flags,
6726  PreviousMode,
6727  &FilteredToken);
6728  if (!NT_SUCCESS(Status))
6729  {
6730  DPRINT1("NtFilterToken(): Failed to filter the token (Status 0x%lx)\n", Status);
6731  goto Quit;
6732  }
6733 
6734  /* Insert the filtered token and retrieve a handle to it */
6735  Status = ObInsertObject(FilteredToken,
6736  NULL,
6737  HandleInfo.GrantedAccess,
6738  0,
6739  NULL,
6740  &FilteredTokenHandle);
6741  if (!NT_SUCCESS(Status))
6742  {
6743  DPRINT1("NtFilterToken(): Failed to insert the filtered token (Status 0x%lx)\n", Status);
6744  goto Quit;
6745  }
6746 
6747  /* And return it to the caller once we're done */
6748  _SEH2_TRY
6749  {
6750  *NewTokenHandle = FilteredTokenHandle;
6751  }
6753  {
6755  _SEH2_YIELD(goto Quit);
6756  }
6757  _SEH2_END;
6758 
6759 Quit:
6760  /* Dereference the token */
6762 
6763  /* Release all the captured data */
6764  if (CapturedSids != NULL)
6765  {
6766  SeReleaseSidAndAttributesArray(CapturedSids,
6767  PreviousMode,
6768  TRUE);
6769  }
6770 
6771  if (CapturedPrivileges != NULL)
6772  {
6773  SeReleaseLuidAndAttributesArray(CapturedPrivileges,
6774  PreviousMode,
6775  TRUE);
6776  }
6777 
6778  if (CapturedRestrictedSids != NULL)
6779  {
6780  SeReleaseSidAndAttributesArray(CapturedRestrictedSids,
6781  PreviousMode,
6782  TRUE);
6783  }
6784 
6785  return Status;
6786 }
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID with attributes.
Definition: sid.c:839
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Src, _In_ ULONG PrivilegeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_ PLUID_AND_ATTRIBUTES AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PLUID_AND_ATTRIBUTES *Dest, _Inout_ PULONG Length)
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3063
TOpcodeData Groups[17][8]
_SEH2_TRY
Definition: create.c:4226
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
Definition: sefuncs.h:401
ACCESS_MASK GrantedAccess
Definition: iotypes.h:181
POBJECT_TYPE SeTokenObjectType
Definition: token.c:19
static NTSTATUS SepPerformTokenFiltering(_In_ PTOKEN Token, _In_opt_ PLUID_AND_ATTRIBUTES PrivilegesToBeDeleted, _In_opt_ PSID_AND_ATTRIBUTES SidsToBeDisabled, _In_opt_ PSID_AND_ATTRIBUTES RestrictedSidsIntoToken, _When_(PrivilegesToBeDeleted !=NULL, _In_) ULONG PrivilegesCount, _When_(SidsToBeDisabled !=NULL, _In_) ULONG RegularGroupsSidCount, _When_(RestrictedSidsIntoToken !=NULL, _In_) ULONG RestrictedSidsCount, _In_ ULONG PrivilegeFlags, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *FilteredToken)
Private helper function responsible for creating a restricted access token, that is,...
Definition: token.c:2071
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
VOID NTAPI SeReleaseLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Privilege, _In_ KPROCESSOR_MODE PreviousMode, _In_ BOOLEAN CaptureIfKernel)
Releases a LUID with attributes structure.
Definition: priv.c:554
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ObDereferenceObject
Definition: obfuncs.h:203
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
#define TOKEN_DUPLICATE
Definition: setypes.h:922
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
Captures a SID with attributes.
Definition: sid.c:556
_SEH2_END
Definition: create.c:4400
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2934
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
unsigned int ULONG
Definition: retypes.h:1
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3776
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define PAGED_CODE()

◆ NtImpersonateAnonymousToken()

NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken ( _In_ HANDLE  ThreadHandle)

Allows the calling thread to impersonate the system's anonymous logon token.

Parameters
[in]ThreadHandleA handle to the thread to start the procedure of logon token impersonation. The thread must have the THREAD_IMPERSONATE access right.
Returns
Returns STATUS_SUCCESS if the thread has successfully impersonated the anonymous logon token, otherwise a failure NTSTATUS code is returned.
Remarks
By default the system gives the opportunity to the caller to impersonate the anonymous logon token without including the Everyone Group SID. In cases where the caller wants to impersonate the token including such group, the EveryoneIncludesAnonymous registry value setting has to be set to 1, from HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry path. The calling thread must invoke PsRevertToSelf when impersonation is no longer needed or RevertToSelf if the calling execution is done in user mode.

Definition at line 6814 of file token.c.

6816 {
6817  PETHREAD Thread;
6819  NTSTATUS Status;
6820  PAGED_CODE();
6821 
6823 
6824  /* Obtain the thread object from the handle */
6825  Status = ObReferenceObjectByHandle(ThreadHandle,
6827  PsThreadType,
6828  PreviousMode,
6829  (PVOID*)&Thread,
6830  NULL);
6831  if (!NT_SUCCESS(Status))
6832  {
6833  DPRINT1("NtImpersonateAnonymousToken(): Failed to reference the object (Status 0x%lx)\n", Status);
6834  return Status;
6835  }
6836 
6837  /* Call the private routine to impersonate the token */
6839  if (!NT_SUCCESS(Status))
6840  {
6841  DPRINT1("NtImpersonateAnonymousToken(): Failed to impersonate the token (Status 0x%lx)\n", Status);
6842  }
6843 
6845  return Status;
6846 }
#define THREAD_IMPERSONATE
Definition: pstypes.h:151
LONG NTSTATUS
Definition: precomp.h:26
static NTSTATUS SepImpersonateAnonymousToken(_In_ PETHREAD Thread, _In_ KPROCESSOR_MODE PreviousMode)
Private function that impersonates the system's anonymous logon token. The major bulk of the imperson...
Definition: token.c:379
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3063
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ObDereferenceObject
Definition: obfuncs.h:203
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2652
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
POBJECT_TYPE PsThreadType
Definition: thread.c:20
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
#define PAGED_CODE()

◆ NtOpenObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_opt_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientTokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ACCESS_MASK  GrantedAccess,
_In_opt_ PPRIVILEGE_SET  PrivilegeSet,
_In_ BOOLEAN  ObjectCreation,
_In_ BOOLEAN  AccessGranted,
_Out_ PBOOLEAN  GenerateOnClose 
)

Raises an alarm audit message when an object is about to be opened.

Parameters
[in]SubsystemNameA Unicode string that points to a name of the subsystem.
[in]HandleIdA handle to an ID used for identification instance for auditing.
[in]ObjectTypeNameA Unicode string that points to an object type name.
[in]ObjectNameThe name of the object.
[in]SecurityDescriptorA security descriptor.
[in]ClientTokenHandleA handle to a client access token.
[in]DesiredAccessThe desired access rights masks requested by the caller.
[in]GrantedAccessThe granted access mask rights.
[in]PrivilegeSetIf specified, the function will use this set of privileges to audit.
[in]ObjectCreationSet this to TRUE if the object has just been created.
[in]AccessGrantedSet this to TRUE if the access attempt was deemed as granted.
[out]GenerateOnCloseA boolean flag returned to the caller once audit generation procedure finishes.
Returns
Returns STATUS_SUCCESS if all the operations have been completed successfully. STATUS_PRIVILEGE_NOT_HELD is returned if the given subject context does not hold the required audit privilege to actually begin auditing in the first place. STATUS_BAD_IMPERSONATION_LEVEL is returned if the security impersonation level of the client token is not on par with the impersonation level that alllows impersonation. STATUS_INVALID_PARAMETER is returned if the caller has submitted a bogus set of privileges as such array set exceeds the maximum count of privileges that the kernel can accept. A failure NTSTATUS code is returned otherwise.

Definition at line 1723 of file audit.c.

1736 {
1737  PTOKEN ClientToken;
1738  PSECURITY_DESCRIPTOR CapturedSecurityDescriptor;
1739  UNICODE_STRING CapturedSubsystemName, CapturedObjectTypeName, CapturedObjectName;
1740  ULONG PrivilegeCount, PrivilegeSetSize;
1741  volatile PPRIVILEGE_SET CapturedPrivilegeSet;
1742  BOOLEAN LocalGenerateOnClose;
1743  PVOID CapturedHandleId;
1745  NTSTATUS Status;
1746  PAGED_CODE();
1747 
1748  /* Only user mode is supported! */
1750 
1751  /* Start clean */
1752  ClientToken = NULL;
1753  CapturedSecurityDescriptor = NULL;
1754  CapturedPrivilegeSet = NULL;
1755  CapturedSubsystemName.Buffer = NULL;
1756  CapturedObjectTypeName.Buffer = NULL;
1757  CapturedObjectName.Buffer = NULL;
1758 
1759  /* Reference the client token */
1760  Status = ObReferenceObjectByHandle(ClientTokenHandle,
1761  TOKEN_QUERY,
1763  UserMode,
1764  (PVOID*)&ClientToken,
1765  NULL);
1766  if (!NT_SUCCESS(Status))
1767  {
1768  DPRINT1("Failed to reference token handle %p: %lx\n",
1769  ClientTokenHandle, Status);
1770  return Status;
1771  }
1772 
1773  /* Capture the security subject context */
1775 
1776  /* Validate the token's impersonation level */
1777  if ((ClientToken->TokenType == TokenImpersonation) &&
1778  (ClientToken->ImpersonationLevel < SecurityIdentification))
1779  {
1780  DPRINT1("Invalid impersonation level (%u)\n", ClientToken->ImpersonationLevel);
1782  goto Cleanup;
1783  }
1784 
1785  /* Check for audit privilege */
1787  {
1788  DPRINT1("Caller does not have SeAuditPrivilege\n");
1790  goto Cleanup;
1791  }
1792 
1793  /* Check for NULL SecurityDescriptor */
1794  if (SecurityDescriptor == NULL)
1795  {
1796  /* Nothing to do */
1798  goto Cleanup;
1799  }
1800 
1801  /* Capture the security descriptor */
1803  UserMode,
1804  PagedPool,
1805  FALSE,
1806  &CapturedSecurityDescriptor);
1807  if (!NT_SUCCESS(Status))
1808  {
1809  DPRINT1("Failed to capture security descriptor!\n");
1810  goto Cleanup;
1811  }
1812 
1813  _SEH2_TRY
1814  {
1815  /* Check if we have a privilege set */
1816  if (PrivilegeSet != NULL)
1817  {
1818  /* Probe the basic privilege set structure */
1819  ProbeForRead(PrivilegeSet, sizeof(PRIVILEGE_SET), sizeof(ULONG));
1820 
1821  /* Validate privilege count */
1822  PrivilegeCount = PrivilegeSet->PrivilegeCount;
1823  if (PrivilegeCount > SEP_PRIVILEGE_SET_MAX_COUNT)
1824  {
1826  _SEH2_YIELD(goto Cleanup);
1827  }
1828 
1829  /* Calculate the size of the PrivilegeSet structure */
1830  PrivilegeSetSize = FIELD_OFFSET(PRIVILEGE_SET, Privilege[PrivilegeCount]);
1831 
1832  /* Probe the whole structure */
1833  ProbeForRead(PrivilegeSet, PrivilegeSetSize, sizeof(ULONG));
1834 
1835  /* Allocate a temp buffer */
1836  CapturedPrivilegeSet = ExAllocatePoolWithTag(PagedPool,
1837  PrivilegeSetSize,
1839  if (CapturedPrivilegeSet == NULL)
1840  {
1841  DPRINT1("Failed to allocate %u bytes\n", PrivilegeSetSize);
1843  _SEH2_YIELD(goto Cleanup);
1844  }
1845 
1846  /* Copy the privileges */
1847  RtlCopyMemory(CapturedPrivilegeSet, PrivilegeSet, PrivilegeSetSize);
1848  }
1849 
1850  if (HandleId != NULL)
1851  {
1852  ProbeForRead(HandleId, sizeof(PVOID), sizeof(PVOID));
1853  CapturedHandleId = *(PVOID*)HandleId;
1854  }
1855 
1856  ProbeForWrite(GenerateOnClose, sizeof(BOOLEAN), sizeof(BOOLEAN));
1857  }
1859  {
1861  DPRINT1("Exception while probing parameters: 0x%lx\n", Status);
1862  _SEH2_YIELD(goto Cleanup);
1863  }
1864  _SEH2_END;
1865 
1866  /* Probe and capture the subsystem name */
1867  Status = ProbeAndCaptureUnicodeString(&CapturedSubsystemName,
1868  UserMode,
1869  SubsystemName);
1870  if (!NT_SUCCESS(Status))
1871  {
1872  DPRINT1("Failed to capture subsystem name!\n");
1873  goto Cleanup;
1874  }
1875 
1876  /* Probe and capture the object type name */
1877  Status = ProbeAndCaptureUnicodeString(&CapturedObjectTypeName,
1878  UserMode,
1879  ObjectTypeName);
1880  if (!NT_SUCCESS(Status))
1881  {
1882  DPRINT1("Failed to capture object type name!\n");
1883  goto Cleanup;
1884  }
1885 
1886  /* Probe and capture the object name */
1887  Status = ProbeAndCaptureUnicodeString(&CapturedObjectName,
1888  UserMode,
1889  ObjectName);
1890  if (!NT_SUCCESS(Status))
1891  {
1892  DPRINT1("Failed to capture object name!\n");
1893  goto Cleanup;
1894  }
1895 
1896  /* Call the internal function */
1898  &CapturedSubsystemName,
1899  CapturedHandleId,
1900  &CapturedObjectTypeName,
1901  &CapturedObjectName,
1902  CapturedSecurityDescriptor,
1903  ClientToken,
1904  DesiredAccess,
1905  GrantedAccess,
1906  CapturedPrivilegeSet,
1907  ObjectCreation,
1908  AccessGranted,
1909  &LocalGenerateOnClose);
1910 
1912 
1913  /* Enter SEH to copy the data back to user mode */
1914  _SEH2_TRY
1915  {
1916  *GenerateOnClose = LocalGenerateOnClose;
1917  }
1919  {
1921  DPRINT1("Exception while copying back data: 0x%lx\n", Status);
1922  }
1923  _SEH2_END;
1924 
1925 Cleanup:
1926 
1927  if (CapturedObjectName.Buffer != NULL)
1928  ReleaseCapturedUnicodeString(&CapturedObjectName, UserMode);
1929 
1930  if (CapturedObjectTypeName.Buffer != NULL)
1931  ReleaseCapturedUnicodeString(&CapturedObjectTypeName, UserMode);
1932 
1933  if (CapturedSubsystemName.Buffer != NULL)
1934  ReleaseCapturedUnicodeString(&CapturedSubsystemName, UserMode);
1935 
1936  if (CapturedSecurityDescriptor != NULL)
1937  SeReleaseSecurityDescriptor(CapturedSecurityDescriptor, UserMode, FALSE);
1938 
1939  if (CapturedPrivilegeSet != NULL)
1940  ExFreePoolWithTag(CapturedPrivilegeSet, TAG_PRIVILEGE_SET);
1941 
1942  /* Release the security subject context */
1944 
1945  ObDereferenceObject(ClientToken);
1946 
1947  return Status;
1948 }
static __inline NTSTATUS ProbeAndCaptureUnicodeString(OUT PUNICODE_STRING Dest, IN KPROCESSOR_MODE CurrentMode, IN const UNICODE_STRING *UnsafeSrc)
Definition: probe.h:142
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
TOKEN_TYPE TokenType
Definition: setypes.h:239
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:401
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3063
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
#define SEP_PRIVILEGE_SET_MAX_COUNT
Definition: audit.c:15
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
_SEH2_TRY
Definition: create.c:4226
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
#define FALSE
Definition: types.h:117
unsigned char BOOLEAN
POBJECT_TYPE SeTokenObjectType
Definition: token.c:19
Status
Definition: gdiplustypes.h:24
static __inline VOID ReleaseCapturedUnicodeString(IN PUNICODE_STRING CapturedString, IN KPROCESSOR_MODE CurrentMode)
Definition: probe.h:239
#define TOKEN_QUERY
Definition: setypes.h:924
#define ASSERT(a)
Definition: mode.c:44
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
Definition: access.c:437
NTSTATUS NTAPI SeCaptureSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Captures a security descriptor.
Definition: sd.c:386
#define ObDereferenceObject
Definition: obfuncs.h:203
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
Definition: user_lib.cpp:531
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
NTSTATUS NTAPI SeReleaseSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
Releases a captured security descriptor buffer.
Definition: sd.c:760
static const WCHAR Cleanup[]
Definition: register.c:80
_SEH2_END
Definition: create.c:4400
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:414
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
#define NULL
Definition: types.h:112
BOOLEAN NTAPI SeCheckAuditPrivilege(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Checks a single privilege and performs an audit against a privileged service based on a security subj...
Definition: priv.c:360
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
Definition: access.c:523
#define DPRINT1
Definition: precomp.h:8
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:240
unsigned int ULONG
Definition: retypes.h:1
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define TAG_PRIVILEGE_SET
Definition: tag.h:154
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
VOID NTAPI SepOpenObjectAuditAlarm(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PTOKEN ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when an object is about to be opened.
Definition: audit.c:1636
#define PAGED_CODE()

◆ NtOpenProcessTokenEx()

NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

◆ NtPrivilegeCheck()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck ( _In_ HANDLE  ClientToken,
_Inout_ PPRIVILEGE_SET  RequiredPrivileges,
_Out_ PBOOLEAN  Result 
)

◆ NtPrivilegedServiceAuditAlarm()

NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PUNICODE_STRING  ServiceName,
_In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ NtPrivilegeObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ NtSetInformationToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken ( _In_ HANDLE  TokenHandle,
_In_ TOKEN_INFORMATION_CLASS  TokenInformationClass,
_In_reads_bytes_(TokenInformationLength) PVOID  TokenInformation,
_In_ ULONG  TokenInformationLength 
)

Sets (modifies) some specific information in regard of an access token. The calling thread must have specific access rights in order to modify token's information data.

@unimplemented

Parameters
[in]TokenHandleA handle of a token where information is to be modified.
[in]TokenInformationClassToken information class.
[in]TokenInformationAn arbitrary pointer to a buffer with token information to set. Such arbitrary buffer depends on the information class chosen that the caller wants to modify such information data of a token.
[in]TokenInformationLengthLength of the token information buffer, in bytes.
Returns
Returns STATUS_SUCCESS if information setting has completed successfully. STATUS_INFO_LENGTH_MISMATCH is returned if the information length of the buffer is less than the required length. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation has failed. STATUS_PRIVILEGE_NOT_HELD is returned if the calling thread hasn't the required privileges to perform the operation in question. A failure NTSTATUS code is returned otherwise.
Remarks
The function is partly implemented, mainly TokenOrigin and TokenDefaultDacl.

Definition at line 4253 of file token.c.

4258 {
4259  NTSTATUS Status;
4260  PTOKEN Token;
4262  ULONG NeededAccess = TOKEN_ADJUST_DEFAULT;
4263 
4264  PAGED_CODE();
4265 
4267 
4271  TokenInformation,
4273  PreviousMode);
4274  if (!NT_SUCCESS(Status))
4275  {
4276  /* Invalid buffers */
4277  DPRINT("NtSetInformationToken() failed, Status: 0x%x\n", Status);
4278  return Status;
4279  }
4280 
4282  {
4283  NeededAccess |= TOKEN_ADJUST_SESSIONID;
4284  }
4285 
4287  NeededAccess,
4289  PreviousMode,
4290  (PVOID*)&Token,
4291  NULL);
4292  if (NT_SUCCESS(Status))
4293  {
4294  switch (TokenInformationClass)
4295  {
4296  case TokenOwner:
4297  {
4298  if (TokenInformationLength >= sizeof(TOKEN_OWNER))
4299  {
4300  PTOKEN_OWNER to = (PTOKEN_OWNER)TokenInformation;
4301  PSID InputSid = NULL, CapturedSid;
4302  ULONG DefaultOwnerIndex;
4303 
4304  _SEH2_TRY
4305  {
4306  InputSid = to->Owner;
4307  }
4309  {
4311  _SEH2_YIELD(goto Cleanup);
4312  }
4313  _SEH2_END;
4314 
4315  Status = SepCaptureSid(InputSid,
4316  PreviousMode,
4317  PagedPool,
4318  FALSE,
4319  &CapturedSid);
4320  if (NT_SUCCESS(Status))
4321  {
4322  /* Lock the token */
4324 
4325  /* Find the owner amongst the existing token user and groups */
4327  NULL,
4328  CapturedSid,
4329  NULL,
4330  &DefaultOwnerIndex);
4331  if (NT_SUCCESS(Status))
4332  {
4333  /* Found it */
4334  Token->DefaultOwnerIndex = DefaultOwnerIndex;
4335  ExAllocateLocallyUniqueId(&Token->ModifiedId);
4336  }
4337 
4338  /* Unlock the token */
4340 
4341  SepReleaseSid(CapturedSid,
4342  PreviousMode,
4343  FALSE);
4344  }
4345  }
4346  else
4347  {
4349  }
4350  break;
4351  }
4352 
4353  case TokenPrimaryGroup:
4354  {
4356  {
4357  PTOKEN_PRIMARY_GROUP tpg = (PTOKEN_PRIMARY_GROUP)TokenInformation;
4358  PSID InputSid = NULL, CapturedSid;
4359  ULONG PrimaryGroupIndex;
4360 
4361  _SEH2_TRY
4362  {
4363  InputSid = tpg->PrimaryGroup;
4364  }
4366  {
4368  _SEH2_YIELD(goto Cleanup);
4369  }
4370  _SEH2_END;
4371 
4372  Status = SepCaptureSid(InputSid,
4373  PreviousMode,
4374  PagedPool,
4375  FALSE,
4376  &CapturedSid);
4377  if (NT_SUCCESS(Status))
4378  {
4379  /* Lock the token */
4381 
4382  /* Find the primary group amongst the existing token user and groups */
4384  CapturedSid,
4385  NULL,
4386  &PrimaryGroupIndex,
4387  NULL);
4388  if (NT_SUCCESS(Status))
4389  {
4390  /* Found it */
4391  Token->PrimaryGroup = Token->UserAndGroups[PrimaryGroupIndex].Sid;
4392  ExAllocateLocallyUniqueId(&Token->ModifiedId);
4393  }
4394 
4395  /* Unlock the token */
4397 
4398  SepReleaseSid(CapturedSid,
4399  PreviousMode,
4400  FALSE);
4401  }
4402  }
4403  else
4404  {
4406  }
4407  break;
4408  }
4409 
4410  case TokenDefaultDacl:
4411  {
4413  {
4414  PTOKEN_DEFAULT_DACL tdd = (PTOKEN_DEFAULT_DACL)TokenInformation;
4415  PACL InputAcl = NULL;
4416 
4417  _SEH2_TRY
4418  {
4419  InputAcl = tdd->DefaultDacl;
4420  }
4422  {
4424  _SEH2_YIELD(goto Cleanup);
4425  }
4426  _SEH2_END;
4427 
4428  if (InputAcl != NULL)
4429  {
4430  PACL CapturedAcl;
4431 
4432  /* Capture, validate, and copy the DACL */
4433  Status = SepCaptureAcl(InputAcl,
4434  PreviousMode,
4435  PagedPool,
4436  TRUE,
4437  &CapturedAcl);
4438  if (NT_SUCCESS(Status))
4439  {
4440  ULONG DynamicLength;
4441 
4442  /* Lock the token */
4444 
4445  //
4446  // NOTE: So far our dynamic area only contains
4447  // the default dacl, so this makes the following
4448  // code pretty simple. The day where it stores
4449  // other data, the code will require adaptations.
4450  //
4451 
4452  DynamicLength = Token->DynamicAvailable;
4453  // Add here any other data length present in the dynamic area...
4454  if (Token->DefaultDacl)
4455  DynamicLength += Token->DefaultDacl->AclSize;
4456 
4457  /* Reallocate the dynamic area if it is too small */
4459  if ((DynamicLength < CapturedAcl->AclSize) ||
4460  (Token->DynamicPart == NULL))
4461  {
4462  PVOID NewDynamicPart;
4463 
4464  NewDynamicPart = ExAllocatePoolWithTag(PagedPool,
4465  CapturedAcl->AclSize,
4467  if (NewDynamicPart == NULL)
4468  {
4470  }
4471  else
4472  {
4473  if (Token->DynamicPart != NULL)
4474  {
4475  // RtlCopyMemory(NewDynamicPart, Token->DynamicPart, DynamicLength);
4476  ExFreePoolWithTag(Token->DynamicPart, TAG_TOKEN_DYNAMIC);
4477  }
4478  Token->DynamicPart = NewDynamicPart;
4479  Token->DynamicAvailable = 0;
4480  }
4481  }
4482  else
4483  {
4484  Token->DynamicAvailable = DynamicLength - CapturedAcl->AclSize;
4485  }
4486 
4487  if (NT_SUCCESS(Status))
4488  {
4489  /* Set the new dacl */
4490  Token->DefaultDacl = (PVOID)Token->DynamicPart;
4491  RtlCopyMemory(Token->DefaultDacl,
4492  CapturedAcl,
4493  CapturedAcl->AclSize);
4494 
4495  ExAllocateLocallyUniqueId(&Token->ModifiedId);
4496  }
4497 
4498  /* Unlock the token */
4500 
4501  ExFreePoolWithTag(CapturedAcl, TAG_ACL);
4502  }
4503  }
4504  else
4505  {
4506  /* Lock the token */
4508 
4509  /* Clear the default dacl if present */
4510  if (Token->DefaultDacl != NULL)
4511  {
4512  Token->DynamicAvailable += Token->DefaultDacl->AclSize;
4513  RtlZeroMemory(Token->DefaultDacl, Token->DefaultDacl->AclSize);
4514  Token->DefaultDacl = NULL;
4515 
4516  ExAllocateLocallyUniqueId(&Token->ModifiedId);
4517  }
4518 
4519  /* Unlock the token */
4521  }
4522  }
4523  else
4524  {
4526  }
4527  break;
4528  }
4529 
4530  case TokenSessionId:
4531  {
4532  ULONG SessionId = 0;
4533 
4534  _SEH2_TRY
4535  {
4536  /* Buffer size was already verified, no need to check here again */
4537  SessionId = *(PULONG)TokenInformation;
4538  }
4540  {
4542  _SEH2_YIELD(goto Cleanup);
4543  }
4544  _SEH2_END;
4545 
4546  /* Check for TCB privilege */
4548  {
4550  break;
4551  }
4552 
4553  /* Lock the token */
4555 
4556  Token->SessionId = SessionId;
4557  ExAllocateLocallyUniqueId(&Token->ModifiedId);
4558 
4559  /* Unlock the token */
4561 
4562  break;
4563  }
4564 
4565  case TokenSessionReference:
4566  {
4567  ULONG SessionReference;
4568 
4569  _SEH2_TRY
4570  {
4571  /* Buffer size was already verified, no need to check here again */
4572  SessionReference = *(PULONG)TokenInformation;
4573  }
4575  {
4577  _SEH2_YIELD(goto Cleanup);
4578  }
4579  _SEH2_END;
4580 
4581  /* Check for TCB privilege */
4583  {
4585  goto Cleanup;
4586  }
4587 
4588  /* Check if it is 0 */
4589  if (SessionReference == 0)
4590  {
4591  ULONG OldTokenFlags;
4592 
4593  /* Lock the token */
4595 
4596  /* Atomically set the flag in the token */
4597  OldTokenFlags = RtlInterlockedSetBits(&Token->TokenFlags,
4599  /*
4600  * If the flag was already set, do not dereference again
4601  * the logon session. Use SessionReference as an indicator
4602  * to know whether to really dereference the session.
4603  */
4604  if (OldTokenFlags == Token->TokenFlags)
4605  SessionReference = ULONG_MAX;
4606 
4607  /*
4608  * Otherwise if the flag was never set but just for this first time then
4609  * remove the referenced logon session data from the token and dereference
4610  * the logon session when needed.
4611  */
4612  if (SessionReference == 0)
4613  {
4615  SepRmDereferenceLogonSession(&Token->AuthenticationId);
4616  }
4617 
4618  /* Unlock the token */
4620  }
4621  break;
4622  }
4623 
4624  case TokenAuditPolicy:
4625  {
4626  PTOKEN_AUDIT_POLICY_INFORMATION PolicyInformation =
4627  (PTOKEN_AUDIT_POLICY_INFORMATION)TokenInformation;
4628  SEP_AUDIT_POLICY AuditPolicy;
4629  ULONG i;
4630 
4631  _SEH2_TRY
4632  {
4633  ProbeForRead(PolicyInformation,
4635  Policies[PolicyInformation->PolicyCount]),
4636  sizeof(ULONG));
4637 
4638  /* Loop all policies in the structure */
4639  for (i = 0; i < PolicyInformation->PolicyCount; i++)
4640  {
4641  /* Set the corresponding bits in the packed structure */
4642  switch (PolicyInformation->Policies[i].Category)
4643  {
4644  case AuditCategorySystem:
4645  AuditPolicy.PolicyElements.System = PolicyInformation->Policies[i].Value;
4646  break;
4647 
4648  case AuditCategoryLogon:
4649  AuditPolicy.PolicyElements.Logon = PolicyInformation->Policies[i].Value;
4650  break;
4651 
4653  AuditPolicy.PolicyElements.ObjectAccess = PolicyInformation->Policies[i].Value;
4654  break;
4655 
4657  AuditPolicy.PolicyElements.PrivilegeUse = PolicyInformation->Policies[i].Value;
4658  break;
4659 
4661  AuditPolicy.PolicyElements.DetailedTracking = PolicyInformation->Policies[i].Value;
4662  break;
4663 
4665  AuditPolicy.PolicyElements.PolicyChange = PolicyInformation->Policies[i].Value;
4666  break;
4667 
4669  AuditPolicy.PolicyElements.AccountManagement = PolicyInformation->Policies[i].Value;
4670  break;
4671 
4673  AuditPolicy.PolicyElements.DirectoryServiceAccess = PolicyInformation->Policies[i].Value;
4674  break;
4675 
4677  AuditPolicy.PolicyElements.AccountLogon = PolicyInformation->Policies[i].Value;
4678  break;
4679  }
4680  }
4681  }
4683  {
4685  _SEH2_YIELD(goto Cleanup);
4686  }
4687  _SEH2_END;
4688 
4689  /* Check for TCB privilege */
4691  {
4693  break;
4694  }
4695 
4696  /* Lock the token */
4698 
4699  /* Set the new audit policy */
4700  Token->AuditPolicy = AuditPolicy;
4701  ExAllocateLocallyUniqueId(&Token->ModifiedId);
4702 
4703  /* Unlock the token */
4705 
4706  break;
4707  }
4708 
4709  case TokenOrigin:
4710  {
4712 
4713  _SEH2_TRY
4714  {
4715  /* Copy the token origin */
4716  TokenOrigin = *(PTOKEN_ORIGIN)TokenInformation;
4717  }
4719  {
4721  _SEH2_YIELD(goto Cleanup);
4722  }
4723  _SEH2_END;
4724 
4725  /* Check for TCB privilege */
4727  {
4729  break;
4730  }
4731 
4732  /* Lock the token */
4734 
4735  /* Check if there is no token origin set yet */
4736  if (RtlIsZeroLuid(&Token->OriginatingLogonSession))
4737  {
4738  /* Set the token origin */
4739  Token->OriginatingLogonSession =
4740  TokenOrigin.OriginatingLogonSession;
4741 
4742  ExAllocateLocallyUniqueId(&Token->ModifiedId);
4743  }
4744 
4745  /* Unlock the token */
4747 
4748  break;
4749  }
4750 
4751  default:
4752  {
4753  DPRINT1("Invalid TokenInformationClass: 0x%lx\n",
4756  break;
4757  }
4758  }
4759 Cleanup:
4761  }
4762 
4763  if (!NT_SUCCESS(Status))
4764  {
4765  DPRINT1("NtSetInformationToken failed with Status 0x%lx\n", Status);
4766  }
4767 
4768  return Status;
4769 }
#define SepAcquireTokenLockExclusive(Token)
Definition: se.h:237
static NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Finds the primary group and default owner entity based on the submitted primary group instance and an...
Definition: token.c:869
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133
struct _TOKEN_PRIMARY_GROUP * PTOKEN_PRIMARY_GROUP
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
Definition: sefuncs.h:312
#define TRUE
Definition: types.h:120
USHORT AclSize
Definition: ms-dtyp.idl:296
NTSTATUS NTAPI SepCaptureSid(_In_ PSID InputSid, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID *CapturedSid)
Captures a SID.
Definition: sid.c:314
ULONG SessionId
Definition: dllmain.c:28
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3063
static __inline NTSTATUS DefaultSetInfoBufferCheck(ULONG Class, const INFORMATION_CLASS_INFO *ClassList, ULONG ClassListEntries, PVOID Buffer, ULONG BufferLength, KPROCESSOR_MODE PreviousMode)
Definition: probe.h:8
VOID NTAPI SepReleaseSid(_In_ PSID CapturedSid, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID.
Definition: sid.c:400
_SEH2_TRY
Definition: create.c:4226
NTSTATUS SepRmDereferenceLogonSession(_Inout_ PLUID LogonLuid)
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
struct _TOKEN_DEFAULT_DACL * PTOKEN_DEFAULT_DACL
#define FALSE
Definition: types.h:117
struct _TOKEN_ORIGIN * PTOKEN_ORIGIN
NTSTATUS NTAPI SepCaptureAcl(_In_ PACL InputAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PACL *CapturedAcl)
Captures an access control list from an already valid input ACL.
Definition: acl.c:352
POBJECT_TYPE SeTokenObjectType
Definition: token.c:19
PSID Owner
Definition: setypes.h:1024
#define TOKEN_ADJUST_DEFAULT
Definition: setypes.h:928
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
void * PVOID
Definition: retypes.h:9
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ObDereferenceObject
Definition: obfuncs.h:203
#define RtlIsZeroLuid(_L1)
Definition: rtlfuncs.h:753
SEP_AUDIT_POLICY_CATEGORIES PolicyElements
Definition: setypes.h:158
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
struct _TOKEN_AUDIT_POLICY_INFORMATION::@1764 Policies[1]
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
struct _TOKEN_OWNER * PTOKEN_OWNER
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
#define STATUS_INVALID_INFO_CLASS
Definition: ntstatus.h:240
#define SepReleaseTokenLock(Token)
Definition: se.h:248
#define TAG_TOKEN_DYNAMIC
Definition: tag.h:155
static const WCHAR Cleanup[]
Definition: register.c:80
NTSTATUS NTAPI SepRmRemoveLogonSessionFromToken(_Inout_ PTOKEN Token)
Removes a logon session from an access token.
Definition: srm.c:449
const LUID SeTcbPrivilege
Definition: priv.c:26
#define TAG_ACL
Definition: tag.h:148
_SEH2_END
Definition: create.c:4400
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
#define RTL_NUMBER_OF(x)
Definition: RtlRegistry.c:12
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:335
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
unsigned int * PULONG
Definition: retypes.h:1
#define NULL
Definition: types.h:112
struct _TOKEN_AUDIT_POLICY_INFORMATION * PTOKEN_AUDIT_POLICY_INFORMATION
#define DPRINT1
Definition: precomp.h:8
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
Definition: priv.c:744
#define RtlInterlockedSetBits(Flags, Flag)
Definition: rtlfuncs.h:3434
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
static const INFORMATION_CLASS_INFO SeTokenInformationClass[]
Definition: token.c:32
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define DPRINT
Definition: sndvol32.h:71
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define TOKEN_ADJUST_SESSIONID
Definition: setypes.h:929
#define TOKEN_SESSION_NOT_REFERENCED
Definition: setypes.h:1180
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
Definition: sefuncs.h:310
#define ULONG_MAX
Definition: limits.h:44
#define PAGED_CODE()

◆ SeCaptureSecurityDescriptor()

NTKERNELAPI NTSTATUS NTAPI SeCaptureSecurityDescriptor ( _In_ PSECURITY_DESCRIPTOR  _OriginalSecurityDescriptor,
_In_ KPROCESSOR_MODE  CurrentMode,
_In_ POOL_TYPE  PoolType,
_In_ BOOLEAN  CaptureIfKernel,
_Out_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor 
)

Captures a security descriptor.

Parameters
[in]_OriginalSecurityDescriptorAn already existing and valid security descriptor to be captured.
[in]CurrentModeProcessor level access mode.
[in]PoolTypePool type to be used when allocating the captured buffer.
[in]CaptureIfKernelSet this to TRUE if capturing is done within the kernel.
[out]CapturedSecurityDescriptorThe captured security descriptor.
Returns
Returns STATUS_SUCCESS if the operations have been completed successfully and that the security descriptor has been captured. STATUS_UNKNOWN_REVISION is returned if the security descriptor has an unknown revision. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the captured buffer has failed. A failure NTSTATUS code is returned otherwise.

Definition at line 386 of file sd.c.

392 {
393  PISECURITY_DESCRIPTOR OriginalDescriptor = _OriginalSecurityDescriptor;
394  SECURITY_DESCRIPTOR DescriptorCopy;
396  ULONG OwnerSAC = 0, GroupSAC = 0;
397  ULONG OwnerSize = 0, GroupSize = 0;
398  ULONG SaclSize = 0, DaclSize = 0;
399  ULONG DescriptorSize = 0;
400  ULONG Offset;
401 
402  if (!OriginalDescriptor)
403  {
404  /* Nothing to do... */
405  *CapturedSecurityDescriptor = NULL;
406  return STATUS_SUCCESS;
407  }
408 
409  /* Quick path */
410  if (CurrentMode == KernelMode && !CaptureIfKernel)
411  {
412  /* Check descriptor version */
413  if (OriginalDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
414  {
416  }
417 
418  *CapturedSecurityDescriptor = _OriginalSecurityDescriptor;
419  return STATUS_SUCCESS;
420  }
421 
422  _SEH2_TRY
423  {
424  if (CurrentMode != KernelMode)
425  {
426  ProbeForRead(OriginalDescriptor,
428  sizeof(ULONG));
429  }
430 
431  /* Check the descriptor version */
432  if (OriginalDescriptor->Revision != SECURITY_DESCRIPTOR_REVISION1)
433  {
435  }
436 
437  if (CurrentMode != KernelMode)
438  {
439  /* Get the size of the descriptor */
440  DescriptorSize = (OriginalDescriptor->Control & SE_SELF_RELATIVE) ?
442 
443  /* Probe the entire security descriptor structure. The SIDs
444  * and ACLs will be probed and copied later though */
445  ProbeForRead(OriginalDescriptor, DescriptorSize, sizeof(ULONG));
446  }
447 
448  /* Now capture all fields and convert to an absolute descriptor */
449  DescriptorCopy.Revision = OriginalDescriptor->Revision;
450  DescriptorCopy.Sbz1 = OriginalDescriptor->Sbz1;
451  DescriptorCopy.Control = OriginalDescriptor->Control & ~SE_SELF_RELATIVE;
452  DescriptorCopy.Owner = SepGetOwnerFromDescriptor(OriginalDescriptor);
453  DescriptorCopy.Group = SepGetGroupFromDescriptor(OriginalDescriptor);
454  DescriptorCopy.Sacl = SepGetSaclFromDescriptor(OriginalDescriptor);
455  DescriptorCopy.Dacl = SepGetDaclFromDescriptor(OriginalDescriptor);
456  DescriptorSize = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
457 
458  /* Determine owner and group sizes */
459  OwnerSize = DetermineSIDSize(DescriptorCopy.Owner, &OwnerSAC, CurrentMode);
460  DescriptorSize += ROUND_UP(OwnerSize, sizeof(ULONG));
461  GroupSize = DetermineSIDSize(DescriptorCopy.Group, &GroupSAC, CurrentMode);
462  DescriptorSize += ROUND_UP(GroupSize, sizeof(ULONG));
463 
464  /* Determine the size of the ACLs */
465  if (DescriptorCopy.Control & SE_SACL_PRESENT)
466  {
467  /* Get the size and probe if user mode */
468  SaclSize = DetermineACLSize(DescriptorCopy.Sacl, CurrentMode);
469  DescriptorSize += ROUND_UP(SaclSize, sizeof(ULONG));
470  }
471 
472  if (DescriptorCopy.Control & SE_DACL_PRESENT)
473  {
474  /* Get the size and probe if user mode */
475  DaclSize = DetermineACLSize(DescriptorCopy.Dacl, CurrentMode);
476  DescriptorSize += ROUND_UP(DaclSize, sizeof(ULONG));
477  }
478  }
480  {
482  }
483  _SEH2_END;
484 
485  /*
486  * Allocate enough memory to store a complete copy of a self-relative
487  * security descriptor
488  */
490  DescriptorSize,
491  TAG_SD);
493 
494  RtlZeroMemory(NewDescriptor, DescriptorSize);
495  NewDescriptor->Revision = DescriptorCopy.Revision;
496  NewDescriptor->Sbz1 = DescriptorCopy.Sbz1;
497  NewDescriptor->Control = DescriptorCopy.Control | SE_SELF_RELATIVE;
498 
499  _SEH2_TRY
500  {
501  /*
502  * Setup the offsets and copy the SIDs and ACLs to the new
503  * self-relative security descriptor. Probing the pointers is not
504  * neccessary anymore as we did that when collecting the sizes!
505  * Make sure to validate the SIDs and ACLs *again* as they could have
506  * been modified in the meanwhile!
507  */
509 
510  if (DescriptorCopy.Owner)
511  {
512  if (!RtlValidSid(DescriptorCopy.Owner)) RtlRaiseStatus(STATUS_INVALID_SID);
515  DescriptorCopy.Owner,
516  OwnerSize);
517  Offset += ROUND_UP(OwnerSize, sizeof(ULONG));
518  }
519 
520  if (DescriptorCopy.Group)
521  {
522  if (!RtlValidSid(DescriptorCopy.Group)) RtlRaiseStatus(STATUS_INVALID_SID);
525  DescriptorCopy.Group,
526  GroupSize);
527  Offset += ROUND_UP(GroupSize, sizeof(ULONG));
528  }
529 
530  if (DescriptorCopy.Sacl)
531  {
532  if (!RtlValidAcl(DescriptorCopy.Sacl)) RtlRaiseStatus(STATUS_INVALID_ACL);
535  DescriptorCopy.Sacl,
536  SaclSize);
537  Offset += ROUND_UP(SaclSize, sizeof(ULONG));
538  }
539 
540  if (DescriptorCopy.Dacl)
541  {
542  if (!RtlValidAcl(DescriptorCopy.Dacl)) RtlRaiseStatus(STATUS_INVALID_ACL);
545  DescriptorCopy.Dacl,
546  DaclSize);
547  Offset += ROUND_UP(DaclSize, sizeof(ULONG));
548  }
549 
550  /* Make sure the size was correct */
551  ASSERT(Offset == DescriptorSize);
552  }
554  {
555  /* We failed to copy the data to the new descriptor */
558  }
559  _SEH2_END;
560 
561  /*
562  * We're finally done!
563  * Copy the pointer to the captured descriptor to to the caller.
564  */
565  *CapturedSecurityDescriptor = NewDescriptor;
566  return STATUS_SUCCESS;
567 }
#define SE_SACL_PRESENT
Definition: setypes.h:819
DECLSPEC_NORETURN NTSYSAPI VOID NTAPI RtlRaiseStatus(_In_ NTSTATUS Status)
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define SE_SELF_RELATIVE
Definition: setypes.h:830
#define ROUND_UP(n, align)
Definition: eventvwr.h:31
static ULONG DetermineACLSize(_In_ PACL Acl, _In_ KPROCESSOR_MODE ProcessorMode)
Determines the size of an ACL.
Definition: sd.c:336
unsigned char * PUCHAR
Definition: retypes.h:3
FORCEINLINE PSID SepGetGroupFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:56
FORCEINLINE PSID SepGetOwnerFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:76
#define SE_DACL_PRESENT
Definition: setypes.h:817
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:29
_SEH2_TRY
Definition: create.c:4226
NTSYSAPI BOOLEAN NTAPI RtlValidAcl(PACL Acl)
FORCEINLINE PACL SepGetSaclFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:118
static ULONG DetermineSIDSize(_In_ PISID Sid, _Inout_ PULONG OutSAC, _In_ KPROCESSOR_MODE ProcessorMode)
Determines the size of a SID.
Definition: sd.c:290
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG SaclSize
Definition: rtlfuncs.h:1554
#define STATUS_INVALID_SID
Definition: ntstatus.h:356
#define TAG_SD
Definition: tag.h:150
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
#define ASSERT(a)
Definition: mode.c:44
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
struct _SECURITY_DESCRIPTOR SECURITY_DESCRIPTOR
_In_ ULONG _In_ ULONG Offset
Definition: ntddpcm.h:101
_SEH2_END
Definition: create.c:4400
#define STATUS_INVALID_ACL
Definition: ntstatus.h:355
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG OwnerSize
Definition: rtlfuncs.h:1556
#define NULL
Definition: types.h:112
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG DaclSize
Definition: rtlfuncs.h:1552
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
FORCEINLINE PACL SepGetDaclFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:96
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define SECURITY_DESCRIPTOR_REVISION1
Definition: setypes.h:59
#define STATUS_UNKNOWN_REVISION
Definition: ntstatus.h:324

Referenced by NtAccessCheck(), NtOpenObjectAuditAlarm(), NtSetSecurityObject(), ObpCaptureObjectCreateInformation(), ProbeAndCaptureObjectAttributes(), and SepAccessCheckAndAuditAlarm().

◆ SeCreateAccessState()

NTKERNELAPI NTSTATUS NTAPI SeCreateAccessState ( _In_ PACCESS_STATE  AccessState,
_In_ PAUX_ACCESS_DATA  AuxData,
_In_ ACCESS_MASK  Access,
_In_ PGENERIC_MAPPING  GenericMapping 
)

◆ SeDeleteAccessState()

NTKERNELAPI VOID NTAPI SeDeleteAccessState ( _In_ PACCESS_STATE  AccessState)

Deletes an allocated access state from the memory.

Parameters
[in]AccessStateA valid access state.
Returns
Nothing.

Definition at line 671 of file access.c.

673 {
674  PAUX_ACCESS_DATA AuxData;
675  PAGED_CODE();
676 
677  /* Get the Auxiliary Data */
678  AuxData = AccessState->AuxData;
679 
680  /* Deallocate Privileges */
681  if (AccessState->PrivilegesAllocated)
683 
684  /* Deallocate Name and Type Name */
685  if (AccessState->ObjectName.Buffer)
686  {
687  ExFreePool(AccessState->ObjectName.Buffer);
688  }
689 
690  if (AccessState->ObjectTypeName.Buffer)
691  {
692  ExFreePool(AccessState->ObjectTypeName.Buffer);
693  }
694 
695  /* Release the Subject Context */
696  SeReleaseSubjectContext(&AccessState->SubjectSecurityContext);
697 }
PPRIVILEGE_SET PrivilegeSet
Definition: setypes.h:258
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
Definition: access.c:523
#define TAG_PRIVILEGE_SET
Definition: tag.h:154
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define ExFreePool(addr)
Definition: env_spec_w32.h:352
#define PAGED_CODE()

Referenced by NtOpenProcess(), NtOpenThread(), ObDuplicateObject(), ObInsertObject(), ObOpenObjectByName(), ObOpenObjectByPointer(), ObReferenceObjectByName(), PspCreateProcess(), PspCreateThread(), and START_TEST().

◆ SeReleaseSecurityDescriptor()

NTKERNELAPI NTSTATUS NTAPI SeReleaseSecurityDescriptor ( _In_ PSECURITY_DESCRIPTOR  CapturedSecurityDescriptor,
_In_ KPROCESSOR_MODE  CurrentMode,
_In_ BOOLEAN  CaptureIfKernelMode 
)

Releases a captured security descriptor buffer.

Parameters
[in]CapturedSecurityDescriptorThe captured security descriptor to be freed.
[in]CurrentModeProcessor level access mode.
[in]CaptureIfKernelModeSet this to TRUE if the releasing is to be done within the kernel.
Returns
Returns STATUS_SUCCESS.

Definition at line 760 of file sd.c.

764 {
765  PAGED_CODE();
766 
767  /*
768  * WARNING! You need to call this function with the same value for CurrentMode
769  * and CaptureIfKernelMode that you previously passed to
770  * SeCaptureSecurityDescriptor() in order to avoid memory leaks!
771  */
772  if (CapturedSecurityDescriptor != NULL &&
773  (CurrentMode != KernelMode ||
774  (CurrentMode == KernelMode && CaptureIfKernelMode)))
775  {
776  /* Only delete the descriptor when SeCaptureSecurityDescriptor() allocated one! */
777  ExFreePoolWithTag(CapturedSecurityDescriptor, TAG_SD);
778  }
779 
780  return STATUS_SUCCESS;
781 }
#define TAG_SD
Definition: tag.h:150
#define NULL
Definition: types.h:112
#define STATUS_SUCCESS
Definition: shellext.h:65
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define PAGED_CODE()

Referenced by NtAccessCheck(), NtOpenObjectAuditAlarm(), NtSetSecurityObject(), ObInsertObject(), ObpReleaseObjectCreateInformation(), ReleaseCapturedObjectAttributes(), and SepAccessCheckAndAuditAlarm().

◆ SeTokenImpersonationLevel()

NTKERNELAPI SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel ( _In_ PACCESS_TOKEN  Token)

Gathers the security impersonation level of an access token.

Parameters
[in]TokenA valid access token where the impersonation level has to be gathered.
Returns
Returns the security impersonation level from a valid token.

Definition at line 3412 of file token.c.

3414 {
3415  PAGED_CODE();
3416 
3417  return ((PTOKEN)Token)->ImpersonationLevel;
3418 }
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define PAGED_CODE()

Referenced by PsAssignImpersonationToken().

◆ ZwAccessCheck()

NTSYSAPI NTSTATUS NTAPI ZwAccessCheck ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_ PPRIVILEGE_SET  PrivilegeSet,
_Out_ PULONG  ReturnLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ ZwAdjustGroupsToken()

NTSYSAPI NTSTATUS NTAPI ZwAdjustGroupsToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  ResetToDefault,
_In_ PTOKEN_GROUPS  NewState,
_In_ ULONG  BufferLength,
_Out_opt_ PTOKEN_GROUPS  PreviousState,
_Out_ PULONG  ReturnLength 
)

◆ ZwAdjustPrivilegesToken()

◆ ZwAllocateLocallyUniqueId()

NTSYSAPI NTSTATUS NTAPI ZwAllocateLocallyUniqueId ( _Out_ LUID LocallyUniqueId)

◆ ZwAllocateUuids()

NTSYSAPI NTSTATUS NTAPI ZwAllocateUuids ( _Out_ PULARGE_INTEGER  Time,
_Out_ PULONG  Range,
_Out_ PULONG  Sequence,
_Out_ PUCHAR  Seed 
)

◆ ZwCreateToken()

NTSYSAPI NTSTATUS NTAPI ZwCreateToken ( _Out_ PHANDLE  TokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ TOKEN_TYPE  TokenType,
_In_ PLUID  AuthenticationId,
_In_ PLARGE_INTEGER  ExpirationTime,
_In_ PTOKEN_USER  TokenUser,
_In_ PTOKEN_GROUPS  TokenGroups,
_In_ PTOKEN_PRIVILEGES  TokenPrivileges,
_In_ PTOKEN_OWNER  TokenOwner,
_In_ PTOKEN_PRIMARY_GROUP  TokenPrimaryGroup,
_In_ PTOKEN_DEFAULT_DACL  TokenDefaultDacl,
_In_ PTOKEN_SOURCE  TokenSource 
)

◆ ZwImpersonateAnonymousToken()

NTSYSAPI NTSTATUS NTAPI ZwImpersonateAnonymousToken ( _In_ HANDLE  Thread)

◆ ZwOpenObjectAuditAlarm()

NTSYSAPI NTSTATUS NTAPI ZwOpenObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ULONG  DesiredAccess,
_In_ ULONG  GrantedAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  ObjectCreation,
_In_ BOOLEAN  AccessGranted,
_Out_ PBOOLEAN  GenerateOnClose 
)

◆ ZwOpenProcessTokenEx()

NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

◆ ZwPrivilegeCheck()

NTSYSAPI NTSTATUS NTAPI ZwPrivilegeCheck ( _In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  RequiredPrivileges,
_In_ PBOOLEAN  Result 
)

◆ ZwPrivilegedServiceAuditAlarm()

NTSYSAPI NTSTATUS NTAPI ZwPrivilegedServiceAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PUNICODE_STRING  ServiceName,
_In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ ZwPrivilegeObjectAuditAlarm()

NTSYSAPI NTSTATUS NTAPI ZwPrivilegeObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PVOID  HandleId,
_In_ HANDLE  ClientToken,
_In_ ULONG  DesiredAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ ZwSetInformationToken()

NTSYSAPI NTSTATUS NTAPI ZwSetInformationToken ( _In_ HANDLE  TokenHandle,
_In_ TOKEN_INFORMATION_CLASS  TokenInformationClass,
_Out_ PVOID  TokenInformation,
_In_ ULONG  TokenInformationLength 
)

Variable Documentation

◆ DesiredAccess

Definition at line 401 of file sefuncs.h.

◆ EffectiveOnly

◆ Length

Definition at line 485 of file sefuncs.h.

◆ NewTokenHandle

◆ ObjectAttributes

Definition at line 401 of file sefuncs.h.

◆ ResultLength

◆ ReturnLength

Definition at line 312 of file sefuncs.h.

◆ TokenHandle

Definition at line 436 of file sefuncs.h.

◆ TokenInformationClass

◆ TokenInformationLength

◆ TokenType