ReactOS  0.4.15-dev-2991-g632fa1c
sefuncs.h File Reference
#include <umtypes.h>
Include dependency graph for sefuncs.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

NTKERNELAPI NTSTATUS NTAPI SeCaptureSecurityDescriptor (_In_ PSECURITY_DESCRIPTOR OriginalSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
 
NTKERNELAPI NTSTATUS NTAPI SeReleaseSecurityDescriptor (_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
 
NTKERNELAPI NTSTATUS NTAPI SeCreateAccessState (PACCESS_STATE AccessState, PAUX_ACCESS_DATA AuxData, ACCESS_MASK Access, PGENERIC_MAPPING GenericMapping)
 
NTKERNELAPI VOID NTAPI SeDeleteAccessState (_In_ PACCESS_STATE AccessState)
 
NTKERNELAPI SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel (_In_ PACCESS_TOKEN Token)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheck (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_ PPRIVILEGE_SET PrivilegeSet, _Out_ PULONG ReturnLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
NTSTATUS NTAPI NtAccessCheckByType (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
NTSTATUS NTAPI NtAccessCheckByTypeResultList (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_opt_ PTOKEN_GROUPS NewState, _In_opt_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, _Out_ PULONG ReturnLength)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAllocateLocallyUniqueId (_Out_ LUID *LocallyUniqueId)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAllocateUuids (PULARGE_INTEGER Time, PULONG Range, PULONG Sequence, PUCHAR Seed)
 
NTSYSCALLAPI NTSTATUS NTAPI NtCompareTokens (_In_ HANDLE FirstTokenHandle, _In_ HANDLE SecondTokenHandle, _Out_ PBOOLEAN Equal)
 Compares tokens if they're equal or not. More...
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateToken (_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_opt_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_opt_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken (_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken (_In_ HANDLE ThreadHandle)
 Allows the calling thread to impersonate the system's anonymous logon token. More...
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
 
NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck (_In_ HANDLE ClientToken, _Inout_ PPRIVILEGE_SET RequiredPrivileges, _Out_ PBOOLEAN Result)
 
NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
 _When_ (TokenInformationClass==TokenAccessInformation, _At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))) _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle
 
_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ (TokenInformationLength, *ReturnLength) PVOID TokenInformation
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken (_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
 
NTSYSAPI NTSTATUS NTAPI ZwAccessCheck (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_ PPRIVILEGE_SET PrivilegeSet, _Out_ PULONG ReturnLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
NTSYSAPI NTSTATUS NTAPI ZwAdjustGroupsToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_ PTOKEN_GROUPS NewState, _In_ ULONG BufferLength, _Out_opt_ PTOKEN_GROUPS PreviousState, _Out_ PULONG ReturnLength)
 
_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI ZwAdjustPrivilegesToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
 
NTSYSAPI NTSTATUS NTAPI ZwAllocateLocallyUniqueId (_Out_ LUID *LocallyUniqueId)
 
NTSYSAPI NTSTATUS NTAPI ZwAllocateUuids (PULARGE_INTEGER Time, PULONG Range, PULONG Sequence, PUCHAR Seed)
 
NTSYSAPI NTSTATUS NTAPI ZwCreateToken (_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
 
 _IRQL_requires_max_ (PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwDuplicateToken(_In_ HANDLE ExistingTokenHandle
 
NTSYSAPI NTSTATUS NTAPI ZwImpersonateAnonymousToken (_In_ HANDLE Thread)
 
NTSYSAPI NTSTATUS NTAPI ZwOpenObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ULONG DesiredAccess, _In_ ULONG GrantedAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
 
NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 
NTSYSAPI NTSTATUS NTAPI ZwPrivilegeCheck (_In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET RequiredPrivileges, _In_ PBOOLEAN Result)
 
NTSYSAPI NTSTATUS NTAPI ZwPrivilegedServiceAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
NTSYSAPI NTSTATUS NTAPI ZwPrivilegeObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ULONG DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ (Length, *ResultLength) PVOID TokenInformation
 
NTSYSAPI NTSTATUS NTAPI ZwSetInformationToken (_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_ PVOID TokenInformation, _In_ ULONG TokenInformationLength)
 

Variables

_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ReturnLength
 
_In_ ACCESS_MASK DesiredAccess
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
 
_In_ ACCESS_MASK _Out_ PHANDLE TokenHandle
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG Length
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ResultLength
 

Function Documentation

◆ _IRQL_requires_max_()

_IRQL_requires_max_ ( PASSIVE_LEVEL  )

Definition at line 64 of file Messaging.c.

75 {
76  PFLT_SERVER_PORT_OBJECT PortObject;
78 
79  /* The caller must allow at least one connection */
80  if (MaxConnections == 0)
81  {
83  }
84 
85  /* The request must be for a kernel handle */
86  if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
87  {
89  }
90 
91  /*
92  * Get rundown protection on the target to stop the owner
93  * from unloading whilst this port object is open. It gets
94  * removed in the FltpServerPortClose callback
95  */
97  if (!NT_SUCCESS(Status))
98  {
99  return Status;
100  }
101 
102  /* Create the server port object for this filter */
106  KernelMode,
107  NULL,
108  sizeof(FLT_SERVER_PORT_OBJECT),
109  0,
110  0,
111  (PVOID *)&PortObject);
112  if (NT_SUCCESS(Status))
113  {
114  /* Zero out the struct */
115  RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
116 
117  /* Increment the ref count on the target filter */
119 
120  /* Setup the filter port object */
121  PortObject->Filter = Filter;
122  PortObject->ConnectNotify = ConnectNotifyCallback;
124  PortObject->MessageNotify = MessageNotifyCallback;
125  PortObject->Cookie = ServerPortCookie;
126  PortObject->MaxConnections = MaxConnections;
127 
128  /* Insert the object */
129  Status = ObInsertObject(PortObject,
130  NULL,
132  0,
133  NULL,
135  if (NT_SUCCESS(Status))
136  {
137  /* Lock the connection list */
139 
140  /* Add the new port object to the connection list and increment the count */
143 
144  /* Unlock the connection list*/
146  }
147  }
148 
149  if (!NT_SUCCESS(Status))
150  {
151  /* Allow the filter to be cleaned up */
153  }
154 
155  return Status;
156 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
_Must_inspect_result_ _Outptr_ PFLT_PORT * ServerPort
Definition: fltkernel.h:1872
PFLT_CONNECT_NOTIFY ConnectNotify
Definition: fltmgrint.h:191
VOID FLTAPI FltObjectDereference(_Inout_ PVOID Object)
Definition: Object.c:53
LONG NTSTATUS
Definition: precomp.h:26
#define InsertTailList(ListHead, Entry)
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
VOID FASTCALL ExReleaseFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:31
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
LIST_ENTRY mList
Definition: fltmgrint.h:56
_Must_inspect_result_ _In_opt_ PFLT_FILTER Filter
Definition: fltkernel.h:1801
#define FILE_READ_DATA
Definition: nt_native.h:628
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:952
Status
Definition: gdiplustypes.h:24
POBJECT_TYPE ServerPortObjectType
Definition: Messaging.c:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1872
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1872
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2931
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
VOID FASTCALL ExAcquireFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:23
NTSTATUS FLTAPI FltObjectReference(_Inout_ PVOID Object)
Definition: Object.c:41
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1872
#define NULL
Definition: types.h:112
FAST_MUTEX mLock
Definition: fltmgrint.h:55
PFLT_MESSAGE_NOTIFY MessageNotify
Definition: fltmgrint.h:193
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY _In_ LONG MaxConnections
Definition: fltkernel.h:1872
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1872
FLT_MUTEX_LIST_HEAD ConnectionList
Definition: fltmgrint.h:121

◆ _Out_writes_bytes_to_opt_() [1/2]

_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ ( TokenInformationLength  ,
ReturnLength 
)

◆ _Out_writes_bytes_to_opt_() [2/2]

_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ ( Length  ,
ResultLength 
)

◆ _When_()

◆ NtAccessCheck()

NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheck ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_ PPRIVILEGE_SET  PrivilegeSet,
_Out_ PULONG  ReturnLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ NtAccessCheckAndAuditAlarm()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus,
_Out_ PBOOLEAN  GenerateOnClose 
)

Definition at line 1408 of file audit.c.

1420 {
1421  /* Call the internal function */
1422  return SepAccessCheckAndAuditAlarm(SubsystemName,
1423  HandleId,
1424  NULL,
1426  ObjectName,
1428  NULL,
1429  DesiredAccess,
1431  0,
1432  NULL,
1433  0,
1435  GrantedAccess,
1436  AccessStatus,
1438  FALSE);
1439 }
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
#define FALSE
Definition: types.h:117
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
#define NULL
Definition: types.h:112
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
_Must_inspect_result_ NTSTATUS NTAPI SepAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PHANDLE ClientTokenHandle, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccessList, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatusList, _Out_ PBOOLEAN GenerateOnClose, _In_ BOOLEAN UseResultList)
Definition: audit.c:371

◆ NtAccessCheckByType()

NTSTATUS NTAPI NtAccessCheckByType ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PSID  PrincipalSelfSid,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ PPRIVILEGE_SET  PrivilegeSet,
_Inout_ PULONG  PrivilegeSetLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ NtAccessCheckByTypeResultList()

NTSTATUS NTAPI NtAccessCheckByTypeResultList ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PSID  PrincipalSelfSid,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ PPRIVILEGE_SET  PrivilegeSet,
_Inout_ PULONG  PrivilegeSetLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ NtAdjustGroupsToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  ResetToDefault,
_In_opt_ PTOKEN_GROUPS  NewState,
_In_opt_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS  PreviousState,
_Out_ PULONG  ReturnLength 
)

◆ NtAdjustPrivilegesToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  DisableAllPrivileges,
_In_opt_ PTOKEN_PRIVILEGES  NewState,
_In_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES  PreviousState,
_When_(PreviousState !=NULL, _Out_) PULONG  ReturnLength 
)

◆ NtAllocateLocallyUniqueId()

NTSYSCALLAPI NTSTATUS NTAPI NtAllocateLocallyUniqueId ( _Out_ LUID LocallyUniqueId)

◆ NtAllocateUuids()

NTSYSCALLAPI NTSTATUS NTAPI NtAllocateUuids ( PULARGE_INTEGER  Time,
PULONG  Range,
PULONG  Sequence,
PUCHAR  Seed 
)

◆ NtCompareTokens()

NTSYSCALLAPI NTSTATUS NTAPI NtCompareTokens ( _In_ HANDLE  FirstTokenHandle,
_In_ HANDLE  SecondTokenHandle,
_Out_ PBOOLEAN  Equal 
)

Compares tokens if they're equal or not.

Parameters
[in]FirstTokenThe first token.
[in]SecondTokenThe second token.
[out]EqualThe retrieved value which determines if the tokens are equal or not.
Returns
Returns STATUS_SUCCESS, otherwise it returns a failure NTSTATUS code.

Definition at line 4476 of file token.c.

4480 {
4482  PTOKEN FirstToken, SecondToken;
4483  BOOLEAN IsEqual;
4484  NTSTATUS Status;
4485 
4486  PAGED_CODE();
4487 
4489 
4490  if (PreviousMode != KernelMode)
4491  {
4492  _SEH2_TRY
4493  {
4494  ProbeForWriteBoolean(Equal);
4495  }
4497  {
4498  /* Return the exception code */
4500  }
4501  _SEH2_END;
4502  }
4503 
4504  Status = ObReferenceObjectByHandle(FirstTokenHandle,
4505  TOKEN_QUERY,
4507  PreviousMode,
4508  (PVOID*)&FirstToken,
4509  NULL);
4510  if (!NT_SUCCESS(Status))
4511  {
4512  DPRINT1("ObReferenceObjectByHandle() failed (Status 0x%lx)\n", Status);
4513  return Status;
4514  }
4515 
4516  Status = ObReferenceObjectByHandle(SecondTokenHandle,
4517  TOKEN_QUERY,
4519  PreviousMode,
4520  (PVOID*)&SecondToken,
4521  NULL);
4522  if (!NT_SUCCESS(Status))
4523  {
4524  DPRINT1("ObReferenceObjectByHandle() failed (Status 0x%lx)\n", Status);
4525  ObDereferenceObject(FirstToken);
4526  return Status;
4527  }
4528 
4529  if (FirstToken != SecondToken)
4530  {
4531  Status = SepCompareTokens(FirstToken,
4532  SecondToken,
4533  &IsEqual);
4534  }
4535  else
4536  {
4537  IsEqual = TRUE;
4538  }
4539 
4540  ObDereferenceObject(SecondToken);
4541  ObDereferenceObject(FirstToken);
4542 
4543  if (NT_SUCCESS(Status))
4544  {
4545  _SEH2_TRY
4546  {
4547  *Equal = IsEqual;
4548  }
4550  {
4552  }
4553  _SEH2_END;
4554  }
4555 
4556  return Status;
4557 }
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3070
_SEH2_TRY
Definition: create.c:4226
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
unsigned char BOOLEAN
POBJECT_TYPE SeTokenObjectType
Definition: token.c:19
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define TOKEN_QUERY
Definition: setypes.h:878
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
static NTSTATUS SepCompareTokens(_In_ PTOKEN FirstToken, _In_ PTOKEN SecondToken, _Out_ PBOOLEAN Equal)
Compares tokens if they're equal based on all the following properties. If all of the said conditions...
Definition: token.c:288
#define ObDereferenceObject
Definition: obfuncs.h:203
#define ProbeForWriteBoolean(Ptr)
Definition: probe.h:31
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
_SEH2_END
Definition: create.c:4400
LONG NTAPI ExSystemExceptionFilter(VOID)
Definition: harderr.c:351
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define PAGED_CODE()

Referenced by START_TEST().

◆ NtCreateToken()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateToken ( _Out_ PHANDLE  TokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ TOKEN_TYPE  TokenType,
_In_ PLUID  AuthenticationId,
_In_ PLARGE_INTEGER  ExpirationTime,
_In_ PTOKEN_USER  TokenUser,
_In_ PTOKEN_GROUPS  TokenGroups,
_In_ PTOKEN_PRIVILEGES  TokenPrivileges,
_In_opt_ PTOKEN_OWNER  TokenOwner,
_In_ PTOKEN_PRIMARY_GROUP  TokenPrimaryGroup,
_In_opt_ PTOKEN_DEFAULT_DACL  TokenDefaultDacl,
_In_ PTOKEN_SOURCE  TokenSource 
)

Definition at line 3991 of file token.c.

4005 {
4006  HANDLE hToken;
4008  ULONG PrivilegeCount, GroupCount;
4009  PSID OwnerSid, PrimaryGroupSid;
4010  PACL DefaultDacl;
4011  LARGE_INTEGER LocalExpirationTime = {{0, 0}};
4012  LUID LocalAuthenticationId;
4013  TOKEN_SOURCE LocalTokenSource;
4014  SECURITY_QUALITY_OF_SERVICE LocalSecurityQos;
4015  PLUID_AND_ATTRIBUTES CapturedPrivileges = NULL;
4016  PSID_AND_ATTRIBUTES CapturedUser = NULL;
4017  PSID_AND_ATTRIBUTES CapturedGroups = NULL;
4018  PSID CapturedOwnerSid = NULL;
4019  PSID CapturedPrimaryGroupSid = NULL;
4020  PACL CapturedDefaultDacl = NULL;
4021  ULONG PrivilegesLength, UserLength, GroupsLength;
4022  NTSTATUS Status;
4023 
4024  PAGED_CODE();
4025 
4027 
4028  if (PreviousMode != KernelMode)
4029  {
4030  _SEH2_TRY
4031  {
4033 
4034  if (ObjectAttributes != NULL)
4035  {
4037  sizeof(OBJECT_ATTRIBUTES),
4038  sizeof(ULONG));
4039  LocalSecurityQos = *(SECURITY_QUALITY_OF_SERVICE*)ObjectAttributes->SecurityQualityOfService;
4040  }
4041 
4042  ProbeForRead(AuthenticationId,
4043  sizeof(LUID),
4044  sizeof(ULONG));
4045  LocalAuthenticationId = *AuthenticationId;
4046 
4047  LocalExpirationTime = ProbeForReadLargeInteger(ExpirationTime);
4048 
4050  sizeof(TOKEN_USER),
4051  sizeof(ULONG));
4052 
4054  sizeof(TOKEN_GROUPS),
4055  sizeof(ULONG));
4056  GroupCount = TokenGroups->GroupCount;
4057 
4059  sizeof(TOKEN_PRIVILEGES),
4060  sizeof(ULONG));
4061  PrivilegeCount = TokenPrivileges->PrivilegeCount;
4062 
4063  if (TokenOwner != NULL)
4064  {
4066  sizeof(TOKEN_OWNER),
4067  sizeof(ULONG));
4068  OwnerSid = TokenOwner->Owner;
4069  }
4070  else
4071  {
4072  OwnerSid = NULL;
4073  }
4074 
4076  sizeof(TOKEN_PRIMARY_GROUP),
4077  sizeof(ULONG));
4078  PrimaryGroupSid = TokenPrimaryGroup->PrimaryGroup;
4079 
4080  if (TokenDefaultDacl != NULL)
4081  {
4083  sizeof(TOKEN_DEFAULT_DACL),
4084  sizeof(ULONG));
4085  DefaultDacl = TokenDefaultDacl->DefaultDacl;
4086  }
4087  else
4088  {
4089  DefaultDacl = NULL;
4090  }
4091 
4093  sizeof(TOKEN_SOURCE),
4094  sizeof(ULONG));
4095  LocalTokenSource = *TokenSource;
4096  }
4098  {
4099  /* Return the exception code */
4101  }
4102  _SEH2_END;
4103  }
4104  else
4105  {
4106  if (ObjectAttributes != NULL)
4107  LocalSecurityQos = *(SECURITY_QUALITY_OF_SERVICE*)ObjectAttributes->SecurityQualityOfService;
4108  LocalAuthenticationId = *AuthenticationId;
4109  LocalExpirationTime = *ExpirationTime;
4110  GroupCount = TokenGroups->GroupCount;
4111  PrivilegeCount = TokenPrivileges->PrivilegeCount;
4112  OwnerSid = TokenOwner ? TokenOwner->Owner : NULL;
4113  PrimaryGroupSid = TokenPrimaryGroup->PrimaryGroup;
4114  DefaultDacl = TokenDefaultDacl ? TokenDefaultDacl->DefaultDacl : NULL;
4115  LocalTokenSource = *TokenSource;
4116  }
4117 
4118  /* Check token type */
4119  if ((TokenType < TokenPrimary) ||
4121  {
4122  return STATUS_BAD_TOKEN_TYPE;
4123  }
4124 
4125  /* Check for token creation privilege */
4127  {
4129  }
4130 
4131  /* Capture the user SID and attributes */
4133  1,
4134  PreviousMode,
4135  NULL,
4136  0,
4137  PagedPool,
4138  FALSE,
4139  &CapturedUser,
4140  &UserLength);
4141  if (!NT_SUCCESS(Status))
4142  {
4143  goto Cleanup;
4144  }
4145 
4146  /* Capture the groups SID and attributes array */
4148  GroupCount,
4149  PreviousMode,
4150  NULL,
4151  0,
4152  PagedPool,
4153  FALSE,
4154  &CapturedGroups,
4155  &GroupsLength);
4156  if (!NT_SUCCESS(Status))
4157  {
4158  goto Cleanup;
4159  }
4160 
4161  /* Capture privileges */
4163  PrivilegeCount,
4164  PreviousMode,
4165  NULL,
4166  0,
4167  PagedPool,
4168  FALSE,
4169  &CapturedPrivileges,
4170  &PrivilegesLength);
4171  if (!NT_SUCCESS(Status))
4172  {
4173  goto Cleanup;
4174  }
4175 
4176  /* Capture the token owner SID */
4177  if (TokenOwner != NULL)
4178  {
4179  Status = SepCaptureSid(OwnerSid,
4180  PreviousMode,
4181  PagedPool,
4182  FALSE,
4183  &CapturedOwnerSid);
4184  if (!NT_SUCCESS(Status))
4185  {
4186  goto Cleanup;
4187  }
4188  }
4189 
4190  /* Capture the token primary group SID */
4191  Status = SepCaptureSid(PrimaryGroupSid,
4192  PreviousMode,
4193  PagedPool,
4194  FALSE,
4195  &CapturedPrimaryGroupSid);
4196  if (!NT_SUCCESS(Status))
4197  {
4198  goto Cleanup;
4199  }
4200 
4201  /* Capture DefaultDacl */
4202  if (DefaultDacl != NULL)
4203  {
4204  Status = SepCaptureAcl(DefaultDacl,
4205  PreviousMode,
4206  NonPagedPool,
4207  FALSE,
4208  &CapturedDefaultDacl);
4209  if (!NT_SUCCESS(Status))
4210  {
4211  goto Cleanup;
4212  }
4213  }
4214 
4215  /* Call the internal function */
4216  Status = SepCreateToken(&hToken,
4217  PreviousMode,
4218  DesiredAccess,
4220  TokenType,
4221  LocalSecurityQos.ImpersonationLevel,
4222  &LocalAuthenticationId,
4223  &LocalExpirationTime,
4224  CapturedUser,
4225  GroupCount,
4226  CapturedGroups,
4227  GroupsLength,
4228  PrivilegeCount,
4229  CapturedPrivileges,
4230  CapturedOwnerSid,
4231  CapturedPrimaryGroupSid,
4232  CapturedDefaultDacl,
4233  &LocalTokenSource,
4234  FALSE);
4235  if (NT_SUCCESS(Status))
4236  {
4237  _SEH2_TRY
4238  {
4239  *TokenHandle = hToken;
4240  }
4242  {
4244  }
4245  _SEH2_END;
4246  }
4247 
4248 Cleanup:
4249 
4250  /* Release what we captured */
4253  SeReleaseLuidAndAttributesArray(CapturedPrivileges, PreviousMode, FALSE);
4254  SepReleaseSid(CapturedOwnerSid, PreviousMode, FALSE);
4255  SepReleaseSid(CapturedPrimaryGroupSid, PreviousMode, FALSE);
4256  SepReleaseAcl(CapturedDefaultDacl, PreviousMode, FALSE);
4257 
4258  return Status;
4259 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
const LUID SeCreateTokenPrivilege
Definition: priv.c:19
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Definition: sid.c:553
LONG NTSTATUS
Definition: precomp.h:26
VOID NTAPI SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege, KPROCESSOR_MODE PreviousMode, BOOLEAN CaptureIfKernel)
Definition: priv.c:383
BOOLEAN NTAPI SeSinglePrivilegeCheck(IN LUID PrivilegeValue, IN KPROCESSOR_MODE PreviousMode)
Definition: priv.c:520
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3070
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src, ULONG PrivilegeCount, KPROCESSOR_MODE PreviousMode, PLUID_AND_ATTRIBUTES AllocatedMem, ULONG AllocatedLength, POOL_TYPE PoolType, BOOLEAN CaptureIfKernel, PLUID_AND_ATTRIBUTES *Dest, PULONG Length)
Definition: priv.c:287
_SEH2_TRY
Definition: create.c:4226
#define FALSE
Definition: types.h:117
#define STATUS_BAD_TOKEN_TYPE
Definition: ntstatus.h:404
NTSTATUS NTAPI SepCaptureAcl(IN PACL InputAcl, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PACL *CapturedAcl)
Definition: acl.c:299
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Definition: token.c:1254
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
VOID NTAPI SepReleaseAcl(IN PACL CapturedAcl, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: acl.c:387
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
#define ProbeForReadLargeInteger(Ptr)
Definition: probe.h:75
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
Definition: sid.c:352
static const WCHAR Cleanup[]
Definition: register.c:80
_SEH2_END
Definition: create.c:4400
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
#define NULL
Definition: types.h:112
VOID NTAPI SepReleaseSid(IN PSID CapturedSid, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: sid.c:336
unsigned int ULONG
Definition: retypes.h:1
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
NTSTATUS NTAPI SepCaptureSid(IN PSID InputSid, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSID *CapturedSid)
Definition: sid.c:268
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:417
#define PAGED_CODE()

Referenced by LsapLogonUser().

◆ NtDuplicateToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken ( _In_ HANDLE  ExistingTokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ BOOLEAN  EffectiveOnly,
_In_ TOKEN_TYPE  TokenType,
_Out_ PHANDLE  NewTokenHandle 
)

Definition at line 3512 of file token.c.

3519 {
3521  HANDLE hToken;
3522  PTOKEN Token;
3523  PTOKEN NewToken;
3524  PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService;
3525  BOOLEAN QoSPresent;
3527  NTSTATUS Status;
3528 
3529  PAGED_CODE();
3530 
3531  if (TokenType != TokenImpersonation &&
3533  {
3534  return STATUS_INVALID_PARAMETER;
3535  }
3536 
3538 
3539  if (PreviousMode != KernelMode)
3540  {
3541  _SEH2_TRY
3542  {
3544  }
3546  {
3547  /* Return the exception code */
3549  }
3550  _SEH2_END;
3551  }
3552 
3554  PreviousMode,
3555  PagedPool,
3556  FALSE,
3557  &CapturedSecurityQualityOfService,
3558  &QoSPresent);
3559  if (!NT_SUCCESS(Status))
3560  {
3561  DPRINT1("NtDuplicateToken() failed to capture QoS! Status: 0x%x\n", Status);
3562  return Status;
3563  }
3564 
3565  Status = ObReferenceObjectByHandle(ExistingTokenHandle,
3568  PreviousMode,
3569  (PVOID*)&Token,
3571  if (!NT_SUCCESS(Status))
3572  {
3573  DPRINT1("Failed to reference token (Status 0x%lx)\n", Status);
3574  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3575  PreviousMode,
3576  FALSE);
3577  return Status;
3578  }
3579 
3580  /*
3581  * Fail, if the original token is an impersonation token and the caller
3582  * tries to raise the impersonation level of the new token above the
3583  * impersonation level of the original token.
3584  */
3585  if (Token->TokenType == TokenImpersonation)
3586  {
3587  if (QoSPresent &&
3588  CapturedSecurityQualityOfService->ImpersonationLevel >Token->ImpersonationLevel)
3589  {
3591  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3592  PreviousMode,
3593  FALSE);
3595  }
3596  }
3597 
3598  /*
3599  * Fail, if a primary token is to be created from an impersonation token
3600  * and and the impersonation level of the impersonation token is below SecurityImpersonation.
3601  */
3602  if (Token->TokenType == TokenImpersonation &&
3603  TokenType == TokenPrimary &&
3604  Token->ImpersonationLevel < SecurityImpersonation)
3605  {
3607  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3608  PreviousMode,
3609  FALSE);
3611  }
3612 
3615  EffectiveOnly,
3616  TokenType,
3617  (QoSPresent ? CapturedSecurityQualityOfService->ImpersonationLevel : SecurityAnonymous),
3618  PreviousMode,
3619  &NewToken);
3620 
3622 
3623  if (NT_SUCCESS(Status))
3624  {
3625  Status = ObInsertObject(NewToken,
3626  NULL,
3627  (DesiredAccess ? DesiredAccess : HandleInformation.GrantedAccess),
3628  0,
3629  NULL,
3630  &hToken);
3631  if (NT_SUCCESS(Status))
3632  {
3633  _SEH2_TRY
3634  {
3635  *NewTokenHandle = hToken;
3636  }
3638  {
3640  }
3641  _SEH2_END;
3642  }
3643  }
3644 
3645  /* Free the captured structure */
3646  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3647  PreviousMode,
3648  FALSE);
3649 
3650  return Status;
3651 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:401
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
#define KeGetPreviousMode()
Definition: ketypes.h:1107
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
_SEH2_TRY
Definition: create.c:4226
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Definition: token.c:785
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
Definition: sefuncs.h:417
#define FALSE
Definition: types.h:117
unsigned char BOOLEAN
POBJECT_TYPE SeTokenObjectType
Definition: token.c:19
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ObDereferenceObject
Definition: obfuncs.h:203
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
Definition: obfuncs.h:40
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
#define TOKEN_DUPLICATE
Definition: setypes.h:876
VOID NTAPI SepReleaseSecurityQualityOfService(_In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) the captured SQOS data from an object in the memory pool.
Definition: sqos.c:225
_SEH2_END
Definition: create.c:4400
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2931
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
NTSTATUS NTAPI SepCaptureSecurityQualityOfService(_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, _Out_ PBOOLEAN Present)
Captures the security quality of service data given the object attributes from an object.
Definition: sqos.c:52
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:417
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:417
#define PAGED_CODE()

◆ NtImpersonateAnonymousToken()

NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken ( _In_ HANDLE  ThreadHandle)

Allows the calling thread to impersonate the system's anonymous logon token.

Parameters
[in]ThreadHandleA handle to the thread to start the procedure of logon token impersonation. The thread must have the THREAD_IMPERSONATE access right.
Returns
Returns STATUS_SUCCESS if the thread has successfully impersonated the anonymous logon token, otherwise a failure NTSTATUS code is returned.
Remarks
By default the system gives the opportunity to the caller to impersonate the anonymous logon token without including the Everyone Group SID. In cases where the caller wants to impersonate the token including such group, the EveryoneIncludesAnonymous registry value setting has to be set to 1, from HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry path. The calling thread must invoke PsRevertToSelf when impersonation is no longer needed or RevertToSelf if the calling execution is done in user mode.

Definition at line 4598 of file token.c.

4600 {
4601  PETHREAD Thread;
4603  NTSTATUS Status;
4604  PAGED_CODE();
4605 
4607 
4608  /* Obtain the thread object from the handle */
4609  Status = ObReferenceObjectByHandle(ThreadHandle,
4611  PsThreadType,
4612  PreviousMode,
4613  (PVOID*)&Thread,
4614  NULL);
4615  if (!NT_SUCCESS(Status))
4616  {
4617  DPRINT1("NtImpersonateAnonymousToken(): Failed to reference the object (Status 0x%lx)\n", Status);
4618  return Status;
4619  }
4620 
4621  /* Call the private routine to impersonate the token */
4623  if (!NT_SUCCESS(Status))
4624  {
4625  DPRINT1("NtImpersonateAnonymousToken(): Failed to impersonate the token (Status 0x%lx)\n", Status);
4626  }
4627 
4629  return Status;
4630 }
#define THREAD_IMPERSONATE
Definition: pstypes.h:151
LONG NTSTATUS
Definition: precomp.h:26
static NTSTATUS SepImpersonateAnonymousToken(_In_ PETHREAD Thread, _In_ KPROCESSOR_MODE PreviousMode)
Private function that impersonates the system's anonymous logon token. The major bulk of the imperson...
Definition: token.c:379
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3070
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ObDereferenceObject
Definition: obfuncs.h:203
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2652
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
POBJECT_TYPE PsThreadType
Definition: thread.c:20
#define NULL
Definition: types.h:112
#define DPRINT1
Definition: precomp.h:8
#define PAGED_CODE()

◆ NtOpenObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_opt_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ACCESS_MASK  GrantedAccess,
_In_opt_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  ObjectCreation,
_In_ BOOLEAN  AccessGranted,
_Out_ PBOOLEAN  GenerateOnClose 
)

Definition at line 1003 of file audit.c.

1016 {
1017  PTOKEN ClientToken;
1018  PSECURITY_DESCRIPTOR CapturedSecurityDescriptor;
1019  UNICODE_STRING CapturedSubsystemName, CapturedObjectTypeName, CapturedObjectName;
1020  ULONG PrivilegeCount, PrivilegeSetSize;
1021  volatile PPRIVILEGE_SET CapturedPrivilegeSet;
1022  BOOLEAN LocalGenerateOnClose;
1023  PVOID CapturedHandleId;
1025  NTSTATUS Status;
1026  PAGED_CODE();
1027 
1028  /* Only user mode is supported! */
1030 
1031  /* Start clean */
1032  ClientToken = NULL;
1033  CapturedSecurityDescriptor = NULL;
1034  CapturedPrivilegeSet = NULL;
1035  CapturedSubsystemName.Buffer = NULL;
1036  CapturedObjectTypeName.Buffer = NULL;
1037  CapturedObjectName.Buffer = NULL;
1038 
1039  /* Reference the client token */
1040  Status = ObReferenceObjectByHandle(ClientTokenHandle,
1041  TOKEN_QUERY,
1043  UserMode,
1044  (PVOID*)&ClientToken,
1045  NULL);
1046  if (!NT_SUCCESS(Status))
1047  {
1048  DPRINT1("Failed to reference token handle %p: %lx\n",
1049  ClientTokenHandle, Status);
1050  return Status;
1051  }
1052 
1053  /* Capture the security subject context */
1055 
1056  /* Validate the token's impersonation level */
1057  if ((ClientToken->TokenType == TokenImpersonation) &&
1058  (ClientToken->ImpersonationLevel < SecurityIdentification))
1059  {
1060  DPRINT1("Invalid impersonation level (%u)\n", ClientToken->ImpersonationLevel);
1062  goto Cleanup;
1063  }
1064 
1065  /* Check for audit privilege */
1067  {
1068  DPRINT1("Caller does not have SeAuditPrivilege\n");
1070  goto Cleanup;
1071  }
1072 
1073  /* Check for NULL SecurityDescriptor */
1074  if (SecurityDescriptor == NULL)
1075  {
1076  /* Nothing to do */
1078  goto Cleanup;
1079  }
1080 
1081  /* Capture the security descriptor */
1083  UserMode,
1084  PagedPool,
1085  FALSE,
1086  &CapturedSecurityDescriptor);
1087  if (!NT_SUCCESS(Status))
1088  {
1089  DPRINT1("Failed to capture security descriptor!\n");
1090  goto Cleanup;
1091  }
1092 
1093  _SEH2_TRY
1094  {
1095  /* Check if we have a privilege set */
1096  if (PrivilegeSet != NULL)
1097  {
1098  /* Probe the basic privilege set structure */
1099  ProbeForRead(PrivilegeSet, sizeof(PRIVILEGE_SET), sizeof(ULONG));
1100 
1101  /* Validate privilege count */
1102  PrivilegeCount = PrivilegeSet->PrivilegeCount;
1103  if (PrivilegeCount > SEP_PRIVILEGE_SET_MAX_COUNT)
1104  {
1106  _SEH2_YIELD(goto Cleanup);
1107  }
1108 
1109  /* Calculate the size of the PrivilegeSet structure */
1110  PrivilegeSetSize = FIELD_OFFSET(PRIVILEGE_SET, Privilege[PrivilegeCount]);
1111 
1112  /* Probe the whole structure */
1113  ProbeForRead(PrivilegeSet, PrivilegeSetSize, sizeof(ULONG));
1114 
1115  /* Allocate a temp buffer */
1116  CapturedPrivilegeSet = ExAllocatePoolWithTag(PagedPool,
1117  PrivilegeSetSize,
1119  if (CapturedPrivilegeSet == NULL)
1120  {
1121  DPRINT1("Failed to allocate %u bytes\n", PrivilegeSetSize);
1123  _SEH2_YIELD(goto Cleanup);
1124  }
1125 
1126  /* Copy the privileges */
1127  RtlCopyMemory(CapturedPrivilegeSet, PrivilegeSet, PrivilegeSetSize);
1128  }
1129 
1130  if (HandleId != NULL)
1131  {
1132  ProbeForRead(HandleId, sizeof(PVOID), sizeof(PVOID));
1133  CapturedHandleId = *(PVOID*)HandleId;
1134  }
1135 
1136  ProbeForWrite(GenerateOnClose, sizeof(BOOLEAN), sizeof(BOOLEAN));
1137  }
1139  {
1141  DPRINT1("Exception while probing parameters: 0x%lx\n", Status);
1142  _SEH2_YIELD(goto Cleanup);
1143  }
1144  _SEH2_END;
1145 
1146  /* Probe and capture the subsystem name */
1147  Status = ProbeAndCaptureUnicodeString(&CapturedSubsystemName,
1148  UserMode,
1149  SubsystemName);
1150  if (!NT_SUCCESS(Status))
1151  {
1152  DPRINT1("Failed to capture subsystem name!\n");
1153  goto Cleanup;
1154  }
1155 
1156  /* Probe and capture the object type name */
1157  Status = ProbeAndCaptureUnicodeString(&CapturedObjectTypeName,
1158  UserMode,
1159  ObjectTypeName);
1160  if (!NT_SUCCESS(Status))
1161  {
1162  DPRINT1("Failed to capture object type name!\n");
1163  goto Cleanup;
1164  }
1165 
1166  /* Probe and capture the object name */
1167  Status = ProbeAndCaptureUnicodeString(&CapturedObjectName,
1168  UserMode,
1169  ObjectName);
1170  if (!NT_SUCCESS(Status))
1171  {
1172  DPRINT1("Failed to capture object name!\n");
1173  goto Cleanup;
1174  }
1175 
1176  /* Call the internal function */
1178  &CapturedSubsystemName,
1179  CapturedHandleId,
1180  &CapturedObjectTypeName,
1181  &CapturedObjectName,
1182  CapturedSecurityDescriptor,
1183  ClientToken,
1184  DesiredAccess,
1185  GrantedAccess,
1186  CapturedPrivilegeSet,
1187  ObjectCreation,
1188  AccessGranted,
1189  &LocalGenerateOnClose);
1190 
1192 
1193  /* Enter SEH to copy the data back to user mode */
1194  _SEH2_TRY
1195  {
1196  *GenerateOnClose = LocalGenerateOnClose;
1197  }
1199  {
1201  DPRINT1("Exception while copying back data: 0x%lx\n", Status);
1202  }
1203  _SEH2_END;
1204 
1205 Cleanup:
1206 
1207  if (CapturedObjectName.Buffer != NULL)
1208  ReleaseCapturedUnicodeString(&CapturedObjectName, UserMode);
1209 
1210  if (CapturedObjectTypeName.Buffer != NULL)
1211  ReleaseCapturedUnicodeString(&CapturedObjectTypeName, UserMode);
1212 
1213  if (CapturedSubsystemName.Buffer != NULL)
1214  ReleaseCapturedUnicodeString(&CapturedSubsystemName, UserMode);
1215 
1216  if (CapturedSecurityDescriptor != NULL)
1217  SeReleaseSecurityDescriptor(CapturedSecurityDescriptor, UserMode, FALSE);
1218 
1219  if (CapturedPrivilegeSet != NULL)
1220  ExFreePoolWithTag(CapturedPrivilegeSet, TAG_PRIVILEGE_SET);
1221 
1222  /* Release the security subject context */
1224 
1225  ObDereferenceObject(ClientToken);
1226 
1227  return Status;
1228 }
static __inline NTSTATUS ProbeAndCaptureUnicodeString(OUT PUNICODE_STRING Dest, IN KPROCESSOR_MODE CurrentMode, IN const UNICODE_STRING *UnsafeSrc)
Definition: probe.h:142
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
TOKEN_TYPE TokenType
Definition: setypes.h:221
VOID NTAPI SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:301
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
VOID NTAPI SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:360
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:401
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3070
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
#define SEP_PRIVILEGE_SET_MAX_COUNT
Definition: audit.c:17
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
NTSTATUS NTAPI SeReleaseSecurityDescriptor(IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN BOOLEAN CaptureIfKernelMode)
Definition: sd.c:608
_SEH2_TRY
Definition: create.c:4226
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
#define FALSE
Definition: types.h:117
unsigned char BOOLEAN
POBJECT_TYPE SeTokenObjectType
Definition: token.c:19
Status
Definition: gdiplustypes.h:24
static __inline VOID ReleaseCapturedUnicodeString(IN PUNICODE_STRING CapturedString, IN KPROCESSOR_MODE CurrentMode)
Definition: probe.h:239
#define TOKEN_QUERY
Definition: setypes.h:878
#define ASSERT(a)
Definition: mode.c:44
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ObDereferenceObject
Definition: obfuncs.h:203
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
Definition: user_lib.cpp:531
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
static const WCHAR Cleanup[]
Definition: register.c:80
_SEH2_END
Definition: create.c:4400
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:414
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
#define NULL
Definition: types.h:112
BOOLEAN NTAPI SeCheckAuditPrivilege(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Definition: priv.c:253
#define DPRINT1
Definition: precomp.h:8
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:222
unsigned int ULONG
Definition: retypes.h:1
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
NTSTATUS NTAPI SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Definition: sd.c:272
#define TAG_PRIVILEGE_SET
Definition: tag.h:180
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
VOID NTAPI SepOpenObjectAuditAlarm(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PTOKEN ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
Definition: audit.c:969
#define PAGED_CODE()

◆ NtOpenProcessTokenEx()

NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

◆ NtPrivilegeCheck()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck ( _In_ HANDLE  ClientToken,
_Inout_ PPRIVILEGE_SET  RequiredPrivileges,
_Out_ PBOOLEAN  Result 
)

◆ NtPrivilegedServiceAuditAlarm()

NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PUNICODE_STRING  ServiceName,
_In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ NtPrivilegeObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ NtSetInformationToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken ( _In_ HANDLE  TokenHandle,
_In_ TOKEN_INFORMATION_CLASS  TokenInformationClass,
_In_reads_bytes_(TokenInformationLength) PVOID  TokenInformation,
_In_ ULONG  TokenInformationLength 
)

Definition at line 2979 of file token.c.

2984 {
2985  NTSTATUS Status;
2986  PTOKEN Token;
2988  ULONG NeededAccess = TOKEN_ADJUST_DEFAULT;
2989 
2990  PAGED_CODE();
2991 
2993 
2997  TokenInformation,
2999  PreviousMode);
3000  if (!NT_SUCCESS(Status))
3001  {
3002  /* Invalid buffers */
3003  DPRINT("NtSetInformationToken() failed, Status: 0x%x\n", Status);
3004  return Status;
3005  }
3006 
3008  {
3009  NeededAccess |= TOKEN_ADJUST_SESSIONID;
3010  }
3011 
3013  NeededAccess,
3015  PreviousMode,
3016  (PVOID*)&Token,
3017  NULL);
3018  if (NT_SUCCESS(Status))
3019  {
3020  switch (TokenInformationClass)
3021  {
3022  case TokenOwner:
3023  {
3024  if (TokenInformationLength >= sizeof(TOKEN_OWNER))
3025  {
3026  PTOKEN_OWNER to = (PTOKEN_OWNER)TokenInformation;
3027  PSID InputSid = NULL, CapturedSid;
3028  ULONG DefaultOwnerIndex;
3029 
3030  _SEH2_TRY
3031  {
3032  InputSid = to->Owner;
3033  }
3035  {
3037  _SEH2_YIELD(goto Cleanup);
3038  }
3039  _SEH2_END;
3040 
3041  Status = SepCaptureSid(InputSid,
3042  PreviousMode,
3043  PagedPool,
3044  FALSE,
3045  &CapturedSid);
3046  if (NT_SUCCESS(Status))
3047  {
3048  /* Lock the token */
3050 
3051  /* Find the owner amongst the existing token user and groups */
3053  NULL,
3054  CapturedSid,
3055  NULL,
3056  &DefaultOwnerIndex);
3057  if (NT_SUCCESS(Status))
3058  {
3059  /* Found it */
3060  Token->DefaultOwnerIndex = DefaultOwnerIndex;
3061  ExAllocateLocallyUniqueId(&Token->ModifiedId);
3062  }
3063 
3064  /* Unlock the token */
3066 
3067  SepReleaseSid(CapturedSid,
3068  PreviousMode,
3069  FALSE);
3070  }
3071  }
3072  else
3073  {
3075  }
3076  break;
3077  }
3078 
3079  case TokenPrimaryGroup:
3080  {
3082  {
3083  PTOKEN_PRIMARY_GROUP tpg = (PTOKEN_PRIMARY_GROUP)TokenInformation;
3084  PSID InputSid = NULL, CapturedSid;
3085  ULONG PrimaryGroupIndex;
3086 
3087  _SEH2_TRY
3088  {
3089  InputSid = tpg->PrimaryGroup;
3090  }
3092  {
3094  _SEH2_YIELD(goto Cleanup);
3095  }
3096  _SEH2_END;
3097 
3098  Status = SepCaptureSid(InputSid,
3099  PreviousMode,
3100  PagedPool,
3101  FALSE,
3102  &CapturedSid);
3103  if (NT_SUCCESS(Status))
3104  {
3105  /* Lock the token */
3107 
3108  /* Find the primary group amongst the existing token user and groups */
3110  CapturedSid,
3111  NULL,
3112  &PrimaryGroupIndex,
3113  NULL);
3114  if (NT_SUCCESS(Status))
3115  {
3116  /* Found it */
3117  Token->PrimaryGroup = Token->UserAndGroups[PrimaryGroupIndex].Sid;
3118  ExAllocateLocallyUniqueId(&Token->ModifiedId);
3119  }
3120 
3121  /* Unlock the token */
3123 
3124  SepReleaseSid(CapturedSid,
3125  PreviousMode,
3126  FALSE);
3127  }
3128  }
3129  else
3130  {
3132  }
3133  break;
3134  }
3135 
3136  case TokenDefaultDacl:
3137  {
3139  {
3140  PTOKEN_DEFAULT_DACL tdd = (PTOKEN_DEFAULT_DACL)TokenInformation;
3141  PACL InputAcl = NULL;
3142 
3143  _SEH2_TRY
3144  {
3145  InputAcl = tdd->DefaultDacl;
3146  }
3148  {
3150  _SEH2_YIELD(goto Cleanup);
3151  }
3152  _SEH2_END;
3153 
3154  if (InputAcl != NULL)
3155  {
3156  PACL CapturedAcl;
3157 
3158  /* Capture and copy the dacl */
3159  Status = SepCaptureAcl(InputAcl,
3160  PreviousMode,
3161  PagedPool,
3162  TRUE,
3163  &CapturedAcl);
3164  if (NT_SUCCESS(Status))
3165  {
3166  ULONG DynamicLength;
3167 
3168  /* Lock the token */
3170 
3171  //
3172  // NOTE: So far our dynamic area only contains
3173  // the default dacl, so this makes the following
3174  // code pretty simple. The day where it stores
3175  // other data, the code will require adaptations.
3176  //
3177 
3178  DynamicLength = Token->DynamicAvailable;
3179  // Add here any other data length present in the dynamic area...
3180  if (Token->DefaultDacl)
3181  DynamicLength += Token->DefaultDacl->AclSize;
3182 
3183  /* Reallocate the dynamic area if it is too small */
3185  if ((DynamicLength < CapturedAcl->AclSize) ||
3186  (Token->DynamicPart == NULL))
3187  {
3188  PVOID NewDynamicPart;
3189 
3190  NewDynamicPart = ExAllocatePoolWithTag(PagedPool,
3191  CapturedAcl->AclSize,
3193  if (NewDynamicPart == NULL)
3194  {
3196  }
3197  else
3198  {
3199  if (Token->DynamicPart != NULL)
3200  {
3201  // RtlCopyMemory(NewDynamicPart, Token->DynamicPart, DynamicLength);
3202  ExFreePoolWithTag(Token->DynamicPart, TAG_TOKEN_DYNAMIC);
3203  }
3204  Token->DynamicPart = NewDynamicPart;
3205  Token->DynamicAvailable = 0;
3206  }
3207  }
3208  else
3209  {
3210  Token->DynamicAvailable = DynamicLength - CapturedAcl->AclSize;
3211  }
3212 
3213  if (NT_SUCCESS(Status))
3214  {
3215  /* Set the new dacl */
3216  Token->DefaultDacl = (PVOID)Token->DynamicPart;
3217  RtlCopyMemory(Token->DefaultDacl,
3218  CapturedAcl,
3219  CapturedAcl->AclSize);
3220 
3221  ExAllocateLocallyUniqueId(&Token->ModifiedId);
3222  }
3223 
3224  /* Unlock the token */
3226 
3227  ExFreePoolWithTag(CapturedAcl, TAG_ACL);
3228  }
3229  }
3230  else
3231  {
3232  /* Lock the token */
3234 
3235  /* Clear the default dacl if present */
3236  if (Token->DefaultDacl != NULL)
3237  {
3238  Token->DynamicAvailable += Token->DefaultDacl->AclSize;
3239  RtlZeroMemory(Token->DefaultDacl, Token->DefaultDacl->AclSize);
3240  Token->DefaultDacl = NULL;
3241 
3242  ExAllocateLocallyUniqueId(&Token->ModifiedId);
3243  }
3244 
3245  /* Unlock the token */
3247  }
3248  }
3249  else
3250  {
3252  }
3253  break;
3254  }
3255 
3256  case TokenSessionId:
3257  {
3258  ULONG SessionId = 0;
3259 
3260  _SEH2_TRY
3261  {
3262  /* Buffer size was already verified, no need to check here again */
3263  SessionId = *(PULONG)TokenInformation;
3264  }
3266  {
3268  _SEH2_YIELD(goto Cleanup);
3269  }
3270  _SEH2_END;
3271 
3272  /* Check for TCB privilege */
3274  {
3276  break;
3277  }
3278 
3279  /* Lock the token */
3281 
3282  Token->SessionId = SessionId;
3283  ExAllocateLocallyUniqueId(&Token->ModifiedId);
3284 
3285  /* Unlock the token */
3287 
3288  break;
3289  }
3290 
3291  case TokenSessionReference:
3292  {
3293  ULONG SessionReference;
3294 
3295  _SEH2_TRY
3296  {
3297  /* Buffer size was already verified, no need to check here again */
3298  SessionReference = *(PULONG)TokenInformation;
3299  }
3301  {
3303  _SEH2_YIELD(goto Cleanup);
3304  }
3305  _SEH2_END;
3306 
3307  /* Check for TCB privilege */
3309  {
3311  goto Cleanup;
3312  }
3313 
3314  /* Check if it is 0 */
3315  if (SessionReference == 0)
3316  {
3317  ULONG OldTokenFlags;
3318 
3319  /* Lock the token */
3321 
3322  /* Atomically set the flag in the token */
3323  OldTokenFlags = RtlInterlockedSetBits(&Token->TokenFlags,
3325  /*
3326  * If the flag was already set, do not dereference again
3327  * the logon session. Use SessionReference as an indicator
3328  * to know whether to really dereference the session.
3329  */
3330  if (OldTokenFlags == Token->TokenFlags)
3331  SessionReference = ULONG_MAX;
3332 
3333  /*
3334  * Otherwise if the flag was never set but just for this first time then
3335  * remove the referenced logon session data from the token and dereference
3336  * the logon session when needed.
3337  */
3338  if (SessionReference == 0)
3339  {
3341  SepRmDereferenceLogonSession(&Token->AuthenticationId);
3342  }
3343 
3344  /* Unlock the token */
3346  }
3347  break;
3348  }
3349 
3350  case TokenAuditPolicy:
3351  {
3352  PTOKEN_AUDIT_POLICY_INFORMATION PolicyInformation =
3353  (PTOKEN_AUDIT_POLICY_INFORMATION)TokenInformation;
3354  SEP_AUDIT_POLICY AuditPolicy;
3355  ULONG i;
3356 
3357  _SEH2_TRY
3358  {
3359  ProbeForRead(PolicyInformation,
3361  Policies[PolicyInformation->PolicyCount]),
3362  sizeof(ULONG));
3363 
3364  /* Loop all policies in the structure */
3365  for (i = 0; i < PolicyInformation->PolicyCount; i++)
3366  {
3367  /* Set the corresponding bits in the packed structure */
3368  switch (PolicyInformation->Policies[i].Category)
3369  {
3370  case AuditCategorySystem:
3371  AuditPolicy.PolicyElements.System = PolicyInformation->Policies[i].Value;
3372  break;
3373 
3374  case AuditCategoryLogon:
3375  AuditPolicy.PolicyElements.Logon = PolicyInformation->Policies[i].Value;
3376  break;
3377 
3379  AuditPolicy.PolicyElements.ObjectAccess = PolicyInformation->Policies[i].Value;
3380  break;
3381 
3383  AuditPolicy.PolicyElements.PrivilegeUse = PolicyInformation->Policies[i].Value;
3384  break;
3385 
3387  AuditPolicy.PolicyElements.DetailedTracking = PolicyInformation->Policies[i].Value;
3388  break;
3389 
3391  AuditPolicy.PolicyElements.PolicyChange = PolicyInformation->Policies[i].Value;
3392  break;
3393 
3395  AuditPolicy.PolicyElements.AccountManagement = PolicyInformation->Policies[i].Value;
3396  break;
3397 
3399  AuditPolicy.PolicyElements.DirectoryServiceAccess = PolicyInformation->Policies[i].Value;
3400  break;
3401 
3403  AuditPolicy.PolicyElements.AccountLogon = PolicyInformation->Policies[i].Value;
3404  break;
3405  }
3406  }
3407  }
3409  {
3411  _SEH2_YIELD(goto Cleanup);
3412  }
3413  _SEH2_END;
3414 
3415  /* Check for TCB privilege */
3417  {
3419  break;
3420  }
3421 
3422  /* Lock the token */
3424 
3425  /* Set the new audit policy */
3426  Token->AuditPolicy = AuditPolicy;
3427  ExAllocateLocallyUniqueId(&Token->ModifiedId);
3428 
3429  /* Unlock the token */
3431 
3432  break;
3433  }
3434 
3435  case TokenOrigin:
3436  {
3438 
3439  _SEH2_TRY
3440  {
3441  /* Copy the token origin */
3442  TokenOrigin = *(PTOKEN_ORIGIN)TokenInformation;
3443  }
3445  {
3447  _SEH2_YIELD(goto Cleanup);
3448  }
3449  _SEH2_END;
3450 
3451  /* Check for TCB privilege */
3453  {
3455  break;
3456  }
3457 
3458  /* Lock the token */
3460 
3461  /* Check if there is no token origin set yet */
3462  if (RtlIsZeroLuid(&Token->OriginatingLogonSession))
3463  {
3464  /* Set the token origin */
3465  Token->OriginatingLogonSession =
3466  TokenOrigin.OriginatingLogonSession;
3467 
3468  ExAllocateLocallyUniqueId(&Token->ModifiedId);
3469  }
3470 
3471  /* Unlock the token */
3473 
3474  break;
3475  }
3476 
3477  default:
3478  {
3479  DPRINT1("Invalid TokenInformationClass: 0x%lx\n",
3482  break;
3483  }
3484  }
3485 Cleanup:
3487  }
3488 
3489  if (!NT_SUCCESS(Status))
3490  {
3491  DPRINT1("NtSetInformationToken failed with Status 0x%lx\n", Status);
3492  }
3493 
3494  return Status;
3495 }
#define SepAcquireTokenLockExclusive(Token)
Definition: se.h:216
static NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Definition: token.c:689
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133
struct _TOKEN_PRIMARY_GROUP * PTOKEN_PRIMARY_GROUP
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
Definition: sefuncs.h:320
#define TRUE
Definition: types.h:120
USHORT AclSize
Definition: ms-dtyp.idl:296
ULONG SessionId
Definition: dllmain.c:28
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
BOOLEAN NTAPI SeSinglePrivilegeCheck(IN LUID PrivilegeValue, IN KPROCESSOR_MODE PreviousMode)
Definition: priv.c:520
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3070
static __inline NTSTATUS DefaultSetInfoBufferCheck(ULONG Class, const INFORMATION_CLASS_INFO *ClassList, ULONG ClassListEntries, PVOID Buffer, ULONG BufferLength, KPROCESSOR_MODE PreviousMode)
Definition: probe.h:8
_SEH2_TRY
Definition: create.c:4226
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
struct _TOKEN_DEFAULT_DACL * PTOKEN_DEFAULT_DACL
#define FALSE
Definition: types.h:117
struct _TOKEN_ORIGIN * PTOKEN_ORIGIN
POBJECT_TYPE SeTokenObjectType
Definition: token.c:19
NTSTATUS NTAPI SepCaptureAcl(IN PACL InputAcl, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PACL *CapturedAcl)
Definition: acl.c:299
PSID Owner
Definition: setypes.h:978
#define TOKEN_ADJUST_DEFAULT
Definition: setypes.h:882
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
void * PVOID
Definition: retypes.h:9
NTSTATUS SepRmDereferenceLogonSession(PLUID LogonLuid)
Definition: srm.c:915
Status
Definition: gdiplustypes.h:24
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define ObDereferenceObject
Definition: obfuncs.h:203
#define RtlIsZeroLuid(_L1)
Definition: rtlfuncs.h:753
SEP_AUDIT_POLICY_CATEGORIES PolicyElements
Definition: setypes.h:148
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
struct _TOKEN_OWNER * PTOKEN_OWNER
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
#define STATUS_INVALID_INFO_CLASS
Definition: ntstatus.h:240
#define SepReleaseTokenLock(Token)
Definition: se.h:227
struct _TOKEN_AUDIT_POLICY_INFORMATION::@1772 Policies[1]
#define TAG_TOKEN_DYNAMIC
Definition: tag.h:181
static const WCHAR Cleanup[]
Definition: register.c:80
NTSTATUS NTAPI SepRmRemoveLogonSessionFromToken(_Inout_ PTOKEN Token)
Removes a logon session from an access token.
Definition: srm.c:416
const LUID SeTcbPrivilege
Definition: priv.c:24
#define TAG_ACL
Definition: tag.h:174
_SEH2_END
Definition: create.c:4400
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
#define RTL_NUMBER_OF(x)
Definition: RtlRegistry.c:12
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:335
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
unsigned int * PULONG
Definition: retypes.h:1
#define NULL
Definition: types.h:112
VOID NTAPI SepReleaseSid(IN PSID CapturedSid, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: sid.c:336
struct _TOKEN_AUDIT_POLICY_INFORMATION * PTOKEN_AUDIT_POLICY_INFORMATION
#define DPRINT1
Definition: precomp.h:8
#define RtlInterlockedSetBits(Flags, Flag)
Definition: rtlfuncs.h:3434
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
static const INFORMATION_CLASS_INFO SeTokenInformationClass[]
Definition: token.c:32
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define STATUS_SUCCESS
Definition: shellext.h:65
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
#define DPRINT
Definition: sndvol32.h:71
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define TOKEN_ADJUST_SESSIONID
Definition: setypes.h:883
NTSTATUS NTAPI SepCaptureSid(IN PSID InputSid, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSID *CapturedSid)
Definition: sid.c:268
#define TOKEN_SESSION_NOT_REFERENCED
Definition: setypes.h:1134
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
Definition: sefuncs.h:318
#define ULONG_MAX
Definition: limits.h:44
#define PAGED_CODE()

◆ SeCaptureSecurityDescriptor()

NTKERNELAPI NTSTATUS NTAPI SeCaptureSecurityDescriptor ( _In_ PSECURITY_DESCRIPTOR  OriginalSecurityDescriptor,
_In_ KPROCESSOR_MODE  CurrentMode,
_In_ POOL_TYPE  PoolType,
_In_ BOOLEAN  CaptureIfKernel,
_Out_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor 
)

◆ SeCreateAccessState()

NTKERNELAPI NTSTATUS NTAPI SeCreateAccessState ( PACCESS_STATE  AccessState,
PAUX_ACCESS_DATA  AuxData,
ACCESS_MASK  Access,
PGENERIC_MAPPING  GenericMapping 
)

◆ SeDeleteAccessState()

NTKERNELAPI VOID NTAPI SeDeleteAccessState ( _In_ PACCESS_STATE  AccessState)

◆ SeReleaseSecurityDescriptor()

NTKERNELAPI NTSTATUS NTAPI SeReleaseSecurityDescriptor ( _In_ PSECURITY_DESCRIPTOR  CapturedSecurityDescriptor,
_In_ KPROCESSOR_MODE  CurrentMode,
_In_ BOOLEAN  CaptureIfKernelMode 
)

◆ SeTokenImpersonationLevel()

NTKERNELAPI SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel ( _In_ PACCESS_TOKEN  Token)

◆ ZwAccessCheck()

NTSYSAPI NTSTATUS NTAPI ZwAccessCheck ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_ PPRIVILEGE_SET  PrivilegeSet,
_Out_ PULONG  ReturnLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ ZwAdjustGroupsToken()

NTSYSAPI NTSTATUS NTAPI ZwAdjustGroupsToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  ResetToDefault,
_In_ PTOKEN_GROUPS  NewState,
_In_ ULONG  BufferLength,
_Out_opt_ PTOKEN_GROUPS  PreviousState,
_Out_ PULONG  ReturnLength 
)

◆ ZwAdjustPrivilegesToken()

◆ ZwAllocateLocallyUniqueId()

NTSYSAPI NTSTATUS NTAPI ZwAllocateLocallyUniqueId ( _Out_ LUID LocallyUniqueId)

◆ ZwAllocateUuids()

NTSYSAPI NTSTATUS NTAPI ZwAllocateUuids ( PULARGE_INTEGER  Time,
PULONG  Range,
PULONG  Sequence,
PUCHAR  Seed 
)

◆ ZwCreateToken()

NTSYSAPI NTSTATUS NTAPI ZwCreateToken ( _Out_ PHANDLE  TokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ TOKEN_TYPE  TokenType,
_In_ PLUID  AuthenticationId,
_In_ PLARGE_INTEGER  ExpirationTime,
_In_ PTOKEN_USER  TokenUser,
_In_ PTOKEN_GROUPS  TokenGroups,
_In_ PTOKEN_PRIVILEGES  TokenPrivileges,
_In_ PTOKEN_OWNER  TokenOwner,
_In_ PTOKEN_PRIMARY_GROUP  TokenPrimaryGroup,
_In_ PTOKEN_DEFAULT_DACL  TokenDefaultDacl,
_In_ PTOKEN_SOURCE  TokenSource 
)

◆ ZwImpersonateAnonymousToken()

NTSYSAPI NTSTATUS NTAPI ZwImpersonateAnonymousToken ( _In_ HANDLE  Thread)

◆ ZwOpenObjectAuditAlarm()

NTSYSAPI NTSTATUS NTAPI ZwOpenObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ULONG  DesiredAccess,
_In_ ULONG  GrantedAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  ObjectCreation,
_In_ BOOLEAN  AccessGranted,
_Out_ PBOOLEAN  GenerateOnClose 
)

◆ ZwOpenProcessTokenEx()

NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

◆ ZwPrivilegeCheck()

NTSYSAPI NTSTATUS NTAPI ZwPrivilegeCheck ( _In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  RequiredPrivileges,
_In_ PBOOLEAN  Result 
)

◆ ZwPrivilegedServiceAuditAlarm()

NTSYSAPI NTSTATUS NTAPI ZwPrivilegedServiceAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PUNICODE_STRING  ServiceName,
_In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ ZwPrivilegeObjectAuditAlarm()

NTSYSAPI NTSTATUS NTAPI ZwPrivilegeObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PVOID  HandleId,
_In_ HANDLE  ClientToken,
_In_ ULONG  DesiredAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ ZwSetInformationToken()

NTSYSAPI NTSTATUS NTAPI ZwSetInformationToken ( _In_ HANDLE  TokenHandle,
_In_ TOKEN_INFORMATION_CLASS  TokenInformationClass,
_Out_ PVOID  TokenInformation,
_In_ ULONG  TokenInformationLength 
)

Variable Documentation

◆ DesiredAccess

Definition at line 417 of file sefuncs.h.

◆ EffectiveOnly

◆ Length

Definition at line 509 of file sefuncs.h.

◆ NewTokenHandle

Definition at line 417 of file sefuncs.h.

Referenced by NtDuplicateToken().

◆ ObjectAttributes

Definition at line 417 of file sefuncs.h.

◆ ResultLength

◆ ReturnLength

Definition at line 320 of file sefuncs.h.

◆ TokenHandle

Definition at line 455 of file sefuncs.h.

◆ TokenInformationClass

◆ TokenInformationLength

◆ TokenType