ReactOS  0.4.15-dev-425-gc40b086
Functions | Variables
sefuncs.h File Reference
#include <umtypes.h>
Include dependency graph for sefuncs.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

NTKERNELAPI NTSTATUS NTAPI SeCaptureSecurityDescriptor (_In_ PSECURITY_DESCRIPTOR OriginalSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
 
NTKERNELAPI NTSTATUS NTAPI SeReleaseSecurityDescriptor (_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
 
NTKERNELAPI NTSTATUS NTAPI SeCreateAccessState (PACCESS_STATE AccessState, PAUX_ACCESS_DATA AuxData, ACCESS_MASK Access, PGENERIC_MAPPING GenericMapping)
 
NTKERNELAPI VOID NTAPI SeDeleteAccessState (_In_ PACCESS_STATE AccessState)
 
NTKERNELAPI SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel (_In_ PACCESS_TOKEN Token)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheck (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_ PPRIVILEGE_SET PrivilegeSet, _Out_ PULONG ReturnLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
NTSTATUS NTAPI NtAccessCheckByType (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
NTSTATUS NTAPI NtAccessCheckByTypeResultList (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_opt_ PTOKEN_GROUPS NewState, _In_opt_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, _Out_ PULONG ReturnLength)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAllocateLocallyUniqueId (_Out_ LUID *LocallyUniqueId)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAllocateUuids (PULARGE_INTEGER Time, PULONG Range, PULONG Sequence, PUCHAR Seed)
 
NTSYSCALLAPI NTSTATUS NTAPI NtCompareTokens (_In_ HANDLE FirstTokenHandle, _In_ HANDLE SecondTokenHandle, _Out_ PBOOLEAN Equal)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateToken (_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_opt_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_opt_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken (_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken (_In_ HANDLE Thread)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
 
NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck (_In_ HANDLE ClientToken, _Inout_ PPRIVILEGE_SET RequiredPrivileges, _Out_ PBOOLEAN Result)
 
NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
 _When_ (TokenInformationClass==TokenAccessInformation, _At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))) _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle
 
_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ (TokenInformationLength, *ReturnLength) PVOID TokenInformation
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken (_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
 
NTSYSAPI NTSTATUS NTAPI ZwAccessCheck (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_ PPRIVILEGE_SET PrivilegeSet, _Out_ PULONG ReturnLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
NTSYSAPI NTSTATUS NTAPI ZwAdjustGroupsToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_ PTOKEN_GROUPS NewState, _In_ ULONG BufferLength, _Out_opt_ PTOKEN_GROUPS PreviousState, _Out_ PULONG ReturnLength)
 
_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI ZwAdjustPrivilegesToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
 
NTSYSAPI NTSTATUS NTAPI ZwAllocateLocallyUniqueId (_Out_ LUID *LocallyUniqueId)
 
NTSYSAPI NTSTATUS NTAPI ZwAllocateUuids (PULARGE_INTEGER Time, PULONG Range, PULONG Sequence, PUCHAR Seed)
 
NTSYSAPI NTSTATUS NTAPI ZwCreateToken (_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
 
 _IRQL_requires_max_ (PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwDuplicateToken(_In_ HANDLE ExistingTokenHandle
 
NTSYSAPI NTSTATUS NTAPI ZwImpersonateAnonymousToken (_In_ HANDLE Thread)
 
NTSYSAPI NTSTATUS NTAPI ZwOpenObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ULONG DesiredAccess, _In_ ULONG GrantedAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
 
NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 
NTSYSAPI NTSTATUS NTAPI ZwPrivilegeCheck (_In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET RequiredPrivileges, _In_ PBOOLEAN Result)
 
NTSYSAPI NTSTATUS NTAPI ZwPrivilegedServiceAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
NTSYSAPI NTSTATUS NTAPI ZwPrivilegeObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ULONG DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ (Length, *ResultLength) PVOID TokenInformation
 
NTSYSAPI NTSTATUS NTAPI ZwSetInformationToken (_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_ PVOID TokenInformation, _In_ ULONG TokenInformationLength)
 

Variables

_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ReturnLength
 
_In_ ACCESS_MASK DesiredAccess
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
 
_In_ ACCESS_MASK _Out_ PHANDLE TokenHandle
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG Length
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ResultLength
 

Function Documentation

◆ _IRQL_requires_max_()

_IRQL_requires_max_ ( PASSIVE_LEVEL  )

Definition at line 64 of file Messaging.c.

75 {
76  PFLT_SERVER_PORT_OBJECT PortObject;
77  NTSTATUS Status;
78 
79  /* The caller must allow at least one connection */
80  if (MaxConnections == 0)
81  {
82  return STATUS_INVALID_PARAMETER;
83  }
84 
85  /* The request must be for a kernel handle */
86  if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
87  {
88  return STATUS_INVALID_PARAMETER;
89  }
90 
91  /*
92  * Get rundown protection on the target to stop the owner
93  * from unloading whilst this port object is open. It gets
94  * removed in the FltpServerPortClose callback
95  */
96  Status = FltObjectReference(Filter);
97  if (!NT_SUCCESS(Status))
98  {
99  return Status;
100  }
101 
102  /* Create the server port object for this filter */
103  Status = ObCreateObject(KernelMode,
104  ServerPortObjectType,
105  ObjectAttributes,
106  KernelMode,
107  NULL,
108  sizeof(FLT_SERVER_PORT_OBJECT),
109  0,
110  0,
111  (PVOID *)&PortObject);
112  if (NT_SUCCESS(Status))
113  {
114  /* Zero out the struct */
115  RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
116 
117  /* Increment the ref count on the target filter */
118  FltpObjectPointerReference((PFLT_OBJECT)Filter);
119 
120  /* Setup the filter port object */
121  PortObject->Filter = Filter;
122  PortObject->ConnectNotify = ConnectNotifyCallback;
123  PortObject->DisconnectNotify = DisconnectNotifyCallback;
124  PortObject->MessageNotify = MessageNotifyCallback;
125  PortObject->Cookie = ServerPortCookie;
126  PortObject->MaxConnections = MaxConnections;
127 
128  /* Insert the object */
129  Status = ObInsertObject(PortObject,
130  NULL,
131  STANDARD_RIGHTS_ALL | FILE_READ_DATA,
132  0,
133  NULL,
134  (PHANDLE)ServerPort);
135  if (NT_SUCCESS(Status))
136  {
137  /* Lock the connection list */
138  ExAcquireFastMutex(&Filter->ConnectionList.mLock);
139 
140  /* Add the new port object to the connection list and increment the count */
141  InsertTailList(&Filter->ConnectionList.mList, &PortObject->FilterLink);
142  Filter->ConnectionList.mCount++;
143 
144  /* Unlock the connection list*/
145  ExReleaseFastMutex(&Filter->ConnectionList.mLock);
146  }
147  }
148 
149  if (!NT_SUCCESS(Status))
150  {
151  /* Allow the filter to be cleaned up */
152  FltObjectDereference(Filter);
153  }
154 
155  return Status;
156 }
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
ServerPort
_Must_inspect_result_ _Outptr_ PFLT_PORT * ServerPort
Definition: fltkernel.h:1873
_FLT_SERVER_PORT_OBJECT::ConnectNotify
PFLT_CONNECT_NOTIFY ConnectNotify
Definition: fltmgrint.h:191
FltObjectDereference
VOID FLTAPI FltObjectDereference(_Inout_ PVOID Object)
Definition: Object.c:53
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
_FLT_MUTEX_LIST_HEAD::mCount
ULONG mCount
Definition: fltmgrint.h:57
InsertTailList
#define InsertTailList(ListHead, Entry)
Definition: env_spec_w32.h:1003
OBJ_KERNEL_HANDLE
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
ExReleaseFastMutex
VOID FASTCALL ExReleaseFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:31
FltpObjectPointerReference
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
_FLT_MUTEX_LIST_HEAD::mList
LIST_ENTRY mList
Definition: fltmgrint.h:56
Filter
_Must_inspect_result_ _In_opt_ PFLT_FILTER Filter
Definition: fltkernel.h:1802
FILE_READ_DATA
#define FILE_READ_DATA
Definition: nt_native.h:628
NULL
smooth NULL
Definition: ftsmooth.c:416
ObCreateObject
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:952
_FLT_SERVER_PORT_OBJECT::Cookie
PVOID Cookie
Definition: fltmgrint.h:195
ServerPortObjectType
POBJECT_TYPE ServerPortObjectType
Definition: Messaging.c:24
_FLT_OBJECT
Definition: fltmgrint.h:25
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
DisconnectNotifyCallback
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1873
_FLT_SERVER_PORT_OBJECT::MaxConnections
LONG MaxConnections
Definition: fltmgrint.h:198
PHANDLE
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
ConnectNotifyCallback
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1873
_FLT_SERVER_PORT_OBJECT
Definition: fltmgrint.h:188
Status
Status
Definition: gdiplustypes.h:24
ObInsertObject
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2932
STANDARD_RIGHTS_ALL
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
ExAcquireFastMutex
VOID FASTCALL ExAcquireFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:23
FltObjectReference
NTSTATUS FLTAPI FltObjectReference(_Inout_ PVOID Object)
Definition: Object.c:41
ServerPortCookie
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1873
_FLT_SERVER_PORT_OBJECT::Filter
PFLT_FILTER Filter
Definition: fltmgrint.h:194
_FLT_MUTEX_LIST_HEAD::mLock
FAST_MUTEX mLock
Definition: fltmgrint.h:55
_FLT_SERVER_PORT_OBJECT::MessageNotify
PFLT_MESSAGE_NOTIFY MessageNotify
Definition: fltmgrint.h:193
_FLT_SERVER_PORT_OBJECT::FilterLink
LIST_ENTRY FilterLink
Definition: fltmgrint.h:190
RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
MaxConnections
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY _In_ LONG MaxConnections
Definition: fltkernel.h:1873
_FLT_SERVER_PORT_OBJECT::DisconnectNotify
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
MessageNotifyCallback
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1873
_FLT_FILTER::ConnectionList
FLT_MUTEX_LIST_HEAD ConnectionList
Definition: fltmgrint.h:121

◆ _Out_writes_bytes_to_opt_() [1/2]

_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ ( TokenInformationLength  ,
ReturnLength 
)

◆ _Out_writes_bytes_to_opt_() [2/2]

_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ ( Length  ,
ResultLength 
)

◆ _When_()

_When_ ( TokenInformationClass  = TokenAccessInformation,
_At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))   
)

◆ NtAccessCheck()

NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheck ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_ PPRIVILEGE_SET  PrivilegeSet,
_Out_ PULONG  ReturnLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ NtAccessCheckAndAuditAlarm()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus,
_Out_ PBOOLEAN  GenerateOnClose 
)

Definition at line 1406 of file audit.c.

1418 {
1419  /* Call the internal function */
1420  return SepAccessCheckAndAuditAlarm(SubsystemName,
1421  HandleId,
1422  NULL,
1423  ObjectTypeName,
1424  ObjectName,
1425  SecurityDescriptor,
1426  NULL,
1427  DesiredAccess,
1428  AuditEventObjectAccess,
1429  0,
1430  NULL,
1431  0,
1432  GenericMapping,
1433  GrantedAccess,
1434  AccessStatus,
1435  GenerateOnClose,
1436  FALSE);
1437 }
ObjectTypeName
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
AccessStatus
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
ObjectName
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
NULL
smooth NULL
Definition: ftsmooth.c:416
GenerateOnClose
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
GenericMapping
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
DesiredAccess
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4137
GrantedAccess
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
SepAccessCheckAndAuditAlarm
_Must_inspect_result_ NTSTATUS NTAPI SepAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PHANDLE ClientTokenHandle, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccessList, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatusList, _Out_ PBOOLEAN GenerateOnClose, _In_ BOOLEAN UseResultList)
Definition: audit.c:371

◆ NtAccessCheckByType()

NTSTATUS NTAPI NtAccessCheckByType ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PSID  PrincipalSelfSid,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ PPRIVILEGE_SET  PrivilegeSet,
_Inout_ PULONG  PrivilegeSetLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ NtAccessCheckByTypeResultList()

NTSTATUS NTAPI NtAccessCheckByTypeResultList ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PSID  PrincipalSelfSid,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ PPRIVILEGE_SET  PrivilegeSet,
_Inout_ PULONG  PrivilegeSetLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ NtAdjustGroupsToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  ResetToDefault,
_In_opt_ PTOKEN_GROUPS  NewState,
_In_opt_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS  PreviousState,
_Out_ PULONG  ReturnLength 
)

◆ NtAdjustPrivilegesToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  DisableAllPrivileges,
_In_opt_ PTOKEN_PRIVILEGES  NewState,
_In_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES  PreviousState,
_When_(PreviousState !=NULL, _Out_) PULONG  ReturnLength 
)

◆ NtAllocateLocallyUniqueId()

NTSYSCALLAPI NTSTATUS NTAPI NtAllocateLocallyUniqueId ( _Out_ LUID LocallyUniqueId)

◆ NtAllocateUuids()

NTSYSCALLAPI NTSTATUS NTAPI NtAllocateUuids ( PULARGE_INTEGER  Time,
PULONG  Range,
PULONG  Sequence,
PUCHAR  Seed 
)

◆ NtCompareTokens()

NTSYSCALLAPI NTSTATUS NTAPI NtCompareTokens ( _In_ HANDLE  FirstTokenHandle,
_In_ HANDLE  SecondTokenHandle,
_Out_ PBOOLEAN  Equal 
)

◆ NtCreateToken()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateToken ( _Out_ PHANDLE  TokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ TOKEN_TYPE  TokenType,
_In_ PLUID  AuthenticationId,
_In_ PLARGE_INTEGER  ExpirationTime,
_In_ PTOKEN_USER  TokenUser,
_In_ PTOKEN_GROUPS  TokenGroups,
_In_ PTOKEN_PRIVILEGES  TokenPrivileges,
_In_opt_ PTOKEN_OWNER  TokenOwner,
_In_ PTOKEN_PRIMARY_GROUP  TokenPrimaryGroup,
_In_opt_ PTOKEN_DEFAULT_DACL  TokenDefaultDacl,
_In_ PTOKEN_SOURCE  TokenSource 
)

Definition at line 3420 of file token.c.

3434 {
3435  HANDLE hToken;
3436  KPROCESSOR_MODE PreviousMode;
3437  ULONG PrivilegeCount, GroupCount;
3438  PSID OwnerSid, PrimaryGroupSid;
3439  PACL DefaultDacl;
3440  LARGE_INTEGER LocalExpirationTime = {{0, 0}};
3441  LUID LocalAuthenticationId;
3442  TOKEN_SOURCE LocalTokenSource;
3443  SECURITY_QUALITY_OF_SERVICE LocalSecurityQos;
3444  PLUID_AND_ATTRIBUTES CapturedPrivileges = NULL;
3445  PSID_AND_ATTRIBUTES CapturedUser = NULL;
3446  PSID_AND_ATTRIBUTES CapturedGroups = NULL;
3447  PSID CapturedOwnerSid = NULL;
3448  PSID CapturedPrimaryGroupSid = NULL;
3449  PACL CapturedDefaultDacl = NULL;
3450  ULONG PrivilegesLength, UserLength, GroupsLength;
3451  NTSTATUS Status;
3452 
3453  PAGED_CODE();
3454 
3455  PreviousMode = ExGetPreviousMode();
3456 
3457  if (PreviousMode != KernelMode)
3458  {
3459  _SEH2_TRY
3460  {
3461  ProbeForWriteHandle(TokenHandle);
3462 
3463  if (ObjectAttributes != NULL)
3464  {
3465  ProbeForRead(ObjectAttributes,
3466  sizeof(OBJECT_ATTRIBUTES),
3467  sizeof(ULONG));
3468  LocalSecurityQos = *(SECURITY_QUALITY_OF_SERVICE*)ObjectAttributes->SecurityQualityOfService;
3469  }
3470 
3471  ProbeForRead(AuthenticationId,
3472  sizeof(LUID),
3473  sizeof(ULONG));
3474  LocalAuthenticationId = *AuthenticationId;
3475 
3476  LocalExpirationTime = ProbeForReadLargeInteger(ExpirationTime);
3477 
3478  ProbeForRead(TokenUser,
3479  sizeof(TOKEN_USER),
3480  sizeof(ULONG));
3481 
3482  ProbeForRead(TokenGroups,
3483  sizeof(TOKEN_GROUPS),
3484  sizeof(ULONG));
3485  GroupCount = TokenGroups->GroupCount;
3486 
3487  ProbeForRead(TokenPrivileges,
3488  sizeof(TOKEN_PRIVILEGES),
3489  sizeof(ULONG));
3490  PrivilegeCount = TokenPrivileges->PrivilegeCount;
3491 
3492  if (TokenOwner != NULL)
3493  {
3494  ProbeForRead(TokenOwner,
3495  sizeof(TOKEN_OWNER),
3496  sizeof(ULONG));
3497  OwnerSid = TokenOwner->Owner;
3498  }
3499  else
3500  {
3501  OwnerSid = NULL;
3502  }
3503 
3504  ProbeForRead(TokenPrimaryGroup,
3505  sizeof(TOKEN_PRIMARY_GROUP),
3506  sizeof(ULONG));
3507  PrimaryGroupSid = TokenPrimaryGroup->PrimaryGroup;
3508 
3509  if (TokenDefaultDacl != NULL)
3510  {
3511  ProbeForRead(TokenDefaultDacl,
3512  sizeof(TOKEN_DEFAULT_DACL),
3513  sizeof(ULONG));
3514  DefaultDacl = TokenDefaultDacl->DefaultDacl;
3515  }
3516  else
3517  {
3518  DefaultDacl = NULL;
3519  }
3520 
3521  ProbeForRead(TokenSource,
3522  sizeof(TOKEN_SOURCE),
3523  sizeof(ULONG));
3524  LocalTokenSource = *TokenSource;
3525  }
3526  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
3527  {
3528  /* Return the exception code */
3529  _SEH2_YIELD(return _SEH2_GetExceptionCode());
3530  }
3531  _SEH2_END;
3532  }
3533  else
3534  {
3535  if (ObjectAttributes != NULL)
3536  LocalSecurityQos = *(SECURITY_QUALITY_OF_SERVICE*)ObjectAttributes->SecurityQualityOfService;
3537  LocalAuthenticationId = *AuthenticationId;
3538  LocalExpirationTime = *ExpirationTime;
3539  GroupCount = TokenGroups->GroupCount;
3540  PrivilegeCount = TokenPrivileges->PrivilegeCount;
3541  OwnerSid = TokenOwner ? TokenOwner->Owner : NULL;
3542  PrimaryGroupSid = TokenPrimaryGroup->PrimaryGroup;
3543  DefaultDacl = TokenDefaultDacl ? TokenDefaultDacl->DefaultDacl : NULL;
3544  LocalTokenSource = *TokenSource;
3545  }
3546 
3547  /* Check token type */
3548  if ((TokenType < TokenPrimary) ||
3549  (TokenType > TokenImpersonation))
3550  {
3551  return STATUS_BAD_TOKEN_TYPE;
3552  }
3553 
3554  /* Check for token creation privilege */
3555  if (!SeSinglePrivilegeCheck(SeCreateTokenPrivilege, PreviousMode))
3556  {
3557  return STATUS_PRIVILEGE_NOT_HELD;
3558  }
3559 
3560  /* Capture the user SID and attributes */
3561  Status = SeCaptureSidAndAttributesArray(&TokenUser->User,
3562  1,
3563  PreviousMode,
3564  NULL,
3565  0,
3566  PagedPool,
3567  FALSE,
3568  &CapturedUser,
3569  &UserLength);
3570  if (!NT_SUCCESS(Status))
3571  {
3572  goto Cleanup;
3573  }
3574 
3575  /* Capture the groups SID and attributes array */
3576  Status = SeCaptureSidAndAttributesArray(&TokenGroups->Groups[0],
3577  GroupCount,
3578  PreviousMode,
3579  NULL,
3580  0,
3581  PagedPool,
3582  FALSE,
3583  &CapturedGroups,
3584  &GroupsLength);
3585  if (!NT_SUCCESS(Status))
3586  {
3587  goto Cleanup;
3588  }
3589 
3590  /* Capture privileges */
3591  Status = SeCaptureLuidAndAttributesArray(&TokenPrivileges->Privileges[0],
3592  PrivilegeCount,
3593  PreviousMode,
3594  NULL,
3595  0,
3596  PagedPool,
3597  FALSE,
3598  &CapturedPrivileges,
3599  &PrivilegesLength);
3600  if (!NT_SUCCESS(Status))
3601  {
3602  goto Cleanup;
3603  }
3604 
3605  /* Capture the token owner SID */
3606  if (TokenOwner != NULL)
3607  {
3608  Status = SepCaptureSid(OwnerSid,
3609  PreviousMode,
3610  PagedPool,
3611  FALSE,
3612  &CapturedOwnerSid);
3613  if (!NT_SUCCESS(Status))
3614  {
3615  goto Cleanup;
3616  }
3617  }
3618 
3619  /* Capture the token primary group SID */
3620  Status = SepCaptureSid(PrimaryGroupSid,
3621  PreviousMode,
3622  PagedPool,
3623  FALSE,
3624  &CapturedPrimaryGroupSid);
3625  if (!NT_SUCCESS(Status))
3626  {
3627  goto Cleanup;
3628  }
3629 
3630  /* Capture DefaultDacl */
3631  if (DefaultDacl != NULL)
3632  {
3633  Status = SepCaptureAcl(DefaultDacl,
3634  PreviousMode,
3635  NonPagedPool,
3636  FALSE,
3637  &CapturedDefaultDacl);
3638  if (!NT_SUCCESS(Status))
3639  {
3640  goto Cleanup;
3641  }
3642  }
3643 
3644  /* Call the internal function */
3645  Status = SepCreateToken(&hToken,
3646  PreviousMode,
3647  DesiredAccess,
3648  ObjectAttributes,
3649  TokenType,
3650  LocalSecurityQos.ImpersonationLevel,
3651  &LocalAuthenticationId,
3652  &LocalExpirationTime,
3653  CapturedUser,
3654  GroupCount,
3655  CapturedGroups,
3656  0, // FIXME: Should capture
3657  PrivilegeCount,
3658  CapturedPrivileges,
3659  CapturedOwnerSid,
3660  CapturedPrimaryGroupSid,
3661  CapturedDefaultDacl,
3662  &LocalTokenSource,
3663  FALSE);
3664  if (NT_SUCCESS(Status))
3665  {
3666  _SEH2_TRY
3667  {
3668  *TokenHandle = hToken;
3669  }
3670  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
3671  {
3672  Status = _SEH2_GetExceptionCode();
3673  }
3674  _SEH2_END;
3675  }
3676 
3677 Cleanup:
3678 
3679  /* Release what we captured */
3680  SeReleaseSidAndAttributesArray(CapturedUser, PreviousMode, FALSE);
3681  SeReleaseSidAndAttributesArray(CapturedGroups, PreviousMode, FALSE);
3682  SeReleaseLuidAndAttributesArray(CapturedPrivileges, PreviousMode, FALSE);
3683  SepReleaseSid(CapturedOwnerSid, PreviousMode, FALSE);
3684  SepReleaseSid(CapturedPrimaryGroupSid, PreviousMode, FALSE);
3685  SepReleaseAcl(CapturedDefaultDacl, PreviousMode, FALSE);
3686 
3687  return Status;
3688 }
_LUID_AND_ATTRIBUTES
Definition: setypes.h:73
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
STATUS_PRIVILEGE_NOT_HELD
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
_TOKEN_DEFAULT_DACL
Definition: setypes.h:981
_TOKEN_GROUPS
Definition: setypes.h:959
_SID
Definition: ms-dtyp.idl:198
SeCreateTokenPrivilege
const LUID SeCreateTokenPrivilege
Definition: priv.c:23
SeReleaseSidAndAttributesArray
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Definition: sid.c:559
_TOKEN_PRIVILEGES
Definition: setypes.h:968
_OBJECT_ATTRIBUTES
Definition: umtypes.h:181
_ACL
Definition: ms-dtyp.idl:293
_TOKEN_PRIMARY_GROUP
Definition: setypes.h:977
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
SeReleaseLuidAndAttributesArray
VOID NTAPI SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege, KPROCESSOR_MODE PreviousMode, BOOLEAN CaptureIfKernel)
Definition: priv.c:387
SeSinglePrivilegeCheck
BOOLEAN NTAPI SeSinglePrivilegeCheck(IN LUID PrivilegeValue, IN KPROCESSOR_MODE PreviousMode)
Definition: priv.c:524
ExGetPreviousMode
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
SeCaptureLuidAndAttributesArray
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src, ULONG PrivilegeCount, KPROCESSOR_MODE PreviousMode, PLUID_AND_ATTRIBUTES AllocatedMem, ULONG AllocatedLength, POOL_TYPE PoolType, BOOLEAN CaptureIfKernel, PLUID_AND_ATTRIBUTES *Dest, PULONG Length)
Definition: priv.c:291
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
_LUID
Definition: devicetopology.idl:136
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
STATUS_BAD_TOKEN_TYPE
#define STATUS_BAD_TOKEN_TYPE
Definition: ntstatus.h:390
NULL
smooth NULL
Definition: ftsmooth.c:416
SepCaptureAcl
NTSTATUS NTAPI SepCaptureAcl(IN PACL InputAcl, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PACL *CapturedAcl)
Definition: acl.c:277
SepCreateToken
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Definition: token.c:882
TokenHandle
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
_TOKEN_OWNER
Definition: setypes.h:973
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
_SEH2_YIELD
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
SepReleaseAcl
VOID NTAPI SepReleaseAcl(IN PACL CapturedAcl, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: acl.c:365
_SID_AND_ATTRIBUTES
Definition: setypes.h:474
ProbeForWriteHandle
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
_SECURITY_QUALITY_OF_SERVICE
Definition: lsa.idl:63
ProbeForReadLargeInteger
#define ProbeForReadLargeInteger(Ptr)
Definition: probe.h:75
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
_TOKEN_USER
Definition: setypes.h:955
ProbeForRead
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
SeCaptureSidAndAttributesArray
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
Definition: sid.c:358
Cleanup
static const WCHAR Cleanup[]
Definition: register.c:80
Status
Status
Definition: gdiplustypes.h:24
_TOKEN_SOURCE
Definition: imports.h:277
_SEH2_END
_SEH2_END
Definition: create.c:4400
DesiredAccess
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4137
_SECURITY_QUALITY_OF_SERVICE::ImpersonationLevel
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
_LARGE_INTEGER
Definition: typedefs.h:101
SepReleaseSid
VOID NTAPI SepReleaseSid(IN PSID CapturedSid, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: sid.c:342
ULONG
unsigned int ULONG
Definition: retypes.h:1
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
SepCaptureSid
NTSTATUS NTAPI SepCaptureSid(IN PSID InputSid, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSID *CapturedSid)
Definition: sid.c:274
TokenType
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:417
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

Referenced by LsapLogonUser().

◆ NtDuplicateToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken ( _In_ HANDLE  ExistingTokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ BOOLEAN  EffectiveOnly,
_In_ TOKEN_TYPE  TokenType,
_Out_ PHANDLE  NewTokenHandle 
)

Definition at line 2941 of file token.c.

2948 {
2949  KPROCESSOR_MODE PreviousMode;
2950  HANDLE hToken;
2951  PTOKEN Token;
2952  PTOKEN NewToken;
2953  PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService;
2954  BOOLEAN QoSPresent;
2955  OBJECT_HANDLE_INFORMATION HandleInformation;
2956  NTSTATUS Status;
2957 
2958  PAGED_CODE();
2959 
2960  if (TokenType != TokenImpersonation &&
2961  TokenType != TokenPrimary)
2962  {
2963  return STATUS_INVALID_PARAMETER;
2964  }
2965 
2966  PreviousMode = KeGetPreviousMode();
2967 
2968  if (PreviousMode != KernelMode)
2969  {
2970  _SEH2_TRY
2971  {
2972  ProbeForWriteHandle(NewTokenHandle);
2973  }
2974  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2975  {
2976  /* Return the exception code */
2977  _SEH2_YIELD(return _SEH2_GetExceptionCode());
2978  }
2979  _SEH2_END;
2980  }
2981 
2982  Status = SepCaptureSecurityQualityOfService(ObjectAttributes,
2983  PreviousMode,
2984  PagedPool,
2985  FALSE,
2986  &CapturedSecurityQualityOfService,
2987  &QoSPresent);
2988  if (!NT_SUCCESS(Status))
2989  {
2990  DPRINT1("NtDuplicateToken() failed to capture QoS! Status: 0x%x\n", Status);
2991  return Status;
2992  }
2993 
2994  Status = ObReferenceObjectByHandle(ExistingTokenHandle,
2995  TOKEN_DUPLICATE,
2996  SeTokenObjectType,
2997  PreviousMode,
2998  (PVOID*)&Token,
2999  &HandleInformation);
3000  if (!NT_SUCCESS(Status))
3001  {
3002  DPRINT1("Failed to reference token (Status 0x%lx)\n", Status);
3003  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3004  PreviousMode,
3005  FALSE);
3006  return Status;
3007  }
3008 
3009  /*
3010  * Fail, if the original token is an impersonation token and the caller
3011  * tries to raise the impersonation level of the new token above the
3012  * impersonation level of the original token.
3013  */
3014  if (Token->TokenType == TokenImpersonation)
3015  {
3016  if (QoSPresent &&
3017  CapturedSecurityQualityOfService->ImpersonationLevel >Token->ImpersonationLevel)
3018  {
3019  ObDereferenceObject(Token);
3020  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3021  PreviousMode,
3022  FALSE);
3023  return STATUS_BAD_IMPERSONATION_LEVEL;
3024  }
3025  }
3026 
3027  /*
3028  * Fail, if a primary token is to be created from an impersonation token
3029  * and and the impersonation level of the impersonation token is below SecurityImpersonation.
3030  */
3031  if (Token->TokenType == TokenImpersonation &&
3032  TokenType == TokenPrimary &&
3033  Token->ImpersonationLevel < SecurityImpersonation)
3034  {
3035  ObDereferenceObject(Token);
3036  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3037  PreviousMode,
3038  FALSE);
3039  return STATUS_BAD_IMPERSONATION_LEVEL;
3040  }
3041 
3042  Status = SepDuplicateToken(Token,
3043  ObjectAttributes,
3044  EffectiveOnly,
3045  TokenType,
3046  (QoSPresent ? CapturedSecurityQualityOfService->ImpersonationLevel : SecurityAnonymous),
3047  PreviousMode,
3048  &NewToken);
3049 
3050  ObDereferenceObject(Token);
3051 
3052  if (NT_SUCCESS(Status))
3053  {
3054  Status = ObInsertObject(NewToken,
3055  NULL,
3056  (DesiredAccess ? DesiredAccess : HandleInformation.GrantedAccess),
3057  0,
3058  NULL,
3059  &hToken);
3060  if (NT_SUCCESS(Status))
3061  {
3062  _SEH2_TRY
3063  {
3064  *NewTokenHandle = hToken;
3065  }
3066  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
3067  {
3068  Status = _SEH2_GetExceptionCode();
3069  }
3070  _SEH2_END;
3071  }
3072  }
3073 
3074  /* Free the captured structure */
3075  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3076  PreviousMode,
3077  FALSE);
3078 
3079  return Status;
3080 }
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
STATUS_BAD_IMPERSONATION_LEVEL
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:387
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
_OBJECT_HANDLE_INFORMATION
Definition: iotypes.h:156
KeGetPreviousMode
#define KeGetPreviousMode()
Definition: ketypes.h:1107
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
SepCaptureSecurityQualityOfService
NTSTATUS NTAPI SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, OUT PBOOLEAN Present)
Definition: sd.c:211
ObDereferenceObject
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
SepDuplicateToken
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Definition: token.c:441
ObReferenceObjectByHandle
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:496
NewTokenHandle
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
Definition: sefuncs.h:417
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
NULL
smooth NULL
Definition: ftsmooth.c:416
SeTokenObjectType
POBJECT_TYPE SeTokenObjectType
Definition: token.c:34
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
_SEH2_YIELD
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
ProbeForWriteHandle
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
HandleInformation
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
Definition: obfuncs.h:40
SepReleaseSecurityQualityOfService
VOID NTAPI SepReleaseSecurityQualityOfService(IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: sd.c:367
_SECURITY_QUALITY_OF_SERVICE
Definition: lsa.idl:63
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
TOKEN_DUPLICATE
#define TOKEN_DUPLICATE
Definition: setypes.h:872
Status
Status
Definition: gdiplustypes.h:24
_SEH2_END
_SEH2_END
Definition: create.c:4400
ObInsertObject
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2932
DesiredAccess
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4137
_SECURITY_QUALITY_OF_SERVICE::ImpersonationLevel
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
DPRINT1
#define DPRINT1
Definition: precomp.h:8
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
EffectiveOnly
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:417
_TOKEN
Definition: setypes.h:151
TokenType
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:417
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

◆ NtImpersonateAnonymousToken()

NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken ( _In_ HANDLE  Thread)

◆ NtOpenObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_opt_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ACCESS_MASK  GrantedAccess,
_In_opt_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  ObjectCreation,
_In_ BOOLEAN  AccessGranted,
_Out_ PBOOLEAN  GenerateOnClose 
)

Definition at line 1001 of file audit.c.

1014 {
1015  PTOKEN ClientToken;
1016  PSECURITY_DESCRIPTOR CapturedSecurityDescriptor;
1017  UNICODE_STRING CapturedSubsystemName, CapturedObjectTypeName, CapturedObjectName;
1018  ULONG PrivilegeCount, PrivilegeSetSize;
1019  volatile PPRIVILEGE_SET CapturedPrivilegeSet;
1020  BOOLEAN LocalGenerateOnClose;
1021  PVOID CapturedHandleId;
1022  SECURITY_SUBJECT_CONTEXT SubjectContext;
1023  NTSTATUS Status;
1024  PAGED_CODE();
1025 
1026  /* Only user mode is supported! */
1027  ASSERT(ExGetPreviousMode() != KernelMode);
1028 
1029  /* Start clean */
1030  ClientToken = NULL;
1031  CapturedSecurityDescriptor = NULL;
1032  CapturedPrivilegeSet = NULL;
1033  CapturedSubsystemName.Buffer = NULL;
1034  CapturedObjectTypeName.Buffer = NULL;
1035  CapturedObjectName.Buffer = NULL;
1036 
1037  /* Reference the client token */
1038  Status = ObReferenceObjectByHandle(ClientTokenHandle,
1039  TOKEN_QUERY,
1040  SeTokenObjectType,
1041  UserMode,
1042  (PVOID*)&ClientToken,
1043  NULL);
1044  if (!NT_SUCCESS(Status))
1045  {
1046  DPRINT1("Failed to reference token handle %p: %lx\n",
1047  ClientTokenHandle, Status);
1048  return Status;
1049  }
1050 
1051  /* Capture the security subject context */
1052  SeCaptureSubjectContext(&SubjectContext);
1053 
1054  /* Validate the token's impersonation level */
1055  if ((ClientToken->TokenType == TokenImpersonation) &&
1056  (ClientToken->ImpersonationLevel < SecurityIdentification))
1057  {
1058  DPRINT1("Invalid impersonation level (%u)\n", ClientToken->ImpersonationLevel);
1059  Status = STATUS_BAD_IMPERSONATION_LEVEL;
1060  goto Cleanup;
1061  }
1062 
1063  /* Check for audit privilege */
1064  if (!SeCheckAuditPrivilege(&SubjectContext, UserMode))
1065  {
1066  DPRINT1("Caller does not have SeAuditPrivilege\n");
1067  Status = STATUS_PRIVILEGE_NOT_HELD;
1068  goto Cleanup;
1069  }
1070 
1071  /* Check for NULL SecurityDescriptor */
1072  if (SecurityDescriptor == NULL)
1073  {
1074  /* Nothing to do */
1075  Status = STATUS_SUCCESS;
1076  goto Cleanup;
1077  }
1078 
1079  /* Capture the security descriptor */
1080  Status = SeCaptureSecurityDescriptor(SecurityDescriptor,
1081  UserMode,
1082  PagedPool,
1083  FALSE,
1084  &CapturedSecurityDescriptor);
1085  if (!NT_SUCCESS(Status))
1086  {
1087  DPRINT1("Failed to capture security descriptor!\n");
1088  goto Cleanup;
1089  }
1090 
1091  _SEH2_TRY
1092  {
1093  /* Check if we have a privilege set */
1094  if (PrivilegeSet != NULL)
1095  {
1096  /* Probe the basic privilege set structure */
1097  ProbeForRead(PrivilegeSet, sizeof(PRIVILEGE_SET), sizeof(ULONG));
1098 
1099  /* Validate privilege count */
1100  PrivilegeCount = PrivilegeSet->PrivilegeCount;
1101  if (PrivilegeCount > SEP_PRIVILEGE_SET_MAX_COUNT)
1102  {
1103  Status = STATUS_INVALID_PARAMETER;
1104  _SEH2_YIELD(goto Cleanup);
1105  }
1106 
1107  /* Calculate the size of the PrivilegeSet structure */
1108  PrivilegeSetSize = FIELD_OFFSET(PRIVILEGE_SET, Privilege[PrivilegeCount]);
1109 
1110  /* Probe the whole structure */
1111  ProbeForRead(PrivilegeSet, PrivilegeSetSize, sizeof(ULONG));
1112 
1113  /* Allocate a temp buffer */
1114  CapturedPrivilegeSet = ExAllocatePoolWithTag(PagedPool,
1115  PrivilegeSetSize,
1116  TAG_PRIVILEGE_SET);
1117  if (CapturedPrivilegeSet == NULL)
1118  {
1119  DPRINT1("Failed to allocate %u bytes\n", PrivilegeSetSize);
1120  Status = STATUS_INSUFFICIENT_RESOURCES;
1121  _SEH2_YIELD(goto Cleanup);
1122  }
1123 
1124  /* Copy the privileges */
1125  RtlCopyMemory(CapturedPrivilegeSet, PrivilegeSet, PrivilegeSetSize);
1126  }
1127 
1128  if (HandleId != NULL)
1129  {
1130  ProbeForRead(HandleId, sizeof(PVOID), sizeof(PVOID));
1131  CapturedHandleId = *(PVOID*)HandleId;
1132  }
1133 
1134  ProbeForWrite(GenerateOnClose, sizeof(BOOLEAN), sizeof(BOOLEAN));
1135  }
1136  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1137  {
1138  Status = _SEH2_GetExceptionCode();
1139  DPRINT1("Exception while probing parameters: 0x%lx\n", Status);
1140  _SEH2_YIELD(goto Cleanup);
1141  }
1142  _SEH2_END;
1143 
1144  /* Probe and capture the subsystem name */
1145  Status = ProbeAndCaptureUnicodeString(&CapturedSubsystemName,
1146  UserMode,
1147  SubsystemName);
1148  if (!NT_SUCCESS(Status))
1149  {
1150  DPRINT1("Failed to capture subsystem name!\n");
1151  goto Cleanup;
1152  }
1153 
1154  /* Probe and capture the object type name */
1155  Status = ProbeAndCaptureUnicodeString(&CapturedObjectTypeName,
1156  UserMode,
1157  ObjectTypeName);
1158  if (!NT_SUCCESS(Status))
1159  {
1160  DPRINT1("Failed to capture object type name!\n");
1161  goto Cleanup;
1162  }
1163 
1164  /* Probe and capture the object name */
1165  Status = ProbeAndCaptureUnicodeString(&CapturedObjectName,
1166  UserMode,
1167  ObjectName);
1168  if (!NT_SUCCESS(Status))
1169  {
1170  DPRINT1("Failed to capture object name!\n");
1171  goto Cleanup;
1172  }
1173 
1174  /* Call the internal function */
1175  SepOpenObjectAuditAlarm(&SubjectContext,
1176  &CapturedSubsystemName,
1177  CapturedHandleId,
1178  &CapturedObjectTypeName,
1179  &CapturedObjectName,
1180  CapturedSecurityDescriptor,
1181  ClientToken,
1182  DesiredAccess,
1183  GrantedAccess,
1184  CapturedPrivilegeSet,
1185  ObjectCreation,
1186  AccessGranted,
1187  &LocalGenerateOnClose);
1188 
1189  Status = STATUS_SUCCESS;
1190 
1191  /* Enter SEH to copy the data back to user mode */
1192  _SEH2_TRY
1193  {
1194  *GenerateOnClose = LocalGenerateOnClose;
1195  }
1196  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1197  {
1198  Status = _SEH2_GetExceptionCode();
1199  DPRINT1("Exception while copying back data: 0x%lx\n", Status);
1200  }
1201  _SEH2_END;
1202 
1203 Cleanup:
1204 
1205  if (CapturedObjectName.Buffer != NULL)
1206  ReleaseCapturedUnicodeString(&CapturedObjectName, UserMode);
1207 
1208  if (CapturedObjectTypeName.Buffer != NULL)
1209  ReleaseCapturedUnicodeString(&CapturedObjectTypeName, UserMode);
1210 
1211  if (CapturedSubsystemName.Buffer != NULL)
1212  ReleaseCapturedUnicodeString(&CapturedSubsystemName, UserMode);
1213 
1214  if (CapturedSecurityDescriptor != NULL)
1215  SeReleaseSecurityDescriptor(CapturedSecurityDescriptor, UserMode, FALSE);
1216 
1217  if (CapturedPrivilegeSet != NULL)
1218  ExFreePoolWithTag(CapturedPrivilegeSet, TAG_PRIVILEGE_SET);
1219 
1220  /* Release the security subject context */
1221  SeReleaseSubjectContext(&SubjectContext);
1222 
1223  ObDereferenceObject(ClientToken);
1224 
1225  return Status;
1226 }
ProbeAndCaptureUnicodeString
static __inline NTSTATUS ProbeAndCaptureUnicodeString(OUT PUNICODE_STRING Dest, IN KPROCESSOR_MODE CurrentMode, IN const UNICODE_STRING *UnsafeSrc)
Definition: probe.h:142
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
ObjectTypeName
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
_TOKEN::TokenType
TOKEN_TYPE TokenType
Definition: setypes.h:175
SeCaptureSubjectContext
VOID NTAPI SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:301
STATUS_PRIVILEGE_NOT_HELD
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
SubjectContext
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239
SeReleaseSubjectContext
VOID NTAPI SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:360
RtlCopyMemory
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
STATUS_BAD_IMPERSONATION_LEVEL
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:387
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
_PRIVILEGE_SET
Definition: setypes.h:85
ExGetPreviousMode
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
ObDereferenceObject
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
ObjectName
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
SEP_PRIVILEGE_SET_MAX_COUNT
#define SEP_PRIVILEGE_SET_MAX_COUNT
Definition: audit.c:17
ProbeForWrite
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
SeReleaseSecurityDescriptor
NTSTATUS NTAPI SeReleaseSecurityDescriptor(IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN BOOLEAN CaptureIfKernelMode)
Definition: sd.c:766
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
ObReferenceObjectByHandle
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:496
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
NULL
smooth NULL
Definition: ftsmooth.c:416
SeTokenObjectType
POBJECT_TYPE SeTokenObjectType
Definition: token.c:34
ReleaseCapturedUnicodeString
static __inline VOID ReleaseCapturedUnicodeString(IN PUNICODE_STRING CapturedString, IN KPROCESSOR_MODE CurrentMode)
Definition: probe.h:239
TOKEN_QUERY
#define TOKEN_QUERY
Definition: setypes.h:874
_SEH2_YIELD
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
GenerateOnClose
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
Privilege
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
Definition: user_lib.cpp:531
ASSERT
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
ProbeForRead
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
Cleanup
static const WCHAR Cleanup[]
Definition: register.c:80
Status
Status
Definition: gdiplustypes.h:24
_UNICODE_STRING
Definition: env_spec_w32.h:368
_SEH2_END
_SEH2_END
Definition: create.c:4400
DesiredAccess
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4137
AccessGranted
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:414
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:254
SeCheckAuditPrivilege
BOOLEAN NTAPI SeCheckAuditPrivilege(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Definition: priv.c:257
_SECURITY_SUBJECT_CONTEXT
Definition: setypes.h:189
DPRINT1
#define DPRINT1
Definition: precomp.h:8
_TOKEN::ImpersonationLevel
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:176
ULONG
unsigned int ULONG
Definition: retypes.h:1
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
SeCaptureSecurityDescriptor
NTSTATUS NTAPI SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Definition: sd.c:434
TAG_PRIVILEGE_SET
#define TAG_PRIVILEGE_SET
Definition: tag.h:179
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
GrantedAccess
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
STATUS_SUCCESS
return STATUS_SUCCESS
Definition: btrfs.c:3014
_TOKEN
Definition: setypes.h:151
SepOpenObjectAuditAlarm
VOID NTAPI SepOpenObjectAuditAlarm(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PTOKEN ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
Definition: audit.c:967
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

◆ NtOpenProcessTokenEx()

NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

◆ NtPrivilegeCheck()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck ( _In_ HANDLE  ClientToken,
_Inout_ PPRIVILEGE_SET  RequiredPrivileges,
_Out_ PBOOLEAN  Result 
)

◆ NtPrivilegedServiceAuditAlarm()

NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PUNICODE_STRING  ServiceName,
_In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ NtPrivilegeObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ NtSetInformationToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken ( _In_ HANDLE  TokenHandle,
_In_ TOKEN_INFORMATION_CLASS  TokenInformationClass,
_In_reads_bytes_(TokenInformationLength) PVOID  TokenInformation,
_In_ ULONG  TokenInformationLength 
)

Definition at line 2414 of file token.c.

2419 {
2420  NTSTATUS Status;
2421  PTOKEN Token;
2422  KPROCESSOR_MODE PreviousMode;
2423  ULONG NeededAccess = TOKEN_ADJUST_DEFAULT;
2424 
2425  PAGED_CODE();
2426 
2427  PreviousMode = ExGetPreviousMode();
2428 
2429  Status = DefaultSetInfoBufferCheck(TokenInformationClass,
2430  SeTokenInformationClass,
2431  RTL_NUMBER_OF(SeTokenInformationClass),
2432  TokenInformation,
2433  TokenInformationLength,
2434  PreviousMode);
2435  if (!NT_SUCCESS(Status))
2436  {
2437  /* Invalid buffers */
2438  DPRINT("NtSetInformationToken() failed, Status: 0x%x\n", Status);
2439  return Status;
2440  }
2441 
2442  if (TokenInformationClass == TokenSessionId)
2443  {
2444  NeededAccess |= TOKEN_ADJUST_SESSIONID;
2445  }
2446 
2447  Status = ObReferenceObjectByHandle(TokenHandle,
2448  NeededAccess,
2449  SeTokenObjectType,
2450  PreviousMode,
2451  (PVOID*)&Token,
2452  NULL);
2453  if (NT_SUCCESS(Status))
2454  {
2455  switch (TokenInformationClass)
2456  {
2457  case TokenOwner:
2458  {
2459  if (TokenInformationLength >= sizeof(TOKEN_OWNER))
2460  {
2461  PTOKEN_OWNER to = (PTOKEN_OWNER)TokenInformation;
2462  PSID InputSid = NULL, CapturedSid;
2463  ULONG DefaultOwnerIndex;
2464 
2465  _SEH2_TRY
2466  {
2467  InputSid = to->Owner;
2468  }
2469  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2470  {
2471  Status = _SEH2_GetExceptionCode();
2472  _SEH2_YIELD(goto Cleanup);
2473  }
2474  _SEH2_END;
2475 
2476  Status = SepCaptureSid(InputSid,
2477  PreviousMode,
2478  PagedPool,
2479  FALSE,
2480  &CapturedSid);
2481  if (NT_SUCCESS(Status))
2482  {
2483  /* Lock the token */
2484  SepAcquireTokenLockExclusive(Token);
2485 
2486  /* Find the owner amongst the existing token user and groups */
2487  Status = SepFindPrimaryGroupAndDefaultOwner(Token,
2488  NULL,
2489  CapturedSid,
2490  NULL,
2491  &DefaultOwnerIndex);
2492  if (NT_SUCCESS(Status))
2493  {
2494  /* Found it */
2495  Token->DefaultOwnerIndex = DefaultOwnerIndex;
2496  ExAllocateLocallyUniqueId(&Token->ModifiedId);
2497  }
2498 
2499  /* Unlock the token */
2500  SepReleaseTokenLock(Token);
2501 
2502  SepReleaseSid(CapturedSid,
2503  PreviousMode,
2504  FALSE);
2505  }
2506  }
2507  else
2508  {
2509  Status = STATUS_INFO_LENGTH_MISMATCH;
2510  }
2511  break;
2512  }
2513 
2514  case TokenPrimaryGroup:
2515  {
2516  if (TokenInformationLength >= sizeof(TOKEN_PRIMARY_GROUP))
2517  {
2518  PTOKEN_PRIMARY_GROUP tpg = (PTOKEN_PRIMARY_GROUP)TokenInformation;
2519  PSID InputSid = NULL, CapturedSid;
2520  ULONG PrimaryGroupIndex;
2521 
2522  _SEH2_TRY
2523  {
2524  InputSid = tpg->PrimaryGroup;
2525  }
2526  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2527  {
2528  Status = _SEH2_GetExceptionCode();
2529  _SEH2_YIELD(goto Cleanup);
2530  }
2531  _SEH2_END;
2532 
2533  Status = SepCaptureSid(InputSid,
2534  PreviousMode,
2535  PagedPool,
2536  FALSE,
2537  &CapturedSid);
2538  if (NT_SUCCESS(Status))
2539  {
2540  /* Lock the token */
2541  SepAcquireTokenLockExclusive(Token);
2542 
2543  /* Find the primary group amongst the existing token user and groups */
2544  Status = SepFindPrimaryGroupAndDefaultOwner(Token,
2545  CapturedSid,
2546  NULL,
2547  &PrimaryGroupIndex,
2548  NULL);
2549  if (NT_SUCCESS(Status))
2550  {
2551  /* Found it */
2552  Token->PrimaryGroup = Token->UserAndGroups[PrimaryGroupIndex].Sid;
2553  ExAllocateLocallyUniqueId(&Token->ModifiedId);
2554  }
2555 
2556  /* Unlock the token */
2557  SepReleaseTokenLock(Token);
2558 
2559  SepReleaseSid(CapturedSid,
2560  PreviousMode,
2561  FALSE);
2562  }
2563  }
2564  else
2565  {
2566  Status = STATUS_INFO_LENGTH_MISMATCH;
2567  }
2568  break;
2569  }
2570 
2571  case TokenDefaultDacl:
2572  {
2573  if (TokenInformationLength >= sizeof(TOKEN_DEFAULT_DACL))
2574  {
2575  PTOKEN_DEFAULT_DACL tdd = (PTOKEN_DEFAULT_DACL)TokenInformation;
2576  PACL InputAcl = NULL;
2577 
2578  _SEH2_TRY
2579  {
2580  InputAcl = tdd->DefaultDacl;
2581  }
2582  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2583  {
2584  Status = _SEH2_GetExceptionCode();
2585  _SEH2_YIELD(goto Cleanup);
2586  }
2587  _SEH2_END;
2588 
2589  if (InputAcl != NULL)
2590  {
2591  PACL CapturedAcl;
2592 
2593  /* Capture and copy the dacl */
2594  Status = SepCaptureAcl(InputAcl,
2595  PreviousMode,
2596  PagedPool,
2597  TRUE,
2598  &CapturedAcl);
2599  if (NT_SUCCESS(Status))
2600  {
2601  ULONG DynamicLength;
2602 
2603  /* Lock the token */
2604  SepAcquireTokenLockExclusive(Token);
2605 
2606  //
2607  // NOTE: So far our dynamic area only contains
2608  // the default dacl, so this makes the following
2609  // code pretty simple. The day where it stores
2610  // other data, the code will require adaptations.
2611  //
2612 
2613  DynamicLength = Token->DynamicAvailable;
2614  // Add here any other data length present in the dynamic area...
2615  if (Token->DefaultDacl)
2616  DynamicLength += Token->DefaultDacl->AclSize;
2617 
2618  /* Reallocate the dynamic area if it is too small */
2619  Status = STATUS_SUCCESS;
2620  if ((DynamicLength < CapturedAcl->AclSize) ||
2621  (Token->DynamicPart == NULL))
2622  {
2623  PVOID NewDynamicPart;
2624 
2625  NewDynamicPart = ExAllocatePoolWithTag(PagedPool,
2626  CapturedAcl->AclSize,
2627  TAG_TOKEN_DYNAMIC);
2628  if (NewDynamicPart == NULL)
2629  {
2630  Status = STATUS_INSUFFICIENT_RESOURCES;
2631  }
2632  else
2633  {
2634  if (Token->DynamicPart != NULL)
2635  {
2636  // RtlCopyMemory(NewDynamicPart, Token->DynamicPart, DynamicLength);
2637  ExFreePoolWithTag(Token->DynamicPart, TAG_TOKEN_DYNAMIC);
2638  }
2639  Token->DynamicPart = NewDynamicPart;
2640  Token->DynamicAvailable = 0;
2641  }
2642  }
2643  else
2644  {
2645  Token->DynamicAvailable = DynamicLength - CapturedAcl->AclSize;
2646  }
2647 
2648  if (NT_SUCCESS(Status))
2649  {
2650  /* Set the new dacl */
2651  Token->DefaultDacl = (PVOID)Token->DynamicPart;
2652  RtlCopyMemory(Token->DefaultDacl,
2653  CapturedAcl,
2654  CapturedAcl->AclSize);
2655 
2656  ExAllocateLocallyUniqueId(&Token->ModifiedId);
2657  }
2658 
2659  /* Unlock the token */
2660  SepReleaseTokenLock(Token);
2661 
2662  ExFreePoolWithTag(CapturedAcl, TAG_ACL);
2663  }
2664  }
2665  else
2666  {
2667  /* Lock the token */
2668  SepAcquireTokenLockExclusive(Token);
2669 
2670  /* Clear the default dacl if present */
2671  if (Token->DefaultDacl != NULL)
2672  {
2673  Token->DynamicAvailable += Token->DefaultDacl->AclSize;
2674  RtlZeroMemory(Token->DefaultDacl, Token->DefaultDacl->AclSize);
2675  Token->DefaultDacl = NULL;
2676 
2677  ExAllocateLocallyUniqueId(&Token->ModifiedId);
2678  }
2679 
2680  /* Unlock the token */
2681  SepReleaseTokenLock(Token);
2682  }
2683  }
2684  else
2685  {
2686  Status = STATUS_INFO_LENGTH_MISMATCH;
2687  }
2688  break;
2689  }
2690 
2691  case TokenSessionId:
2692  {
2693  ULONG SessionId = 0;
2694 
2695  _SEH2_TRY
2696  {
2697  /* Buffer size was already verified, no need to check here again */
2698  SessionId = *(PULONG)TokenInformation;
2699  }
2700  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2701  {
2702  Status = _SEH2_GetExceptionCode();
2703  _SEH2_YIELD(goto Cleanup);
2704  }
2705  _SEH2_END;
2706 
2707  /* Check for TCB privilege */
2708  if (!SeSinglePrivilegeCheck(SeTcbPrivilege, PreviousMode))
2709  {
2710  Status = STATUS_PRIVILEGE_NOT_HELD;
2711  break;
2712  }
2713 
2714  /* Lock the token */
2715  SepAcquireTokenLockExclusive(Token);
2716 
2717  Token->SessionId = SessionId;
2718  ExAllocateLocallyUniqueId(&Token->ModifiedId);
2719 
2720  /* Unlock the token */
2721  SepReleaseTokenLock(Token);
2722 
2723  break;
2724  }
2725 
2726  case TokenSessionReference:
2727  {
2728  ULONG SessionReference;
2729 
2730  _SEH2_TRY
2731  {
2732  /* Buffer size was already verified, no need to check here again */
2733  SessionReference = *(PULONG)TokenInformation;
2734  }
2735  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2736  {
2737  Status = _SEH2_GetExceptionCode();
2738  _SEH2_YIELD(goto Cleanup);
2739  }
2740  _SEH2_END;
2741 
2742  /* Check for TCB privilege */
2743  if (!SeSinglePrivilegeCheck(SeTcbPrivilege, PreviousMode))
2744  {
2745  Status = STATUS_PRIVILEGE_NOT_HELD;
2746  goto Cleanup;
2747  }
2748 
2749  /* Check if it is 0 */
2750  if (SessionReference == 0)
2751  {
2752  ULONG OldTokenFlags;
2753 
2754  /* Lock the token */
2755  SepAcquireTokenLockExclusive(Token);
2756 
2757  /* Atomically set the flag in the token */
2758  OldTokenFlags = RtlInterlockedSetBits(&Token->TokenFlags,
2759  TOKEN_SESSION_NOT_REFERENCED);
2760  /*
2761  * If the flag was already set, do not dereference again
2762  * the logon session. Use SessionReference as an indicator
2763  * to know whether to really dereference the session.
2764  */
2765  if (OldTokenFlags == Token->TokenFlags)
2766  SessionReference = ULONG_MAX;
2767 
2768  /* Unlock the token */
2769  SepReleaseTokenLock(Token);
2770  }
2771 
2772  /* Dereference the logon session if needed */
2773  if (SessionReference == 0)
2774  SepRmDereferenceLogonSession(&Token->AuthenticationId);
2775 
2776  break;
2777  }
2778 
2779  case TokenAuditPolicy:
2780  {
2781  PTOKEN_AUDIT_POLICY_INFORMATION PolicyInformation =
2782  (PTOKEN_AUDIT_POLICY_INFORMATION)TokenInformation;
2783  SEP_AUDIT_POLICY AuditPolicy;
2784  ULONG i;
2785 
2786  _SEH2_TRY
2787  {
2788  ProbeForRead(PolicyInformation,
2789  FIELD_OFFSET(TOKEN_AUDIT_POLICY_INFORMATION,
2790  Policies[PolicyInformation->PolicyCount]),
2791  sizeof(ULONG));
2792 
2793  /* Loop all policies in the structure */
2794  for (i = 0; i < PolicyInformation->PolicyCount; i++)
2795  {
2796  /* Set the corresponding bits in the packed structure */
2797  switch (PolicyInformation->Policies[i].Category)
2798  {
2799  case AuditCategorySystem:
2800  AuditPolicy.PolicyElements.System = PolicyInformation->Policies[i].Value;
2801  break;
2802 
2803  case AuditCategoryLogon:
2804  AuditPolicy.PolicyElements.Logon = PolicyInformation->Policies[i].Value;
2805  break;
2806 
2807  case AuditCategoryObjectAccess:
2808  AuditPolicy.PolicyElements.ObjectAccess = PolicyInformation->Policies[i].Value;
2809  break;
2810 
2811  case AuditCategoryPrivilegeUse:
2812  AuditPolicy.PolicyElements.PrivilegeUse = PolicyInformation->Policies[i].Value;
2813  break;
2814 
2815  case AuditCategoryDetailedTracking:
2816  AuditPolicy.PolicyElements.DetailedTracking = PolicyInformation->Policies[i].Value;
2817  break;
2818 
2819  case AuditCategoryPolicyChange:
2820  AuditPolicy.PolicyElements.PolicyChange = PolicyInformation->Policies[i].Value;
2821  break;
2822 
2823  case AuditCategoryAccountManagement:
2824  AuditPolicy.PolicyElements.AccountManagement = PolicyInformation->Policies[i].Value;
2825  break;
2826 
2827  case AuditCategoryDirectoryServiceAccess:
2828  AuditPolicy.PolicyElements.DirectoryServiceAccess = PolicyInformation->Policies[i].Value;
2829  break;
2830 
2831  case AuditCategoryAccountLogon:
2832  AuditPolicy.PolicyElements.AccountLogon = PolicyInformation->Policies[i].Value;
2833  break;
2834  }
2835  }
2836  }
2837  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2838  {
2839  Status = _SEH2_GetExceptionCode();
2840  _SEH2_YIELD(goto Cleanup);
2841  }
2842  _SEH2_END;
2843 
2844  /* Check for TCB privilege */
2845  if (!SeSinglePrivilegeCheck(SeTcbPrivilege, PreviousMode))
2846  {
2847  Status = STATUS_PRIVILEGE_NOT_HELD;
2848  break;
2849  }
2850 
2851  /* Lock the token */
2852  SepAcquireTokenLockExclusive(Token);
2853 
2854  /* Set the new audit policy */
2855  Token->AuditPolicy = AuditPolicy;
2856  ExAllocateLocallyUniqueId(&Token->ModifiedId);
2857 
2858  /* Unlock the token */
2859  SepReleaseTokenLock(Token);
2860 
2861  break;
2862  }
2863 
2864  case TokenOrigin:
2865  {
2866  TOKEN_ORIGIN TokenOrigin;
2867 
2868  _SEH2_TRY
2869  {
2870  /* Copy the token origin */
2871  TokenOrigin = *(PTOKEN_ORIGIN)TokenInformation;
2872  }
2873  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2874  {
2875  Status = _SEH2_GetExceptionCode();
2876  _SEH2_YIELD(goto Cleanup);
2877  }
2878  _SEH2_END;
2879 
2880  /* Check for TCB privilege */
2881  if (!SeSinglePrivilegeCheck(SeTcbPrivilege, PreviousMode))
2882  {
2883  Status = STATUS_PRIVILEGE_NOT_HELD;
2884  break;
2885  }
2886 
2887  /* Lock the token */
2888  SepAcquireTokenLockExclusive(Token);
2889 
2890  /* Check if there is no token origin set yet */
2891  if (RtlIsZeroLuid(&Token->OriginatingLogonSession))
2892  {
2893  /* Set the token origin */
2894  Token->OriginatingLogonSession =
2895  TokenOrigin.OriginatingLogonSession;
2896 
2897  ExAllocateLocallyUniqueId(&Token->ModifiedId);
2898  }
2899 
2900  /* Unlock the token */
2901  SepReleaseTokenLock(Token);
2902 
2903  break;
2904  }
2905 
2906  default:
2907  {
2908  DPRINT1("Invalid TokenInformationClass: 0x%lx\n",
2909  TokenInformationClass);
2910  Status = STATUS_INVALID_INFO_CLASS;
2911  break;
2912  }
2913  }
2914 Cleanup:
2915  ObDereferenceObject(Token);
2916  }
2917 
2918  if (!NT_SUCCESS(Status))
2919  {
2920  DPRINT1("NtSetInformationToken failed with Status 0x%lx\n", Status);
2921  }
2922 
2923  return Status;
2924 }
_TOKEN_PRIMARY_GROUP::PrimaryGroup
PSID PrimaryGroup
Definition: setypes.h:978
SepAcquireTokenLockExclusive
#define SepAcquireTokenLockExclusive(Token)
Definition: se.h:200
SepFindPrimaryGroupAndDefaultOwner
static NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Definition: token.c:345
STATUS_PRIVILEGE_NOT_HELD
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
_TOKEN_DEFAULT_DACL
Definition: setypes.h:981
TRUE
#define TRUE
Definition: types.h:120
RtlCopyMemory
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
_SEP_AUDIT_POLICY_CATEGORIES::DirectoryServiceAccess
UCHAR DirectoryServiceAccess
Definition: setypes.h:123
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
STATUS_INFO_LENGTH_MISMATCH
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133
_SID
Definition: ms-dtyp.idl:198
_TOKEN_AUDIT_POLICY_INFORMATION::PolicyCount
ULONG PolicyCount
Definition: token.c:24
PTOKEN_PRIMARY_GROUP
struct _TOKEN_PRIMARY_GROUP * PTOKEN_PRIMARY_GROUP
TokenInformationLength
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
Definition: sefuncs.h:320
_ACL::AclSize
USHORT AclSize
Definition: ms-dtyp.idl:296
_ACL
Definition: ms-dtyp.idl:293
_TOKEN_PRIMARY_GROUP
Definition: setypes.h:977
SessionId
ULONG SessionId
Definition: dllmain.c:28
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
SeSinglePrivilegeCheck
BOOLEAN NTAPI SeSinglePrivilegeCheck(IN LUID PrivilegeValue, IN KPROCESSOR_MODE PreviousMode)
Definition: priv.c:524
ExGetPreviousMode
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
ObDereferenceObject
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
DefaultSetInfoBufferCheck
static __inline NTSTATUS DefaultSetInfoBufferCheck(ULONG Class, const INFORMATION_CLASS_INFO *ClassList, ULONG ClassListEntries, PVOID Buffer, ULONG BufferLength, KPROCESSOR_MODE PreviousMode)
Definition: probe.h:8
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
_SEP_AUDIT_POLICY_CATEGORIES::PrivilegeUse
UCHAR PrivilegeUse
Definition: setypes.h:119
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
ObReferenceObjectByHandle
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:496
PTOKEN_DEFAULT_DACL
struct _TOKEN_DEFAULT_DACL * PTOKEN_DEFAULT_DACL
PTOKEN_ORIGIN
struct _TOKEN_ORIGIN * PTOKEN_ORIGIN
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
_SEP_AUDIT_POLICY_CATEGORIES::Logon
UCHAR Logon
Definition: setypes.h:117
NULL
smooth NULL
Definition: ftsmooth.c:416
SeTokenObjectType
POBJECT_TYPE SeTokenObjectType
Definition: token.c:34
SepCaptureAcl
NTSTATUS NTAPI SepCaptureAcl(IN PACL InputAcl, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PACL *CapturedAcl)
Definition: acl.c:277
_SEP_AUDIT_POLICY
Definition: setypes.h:133
_TOKEN_OWNER::Owner
PSID Owner
Definition: setypes.h:974
DPRINT
void DPRINT(...)
Definition: polytest.cpp:61
TOKEN_ADJUST_DEFAULT
#define TOKEN_ADJUST_DEFAULT
Definition: setypes.h:878
TokenHandle
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
PVOID
void * PVOID
Definition: retypes.h:9
SepRmDereferenceLogonSession
NTSTATUS SepRmDereferenceLogonSession(PLUID LogonLuid)
Definition: srm.c:664
_TOKEN_OWNER
Definition: setypes.h:973
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
_SEH2_YIELD
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_TOKEN_AUDIT_POLICY_INFORMATION::Policies
struct _TOKEN_AUDIT_POLICY_INFORMATION::@1803 Policies[1]
PTOKEN_AUDIT_POLICY_INFORMATION
struct _TOKEN_AUDIT_POLICY_INFORMATION * PTOKEN_AUDIT_POLICY_INFORMATION
_TOKEN_AUDIT_POLICY_INFORMATION
Definition: token.c:22
_TOKEN_ORIGIN
Definition: setypes.h:1052
RtlIsZeroLuid
#define RtlIsZeroLuid(_L1)
Definition: rtlfuncs.h:753
_SEP_AUDIT_POLICY::PolicyElements
SEP_AUDIT_POLICY_CATEGORIES PolicyElements
Definition: setypes.h:137
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PTOKEN_OWNER
struct _TOKEN_OWNER * PTOKEN_OWNER
ProbeForRead
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
STATUS_INVALID_INFO_CLASS
#define STATUS_INVALID_INFO_CLASS
Definition: ntstatus.h:226
SepReleaseTokenLock
#define SepReleaseTokenLock(Token)
Definition: se.h:211
_SEP_AUDIT_POLICY_CATEGORIES::AccountManagement
UCHAR AccountManagement
Definition: setypes.h:122
TAG_TOKEN_DYNAMIC
#define TAG_TOKEN_DYNAMIC
Definition: tag.h:180
Cleanup
static const WCHAR Cleanup[]
Definition: register.c:80
_SEP_AUDIT_POLICY_CATEGORIES::ObjectAccess
UCHAR ObjectAccess
Definition: setypes.h:118
_TOKEN_DEFAULT_DACL::DefaultDacl
PACL DefaultDacl
Definition: setypes.h:982
_SEP_AUDIT_POLICY_CATEGORIES::DetailedTracking
UCHAR DetailedTracking
Definition: setypes.h:120
_SEP_AUDIT_POLICY_CATEGORIES::PolicyChange
UCHAR PolicyChange
Definition: setypes.h:121
Status
Status
Definition: gdiplustypes.h:24
SeTcbPrivilege
const LUID SeTcbPrivilege
Definition: priv.c:28
TAG_ACL
#define TAG_ACL
Definition: tag.h:174
_SEH2_END
_SEH2_END
Definition: create.c:4400
RTL_NUMBER_OF
#define RTL_NUMBER_OF(x)
Definition: RtlRegistry.c:12
_SEP_AUDIT_POLICY_CATEGORIES::AccountLogon
UCHAR AccountLogon
Definition: setypes.h:124
ExAllocateLocallyUniqueId
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:340
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:254
PULONG
unsigned int * PULONG
Definition: retypes.h:1
SepReleaseSid
VOID NTAPI SepReleaseSid(IN PSID CapturedSid, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: sid.c:342
DPRINT1
#define DPRINT1
Definition: precomp.h:8
RtlInterlockedSetBits
#define RtlInterlockedSetBits(Flags, Flag)
Definition: rtlfuncs.h:3436
_SEP_AUDIT_POLICY_CATEGORIES::System
UCHAR System
Definition: setypes.h:116
ULONG
unsigned int ULONG
Definition: retypes.h:1
RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
SeTokenInformationClass
static const INFORMATION_CLASS_INFO SeTokenInformationClass[]
Definition: token.c:48
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
STATUS_SUCCESS
return STATUS_SUCCESS
Definition: btrfs.c:3014
_TOKEN
Definition: setypes.h:151
TOKEN_ADJUST_SESSIONID
#define TOKEN_ADJUST_SESSIONID
Definition: setypes.h:879
SepCaptureSid
NTSTATUS NTAPI SepCaptureSid(IN PSID InputSid, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSID *CapturedSid)
Definition: sid.c:274
TOKEN_SESSION_NOT_REFERENCED
#define TOKEN_SESSION_NOT_REFERENCED
Definition: setypes.h:1130
TokenInformationClass
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
Definition: sefuncs.h:318
ULONG_MAX
#define ULONG_MAX
Definition: limits.h:44
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

◆ SeCaptureSecurityDescriptor()

NTKERNELAPI NTSTATUS NTAPI SeCaptureSecurityDescriptor ( _In_ PSECURITY_DESCRIPTOR  OriginalSecurityDescriptor,
_In_ KPROCESSOR_MODE  CurrentMode,
_In_ POOL_TYPE  PoolType,
_In_ BOOLEAN  CaptureIfKernel,
_Out_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor 
)

◆ SeCreateAccessState()

NTKERNELAPI NTSTATUS NTAPI SeCreateAccessState ( PACCESS_STATE  AccessState,
PAUX_ACCESS_DATA  AuxData,
ACCESS_MASK  Access,
PGENERIC_MAPPING  GenericMapping 
)

◆ SeDeleteAccessState()

NTKERNELAPI VOID NTAPI SeDeleteAccessState ( _In_ PACCESS_STATE  AccessState)

◆ SeReleaseSecurityDescriptor()

NTKERNELAPI NTSTATUS NTAPI SeReleaseSecurityDescriptor ( _In_ PSECURITY_DESCRIPTOR  CapturedSecurityDescriptor,
_In_ KPROCESSOR_MODE  CurrentMode,
_In_ BOOLEAN  CaptureIfKernelMode 
)

◆ SeTokenImpersonationLevel()

NTKERNELAPI SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel ( _In_ PACCESS_TOKEN  Token)

◆ ZwAccessCheck()

NTSYSAPI NTSTATUS NTAPI ZwAccessCheck ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_ PPRIVILEGE_SET  PrivilegeSet,
_Out_ PULONG  ReturnLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ ZwAdjustGroupsToken()

NTSYSAPI NTSTATUS NTAPI ZwAdjustGroupsToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  ResetToDefault,
_In_ PTOKEN_GROUPS  NewState,
_In_ ULONG  BufferLength,
_Out_opt_ PTOKEN_GROUPS  PreviousState,
_Out_ PULONG  ReturnLength 
)

◆ ZwAdjustPrivilegesToken()

_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI ZwAdjustPrivilegesToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  DisableAllPrivileges,
_In_opt_ PTOKEN_PRIVILEGES  NewState,
_In_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES  PreviousState,
_When_(PreviousState !=NULL, _Out_) PULONG  ReturnLength 
)

Referenced by RtlAcquirePrivilege(), RtlAdjustPrivilege(), RtlpSysVolTakeOwnership(), and RtlReleasePrivilege().

◆ ZwAllocateLocallyUniqueId()

NTSYSAPI NTSTATUS NTAPI ZwAllocateLocallyUniqueId ( _Out_ LUID LocallyUniqueId)

Referenced by CreateInitialSystemToken().

◆ ZwAllocateUuids()

NTSYSAPI NTSTATUS NTAPI ZwAllocateUuids ( PULARGE_INTEGER  Time,
PULONG  Range,
PULONG  Sequence,
PUCHAR  Seed 
)

◆ ZwCreateToken()

NTSYSAPI NTSTATUS NTAPI ZwCreateToken ( _Out_ PHANDLE  TokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ TOKEN_TYPE  TokenType,
_In_ PLUID  AuthenticationId,
_In_ PLARGE_INTEGER  ExpirationTime,
_In_ PTOKEN_USER  TokenUser,
_In_ PTOKEN_GROUPS  TokenGroups,
_In_ PTOKEN_PRIVILEGES  TokenPrivileges,
_In_ PTOKEN_OWNER  TokenOwner,
_In_ PTOKEN_PRIMARY_GROUP  TokenPrimaryGroup,
_In_ PTOKEN_DEFAULT_DACL  TokenDefaultDacl,
_In_ PTOKEN_SOURCE  TokenSource 
)

Referenced by CreateInitialSystemToken().

◆ ZwImpersonateAnonymousToken()

NTSYSAPI NTSTATUS NTAPI ZwImpersonateAnonymousToken ( _In_ HANDLE  Thread)

◆ ZwOpenObjectAuditAlarm()

NTSYSAPI NTSTATUS NTAPI ZwOpenObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ULONG  DesiredAccess,
_In_ ULONG  GrantedAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  ObjectCreation,
_In_ BOOLEAN  AccessGranted,
_Out_ PBOOLEAN  GenerateOnClose 
)

◆ ZwOpenProcessTokenEx()

NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

Referenced by RtlFormatCurrentUserKeyPath().

◆ ZwPrivilegeCheck()

NTSYSAPI NTSTATUS NTAPI ZwPrivilegeCheck ( _In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  RequiredPrivileges,
_In_ PBOOLEAN  Result 
)

◆ ZwPrivilegedServiceAuditAlarm()

NTSYSAPI NTSTATUS NTAPI ZwPrivilegedServiceAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PUNICODE_STRING  ServiceName,
_In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ ZwPrivilegeObjectAuditAlarm()

NTSYSAPI NTSTATUS NTAPI ZwPrivilegeObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PVOID  HandleId,
_In_ HANDLE  ClientToken,
_In_ ULONG  DesiredAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ ZwSetInformationToken()

NTSYSAPI NTSTATUS NTAPI ZwSetInformationToken ( _In_ HANDLE  TokenHandle,
_In_ TOKEN_INFORMATION_CLASS  TokenInformationClass,
_Out_ PVOID  TokenInformation,
_In_ ULONG  TokenInformationLength 
)

Variable Documentation

◆ DesiredAccess

_In_ ACCESS_MASK DesiredAccess

Definition at line 417 of file sefuncs.h.

◆ EffectiveOnly

_Must_inspect_result_ _In_opt_ PACCESS_TOKEN _In_ BOOLEAN _In_ BOOLEAN EffectiveOnly

Definition at line 417 of file sefuncs.h.

Referenced by GetProcessLuid(), NtCloseObjectAuditAlarm(), NtDuplicateToken(), NtOpenThreadTokenEx(), ObpReferenceDeviceMap(), PsImpersonateClient(), PsReferenceEffectiveToken(), PsReferenceImpersonationToken(), SeCaptureSubjectContextEx(), and SeImpersonateClientEx().

◆ Length

_In_ TOKEN_INFORMATION_CLASS _In_ ULONG Length

Definition at line 509 of file sefuncs.h.

◆ NewTokenHandle

_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle

Definition at line 417 of file sefuncs.h.

Referenced by NtDuplicateToken().

◆ ObjectAttributes

_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes

Definition at line 417 of file sefuncs.h.

◆ ResultLength

_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ResultLength

Definition at line 509 of file sefuncs.h.

◆ ReturnLength

_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ReturnLength

Definition at line 320 of file sefuncs.h.

◆ TokenHandle

_In_ ACCESS_MASK _Out_ PHANDLE TokenHandle

Definition at line 455 of file sefuncs.h.

◆ TokenInformationClass

_In_ TOKEN_INFORMATION_CLASS TokenInformationClass

Definition at line 318 of file sefuncs.h.

Referenced by GetTokenInformation(), NtQueryInformationToken(), NtSetInformationToken(), SeQueryInformationToken(), and SetTokenInformation().

◆ TokenInformationLength

_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength

Definition at line 320 of file sefuncs.h.

Referenced by GetTokenInformation(), NtQueryInformationToken(), NtSetInformationToken(), and SetTokenInformation().

◆ TokenType

_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType

Definition at line 417 of file sefuncs.h.

Referenced by CreateProcessAsUserCommon(), CreateRestrictedToken(), DuplicateTokenEx(), ImpersonateLoggedOnUser(), ImpersonatePrinterClient(), NpFreeClientSecurityContext(), NtCreateToken(), NtDuplicateToken(), NtQueryInformationToken(), PsReferenceEffectiveToken(), SeCreateClientSecurity(), SepCreateClientSecurity(), SepCreateToken(), SepDuplicateToken(), SeQueryInformationToken(), test_CreateRestrictedToken(), TestsSeQueryInformationToken(), validate_impersonation_token(), and WhoamiGetTokenInfo().