#include <umtypes.h>
Include dependency graph for sefuncs.h:
This graph shows which files directly or indirectly include this file:
Go to the source code of this file.
Function Documentation
◆ _IRQL_requires_max_()
| _IRQL_requires_max_ | ( | PASSIVE_LEVEL | ) |
Queries information details about a security descriptor.
Computes the quota size of a security descriptor.
Assigns a security descriptor for a new object.
An extended function that assigns a security descriptor for a new object.
Frees a security descriptor.
An extended function that sets new information data to a security descriptor.
Modifies some information data about a security descriptor.
- Parameters
-
[in] SecurityInformation Security information details to be queried from a security descriptor. [out] SecurityDescriptor The returned security descriptor with security information data. [in,out] Length The returned length of a security descriptor. [in,out] ObjectsSecurityDescriptor The returned object security descriptor.
- Returns
- Returns STATUS_SUCCESS if the operations have been completed successfully and that the specific information about the security descriptor has been queried. STATUS_BUFFER_TOO_SMALL is returned if the buffer size is too small to contain the queried info about the security descriptor.
- Parameters
-
[in] Object If specified, the function will use this arbitrary object that points to an object security descriptor. [in] SecurityInformation Security information details to be set. [in] SecurityDescriptor A security descriptor where its info is to be changed. [in,out] ObjectsSecurityDescriptor The returned pointer to security descriptor objects. [in] PoolType Pool type for the new security descriptor to allocate. [in] GenericMapping The generic mapping of access rights masks.
- Returns
- See SeSetSecurityDescriptorInfoEx.
- Parameters
-
[in] Object If specified, the function will use this arbitrary object that points to an object security descriptor. [in] SecurityInformation Security information details to be set. [in] SecurityDescriptor A security descriptor where its info is to be changed. [in,out] ObjectsSecurityDescriptor The returned pointer to security descriptor objects. [in] AutoInheritFlags Flags bitmask inheritation, influencing how the security descriptor can be inherited and if it can be in the first place. [in] PoolType Pool type for the new security descriptor to allocate. [in] GenericMapping The generic mapping of access rights masks.
- Returns
- Returns STATUS_SUCCESS if the operations have been completed without problems and that new info has been set to the security descriptor. STATUS_NO_SECURITY_ON_OBJECT is returned if the object does not have a security descriptor. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the new security descriptor with new info set has failed.
- Parameters
-
[in] SecurityDescriptor A security descriptor to be freed from memory.
- Returns
- Returns STATUS_SUCCESS.
- Parameters
-
[in] _ParentDescriptor A security descriptor of the parent object that is being created. [in] _ExplicitDescriptor An explicit security descriptor that is applied to a new object. [out] NewDescriptor The new allocated security descriptor. [in] ObjectType The type of the new object. [in] IsDirectoryObject Set this to TRUE if the newly created object is a directory object, otherwise set this to FALSE. [in] AutoInheritFlags Automatic inheritance flags that influence how access control entries within ACLs from security descriptors are inherited. [in] SubjectContext Security subject context of the new object. [in] GenericMapping Generic mapping of access mask rights. [in] PoolType This parameter is unused.
- Returns
- Returns STATUS_SUCCESS if the operations have been completed successfully and that the security descriptor has been assigned to the new object. STATUS_NO_TOKEN is returned if the caller hasn't supplied a valid argument to a security subject context. STATUS_INVALID_OWNER is returned if the caller hasn't supplied a parent descriptor that belongs to the main user (owner). STATUS_INVALID_PRIMARY_GROUP is returned by the same reason as with the previous NTSTATUS code. The two NTSTATUS codes are returned if the calling thread stated that the owner and/or group is defaulted to the parent descriptor (SEF_DEFAULT_OWNER_FROM_PARENT and/or SEF_DEFAULT_GROUP_FROM_PARENT respectively). STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the descriptor buffer has failed. A failure NTSTATUS is returned otherwise.
- Parameters
-
[in] ParentDescriptor A security descriptor of the parent object that is being created. [in] ExplicitDescriptor An explicit security descriptor that is applied to a new object. [out] NewDescriptor The new allocated security descriptor. [in] IsDirectoryObject Set this to TRUE if the newly created object is a directory object, otherwise set this to FALSE. [in] SubjectContext Security subject context of the new object. [in] GenericMapping Generic mapping of access mask rights. [in] PoolType This parameter is unused.
- Returns
- See SeAssignSecurityEx.
- Parameters
-
[in] SecurityDescriptor A security descriptor. [out] QuotaInfoSize The returned quota size of the given security descriptor to the caller. The function may return 0 to this parameter if the descriptor doesn't have a group or a discretionary access control list (DACL) even.
- Returns
- Returns STATUS_SUCCESS if the quota size of a security descriptor has been computed successfully. STATUS_UNKNOWN_REVISION is returned if the security descriptor has an invalid revision.
Definition at line 923 of file Messaging.c.
75{
76 PFLT_SERVER_PORT_OBJECT PortObject;
78
79 /* The caller must allow at least one connection */
81 {
83 }
84
85 /* The request must be for a kernel handle */
87 {
89 }
90
91 /*
92 * Get rundown protection on the target to stop the owner
93 * from unloading whilst this port object is open. It gets
94 * removed in the FltpServerPortClose callback
95 */
98 {
100 }
101
102 /* Create the server port object for this filter */
104 ServerPortObjectType,
105 ObjectAttributes,
106 KernelMode,
107 NULL,
109 0,
110 0,
111 (PVOID *)&PortObject);
113 {
114 /* Zero out the struct */
116
117 /* Increment the ref count on the target filter */
119
120 /* Setup the filter port object */
127
128 /* Insert the object */
130 NULL,
132 0,
133 NULL,
136 {
137 /* Lock the connection list */
139
140 /* Add the new port object to the connection list and increment the count */
143
144 /* Unlock the connection list*/
146 }
147 }
148
150 {
151 /* Allow the filter to be cleaned up */
153 }
154
156}
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1877
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1875
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1874
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1876
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
Definition: nsiface.idl:2307
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2935
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:1039
Definition: fltmgrint.h:26
Definition: fltmgrint.h:189
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
◆ _Out_writes_bytes_to_opt_() [1/2]
| _In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ | ( | Length | , |
| * | ResultLength | ||
| ) |
◆ _Out_writes_bytes_to_opt_() [2/2]
| _In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ | ( | TokenInformationLength | , |
| * | ReturnLength | ||
| ) |
◆ _When_()
| _When_ | ( | TokenInformationClass | = = TokenAccessInformation, |
| _At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION))) | |||
| ) |
◆ NtAccessCheck()
| NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheck | ( | _In_ PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| _In_ HANDLE | ClientToken, | ||
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ PGENERIC_MAPPING | GenericMapping, | ||
| _Out_ PPRIVILEGE_SET | PrivilegeSet, | ||
| _Out_ PULONG | ReturnLength, | ||
| _Out_ PACCESS_MASK | GrantedAccess, | ||
| _Out_ PNTSTATUS | AccessStatus | ||
| ) |
◆ NtAccessCheckAndAuditAlarm()
| _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm | ( | _In_ PUNICODE_STRING | SubsystemName, |
| _In_opt_ PVOID | HandleId, | ||
| _In_ PUNICODE_STRING | ObjectTypeName, | ||
| _In_ PUNICODE_STRING | ObjectName, | ||
| _In_ PSECURITY_DESCRIPTOR | SecurityDescriptor, | ||
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ PGENERIC_MAPPING | GenericMapping, | ||
| _In_ BOOLEAN | ObjectCreation, | ||
| _Out_ PACCESS_MASK | GrantedAccess, | ||
| _Out_ PNTSTATUS | AccessStatus, | ||
| _Out_ PBOOLEAN | GenerateOnClose | ||
| ) |
Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made.
- Parameters
-
[in] SubsystemName A Unicode string that points to a name of the subsystem. [in] HandleId A handle to an ID that is used as identification instance for auditing. [in] ObjectTypeName The name of the object type. [in] ObjectName The object name. [in] SecurityDescriptor A security descriptor. [in] DesiredAccess The desired access rights masks requested by the caller. [in] GenericMapping The generic mapping of access mask rights. [in] ObjectCreation Set this to TRUE if the object has just been created. [out] GrantedAccess Returns the granted access rights. [out] AccessStatus Returns a NTSTATUS status code indicating whether access check can be granted or not. [out] GenerateOnClose Returns TRUE if the function has generated a list of granted access rights and status codes on termination, FALSE otherwise.
- Returns
- See SepAccessCheckAndAuditAlarm.
Definition at line 2125 of file audit.c.
2137{
2138 /* Call the internal function */
2140 HandleId,
2141 NULL,
2142 ObjectTypeName,
2143 ObjectName,
2144 SecurityDescriptor,
2145 NULL,
2146 DesiredAccess,
2147 AuditEventObjectAccess,
2148 0,
2149 NULL,
2150 0,
2151 GenericMapping,
2152 GrantedAccess,
2153 AccessStatus,
2154 GenerateOnClose,
2155 FALSE);
2156}
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:79
_Must_inspect_result_ NTSTATUS NTAPI SepAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PHANDLE ClientTokenHandle, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccessList, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatusList, _Out_ PBOOLEAN GenerateOnClose, _In_ BOOLEAN UseResultList)
Performs security auditing, if the specific object can be granted security access or not.
Definition: audit.c:614
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:64
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:422
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:21
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:20
◆ NtAccessCheckByType()
| NTSTATUS NTAPI NtAccessCheckByType | ( | _In_ PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| _In_ PSID | PrincipalSelfSid, | ||
| _In_ HANDLE | ClientToken, | ||
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ POBJECT_TYPE_LIST | ObjectTypeList, | ||
| _In_ ULONG | ObjectTypeLength, | ||
| _In_ PGENERIC_MAPPING | GenericMapping, | ||
| _In_ PPRIVILEGE_SET | PrivilegeSet, | ||
| _Inout_ PULONG | PrivilegeSetLength, | ||
| _Out_ PACCESS_MASK | GrantedAccess, | ||
| _Out_ PNTSTATUS | AccessStatus | ||
| ) |
Determines whether security access could be granted or not on an object by the requestor who wants such access through type.
- Parameters
-
[in] SecurityDescriptor A security descriptor with information data for auditing. [in] PrincipalSelfSid A principal self user SID. [in] ClientToken A client access token. [in] DesiredAccess The desired access masks rights requested by the caller. [in] ObjectTypeList A list of object types. [in] ObjectTypeLength The length size of the list. [in] GenericMapping The generic mapping list of access masks rights. [in] PrivilegeSet An array set of privileges. [in,out] PrivilegeSetLength The length size of the array set of privileges. [out] GrantedAccess The returned granted access rights. [out] AccessStatus The returned NTSTATUS code indicating the final results of auditing.
- Returns
- To be added...
Definition at line 1330 of file accesschk.c.
◆ NtAccessCheckByTypeResultList()
| NTSTATUS NTAPI NtAccessCheckByTypeResultList | ( | _In_ PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| _In_ PSID | PrincipalSelfSid, | ||
| _In_ HANDLE | ClientToken, | ||
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ POBJECT_TYPE_LIST | ObjectTypeList, | ||
| _In_ ULONG | ObjectTypeLength, | ||
| _In_ PGENERIC_MAPPING | GenericMapping, | ||
| _In_ PPRIVILEGE_SET | PrivilegeSet, | ||
| _Inout_ PULONG | PrivilegeSetLength, | ||
| _Out_ PACCESS_MASK | GrantedAccess, | ||
| _Out_ PNTSTATUS | AccessStatus | ||
| ) |
Determines whether security access could be granted or not on an object by the requestor who wants such access through type list.
- Parameters
-
[in] SecurityDescriptor A security descriptor with information data for auditing. [in] PrincipalSelfSid A principal self user SID. [in] ClientToken A client access token. [in] DesiredAccess The desired access masks rights requested by the caller. [in] ObjectTypeList A list of object types. [in] ObjectTypeLength The length size of the list. [in] GenericMapping The generic mapping list of access masks rights. [in] PrivilegeSet An array set of privileges. [in,out] PrivilegeSetLength The length size of the array set of privileges. [out] GrantedAccess The returned granted access rights. [out] AccessStatus The returned NTSTATUS code indicating the final results of auditing.
- Returns
- To be added...
Definition at line 1392 of file accesschk.c.
◆ NtAdjustGroupsToken()
| _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken | ( | _In_ HANDLE | TokenHandle, |
| _In_ BOOLEAN | ResetToDefault, | ||
| _In_opt_ PTOKEN_GROUPS | NewState, | ||
| _In_opt_ ULONG | BufferLength, | ||
| _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS | PreviousState, | ||
| _When_(PreviousState !=NULL, _Out_) PULONG | ReturnLength | ||
| ) |
◆ NtAdjustPrivilegesToken()
| _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken | ( | _In_ HANDLE | TokenHandle, |
| _In_ BOOLEAN | DisableAllPrivileges, | ||
| _In_opt_ PTOKEN_PRIVILEGES | NewState, | ||
| _In_ ULONG | BufferLength, | ||
| _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES | PreviousState, | ||
| _When_(PreviousState !=NULL, _Out_) PULONG | ReturnLength | ||
| ) |
◆ NtAllocateLocallyUniqueId()
| NTSYSCALLAPI NTSTATUS NTAPI NtAllocateLocallyUniqueId | ( | _Out_ LUID * | LocallyUniqueId | ) |
◆ NtAllocateUuids()
| NTSYSCALLAPI NTSTATUS NTAPI NtAllocateUuids | ( | _Out_ PULARGE_INTEGER | Time, |
| _Out_ PULONG | Range, | ||
| _Out_ PULONG | Sequence, | ||
| _Out_ PUCHAR | Seed | ||
| ) |
◆ NtCompareTokens()
| NTSYSCALLAPI NTSTATUS NTAPI NtCompareTokens | ( | _In_ HANDLE | FirstTokenHandle, |
| _In_ HANDLE | SecondTokenHandle, | ||
| _Out_ PBOOLEAN | Equal | ||
| ) |
Compares tokens if they're equal or not.
- Parameters
-
[in] FirstToken The first token. [in] SecondToken The second token. [out] Equal The retrieved value which determines if the tokens are equal or not.
- Returns
- Returns STATUS_SUCCESS, otherwise it returns a failure NTSTATUS code.
Definition at line 2310 of file token.c.
2314{
2316 PTOKEN FirstToken, SecondToken;
2319
2320 PAGED_CODE();
2321
2323
2325 {
2326 _SEH2_TRY
2327 {
2328 ProbeForWriteBoolean(Equal);
2329 }
2331 {
2332 /* Return the exception code */
2334 }
2335 _SEH2_END;
2336 }
2337
2339 TOKEN_QUERY,
2340 SeTokenObjectType,
2341 PreviousMode,
2342 (PVOID*)&FirstToken,
2343 NULL);
2345 {
2348 }
2349
2351 TOKEN_QUERY,
2352 SeTokenObjectType,
2353 PreviousMode,
2354 (PVOID*)&SecondToken,
2355 NULL);
2357 {
2359 ObDereferenceObject(FirstToken);
2361 }
2362
2363 if (FirstToken != SecondToken)
2364 {
2366 SecondToken,
2367 &IsEqual);
2368 }
2369 else
2370 {
2372 }
2373
2374 ObDereferenceObject(SecondToken);
2375 ObDereferenceObject(FirstToken);
2376
2378 {
2379 _SEH2_TRY
2380 {
2381 *Equal = IsEqual;
2382 }
2384 {
2386 }
2387 _SEH2_END;
2388 }
2389
2391}
static NTSTATUS SepCompareTokens(_In_ PTOKEN FirstToken, _In_ PTOKEN SecondToken, _Out_ PBOOLEAN Equal)
Compares tokens if they're equal based on all the following properties. If all of the said conditions...
Definition: token.c:243
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
Definition: setypes.h:216
Referenced by START_TEST().
◆ NtCreateToken()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateToken | ( | _Out_ PHANDLE | TokenHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_opt_ POBJECT_ATTRIBUTES | ObjectAttributes, | ||
| _In_ TOKEN_TYPE | TokenType, | ||
| _In_ PLUID | AuthenticationId, | ||
| _In_ PLARGE_INTEGER | ExpirationTime, | ||
| _In_ PTOKEN_USER | TokenUser, | ||
| _In_ PTOKEN_GROUPS | TokenGroups, | ||
| _In_ PTOKEN_PRIVILEGES | TokenPrivileges, | ||
| _In_opt_ PTOKEN_OWNER | TokenOwner, | ||
| _In_ PTOKEN_PRIMARY_GROUP | TokenPrimaryGroup, | ||
| _In_opt_ PTOKEN_DEFAULT_DACL | TokenDefaultDacl, | ||
| _In_ PTOKEN_SOURCE | TokenSource | ||
| ) |
Creates an access token.
- Parameters
-
[out] TokenHandle The returned created token handle to the caller. [in] DesiredAccess The desired access rights for the token that we're creating. [in] ObjectAttributes The object attributes for the token object that we're creating. [in] TokenType The type of token to assign for the newly created token. [in] AuthenticationId Authentication ID that represents the token's identity. [in] ExpirationTime Expiration time for the token. If set to -1, the token never expires. [in] TokenUser The main user entity for the token to assign. [in] TokenGroups Group list of SIDs for the token to assign. [in] TokenPrivileges Privileges for the token. [in] TokenOwner The main user that owns the newly created token. [in] TokenPrimaryGroup The primary group that represents as the main group of the token. [in] TokenDefaultDacl Discretionary access control list for the token. This limits on how the token can be used, accessed and used by whom. [in] TokenSource The source origin of the token who creates it.
- Returns
- Returns STATUS_SUCCESS if the function has successfully created the token. A failure NTSTATUS code is returned otherwise.
Definition at line 1554 of file tokenlif.c.
1568{
1569 HANDLE hToken;
1571 ULONG PrivilegeCount, GroupCount;
1572 PSID OwnerSid, PrimaryGroupSid;
1573 PACL DefaultDacl;
1574 LARGE_INTEGER LocalExpirationTime = {{0, 0}};
1575 LUID LocalAuthenticationId;
1576 TOKEN_SOURCE LocalTokenSource;
1577 SECURITY_QUALITY_OF_SERVICE LocalSecurityQos;
1584 ULONG PrivilegesLength, UserLength, GroupsLength;
1586
1587 PAGED_CODE();
1588
1590
1592 {
1593 _SEH2_TRY
1594 {
1596
1598 {
1603 }
1604
1605 ProbeForRead(AuthenticationId,
1608 LocalAuthenticationId = *AuthenticationId;
1609
1610 LocalExpirationTime = ProbeForReadLargeInteger(ExpirationTime);
1611
1615
1619 GroupCount = TokenGroups->GroupCount;
1620
1624 PrivilegeCount = TokenPrivileges->PrivilegeCount;
1625
1627 {
1631 OwnerSid = TokenOwner->Owner;
1632 }
1633 else
1634 {
1635 OwnerSid = NULL;
1636 }
1637
1641 PrimaryGroupSid = TokenPrimaryGroup->PrimaryGroup;
1642
1644 {
1648 DefaultDacl = TokenDefaultDacl->DefaultDacl;
1649 }
1650 else
1651 {
1652 DefaultDacl = NULL;
1653 }
1654
1658 LocalTokenSource = *TokenSource;
1659 }
1661 {
1662 /* Return the exception code */
1664 }
1665 _SEH2_END;
1666 }
1667 else
1668 {
1671 LocalAuthenticationId = *AuthenticationId;
1672 LocalExpirationTime = *ExpirationTime;
1673 GroupCount = TokenGroups->GroupCount;
1674 PrivilegeCount = TokenPrivileges->PrivilegeCount;
1676 PrimaryGroupSid = TokenPrimaryGroup->PrimaryGroup;
1678 LocalTokenSource = *TokenSource;
1679 }
1680
1681 /* Check token type */
1684 {
1686 }
1687
1688 /* Check for token creation privilege */
1690 {
1692 }
1693
1694 /* Capture the user SID and attributes */
1696 1,
1697 PreviousMode,
1698 NULL,
1699 0,
1700 PagedPool,
1701 FALSE,
1702 &CapturedUser,
1703 &UserLength);
1705 {
1707 }
1708
1709 /* Capture the groups SID and attributes array */
1711 GroupCount,
1712 PreviousMode,
1713 NULL,
1714 0,
1715 PagedPool,
1716 FALSE,
1717 &CapturedGroups,
1718 &GroupsLength);
1720 {
1722 }
1723
1724 /* Capture privileges */
1726 PrivilegeCount,
1727 PreviousMode,
1728 NULL,
1729 0,
1730 PagedPool,
1731 FALSE,
1732 &CapturedPrivileges,
1733 &PrivilegesLength);
1735 {
1737 }
1738
1739 /* Capture the token owner SID */
1741 {
1743 PreviousMode,
1744 PagedPool,
1745 FALSE,
1746 &CapturedOwnerSid);
1748 {
1750 }
1751 }
1752
1753 /* Capture the token primary group SID */
1755 PreviousMode,
1756 PagedPool,
1757 FALSE,
1758 &CapturedPrimaryGroupSid);
1760 {
1762 }
1763
1764 /* Capture DefaultDacl */
1766 {
1768 PreviousMode,
1769 NonPagedPool,
1770 FALSE,
1771 &CapturedDefaultDacl);
1773 {
1775 }
1776 }
1777
1778 /* Call the internal function */
1780 PreviousMode,
1781 DesiredAccess,
1782 ObjectAttributes,
1783 TokenType,
1784 LocalSecurityQos.ImpersonationLevel,
1785 &LocalAuthenticationId,
1786 &LocalExpirationTime,
1787 CapturedUser,
1788 GroupCount,
1789 CapturedGroups,
1790 GroupsLength,
1791 PrivilegeCount,
1792 CapturedPrivileges,
1793 CapturedOwnerSid,
1794 CapturedPrimaryGroupSid,
1795 CapturedDefaultDacl,
1796 &LocalTokenSource,
1797 FALSE);
1799 {
1800 _SEH2_TRY
1801 {
1802 *TokenHandle = hToken;
1803 }
1805 {
1807 }
1808 _SEH2_END;
1809 }
1810
1811Cleanup:
1812
1813 /* Release what we captured */
1820
1822}
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:404
VOID NTAPI SepReleaseSid(_In_ PSID CapturedSid, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID.
Definition: sid.c:400
NTSTATUS NTAPI SepCaptureSid(_In_ PSID InputSid, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID *CapturedSid)
Captures a SID.
Definition: sid.c:314
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID with attributes.
Definition: sid.c:994
VOID NTAPI SepReleaseAcl(_In_ PACL CapturedAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) a captured ACL from the memory pool.
Definition: acl.c:464
VOID NTAPI SeReleaseLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Privilege, _In_ KPROCESSOR_MODE PreviousMode, _In_ BOOLEAN CaptureIfKernel)
Releases a LUID with attributes structure.
Definition: priv.c:554
NTSTATUS NTAPI SepCaptureAcl(_In_ PACL InputAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PACL *CapturedAcl)
Captures an access control list from an already valid input ACL.
Definition: acl.c:352
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
Captures a SID with attributes.
Definition: sid.c:711
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Src, _In_ ULONG PrivilegeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_ PLUID_AND_ATTRIBUTES AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PLUID_AND_ATTRIBUTES *Dest, _Inout_ PULONG Length)
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
Definition: priv.c:744
Definition: ms-dtyp.idl:293
Definition: setypes.h:73
Definition: devicetopology.idl:137
Definition: umtypes.h:182
Definition: lsa.idl:63
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
Definition: setypes.h:502
Definition: ms-dtyp.idl:198
Definition: setypes.h:1031
Definition: setypes.h:1009
Definition: setypes.h:1023
Definition: setypes.h:1027
Definition: setypes.h:1018
Definition: imports.h:277
Definition: setypes.h:1005
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Internal function responsible for access token object creation in the kernel. A fully created token o...
Definition: tokenlif.c:97
Definition: typedefs.h:103
Referenced by LsapLogonUser().
◆ NtDuplicateToken()
| _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken | ( | _In_ HANDLE | ExistingTokenHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_opt_ POBJECT_ATTRIBUTES | ObjectAttributes, | ||
| _In_ BOOLEAN | EffectiveOnly, | ||
| _In_ TOKEN_TYPE | TokenType, | ||
| _Out_ PHANDLE | NewTokenHandle | ||
| ) |
Duplicates a token.
- Parameters
-
[in] ExistingTokenHandle An existing token to duplicate. [in] DesiredAccess The desired access rights for the new duplicated token. [in] ObjectAttributes Object attributes for the new duplicated token. [in] EffectiveOnly If set to TRUE, the function removes all the disabled privileges and groups of the token to duplicate. [in] TokenType Type of token to assign to the duplicated token. [out] NewTokenHandle The returned duplicated token handle.
- Returns
- STATUS_SUCCESS is returned if token duplication has completed successfully. STATUS_BAD_IMPERSONATION_LEVEL is returned if the caller erroneously wants to raise the impersonation level even though the conditions do not permit it. A failure NTSTATUS code is returned otherwise.
- Remarks
- Some sources claim 4th param is ImpersonationLevel, but on W2K this is certainly NOT true, although I can't say for sure that EffectiveOnly is correct either. -Gunnar This is true. EffectiveOnly overrides SQOS.EffectiveOnly. - IAI NOTE for readers: http://hex.pp.ua/nt/NtDuplicateToken.php is therefore wrong in that regard, while MSDN documentation is correct.
Definition at line 1865 of file tokenlif.c.
1872{
1874 HANDLE hToken;
1876 PTOKEN NewToken;
1877 PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService;
1878 BOOLEAN QoSPresent;
1881
1882 PAGED_CODE();
1883
1886 {
1888 }
1889
1891
1893 {
1894 _SEH2_TRY
1895 {
1897 }
1899 {
1900 /* Return the exception code */
1902 }
1903 _SEH2_END;
1904 }
1905
1907 PreviousMode,
1908 PagedPool,
1909 FALSE,
1910 &CapturedSecurityQualityOfService,
1911 &QoSPresent);
1913 {
1916 }
1917
1919 TOKEN_DUPLICATE,
1920 SeTokenObjectType,
1921 PreviousMode,
1923 &HandleInformation);
1925 {
1927 SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
1928 PreviousMode,
1929 FALSE);
1931 }
1932
1933 /*
1934 * Fail, if the original token is an impersonation token and the caller
1935 * tries to raise the impersonation level of the new token above the
1936 * impersonation level of the original token.
1937 */
1939 {
1940 if (QoSPresent &&
1942 {
1944 SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
1945 PreviousMode,
1946 FALSE);
1948 }
1949 }
1950
1951 /*
1952 * Fail, if a primary token is to be created from an impersonation token
1953 * and and the impersonation level of the impersonation token is below SecurityImpersonation.
1954 */
1958 {
1960 SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
1961 PreviousMode,
1962 FALSE);
1964 }
1965
1967 ObjectAttributes,
1968 EffectiveOnly,
1969 TokenType,
1971 PreviousMode,
1972 &NewToken);
1973
1975
1977 {
1979 NULL,
1981 0,
1982 NULL,
1983 &hToken);
1985 {
1986 _SEH2_TRY
1987 {
1988 *NewTokenHandle = hToken;
1989 }
1991 {
1993 }
1994 _SEH2_END;
1995 }
1996 }
1997
1998 /* Free the captured structure */
1999 SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
2000 PreviousMode,
2001 FALSE);
2002
2004}
Definition: tokenizer.hpp:28
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:403
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
Definition: sefuncs.h:405
NTSTATUS NTAPI SepCaptureSecurityQualityOfService(_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, _Out_ PBOOLEAN Present)
Captures the security quality of service data given the object attributes from an object.
Definition: sqos.c:52
VOID NTAPI SepReleaseSecurityQualityOfService(_In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) the captured SQOS data from an object in the memory pool.
Definition: sqos.c:225
Definition: iotypes.h:179
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Duplicates an access token, from an existing valid token.
Definition: tokenlif.c:471
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
Definition: obfuncs.h:44
◆ NtFilterToken()
| _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFilterToken | ( | _In_ HANDLE | ExistingTokenHandle, |
| _In_ ULONG | Flags, | ||
| _In_opt_ PTOKEN_GROUPS | SidsToDisable, | ||
| _In_opt_ PTOKEN_PRIVILEGES | PrivilegesToDelete, | ||
| _In_opt_ PTOKEN_GROUPS | RestrictedSids, | ||
| _Out_ PHANDLE | NewTokenHandle | ||
| ) |
Creates an access token in a restricted form from the original existing token, that is, such action is called filtering.
- Parameters
-
[in] ExistingTokenHandle A handle to an access token which is to be filtered. [in] Flags Privilege flag options. This parameter argument influences how the token's privileges are filtered. For further details see remarks. [in] SidsToDisable Array of SIDs to disable. The action of doing so assigns the SE_GROUP_USE_FOR_DENY_ONLY attribute to the respective group SID and takes away SE_GROUP_ENABLED and SE_GROUP_ENABLED_BY_DEFAULT. This parameter can be NULL. This can be a UM pointer. [in] PrivilegesToDelete Array of privileges to delete. The function will walk within this array to determine if the specified privileges do exist in the access token. Any missing privileges gets ignored. This parameter can be NULL. This can be a UM pointer. [in] RestrictedSids An array list of restricted groups SID to be added in the access token. A token that is already restricted the newly added restricted SIDs are redundant information in addition to the existing restricted SIDs in the token. This parameter can be NULL. This can be a UM pointer. [out] NewTokenHandle A new handle to the restricted (filtered) access token. This can be a UM pointer.
- Returns
- Returns STATUS_SUCCESS if the routine has successfully filtered the access token. STATUS_INVALID_PARAMETER is returned if one or more parameters are not valid (see SepPerformTokenFiltering routine call for more information). A failure NTSTATUS code is returned otherwise.
- Remarks
- The Flags parameter determines the final outcome of how the privileges in an access token are filtered. This parameter can take these supported values (these can be combined):
0 – Filter the token's privileges in the usual way. The function expects that the caller MUST PROVIDE a valid array list of privileges to be deleted (that is, PrivilegesToDelete MUSTN'T BE NULL).
DISABLE_MAX_PRIVILEGE – Disables (deletes) all the privileges except SeChangeNotifyPrivilege in the new access token. Bear in mind if this flag is specified the routine ignores PrivilegesToDelete.
SANDBOX_INERT – Stores the TOKEN_SANDBOX_INERT token flag within the access token.
LUA_TOKEN – The newly filtered access token is a LUA token. This flag is not supported in Windows Server 2003.
WRITE_RESTRICTED – The newly filtered token has the restricted SIDs that are considered only when evaluating write access onto the token. This value is not supported in Windows Server 2003.
Definition at line 2071 of file tokenlif.c.
2078{
2080 HANDLE FilteredTokenHandle;
2083 OBJECT_HANDLE_INFORMATION HandleInfo;
2085 ULONG CapturedSidsCount = 0;
2086 ULONG CapturedPrivilegesCount = 0;
2087 ULONG CapturedRestrictedSidsCount = 0;
2088 ULONG ProbeSize = 0;
2092
2093 PAGED_CODE();
2094
2096
2097 _SEH2_TRY
2098 {
2099 /* Probe SidsToDisable */
2101 {
2102 /* Probe the header */
2104
2105 CapturedSidsCount = SidsToDisable->GroupCount;
2107
2109 }
2110
2111 /* Probe PrivilegesToDelete */
2113 {
2114 /* Probe the header */
2116
2117 CapturedPrivilegesCount = PrivilegesToDelete->PrivilegeCount;
2119
2121 }
2122
2123 /* Probe RestrictedSids */
2125 {
2126 /* Probe the header */
2128
2129 CapturedRestrictedSidsCount = RestrictedSids->GroupCount;
2131
2133 }
2134
2135 /* Probe the handle */
2137 }
2139 {
2140 /* Return the exception code */
2142 }
2143 _SEH2_END;
2144
2145 /* Reference the token */
2147 TOKEN_DUPLICATE,
2148 SeTokenObjectType,
2149 PreviousMode,
2151 &HandleInfo);
2153 {
2156 }
2157
2158 /* Capture the group SIDs */
2160 {
2162 CapturedSidsCount,
2163 PreviousMode,
2164 NULL,
2165 0,
2166 PagedPool,
2167 TRUE,
2168 &CapturedSids,
2169 &ResultLength);
2171 {
2173 goto Quit;
2174 }
2175 }
2176
2177 /* Capture the privileges */
2179 {
2181 CapturedPrivilegesCount,
2182 PreviousMode,
2183 NULL,
2184 0,
2185 PagedPool,
2186 TRUE,
2187 &CapturedPrivileges,
2188 &ResultLength);
2190 {
2192 goto Quit;
2193 }
2194 }
2195
2196 /* Capture the restricted SIDs */
2198 {
2200 CapturedRestrictedSidsCount,
2201 PreviousMode,
2202 NULL,
2203 0,
2204 PagedPool,
2205 TRUE,
2206 &CapturedRestrictedSids,
2207 &ResultLength);
2209 {
2211 goto Quit;
2212 }
2213 }
2214
2215 /* Call the internal API */
2217 CapturedPrivileges,
2218 CapturedSids,
2219 CapturedRestrictedSids,
2220 CapturedPrivilegesCount,
2221 CapturedSidsCount,
2222 CapturedRestrictedSidsCount,
2223 Flags,
2224 PreviousMode,
2225 &FilteredToken);
2227 {
2229 goto Quit;
2230 }
2231
2232 /* Insert the filtered token and retrieve a handle to it */
2234 NULL,
2235 HandleInfo.GrantedAccess,
2236 0,
2237 NULL,
2238 &FilteredTokenHandle);
2240 {
2242 goto Quit;
2243 }
2244
2245 /* And return it to the caller once we're done */
2246 _SEH2_TRY
2247 {
2248 *NewTokenHandle = FilteredTokenHandle;
2249 }
2251 {
2254 }
2255 _SEH2_END;
2256
2257Quit:
2258 /* Dereference the token */
2260
2261 /* Release all the captured data */
2263 {
2264 SeReleaseSidAndAttributesArray(CapturedSids,
2265 PreviousMode,
2266 TRUE);
2267 }
2268
2270 {
2271 SeReleaseLuidAndAttributesArray(CapturedPrivileges,
2272 PreviousMode,
2273 TRUE);
2274 }
2275
2277 {
2278 SeReleaseSidAndAttributesArray(CapturedRestrictedSids,
2279 PreviousMode,
2280 TRUE);
2281 }
2282
2284}
static NTSTATUS SepPerformTokenFiltering(_In_ PTOKEN Token, _In_opt_ PLUID_AND_ATTRIBUTES PrivilegesToBeDeleted, _In_opt_ PSID_AND_ATTRIBUTES SidsToBeDisabled, _In_opt_ PSID_AND_ATTRIBUTES RestrictedSidsIntoToken, _When_(PrivilegesToBeDeleted !=NULL, _In_) ULONG PrivilegesCount, _When_(SidsToBeDisabled !=NULL, _In_) ULONG RegularGroupsSidCount, _When_(RestrictedSidsIntoToken !=NULL, _In_) ULONG RestrictedSidsCount, _In_ ULONG PrivilegeFlags, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *FilteredToken)
Private helper function responsible for creating a restricted access token, that is,...
Definition: tokenlif.c:855
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3776
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:17
◆ NtImpersonateAnonymousToken()
| NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken | ( | _In_ HANDLE | ThreadHandle | ) |
Allows the calling thread to impersonate the system's anonymous logon token.
- Parameters
-
[in] ThreadHandle A handle to the thread to start the procedure of logon token impersonation. The thread must have the THREAD_IMPERSONATE access right.
- Returns
- Returns STATUS_SUCCESS if the thread has successfully impersonated the anonymous logon token, otherwise a failure NTSTATUS code is returned.
- Remarks
- By default the system gives the opportunity to the caller to impersonate the anonymous logon token without including the Everyone Group SID. In cases where the caller wants to impersonate the token including such group, the EveryoneIncludesAnonymous registry value setting has to be set to 1, from HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry path. The calling thread must invoke PsRevertToSelf when impersonation is no longer needed or RevertToSelf if the calling execution is done in user mode.
Definition at line 2419 of file token.c.
2421{
2425 PAGED_CODE();
2426
2428
2429 /* Obtain the thread object from the handle */
2431 THREAD_IMPERSONATE,
2432 PsThreadType,
2433 PreviousMode,
2435 NULL);
2437 {
2438 DPRINT1("NtImpersonateAnonymousToken(): Failed to reference the object (Status 0x%lx)\n", Status);
2440 }
2441
2442 /* Call the private routine to impersonate the token */
2445 {
2446 DPRINT1("NtImpersonateAnonymousToken(): Failed to impersonate the token (Status 0x%lx)\n", Status);
2447 }
2448
2451}
static NTSTATUS SepImpersonateAnonymousToken(_In_ PETHREAD Thread, _In_ KPROCESSOR_MODE PreviousMode)
Private function that impersonates the system's anonymous logon token. The major bulk of the imperson...
Definition: token.c:334
Definition: pstypes.h:1102
◆ NtOpenObjectAuditAlarm()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm | ( | _In_ PUNICODE_STRING | SubsystemName, |
| _In_opt_ PVOID | HandleId, | ||
| _In_ PUNICODE_STRING | ObjectTypeName, | ||
| _In_ PUNICODE_STRING | ObjectName, | ||
| _In_opt_ PSECURITY_DESCRIPTOR | SecurityDescriptor, | ||
| _In_ HANDLE | ClientTokenHandle, | ||
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ ACCESS_MASK | GrantedAccess, | ||
| _In_opt_ PPRIVILEGE_SET | PrivilegeSet, | ||
| _In_ BOOLEAN | ObjectCreation, | ||
| _In_ BOOLEAN | AccessGranted, | ||
| _Out_ PBOOLEAN | GenerateOnClose | ||
| ) |
Raises an alarm audit message when an object is about to be opened.
- Parameters
-
[in] SubsystemName A Unicode string that points to a name of the subsystem. [in] HandleId A handle to an ID used for identification instance for auditing. [in] ObjectTypeName A Unicode string that points to an object type name. [in] ObjectName The name of the object. [in] SecurityDescriptor A security descriptor. [in] ClientTokenHandle A handle to a client access token. [in] DesiredAccess The desired access rights masks requested by the caller. [in] GrantedAccess The granted access mask rights. [in] PrivilegeSet If specified, the function will use this set of privileges to audit. [in] ObjectCreation Set this to TRUE if the object has just been created. [in] AccessGranted Set this to TRUE if the access attempt was deemed as granted. [out] GenerateOnClose A boolean flag returned to the caller once audit generation procedure finishes.
- Returns
- Returns STATUS_SUCCESS if all the operations have been completed successfully. STATUS_PRIVILEGE_NOT_HELD is returned if the given subject context does not hold the required audit privilege to actually begin auditing in the first place. STATUS_BAD_IMPERSONATION_LEVEL is returned if the security impersonation level of the client token is not on par with the impersonation level that alllows impersonation. STATUS_INVALID_PARAMETER is returned if the caller has submitted a bogus set of privileges as such array set exceeds the maximum count of privileges that the kernel can accept. A failure NTSTATUS code is returned otherwise.
Definition at line 1622 of file audit.c.
1635{
1636 PTOKEN ClientToken;
1637 PSECURITY_DESCRIPTOR CapturedSecurityDescriptor;
1638 UNICODE_STRING CapturedSubsystemName, CapturedObjectTypeName, CapturedObjectName;
1639 ULONG PrivilegeCount, PrivilegeSetSize;
1641 BOOLEAN LocalGenerateOnClose;
1642 PVOID CapturedHandleId;
1645 PAGED_CODE();
1646
1647 /* Only user mode is supported! */
1649
1650 /* Start clean */
1651 ClientToken = NULL;
1652 CapturedSecurityDescriptor = NULL;
1653 CapturedPrivilegeSet = NULL;
1657
1658 /* Reference the client token */
1660 TOKEN_QUERY,
1661 SeTokenObjectType,
1662 UserMode,
1663 (PVOID*)&ClientToken,
1664 NULL);
1666 {
1668 ClientTokenHandle, Status);
1670 }
1671
1672 /* Capture the security subject context */
1674
1675 /* Validate the token's impersonation level */
1678 {
1682 }
1683
1684 /* Check for audit privilege */
1686 {
1690 }
1691
1692 /* Check for NULL SecurityDescriptor */
1694 {
1695 /* Nothing to do */
1698 }
1699
1700 /* Capture the security descriptor */
1702 UserMode,
1703 PagedPool,
1704 FALSE,
1705 &CapturedSecurityDescriptor);
1707 {
1710 }
1711
1712 _SEH2_TRY
1713 {
1714 /* Check if we have a privilege set */
1716 {
1717 /* Probe the basic privilege set structure */
1719
1720 /* Validate privilege count */
1721 PrivilegeCount = PrivilegeSet->PrivilegeCount;
1723 {
1726 }
1727
1728 /* Calculate the size of the PrivilegeSet structure */
1730
1731 /* Probe the whole structure */
1733
1734 /* Allocate a temp buffer */
1736 PrivilegeSetSize,
1737 TAG_PRIVILEGE_SET);
1739 {
1743 }
1744
1745 /* Copy the privileges */
1746 RtlCopyMemory(CapturedPrivilegeSet, PrivilegeSet, PrivilegeSetSize);
1747 }
1748
1750 {
1752 CapturedHandleId = *(PVOID*)HandleId;
1753 }
1754
1756 }
1758 {
1762 }
1763 _SEH2_END;
1764
1765 /* Probe and capture the subsystem name */
1767 UserMode,
1768 SubsystemName);
1770 {
1773 }
1774
1775 /* Probe and capture the object type name */
1777 UserMode,
1778 ObjectTypeName);
1780 {
1783 }
1784
1785 /* Probe and capture the object name */
1787 UserMode,
1788 ObjectName);
1790 {
1793 }
1794
1795 /* Call the internal function */
1797 &CapturedSubsystemName,
1798 CapturedHandleId,
1799 &CapturedObjectTypeName,
1800 &CapturedObjectName,
1801 CapturedSecurityDescriptor,
1802 ClientToken,
1803 DesiredAccess,
1804 GrantedAccess,
1805 CapturedPrivilegeSet,
1806 ObjectCreation,
1807 AccessGranted,
1808 &LocalGenerateOnClose);
1809
1811
1812 /* Enter SEH to copy the data back to user mode */
1813 _SEH2_TRY
1814 {
1815 *GenerateOnClose = LocalGenerateOnClose;
1816 }
1818 {
1821 }
1822 _SEH2_END;
1823
1824Cleanup:
1825
1828
1831
1834
1837
1840
1841 /* Release the security subject context */
1843
1844 ObDereferenceObject(ClientToken);
1845
1847}
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2246
BOOLEAN NTAPI SeCheckAuditPrivilege(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Checks a single privilege and performs an audit against a privileged service based on a security subj...
Definition: priv.c:360
VOID NTAPI SepOpenObjectAuditAlarm(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PTOKEN ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when an object is about to be opened.
Definition: audit.c:1535
NTSTATUS NTAPI SeCaptureSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Captures a security descriptor.
Definition: sd.c:386
NTSTATUS NTAPI SeReleaseSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
Releases a captured security descriptor buffer.
Definition: sd.c:760
static __inline NTSTATUS ProbeAndCaptureUnicodeString(OUT PUNICODE_STRING Dest, IN KPROCESSOR_MODE CurrentMode, IN const UNICODE_STRING *UnsafeSrc)
Definition: probe.h:142
static __inline VOID ReleaseCapturedUnicodeString(IN PUNICODE_STRING CapturedString, IN KPROCESSOR_MODE CurrentMode)
Definition: probe.h:239
Definition: setypes.h:85
Definition: ms-dtyp.idl:301
Definition: setypes.h:217
Definition: env_spec_w32.h:368
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
Definition: subject.c:171
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
Definition: subject.c:85
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:419
◆ NtOpenProcessTokenEx()
| NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx | ( | _In_ HANDLE | ProcessHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ ULONG | HandleAttributes, | ||
| _Out_ PHANDLE | TokenHandle | ||
| ) |
◆ NtPrivilegeCheck()
| _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck | ( | _In_ HANDLE | ClientToken, |
| _Inout_ PPRIVILEGE_SET | RequiredPrivileges, | ||
| _Out_ PBOOLEAN | Result | ||
| ) |
◆ NtPrivilegedServiceAuditAlarm()
| NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm | ( | _In_ PUNICODE_STRING | SubsystemName, |
| _In_ PUNICODE_STRING | ServiceName, | ||
| _In_ HANDLE | ClientToken, | ||
| _In_ PPRIVILEGE_SET | Privileges, | ||
| _In_ BOOLEAN | AccessGranted | ||
| ) |
◆ NtPrivilegeObjectAuditAlarm()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm | ( | _In_ PUNICODE_STRING | SubsystemName, |
| _In_opt_ PVOID | HandleId, | ||
| _In_ HANDLE | ClientToken, | ||
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ PPRIVILEGE_SET | Privileges, | ||
| _In_ BOOLEAN | AccessGranted | ||
| ) |
◆ NtSetInformationToken()
| _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken | ( | _In_ HANDLE | TokenHandle, |
| _In_ TOKEN_INFORMATION_CLASS | TokenInformationClass, | ||
| _In_reads_bytes_(TokenInformationLength) PVOID | TokenInformation, | ||
| _In_ ULONG | TokenInformationLength | ||
| ) |
Sets (modifies) some specific information in regard of an access token. The calling thread must have specific access rights in order to modify token's information data.
@unimplemented
- Parameters
-
[in] TokenHandle A handle of a token where information is to be modified. [in] TokenInformationClass Token information class. [in] TokenInformation An arbitrary pointer to a buffer with token information to set. Such arbitrary buffer depends on the information class chosen that the caller wants to modify such information data of a token. [in] TokenInformationLength Length of the token information buffer, in bytes.
- Returns
- Returns STATUS_SUCCESS if information setting has completed successfully. STATUS_INFO_LENGTH_MISMATCH is returned if the information length of the buffer is less than the required length. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation has failed. STATUS_PRIVILEGE_NOT_HELD is returned if the calling thread hasn't the required privileges to perform the operation in question. A failure NTSTATUS code is returned otherwise.
- Remarks
- The function is partly implemented, mainly TokenOrigin.
Definition at line 1125 of file tokencls.c.
1130{
1135
1136 PAGED_CODE();
1137
1139
1141 SeTokenInformationClass,
1143 TokenInformation,
1144 TokenInformationLength,
1145 PreviousMode);
1147 {
1148 /* Invalid buffers */
1151 }
1152
1154 {
1155 NeededAccess |= TOKEN_ADJUST_SESSIONID;
1156 }
1157
1159 NeededAccess,
1160 SeTokenObjectType,
1161 PreviousMode,
1163 NULL);
1165 {
1167 {
1169 {
1171 {
1174 ULONG DefaultOwnerIndex;
1175
1176 _SEH2_TRY
1177 {
1178 InputSid = to->Owner;
1179 }
1181 {
1184 }
1185 _SEH2_END;
1186
1188 PreviousMode,
1189 PagedPool,
1190 FALSE,
1191 &CapturedSid);
1193 {
1194 /* Lock the token */
1196
1197 /* Find the owner amongst the existing token user and groups */
1199 NULL,
1200 CapturedSid,
1201 NULL,
1202 &DefaultOwnerIndex);
1204 {
1205 /* Found it */
1206 Token->DefaultOwnerIndex = DefaultOwnerIndex;
1208 }
1209
1210 /* Unlock the token */
1212
1213 SepReleaseSid(CapturedSid,
1214 PreviousMode,
1215 FALSE);
1216 }
1217 }
1218 else
1219 {
1221 }
1222 break;
1223 }
1224
1226 {
1228 {
1230 ULONG AclSize;
1233 ULONG PrimaryGroupIndex, NewDynamicLength;
1234
1235 _SEH2_TRY
1236 {
1237 InputSid = tpg->PrimaryGroup;
1238 }
1240 {
1243 }
1244 _SEH2_END;
1245
1247 PreviousMode,
1248 PagedPool,
1249 FALSE,
1250 &CapturedSid);
1252 {
1253 /* Lock the token */
1255
1256 /*
1257 * We can whack the token's primary group only if
1258 * the charged dynamic space boundary allows us
1259 * to do so. Exceeding this boundary and we're
1260 * busted out.
1261 */
1263 NewDynamicLength = RtlLengthSid(CapturedSid) + AclSize;
1265 {
1269 DPRINT1("NtSetInformationToken(): Couldn't assign new primary group, space exceeded (current length %u, new length %lu)\n",
1270 Token->DynamicCharged, NewDynamicLength);
1272 }
1273
1274 /*
1275 * The dynamic part of the token may require a rebuild
1276 * if the current dynamic area is too small. If not then
1277 * we're pretty much good as is.
1278 */
1281 {
1282 /* Find the primary group amongst the existing token user and groups */
1284 CapturedSid,
1285 NULL,
1286 &PrimaryGroupIndex,
1287 NULL);
1289 {
1290 /*
1291 * We have found it. Add the length of
1292 * the previous primary group SID to the
1293 * available dynamic area.
1294 */
1296
1297 /*
1298 * Move the default DACL if it's not at the
1299 * head of the dynamic part.
1300 */
1303 {
1305 Token->DefaultDacl,
1308 }
1309
1310 /* Take away available space from the dynamic area */
1312
1313 /*
1314 * And assign the new primary group. For that
1315 * we have to make sure where the primary group
1316 * is going to stay in memory, so if this token
1317 * has a default DACL then add up its size with
1318 * the address of the dynamic part.
1319 */
1323 Token->UserAndGroups[PrimaryGroupIndex].Sid);
1325
1327 }
1328 }
1329
1330 /* Unlock the token */
1332
1333 SepReleaseSid(CapturedSid,
1334 PreviousMode,
1335 FALSE);
1336 }
1337 }
1338 else
1339 {
1341 }
1342 break;
1343 }
1344
1346 {
1348 {
1351
1352 _SEH2_TRY
1353 {
1354 InputAcl = tdd->DefaultDacl;
1355 }
1357 {
1360 }
1361 _SEH2_END;
1362
1364 {
1365 PACL CapturedAcl;
1366
1367 /* Capture, validate, and copy the DACL */
1369 PreviousMode,
1370 PagedPool,
1371 TRUE,
1372 &CapturedAcl);
1374 {
1375 ULONG NewDynamicLength;
1376 ULONG_PTR Acl;
1377
1378 /* Lock the token */
1380
1381 /*
1382 * We can whack the token's default DACL only if
1383 * the charged dynamic space boundary allows us
1384 * to do so. Exceeding this boundary and we're
1385 * busted out.
1386 */
1389 {
1393 DPRINT1("NtSetInformationToken(): Couldn't assign new default DACL, space exceeded (current length %u, new length %lu)\n",
1394 Token->DynamicCharged, NewDynamicLength);
1396 }
1397
1398 /*
1399 * The dynamic part of the token may require a rebuild
1400 * if the current dynamic area is too small. If not then
1401 * we're pretty much good as is.
1402 */
1405 {
1406 /*
1407 * Before setting up a new DACL for the
1408 * token object we add up the size of
1409 * the old DACL to the available dynamic
1410 * area
1411 */
1413 {
1415 }
1416
1417 /*
1418 * Move the primary group if it's not at the
1419 * head of the dynamic part.
1420 */
1422 {
1424 Token->PrimaryGroup,
1427 }
1428
1429 /* Take away available space from the dynamic area */
1431
1432 /* Set the new dacl */
1435 CapturedAcl,
1436 CapturedAcl->AclSize);
1438
1440 }
1441
1442 /* Unlock the token and release the ACL */
1445 }
1446 }
1447 else
1448 {
1449 /* Lock the token */
1451
1452 /* Clear the default dacl if present */
1454 {
1458
1460 }
1461
1462 /* Unlock the token */
1464 }
1465 }
1466 else
1467 {
1469 }
1470 break;
1471 }
1472
1474 {
1476
1477 _SEH2_TRY
1478 {
1479 /* Buffer size was already verified, no need to check here again */
1481 }
1483 {
1486 }
1487 _SEH2_END;
1488
1489 /* Check for TCB privilege */
1491 {
1493 break;
1494 }
1495
1496 /* Lock the token */
1498
1501
1502 /* Unlock the token */
1504
1505 break;
1506 }
1507
1509 {
1510 ULONG SessionReference;
1511
1512 _SEH2_TRY
1513 {
1514 /* Buffer size was already verified, no need to check here again */
1515 SessionReference = *(PULONG)TokenInformation;
1516 }
1518 {
1521 }
1522 _SEH2_END;
1523
1524 /* Check for TCB privilege */
1526 {
1529 }
1530
1531 /* Check if it is 0 */
1532 if (SessionReference == 0)
1533 {
1534 ULONG OldTokenFlags;
1535
1536 /* Lock the token */
1538
1539 /* Atomically set the flag in the token */
1541 TOKEN_SESSION_NOT_REFERENCED);
1542 /*
1543 * If the flag was already set, do not dereference again
1544 * the logon session. Use SessionReference as an indicator
1545 * to know whether to really dereference the session.
1546 */
1548 SessionReference = ULONG_MAX;
1549
1550 /*
1551 * Otherwise if the flag was never set but just for this first time then
1552 * remove the referenced logon session data from the token and dereference
1553 * the logon session when needed.
1554 */
1555 if (SessionReference == 0)
1556 {
1559 }
1560
1561 /* Unlock the token */
1563 }
1564 break;
1565 }
1566
1568 {
1569 PTOKEN_AUDIT_POLICY_INFORMATION PolicyInformation =
1570 (PTOKEN_AUDIT_POLICY_INFORMATION)TokenInformation;
1571 SEP_AUDIT_POLICY AuditPolicy;
1573
1574 _SEH2_TRY
1575 {
1576 ProbeForRead(PolicyInformation,
1578 Policies[PolicyInformation->PolicyCount]),
1580
1581 /* Loop all policies in the structure */
1583 {
1584 /* Set the corresponding bits in the packed structure */
1586 {
1589 break;
1590
1593 break;
1594
1597 break;
1598
1601 break;
1602
1605 break;
1606
1609 break;
1610
1613 break;
1614
1617 break;
1618
1621 break;
1622 }
1623 }
1624 }
1626 {
1629 }
1630 _SEH2_END;
1631
1632 /* Check for TCB privilege */
1634 {
1636 break;
1637 }
1638
1639 /* Lock the token */
1641
1642 /* Set the new audit policy */
1643 Token->AuditPolicy = AuditPolicy;
1645
1646 /* Unlock the token */
1648
1649 break;
1650 }
1651
1653 {
1655
1656 _SEH2_TRY
1657 {
1658 /* Copy the token origin */
1660 }
1662 {
1665 }
1666 _SEH2_END;
1667
1668 /* Check for TCB privilege */
1670 {
1672 break;
1673 }
1674
1675 /* Lock the token */
1677
1678 /* Check if there is no token origin set yet */
1680 {
1681 /* Set the token origin */
1682 Token->OriginatingLogonSession =
1683 TokenOrigin.OriginatingLogonSession;
1684
1686 }
1687
1688 /* Unlock the token */
1690
1691 break;
1692 }
1693
1694 default:
1695 {
1697 TokenInformationClass);
1699 break;
1700 }
1701 }
1702Cleanup:
1704 }
1705
1707 {
1709 }
1710
1712}
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
NTSYSAPI BOOLEAN WINAPI RtlCopySid(DWORD, PSID, PSID)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1599
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
Definition: sefuncs.h:312
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:335
static __inline NTSTATUS DefaultSetInfoBufferCheck(_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ PVOID Buffer, _In_ ULONG BufferLength, _In_ KPROCESSOR_MODE PreviousMode)
Probe helper that validates the provided parameters whenever a NtSet*** system call is invoked from u...
Definition: probe.h:70
NTSTATUS NTAPI SepRmRemoveLogonSessionFromToken(_Inout_ PTOKEN Token)
Removes a logon session from an access token.
Definition: srm.c:449
NTSTATUS SepRmDereferenceLogonSession(_Inout_ PLUID LogonLuid)
NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Finds the primary group and default owner entity based on the submitted primary group instance and an...
Definition: token.c:1011
struct _TOKEN_AUDIT_POLICY_INFORMATION * PTOKEN_AUDIT_POLICY_INFORMATION
NTSTATUS SepRebuildDynamicPartOfToken(_In_ PTOKEN Token, _In_ ULONG NewDynamicPartSize)
UCHAR DirectoryServiceAccess
Definition: setypes.h:144
Definition: setypes.h:155
SEP_AUDIT_POLICY_CATEGORIES PolicyElements
Definition: setypes.h:158
Definition: se.h:58
struct _TOKEN_AUDIT_POLICY_INFORMATION::@1783 Policies[1]
Definition: setypes.h:1102
static const INFORMATION_CLASS_INFO SeTokenInformationClass[]
Definition: tokencls.c:19
struct _TOKEN_PRIMARY_GROUP * PTOKEN_PRIMARY_GROUP
struct _TOKEN_DEFAULT_DACL * PTOKEN_DEFAULT_DACL
struct _TOKEN_ORIGIN * PTOKEN_ORIGIN
struct _TOKEN_OWNER * PTOKEN_OWNER
◆ SeCaptureSecurityDescriptor()
| NTKERNELAPI NTSTATUS NTAPI SeCaptureSecurityDescriptor | ( | _In_ PSECURITY_DESCRIPTOR | _OriginalSecurityDescriptor, |
| _In_ KPROCESSOR_MODE | CurrentMode, | ||
| _In_ POOL_TYPE | PoolType, | ||
| _In_ BOOLEAN | CaptureIfKernel, | ||
| _Out_ PSECURITY_DESCRIPTOR * | CapturedSecurityDescriptor | ||
| ) |
Captures a security descriptor.
- Parameters
-
[in] _OriginalSecurityDescriptor An already existing and valid security descriptor to be captured. [in] CurrentMode Processor level access mode. [in] PoolType Pool type to be used when allocating the captured buffer. [in] CaptureIfKernel Set this to TRUE if capturing is done within the kernel. [out] CapturedSecurityDescriptor The captured security descriptor.
- Returns
- Returns STATUS_SUCCESS if the operations have been completed successfully and that the security descriptor has been captured. STATUS_UNKNOWN_REVISION is returned if the security descriptor has an unknown revision. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the captured buffer has failed. A failure NTSTATUS code is returned otherwise.
Definition at line 386 of file sd.c.
392{
393 PISECURITY_DESCRIPTOR OriginalDescriptor = _OriginalSecurityDescriptor;
394 SECURITY_DESCRIPTOR DescriptorCopy;
396 ULONG OwnerSAC = 0, GroupSAC = 0;
401
402 if (!OriginalDescriptor)
403 {
404 /* Nothing to do... */
405 *CapturedSecurityDescriptor = NULL;
407 }
408
409 /* Quick path */
411 {
412 /* Check descriptor version */
414 {
416 }
417
418 *CapturedSecurityDescriptor = _OriginalSecurityDescriptor;
420 }
421
422 _SEH2_TRY
423 {
425 {
426 ProbeForRead(OriginalDescriptor,
429 }
430
431 /* Check the descriptor version */
433 {
435 }
436
438 {
439 /* Get the size of the descriptor */
442
443 /* Probe the entire security descriptor structure. The SIDs
444 * and ACLs will be probed and copied later though */
446 }
447
448 /* Now capture all fields and convert to an absolute descriptor */
457
458 /* Determine owner and group sizes */
463
464 /* Determine the size of the ACLs */
466 {
467 /* Get the size and probe if user mode */
470 }
471
473 {
474 /* Get the size and probe if user mode */
477 }
478 }
480 {
482 }
483 _SEH2_END;
484
485 /*
486 * Allocate enough memory to store a complete copy of a self-relative
487 * security descriptor
488 */
490 DescriptorSize,
491 TAG_SD);
493
498
499 _SEH2_TRY
500 {
501 /*
502 * Setup the offsets and copy the SIDs and ACLs to the new
503 * self-relative security descriptor. Probing the pointers is not
504 * neccessary anymore as we did that when collecting the sizes!
505 * Make sure to validate the SIDs and ACLs *again* as they could have
506 * been modified in the meanwhile!
507 */
509
511 {
515 DescriptorCopy.Owner,
516 OwnerSize);
518 }
519
521 {
525 DescriptorCopy.Group,
526 GroupSize);
528 }
529
531 {
535 DescriptorCopy.Sacl,
536 SaclSize);
538 }
539
541 {
545 DescriptorCopy.Dacl,
546 DaclSize);
548 }
549
550 /* Make sure the size was correct */
552 }
554 {
555 /* We failed to copy the data to the new descriptor */
558 }
559 _SEH2_END;
560
561 /*
562 * We're finally done!
563 * Copy the pointer to the captured descriptor to to the caller.
564 */
565 *CapturedSecurityDescriptor = NewDescriptor;
567}
struct _SECURITY_DESCRIPTOR SECURITY_DESCRIPTOR
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG OwnerSize
Definition: rtlfuncs.h:1598
NTSYSAPI BOOLEAN NTAPI RtlValidAcl(PACL Acl)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG SaclSize
Definition: rtlfuncs.h:1596
DECLSPEC_NORETURN NTSYSAPI VOID NTAPI RtlRaiseStatus(_In_ NTSTATUS Status)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG DaclSize
Definition: rtlfuncs.h:1594
FORCEINLINE PSID SepGetOwnerFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:99
FORCEINLINE PACL SepGetSaclFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:141
FORCEINLINE PSID SepGetGroupFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:79
FORCEINLINE PACL SepGetDaclFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:119
static ULONG DetermineSIDSize(_In_ PISID Sid, _Inout_ PULONG OutSAC, _In_ KPROCESSOR_MODE ProcessorMode)
Determines the size of a SID.
Definition: sd.c:290
static ULONG DetermineACLSize(_In_ PACL Acl, _In_ KPROCESSOR_MODE ProcessorMode)
Determines the size of an ACL.
Definition: sd.c:336
Definition: setypes.h:832
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3815
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:30
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
Referenced by NtAccessCheck(), NtOpenObjectAuditAlarm(), NtSetSecurityObject(), ObpCaptureObjectCreateInformation(), ProbeAndCaptureObjectAttributes(), and SepAccessCheckAndAuditAlarm().
◆ SeCreateAccessState()
| NTKERNELAPI NTSTATUS NTAPI SeCreateAccessState | ( | _In_ PACCESS_STATE | AccessState, |
| _In_ PAUX_ACCESS_DATA | AuxData, | ||
| _In_ ACCESS_MASK | Access, | ||
| _In_ PGENERIC_MAPPING | GenericMapping | ||
| ) |
◆ SeDeleteAccessState()
| NTKERNELAPI VOID NTAPI SeDeleteAccessState | ( | _In_ PACCESS_STATE | AccessState | ) |
Deletes an allocated access state from the memory.
- Parameters
-
[in] AccessState A valid access state.
- Returns
- Nothing.
Definition at line 150 of file access.c.
152{
153 PAUX_ACCESS_DATA AuxData;
154 PAGED_CODE();
155
156 /* Get the Auxiliary Data */
157 AuxData = AccessState->AuxData;
158
159 /* Deallocate Privileges */
162
163 /* Deallocate Name and Type Name */
165 {
167 }
168
170 {
172 }
173
174 /* Release the Subject Context */
176}
Definition: setypes.h:257
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:417
Referenced by NtOpenProcess(), NtOpenThread(), ObDuplicateObject(), ObInsertObject(), ObOpenObjectByName(), ObOpenObjectByPointer(), ObReferenceObjectByName(), PspCreateProcess(), PspCreateThread(), and START_TEST().
◆ SeReleaseSecurityDescriptor()
| NTKERNELAPI NTSTATUS NTAPI SeReleaseSecurityDescriptor | ( | _In_ PSECURITY_DESCRIPTOR | CapturedSecurityDescriptor, |
| _In_ KPROCESSOR_MODE | CurrentMode, | ||
| _In_ BOOLEAN | CaptureIfKernelMode | ||
| ) |
Releases a captured security descriptor buffer.
- Parameters
-
[in] CapturedSecurityDescriptor The captured security descriptor to be freed. [in] CurrentMode Processor level access mode. [in] CaptureIfKernelMode Set this to TRUE if the releasing is to be done within the kernel.
- Returns
- Returns STATUS_SUCCESS.
Definition at line 760 of file sd.c.
764{
765 PAGED_CODE();
766
767 /*
768 * WARNING! You need to call this function with the same value for CurrentMode
769 * and CaptureIfKernelMode that you previously passed to
770 * SeCaptureSecurityDescriptor() in order to avoid memory leaks!
771 */
773 (CurrentMode != KernelMode ||
774 (CurrentMode == KernelMode && CaptureIfKernelMode)))
775 {
776 /* Only delete the descriptor when SeCaptureSecurityDescriptor() allocated one! */
778 }
779
781}
Referenced by NtAccessCheck(), NtOpenObjectAuditAlarm(), NtSetSecurityObject(), ObInsertObject(), ObpReleaseObjectCreateInformation(), ReleaseCapturedObjectAttributes(), and SepAccessCheckAndAuditAlarm().
◆ SeTokenImpersonationLevel()
| NTKERNELAPI SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel | ( | _In_ PACCESS_TOKEN | Token | ) |
Gathers the security impersonation level of an access token.
- Returns
- Returns the security impersonation level from a valid token.
Definition at line 1846 of file token.c.
Referenced by PsAssignImpersonationToken().
◆ ZwAccessCheck()
| NTSYSAPI NTSTATUS NTAPI ZwAccessCheck | ( | _In_ PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| _In_ HANDLE | ClientToken, | ||
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ PGENERIC_MAPPING | GenericMapping, | ||
| _Out_ PPRIVILEGE_SET | PrivilegeSet, | ||
| _Out_ PULONG | ReturnLength, | ||
| _Out_ PACCESS_MASK | GrantedAccess, | ||
| _Out_ PNTSTATUS | AccessStatus | ||
| ) |
◆ ZwAdjustGroupsToken()
| NTSYSAPI NTSTATUS NTAPI ZwAdjustGroupsToken | ( | _In_ HANDLE | TokenHandle, |
| _In_ BOOLEAN | ResetToDefault, | ||
| _In_ PTOKEN_GROUPS | NewState, | ||
| _In_ ULONG | BufferLength, | ||
| _Out_opt_ PTOKEN_GROUPS | PreviousState, | ||
| _Out_ PULONG | ReturnLength | ||
| ) |
◆ ZwAdjustPrivilegesToken()
| _Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI ZwAdjustPrivilegesToken | ( | _In_ HANDLE | TokenHandle, |
| _In_ BOOLEAN | DisableAllPrivileges, | ||
| _In_opt_ PTOKEN_PRIVILEGES | NewState, | ||
| _In_ ULONG | BufferLength, | ||
| _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES | PreviousState, | ||
| _When_(PreviousState !=NULL, _Out_) PULONG | ReturnLength | ||
| ) |
Referenced by RtlAcquirePrivilege(), RtlAdjustPrivilege(), RtlpSysVolTakeOwnership(), RtlReleasePrivilege(), and RtlRemovePrivileges().
◆ ZwAllocateLocallyUniqueId()
Referenced by CreateInitialSystemToken().
◆ ZwAllocateUuids()
| NTSYSAPI NTSTATUS NTAPI ZwAllocateUuids | ( | _Out_ PULARGE_INTEGER | Time, |
| _Out_ PULONG | Range, | ||
| _Out_ PULONG | Sequence, | ||
| _Out_ PUCHAR | Seed | ||
| ) |
◆ ZwCreateToken()
| NTSYSAPI NTSTATUS NTAPI ZwCreateToken | ( | _Out_ PHANDLE | TokenHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ POBJECT_ATTRIBUTES | ObjectAttributes, | ||
| _In_ TOKEN_TYPE | TokenType, | ||
| _In_ PLUID | AuthenticationId, | ||
| _In_ PLARGE_INTEGER | ExpirationTime, | ||
| _In_ PTOKEN_USER | TokenUser, | ||
| _In_ PTOKEN_GROUPS | TokenGroups, | ||
| _In_ PTOKEN_PRIVILEGES | TokenPrivileges, | ||
| _In_ PTOKEN_OWNER | TokenOwner, | ||
| _In_ PTOKEN_PRIMARY_GROUP | TokenPrimaryGroup, | ||
| _In_ PTOKEN_DEFAULT_DACL | TokenDefaultDacl, | ||
| _In_ PTOKEN_SOURCE | TokenSource | ||
| ) |
Referenced by CreateInitialSystemToken().
◆ ZwImpersonateAnonymousToken()
◆ ZwOpenObjectAuditAlarm()
| NTSYSAPI NTSTATUS NTAPI ZwOpenObjectAuditAlarm | ( | _In_ PUNICODE_STRING | SubsystemName, |
| _In_ PVOID | HandleId, | ||
| _In_ PUNICODE_STRING | ObjectTypeName, | ||
| _In_ PUNICODE_STRING | ObjectName, | ||
| _In_ PSECURITY_DESCRIPTOR | SecurityDescriptor, | ||
| _In_ HANDLE | ClientToken, | ||
| _In_ ULONG | DesiredAccess, | ||
| _In_ ULONG | GrantedAccess, | ||
| _In_ PPRIVILEGE_SET | Privileges, | ||
| _In_ BOOLEAN | ObjectCreation, | ||
| _In_ BOOLEAN | AccessGranted, | ||
| _Out_ PBOOLEAN | GenerateOnClose | ||
| ) |
◆ ZwOpenProcessTokenEx()
| NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx | ( | _In_ HANDLE | ProcessHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ ULONG | HandleAttributes, | ||
| _Out_ PHANDLE | TokenHandle | ||
| ) |
Referenced by RtlFormatCurrentUserKeyPath().
◆ ZwPrivilegeCheck()
| NTSYSAPI NTSTATUS NTAPI ZwPrivilegeCheck | ( | _In_ HANDLE | ClientToken, |
| _In_ PPRIVILEGE_SET | RequiredPrivileges, | ||
| _In_ PBOOLEAN | Result | ||
| ) |
◆ ZwPrivilegedServiceAuditAlarm()
| NTSYSAPI NTSTATUS NTAPI ZwPrivilegedServiceAuditAlarm | ( | _In_ PUNICODE_STRING | SubsystemName, |
| _In_ PUNICODE_STRING | ServiceName, | ||
| _In_ HANDLE | ClientToken, | ||
| _In_ PPRIVILEGE_SET | Privileges, | ||
| _In_ BOOLEAN | AccessGranted | ||
| ) |
◆ ZwPrivilegeObjectAuditAlarm()
| NTSYSAPI NTSTATUS NTAPI ZwPrivilegeObjectAuditAlarm | ( | _In_ PUNICODE_STRING | SubsystemName, |
| _In_ PVOID | HandleId, | ||
| _In_ HANDLE | ClientToken, | ||
| _In_ ULONG | DesiredAccess, | ||
| _In_ PPRIVILEGE_SET | Privileges, | ||
| _In_ BOOLEAN | AccessGranted | ||
| ) |
◆ ZwSetInformationToken()
| NTSYSAPI NTSTATUS NTAPI ZwSetInformationToken | ( | _In_ HANDLE | TokenHandle, |
| _In_ TOKEN_INFORMATION_CLASS | TokenInformationClass, | ||
| _Out_ PVOID | TokenInformation, | ||
| _In_ ULONG | TokenInformationLength | ||
| ) |
Variable Documentation
◆ DesiredAccess
◆ EffectiveOnly
| _Must_inspect_result_ _In_opt_ PACCESS_TOKEN _In_ BOOLEAN _In_ BOOLEAN EffectiveOnly |
Definition at line 403 of file sefuncs.h.
Referenced by GetProcessLuid(), NtCloseObjectAuditAlarm(), NtDuplicateToken(), NtOpenThreadTokenEx(), ObpReferenceDeviceMap(), PsImpersonateClient(), PsReferenceEffectiveToken(), PsReferenceImpersonationToken(), SeCaptureSubjectContextEx(), SeImpersonateClientEx(), and SepDuplicateToken().
◆ Length
◆ NewTokenHandle
| _In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle |
Definition at line 405 of file sefuncs.h.
Referenced by CreateRestrictedToken(), NtDuplicateToken(), and NtFilterToken().
◆ ObjectAttributes
| _In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes |
◆ ResultLength
◆ ReturnLength
◆ TokenHandle
◆ TokenInformationClass
| _In_ TOKEN_INFORMATION_CLASS TokenInformationClass |
Definition at line 310 of file sefuncs.h.
Referenced by GetTokenInformation(), NtQueryInformationToken(), NtSetInformationToken(), SeQueryInformationToken(), and SetTokenInformation().
◆ TokenInformationLength
| _In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength |
Definition at line 312 of file sefuncs.h.
Referenced by GetTokenInformation(), NtQueryInformationToken(), NtSetInformationToken(), and SetTokenInformation().
◆ TokenType
| _In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType |
Definition at line 404 of file sefuncs.h.
Referenced by CreateProcessAsUserCommon(), DuplicateTokenEx(), ImpersonateLoggedOnUser(), ImpersonatePrinterClient(), NpFreeClientSecurityContext(), NtCreateToken(), NtDuplicateToken(), NtQueryInformationToken(), PsReferenceEffectiveToken(), QueryTokenTypeTests(), SeCreateClientSecurity(), SepCreateClientSecurity(), SepCreateToken(), SepDuplicateToken(), SeQueryInformationToken(), test_CreateRestrictedToken(), TestsSeQueryInformationToken(), validate_impersonation_token(), and WhoamiGetTokenInfo().
