ReactOS  0.4.15-dev-1374-g8d3e80e
Functions | Variables
sefuncs.h File Reference
#include <umtypes.h>
Include dependency graph for sefuncs.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

NTKERNELAPI NTSTATUS NTAPI SeCaptureSecurityDescriptor (_In_ PSECURITY_DESCRIPTOR OriginalSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
 
NTKERNELAPI NTSTATUS NTAPI SeReleaseSecurityDescriptor (_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
 
NTKERNELAPI NTSTATUS NTAPI SeCreateAccessState (PACCESS_STATE AccessState, PAUX_ACCESS_DATA AuxData, ACCESS_MASK Access, PGENERIC_MAPPING GenericMapping)
 
NTKERNELAPI VOID NTAPI SeDeleteAccessState (_In_ PACCESS_STATE AccessState)
 
NTKERNELAPI SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel (_In_ PACCESS_TOKEN Token)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheck (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_ PPRIVILEGE_SET PrivilegeSet, _Out_ PULONG ReturnLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
NTSTATUS NTAPI NtAccessCheckByType (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
NTSTATUS NTAPI NtAccessCheckByTypeResultList (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_opt_ PTOKEN_GROUPS NewState, _In_opt_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, _Out_ PULONG ReturnLength)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAllocateLocallyUniqueId (_Out_ LUID *LocallyUniqueId)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAllocateUuids (PULARGE_INTEGER Time, PULONG Range, PULONG Sequence, PUCHAR Seed)
 
NTSYSCALLAPI NTSTATUS NTAPI NtCompareTokens (_In_ HANDLE FirstTokenHandle, _In_ HANDLE SecondTokenHandle, _Out_ PBOOLEAN Equal)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateToken (_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_opt_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_opt_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken (_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken (_In_ HANDLE Thread)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
 
NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck (_In_ HANDLE ClientToken, _Inout_ PPRIVILEGE_SET RequiredPrivileges, _Out_ PBOOLEAN Result)
 
NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
 _When_ (TokenInformationClass==TokenAccessInformation, _At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))) _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle
 
_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ (TokenInformationLength, *ReturnLength) PVOID TokenInformation
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken (_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
 
NTSYSAPI NTSTATUS NTAPI ZwAccessCheck (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_ PPRIVILEGE_SET PrivilegeSet, _Out_ PULONG ReturnLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
NTSYSAPI NTSTATUS NTAPI ZwAdjustGroupsToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_ PTOKEN_GROUPS NewState, _In_ ULONG BufferLength, _Out_opt_ PTOKEN_GROUPS PreviousState, _Out_ PULONG ReturnLength)
 
_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI ZwAdjustPrivilegesToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
 
NTSYSAPI NTSTATUS NTAPI ZwAllocateLocallyUniqueId (_Out_ LUID *LocallyUniqueId)
 
NTSYSAPI NTSTATUS NTAPI ZwAllocateUuids (PULARGE_INTEGER Time, PULONG Range, PULONG Sequence, PUCHAR Seed)
 
NTSYSAPI NTSTATUS NTAPI ZwCreateToken (_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
 
 _IRQL_requires_max_ (PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwDuplicateToken(_In_ HANDLE ExistingTokenHandle
 
NTSYSAPI NTSTATUS NTAPI ZwImpersonateAnonymousToken (_In_ HANDLE Thread)
 
NTSYSAPI NTSTATUS NTAPI ZwOpenObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ULONG DesiredAccess, _In_ ULONG GrantedAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
 
NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 
NTSYSAPI NTSTATUS NTAPI ZwPrivilegeCheck (_In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET RequiredPrivileges, _In_ PBOOLEAN Result)
 
NTSYSAPI NTSTATUS NTAPI ZwPrivilegedServiceAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
NTSYSAPI NTSTATUS NTAPI ZwPrivilegeObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ULONG DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ (Length, *ResultLength) PVOID TokenInformation
 
NTSYSAPI NTSTATUS NTAPI ZwSetInformationToken (_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_ PVOID TokenInformation, _In_ ULONG TokenInformationLength)
 

Variables

_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ReturnLength
 
_In_ ACCESS_MASK DesiredAccess
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
 
_In_ ACCESS_MASK _Out_ PHANDLE TokenHandle
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG Length
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ResultLength
 

Function Documentation

◆ _IRQL_requires_max_()

_IRQL_requires_max_ ( PASSIVE_LEVEL  )

Definition at line 64 of file Messaging.c.

75 {
76  PFLT_SERVER_PORT_OBJECT PortObject;
77  NTSTATUS Status;
78 
79  /* The caller must allow at least one connection */
80  if (MaxConnections == 0)
81  {
82  return STATUS_INVALID_PARAMETER;
83  }
84 
85  /* The request must be for a kernel handle */
86  if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
87  {
88  return STATUS_INVALID_PARAMETER;
89  }
90 
91  /*
92  * Get rundown protection on the target to stop the owner
93  * from unloading whilst this port object is open. It gets
94  * removed in the FltpServerPortClose callback
95  */
96  Status = FltObjectReference(Filter);
97  if (!NT_SUCCESS(Status))
98  {
99  return Status;
100  }
101 
102  /* Create the server port object for this filter */
103  Status = ObCreateObject(KernelMode,
104  ServerPortObjectType,
105  ObjectAttributes,
106  KernelMode,
107  NULL,
108  sizeof(FLT_SERVER_PORT_OBJECT),
109  0,
110  0,
111  (PVOID *)&PortObject);
112  if (NT_SUCCESS(Status))
113  {
114  /* Zero out the struct */
115  RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
116 
117  /* Increment the ref count on the target filter */
118  FltpObjectPointerReference((PFLT_OBJECT)Filter);
119 
120  /* Setup the filter port object */
121  PortObject->Filter = Filter;
122  PortObject->ConnectNotify = ConnectNotifyCallback;
123  PortObject->DisconnectNotify = DisconnectNotifyCallback;
124  PortObject->MessageNotify = MessageNotifyCallback;
125  PortObject->Cookie = ServerPortCookie;
126  PortObject->MaxConnections = MaxConnections;
127 
128  /* Insert the object */
129  Status = ObInsertObject(PortObject,
130  NULL,
131  STANDARD_RIGHTS_ALL | FILE_READ_DATA,
132  0,
133  NULL,
134  (PHANDLE)ServerPort);
135  if (NT_SUCCESS(Status))
136  {
137  /* Lock the connection list */
138  ExAcquireFastMutex(&Filter->ConnectionList.mLock);
139 
140  /* Add the new port object to the connection list and increment the count */
141  InsertTailList(&Filter->ConnectionList.mList, &PortObject->FilterLink);
142  Filter->ConnectionList.mCount++;
143 
144  /* Unlock the connection list*/
145  ExReleaseFastMutex(&Filter->ConnectionList.mLock);
146  }
147  }
148 
149  if (!NT_SUCCESS(Status))
150  {
151  /* Allow the filter to be cleaned up */
152  FltObjectDereference(Filter);
153  }
154 
155  return Status;
156 }
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
ServerPort
_Must_inspect_result_ _Outptr_ PFLT_PORT * ServerPort
Definition: fltkernel.h:1873
_FLT_SERVER_PORT_OBJECT::ConnectNotify
PFLT_CONNECT_NOTIFY ConnectNotify
Definition: fltmgrint.h:191
FltObjectDereference
VOID FLTAPI FltObjectDereference(_Inout_ PVOID Object)
Definition: Object.c:53
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
_FLT_MUTEX_LIST_HEAD::mCount
ULONG mCount
Definition: fltmgrint.h:57
InsertTailList
#define InsertTailList(ListHead, Entry)
Definition: env_spec_w32.h:1003
OBJ_KERNEL_HANDLE
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
ExReleaseFastMutex
VOID FASTCALL ExReleaseFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:31
FltpObjectPointerReference
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
_FLT_MUTEX_LIST_HEAD::mList
LIST_ENTRY mList
Definition: fltmgrint.h:56
Filter
_Must_inspect_result_ _In_opt_ PFLT_FILTER Filter
Definition: fltkernel.h:1802
FILE_READ_DATA
#define FILE_READ_DATA
Definition: nt_native.h:628
ObCreateObject
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:952
Status
Status
Definition: gdiplustypes.h:24
_FLT_SERVER_PORT_OBJECT::Cookie
PVOID Cookie
Definition: fltmgrint.h:195
ServerPortObjectType
POBJECT_TYPE ServerPortObjectType
Definition: Messaging.c:24
_FLT_OBJECT
Definition: fltmgrint.h:25
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
DisconnectNotifyCallback
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1873
_FLT_SERVER_PORT_OBJECT::MaxConnections
LONG MaxConnections
Definition: fltmgrint.h:198
PHANDLE
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
ConnectNotifyCallback
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1873
_FLT_SERVER_PORT_OBJECT
Definition: fltmgrint.h:188
ObInsertObject
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2932
STANDARD_RIGHTS_ALL
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
ExAcquireFastMutex
VOID FASTCALL ExAcquireFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:23
FltObjectReference
NTSTATUS FLTAPI FltObjectReference(_Inout_ PVOID Object)
Definition: Object.c:41
ServerPortCookie
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1873
_FLT_SERVER_PORT_OBJECT::Filter
PFLT_FILTER Filter
Definition: fltmgrint.h:194
NULL
#define NULL
Definition: types.h:112
_FLT_MUTEX_LIST_HEAD::mLock
FAST_MUTEX mLock
Definition: fltmgrint.h:55
_FLT_SERVER_PORT_OBJECT::MessageNotify
PFLT_MESSAGE_NOTIFY MessageNotify
Definition: fltmgrint.h:193
_FLT_SERVER_PORT_OBJECT::FilterLink
LIST_ENTRY FilterLink
Definition: fltmgrint.h:190
RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
MaxConnections
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY _In_ LONG MaxConnections
Definition: fltkernel.h:1873
_FLT_SERVER_PORT_OBJECT::DisconnectNotify
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
MessageNotifyCallback
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1873
_FLT_FILTER::ConnectionList
FLT_MUTEX_LIST_HEAD ConnectionList
Definition: fltmgrint.h:121

◆ _Out_writes_bytes_to_opt_() [1/2]

_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ ( TokenInformationLength  ,
ReturnLength 
)

◆ _Out_writes_bytes_to_opt_() [2/2]

_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ ( Length  ,
ResultLength 
)

◆ _When_()

_When_ ( TokenInformationClass  = TokenAccessInformation,
_At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))   
)

◆ NtAccessCheck()

NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheck ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_ PPRIVILEGE_SET  PrivilegeSet,
_Out_ PULONG  ReturnLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ NtAccessCheckAndAuditAlarm()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus,
_Out_ PBOOLEAN  GenerateOnClose 
)

Definition at line 1406 of file audit.c.

1418 {
1419  /* Call the internal function */
1420  return SepAccessCheckAndAuditAlarm(SubsystemName,
1421  HandleId,
1422  NULL,
1423  ObjectTypeName,
1424  ObjectName,
1425  SecurityDescriptor,
1426  NULL,
1427  DesiredAccess,
1428  AuditEventObjectAccess,
1429  0,
1430  NULL,
1431  0,
1432  GenericMapping,
1433  GrantedAccess,
1434  AccessStatus,
1435  GenerateOnClose,
1436  FALSE);
1437 }
ObjectTypeName
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
AccessStatus
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
ObjectName
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
FALSE
#define FALSE
Definition: types.h:117
GenerateOnClose
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
GenericMapping
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
NULL
#define NULL
Definition: types.h:112
GrantedAccess
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
SepAccessCheckAndAuditAlarm
_Must_inspect_result_ NTSTATUS NTAPI SepAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PHANDLE ClientTokenHandle, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccessList, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatusList, _Out_ PBOOLEAN GenerateOnClose, _In_ BOOLEAN UseResultList)
Definition: audit.c:371

◆ NtAccessCheckByType()

NTSTATUS NTAPI NtAccessCheckByType ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PSID  PrincipalSelfSid,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ PPRIVILEGE_SET  PrivilegeSet,
_Inout_ PULONG  PrivilegeSetLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ NtAccessCheckByTypeResultList()

NTSTATUS NTAPI NtAccessCheckByTypeResultList ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PSID  PrincipalSelfSid,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ PPRIVILEGE_SET  PrivilegeSet,
_Inout_ PULONG  PrivilegeSetLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ NtAdjustGroupsToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  ResetToDefault,
_In_opt_ PTOKEN_GROUPS  NewState,
_In_opt_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS  PreviousState,
_Out_ PULONG  ReturnLength 
)

◆ NtAdjustPrivilegesToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  DisableAllPrivileges,
_In_opt_ PTOKEN_PRIVILEGES  NewState,
_In_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES  PreviousState,
_When_(PreviousState !=NULL, _Out_) PULONG  ReturnLength 
)

◆ NtAllocateLocallyUniqueId()

NTSYSCALLAPI NTSTATUS NTAPI NtAllocateLocallyUniqueId ( _Out_ LUID LocallyUniqueId)

◆ NtAllocateUuids()

NTSYSCALLAPI NTSTATUS NTAPI NtAllocateUuids ( PULARGE_INTEGER  Time,
PULONG  Range,
PULONG  Sequence,
PUCHAR  Seed 
)

◆ NtCompareTokens()

NTSYSCALLAPI NTSTATUS NTAPI NtCompareTokens ( _In_ HANDLE  FirstTokenHandle,
_In_ HANDLE  SecondTokenHandle,
_Out_ PBOOLEAN  Equal 
)

◆ NtCreateToken()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateToken ( _Out_ PHANDLE  TokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ TOKEN_TYPE  TokenType,
_In_ PLUID  AuthenticationId,
_In_ PLARGE_INTEGER  ExpirationTime,
_In_ PTOKEN_USER  TokenUser,
_In_ PTOKEN_GROUPS  TokenGroups,
_In_ PTOKEN_PRIVILEGES  TokenPrivileges,
_In_opt_ PTOKEN_OWNER  TokenOwner,
_In_ PTOKEN_PRIMARY_GROUP  TokenPrimaryGroup,
_In_opt_ PTOKEN_DEFAULT_DACL  TokenDefaultDacl,
_In_ PTOKEN_SOURCE  TokenSource 
)

Definition at line 3415 of file token.c.

3429 {
3430  HANDLE hToken;
3431  KPROCESSOR_MODE PreviousMode;
3432  ULONG PrivilegeCount, GroupCount;
3433  PSID OwnerSid, PrimaryGroupSid;
3434  PACL DefaultDacl;
3435  LARGE_INTEGER LocalExpirationTime = {{0, 0}};
3436  LUID LocalAuthenticationId;
3437  TOKEN_SOURCE LocalTokenSource;
3438  SECURITY_QUALITY_OF_SERVICE LocalSecurityQos;
3439  PLUID_AND_ATTRIBUTES CapturedPrivileges = NULL;
3440  PSID_AND_ATTRIBUTES CapturedUser = NULL;
3441  PSID_AND_ATTRIBUTES CapturedGroups = NULL;
3442  PSID CapturedOwnerSid = NULL;
3443  PSID CapturedPrimaryGroupSid = NULL;
3444  PACL CapturedDefaultDacl = NULL;
3445  ULONG PrivilegesLength, UserLength, GroupsLength;
3446  NTSTATUS Status;
3447 
3448  PAGED_CODE();
3449 
3450  PreviousMode = ExGetPreviousMode();
3451 
3452  if (PreviousMode != KernelMode)
3453  {
3454  _SEH2_TRY
3455  {
3456  ProbeForWriteHandle(TokenHandle);
3457 
3458  if (ObjectAttributes != NULL)
3459  {
3460  ProbeForRead(ObjectAttributes,
3461  sizeof(OBJECT_ATTRIBUTES),
3462  sizeof(ULONG));
3463  LocalSecurityQos = *(SECURITY_QUALITY_OF_SERVICE*)ObjectAttributes->SecurityQualityOfService;
3464  }
3465 
3466  ProbeForRead(AuthenticationId,
3467  sizeof(LUID),
3468  sizeof(ULONG));
3469  LocalAuthenticationId = *AuthenticationId;
3470 
3471  LocalExpirationTime = ProbeForReadLargeInteger(ExpirationTime);
3472 
3473  ProbeForRead(TokenUser,
3474  sizeof(TOKEN_USER),
3475  sizeof(ULONG));
3476 
3477  ProbeForRead(TokenGroups,
3478  sizeof(TOKEN_GROUPS),
3479  sizeof(ULONG));
3480  GroupCount = TokenGroups->GroupCount;
3481 
3482  ProbeForRead(TokenPrivileges,
3483  sizeof(TOKEN_PRIVILEGES),
3484  sizeof(ULONG));
3485  PrivilegeCount = TokenPrivileges->PrivilegeCount;
3486 
3487  if (TokenOwner != NULL)
3488  {
3489  ProbeForRead(TokenOwner,
3490  sizeof(TOKEN_OWNER),
3491  sizeof(ULONG));
3492  OwnerSid = TokenOwner->Owner;
3493  }
3494  else
3495  {
3496  OwnerSid = NULL;
3497  }
3498 
3499  ProbeForRead(TokenPrimaryGroup,
3500  sizeof(TOKEN_PRIMARY_GROUP),
3501  sizeof(ULONG));
3502  PrimaryGroupSid = TokenPrimaryGroup->PrimaryGroup;
3503 
3504  if (TokenDefaultDacl != NULL)
3505  {
3506  ProbeForRead(TokenDefaultDacl,
3507  sizeof(TOKEN_DEFAULT_DACL),
3508  sizeof(ULONG));
3509  DefaultDacl = TokenDefaultDacl->DefaultDacl;
3510  }
3511  else
3512  {
3513  DefaultDacl = NULL;
3514  }
3515 
3516  ProbeForRead(TokenSource,
3517  sizeof(TOKEN_SOURCE),
3518  sizeof(ULONG));
3519  LocalTokenSource = *TokenSource;
3520  }
3521  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
3522  {
3523  /* Return the exception code */
3524  _SEH2_YIELD(return _SEH2_GetExceptionCode());
3525  }
3526  _SEH2_END;
3527  }
3528  else
3529  {
3530  if (ObjectAttributes != NULL)
3531  LocalSecurityQos = *(SECURITY_QUALITY_OF_SERVICE*)ObjectAttributes->SecurityQualityOfService;
3532  LocalAuthenticationId = *AuthenticationId;
3533  LocalExpirationTime = *ExpirationTime;
3534  GroupCount = TokenGroups->GroupCount;
3535  PrivilegeCount = TokenPrivileges->PrivilegeCount;
3536  OwnerSid = TokenOwner ? TokenOwner->Owner : NULL;
3537  PrimaryGroupSid = TokenPrimaryGroup->PrimaryGroup;
3538  DefaultDacl = TokenDefaultDacl ? TokenDefaultDacl->DefaultDacl : NULL;
3539  LocalTokenSource = *TokenSource;
3540  }
3541 
3542  /* Check token type */
3543  if ((TokenType < TokenPrimary) ||
3544  (TokenType > TokenImpersonation))
3545  {
3546  return STATUS_BAD_TOKEN_TYPE;
3547  }
3548 
3549  /* Check for token creation privilege */
3550  if (!SeSinglePrivilegeCheck(SeCreateTokenPrivilege, PreviousMode))
3551  {
3552  return STATUS_PRIVILEGE_NOT_HELD;
3553  }
3554 
3555  /* Capture the user SID and attributes */
3556  Status = SeCaptureSidAndAttributesArray(&TokenUser->User,
3557  1,
3558  PreviousMode,
3559  NULL,
3560  0,
3561  PagedPool,
3562  FALSE,
3563  &CapturedUser,
3564  &UserLength);
3565  if (!NT_SUCCESS(Status))
3566  {
3567  goto Cleanup;
3568  }
3569 
3570  /* Capture the groups SID and attributes array */
3571  Status = SeCaptureSidAndAttributesArray(&TokenGroups->Groups[0],
3572  GroupCount,
3573  PreviousMode,
3574  NULL,
3575  0,
3576  PagedPool,
3577  FALSE,
3578  &CapturedGroups,
3579  &GroupsLength);
3580  if (!NT_SUCCESS(Status))
3581  {
3582  goto Cleanup;
3583  }
3584 
3585  /* Capture privileges */
3586  Status = SeCaptureLuidAndAttributesArray(&TokenPrivileges->Privileges[0],
3587  PrivilegeCount,
3588  PreviousMode,
3589  NULL,
3590  0,
3591  PagedPool,
3592  FALSE,
3593  &CapturedPrivileges,
3594  &PrivilegesLength);
3595  if (!NT_SUCCESS(Status))
3596  {
3597  goto Cleanup;
3598  }
3599 
3600  /* Capture the token owner SID */
3601  if (TokenOwner != NULL)
3602  {
3603  Status = SepCaptureSid(OwnerSid,
3604  PreviousMode,
3605  PagedPool,
3606  FALSE,
3607  &CapturedOwnerSid);
3608  if (!NT_SUCCESS(Status))
3609  {
3610  goto Cleanup;
3611  }
3612  }
3613 
3614  /* Capture the token primary group SID */
3615  Status = SepCaptureSid(PrimaryGroupSid,
3616  PreviousMode,
3617  PagedPool,
3618  FALSE,
3619  &CapturedPrimaryGroupSid);
3620  if (!NT_SUCCESS(Status))
3621  {
3622  goto Cleanup;
3623  }
3624 
3625  /* Capture DefaultDacl */
3626  if (DefaultDacl != NULL)
3627  {
3628  Status = SepCaptureAcl(DefaultDacl,
3629  PreviousMode,
3630  NonPagedPool,
3631  FALSE,
3632  &CapturedDefaultDacl);
3633  if (!NT_SUCCESS(Status))
3634  {
3635  goto Cleanup;
3636  }
3637  }
3638 
3639  /* Call the internal function */
3640  Status = SepCreateToken(&hToken,
3641  PreviousMode,
3642  DesiredAccess,
3643  ObjectAttributes,
3644  TokenType,
3645  LocalSecurityQos.ImpersonationLevel,
3646  &LocalAuthenticationId,
3647  &LocalExpirationTime,
3648  CapturedUser,
3649  GroupCount,
3650  CapturedGroups,
3651  0, // FIXME: Should capture
3652  PrivilegeCount,
3653  CapturedPrivileges,
3654  CapturedOwnerSid,
3655  CapturedPrimaryGroupSid,
3656  CapturedDefaultDacl,
3657  &LocalTokenSource,
3658  FALSE);
3659  if (NT_SUCCESS(Status))
3660  {
3661  _SEH2_TRY
3662  {
3663  *TokenHandle = hToken;
3664  }
3665  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
3666  {
3667  Status = _SEH2_GetExceptionCode();
3668  }
3669  _SEH2_END;
3670  }
3671 
3672 Cleanup:
3673 
3674  /* Release what we captured */
3675  SeReleaseSidAndAttributesArray(CapturedUser, PreviousMode, FALSE);
3676  SeReleaseSidAndAttributesArray(CapturedGroups, PreviousMode, FALSE);
3677  SeReleaseLuidAndAttributesArray(CapturedPrivileges, PreviousMode, FALSE);
3678  SepReleaseSid(CapturedOwnerSid, PreviousMode, FALSE);
3679  SepReleaseSid(CapturedPrimaryGroupSid, PreviousMode, FALSE);
3680  SepReleaseAcl(CapturedDefaultDacl, PreviousMode, FALSE);
3681 
3682  return Status;
3683 }
_LUID_AND_ATTRIBUTES
Definition: setypes.h:73
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
STATUS_PRIVILEGE_NOT_HELD
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
_TOKEN_DEFAULT_DACL
Definition: setypes.h:981
_TOKEN_GROUPS
Definition: setypes.h:959
_SID
Definition: ms-dtyp.idl:198
SeCreateTokenPrivilege
const LUID SeCreateTokenPrivilege
Definition: priv.c:19
SeReleaseSidAndAttributesArray
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Definition: sid.c:555
_TOKEN_PRIVILEGES
Definition: setypes.h:968
_OBJECT_ATTRIBUTES
Definition: umtypes.h:181
_ACL
Definition: ms-dtyp.idl:293
_TOKEN_PRIMARY_GROUP
Definition: setypes.h:977
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
SeReleaseLuidAndAttributesArray
VOID NTAPI SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege, KPROCESSOR_MODE PreviousMode, BOOLEAN CaptureIfKernel)
Definition: priv.c:383
SeSinglePrivilegeCheck
BOOLEAN NTAPI SeSinglePrivilegeCheck(IN LUID PrivilegeValue, IN KPROCESSOR_MODE PreviousMode)
Definition: priv.c:520
ExGetPreviousMode
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
SeCaptureLuidAndAttributesArray
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src, ULONG PrivilegeCount, KPROCESSOR_MODE PreviousMode, PLUID_AND_ATTRIBUTES AllocatedMem, ULONG AllocatedLength, POOL_TYPE PoolType, BOOLEAN CaptureIfKernel, PLUID_AND_ATTRIBUTES *Dest, PULONG Length)
Definition: priv.c:287
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
FALSE
#define FALSE
Definition: types.h:117
_LUID
Definition: devicetopology.idl:136
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
STATUS_BAD_TOKEN_TYPE
#define STATUS_BAD_TOKEN_TYPE
Definition: ntstatus.h:404
SepCaptureAcl
NTSTATUS NTAPI SepCaptureAcl(IN PACL InputAcl, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PACL *CapturedAcl)
Definition: acl.c:273
SepCreateToken
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Definition: token.c:877
TokenHandle
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
_TOKEN_OWNER
Definition: setypes.h:973
Status
Status
Definition: gdiplustypes.h:24
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
_SEH2_YIELD
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
SepReleaseAcl
VOID NTAPI SepReleaseAcl(IN PACL CapturedAcl, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: acl.c:361
_SID_AND_ATTRIBUTES
Definition: setypes.h:474
ProbeForWriteHandle
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
_SECURITY_QUALITY_OF_SERVICE
Definition: lsa.idl:63
ProbeForReadLargeInteger
#define ProbeForReadLargeInteger(Ptr)
Definition: probe.h:75
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
_TOKEN_USER
Definition: setypes.h:955
ProbeForRead
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
SeCaptureSidAndAttributesArray
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
Definition: sid.c:354
Cleanup
static const WCHAR Cleanup[]
Definition: register.c:80
_TOKEN_SOURCE
Definition: imports.h:277
_SEH2_END
_SEH2_END
Definition: create.c:4400
_SECURITY_QUALITY_OF_SERVICE::ImpersonationLevel
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
NULL
#define NULL
Definition: types.h:112
_LARGE_INTEGER
Definition: typedefs.h:102
SepReleaseSid
VOID NTAPI SepReleaseSid(IN PSID CapturedSid, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: sid.c:338
ULONG
unsigned int ULONG
Definition: retypes.h:1
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
SepCaptureSid
NTSTATUS NTAPI SepCaptureSid(IN PSID InputSid, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSID *CapturedSid)
Definition: sid.c:270
TokenType
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:417
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

Referenced by LsapLogonUser().

◆ NtDuplicateToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken ( _In_ HANDLE  ExistingTokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ BOOLEAN  EffectiveOnly,
_In_ TOKEN_TYPE  TokenType,
_Out_ PHANDLE  NewTokenHandle 
)

Definition at line 2936 of file token.c.

2943 {
2944  KPROCESSOR_MODE PreviousMode;
2945  HANDLE hToken;
2946  PTOKEN Token;
2947  PTOKEN NewToken;
2948  PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService;
2949  BOOLEAN QoSPresent;
2950  OBJECT_HANDLE_INFORMATION HandleInformation;
2951  NTSTATUS Status;
2952 
2953  PAGED_CODE();
2954 
2955  if (TokenType != TokenImpersonation &&
2956  TokenType != TokenPrimary)
2957  {
2958  return STATUS_INVALID_PARAMETER;
2959  }
2960 
2961  PreviousMode = KeGetPreviousMode();
2962 
2963  if (PreviousMode != KernelMode)
2964  {
2965  _SEH2_TRY
2966  {
2967  ProbeForWriteHandle(NewTokenHandle);
2968  }
2969  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2970  {
2971  /* Return the exception code */
2972  _SEH2_YIELD(return _SEH2_GetExceptionCode());
2973  }
2974  _SEH2_END;
2975  }
2976 
2977  Status = SepCaptureSecurityQualityOfService(ObjectAttributes,
2978  PreviousMode,
2979  PagedPool,
2980  FALSE,
2981  &CapturedSecurityQualityOfService,
2982  &QoSPresent);
2983  if (!NT_SUCCESS(Status))
2984  {
2985  DPRINT1("NtDuplicateToken() failed to capture QoS! Status: 0x%x\n", Status);
2986  return Status;
2987  }
2988 
2989  Status = ObReferenceObjectByHandle(ExistingTokenHandle,
2990  TOKEN_DUPLICATE,
2991  SeTokenObjectType,
2992  PreviousMode,
2993  (PVOID*)&Token,
2994  &HandleInformation);
2995  if (!NT_SUCCESS(Status))
2996  {
2997  DPRINT1("Failed to reference token (Status 0x%lx)\n", Status);
2998  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
2999  PreviousMode,
3000  FALSE);
3001  return Status;
3002  }
3003 
3004  /*
3005  * Fail, if the original token is an impersonation token and the caller
3006  * tries to raise the impersonation level of the new token above the
3007  * impersonation level of the original token.
3008  */
3009  if (Token->TokenType == TokenImpersonation)
3010  {
3011  if (QoSPresent &&
3012  CapturedSecurityQualityOfService->ImpersonationLevel >Token->ImpersonationLevel)
3013  {
3014  ObDereferenceObject(Token);
3015  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3016  PreviousMode,
3017  FALSE);
3018  return STATUS_BAD_IMPERSONATION_LEVEL;
3019  }
3020  }
3021 
3022  /*
3023  * Fail, if a primary token is to be created from an impersonation token
3024  * and and the impersonation level of the impersonation token is below SecurityImpersonation.
3025  */
3026  if (Token->TokenType == TokenImpersonation &&
3027  TokenType == TokenPrimary &&
3028  Token->ImpersonationLevel < SecurityImpersonation)
3029  {
3030  ObDereferenceObject(Token);
3031  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3032  PreviousMode,
3033  FALSE);
3034  return STATUS_BAD_IMPERSONATION_LEVEL;
3035  }
3036 
3037  Status = SepDuplicateToken(Token,
3038  ObjectAttributes,
3039  EffectiveOnly,
3040  TokenType,
3041  (QoSPresent ? CapturedSecurityQualityOfService->ImpersonationLevel : SecurityAnonymous),
3042  PreviousMode,
3043  &NewToken);
3044 
3045  ObDereferenceObject(Token);
3046 
3047  if (NT_SUCCESS(Status))
3048  {
3049  Status = ObInsertObject(NewToken,
3050  NULL,
3051  (DesiredAccess ? DesiredAccess : HandleInformation.GrantedAccess),
3052  0,
3053  NULL,
3054  &hToken);
3055  if (NT_SUCCESS(Status))
3056  {
3057  _SEH2_TRY
3058  {
3059  *NewTokenHandle = hToken;
3060  }
3061  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
3062  {
3063  Status = _SEH2_GetExceptionCode();
3064  }
3065  _SEH2_END;
3066  }
3067  }
3068 
3069  /* Free the captured structure */
3070  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3071  PreviousMode,
3072  FALSE);
3073 
3074  return Status;
3075 }
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
STATUS_BAD_IMPERSONATION_LEVEL
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:401
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
_OBJECT_HANDLE_INFORMATION
Definition: iotypes.h:158
KeGetPreviousMode
#define KeGetPreviousMode()
Definition: ketypes.h:1107
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
SepCaptureSecurityQualityOfService
NTSTATUS NTAPI SepCaptureSecurityQualityOfService(IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, OUT PBOOLEAN Present)
Definition: sd.c:207
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
SepDuplicateToken
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Definition: token.c:436
ObReferenceObjectByHandle
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:496
NewTokenHandle
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
Definition: sefuncs.h:417
FALSE
#define FALSE
Definition: types.h:117
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
SeTokenObjectType
POBJECT_TYPE SeTokenObjectType
Definition: token.c:29
Status
Status
Definition: gdiplustypes.h:24
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
_SEH2_YIELD
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203
ProbeForWriteHandle
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
HandleInformation
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
Definition: obfuncs.h:40
SepReleaseSecurityQualityOfService
VOID NTAPI SepReleaseSecurityQualityOfService(IN PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: sd.c:363
_SECURITY_QUALITY_OF_SERVICE
Definition: lsa.idl:63
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
TOKEN_DUPLICATE
#define TOKEN_DUPLICATE
Definition: setypes.h:872
_SEH2_END
_SEH2_END
Definition: create.c:4400
ObInsertObject
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2932
_SECURITY_QUALITY_OF_SERVICE::ImpersonationLevel
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
NULL
#define NULL
Definition: types.h:112
DPRINT1
#define DPRINT1
Definition: precomp.h:8
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
EffectiveOnly
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:417
_TOKEN
Definition: setypes.h:151
TokenType
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:417
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

◆ NtImpersonateAnonymousToken()

NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken ( _In_ HANDLE  Thread)

◆ NtOpenObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_opt_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ACCESS_MASK  GrantedAccess,
_In_opt_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  ObjectCreation,
_In_ BOOLEAN  AccessGranted,
_Out_ PBOOLEAN  GenerateOnClose 
)

Definition at line 1001 of file audit.c.

1014 {
1015  PTOKEN ClientToken;
1016  PSECURITY_DESCRIPTOR CapturedSecurityDescriptor;
1017  UNICODE_STRING CapturedSubsystemName, CapturedObjectTypeName, CapturedObjectName;
1018  ULONG PrivilegeCount, PrivilegeSetSize;
1019  volatile PPRIVILEGE_SET CapturedPrivilegeSet;
1020  BOOLEAN LocalGenerateOnClose;
1021  PVOID CapturedHandleId;
1022  SECURITY_SUBJECT_CONTEXT SubjectContext;
1023  NTSTATUS Status;
1024  PAGED_CODE();
1025 
1026  /* Only user mode is supported! */
1027  ASSERT(ExGetPreviousMode() != KernelMode);
1028 
1029  /* Start clean */
1030  ClientToken = NULL;
1031  CapturedSecurityDescriptor = NULL;
1032  CapturedPrivilegeSet = NULL;
1033  CapturedSubsystemName.Buffer = NULL;
1034  CapturedObjectTypeName.Buffer = NULL;
1035  CapturedObjectName.Buffer = NULL;
1036 
1037  /* Reference the client token */
1038  Status = ObReferenceObjectByHandle(ClientTokenHandle,
1039  TOKEN_QUERY,
1040  SeTokenObjectType,
1041  UserMode,
1042  (PVOID*)&ClientToken,
1043  NULL);
1044  if (!NT_SUCCESS(Status))
1045  {
1046  DPRINT1("Failed to reference token handle %p: %lx\n",
1047  ClientTokenHandle, Status);
1048  return Status;
1049  }
1050 
1051  /* Capture the security subject context */
1052  SeCaptureSubjectContext(&SubjectContext);
1053 
1054  /* Validate the token's impersonation level */
1055  if ((ClientToken->TokenType == TokenImpersonation) &&
1056  (ClientToken->ImpersonationLevel < SecurityIdentification))
1057  {
1058  DPRINT1("Invalid impersonation level (%u)\n", ClientToken->ImpersonationLevel);
1059  Status = STATUS_BAD_IMPERSONATION_LEVEL;
1060  goto Cleanup;
1061  }
1062 
1063  /* Check for audit privilege */
1064  if (!SeCheckAuditPrivilege(&SubjectContext, UserMode))
1065  {
1066  DPRINT1("Caller does not have SeAuditPrivilege\n");
1067  Status = STATUS_PRIVILEGE_NOT_HELD;
1068  goto Cleanup;
1069  }
1070 
1071  /* Check for NULL SecurityDescriptor */
1072  if (SecurityDescriptor == NULL)
1073  {
1074  /* Nothing to do */
1075  Status = STATUS_SUCCESS;
1076  goto Cleanup;
1077  }
1078 
1079  /* Capture the security descriptor */
1080  Status = SeCaptureSecurityDescriptor(SecurityDescriptor,
1081  UserMode,
1082  PagedPool,
1083  FALSE,
1084  &CapturedSecurityDescriptor);
1085  if (!NT_SUCCESS(Status))
1086  {
1087  DPRINT1("Failed to capture security descriptor!\n");
1088  goto Cleanup;
1089  }
1090 
1091  _SEH2_TRY
1092  {
1093  /* Check if we have a privilege set */
1094  if (PrivilegeSet != NULL)
1095  {
1096  /* Probe the basic privilege set structure */
1097  ProbeForRead(PrivilegeSet, sizeof(PRIVILEGE_SET), sizeof(ULONG));
1098 
1099  /* Validate privilege count */
1100  PrivilegeCount = PrivilegeSet->PrivilegeCount;
1101  if (PrivilegeCount > SEP_PRIVILEGE_SET_MAX_COUNT)
1102  {
1103  Status = STATUS_INVALID_PARAMETER;
1104  _SEH2_YIELD(goto Cleanup);
1105  }
1106 
1107  /* Calculate the size of the PrivilegeSet structure */
1108  PrivilegeSetSize = FIELD_OFFSET(PRIVILEGE_SET, Privilege[PrivilegeCount]);
1109 
1110  /* Probe the whole structure */
1111  ProbeForRead(PrivilegeSet, PrivilegeSetSize, sizeof(ULONG));
1112 
1113  /* Allocate a temp buffer */
1114  CapturedPrivilegeSet = ExAllocatePoolWithTag(PagedPool,
1115  PrivilegeSetSize,
1116  TAG_PRIVILEGE_SET);
1117  if (CapturedPrivilegeSet == NULL)
1118  {
1119  DPRINT1("Failed to allocate %u bytes\n", PrivilegeSetSize);
1120  Status = STATUS_INSUFFICIENT_RESOURCES;
1121  _SEH2_YIELD(goto Cleanup);
1122  }
1123 
1124  /* Copy the privileges */
1125  RtlCopyMemory(CapturedPrivilegeSet, PrivilegeSet, PrivilegeSetSize);
1126  }
1127 
1128  if (HandleId != NULL)
1129  {
1130  ProbeForRead(HandleId, sizeof(PVOID), sizeof(PVOID));
1131  CapturedHandleId = *(PVOID*)HandleId;
1132  }
1133 
1134  ProbeForWrite(GenerateOnClose, sizeof(BOOLEAN), sizeof(BOOLEAN));
1135  }
1136  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1137  {
1138  Status = _SEH2_GetExceptionCode();
1139  DPRINT1("Exception while probing parameters: 0x%lx\n", Status);
1140  _SEH2_YIELD(goto Cleanup);
1141  }
1142  _SEH2_END;
1143 
1144  /* Probe and capture the subsystem name */
1145  Status = ProbeAndCaptureUnicodeString(&CapturedSubsystemName,
1146  UserMode,
1147  SubsystemName);
1148  if (!NT_SUCCESS(Status))
1149  {
1150  DPRINT1("Failed to capture subsystem name!\n");
1151  goto Cleanup;
1152  }
1153 
1154  /* Probe and capture the object type name */
1155  Status = ProbeAndCaptureUnicodeString(&CapturedObjectTypeName,
1156  UserMode,
1157  ObjectTypeName);
1158  if (!NT_SUCCESS(Status))
1159  {
1160  DPRINT1("Failed to capture object type name!\n");
1161  goto Cleanup;
1162  }
1163 
1164  /* Probe and capture the object name */
1165  Status = ProbeAndCaptureUnicodeString(&CapturedObjectName,
1166  UserMode,
1167  ObjectName);
1168  if (!NT_SUCCESS(Status))
1169  {
1170  DPRINT1("Failed to capture object name!\n");
1171  goto Cleanup;
1172  }
1173 
1174  /* Call the internal function */
1175  SepOpenObjectAuditAlarm(&SubjectContext,
1176  &CapturedSubsystemName,
1177  CapturedHandleId,
1178  &CapturedObjectTypeName,
1179  &CapturedObjectName,
1180  CapturedSecurityDescriptor,
1181  ClientToken,
1182  DesiredAccess,
1183  GrantedAccess,
1184  CapturedPrivilegeSet,
1185  ObjectCreation,
1186  AccessGranted,
1187  &LocalGenerateOnClose);
1188 
1189  Status = STATUS_SUCCESS;
1190 
1191  /* Enter SEH to copy the data back to user mode */
1192  _SEH2_TRY
1193  {
1194  *GenerateOnClose = LocalGenerateOnClose;
1195  }
1196  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1197  {
1198  Status = _SEH2_GetExceptionCode();
1199  DPRINT1("Exception while copying back data: 0x%lx\n", Status);
1200  }
1201  _SEH2_END;
1202 
1203 Cleanup:
1204 
1205  if (CapturedObjectName.Buffer != NULL)
1206  ReleaseCapturedUnicodeString(&CapturedObjectName, UserMode);
1207 
1208  if (CapturedObjectTypeName.Buffer != NULL)
1209  ReleaseCapturedUnicodeString(&CapturedObjectTypeName, UserMode);
1210 
1211  if (CapturedSubsystemName.Buffer != NULL)
1212  ReleaseCapturedUnicodeString(&CapturedSubsystemName, UserMode);
1213 
1214  if (CapturedSecurityDescriptor != NULL)
1215  SeReleaseSecurityDescriptor(CapturedSecurityDescriptor, UserMode, FALSE);
1216 
1217  if (CapturedPrivilegeSet != NULL)
1218  ExFreePoolWithTag(CapturedPrivilegeSet, TAG_PRIVILEGE_SET);
1219 
1220  /* Release the security subject context */
1221  SeReleaseSubjectContext(&SubjectContext);
1222 
1223  ObDereferenceObject(ClientToken);
1224 
1225  return Status;
1226 }
ProbeAndCaptureUnicodeString
static __inline NTSTATUS ProbeAndCaptureUnicodeString(OUT PUNICODE_STRING Dest, IN KPROCESSOR_MODE CurrentMode, IN const UNICODE_STRING *UnsafeSrc)
Definition: probe.h:142
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
ObjectTypeName
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
_TOKEN::TokenType
TOKEN_TYPE TokenType
Definition: setypes.h:175
SeCaptureSubjectContext
VOID NTAPI SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:301
STATUS_PRIVILEGE_NOT_HELD
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
SubjectContext
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
SeReleaseSubjectContext
VOID NTAPI SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:360
STATUS_BAD_IMPERSONATION_LEVEL
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:401
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
_PRIVILEGE_SET
Definition: setypes.h:85
ExGetPreviousMode
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
ObjectName
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
SEP_PRIVILEGE_SET_MAX_COUNT
#define SEP_PRIVILEGE_SET_MAX_COUNT
Definition: audit.c:17
ProbeForWrite
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
SeReleaseSecurityDescriptor
NTSTATUS NTAPI SeReleaseSecurityDescriptor(IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN BOOLEAN CaptureIfKernelMode)
Definition: sd.c:766
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
ObReferenceObjectByHandle
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:496
FALSE
#define FALSE
Definition: types.h:117
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
SeTokenObjectType
POBJECT_TYPE SeTokenObjectType
Definition: token.c:29
Status
Status
Definition: gdiplustypes.h:24
ReleaseCapturedUnicodeString
static __inline VOID ReleaseCapturedUnicodeString(IN PUNICODE_STRING CapturedString, IN KPROCESSOR_MODE CurrentMode)
Definition: probe.h:239
TOKEN_QUERY
#define TOKEN_QUERY
Definition: setypes.h:874
_SEH2_YIELD
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
ASSERT
#define ASSERT(a)
Definition: mode.c:45
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203
GenerateOnClose
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
Privilege
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
Definition: user_lib.cpp:531
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
ProbeForRead
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
Cleanup
static const WCHAR Cleanup[]
Definition: register.c:80
_UNICODE_STRING
Definition: env_spec_w32.h:368
_SEH2_END
_SEH2_END
Definition: create.c:4400
AccessGranted
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:414
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
NULL
#define NULL
Definition: types.h:112
SeCheckAuditPrivilege
BOOLEAN NTAPI SeCheckAuditPrivilege(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Definition: priv.c:253
_SECURITY_SUBJECT_CONTEXT
Definition: setypes.h:189
DPRINT1
#define DPRINT1
Definition: precomp.h:8
_TOKEN::ImpersonationLevel
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:176
ULONG
unsigned int ULONG
Definition: retypes.h:1
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
SeCaptureSecurityDescriptor
NTSTATUS NTAPI SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Definition: sd.c:430
TAG_PRIVILEGE_SET
#define TAG_PRIVILEGE_SET
Definition: tag.h:179
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
GrantedAccess
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
_TOKEN
Definition: setypes.h:151
SepOpenObjectAuditAlarm
VOID NTAPI SepOpenObjectAuditAlarm(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PTOKEN ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
Definition: audit.c:967
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

◆ NtOpenProcessTokenEx()

NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

◆ NtPrivilegeCheck()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck ( _In_ HANDLE  ClientToken,
_Inout_ PPRIVILEGE_SET  RequiredPrivileges,
_Out_ PBOOLEAN  Result 
)

◆ NtPrivilegedServiceAuditAlarm()

NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PUNICODE_STRING  ServiceName,
_In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ NtPrivilegeObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ NtSetInformationToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken ( _In_ HANDLE  TokenHandle,
_In_ TOKEN_INFORMATION_CLASS  TokenInformationClass,
_In_reads_bytes_(TokenInformationLength) PVOID  TokenInformation,
_In_ ULONG  TokenInformationLength 
)

Definition at line 2409 of file token.c.

2414 {
2415  NTSTATUS Status;
2416  PTOKEN Token;
2417  KPROCESSOR_MODE PreviousMode;
2418  ULONG NeededAccess = TOKEN_ADJUST_DEFAULT;
2419 
2420  PAGED_CODE();
2421 
2422  PreviousMode = ExGetPreviousMode();
2423 
2424  Status = DefaultSetInfoBufferCheck(TokenInformationClass,
2425  SeTokenInformationClass,
2426  RTL_NUMBER_OF(SeTokenInformationClass),
2427  TokenInformation,
2428  TokenInformationLength,
2429  PreviousMode);
2430  if (!NT_SUCCESS(Status))
2431  {
2432  /* Invalid buffers */
2433  DPRINT("NtSetInformationToken() failed, Status: 0x%x\n", Status);
2434  return Status;
2435  }
2436 
2437  if (TokenInformationClass == TokenSessionId)
2438  {
2439  NeededAccess |= TOKEN_ADJUST_SESSIONID;
2440  }
2441 
2442  Status = ObReferenceObjectByHandle(TokenHandle,
2443  NeededAccess,
2444  SeTokenObjectType,
2445  PreviousMode,
2446  (PVOID*)&Token,
2447  NULL);
2448  if (NT_SUCCESS(Status))
2449  {
2450  switch (TokenInformationClass)
2451  {
2452  case TokenOwner:
2453  {
2454  if (TokenInformationLength >= sizeof(TOKEN_OWNER))
2455  {
2456  PTOKEN_OWNER to = (PTOKEN_OWNER)TokenInformation;
2457  PSID InputSid = NULL, CapturedSid;
2458  ULONG DefaultOwnerIndex;
2459 
2460  _SEH2_TRY
2461  {
2462  InputSid = to->Owner;
2463  }
2464  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2465  {
2466  Status = _SEH2_GetExceptionCode();
2467  _SEH2_YIELD(goto Cleanup);
2468  }
2469  _SEH2_END;
2470 
2471  Status = SepCaptureSid(InputSid,
2472  PreviousMode,
2473  PagedPool,
2474  FALSE,
2475  &CapturedSid);
2476  if (NT_SUCCESS(Status))
2477  {
2478  /* Lock the token */
2479  SepAcquireTokenLockExclusive(Token);
2480 
2481  /* Find the owner amongst the existing token user and groups */
2482  Status = SepFindPrimaryGroupAndDefaultOwner(Token,
2483  NULL,
2484  CapturedSid,
2485  NULL,
2486  &DefaultOwnerIndex);
2487  if (NT_SUCCESS(Status))
2488  {
2489  /* Found it */
2490  Token->DefaultOwnerIndex = DefaultOwnerIndex;
2491  ExAllocateLocallyUniqueId(&Token->ModifiedId);
2492  }
2493 
2494  /* Unlock the token */
2495  SepReleaseTokenLock(Token);
2496 
2497  SepReleaseSid(CapturedSid,
2498  PreviousMode,
2499  FALSE);
2500  }
2501  }
2502  else
2503  {
2504  Status = STATUS_INFO_LENGTH_MISMATCH;
2505  }
2506  break;
2507  }
2508 
2509  case TokenPrimaryGroup:
2510  {
2511  if (TokenInformationLength >= sizeof(TOKEN_PRIMARY_GROUP))
2512  {
2513  PTOKEN_PRIMARY_GROUP tpg = (PTOKEN_PRIMARY_GROUP)TokenInformation;
2514  PSID InputSid = NULL, CapturedSid;
2515  ULONG PrimaryGroupIndex;
2516 
2517  _SEH2_TRY
2518  {
2519  InputSid = tpg->PrimaryGroup;
2520  }
2521  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2522  {
2523  Status = _SEH2_GetExceptionCode();
2524  _SEH2_YIELD(goto Cleanup);
2525  }
2526  _SEH2_END;
2527 
2528  Status = SepCaptureSid(InputSid,
2529  PreviousMode,
2530  PagedPool,
2531  FALSE,
2532  &CapturedSid);
2533  if (NT_SUCCESS(Status))
2534  {
2535  /* Lock the token */
2536  SepAcquireTokenLockExclusive(Token);
2537 
2538  /* Find the primary group amongst the existing token user and groups */
2539  Status = SepFindPrimaryGroupAndDefaultOwner(Token,
2540  CapturedSid,
2541  NULL,
2542  &PrimaryGroupIndex,
2543  NULL);
2544  if (NT_SUCCESS(Status))
2545  {
2546  /* Found it */
2547  Token->PrimaryGroup = Token->UserAndGroups[PrimaryGroupIndex].Sid;
2548  ExAllocateLocallyUniqueId(&Token->ModifiedId);
2549  }
2550 
2551  /* Unlock the token */
2552  SepReleaseTokenLock(Token);
2553 
2554  SepReleaseSid(CapturedSid,
2555  PreviousMode,
2556  FALSE);
2557  }
2558  }
2559  else
2560  {
2561  Status = STATUS_INFO_LENGTH_MISMATCH;
2562  }
2563  break;
2564  }
2565 
2566  case TokenDefaultDacl:
2567  {
2568  if (TokenInformationLength >= sizeof(TOKEN_DEFAULT_DACL))
2569  {
2570  PTOKEN_DEFAULT_DACL tdd = (PTOKEN_DEFAULT_DACL)TokenInformation;
2571  PACL InputAcl = NULL;
2572 
2573  _SEH2_TRY
2574  {
2575  InputAcl = tdd->DefaultDacl;
2576  }
2577  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2578  {
2579  Status = _SEH2_GetExceptionCode();
2580  _SEH2_YIELD(goto Cleanup);
2581  }
2582  _SEH2_END;
2583 
2584  if (InputAcl != NULL)
2585  {
2586  PACL CapturedAcl;
2587 
2588  /* Capture and copy the dacl */
2589  Status = SepCaptureAcl(InputAcl,
2590  PreviousMode,
2591  PagedPool,
2592  TRUE,
2593  &CapturedAcl);
2594  if (NT_SUCCESS(Status))
2595  {
2596  ULONG DynamicLength;
2597 
2598  /* Lock the token */
2599  SepAcquireTokenLockExclusive(Token);
2600 
2601  //
2602  // NOTE: So far our dynamic area only contains
2603  // the default dacl, so this makes the following
2604  // code pretty simple. The day where it stores
2605  // other data, the code will require adaptations.
2606  //
2607 
2608  DynamicLength = Token->DynamicAvailable;
2609  // Add here any other data length present in the dynamic area...
2610  if (Token->DefaultDacl)
2611  DynamicLength += Token->DefaultDacl->AclSize;
2612 
2613  /* Reallocate the dynamic area if it is too small */
2614  Status = STATUS_SUCCESS;
2615  if ((DynamicLength < CapturedAcl->AclSize) ||
2616  (Token->DynamicPart == NULL))
2617  {
2618  PVOID NewDynamicPart;
2619 
2620  NewDynamicPart = ExAllocatePoolWithTag(PagedPool,
2621  CapturedAcl->AclSize,
2622  TAG_TOKEN_DYNAMIC);
2623  if (NewDynamicPart == NULL)
2624  {
2625  Status = STATUS_INSUFFICIENT_RESOURCES;
2626  }
2627  else
2628  {
2629  if (Token->DynamicPart != NULL)
2630  {
2631  // RtlCopyMemory(NewDynamicPart, Token->DynamicPart, DynamicLength);
2632  ExFreePoolWithTag(Token->DynamicPart, TAG_TOKEN_DYNAMIC);
2633  }
2634  Token->DynamicPart = NewDynamicPart;
2635  Token->DynamicAvailable = 0;
2636  }
2637  }
2638  else
2639  {
2640  Token->DynamicAvailable = DynamicLength - CapturedAcl->AclSize;
2641  }
2642 
2643  if (NT_SUCCESS(Status))
2644  {
2645  /* Set the new dacl */
2646  Token->DefaultDacl = (PVOID)Token->DynamicPart;
2647  RtlCopyMemory(Token->DefaultDacl,
2648  CapturedAcl,
2649  CapturedAcl->AclSize);
2650 
2651  ExAllocateLocallyUniqueId(&Token->ModifiedId);
2652  }
2653 
2654  /* Unlock the token */
2655  SepReleaseTokenLock(Token);
2656 
2657  ExFreePoolWithTag(CapturedAcl, TAG_ACL);
2658  }
2659  }
2660  else
2661  {
2662  /* Lock the token */
2663  SepAcquireTokenLockExclusive(Token);
2664 
2665  /* Clear the default dacl if present */
2666  if (Token->DefaultDacl != NULL)
2667  {
2668  Token->DynamicAvailable += Token->DefaultDacl->AclSize;
2669  RtlZeroMemory(Token->DefaultDacl, Token->DefaultDacl->AclSize);
2670  Token->DefaultDacl = NULL;
2671 
2672  ExAllocateLocallyUniqueId(&Token->ModifiedId);
2673  }
2674 
2675  /* Unlock the token */
2676  SepReleaseTokenLock(Token);
2677  }
2678  }
2679  else
2680  {
2681  Status = STATUS_INFO_LENGTH_MISMATCH;
2682  }
2683  break;
2684  }
2685 
2686  case TokenSessionId:
2687  {
2688  ULONG SessionId = 0;
2689 
2690  _SEH2_TRY
2691  {
2692  /* Buffer size was already verified, no need to check here again */
2693  SessionId = *(PULONG)TokenInformation;
2694  }
2695  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2696  {
2697  Status = _SEH2_GetExceptionCode();
2698  _SEH2_YIELD(goto Cleanup);
2699  }
2700  _SEH2_END;
2701 
2702  /* Check for TCB privilege */
2703  if (!SeSinglePrivilegeCheck(SeTcbPrivilege, PreviousMode))
2704  {
2705  Status = STATUS_PRIVILEGE_NOT_HELD;
2706  break;
2707  }
2708 
2709  /* Lock the token */
2710  SepAcquireTokenLockExclusive(Token);
2711 
2712  Token->SessionId = SessionId;
2713  ExAllocateLocallyUniqueId(&Token->ModifiedId);
2714 
2715  /* Unlock the token */
2716  SepReleaseTokenLock(Token);
2717 
2718  break;
2719  }
2720 
2721  case TokenSessionReference:
2722  {
2723  ULONG SessionReference;
2724 
2725  _SEH2_TRY
2726  {
2727  /* Buffer size was already verified, no need to check here again */
2728  SessionReference = *(PULONG)TokenInformation;
2729  }
2730  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2731  {
2732  Status = _SEH2_GetExceptionCode();
2733  _SEH2_YIELD(goto Cleanup);
2734  }
2735  _SEH2_END;
2736 
2737  /* Check for TCB privilege */
2738  if (!SeSinglePrivilegeCheck(SeTcbPrivilege, PreviousMode))
2739  {
2740  Status = STATUS_PRIVILEGE_NOT_HELD;
2741  goto Cleanup;
2742  }
2743 
2744  /* Check if it is 0 */
2745  if (SessionReference == 0)
2746  {
2747  ULONG OldTokenFlags;
2748 
2749  /* Lock the token */
2750  SepAcquireTokenLockExclusive(Token);
2751 
2752  /* Atomically set the flag in the token */
2753  OldTokenFlags = RtlInterlockedSetBits(&Token->TokenFlags,
2754  TOKEN_SESSION_NOT_REFERENCED);
2755  /*
2756  * If the flag was already set, do not dereference again
2757  * the logon session. Use SessionReference as an indicator
2758  * to know whether to really dereference the session.
2759  */
2760  if (OldTokenFlags == Token->TokenFlags)
2761  SessionReference = ULONG_MAX;
2762 
2763  /* Unlock the token */
2764  SepReleaseTokenLock(Token);
2765  }
2766 
2767  /* Dereference the logon session if needed */
2768  if (SessionReference == 0)
2769  SepRmDereferenceLogonSession(&Token->AuthenticationId);
2770 
2771  break;
2772  }
2773 
2774  case TokenAuditPolicy:
2775  {
2776  PTOKEN_AUDIT_POLICY_INFORMATION PolicyInformation =
2777  (PTOKEN_AUDIT_POLICY_INFORMATION)TokenInformation;
2778  SEP_AUDIT_POLICY AuditPolicy;
2779  ULONG i;
2780 
2781  _SEH2_TRY
2782  {
2783  ProbeForRead(PolicyInformation,
2784  FIELD_OFFSET(TOKEN_AUDIT_POLICY_INFORMATION,
2785  Policies[PolicyInformation->PolicyCount]),
2786  sizeof(ULONG));
2787 
2788  /* Loop all policies in the structure */
2789  for (i = 0; i < PolicyInformation->PolicyCount; i++)
2790  {
2791  /* Set the corresponding bits in the packed structure */
2792  switch (PolicyInformation->Policies[i].Category)
2793  {
2794  case AuditCategorySystem:
2795  AuditPolicy.PolicyElements.System = PolicyInformation->Policies[i].Value;
2796  break;
2797 
2798  case AuditCategoryLogon:
2799  AuditPolicy.PolicyElements.Logon = PolicyInformation->Policies[i].Value;
2800  break;
2801 
2802  case AuditCategoryObjectAccess:
2803  AuditPolicy.PolicyElements.ObjectAccess = PolicyInformation->Policies[i].Value;
2804  break;
2805 
2806  case AuditCategoryPrivilegeUse:
2807  AuditPolicy.PolicyElements.PrivilegeUse = PolicyInformation->Policies[i].Value;
2808  break;
2809 
2810  case AuditCategoryDetailedTracking:
2811  AuditPolicy.PolicyElements.DetailedTracking = PolicyInformation->Policies[i].Value;
2812  break;
2813 
2814  case AuditCategoryPolicyChange:
2815  AuditPolicy.PolicyElements.PolicyChange = PolicyInformation->Policies[i].Value;
2816  break;
2817 
2818  case AuditCategoryAccountManagement:
2819  AuditPolicy.PolicyElements.AccountManagement = PolicyInformation->Policies[i].Value;
2820  break;
2821 
2822  case AuditCategoryDirectoryServiceAccess:
2823  AuditPolicy.PolicyElements.DirectoryServiceAccess = PolicyInformation->Policies[i].Value;
2824  break;
2825 
2826  case AuditCategoryAccountLogon:
2827  AuditPolicy.PolicyElements.AccountLogon = PolicyInformation->Policies[i].Value;
2828  break;
2829  }
2830  }
2831  }
2832  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2833  {
2834  Status = _SEH2_GetExceptionCode();
2835  _SEH2_YIELD(goto Cleanup);
2836  }
2837  _SEH2_END;
2838 
2839  /* Check for TCB privilege */
2840  if (!SeSinglePrivilegeCheck(SeTcbPrivilege, PreviousMode))
2841  {
2842  Status = STATUS_PRIVILEGE_NOT_HELD;
2843  break;
2844  }
2845 
2846  /* Lock the token */
2847  SepAcquireTokenLockExclusive(Token);
2848 
2849  /* Set the new audit policy */
2850  Token->AuditPolicy = AuditPolicy;
2851  ExAllocateLocallyUniqueId(&Token->ModifiedId);
2852 
2853  /* Unlock the token */
2854  SepReleaseTokenLock(Token);
2855 
2856  break;
2857  }
2858 
2859  case TokenOrigin:
2860  {
2861  TOKEN_ORIGIN TokenOrigin;
2862 
2863  _SEH2_TRY
2864  {
2865  /* Copy the token origin */
2866  TokenOrigin = *(PTOKEN_ORIGIN)TokenInformation;
2867  }
2868  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
2869  {
2870  Status = _SEH2_GetExceptionCode();
2871  _SEH2_YIELD(goto Cleanup);
2872  }
2873  _SEH2_END;
2874 
2875  /* Check for TCB privilege */
2876  if (!SeSinglePrivilegeCheck(SeTcbPrivilege, PreviousMode))
2877  {
2878  Status = STATUS_PRIVILEGE_NOT_HELD;
2879  break;
2880  }
2881 
2882  /* Lock the token */
2883  SepAcquireTokenLockExclusive(Token);
2884 
2885  /* Check if there is no token origin set yet */
2886  if (RtlIsZeroLuid(&Token->OriginatingLogonSession))
2887  {
2888  /* Set the token origin */
2889  Token->OriginatingLogonSession =
2890  TokenOrigin.OriginatingLogonSession;
2891 
2892  ExAllocateLocallyUniqueId(&Token->ModifiedId);
2893  }
2894 
2895  /* Unlock the token */
2896  SepReleaseTokenLock(Token);
2897 
2898  break;
2899  }
2900 
2901  default:
2902  {
2903  DPRINT1("Invalid TokenInformationClass: 0x%lx\n",
2904  TokenInformationClass);
2905  Status = STATUS_INVALID_INFO_CLASS;
2906  break;
2907  }
2908  }
2909 Cleanup:
2910  ObDereferenceObject(Token);
2911  }
2912 
2913  if (!NT_SUCCESS(Status))
2914  {
2915  DPRINT1("NtSetInformationToken failed with Status 0x%lx\n", Status);
2916  }
2917 
2918  return Status;
2919 }
_TOKEN_PRIMARY_GROUP::PrimaryGroup
PSID PrimaryGroup
Definition: setypes.h:978
SepAcquireTokenLockExclusive
#define SepAcquireTokenLockExclusive(Token)
Definition: se.h:200
SepFindPrimaryGroupAndDefaultOwner
static NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Definition: token.c:340
_TOKEN_AUDIT_POLICY_INFORMATION::Policies
struct _TOKEN_AUDIT_POLICY_INFORMATION::@1816 Policies[1]
STATUS_PRIVILEGE_NOT_HELD
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
_TOKEN_DEFAULT_DACL
Definition: setypes.h:981
_SEP_AUDIT_POLICY_CATEGORIES::DirectoryServiceAccess
UCHAR DirectoryServiceAccess
Definition: setypes.h:123
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
STATUS_INFO_LENGTH_MISMATCH
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133
_SID
Definition: ms-dtyp.idl:198
_TOKEN_AUDIT_POLICY_INFORMATION::PolicyCount
ULONG PolicyCount
Definition: token.c:19
PTOKEN_PRIMARY_GROUP
struct _TOKEN_PRIMARY_GROUP * PTOKEN_PRIMARY_GROUP
TokenInformationLength
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
Definition: sefuncs.h:320
TRUE
#define TRUE
Definition: types.h:120
_ACL::AclSize
USHORT AclSize
Definition: ms-dtyp.idl:296
_ACL
Definition: ms-dtyp.idl:293
_TOKEN_PRIMARY_GROUP
Definition: setypes.h:977
SessionId
ULONG SessionId
Definition: dllmain.c:28
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
SeSinglePrivilegeCheck
BOOLEAN NTAPI SeSinglePrivilegeCheck(IN LUID PrivilegeValue, IN KPROCESSOR_MODE PreviousMode)
Definition: priv.c:520
ExGetPreviousMode
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3066
DefaultSetInfoBufferCheck
static __inline NTSTATUS DefaultSetInfoBufferCheck(ULONG Class, const INFORMATION_CLASS_INFO *ClassList, ULONG ClassListEntries, PVOID Buffer, ULONG BufferLength, KPROCESSOR_MODE PreviousMode)
Definition: probe.h:8
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
_SEP_AUDIT_POLICY_CATEGORIES::PrivilegeUse
UCHAR PrivilegeUse
Definition: setypes.h:119
ObReferenceObjectByHandle
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:496
PTOKEN_DEFAULT_DACL
struct _TOKEN_DEFAULT_DACL * PTOKEN_DEFAULT_DACL
FALSE
#define FALSE
Definition: types.h:117
PTOKEN_ORIGIN
struct _TOKEN_ORIGIN * PTOKEN_ORIGIN
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
_SEP_AUDIT_POLICY_CATEGORIES::Logon
UCHAR Logon
Definition: setypes.h:117
SeTokenObjectType
POBJECT_TYPE SeTokenObjectType
Definition: token.c:29
SepCaptureAcl
NTSTATUS NTAPI SepCaptureAcl(IN PACL InputAcl, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PACL *CapturedAcl)
Definition: acl.c:273
_SEP_AUDIT_POLICY
Definition: setypes.h:133
_TOKEN_OWNER::Owner
PSID Owner
Definition: setypes.h:974
DPRINT
void DPRINT(...)
Definition: polytest.cpp:61
TOKEN_ADJUST_DEFAULT
#define TOKEN_ADJUST_DEFAULT
Definition: setypes.h:878
TokenHandle
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
PVOID
void * PVOID
Definition: retypes.h:9
SepRmDereferenceLogonSession
NTSTATUS SepRmDereferenceLogonSession(PLUID LogonLuid)
Definition: srm.c:664
_TOKEN_OWNER
Definition: setypes.h:973
Status
Status
Definition: gdiplustypes.h:24
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
_SEH2_YIELD
#define _SEH2_YIELD(STMT_)
Definition: pseh2_64.h:8
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
PTOKEN_AUDIT_POLICY_INFORMATION
struct _TOKEN_AUDIT_POLICY_INFORMATION * PTOKEN_AUDIT_POLICY_INFORMATION
_TOKEN_AUDIT_POLICY_INFORMATION
Definition: token.c:17
_TOKEN_ORIGIN
Definition: setypes.h:1052
ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203
RtlIsZeroLuid
#define RtlIsZeroLuid(_L1)
Definition: rtlfuncs.h:753
_SEP_AUDIT_POLICY::PolicyElements
SEP_AUDIT_POLICY_CATEGORIES PolicyElements
Definition: setypes.h:137
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PTOKEN_OWNER
struct _TOKEN_OWNER * PTOKEN_OWNER
ProbeForRead
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
STATUS_INVALID_INFO_CLASS
#define STATUS_INVALID_INFO_CLASS
Definition: ntstatus.h:240
SepReleaseTokenLock
#define SepReleaseTokenLock(Token)
Definition: se.h:211
_SEP_AUDIT_POLICY_CATEGORIES::AccountManagement
UCHAR AccountManagement
Definition: setypes.h:122
TAG_TOKEN_DYNAMIC
#define TAG_TOKEN_DYNAMIC
Definition: tag.h:180
Cleanup
static const WCHAR Cleanup[]
Definition: register.c:80
_SEP_AUDIT_POLICY_CATEGORIES::ObjectAccess
UCHAR ObjectAccess
Definition: setypes.h:118
_TOKEN_DEFAULT_DACL::DefaultDacl
PACL DefaultDacl
Definition: setypes.h:982
_SEP_AUDIT_POLICY_CATEGORIES::DetailedTracking
UCHAR DetailedTracking
Definition: setypes.h:120
_SEP_AUDIT_POLICY_CATEGORIES::PolicyChange
UCHAR PolicyChange
Definition: setypes.h:121
SeTcbPrivilege
const LUID SeTcbPrivilege
Definition: priv.c:24
TAG_ACL
#define TAG_ACL
Definition: tag.h:174
_SEH2_END
_SEH2_END
Definition: create.c:4400
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
RTL_NUMBER_OF
#define RTL_NUMBER_OF(x)
Definition: RtlRegistry.c:12
_SEP_AUDIT_POLICY_CATEGORIES::AccountLogon
UCHAR AccountLogon
Definition: setypes.h:124
ExAllocateLocallyUniqueId
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:334
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
PULONG
unsigned int * PULONG
Definition: retypes.h:1
NULL
#define NULL
Definition: types.h:112
SepReleaseSid
VOID NTAPI SepReleaseSid(IN PSID CapturedSid, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: sid.c:338
DPRINT1
#define DPRINT1
Definition: precomp.h:8
RtlInterlockedSetBits
#define RtlInterlockedSetBits(Flags, Flag)
Definition: rtlfuncs.h:3436
_SEP_AUDIT_POLICY_CATEGORIES::System
UCHAR System
Definition: setypes.h:116
ULONG
unsigned int ULONG
Definition: retypes.h:1
RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
SeTokenInformationClass
static const INFORMATION_CLASS_INFO SeTokenInformationClass[]
Definition: token.c:43
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:12
_TOKEN
Definition: setypes.h:151
TOKEN_ADJUST_SESSIONID
#define TOKEN_ADJUST_SESSIONID
Definition: setypes.h:879
SepCaptureSid
NTSTATUS NTAPI SepCaptureSid(IN PSID InputSid, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSID *CapturedSid)
Definition: sid.c:270
TOKEN_SESSION_NOT_REFERENCED
#define TOKEN_SESSION_NOT_REFERENCED
Definition: setypes.h:1130
TokenInformationClass
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
Definition: sefuncs.h:318
ULONG_MAX
#define ULONG_MAX
Definition: limits.h:44
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

◆ SeCaptureSecurityDescriptor()

NTKERNELAPI NTSTATUS NTAPI SeCaptureSecurityDescriptor ( _In_ PSECURITY_DESCRIPTOR  OriginalSecurityDescriptor,
_In_ KPROCESSOR_MODE  CurrentMode,
_In_ POOL_TYPE  PoolType,
_In_ BOOLEAN  CaptureIfKernel,
_Out_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor 
)

◆ SeCreateAccessState()

NTKERNELAPI NTSTATUS NTAPI SeCreateAccessState ( PACCESS_STATE  AccessState,
PAUX_ACCESS_DATA  AuxData,
ACCESS_MASK  Access,
PGENERIC_MAPPING  GenericMapping 
)

◆ SeDeleteAccessState()

NTKERNELAPI VOID NTAPI SeDeleteAccessState ( _In_ PACCESS_STATE  AccessState)

◆ SeReleaseSecurityDescriptor()

NTKERNELAPI NTSTATUS NTAPI SeReleaseSecurityDescriptor ( _In_ PSECURITY_DESCRIPTOR  CapturedSecurityDescriptor,
_In_ KPROCESSOR_MODE  CurrentMode,
_In_ BOOLEAN  CaptureIfKernelMode 
)

◆ SeTokenImpersonationLevel()

NTKERNELAPI SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel ( _In_ PACCESS_TOKEN  Token)

◆ ZwAccessCheck()

NTSYSAPI NTSTATUS NTAPI ZwAccessCheck ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_ PPRIVILEGE_SET  PrivilegeSet,
_Out_ PULONG  ReturnLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ ZwAdjustGroupsToken()

NTSYSAPI NTSTATUS NTAPI ZwAdjustGroupsToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  ResetToDefault,
_In_ PTOKEN_GROUPS  NewState,
_In_ ULONG  BufferLength,
_Out_opt_ PTOKEN_GROUPS  PreviousState,
_Out_ PULONG  ReturnLength 
)

◆ ZwAdjustPrivilegesToken()

_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI ZwAdjustPrivilegesToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  DisableAllPrivileges,
_In_opt_ PTOKEN_PRIVILEGES  NewState,
_In_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES  PreviousState,
_When_(PreviousState !=NULL, _Out_) PULONG  ReturnLength 
)

Referenced by RtlAcquirePrivilege(), RtlAdjustPrivilege(), RtlpSysVolTakeOwnership(), and RtlReleasePrivilege().

◆ ZwAllocateLocallyUniqueId()

NTSYSAPI NTSTATUS NTAPI ZwAllocateLocallyUniqueId ( _Out_ LUID LocallyUniqueId)

Referenced by CreateInitialSystemToken().

◆ ZwAllocateUuids()

NTSYSAPI NTSTATUS NTAPI ZwAllocateUuids ( PULARGE_INTEGER  Time,
PULONG  Range,
PULONG  Sequence,
PUCHAR  Seed 
)

◆ ZwCreateToken()

NTSYSAPI NTSTATUS NTAPI ZwCreateToken ( _Out_ PHANDLE  TokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ TOKEN_TYPE  TokenType,
_In_ PLUID  AuthenticationId,
_In_ PLARGE_INTEGER  ExpirationTime,
_In_ PTOKEN_USER  TokenUser,
_In_ PTOKEN_GROUPS  TokenGroups,
_In_ PTOKEN_PRIVILEGES  TokenPrivileges,
_In_ PTOKEN_OWNER  TokenOwner,
_In_ PTOKEN_PRIMARY_GROUP  TokenPrimaryGroup,
_In_ PTOKEN_DEFAULT_DACL  TokenDefaultDacl,
_In_ PTOKEN_SOURCE  TokenSource 
)

Referenced by CreateInitialSystemToken().

◆ ZwImpersonateAnonymousToken()

NTSYSAPI NTSTATUS NTAPI ZwImpersonateAnonymousToken ( _In_ HANDLE  Thread)

◆ ZwOpenObjectAuditAlarm()

NTSYSAPI NTSTATUS NTAPI ZwOpenObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ULONG  DesiredAccess,
_In_ ULONG  GrantedAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  ObjectCreation,
_In_ BOOLEAN  AccessGranted,
_Out_ PBOOLEAN  GenerateOnClose 
)

◆ ZwOpenProcessTokenEx()

NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

Referenced by RtlFormatCurrentUserKeyPath().

◆ ZwPrivilegeCheck()

NTSYSAPI NTSTATUS NTAPI ZwPrivilegeCheck ( _In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  RequiredPrivileges,
_In_ PBOOLEAN  Result 
)

◆ ZwPrivilegedServiceAuditAlarm()

NTSYSAPI NTSTATUS NTAPI ZwPrivilegedServiceAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PUNICODE_STRING  ServiceName,
_In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ ZwPrivilegeObjectAuditAlarm()

NTSYSAPI NTSTATUS NTAPI ZwPrivilegeObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PVOID  HandleId,
_In_ HANDLE  ClientToken,
_In_ ULONG  DesiredAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ ZwSetInformationToken()

NTSYSAPI NTSTATUS NTAPI ZwSetInformationToken ( _In_ HANDLE  TokenHandle,
_In_ TOKEN_INFORMATION_CLASS  TokenInformationClass,
_Out_ PVOID  TokenInformation,
_In_ ULONG  TokenInformationLength 
)

Variable Documentation

◆ DesiredAccess

_In_ ACCESS_MASK DesiredAccess

Definition at line 417 of file sefuncs.h.

◆ EffectiveOnly

_Must_inspect_result_ _In_opt_ PACCESS_TOKEN _In_ BOOLEAN _In_ BOOLEAN EffectiveOnly

Definition at line 417 of file sefuncs.h.

Referenced by GetProcessLuid(), NtCloseObjectAuditAlarm(), NtDuplicateToken(), NtOpenThreadTokenEx(), ObpReferenceDeviceMap(), PsImpersonateClient(), PsReferenceEffectiveToken(), PsReferenceImpersonationToken(), SeCaptureSubjectContextEx(), and SeImpersonateClientEx().

◆ Length

_In_ TOKEN_INFORMATION_CLASS _In_ ULONG Length

Definition at line 509 of file sefuncs.h.

◆ NewTokenHandle

_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle

Definition at line 417 of file sefuncs.h.

Referenced by NtDuplicateToken().

◆ ObjectAttributes

_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes

Definition at line 417 of file sefuncs.h.

◆ ResultLength

_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ResultLength

Definition at line 509 of file sefuncs.h.

◆ ReturnLength

_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ReturnLength

Definition at line 320 of file sefuncs.h.

◆ TokenHandle

_In_ ACCESS_MASK _Out_ PHANDLE TokenHandle

Definition at line 455 of file sefuncs.h.

◆ TokenInformationClass

_In_ TOKEN_INFORMATION_CLASS TokenInformationClass

Definition at line 318 of file sefuncs.h.

Referenced by GetTokenInformation(), NtQueryInformationToken(), NtSetInformationToken(), SeQueryInformationToken(), and SetTokenInformation().

◆ TokenInformationLength

_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength

Definition at line 320 of file sefuncs.h.

Referenced by GetTokenInformation(), NtQueryInformationToken(), NtSetInformationToken(), and SetTokenInformation().

◆ TokenType

_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType

Definition at line 417 of file sefuncs.h.

Referenced by CreateProcessAsUserCommon(), CreateRestrictedToken(), DuplicateTokenEx(), ImpersonateLoggedOnUser(), ImpersonatePrinterClient(), NpFreeClientSecurityContext(), NtCreateToken(), NtDuplicateToken(), NtQueryInformationToken(), PsReferenceEffectiveToken(), SeCreateClientSecurity(), SepCreateClientSecurity(), SepCreateToken(), SepDuplicateToken(), SeQueryInformationToken(), test_CreateRestrictedToken(), TestsSeQueryInformationToken(), validate_impersonation_token(), and WhoamiGetTokenInfo().