ReactOS  0.4.15-dev-2991-g632fa1c
Functions | Variables
sefuncs.h File Reference
#include <umtypes.h>
Include dependency graph for sefuncs.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

NTKERNELAPI NTSTATUS NTAPI SeCaptureSecurityDescriptor (_In_ PSECURITY_DESCRIPTOR OriginalSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
 
NTKERNELAPI NTSTATUS NTAPI SeReleaseSecurityDescriptor (_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
 
NTKERNELAPI NTSTATUS NTAPI SeCreateAccessState (PACCESS_STATE AccessState, PAUX_ACCESS_DATA AuxData, ACCESS_MASK Access, PGENERIC_MAPPING GenericMapping)
 
NTKERNELAPI VOID NTAPI SeDeleteAccessState (_In_ PACCESS_STATE AccessState)
 
NTKERNELAPI SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel (_In_ PACCESS_TOKEN Token)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheck (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_ PPRIVILEGE_SET PrivilegeSet, _Out_ PULONG ReturnLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
NTSTATUS NTAPI NtAccessCheckByType (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
NTSTATUS NTAPI NtAccessCheckByTypeResultList (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeLength, _In_ PGENERIC_MAPPING GenericMapping, _In_ PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _In_ BOOLEAN ObjectCreation, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus, _Out_ PBOOLEAN GenerateOnClose)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_opt_ PTOKEN_GROUPS NewState, _In_opt_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS PreviousState, _Out_ PULONG ReturnLength)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAllocateLocallyUniqueId (_Out_ LUID *LocallyUniqueId)
 
NTSYSCALLAPI NTSTATUS NTAPI NtAllocateUuids (PULARGE_INTEGER Time, PULONG Range, PULONG Sequence, PUCHAR Seed)
 
NTSYSCALLAPI NTSTATUS NTAPI NtCompareTokens (_In_ HANDLE FirstTokenHandle, _In_ HANDLE SecondTokenHandle, _Out_ PBOOLEAN Equal)
 Compares tokens if they're equal or not. More...
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateToken (_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_opt_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_opt_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken (_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
 
NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken (_In_ HANDLE ThreadHandle)
 Allows the calling thread to impersonate the system's anonymous logon token. More...
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
 
NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck (_In_ HANDLE ClientToken, _Inout_ PPRIVILEGE_SET RequiredPrivileges, _Out_ PBOOLEAN Result)
 
NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
 _When_ (TokenInformationClass==TokenAccessInformation, _At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))) _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle
 
_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ (TokenInformationLength, *ReturnLength) PVOID TokenInformation
 
_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken (_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
 
NTSYSAPI NTSTATUS NTAPI ZwAccessCheck (_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_ PPRIVILEGE_SET PrivilegeSet, _Out_ PULONG ReturnLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
 
NTSYSAPI NTSTATUS NTAPI ZwAdjustGroupsToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN ResetToDefault, _In_ PTOKEN_GROUPS NewState, _In_ ULONG BufferLength, _Out_opt_ PTOKEN_GROUPS PreviousState, _Out_ PULONG ReturnLength)
 
_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI ZwAdjustPrivilegesToken (_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState !=NULL, _Out_) PULONG ReturnLength)
 
NTSYSAPI NTSTATUS NTAPI ZwAllocateLocallyUniqueId (_Out_ LUID *LocallyUniqueId)
 
NTSYSAPI NTSTATUS NTAPI ZwAllocateUuids (PULARGE_INTEGER Time, PULONG Range, PULONG Sequence, PUCHAR Seed)
 
NTSYSAPI NTSTATUS NTAPI ZwCreateToken (_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
 
 _IRQL_requires_max_ (PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwDuplicateToken(_In_ HANDLE ExistingTokenHandle
 
NTSYSAPI NTSTATUS NTAPI ZwImpersonateAnonymousToken (_In_ HANDLE Thread)
 
NTSYSAPI NTSTATUS NTAPI ZwOpenObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_ ULONG DesiredAccess, _In_ ULONG GrantedAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
 
NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx (_In_ HANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _Out_ PHANDLE TokenHandle)
 
NTSYSAPI NTSTATUS NTAPI ZwPrivilegeCheck (_In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET RequiredPrivileges, _In_ PBOOLEAN Result)
 
NTSYSAPI NTSTATUS NTAPI ZwPrivilegedServiceAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PUNICODE_STRING ServiceName, _In_ HANDLE ClientToken, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
NTSYSAPI NTSTATUS NTAPI ZwPrivilegeObjectAuditAlarm (_In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ HANDLE ClientToken, _In_ ULONG DesiredAccess, _In_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN AccessGranted)
 
_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ (Length, *ResultLength) PVOID TokenInformation
 
NTSYSAPI NTSTATUS NTAPI ZwSetInformationToken (_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_ PVOID TokenInformation, _In_ ULONG TokenInformationLength)
 

Variables

_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ReturnLength
 
_In_ ACCESS_MASK DesiredAccess
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
 
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
 
_In_ ACCESS_MASK _Out_ PHANDLE TokenHandle
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG Length
 
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ResultLength
 

Function Documentation

◆ _IRQL_requires_max_()

_IRQL_requires_max_ ( PASSIVE_LEVEL  )

Definition at line 64 of file Messaging.c.

75 {
76  PFLT_SERVER_PORT_OBJECT PortObject;
77  NTSTATUS Status;
78 
79  /* The caller must allow at least one connection */
80  if (MaxConnections == 0)
81  {
82  return STATUS_INVALID_PARAMETER;
83  }
84 
85  /* The request must be for a kernel handle */
86  if (!(ObjectAttributes->Attributes & OBJ_KERNEL_HANDLE))
87  {
88  return STATUS_INVALID_PARAMETER;
89  }
90 
91  /*
92  * Get rundown protection on the target to stop the owner
93  * from unloading whilst this port object is open. It gets
94  * removed in the FltpServerPortClose callback
95  */
96  Status = FltObjectReference(Filter);
97  if (!NT_SUCCESS(Status))
98  {
99  return Status;
100  }
101 
102  /* Create the server port object for this filter */
103  Status = ObCreateObject(KernelMode,
104  ServerPortObjectType,
105  ObjectAttributes,
106  KernelMode,
107  NULL,
108  sizeof(FLT_SERVER_PORT_OBJECT),
109  0,
110  0,
111  (PVOID *)&PortObject);
112  if (NT_SUCCESS(Status))
113  {
114  /* Zero out the struct */
115  RtlZeroMemory(PortObject, sizeof(FLT_SERVER_PORT_OBJECT));
116 
117  /* Increment the ref count on the target filter */
118  FltpObjectPointerReference((PFLT_OBJECT)Filter);
119 
120  /* Setup the filter port object */
121  PortObject->Filter = Filter;
122  PortObject->ConnectNotify = ConnectNotifyCallback;
123  PortObject->DisconnectNotify = DisconnectNotifyCallback;
124  PortObject->MessageNotify = MessageNotifyCallback;
125  PortObject->Cookie = ServerPortCookie;
126  PortObject->MaxConnections = MaxConnections;
127 
128  /* Insert the object */
129  Status = ObInsertObject(PortObject,
130  NULL,
131  STANDARD_RIGHTS_ALL | FILE_READ_DATA,
132  0,
133  NULL,
134  (PHANDLE)ServerPort);
135  if (NT_SUCCESS(Status))
136  {
137  /* Lock the connection list */
138  ExAcquireFastMutex(&Filter->ConnectionList.mLock);
139 
140  /* Add the new port object to the connection list and increment the count */
141  InsertTailList(&Filter->ConnectionList.mList, &PortObject->FilterLink);
142  Filter->ConnectionList.mCount++;
143 
144  /* Unlock the connection list*/
145  ExReleaseFastMutex(&Filter->ConnectionList.mLock);
146  }
147  }
148 
149  if (!NT_SUCCESS(Status))
150  {
151  /* Allow the filter to be cleaned up */
152  FltObjectDereference(Filter);
153  }
154 
155  return Status;
156 }
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
ServerPort
_Must_inspect_result_ _Outptr_ PFLT_PORT * ServerPort
Definition: fltkernel.h:1872
_FLT_SERVER_PORT_OBJECT::ConnectNotify
PFLT_CONNECT_NOTIFY ConnectNotify
Definition: fltmgrint.h:191
FltObjectDereference
VOID FLTAPI FltObjectDereference(_Inout_ PVOID Object)
Definition: Object.c:53
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
_FLT_MUTEX_LIST_HEAD::mCount
ULONG mCount
Definition: fltmgrint.h:57
InsertTailList
#define InsertTailList(ListHead, Entry)
Definition: env_spec_w32.h:1003
OBJ_KERNEL_HANDLE
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
ExReleaseFastMutex
VOID FASTCALL ExReleaseFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:31
FltpObjectPointerReference
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
_FLT_MUTEX_LIST_HEAD::mList
LIST_ENTRY mList
Definition: fltmgrint.h:56
Filter
_Must_inspect_result_ _In_opt_ PFLT_FILTER Filter
Definition: fltkernel.h:1801
FILE_READ_DATA
#define FILE_READ_DATA
Definition: nt_native.h:628
ObCreateObject
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:952
Status
Status
Definition: gdiplustypes.h:24
_FLT_SERVER_PORT_OBJECT::Cookie
PVOID Cookie
Definition: fltmgrint.h:195
ServerPortObjectType
POBJECT_TYPE ServerPortObjectType
Definition: Messaging.c:24
_FLT_OBJECT
Definition: fltmgrint.h:25
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
DisconnectNotifyCallback
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1872
_FLT_SERVER_PORT_OBJECT::MaxConnections
LONG MaxConnections
Definition: fltmgrint.h:198
PHANDLE
PVOID *typedef PHANDLE
Definition: ntsecpkg.h:454
ConnectNotifyCallback
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1872
_FLT_SERVER_PORT_OBJECT
Definition: fltmgrint.h:188
ObInsertObject
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2931
STANDARD_RIGHTS_ALL
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
ExAcquireFastMutex
VOID FASTCALL ExAcquireFastMutex(IN PFAST_MUTEX FastMutex)
Definition: fmutex.c:23
FltObjectReference
NTSTATUS FLTAPI FltObjectReference(_Inout_ PVOID Object)
Definition: Object.c:41
ServerPortCookie
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1872
_FLT_SERVER_PORT_OBJECT::Filter
PFLT_FILTER Filter
Definition: fltmgrint.h:194
NULL
#define NULL
Definition: types.h:112
_FLT_MUTEX_LIST_HEAD::mLock
FAST_MUTEX mLock
Definition: fltmgrint.h:55
_FLT_SERVER_PORT_OBJECT::MessageNotify
PFLT_MESSAGE_NOTIFY MessageNotify
Definition: fltmgrint.h:193
_FLT_SERVER_PORT_OBJECT::FilterLink
LIST_ENTRY FilterLink
Definition: fltmgrint.h:190
RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
MaxConnections
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY _In_ LONG MaxConnections
Definition: fltkernel.h:1872
_FLT_SERVER_PORT_OBJECT::DisconnectNotify
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
MessageNotifyCallback
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1872
_FLT_FILTER::ConnectionList
FLT_MUTEX_LIST_HEAD ConnectionList
Definition: fltmgrint.h:121

◆ _Out_writes_bytes_to_opt_() [1/2]

_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ ( TokenInformationLength  ,
ReturnLength 
)

◆ _Out_writes_bytes_to_opt_() [2/2]

_In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ ( Length  ,
ResultLength 
)

◆ _When_()

_When_ ( TokenInformationClass  = TokenAccessInformation,
_At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION)))   
)

◆ NtAccessCheck()

NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheck ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_ PPRIVILEGE_SET  PrivilegeSet,
_Out_ PULONG  ReturnLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ NtAccessCheckAndAuditAlarm()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ BOOLEAN  ObjectCreation,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus,
_Out_ PBOOLEAN  GenerateOnClose 
)

Definition at line 1408 of file audit.c.

1420 {
1421  /* Call the internal function */
1422  return SepAccessCheckAndAuditAlarm(SubsystemName,
1423  HandleId,
1424  NULL,
1425  ObjectTypeName,
1426  ObjectName,
1427  SecurityDescriptor,
1428  NULL,
1429  DesiredAccess,
1430  AuditEventObjectAccess,
1431  0,
1432  NULL,
1433  0,
1434  GenericMapping,
1435  GrantedAccess,
1436  AccessStatus,
1437  GenerateOnClose,
1438  FALSE);
1439 }
ObjectTypeName
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
AccessStatus
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
ObjectName
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
FALSE
#define FALSE
Definition: types.h:117
GenerateOnClose
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
GenericMapping
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
NULL
#define NULL
Definition: types.h:112
GrantedAccess
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
SepAccessCheckAndAuditAlarm
_Must_inspect_result_ NTSTATUS NTAPI SepAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PHANDLE ClientTokenHandle, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccessList, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatusList, _Out_ PBOOLEAN GenerateOnClose, _In_ BOOLEAN UseResultList)
Definition: audit.c:371

◆ NtAccessCheckByType()

NTSTATUS NTAPI NtAccessCheckByType ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PSID  PrincipalSelfSid,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ PPRIVILEGE_SET  PrivilegeSet,
_Inout_ PULONG  PrivilegeSetLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ NtAccessCheckByTypeResultList()

NTSTATUS NTAPI NtAccessCheckByTypeResultList ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ PSID  PrincipalSelfSid,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_TYPE_LIST  ObjectTypeList,
_In_ ULONG  ObjectTypeLength,
_In_ PGENERIC_MAPPING  GenericMapping,
_In_ PPRIVILEGE_SET  PrivilegeSet,
_Inout_ PULONG  PrivilegeSetLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ NtAdjustGroupsToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  ResetToDefault,
_In_opt_ PTOKEN_GROUPS  NewState,
_In_opt_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS  PreviousState,
_Out_ PULONG  ReturnLength 
)

◆ NtAdjustPrivilegesToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  DisableAllPrivileges,
_In_opt_ PTOKEN_PRIVILEGES  NewState,
_In_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES  PreviousState,
_When_(PreviousState !=NULL, _Out_) PULONG  ReturnLength 
)

◆ NtAllocateLocallyUniqueId()

NTSYSCALLAPI NTSTATUS NTAPI NtAllocateLocallyUniqueId ( _Out_ LUID LocallyUniqueId)

◆ NtAllocateUuids()

NTSYSCALLAPI NTSTATUS NTAPI NtAllocateUuids ( PULARGE_INTEGER  Time,
PULONG  Range,
PULONG  Sequence,
PUCHAR  Seed 
)

◆ NtCompareTokens()

NTSYSCALLAPI NTSTATUS NTAPI NtCompareTokens ( _In_ HANDLE  FirstTokenHandle,
_In_ HANDLE  SecondTokenHandle,
_Out_ PBOOLEAN  Equal 
)

Compares tokens if they're equal or not.

Parameters
[in]FirstTokenThe first token.
[in]SecondTokenThe second token.
[out]EqualThe retrieved value which determines if the tokens are equal or not.
Returns
Returns STATUS_SUCCESS, otherwise it returns a failure NTSTATUS code.

Definition at line 4476 of file token.c.

4480 {
4481  KPROCESSOR_MODE PreviousMode;
4482  PTOKEN FirstToken, SecondToken;
4483  BOOLEAN IsEqual;
4484  NTSTATUS Status;
4485 
4486  PAGED_CODE();
4487 
4488  PreviousMode = ExGetPreviousMode();
4489 
4490  if (PreviousMode != KernelMode)
4491  {
4492  _SEH2_TRY
4493  {
4494  ProbeForWriteBoolean(Equal);
4495  }
4496  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
4497  {
4498  /* Return the exception code */
4499  _SEH2_YIELD(return _SEH2_GetExceptionCode());
4500  }
4501  _SEH2_END;
4502  }
4503 
4504  Status = ObReferenceObjectByHandle(FirstTokenHandle,
4505  TOKEN_QUERY,
4506  SeTokenObjectType,
4507  PreviousMode,
4508  (PVOID*)&FirstToken,
4509  NULL);
4510  if (!NT_SUCCESS(Status))
4511  {
4512  DPRINT1("ObReferenceObjectByHandle() failed (Status 0x%lx)\n", Status);
4513  return Status;
4514  }
4515 
4516  Status = ObReferenceObjectByHandle(SecondTokenHandle,
4517  TOKEN_QUERY,
4518  SeTokenObjectType,
4519  PreviousMode,
4520  (PVOID*)&SecondToken,
4521  NULL);
4522  if (!NT_SUCCESS(Status))
4523  {
4524  DPRINT1("ObReferenceObjectByHandle() failed (Status 0x%lx)\n", Status);
4525  ObDereferenceObject(FirstToken);
4526  return Status;
4527  }
4528 
4529  if (FirstToken != SecondToken)
4530  {
4531  Status = SepCompareTokens(FirstToken,
4532  SecondToken,
4533  &IsEqual);
4534  }
4535  else
4536  {
4537  IsEqual = TRUE;
4538  }
4539 
4540  ObDereferenceObject(SecondToken);
4541  ObDereferenceObject(FirstToken);
4542 
4543  if (NT_SUCCESS(Status))
4544  {
4545  _SEH2_TRY
4546  {
4547  *Equal = IsEqual;
4548  }
4549  _SEH2_EXCEPT(ExSystemExceptionFilter())
4550  {
4551  Status = _SEH2_GetExceptionCode();
4552  }
4553  _SEH2_END;
4554  }
4555 
4556  return Status;
4557 }
TRUE
#define TRUE
Definition: types.h:120
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
ExGetPreviousMode
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3070
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
ObReferenceObjectByHandle
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
SeTokenObjectType
POBJECT_TYPE SeTokenObjectType
Definition: token.c:19
Status
Status
Definition: gdiplustypes.h:24
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
TOKEN_QUERY
#define TOKEN_QUERY
Definition: setypes.h:878
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
SepCompareTokens
static NTSTATUS SepCompareTokens(_In_ PTOKEN FirstToken, _In_ PTOKEN SecondToken, _Out_ PBOOLEAN Equal)
Compares tokens if they're equal based on all the following properties. If all of the said conditions...
Definition: token.c:288
ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203
ProbeForWriteBoolean
#define ProbeForWriteBoolean(Ptr)
Definition: probe.h:31
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
_SEH2_END
_SEH2_END
Definition: create.c:4400
ExSystemExceptionFilter
LONG NTAPI ExSystemExceptionFilter(VOID)
Definition: harderr.c:351
NULL
#define NULL
Definition: types.h:112
DPRINT1
#define DPRINT1
Definition: precomp.h:8
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
_SEH2_YIELD
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
_TOKEN
Definition: setypes.h:197
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

Referenced by START_TEST().

◆ NtCreateToken()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateToken ( _Out_ PHANDLE  TokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ TOKEN_TYPE  TokenType,
_In_ PLUID  AuthenticationId,
_In_ PLARGE_INTEGER  ExpirationTime,
_In_ PTOKEN_USER  TokenUser,
_In_ PTOKEN_GROUPS  TokenGroups,
_In_ PTOKEN_PRIVILEGES  TokenPrivileges,
_In_opt_ PTOKEN_OWNER  TokenOwner,
_In_ PTOKEN_PRIMARY_GROUP  TokenPrimaryGroup,
_In_opt_ PTOKEN_DEFAULT_DACL  TokenDefaultDacl,
_In_ PTOKEN_SOURCE  TokenSource 
)

Definition at line 3991 of file token.c.

4005 {
4006  HANDLE hToken;
4007  KPROCESSOR_MODE PreviousMode;
4008  ULONG PrivilegeCount, GroupCount;
4009  PSID OwnerSid, PrimaryGroupSid;
4010  PACL DefaultDacl;
4011  LARGE_INTEGER LocalExpirationTime = {{0, 0}};
4012  LUID LocalAuthenticationId;
4013  TOKEN_SOURCE LocalTokenSource;
4014  SECURITY_QUALITY_OF_SERVICE LocalSecurityQos;
4015  PLUID_AND_ATTRIBUTES CapturedPrivileges = NULL;
4016  PSID_AND_ATTRIBUTES CapturedUser = NULL;
4017  PSID_AND_ATTRIBUTES CapturedGroups = NULL;
4018  PSID CapturedOwnerSid = NULL;
4019  PSID CapturedPrimaryGroupSid = NULL;
4020  PACL CapturedDefaultDacl = NULL;
4021  ULONG PrivilegesLength, UserLength, GroupsLength;
4022  NTSTATUS Status;
4023 
4024  PAGED_CODE();
4025 
4026  PreviousMode = ExGetPreviousMode();
4027 
4028  if (PreviousMode != KernelMode)
4029  {
4030  _SEH2_TRY
4031  {
4032  ProbeForWriteHandle(TokenHandle);
4033 
4034  if (ObjectAttributes != NULL)
4035  {
4036  ProbeForRead(ObjectAttributes,
4037  sizeof(OBJECT_ATTRIBUTES),
4038  sizeof(ULONG));
4039  LocalSecurityQos = *(SECURITY_QUALITY_OF_SERVICE*)ObjectAttributes->SecurityQualityOfService;
4040  }
4041 
4042  ProbeForRead(AuthenticationId,
4043  sizeof(LUID),
4044  sizeof(ULONG));
4045  LocalAuthenticationId = *AuthenticationId;
4046 
4047  LocalExpirationTime = ProbeForReadLargeInteger(ExpirationTime);
4048 
4049  ProbeForRead(TokenUser,
4050  sizeof(TOKEN_USER),
4051  sizeof(ULONG));
4052 
4053  ProbeForRead(TokenGroups,
4054  sizeof(TOKEN_GROUPS),
4055  sizeof(ULONG));
4056  GroupCount = TokenGroups->GroupCount;
4057 
4058  ProbeForRead(TokenPrivileges,
4059  sizeof(TOKEN_PRIVILEGES),
4060  sizeof(ULONG));
4061  PrivilegeCount = TokenPrivileges->PrivilegeCount;
4062 
4063  if (TokenOwner != NULL)
4064  {
4065  ProbeForRead(TokenOwner,
4066  sizeof(TOKEN_OWNER),
4067  sizeof(ULONG));
4068  OwnerSid = TokenOwner->Owner;
4069  }
4070  else
4071  {
4072  OwnerSid = NULL;
4073  }
4074 
4075  ProbeForRead(TokenPrimaryGroup,
4076  sizeof(TOKEN_PRIMARY_GROUP),
4077  sizeof(ULONG));
4078  PrimaryGroupSid = TokenPrimaryGroup->PrimaryGroup;
4079 
4080  if (TokenDefaultDacl != NULL)
4081  {
4082  ProbeForRead(TokenDefaultDacl,
4083  sizeof(TOKEN_DEFAULT_DACL),
4084  sizeof(ULONG));
4085  DefaultDacl = TokenDefaultDacl->DefaultDacl;
4086  }
4087  else
4088  {
4089  DefaultDacl = NULL;
4090  }
4091 
4092  ProbeForRead(TokenSource,
4093  sizeof(TOKEN_SOURCE),
4094  sizeof(ULONG));
4095  LocalTokenSource = *TokenSource;
4096  }
4097  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
4098  {
4099  /* Return the exception code */
4100  _SEH2_YIELD(return _SEH2_GetExceptionCode());
4101  }
4102  _SEH2_END;
4103  }
4104  else
4105  {
4106  if (ObjectAttributes != NULL)
4107  LocalSecurityQos = *(SECURITY_QUALITY_OF_SERVICE*)ObjectAttributes->SecurityQualityOfService;
4108  LocalAuthenticationId = *AuthenticationId;
4109  LocalExpirationTime = *ExpirationTime;
4110  GroupCount = TokenGroups->GroupCount;
4111  PrivilegeCount = TokenPrivileges->PrivilegeCount;
4112  OwnerSid = TokenOwner ? TokenOwner->Owner : NULL;
4113  PrimaryGroupSid = TokenPrimaryGroup->PrimaryGroup;
4114  DefaultDacl = TokenDefaultDacl ? TokenDefaultDacl->DefaultDacl : NULL;
4115  LocalTokenSource = *TokenSource;
4116  }
4117 
4118  /* Check token type */
4119  if ((TokenType < TokenPrimary) ||
4120  (TokenType > TokenImpersonation))
4121  {
4122  return STATUS_BAD_TOKEN_TYPE;
4123  }
4124 
4125  /* Check for token creation privilege */
4126  if (!SeSinglePrivilegeCheck(SeCreateTokenPrivilege, PreviousMode))
4127  {
4128  return STATUS_PRIVILEGE_NOT_HELD;
4129  }
4130 
4131  /* Capture the user SID and attributes */
4132  Status = SeCaptureSidAndAttributesArray(&TokenUser->User,
4133  1,
4134  PreviousMode,
4135  NULL,
4136  0,
4137  PagedPool,
4138  FALSE,
4139  &CapturedUser,
4140  &UserLength);
4141  if (!NT_SUCCESS(Status))
4142  {
4143  goto Cleanup;
4144  }
4145 
4146  /* Capture the groups SID and attributes array */
4147  Status = SeCaptureSidAndAttributesArray(&TokenGroups->Groups[0],
4148  GroupCount,
4149  PreviousMode,
4150  NULL,
4151  0,
4152  PagedPool,
4153  FALSE,
4154  &CapturedGroups,
4155  &GroupsLength);
4156  if (!NT_SUCCESS(Status))
4157  {
4158  goto Cleanup;
4159  }
4160 
4161  /* Capture privileges */
4162  Status = SeCaptureLuidAndAttributesArray(&TokenPrivileges->Privileges[0],
4163  PrivilegeCount,
4164  PreviousMode,
4165  NULL,
4166  0,
4167  PagedPool,
4168  FALSE,
4169  &CapturedPrivileges,
4170  &PrivilegesLength);
4171  if (!NT_SUCCESS(Status))
4172  {
4173  goto Cleanup;
4174  }
4175 
4176  /* Capture the token owner SID */
4177  if (TokenOwner != NULL)
4178  {
4179  Status = SepCaptureSid(OwnerSid,
4180  PreviousMode,
4181  PagedPool,
4182  FALSE,
4183  &CapturedOwnerSid);
4184  if (!NT_SUCCESS(Status))
4185  {
4186  goto Cleanup;
4187  }
4188  }
4189 
4190  /* Capture the token primary group SID */
4191  Status = SepCaptureSid(PrimaryGroupSid,
4192  PreviousMode,
4193  PagedPool,
4194  FALSE,
4195  &CapturedPrimaryGroupSid);
4196  if (!NT_SUCCESS(Status))
4197  {
4198  goto Cleanup;
4199  }
4200 
4201  /* Capture DefaultDacl */
4202  if (DefaultDacl != NULL)
4203  {
4204  Status = SepCaptureAcl(DefaultDacl,
4205  PreviousMode,
4206  NonPagedPool,
4207  FALSE,
4208  &CapturedDefaultDacl);
4209  if (!NT_SUCCESS(Status))
4210  {
4211  goto Cleanup;
4212  }
4213  }
4214 
4215  /* Call the internal function */
4216  Status = SepCreateToken(&hToken,
4217  PreviousMode,
4218  DesiredAccess,
4219  ObjectAttributes,
4220  TokenType,
4221  LocalSecurityQos.ImpersonationLevel,
4222  &LocalAuthenticationId,
4223  &LocalExpirationTime,
4224  CapturedUser,
4225  GroupCount,
4226  CapturedGroups,
4227  GroupsLength,
4228  PrivilegeCount,
4229  CapturedPrivileges,
4230  CapturedOwnerSid,
4231  CapturedPrimaryGroupSid,
4232  CapturedDefaultDacl,
4233  &LocalTokenSource,
4234  FALSE);
4235  if (NT_SUCCESS(Status))
4236  {
4237  _SEH2_TRY
4238  {
4239  *TokenHandle = hToken;
4240  }
4241  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
4242  {
4243  Status = _SEH2_GetExceptionCode();
4244  }
4245  _SEH2_END;
4246  }
4247 
4248 Cleanup:
4249 
4250  /* Release what we captured */
4251  SeReleaseSidAndAttributesArray(CapturedUser, PreviousMode, FALSE);
4252  SeReleaseSidAndAttributesArray(CapturedGroups, PreviousMode, FALSE);
4253  SeReleaseLuidAndAttributesArray(CapturedPrivileges, PreviousMode, FALSE);
4254  SepReleaseSid(CapturedOwnerSid, PreviousMode, FALSE);
4255  SepReleaseSid(CapturedPrimaryGroupSid, PreviousMode, FALSE);
4256  SepReleaseAcl(CapturedDefaultDacl, PreviousMode, FALSE);
4257 
4258  return Status;
4259 }
_LUID_AND_ATTRIBUTES
Definition: setypes.h:73
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
STATUS_PRIVILEGE_NOT_HELD
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
_TOKEN_DEFAULT_DACL
Definition: setypes.h:985
_TOKEN_GROUPS
Definition: setypes.h:963
_SID
Definition: ms-dtyp.idl:198
SeCreateTokenPrivilege
const LUID SeCreateTokenPrivilege
Definition: priv.c:19
SeReleaseSidAndAttributesArray
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Definition: sid.c:553
_TOKEN_PRIVILEGES
Definition: setypes.h:972
_OBJECT_ATTRIBUTES
Definition: umtypes.h:181
_ACL
Definition: ms-dtyp.idl:293
_TOKEN_PRIMARY_GROUP
Definition: setypes.h:981
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
SeReleaseLuidAndAttributesArray
VOID NTAPI SeReleaseLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Privilege, KPROCESSOR_MODE PreviousMode, BOOLEAN CaptureIfKernel)
Definition: priv.c:383
SeSinglePrivilegeCheck
BOOLEAN NTAPI SeSinglePrivilegeCheck(IN LUID PrivilegeValue, IN KPROCESSOR_MODE PreviousMode)
Definition: priv.c:520
ExGetPreviousMode
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3070
SeCaptureLuidAndAttributesArray
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(PLUID_AND_ATTRIBUTES Src, ULONG PrivilegeCount, KPROCESSOR_MODE PreviousMode, PLUID_AND_ATTRIBUTES AllocatedMem, ULONG AllocatedLength, POOL_TYPE PoolType, BOOLEAN CaptureIfKernel, PLUID_AND_ATTRIBUTES *Dest, PULONG Length)
Definition: priv.c:287
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
FALSE
#define FALSE
Definition: types.h:117
_LUID
Definition: devicetopology.idl:136
STATUS_BAD_TOKEN_TYPE
#define STATUS_BAD_TOKEN_TYPE
Definition: ntstatus.h:404
SepCaptureAcl
NTSTATUS NTAPI SepCaptureAcl(IN PACL InputAcl, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PACL *CapturedAcl)
Definition: acl.c:299
SepCreateToken
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Definition: token.c:1254
TokenHandle
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
_TOKEN_OWNER
Definition: setypes.h:977
Status
Status
Definition: gdiplustypes.h:24
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
SepReleaseAcl
VOID NTAPI SepReleaseAcl(IN PACL CapturedAcl, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: acl.c:387
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
_SID_AND_ATTRIBUTES
Definition: setypes.h:474
ProbeForWriteHandle
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
_SECURITY_QUALITY_OF_SERVICE
Definition: lsa.idl:63
ProbeForReadLargeInteger
#define ProbeForReadLargeInteger(Ptr)
Definition: probe.h:75
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
_TOKEN_USER
Definition: setypes.h:959
ProbeForRead
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
SeCaptureSidAndAttributesArray
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
Definition: sid.c:352
Cleanup
static const WCHAR Cleanup[]
Definition: register.c:80
_TOKEN_SOURCE
Definition: imports.h:277
_SEH2_END
_SEH2_END
Definition: create.c:4400
_SECURITY_QUALITY_OF_SERVICE::ImpersonationLevel
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
NULL
#define NULL
Definition: types.h:112
_LARGE_INTEGER
Definition: typedefs.h:102
SepReleaseSid
VOID NTAPI SepReleaseSid(IN PSID CapturedSid, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: sid.c:336
ULONG
unsigned int ULONG
Definition: retypes.h:1
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
_SEH2_YIELD
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
SepCaptureSid
NTSTATUS NTAPI SepCaptureSid(IN PSID InputSid, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSID *CapturedSid)
Definition: sid.c:268
TokenType
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:417
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

Referenced by LsapLogonUser().

◆ NtDuplicateToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken ( _In_ HANDLE  ExistingTokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ BOOLEAN  EffectiveOnly,
_In_ TOKEN_TYPE  TokenType,
_Out_ PHANDLE  NewTokenHandle 
)

Definition at line 3512 of file token.c.

3519 {
3520  KPROCESSOR_MODE PreviousMode;
3521  HANDLE hToken;
3522  PTOKEN Token;
3523  PTOKEN NewToken;
3524  PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService;
3525  BOOLEAN QoSPresent;
3526  OBJECT_HANDLE_INFORMATION HandleInformation;
3527  NTSTATUS Status;
3528 
3529  PAGED_CODE();
3530 
3531  if (TokenType != TokenImpersonation &&
3532  TokenType != TokenPrimary)
3533  {
3534  return STATUS_INVALID_PARAMETER;
3535  }
3536 
3537  PreviousMode = KeGetPreviousMode();
3538 
3539  if (PreviousMode != KernelMode)
3540  {
3541  _SEH2_TRY
3542  {
3543  ProbeForWriteHandle(NewTokenHandle);
3544  }
3545  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
3546  {
3547  /* Return the exception code */
3548  _SEH2_YIELD(return _SEH2_GetExceptionCode());
3549  }
3550  _SEH2_END;
3551  }
3552 
3553  Status = SepCaptureSecurityQualityOfService(ObjectAttributes,
3554  PreviousMode,
3555  PagedPool,
3556  FALSE,
3557  &CapturedSecurityQualityOfService,
3558  &QoSPresent);
3559  if (!NT_SUCCESS(Status))
3560  {
3561  DPRINT1("NtDuplicateToken() failed to capture QoS! Status: 0x%x\n", Status);
3562  return Status;
3563  }
3564 
3565  Status = ObReferenceObjectByHandle(ExistingTokenHandle,
3566  TOKEN_DUPLICATE,
3567  SeTokenObjectType,
3568  PreviousMode,
3569  (PVOID*)&Token,
3570  &HandleInformation);
3571  if (!NT_SUCCESS(Status))
3572  {
3573  DPRINT1("Failed to reference token (Status 0x%lx)\n", Status);
3574  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3575  PreviousMode,
3576  FALSE);
3577  return Status;
3578  }
3579 
3580  /*
3581  * Fail, if the original token is an impersonation token and the caller
3582  * tries to raise the impersonation level of the new token above the
3583  * impersonation level of the original token.
3584  */
3585  if (Token->TokenType == TokenImpersonation)
3586  {
3587  if (QoSPresent &&
3588  CapturedSecurityQualityOfService->ImpersonationLevel >Token->ImpersonationLevel)
3589  {
3590  ObDereferenceObject(Token);
3591  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3592  PreviousMode,
3593  FALSE);
3594  return STATUS_BAD_IMPERSONATION_LEVEL;
3595  }
3596  }
3597 
3598  /*
3599  * Fail, if a primary token is to be created from an impersonation token
3600  * and and the impersonation level of the impersonation token is below SecurityImpersonation.
3601  */
3602  if (Token->TokenType == TokenImpersonation &&
3603  TokenType == TokenPrimary &&
3604  Token->ImpersonationLevel < SecurityImpersonation)
3605  {
3606  ObDereferenceObject(Token);
3607  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3608  PreviousMode,
3609  FALSE);
3610  return STATUS_BAD_IMPERSONATION_LEVEL;
3611  }
3612 
3613  Status = SepDuplicateToken(Token,
3614  ObjectAttributes,
3615  EffectiveOnly,
3616  TokenType,
3617  (QoSPresent ? CapturedSecurityQualityOfService->ImpersonationLevel : SecurityAnonymous),
3618  PreviousMode,
3619  &NewToken);
3620 
3621  ObDereferenceObject(Token);
3622 
3623  if (NT_SUCCESS(Status))
3624  {
3625  Status = ObInsertObject(NewToken,
3626  NULL,
3627  (DesiredAccess ? DesiredAccess : HandleInformation.GrantedAccess),
3628  0,
3629  NULL,
3630  &hToken);
3631  if (NT_SUCCESS(Status))
3632  {
3633  _SEH2_TRY
3634  {
3635  *NewTokenHandle = hToken;
3636  }
3637  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
3638  {
3639  Status = _SEH2_GetExceptionCode();
3640  }
3641  _SEH2_END;
3642  }
3643  }
3644 
3645  /* Free the captured structure */
3646  SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
3647  PreviousMode,
3648  FALSE);
3649 
3650  return Status;
3651 }
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
STATUS_BAD_IMPERSONATION_LEVEL
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:401
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
_OBJECT_HANDLE_INFORMATION
Definition: iotypes.h:179
KeGetPreviousMode
#define KeGetPreviousMode()
Definition: ketypes.h:1107
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
SepDuplicateToken
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Definition: token.c:785
ObReferenceObjectByHandle
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
NewTokenHandle
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
Definition: sefuncs.h:417
FALSE
#define FALSE
Definition: types.h:117
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
SeTokenObjectType
POBJECT_TYPE SeTokenObjectType
Definition: token.c:19
Status
Status
Definition: gdiplustypes.h:24
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203
ProbeForWriteHandle
#define ProbeForWriteHandle(Ptr)
Definition: probe.h:43
HandleInformation
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
Definition: obfuncs.h:40
_SECURITY_QUALITY_OF_SERVICE
Definition: lsa.idl:63
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
TOKEN_DUPLICATE
#define TOKEN_DUPLICATE
Definition: setypes.h:876
SepReleaseSecurityQualityOfService
VOID NTAPI SepReleaseSecurityQualityOfService(_In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) the captured SQOS data from an object in the memory pool.
Definition: sqos.c:225
_SEH2_END
_SEH2_END
Definition: create.c:4400
ObInsertObject
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2931
_SECURITY_QUALITY_OF_SERVICE::ImpersonationLevel
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
NULL
#define NULL
Definition: types.h:112
DPRINT1
#define DPRINT1
Definition: precomp.h:8
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
_SEH2_YIELD
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
SepCaptureSecurityQualityOfService
NTSTATUS NTAPI SepCaptureSecurityQualityOfService(_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, _Out_ PBOOLEAN Present)
Captures the security quality of service data given the object attributes from an object.
Definition: sqos.c:52
EffectiveOnly
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:417
_TOKEN
Definition: setypes.h:197
TokenType
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:417
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

◆ NtImpersonateAnonymousToken()

NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken ( _In_ HANDLE  ThreadHandle)

Allows the calling thread to impersonate the system's anonymous logon token.

Parameters
[in]ThreadHandleA handle to the thread to start the procedure of logon token impersonation. The thread must have the THREAD_IMPERSONATE access right.
Returns
Returns STATUS_SUCCESS if the thread has successfully impersonated the anonymous logon token, otherwise a failure NTSTATUS code is returned.
Remarks
By default the system gives the opportunity to the caller to impersonate the anonymous logon token without including the Everyone Group SID. In cases where the caller wants to impersonate the token including such group, the EveryoneIncludesAnonymous registry value setting has to be set to 1, from HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry path. The calling thread must invoke PsRevertToSelf when impersonation is no longer needed or RevertToSelf if the calling execution is done in user mode.

Definition at line 4598 of file token.c.

4600 {
4601  PETHREAD Thread;
4602  KPROCESSOR_MODE PreviousMode;
4603  NTSTATUS Status;
4604  PAGED_CODE();
4605 
4606  PreviousMode = ExGetPreviousMode();
4607 
4608  /* Obtain the thread object from the handle */
4609  Status = ObReferenceObjectByHandle(ThreadHandle,
4610  THREAD_IMPERSONATE,
4611  PsThreadType,
4612  PreviousMode,
4613  (PVOID*)&Thread,
4614  NULL);
4615  if (!NT_SUCCESS(Status))
4616  {
4617  DPRINT1("NtImpersonateAnonymousToken(): Failed to reference the object (Status 0x%lx)\n", Status);
4618  return Status;
4619  }
4620 
4621  /* Call the private routine to impersonate the token */
4622  Status = SepImpersonateAnonymousToken(Thread, PreviousMode);
4623  if (!NT_SUCCESS(Status))
4624  {
4625  DPRINT1("NtImpersonateAnonymousToken(): Failed to impersonate the token (Status 0x%lx)\n", Status);
4626  }
4627 
4628  ObDereferenceObject(Thread);
4629  return Status;
4630 }
THREAD_IMPERSONATE
#define THREAD_IMPERSONATE
Definition: pstypes.h:151
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
SepImpersonateAnonymousToken
static NTSTATUS SepImpersonateAnonymousToken(_In_ PETHREAD Thread, _In_ KPROCESSOR_MODE PreviousMode)
Private function that impersonates the system's anonymous logon token. The major bulk of the imperson...
Definition: token.c:379
ExGetPreviousMode
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3070
ObReferenceObjectByHandle
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
_ETHREAD
Definition: pstypes.h:1101
Status
Status
Definition: gdiplustypes.h:24
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203
Thread
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2652
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
PsThreadType
POBJECT_TYPE PsThreadType
Definition: thread.c:20
NULL
#define NULL
Definition: types.h:112
DPRINT1
#define DPRINT1
Definition: precomp.h:8
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

◆ NtOpenObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_opt_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ACCESS_MASK  GrantedAccess,
_In_opt_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  ObjectCreation,
_In_ BOOLEAN  AccessGranted,
_Out_ PBOOLEAN  GenerateOnClose 
)

Definition at line 1003 of file audit.c.

1016 {
1017  PTOKEN ClientToken;
1018  PSECURITY_DESCRIPTOR CapturedSecurityDescriptor;
1019  UNICODE_STRING CapturedSubsystemName, CapturedObjectTypeName, CapturedObjectName;
1020  ULONG PrivilegeCount, PrivilegeSetSize;
1021  volatile PPRIVILEGE_SET CapturedPrivilegeSet;
1022  BOOLEAN LocalGenerateOnClose;
1023  PVOID CapturedHandleId;
1024  SECURITY_SUBJECT_CONTEXT SubjectContext;
1025  NTSTATUS Status;
1026  PAGED_CODE();
1027 
1028  /* Only user mode is supported! */
1029  ASSERT(ExGetPreviousMode() != KernelMode);
1030 
1031  /* Start clean */
1032  ClientToken = NULL;
1033  CapturedSecurityDescriptor = NULL;
1034  CapturedPrivilegeSet = NULL;
1035  CapturedSubsystemName.Buffer = NULL;
1036  CapturedObjectTypeName.Buffer = NULL;
1037  CapturedObjectName.Buffer = NULL;
1038 
1039  /* Reference the client token */
1040  Status = ObReferenceObjectByHandle(ClientTokenHandle,
1041  TOKEN_QUERY,
1042  SeTokenObjectType,
1043  UserMode,
1044  (PVOID*)&ClientToken,
1045  NULL);
1046  if (!NT_SUCCESS(Status))
1047  {
1048  DPRINT1("Failed to reference token handle %p: %lx\n",
1049  ClientTokenHandle, Status);
1050  return Status;
1051  }
1052 
1053  /* Capture the security subject context */
1054  SeCaptureSubjectContext(&SubjectContext);
1055 
1056  /* Validate the token's impersonation level */
1057  if ((ClientToken->TokenType == TokenImpersonation) &&
1058  (ClientToken->ImpersonationLevel < SecurityIdentification))
1059  {
1060  DPRINT1("Invalid impersonation level (%u)\n", ClientToken->ImpersonationLevel);
1061  Status = STATUS_BAD_IMPERSONATION_LEVEL;
1062  goto Cleanup;
1063  }
1064 
1065  /* Check for audit privilege */
1066  if (!SeCheckAuditPrivilege(&SubjectContext, UserMode))
1067  {
1068  DPRINT1("Caller does not have SeAuditPrivilege\n");
1069  Status = STATUS_PRIVILEGE_NOT_HELD;
1070  goto Cleanup;
1071  }
1072 
1073  /* Check for NULL SecurityDescriptor */
1074  if (SecurityDescriptor == NULL)
1075  {
1076  /* Nothing to do */
1077  Status = STATUS_SUCCESS;
1078  goto Cleanup;
1079  }
1080 
1081  /* Capture the security descriptor */
1082  Status = SeCaptureSecurityDescriptor(SecurityDescriptor,
1083  UserMode,
1084  PagedPool,
1085  FALSE,
1086  &CapturedSecurityDescriptor);
1087  if (!NT_SUCCESS(Status))
1088  {
1089  DPRINT1("Failed to capture security descriptor!\n");
1090  goto Cleanup;
1091  }
1092 
1093  _SEH2_TRY
1094  {
1095  /* Check if we have a privilege set */
1096  if (PrivilegeSet != NULL)
1097  {
1098  /* Probe the basic privilege set structure */
1099  ProbeForRead(PrivilegeSet, sizeof(PRIVILEGE_SET), sizeof(ULONG));
1100 
1101  /* Validate privilege count */
1102  PrivilegeCount = PrivilegeSet->PrivilegeCount;
1103  if (PrivilegeCount > SEP_PRIVILEGE_SET_MAX_COUNT)
1104  {
1105  Status = STATUS_INVALID_PARAMETER;
1106  _SEH2_YIELD(goto Cleanup);
1107  }
1108 
1109  /* Calculate the size of the PrivilegeSet structure */
1110  PrivilegeSetSize = FIELD_OFFSET(PRIVILEGE_SET, Privilege[PrivilegeCount]);
1111 
1112  /* Probe the whole structure */
1113  ProbeForRead(PrivilegeSet, PrivilegeSetSize, sizeof(ULONG));
1114 
1115  /* Allocate a temp buffer */
1116  CapturedPrivilegeSet = ExAllocatePoolWithTag(PagedPool,
1117  PrivilegeSetSize,
1118  TAG_PRIVILEGE_SET);
1119  if (CapturedPrivilegeSet == NULL)
1120  {
1121  DPRINT1("Failed to allocate %u bytes\n", PrivilegeSetSize);
1122  Status = STATUS_INSUFFICIENT_RESOURCES;
1123  _SEH2_YIELD(goto Cleanup);
1124  }
1125 
1126  /* Copy the privileges */
1127  RtlCopyMemory(CapturedPrivilegeSet, PrivilegeSet, PrivilegeSetSize);
1128  }
1129 
1130  if (HandleId != NULL)
1131  {
1132  ProbeForRead(HandleId, sizeof(PVOID), sizeof(PVOID));
1133  CapturedHandleId = *(PVOID*)HandleId;
1134  }
1135 
1136  ProbeForWrite(GenerateOnClose, sizeof(BOOLEAN), sizeof(BOOLEAN));
1137  }
1138  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1139  {
1140  Status = _SEH2_GetExceptionCode();
1141  DPRINT1("Exception while probing parameters: 0x%lx\n", Status);
1142  _SEH2_YIELD(goto Cleanup);
1143  }
1144  _SEH2_END;
1145 
1146  /* Probe and capture the subsystem name */
1147  Status = ProbeAndCaptureUnicodeString(&CapturedSubsystemName,
1148  UserMode,
1149  SubsystemName);
1150  if (!NT_SUCCESS(Status))
1151  {
1152  DPRINT1("Failed to capture subsystem name!\n");
1153  goto Cleanup;
1154  }
1155 
1156  /* Probe and capture the object type name */
1157  Status = ProbeAndCaptureUnicodeString(&CapturedObjectTypeName,
1158  UserMode,
1159  ObjectTypeName);
1160  if (!NT_SUCCESS(Status))
1161  {
1162  DPRINT1("Failed to capture object type name!\n");
1163  goto Cleanup;
1164  }
1165 
1166  /* Probe and capture the object name */
1167  Status = ProbeAndCaptureUnicodeString(&CapturedObjectName,
1168  UserMode,
1169  ObjectName);
1170  if (!NT_SUCCESS(Status))
1171  {
1172  DPRINT1("Failed to capture object name!\n");
1173  goto Cleanup;
1174  }
1175 
1176  /* Call the internal function */
1177  SepOpenObjectAuditAlarm(&SubjectContext,
1178  &CapturedSubsystemName,
1179  CapturedHandleId,
1180  &CapturedObjectTypeName,
1181  &CapturedObjectName,
1182  CapturedSecurityDescriptor,
1183  ClientToken,
1184  DesiredAccess,
1185  GrantedAccess,
1186  CapturedPrivilegeSet,
1187  ObjectCreation,
1188  AccessGranted,
1189  &LocalGenerateOnClose);
1190 
1191  Status = STATUS_SUCCESS;
1192 
1193  /* Enter SEH to copy the data back to user mode */
1194  _SEH2_TRY
1195  {
1196  *GenerateOnClose = LocalGenerateOnClose;
1197  }
1198  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
1199  {
1200  Status = _SEH2_GetExceptionCode();
1201  DPRINT1("Exception while copying back data: 0x%lx\n", Status);
1202  }
1203  _SEH2_END;
1204 
1205 Cleanup:
1206 
1207  if (CapturedObjectName.Buffer != NULL)
1208  ReleaseCapturedUnicodeString(&CapturedObjectName, UserMode);
1209 
1210  if (CapturedObjectTypeName.Buffer != NULL)
1211  ReleaseCapturedUnicodeString(&CapturedObjectTypeName, UserMode);
1212 
1213  if (CapturedSubsystemName.Buffer != NULL)
1214  ReleaseCapturedUnicodeString(&CapturedSubsystemName, UserMode);
1215 
1216  if (CapturedSecurityDescriptor != NULL)
1217  SeReleaseSecurityDescriptor(CapturedSecurityDescriptor, UserMode, FALSE);
1218 
1219  if (CapturedPrivilegeSet != NULL)
1220  ExFreePoolWithTag(CapturedPrivilegeSet, TAG_PRIVILEGE_SET);
1221 
1222  /* Release the security subject context */
1223  SeReleaseSubjectContext(&SubjectContext);
1224 
1225  ObDereferenceObject(ClientToken);
1226 
1227  return Status;
1228 }
ProbeAndCaptureUnicodeString
static __inline NTSTATUS ProbeAndCaptureUnicodeString(OUT PUNICODE_STRING Dest, IN KPROCESSOR_MODE CurrentMode, IN const UNICODE_STRING *UnsafeSrc)
Definition: probe.h:142
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
ObjectTypeName
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
_TOKEN::TokenType
TOKEN_TYPE TokenType
Definition: setypes.h:221
SeCaptureSubjectContext
VOID NTAPI SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:301
STATUS_PRIVILEGE_NOT_HELD
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
SubjectContext
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
SeReleaseSubjectContext
VOID NTAPI SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:360
STATUS_BAD_IMPERSONATION_LEVEL
#define STATUS_BAD_IMPERSONATION_LEVEL
Definition: ntstatus.h:401
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
_PRIVILEGE_SET
Definition: setypes.h:85
ExGetPreviousMode
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3070
ObjectName
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
SEP_PRIVILEGE_SET_MAX_COUNT
#define SEP_PRIVILEGE_SET_MAX_COUNT
Definition: audit.c:17
ProbeForWrite
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
SeReleaseSecurityDescriptor
NTSTATUS NTAPI SeReleaseSecurityDescriptor(IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN BOOLEAN CaptureIfKernelMode)
Definition: sd.c:608
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
ObReferenceObjectByHandle
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
FALSE
#define FALSE
Definition: types.h:117
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
SeTokenObjectType
POBJECT_TYPE SeTokenObjectType
Definition: token.c:19
Status
Status
Definition: gdiplustypes.h:24
ReleaseCapturedUnicodeString
static __inline VOID ReleaseCapturedUnicodeString(IN PUNICODE_STRING CapturedString, IN KPROCESSOR_MODE CurrentMode)
Definition: probe.h:239
TOKEN_QUERY
#define TOKEN_QUERY
Definition: setypes.h:878
ASSERT
#define ASSERT(a)
Definition: mode.c:44
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203
GenerateOnClose
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
Privilege
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
Definition: user_lib.cpp:531
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
ProbeForRead
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
Cleanup
static const WCHAR Cleanup[]
Definition: register.c:80
_UNICODE_STRING
Definition: env_spec_w32.h:368
_SEH2_END
_SEH2_END
Definition: create.c:4400
AccessGranted
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:414
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
NULL
#define NULL
Definition: types.h:112
SeCheckAuditPrivilege
BOOLEAN NTAPI SeCheckAuditPrivilege(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Definition: priv.c:253
_SECURITY_SUBJECT_CONTEXT
Definition: setypes.h:189
DPRINT1
#define DPRINT1
Definition: precomp.h:8
_TOKEN::ImpersonationLevel
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: setypes.h:222
ULONG
unsigned int ULONG
Definition: retypes.h:1
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
SeCaptureSecurityDescriptor
NTSTATUS NTAPI SeCaptureSecurityDescriptor(IN PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Definition: sd.c:272
TAG_PRIVILEGE_SET
#define TAG_PRIVILEGE_SET
Definition: tag.h:180
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
_SEH2_YIELD
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
GrantedAccess
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
_TOKEN
Definition: setypes.h:197
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
SepOpenObjectAuditAlarm
VOID NTAPI SepOpenObjectAuditAlarm(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PTOKEN ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
Definition: audit.c:969
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

◆ NtOpenProcessTokenEx()

NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

◆ NtPrivilegeCheck()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck ( _In_ HANDLE  ClientToken,
_Inout_ PPRIVILEGE_SET  RequiredPrivileges,
_Out_ PBOOLEAN  Result 
)

◆ NtPrivilegedServiceAuditAlarm()

NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PUNICODE_STRING  ServiceName,
_In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ NtPrivilegeObjectAuditAlarm()

__kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_opt_ PVOID  HandleId,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ NtSetInformationToken()

_Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken ( _In_ HANDLE  TokenHandle,
_In_ TOKEN_INFORMATION_CLASS  TokenInformationClass,
_In_reads_bytes_(TokenInformationLength) PVOID  TokenInformation,
_In_ ULONG  TokenInformationLength 
)

Definition at line 2979 of file token.c.

2984 {
2985  NTSTATUS Status;
2986  PTOKEN Token;
2987  KPROCESSOR_MODE PreviousMode;
2988  ULONG NeededAccess = TOKEN_ADJUST_DEFAULT;
2989 
2990  PAGED_CODE();
2991 
2992  PreviousMode = ExGetPreviousMode();
2993 
2994  Status = DefaultSetInfoBufferCheck(TokenInformationClass,
2995  SeTokenInformationClass,
2996  RTL_NUMBER_OF(SeTokenInformationClass),
2997  TokenInformation,
2998  TokenInformationLength,
2999  PreviousMode);
3000  if (!NT_SUCCESS(Status))
3001  {
3002  /* Invalid buffers */
3003  DPRINT("NtSetInformationToken() failed, Status: 0x%x\n", Status);
3004  return Status;
3005  }
3006 
3007  if (TokenInformationClass == TokenSessionId)
3008  {
3009  NeededAccess |= TOKEN_ADJUST_SESSIONID;
3010  }
3011 
3012  Status = ObReferenceObjectByHandle(TokenHandle,
3013  NeededAccess,
3014  SeTokenObjectType,
3015  PreviousMode,
3016  (PVOID*)&Token,
3017  NULL);
3018  if (NT_SUCCESS(Status))
3019  {
3020  switch (TokenInformationClass)
3021  {
3022  case TokenOwner:
3023  {
3024  if (TokenInformationLength >= sizeof(TOKEN_OWNER))
3025  {
3026  PTOKEN_OWNER to = (PTOKEN_OWNER)TokenInformation;
3027  PSID InputSid = NULL, CapturedSid;
3028  ULONG DefaultOwnerIndex;
3029 
3030  _SEH2_TRY
3031  {
3032  InputSid = to->Owner;
3033  }
3034  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
3035  {
3036  Status = _SEH2_GetExceptionCode();
3037  _SEH2_YIELD(goto Cleanup);
3038  }
3039  _SEH2_END;
3040 
3041  Status = SepCaptureSid(InputSid,
3042  PreviousMode,
3043  PagedPool,
3044  FALSE,
3045  &CapturedSid);
3046  if (NT_SUCCESS(Status))
3047  {
3048  /* Lock the token */
3049  SepAcquireTokenLockExclusive(Token);
3050 
3051  /* Find the owner amongst the existing token user and groups */
3052  Status = SepFindPrimaryGroupAndDefaultOwner(Token,
3053  NULL,
3054  CapturedSid,
3055  NULL,
3056  &DefaultOwnerIndex);
3057  if (NT_SUCCESS(Status))
3058  {
3059  /* Found it */
3060  Token->DefaultOwnerIndex = DefaultOwnerIndex;
3061  ExAllocateLocallyUniqueId(&Token->ModifiedId);
3062  }
3063 
3064  /* Unlock the token */
3065  SepReleaseTokenLock(Token);
3066 
3067  SepReleaseSid(CapturedSid,
3068  PreviousMode,
3069  FALSE);
3070  }
3071  }
3072  else
3073  {
3074  Status = STATUS_INFO_LENGTH_MISMATCH;
3075  }
3076  break;
3077  }
3078 
3079  case TokenPrimaryGroup:
3080  {
3081  if (TokenInformationLength >= sizeof(TOKEN_PRIMARY_GROUP))
3082  {
3083  PTOKEN_PRIMARY_GROUP tpg = (PTOKEN_PRIMARY_GROUP)TokenInformation;
3084  PSID InputSid = NULL, CapturedSid;
3085  ULONG PrimaryGroupIndex;
3086 
3087  _SEH2_TRY
3088  {
3089  InputSid = tpg->PrimaryGroup;
3090  }
3091  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
3092  {
3093  Status = _SEH2_GetExceptionCode();
3094  _SEH2_YIELD(goto Cleanup);
3095  }
3096  _SEH2_END;
3097 
3098  Status = SepCaptureSid(InputSid,
3099  PreviousMode,
3100  PagedPool,
3101  FALSE,
3102  &CapturedSid);
3103  if (NT_SUCCESS(Status))
3104  {
3105  /* Lock the token */
3106  SepAcquireTokenLockExclusive(Token);
3107 
3108  /* Find the primary group amongst the existing token user and groups */
3109  Status = SepFindPrimaryGroupAndDefaultOwner(Token,
3110  CapturedSid,
3111  NULL,
3112  &PrimaryGroupIndex,
3113  NULL);
3114  if (NT_SUCCESS(Status))
3115  {
3116  /* Found it */
3117  Token->PrimaryGroup = Token->UserAndGroups[PrimaryGroupIndex].Sid;
3118  ExAllocateLocallyUniqueId(&Token->ModifiedId);
3119  }
3120 
3121  /* Unlock the token */
3122  SepReleaseTokenLock(Token);
3123 
3124  SepReleaseSid(CapturedSid,
3125  PreviousMode,
3126  FALSE);
3127  }
3128  }
3129  else
3130  {
3131  Status = STATUS_INFO_LENGTH_MISMATCH;
3132  }
3133  break;
3134  }
3135 
3136  case TokenDefaultDacl:
3137  {
3138  if (TokenInformationLength >= sizeof(TOKEN_DEFAULT_DACL))
3139  {
3140  PTOKEN_DEFAULT_DACL tdd = (PTOKEN_DEFAULT_DACL)TokenInformation;
3141  PACL InputAcl = NULL;
3142 
3143  _SEH2_TRY
3144  {
3145  InputAcl = tdd->DefaultDacl;
3146  }
3147  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
3148  {
3149  Status = _SEH2_GetExceptionCode();
3150  _SEH2_YIELD(goto Cleanup);
3151  }
3152  _SEH2_END;
3153 
3154  if (InputAcl != NULL)
3155  {
3156  PACL CapturedAcl;
3157 
3158  /* Capture and copy the dacl */
3159  Status = SepCaptureAcl(InputAcl,
3160  PreviousMode,
3161  PagedPool,
3162  TRUE,
3163  &CapturedAcl);
3164  if (NT_SUCCESS(Status))
3165  {
3166  ULONG DynamicLength;
3167 
3168  /* Lock the token */
3169  SepAcquireTokenLockExclusive(Token);
3170 
3171  //
3172  // NOTE: So far our dynamic area only contains
3173  // the default dacl, so this makes the following
3174  // code pretty simple. The day where it stores
3175  // other data, the code will require adaptations.
3176  //
3177 
3178  DynamicLength = Token->DynamicAvailable;
3179  // Add here any other data length present in the dynamic area...
3180  if (Token->DefaultDacl)
3181  DynamicLength += Token->DefaultDacl->AclSize;
3182 
3183  /* Reallocate the dynamic area if it is too small */
3184  Status = STATUS_SUCCESS;
3185  if ((DynamicLength < CapturedAcl->AclSize) ||
3186  (Token->DynamicPart == NULL))
3187  {
3188  PVOID NewDynamicPart;
3189 
3190  NewDynamicPart = ExAllocatePoolWithTag(PagedPool,
3191  CapturedAcl->AclSize,
3192  TAG_TOKEN_DYNAMIC);
3193  if (NewDynamicPart == NULL)
3194  {
3195  Status = STATUS_INSUFFICIENT_RESOURCES;
3196  }
3197  else
3198  {
3199  if (Token->DynamicPart != NULL)
3200  {
3201  // RtlCopyMemory(NewDynamicPart, Token->DynamicPart, DynamicLength);
3202  ExFreePoolWithTag(Token->DynamicPart, TAG_TOKEN_DYNAMIC);
3203  }
3204  Token->DynamicPart = NewDynamicPart;
3205  Token->DynamicAvailable = 0;
3206  }
3207  }
3208  else
3209  {
3210  Token->DynamicAvailable = DynamicLength - CapturedAcl->AclSize;
3211  }
3212 
3213  if (NT_SUCCESS(Status))
3214  {
3215  /* Set the new dacl */
3216  Token->DefaultDacl = (PVOID)Token->DynamicPart;
3217  RtlCopyMemory(Token->DefaultDacl,
3218  CapturedAcl,
3219  CapturedAcl->AclSize);
3220 
3221  ExAllocateLocallyUniqueId(&Token->ModifiedId);
3222  }
3223 
3224  /* Unlock the token */
3225  SepReleaseTokenLock(Token);
3226 
3227  ExFreePoolWithTag(CapturedAcl, TAG_ACL);
3228  }
3229  }
3230  else
3231  {
3232  /* Lock the token */
3233  SepAcquireTokenLockExclusive(Token);
3234 
3235  /* Clear the default dacl if present */
3236  if (Token->DefaultDacl != NULL)
3237  {
3238  Token->DynamicAvailable += Token->DefaultDacl->AclSize;
3239  RtlZeroMemory(Token->DefaultDacl, Token->DefaultDacl->AclSize);
3240  Token->DefaultDacl = NULL;
3241 
3242  ExAllocateLocallyUniqueId(&Token->ModifiedId);
3243  }
3244 
3245  /* Unlock the token */
3246  SepReleaseTokenLock(Token);
3247  }
3248  }
3249  else
3250  {
3251  Status = STATUS_INFO_LENGTH_MISMATCH;
3252  }
3253  break;
3254  }
3255 
3256  case TokenSessionId:
3257  {
3258  ULONG SessionId = 0;
3259 
3260  _SEH2_TRY
3261  {
3262  /* Buffer size was already verified, no need to check here again */
3263  SessionId = *(PULONG)TokenInformation;
3264  }
3265  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
3266  {
3267  Status = _SEH2_GetExceptionCode();
3268  _SEH2_YIELD(goto Cleanup);
3269  }
3270  _SEH2_END;
3271 
3272  /* Check for TCB privilege */
3273  if (!SeSinglePrivilegeCheck(SeTcbPrivilege, PreviousMode))
3274  {
3275  Status = STATUS_PRIVILEGE_NOT_HELD;
3276  break;
3277  }
3278 
3279  /* Lock the token */
3280  SepAcquireTokenLockExclusive(Token);
3281 
3282  Token->SessionId = SessionId;
3283  ExAllocateLocallyUniqueId(&Token->ModifiedId);
3284 
3285  /* Unlock the token */
3286  SepReleaseTokenLock(Token);
3287 
3288  break;
3289  }
3290 
3291  case TokenSessionReference:
3292  {
3293  ULONG SessionReference;
3294 
3295  _SEH2_TRY
3296  {
3297  /* Buffer size was already verified, no need to check here again */
3298  SessionReference = *(PULONG)TokenInformation;
3299  }
3300  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
3301  {
3302  Status = _SEH2_GetExceptionCode();
3303  _SEH2_YIELD(goto Cleanup);
3304  }
3305  _SEH2_END;
3306 
3307  /* Check for TCB privilege */
3308  if (!SeSinglePrivilegeCheck(SeTcbPrivilege, PreviousMode))
3309  {
3310  Status = STATUS_PRIVILEGE_NOT_HELD;
3311  goto Cleanup;
3312  }
3313 
3314  /* Check if it is 0 */
3315  if (SessionReference == 0)
3316  {
3317  ULONG OldTokenFlags;
3318 
3319  /* Lock the token */
3320  SepAcquireTokenLockExclusive(Token);
3321 
3322  /* Atomically set the flag in the token */
3323  OldTokenFlags = RtlInterlockedSetBits(&Token->TokenFlags,
3324  TOKEN_SESSION_NOT_REFERENCED);
3325  /*
3326  * If the flag was already set, do not dereference again
3327  * the logon session. Use SessionReference as an indicator
3328  * to know whether to really dereference the session.
3329  */
3330  if (OldTokenFlags == Token->TokenFlags)
3331  SessionReference = ULONG_MAX;
3332 
3333  /*
3334  * Otherwise if the flag was never set but just for this first time then
3335  * remove the referenced logon session data from the token and dereference
3336  * the logon session when needed.
3337  */
3338  if (SessionReference == 0)
3339  {
3340  SepRmRemoveLogonSessionFromToken(Token);
3341  SepRmDereferenceLogonSession(&Token->AuthenticationId);
3342  }
3343 
3344  /* Unlock the token */
3345  SepReleaseTokenLock(Token);
3346  }
3347  break;
3348  }
3349 
3350  case TokenAuditPolicy:
3351  {
3352  PTOKEN_AUDIT_POLICY_INFORMATION PolicyInformation =
3353  (PTOKEN_AUDIT_POLICY_INFORMATION)TokenInformation;
3354  SEP_AUDIT_POLICY AuditPolicy;
3355  ULONG i;
3356 
3357  _SEH2_TRY
3358  {
3359  ProbeForRead(PolicyInformation,
3360  FIELD_OFFSET(TOKEN_AUDIT_POLICY_INFORMATION,
3361  Policies[PolicyInformation->PolicyCount]),
3362  sizeof(ULONG));
3363 
3364  /* Loop all policies in the structure */
3365  for (i = 0; i < PolicyInformation->PolicyCount; i++)
3366  {
3367  /* Set the corresponding bits in the packed structure */
3368  switch (PolicyInformation->Policies[i].Category)
3369  {
3370  case AuditCategorySystem:
3371  AuditPolicy.PolicyElements.System = PolicyInformation->Policies[i].Value;
3372  break;
3373 
3374  case AuditCategoryLogon:
3375  AuditPolicy.PolicyElements.Logon = PolicyInformation->Policies[i].Value;
3376  break;
3377 
3378  case AuditCategoryObjectAccess:
3379  AuditPolicy.PolicyElements.ObjectAccess = PolicyInformation->Policies[i].Value;
3380  break;
3381 
3382  case AuditCategoryPrivilegeUse:
3383  AuditPolicy.PolicyElements.PrivilegeUse = PolicyInformation->Policies[i].Value;
3384  break;
3385 
3386  case AuditCategoryDetailedTracking:
3387  AuditPolicy.PolicyElements.DetailedTracking = PolicyInformation->Policies[i].Value;
3388  break;
3389 
3390  case AuditCategoryPolicyChange:
3391  AuditPolicy.PolicyElements.PolicyChange = PolicyInformation->Policies[i].Value;
3392  break;
3393 
3394  case AuditCategoryAccountManagement:
3395  AuditPolicy.PolicyElements.AccountManagement = PolicyInformation->Policies[i].Value;
3396  break;
3397 
3398  case AuditCategoryDirectoryServiceAccess:
3399  AuditPolicy.PolicyElements.DirectoryServiceAccess = PolicyInformation->Policies[i].Value;
3400  break;
3401 
3402  case AuditCategoryAccountLogon:
3403  AuditPolicy.PolicyElements.AccountLogon = PolicyInformation->Policies[i].Value;
3404  break;
3405  }
3406  }
3407  }
3408  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
3409  {
3410  Status = _SEH2_GetExceptionCode();
3411  _SEH2_YIELD(goto Cleanup);
3412  }
3413  _SEH2_END;
3414 
3415  /* Check for TCB privilege */
3416  if (!SeSinglePrivilegeCheck(SeTcbPrivilege, PreviousMode))
3417  {
3418  Status = STATUS_PRIVILEGE_NOT_HELD;
3419  break;
3420  }
3421 
3422  /* Lock the token */
3423  SepAcquireTokenLockExclusive(Token);
3424 
3425  /* Set the new audit policy */
3426  Token->AuditPolicy = AuditPolicy;
3427  ExAllocateLocallyUniqueId(&Token->ModifiedId);
3428 
3429  /* Unlock the token */
3430  SepReleaseTokenLock(Token);
3431 
3432  break;
3433  }
3434 
3435  case TokenOrigin:
3436  {
3437  TOKEN_ORIGIN TokenOrigin;
3438 
3439  _SEH2_TRY
3440  {
3441  /* Copy the token origin */
3442  TokenOrigin = *(PTOKEN_ORIGIN)TokenInformation;
3443  }
3444  _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
3445  {
3446  Status = _SEH2_GetExceptionCode();
3447  _SEH2_YIELD(goto Cleanup);
3448  }
3449  _SEH2_END;
3450 
3451  /* Check for TCB privilege */
3452  if (!SeSinglePrivilegeCheck(SeTcbPrivilege, PreviousMode))
3453  {
3454  Status = STATUS_PRIVILEGE_NOT_HELD;
3455  break;
3456  }
3457 
3458  /* Lock the token */
3459  SepAcquireTokenLockExclusive(Token);
3460 
3461  /* Check if there is no token origin set yet */
3462  if (RtlIsZeroLuid(&Token->OriginatingLogonSession))
3463  {
3464  /* Set the token origin */
3465  Token->OriginatingLogonSession =
3466  TokenOrigin.OriginatingLogonSession;
3467 
3468  ExAllocateLocallyUniqueId(&Token->ModifiedId);
3469  }
3470 
3471  /* Unlock the token */
3472  SepReleaseTokenLock(Token);
3473 
3474  break;
3475  }
3476 
3477  default:
3478  {
3479  DPRINT1("Invalid TokenInformationClass: 0x%lx\n",
3480  TokenInformationClass);
3481  Status = STATUS_INVALID_INFO_CLASS;
3482  break;
3483  }
3484  }
3485 Cleanup:
3486  ObDereferenceObject(Token);
3487  }
3488 
3489  if (!NT_SUCCESS(Status))
3490  {
3491  DPRINT1("NtSetInformationToken failed with Status 0x%lx\n", Status);
3492  }
3493 
3494  return Status;
3495 }
_TOKEN_PRIMARY_GROUP::PrimaryGroup
PSID PrimaryGroup
Definition: setypes.h:982
SepAcquireTokenLockExclusive
#define SepAcquireTokenLockExclusive(Token)
Definition: se.h:216
SepFindPrimaryGroupAndDefaultOwner
static NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Definition: token.c:689
STATUS_PRIVILEGE_NOT_HELD
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
_TOKEN_DEFAULT_DACL
Definition: setypes.h:985
_SEP_AUDIT_POLICY_CATEGORIES::DirectoryServiceAccess
UCHAR DirectoryServiceAccess
Definition: setypes.h:134
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
STATUS_INFO_LENGTH_MISMATCH
#define STATUS_INFO_LENGTH_MISMATCH
Definition: udferr_usr.h:133
_SID
Definition: ms-dtyp.idl:198
_TOKEN_AUDIT_POLICY_INFORMATION::PolicyCount
ULONG PolicyCount
Definition: se.h:29
PTOKEN_PRIMARY_GROUP
struct _TOKEN_PRIMARY_GROUP * PTOKEN_PRIMARY_GROUP
TokenInformationLength
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
Definition: sefuncs.h:320
TRUE
#define TRUE
Definition: types.h:120
_ACL::AclSize
USHORT AclSize
Definition: ms-dtyp.idl:296
_ACL
Definition: ms-dtyp.idl:293
_TOKEN_PRIMARY_GROUP
Definition: setypes.h:981
SessionId
ULONG SessionId
Definition: dllmain.c:28
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
SeSinglePrivilegeCheck
BOOLEAN NTAPI SeSinglePrivilegeCheck(IN LUID PrivilegeValue, IN KPROCESSOR_MODE PreviousMode)
Definition: priv.c:520
ExGetPreviousMode
KPROCESSOR_MODE NTAPI ExGetPreviousMode(VOID)
Definition: sysinfo.c:3070
DefaultSetInfoBufferCheck
static __inline NTSTATUS DefaultSetInfoBufferCheck(ULONG Class, const INFORMATION_CLASS_INFO *ClassList, ULONG ClassListEntries, PVOID Buffer, ULONG BufferLength, KPROCESSOR_MODE PreviousMode)
Definition: probe.h:8
_SEH2_TRY
_SEH2_TRY
Definition: create.c:4226
_SEP_AUDIT_POLICY_CATEGORIES::PrivilegeUse
UCHAR PrivilegeUse
Definition: setypes.h:130
ObReferenceObjectByHandle
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
PTOKEN_DEFAULT_DACL
struct _TOKEN_DEFAULT_DACL * PTOKEN_DEFAULT_DACL
FALSE
#define FALSE
Definition: types.h:117
PTOKEN_ORIGIN
struct _TOKEN_ORIGIN * PTOKEN_ORIGIN
_SEP_AUDIT_POLICY_CATEGORIES::Logon
UCHAR Logon
Definition: setypes.h:128
SeTokenObjectType
POBJECT_TYPE SeTokenObjectType
Definition: token.c:19
SepCaptureAcl
NTSTATUS NTAPI SepCaptureAcl(IN PACL InputAcl, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PACL *CapturedAcl)
Definition: acl.c:299
_SEP_AUDIT_POLICY
Definition: setypes.h:144
_TOKEN_OWNER::Owner
PSID Owner
Definition: setypes.h:978
TOKEN_ADJUST_DEFAULT
#define TOKEN_ADJUST_DEFAULT
Definition: setypes.h:882
TokenHandle
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
PVOID
void * PVOID
Definition: retypes.h:9
SepRmDereferenceLogonSession
NTSTATUS SepRmDereferenceLogonSession(PLUID LogonLuid)
Definition: srm.c:915
_TOKEN_OWNER
Definition: setypes.h:977
Status
Status
Definition: gdiplustypes.h:24
PreviousMode
_In_ KPROCESSOR_MODE PreviousMode
Definition: sefuncs.h:103
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
_TOKEN_AUDIT_POLICY_INFORMATION
Definition: se.h:27
_TOKEN_ORIGIN
Definition: setypes.h:1056
ObDereferenceObject
#define ObDereferenceObject
Definition: obfuncs.h:203
RtlIsZeroLuid
#define RtlIsZeroLuid(_L1)
Definition: rtlfuncs.h:753
_SEP_AUDIT_POLICY::PolicyElements
SEP_AUDIT_POLICY_CATEGORIES PolicyElements
Definition: setypes.h:148
KPROCESSOR_MODE
CCHAR KPROCESSOR_MODE
Definition: ketypes.h:7
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PTOKEN_OWNER
struct _TOKEN_OWNER * PTOKEN_OWNER
ProbeForRead
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
STATUS_INVALID_INFO_CLASS
#define STATUS_INVALID_INFO_CLASS
Definition: ntstatus.h:240
SepReleaseTokenLock
#define SepReleaseTokenLock(Token)
Definition: se.h:227
_TOKEN_AUDIT_POLICY_INFORMATION::Policies
struct _TOKEN_AUDIT_POLICY_INFORMATION::@1772 Policies[1]
_SEP_AUDIT_POLICY_CATEGORIES::AccountManagement
UCHAR AccountManagement
Definition: setypes.h:133
TAG_TOKEN_DYNAMIC
#define TAG_TOKEN_DYNAMIC
Definition: tag.h:181
Cleanup
static const WCHAR Cleanup[]
Definition: register.c:80
_SEP_AUDIT_POLICY_CATEGORIES::ObjectAccess
UCHAR ObjectAccess
Definition: setypes.h:129
_TOKEN_DEFAULT_DACL::DefaultDacl
PACL DefaultDacl
Definition: setypes.h:986
_SEP_AUDIT_POLICY_CATEGORIES::DetailedTracking
UCHAR DetailedTracking
Definition: setypes.h:131
_SEP_AUDIT_POLICY_CATEGORIES::PolicyChange
UCHAR PolicyChange
Definition: setypes.h:132
SepRmRemoveLogonSessionFromToken
NTSTATUS NTAPI SepRmRemoveLogonSessionFromToken(_Inout_ PTOKEN Token)
Removes a logon session from an access token.
Definition: srm.c:416
SeTcbPrivilege
const LUID SeTcbPrivilege
Definition: priv.c:24
TAG_ACL
#define TAG_ACL
Definition: tag.h:174
_SEH2_END
_SEH2_END
Definition: create.c:4400
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
RTL_NUMBER_OF
#define RTL_NUMBER_OF(x)
Definition: RtlRegistry.c:12
_SEP_AUDIT_POLICY_CATEGORIES::AccountLogon
UCHAR AccountLogon
Definition: setypes.h:135
ExAllocateLocallyUniqueId
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:335
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
PULONG
unsigned int * PULONG
Definition: retypes.h:1
NULL
#define NULL
Definition: types.h:112
SepReleaseSid
VOID NTAPI SepReleaseSid(IN PSID CapturedSid, IN KPROCESSOR_MODE AccessMode, IN BOOLEAN CaptureIfKernel)
Definition: sid.c:336
PTOKEN_AUDIT_POLICY_INFORMATION
struct _TOKEN_AUDIT_POLICY_INFORMATION * PTOKEN_AUDIT_POLICY_INFORMATION
DPRINT1
#define DPRINT1
Definition: precomp.h:8
RtlInterlockedSetBits
#define RtlInterlockedSetBits(Flags, Flag)
Definition: rtlfuncs.h:3434
_SEP_AUDIT_POLICY_CATEGORIES::System
UCHAR System
Definition: setypes.h:127
ULONG
unsigned int ULONG
Definition: retypes.h:1
RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
SeTokenInformationClass
static const INFORMATION_CLASS_INFO SeTokenInformationClass[]
Definition: token.c:32
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
_SEH2_EXCEPT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
_SEH2_GetExceptionCode
#define _SEH2_GetExceptionCode()
Definition: pseh2_64.h:165
_SEH2_YIELD
#define _SEH2_YIELD(__stmt)
Definition: pseh2_64.h:168
DPRINT
#define DPRINT
Definition: sndvol32.h:71
_TOKEN
Definition: setypes.h:197
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
TOKEN_ADJUST_SESSIONID
#define TOKEN_ADJUST_SESSIONID
Definition: setypes.h:883
SepCaptureSid
NTSTATUS NTAPI SepCaptureSid(IN PSID InputSid, IN KPROCESSOR_MODE AccessMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSID *CapturedSid)
Definition: sid.c:268
TOKEN_SESSION_NOT_REFERENCED
#define TOKEN_SESSION_NOT_REFERENCED
Definition: setypes.h:1134
TokenInformationClass
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
Definition: sefuncs.h:318
ULONG_MAX
#define ULONG_MAX
Definition: limits.h:44
PAGED_CODE
#define PAGED_CODE()
Definition: Bus_PDO_QueryResourceRequirements.c:89

◆ SeCaptureSecurityDescriptor()

NTKERNELAPI NTSTATUS NTAPI SeCaptureSecurityDescriptor ( _In_ PSECURITY_DESCRIPTOR  OriginalSecurityDescriptor,
_In_ KPROCESSOR_MODE  CurrentMode,
_In_ POOL_TYPE  PoolType,
_In_ BOOLEAN  CaptureIfKernel,
_Out_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor 
)

◆ SeCreateAccessState()

NTKERNELAPI NTSTATUS NTAPI SeCreateAccessState ( PACCESS_STATE  AccessState,
PAUX_ACCESS_DATA  AuxData,
ACCESS_MASK  Access,
PGENERIC_MAPPING  GenericMapping 
)

◆ SeDeleteAccessState()

NTKERNELAPI VOID NTAPI SeDeleteAccessState ( _In_ PACCESS_STATE  AccessState)

◆ SeReleaseSecurityDescriptor()

NTKERNELAPI NTSTATUS NTAPI SeReleaseSecurityDescriptor ( _In_ PSECURITY_DESCRIPTOR  CapturedSecurityDescriptor,
_In_ KPROCESSOR_MODE  CurrentMode,
_In_ BOOLEAN  CaptureIfKernelMode 
)

◆ SeTokenImpersonationLevel()

NTKERNELAPI SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel ( _In_ PACCESS_TOKEN  Token)

◆ ZwAccessCheck()

NTSYSAPI NTSTATUS NTAPI ZwAccessCheck ( _In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ACCESS_MASK  DesiredAccess,
_In_ PGENERIC_MAPPING  GenericMapping,
_Out_ PPRIVILEGE_SET  PrivilegeSet,
_Out_ PULONG  ReturnLength,
_Out_ PACCESS_MASK  GrantedAccess,
_Out_ PNTSTATUS  AccessStatus 
)

◆ ZwAdjustGroupsToken()

NTSYSAPI NTSTATUS NTAPI ZwAdjustGroupsToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  ResetToDefault,
_In_ PTOKEN_GROUPS  NewState,
_In_ ULONG  BufferLength,
_Out_opt_ PTOKEN_GROUPS  PreviousState,
_Out_ PULONG  ReturnLength 
)

◆ ZwAdjustPrivilegesToken()

_Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI ZwAdjustPrivilegesToken ( _In_ HANDLE  TokenHandle,
_In_ BOOLEAN  DisableAllPrivileges,
_In_opt_ PTOKEN_PRIVILEGES  NewState,
_In_ ULONG  BufferLength,
_Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES  PreviousState,
_When_(PreviousState !=NULL, _Out_) PULONG  ReturnLength 
)

Referenced by RtlAcquirePrivilege(), RtlAdjustPrivilege(), RtlpSysVolTakeOwnership(), and RtlReleasePrivilege().

◆ ZwAllocateLocallyUniqueId()

NTSYSAPI NTSTATUS NTAPI ZwAllocateLocallyUniqueId ( _Out_ LUID LocallyUniqueId)

Referenced by CreateInitialSystemToken().

◆ ZwAllocateUuids()

NTSYSAPI NTSTATUS NTAPI ZwAllocateUuids ( PULARGE_INTEGER  Time,
PULONG  Range,
PULONG  Sequence,
PUCHAR  Seed 
)

◆ ZwCreateToken()

NTSYSAPI NTSTATUS NTAPI ZwCreateToken ( _Out_ PHANDLE  TokenHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ POBJECT_ATTRIBUTES  ObjectAttributes,
_In_ TOKEN_TYPE  TokenType,
_In_ PLUID  AuthenticationId,
_In_ PLARGE_INTEGER  ExpirationTime,
_In_ PTOKEN_USER  TokenUser,
_In_ PTOKEN_GROUPS  TokenGroups,
_In_ PTOKEN_PRIVILEGES  TokenPrivileges,
_In_ PTOKEN_OWNER  TokenOwner,
_In_ PTOKEN_PRIMARY_GROUP  TokenPrimaryGroup,
_In_ PTOKEN_DEFAULT_DACL  TokenDefaultDacl,
_In_ PTOKEN_SOURCE  TokenSource 
)

Referenced by CreateInitialSystemToken().

◆ ZwImpersonateAnonymousToken()

NTSYSAPI NTSTATUS NTAPI ZwImpersonateAnonymousToken ( _In_ HANDLE  Thread)

◆ ZwOpenObjectAuditAlarm()

NTSYSAPI NTSTATUS NTAPI ZwOpenObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PVOID  HandleId,
_In_ PUNICODE_STRING  ObjectTypeName,
_In_ PUNICODE_STRING  ObjectName,
_In_ PSECURITY_DESCRIPTOR  SecurityDescriptor,
_In_ HANDLE  ClientToken,
_In_ ULONG  DesiredAccess,
_In_ ULONG  GrantedAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  ObjectCreation,
_In_ BOOLEAN  AccessGranted,
_Out_ PBOOLEAN  GenerateOnClose 
)

◆ ZwOpenProcessTokenEx()

NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx ( _In_ HANDLE  ProcessHandle,
_In_ ACCESS_MASK  DesiredAccess,
_In_ ULONG  HandleAttributes,
_Out_ PHANDLE  TokenHandle 
)

Referenced by RtlFormatCurrentUserKeyPath().

◆ ZwPrivilegeCheck()

NTSYSAPI NTSTATUS NTAPI ZwPrivilegeCheck ( _In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  RequiredPrivileges,
_In_ PBOOLEAN  Result 
)

◆ ZwPrivilegedServiceAuditAlarm()

NTSYSAPI NTSTATUS NTAPI ZwPrivilegedServiceAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PUNICODE_STRING  ServiceName,
_In_ HANDLE  ClientToken,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ ZwPrivilegeObjectAuditAlarm()

NTSYSAPI NTSTATUS NTAPI ZwPrivilegeObjectAuditAlarm ( _In_ PUNICODE_STRING  SubsystemName,
_In_ PVOID  HandleId,
_In_ HANDLE  ClientToken,
_In_ ULONG  DesiredAccess,
_In_ PPRIVILEGE_SET  Privileges,
_In_ BOOLEAN  AccessGranted 
)

◆ ZwSetInformationToken()

NTSYSAPI NTSTATUS NTAPI ZwSetInformationToken ( _In_ HANDLE  TokenHandle,
_In_ TOKEN_INFORMATION_CLASS  TokenInformationClass,
_Out_ PVOID  TokenInformation,
_In_ ULONG  TokenInformationLength 
)

Variable Documentation

◆ DesiredAccess

_In_ ACCESS_MASK DesiredAccess

Definition at line 417 of file sefuncs.h.

◆ EffectiveOnly

_Must_inspect_result_ _In_opt_ PACCESS_TOKEN _In_ BOOLEAN _In_ BOOLEAN EffectiveOnly

Definition at line 417 of file sefuncs.h.

Referenced by GetProcessLuid(), NtCloseObjectAuditAlarm(), NtDuplicateToken(), NtOpenThreadTokenEx(), ObpReferenceDeviceMap(), PsImpersonateClient(), PsReferenceEffectiveToken(), PsReferenceImpersonationToken(), SeCaptureSubjectContextEx(), and SeImpersonateClientEx().

◆ Length

_In_ TOKEN_INFORMATION_CLASS _In_ ULONG Length

Definition at line 509 of file sefuncs.h.

◆ NewTokenHandle

_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle

Definition at line 417 of file sefuncs.h.

Referenced by NtDuplicateToken().

◆ ObjectAttributes

_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes

Definition at line 417 of file sefuncs.h.

◆ ResultLength

_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ResultLength

Definition at line 509 of file sefuncs.h.

◆ ReturnLength

_In_ TOKEN_INFORMATION_CLASS _In_ ULONG _Out_ PULONG ReturnLength

Definition at line 320 of file sefuncs.h.

◆ TokenHandle

_In_ ACCESS_MASK _Out_ PHANDLE TokenHandle

Definition at line 455 of file sefuncs.h.

◆ TokenInformationClass

_In_ TOKEN_INFORMATION_CLASS TokenInformationClass

Definition at line 318 of file sefuncs.h.

Referenced by GetTokenInformation(), NtQueryInformationToken(), NtSetInformationToken(), SeQueryInformationToken(), and SetTokenInformation().

◆ TokenInformationLength

_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength

Definition at line 320 of file sefuncs.h.

Referenced by GetTokenInformation(), NtQueryInformationToken(), NtSetInformationToken(), and SetTokenInformation().

◆ TokenType

_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType

Definition at line 417 of file sefuncs.h.

Referenced by CreateProcessAsUserCommon(), CreateRestrictedToken(), DuplicateTokenEx(), ImpersonateLoggedOnUser(), ImpersonatePrinterClient(), NpFreeClientSecurityContext(), NtCreateToken(), NtDuplicateToken(), NtQueryInformationToken(), PsReferenceEffectiveToken(), SeCreateClientSecurity(), SepCreateClientSecurity(), SepCreateToken(), SepDuplicateToken(), SeQueryInformationToken(), test_CreateRestrictedToken(), TestsSeQueryInformationToken(), validate_impersonation_token(), and WhoamiGetTokenInfo().