#include <umtypes.h>
Include dependency graph for sefuncs.h:
This graph shows which files directly or indirectly include this file:
Go to the source code of this file.
Function Documentation
◆ _IRQL_requires_max_()
| _IRQL_requires_max_ | ( | PASSIVE_LEVEL | ) |
Queries information details about a security descriptor.
Computes the quota size of a security descriptor.
Assigns a security descriptor for a new object.
An extended function that assigns a security descriptor for a new object.
Frees a security descriptor.
An extended function that sets new information data to a security descriptor.
Modifies some information data about a security descriptor.
- Parameters
-
[in] SecurityInformation Security information details to be queried from a security descriptor. [out] SecurityDescriptor The returned security descriptor with security information data. [in,out] Length The returned length of a security descriptor. [in,out] ObjectsSecurityDescriptor The returned object security descriptor.
- Returns
- Returns STATUS_SUCCESS if the operations have been completed successfully and that the specific information about the security descriptor has been queried. STATUS_BUFFER_TOO_SMALL is returned if the buffer size is too small to contain the queried info about the security descriptor.
- Parameters
-
[in] Object If specified, the function will use this arbitrary object that points to an object security descriptor. [in] SecurityInformation Security information details to be set. [in] SecurityDescriptor A security descriptor where its info is to be changed. [in,out] ObjectsSecurityDescriptor The returned pointer to security descriptor objects. [in] PoolType Pool type for the new security descriptor to allocate. [in] GenericMapping The generic mapping of access rights masks.
- Returns
- See SeSetSecurityDescriptorInfoEx.
- Parameters
-
[in] Object If specified, the function will use this arbitrary object that points to an object security descriptor. [in] SecurityInformation Security information details to be set. [in] SecurityDescriptor A security descriptor where its info is to be changed. [in,out] ObjectsSecurityDescriptor The returned pointer to security descriptor objects. [in] AutoInheritFlags Flags bitmask inheritation, influencing how the security descriptor can be inherited and if it can be in the first place. [in] PoolType Pool type for the new security descriptor to allocate. [in] GenericMapping The generic mapping of access rights masks.
- Returns
- Returns STATUS_SUCCESS if the operations have been completed without problems and that new info has been set to the security descriptor. STATUS_NO_SECURITY_ON_OBJECT is returned if the object does not have a security descriptor. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the new security descriptor with new info set has failed.
- Parameters
-
[in] SecurityDescriptor A security descriptor to be freed from memory.
- Returns
- Returns STATUS_SUCCESS.
- Parameters
-
[in] _ParentDescriptor A security descriptor of the parent object that is being created. [in] _ExplicitDescriptor An explicit security descriptor that is applied to a new object. [out] NewDescriptor The new allocated security descriptor. [in] ObjectType The type of the new object. [in] IsDirectoryObject Set this to TRUE if the newly created object is a directory object, otherwise set this to FALSE. [in] AutoInheritFlags Automatic inheritance flags that influence how access control entries within ACLs from security descriptors are inherited. [in] SubjectContext Security subject context of the new object. [in] GenericMapping Generic mapping of access mask rights. [in] PoolType This parameter is unused.
- Returns
- Returns STATUS_SUCCESS if the operations have been completed successfully and that the security descriptor has been assigned to the new object. STATUS_NO_TOKEN is returned if the caller hasn't supplied a valid argument to a security subject context. STATUS_INVALID_OWNER is returned if the caller hasn't supplied a parent descriptor that belongs to the main user (owner). STATUS_INVALID_PRIMARY_GROUP is returned by the same reason as with the previous NTSTATUS code. The two NTSTATUS codes are returned if the calling thread stated that the owner and/or group is defaulted to the parent descriptor (SEF_DEFAULT_OWNER_FROM_PARENT and/or SEF_DEFAULT_GROUP_FROM_PARENT respectively). STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the descriptor buffer has failed. A failure NTSTATUS is returned otherwise.
- Parameters
-
[in] ParentDescriptor A security descriptor of the parent object that is being created. [in] ExplicitDescriptor An explicit security descriptor that is applied to a new object. [out] NewDescriptor The new allocated security descriptor. [in] IsDirectoryObject Set this to TRUE if the newly created object is a directory object, otherwise set this to FALSE. [in] SubjectContext Security subject context of the new object. [in] GenericMapping Generic mapping of access mask rights. [in] PoolType This parameter is unused.
- Returns
- See SeAssignSecurityEx.
- Parameters
-
[in] SecurityDescriptor A security descriptor. [out] QuotaInfoSize The returned quota size of the given security descriptor to the caller. The function may return 0 to this parameter if the descriptor doesn't have a group or a discretionary access control list (DACL) even.
- Returns
- Returns STATUS_SUCCESS if the quota size of a security descriptor has been computed successfully. STATUS_UNKNOWN_REVISION is returned if the security descriptor has an invalid revision.
Definition at line 923 of file Messaging.c.
75{
76 PFLT_SERVER_PORT_OBJECT PortObject;
78
79 /* The caller must allow at least one connection */
81 {
83 }
84
85 /* The request must be for a kernel handle */
87 {
89 }
90
91 /*
92 * Get rundown protection on the target to stop the owner
93 * from unloading whilst this port object is open. It gets
94 * removed in the FltpServerPortClose callback
95 */
98 {
100 }
101
102 /* Create the server port object for this filter */
104 ServerPortObjectType,
105 ObjectAttributes,
106 KernelMode,
107 NULL,
109 0,
110 0,
111 (PVOID *)&PortObject);
113 {
114 /* Zero out the struct */
116
117 /* Increment the ref count on the target filter */
119
120 /* Setup the filter port object */
127
128 /* Insert the object */
130 NULL,
132 0,
133 NULL,
136 {
137 /* Lock the connection list */
139
140 /* Add the new port object to the connection list and increment the count */
143
144 /* Unlock the connection list*/
146 }
147 }
148
150 {
151 /* Allow the filter to be cleaned up */
153 }
154
156}
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1877
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1875
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1874
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1876
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
Definition: nsiface.idl:2307
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2935
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:1039
Definition: fltmgrint.h:26
Definition: fltmgrint.h:189
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
◆ _Out_writes_bytes_to_opt_() [1/2]
| _In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ | ( | Length | , |
| * | ResultLength | ||
| ) |
◆ _Out_writes_bytes_to_opt_() [2/2]
| _In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ | ( | TokenInformationLength | , |
| * | ReturnLength | ||
| ) |
◆ _When_()
| _When_ | ( | TokenInformationClass | = = TokenAccessInformation, |
| _At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION))) | |||
| ) |
◆ NtAccessCheck()
| _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheck | ( | _In_ PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| _In_ HANDLE | ClientToken, | ||
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ PGENERIC_MAPPING | GenericMapping, | ||
| _Out_writes_bytes_ *PrivilegeSetLength PPRIVILEGE_SET | PrivilegeSet, | ||
| _Inout_ PULONG | PrivilegeSetLength, | ||
| _Out_ PACCESS_MASK | GrantedAccess, | ||
| _Out_ PNTSTATUS | AccessStatus | ||
| ) |
Determines whether security access can be granted to a client that requests such access on an object.
- Remarks
- For more documentation details about the parameters and overall function behavior, see SepAccessCheck.
Definition at line 2214 of file accesschk.c.
2223{
2224 PAGED_CODE();
2225
2226 /* Invoke the internal function to do the job */
2228 ClientToken,
2229 NULL,
2230 DesiredAccess,
2231 GenericMapping,
2232 PrivilegeSet,
2233 PrivilegeSetLength,
2234 NULL,
2235 0,
2236 FALSE,
2237 GrantedAccess,
2238 AccessStatus);
2239}
static NTSTATUS SepAccessCheck(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ HANDLE ClientToken, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ BOOLEAN UseResultList, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Internal function that performs a security check against the client who requests access on a resource...
Definition: accesschk.c:1592
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:21
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:20
Referenced by AccessCheck(), AccessCheckEmptyMappingTest(), and CheckTokenMembership().
◆ NtAccessCheckAndAuditAlarm()
| _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm | ( | _In_ PUNICODE_STRING | SubsystemName, |
| _In_opt_ PVOID | HandleId, | ||
| _In_ PUNICODE_STRING | ObjectTypeName, | ||
| _In_ PUNICODE_STRING | ObjectName, | ||
| _In_ PSECURITY_DESCRIPTOR | SecurityDescriptor, | ||
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ PGENERIC_MAPPING | GenericMapping, | ||
| _In_ BOOLEAN | ObjectCreation, | ||
| _Out_ PACCESS_MASK | GrantedAccess, | ||
| _Out_ PNTSTATUS | AccessStatus, | ||
| _Out_ PBOOLEAN | GenerateOnClose | ||
| ) |
Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made.
- Parameters
-
[in] SubsystemName A Unicode string that points to a name of the subsystem. [in] HandleId A handle to an ID that is used as identification instance for auditing. [in] ObjectTypeName The name of the object type. [in] ObjectName The object name. [in] SecurityDescriptor A security descriptor. [in] DesiredAccess The desired access rights masks requested by the caller. [in] GenericMapping The generic mapping of access mask rights. [in] ObjectCreation Set this to TRUE if the object has just been created. [out] GrantedAccess Returns the granted access rights. [out] AccessStatus Returns a NTSTATUS status code indicating whether access check can be granted or not. [out] GenerateOnClose Returns TRUE if the function has generated a list of granted access rights and status codes on termination, FALSE otherwise.
- Returns
- See SepAccessCheckAndAuditAlarm.
Definition at line 2125 of file audit.c.
2137{
2138 /* Call the internal function */
2140 HandleId,
2141 NULL,
2142 ObjectTypeName,
2143 ObjectName,
2144 SecurityDescriptor,
2145 NULL,
2146 DesiredAccess,
2147 AuditEventObjectAccess,
2148 0,
2149 NULL,
2150 0,
2151 GenericMapping,
2152 GrantedAccess,
2153 AccessStatus,
2154 GenerateOnClose,
2155 FALSE);
2156}
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:79
_Must_inspect_result_ NTSTATUS NTAPI SepAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PHANDLE ClientTokenHandle, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccessList, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatusList, _Out_ PBOOLEAN GenerateOnClose, _In_ BOOLEAN UseResultList)
Performs security auditing, if the specific object can be granted security access or not.
Definition: audit.c:614
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:64
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:422
◆ NtAccessCheckByType()
| _Must_inspect_result_ NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByType | ( | _In_ PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| _In_opt_ PSID | PrincipalSelfSid, | ||
| _In_ HANDLE | ClientToken, | ||
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST | ObjectTypeList, | ||
| _In_ ULONG | ObjectTypeListLength, | ||
| _In_ PGENERIC_MAPPING | GenericMapping, | ||
| _Out_writes_bytes_ *PrivilegeSetLength PPRIVILEGE_SET | PrivilegeSet, | ||
| _Inout_ PULONG | PrivilegeSetLength, | ||
| _Out_ PACCESS_MASK | GrantedAccess, | ||
| _Out_ PNTSTATUS | AccessStatus | ||
| ) |
Determines whether security access can be granted to a client that requests such access on the object type list. The access is either granted or denied for the whole object hierarchy in the list.
- Remarks
- For more documentation details about the parameters and overall function behavior, see SepAccessCheck.
Definition at line 2254 of file accesschk.c.
2266{
2267 PAGED_CODE();
2268
2269 /* Invoke the internal function to do the job */
2271 ClientToken,
2272 PrincipalSelfSid,
2273 DesiredAccess,
2274 GenericMapping,
2275 PrivilegeSet,
2276 PrivilegeSetLength,
2277 ObjectTypeList,
2278 ObjectTypeListLength,
2279 FALSE,
2280 GrantedAccess,
2281 AccessStatus);
2282}
Referenced by AccessCheckByType(), AccessGrantedMultipleObjectsTests(), AccessGrantedNoDaclTests(), AccessGrantedTests(), DenyAccessTests(), and ParamsValidationTests().
◆ NtAccessCheckByTypeResultList()
| _Must_inspect_result_ NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckByTypeResultList | ( | _In_ PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| _In_opt_ PSID | PrincipalSelfSid, | ||
| _In_ HANDLE | ClientToken, | ||
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST | ObjectTypeList, | ||
| _In_ ULONG | ObjectTypeListLength, | ||
| _In_ PGENERIC_MAPPING | GenericMapping, | ||
| _Out_writes_bytes_ *PrivilegeSetLength PPRIVILEGE_SET | PrivilegeSet, | ||
| _Inout_ PULONG | PrivilegeSetLength, | ||
| _Out_writes_(ObjectTypeListLength) PACCESS_MASK | GrantedAccess, | ||
| _Out_writes_(ObjectTypeListLength) PNTSTATUS | AccessStatus | ||
| ) |
Determines whether security access can be granted to a client that requests such access on the object type list. Unlike the NtAccessCheckByType variant, this function will grant or deny access to each individual object and sub-object in the list.
- Remarks
- For more documentation details about the parameters and overall function behavior, see SepAccessCheck.
Definition at line 2297 of file accesschk.c.
2309{
2310 PAGED_CODE();
2311
2312 /* Invoke the internal function to do the job */
2314 ClientToken,
2315 PrincipalSelfSid,
2316 DesiredAccess,
2317 GenericMapping,
2318 PrivilegeSet,
2319 PrivilegeSetLength,
2320 ObjectTypeList,
2321 ObjectTypeListLength,
2322 TRUE,
2323 GrantedAccess,
2324 AccessStatus);
2325}
Referenced by AccessCheckByTypeResultList(), DenyAccessTests(), GrantedAccessTests(), and ParamValidationNoObjsList().
◆ NtAdjustGroupsToken()
| _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken | ( | _In_ HANDLE | TokenHandle, |
| _In_ BOOLEAN | ResetToDefault, | ||
| _In_opt_ PTOKEN_GROUPS | NewState, | ||
| _In_opt_ ULONG | BufferLength, | ||
| _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS | PreviousState, | ||
| _When_(PreviousState !=NULL, _Out_) PULONG | ReturnLength | ||
| ) |
◆ NtAdjustPrivilegesToken()
| _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken | ( | _In_ HANDLE | TokenHandle, |
| _In_ BOOLEAN | DisableAllPrivileges, | ||
| _In_opt_ PTOKEN_PRIVILEGES | NewState, | ||
| _In_ ULONG | BufferLength, | ||
| _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES | PreviousState, | ||
| _When_(PreviousState !=NULL, _Out_) PULONG | ReturnLength | ||
| ) |
◆ NtAllocateLocallyUniqueId()
| NTSYSCALLAPI NTSTATUS NTAPI NtAllocateLocallyUniqueId | ( | _Out_ LUID * | LocallyUniqueId | ) |
◆ NtAllocateUuids()
| NTSYSCALLAPI NTSTATUS NTAPI NtAllocateUuids | ( | _Out_ PULARGE_INTEGER | Time, |
| _Out_ PULONG | Range, | ||
| _Out_ PULONG | Sequence, | ||
| _Out_ PUCHAR | Seed | ||
| ) |
◆ NtCompareTokens()
| NTSYSCALLAPI NTSTATUS NTAPI NtCompareTokens | ( | _In_ HANDLE | FirstTokenHandle, |
| _In_ HANDLE | SecondTokenHandle, | ||
| _Out_ PBOOLEAN | Equal | ||
| ) |
Compares tokens if they're equal or not.
- Parameters
-
[in] FirstToken The first token. [in] SecondToken The second token. [out] Equal The retrieved value which determines if the tokens are equal or not.
- Returns
- Returns STATUS_SUCCESS, otherwise it returns a failure NTSTATUS code.
Definition at line 2503 of file token.c.
2507{
2509 PTOKEN FirstToken, SecondToken;
2512
2513 PAGED_CODE();
2514
2516
2518 {
2519 _SEH2_TRY
2520 {
2521 ProbeForWriteBoolean(Equal);
2522 }
2524 {
2525 /* Return the exception code */
2527 }
2528 _SEH2_END;
2529 }
2530
2532 TOKEN_QUERY,
2533 SeTokenObjectType,
2534 PreviousMode,
2535 (PVOID*)&FirstToken,
2536 NULL);
2538 {
2541 }
2542
2544 TOKEN_QUERY,
2545 SeTokenObjectType,
2546 PreviousMode,
2547 (PVOID*)&SecondToken,
2548 NULL);
2550 {
2552 ObDereferenceObject(FirstToken);
2554 }
2555
2556 if (FirstToken != SecondToken)
2557 {
2559 SecondToken,
2560 &IsEqual);
2561 }
2562 else
2563 {
2565 }
2566
2567 ObDereferenceObject(SecondToken);
2568 ObDereferenceObject(FirstToken);
2569
2571 {
2572 _SEH2_TRY
2573 {
2574 *Equal = IsEqual;
2575 }
2577 {
2579 }
2580 _SEH2_END;
2581 }
2582
2584}
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG _In_ KPROCESSOR_MODE PreviousMode
Definition: KdSystemDebugControl.c:35
static NTSTATUS SepCompareTokens(_In_ PTOKEN FirstToken, _In_ PTOKEN SecondToken, _Out_ PBOOLEAN Equal)
Compares tokens if they're equal based on all the following properties. If all of the said conditions...
Definition: token.c:243
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
Definition: setypes.h:216
Referenced by START_TEST().
◆ NtCreateToken()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateToken | ( | _Out_ PHANDLE | TokenHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_opt_ POBJECT_ATTRIBUTES | ObjectAttributes, | ||
| _In_ TOKEN_TYPE | TokenType, | ||
| _In_ PLUID | AuthenticationId, | ||
| _In_ PLARGE_INTEGER | ExpirationTime, | ||
| _In_ PTOKEN_USER | TokenUser, | ||
| _In_ PTOKEN_GROUPS | TokenGroups, | ||
| _In_ PTOKEN_PRIVILEGES | TokenPrivileges, | ||
| _In_opt_ PTOKEN_OWNER | TokenOwner, | ||
| _In_ PTOKEN_PRIMARY_GROUP | TokenPrimaryGroup, | ||
| _In_opt_ PTOKEN_DEFAULT_DACL | TokenDefaultDacl, | ||
| _In_ PTOKEN_SOURCE | TokenSource | ||
| ) |
Creates an access token.
- Parameters
-
[out] TokenHandle The returned created token handle to the caller. [in] DesiredAccess The desired access rights for the token that we're creating. [in] ObjectAttributes The object attributes for the token object that we're creating. [in] TokenType The type of token to assign for the newly created token. [in] AuthenticationId Authentication ID that represents the token's identity. [in] ExpirationTime Expiration time for the token. If set to -1, the token never expires. [in] TokenUser The main user entity for the token to assign. [in] TokenGroups Group list of SIDs for the token to assign. [in] TokenPrivileges Privileges for the token. [in] TokenOwner The main user that owns the newly created token. [in] TokenPrimaryGroup The primary group that represents as the main group of the token. [in] TokenDefaultDacl Discretionary access control list for the token. This limits on how the token can be used, accessed and used by whom. [in] TokenSource The source origin of the token who creates it.
- Returns
- Returns STATUS_SUCCESS if the function has successfully created the token. A failure NTSTATUS code is returned otherwise.
Definition at line 1558 of file tokenlif.c.
1572{
1573 HANDLE hToken;
1575 ULONG PrivilegeCount, GroupCount;
1576 PSID OwnerSid, PrimaryGroupSid;
1577 PACL DefaultDacl;
1578 LARGE_INTEGER LocalExpirationTime = {{0, 0}};
1579 LUID LocalAuthenticationId;
1580 TOKEN_SOURCE LocalTokenSource;
1581 SECURITY_QUALITY_OF_SERVICE LocalSecurityQos;
1588 ULONG PrivilegesLength, UserLength, GroupsLength;
1590
1591 PAGED_CODE();
1592
1594
1596 {
1597 _SEH2_TRY
1598 {
1600
1602 {
1607 }
1608
1609 ProbeForRead(AuthenticationId,
1612 LocalAuthenticationId = *AuthenticationId;
1613
1614 LocalExpirationTime = ProbeForReadLargeInteger(ExpirationTime);
1615
1619
1623 GroupCount = TokenGroups->GroupCount;
1624
1628 PrivilegeCount = TokenPrivileges->PrivilegeCount;
1629
1631 {
1635 OwnerSid = TokenOwner->Owner;
1636 }
1637 else
1638 {
1639 OwnerSid = NULL;
1640 }
1641
1645 PrimaryGroupSid = TokenPrimaryGroup->PrimaryGroup;
1646
1648 {
1652 DefaultDacl = TokenDefaultDacl->DefaultDacl;
1653 }
1654 else
1655 {
1656 DefaultDacl = NULL;
1657 }
1658
1662 LocalTokenSource = *TokenSource;
1663 }
1665 {
1666 /* Return the exception code */
1668 }
1669 _SEH2_END;
1670 }
1671 else
1672 {
1675 LocalAuthenticationId = *AuthenticationId;
1676 LocalExpirationTime = *ExpirationTime;
1677 GroupCount = TokenGroups->GroupCount;
1678 PrivilegeCount = TokenPrivileges->PrivilegeCount;
1680 PrimaryGroupSid = TokenPrimaryGroup->PrimaryGroup;
1682 LocalTokenSource = *TokenSource;
1683 }
1684
1685 /* Check token type */
1688 {
1690 }
1691
1692 /* Check for token creation privilege */
1694 {
1696 }
1697
1698 /* Capture the user SID and attributes */
1700 1,
1701 PreviousMode,
1702 NULL,
1703 0,
1704 PagedPool,
1705 FALSE,
1706 &CapturedUser,
1707 &UserLength);
1709 {
1711 }
1712
1713 /* Capture the groups SID and attributes array */
1715 GroupCount,
1716 PreviousMode,
1717 NULL,
1718 0,
1719 PagedPool,
1720 FALSE,
1721 &CapturedGroups,
1722 &GroupsLength);
1724 {
1726 }
1727
1728 /* Capture privileges */
1730 PrivilegeCount,
1731 PreviousMode,
1732 NULL,
1733 0,
1734 PagedPool,
1735 FALSE,
1736 &CapturedPrivileges,
1737 &PrivilegesLength);
1739 {
1741 }
1742
1743 /* Capture the token owner SID */
1745 {
1747 PreviousMode,
1748 PagedPool,
1749 FALSE,
1750 &CapturedOwnerSid);
1752 {
1754 }
1755 }
1756
1757 /* Capture the token primary group SID */
1759 PreviousMode,
1760 PagedPool,
1761 FALSE,
1762 &CapturedPrimaryGroupSid);
1764 {
1766 }
1767
1768 /* Capture DefaultDacl */
1770 {
1772 PreviousMode,
1773 NonPagedPool,
1774 FALSE,
1775 &CapturedDefaultDacl);
1777 {
1779 }
1780 }
1781
1782 /* Call the internal function */
1784 PreviousMode,
1785 DesiredAccess,
1786 ObjectAttributes,
1787 TokenType,
1788 LocalSecurityQos.ImpersonationLevel,
1789 &LocalAuthenticationId,
1790 &LocalExpirationTime,
1791 CapturedUser,
1792 GroupCount,
1793 CapturedGroups,
1794 GroupsLength,
1795 PrivilegeCount,
1796 CapturedPrivileges,
1797 CapturedOwnerSid,
1798 CapturedPrimaryGroupSid,
1799 CapturedDefaultDacl,
1800 &LocalTokenSource,
1801 FALSE);
1803 {
1804 _SEH2_TRY
1805 {
1806 *TokenHandle = hToken;
1807 }
1809 {
1811 }
1812 _SEH2_END;
1813 }
1814
1815Cleanup:
1816
1817 /* Release what we captured */
1824
1826}
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:411
VOID NTAPI SepReleaseSid(_In_ PSID CapturedSid, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID.
Definition: sid.c:400
NTSTATUS NTAPI SepCaptureSid(_In_ PSID InputSid, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID *CapturedSid)
Captures a SID.
Definition: sid.c:314
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID with attributes.
Definition: sid.c:976
VOID NTAPI SepReleaseAcl(_In_ PACL CapturedAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) a captured ACL from the memory pool.
Definition: acl.c:464
VOID NTAPI SeReleaseLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Privilege, _In_ KPROCESSOR_MODE PreviousMode, _In_ BOOLEAN CaptureIfKernel)
Releases a LUID with attributes structure.
Definition: priv.c:554
NTSTATUS NTAPI SepCaptureAcl(_In_ PACL InputAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PACL *CapturedAcl)
Captures an access control list from an already valid input ACL.
Definition: acl.c:352
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
Captures a SID with attributes.
Definition: sid.c:693
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Src, _In_ ULONG PrivilegeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_ PLUID_AND_ATTRIBUTES AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PLUID_AND_ATTRIBUTES *Dest, _Inout_ PULONG Length)
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
Definition: priv.c:744
Definition: ms-dtyp.idl:293
Definition: setypes.h:73
Definition: devicetopology.idl:137
Definition: umtypes.h:182
Definition: lsa.idl:63
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
Definition: setypes.h:502
Definition: ms-dtyp.idl:198
Definition: setypes.h:1047
Definition: setypes.h:1025
Definition: setypes.h:1039
Definition: setypes.h:1043
Definition: setypes.h:1034
Definition: imports.h:277
Definition: setypes.h:1021
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Internal function responsible for access token object creation in the kernel. A fully created token o...
Definition: tokenlif.c:97
Definition: typedefs.h:103
Referenced by LsapLogonUser().
◆ NtDuplicateToken()
| _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken | ( | _In_ HANDLE | ExistingTokenHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_opt_ POBJECT_ATTRIBUTES | ObjectAttributes, | ||
| _In_ BOOLEAN | EffectiveOnly, | ||
| _In_ TOKEN_TYPE | TokenType, | ||
| _Out_ PHANDLE | NewTokenHandle | ||
| ) |
Duplicates a token.
- Parameters
-
[in] ExistingTokenHandle An existing token to duplicate. [in] DesiredAccess The desired access rights for the new duplicated token. [in] ObjectAttributes Object attributes for the new duplicated token. [in] EffectiveOnly If set to TRUE, the function removes all the disabled privileges and groups of the token to duplicate. [in] TokenType Type of token to assign to the duplicated token. [out] NewTokenHandle The returned duplicated token handle.
- Returns
- STATUS_SUCCESS is returned if token duplication has completed successfully. STATUS_BAD_IMPERSONATION_LEVEL is returned if the caller erroneously wants to raise the impersonation level even though the conditions do not permit it. A failure NTSTATUS code is returned otherwise.
- Remarks
- Some sources claim 4th param is ImpersonationLevel, but on W2K this is certainly NOT true, although I can't say for sure that EffectiveOnly is correct either. -Gunnar This is true. EffectiveOnly overrides SQOS.EffectiveOnly. - IAI NOTE for readers: https://hex.pp.ua/nt/NtDuplicateToken.php is therefore wrong in that regard, while MSDN documentation is correct.
Definition at line 1869 of file tokenlif.c.
1876{
1878 HANDLE hToken;
1880 PTOKEN NewToken;
1881 PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService;
1882 BOOLEAN QoSPresent;
1885
1886 PAGED_CODE();
1887
1890 {
1892 }
1893
1895
1897 {
1898 _SEH2_TRY
1899 {
1901 }
1903 {
1904 /* Return the exception code */
1906 }
1907 _SEH2_END;
1908 }
1909
1911 PreviousMode,
1912 PagedPool,
1913 FALSE,
1914 &CapturedSecurityQualityOfService,
1915 &QoSPresent);
1917 {
1920 }
1921
1923 TOKEN_DUPLICATE,
1924 SeTokenObjectType,
1925 PreviousMode,
1927 &HandleInformation);
1929 {
1931 SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
1932 PreviousMode,
1933 FALSE);
1935 }
1936
1937 /*
1938 * Fail, if the original token is an impersonation token and the caller
1939 * tries to raise the impersonation level of the new token above the
1940 * impersonation level of the original token.
1941 */
1943 {
1944 if (QoSPresent &&
1946 {
1948 SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
1949 PreviousMode,
1950 FALSE);
1952 }
1953 }
1954
1955 /*
1956 * Fail, if a primary token is to be created from an impersonation token
1957 * and and the impersonation level of the impersonation token is below SecurityImpersonation.
1958 */
1962 {
1964 SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
1965 PreviousMode,
1966 FALSE);
1968 }
1969
1971 ObjectAttributes,
1972 EffectiveOnly,
1973 TokenType,
1975 PreviousMode,
1976 &NewToken);
1977
1979
1981 {
1983 NULL,
1985 0,
1986 NULL,
1987 &hToken);
1989 {
1990 _SEH2_TRY
1991 {
1992 *NewTokenHandle = hToken;
1993 }
1995 {
1997 }
1998 _SEH2_END;
1999 }
2000 }
2001
2002 /* Free the captured structure */
2003 SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
2004 PreviousMode,
2005 FALSE);
2006
2008}
Definition: tokenizer.hpp:28
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:410
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
Definition: sefuncs.h:412
NTSTATUS NTAPI SepCaptureSecurityQualityOfService(_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, _Out_ PBOOLEAN Present)
Captures the security quality of service data given the object attributes from an object.
Definition: sqos.c:52
VOID NTAPI SepReleaseSecurityQualityOfService(_In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) the captured SQOS data from an object in the memory pool.
Definition: sqos.c:225
Definition: iotypes.h:179
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Duplicates an access token, from an existing valid token.
Definition: tokenlif.c:471
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
Definition: obfuncs.h:44
◆ NtFilterToken()
| _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFilterToken | ( | _In_ HANDLE | ExistingTokenHandle, |
| _In_ ULONG | Flags, | ||
| _In_opt_ PTOKEN_GROUPS | SidsToDisable, | ||
| _In_opt_ PTOKEN_PRIVILEGES | PrivilegesToDelete, | ||
| _In_opt_ PTOKEN_GROUPS | RestrictedSids, | ||
| _Out_ PHANDLE | NewTokenHandle | ||
| ) |
Creates an access token in a restricted form from the original existing token, that is, such action is called filtering.
- Parameters
-
[in] ExistingTokenHandle A handle to an access token which is to be filtered. [in] Flags Privilege flag options. This parameter argument influences how the token's privileges are filtered. For further details see remarks. [in] SidsToDisable Array of SIDs to disable. The action of doing so assigns the SE_GROUP_USE_FOR_DENY_ONLY attribute to the respective group SID and takes away SE_GROUP_ENABLED and SE_GROUP_ENABLED_BY_DEFAULT. This parameter can be NULL. This can be a UM pointer. [in] PrivilegesToDelete Array of privileges to delete. The function will walk within this array to determine if the specified privileges do exist in the access token. Any missing privileges gets ignored. This parameter can be NULL. This can be a UM pointer. [in] RestrictedSids An array list of restricted groups SID to be added in the access token. A token that is already restricted the newly added restricted SIDs are redundant information in addition to the existing restricted SIDs in the token. This parameter can be NULL. This can be a UM pointer. [out] NewTokenHandle A new handle to the restricted (filtered) access token. This can be a UM pointer.
- Returns
- Returns STATUS_SUCCESS if the routine has successfully filtered the access token. STATUS_INVALID_PARAMETER is returned if one or more parameters are not valid (see SepPerformTokenFiltering routine call for more information). A failure NTSTATUS code is returned otherwise.
- Remarks
- The Flags parameter determines the final outcome of how the privileges in an access token are filtered. This parameter can take these supported values (these can be combined):
0 – Filter the token's privileges in the usual way. The function expects that the caller MUST PROVIDE a valid array list of privileges to be deleted (that is, PrivilegesToDelete MUSTN'T BE NULL).
DISABLE_MAX_PRIVILEGE – Disables (deletes) all the privileges except SeChangeNotifyPrivilege in the new access token. Bear in mind if this flag is specified the routine ignores PrivilegesToDelete.
SANDBOX_INERT – Stores the TOKEN_SANDBOX_INERT token flag within the access token.
LUA_TOKEN – The newly filtered access token is a LUA token. This flag is not supported in Windows Server 2003.
WRITE_RESTRICTED – The newly filtered token has the restricted SIDs that are considered only when evaluating write access onto the token. This value is not supported in Windows Server 2003.
Definition at line 2075 of file tokenlif.c.
2082{
2084 HANDLE FilteredTokenHandle;
2087 OBJECT_HANDLE_INFORMATION HandleInfo;
2089 ULONG CapturedSidsCount = 0;
2090 ULONG CapturedPrivilegesCount = 0;
2091 ULONG CapturedRestrictedSidsCount = 0;
2092 ULONG ProbeSize = 0;
2096
2097 PAGED_CODE();
2098
2100
2101 _SEH2_TRY
2102 {
2103 /* Probe SidsToDisable */
2105 {
2106 /* Probe the header */
2108
2109 CapturedSidsCount = SidsToDisable->GroupCount;
2111
2113 }
2114
2115 /* Probe PrivilegesToDelete */
2117 {
2118 /* Probe the header */
2120
2121 CapturedPrivilegesCount = PrivilegesToDelete->PrivilegeCount;
2123
2125 }
2126
2127 /* Probe RestrictedSids */
2129 {
2130 /* Probe the header */
2132
2133 CapturedRestrictedSidsCount = RestrictedSids->GroupCount;
2135
2137 }
2138
2139 /* Probe the handle */
2141 }
2143 {
2144 /* Return the exception code */
2146 }
2147 _SEH2_END;
2148
2149 /* Reference the token */
2151 TOKEN_DUPLICATE,
2152 SeTokenObjectType,
2153 PreviousMode,
2155 &HandleInfo);
2157 {
2160 }
2161
2162 /* Capture the group SIDs */
2164 {
2166 CapturedSidsCount,
2167 PreviousMode,
2168 NULL,
2169 0,
2170 PagedPool,
2171 TRUE,
2172 &CapturedSids,
2173 &ResultLength);
2175 {
2177 goto Quit;
2178 }
2179 }
2180
2181 /* Capture the privileges */
2183 {
2185 CapturedPrivilegesCount,
2186 PreviousMode,
2187 NULL,
2188 0,
2189 PagedPool,
2190 TRUE,
2191 &CapturedPrivileges,
2192 &ResultLength);
2194 {
2196 goto Quit;
2197 }
2198 }
2199
2200 /* Capture the restricted SIDs */
2202 {
2204 CapturedRestrictedSidsCount,
2205 PreviousMode,
2206 NULL,
2207 0,
2208 PagedPool,
2209 TRUE,
2210 &CapturedRestrictedSids,
2211 &ResultLength);
2213 {
2215 goto Quit;
2216 }
2217 }
2218
2219 /* Call the internal API */
2221 CapturedPrivileges,
2222 CapturedSids,
2223 CapturedRestrictedSids,
2224 CapturedPrivilegesCount,
2225 CapturedSidsCount,
2226 CapturedRestrictedSidsCount,
2227 Flags,
2228 PreviousMode,
2229 &FilteredToken);
2231 {
2233 goto Quit;
2234 }
2235
2236 /* Insert the filtered token and retrieve a handle to it */
2238 NULL,
2239 HandleInfo.GrantedAccess,
2240 0,
2241 NULL,
2242 &FilteredTokenHandle);
2244 {
2246 goto Quit;
2247 }
2248
2249 /* And return it to the caller once we're done */
2250 _SEH2_TRY
2251 {
2252 *NewTokenHandle = FilteredTokenHandle;
2253 }
2255 {
2258 }
2259 _SEH2_END;
2260
2261Quit:
2262 /* Dereference the token */
2264
2265 /* Release all the captured data */
2267 {
2268 SeReleaseSidAndAttributesArray(CapturedSids,
2269 PreviousMode,
2270 TRUE);
2271 }
2272
2274 {
2275 SeReleaseLuidAndAttributesArray(CapturedPrivileges,
2276 PreviousMode,
2277 TRUE);
2278 }
2279
2281 {
2282 SeReleaseSidAndAttributesArray(CapturedRestrictedSids,
2283 PreviousMode,
2284 TRUE);
2285 }
2286
2288}
static NTSTATUS SepPerformTokenFiltering(_In_ PTOKEN Token, _In_opt_ PLUID_AND_ATTRIBUTES PrivilegesToBeDeleted, _In_opt_ PSID_AND_ATTRIBUTES SidsToBeDisabled, _In_opt_ PSID_AND_ATTRIBUTES RestrictedSidsIntoToken, _When_(PrivilegesToBeDeleted !=NULL, _In_) ULONG PrivilegesCount, _When_(SidsToBeDisabled !=NULL, _In_) ULONG RegularGroupsSidCount, _When_(RestrictedSidsIntoToken !=NULL, _In_) ULONG RestrictedSidsCount, _In_ ULONG PrivilegeFlags, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *FilteredToken)
Private helper function responsible for creating a restricted access token, that is,...
Definition: tokenlif.c:859
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3776
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:17
◆ NtImpersonateAnonymousToken()
| NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken | ( | _In_ HANDLE | ThreadHandle | ) |
Allows the calling thread to impersonate the system's anonymous logon token.
- Parameters
-
[in] ThreadHandle A handle to the thread to start the procedure of logon token impersonation. The thread must have the THREAD_IMPERSONATE access right.
- Returns
- Returns STATUS_SUCCESS if the thread has successfully impersonated the anonymous logon token, otherwise a failure NTSTATUS code is returned.
- Remarks
- By default the system gives the opportunity to the caller to impersonate the anonymous logon token without including the Everyone Group SID. In cases where the caller wants to impersonate the token including such group, the EveryoneIncludesAnonymous registry value setting has to be set to 1, from HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry path. The calling thread must invoke PsRevertToSelf when impersonation is no longer needed or RevertToSelf if the calling execution is done in user mode.
Definition at line 2612 of file token.c.
2614{
2618 PAGED_CODE();
2619
2621
2622 /* Obtain the thread object from the handle */
2624 THREAD_IMPERSONATE,
2625 PsThreadType,
2626 PreviousMode,
2628 NULL);
2630 {
2631 DPRINT1("NtImpersonateAnonymousToken(): Failed to reference the object (Status 0x%lx)\n", Status);
2633 }
2634
2635 /* Call the private routine to impersonate the token */
2638 {
2639 DPRINT1("NtImpersonateAnonymousToken(): Failed to impersonate the token (Status 0x%lx)\n", Status);
2640 }
2641
2644}
static NTSTATUS SepImpersonateAnonymousToken(_In_ PETHREAD Thread, _In_ KPROCESSOR_MODE PreviousMode)
Private function that impersonates the system's anonymous logon token. The major bulk of the imperson...
Definition: token.c:334
Definition: pstypes.h:1103
◆ NtOpenObjectAuditAlarm()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm | ( | _In_ PUNICODE_STRING | SubsystemName, |
| _In_opt_ PVOID | HandleId, | ||
| _In_ PUNICODE_STRING | ObjectTypeName, | ||
| _In_ PUNICODE_STRING | ObjectName, | ||
| _In_opt_ PSECURITY_DESCRIPTOR | SecurityDescriptor, | ||
| _In_ HANDLE | ClientTokenHandle, | ||
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ ACCESS_MASK | GrantedAccess, | ||
| _In_opt_ PPRIVILEGE_SET | PrivilegeSet, | ||
| _In_ BOOLEAN | ObjectCreation, | ||
| _In_ BOOLEAN | AccessGranted, | ||
| _Out_ PBOOLEAN | GenerateOnClose | ||
| ) |
Raises an alarm audit message when an object is about to be opened.
- Parameters
-
[in] SubsystemName A Unicode string that points to a name of the subsystem. [in] HandleId A handle to an ID used for identification instance for auditing. [in] ObjectTypeName A Unicode string that points to an object type name. [in] ObjectName The name of the object. [in] SecurityDescriptor A security descriptor. [in] ClientTokenHandle A handle to a client access token. [in] DesiredAccess The desired access rights masks requested by the caller. [in] GrantedAccess The granted access mask rights. [in] PrivilegeSet If specified, the function will use this set of privileges to audit. [in] ObjectCreation Set this to TRUE if the object has just been created. [in] AccessGranted Set this to TRUE if the access attempt was deemed as granted. [out] GenerateOnClose A boolean flag returned to the caller once audit generation procedure finishes.
- Returns
- Returns STATUS_SUCCESS if all the operations have been completed successfully. STATUS_PRIVILEGE_NOT_HELD is returned if the given subject context does not hold the required audit privilege to actually begin auditing in the first place. STATUS_BAD_IMPERSONATION_LEVEL is returned if the security impersonation level of the client token is not on par with the impersonation level that alllows impersonation. STATUS_INVALID_PARAMETER is returned if the caller has submitted a bogus set of privileges as such array set exceeds the maximum count of privileges that the kernel can accept. A failure NTSTATUS code is returned otherwise.
Definition at line 1622 of file audit.c.
1635{
1636 PTOKEN ClientToken;
1637 PSECURITY_DESCRIPTOR CapturedSecurityDescriptor;
1638 UNICODE_STRING CapturedSubsystemName, CapturedObjectTypeName, CapturedObjectName;
1639 ULONG PrivilegeCount, PrivilegeSetSize;
1641 BOOLEAN LocalGenerateOnClose;
1642 PVOID CapturedHandleId;
1645 PAGED_CODE();
1646
1647 /* Only user mode is supported! */
1649
1650 /* Start clean */
1651 ClientToken = NULL;
1652 CapturedSecurityDescriptor = NULL;
1653 CapturedPrivilegeSet = NULL;
1657
1658 /* Reference the client token */
1660 TOKEN_QUERY,
1661 SeTokenObjectType,
1662 UserMode,
1663 (PVOID*)&ClientToken,
1664 NULL);
1666 {
1668 ClientTokenHandle, Status);
1670 }
1671
1672 /* Capture the security subject context */
1674
1675 /* Validate the token's impersonation level */
1678 {
1682 }
1683
1684 /* Check for audit privilege */
1686 {
1690 }
1691
1692 /* Check for NULL SecurityDescriptor */
1694 {
1695 /* Nothing to do */
1698 }
1699
1700 /* Capture the security descriptor */
1702 UserMode,
1703 PagedPool,
1704 FALSE,
1705 &CapturedSecurityDescriptor);
1707 {
1710 }
1711
1712 _SEH2_TRY
1713 {
1714 /* Check if we have a privilege set */
1716 {
1717 /* Probe the basic privilege set structure */
1719
1720 /* Validate privilege count */
1721 PrivilegeCount = PrivilegeSet->PrivilegeCount;
1723 {
1726 }
1727
1728 /* Calculate the size of the PrivilegeSet structure */
1730
1731 /* Probe the whole structure */
1733
1734 /* Allocate a temp buffer */
1736 PrivilegeSetSize,
1737 TAG_PRIVILEGE_SET);
1739 {
1743 }
1744
1745 /* Copy the privileges */
1746 RtlCopyMemory(CapturedPrivilegeSet, PrivilegeSet, PrivilegeSetSize);
1747 }
1748
1750 {
1752 CapturedHandleId = *(PVOID*)HandleId;
1753 }
1754
1756 }
1758 {
1762 }
1763 _SEH2_END;
1764
1765 /* Probe and capture the subsystem name */
1767 UserMode,
1768 SubsystemName);
1770 {
1773 }
1774
1775 /* Probe and capture the object type name */
1777 UserMode,
1778 ObjectTypeName);
1780 {
1783 }
1784
1785 /* Probe and capture the object name */
1787 UserMode,
1788 ObjectName);
1790 {
1793 }
1794
1795 /* Call the internal function */
1797 &CapturedSubsystemName,
1798 CapturedHandleId,
1799 &CapturedObjectTypeName,
1800 &CapturedObjectName,
1801 CapturedSecurityDescriptor,
1802 ClientToken,
1803 DesiredAccess,
1804 GrantedAccess,
1805 CapturedPrivilegeSet,
1806 ObjectCreation,
1807 AccessGranted,
1808 &LocalGenerateOnClose);
1809
1811
1812 /* Enter SEH to copy the data back to user mode */
1813 _SEH2_TRY
1814 {
1815 *GenerateOnClose = LocalGenerateOnClose;
1816 }
1818 {
1821 }
1822 _SEH2_END;
1823
1824Cleanup:
1825
1828
1831
1834
1837
1840
1841 /* Release the security subject context */
1843
1844 ObDereferenceObject(ClientToken);
1845
1847}
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2246
BOOLEAN NTAPI SeCheckAuditPrivilege(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Checks a single privilege and performs an audit against a privileged service based on a security subj...
Definition: priv.c:360
VOID NTAPI SepOpenObjectAuditAlarm(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PTOKEN ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when an object is about to be opened.
Definition: audit.c:1535
NTSTATUS NTAPI SeCaptureSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Captures a security descriptor.
Definition: sd.c:386
NTSTATUS NTAPI SeReleaseSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
Releases a captured security descriptor buffer.
Definition: sd.c:760
static __inline NTSTATUS ProbeAndCaptureUnicodeString(OUT PUNICODE_STRING Dest, IN KPROCESSOR_MODE CurrentMode, IN const UNICODE_STRING *UnsafeSrc)
Definition: probe.h:142
static __inline VOID ReleaseCapturedUnicodeString(IN PUNICODE_STRING CapturedString, IN KPROCESSOR_MODE CurrentMode)
Definition: probe.h:239
Definition: setypes.h:85
Definition: ms-dtyp.idl:301
Definition: setypes.h:217
Definition: env_spec_w32.h:368
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
Definition: subject.c:171
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
Definition: subject.c:85
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:419
◆ NtOpenProcessTokenEx()
| NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx | ( | _In_ HANDLE | ProcessHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ ULONG | HandleAttributes, | ||
| _Out_ PHANDLE | TokenHandle | ||
| ) |
◆ NtPrivilegeCheck()
| _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck | ( | _In_ HANDLE | ClientToken, |
| _Inout_ PPRIVILEGE_SET | RequiredPrivileges, | ||
| _Out_ PBOOLEAN | Result | ||
| ) |
◆ NtPrivilegedServiceAuditAlarm()
| NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm | ( | _In_ PUNICODE_STRING | SubsystemName, |
| _In_ PUNICODE_STRING | ServiceName, | ||
| _In_ HANDLE | ClientToken, | ||
| _In_ PPRIVILEGE_SET | Privileges, | ||
| _In_ BOOLEAN | AccessGranted | ||
| ) |
◆ NtPrivilegeObjectAuditAlarm()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm | ( | _In_ PUNICODE_STRING | SubsystemName, |
| _In_opt_ PVOID | HandleId, | ||
| _In_ HANDLE | ClientToken, | ||
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ PPRIVILEGE_SET | Privileges, | ||
| _In_ BOOLEAN | AccessGranted | ||
| ) |
◆ NtSetInformationToken()
| _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken | ( | _In_ HANDLE | TokenHandle, |
| _In_ TOKEN_INFORMATION_CLASS | TokenInformationClass, | ||
| _In_reads_bytes_(TokenInformationLength) PVOID | TokenInformation, | ||
| _In_ ULONG | TokenInformationLength | ||
| ) |
Sets (modifies) some specific information in regard of an access token. The calling thread must have specific access rights in order to modify token's information data.
@unimplemented
- Parameters
-
[in] TokenHandle A handle of a token where information is to be modified. [in] TokenInformationClass Token information class. [in] TokenInformation An arbitrary pointer to a buffer with token information to set. Such arbitrary buffer depends on the information class chosen that the caller wants to modify such information data of a token. [in] TokenInformationLength Length of the token information buffer, in bytes.
- Returns
- Returns STATUS_SUCCESS if information setting has completed successfully. STATUS_INFO_LENGTH_MISMATCH is returned if the information length of the buffer is less than the required length. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation has failed. STATUS_PRIVILEGE_NOT_HELD is returned if the calling thread hasn't the required privileges to perform the operation in question. A failure NTSTATUS code is returned otherwise.
- Remarks
- The function is partly implemented, mainly TokenOrigin.
Definition at line 1125 of file tokencls.c.
1130{
1135
1136 PAGED_CODE();
1137
1139
1141 SeTokenInformationClass,
1143 TokenInformation,
1144 TokenInformationLength,
1145 PreviousMode);
1147 {
1148 /* Invalid buffers */
1151 }
1152
1154 {
1155 NeededAccess |= TOKEN_ADJUST_SESSIONID;
1156 }
1157
1159 NeededAccess,
1160 SeTokenObjectType,
1161 PreviousMode,
1163 NULL);
1165 {
1167 {
1169 {
1171 {
1174 ULONG DefaultOwnerIndex;
1175
1176 _SEH2_TRY
1177 {
1178 InputSid = to->Owner;
1179 }
1181 {
1184 }
1185 _SEH2_END;
1186
1188 PreviousMode,
1189 PagedPool,
1190 FALSE,
1191 &CapturedSid);
1193 {
1194 /* Lock the token */
1196
1197 /* Find the owner amongst the existing token user and groups */
1199 NULL,
1200 CapturedSid,
1201 NULL,
1202 &DefaultOwnerIndex);
1204 {
1205 /* Found it */
1206 Token->DefaultOwnerIndex = DefaultOwnerIndex;
1208 }
1209
1210 /* Unlock the token */
1212
1213 SepReleaseSid(CapturedSid,
1214 PreviousMode,
1215 FALSE);
1216 }
1217 }
1218 else
1219 {
1221 }
1222 break;
1223 }
1224
1226 {
1228 {
1230 ULONG AclSize;
1233 ULONG PrimaryGroupIndex, NewDynamicLength;
1234
1235 _SEH2_TRY
1236 {
1237 InputSid = tpg->PrimaryGroup;
1238 }
1240 {
1243 }
1244 _SEH2_END;
1245
1247 PreviousMode,
1248 PagedPool,
1249 FALSE,
1250 &CapturedSid);
1252 {
1253 /* Lock the token */
1255
1256 /*
1257 * We can whack the token's primary group only if
1258 * the charged dynamic space boundary allows us
1259 * to do so. Exceeding this boundary and we're
1260 * busted out.
1261 */
1263 NewDynamicLength = RtlLengthSid(CapturedSid) + AclSize;
1265 {
1269 DPRINT1("NtSetInformationToken(): Couldn't assign new primary group, space exceeded (current length %u, new length %lu)\n",
1270 Token->DynamicCharged, NewDynamicLength);
1272 }
1273
1274 /*
1275 * The dynamic part of the token may require a rebuild
1276 * if the current dynamic area is too small. If not then
1277 * we're pretty much good as is.
1278 */
1281 {
1282 /* Find the primary group amongst the existing token user and groups */
1284 CapturedSid,
1285 NULL,
1286 &PrimaryGroupIndex,
1287 NULL);
1289 {
1290 /*
1291 * We have found it. Add the length of
1292 * the previous primary group SID to the
1293 * available dynamic area.
1294 */
1296
1297 /*
1298 * Move the default DACL if it's not at the
1299 * head of the dynamic part.
1300 */
1303 {
1305 Token->DefaultDacl,
1308 }
1309
1310 /* Take away available space from the dynamic area */
1312
1313 /*
1314 * And assign the new primary group. For that
1315 * we have to make sure where the primary group
1316 * is going to stay in memory, so if this token
1317 * has a default DACL then add up its size with
1318 * the address of the dynamic part.
1319 */
1323 Token->UserAndGroups[PrimaryGroupIndex].Sid);
1325
1327 }
1328 }
1329
1330 /* Unlock the token */
1332
1333 SepReleaseSid(CapturedSid,
1334 PreviousMode,
1335 FALSE);
1336 }
1337 }
1338 else
1339 {
1341 }
1342 break;
1343 }
1344
1346 {
1348 {
1351
1352 _SEH2_TRY
1353 {
1354 InputAcl = tdd->DefaultDacl;
1355 }
1357 {
1360 }
1361 _SEH2_END;
1362
1364 {
1365 PACL CapturedAcl;
1366
1367 /* Capture, validate, and copy the DACL */
1369 PreviousMode,
1370 PagedPool,
1371 TRUE,
1372 &CapturedAcl);
1374 {
1375 ULONG NewDynamicLength;
1376 ULONG_PTR Acl;
1377
1378 /* Lock the token */
1380
1381 /*
1382 * We can whack the token's default DACL only if
1383 * the charged dynamic space boundary allows us
1384 * to do so. Exceeding this boundary and we're
1385 * busted out.
1386 */
1389 {
1393 DPRINT1("NtSetInformationToken(): Couldn't assign new default DACL, space exceeded (current length %u, new length %lu)\n",
1394 Token->DynamicCharged, NewDynamicLength);
1396 }
1397
1398 /*
1399 * The dynamic part of the token may require a rebuild
1400 * if the current dynamic area is too small. If not then
1401 * we're pretty much good as is.
1402 */
1405 {
1406 /*
1407 * Before setting up a new DACL for the
1408 * token object we add up the size of
1409 * the old DACL to the available dynamic
1410 * area
1411 */
1413 {
1415 }
1416
1417 /*
1418 * Move the primary group if it's not at the
1419 * head of the dynamic part.
1420 */
1422 {
1424 Token->PrimaryGroup,
1427 }
1428
1429 /* Take away available space from the dynamic area */
1431
1432 /* Set the new dacl */
1435 CapturedAcl,
1436 CapturedAcl->AclSize);
1438
1440 }
1441
1442 /* Unlock the token and release the ACL */
1445 }
1446 }
1447 else
1448 {
1449 /* Lock the token */
1451
1452 /* Clear the default dacl if present */
1454 {
1458
1460 }
1461
1462 /* Unlock the token */
1464 }
1465 }
1466 else
1467 {
1469 }
1470 break;
1471 }
1472
1474 {
1476
1477 _SEH2_TRY
1478 {
1479 /* Buffer size was already verified, no need to check here again */
1481 }
1483 {
1486 }
1487 _SEH2_END;
1488
1489 /* Check for TCB privilege */
1491 {
1493 break;
1494 }
1495
1496 /* Lock the token */
1498
1501
1502 /* Unlock the token */
1504
1505 break;
1506 }
1507
1509 {
1510 ULONG SessionReference;
1511
1512 _SEH2_TRY
1513 {
1514 /* Buffer size was already verified, no need to check here again */
1515 SessionReference = *(PULONG)TokenInformation;
1516 }
1518 {
1521 }
1522 _SEH2_END;
1523
1524 /* Check for TCB privilege */
1526 {
1529 }
1530
1531 /* Check if it is 0 */
1532 if (SessionReference == 0)
1533 {
1534 ULONG OldTokenFlags;
1535
1536 /* Lock the token */
1538
1539 /* Atomically set the flag in the token */
1541 TOKEN_SESSION_NOT_REFERENCED);
1542 /*
1543 * If the flag was already set, do not dereference again
1544 * the logon session. Use SessionReference as an indicator
1545 * to know whether to really dereference the session.
1546 */
1548 SessionReference = ULONG_MAX;
1549
1550 /*
1551 * Otherwise if the flag was never set but just for this first time then
1552 * remove the referenced logon session data from the token and dereference
1553 * the logon session when needed.
1554 */
1555 if (SessionReference == 0)
1556 {
1559 }
1560
1561 /* Unlock the token */
1563 }
1564 break;
1565 }
1566
1568 {
1569 PTOKEN_AUDIT_POLICY_INFORMATION PolicyInformation =
1570 (PTOKEN_AUDIT_POLICY_INFORMATION)TokenInformation;
1571 SEP_AUDIT_POLICY AuditPolicy;
1573
1574 _SEH2_TRY
1575 {
1576 ProbeForRead(PolicyInformation,
1578 Policies[PolicyInformation->PolicyCount]),
1580
1581 /* Loop all policies in the structure */
1583 {
1584 /* Set the corresponding bits in the packed structure */
1586 {
1589 break;
1590
1593 break;
1594
1597 break;
1598
1601 break;
1602
1605 break;
1606
1609 break;
1610
1613 break;
1614
1617 break;
1618
1621 break;
1622 }
1623 }
1624 }
1626 {
1629 }
1630 _SEH2_END;
1631
1632 /* Check for TCB privilege */
1634 {
1636 break;
1637 }
1638
1639 /* Lock the token */
1641
1642 /* Set the new audit policy */
1643 Token->AuditPolicy = AuditPolicy;
1645
1646 /* Unlock the token */
1648
1649 break;
1650 }
1651
1653 {
1655
1656 _SEH2_TRY
1657 {
1658 /* Copy the token origin */
1660 }
1662 {
1665 }
1666 _SEH2_END;
1667
1668 /* Check for TCB privilege */
1670 {
1672 break;
1673 }
1674
1675 /* Lock the token */
1677
1678 /* Check if there is no token origin set yet */
1680 {
1681 /* Set the token origin */
1682 Token->OriginatingLogonSession =
1683 TokenOrigin.OriginatingLogonSession;
1684
1686 }
1687
1688 /* Unlock the token */
1690
1691 break;
1692 }
1693
1694 default:
1695 {
1697 TokenInformationClass);
1699 break;
1700 }
1701 }
1702Cleanup:
1704 }
1705
1707 {
1709 }
1710
1712}
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
NTSYSAPI BOOLEAN WINAPI RtlCopySid(DWORD, PSID, PSID)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1623
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
Definition: sefuncs.h:319
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:335
static __inline NTSTATUS DefaultSetInfoBufferCheck(_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ PVOID Buffer, _In_ ULONG BufferLength, _In_ KPROCESSOR_MODE PreviousMode)
Probe helper that validates the provided parameters whenever a NtSet*** system call is invoked from u...
Definition: probe.h:70
NTSTATUS NTAPI SepRmRemoveLogonSessionFromToken(_Inout_ PTOKEN Token)
Removes a logon session from an access token.
Definition: srm.c:449
NTSTATUS SepRmDereferenceLogonSession(_Inout_ PLUID LogonLuid)
NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Finds the primary group and default owner entity based on the submitted primary group instance and an...
Definition: token.c:1011
struct _TOKEN_AUDIT_POLICY_INFORMATION * PTOKEN_AUDIT_POLICY_INFORMATION
NTSTATUS SepRebuildDynamicPartOfToken(_In_ PTOKEN Token, _In_ ULONG NewDynamicPartSize)
UCHAR DirectoryServiceAccess
Definition: setypes.h:144
Definition: setypes.h:155
SEP_AUDIT_POLICY_CATEGORIES PolicyElements
Definition: setypes.h:158
Definition: se.h:68
struct _TOKEN_AUDIT_POLICY_INFORMATION::@1883 Policies[1]
Definition: setypes.h:1118
static const INFORMATION_CLASS_INFO SeTokenInformationClass[]
Definition: tokencls.c:19
struct _TOKEN_PRIMARY_GROUP * PTOKEN_PRIMARY_GROUP
struct _TOKEN_DEFAULT_DACL * PTOKEN_DEFAULT_DACL
struct _TOKEN_ORIGIN * PTOKEN_ORIGIN
struct _TOKEN_OWNER * PTOKEN_OWNER
◆ SeCaptureSecurityDescriptor()
| NTKERNELAPI NTSTATUS NTAPI SeCaptureSecurityDescriptor | ( | _In_ PSECURITY_DESCRIPTOR | _OriginalSecurityDescriptor, |
| _In_ KPROCESSOR_MODE | CurrentMode, | ||
| _In_ POOL_TYPE | PoolType, | ||
| _In_ BOOLEAN | CaptureIfKernel, | ||
| _Out_ PSECURITY_DESCRIPTOR * | CapturedSecurityDescriptor | ||
| ) |
Captures a security descriptor.
- Parameters
-
[in] _OriginalSecurityDescriptor An already existing and valid security descriptor to be captured. [in] CurrentMode Processor level access mode. [in] PoolType Pool type to be used when allocating the captured buffer. [in] CaptureIfKernel Set this to TRUE if capturing is done within the kernel. [out] CapturedSecurityDescriptor The captured security descriptor.
- Returns
- Returns STATUS_SUCCESS if the operations have been completed successfully and that the security descriptor has been captured. STATUS_UNKNOWN_REVISION is returned if the security descriptor has an unknown revision. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the captured buffer has failed. A failure NTSTATUS code is returned otherwise.
Definition at line 386 of file sd.c.
392{
393 PISECURITY_DESCRIPTOR OriginalDescriptor = _OriginalSecurityDescriptor;
394 SECURITY_DESCRIPTOR DescriptorCopy;
396 ULONG OwnerSAC = 0, GroupSAC = 0;
401
402 if (!OriginalDescriptor)
403 {
404 /* Nothing to do... */
405 *CapturedSecurityDescriptor = NULL;
407 }
408
409 /* Quick path */
411 {
412 /* Check descriptor version */
414 {
416 }
417
418 *CapturedSecurityDescriptor = _OriginalSecurityDescriptor;
420 }
421
422 _SEH2_TRY
423 {
425 {
426 ProbeForRead(OriginalDescriptor,
429 }
430
431 /* Check the descriptor version */
433 {
435 }
436
438 {
439 /* Get the size of the descriptor */
442
443 /* Probe the entire security descriptor structure. The SIDs
444 * and ACLs will be probed and copied later though */
446 }
447
448 /* Now capture all fields and convert to an absolute descriptor */
457
458 /* Determine owner and group sizes */
463
464 /* Determine the size of the ACLs */
466 {
467 /* Get the size and probe if user mode */
470 }
471
473 {
474 /* Get the size and probe if user mode */
477 }
478 }
480 {
482 }
483 _SEH2_END;
484
485 /*
486 * Allocate enough memory to store a complete copy of a self-relative
487 * security descriptor
488 */
490 DescriptorSize,
491 TAG_SD);
493
498
499 _SEH2_TRY
500 {
501 /*
502 * Setup the offsets and copy the SIDs and ACLs to the new
503 * self-relative security descriptor. Probing the pointers is not
504 * neccessary anymore as we did that when collecting the sizes!
505 * Make sure to validate the SIDs and ACLs *again* as they could have
506 * been modified in the meanwhile!
507 */
509
511 {
515 DescriptorCopy.Owner,
516 OwnerSize);
518 }
519
521 {
525 DescriptorCopy.Group,
526 GroupSize);
528 }
529
531 {
535 DescriptorCopy.Sacl,
536 SaclSize);
538 }
539
541 {
545 DescriptorCopy.Dacl,
546 DaclSize);
548 }
549
550 /* Make sure the size was correct */
552 }
554 {
555 /* We failed to copy the data to the new descriptor */
558 }
559 _SEH2_END;
560
561 /*
562 * We're finally done!
563 * Copy the pointer to the captured descriptor to to the caller.
564 */
565 *CapturedSecurityDescriptor = NewDescriptor;
567}
struct _SECURITY_DESCRIPTOR SECURITY_DESCRIPTOR
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG OwnerSize
Definition: rtlfuncs.h:1622
NTSYSAPI BOOLEAN NTAPI RtlValidAcl(PACL Acl)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG SaclSize
Definition: rtlfuncs.h:1620
DECLSPEC_NORETURN NTSYSAPI VOID NTAPI RtlRaiseStatus(_In_ NTSTATUS Status)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG DaclSize
Definition: rtlfuncs.h:1618
FORCEINLINE PSID SepGetOwnerFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
Definition: se.h:109
FORCEINLINE PSID SepGetGroupFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
Definition: se.h:89
FORCEINLINE PACL SepGetDaclFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
Definition: se.h:129
FORCEINLINE PACL SepGetSaclFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
Definition: se.h:151
static ULONG DetermineSIDSize(_In_ PISID Sid, _Inout_ PULONG OutSAC, _In_ KPROCESSOR_MODE ProcessorMode)
Determines the size of a SID.
Definition: sd.c:290
static ULONG DetermineACLSize(_In_ PACL Acl, _In_ KPROCESSOR_MODE ProcessorMode)
Determines the size of an ACL.
Definition: sd.c:336
Definition: setypes.h:848
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3815
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:30
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
Referenced by NtOpenObjectAuditAlarm(), NtSetSecurityObject(), ObpCaptureObjectCreateInformation(), ProbeAndCaptureObjectAttributes(), SepAccessCheck(), and SepAccessCheckAndAuditAlarm().
◆ SeCreateAccessState()
| NTKERNELAPI NTSTATUS NTAPI SeCreateAccessState | ( | _In_ PACCESS_STATE | AccessState, |
| _In_ PAUX_ACCESS_DATA | AuxData, | ||
| _In_ ACCESS_MASK | Access, | ||
| _In_ PGENERIC_MAPPING | GenericMapping | ||
| ) |
◆ SeDeleteAccessState()
| NTKERNELAPI VOID NTAPI SeDeleteAccessState | ( | _In_ PACCESS_STATE | AccessState | ) |
Deletes an allocated access state from the memory.
- Parameters
-
[in] AccessState A valid access state.
- Returns
- Nothing.
Definition at line 150 of file access.c.
152{
153 PAUX_ACCESS_DATA AuxData;
154 PAGED_CODE();
155
156 /* Get the Auxiliary Data */
157 AuxData = AccessState->AuxData;
158
159 /* Deallocate Privileges */
162
163 /* Deallocate Name and Type Name */
165 {
167 }
168
170 {
172 }
173
174 /* Release the Subject Context */
176}
Definition: setypes.h:257
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:417
Referenced by NtOpenProcess(), NtOpenThread(), ObDuplicateObject(), ObInsertObject(), ObOpenObjectByName(), ObOpenObjectByPointer(), ObReferenceObjectByName(), PspCreateProcess(), PspCreateThread(), and START_TEST().
◆ SeReleaseSecurityDescriptor()
| NTKERNELAPI NTSTATUS NTAPI SeReleaseSecurityDescriptor | ( | _In_ PSECURITY_DESCRIPTOR | CapturedSecurityDescriptor, |
| _In_ KPROCESSOR_MODE | CurrentMode, | ||
| _In_ BOOLEAN | CaptureIfKernelMode | ||
| ) |
Releases a captured security descriptor buffer.
- Parameters
-
[in] CapturedSecurityDescriptor The captured security descriptor to be freed. [in] CurrentMode Processor level access mode. [in] CaptureIfKernelMode Set this to TRUE if the releasing is to be done within the kernel.
- Returns
- Returns STATUS_SUCCESS.
Definition at line 760 of file sd.c.
764{
765 PAGED_CODE();
766
767 /*
768 * WARNING! You need to call this function with the same value for CurrentMode
769 * and CaptureIfKernelMode that you previously passed to
770 * SeCaptureSecurityDescriptor() in order to avoid memory leaks!
771 */
773 (CurrentMode != KernelMode ||
774 (CurrentMode == KernelMode && CaptureIfKernelMode)))
775 {
776 /* Only delete the descriptor when SeCaptureSecurityDescriptor() allocated one! */
778 }
779
781}
Referenced by NtOpenObjectAuditAlarm(), NtSetSecurityObject(), ObInsertObject(), ObpReleaseObjectCreateInformation(), ReleaseCapturedObjectAttributes(), SepAccessCheck(), and SepAccessCheckAndAuditAlarm().
◆ SeTokenImpersonationLevel()
| NTKERNELAPI SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel | ( | _In_ PACCESS_TOKEN | Token | ) |
Gathers the security impersonation level of an access token.
- Returns
- Returns the security impersonation level from a valid token.
Definition at line 2059 of file token.c.
Referenced by PsAssignImpersonationToken().
◆ ZwAccessCheck()
| NTSYSAPI NTSTATUS NTAPI ZwAccessCheck | ( | _In_ PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| _In_ HANDLE | ClientToken, | ||
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ PGENERIC_MAPPING | GenericMapping, | ||
| _Out_writes_bytes_ *PrivilegeSetLength PPRIVILEGE_SET | PrivilegeSet, | ||
| _Out_ PULONG | PrivilegeSetLength, | ||
| _Out_ PACCESS_MASK | GrantedAccess, | ||
| _Out_ PNTSTATUS | AccessStatus | ||
| ) |
◆ ZwAdjustGroupsToken()
| NTSYSAPI NTSTATUS NTAPI ZwAdjustGroupsToken | ( | _In_ HANDLE | TokenHandle, |
| _In_ BOOLEAN | ResetToDefault, | ||
| _In_ PTOKEN_GROUPS | NewState, | ||
| _In_ ULONG | BufferLength, | ||
| _Out_opt_ PTOKEN_GROUPS | PreviousState, | ||
| _Out_ PULONG | ReturnLength | ||
| ) |
◆ ZwAdjustPrivilegesToken()
| _Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI ZwAdjustPrivilegesToken | ( | _In_ HANDLE | TokenHandle, |
| _In_ BOOLEAN | DisableAllPrivileges, | ||
| _In_opt_ PTOKEN_PRIVILEGES | NewState, | ||
| _In_ ULONG | BufferLength, | ||
| _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES | PreviousState, | ||
| _When_(PreviousState !=NULL, _Out_) PULONG | ReturnLength | ||
| ) |
Referenced by RtlAcquirePrivilege(), RtlAdjustPrivilege(), RtlpSysVolTakeOwnership(), RtlReleasePrivilege(), and RtlRemovePrivileges().
◆ ZwAllocateLocallyUniqueId()
Referenced by CreateInitialSystemToken().
◆ ZwAllocateUuids()
| NTSYSAPI NTSTATUS NTAPI ZwAllocateUuids | ( | _Out_ PULARGE_INTEGER | Time, |
| _Out_ PULONG | Range, | ||
| _Out_ PULONG | Sequence, | ||
| _Out_ PUCHAR | Seed | ||
| ) |
◆ ZwCreateToken()
| NTSYSAPI NTSTATUS NTAPI ZwCreateToken | ( | _Out_ PHANDLE | TokenHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ POBJECT_ATTRIBUTES | ObjectAttributes, | ||
| _In_ TOKEN_TYPE | TokenType, | ||
| _In_ PLUID | AuthenticationId, | ||
| _In_ PLARGE_INTEGER | ExpirationTime, | ||
| _In_ PTOKEN_USER | TokenUser, | ||
| _In_ PTOKEN_GROUPS | TokenGroups, | ||
| _In_ PTOKEN_PRIVILEGES | TokenPrivileges, | ||
| _In_ PTOKEN_OWNER | TokenOwner, | ||
| _In_ PTOKEN_PRIMARY_GROUP | TokenPrimaryGroup, | ||
| _In_ PTOKEN_DEFAULT_DACL | TokenDefaultDacl, | ||
| _In_ PTOKEN_SOURCE | TokenSource | ||
| ) |
Referenced by CreateInitialSystemToken().
◆ ZwImpersonateAnonymousToken()
◆ ZwOpenObjectAuditAlarm()
| NTSYSAPI NTSTATUS NTAPI ZwOpenObjectAuditAlarm | ( | _In_ PUNICODE_STRING | SubsystemName, |
| _In_ PVOID | HandleId, | ||
| _In_ PUNICODE_STRING | ObjectTypeName, | ||
| _In_ PUNICODE_STRING | ObjectName, | ||
| _In_ PSECURITY_DESCRIPTOR | SecurityDescriptor, | ||
| _In_ HANDLE | ClientToken, | ||
| _In_ ULONG | DesiredAccess, | ||
| _In_ ULONG | GrantedAccess, | ||
| _In_ PPRIVILEGE_SET | Privileges, | ||
| _In_ BOOLEAN | ObjectCreation, | ||
| _In_ BOOLEAN | AccessGranted, | ||
| _Out_ PBOOLEAN | GenerateOnClose | ||
| ) |
◆ ZwPrivilegeCheck()
| NTSYSAPI NTSTATUS NTAPI ZwPrivilegeCheck | ( | _In_ HANDLE | ClientToken, |
| _In_ PPRIVILEGE_SET | RequiredPrivileges, | ||
| _In_ PBOOLEAN | Result | ||
| ) |
◆ ZwPrivilegedServiceAuditAlarm()
| NTSYSAPI NTSTATUS NTAPI ZwPrivilegedServiceAuditAlarm | ( | _In_ PUNICODE_STRING | SubsystemName, |
| _In_ PUNICODE_STRING | ServiceName, | ||
| _In_ HANDLE | ClientToken, | ||
| _In_ PPRIVILEGE_SET | Privileges, | ||
| _In_ BOOLEAN | AccessGranted | ||
| ) |
◆ ZwPrivilegeObjectAuditAlarm()
| NTSYSAPI NTSTATUS NTAPI ZwPrivilegeObjectAuditAlarm | ( | _In_ PUNICODE_STRING | SubsystemName, |
| _In_ PVOID | HandleId, | ||
| _In_ HANDLE | ClientToken, | ||
| _In_ ULONG | DesiredAccess, | ||
| _In_ PPRIVILEGE_SET | Privileges, | ||
| _In_ BOOLEAN | AccessGranted | ||
| ) |
◆ ZwSetInformationToken()
| NTSYSAPI NTSTATUS NTAPI ZwSetInformationToken | ( | _In_ HANDLE | TokenHandle, |
| _In_ TOKEN_INFORMATION_CLASS | TokenInformationClass, | ||
| _Out_ PVOID | TokenInformation, | ||
| _In_ ULONG | TokenInformationLength | ||
| ) |
Variable Documentation
◆ DesiredAccess
◆ EffectiveOnly
| _Must_inspect_result_ _In_opt_ PACCESS_TOKEN _In_ BOOLEAN _In_ BOOLEAN EffectiveOnly |
Definition at line 410 of file sefuncs.h.
Referenced by GetProcessLuid(), NtCloseObjectAuditAlarm(), NtDuplicateToken(), NtOpenThreadTokenEx(), ObpReferenceDeviceMap(), PsImpersonateClient(), PsReferenceEffectiveToken(), PsReferenceImpersonationToken(), SeCaptureSubjectContextEx(), SeImpersonateClientEx(), SepDuplicateToken(), and SepOpenThreadToken().
◆ HandleAttributes
◆ Length
◆ NewTokenHandle
| _In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle |
Definition at line 412 of file sefuncs.h.
Referenced by CreateRestrictedToken(), NtDuplicateToken(), and NtFilterToken().
◆ ObjectAttributes
| _In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes |
◆ ResultLength
◆ ReturnLength
◆ TokenHandle
◆ TokenInformationClass
| _In_ TOKEN_INFORMATION_CLASS TokenInformationClass |
Definition at line 317 of file sefuncs.h.
Referenced by GetTokenInformation(), NtQueryInformationToken(), NtSetInformationToken(), SeQueryInformationToken(), and SetTokenInformation().
◆ TokenInformationLength
| _In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength |
Definition at line 319 of file sefuncs.h.
Referenced by GetTokenInformation(), NtQueryInformationToken(), NtSetInformationToken(), and SetTokenInformation().
◆ TokenType
| _In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType |
Definition at line 411 of file sefuncs.h.
Referenced by CheckTokenMembership(), CreateProcessAsUserCommon(), DuplicateTokenEx(), GetTokenInformation(), ImpersonateLoggedOnUser(), ImpersonatePrinterClient(), NpFreeClientSecurityContext(), NtCreateToken(), NtDuplicateToken(), NtQueryInformationToken(), PsReferenceEffectiveToken(), QueryTokenTypeTests(), SeCreateClientSecurity(), SepCreateClientSecurity(), SepCreateToken(), SepDuplicateToken(), SeQueryInformationToken(), SetTokenInformation(), test_CreateRestrictedToken(), TestsSeQueryInformationToken(), validate_impersonation_token(), and WhoamiGetTokenInfo().
