#include <umtypes.h>
Include dependency graph for sefuncs.h:
This graph shows which files directly or indirectly include this file:
Go to the source code of this file.
Function Documentation
◆ _IRQL_requires_max_()
| _IRQL_requires_max_ | ( | PASSIVE_LEVEL | ) |
Queries information details about a security descriptor.
Computes the quota size of a security descriptor.
Assigns a security descriptor for a new object.
An extended function that assigns a security descriptor for a new object.
Frees a security descriptor.
An extended function that sets new information data to a security descriptor.
Modifies some information data about a security descriptor.
- Parameters
-
[in] SecurityInformation Security information details to be queried from a security descriptor. [out] SecurityDescriptor The returned security descriptor with security information data. [in,out] Length The returned length of a security descriptor. [in,out] ObjectsSecurityDescriptor The returned object security descriptor.
- Returns
- Returns STATUS_SUCCESS if the operations have been completed successfully and that the specific information about the security descriptor has been queried. STATUS_BUFFER_TOO_SMALL is returned if the buffer size is too small to contain the queried info about the security descriptor.
- Parameters
-
[in] Object If specified, the function will use this arbitrary object that points to an object security descriptor. [in] SecurityInformation Security information details to be set. [in] SecurityDescriptor A security descriptor where its info is to be changed. [in,out] ObjectsSecurityDescriptor The returned pointer to security descriptor objects. [in] PoolType Pool type for the new security descriptor to allocate. [in] GenericMapping The generic mapping of access rights masks.
- Returns
- See SeSetSecurityDescriptorInfoEx.
- Parameters
-
[in] Object If specified, the function will use this arbitrary object that points to an object security descriptor. [in] SecurityInformation Security information details to be set. [in] SecurityDescriptor A security descriptor where its info is to be changed. [in,out] ObjectsSecurityDescriptor The returned pointer to security descriptor objects. [in] AutoInheritFlags Flags bitmask inheritation, influencing how the security descriptor can be inherited and if it can be in the first place. [in] PoolType Pool type for the new security descriptor to allocate. [in] GenericMapping The generic mapping of access rights masks.
- Returns
- Returns STATUS_SUCCESS if the operations have been completed without problems and that new info has been set to the security descriptor. STATUS_NO_SECURITY_ON_OBJECT is returned if the object does not have a security descriptor. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the new security descriptor with new info set has failed.
- Parameters
-
[in] SecurityDescriptor A security descriptor to be freed from memory.
- Returns
- Returns STATUS_SUCCESS.
- Parameters
-
[in] _ParentDescriptor A security descriptor of the parent object that is being created. [in] _ExplicitDescriptor An explicit security descriptor that is applied to a new object. [out] NewDescriptor The new allocated security descriptor. [in] ObjectType The type of the new object. [in] IsDirectoryObject Set this to TRUE if the newly created object is a directory object, otherwise set this to FALSE. [in] AutoInheritFlags Automatic inheritance flags that influence how access control entries within ACLs from security descriptors are inherited. [in] SubjectContext Security subject context of the new object. [in] GenericMapping Generic mapping of access mask rights. [in] PoolType This parameter is unused.
- Returns
- Returns STATUS_SUCCESS if the operations have been completed successfully and that the security descriptor has been assigned to the new object. STATUS_NO_TOKEN is returned if the caller hasn't supplied a valid argument to a security subject context. STATUS_INVALID_OWNER is returned if the caller hasn't supplied a parent descriptor that belongs to the main user (owner). STATUS_INVALID_PRIMARY_GROUP is returned by the same reason as with the previous NTSTATUS code. The two NTSTATUS codes are returned if the calling thread stated that the owner and/or group is defaulted to the parent descriptor (SEF_DEFAULT_OWNER_FROM_PARENT and/or SEF_DEFAULT_GROUP_FROM_PARENT respectively). STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the descriptor buffer has failed. A failure NTSTATUS is returned otherwise.
- Parameters
-
[in] ParentDescriptor A security descriptor of the parent object that is being created. [in] ExplicitDescriptor An explicit security descriptor that is applied to a new object. [out] NewDescriptor The new allocated security descriptor. [in] IsDirectoryObject Set this to TRUE if the newly created object is a directory object, otherwise set this to FALSE. [in] SubjectContext Security subject context of the new object. [in] GenericMapping Generic mapping of access mask rights. [in] PoolType This parameter is unused.
- Returns
- See SeAssignSecurityEx.
- Parameters
-
[in] SecurityDescriptor A security descriptor. [out] QuotaInfoSize The returned quota size of the given security descriptor to the caller. The function may return 0 to this parameter if the descriptor doesn't have a group or a discretionary access control list (DACL) even.
- Returns
- Returns STATUS_SUCCESS if the quota size of a security descriptor has been computed successfully. STATUS_UNKNOWN_REVISION is returned if the security descriptor has an invalid revision.
Definition at line 64 of file Messaging.c.
Definition: ketypes.h:11
ULONG FltpObjectPointerReference(_In_ PFLT_OBJECT Object)
Definition: Object.c:322
NTSTATUS NTAPI ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL, IN POBJECT_TYPE Type, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object)
Definition: oblife.c:951
Definition: fltmgrint.h:25
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY DisconnectNotifyCallback
Definition: fltkernel.h:1872
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY ConnectNotifyCallback
Definition: fltkernel.h:1872
Definition: fltmgrint.h:188
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2935
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID ServerPortCookie
Definition: fltkernel.h:1872
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY _In_ LONG MaxConnections
Definition: fltkernel.h:1872
Definition: nsiface.idl:2306
PFLT_DISCONNECT_NOTIFY DisconnectNotify
Definition: fltmgrint.h:192
_Must_inspect_result_ _Outptr_ PFLT_PORT _In_ POBJECT_ATTRIBUTES _In_opt_ PVOID _In_ PFLT_CONNECT_NOTIFY _In_ PFLT_DISCONNECT_NOTIFY _In_opt_ PFLT_MESSAGE_NOTIFY MessageNotifyCallback
Definition: fltkernel.h:1872
◆ _Out_writes_bytes_to_opt_() [1/2]
| _In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ | ( | TokenInformationLength | , |
| * | ReturnLength | ||
| ) |
◆ _Out_writes_bytes_to_opt_() [2/2]
| _In_ TOKEN_INFORMATION_CLASS _Out_writes_bytes_to_opt_ | ( | Length | , |
| * | ResultLength | ||
| ) |
◆ _When_()
| _When_ | ( | TokenInformationClass | = = TokenAccessInformation, |
| _At_(TokenInformationLength, _In_range_(>=, sizeof(TOKEN_ACCESS_INFORMATION))) | |||
| ) |
◆ NtAccessCheck()
| NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheck | ( | _In_ PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| _In_ HANDLE | ClientToken, | ||
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ PGENERIC_MAPPING | GenericMapping, | ||
| _Out_ PPRIVILEGE_SET | PrivilegeSet, | ||
| _Out_ PULONG | ReturnLength, | ||
| _Out_ PACCESS_MASK | GrantedAccess, | ||
| _Out_ PNTSTATUS | AccessStatus | ||
| ) |
◆ NtAccessCheckAndAuditAlarm()
| _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm | ( | _In_ PUNICODE_STRING | SubsystemName, |
| _In_opt_ PVOID | HandleId, | ||
| _In_ PUNICODE_STRING | ObjectTypeName, | ||
| _In_ PUNICODE_STRING | ObjectName, | ||
| _In_ PSECURITY_DESCRIPTOR | SecurityDescriptor, | ||
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ PGENERIC_MAPPING | GenericMapping, | ||
| _In_ BOOLEAN | ObjectCreation, | ||
| _Out_ PACCESS_MASK | GrantedAccess, | ||
| _Out_ PNTSTATUS | AccessStatus, | ||
| _Out_ PBOOLEAN | GenerateOnClose | ||
| ) |
Raises an alarm audit message when a caller attempts to access an object and determine if the access can be made.
- Parameters
-
[in] SubsystemName A Unicode string that points to a name of the subsystem. [in] HandleId A handle to an ID that is used as identification instance for auditing. [in] ObjectTypeName The name of the object type. [in] ObjectName The object name. [in] SecurityDescriptor A security descriptor. [in] DesiredAccess The desired access rights masks requested by the caller. [in] GenericMapping The generic mapping of access mask rights. [in] ObjectCreation Set this to TRUE if the object has just been created. [out] GrantedAccess Returns the granted access rights. [out] AccessStatus Returns a NTSTATUS status code indicating whether access check can be granted or not. [out] GenerateOnClose Returns TRUE if the function has generated a list of granted access rights and status codes on termination, FALSE otherwise.
- Returns
- See SepAccessCheckAndAuditAlarm.
Definition at line 2125 of file audit.c.
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
Definition: setypes.h:864
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
_Must_inspect_result_ NTSTATUS NTAPI SepAccessCheckAndAuditAlarm(_In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PHANDLE ClientTokenHandle, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ ACCESS_MASK DesiredAccess, _In_ AUDIT_EVENT_TYPE AuditType, _In_ ULONG Flags, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccessList, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatusList, _Out_ PBOOLEAN GenerateOnClose, _In_ BOOLEAN UseResultList)
Performs security auditing, if the specific object can be granted security access or not.
Definition: audit.c:614
◆ NtAccessCheckByType()
| NTSTATUS NTAPI NtAccessCheckByType | ( | _In_ PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| _In_ PSID | PrincipalSelfSid, | ||
| _In_ HANDLE | ClientToken, | ||
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ POBJECT_TYPE_LIST | ObjectTypeList, | ||
| _In_ ULONG | ObjectTypeLength, | ||
| _In_ PGENERIC_MAPPING | GenericMapping, | ||
| _In_ PPRIVILEGE_SET | PrivilegeSet, | ||
| _Inout_ PULONG | PrivilegeSetLength, | ||
| _Out_ PACCESS_MASK | GrantedAccess, | ||
| _Out_ PNTSTATUS | AccessStatus | ||
| ) |
Determines whether security access could be granted or not on an object by the requestor who wants such access through type.
- Parameters
-
[in] SecurityDescriptor A security descriptor with information data for auditing. [in] PrincipalSelfSid A principal self user SID. [in] ClientToken A client access token. [in] DesiredAccess The desired access masks rights requested by the caller. [in] ObjectTypeList A list of object types. [in] ObjectTypeLength The length size of the list. [in] GenericMapping The generic mapping list of access masks rights. [in] PrivilegeSet An array set of privileges. [in,out] PrivilegeSetLength The length size of the array set of privileges. [out] GrantedAccess The returned granted access rights. [out] AccessStatus The returned NTSTATUS code indicating the final results of auditing.
- Returns
- To be added...
Definition at line 1454 of file accesschk.c.
◆ NtAccessCheckByTypeResultList()
| NTSTATUS NTAPI NtAccessCheckByTypeResultList | ( | _In_ PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| _In_ PSID | PrincipalSelfSid, | ||
| _In_ HANDLE | ClientToken, | ||
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ POBJECT_TYPE_LIST | ObjectTypeList, | ||
| _In_ ULONG | ObjectTypeLength, | ||
| _In_ PGENERIC_MAPPING | GenericMapping, | ||
| _In_ PPRIVILEGE_SET | PrivilegeSet, | ||
| _Inout_ PULONG | PrivilegeSetLength, | ||
| _Out_ PACCESS_MASK | GrantedAccess, | ||
| _Out_ PNTSTATUS | AccessStatus | ||
| ) |
Determines whether security access could be granted or not on an object by the requestor who wants such access through type list.
- Parameters
-
[in] SecurityDescriptor A security descriptor with information data for auditing. [in] PrincipalSelfSid A principal self user SID. [in] ClientToken A client access token. [in] DesiredAccess The desired access masks rights requested by the caller. [in] ObjectTypeList A list of object types. [in] ObjectTypeLength The length size of the list. [in] GenericMapping The generic mapping list of access masks rights. [in] PrivilegeSet An array set of privileges. [in,out] PrivilegeSetLength The length size of the array set of privileges. [out] GrantedAccess The returned granted access rights. [out] AccessStatus The returned NTSTATUS code indicating the final results of auditing.
- Returns
- To be added...
Definition at line 1516 of file accesschk.c.
◆ NtAdjustGroupsToken()
| _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken | ( | _In_ HANDLE | TokenHandle, |
| _In_ BOOLEAN | ResetToDefault, | ||
| _In_opt_ PTOKEN_GROUPS | NewState, | ||
| _In_opt_ ULONG | BufferLength, | ||
| _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_GROUPS | PreviousState, | ||
| _When_(PreviousState !=NULL, _Out_) PULONG | ReturnLength | ||
| ) |
◆ NtAdjustPrivilegesToken()
| _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken | ( | _In_ HANDLE | TokenHandle, |
| _In_ BOOLEAN | DisableAllPrivileges, | ||
| _In_opt_ PTOKEN_PRIVILEGES | NewState, | ||
| _In_ ULONG | BufferLength, | ||
| _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES | PreviousState, | ||
| _When_(PreviousState !=NULL, _Out_) PULONG | ReturnLength | ||
| ) |
◆ NtAllocateLocallyUniqueId()
| NTSYSCALLAPI NTSTATUS NTAPI NtAllocateLocallyUniqueId | ( | _Out_ LUID * | LocallyUniqueId | ) |
◆ NtAllocateUuids()
| NTSYSCALLAPI NTSTATUS NTAPI NtAllocateUuids | ( | _Out_ PULARGE_INTEGER | Time, |
| _Out_ PULONG | Range, | ||
| _Out_ PULONG | Sequence, | ||
| _Out_ PUCHAR | Seed | ||
| ) |
◆ NtCompareTokens()
| NTSYSCALLAPI NTSTATUS NTAPI NtCompareTokens | ( | _In_ HANDLE | FirstTokenHandle, |
| _In_ HANDLE | SecondTokenHandle, | ||
| _Out_ PBOOLEAN | Equal | ||
| ) |
Compares tokens if they're equal or not.
- Parameters
-
[in] FirstToken The first token. [in] SecondToken The second token. [out] Equal The retrieved value which determines if the tokens are equal or not.
- Returns
- Returns STATUS_SUCCESS, otherwise it returns a failure NTSTATUS code.
Definition at line 2310 of file token.c.
Definition: ketypes.h:11
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
static NTSTATUS SepCompareTokens(_In_ PTOKEN FirstToken, _In_ PTOKEN SecondToken, _Out_ PBOOLEAN Equal)
Compares tokens if they're equal based on all the following properties. If all of the said conditions...
Definition: token.c:243
Definition: nsiface.idl:2306
Definition: fatprocs.h:1886
Definition: setypes.h:215
Referenced by START_TEST().
◆ NtCreateToken()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCreateToken | ( | _Out_ PHANDLE | TokenHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_opt_ POBJECT_ATTRIBUTES | ObjectAttributes, | ||
| _In_ TOKEN_TYPE | TokenType, | ||
| _In_ PLUID | AuthenticationId, | ||
| _In_ PLARGE_INTEGER | ExpirationTime, | ||
| _In_ PTOKEN_USER | TokenUser, | ||
| _In_ PTOKEN_GROUPS | TokenGroups, | ||
| _In_ PTOKEN_PRIVILEGES | TokenPrivileges, | ||
| _In_opt_ PTOKEN_OWNER | TokenOwner, | ||
| _In_ PTOKEN_PRIMARY_GROUP | TokenPrimaryGroup, | ||
| _In_opt_ PTOKEN_DEFAULT_DACL | TokenDefaultDacl, | ||
| _In_ PTOKEN_SOURCE | TokenSource | ||
| ) |
Creates an access token.
- Parameters
-
[out] TokenHandle The returned created token handle to the caller. [in] DesiredAccess The desired access rights for the token that we're creating. [in] ObjectAttributes The object attributes for the token object that we're creating. [in] TokenType The type of token to assign for the newly created token. [in] AuthenticationId Authentication ID that represents the token's identity. [in] ExpirationTime Expiration time for the token. If set to -1, the token never expires. [in] TokenUser The main user entity for the token to assign. [in] TokenGroups Group list of SIDs for the token to assign. [in] TokenPrivileges Privileges for the token. [in] TokenOwner The main user that owns the newly created token. [in] TokenPrimaryGroup The primary group that represents as the main group of the token. [in] TokenDefaultDacl Discretionary access control list for the token. This limits on how the token can be used, accessed and used by whom. [in] TokenSource The source origin of the token who creates it.
- Returns
- Returns STATUS_SUCCESS if the function has successfully created the token. A failure NTSTATUS code is returned otherwise.
Definition at line 1554 of file tokenlif.c.
Definition: setypes.h:962
Definition: setypes.h:73
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
Definition: setypes.h:1031
Definition: ketypes.h:866
Definition: setypes.h:1009
Definition: ms-dtyp.idl:198
VOID NTAPI SepReleaseAcl(_In_ PACL CapturedAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) a captured ACL from the memory pool.
Definition: acl.c:464
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID with attributes.
Definition: sid.c:994
Definition: setypes.h:968
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Src, _In_ ULONG PrivilegeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_ PLUID_AND_ATTRIBUTES AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PLUID_AND_ATTRIBUTES *Dest, _Inout_ PULONG Length)
Definition: setypes.h:1018
Definition: umtypes.h:181
Definition: ms-dtyp.idl:293
NTSTATUS NTAPI SepCaptureSid(_In_ PSID InputSid, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID *CapturedSid)
Captures a SID.
Definition: sid.c:314
Definition: setypes.h:1027
Definition: ketypes.h:11
VOID NTAPI SepReleaseSid(_In_ PSID CapturedSid, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID.
Definition: sid.c:400
Definition: imports.h:273
Definition: devicetopology.idl:136
NTSTATUS NTAPI SepCaptureAcl(_In_ PACL InputAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PACL *CapturedAcl)
Captures an access control list from an already valid input ACL.
Definition: acl.c:352
Definition: setypes.h:966
Definition: setypes.h:963
Definition: setypes.h:1023
VOID NTAPI SeReleaseLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Privilege, _In_ KPROCESSOR_MODE PreviousMode, _In_ BOOLEAN CaptureIfKernel)
Releases a LUID with attributes structure.
Definition: priv.c:554
Definition: setypes.h:502
Definition: lsa.idl:63
Definition: setypes.h:965
Definition: setypes.h:964
Definition: setypes.h:1005
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
Captures a SID with attributes.
Definition: sid.c:711
Definition: ketypes.h:867
Definition: imports.h:277
NTSTATUS NTAPI SepCreateToken(_Out_ PHANDLE TokenHandle, _In_ KPROCESSOR_MODE PreviousMode, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PSID_AND_ATTRIBUTES User, _In_ ULONG GroupCount, _In_ PSID_AND_ATTRIBUTES Groups, _In_ ULONG GroupsLength, _In_ ULONG PrivilegeCount, _In_ PLUID_AND_ATTRIBUTES Privileges, _In_opt_ PSID Owner, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl, _In_ PTOKEN_SOURCE TokenSource, _In_ BOOLEAN SystemToken)
Internal function responsible for access token object creation in the kernel. A fully created token o...
Definition: tokenlif.c:97
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
Definition: typedefs.h:102
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
Definition: priv.c:744
Definition: setypes.h:967
Definition: imports.h:274
Definition: nsiface.idl:2306
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:401
Referenced by LsapLogonUser().
◆ NtDuplicateToken()
| _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken | ( | _In_ HANDLE | ExistingTokenHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_opt_ POBJECT_ATTRIBUTES | ObjectAttributes, | ||
| _In_ BOOLEAN | EffectiveOnly, | ||
| _In_ TOKEN_TYPE | TokenType, | ||
| _Out_ PHANDLE | NewTokenHandle | ||
| ) |
Duplicates a token.
- Parameters
-
[in] ExistingTokenHandle An existing token to duplicate. [in] DesiredAccess The desired access rights for the new duplicated token. [in] ObjectAttributes Object attributes for the new duplicated token. [in] EffectiveOnly If set to TRUE, the function removes all the disabled privileges and groups of the token to duplicate. [in] TokenType Type of token to assign to the duplicated token. [out] NewTokenHandle The returned duplicated token handle.
- Returns
- STATUS_SUCCESS is returned if token duplication has completed successfully. STATUS_BAD_IMPERSONATION_LEVEL is returned if the caller erroneously wants to raise the impersonation level even though the conditions do not permit it. A failure NTSTATUS code is returned otherwise.
- Remarks
- Some sources claim 4th param is ImpersonationLevel, but on W2K this is certainly NOT true, although I can't say for sure that EffectiveOnly is correct either. -Gunnar This is true. EffectiveOnly overrides SQOS.EffectiveOnly. - IAI NOTE for readers: http://hex.pp.ua/nt/NtDuplicateToken.php is therefore wrong in that regard, while MSDN documentation is correct.
Definition at line 1865 of file tokenlif.c.
Definition: lsa.idl:57
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
Definition: iotypes.h:179
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
Definition: ketypes.h:11
Definition: lsa.idl:55
Definition: imports.h:273
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
Definition: sefuncs.h:401
_In_ ACCESS_MASK _In_opt_ POBJECT_TYPE _In_ KPROCESSOR_MODE _Out_ PVOID _Out_opt_ POBJECT_HANDLE_INFORMATION HandleInformation
Definition: obfuncs.h:40
Definition: lsa.idl:63
VOID NTAPI SepReleaseSecurityQualityOfService(_In_opt_ PSECURITY_QUALITY_OF_SERVICE CapturedSecurityQualityOfService, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) the captured SQOS data from an object in the memory pool.
Definition: sqos.c:225
Definition: ketypes.h:867
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2935
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
Definition: imports.h:274
NTSTATUS NTAPI SepDuplicateToken(_In_ PTOKEN Token, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _In_ SECURITY_IMPERSONATION_LEVEL Level, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *NewAccessToken)
Duplicates an access token, from an existing valid token.
Definition: tokenlif.c:471
Definition: tokenizer.hpp:27
Definition: nsiface.idl:2306
NTSTATUS NTAPI SepCaptureSecurityQualityOfService(_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_QUALITY_OF_SERVICE *CapturedSecurityQualityOfService, _Out_ PBOOLEAN Present)
Captures the security quality of service data given the object attributes from an object.
Definition: sqos.c:52
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN EffectiveOnly
Definition: sefuncs.h:401
Definition: setypes.h:215
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:401
◆ NtFilterToken()
| _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtFilterToken | ( | _In_ HANDLE | ExistingTokenHandle, |
| _In_ ULONG | Flags, | ||
| _In_opt_ PTOKEN_GROUPS | SidsToDisable, | ||
| _In_opt_ PTOKEN_PRIVILEGES | PrivilegesToDelete, | ||
| _In_opt_ PTOKEN_GROUPS | RestrictedSids, | ||
| _Out_ PHANDLE | NewTokenHandle | ||
| ) |
Creates an access token in a restricted form from the original existing token, that is, such action is called filtering.
- Parameters
-
[in] ExistingTokenHandle A handle to an access token which is to be filtered. [in] Flags Privilege flag options. This parameter argument influences how the token's privileges are filtered. For further details see remarks. [in] SidsToDisable Array of SIDs to disable. The action of doing so assigns the SE_GROUP_USE_FOR_DENY_ONLY attribute to the respective group SID and takes away SE_GROUP_ENABLED and SE_GROUP_ENABLED_BY_DEFAULT. This parameter can be NULL. This can be a UM pointer. [in] PrivilegesToDelete Array of privileges to delete. The function will walk within this array to determine if the specified privileges do exist in the access token. Any missing privileges gets ignored. This parameter can be NULL. This can be a UM pointer. [in] RestrictedSids An array list of restricted groups SID to be added in the access token. A token that is already restricted the newly added restricted SIDs are redundant information in addition to the existing restricted SIDs in the token. This parameter can be NULL. This can be a UM pointer. [out] NewTokenHandle A new handle to the restricted (filtered) access token. This can be a UM pointer.
- Returns
- Returns STATUS_SUCCESS if the routine has successfully filtered the access token. STATUS_INVALID_PARAMETER is returned if one or more parameters are not valid (see SepPerformTokenFiltering routine call for more information). A failure NTSTATUS code is returned otherwise.
- Remarks
- The Flags parameter determines the final outcome of how the privileges in an access token are filtered. This parameter can take these supported values (these can be combined):
0 – Filter the token's privileges in the usual way. The function expects that the caller MUST PROVIDE a valid array list of privileges to be deleted (that is, PrivilegesToDelete MUSTN'T BE NULL).
DISABLE_MAX_PRIVILEGE – Disables (deletes) all the privileges except SeChangeNotifyPrivilege in the new access token. Bear in mind if this flag is specified the routine ignores PrivilegesToDelete.
SANDBOX_INERT – Stores the TOKEN_SANDBOX_INERT token flag within the access token.
LUA_TOKEN – The newly filtered access token is a LUA token. This flag is not supported in Windows Server 2003.
WRITE_RESTRICTED – The newly filtered token has the restricted SIDs that are considered only when evaluating write access onto the token. This value is not supported in Windows Server 2003.
Definition at line 2071 of file tokenlif.c.
Definition: setypes.h:73
static NTSTATUS SepPerformTokenFiltering(_In_ PTOKEN Token, _In_opt_ PLUID_AND_ATTRIBUTES PrivilegesToBeDeleted, _In_opt_ PSID_AND_ATTRIBUTES SidsToBeDisabled, _In_opt_ PSID_AND_ATTRIBUTES RestrictedSidsIntoToken, _When_(PrivilegesToBeDeleted !=NULL, _In_) ULONG PrivilegesCount, _When_(SidsToBeDisabled !=NULL, _In_) ULONG RegularGroupsSidCount, _When_(RestrictedSidsIntoToken !=NULL, _In_) ULONG RestrictedSidsCount, _In_ ULONG PrivilegeFlags, _In_ KPROCESSOR_MODE PreviousMode, _Out_ PTOKEN *FilteredToken)
Private helper function responsible for creating a restricted access token, that is,...
Definition: tokenlif.c:855
Definition: setypes.h:1009
VOID NTAPI SeReleaseSidAndAttributesArray(_In_ _Post_invalid_ PSID_AND_ATTRIBUTES CapturedSidAndAttributes, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID with attributes.
Definition: sid.c:994
NTSTATUS NTAPI SeCaptureLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Src, _In_ ULONG PrivilegeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_ PLUID_AND_ATTRIBUTES AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PLUID_AND_ATTRIBUTES *Dest, _Inout_ PULONG Length)
Definition: setypes.h:1018
Definition: iotypes.h:179
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle
Definition: sefuncs.h:401
VOID NTAPI SeReleaseLuidAndAttributesArray(_In_ PLUID_AND_ATTRIBUTES Privilege, _In_ KPROCESSOR_MODE PreviousMode, _In_ BOOLEAN CaptureIfKernel)
Releases a LUID with attributes structure.
Definition: priv.c:554
Definition: setypes.h:502
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
NTSTATUS NTAPI SeCaptureSidAndAttributesArray(_In_ PSID_AND_ATTRIBUTES SrcSidAndAttributes, _In_ ULONG AttributeCount, _In_ KPROCESSOR_MODE PreviousMode, _In_opt_ PVOID AllocatedMem, _In_ ULONG AllocatedLength, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID_AND_ATTRIBUTES *CapturedSidAndAttributes, _Out_ PULONG ResultLength)
Captures a SID with attributes.
Definition: sid.c:711
Definition: ketypes.h:867
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
Definition: obhandle.c:2935
Definition: tokenizer.hpp:27
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG _Out_ PULONG ResultLength
Definition: wdfdevice.h:3776
Definition: nsiface.idl:2306
Definition: setypes.h:215
◆ NtImpersonateAnonymousToken()
| NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken | ( | _In_ HANDLE | ThreadHandle | ) |
Allows the calling thread to impersonate the system's anonymous logon token.
- Parameters
-
[in] ThreadHandle A handle to the thread to start the procedure of logon token impersonation. The thread must have the THREAD_IMPERSONATE access right.
- Returns
- Returns STATUS_SUCCESS if the thread has successfully impersonated the anonymous logon token, otherwise a failure NTSTATUS code is returned.
- Remarks
- By default the system gives the opportunity to the caller to impersonate the anonymous logon token without including the Everyone Group SID. In cases where the caller wants to impersonate the token including such group, the EveryoneIncludesAnonymous registry value setting has to be set to 1, from HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry path. The calling thread must invoke PsRevertToSelf when impersonation is no longer needed or RevertToSelf if the calling execution is done in user mode.
Definition at line 2419 of file token.c.
2438 DPRINT1("NtImpersonateAnonymousToken(): Failed to reference the object (Status 0x%lx)\n", Status);
2446 DPRINT1("NtImpersonateAnonymousToken(): Failed to impersonate the token (Status 0x%lx)\n", Status);
static NTSTATUS SepImpersonateAnonymousToken(_In_ PETHREAD Thread, _In_ KPROCESSOR_MODE PreviousMode)
Private function that impersonates the system's anonymous logon token. The major bulk of the imperson...
Definition: token.c:334
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
Definition: pstypes.h:1101
Definition: nsiface.idl:2306
◆ NtOpenObjectAuditAlarm()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm | ( | _In_ PUNICODE_STRING | SubsystemName, |
| _In_opt_ PVOID | HandleId, | ||
| _In_ PUNICODE_STRING | ObjectTypeName, | ||
| _In_ PUNICODE_STRING | ObjectName, | ||
| _In_opt_ PSECURITY_DESCRIPTOR | SecurityDescriptor, | ||
| _In_ HANDLE | ClientTokenHandle, | ||
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ ACCESS_MASK | GrantedAccess, | ||
| _In_opt_ PPRIVILEGE_SET | PrivilegeSet, | ||
| _In_ BOOLEAN | ObjectCreation, | ||
| _In_ BOOLEAN | AccessGranted, | ||
| _Out_ PBOOLEAN | GenerateOnClose | ||
| ) |
Raises an alarm audit message when an object is about to be opened.
- Parameters
-
[in] SubsystemName A Unicode string that points to a name of the subsystem. [in] HandleId A handle to an ID used for identification instance for auditing. [in] ObjectTypeName A Unicode string that points to an object type name. [in] ObjectName The name of the object. [in] SecurityDescriptor A security descriptor. [in] ClientTokenHandle A handle to a client access token. [in] DesiredAccess The desired access rights masks requested by the caller. [in] GrantedAccess The granted access mask rights. [in] PrivilegeSet If specified, the function will use this set of privileges to audit. [in] ObjectCreation Set this to TRUE if the object has just been created. [in] AccessGranted Set this to TRUE if the access attempt was deemed as granted. [out] GenerateOnClose A boolean flag returned to the caller once audit generation procedure finishes.
- Returns
- Returns STATUS_SUCCESS if all the operations have been completed successfully. STATUS_PRIVILEGE_NOT_HELD is returned if the given subject context does not hold the required audit privilege to actually begin auditing in the first place. STATUS_BAD_IMPERSONATION_LEVEL is returned if the security impersonation level of the client token is not on par with the impersonation level that alllows impersonation. STATUS_INVALID_PARAMETER is returned if the caller has submitted a bogus set of privileges as such array set exceeds the maximum count of privileges that the kernel can accept. A failure NTSTATUS code is returned otherwise.
Definition at line 1622 of file audit.c.
static __inline NTSTATUS ProbeAndCaptureUnicodeString(OUT PUNICODE_STRING Dest, IN KPROCESSOR_MODE CurrentMode, IN const UNICODE_STRING *UnsafeSrc)
Definition: probe.h:142
Definition: ms-dtyp.idl:301
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
Definition: security.c:77
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2238
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
Definition: setypes.h:85
Definition: ketypes.h:11
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
VOID NTAPI ProbeForWrite(IN PVOID Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:143
Definition: lsa.idl:56
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
static __inline VOID ReleaseCapturedUnicodeString(IN PUNICODE_STRING CapturedString, IN KPROCESSOR_MODE CurrentMode)
Definition: probe.h:239
Definition: ketypes.h:12
NTSTATUS NTAPI SeCaptureSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR _OriginalSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor)
Captures a security descriptor.
Definition: sd.c:386
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN _In_ KPROCESSOR_MODE _In_opt_ GUID _Out_ PBOOLEAN GenerateOnClose
Definition: sefuncs.h:414
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
NTSTATUS NTAPI SeReleaseSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, _In_ KPROCESSOR_MODE CurrentMode, _In_ BOOLEAN CaptureIfKernelMode)
Releases a captured security descriptor buffer.
Definition: sd.c:760
Definition: ketypes.h:867
Definition: env_spec_w32.h:368
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
Definition: subject.c:85
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:414
BOOLEAN NTAPI SeCheckAuditPrivilege(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ KPROCESSOR_MODE PreviousMode)
Checks a single privilege and performs an audit against a privileged service based on a security subj...
Definition: priv.c:360
Definition: setypes.h:217
Definition: imports.h:274
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
Definition: subject.c:171
Definition: nsiface.idl:2306
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
Definition: sefuncs.h:13
Definition: setypes.h:215
VOID NTAPI SepOpenObjectAuditAlarm(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ PUNICODE_STRING ObjectTypeName, _In_ PUNICODE_STRING ObjectName, _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PTOKEN ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_ ACCESS_MASK GrantedAccess, _In_opt_ PPRIVILEGE_SET Privileges, _In_ BOOLEAN ObjectCreation, _In_ BOOLEAN AccessGranted, _Out_ PBOOLEAN GenerateOnClose)
Raises an alarm audit message when an object is about to be opened.
Definition: audit.c:1535
◆ NtOpenProcessTokenEx()
| NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx | ( | _In_ HANDLE | ProcessHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ ULONG | HandleAttributes, | ||
| _Out_ PHANDLE | TokenHandle | ||
| ) |
◆ NtPrivilegeCheck()
| _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck | ( | _In_ HANDLE | ClientToken, |
| _Inout_ PPRIVILEGE_SET | RequiredPrivileges, | ||
| _Out_ PBOOLEAN | Result | ||
| ) |
◆ NtPrivilegedServiceAuditAlarm()
| NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm | ( | _In_ PUNICODE_STRING | SubsystemName, |
| _In_ PUNICODE_STRING | ServiceName, | ||
| _In_ HANDLE | ClientToken, | ||
| _In_ PPRIVILEGE_SET | Privileges, | ||
| _In_ BOOLEAN | AccessGranted | ||
| ) |
◆ NtPrivilegeObjectAuditAlarm()
| __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm | ( | _In_ PUNICODE_STRING | SubsystemName, |
| _In_opt_ PVOID | HandleId, | ||
| _In_ HANDLE | ClientToken, | ||
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ PPRIVILEGE_SET | Privileges, | ||
| _In_ BOOLEAN | AccessGranted | ||
| ) |
◆ NtSetInformationToken()
| _Must_inspect_result_ __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken | ( | _In_ HANDLE | TokenHandle, |
| _In_ TOKEN_INFORMATION_CLASS | TokenInformationClass, | ||
| _In_reads_bytes_(TokenInformationLength) PVOID | TokenInformation, | ||
| _In_ ULONG | TokenInformationLength | ||
| ) |
Sets (modifies) some specific information in regard of an access token. The calling thread must have specific access rights in order to modify token's information data.
@unimplemented
- Parameters
-
[in] TokenHandle A handle of a token where information is to be modified. [in] TokenInformationClass Token information class. [in] TokenInformation An arbitrary pointer to a buffer with token information to set. Such arbitrary buffer depends on the information class chosen that the caller wants to modify such information data of a token. [in] TokenInformationLength Length of the token information buffer, in bytes.
- Returns
- Returns STATUS_SUCCESS if information setting has completed successfully. STATUS_INFO_LENGTH_MISMATCH is returned if the information length of the buffer is less than the required length. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation has failed. STATUS_PRIVILEGE_NOT_HELD is returned if the calling thread hasn't the required privileges to perform the operation in question. A failure NTSTATUS code is returned otherwise.
- Remarks
- The function is partly implemented, mainly TokenOrigin.
Definition at line 1125 of file tokencls.c.
1269 DPRINT1("NtSetInformationToken(): Couldn't assign new primary group, space exceeded (current length %u, new length %lu)\n",
1393 DPRINT1("NtSetInformationToken(): Couldn't assign new default DACL, space exceeded (current length %u, new length %lu)\n",
Definition: ntsecapi.h:264
Definition: setypes.h:1031
Definition: ntsecapi.h:263
UCHAR DirectoryServiceAccess
Definition: setypes.h:144
Definition: ms-dtyp.idl:198
Definition: ntsecapi.h:260
VOID NTAPI SepReleaseAcl(_In_ PACL CapturedAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) a captured ACL from the memory pool.
Definition: acl.c:464
struct _TOKEN_PRIMARY_GROUP * PTOKEN_PRIMARY_GROUP
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
Definition: sefuncs.h:312
Definition: ms-dtyp.idl:293
NTSTATUS NTAPI SepCaptureSid(_In_ PSID InputSid, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID *CapturedSid)
Captures a SID.
Definition: sid.c:314
Definition: setypes.h:1027
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
VOID NTAPI SepReleaseSid(_In_ PSID CapturedSid, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID.
Definition: sid.c:400
NTSTATUS SepRmDereferenceLogonSession(_Inout_ PLUID LogonLuid)
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:494
struct _TOKEN_DEFAULT_DACL * PTOKEN_DEFAULT_DACL
Definition: ntsecapi.h:262
Definition: ntsecapi.h:268
struct _TOKEN_ORIGIN * PTOKEN_ORIGIN
NTSTATUS NTAPI SepCaptureAcl(_In_ PACL InputAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PACL *CapturedAcl)
Captures an access control list from an already valid input ACL.
Definition: acl.c:352
Definition: setypes.h:966
Definition: setypes.h:154
Definition: setypes.h:1023
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1599
static __inline NTSTATUS DefaultSetInfoBufferCheck(_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ PVOID Buffer, _In_ ULONG BufferLength, _In_ KPROCESSOR_MODE PreviousMode)
Probe helper that validates the provided parameters whenever a NtSet*** system call is invoked from u...
Definition: probe.h:70
Definition: se.h:57
Definition: setypes.h:1102
SEP_AUDIT_POLICY_CATEGORIES PolicyElements
Definition: setypes.h:158
Definition: setypes.h:965
struct _TOKEN_OWNER * PTOKEN_OWNER
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
Definition: setypes.h:977
Definition: setypes.h:978
NTSYSAPI BOOLEAN WINAPI RtlCopySid(DWORD, PSID, PSID)
static const INFORMATION_CLASS_INFO SeTokenInformationClass[]
Definition: tokencls.c:19
Definition: ketypes.h:867
NTSTATUS NTAPI SepRmRemoveLogonSessionFromToken(_Inout_ PTOKEN Token)
Removes a logon session from an access token.
Definition: srm.c:449
NTSTATUS SepRebuildDynamicPartOfToken(_In_ PTOKEN Token, _In_ ULONG NewDynamicPartSize)
struct _TOKEN_AUDIT_POLICY_INFORMATION::@1768 Policies[1]
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:335
Definition: setypes.h:973
Definition: ntsecapi.h:266
struct _TOKEN_AUDIT_POLICY_INFORMATION * PTOKEN_AUDIT_POLICY_INFORMATION
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
Definition: priv.c:744
Definition: setypes.h:967
Definition: tokenizer.hpp:27
Definition: ntsecapi.h:265
Definition: setypes.h:975
Definition: nsiface.idl:2306
Definition: setypes.h:215
NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Finds the primary group and default owner entity based on the submitted primary group instance and an...
Definition: token.c:1011
Definition: ntsecapi.h:261
◆ SeCaptureSecurityDescriptor()
| NTKERNELAPI NTSTATUS NTAPI SeCaptureSecurityDescriptor | ( | _In_ PSECURITY_DESCRIPTOR | _OriginalSecurityDescriptor, |
| _In_ KPROCESSOR_MODE | CurrentMode, | ||
| _In_ POOL_TYPE | PoolType, | ||
| _In_ BOOLEAN | CaptureIfKernel, | ||
| _Out_ PSECURITY_DESCRIPTOR * | CapturedSecurityDescriptor | ||
| ) |
Captures a security descriptor.
- Parameters
-
[in] _OriginalSecurityDescriptor An already existing and valid security descriptor to be captured. [in] CurrentMode Processor level access mode. [in] PoolType Pool type to be used when allocating the captured buffer. [in] CaptureIfKernel Set this to TRUE if capturing is done within the kernel. [out] CapturedSecurityDescriptor The captured security descriptor.
- Returns
- Returns STATUS_SUCCESS if the operations have been completed successfully and that the security descriptor has been captured. STATUS_UNKNOWN_REVISION is returned if the security descriptor has an unknown revision. STATUS_INSUFFICIENT_RESOURCES is returned if memory pool allocation for the captured buffer has failed. A failure NTSTATUS code is returned otherwise.
Definition at line 386 of file sd.c.
Definition: ms-dtyp.idl:301
DECLSPEC_NORETURN NTSYSAPI VOID NTAPI RtlRaiseStatus(_In_ NTSTATUS Status)
Definition: setypes.h:832
static ULONG DetermineACLSize(_In_ PACL Acl, _In_ KPROCESSOR_MODE ProcessorMode)
Determines the size of an ACL.
Definition: sd.c:336
FORCEINLINE PSID SepGetGroupFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:79
Definition: ketypes.h:11
FORCEINLINE PSID SepGetOwnerFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:99
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
Definition: sefuncs.h:29
NTSYSAPI BOOLEAN NTAPI RtlValidAcl(PACL Acl)
FORCEINLINE PACL SepGetSaclFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:141
static ULONG DetermineSIDSize(_In_ PISID Sid, _Inout_ PULONG OutSAC, _In_ KPROCESSOR_MODE ProcessorMode)
Determines the size of a SID.
Definition: sd.c:290
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG SaclSize
Definition: rtlfuncs.h:1595
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
struct _SECURITY_DESCRIPTOR SECURITY_DESCRIPTOR
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG OwnerSize
Definition: rtlfuncs.h:1597
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG DaclSize
Definition: rtlfuncs.h:1593
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3810
FORCEINLINE PACL SepGetDaclFromDescriptor(_Inout_ PVOID _Descriptor)
Definition: se.h:119
Referenced by NtAccessCheck(), NtOpenObjectAuditAlarm(), NtSetSecurityObject(), ObpCaptureObjectCreateInformation(), ProbeAndCaptureObjectAttributes(), and SepAccessCheckAndAuditAlarm().
◆ SeCreateAccessState()
| NTKERNELAPI NTSTATUS NTAPI SeCreateAccessState | ( | _In_ PACCESS_STATE | AccessState, |
| _In_ PAUX_ACCESS_DATA | AuxData, | ||
| _In_ ACCESS_MASK | Access, | ||
| _In_ PGENERIC_MAPPING | GenericMapping | ||
| ) |
◆ SeDeleteAccessState()
| NTKERNELAPI VOID NTAPI SeDeleteAccessState | ( | _In_ PACCESS_STATE | AccessState | ) |
Deletes an allocated access state from the memory.
- Parameters
-
[in] AccessState A valid access state.
- Returns
- Nothing.
Definition at line 150 of file access.c.
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE AccessState
Definition: sefuncs.h:414
Definition: setypes.h:256
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
Definition: subject.c:171
Referenced by NtOpenProcess(), NtOpenThread(), ObDuplicateObject(), ObInsertObject(), ObOpenObjectByName(), ObOpenObjectByPointer(), ObReferenceObjectByName(), PspCreateProcess(), PspCreateThread(), and START_TEST().
◆ SeReleaseSecurityDescriptor()
| NTKERNELAPI NTSTATUS NTAPI SeReleaseSecurityDescriptor | ( | _In_ PSECURITY_DESCRIPTOR | CapturedSecurityDescriptor, |
| _In_ KPROCESSOR_MODE | CurrentMode, | ||
| _In_ BOOLEAN | CaptureIfKernelMode | ||
| ) |
Releases a captured security descriptor buffer.
- Parameters
-
[in] CapturedSecurityDescriptor The captured security descriptor to be freed. [in] CurrentMode Processor level access mode. [in] CaptureIfKernelMode Set this to TRUE if the releasing is to be done within the kernel.
- Returns
- Returns STATUS_SUCCESS.
Definition at line 760 of file sd.c.
Definition: ketypes.h:11
Referenced by NtAccessCheck(), NtOpenObjectAuditAlarm(), NtSetSecurityObject(), ObInsertObject(), ObpReleaseObjectCreateInformation(), ReleaseCapturedObjectAttributes(), and SepAccessCheckAndAuditAlarm().
◆ SeTokenImpersonationLevel()
| NTKERNELAPI SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel | ( | _In_ PACCESS_TOKEN | Token | ) |
Gathers the security impersonation level of an access token.
- Returns
- Returns the security impersonation level from a valid token.
Definition at line 1846 of file token.c.
Definition: tokenizer.hpp:27
Definition: setypes.h:215
Referenced by PsAssignImpersonationToken().
◆ ZwAccessCheck()
| NTSYSAPI NTSTATUS NTAPI ZwAccessCheck | ( | _In_ PSECURITY_DESCRIPTOR | SecurityDescriptor, |
| _In_ HANDLE | ClientToken, | ||
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ PGENERIC_MAPPING | GenericMapping, | ||
| _Out_ PPRIVILEGE_SET | PrivilegeSet, | ||
| _Out_ PULONG | ReturnLength, | ||
| _Out_ PACCESS_MASK | GrantedAccess, | ||
| _Out_ PNTSTATUS | AccessStatus | ||
| ) |
◆ ZwAdjustGroupsToken()
| NTSYSAPI NTSTATUS NTAPI ZwAdjustGroupsToken | ( | _In_ HANDLE | TokenHandle, |
| _In_ BOOLEAN | ResetToDefault, | ||
| _In_ PTOKEN_GROUPS | NewState, | ||
| _In_ ULONG | BufferLength, | ||
| _Out_opt_ PTOKEN_GROUPS | PreviousState, | ||
| _Out_ PULONG | ReturnLength | ||
| ) |
◆ ZwAdjustPrivilegesToken()
| _Must_inspect_result_ NTSYSAPI NTSTATUS NTAPI ZwAdjustPrivilegesToken | ( | _In_ HANDLE | TokenHandle, |
| _In_ BOOLEAN | DisableAllPrivileges, | ||
| _In_opt_ PTOKEN_PRIVILEGES | NewState, | ||
| _In_ ULONG | BufferLength, | ||
| _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES | PreviousState, | ||
| _When_(PreviousState !=NULL, _Out_) PULONG | ReturnLength | ||
| ) |
Referenced by RtlAcquirePrivilege(), RtlAdjustPrivilege(), RtlpSysVolTakeOwnership(), RtlReleasePrivilege(), and RtlRemovePrivileges().
◆ ZwAllocateLocallyUniqueId()
Referenced by CreateInitialSystemToken().
◆ ZwAllocateUuids()
| NTSYSAPI NTSTATUS NTAPI ZwAllocateUuids | ( | _Out_ PULARGE_INTEGER | Time, |
| _Out_ PULONG | Range, | ||
| _Out_ PULONG | Sequence, | ||
| _Out_ PUCHAR | Seed | ||
| ) |
◆ ZwCreateToken()
| NTSYSAPI NTSTATUS NTAPI ZwCreateToken | ( | _Out_ PHANDLE | TokenHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ POBJECT_ATTRIBUTES | ObjectAttributes, | ||
| _In_ TOKEN_TYPE | TokenType, | ||
| _In_ PLUID | AuthenticationId, | ||
| _In_ PLARGE_INTEGER | ExpirationTime, | ||
| _In_ PTOKEN_USER | TokenUser, | ||
| _In_ PTOKEN_GROUPS | TokenGroups, | ||
| _In_ PTOKEN_PRIVILEGES | TokenPrivileges, | ||
| _In_ PTOKEN_OWNER | TokenOwner, | ||
| _In_ PTOKEN_PRIMARY_GROUP | TokenPrimaryGroup, | ||
| _In_ PTOKEN_DEFAULT_DACL | TokenDefaultDacl, | ||
| _In_ PTOKEN_SOURCE | TokenSource | ||
| ) |
Referenced by CreateInitialSystemToken().
◆ ZwImpersonateAnonymousToken()
◆ ZwOpenObjectAuditAlarm()
| NTSYSAPI NTSTATUS NTAPI ZwOpenObjectAuditAlarm | ( | _In_ PUNICODE_STRING | SubsystemName, |
| _In_ PVOID | HandleId, | ||
| _In_ PUNICODE_STRING | ObjectTypeName, | ||
| _In_ PUNICODE_STRING | ObjectName, | ||
| _In_ PSECURITY_DESCRIPTOR | SecurityDescriptor, | ||
| _In_ HANDLE | ClientToken, | ||
| _In_ ULONG | DesiredAccess, | ||
| _In_ ULONG | GrantedAccess, | ||
| _In_ PPRIVILEGE_SET | Privileges, | ||
| _In_ BOOLEAN | ObjectCreation, | ||
| _In_ BOOLEAN | AccessGranted, | ||
| _Out_ PBOOLEAN | GenerateOnClose | ||
| ) |
◆ ZwOpenProcessTokenEx()
| NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx | ( | _In_ HANDLE | ProcessHandle, |
| _In_ ACCESS_MASK | DesiredAccess, | ||
| _In_ ULONG | HandleAttributes, | ||
| _Out_ PHANDLE | TokenHandle | ||
| ) |
Referenced by RtlFormatCurrentUserKeyPath().
◆ ZwPrivilegeCheck()
| NTSYSAPI NTSTATUS NTAPI ZwPrivilegeCheck | ( | _In_ HANDLE | ClientToken, |
| _In_ PPRIVILEGE_SET | RequiredPrivileges, | ||
| _In_ PBOOLEAN | Result | ||
| ) |
◆ ZwPrivilegedServiceAuditAlarm()
| NTSYSAPI NTSTATUS NTAPI ZwPrivilegedServiceAuditAlarm | ( | _In_ PUNICODE_STRING | SubsystemName, |
| _In_ PUNICODE_STRING | ServiceName, | ||
| _In_ HANDLE | ClientToken, | ||
| _In_ PPRIVILEGE_SET | Privileges, | ||
| _In_ BOOLEAN | AccessGranted | ||
| ) |
◆ ZwPrivilegeObjectAuditAlarm()
| NTSYSAPI NTSTATUS NTAPI ZwPrivilegeObjectAuditAlarm | ( | _In_ PUNICODE_STRING | SubsystemName, |
| _In_ PVOID | HandleId, | ||
| _In_ HANDLE | ClientToken, | ||
| _In_ ULONG | DesiredAccess, | ||
| _In_ PPRIVILEGE_SET | Privileges, | ||
| _In_ BOOLEAN | AccessGranted | ||
| ) |
◆ ZwSetInformationToken()
| NTSYSAPI NTSTATUS NTAPI ZwSetInformationToken | ( | _In_ HANDLE | TokenHandle, |
| _In_ TOKEN_INFORMATION_CLASS | TokenInformationClass, | ||
| _Out_ PVOID | TokenInformation, | ||
| _In_ ULONG | TokenInformationLength | ||
| ) |
Variable Documentation
◆ DesiredAccess
◆ EffectiveOnly
| _Must_inspect_result_ _In_opt_ PACCESS_TOKEN _In_ BOOLEAN _In_ BOOLEAN EffectiveOnly |
Definition at line 401 of file sefuncs.h.
Referenced by GetProcessLuid(), NtCloseObjectAuditAlarm(), NtDuplicateToken(), NtOpenThreadTokenEx(), ObpReferenceDeviceMap(), PsImpersonateClient(), PsReferenceEffectiveToken(), PsReferenceImpersonationToken(), SeCaptureSubjectContextEx(), SeImpersonateClientEx(), and SepDuplicateToken().
◆ Length
◆ NewTokenHandle
| _In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE _Out_ PHANDLE NewTokenHandle |
Definition at line 401 of file sefuncs.h.
Referenced by CreateRestrictedToken(), NtDuplicateToken(), and NtFilterToken().
◆ ObjectAttributes
| _In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes |
◆ ResultLength
◆ ReturnLength
◆ TokenHandle
◆ TokenInformationClass
| _In_ TOKEN_INFORMATION_CLASS TokenInformationClass |
Definition at line 310 of file sefuncs.h.
Referenced by GetTokenInformation(), NtQueryInformationToken(), NtSetInformationToken(), SeQueryInformationToken(), and SetTokenInformation().
◆ TokenInformationLength
| _In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength |
Definition at line 312 of file sefuncs.h.
Referenced by GetTokenInformation(), NtQueryInformationToken(), NtSetInformationToken(), and SetTokenInformation().
◆ TokenType
| _In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType |
Definition at line 401 of file sefuncs.h.
Referenced by CreateProcessAsUserCommon(), DuplicateTokenEx(), ImpersonateLoggedOnUser(), ImpersonatePrinterClient(), NpFreeClientSecurityContext(), NtCreateToken(), NtDuplicateToken(), NtQueryInformationToken(), PsReferenceEffectiveToken(), QueryTokenTypeTests(), SeCreateClientSecurity(), SepCreateClientSecurity(), SepCreateToken(), SepDuplicateToken(), SeQueryInformationToken(), test_CreateRestrictedToken(), TestsSeQueryInformationToken(), validate_impersonation_token(), and WhoamiGetTokenInfo().
