120 DPRINT(
"SeQueryInformationToken(TokenUser)\n");
133 &
Token->UserAndGroups[0],
141 *TokenInformation = tu;
152 DPRINT(
"SeQueryInformationToken(TokenGroups)\n");
172 &
Token->UserAndGroups[1],
180 *TokenInformation = tg;
189 DPRINT(
"SeQueryInformationToken(TokenPrivileges)\n");
201 tp->PrivilegeCount =
Token->PrivilegeCount;
207 *TokenInformation =
tp;
217 DPRINT(
"SeQueryInformationToken(TokenOwner)\n");
232 Token->UserAndGroups[
Token->DefaultOwnerIndex].Sid);
235 *TokenInformation = to;
245 DPRINT(
"SeQueryInformationToken(TokenPrimaryGroup)\n");
260 Token->PrimaryGroup);
263 *TokenInformation = tpg;
272 DPRINT(
"SeQueryInformationToken(TokenDefaultDacl)\n");
291 Token->DefaultDacl->AclSize);
299 *TokenInformation = tdd;
308 DPRINT(
"SeQueryInformationToken(TokenSource)\n");
319 *ts =
Token->TokenSource;
322 *TokenInformation = ts;
331 DPRINT(
"SeQueryInformationToken(TokenType)\n");
342 *tt =
Token->TokenType;
345 *TokenInformation = tt;
354 DPRINT(
"SeQueryInformationToken(TokenImpersonationLevel)\n");
372 *sil =
Token->ImpersonationLevel;
375 *TokenInformation = sil;
384 DPRINT(
"SeQueryInformationToken(TokenStatistics)\n");
407 *TokenInformation = ts;
414 DPRINT(
"SeQueryInformationToken(TokenSessionId)\n");
477 PVOID TokenInformation,
507 DPRINT(
"NtQueryInformationToken() failed, Status: 0x%x\n",
Status);
528 DPRINT(
"NtQueryInformationToken(TokenUser)\n");
537 &
Token->UserAndGroups[0],
564 DPRINT(
"NtQueryInformationToken(TokenGroups)\n");
579 &
Token->UserAndGroups[1],
606 DPRINT(
"NtQueryInformationToken(TokenPrivileges)\n");
614 tp->PrivilegeCount =
Token->PrivilegeCount;
640 DPRINT(
"NtQueryInformationToken(TokenOwner)\n");
651 Token->UserAndGroups[
Token->DefaultOwnerIndex].Sid);
674 DPRINT(
"NtQueryInformationToken(TokenPrimaryGroup)\n");
685 Token->PrimaryGroup);
707 DPRINT(
"NtQueryInformationToken(TokenDefaultDacl)\n");
722 Token->DefaultDacl->AclSize);
749 DPRINT(
"NtQueryInformationToken(TokenSource)\n");
756 *ts =
Token->TokenSource;
778 DPRINT(
"NtQueryInformationToken(TokenType)\n");
785 *tt =
Token->TokenType;
807 DPRINT(
"NtQueryInformationToken(TokenImpersonationLevel)\n");
822 *sil =
Token->ImpersonationLevel;
844 DPRINT(
"NtQueryInformationToken(TokenStatistics)\n");
882 DPRINT(
"NtQueryInformationToken(TokenOrigin)\n");
910 ULONG SidLen, RestrictedSidLen;
911 ULONG UserGroupLength, RestrictedSidLength, PrivilegeLength;
914 DPRINT(
"NtQueryInformationToken(TokenGroupsAndPrivileges)\n");
920 UserGroupLength + RestrictedSidLength + PrivilegeLength;
927 GroupsAndPrivs->
SidLength = UserGroupLength;
933 Token->UserAndGroups,
935 GroupsAndPrivs->
Sids,
951 Token->RestrictedSids,
963 UserGroupLength + RestrictedSidLength);
990 DPRINT(
"NtQueryInformationToken(TokenRestrictedSids)\n");
1005 Token->RestrictedSids,
1030 ULONG IsTokenSandBoxInert;
1032 DPRINT(
"NtQueryInformationToken(TokenSandBoxInert)\n");
1038 *(
PULONG)TokenInformation = IsTokenSandBoxInert;
1054 DPRINT(
"NtQueryInformationToken(TokenSessionId)\n");
1149 DPRINT(
"NtSetInformationToken() failed, Status: 0x%x\n",
Status);
1174 ULONG DefaultOwnerIndex;
1178 InputSid = to->
Owner;
1202 &DefaultOwnerIndex);
1206 Token->DefaultOwnerIndex = DefaultOwnerIndex;
1233 ULONG PrimaryGroupIndex, NewDynamicLength;
1262 AclSize =
Token->DefaultDacl ?
Token->DefaultDacl->AclSize : 0;
1263 NewDynamicLength =
RtlLengthSid(CapturedSid) + AclSize;
1264 if (NewDynamicLength >
Token->DynamicCharged)
1269 DPRINT1(
"NtSetInformationToken(): Couldn't assign new primary group, space exceeded (current length %u, new length %lu)\n",
1270 Token->DynamicCharged, NewDynamicLength);
1301 if ((
Token->DefaultDacl) &&
1323 Token->UserAndGroups[PrimaryGroupIndex].Sid);
1363 if (InputAcl !=
NULL)
1375 ULONG NewDynamicLength;
1388 if (NewDynamicLength >
Token->DynamicCharged)
1393 DPRINT1(
"NtSetInformationToken(): Couldn't assign new default DACL, space exceeded (current length %u, new length %lu)\n",
1394 Token->DynamicCharged, NewDynamicLength);
1412 if (
Token->DefaultDacl)
1414 Token->DynamicAvailable +=
Token->DefaultDacl->AclSize;
1424 Token->PrimaryGroup,
1455 Token->DynamicAvailable +=
Token->DefaultDacl->AclSize;
1510 ULONG SessionReference;
1515 SessionReference = *(
PULONG)TokenInformation;
1532 if (SessionReference == 0)
1534 ULONG OldTokenFlags;
1547 if (OldTokenFlags ==
Token->TokenFlags)
1555 if (SessionReference == 0)
1585 switch (PolicyInformation->
Policies[
i].Category)
1643 Token->AuditPolicy = AuditPolicy;
1682 Token->OriginatingLogonSession =
1696 DPRINT1(
"Invalid TokenInformationClass: 0x%lx\n",
1708 DPRINT1(
"NtSetInformationToken failed with Status 0x%lx\n",
Status);
#define STATUS_PRIVILEGE_NOT_HELD
#define NT_SUCCESS(StatCode)
static const WCHAR Cleanup[]
_In_ uint64_t _In_ uint64_t _In_ uint64_t _In_opt_ traverse_ptr * tp
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
#define ExAllocatePoolWithTag(hernya, size, tag)
#define ExGetPreviousMode
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat token
#define ICIF_QUERY_SIZE_VARIABLE
#define ICIF_SET_SIZE_VARIABLE
#define ICIF_FORCE_RETURN_LENGTH_PROBE
#define ICIF_SIZE_VARIABLE
#define IQS_SAME(Type, Alignment, Flags)
#define ICIF_PROBE_READ_WRITE
NTSYSAPI BOOLEAN WINAPI RtlCopySid(DWORD, PSID, PSID)
#define EXCEPTION_EXECUTE_HANDLER
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
enum _SECURITY_IMPERSONATION_LEVEL * PSECURITY_IMPERSONATION_LEVEL
struct _TOKEN_SOURCE * PTOKEN_SOURCE
struct _TOKEN_SOURCE TOKEN_SOURCE
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
NTSYSAPI VOID NTAPI RtlCopyLuidAndAttributesArray(ULONG Count, PLUID_AND_ATTRIBUTES Src, PLUID_AND_ATTRIBUTES Dest)
NTSYSAPI NTSTATUS NTAPI RtlCopySidAndAttributesArray(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src, _In_ ULONG SidAreaSize, _In_ PSID_AND_ATTRIBUTES Dest, _In_ PSID SidArea, _Out_ PSID *RemainingSidArea, _Out_ PULONG RemainingSidAreaSize)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass
_In_ TOKEN_INFORMATION_CLASS _In_ ULONG TokenInformationLength
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
#define _In_reads_bytes_(s)
#define _Outptr_result_buffer_(s)
#define _Must_inspect_result_
#define _Out_writes_bytes_to_opt_(s, c)
VOID NTAPI ExAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
static __inline NTSTATUS DefaultQueryInfoBufferCheck(_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ ULONG Flags, _In_opt_ PVOID Buffer, _In_ ULONG BufferLength, _In_opt_ PULONG ReturnLength, _In_opt_ PULONG_PTR ReturnLengthPtr, _In_ KPROCESSOR_MODE PreviousMode)
Probe helper that validates the provided parameters whenever a NtQuery*** system call is invoked from...
static __inline NTSTATUS DefaultSetInfoBufferCheck(_In_ ULONG Class, _In_ const INFORMATION_CLASS_INFO *ClassList, _In_ ULONG ClassListEntries, _In_ PVOID Buffer, _In_ ULONG BufferLength, _In_ KPROCESSOR_MODE PreviousMode)
Probe helper that validates the provided parameters whenever a NtSet*** system call is invoked from u...
NTSTATUS NTAPI SepRmRemoveLogonSessionFromToken(_Inout_ PTOKEN Token)
Removes a logon session from an access token.
VOID NTAPI SepReleaseSid(_In_ PSID CapturedSid, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases a captured SID.
NTSTATUS SepRmDereferenceLogonSession(_Inout_ PLUID LogonLuid)
NTSTATUS NTAPI SepCaptureSid(_In_ PSID InputSid, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PSID *CapturedSid)
Captures a SID.
NTSTATUS SepFindPrimaryGroupAndDefaultOwner(_In_ PTOKEN Token, _In_ PSID PrimaryGroup, _In_opt_ PSID DefaultOwner, _Out_opt_ PULONG PrimaryGroupIndex, _Out_opt_ PULONG DefaultOwnerIndex)
Finds the primary group and default owner entity based on the submitted primary group instance and an...
BOOLEAN NTAPI SeTokenIsInert(_In_ PTOKEN Token)
Determines if a token is a sandbox inert token or not, based upon the token flags.
#define SepAcquireTokenLockShared(Token)
VOID NTAPI SepReleaseAcl(_In_ PACL CapturedAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel)
Releases (frees) a captured ACL from the memory pool.
const LUID SeTcbPrivilege
ULONG RtlLengthSidAndAttributes(_In_ ULONG Count, _In_ PSID_AND_ATTRIBUTES Src)
Computes the length size of a SID.
ULONG SepComputeAvailableDynamicSpace(_In_ ULONG DynamicCharged, _In_ PSID PrimaryGroup, _In_opt_ PACL DefaultDacl)
Computes the exact available dynamic area of an access token whilst querying token statistics.
#define SepAcquireTokenLockExclusive(Token)
NTSTATUS NTAPI SepCaptureAcl(_In_ PACL InputAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PACL *CapturedAcl)
Captures an access control list from an already valid input ACL.
struct _TOKEN_AUDIT_POLICY_INFORMATION * PTOKEN_AUDIT_POLICY_INFORMATION
#define SepReleaseTokenLock(Token)
NTSTATUS SepRebuildDynamicPartOfToken(_In_ PTOKEN Token, _In_ ULONG NewDynamicPartSize)
BOOLEAN NTAPI SeSinglePrivilegeCheck(_In_ LUID PrivilegeValue, _In_ KPROCESSOR_MODE PreviousMode)
Checks if a single privilege is present in the context of the calling thread.
POBJECT_TYPE SeTokenObjectType
NTSTATUS NTAPI SeQuerySessionIdToken(_In_ PACCESS_TOKEN Token, _Out_ PULONG pSessionId)
Queries the session ID of an access token.
BOOLEAN NTAPI SeTokenIsRestricted(_In_ PACCESS_TOKEN Token)
Determines if a token is restricted or not, based upon the token flags.
@ AuditCategoryAccountManagement
@ AuditCategoryAccountLogon
@ AuditCategoryPolicyChange
@ AuditCategoryObjectAccess
@ AuditCategoryDirectoryServiceAccess
@ AuditCategoryDetailedTracking
@ AuditCategoryPrivilegeUse
#define STATUS_ALLOTTED_SPACE_EXCEEDED
#define STATUS_INVALID_INFO_CLASS
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
#define _SEH2_GetExceptionCode()
#define _SEH2_EXCEPT(...)
#define _SEH2_YIELD(__stmt)
#define STATUS_BUFFER_TOO_SMALL
UCHAR DirectoryServiceAccess
SEP_AUDIT_POLICY_CATEGORIES PolicyElements
$ULONG RestrictedSidLength
PSID_AND_ATTRIBUTES RestrictedSids
PLUID_AND_ATTRIBUTES Privileges
$ULONG RestrictedSidCount
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
LUID OriginatingLogonSession
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
LARGE_INTEGER ExpirationTime
NTSTATUS NTAPI SeQueryInformationToken(_In_ PACCESS_TOKEN AccessToken, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Outptr_result_buffer_(_Inexpressible_(token-dependent)) PVOID *TokenInformation)
Queries information details about the given token to the call. The difference between NtQueryInformat...
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Queries a specific type of information in regard of an access token based upon the information class....
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtSetInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
Sets (modifies) some specific information in regard of an access token. The calling thread must have ...
static const INFORMATION_CLASS_INFO SeTokenInformationClass[]
#define FIELD_OFFSET(t, f)
#define RtlCopyMemory(Destination, Source, Length)
#define RtlZeroMemory(Destination, Length)
#define RtlMoveMemory(Destination, Source, Length)
#define STATUS_INFO_LENGTH_MISMATCH
#define STATUS_INSUFFICIENT_RESOURCES
_In_ ULONG _Out_opt_ PULONG RequiredLength
#define ObDereferenceObject
#define RtlIsZeroLuid(_L1)
#define RtlInterlockedSetBits(Flags, Flag)
_In_ KPROCESSOR_MODE PreviousMode
#define TOKEN_QUERY_SOURCE
struct _TOKEN_PRIMARY_GROUP TOKEN_PRIMARY_GROUP
struct _SID_AND_ATTRIBUTES * PSID_AND_ATTRIBUTES
struct _TOKEN_GROUPS * PTOKEN_GROUPS
struct _TOKEN_PRIMARY_GROUP * PTOKEN_PRIMARY_GROUP
#define TOKEN_SESSION_NOT_REFERENCED
struct _TOKEN_USER TOKEN_USER
struct _TOKEN_STATISTICS * PTOKEN_STATISTICS
struct _TOKEN_DEFAULT_DACL * PTOKEN_DEFAULT_DACL
struct _TOKEN_USER * PTOKEN_USER
struct _TOKEN_ORIGIN TOKEN_ORIGIN
struct _TOKEN_ORIGIN * PTOKEN_ORIGIN
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
struct _TOKEN_GROUPS_AND_PRIVILEGES * PTOKEN_GROUPS_AND_PRIVILEGES
struct _LUID_AND_ATTRIBUTES * PLUID_AND_ATTRIBUTES
#define TOKEN_ADJUST_SESSIONID
@ TokenGroupsAndPrivileges
@ TokenImpersonationLevel
struct _TOKEN_STATISTICS TOKEN_STATISTICS
#define TOKEN_ADJUST_DEFAULT
struct _TOKEN_PRIVILEGES * PTOKEN_PRIVILEGES
enum _TOKEN_INFORMATION_CLASS TOKEN_INFORMATION_CLASS
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
enum _TOKEN_TYPE * PTOKEN_TYPE
struct _TOKEN_DEFAULT_DACL TOKEN_DEFAULT_DACL
struct _TOKEN_GROUPS_AND_PRIVILEGES TOKEN_GROUPS_AND_PRIVILEGES
struct _TOKEN_OWNER TOKEN_OWNER
struct _TOKEN_OWNER * PTOKEN_OWNER