35 ULONG ulOwnerSidSize = 0, ulGroupSidSize = 0;
36 ULONG ulDaclSize = 0, ulSaclSize = 0;
42 DPRINT(
"RtlpSetSecurityObject()\n");
144 DPRINT1(
"New security descriptor allocation failed (Status 0x%08lx)\n",
Status);
152 DPRINT1(
"New security descriptor creation failed (Status 0x%08lx)\n",
Status);
299 if (OwnerSid ==
NULL)
316 AclSize =
sizeof(
ACL) +
411 DPRINT1(
"RtlDeleteSecurityObject(%p)\n", ObjectDescriptor);
414 RtlFreeHeap(RtlGetProcessHeap(), 0, *ObjectDescriptor);
430 DPRINT1(
"RtlNewSecurityObject(%p)\n", ParentDescriptor);
458 DPRINT1(
"RtlNewSecurityObjectEx(%p)\n", ParentDescriptor);
487 DPRINT1(
"RtlNewSecurityObjectWithMultipleInheritance(%p)\n", ParentDescriptor);
508 IN PLUID OldClientTokenModifiedId,
520 DPRINT1(
"RtlNewInstanceSecurityObject(%p)\n", ParentDescriptor);
531 *NewClientTokenModifiedId = TokenStats.
ModifiedId;
534 if (
RtlEqualLuid(NewClientTokenModifiedId, OldClientTokenModifiedId))
537 if (!(ParentDescriptorChanged) && !(CreatorDescriptorChanged))
570 DPRINT1(
"RtlCreateUserSecurityObject(%p)\n", AceData);
653 DPRINT1(
"Missing privilege check for SE_SECURITY_PRIVILEGE");
655 *RemainingDesiredAccess &= ~ACCESS_SYSTEM_SECURITY;
761 ModificationDescriptor,
762 ObjectsSecurityDescriptor,
784 ModificationDescriptor,
785 ObjectsSecurityDescriptor,
static GENERIC_MAPPING GenericMapping
static SID_IDENTIFIER_AUTHORITY NtAuthority
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
#define STATUS_NOT_IMPLEMENTED
#define NT_SUCCESS(StatCode)
static SID_IDENTIFIER_AUTHORITY WorldAuthority
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
#define ROUND_UP(n, align)
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
#define RTL_FIELD_SIZE(type, field)
WORD SECURITY_DESCRIPTOR_CONTROL
#define SE_SECURITY_PRIVILEGE
static const WCHAR desc[]
DWORD SECURITY_INFORMATION
struct _SECURITY_DESCRIPTOR * PSECURITY_DESCRIPTOR
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
NTSYSAPI NTSTATUS NTAPI RtlGetSaclSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN SaclPresent, _Out_ PACL *Sacl, _Out_ PBOOLEAN SaclDefaulted)
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptorRelative(_Out_ PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor, _In_ ULONG Revision)
NTSYSAPI NTSTATUS NTAPI RtlGetDaclSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN DaclPresent, _Out_ PACL *Dacl, _Out_ PBOOLEAN DaclDefaulted)
#define ACCESS_SYSTEM_SECURITY
ACCESS_MASK * PACCESS_MASK
#define NtCurrentProcess()
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
_In_ ULONG _In_ ULONG _In_ ULONG Length
NTSYSAPI NTSTATUS NTAPI RtlGetGroupSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Group, OUT PBOOLEAN GroupDefaulted)
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
NTSYSAPI NTSTATUS NTAPI RtlGetOwnerSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Owner, OUT PBOOLEAN OwnerDefaulted)
NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN SaclPresent, IN PACL Sacl, IN BOOLEAN SaclDefaulted)
NTSYSAPI NTSTATUS NTAPI RtlAbsoluteToSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, IN PULONG BufferLength)
NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(IN OUT PSID Sid, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)
NTSTATUS NTAPI NtOpenProcessToken(IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle)
NTSTATUS NTAPI NtOpenThreadToken(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
Opens a token that is tied to a thread handle.
#define STATUS_INVALID_PRIMARY_GROUP
#define STATUS_INVALID_OWNER
BOOLEAN NTAPI RtlFlushSecureMemoryCache(IN PVOID MemoryCache, IN OPTIONAL SIZE_T MemoryLength)
NTSTATUS NTAPI RtlCreateUserSecurityObject(IN PVOID AceData, IN ULONG AceCount, IN PSID OwnerSid, IN PSID GroupSid, IN BOOLEAN IsDirectoryObject, IN PGENERIC_MAPPING GenericMapping, OUT PSECURITY_DESCRIPTOR *NewDescriptor)
NTSTATUS NTAPI RtlQuerySecurityObject(IN PSECURITY_DESCRIPTOR ObjectDescriptor, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR ResultantDescriptor, IN ULONG DescriptorLength, OUT PULONG ReturnLength)
NTSTATUS NTAPI RtlConvertToAutoInheritSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID ObjectType, IN BOOLEAN IsDirectoryObject, IN PGENERIC_MAPPING GenericMapping)
NTSTATUS NTAPI RtlpSetSecurityObject(IN PVOID Object OPTIONAL, IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR ModificationDescriptor, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN ULONG AutoInheritFlags, IN ULONG PoolType, IN PGENERIC_MAPPING GenericMapping, IN HANDLE Token OPTIONAL)
NTSTATUS NTAPI RtlDeleteSecurityObject(IN PSECURITY_DESCRIPTOR *ObjectDescriptor)
NTSTATUS NTAPI RtlSetSecurityObject(IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR ModificationDescriptor, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN PGENERIC_MAPPING GenericMapping, IN HANDLE Token OPTIONAL)
NTSTATUS NTAPI RtlRegisterSecureMemoryCacheCallback(IN PRTL_SECURE_MEMORY_CACHE_CALLBACK Callback)
NTSTATUS NTAPI RtlNewInstanceSecurityObject(IN BOOLEAN ParentDescriptorChanged, IN BOOLEAN CreatorDescriptorChanged, IN PLUID OldClientTokenModifiedId, OUT PLUID NewClientTokenModifiedId, IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN BOOLEAN IsDirectoryObject, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
NTSTATUS NTAPI RtlNewSecurityObjectEx(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID ObjectType, IN BOOLEAN IsDirectoryObject, IN ULONG AutoInheritFlags, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
NTSTATUS NTAPI RtlNewSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN BOOLEAN IsDirectoryObject, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
NTSTATUS NTAPI RtlpConvertToAutoInheritSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID ObjectType, IN BOOLEAN IsDirectoryObject, IN PGENERIC_MAPPING GenericMapping)
NTSTATUS NTAPI RtlCreateAndSetSD(IN PVOID AceData, IN ULONG AceCount, IN PSID OwnerSid OPTIONAL, IN PSID GroupSid OPTIONAL, OUT PSECURITY_DESCRIPTOR *NewDescriptor)
NTSTATUS NTAPI RtlNewSecurityObjectWithMultipleInheritance(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID *ObjectTypes, IN ULONG GuidCount, IN BOOLEAN IsDirectoryObject, IN ULONG AutoInheritFlags, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
NTSTATUS NTAPI RtlpNewSecurityObject(IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN LPGUID *ObjectTypes, IN ULONG GuidCount, IN BOOLEAN IsDirectoryObject, IN ULONG AutoInheritFlags, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping)
NTSTATUS NTAPI RtlNewSecurityGrantedAccess(IN ACCESS_MASK DesiredAccess, OUT PPRIVILEGE_SET Privileges, IN OUT PULONG Length, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping, OUT PACCESS_MASK RemainingDesiredAccess)
NTSTATUS NTAPI RtlDefaultNpAcl(OUT PACL *pAcl)
NTSTATUS NTAPI RtlSetSecurityObjectEx(IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR ModificationDescriptor, IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN ULONG AutoInheritFlags, IN PGENERIC_MAPPING GenericMapping, IN HANDLE Token OPTIONAL)
#define STATUS_BUFFER_TOO_SMALL
PULONG MinorVersion OPTIONAL
SECURITY_DESCRIPTOR_CONTROL Control
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Queries a specific type of information in regard of an access token based upon the information class....
#define FIELD_OFFSET(t, f)
#define RtlCopyMemory(Destination, Source, Length)
#define RtlZeroMemory(Destination, Length)
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
_In_ WDFINTERRUPT _In_ PFN_WDF_INTERRUPT_SYNCHRONIZE Callback
_In_ WDF_WMI_PROVIDER_CONTROL Control
#define RtlEqualLuid(Luid1, Luid2)
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR * NewDescriptor
#define SECURITY_ANONYMOUS_LOGON_RID
#define SECURITY_BUILTIN_DOMAIN_RID
#define DACL_SECURITY_INFORMATION
#define SE_DACL_DEFAULTED
#define SECURITY_WORLD_SID_AUTHORITY
#define SECURITY_WORLD_RID
#define SECURITY_LOCAL_SYSTEM_RID
#define OWNER_SECURITY_INFORMATION
#define SE_SACL_DEFAULTED
#define SE_PRIVILEGE_USED_FOR_ACCESS
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
#define SECURITY_NT_AUTHORITY
#define SECURITY_DESCRIPTOR_REVISION
#define GROUP_SECURITY_INFORMATION
#define SACL_SECURITY_INFORMATION
#define DOMAIN_ALIAS_RID_ADMINS
struct _PRIVILEGE_SET PRIVILEGE_SET
#define NtCurrentThread()