ReactOS 0.4.15-dev-7924-g5949c20
Macros | Functions
debug.c File Reference
#include <ntoskrnl.h>
#include <debug.h>
Include dependency graph for debug.c:

Go to the source code of this file.

Macros

#define NDEBUG
 

Functions

VOID SepDumpSdDebugInfo (_In_opt_ PISECURITY_DESCRIPTOR SecurityDescriptor)
 Dumps debug information of a security descriptor to the debugger.
 
VOID SepDumpTokenDebugInfo (_In_opt_ PTOKEN Token)
 Dumps debug information of an access token to the debugger.
 
VOID SepDumpAccessRightsStats (_In_ PACCESS_CHECK_RIGHTS AccessRights)
 Dumps security access rights to the debugger.
 
VOID SepDumpAccessAndStatusList (_In_ PACCESS_MASK GrantedAccessList, _In_ PNTSTATUS AccessStatusList, _In_ BOOLEAN IsResultList, _In_ POBJECT_TYPE_LIST_INTERNAL ObjectTypeList, _In_ ULONG ObjectTypeListLength)
 Dumps access and status values of each object type in the result list.
 

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 11 of file debug.c.

Function Documentation

◆ SepDumpAccessAndStatusList()

VOID SepDumpAccessAndStatusList ( _In_ PACCESS_MASK  GrantedAccessList,
_In_ PNTSTATUS  AccessStatusList,
_In_ BOOLEAN  IsResultList,
_In_ POBJECT_TYPE_LIST_INTERNAL  ObjectTypeList,
_In_ ULONG  ObjectTypeListLength 
)

Dumps access and status values of each object type in the result list.

Definition at line 353 of file debug.c.

359{
360#ifndef NDEBUG
361 ULONG ResultListIndex;
362 ULONG ObjectTypeIndex;
363 ULONG ResultListLength;
364
365 DbgPrint("================== ACCESS & STATUS OBJECT TYPE LIST STATISTICS ==================\n");
366 ResultListLength = IsResultList ? ObjectTypeListLength : 1;
367 for (ResultListIndex = 0; ResultListIndex < ResultListLength; ResultListIndex++)
368 {
369 DbgPrint("Result Index #%lu, Granted access rights -> 0x%08lx, Access status -> 0x%08lx\n",
370 ResultListIndex, GrantedAccessList[ResultListIndex], AccessStatusList[ResultListIndex]);
371 }
372
373 for (ObjectTypeIndex = 0; ObjectTypeIndex < ObjectTypeListLength; ObjectTypeIndex++)
374 {
375 DbgPrint("================== #%lu OBJECT ACCESS RIGHTS ==================\n", ObjectTypeIndex);
376 DbgPrint("Remaining access rights -> 0x%08lx\n", ObjectTypeList[ObjectTypeIndex].ObjectAccessRights.RemainingAccessRights);
377 DbgPrint("Granted access rights -> 0x%08lx\n", ObjectTypeList[ObjectTypeIndex].ObjectAccessRights.GrantedAccessRights);
378 DbgPrint("Denied access rights -> 0x%08lx\n", ObjectTypeList[ObjectTypeIndex].ObjectAccessRights.DeniedAccessRights);
379 }
380#endif
381}
DbgPrint
#define DbgPrint
Definition: hal.h:12
ULONG
uint32_t ULONG
Definition: typedefs.h:59

Referenced by SepAccessCheckWorker().

◆ SepDumpAccessRightsStats()

VOID SepDumpAccessRightsStats ( _In_ PACCESS_CHECK_RIGHTS  AccessRights)

Dumps security access rights to the debugger.

Definition at line 325 of file debug.c.

327{
328 /*
329 * Dump the access rights only if we have remaining rights
330 * to dump in the first place. RemainingAccessRights can be 0
331 * if access check procedure has failed prematurely and this
332 * member hasn't been filled yet.
333 */
334 if (!AccessRights->RemainingAccessRights)
335 {
336 return;
337 }
338
339#ifndef NDEBUG
340 DbgPrint("================== ACCESS CHECK RIGHTS STATISTICS ==================\n");
341 DbgPrint("Remaining access rights -> 0x%08lx\n", AccessRights->RemainingAccessRights);
342 DbgPrint("Granted access rights -> 0x%08lx\n", AccessRights->GrantedAccessRights);
343 DbgPrint("Denied access rights -> 0x%08lx\n", AccessRights->DeniedAccessRights);
344#endif
345}

Referenced by SepAccessCheckWorker().

◆ SepDumpSdDebugInfo()

VOID SepDumpSdDebugInfo ( _In_opt_ PISECURITY_DESCRIPTOR  SecurityDescriptor)

Dumps debug information of a security descriptor to the debugger.

Definition at line 217 of file debug.c.

219{
220#ifndef NDEBUG
221 UNICODE_STRING SidString;
222 PSID OwnerSid, GroupSid;
223 PACL Dacl, Sacl;
224#endif
225
226 /* Don't dump anything if no SD was provided */
227 if (!SecurityDescriptor)
228 {
229 return;
230 }
231
232#ifndef NDEBUG
233 /* Cache the necessary security buffers to dump info from */
234 OwnerSid = SepGetOwnerFromDescriptor(SecurityDescriptor);
235 GroupSid = SepGetGroupFromDescriptor(SecurityDescriptor);
236 Sacl = SepGetSaclFromDescriptor(SecurityDescriptor);
237 Dacl = SepGetDaclFromDescriptor(SecurityDescriptor);
238
239 DbgPrint("================== SECURITY DESCRIPTOR DUMP INFO ==================\n");
240 DbgPrint("SecurityDescriptor -> 0x%p\n", SecurityDescriptor);
241 DbgPrint("SecurityDescriptor->Revision -> %u\n", SecurityDescriptor->Revision);
242 DbgPrint("SecurityDescriptor->Control:\n");
243 SepDumpSdControlInfo(SecurityDescriptor->Control);
244
245 /* Dump the Owner SID if the SD belongs to an owner */
246 if (OwnerSid)
247 {
248 RtlConvertSidToUnicodeString(&SidString, OwnerSid, TRUE);
249 DbgPrint("SD Owner SID -> %wZ\n", &SidString);
250 RtlFreeUnicodeString(&SidString);
251 }
252
253 /* Dump the Group SID if the SD belongs to a group */
254 if (GroupSid)
255 {
256 RtlConvertSidToUnicodeString(&SidString, GroupSid, TRUE);
257 DbgPrint("SD Group SID -> %wZ\n", &SidString);
258 RtlFreeUnicodeString(&SidString);
259 }
260
261 /* Dump the ACL contents of SACL if this SD has one */
262 if (Sacl)
263 {
264 SepDumpAclInfo(Sacl, TRUE);
265 }
266
267 /* Dump the ACL contents of DACL if this SD has one */
268 if (Dacl)
269 {
270 SepDumpAclInfo(Dacl, FALSE);
271 }
272#endif
273}
TRUE
#define TRUE
Definition: types.h:120
FALSE
#define FALSE
Definition: types.h:117
Dacl
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1593
Sacl
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
Definition: rtlfuncs.h:1595
RtlFreeUnicodeString
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
RtlConvertSidToUnicodeString
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString(OUT PUNICODE_STRING DestinationString, IN PVOID Sid, IN BOOLEAN AllocateDestinationString)
SepGetOwnerFromDescriptor
FORCEINLINE PSID SepGetOwnerFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
Definition: se.h:109
SepGetGroupFromDescriptor
FORCEINLINE PSID SepGetGroupFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
Definition: se.h:89
SepGetDaclFromDescriptor
FORCEINLINE PACL SepGetDaclFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
Definition: se.h:129
SepGetSaclFromDescriptor
FORCEINLINE PACL SepGetSaclFromDescriptor(_Inout_ PSECURITY_DESCRIPTOR _Descriptor)
Definition: se.h:151
_ACL
Definition: ms-dtyp.idl:293
_SID
Definition: ms-dtyp.idl:198
_UNICODE_STRING
Definition: env_spec_w32.h:368
SecurityDescriptor
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191

Referenced by SepAccessCheckWorker().

◆ SepDumpTokenDebugInfo()

VOID SepDumpTokenDebugInfo ( _In_opt_ PTOKEN  Token)

Dumps debug information of an access token to the debugger.

Definition at line 280 of file debug.c.

282{
283#ifndef NDEBUG
284 UNICODE_STRING SidString;
285#endif
286
287 /* Don't dump anything if no token was provided */
288 if (!Token)
289 {
290 return;
291 }
292
293#ifndef NDEBUG
294 /* Dump relevant token info */
295 DbgPrint("================== ACCESS TOKEN DUMP INFO ==================\n");
296 DbgPrint("Token -> 0x%p\n", Token);
297 DbgPrint("Token->ImageFileName -> %s\n", Token->ImageFileName);
298 DbgPrint("Token->TokenSource.SourceName -> \"%-.*s\"\n",
299 RTL_NUMBER_OF(Token->TokenSource.SourceName),
300 Token->TokenSource.SourceName);
301 DbgPrint("Token->TokenSource.SourceIdentifier -> %lu.%lu\n",
302 Token->TokenSource.SourceIdentifier.HighPart,
303 Token->TokenSource.SourceIdentifier.LowPart);
304
305 RtlConvertSidToUnicodeString(&SidString, Token->PrimaryGroup, TRUE);
306 DbgPrint("Token primary group SID -> %wZ\n", &SidString);
307 RtlFreeUnicodeString(&SidString);
308
309 DbgPrint("Token user and groups SIDs:\n");
310 SepDumpSidsOfToken(Token->UserAndGroups, Token->UserAndGroupCount);
311
312 if (SeTokenIsRestricted(Token))
313 {
314 DbgPrint("Token restricted SIDs:\n");
315 SepDumpSidsOfToken(Token->RestrictedSids, Token->RestrictedSidCount);
316 }
317#endif
318}
RTL_NUMBER_OF
#define RTL_NUMBER_OF(x)
Definition: RtlRegistry.c:12
SeTokenIsRestricted
BOOLEAN NTAPI SeTokenIsRestricted(_In_ PACCESS_TOKEN Token)
Determines if a token is restricted or not, based upon the token flags.
Definition: token.c:2126

Referenced by SepAccessCheckWorker().